Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-04 12:00:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move ssl proto to its own file, but still needs more refactoring to decouple ssl from other protocols, especially tcp

Browse Source 
Rename and clean up
This commit is contained in:
Soner Tari 2018-10-16 03:37:07 +03:00
parent 8fc9b0a44d
commit 0c55600ec7
8 changed files with 1191 additions and 1108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
protoautossl.c
View File

@ -28,6 +28,7 @@
#include "protoautossl.h"
#include "prototcp.h"
#include "protossl.h"
#include "pxysslshut.h"
@ -73,7 +74,7 @@ protoautossl_peek_and_upgrade(pxy_conn_ctx_t *ctx)
log_dbg_printf("Peek found ClientHello\n");
}
ctx->srv_dst.ssl = pxy_dstssl_create(ctx);
ctx->srv_dst.ssl = protossl_dstssl_create(ctx);
if (!ctx->srv_dst.ssl) {
log_err_level_printf(LOG_CRIT, "Error creating SSL for upgrade\n");
// @todo Should we close the connection?
@ -143,7 +144,7 @@ protoautossl_enable_src(pxy_conn_ctx_t *ctx)
log_dbg_printf("Completing autossl upgrade\n");
}
int rv;
if ((rv = pxy_setup_src_ssl(ctx)) != 0) {
if ((rv = protossl_setup_src(ctx)) != 0) {
return rv;
}
if (pxy_setup_new_src(ctx) == -1) {
@ -392,7 +393,7 @@ protoautossl_bev_readcb_complete_child(pxy_conn_child_ctx_t *ctx)
log_dbg_printf("Completing autossl upgrade on child conn\n");
}
ctx->dst.ssl = pxy_dstssl_create(ctx->conn);
ctx->dst.ssl = protossl_dstssl_create(ctx->conn);
if (!ctx->dst.ssl) {
log_err_level_printf(LOG_CRIT, "protoautossl_bev_readcb_complete_child: Error creating SSL for upgrade\n");
ctx->conn->enomem = 1;
@ -599,7 +600,7 @@ protoautossl_conn_connect(pxy_conn_ctx_t *ctx)
bufferevent_enable(ctx->dst.bev, EV_READ|EV_WRITE);
/* create server-side socket and eventbuffer */
if (pxy_setup_srv_dst_ssl(ctx) == -1) {
if (protossl_setup_srv_dst(ctx) == -1) {
return;
}
if (pxy_setup_srv_dst(ctx) == -1) {
@ -630,7 +631,7 @@ protoautossl_connect_child(pxy_conn_child_ctx_t *ctx)
/* create server-side socket and eventbuffer */
// Children rely on the findings of parent
if (autossl_ctx->clienthello_found) {
ctx->dst.ssl = pxy_dstssl_create(ctx->conn);
ctx->dst.ssl = protossl_dstssl_create(ctx->conn);
if (!ctx->dst.ssl) {
log_err_level_printf(LOG_CRIT, "Error creating SSL\n");
// pxy_conn_free()>pxy_conn_free_child() will close the fd, since we have a non-NULL src.bev now

5
protohttp.c
View File

@ -27,6 +27,7 @@
*/
#include "protohttp.h"
#include "protossl.h"
#include "util.h"
#include "base64.h"
@ -899,7 +900,7 @@ protohttps_setup(pxy_conn_ctx_t *ctx)
ctx->protoctx->fd_readcb = protossl_fd_readcb;
ctx->protoctx->bev_readcb = protohttp_bev_readcb;
ctx->protoctx->bufferevent_free_and_close_fd = bufferevent_free_and_close_fd_ssl;
ctx->protoctx->bufferevent_free_and_close_fd = protossl_bufferevent_free_and_close_fd;
ctx->protoctx->proto_free = protohttps_free;
ctx->protoctx->arg = malloc(sizeof(protohttp_ctx_t));
@ -945,7 +946,7 @@ protohttps_setup_child(pxy_conn_child_ctx_t *ctx)
ctx->protoctx->connectcb = protossl_connect_child;
ctx->protoctx->bev_readcb = protohttp_bev_readcb_child;
ctx->protoctx->bufferevent_free_and_close_fd = bufferevent_free_and_close_fd_ssl;
ctx->protoctx->bufferevent_free_and_close_fd = protossl_bufferevent_free_and_close_fd;
ctx->protoctx->proto_free = protohttp_free_child;
ctx->protoctx->arg = malloc(sizeof(protohttp_ctx_t));

32
protopassthrough.c
View File

@ -28,6 +28,8 @@
#include "protopassthrough.h"
#include "prototcp.h"
// XXX
#include "protossl.h"
#include <sys/param.h>
@ -80,7 +82,7 @@ protopassthrough_bev_writecb_src(struct bufferevent *bev, void *arg)
#endif /* DEBUG_PROXY */
if (ctx->srv_dst.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd_nonssl)) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx, &prototcp_bufferevent_free_and_close_fd)) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "protopassthrough_bev_writecb_src: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -102,7 +104,7 @@ protopassthrough_bev_writecb_srv_dst(struct bufferevent *bev, void *arg)
pxy_connect_srv_dst(bev, ctx);
if (ctx->src.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &bufferevent_free_and_close_fd_nonssl) == 1) {
if (pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &prototcp_bufferevent_free_and_close_fd) == 1) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "protopassthrough_bev_writecb_srv_dst: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -221,7 +223,7 @@ protopassthrough_engage(pxy_conn_ctx_t *ctx)
// We get srv_dst writecb while ssl shutdown is still in progress, and srv_dst readcb never fires
//bufferevent_free_and_close_fd(ctx->srv_dst.bev, ctx);
SSL_free(ctx->srv_dst.ssl);
bufferevent_free_and_close_fd_nonssl(ctx->srv_dst.bev, ctx);
prototcp_bufferevent_free_and_close_fd(ctx->srv_dst.bev, ctx);
ctx->srv_dst.bev = NULL;
ctx->srv_dst.ssl = NULL;
ctx->connected = 0;
@ -230,7 +232,7 @@ protopassthrough_engage(pxy_conn_ctx_t *ctx)
// Close and free dst if open
if (!ctx->dst.closed) {
ctx->dst.closed = 1;
bufferevent_free_and_close_fd_nonssl(ctx->dst.bev, ctx);
prototcp_bufferevent_free_and_close_fd(ctx->dst.bev, ctx);
ctx->dst.bev = NULL;
ctx->dst_fd = 0;
}
@ -256,12 +258,12 @@ protopassthrough_bev_eventcb_eof_src(struct bufferevent *bev, pxy_conn_ctx_t *ct
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "protopassthrough_bev_eventcb_eof_src: !other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->src, &bufferevent_free_and_close_fd_nonssl, &ctx->srv_dst, 1);
pxy_disconnect(ctx, &ctx->src, &prototcp_bufferevent_free_and_close_fd, &ctx->srv_dst, 1);
}
static void
@ -281,12 +283,12 @@ protopassthrough_bev_eventcb_eof_srv_dst(struct bufferevent *bev, pxy_conn_ctx_t
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "protopassthrough_bev_eventcb_eof_srv_dst: !other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->srv_dst, &bufferevent_free_and_close_fd_nonssl, &ctx->src, 0);
pxy_disconnect(ctx, &ctx->srv_dst, &prototcp_bufferevent_free_and_close_fd, &ctx->src, 0);
}
static void
@ -298,18 +300,19 @@ protopassthrough_bev_eventcb_error_src(struct bufferevent *bev, pxy_conn_ctx_t *
#endif /* DEBUG_PROXY */
log_err_printf("protopassthrough_bev_eventcb_error_src: Client-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx);
// XXX
protossl_log_ssl_error(bev, ctx);
ctx->thr->errors++;
if (!ctx->connected) {
ctx->srv_dst.closed = 1;
} else if (!ctx->srv_dst.closed) {
pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->srv_dst, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->src, &bufferevent_free_and_close_fd_nonssl, &ctx->srv_dst, 1);
pxy_disconnect(ctx, &ctx->src, &prototcp_bufferevent_free_and_close_fd, &ctx->srv_dst, 1);
}
static void
@ -321,18 +324,19 @@ protopassthrough_bev_eventcb_error_srv_dst(struct bufferevent *bev, pxy_conn_ctx
#endif /* DEBUG_PROXY */
log_err_printf("protopassthrough_bev_eventcb_error_srv_dst: Client-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx);
// XXX
protossl_log_ssl_error(bev, ctx);
ctx->thr->errors++;
if (!ctx->connected) {
ctx->src.closed = 1;
} else if (!ctx->src.closed) {
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->srv_dst, &bufferevent_free_and_close_fd_nonssl, &ctx->src, 0);
pxy_disconnect(ctx, &ctx->srv_dst, &prototcp_bufferevent_free_and_close_fd, &ctx->src, 0);
}
void

1048
protossl.c Normal file
View File

File diff suppressed because it is too large Load Diff

51
protossl.h Normal file
View File

@ -0,0 +1,51 @@
/*-
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef PROTOSSL_H
#define PROTOSSL_H
#include "pxyconn.h"
int protossl_log_masterkey(pxy_conn_ctx_t *, pxy_conn_desc_t *);
void protossl_log_ssl_error(struct bufferevent *, pxy_conn_ctx_t *);
void protossl_srccert_write(pxy_conn_ctx_t *);
SSL *protossl_dstssl_create(pxy_conn_ctx_t *);
int protossl_setup_src(pxy_conn_ctx_t *);
int protossl_setup_srv_dst(pxy_conn_ctx_t *);
void protossl_bufferevent_free_and_close_fd(struct bufferevent *, pxy_conn_ctx_t *);
void protossl_fd_readcb(evutil_socket_t, short, void *);
void protossl_connect_child(pxy_conn_child_ctx_t *);
void protossl_free(pxy_conn_ctx_t *) NONNULL(1);
enum protocol protossl_setup(pxy_conn_ctx_t *);
enum protocol protossl_setup_child(pxy_conn_child_ctx_t *);
#endif /* PROTOSSL_H */

63
prototcp.c
View File

@ -28,6 +28,8 @@
#include "prototcp.h"
#include "protopassthrough.h"
// XXX
#include "protossl.h"
#include <sys/param.h>
#include <event2/bufferevent_ssl.h>
@ -66,7 +68,8 @@ prototcp_conn_connect(pxy_conn_ctx_t *ctx)
bufferevent_enable(ctx->dst.bev, EV_READ|EV_WRITE);
/* create server-side socket and eventbuffer */
if (pxy_setup_srv_dst_ssl(ctx) == -1) {
// XXX
if (protossl_setup_srv_dst(ctx) == -1) {
return;
}
if (pxy_setup_srv_dst(ctx) == -1) {
@ -315,7 +318,7 @@ prototcp_bev_writecb_src(struct bufferevent *bev, void *arg)
#endif /* DEBUG_PROXY */
if (ctx->dst.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd) == 1) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx, &pxy_bufferevent_free_and_close_fd) == 1) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_writecb_src: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -367,7 +370,7 @@ prototcp_bev_writecb_dst(struct bufferevent *bev, void *arg)
prototcp_connect_dst(bev, ctx);
if (ctx->src.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &bufferevent_free_and_close_fd_nonssl) == 1) {
if (pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &prototcp_bufferevent_free_and_close_fd) == 1) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_writecb_dst: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -400,7 +403,7 @@ prototcp_bev_writecb_src_child(struct bufferevent *bev, void *arg)
ctx->conn->atime = time(NULL);
if (ctx->dst.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &bufferevent_free_and_close_fd_nonssl) == 1) {
if (pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &prototcp_bufferevent_free_and_close_fd) == 1) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_writecb_child_src: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -425,7 +428,7 @@ prototcp_bev_writecb_dst_child(struct bufferevent *bev, void *arg)
prototcp_connect_dst_child(bev, ctx);
if (ctx->src.closed) {
if (pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &bufferevent_free_and_close_fd) == 1) {
if (pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &pxy_bufferevent_free_and_close_fd) == 1) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_writecb_child_dst: other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
@ -442,9 +445,10 @@ prototcp_enable_src(pxy_conn_ctx_t *ctx)
{
ctx->connected = 1;
// XXX
if (ctx->spec->ssl) {
int rv;
if ((rv = pxy_setup_src_ssl(ctx)) != 0) {
if ((rv = protossl_setup_src(ctx)) != 0) {
return rv;
}
}
@ -553,12 +557,12 @@ prototcp_bev_eventcb_eof_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_eventcb_eof_src: !other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->src, &bufferevent_free_and_close_fd, &ctx->dst, 1);
pxy_disconnect(ctx, &ctx->src, &pxy_bufferevent_free_and_close_fd, &ctx->dst, 1);
}
void
@ -578,12 +582,12 @@ prototcp_bev_eventcb_eof_dst(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_eventcb_eof_dst: !other->closed, terminate conn, fd=%d\n", ctx->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &pxy_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->dst, &bufferevent_free_and_close_fd_nonssl, &ctx->src, 0);
pxy_disconnect(ctx, &ctx->dst, &prototcp_bufferevent_free_and_close_fd, &ctx->src, 0);
}
void
@ -605,18 +609,19 @@ prototcp_bev_eventcb_error_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
#endif /* DEBUG_PROXY */
log_err_printf("pxy_bev_eventcb_error_src: Client-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx);
// XXX
protossl_log_ssl_error(bev, ctx);
ctx->thr->errors++;
if (!ctx->connected) {
ctx->dst.closed = 1;
} else if (!ctx->dst.closed) {
pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->src, &bufferevent_free_and_close_fd, &ctx->dst, 1);
pxy_disconnect(ctx, &ctx->src, &pxy_bufferevent_free_and_close_fd, &ctx->dst, 1);
}
void
@ -627,18 +632,19 @@ prototcp_bev_eventcb_error_dst(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
#endif /* DEBUG_PROXY */
log_err_printf("pxy_bev_eventcb_error_dst: Client-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx);
// XXX
protossl_log_ssl_error(bev, ctx);
ctx->thr->errors++;
if (!ctx->connected) {
ctx->src.closed = 1;
} else if (!ctx->src.closed) {
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &bufferevent_free_and_close_fd);
pxy_close_conn_end_ifnodata(&ctx->src, ctx, &pxy_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect(ctx);
pxy_disconnect(ctx, &ctx->dst, &bufferevent_free_and_close_fd_nonssl, &ctx->src, 0);
pxy_disconnect(ctx, &ctx->dst, &prototcp_bufferevent_free_and_close_fd, &ctx->src, 0);
}
void
@ -649,7 +655,8 @@ prototcp_bev_eventcb_error_srv_dst(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
#endif /* DEBUG_PROXY */
log_err_printf("pxy_bev_eventcb_error_srv_dst: Client-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx);
// XXX
protossl_log_ssl_error(bev, ctx);
ctx->thr->errors++;
if (!ctx->connected) {
@ -720,10 +727,10 @@ prototcp_bev_eventcb_eof_src_child(struct bufferevent *bev, pxy_conn_child_ctx_t
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_eventcb_child_eof_src: !other->closed, terminate conn, fd=%d, conn fd=%d\n", ctx->fd, ctx->conn->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input_child(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &bufferevent_free_and_close_fd);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &pxy_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect_child(ctx);
pxy_disconnect_child(ctx, &ctx->src, &bufferevent_free_and_close_fd_nonssl, &ctx->dst);
pxy_disconnect_child(ctx, &ctx->src, &prototcp_bufferevent_free_and_close_fd, &ctx->dst);
}
void
@ -748,10 +755,10 @@ prototcp_bev_eventcb_eof_dst_child(struct bufferevent *bev, pxy_conn_child_ctx_t
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "pxy_bev_eventcb_child_eof_dst: !other->closed, terminate conn, fd=%d, conn fd=%d\n", ctx->fd, ctx->conn->fd);
#endif /* DEBUG_PROXY */
pxy_consume_last_input_child(bev, ctx);
pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect_child(ctx);
pxy_disconnect_child(ctx, &ctx->dst, &bufferevent_free_and_close_fd, &ctx->src);
pxy_disconnect_child(ctx, &ctx->dst, &pxy_bufferevent_free_and_close_fd, &ctx->src);
}
static void
@ -763,7 +770,8 @@ prototcp_bev_eventcb_error_src_child(struct bufferevent *bev, pxy_conn_child_ctx
log_dbg_level_printf(LOG_DBG_MODE_FINER, "pxy_bev_eventcb_child_error_src: BEV_EVENT_ERROR, fd=%d, conn fd=%d\n", ctx->fd, ctx->conn->fd);
#endif /* DEBUG_PROXY */
log_err_printf("Server-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx->conn);
// XXX
protossl_log_ssl_error(bev, ctx->conn);
ctx->conn->thr->errors++;
if (!ctx->connected) {
@ -775,10 +783,10 @@ prototcp_bev_eventcb_error_src_child(struct bufferevent *bev, pxy_conn_child_ctx
/* if the other end is still open and doesn't have data
* to send, close it, otherwise its writecb will close
* it after writing what's left in the output buffer */
pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &bufferevent_free_and_close_fd);
pxy_close_conn_end_ifnodata(&ctx->dst, ctx->conn, &pxy_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect_child(ctx);
pxy_disconnect_child(ctx, &ctx->src, &bufferevent_free_and_close_fd_nonssl, &ctx->dst);
pxy_disconnect_child(ctx, &ctx->src, &prototcp_bufferevent_free_and_close_fd, &ctx->dst);
}
void
@ -790,7 +798,8 @@ prototcp_bev_eventcb_error_dst_child(struct bufferevent *bev, pxy_conn_child_ctx
log_dbg_level_printf(LOG_DBG_MODE_FINER, "pxy_bev_eventcb_child_error_dst: BEV_EVENT_ERROR, fd=%d, conn fd=%d\n", ctx->fd, ctx->conn->fd);
#endif /* DEBUG_PROXY */
log_err_printf("Server-side BEV_EVENT_ERROR\n");
pxy_log_err_ssl_error(bev, ctx->conn);
// XXX
protossl_log_ssl_error(bev, ctx->conn);
ctx->conn->thr->errors++;
if (!ctx->connected) {
@ -802,10 +811,10 @@ prototcp_bev_eventcb_error_dst_child(struct bufferevent *bev, pxy_conn_child_ctx
/* if the other end is still open and doesn't have data
* to send, close it, otherwise its writecb will close
* it after writing what's left in the output buffer */
pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &bufferevent_free_and_close_fd_nonssl);
pxy_close_conn_end_ifnodata(&ctx->src, ctx->conn, &prototcp_bufferevent_free_and_close_fd);
}
pxy_log_dbg_disconnect_child(ctx);
pxy_disconnect_child(ctx, &ctx->dst, &bufferevent_free_and_close_fd, &ctx->src);
pxy_disconnect_child(ctx, &ctx->dst, &pxy_bufferevent_free_and_close_fd, &ctx->src);
}
void

1071
pxyconn.c
View File

File diff suppressed because it is too large Load Diff

18
pxyconn.h
View File

@ -307,12 +307,6 @@ void pxy_log_dbg_evbuf_info(pxy_conn_ctx_t *, pxy_conn_desc_t *, pxy_conn_desc_t
void pxy_log_dbg_disconnect(pxy_conn_ctx_t *);
void pxy_log_dbg_disconnect_child(pxy_conn_child_ctx_t *);
void pxy_log_err_ssl_error(struct bufferevent *, pxy_conn_ctx_t *);
void bufferevent_free_and_close_fd(struct bufferevent *, pxy_conn_ctx_t *);
void bufferevent_free_and_close_fd_ssl(struct bufferevent *, pxy_conn_ctx_t *);
void bufferevent_free_and_close_fd_nonssl(struct bufferevent *, pxy_conn_ctx_t *);
void pxy_discard_inbuf(struct bufferevent *);
int pxy_set_dstaddr(pxy_conn_ctx_t *);
unsigned char *pxy_malloc_packet(size_t, pxy_conn_ctx_t *);
@ -323,15 +317,11 @@ void pxy_remove_sslproxy_header(unsigned char *, size_t *, pxy_conn_child_ctx_t
void pxy_set_watermark(struct bufferevent *, pxy_conn_ctx_t *, struct bufferevent *);
void pxy_unset_watermark(struct bufferevent *, pxy_conn_ctx_t *, pxy_conn_desc_t *);
SSL *pxy_dstssl_create(pxy_conn_ctx_t *);
int pxy_setup_src(pxy_conn_ctx_t *);
int pxy_setup_src_ssl(pxy_conn_ctx_t *);
int pxy_setup_new_src(pxy_conn_ctx_t *);
int pxy_setup_dst(pxy_conn_ctx_t *);
int pxy_setup_srv_dst(pxy_conn_ctx_t *);
int pxy_setup_srv_dst_ssl(pxy_conn_ctx_t *);
struct bufferevent *pxy_bufferevent_setup_child(pxy_conn_child_ctx_t *, evutil_socket_t, SSL *) NONNULL(1);
@ -356,6 +346,8 @@ void pxy_bev_readcb_child(struct bufferevent *, void *);
void pxy_bev_writecb_child(struct bufferevent *, void *);
void pxy_bev_eventcb_child(struct bufferevent *, short, void *);
void pxy_bufferevent_free_and_close_fd(struct bufferevent *, pxy_conn_ctx_t *);
void pxy_connect_srv_dst(struct bufferevent *, pxy_conn_ctx_t *);
void pxy_conn_connect(pxy_conn_ctx_t *);
@ -366,13 +358,11 @@ void pxy_conn_setup(evutil_socket_t, struct sockaddr *, int,
evutil_socket_t)
NONNULL(2,4,5,6);
void pxy_conn_ctx_free(pxy_conn_ctx_t *, int) NONNULL(1);
void pxy_conn_free(pxy_conn_ctx_t *, int) NONNULL(1);
void pxy_conn_free_child(pxy_conn_child_ctx_t *) NONNULL(1);
void protossl_fd_readcb(evutil_socket_t, short, void *);
void protossl_connect_child(pxy_conn_child_ctx_t *);
void protossl_free(pxy_conn_ctx_t *) NONNULL(1);
#endif /* !PXYCONN_H */
/* vim: set noet ft=c: */