Changeset 20:277ec00d793e in freeDiameter
- Timestamp:
- Oct 7, 2009, 7:31:39 PM (15 years ago)
- Branch:
- default
- Phase:
- public
- Files:
-
- 3 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
INSTALL
r18 r20 9 9 10 10 You can enable the unary tests by doing: 11 cmake -D NO_TESTS:BOOL=OFF ../11 cmake -DSKIP_TESTS:BOOL=OFF ../ 12 12 make 13 13 make tests … … 38 38 DEFAULT_CONF_FILE:STRING=/path/to/some/freeDiameter.conf 39 39 40 Build binary with symbols, for debug: 41 CMAKE_BUILD_TYPE:STRING=Debug -
doc/freediameter.conf.sample
r18 r20 1 1 # This is a sample configuration file for freeDiameter daemon. 2 3 # Only the "TLS_Cred" directive is really mandatory in this file. 2 4 3 5 ############################################################## … … 31 33 #TLS_old_method; 32 34 33 # Disable use of TCP protocol (only SCTP)35 # Disable use of TCP protocol (only listen and connect in SCTP) 34 36 # Default : TCP enabled 35 37 #No_TCP; 36 38 37 # Disable use of SCTP protocol (only TCP)39 # Disable use of SCTP protocol (only listen and connect in TCP) 38 40 # Default : SCTP enabled 39 41 #No_SCTP; … … 93 95 # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 94 96 # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 97 # Note: currently, openssl CRL seems not supported... 95 98 # Default : GNUTLS default behavior 96 99 #TLS_CRL = "<file.PEM>"; … … 211 214 ConnectPeer = "jules.nautilus6.org" ; 212 215 ConnectPeer = "aaa.nautilus6.org" { No_TLS; No_IP; No_TCP; SCTP_streams = 60; } ; 216 TLS_Cred = "/etc/openssl-ca/clients/certs/fdtest.cert" , "/etc/openssl-ca/clients/privkeys/fdtest.key.pem"; 217 TLS_CA = "/etc/openssl-ca/public-www/cacert.pem"; 218 # TLS_CRL = "/etc/openssl-ca/public-www/crl.pem"; 219 -
freeDiameter/CMakeLists.txt
r17 r20 11 11 fD.h 12 12 config.c 13 cnxctx.c 13 14 dispatch.c 14 15 extensions.c … … 19 20 p_expiry.c 20 21 p_psm.c 22 server.c 21 23 ) 24 25 IF(NOT DISABLE_SCTP) 26 SET(FD_COMMON_SRC ${FD_COMMON_SRC} sctp.c) 27 ENDIF(NOT DISABLE_SCTP) 22 28 23 29 SET(FD_COMMON_GEN_SRC -
freeDiameter/config.c
r18 r20 239 239 } 240 240 if (! fd_g_config->cnf_sec_data.dh_bits) { 241 TRACE_DEBUG(FULL, "Generating DH parameters..."); 241 242 CHECK_GNUTLS_DO( gnutls_dh_params_generate2( 242 243 fd_g_config->cnf_sec_data.dh_cache, 243 244 GNUTLS_DEFAULT_DHBITS), 244 245 { TRACE_DEBUG(INFO, "Error in DH bits value : %d", GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); 246 TRACE_DEBUG(FULL, "DH parameters generated."); 245 247 } 246 248 -
freeDiameter/fD.h
r16 r20 173 173 }; 174 174 175 /* The connection context structure */ 176 struct cnxctx { 177 int cc_socket; /* The socket object of the connection -- <=0 if no socket is created */ 178 179 struct fifo **cc_events; /* Location of the events list to send connection events */ 180 181 int cc_proto; /* IPPROTO_TCP or IPPROTO_SCTP */ 182 int cc_tls; /* Is TLS already started ? */ 183 184 uint16_t cc_port; /* Remote port of the connection, when we are client */ 185 struct fd_list cc_ep_remote; /* The remote address(es) of the connection */ 186 struct fd_list cc_ep_local; /* The local address(es) of the connection */ 187 188 /* If cc_proto == SCTP */ 189 struct { 190 int str_out;/* Out streams */ 191 int str_in; /* In streams */ 192 int pairs; /* max number of pairs ( = min(in, out)) */ 193 int next; /* # of stream the next message will be sent to */ 194 } cc_sctp_para; 195 196 /* If cc_tls == true */ 197 struct { 198 int mode; /* GNUTLS_CLIENT / GNUTLS_SERVER */ 199 gnutls_session_t session; /* Session object (stream #0 in case of SCTP) */ 200 } cc_tls_para; 201 202 /* If both conditions */ 203 struct { 204 gnutls_session_t *res_sessions; /* Sessions of other pairs of streams, resumed from the first */ 205 /* Buffers, threads, ... */ 206 } cc_sctp_tls_para; 207 }; 208 175 209 /* Functions */ 176 210 int fd_peer_fini(); … … 192 226 void fd_psm_abord(struct fd_peer * peer ); 193 227 228 /* Server sockets */ 229 void fd_servers_dump(); 230 int fd_servers_start(); 231 void fd_servers_stop(); 232 233 /* Connection contexts */ 234 struct cnxctx * fd_cnx_init(int sock, int proto); 235 int fd_cnx_handshake(struct cnxctx * conn, int mode); 236 237 /* SCTP */ 238 #ifndef DISABLE_SCTP 239 int fd_sctp_create_bind_server( int * socket, uint16_t port ); 240 int fd_sctp_get_str_info( int socket, int *in, int *out ); 241 242 #endif /* DISABLE_SCTP */ 243 244 245 194 246 #endif /* _FD_H */ -
freeDiameter/fdd.y
r18 r20 511 511 { 512 512 conf->cnf_sec_data.dh_bits = $3; 513 TRACE_DEBUG(FULL, "Generating DH parameters..."); 513 514 CHECK_GNUTLS_DO( gnutls_dh_params_generate2( 514 515 conf->cnf_sec_data.dh_cache, … … 516 517 { yyerror (&yylloc, conf, "Error setting DH Bits parameters."); 517 518 YYERROR; } ); 518 } 519 ; 519 TRACE_DEBUG(FULL, "DH parameters generated."); 520 } 521 ; -
freeDiameter/main.c
r18 r20 123 123 break; 124 124 125 case FDEV_DUMP_SERV: 126 fd_servers_dump(); 127 break; 128 125 129 case FDEV_DUMP_QUEUES: 126 130 fd_fifo_dump(0, "Incoming messages", fd_g_incoming, fd_msg_dump_walk); … … 171 175 case_str(FDEV_DUMP_DICT); 172 176 case_str(FDEV_DUMP_EXT); 177 case_str(FDEV_DUMP_SERV); 173 178 case_str(FDEV_DUMP_QUEUES); 174 179 case_str(FDEV_DUMP_CONFIG); -
freeDiameter/p_psm.c
r16 r20 44 44 , "STATE_WAITCNXACK_ELEC" 45 45 , "STATE_WAITCEA" 46 , "STATE_OPEN_HANDSHAKE" 46 47 , "STATE_SUSPECT" 47 48 , "STATE_REOPEN" -
freeDiameter/peers.c
r16 r20 344 344 (peer->p_hdr.info.pi_flags.sec == PI_SEC_NONE ? "IPSec." : "InbandTLS."), 345 345 peer->p_hdr.info.pi_flags.exp ? "Expire." : "", 346 peer->p_hdr.info.pi_flags.inband & PI_INB_NONE ? "InbandIPsecOK." : "",347 peer->p_hdr.info.pi_flags.inband & PI_INB_TLS ? "InbandTLSOK." : "",346 peer->p_hdr.info.pi_flags.inband_none ? "InbandIPsec." : "", 347 peer->p_hdr.info.pi_flags.inband_tls ? "InbandTLS." : "", 348 348 peer->p_hdr.info.pi_flags.relay ? "Relay (0xffffff)" : "No relay" 349 349 ); -
include/freeDiameter/freeDiameter.h
r18 r20 118 118 struct fd_endpoint { 119 119 struct fd_list chain; /* link in cnf_endpoints list */ 120 sSS ss; /* the socket information. */120 sSS ss; /* the socket information. List is always ordered by ss value (memcmp) */ 121 121 struct { 122 122 unsigned conf : 1; /* This endpoint is statically configured in a configuration file */ … … 175 175 ,FDEV_DUMP_DICT /* Dump the content of the dictionary */ 176 176 ,FDEV_DUMP_EXT /* Dump state of extensions */ 177 ,FDEV_DUMP_SERV /* Dump the server socket status */ 177 178 ,FDEV_DUMP_QUEUES /* Dump the message queues */ 178 179 ,FDEV_DUMP_CONFIG /* Dump the configuration */ 179 180 ,FDEV_DUMP_PEERS /* Dump the list of peers */ 180 181 }; 181 const char * fd_ev_str(int event); 182 const char * fd_ev_str(int event); /* defined in freeDiameter/main.c */ 182 183 183 184 … … 202 203 If we win the election, we must disconnect the initiated connection and send a CEA on the other => we go to OPEN state. 203 204 If we lose, we disconnect the other connection (receiver) and fallback to WAITCEA state. */ 205 STATE_OPEN_HANDSHAKE, /* TLS Handshake and validation are in progress in open state */ 204 206 205 207 /* Failover state machine */ … … 211 213 #define STATE_MAX STATE_ZOMBIE 212 214 }; 213 extern const char *peer_state_str[]; 215 extern const char *peer_state_str[]; /* defined in freeDiameter/p_psm.c */ 214 216 #define STATE_STR(state) \ 215 217 (((unsigned)(state)) <= STATE_MAX ? peer_state_str[((unsigned)(state)) ] : "<Invalid>") … … 245 247 unsigned exp :1; 246 248 247 /* Following flags are read-only and received from remote peer */ 248 #define PI_INB_NONE 1 /* Remote peer advertised inband-sec-id 0 (None) */ 249 #define PI_INB_TLS 2 /* Remote peer advertised inband-sec-id 1 (TLS) */ 250 unsigned inband :2; /* This is only meaningful with pi_flags.sec == 3 */ 249 unsigned inband_none :1; /* This is only meaningful with pi_flags.sec == 3 */ 250 unsigned inband_tls :1; /* This is only meaningful with pi_flags.sec == 3 */ 251 251 252 252 unsigned relay :1; /* The remote peer advertized the relay application */ … … 338 338 * !0 : An error occurred. 339 339 */ 340 int fd_peer_validate_register ( int (*peer_validate)(struct peer_info * /* info */, int * /* auth */ ) );340 int fd_peer_validate_register ( int (*peer_validate)(struct peer_info * /* info */, int * /* auth */, int (**cb2)(struct peer_info *)) ); 341 341 /* 342 342 * CALLBACK: peer_validate … … 345 345 * info : Structure containing information about the peer attempting the connection. 346 346 * auth : Store there the result if the peer is accepted (1), rejected (-1), or unknown (0). 347 * cb2 : If != NULL and in case of PI_SEC_TLS_OLD, another callback to call after handshake (if auth = 1). 347 348 * 348 349 * DESCRIPTION: 349 350 * This callback is called when a new connection is being established from an unknown peer, 350 * after the CER is received. An extension must register such callback with peer_validate_register. 351 * after the CER is received. An extension must register such callback with peer_validate_register. 352 * 353 * If (info->pi_flags.sec == PI_SEC_TLS_OLD) the extension may instruct the daemon explicitely 354 * to not use TLS by clearing info->pi_flags.inband_tls -- only if inband_none is set. 355 * 356 * If (info->pi_flags.sec == PI_SEC_TLS_OLD) and info->pi_flags.inband_tls is set, 357 * the extension may also need to check the credentials provided during the TLS 358 * exchange (remote certificate). For this purpose, it may set the address of a new callback 359 * to be called once the handshake is completed. This new callback receives the information 360 * structure as parameter (with pi_sec_data set) and returns 0 if the credentials are correct, 361 * or an error code otherwise. If the error code is received, the connection is closed and the 362 * peer is destroyed. 351 363 * 352 364 * RETURN VALUE: -
include/freeDiameter/libfreeDiameter.h
r14 r20 336 336 } 337 337 /* if needed, add sSA_DUMP_SERVICE */ 338 339 /* A l4 protocol name (TCP / SCTP) */ 340 #define IPPROTO_NAME( _proto ) \ 341 ( ((_proto) == IPPROTO_TCP) ? "TCP" : \ 342 (((_proto) == IPPROTO_SCTP) ? "SCTP" : \ 343 "Unknown")) 338 344 339 345 /* The sockaddr length of a sSS structure */
Note: See TracChangeset
for help on using the changeset viewer.