Merge pull request #535 from openziti/multi-bind

Multiple terminators for bound ziti connections
openziti · Jun 27, 2023 · 2334113 · 2334113
2 parents c3cb78c + 457b885
commit 2334113
Show file tree

Hide file tree

Showing 13 changed files with 776 additions and 351 deletions.
diff --git a/inc_internal/connect.h b/inc_internal/connect.h
@@ -0,0 +1,49 @@
+// Copyright (c) 2023.  NetFoundry Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+#ifndef ZITI_SDK_CONNECT_H
+#define ZITI_SDK_CONNECT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define conn_states(XX) \
+    XX(Initial)\
+    XX(Connecting)\
+    XX(Connected)\
+    XX(Accepting)\
+    XX(CloseWrite)\
+    XX(Timedout)\
+    XX(Disconnected)\
+    XX(Closed)
+
+enum conn_state {
+#define state_enum(ST) ST,
+    conn_states(state_enum)
+};
+
+void init_transport_conn(struct ziti_conn *conn);
+
+int ziti_close_server(struct ziti_conn *conn);
+
+message *create_message(struct ziti_conn *conn, uint32_t content, size_t body_len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //ZITI_SDK_CONNECT_H
diff --git a/inc_internal/ziti_ctrl.h b/inc_internal/ziti_ctrl.h
@@ -80,15 +80,20 @@ void ziti_ctrl_logout(ziti_controller *ctrl, void(*cb)(void *, const ziti_error
 void ziti_ctrl_get_services_update(ziti_controller *ctrl, void (*cb)(ziti_service_update *, const ziti_error *, void *),
                                    void *ctx);
 
-void ziti_ctrl_get_services(ziti_controller *ctrl, void (*srv_cb)(ziti_service_array, const ziti_error *, void *), void *ctx);
+void ziti_ctrl_get_services(ziti_controller *ctrl, void (*srv_cb)(ziti_service_array, const ziti_error *, void *),
+                            void *ctx);
 
 void ziti_ctrl_get_service(ziti_controller *ctrl, const char *service_name,
                            void (*srv_cb)(ziti_service *, const ziti_error *, void *), void *ctx);
 
-void ziti_ctrl_get_session(
+void ziti_ctrl_create_session(
         ziti_controller *ctrl, const char *service_id, ziti_session_type type,
         void (*cb)(ziti_net_session *, const ziti_error *, void *), void *ctx);
 
+void ziti_ctrl_get_session(
+        ziti_controller *ctrl, const char *session_id,
+        void (*cb)(ziti_net_session *, const ziti_error *, void *), void *ctx);
+
 void ziti_ctrl_get_sessions(
         ziti_controller *ctrl, void (*cb)(ziti_net_session **, const ziti_error *, void *), void *ctx);
 

diff --git a/inc_internal/zt_internal.h b/inc_internal/zt_internal.h
@@ -132,46 +132,89 @@ struct ziti_write_req_s {
     TAILQ_ENTRY(ziti_write_req_s) _next;
 };
 
+struct key_pair {
+    uint8_t sk[crypto_kx_SECRETKEYBYTES];
+    uint8_t pk[crypto_kx_PUBLICKEYBYTES];
+};
+
+struct key_exchange {
+    uint8_t *rx;
+    uint8_t *tx;
+};
+
+int init_key_pair(struct key_pair *kp);
+
+int init_crypto(struct key_exchange *key_ex, struct key_pair *kp, uint8_t *peer_key, bool server);
+
+void free_key_exchange(struct key_exchange *key_ex);
+
+enum ziti_conn_type {
+    None,
+    Transport,
+    Server,
+};
+
 struct ziti_conn {
+    struct ziti_ctx *ziti_ctx;
+    enum ziti_conn_type type;
     char *service;
     char *source_identity;
-    struct ziti_conn_req *conn_req;
-
-    uint32_t edge_msg_seq;
     uint32_t conn_id;
+    void *data;
+
+    int (*disposer)(struct ziti_conn *self);
 
-    struct ziti_ctx *ziti_ctx;
-    ziti_channel_t *channel;
-    ziti_data_cb data_cb;
-    ziti_client_cb client_cb;
     ziti_close_cb close_cb;
-    conn_state state;
-    bool fin_sent;
-    int fin_recv; // 0 - not received, 1 - received, 2 - called app data cb
     bool close;
-    bool disconnecting;
-    int timeout;
+    bool encrypted;
 
-    TAILQ_HEAD(, message_s) in_q;
-    buffer *inbound;
-    uv_idle_t *flusher;
-    TAILQ_HEAD(, ziti_write_req_s) wreqs;
-    int write_reqs;
+    union {
+        struct {
+            char *identity;
+            uint16_t cost;
+            uint8_t precedence;
+            int max_bindings;
 
-    void *data;
+            ziti_listen_cb listen_cb;
+            ziti_client_cb client_cb;
 
-    model_map children;
-    struct ziti_conn *parent;
-    uint32_t dial_req_seq;
+            ziti_net_session *session;
+            model_map bindings;
+            model_map children;
+            uv_timer_t *timer;
+            unsigned int attempt;
+        } server;
 
-    uint8_t sk[crypto_kx_SECRETKEYBYTES];
-    uint8_t pk[crypto_kx_PUBLICKEYBYTES];
-    uint8_t *rx;
-    uint8_t *tx;
+        struct {
+            struct key_pair key_pair;
+            struct ziti_conn_req *conn_req;
+
+            uint32_t edge_msg_seq;
+
+            ziti_channel_t *channel;
+            ziti_data_cb data_cb;
+            conn_state state;
+            bool fin_sent;
+            int fin_recv; // 0 - not received, 1 - received, 2 - called app data cb
+            bool disconnecting;
+            int timeout;
+
+            TAILQ_HEAD(, message_s) in_q;
+            buffer *inbound;
+            uv_idle_t *flusher;
+            TAILQ_HEAD(, ziti_write_req_s) wreqs;
+            int write_reqs;
+
+            struct ziti_conn *parent;
+            uint32_t dial_req_seq;
+
+            struct key_exchange key_ex;
+
+            crypto_secretstream_xchacha20poly1305_state crypt_o;
+            crypto_secretstream_xchacha20poly1305_state crypt_i;
+        };
+    };
 
-    crypto_secretstream_xchacha20poly1305_state crypt_o;
-    crypto_secretstream_xchacha20poly1305_state crypt_i;
-    bool encrypted;
 
 };
 
@@ -305,14 +348,13 @@ int load_jwt_content(struct enroll_cfg_s *ecfg, ziti_enrollment_jwt_header **zej
 
 int load_tls(ziti_config *cfg, tls_context **tls);
 
-int ziti_bind(ziti_connection conn, const char *service, ziti_listen_opts *listen_opts, ziti_listen_cb listen_cb,
-              ziti_client_cb on_clt_cb);
+int ziti_bind(ziti_connection conn, const char *service, const ziti_listen_opts *listen_opts,
+              ziti_listen_cb listen_cb, ziti_client_cb on_clt_cb);
 
 void conn_inbound_data_msg(ziti_connection conn, message *msg);
 
 void on_write_completed(struct ziti_conn *conn, struct ziti_write_req_s *req, int status);
 
-int close_conn_internal(struct ziti_conn *conn);
 
 const char *ziti_conn_state(ziti_connection conn);
 
@@ -330,13 +372,15 @@ void ziti_set_api_session(ziti_context ztx, ziti_api_session *session);
 
 void ziti_set_unauthenticated(ziti_context ztx);
 
-void ziti_force_service_update(ziti_context ztx, const char* service_id);
+void ziti_force_service_update(ziti_context ztx, const char *service_id);
 
 void ziti_services_refresh(ziti_context ztx, bool now);
 
 extern void ziti_send_event(ziti_context ztx, const ziti_event_t *e);
 
-extern uv_timer_t* new_ztx_timer(ziti_context ztx);
+void reject_dial_request(uint32_t conn_id, ziti_channel_t *ch, int32_t req_id, const char *reason);
+
+extern uv_timer_t *new_ztx_timer(ziti_context ztx);
 
 #ifdef __cplusplus
 }

diff --git a/includes/ziti/ziti.h b/includes/ziti/ziti.h
@@ -287,7 +287,7 @@ typedef struct ziti_listen_opts_s {
     uint16_t terminator_cost;
     uint8_t terminator_precedence;
     int connect_timeout_seconds;
-    //int max_connections;  // todo implement
+    int max_connections;
     char *identity;
     bool bind_using_edge_identity;
 } ziti_listen_opts;

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
@@ -51,6 +51,8 @@ SET(ZITI_SRC_FILES
         pool.c
         model_collections.c
         authenticators.c
+        crypto.c
+        bind.c
         )
 
 SET(ZITI_INCLUDE_DIRS