Take out various fields into a new connection class. We will have the
option to connect to multiple servers.
Change-Id: I820176d133fbdb0240a16eb4e1a6d505e5c080c6
Add TLS support to the client and server. What is known working is
support of anonymous mode with generated DH params. Mildly tested
by hand over localhost.
Make the priority configurable, load DH params, allow to specify
certificates or anonymous operations.
Change-Id: I8ec3c0f8e1ee2089e1b7dacd9de842260930032f
Add simple vty command to enable tls per client or not. We still
need a lot more tls commands for the server.
Change-Id: I583b7d5c999ed01c135882895fb2a8f04739ad00
Using tls priority of NORMAL:+ANON-ECDH:+ANON-DH already allows a
client to connect to a server and protect the data using tls.
Generate the dh params on load (and do that for the client right
now as well) but that will go away soon.
Change-Id: Ifa2ad24c0a631573c259a3bf94b91a946ad9ec9d
In preparation of TLS let's not call close_connection from
within the dispatch but return an error and then close the
connection from the outside.
Change-Id: I607fed0191907cfbc8887d749c88f7f4ffb87166
We are only reading from the socket and never write but the osmo_tls
code is integrated with it. We will never write and the queue size is
set to 0. Simplify the read_cb.
Change-Id: I32335b1f7b7ed06b92c6222516c185301ce13781
Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:
* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)
This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.
Reload x509 creds and keys as they might have changed from one
connection to another.
Change-Id: I9128e14084da1fc2705f858393f98b8133996172
Add the basics for getting a picture what a client and the server
is doing. We need to create unique descriptions as the code is
working with names and not numbers for clients.
Change-Id: I4a9be5bdd815d280cccf0199efc2ca79fc77d393
Add more counters and start counting them when reading from the
PCAP library and when trying to write to the socket.
Change-Id: I52d3064a265b402ac849d8578a14f718156c0805
Count certain events that can help to understand what is going on.
This includes OOM, failure to queues.
Change-Id: I4a2dad32afb577822c7181d2813ea5a7e693c704
In file included from osmo_client_main.c:27:0:
/home/ich/install/openbsc/include/osmocom/core/process.h:1:2: warning: #warning "Update from osmocom/core/process.h to osmocom/core/application.h" [-Wcpp]
#warning "Update from osmocom/core/process.h to osmocom/core/application.h"
Change-Id: Id60cf90ebb7255d79f8e3bdb81f099f1362d538b
To allow easily extracting or streaming the data to an external
analysis system, zeromq can be configured (and reconfigured). The
system works as fire and forget and no loss detection is present.
A simple go based client application is provided to subscribe to
the publisher.
Change-Id: I4f3e6d675023a81b7d2ee19bf1f44a2be0ca003c
We might only want to centralize the data streams but handle the
data differently. This will be combined with an upcoming ZeroMQ
publisher feature to broadcast all events out.
Change-Id: I12c6bf16310820d882fa28c6930931650475e0bb
Fixes:
/usr/include/netinet/ip.h:69:17: error: field has incomplete type 'struct in_addr'
struct in_addr ip_src,ip_dst; /* source and dest address */
Change-Id: I446f67b85122363de66c86ddb25c8392ffa61a4f
pcap-config is not present as libpcap is part of the base system.
Use it as /bin/true and inject -lpcap as PCAP_LIBS.
Change-Id: I0c2b5222da0ee037d3a3156ac1fef89dfd849cad
We need to convert the 64bit timeval on a 64bit userspace (or on
OpenBSD) into a 32bit truncated value for being able to write the
file. This means we have 2038 issue here?
The 2000 as a number is too small. Modern networks can have a
higher MTU (up to 9000). Take this number and assume there is
a big header in front of it.