]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
Move tls_credentials to struct network
authorOndřej Surý <ondrej@sury.org>
Fri, 5 Aug 2016 09:08:36 +0000 (11:08 +0200)
committerOndřej Surý <ondrej@sury.org>
Fri, 5 Aug 2016 09:47:14 +0000 (11:47 +0200)
daemon/bindings.c
daemon/network.c
daemon/network.h
daemon/tls.c
daemon/tls.h
daemon/worker.c
daemon/worker.h

index 468ab215dd84d3ca494eaccd07869ad852923935..0ab6b389522916020ea525b3a3ab8a5343e9773a 100644 (file)
@@ -352,13 +352,17 @@ static int net_pipeline(lua_State *L)
 
 static int net_tls(lua_State *L)
 {
-       struct worker_ctx *worker = wrk_luaget(L);
-       if (!worker) {
+       struct engine *engine = engine_luaget(L);
+       if (!engine) {
+               return 0;
+       }
+       struct network *net = &engine->net;
+       if (!net) {
                return 0;
        }
 
        if (lua_gettop(L) == 0) {
-               lua_pushfstring(L, "(\"%s\", \"%s\")", worker->tls_credentials->tls_cert, worker->tls_credentials->tls_key);
+               lua_pushfstring(L, "(\"%s\", \"%s\")", net->tls_credentials->tls_cert, net->tls_credentials->tls_key);
                return 1;
        }
 
@@ -367,7 +371,7 @@ static int net_tls(lua_State *L)
                lua_error(L);
        }
 
-       int r = tls_certificate_set(worker, lua_tostring(L, 1), lua_tostring(L, 2));
+       int r = tls_certificate_set(net, lua_tostring(L, 1), lua_tostring(L, 2));
        if (r != 0) {
                lua_pushstring(L, strerror(ENOMEM));
                lua_error(L);
index 2aca8485b1311db087f5f15910f737204e823cb8..ae4c505927ff9ae35ba966fbfb435838fd82e888 100644 (file)
@@ -19,6 +19,7 @@
 #include "daemon/network.h"
 #include "daemon/worker.h"
 #include "daemon/io.h"
+#include "daemon/tls.h"
 
 /* libuv 1.7.0+ is able to support SO_REUSEPORT for loadbalancing */
 #if defined(UV_VERSION_HEX)
@@ -101,6 +102,8 @@ void network_deinit(struct network *net)
                map_walk(&net->endpoints, close_key, 0);
                map_walk(&net->endpoints, free_key, 0);
                map_clear(&net->endpoints);
+               tls_credentials_free(net->tls_credentials);
+               net->tls_credentials = NULL;
        }
 }
 
index 2b02580b6a49e15742c454f417a41853e4e7b4ca..69bc6b8f5966ce6be030cd44b98e1472d96a1e89 100644 (file)
@@ -41,8 +41,9 @@ typedef array_t(struct endpoint*) endpoint_array_t;
 /* @endcond */
 
 struct network {
-    uv_loop_t *loop;
-    map_t endpoints;
+       uv_loop_t *loop;
+       map_t endpoints;
+       struct tls_credentials *tls_credentials;
 };
 
 void network_init(struct network *net, uv_loop_t *loop);
index 023e7a1f9b6a7f6c91d7215e7dc4cc7e9d0b3e17..4bab19429f32534e0505e9a726978181ffedd141 100644 (file)
@@ -42,7 +42,7 @@ struct tls_ctx_t {
        ssize_t nread;
        ssize_t consumed;
        uint8_t recv_buf[4096];
-       struct tls_credentials_t *credentials;
+       struct tls_credentials *credentials;
 };
 
 /** @internal Debugging facility. */
@@ -111,7 +111,8 @@ static ssize_t kres_gnutls_pull(gnutls_transport_ptr_t h, void *buf, size_t len)
 struct tls_ctx_t *tls_new(struct worker_ctx *worker)
 {
        assert(worker != NULL);
-       if (!worker->tls_credentials) {
+       struct network *net = &worker->engine->net;
+       if (!net->tls_credentials) {
                kr_log_error("[tls] x509 credentials are missing; no TLS\n");
                return NULL;
        }
@@ -128,7 +129,7 @@ struct tls_ctx_t *tls_new(struct worker_ctx *worker)
                tls_free(tls);
                return NULL;
        }
-       tls->credentials = tls_credentials_reserve(worker);
+       tls->credentials = tls_credentials_reserve(net->tls_credentials);
        err = gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->credentials->credentials);
        if (err < 0) {
                kr_log_error("[tls] gnutls_credentials_set(): %s (%d)\n", gnutls_strerror_name(err), err);
@@ -269,13 +270,13 @@ static int str_replace(char **where_ptr, const char *with)
        return kr_ok();
 }
 
-int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key)
+int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key)
 {
-       if (!worker) {
+       if (!net) {
                return kr_error(EINVAL);
        }
 
-       struct tls_credentials_t *tls_credentials = calloc(1, sizeof(*tls_credentials));
+       struct tls_credentials *tls_credentials = calloc(1, sizeof(*tls_credentials));
        if (tls_credentials == NULL) {
                return kr_error(ENOMEM);
        }
@@ -310,10 +311,10 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c
                return kr_error(EINVAL);
        }
        // Exchange the x509 credentials
-       struct tls_credentials_t *old_credentials = worker->tls_credentials;
+       struct tls_credentials *old_credentials = net->tls_credentials;
 
        // Start using the new x509_credentials
-       worker->tls_credentials = tls_credentials;
+       net->tls_credentials = tls_credentials;
 
        if (old_credentials) {
                err = tls_credentials_release(old_credentials);
@@ -325,12 +326,15 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c
        return kr_ok();
 }
 
-struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker) {
-       worker->tls_credentials->count++;
-       return worker->tls_credentials;
+struct tls_credentials *tls_credentials_reserve(struct tls_credentials *tls_credentials) {
+       if (!tls_credentials) {
+               return NULL;
+       }
+       tls_credentials->count++;
+       return tls_credentials;
 }
 
-int tls_credentials_release(struct tls_credentials_t *tls_credentials) {
+int tls_credentials_release(struct tls_credentials *tls_credentials) {
        if (!tls_credentials) {
                return kr_error(EINVAL);
        }
@@ -342,7 +346,7 @@ int tls_credentials_release(struct tls_credentials_t *tls_credentials) {
        return kr_ok();
 }
 
-void tls_credentials_free(struct tls_credentials_t *tls_credentials) {
+void tls_credentials_free(struct tls_credentials *tls_credentials) {
        if (!tls_credentials) {
                return;
        }
index 0884700300a3fe5ac3a840409ad5ee24b7e75a9c..8243bc88cac5681f8816226b6707ed775b618c1d 100644 (file)
@@ -21,8 +21,8 @@
 #include <libknot/packet/pkt.h>
 
 struct tls_ctx_t;
-struct tls_credentials_t;
-struct tls_credentials_t {
+struct tls_credentials;
+struct tls_credentials {
        int count;
        char *tls_cert;
        char *tls_key;
@@ -37,7 +37,7 @@ void tls_free(struct tls_ctx_t* tls);
 int tls_push(struct qr_task *task, uv_handle_t* handle, knot_pkt_t * pkt);
 int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *buf, ssize_t nread);
 
-int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key);
-int tls_credentials_release(struct tls_credentials_t *tls_credentials);
-void tls_credentials_free(struct tls_credentials_t *tls_credentials);
-struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker);
+int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key);
+int tls_credentials_release(struct tls_credentials *tls_credentials);
+void tls_credentials_free(struct tls_credentials *tls_credentials);
+struct tls_credentials *tls_credentials_reserve(struct tls_credentials *worker);
index 3405faf168bdca0467d167b537dd017dedf63714..1ab3d5d76ebdcda62eaa4b3ca0b8bdd9279b7da1 100644 (file)
@@ -995,7 +995,6 @@ int worker_reserve(struct worker_ctx *worker, size_t ring_maxlen)
        worker->pkt_pool.alloc = (knot_mm_alloc_t) mp_alloc;
        worker->outgoing = map_make();
        worker->tcp_pipeline_max = MAX_PIPELINED;
-       worker->tls_credentials = NULL;
        return kr_ok();
 }
 
@@ -1015,8 +1014,6 @@ void worker_reclaim(struct worker_ctx *worker)
        mp_delete(worker->pkt_pool.ctx);
        worker->pkt_pool.ctx = NULL;
        map_clear(&worker->outgoing);
-       tls_credentials_free(worker->tls_credentials);
-       worker->tls_credentials = NULL;
 }
 
 #undef DEBUG_MSG
index 6cfc7e165eb44ee33128bed1fa9493e5f6436c28..73b39f66a8ffbc9730dd0a4cfb4e2a3e90f8e7fe 100644 (file)
@@ -28,7 +28,7 @@
 /** @cond internal Freelist of available mempools. */
 typedef array_t(void *) mp_freelist_t;
 
-struct tls_credentials_t;
+struct tls_credentials;
 
 /**
  * Query resolution worker.
@@ -59,7 +59,6 @@ struct worker_ctx {
        mp_freelist_t pool_ioreq;
        mp_freelist_t pool_sessions;
        knot_mm_t pkt_pool;
-       struct tls_credentials_t *tls_credentials;
 };
 
 /* Worker callback */