#define MAX_REQUESTS 256
#define REQUEST_RETRY_INTERVAL 5
#define REQUEST_RETRY_COUNT 2
+#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
#define MAX_CERT_DEPTH 5
#define STATUS_SERVER_PERIOD 25
#define IDLE_TIMEOUT 300
+/* 27262 is vendor DANTE Ltd. */
+#define DEFAULT_TTL_ATTR "27262:1"
+
#define RAD_UDP 0
#define RAD_TLS 1
#define RAD_TCP 2
#define RAD_DTLS 3
+#define RAD_PROTOCOUNT 4
struct options {
- char **listenudp;
- char **listentcp;
- char **listentls;
- char **listendtls;
- char **listenaccudp;
- char *sourceudp;
- char *sourcetcp;
- char *sourcetls;
- char *sourcedtls;
+ char **listenargs[RAD_PROTOCOUNT];
+ char *sourcearg[RAD_PROTOCOUNT];
char *logdestination;
+ char *ttlattr;
+ uint32_t ttlattrtype[2];
+ uint8_t addttl;
uint8_t loglevel;
uint8_t loopprevention;
};
-/* requests that our client will send */
struct request {
- unsigned char *buf;
+ struct timeval created;
+ uint32_t refcount;
+ uint8_t *buf, *replybuf;
struct radmsg *msg;
- uint8_t tries;
- uint8_t received;
- struct timeval expiry;
struct client *from;
+ struct server *to;
char *origusername;
- uint8_t origid; /* used by servwr */
- char origauth[16]; /* used by servwr */
- struct sockaddr_storage fromsa; /* used by udpservwr */
- int fromudpsock; /* used by udpservwr */
+ uint8_t rqid;
+ uint8_t rqauth[16];
+ uint8_t newid;
+ int udpsock; /* only for UDP */
+ uint16_t udpport; /* only for UDP */
};
-/* replies that a server will send */
-struct reply {
- unsigned char *buf;
- struct sockaddr_storage tosa; /* used by udpservwr */
- int toudpsock; /* used by udpservwr */
+/* requests that our client will send */
+struct rqout {
+ pthread_mutex_t *lock;
+ struct request *rq;
+ uint8_t tries;
+ struct timeval expiry;
};
struct queue {
uint8_t statusserver;
uint8_t retryinterval;
uint8_t retrycount;
+ uint8_t dupinterval;
uint8_t certnamecheck;
- SSL_CTX *ssl_ctx;
+ uint8_t addttl;
struct rewrite *rewritein;
struct rewrite *rewriteout;
struct addrinfo *addrinfo;
uint8_t prefixlen;
+ pthread_mutex_t *lock; /* only used for updating clients so far */
+ struct tls *tlsconf;
struct list *clients;
struct server *servers;
};
struct client {
struct clsrvconf *conf;
- int sock; /* for tcp/dtls */
+ int sock;
SSL *ssl;
+ struct request *rqs[MAX_REQUESTS];
struct queue *replyq;
struct queue *rbios; /* for dtls */
- struct sockaddr *addr; /* for udp */
+ struct sockaddr *addr;
+ time_t expiry; /* for udp */
};
struct server {
char *dynamiclookuparg;
int nextid;
struct timeval lastrcv;
- struct request *requests;
+ struct rqout *requests;
uint8_t newrq;
pthread_mutex_t newrq_mutex;
pthread_cond_t newrq_cond;
char *message;
uint8_t accresp;
regex_t regex;
- pthread_mutex_t subrealms_mutex;
+ uint32_t refcount;
+ pthread_mutex_t mutex;
+ struct realm *parent;
struct list *subrealms;
struct list *srvconfs;
struct list *accsrvconfs;
char *certkeyfile;
char *certkeypwd;
uint8_t crlcheck;
+ char **policyoids;
+ uint32_t cacheexpiry;
+ uint32_t tlsexpiry;
+ uint32_t dtlsexpiry;
+ X509_VERIFY_PARAM *vpm;
SSL_CTX *tlsctx;
SSL_CTX *dtlsctx;
};
struct protodefs {
char *name;
char *secretdefault;
- uint8_t socktype;
+ int socktype;
char *portdefault;
uint8_t retrycountdefault;
uint8_t retrycountmax;
uint8_t retryintervaldefault;
uint8_t retryintervalmax;
+ uint8_t duplicateintervaldefault;
void *(*listener)(void*);
- char **srcaddrport;
int (*connecter)(struct server *, struct timeval *, int, char *);
void *(*clientconnreader)(void*);
int (*clientradput)(struct server *, unsigned char *);
void (*addclient)(struct client *);
void (*addserverextra)(struct clsrvconf *);
+ void (*setsrcres)(char *source);
void (*initextra)();
};
#define ATTRVAL(x) ((x) + 2)
#define ATTRVALLEN(x) ((x)[1] - 2)
-#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
- sizeof(struct sockaddr_in) : \
- sizeof(struct sockaddr_in6))
-
-struct addrinfo *getsrcprotores(uint8_t type);
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
-struct client *addclient(struct clsrvconf *conf);
+struct client *addclient(struct clsrvconf *conf, uint8_t lock);
+void removelockedclient(struct client *client);
void removeclient(struct client *client);
-void removeclientrqs(struct client *client);
struct queue *newqueue();
-void removequeue(struct queue *q);
void freebios(struct queue *q);
+struct request *newrequest();
+void freerq(struct request *rq);
int radsrv(struct request *rq);
X509 *verifytlscert(SSL *ssl);
int verifyconfcert(X509 *cert, struct clsrvconf *conf);
void replyh(struct server *server, unsigned char *buf);
-int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src);
-int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only);
+SSL_CTX *tlsgetctx(uint8_t type, struct tls *t);
+struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
projects / radsecproxy.git / blobdiff