[tls] Use intf_insert() to add TLS to an interface

Restructure the use of add_tls() to insert a TLS filter onto an
existing interface.  This allows for the possibility of using
add_tls() to start TLS on an existing connection (as used in several
protocols which will negotiate the choice to use TLS before the
ClientHello is sent).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

5 files changed, 32 insertions, 31 deletions

diff --git a/src/include/ipxe/http.h b/src/include/ipxe/http.h
index 0893c95..117f174 100644
--- a/src/include/ipxe/http.h
+++ b/src/include/ipxe/http.h
@@ -45,11 +45,9 @@ struct http_scheme {
 	 *
 	 * @v xfer		Data transfer interface
 	 * @v name		Host name
-	 * @v next		Next interface
 	 * @ret rc		Return status code
 	 */
-	int ( * filter ) ( struct interface *xfer, const char *name,
-			   struct interface **next );
+	int ( * filter ) ( struct interface *xfer, const char *name );
 };
 
 /** HTTP scheme table */
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index febbdc5..2eaaadf 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -378,7 +378,6 @@ struct tls_connection {
 /** RX I/O buffer alignment */
 #define TLS_RX_ALIGN 16
 
-extern int add_tls ( struct interface *xfer, const char *name,
-		     struct interface **next );
+extern int add_tls ( struct interface *xfer, const char *name );
 
 #endif /* _IPXE_TLS_H */
diff --git a/src/net/tcp/httpconn.c b/src/net/tcp/httpconn.c
index 5121ff6..2804e09 100644
--- a/src/net/tcp/httpconn.c
+++ b/src/net/tcp/httpconn.c
@@ -236,7 +236,6 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
 	struct http_connection *conn;
 	struct http_scheme *scheme;
 	struct sockaddr_tcpip server;
-	struct interface *socket;
 	unsigned int port;
 	int rc;
 
@@ -296,15 +295,16 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
 	/* Open socket */
 	memset ( &server, 0, sizeof ( server ) );
 	server.st_port = htons ( port );
-	socket = &conn->socket;
-	if ( scheme->filter &&
-	     ( ( rc = scheme->filter ( socket, uri->host, &socket ) ) != 0 ) )
-		goto err_filter;
-	if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
+	if ( ( rc = xfer_open_named_socket ( &conn->socket, SOCK_STREAM,
 					     ( struct sockaddr * ) &server,
 					     uri->host, NULL ) ) != 0 )
 		goto err_open;
 
+	/* Add filter, if any */
+	if ( scheme->filter &&
+	     ( ( rc = scheme->filter ( &conn->socket, uri->host ) ) != 0 ) )
+		goto err_filter;
+
 	/* Attach to parent interface, mortalise self, and return */
 	intf_plug_plug ( &conn->xfer, xfer );
 	ref_put ( &conn->refcnt );
@@ -313,8 +313,8 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
 		conn->scheme->name, conn->uri->host, port );
 	return 0;
 
- err_open:
  err_filter:
+ err_open:
 	DBGC2 ( conn, "HTTPCONN %p could not create %s://%s:%d: %s\n", conn,
 		conn->scheme->name, conn->uri->host, port, strerror ( rc ) );
 	http_conn_close ( conn, rc );
diff --git a/src/net/tcp/syslogs.c b/src/net/tcp/syslogs.c
index 0c07f86..b376052 100644
--- a/src/net/tcp/syslogs.c
+++ b/src/net/tcp/syslogs.c
@@ -62,9 +62,10 @@ static struct sockaddr_tcpip logserver = {
  * @v intf		Interface
  * @v rc		Reason for close
  */
-static void syslogs_close ( struct interface *intf __unused, int rc ) {
+static void syslogs_close ( struct interface *intf, int rc ) {
 
 	DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
+	intf_restart ( intf, rc );
 }
 
 /**
@@ -208,7 +209,6 @@ const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
 static int apply_syslogs_settings ( void ) {
 	static char *old_server;
 	char *server;
-	struct interface *socket;
 	int rc;
 
 	/* Fetch log server */
@@ -234,33 +234,32 @@ static int apply_syslogs_settings ( void ) {
 		rc = 0;
 		goto out_no_server;
 	}
-
-	/* Add TLS filter */
-	if ( ( rc = add_tls ( &syslogs, server, &socket ) ) != 0 ) {
-		DBG ( "SYSLOGS cannot create TLS filter: %s\n",
-		      strerror ( rc ) );
-		goto err_add_tls;
-	}
+	DBG ( "SYSLOGS using log server %s\n", server );
 
 	/* Connect to log server */
-	if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
+	if ( ( rc = xfer_open_named_socket ( &syslogs, SOCK_STREAM,
 					     (( struct sockaddr *) &logserver ),
 					     server, NULL ) ) != 0 ) {
 		DBG ( "SYSLOGS cannot connect to log server: %s\n",
 		      strerror ( rc ) );
 		goto err_open_named_socket;
 	}
-	DBG ( "SYSLOGS using log server %s\n", server );
+
+	/* Add TLS filter */
+	if ( ( rc = add_tls ( &syslogs, server ) ) != 0 ) {
+		DBG ( "SYSLOGS cannot create TLS filter: %s\n",
+		      strerror ( rc ) );
+		goto err_add_tls;
+	}
 
 	/* Record log server */
 	old_server = server;
-	server = NULL;
 
-	/* Success */
-	rc = 0;
+	return 0;
 
- err_open_named_socket:
  err_add_tls:
+ err_open_named_socket:
+	syslogs_close ( &syslogs, rc );
  out_no_server:
  out_no_change:
 	free ( server );
diff --git a/src/net/tls.c b/src/net/tls.c
index ea82760..4822006 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -3088,8 +3088,14 @@ static int tls_session ( struct tls_connection *tls, const char *name ) {
  ******************************************************************************
  */
 
-int add_tls ( struct interface *xfer, const char *name,
-	      struct interface **next ) {
+/**
+ * Add TLS on an interface
+ *
+ * @v xfer		Data transfer interface
+ * @v name		Host name
+ * @ret rc		Return status code
+ */
+int add_tls ( struct interface *xfer, const char *name ) {
 	struct tls_connection *tls;
 	int rc;
 
@@ -3133,8 +3139,7 @@ int add_tls ( struct interface *xfer, const char *name,
 	tls_restart ( tls );
 
 	/* Attach to parent interface, mortalise self, and return */
-	intf_plug_plug ( &tls->plainstream, xfer );
-	*next = &tls->cipherstream;
+	intf_insert ( xfer, &tls->plainstream, &tls->cipherstream );
 	ref_put ( &tls->refcnt );
 	return 0;