aboutsummaryrefslogtreecommitdiffstats
path: root/lib/diameter/src
AgeCommit message (Collapse)Author
2011-10-06Add tls support at connection establishmentAnders Svensson
This is the method added in draft-ietf-dime-rfc3588bis, whereby a TLS handshake immediately follows connection establishment and CER/CEA is sent over the secured connection.
2011-10-06Close transport if tls is requested over sctpAnders Svensson
RFC 3588 requires that a Diameter server support TLS but in practise this seems to mean TLS over SCTP since there are limitations with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft acknowledges this by equating the Inband-Security-Id value TLS with TLS/TCP and DTLS/SCTP but underlying support for DTLS is still thin on the ground.
2011-10-06Handle tls notification for tcpAnders Svensson
If TLS has been configured on Inband-Security-Id then the transport process receives a message from the peer_fsm process indicating whether or not to upgrade to TLS. The current draft of RFC 3588 deprecates (but retains for backwards compatibility) the use of Inband-Security-Id for negotiating TLS, adding the possibility of TLS having be negotiated before capabilities exchange. This commit handles the deprecated case.
2011-10-06Lift recursion in tcp message reception up the call chainAnders Svensson
When an initial message is received and TLS is a possibility, must wait for a message from the peer process before either commencing a handshake or receiving more messages.
2011-10-06Add tls support to capabilities exchangeAnders Svensson
To upgrade a connection to TLS or not, that is the question. It is possible for us to send a CER offering both NO_INBAND_SECURITY and TLS and for the peer to answer likewise: RFC 3588 doesn't make clear that a CEA should be unambiguous about the choice of security. Thus, if TLS is offered then assume the server is prepared to for a handshake. Similarly, when receiving a CER, choose TLS if it's offered and be unambiguous about our choice in CEA. There is no ssl:maybe_accept that would let us receive a handshake if it comes or another message if it doesn't. The choice of TLS should probably be made into a callback so that an application can decide based on the peer's Origin-Realm for example. Such a callback could also be used to reject a CER/CEA. Handle Inband-Security-Id values other than NO_INBAND_SECURITY and TLS by assuming that they require no intervention by the transport module, treating them like NO_INBAND_SECURITY. Whether or not this is reasonable (or useful) is unclear. There may be a need for more sychronization than we have on offer. (Having to do something before taking the connection up for example.) Note that diameter_peer_fsm must be upgraded before diameter_capx because of the new return value from diameter_capx:recv_CEA/2.
2011-09-27Merge branch 'dev' into majorAnders Svensson
Conflicts: lib/diameter/src/app/Makefile
2011-09-27Example/dbg/comment fixesAnders Svensson
2011-09-27Don't include compiler/help modules in appAnders Svensson
2011-09-27Set version to 0.10 and update appupAnders Svensson
2011-09-27Merge branch 'dev' into majorAnders Svensson
2011-09-27Merge branch 'anders/diameter/send_anything/OTP-9581' into devAnders Svensson
* anders/diameter/send_anything/OTP-9581: Fix sending of messages of arbitrary form
2011-09-27Merge branch 'anders/diameter/relay_behaviour/OTP-9583' into devAnders Svensson
* anders/diameter/relay_behaviour/OTP-9583: Fix and clarify relay behaviour
2011-09-27Merge branch 'anders/diameter/peer_filters/OTP-9580' into devAnders Svensson
* anders/diameter/peer_filters/OTP-9580: Fix and clarify semantics of peer filters
2011-09-27Merge branch 'anders/diameter/logging/OTP-9579' into devAnders Svensson
* anders/diameter/logging/OTP-9579: Makefile dependency fix Remove duplicate info from error report at encode failure Use single format for error_logger reports Fix improper use of error_logger:info_report/2
2011-09-27Merge branch 'anders/diameter/header_folding_error/OTP-9577' into devAnders Svensson
* anders/diameter/header_folding_error/OTP-9577: Fix header folding bug
2011-09-26Fix bugs in sending of answer-message repliesAnders Svensson
3001 (DIAMETER_COMMAND_UNSUPPORTED) was not sent since the decode placed the AVP list in the errors field rather than the avps field of the diameter_packet, causing the subsequent encode to fail. Session-Id was also set improperly, causing encode to fail even in this case.
2011-09-26Fix and clarify relay behaviourAnders Svensson
Leave it up to a handle_request callback to decide whether or not to filter the peer from which the incoming request was sent. Reply with 3002 (DIAMETER_UNABLE_TO_DELIVER) on anything but an answer from the peer.
2011-09-26Makefile dependency fixAnders Svensson
Dependency of generated dictionary modules on diameter.hrl and diameter_gen.hrl was missed.
2011-09-26Use single format for error_logger reportsAnders Svensson
2011-09-26Fix sending of messages of arbitrary formAnders Svensson
diameter:call/4 can be passed anything, as long as the subsequent prepare_request callback returns a term that can be encoded.
2011-09-26Fix and clarify semantics of peer filtersAnders Svensson
An eval filter returning a non-true value caused the call process to fail and the doc was vague on how an exception was treated. Clarify that the non-tuple host/realm filters assume messages of a certain form. Various minor corrections to align code and doc.
2011-09-26Fix improper use of error_logger:info_report/2Anders Svensson
Function doesn't take a format string and arguments as we called it. Instead use error_logger:info_report/1 and use the same report format as used for warning and error reports.
2011-09-26Fix header folding bugAnders Svensson
A prepare_request callback from diameter can return a diameter_header record with in order to set values in the header of an outgoing request. The fault in diameter_lib:fold_tuple/3 caused encode of the outgoing request to fail.
2011-09-19Merge branch 'dev' into majorAnders Svensson
2011-09-14Handle #sctp_paddr_change and #sctp_pdapi_event from gen_sctp.Anders Svensson
The events are enabled by default but diameter_sctp neither disabled nor dealt with them. Reception of such an event caused a transport process to crash.
2011-08-25Merge branch 'dev' into majorHenrik Nord
2011-08-24Merge branch 'anders/diameter/augment_inherited_enums/OTP-9469' into devAnders Svensson
* anders/diameter/augment_inherited_enums/OTP-9469: Allow @enum when AVP is defined in an inherited dictionary.
2011-08-17Allow @enum when AVP is defined in an inherited dictionary.Anders Svensson
3GPP standards (for one) extend the values allowed for RFC 3588 AVP's of type Enumerated. Previously, extending an AVP was only possible by completely redefining the AVP.
2011-08-17@id required in dictionary files only when @messages is specified.Anders Svensson
@id defines an application identifier and this is used only when sending or receiving messages. A dictionary can define only AVP's however, to be included by other dictionaries using @inherits, in which case it makes no sense to require @id. Note that message definitions are not inherited with @inherits, only AVP's
2011-08-08diameter: Support parallel makeBjörn Gustavsson
2011-05-20Update copyright yearsBjörn-Egil Dahlberg
2011-05-20Remove undocumented interface functions plus comment fix.Anders Svensson
2011-05-20Minor diameter_service fix when sending a diameter_header/avp listAnders Svensson
plus an example fix.
2011-05-20Minor make depend fixes.Anders Svensson
2011-05-18Initial commit of the diameter application.Anders Svensson
The application provides an implementation of the Diameter protocol as defined in RFC 3588.