Rename utility functions to avoid partner namespace conflicts.

[openvswitch] / lib / vconn-ssl.c

diff --git a/lib/vconn-ssl.c b/lib/vconn-ssl.c
index 922f8a8686018f320b69e8b2b5faac589ab72c18..40bee797adbc5cac1fc647742f7ea65297ab45a5 100644 (file)
--- a/lib/vconn-ssl.c
+++ b/lib/vconn-ssl.c
@@ -31,6 +31,7 @@
  * derivatives without specific, written prior permission.
  */
 
+#include <config.h>
 #include "vconn-ssl.h"
 #include "dhparams.h"
 #include <assert.h>
@@ -42,7 +43,7 @@
 #include <openssl/ssl.h>
 #include <poll.h>
 #include <unistd.h>
-#include "buffer.h"
+#include "ofpbuf.h"
 #include "socket-util.h"
 #include "util.h"
 #include "openflow.h"
@@ -51,6 +52,7 @@
 #include "ofp-print.h"
 #include "socket-util.h"
 #include "vconn.h"
+#include "vconn-provider.h"
 
 #include "vlog.h"
 #define THIS_MODULE VLM_vconn_ssl
@@ -75,8 +77,8 @@ struct ssl_vconn
     enum session_type type;
     int fd;
     SSL *ssl;
-    struct buffer *rxbuf;
-    struct buffer *txbuf;
+    struct ofpbuf *rxbuf;
+    struct ofpbuf *txbuf;
     struct poll_waiter *tx_waiter;
 
     /* rx_want and tx_want record the result of the last call to SSL_read()
@@ -144,6 +146,10 @@ static SSL_CTX *ctx;
 /* Required configuration. */
 static bool has_private_key, has_certificate, has_ca_cert;
 
+/* Who knows what can trigger various SSL errors, so let's throttle them down
+ * quite a bit. */
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
+
 static int ssl_init(void);
 static int do_ssl_init(void);
 static bool ssl_wants_io(int ssl_error);
@@ -221,9 +227,8 @@ new_ssl_vconn(const char *name, int fd, enum session_type type,
 
     /* Create and return the ssl_vconn. */
     sslv = xmalloc(sizeof *sslv);
-    sslv->vconn.class = &ssl_vconn_class;
-    sslv->vconn.connect_status = EAGAIN;
-    sslv->vconn.ip = sin->sin_addr.s_addr;
+    vconn_init(&sslv->vconn, &ssl_vconn_class, EAGAIN, sin->sin_addr.s_addr,
+               name);
     sslv->state = state;
     sslv->type = type;
     sslv->fd = fd;
@@ -270,7 +275,8 @@ ssl_open(const char *name, char *suffix, struct vconn **vconnp)
     host_name = strtok_r(suffix, "::", &save_ptr);
     port_string = strtok_r(NULL, "::", &save_ptr);
     if (!host_name) {
-        fatal(0, "%s: bad peer name format", name);
+        ofp_error(0, "%s: bad peer name format", name);
+        return EAFNOSUPPORT;
     }
 
     memset(&sin, 0, sizeof sin);
@@ -366,11 +372,11 @@ interpret_ssl_error(const char *function, int ret, int error,
 
     switch (error) {
     case SSL_ERROR_NONE:
-        VLOG_ERR("%s: unexpected SSL_ERROR_NONE", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
         break;
 
     case SSL_ERROR_ZERO_RETURN:
-        VLOG_ERR("%s: unexpected SSL_ERROR_ZERO_RETURN", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
         break;
 
     case SSL_ERROR_WANT_READ:
@@ -382,15 +388,16 @@ interpret_ssl_error(const char *function, int ret, int error,
         return EAGAIN;
 
     case SSL_ERROR_WANT_CONNECT:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_CONNECT", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
         break;
 
     case SSL_ERROR_WANT_ACCEPT:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
         break;
 
     case SSL_ERROR_WANT_X509_LOOKUP:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
+                    function);
         break;
 
     case SSL_ERROR_SYSCALL: {
@@ -398,14 +405,17 @@ interpret_ssl_error(const char *function, int ret, int error,
         if (queued_error == 0) {
             if (ret < 0) {
                 int status = errno;
-                VLOG_WARN("%s: system error (%s)", function, strerror(status));
+                VLOG_WARN_RL(&rl, "%s: system error (%s)",
+                             function, strerror(status));
                 return status;
             } else {
-                VLOG_WARN("%s: unexpected SSL connection close", function);
+                VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
+                             function);
                 return EPROTO;
             }
         } else {
-            VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+            VLOG_DBG_RL(&rl, "%s: %s",
+                        function, ERR_error_string(queued_error, NULL));
             break;
         }
     }
@@ -413,31 +423,33 @@ interpret_ssl_error(const char *function, int ret, int error,
     case SSL_ERROR_SSL: {
         int queued_error = ERR_get_error();
         if (queued_error != 0) {
-            VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+            VLOG_DBG_RL(&rl, "%s: %s",
+                        function, ERR_error_string(queued_error, NULL));
         } else {
-            VLOG_ERR("%s: SSL_ERROR_SSL without queued error", function);
+            VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error",
+                        function);
         }
         break;
     }
 
     default:
-        VLOG_ERR("%s: bad SSL error code %d", function, error);
+        VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
         break;
     }
     return EIO;
 }
 
 static int
-ssl_recv(struct vconn *vconn, struct buffer **bufferp)
+ssl_recv(struct vconn *vconn, struct ofpbuf **bufferp)
 {
     struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
-    struct buffer *rx;
+    struct ofpbuf *rx;
     size_t want_bytes;
     int old_state;
     ssize_t ret;
 
     if (sslv->rxbuf == NULL) {
-        sslv->rxbuf = buffer_new(1564);
+        sslv->rxbuf = ofpbuf_new(1564);
     }
     rx = sslv->rxbuf;
 
@@ -448,7 +460,8 @@ again:
         struct ofp_header *oh = rx->data;
         size_t length = ntohs(oh->length);
         if (length < sizeof(struct ofp_header)) {
-            VLOG_ERR("received too-short ofp_header (%zu bytes)", length);
+            VLOG_ERR_RL(&rl, "received too-short ofp_header (%zu bytes)",
+                        length);
             return EPROTO;
         }
         want_bytes = length - rx->size;
@@ -458,13 +471,13 @@ again:
             return 0;
         }
     }
-    buffer_reserve_tailroom(rx, want_bytes);
+    ofpbuf_prealloc_tailroom(rx, want_bytes);
 
     /* Behavior of zero-byte SSL_read is poorly defined. */
     assert(want_bytes > 0);
 
     old_state = SSL_get_state(sslv->ssl);
-    ret = SSL_read(sslv->ssl, buffer_tail(rx), want_bytes);
+    ret = SSL_read(sslv->ssl, ofpbuf_tail(rx), want_bytes);
     if (old_state != SSL_get_state(sslv->ssl)) {
         sslv->tx_want = SSL_NOTHING;
         if (sslv->tx_waiter) {
@@ -491,7 +504,7 @@ again:
         if (error == SSL_ERROR_ZERO_RETURN) {
             /* Connection closed (EOF). */
             if (rx->size) {
-                VLOG_WARN("SSL_read: unexpected connection close");
+                VLOG_WARN_RL(&rl, "SSL_read: unexpected connection close");
                 return EPROTO;
             } else {
                 return EOF;
@@ -505,7 +518,7 @@ again:
 static void
 ssl_clear_txbuf(struct ssl_vconn *sslv)
 {
-    buffer_delete(sslv->txbuf);
+    ofpbuf_delete(sslv->txbuf);
     sslv->txbuf = NULL;
     sslv->tx_waiter = NULL;
 }
@@ -532,14 +545,14 @@ ssl_do_tx(struct vconn *vconn)
         }
         sslv->tx_want = SSL_NOTHING;
         if (ret > 0) {
-            buffer_pull(sslv->txbuf, ret);
+            ofpbuf_pull(sslv->txbuf, ret);
             if (sslv->txbuf->size == 0) {
                 return 0;
             }
         } else {
             int ssl_error = SSL_get_error(sslv->ssl, ret);
             if (ssl_error == SSL_ERROR_ZERO_RETURN) {
-                VLOG_WARN("SSL_write: connection closed");
+                VLOG_WARN_RL(&rl, "SSL_write: connection closed");
                 return EPIPE;
             } else {
                 return interpret_ssl_error("SSL_write", ret, ssl_error,
@@ -563,7 +576,7 @@ ssl_tx_poll_callback(int fd UNUSED, short int revents UNUSED, void *vconn_)
 }
 
 static int
-ssl_send(struct vconn *vconn, struct buffer *buffer)
+ssl_send(struct vconn *vconn, struct ofpbuf *buffer)
 {
     struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
 
@@ -718,8 +731,7 @@ pssl_open(const char *name, char *suffix, struct vconn **vconnp)
     }
 
     pssl = xmalloc(sizeof *pssl);
-    pssl->vconn.class = &pssl_vconn_class;
-    pssl->vconn.connect_status = 0;
+    vconn_init(&pssl->vconn, &pssl_vconn_class, 0, 0, name);
     pssl->fd = fd;
     *vconnp = &pssl->vconn;
     return 0;
@@ -747,7 +759,7 @@ pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
     if (new_fd < 0) {
         int error = errno;
         if (error != EAGAIN) {
-            VLOG_DBG("accept: %s", strerror(error));
+            VLOG_DBG_RL(&rl, "accept: %s", strerror(error));
         }
         return error;
     }
@@ -856,17 +868,25 @@ tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength)
             if (!dh->dh) {
                 dh->dh = dh->constructor();
                 if (!dh->dh) {
-                    fatal(ENOMEM, "out of memory constructing "
-                          "Diffie-Hellman parameters");
+                    ofp_fatal(ENOMEM, "out of memory constructing "
+                              "Diffie-Hellman parameters");
                 }
             }
             return dh->dh;
         }
     }
-    VLOG_ERR("no Diffie-Hellman parameters for key length %d", keylength);
+    VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
+                keylength);
     return NULL;
 }
 
+/* Returns true if SSL is at least partially configured. */
+bool
+vconn_ssl_is_configured(void) 
+{
+    return has_private_key || has_certificate || has_ca_cert;
+}
+
 void
 vconn_ssl_set_private_key_file(const char *file_name)
 {