github-personal/nDPId
1
0
Fork 0
mirror of https://github.com/outbackdingo/nDPId.git synced 2026-01-27 02:19:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added TLS ncrypt I/O

Browse Source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2025-09-03 14:34:19 +02:00
parent c8c58e0b16
commit 19f80ba163
3 changed files with 104 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
nDPId.c
View File

@@ -2522,7 +2522,7 @@ static int connect_to_collector(struct nDPId_reader_thread * const reader_thread
close(reader_thread->collector_sockfd);
}
int sock_type = (nDPId_options.parsed_collector_address.raw.sa_family == AF_UNIX ? SOCK_STREAM : SOCK_DGRAM);
int sock_type = SOCK_STREAM;
reader_thread->collector_sockfd = socket(nDPId_options.parsed_collector_address.raw.sa_family, sock_type, 0);
if (reader_thread->collector_sockfd < 0 || set_fd_cloexec(reader_thread->collector_sockfd) < 0)
{
@@ -2549,12 +2549,6 @@ static int connect_to_collector(struct nDPId_reader_thread * const reader_thread
return 1;
}
if (shutdown(reader_thread->collector_sockfd, SHUT_RD) != 0)
{
reader_thread->collector_sock_last_errno = errno;
return 1;
}
reader_thread->collector_sock_last_errno = 0;
return 0;
@@ -2602,15 +2596,12 @@ static void send_to_collector(struct nDPId_reader_thread * const reader_thread,
if (connect_to_collector(reader_thread) == 0)
{
if (nDPId_options.parsed_collector_address.raw.sa_family == AF_UNIX)
{
logger(1,
"[%8llu, %zu] Reconnected to nDPIsrvd Collector at %s",
workflow->packets_captured,
reader_thread->array_index,
GET_CMDARG_STR(nDPId_options.collector_address));
jsonize_daemon(reader_thread, DAEMON_EVENT_RECONNECT);
}
logger(1,
"[%8llu, %zu] Reconnected to nDPIsrvd Collector at %s",
workflow->packets_captured,
reader_thread->array_index,
GET_CMDARG_STR(nDPId_options.collector_address));
jsonize_daemon(reader_thread, DAEMON_EVENT_RECONNECT);
}
else
{
@@ -2653,9 +2644,24 @@ static void send_to_collector(struct nDPId_reader_thread * const reader_thread,
#endif
errno = 0;
if (reader_thread->collector_sock_last_errno != 0)
{
return;
}
ssize_t written;
if (reader_thread->collector_sock_last_errno == 0 &&
(written = write(reader_thread->collector_sockfd, newline_json_msg, s_ret)) != s_ret)
#ifdef ENABLE_CRYPTO
if (IS_CMDARG_SET(nDPId_options.server_ca_pem_file) != 0)
{
written = ncrypt_write(&workflow->ncrypt_entity, newline_json_msg, s_ret);
}
else
#endif
{
written = write(reader_thread->collector_sockfd, newline_json_msg, s_ret);
}
if (written != s_ret)
{
saved_errno = errno;
if (saved_errno == EPIPE || written == 0)
@@ -2667,24 +2673,29 @@ static void send_to_collector(struct nDPId_reader_thread * const reader_thread,
}
if (saved_errno != EAGAIN)
{
if (saved_errno == ECONNREFUSED)
{
logger(1,
"[%8llu, %zu] %s to %s refused by endpoint",
workflow->packets_captured,
reader_thread->array_index,
(nDPId_options.parsed_collector_address.raw.sa_family == AF_UNIX ? "Connection" : "Datagram"),
GET_CMDARG_STR(nDPId_options.collector_address));
}
reader_thread->collector_sock_last_errno = saved_errno;
}
else if (nDPId_options.parsed_collector_address.raw.sa_family == AF_UNIX)
else
{
size_t pos = (written < 0 ? 0 : written);
set_collector_block(reader_thread);
while ((size_t)(written = write(reader_thread->collector_sockfd, newline_json_msg + pos, s_ret - pos)) !=
s_ret - pos)
while (1)
{
#ifdef ENABLE_CRYPTO
if (IS_CMDARG_SET(nDPId_options.server_ca_pem_file) != 0)
{
written = ncrypt_write(&workflow->ncrypt_entity, newline_json_msg + pos, s_ret - pos);
}
else
#endif
{
written = write(reader_thread->collector_sockfd, newline_json_msg + pos, s_ret - pos);
}
if ((size_t)written == s_ret - pos)
{
break;
}
saved_errno = errno;
if (saved_errno == EPIPE || written == 0)
{

56
ncrypt.c
View File

@@ -112,7 +112,9 @@ int ncrypt_on_connect(struct ncrypt_ctx * const ctx, int connect_fd, struct ncry
int rv = SSL_do_handshake(ent->ssl);
if (rv != 1)
{
return SSL_get_error(ent->ssl, rv);
}
return NCRYPT_SUCCESS;
}
@@ -132,11 +134,65 @@ int ncrypt_on_accept(struct ncrypt_ctx * const ctx, int accept_fd, struct ncrypt
int rv = SSL_accept(ent->ssl);
if (rv != 1)
{
return SSL_get_error(ent->ssl, rv);
}
return NCRYPT_SUCCESS;
}
ssize_t ncrypt_read(struct ncrypt_entity * const ent, char * const json_msg, size_t json_msg_len)
{
if (ent->ssl == NULL)
{
errno = EPROTO;
return -1;
}
int rv = SSL_read(ent->ssl, json_msg, json_msg_len);
if (rv <= 0)
{
int err = SSL_get_error(ent->ssl, rv);
if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ)
{
errno = EAGAIN;
}
else if (err != SSL_ERROR_SYSCALL)
{
errno = EPROTO;
}
return -1;
}
return rv;
}
ssize_t ncrypt_write(struct ncrypt_entity * const ent, char const * const json_msg, size_t json_msg_len)
{
if (ent->ssl == NULL)
{
errno = EPROTO;
return -1;
}
int rv = SSL_write(ent->ssl, json_msg, json_msg_len);
if (rv <= 0)
{
int err = SSL_get_error(ent->ssl, rv);
if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ)
{
errno = EAGAIN;
}
else if (err != SSL_ERROR_SYSCALL)
{
errno = EPROTO;
}
return -1;
}
return rv;
}
void ncrypt_free_entity(struct ncrypt_entity * const ent)
{
SSL_free(ent->ssl);

8
ncrypt.h
View File

@@ -1,6 +1,8 @@
#ifndef NCRYPT_H
#define NCRYPT_H 1
#include <stdlib.h>
#define ncrypt_ctx(x) \
do \
{ \
@@ -30,7 +32,7 @@ enum
NCRYPT_NOT_INITIALIZED = -1,
NCRYPT_ALREADY_INITIALIZED = -2,
NCRYPT_NULL_PTR = -3,
NCRYPT_PEM_LOAD_FAILED = -4,
NCRYPT_PEM_LOAD_FAILED = -4
};
struct ncrypt_ctx
@@ -60,6 +62,10 @@ int ncrypt_on_connect(struct ncrypt_ctx * const ctx, int connect_fd, struct ncry
int ncrypt_on_accept(struct ncrypt_ctx * const ctx, int accept_fd, struct ncrypt_entity * const ent);
ssize_t ncrypt_read(struct ncrypt_entity * const ent, char * const json_msg, size_t json_msg_len);
ssize_t ncrypt_write(struct ncrypt_entity * const ent, char const * const json_msg, size_t json_msg_len);
void ncrypt_free_entity(struct ncrypt_entity * const ent);
void ncrypt_free_ctx(struct ncrypt_ctx * const ctx);