* derivatives without specific, written prior permission.
*/
+#include <config.h>
#include "vconn-ssl.h"
#include "dhparams.h"
#include <assert.h>
#include <openssl/ssl.h>
#include <poll.h>
#include <unistd.h>
-#include "buffer.h"
+#include "ofpbuf.h"
#include "socket-util.h"
#include "util.h"
#include "openflow.h"
#include "ofp-print.h"
#include "socket-util.h"
#include "vconn.h"
+#include "vconn-provider.h"
#include "vlog.h"
#define THIS_MODULE VLM_vconn_ssl
enum session_type type;
int fd;
SSL *ssl;
- struct buffer *rxbuf;
- struct buffer *txbuf;
+ struct ofpbuf *rxbuf;
+ struct ofpbuf *txbuf;
struct poll_waiter *tx_waiter;
/* rx_want and tx_want record the result of the last call to SSL_read()
/* Required configuration. */
static bool has_private_key, has_certificate, has_ca_cert;
+/* Who knows what can trigger various SSL errors, so let's throttle them down
+ * quite a bit. */
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
+
static int ssl_init(void);
static int do_ssl_init(void);
static bool ssl_wants_io(int ssl_error);
/* Create and return the ssl_vconn. */
sslv = xmalloc(sizeof *sslv);
- sslv->vconn.class = &ssl_vconn_class;
- sslv->vconn.connect_status = EAGAIN;
- sslv->vconn.ip = sin->sin_addr.s_addr;
+ vconn_init(&sslv->vconn, &ssl_vconn_class, EAGAIN, sin->sin_addr.s_addr,
+ name);
sslv->state = state;
sslv->type = type;
sslv->fd = fd;
host_name = strtok_r(suffix, "::", &save_ptr);
port_string = strtok_r(NULL, "::", &save_ptr);
if (!host_name) {
- error(0, "%s: bad peer name format", name);
+ ofp_error(0, "%s: bad peer name format", name);
return EAFNOSUPPORT;
}
switch (error) {
case SSL_ERROR_NONE:
- VLOG_ERR("%s: unexpected SSL_ERROR_NONE", function);
+ VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
break;
case SSL_ERROR_ZERO_RETURN:
- VLOG_ERR("%s: unexpected SSL_ERROR_ZERO_RETURN", function);
+ VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
break;
case SSL_ERROR_WANT_READ:
return EAGAIN;
case SSL_ERROR_WANT_CONNECT:
- VLOG_ERR("%s: unexpected SSL_ERROR_WANT_CONNECT", function);
+ VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
break;
case SSL_ERROR_WANT_ACCEPT:
- VLOG_ERR("%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
+ VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
break;
case SSL_ERROR_WANT_X509_LOOKUP:
- VLOG_ERR("%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function);
+ VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
+ function);
break;
case SSL_ERROR_SYSCALL: {
if (queued_error == 0) {
if (ret < 0) {
int status = errno;
- VLOG_WARN("%s: system error (%s)", function, strerror(status));
+ VLOG_WARN_RL(&rl, "%s: system error (%s)",
+ function, strerror(status));
return status;
} else {
- VLOG_WARN("%s: unexpected SSL connection close", function);
+ VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
+ function);
return EPROTO;
}
} else {
- VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+ VLOG_DBG_RL(&rl, "%s: %s",
+ function, ERR_error_string(queued_error, NULL));
break;
}
}
case SSL_ERROR_SSL: {
int queued_error = ERR_get_error();
if (queued_error != 0) {
- VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+ VLOG_DBG_RL(&rl, "%s: %s",
+ function, ERR_error_string(queued_error, NULL));
} else {
- VLOG_ERR("%s: SSL_ERROR_SSL without queued error", function);
+ VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error",
+ function);
}
break;
}
default:
- VLOG_ERR("%s: bad SSL error code %d", function, error);
+ VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
break;
}
return EIO;
}
static int
-ssl_recv(struct vconn *vconn, struct buffer **bufferp)
+ssl_recv(struct vconn *vconn, struct ofpbuf **bufferp)
{
struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
- struct buffer *rx;
+ struct ofpbuf *rx;
size_t want_bytes;
int old_state;
ssize_t ret;
if (sslv->rxbuf == NULL) {
- sslv->rxbuf = buffer_new(1564);
+ sslv->rxbuf = ofpbuf_new(1564);
}
rx = sslv->rxbuf;
struct ofp_header *oh = rx->data;
size_t length = ntohs(oh->length);
if (length < sizeof(struct ofp_header)) {
- VLOG_ERR("received too-short ofp_header (%zu bytes)", length);
+ VLOG_ERR_RL(&rl, "received too-short ofp_header (%zu bytes)",
+ length);
return EPROTO;
}
want_bytes = length - rx->size;
return 0;
}
}
- buffer_prealloc_tailroom(rx, want_bytes);
+ ofpbuf_prealloc_tailroom(rx, want_bytes);
/* Behavior of zero-byte SSL_read is poorly defined. */
assert(want_bytes > 0);
old_state = SSL_get_state(sslv->ssl);
- ret = SSL_read(sslv->ssl, buffer_tail(rx), want_bytes);
+ ret = SSL_read(sslv->ssl, ofpbuf_tail(rx), want_bytes);
if (old_state != SSL_get_state(sslv->ssl)) {
sslv->tx_want = SSL_NOTHING;
if (sslv->tx_waiter) {
if (error == SSL_ERROR_ZERO_RETURN) {
/* Connection closed (EOF). */
if (rx->size) {
- VLOG_WARN("SSL_read: unexpected connection close");
+ VLOG_WARN_RL(&rl, "SSL_read: unexpected connection close");
return EPROTO;
} else {
return EOF;
static void
ssl_clear_txbuf(struct ssl_vconn *sslv)
{
- buffer_delete(sslv->txbuf);
+ ofpbuf_delete(sslv->txbuf);
sslv->txbuf = NULL;
sslv->tx_waiter = NULL;
}
}
sslv->tx_want = SSL_NOTHING;
if (ret > 0) {
- buffer_pull(sslv->txbuf, ret);
+ ofpbuf_pull(sslv->txbuf, ret);
if (sslv->txbuf->size == 0) {
return 0;
}
} else {
int ssl_error = SSL_get_error(sslv->ssl, ret);
if (ssl_error == SSL_ERROR_ZERO_RETURN) {
- VLOG_WARN("SSL_write: connection closed");
+ VLOG_WARN_RL(&rl, "SSL_write: connection closed");
return EPIPE;
} else {
return interpret_ssl_error("SSL_write", ret, ssl_error,
}
static int
-ssl_send(struct vconn *vconn, struct buffer *buffer)
+ssl_send(struct vconn *vconn, struct ofpbuf *buffer)
{
struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
}
pssl = xmalloc(sizeof *pssl);
- pssl->vconn.class = &pssl_vconn_class;
- pssl->vconn.connect_status = 0;
+ vconn_init(&pssl->vconn, &pssl_vconn_class, 0, 0, name);
pssl->fd = fd;
*vconnp = &pssl->vconn;
return 0;
if (new_fd < 0) {
int error = errno;
if (error != EAGAIN) {
- VLOG_DBG("accept: %s", strerror(error));
+ VLOG_DBG_RL(&rl, "accept: %s", strerror(error));
}
return error;
}
if (!dh->dh) {
dh->dh = dh->constructor();
if (!dh->dh) {
- fatal(ENOMEM, "out of memory constructing "
- "Diffie-Hellman parameters");
+ ofp_fatal(ENOMEM, "out of memory constructing "
+ "Diffie-Hellman parameters");
}
}
return dh->dh;
}
}
- VLOG_ERR("no Diffie-Hellman parameters for key length %d", keylength);
+ VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
+ keylength);
return NULL;
}