From: Ondřej Surý Date: Fri, 5 Aug 2016 09:08:36 +0000 (+0200) Subject: Move tls_credentials to struct network X-Git-Tag: v1.1.0~7^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4725c6b5d1f5215853eca863eb9bbd7d9bf232de;p=thirdparty%2Fknot-resolver.git Move tls_credentials to struct network --- diff --git a/daemon/bindings.c b/daemon/bindings.c index 468ab215d..0ab6b3895 100644 --- a/daemon/bindings.c +++ b/daemon/bindings.c @@ -352,13 +352,17 @@ static int net_pipeline(lua_State *L) static int net_tls(lua_State *L) { - struct worker_ctx *worker = wrk_luaget(L); - if (!worker) { + struct engine *engine = engine_luaget(L); + if (!engine) { + return 0; + } + struct network *net = &engine->net; + if (!net) { return 0; } if (lua_gettop(L) == 0) { - lua_pushfstring(L, "(\"%s\", \"%s\")", worker->tls_credentials->tls_cert, worker->tls_credentials->tls_key); + lua_pushfstring(L, "(\"%s\", \"%s\")", net->tls_credentials->tls_cert, net->tls_credentials->tls_key); return 1; } @@ -367,7 +371,7 @@ static int net_tls(lua_State *L) lua_error(L); } - int r = tls_certificate_set(worker, lua_tostring(L, 1), lua_tostring(L, 2)); + int r = tls_certificate_set(net, lua_tostring(L, 1), lua_tostring(L, 2)); if (r != 0) { lua_pushstring(L, strerror(ENOMEM)); lua_error(L); diff --git a/daemon/network.c b/daemon/network.c index 2aca8485b..ae4c50592 100644 --- a/daemon/network.c +++ b/daemon/network.c @@ -19,6 +19,7 @@ #include "daemon/network.h" #include "daemon/worker.h" #include "daemon/io.h" +#include "daemon/tls.h" /* libuv 1.7.0+ is able to support SO_REUSEPORT for loadbalancing */ #if defined(UV_VERSION_HEX) @@ -101,6 +102,8 @@ void network_deinit(struct network *net) map_walk(&net->endpoints, close_key, 0); map_walk(&net->endpoints, free_key, 0); map_clear(&net->endpoints); + tls_credentials_free(net->tls_credentials); + net->tls_credentials = NULL; } } diff --git a/daemon/network.h b/daemon/network.h index 2b02580b6..69bc6b8f5 100644 --- a/daemon/network.h +++ b/daemon/network.h @@ -41,8 +41,9 @@ typedef array_t(struct endpoint*) endpoint_array_t; /* @endcond */ struct network { - uv_loop_t *loop; - map_t endpoints; + uv_loop_t *loop; + map_t endpoints; + struct tls_credentials *tls_credentials; }; void network_init(struct network *net, uv_loop_t *loop); diff --git a/daemon/tls.c b/daemon/tls.c index 023e7a1f9..4bab19429 100644 --- a/daemon/tls.c +++ b/daemon/tls.c @@ -42,7 +42,7 @@ struct tls_ctx_t { ssize_t nread; ssize_t consumed; uint8_t recv_buf[4096]; - struct tls_credentials_t *credentials; + struct tls_credentials *credentials; }; /** @internal Debugging facility. */ @@ -111,7 +111,8 @@ static ssize_t kres_gnutls_pull(gnutls_transport_ptr_t h, void *buf, size_t len) struct tls_ctx_t *tls_new(struct worker_ctx *worker) { assert(worker != NULL); - if (!worker->tls_credentials) { + struct network *net = &worker->engine->net; + if (!net->tls_credentials) { kr_log_error("[tls] x509 credentials are missing; no TLS\n"); return NULL; } @@ -128,7 +129,7 @@ struct tls_ctx_t *tls_new(struct worker_ctx *worker) tls_free(tls); return NULL; } - tls->credentials = tls_credentials_reserve(worker); + tls->credentials = tls_credentials_reserve(net->tls_credentials); err = gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->credentials->credentials); if (err < 0) { kr_log_error("[tls] gnutls_credentials_set(): %s (%d)\n", gnutls_strerror_name(err), err); @@ -269,13 +270,13 @@ static int str_replace(char **where_ptr, const char *with) return kr_ok(); } -int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key) +int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key) { - if (!worker) { + if (!net) { return kr_error(EINVAL); } - struct tls_credentials_t *tls_credentials = calloc(1, sizeof(*tls_credentials)); + struct tls_credentials *tls_credentials = calloc(1, sizeof(*tls_credentials)); if (tls_credentials == NULL) { return kr_error(ENOMEM); } @@ -310,10 +311,10 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c return kr_error(EINVAL); } // Exchange the x509 credentials - struct tls_credentials_t *old_credentials = worker->tls_credentials; + struct tls_credentials *old_credentials = net->tls_credentials; // Start using the new x509_credentials - worker->tls_credentials = tls_credentials; + net->tls_credentials = tls_credentials; if (old_credentials) { err = tls_credentials_release(old_credentials); @@ -325,12 +326,15 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c return kr_ok(); } -struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker) { - worker->tls_credentials->count++; - return worker->tls_credentials; +struct tls_credentials *tls_credentials_reserve(struct tls_credentials *tls_credentials) { + if (!tls_credentials) { + return NULL; + } + tls_credentials->count++; + return tls_credentials; } -int tls_credentials_release(struct tls_credentials_t *tls_credentials) { +int tls_credentials_release(struct tls_credentials *tls_credentials) { if (!tls_credentials) { return kr_error(EINVAL); } @@ -342,7 +346,7 @@ int tls_credentials_release(struct tls_credentials_t *tls_credentials) { return kr_ok(); } -void tls_credentials_free(struct tls_credentials_t *tls_credentials) { +void tls_credentials_free(struct tls_credentials *tls_credentials) { if (!tls_credentials) { return; } diff --git a/daemon/tls.h b/daemon/tls.h index 088470030..8243bc88c 100644 --- a/daemon/tls.h +++ b/daemon/tls.h @@ -21,8 +21,8 @@ #include struct tls_ctx_t; -struct tls_credentials_t; -struct tls_credentials_t { +struct tls_credentials; +struct tls_credentials { int count; char *tls_cert; char *tls_key; @@ -37,7 +37,7 @@ void tls_free(struct tls_ctx_t* tls); int tls_push(struct qr_task *task, uv_handle_t* handle, knot_pkt_t * pkt); int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *buf, ssize_t nread); -int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key); -int tls_credentials_release(struct tls_credentials_t *tls_credentials); -void tls_credentials_free(struct tls_credentials_t *tls_credentials); -struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker); +int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key); +int tls_credentials_release(struct tls_credentials *tls_credentials); +void tls_credentials_free(struct tls_credentials *tls_credentials); +struct tls_credentials *tls_credentials_reserve(struct tls_credentials *worker); diff --git a/daemon/worker.c b/daemon/worker.c index 3405faf16..1ab3d5d76 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -995,7 +995,6 @@ int worker_reserve(struct worker_ctx *worker, size_t ring_maxlen) worker->pkt_pool.alloc = (knot_mm_alloc_t) mp_alloc; worker->outgoing = map_make(); worker->tcp_pipeline_max = MAX_PIPELINED; - worker->tls_credentials = NULL; return kr_ok(); } @@ -1015,8 +1014,6 @@ void worker_reclaim(struct worker_ctx *worker) mp_delete(worker->pkt_pool.ctx); worker->pkt_pool.ctx = NULL; map_clear(&worker->outgoing); - tls_credentials_free(worker->tls_credentials); - worker->tls_credentials = NULL; } #undef DEBUG_MSG diff --git a/daemon/worker.h b/daemon/worker.h index 6cfc7e165..73b39f66a 100644 --- a/daemon/worker.h +++ b/daemon/worker.h @@ -28,7 +28,7 @@ /** @cond internal Freelist of available mempools. */ typedef array_t(void *) mp_freelist_t; -struct tls_credentials_t; +struct tls_credentials; /** * Query resolution worker. @@ -59,7 +59,6 @@ struct worker_ctx { mp_freelist_t pool_ioreq; mp_freelist_t pool_sessions; knot_mm_t pkt_pool; - struct tls_credentials_t *tls_credentials; }; /* Worker callback */