#include <sys/types.h>
#include <sys/socket.h>
#include <getopt.h>
+#include <errno.h>
+#include <string.h>
#include <library.h>
#include <debug.h>
static void usage(FILE *out, char *cmd)
{
fprintf(out, "usage:\n");
- fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+\n", cmd);
- fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ --oneshot\n", cmd);
+ fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+ [--times <n>]\n", cmd);
+ fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd);
}
/**
- * Stream between stdio and TLS socket
+ * Client routine
*/
-static int stream(int fd, tls_socket_t *tls)
+static int client(host_t *host, identification_t *server,
+ int times, tls_cache_t *cache)
{
- while (TRUE)
- {
- fd_set set;
- chunk_t data;
-
- FD_ZERO(&set);
- FD_SET(fd, &set);
- FD_SET(0, &set);
+ tls_socket_t *tls;
+ int fd, res;
- if (select(fd + 1, &set, NULL, NULL, NULL) == -1)
+ while (times == -1 || times-- > 0)
+ {
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
{
+ DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
return 1;
}
- if (FD_ISSET(fd, &set))
+ if (connect(fd, host->get_sockaddr(host),
+ *host->get_sockaddr_len(host)) == -1)
{
- if (!tls->read(tls, &data))
- {
- fprintf(stderr, "TLS read error\n");
- return 1;
- }
- if (data.len)
- {
- ignore_result(write(0, data.ptr, data.len));
- free(data.ptr);
- }
+ DBG1(DBG_TLS, "connecting to %#H failed: %s", host, strerror(errno));
+ close(fd);
+ return 1;
}
- if (FD_ISSET(0, &set))
+ tls = tls_socket_create(FALSE, server, NULL, fd, cache);
+ if (!tls)
{
- char buf[1024];
- ssize_t len;
-
- len = read(0, buf, sizeof(buf));
- if (len == 0)
- {
- return 0;
- }
- if (len > 0)
- {
- if (!tls->write(tls, chunk_create(buf, len)))
- {
- fprintf(stderr, "TLS write error\n");
- return 1;
- }
- }
+ close(fd);
+ return 1;
+ }
+ res = tls->splice(tls, 0, 1) ? 0 : 1;
+ tls->destroy(tls);
+ close(fd);
+ if (res)
+ {
+ break;
}
}
+ return res;
}
/**
- * Client routine
+ * Server routine
*/
-static int client(int fd, host_t *host, identification_t *server)
+static int serve(host_t *host, identification_t *server,
+ int times, tls_cache_t *cache)
{
tls_socket_t *tls;
- int res;
+ int fd, cfd;
- if (connect(fd, host->get_sockaddr(host),
- *host->get_sockaddr_len(host)) == -1)
- {
- fprintf(stderr, "connecting to %#H failed: %m\n", host);
- return 1;
- }
- tls = tls_socket_create(FALSE, server, NULL, fd);
- if (!tls)
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
{
+ DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
return 1;
}
- res = stream(fd, tls);
- tls->destroy(tls);
- return res;
-}
-
-/**
- * Server routine
- */
-static int serve(int fd, host_t *host, identification_t *server, bool oneshot)
-{
- tls_socket_t *tls;
- int cfd;
-
if (bind(fd, host->get_sockaddr(host),
*host->get_sockaddr_len(host)) == -1)
{
- fprintf(stderr, "binding to %#H failed: %m\n", host);
+ DBG1(DBG_TLS, "binding to %#H failed: %s", host, strerror(errno));
+ close(fd);
return 1;
}
if (listen(fd, 1) == -1)
{
- fprintf(stderr, "listen to %#H failed: %m\n", host);
+ DBG1(DBG_TLS, "listen to %#H failed: %m", host, strerror(errno));
+ close(fd);
return 1;
}
- do
+ while (times == -1 || times-- > 0)
{
cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
if (cfd == -1)
{
- fprintf(stderr, "accept failed: %m\n");
+ DBG1(DBG_TLS, "accept failed: %s", strerror(errno));
+ close(fd);
return 1;
}
- fprintf(stderr, "%#H connected\n", host);
+ DBG1(DBG_TLS, "%#H connected", host);
- tls = tls_socket_create(TRUE, server, NULL, cfd);
+ tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
if (!tls)
{
+ close(fd);
return 1;
}
- stream(cfd, tls);
- fprintf(stderr, "%#H disconnected\n", host);
+ tls->splice(tls, 0, 1);
+ DBG1(DBG_TLS, "%#H disconnected", host);
tls->destroy(tls);
}
- while (!oneshot);
+ close(fd);
return 0;
}
BUILD_FROM_FILE, filename, BUILD_END);
if (!cert)
{
- fprintf(stderr, "loading certificate from '%s' failed\n", filename);
+ DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
return FALSE;
}
creds->add_cert(creds, TRUE, cert);
BUILD_FROM_FILE, filename, BUILD_END);
if (!key)
{
- fprintf(stderr, "loading key from '%s' failed\n", filename);
+ DBG1(DBG_TLS, "loading key from '%s' failed", filename);
return FALSE;
}
creds->add_key(creds, key);
}
/**
+ * TLS debug level
+ */
+static level_t tls_level = 1;
+
+static void dbg_tls(debug_t group, level_t level, char *fmt, ...)
+{
+ if ((group == DBG_TLS && level <= tls_level) || level <= 1)
+ {
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+}
+
+/**
* Cleanup
*/
static void cleanup()
static void init()
{
library_init(NULL);
+
+ dbg = dbg_tls;
+
lib->plugins->load(lib->plugins, NULL, PLUGINS);
creds = mem_cred_create();
int main(int argc, char *argv[])
{
char *address = NULL;
- bool listen = FALSE, oneshot = FALSE;
- int port = 0, fd, res;
+ bool listen = FALSE;
+ int port = 0, times = -1, res;
identification_t *server;
+ tls_cache_t *cache;
host_t *host;
init();
{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' },
- {"oneshot", no_argument, NULL, 'o' },
+ {"times", required_argument, NULL, 't' },
+ {"debug", required_argument, NULL, 'd' },
{0,0,0,0 }
};
switch (getopt_long(argc, argv, "", long_opts, NULL))
case 'p':
port = atoi(optarg);
continue;
- case 'o':
- oneshot = TRUE;
+ case 't':
+ times = atoi(optarg);
+ continue;
+ case 'd':
+ tls_level = atoi(optarg);
continue;
default:
usage(stderr, argv[0]);
usage(stderr, argv[0]);
return 1;
}
- if (oneshot && !listen)
- {
- usage(stderr, argv[0]);
- return 1;
- }
-
- fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fd == -1)
- {
- fprintf(stderr, "opening socket failed: %m\n");
- return 1;
- }
host = host_create_from_dns(address, 0, port);
if (!host)
{
- fprintf(stderr, "resolving hostname %s failed\n", address);
- close(fd);
+ DBG1(DBG_TLS, "resolving hostname %s failed", address);
return 1;
}
server = identification_create_from_string(address);
+ cache = tls_cache_create(100, 30);
if (listen)
{
- res = serve(fd, host, server, oneshot);
+ res = serve(host, server, times, cache);
}
else
{
- res = client(fd, host, server);
+ res = client(host, server, times, cache);
}
- close(fd);
+ cache->destroy(cache);
host->destroy(host);
server->destroy(server);
return res;
projects / strongswan.git / blobdiff