Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-26 15:28:28 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

First of the Networking REWORK checkings. I'm doing these is stages,

Browse Source 
so I can properly document what is being changed!

Revert / Merge : pqissl / pqissludp code.
   * restored original timeout system.
   * removed weird testing code - should never have been here!
   * switched extra checks to generate ALERT msgs - we want to know if they happen.
   * removed quietShutdown (breaks TLS protocol - why was this added?)
   * switched listening on all the time. (helps restore disconnects).
   * restored common connect parameters (removed duplicates in ssludp).
   * restored AuthSSL->Failed/CheckCertificate() calls ... useful.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3212 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob 2010-06-25 21:44:24 +00:00
parent afb1d24bc7
commit 69ba03dbd2
3 changed files with 78 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
libretroshare/src/pqi/pqissl.cc
View File

@ -61,7 +61,8 @@ const int PQISSL_REMOTE_FLAG = 0x02;
const int PQISSL_UDP_FLAG = 0x02;
***********/
static const int PQISSL_MAX_READ_ZERO_COUNT = 40;
static const int PQISSL_MAX_READ_ZERO_COUNT = 20;
static const int PQISSL_SSL_CONNECT_TIMEOUT = 30;
/********** PQI SSL STUFF ******************************************
*
@ -93,11 +94,11 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1),
pqil(l), // no init for remote_addr.
readpkt(NULL), pktlen(0),
attempt_ts(0),
net_attempt(0), net_failure(0), net_unreachable(0),
sameLAN(false), n_read_zero(0),
mConnectDelay(0), mConnectTS(0),
mConnectTimeout(0), mTimeoutTS(0), quietShutdown(false),
mConnMgr(cm)
mConnectTimeout(0), mTimeoutTS(0), mConnMgr(cm)
{
/* set address to zero */
@ -109,6 +110,21 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
rslog(RSL_ALERT, pqisslzone, out.str());
}
#if 0
if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId())))
{
rslog(RSL_ALERT, pqisslzone,
"pqissl::Warning Certificate Not Approved!");
rslog(RSL_ALERT, pqisslzone,
"\t pqissl will not initialise....");
}
#else
rslog(RSL_ALERT, pqisslzone,
"pqissl::Warning SSL Certificate Approval Not CHECKED??");
#endif
return;
}
@ -195,21 +211,15 @@ int pqissl::reset()
out << "\tssl_con: " << ssl_connection << std::endl;
out << std::endl;
bool neededReset = false;
bool neededReset = false;
if (ssl_connection != NULL && sockfd > 0)
if (ssl_connection != NULL)
{
out << "pqissl::reset() Shutting down SSL Connection";
out << std::endl;
if (quietShutdown) {
ssl_connection->quiet_shutdown = 1;
SSL_shutdown(ssl_connection);
} else {
ssl_connection->quiet_shutdown = 0;
SSL_shutdown(ssl_connection);
}
SSL_shutdown(ssl_connection);
SSL_free (ssl_connection);
quietShutdown = false;
neededReset = true;
}
@ -224,13 +234,11 @@ int pqissl::reset()
active = false;
sockfd = -1;
waiting = WAITING_NOT;
SSL_free (ssl_connection);
ssl_connection = NULL;
sameLAN = false;
n_read_zero = 0;
total_len = 0 ;
mTimeoutTS = 0;
listen();
if (neededReset)
{
@ -359,15 +367,7 @@ int pqissl::tick()
out << "Continuing Connection Attempt!";
rslog(RSL_DEBUG_BASIC, pqisslzone, out.str());
if (mTimeoutTS != 0 && time(NULL) > mTimeoutTS)
{
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() Connection Timed Out!");
/* as sockfd is valid, this should close it all up */
reset();
} else {
ConnectAttempt();
}
ConnectAttempt();
return 1;
}
}
@ -710,16 +710,6 @@ int pqissl::Basic_Connection_Complete()
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Basic_Connection_Complete()...");
#ifdef DEBUG_PQISSL_TUNNEL
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Basic_Connection_Complete() parent()->PeerId() : " + parent()->PeerId());
if (parent()->PeerId() == "a0f6dfa2478e327a5687eaffe68882d3" || parent()->PeerId() == "9a033552091254bf9875edabe0bfd0e2") {
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Basic_Connection_Complete() resetting connection for test purpose.");
reset();
}
#endif
/* new TimeOut code. */
if (time(NULL) > mTimeoutTS)
{
@ -738,14 +728,14 @@ int pqissl::Basic_Connection_Complete()
if (waiting != WAITING_SOCK_CONNECT)
{
rslog(RSL_DEBUG_BASIC, pqisslzone,
rslog(RSL_ALERT, pqisslzone,
"pqissl::Basic_Connection_Complete() Wrong Mode");
return -1;
}
if (sockfd == -1)
{
rslog(RSL_DEBUG_BASIC, pqisslzone,
rslog(RSL_ALERT, pqisslzone,
"pqissl::Basic_Connection_Complete() problem with the socket descriptor. Aborting");
reset();
return -1;
@ -759,9 +749,6 @@ int pqissl::Basic_Connection_Complete()
FD_ZERO(&WriteFDs);
FD_ZERO(&ExceptFDs);
if(sockfd < 0)
return -1 ;
FD_SET(sockfd, &ReadFDs);
FD_SET(sockfd, &WriteFDs);
FD_SET(sockfd, &ExceptFDs);
@ -948,16 +935,18 @@ int pqissl::Initiate_SSL_Connection()
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Initiate_SSL_Connection() Basic Connection Okay");
// setup timeout value.
ssl_connect_timeout = time(NULL) + PQISSL_SSL_CONNECT_TIMEOUT;
// Perform SSL magic.
// library already inited by sslroot().
SSL_CTX *ssl_ctx = AuthSSL::getAuthSSL()->getCTX();
SSL *ssl = SSL_new(ssl_ctx);
SSL *ssl = SSL_new(AuthSSL::getAuthSSL()->getCTX());
if (ssl == NULL)
{
rslog(RSL_ALERT, pqisslzone,
"pqissl::Initiate_SSL_Connection() SSL_new failed!");
exit(1);
return -1;
}
@ -966,7 +955,7 @@ int pqissl::Initiate_SSL_Connection()
ssl_connection = ssl;
net_internal_SSL_set_fd(ssl, sockfd);
net_internal_SSL_set_fd(ssl, sockfd);
if (err < 1)
{
std::ostringstream out;
@ -1046,7 +1035,7 @@ int pqissl::SSL_Connection_Complete()
out.str());
// attempt real error.
//Extract_Failed_SSL_Certificate();
Extract_Failed_SSL_Certificate();
reset();
waiting = WAITING_FAIL_INTERFACE;
@ -1073,7 +1062,7 @@ int pqissl::Extract_Failed_SSL_Certificate()
// Get the Peer Certificate....
X509 *peercert = SSL_get_peer_certificate(ssl_connection);
if (peercert == NULL)
if (peercert == NULL)
{
rslog(RSL_WARNING, pqisslzone,
"pqissl::Extract_Failed_SSL_Certificate() Peer Didnt Give Cert");
@ -1081,14 +1070,14 @@ int pqissl::Extract_Failed_SSL_Certificate()
}
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (anymore)");
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
//AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
return 1;
}
@ -1099,9 +1088,9 @@ int pqissl::Extract_Failed_SSL_Certificate()
int pqissl::Authorise_SSL_Connection()
{
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection()");
"pqissl::Authorise_SSL_Connection()");
if (time(NULL) > mTimeoutTS)
if (time(NULL) > ssl_connect_timeout)
{
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() Connection Timed Out!");
@ -1115,8 +1104,6 @@ int pqissl::Authorise_SSL_Connection()
return err;
}
stoplistening();
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() SSL_Connection_Complete");
@ -1149,8 +1136,38 @@ int pqissl::Authorise_SSL_Connection()
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() Have Peer Cert");
accept(ssl_connection, sockfd, remote_addr);
return 1;
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
bool certCorrect = true; /* WE know it okay already! */
// check it's the right one.
if (certCorrect)
{
// then okay...
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
accept(ssl_connection, sockfd, remote_addr);
return 1;
}
{
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
out << " Shutdown. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
}
// else shutdown ssl connection.
reset();
return 0;
}
int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.
@ -1343,7 +1360,6 @@ int pqissl::senddata(void *data, int len)
out << std::endl;
std::cerr << out.str() ;
rslog(RSL_ALERT, pqisslzone, out.str());
quietShutdown = true;
reset();
return -1;
}
@ -1447,7 +1463,6 @@ int pqissl::readdata(void *data, int len)
if (PQISSL_MAX_READ_ZERO_COUNT < n_read_zero)
{
out << "Count passed Limit, shutting down!";
quietShutdown = true;
reset();
}
@ -1464,8 +1479,7 @@ int pqissl::readdata(void *data, int len)
out << "Socket Closed Abruptly.... Resetting PQIssl";
out << std::endl;
rslog(RSL_ALERT, pqisslzone, out.str());
quietShutdown = true;
reset();
reset();
std::cerr << out.str() << std::endl ;
return -1;
}
@ -1605,7 +1619,7 @@ bool pqissl::moretoread()
bool pqissl::cansend()
{
if (n_read_zero > 0) {
rslog(RSL_DEBUG_ALL, pqisslzone,
rslog(RSL_ALERT, pqisslzone,
"pqissl::cansend() read socket returns 0, so we don't wanna send know.");
return false;
}

5
libretroshare/src/pqi/pqissl.h
View File

@ -177,7 +177,7 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
int pktlen;
int total_len ; // saves the reading state accross successive calls.
//int attempt_ts;
int attempt_ts;
// Some flags to indicate
// the status of the various interfaces
@ -190,13 +190,12 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
int n_read_zero; /* a counter to determine if the connection is really dead */
//int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */
int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */
uint32_t mConnectDelay;
time_t mConnectTS;
uint32_t mConnectTimeout;
time_t mTimeoutTS;
bool quietShutdown;
p3ConnectMgr *mConnMgr;

22
libretroshare/src/pqi/pqissludp.cc
View File

@ -253,7 +253,7 @@ int pqissludp::Basic_Connection_Complete()
{
std::ostringstream out;
out << "pqissludp::Basic_Connection_Complete() Connection Timed Out. ";
out << "Peer: " << PeerId() << " Timeout: ";
out << "Peer: " << PeerId() << " Period: ";
out << mConnectTimeout;
rslog(RSL_WARNING, pqissludpzone, out.str());
@ -411,25 +411,11 @@ bool pqissludp::connect_parameter(uint32_t type, uint32_t value)
std::ostringstream out;
out << "pqissludp::connect_parameter() Peer: " << PeerId() << " PERIOD: " << value;
rslog(RSL_WARNING, pqissludpzone, out.str());
mConnectPeriod = value;
return true;
}else if (type == NET_PARAM_CONNECT_DELAY)
{
std::ostringstream out;
out << "pqissludp::connect_parameter() Peer: " << PeerId() << " DELAY: " << value;
rslog(RSL_WARNING, pqissludpzone, out.str());
mConnectDelay = value;
return true;
}
else if (type == NET_PARAM_CONNECT_TIMEOUT)
{
std::ostringstream out;
out << "pqissludp::connect_parameter() Peer: " << PeerId() << " TIMEOUT: " << value;
rslog(RSL_WARNING, pqissludpzone, out.str());
mConnectTimeout = value;
return true;
}
return pqissl::connect_parameter(type, value);
}
return pqissl::connect_parameter(type, value);
}
/********** PQI STREAMER OVERLOADING *********************************/