Add support for BIN over TLS using the wolfssl library

The actual TLS operations required by the proto_bins module are provided
by a wolfssl module which includes the wolfssl library code.

Author: rvlad-patrascu

.github/workflows/main.yml

@@ -44,6 +44,8 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
 
       - name: before_install
         run: sh -x scripts/build/install_depends.sh

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "modules/wolfssl/lib/wolfssl"]
+	path = modules/wolfssl/lib/wolfssl
+	url = [email protected]:wolfSSL/wolfssl.git

Makefile.rules

@@ -22,7 +22,7 @@ all_misclibs=reg
 all_misclibs:=$(addprefix lib/, $(all_misclibs))
 
 #implicit rules
-%.o: %.c $(ALLDEP)
+%.o: %.c $(ALLDEP) $(DEPS)
 ifeq (,$(FASTER))
 	@echo "Compiling $<"
 endif

ip_addr.h

@@ -57,7 +57,7 @@
 
 enum sip_protos { PROTO_NONE = 0, PROTO_FIRST = 1, PROTO_UDP = 1, \
 	PROTO_TCP, PROTO_TLS, PROTO_SCTP, PROTO_WS, PROTO_WSS, PROTO_BIN,
-				PROTO_HEP_UDP, PROTO_HEP_TCP, PROTO_SMPP, PROTO_OTHER };
+	PROTO_BINS, PROTO_HEP_UDP, PROTO_HEP_TCP, PROTO_SMPP, PROTO_OTHER };
 #define PROTO_LAST PROTO_OTHER
 
 struct ip_addr{

modules/clusterer/clusterer.c

@@ -219,7 +219,7 @@ static int msg_send_retry(bin_packet_t *packet, node_info_t *dest,
 		}
 		bin_get_buffer(packet, &send_buffer);
 
-		if (msg_send(chosen_dest->cluster->send_sock, clusterer_proto,
+		if (msg_send(chosen_dest->cluster->send_sock, chosen_dest->proto,
 			&chosen_dest->addr, 0, send_buffer.s, send_buffer.len, 0) < 0) {
 			LM_ERR("msg_send() to node [%d] failed\n", chosen_dest->node_id);
 			retr_send = 1;
@@ -1026,7 +1026,7 @@ void bin_rcv_cl_packets(bin_packet_t *packet, int packet_type,
 		LM_INFO("Received message with unknown source id [%d]\n", source_id);
 		if (!db_mode)
 			handle_internal_msg_unknown(packet, cl, packet_type, &ri->src_su,
-				source_id);
+				ri->proto, source_id);
 	} else {
 		if (!su_ip_cmp(&ri->src_su, &node->addr)) {
 			LM_WARN("Received message from unknown source, addr: %s\n", ip);
@@ -1281,7 +1281,7 @@ int send_single_cap_update(cluster_info_t *cluster, struct local_cap *cap,
 	bin_get_buffer(&packet, &bin_buffer);
 
 	for (i = 0; i < no_dests; i++)
-		if (msg_send(cluster->send_sock, clusterer_proto,
+		if (msg_send(cluster->send_sock, destinations[i]->proto,
 			&destinations[i]->addr, 0, bin_buffer.s, bin_buffer.len, 0) < 0) {
 			LM_ERR("Failed to send capability update to node [%d]\n",
 				destinations[i]->node_id);
@@ -1364,7 +1364,7 @@ int send_cap_update(node_info_t *dest_node, int require_reply)
 	bin_push_int(&packet, current_id);
 	bin_get_buffer(&packet, &bin_buffer);
 
-	if (msg_send(dest_node->cluster->send_sock, clusterer_proto, &dest_node->addr,
+	if (msg_send(dest_node->cluster->send_sock, dest_node->proto, &dest_node->addr,
 		0, bin_buffer.s, bin_buffer.len, 0) < 0) {
 		LM_ERR("Failed to send capability update to node [%d]\n", dest_node->node_id);
 		set_link_w_neigh_adv(-1, LS_RESTART_PINGING, dest_node);

modules/clusterer/clusterer_mod.c

@@ -232,7 +232,8 @@ static module_dependency_t *get_deps_db_mode(param_export_t *param)
 
 static dep_export_t deps = {
 	{ /* OpenSIPS module dependencies */
-		{ MOD_TYPE_DEFAULT, "proto_bin", DEP_ABORT },
+		{ MOD_TYPE_DEFAULT, "proto_bin",  DEP_SILENT },
+		{ MOD_TYPE_DEFAULT, "proto_bins", DEP_SILENT },
 		{ MOD_TYPE_NULL, NULL, 0 },
 	},
 	{ /* modparam dependencies */

modules/clusterer/node_info.c

@@ -188,13 +188,15 @@ int add_node_info(node_info_t **new_info, cluster_info_t **cl_list, int *int_val
 	st.len = hlen;
 
 	if (proto == PROTO_NONE)
-		proto = clusterer_proto;
-	if (proto != clusterer_proto) {
-		LM_ERR("Clusterer currently supports only BIN protocol, but node: %d "
-			"has proto=%d\n", int_vals[INT_VALS_NODE_ID_COL], proto);
+		proto = PROTO_BIN;
+	else if (proto != PROTO_BIN && proto != PROTO_BINS) {
+		LM_ERR("Clusterer currently supports only BIN/BINS protocols, but node: "
+			"%d has proto=%d\n", int_vals[INT_VALS_NODE_ID_COL], proto);
 		return 1;
 	}
 
+	(*new_info)->proto = proto;
+
 	if (int_vals[INT_VALS_NODE_ID_COL] != current_id) {
 		he = sip_resolvehost(&st, (unsigned short *) &port,
 			(unsigned short *)&proto, 0, 0);

modules/clusterer/node_info.h

@@ -70,6 +70,7 @@ struct node_info {
 	str description;
 	str url;
 	union sockaddr_union addr;
+	enum sip_protos proto;
 	str sip_addr;
 	int priority;                   /* priority to be chosen as next hop for same length paths */
 	int no_ping_retries;            /* maximum number of ping retries */

modules/clusterer/topology.c

@@ -57,7 +57,7 @@ static int send_ping(node_info_t *node, int req_node_list)
 	set_proc_log_level(L_INFO);
 	#endif
 
-	rc = msg_send(node->cluster->send_sock, clusterer_proto, &node->addr, 0,
+	rc = msg_send(node->cluster->send_sock, node->proto, &node->addr, 0,
 		send_buffer.s, send_buffer.len, 0);
 
 	#ifndef CLUSTERER_EXTRA_BIN_DBG
@@ -487,8 +487,8 @@ int flood_message(bin_packet_t *packet, cluster_info_t *cluster,
 	lock_release(cluster->current_node->lock);
 
 	for (i = 0; i < no_dests; i++) {
-		if (msg_send(cluster->send_sock, clusterer_proto, &destinations[i]->addr,
-			0, bin_buffer.s, bin_buffer.len, 0) < 0) {
+		if (msg_send(cluster->send_sock, destinations[i]->proto,
+			&destinations[i]->addr, 0, bin_buffer.s, bin_buffer.len, 0) < 0) {
 			LM_ERR("Failed to flood message to node [%d]\n",
 				destinations[i]->node_id);
 
@@ -601,7 +601,7 @@ static int send_full_top_update(node_info_t *dest_node, int nr_nodes, int *node_
 	bin_push_int(&packet, current_id);
 	bin_get_buffer(&packet, &bin_buffer);
 
-	if (msg_send(dest_node->cluster->send_sock, clusterer_proto, &dest_node->addr,
+	if (msg_send(dest_node->cluster->send_sock, dest_node->proto, &dest_node->addr,
 		0, bin_buffer.s, bin_buffer.len, 0) < 0) {
 		LM_ERR("Failed to send topology update to node [%d]\n", dest_node->node_id);
 		set_link_w_neigh_adv(-1, LS_RESTART_PINGING, dest_node);
@@ -662,7 +662,7 @@ static int send_ls_update(node_info_t *node, clusterer_link_state new_ls)
 
 	bin_get_buffer(&packet, &send_buffer);
 	for (i = 0; i < no_dests; i++) {
-		if (msg_send(destinations[i]->cluster->send_sock, clusterer_proto,
+		if (msg_send(destinations[i]->cluster->send_sock, destinations[i]->proto,
 			&destinations[i]->addr, 0, send_buffer.s, send_buffer.len, 0) < 0) {
 			LM_ERR("Failed to send link state update to node [%d]\n",
 				destinations[i]->node_id);
@@ -1144,7 +1144,7 @@ void handle_full_top_update(bin_packet_t *packet, node_info_t *source,
 }
 
 void handle_internal_msg_unknown(bin_packet_t *received, cluster_info_t *cl,
-					int packet_type, union sockaddr_union *src_su, int src_node_id)
+	int packet_type, union sockaddr_union *src_su, int proto, int src_node_id)
 {
 	str bin_buffer;
 	int req_list;
@@ -1166,7 +1166,7 @@ void handle_internal_msg_unknown(bin_packet_t *received, cluster_info_t *cl,
 		bin_push_int(&packet, current_id);
 		bin_get_buffer(&packet, &bin_buffer);
 
-		if (msg_send(cl->send_sock, clusterer_proto, src_su, 0, bin_buffer.s,
+		if (msg_send(cl->send_sock, proto, src_su, 0, bin_buffer.s,
 			bin_buffer.len, 0) < 0)
 			LM_ERR("Failed to reply to ping from unknown node, id [%d]\n", src_node_id);
 		else
@@ -1269,7 +1269,7 @@ void handle_unknown_id(node_info_t *src_node)
 	bin_push_int(&packet, current_id);
 
 	bin_get_buffer(&packet, &bin_buffer);
-	if (msg_send(src_node->cluster->send_sock, clusterer_proto, &src_node->addr,
+	if (msg_send(src_node->cluster->send_sock, src_node->proto, &src_node->addr,
 		0, bin_buffer.s, bin_buffer.len, 0) < 0)
 		LM_ERR("Failed to send node description to node [%d]\n", src_node->node_id);
 	else
@@ -1316,7 +1316,7 @@ void handle_ping(bin_packet_t *received, node_info_t *src_node,
 	set_proc_log_level(L_INFO);
 	#endif
 
-	send_rc = msg_send(src_node->cluster->send_sock, clusterer_proto,
+	send_rc = msg_send(src_node->cluster->send_sock, src_node->proto,
 		&src_node->addr, 0, bin_buffer.s, bin_buffer.len, 0);
 
 	#ifndef CLUSTERER_EXTRA_BIN_DBG

modules/clusterer/topology.h

@@ -29,7 +29,7 @@ int flood_message(bin_packet_t *packet, cluster_info_t *cluster,
 void handle_full_top_update(bin_packet_t *packet, node_info_t *source,
 									int *ev_actions_required);
 void handle_internal_msg_unknown(bin_packet_t *received, cluster_info_t *cl,
-	int packet_type, union sockaddr_union *src_su, int src_node_id);
+	int packet_type, union sockaddr_union *src_su, int proto, int src_node_id);
 void handle_ls_update(bin_packet_t *received, node_info_t *src_node,
 								int *ev_actions_required);
 void handle_unknown_id(node_info_t *src_node);

modules/proto_bin/bin_common.h

@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2021 - OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
+ *
+ *
+ */
+
+static inline void bin_parse_headers(struct tcp_req *req){
+	unsigned int  *px;
+	if(req->content_len == 0 && req->pos - req->buf < HEADER_SIZE){
+		req->parsed = req->pos;
+		return;
+	}
+
+	if (!is_valid_bin_packet(req->buf)) {
+		LM_ERR("Invalid packet marker, got %.4s\n", req->buf);
+		req->error = TCP_REQ_BAD_LEN;
+		return;
+	}
+
+	px = (unsigned int*)(req->buf + MARKER_SIZE);
+	req->content_len = (*px);
+	if(req->pos - req->buf == req->content_len){
+		LM_DBG("received a COMPLETE message\n");
+		req->complete = 1;
+		req->parsed = req->buf + req->content_len;
+	} else if(req->pos - req->buf > req->content_len){
+		LM_DBG("received MORE then a message\n");
+		req->complete = 1;
+		req->parsed = req->buf + req->content_len;
+	} else {
+		LM_DBG("received only PART of a message\n");
+		req->parsed = req->pos;
+	}
+}
+
+static inline int bin_handle_req(struct tcp_req *req,
+							struct tcp_connection *con, int _max_msg_chunks)
+{
+	long size;
+
+	if (req->complete){
+		/* update the timeout - we successfully read the request */
+		tcp_conn_set_lifetime( con, tcp_con_lifetime);
+		con->timeout = con->lifetime;
+
+		LM_DBG("completely received a message\n");
+		/* rcv.bind_address should always be !=0 */
+		/* just for debugging use sendipv4 as receiving socket  FIXME*/
+		con->rcv.proto_reserved1=con->id; /* copy the id */
+
+		/* prepare for next request */
+		size=req->pos - req->parsed;
+
+		if (!size) {
+			/* did not read any more things -  we can release
+			 * the connection */
+			LM_DBG("Nothing more to read on TCP conn %p, currently in state %d \n",
+				con,con->state);
+			if (req != &_bin_common_current_req) {
+				/* we have the buffer in the connection tied buff -
+				 *	detach it , release the conn and free it afterwards */
+				con->con_req = NULL;
+			}
+		} else {
+			LM_DBG("We still have things on the pipe - "
+				"keeping connection \n");
+		}
+
+		/* give the message to the registered functions */
+		call_callbacks(req->buf, &con->rcv);
+
+
+		if (!size && req != &_bin_common_current_req) {
+			/* if we no longer need this tcp_req
+			 * we can free it now */
+			pkg_free(req);
+		}
+
+		con->msg_attempts = 0;
+
+		if (size) {
+			memmove(req->buf, req->parsed, size);
+
+			init_tcp_req(req, size);
+
+			/* if we still have some unparsed bytes, try to  parse them too*/
+			return 1;
+		}
+
+	} else {
+		/* request not complete - check the if the thresholds are exceeded */
+		if (con->msg_attempts==0)
+			/* if first iteration, set a short timeout for reading
+			 * a whole SIP message */
+			con->timeout = get_ticks() + tcp_max_msg_time;
+
+		con->msg_attempts ++;
+		if (con->msg_attempts == _max_msg_chunks) {
+			LM_ERR("Made %u read attempts but message is not complete yet - "
+				   "closing connection \n",con->msg_attempts);
+			goto error;
+		}
+
+		if (req == &_bin_common_current_req) {
+			/* let's duplicate this - most likely another conn will come in */
+
+			LM_DBG("We didn't manage to read a full request\n");
+			con->con_req = pkg_malloc(sizeof(struct tcp_req));
+			if (con->con_req == NULL) {
+				LM_ERR("No more mem for dynamic con request buffer\n");
+				goto error;
+			}
+
+			if (req->pos != req->buf) {
+				/* we have read some bytes */
+				memcpy(con->con_req->buf,req->buf,req->pos-req->buf);
+				con->con_req->pos = con->con_req->buf + (req->pos-req->buf);
+			} else {
+				con->con_req->pos = con->con_req->buf;
+			}
+
+			if (req->parsed != req->buf)
+				con->con_req->parsed =con->con_req->buf+(req->parsed-req->buf);
+			else
+				con->con_req->parsed = con->con_req->buf;
+
+			con->con_req->complete=req->complete;
+			con->con_req->content_len=req->content_len;
+			con->con_req->error = req->error;
+		}
+	}
+
+	/* everything ok */
+	return 0;
+error:
+	/* report error */
+	return -1;
+}