| Age | Commit message (Collapse) | Author |
|---|
|
A value is required to be the same as any specified with
@avp_vendor_id but otherwise the two locations are equivalent.
Both possibilities are allowed since @avp_vendor_id is required
for AVPs of types other than Grouped (modulo it not really needing
to exist at all: see commit 943266c9) and since the grammar parsed
in @grouped (from RFC 3588) allows it.
|
|
Check that values that should be Unsigned32 actually are.
|
|
Just use include options to add to the code path and expect that
dependent modules will either already have been loaded or will be
loaded dynamically, thereby avoiding having a module being left as
both current and old code when compiling concurrently. Not a problem
for a human user interactively compiling one module at a time
but the compiler test suite for one will compile concurrently.
In any case, leaving behind old code is probably not what someone
would expect while relying on the code path probably is.
|
|
|
|
|
|
|
|
|
|
@vendor is only required if the id is actually needed. That is, if
there is a locally defined AVP whose V flag is set and which does
not have a vendor id set by @avp_vendor_id.
Also, in the case of an inherited AVP, fix avp_name/2 in a generated
dictionary module defaulting vendor id from @vendor in the inheriting
dictionary but avp_header/1 defaulting it from the inherited dictionary.
In both cases the vendor id now defaults from @vendor in the inherited
dictionary.
Note that @avp_vendor_id from the inherited dictionary is
ignored: any changes from @vendor have to be explicit in the
inheriting dictionary. A better alternative to @avp_vendor_id
is to simply inherit from dictionaries setting the appropriate
@vendor but this was previously somewhat broken so @avp_vendor_id
was needed to set the id of an AVP whose definition was copied
from another source into a dictionary that only inherited from
the common dictionary (which doesn't set V on any AVPs).
|
|
Base AVPs used for relaying and statistics are always taken from the
common dictionary. This is consistent with the way that Route-Record
is handled for one, and statistics should not rely on the dictionary
of any specific application.
|
|
|
|
A dictionary need define neither messages nor grouped AVPs, in
which case no record definitions are generated. However, the
generated module still includes diameter_gen.hrl and this
requires some functions diameter_exprecs would otherwise insert,
even if the code that uses these will not be called.
|
|
|
|
Errors are now detected after the parse with format_error/1
providing understandable error messages, pointing to the
offending line number(s) in the dictionary source.
|
|
The previous parse was very adhoc and simply crashed on any kind
of input error, providing no identification of the objectionable input
that caused the parse to fail. The new parser is generated from a yecc
grammar, making it easier both to understand what it is that's being
parsed and to provide useful diagnostics to the user in case of error.
|
|
|
|
|
|
In diameter_service:
make_packet -> make_request_packet
make_header -> make_request_header
make_reply_packet -> make_answer_packet
|
|
If a peer fsm process exits then the exit reason is received by
the service process in a 'DOWN' message. If the reason is the one
generated by diameter_peer_fsm:close/2, which is called to signal
a non-transport failure before the completion of capabilities exchange
(eg. receiving an unsuccessful CEA), then an event is sent to any
subscribers.
Also, tweak capabilities_cb return values for more informative
event data.
|
|
Value is a function that's applied to the transport reference
and capabilities record after capabilities exchange. If a callback
returns anything but 'ok' then the connection is closed. In the case
of an incoming CER, the callback can return a result code with which
to answer. Multiple callbacks can be specified and are applied until
either all return 'ok' or one doesn't.
Also, include Origin-State-Id in answers where it was previously
omitted.
|
|
We're already monitoring the transport process, no need to do
so again.
|
|
|
|
|
|
|
|
|
|
Tweak some comments and variable names, move things around a bit
(default src target is now opt, not debug), only clean what's built,
use +warn_export_vars.
|
|
Otherwise include_lib will fail.
|
|
|
|
Makes for a quieter rule with no recursion.
|
|
Simpler, no duplication of similar makefiles and makes for
better dependencies. (Aka, recursive make considered harmful.)
|
|
|
|
|
|
As a module-based alternative to the escript diameterc.
|
|
This is to enable dictionaries compiled with --name/--prefix
to be inherited using --inherits.
|
|
|
|
Has to follow the release_targets include for make not to
think that a misspelled dictionary is up to date just because
the exprecs dependency is.
|
|
Generated files are unchanged but the separation will be
especially pleasant when more dictionary files are added
as examples. It is still only the rfc3588 and relay
dictionaries that are known to the diameter implementation.
|
|
|
|
The section simply results in generated macros and has nothing
specifically to do with result codes. It's still not documented,
and neither are the macros generated from @enum, since the generated
names are typically so long as to be impractical/unreadable in source.
Better to use numeric values with a comment or define your own
shorter macros as the need arises.
|
|
|
|
|
|
This is the method added in draft-ietf-dime-rfc3588bis, whereby
a TLS handshake immediately follows connection establishment and
CER/CEA is sent over the secured connection.
|
|
RFC 3588 requires that a Diameter server support TLS but in
practise this seems to mean TLS over SCTP since there are limitations
with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a
response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft
acknowledges this by equating the Inband-Security-Id value TLS
with TLS/TCP and DTLS/SCTP but underlying support for DTLS is
still thin on the ground.
|
|
If TLS has been configured on Inband-Security-Id then the transport
process receives a message from the peer_fsm process indicating
whether or not to upgrade to TLS.
The current draft of RFC 3588 deprecates (but retains for backwards
compatibility) the use of Inband-Security-Id for negotiating TLS,
adding the possibility of TLS having be negotiated before capabilities
exchange. This commit handles the deprecated case.
|
|
When an initial message is received and TLS is a possibility, must
wait for a message from the peer process before either commencing
a handshake or receiving more messages.
|
|
To upgrade a connection to TLS or not, that is the question. It
is possible for us to send a CER offering both NO_INBAND_SECURITY
and TLS and for the peer to answer likewise: RFC 3588 doesn't make
clear that a CEA should be unambiguous about the choice of security.
Thus, if TLS is offered then assume the server is prepared to
for a handshake. Similarly, when receiving a CER, choose TLS if
it's offered and be unambiguous about our choice in CEA. There is
no ssl:maybe_accept that would let us receive a handshake if it
comes or another message if it doesn't.
The choice of TLS should probably be made into a callback so that
an application can decide based on the peer's Origin-Realm for
example. Such a callback could also be used to reject a CER/CEA.
Handle Inband-Security-Id values other than NO_INBAND_SECURITY and
TLS by assuming that they require no intervention by the transport
module, treating them like NO_INBAND_SECURITY. Whether or not this
is reasonable (or useful) is unclear. There may be a need for more
sychronization than we have on offer. (Having to do something before
taking the connection up for example.)
Note that diameter_peer_fsm must be upgraded before diameter_capx
because of the new return value from diameter_capx:recv_CEA/2.
|
|
Conflicts:
lib/diameter/src/app/Makefile
|
|
|
|
|
|
|
|
|
