Mercurial > hg > freeDiameter
diff include/freeDiameter/freeDiameter.h @ 20:277ec00d793e
Backup before typhoon... Progress on server side
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 07 Oct 2009 19:31:39 +0900 |
parents | e7187583dcf8 |
children | 0b3b46da2c12 |
line wrap: on
line diff
--- a/include/freeDiameter/freeDiameter.h Mon Oct 05 17:51:06 2009 +0900 +++ b/include/freeDiameter/freeDiameter.h Wed Oct 07 19:31:39 2009 +0900 @@ -117,7 +117,7 @@ /* Endpoints */ struct fd_endpoint { struct fd_list chain; /* link in cnf_endpoints list */ - sSS ss; /* the socket information. */ + sSS ss; /* the socket information. List is always ordered by ss value (memcmp) */ struct { unsigned conf : 1; /* This endpoint is statically configured in a configuration file */ unsigned disc : 1; /* This endpoint was resolved from the Diameter Identity or other DNS query */ @@ -174,11 +174,12 @@ FDEV_TERMINATE = 1000 /* request to terminate */ ,FDEV_DUMP_DICT /* Dump the content of the dictionary */ ,FDEV_DUMP_EXT /* Dump state of extensions */ + ,FDEV_DUMP_SERV /* Dump the server socket status */ ,FDEV_DUMP_QUEUES /* Dump the message queues */ ,FDEV_DUMP_CONFIG /* Dump the configuration */ ,FDEV_DUMP_PEERS /* Dump the list of peers */ }; -const char * fd_ev_str(int event); +const char * fd_ev_str(int event); /* defined in freeDiameter/main.c */ /***************************************/ @@ -201,6 +202,7 @@ We have sent a CER on our initiated connection, and received a CER from the remote peer on another connection. Election. If we win the election, we must disconnect the initiated connection and send a CEA on the other => we go to OPEN state. If we lose, we disconnect the other connection (receiver) and fallback to WAITCEA state. */ + STATE_OPEN_HANDSHAKE, /* TLS Handshake and validation are in progress in open state */ /* Failover state machine */ STATE_SUSPECT, /* A DWR was sent and not answered within TwTime. Failover in progress. */ @@ -210,7 +212,7 @@ STATE_ZOMBIE /* The PSM thread is not running anymore; it must be re-started or peer should be deleted. */ #define STATE_MAX STATE_ZOMBIE }; -extern const char *peer_state_str[]; +extern const char *peer_state_str[]; /* defined in freeDiameter/p_psm.c */ #define STATE_STR(state) \ (((unsigned)(state)) <= STATE_MAX ? peer_state_str[((unsigned)(state)) ] : "<Invalid>") @@ -244,10 +246,8 @@ #define PI_EXP_INACTIVE 1 /* the peer entry expires (i.e. is deleted) after pi_lft seconds without activity */ unsigned exp :1; - /* Following flags are read-only and received from remote peer */ - #define PI_INB_NONE 1 /* Remote peer advertised inband-sec-id 0 (None) */ - #define PI_INB_TLS 2 /* Remote peer advertised inband-sec-id 1 (TLS) */ - unsigned inband :2; /* This is only meaningful with pi_flags.sec == 3 */ + unsigned inband_none :1; /* This is only meaningful with pi_flags.sec == 3 */ + unsigned inband_tls :1; /* This is only meaningful with pi_flags.sec == 3 */ unsigned relay :1; /* The remote peer advertized the relay application */ @@ -337,17 +337,29 @@ * 0 : The callback is added. * !0 : An error occurred. */ -int fd_peer_validate_register ( int (*peer_validate)(struct peer_info * /* info */, int * /* auth */) ); +int fd_peer_validate_register ( int (*peer_validate)(struct peer_info * /* info */, int * /* auth */, int (**cb2)(struct peer_info *)) ); /* * CALLBACK: peer_validate * * PARAMETERS: * info : Structure containing information about the peer attempting the connection. * auth : Store there the result if the peer is accepted (1), rejected (-1), or unknown (0). + * cb2 : If != NULL and in case of PI_SEC_TLS_OLD, another callback to call after handshake (if auth = 1). * * DESCRIPTION: * This callback is called when a new connection is being established from an unknown peer, - * after the CER is received. An extension must register such callback with peer_validate_register. + * after the CER is received. An extension must register such callback with peer_validate_register. + * + * If (info->pi_flags.sec == PI_SEC_TLS_OLD) the extension may instruct the daemon explicitely + * to not use TLS by clearing info->pi_flags.inband_tls -- only if inband_none is set. + * + * If (info->pi_flags.sec == PI_SEC_TLS_OLD) and info->pi_flags.inband_tls is set, + * the extension may also need to check the credentials provided during the TLS + * exchange (remote certificate). For this purpose, it may set the address of a new callback + * to be called once the handshake is completed. This new callback receives the information + * structure as parameter (with pi_sec_data set) and returns 0 if the credentials are correct, + * or an error code otherwise. If the error code is received, the connection is closed and the + * peer is destroyed. * * RETURN VALUE: * 0 : The authorization decision has been written in the location pointed by auth.