commit ff3314e45c89b436ccc7ea48361b36df39be5458
author Holger Hans Peter Freyther <holger@moiji-mobile.com> Tue Sep 06 14:26:17 2016 +0200
committer Holger Hans Peter Freyther <holger@moiji-mobile.com> Thu Sep 08 16:17:01 2016 +0200
tree b6fa4f23c200e2d0aff4a201910a94c5ff125f03
parent 9ea4da4bbbf90396b9b0694c0bf91712afce44f4

server: Allow to enable tls for the pcap server

Add simple vty command to enable tls per client or not. We still
need a lot more tls commands for the server.

Change-Id: I583b7d5c999ed01c135882895fb2a8f04739ad00

src/osmo_server_vty.c

diff --git a/src/osmo_server_vty.c b/src/osmo_server_vty.c
index d13ea6f..14cdb89 100644
--- a/src/osmo_server_vty.c
+++ b/src/osmo_server_vty.c
@@ -60,9 +60,10 @@
 			pcap_server->zmq_ip, pcap_server->zmq_port, VTY_NEWLINE);
 
 	llist_for_each_entry(conn, &pcap_server->conn, entry) {
-		vty_out(vty, " client %s %s%s%s",
+		vty_out(vty, " client %s %s%s%s%s",
 			conn->name, conn->remote_host,
-			conn->no_store ? " no-store" : "",
+			conn->no_store ? " no-store" : " store",
+			conn->tls_use ? " tls" : "",
 			VTY_NEWLINE);
 	}
 
@@ -116,32 +117,62 @@
 	return CMD_SUCCESS;
 }
 
-DEFUN(cfg_server_client,
-      cfg_server_client_cmd,
-      "client NAME A.B.C.D [no-store]",
-      CLIENT_STR "Remote name used in filenames\n" "IP of the remote\n" "Do not store traffic\n")
+static int manage_client(struct osmo_pcap_server *pcap_server,
+			struct vty *vty,
+			const char *name, const char *remote_host,
+			bool no_store, bool use_tls)
 {
 	struct osmo_pcap_conn *conn;
-	conn = osmo_pcap_server_find(pcap_server, argv[0]);
+	conn = osmo_pcap_server_find(pcap_server, name);
 	if (!conn) {
 		vty_out(vty, "Failed to create a pcap server.\n");
 		return CMD_WARNING;
 	}
 
 	talloc_free(conn->remote_host);
-	conn->remote_host = talloc_strdup(pcap_server, argv[1]);
-	inet_aton(argv[1], &conn->remote_addr);
+	conn->remote_host = talloc_strdup(pcap_server, remote_host);
+	inet_aton(remote_host, &conn->remote_addr);
 
 	/* Checking no-store and maybe closing a pcap file */
-	if (argc >= 3) {
+	if (no_store) {
 		osmo_pcap_server_close_trace(conn);
 		conn->no_store = 1;
 	} else
 		conn->no_store = 0;
 
+	if (use_tls) {
+		/* force moving to TLS */
+		if (!conn->tls_use)
+			osmo_pcap_server_close_conn(conn);
+		conn->tls_use = true;
+	} else {
+		conn->tls_use = false;
+	}
+
 	return CMD_SUCCESS;
 }
 
+
+DEFUN(cfg_server_client,
+      cfg_server_client_cmd,
+      "client NAME A.B.C.D [no-store] [tls]",
+      CLIENT_STR "Remote name used in filenames\n"
+      "IP of the remote\n" "Do not store traffic\n"
+      "Use Transport Level Security\n")
+{
+	return manage_client(pcap_server, vty, argv[0], argv[1], argc >= 3, argc >= 4);
+}
+
+DEFUN(cfg_server_client_store_tls,
+      cfg_server_client_store_tls_cmd,
+      "client NAME A.B.C.D store [tls]",
+      CLIENT_STR "Remote name used in filenames\n"
+      "IP of the remote\n" "Do not store traffic\n"
+      "Use Transport Level Security\n")
+{
+	return manage_client(pcap_server, vty, argv[0], argv[1], false, argc >= 3);
+}
+
 DEFUN(cfg_server_no_client,
       cfg_server_no_client_cmd,
       "no client NAME",
@@ -255,5 +286,6 @@
 	install_element(SERVER_NODE, &cfg_no_server_zmq_ip_port_cmd);
 
 	install_element(SERVER_NODE, &cfg_server_client_cmd);
+	install_element(SERVER_NODE, &cfg_server_client_store_tls_cmd);
 	install_element(SERVER_NODE, &cfg_server_no_client_cmd);
 }