- more tls hooks

action.c

@@ -111,6 +111,9 @@ int do_action(struct action* a, struct sip_msg* msg)
 			if (a->type==FORWARD_UDP_T) proto=PROTO_UDP;
 #ifdef USE_TCP
 			else if (a->type==FORWARD_TCP_T) proto= PROTO_TCP;
+#endif
+#ifdef USE_TLS
+			else if (a->type==FORWARD_TLS_T) proto= PROTO_TLS;
 #endif
 			else proto=msg->rcv.proto;
 			if (a->p1_type==URIHOST_ST){
@@ -150,6 +153,9 @@ int do_action(struct action* a, struct sip_msg* msg)
 					case PROTO_UDP:
 #ifdef USE_TCP
 					case PROTO_TCP:
+#endif
+#ifdef USE_TLS
+					case PROTO_TLS:
 #endif
 						proto=u->proto;
 						break;
@@ -224,7 +230,7 @@ int do_action(struct action* a, struct sip_msg* msg)
 #ifdef USE_TCP
 					else{
 					/*tcp*/
-					ret=tcp_send(msg->buf, msg->len, to, 0);
+					ret=tcp_send(PROTO_TCP, msg->buf, msg->len, to, 0);
 				}
 #endif
 			}

cfg.lex

@@ -75,6 +75,7 @@
 FORWARD	forward
 FORWARD_TCP	forward_tcp
 FORWARD_UDP	forward_udp
+FORWARD_TLS	forward_tls
 DROP	"drop"|"break"
 SEND	send
 SEND_TCP	send_tcp
@@ -209,6 +210,7 @@ EAT_ABLE	[\ \t\b\r]
 
 <INITIAL>{FORWARD}	{count(); yylval.strval=yytext; return FORWARD; }
 <INITIAL>{FORWARD_TCP}	{count(); yylval.strval=yytext; return FORWARD_TCP; }
+<INITIAL>{FORWARD_TLS}	{count(); yylval.strval=yytext; return FORWARD_TLS; }
 <INITIAL>{FORWARD_UDP}	{count(); yylval.strval=yytext; return FORWARD_UDP; }
 <INITIAL>{DROP}	{ count(); yylval.strval=yytext; return DROP; }
 <INITIAL>{SEND}	{ count(); yylval.strval=yytext; return SEND; }

cfg.y

@@ -103,6 +103,7 @@ int rt;  /* Type of route block for find_export */
 /* keywords */
 %token FORWARD
 %token FORWARD_TCP
+%token FORWARD_TLS
 %token FORWARD_UDP
 %token SEND
 %token SEND_TCP
@@ -921,6 +922,71 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }
 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
 										"argument"); }
+		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
+														STRING_ST,
+														NUMBER_ST,
+														$3,
+														0);
+										}
+		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
+														STRING_ST,
+														NUMBER_ST,
+														$3,
+														0);
+										}
+		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
+														IP_ST,
+														NUMBER_ST,
+														(void*)$3,
+														0);
+										}
+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(
+																FORWARD_TLS_T,
+																 STRING_ST,
+																 NUMBER_ST,
+																$3,
+																(void*)$5);
+												 }
+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(
+																FORWARD_TLS_T,
+																 STRING_ST,
+																 NUMBER_ST,
+																$3,
+																(void*)$5);
+													}
+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,
+																 IP_ST,
+																 NUMBER_ST,
+																 (void*)$3,
+																(void*)$5);
+												  }
+		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {
+													$$=mk_action(FORWARD_TLS_T,
+																 URIHOST_ST,
+																 URIPORT_ST,
+																0,
+																0);
+													}
+													
+									
+		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {
+													$$=mk_action(FORWARD_TLS_T,
+																 URIHOST_ST,
+																 NUMBER_ST,
+																0,
+																(void*)$5);
+													}
+		| FORWARD_TLS LPAREN URIHOST RPAREN {
+													$$=mk_action(FORWARD_TLS_T,
+																 URIHOST_ST,
+																 NUMBER_ST,
+																0,
+																0);
+										}
+		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }
+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
+										"argument"); }
+		
 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,
 													STRING_ST,
 													NUMBER_ST,

forward.c

@@ -176,6 +176,21 @@ struct socket_info* get_send_socket(union sockaddr_union* to, int proto)
 			}
 			break;
 #endif
+#ifdef USE_TLS
+		case PROTO_TLS:
+			switch(to->s.sa_family){
+				/* FIXME */
+				case AF_INET:	send_sock=sendipv4_tls;
+								break;
+#ifdef USE_IPV6
+				case AF_INET6:	send_sock=sendipv6_tls;
+								break;
+#endif
+				default:	LOG(L_ERR, "get_send_socket: BUG: don't know how"
+									" to forward to af %d\n", to->s.sa_family);
+			}
+			break;
+#endif /* USE_TLS */
 		case PROTO_UDP:
 			if ((bind_address==0)||(to->s.sa_family!=bind_address->address.af)||
 				  (bind_address->proto!=PROTO_UDP)){
@@ -482,7 +497,11 @@ int forward_reply(struct sip_msg* msg)
 
 
 #ifdef USE_TCP
-	if (proto==PROTO_TCP){
+	if (proto==PROTO_TCP
+#ifdef USE_TLS
+			|| proto==PROTO_TLS
+#endif
+			){
 		/* find id in i param if it exists */
 		if (msg->via1->i&&msg->via1->i->value.s){
 			s=msg->via1->i->value.s;

forward.h

@@ -106,14 +106,30 @@ static inline int msg_send(	struct socket_info* send_sock, int proto,
 					" support is disabled\n");
 			goto error;
 		}else{
-			if (tcp_send(buf, len, to, id)<0){
+			if (tcp_send(proto, buf, len, to, id)<0){
 				STATS_TX_DROPS;
 				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");
 				goto error;
 			}
 		}
 	}
-#endif
+#ifdef USE_TLS
+	else if (proto==PROTO_TLS){
+		if (tls_disable){
+			STATS_TX_DROPS;
+			LOG(L_WARN, "msg_send: WARNING: attempt to send on tls and tls"
+					" support is disabled\n");
+			goto error;
+		}else{
+			if (tcp_send(proto, buf, len, to, id)<0){
+				STATS_TX_DROPS;
+				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");
+				goto error;
+			}
+		}
+	}
+#endif /* USE_TLS */
+#endif /* USE_TCP */
 	else{
 			LOG(L_CRIT, "BUG: msg_send: unknown proto %d\n", proto);
 			goto error;

globals.h

@@ -67,6 +67,11 @@ extern struct socket_info* sendipv4_tcp; /* ipv4 socket to use when msg.
 extern struct socket_info* sendipv6_tcp; /* same as above for ipv6 */
 extern int unix_tcp_sock; /* socket used for communication with tcp main*/
 #endif
+#ifdef USE_TLS
+extern struct socket_info* sendipv4_tls; /* ipv4 socket to use when msg.
+										comes from ipv6*/
+extern struct socket_info* sendipv6_tls; /* same as above for ipv6 */
+#endif
 
 extern unsigned int maxbuffer;
 extern int children_no;

msg_translator.c

@@ -1164,7 +1164,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
 	
 #ifdef USE_TCP
 	/* add id if tcp */
-	if (msg->rcv.proto==PROTO_TCP){
+	if (msg->rcv.proto==PROTO_TCP
+#ifdef USE_TLS
+			|| msg->rcv.proto==PROTO_TLS
+#endif
+			){
 		if  ((id_buf=id_builder(msg, &id_len))==0){
 			LOG(L_ERR, "ERROR: build_req_buf_from_sip_req:"
 							" id_builder failed\n");
@@ -1174,7 +1178,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
 		extra_params.len=id_len;
 	}
 	/* if sending proto == tcp, check if Content-Length needs to be added*/
-	if (proto==PROTO_TCP){
+	if (proto==PROTO_TCP
+#ifdef USE_TLS
+			|| proto==PROTO_TLS
+#endif
+			){
 		/* first of all parse content-length */
 		if (parse_headers(msg, HDR_CONTENTLENGTH, 0)==-1){
 			LOG(L_ERR, "build_req_buf_from_sip_req:"
@@ -1390,7 +1398,11 @@ char * build_res_buf_from_sip_res( struct sip_msg* msg,
 #ifdef USE_TCP
 
 	/* if sending proto == tcp, check if Content-Length needs to be added*/
-	if (msg->via2 && (msg->via2->proto==PROTO_TCP)){
+	if (msg->via2 && ((msg->via2->proto==PROTO_TCP)
+#ifdef USE_TLS
+				|| (msg->via2->proto==PROTO_TLS)
+#endif
+				)){
 		DBG("build_res_from_sip_res: checking content-length for \n%.*s\n",
 				(int)msg->len, msg->buf);
 		/* first of all parse content-length */
@@ -1872,6 +1884,8 @@ char* via_builder( unsigned int *len,
 		/* dop nothing */
 	}else if (proto==PROTO_TCP){
 		memcpy(line_buf+MY_VIA_LEN-4, "TCP ", 4);
+	}else if (proto==PROTO_TLS){
+		memcpy(line_buf+MY_VIA_LEN-4, "TLS", 4);
 	}else{
 		LOG(L_CRIT, "BUG: via_builder: unknown proto %d\n", proto);
 		return 0;

route_struct.h

@@ -64,6 +64,7 @@ enum { FORWARD_T=1, SEND_T, DROP_T, LOG_T, ERROR_T, ROUTE_T, EXEC_T,
 		REVERT_URI_T,
 		FORWARD_TCP_T,
 		FORWARD_UDP_T,
+		FORWARD_TLS_T,
 		SEND_TCP_T,
 		FORCE_RPORT_T
 };

tcp_main.c

@@ -368,7 +368,8 @@ void tcpconn_put(struct tcp_connection* c)
 
 
 /* finds a tcpconn & sends on it */
-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id)
+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,
+				int id)
 {
 	struct tcp_connection *c;
 	struct ip_addr ip;
@@ -406,7 +407,7 @@ no_id:
 		if (c==0){
 			DBG("tcp_send: no open tcp connection found, opening new one\n");
 			/* create tcp connection */
-			if ((c=tcpconn_connect(to, PROTO_TCP))==0){
+			if ((c=tcpconn_connect(to, type))==0){
 				LOG(L_ERR, "ERROR: tcp_send: connect failed\n");
 				return -1;
 			}
@@ -457,7 +458,12 @@ get_fd:
 send_it:
 	DBG("tcp_send: sending...\n");
 	lock_get(&c->write_lock);
-	n=send(fd, buf, len,
+#ifdef USE_TLS
+	if (c->type==PROTO_TLS)
+		n=tls_blocking_write(c, fd, buf, len);
+	else
+#endif
+		n=send(fd, buf, len,
 #ifdef HAVE_MSG_NOSIGNAL
 			MSG_NOSIGNAL
 #else

tcp_server.h

@@ -37,7 +37,8 @@
 struct tcp_connection* tcpconn_get(int id, struct ip_addr* ip, int port, 
 									int timeout);
 void tcpconn_put(struct tcp_connection* c);
-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id);
+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,
+			int id);