/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Copyright (c) 2016-2019 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
u32 vlsh_bit_val;
u32 vlsh_bit_mask;
u32 debug;
+ u8 transparent_tls;
/** vcl needs next epoll_create to go to libc_epoll */
u8 vcl_needs_real_epoll;
#define LDBG(_lvl, _fmt, _args...) \
if (ldp->debug > _lvl) \
- clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args)
+ { \
+ int errno_saved = errno; \
+ clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args); \
+ errno = errno_saved; \
+ }
static ldp_main_t ldp_main = {
.vlsh_bit_val = (1 << LDP_SID_BIT_MIN),
.vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1,
.debug = LDP_DEBUG_INIT,
+ .transparent_tls = 0,
};
static ldp_main_t *ldp = &ldp_main;
static inline void
ldp_set_app_name (char *app_name)
{
- int rv = snprintf (ldp->app_name, LDP_APP_NAME_MAX,
- "ldp-%d-%s", getpid (), app_name);
-
- if (rv >= LDP_APP_NAME_MAX)
- app_name[LDP_APP_NAME_MAX - 1] = 0;
+ snprintf (ldp->app_name, LDP_APP_NAME_MAX,
+ "ldp-%d-%s", getpid (), app_name);
}
static inline char *
return (fd - ldp->vlsh_bit_val);
}
+static void
+ldp_alloc_workers (void)
+{
+ if (ldp->workers)
+ return;
+ pool_alloc (ldp->workers, LDP_MAX_NWORKERS);
+}
+
static inline int
ldp_init (void)
{
return rv;
}
ldp->vcl_needs_real_epoll = 0;
- pool_alloc (ldp->workers, LDP_MAX_NWORKERS);
+ ldp_alloc_workers ();
ldpw = ldp_worker_get_current ();
char *env_var_str = getenv (LDP_ENV_DEBUG);
return -1;
}
}
+ env_var_str = getenv (LDP_ENV_TLS_TRANS);
+ if (env_var_str)
+ {
+ ldp->transparent_tls = 1;
+ }
+
+ /* *INDENT-OFF* */
+ pool_foreach (ldpw, ldp->workers, ({
+ clib_memset (&ldpw->clib_time, 0, sizeof (ldpw->clib_time));
+ }));
+ /* *INDENT-ON* */
- clib_time_init (&ldpw->clib_time);
LDBG (0, "LDP initialization: done!");
return 0;
vlsh = ldp_fd_to_vlsh (fd);
if (vlsh != VLS_INVALID_HANDLE)
{
- do
+ for (i = 0; i < iovcnt; ++i)
{
- for (i = 0; i < iovcnt; ++i)
+ rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len);
+ if (rv <= 0)
+ break;
+ else
{
- rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len);
- if (rv < 0)
+ total += rv;
+ if (rv < iov[i].iov_len)
break;
- else
- {
- total += rv;
- if (rv < iov[i].iov_len)
- break;
- }
}
}
- while ((rv >= 0) && (total == 0));
-
- if (rv < 0)
+ if (rv < 0 && total == 0)
{
errno = -rv;
size = -1;
return size;
}
+#ifdef HAVE_FCNTL64
+int
+fcntl64 (int fd, int cmd, ...)
+#else
int
fcntl (int fd, int cmd, ...)
+#endif
{
vls_handle_t vlsh;
int rv = 0;
}
else
{
+#ifdef HAVE_FCNTL64
+ rv = libc_vfcntl64 (fd, cmd, ap);
+#else
rv = libc_vfcntl (fd, cmd, ap);
+#endif
}
va_end (ap);
/* *INDENT-OFF* */
clib_bitmap_foreach (si, vclb, ({
vlsh = vls_session_index_to_vlsh (si);
+ ASSERT (vlsh != VLS_INVALID_HANDLE);
fd = ldp_vlsh_to_fd (vlsh);
if (PREDICT_FALSE (fd < 0))
{
{
uword fd;
+ if (!libcb)
+ return;
+
/* *INDENT-OFF* */
clib_bitmap_foreach (fd, result, ({
FD_SET ((int)fd, libcb);
return -1;
}
+ if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0))
+ clib_time_init (&ldpw->clib_time);
+
if (timeout)
{
time_out = (timeout->tv_sec == 0 && timeout->tv_nsec == 0) ?
goto done;
}
- libc_tspec = si_bits ? libc_tspec : *timeout;
+ if (!si_bits)
+ libc_tspec = timeout ? *timeout : libc_tspec;
do
{
vec_len (ldpw->ex_bitmap) *
sizeof (clib_bitmap_t));
- rv = vppcom_select (si_bits, readfds ? ldpw->rd_bitmap : NULL,
- writefds ? ldpw->wr_bitmap : NULL,
- exceptfds ? ldpw->ex_bitmap : NULL,
- vcl_timeout);
+ rv = vls_select (si_bits, readfds ? ldpw->rd_bitmap : NULL,
+ writefds ? ldpw->wr_bitmap : NULL,
+ exceptfds ? ldpw->ex_bitmap : NULL, vcl_timeout);
if (rv < 0)
{
errno = -rv;
}
#endif
+/* If transparent TLS mode is turned on, then ldp will load key and cert.
+ */
+static int
+load_tls_cert (vls_handle_t vlsh)
+{
+ char *env_var_str = getenv (LDP_ENV_TLS_CERT);
+ char inbuf[4096];
+ char *tls_cert;
+ int cert_size;
+ FILE *fp;
+
+ if (env_var_str)
+ {
+ fp = fopen (env_var_str, "r");
+ if (fp == NULL)
+ {
+ LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str);
+ return -1;
+ }
+ cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp);
+ tls_cert = inbuf;
+ vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert,
+ cert_size);
+ fclose (fp);
+ }
+ else
+ {
+ LDBG (0, "ERROR: failed to read LDP environment %s\n",
+ LDP_ENV_TLS_CERT);
+ return -1;
+ }
+ return 0;
+}
+
+static int
+load_tls_key (vls_handle_t vlsh)
+{
+ char *env_var_str = getenv (LDP_ENV_TLS_KEY);
+ char inbuf[4096];
+ char *tls_key;
+ int key_size;
+ FILE *fp;
+
+ if (env_var_str)
+ {
+ fp = fopen (env_var_str, "r");
+ if (fp == NULL)
+ {
+ LDBG (0, "ERROR: failed to open key file %s \n", env_var_str);
+ return -1;
+ }
+ key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp);
+ tls_key = inbuf;
+ vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key,
+ key_size);
+ fclose (fp);
+ }
+ else
+ {
+ LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY);
+ return -1;
+ }
+ return 0;
+}
+
int
socket (int domain, int type, int protocol)
{
if (((domain == AF_INET) || (domain == AF_INET6)) &&
((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM)))
{
- u8 proto = ((sock_type == SOCK_DGRAM) ?
- VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP);
+ u8 proto;
+ if (ldp->transparent_tls)
+ {
+ proto = VPPCOM_PROTO_TLS;
+ }
+ else
+ proto = ((sock_type == SOCK_DGRAM) ?
+ VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP);
LDBG (0, "calling vls_create: proto %u (%s), is_nonblocking %u",
proto, vppcom_proto_str (proto), is_nonblocking);
}
else
{
+ if (ldp->transparent_tls)
+ {
+ if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0)
+ {
+ return -1;
+ }
+ }
rv = ldp_vlsh_to_fd (vlsh);
}
}
__SOCKADDR_ARG addr, socklen_t * __restrict addr_len)
{
vls_handle_t sid;
- ssize_t size;
+ ssize_t size, rv;
if ((errno = -ldp_init ()))
return -1;
size = vls_recvfrom (sid, buf, n, flags, &ep);
if (size > 0)
- size = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep);
+ {
+ rv = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep);
+ if (rv < 0)
+ size = rv;
+ }
}
else
size = vls_recvfrom (sid, buf, n, flags, NULL);
(void *) optval, &optlen);
break;
case TCP_CONGESTION:
+ case TCP_CORK:
/* Ignore */
rv = 0;
break;
if (ldp->vcl_needs_real_epoll)
{
+ /* Make sure workers have been allocated */
+ if (!ldp->workers)
+ {
+ ldp_alloc_workers ();
+ ldpw = ldp_worker_get_current ();
+ }
rv = libc_epoll_create1 (flags);
ldp->vcl_needs_real_epoll = 0;
ldpw->vcl_mq_epfd = rv;
int timeout, const sigset_t * sigmask)
{
ldp_worker_ctx_t *ldpw = ldp_worker_get_current ();
- double time_to_wait = (double) 0, time_out, now = 0;
+ double time_to_wait = (double) 0, max_time;
int libc_epfd, rv = 0;
vls_handle_t ep_vlsh;
return -1;
}
+ if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0))
+ clib_time_init (&ldpw->clib_time);
time_to_wait = ((timeout >= 0) ? (double) timeout / 1000 : 0);
- time_out = clib_time_now (&ldpw->clib_time) + time_to_wait;
+ max_time = clib_time_now (&ldpw->clib_time) + time_to_wait;
libc_epfd = vls_attr (ep_vlsh, VPPCOM_ATTR_GET_LIBC_EPFD, 0, 0);
if (PREDICT_FALSE (libc_epfd < 0))
LDBG (2, "epfd %d: vep_idx %d, libc_epfd %d, events %p, maxevents %d, "
"timeout %d, sigmask %p: time_to_wait %.02f", epfd, ep_vlsh,
- libc_epfd, events, maxevents, timeout, sigmask, time_to_wait,
- time_out);
+ libc_epfd, events, maxevents, timeout, sigmask, time_to_wait);
do
{
if (!ldpw->epoll_wait_vcl)
if (rv != 0)
goto done;
}
-
- if (timeout != -1)
- now = clib_time_now (&ldpw->clib_time);
}
- while (now < time_out);
+ while ((timeout == -1) || (clib_time_now (&ldpw->clib_time) < max_time));
done:
return rv;
int rv, i, n_revents = 0;
vls_handle_t vlsh;
vcl_poll_t *vp;
- double wait_for_time;
+ double max_time;
LDBG (3, "fds %p, nfds %d, timeout %d", fds, nfds, timeout);
- if (timeout >= 0)
- wait_for_time = (f64) timeout / 1000;
- else
- wait_for_time = -1;
+ if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0))
+ clib_time_init (&ldpw->clib_time);
+
+ max_time = (timeout >= 0) ? (f64) timeout / 1000 : 0;
+ max_time += clib_time_now (&ldpw->clib_time);
for (i = 0; i < nfds; i++)
{
goto done;
}
}
- while ((wait_for_time == -1) ||
- (clib_time_now (&ldpw->clib_time) < wait_for_time));
+ while ((timeout < 0) || (clib_time_now (&ldpw->clib_time) < max_time));
rv = 0;
done:
{
swrap_constructor ();
if (ldp_init () != 0)
- fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n",
- getpid ());
+ {
+ fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n",
+ getpid ());
+ _exit (1);
+ }
else if (LDP_DEBUG > 0)
clib_warning ("LDP<%d>: LDP constructor: done!\n", getpid ());
}
void
ldp_destructor (void)
{
- swrap_destructor ();
- if (ldp->init)
- ldp->init = 0;
+ /*
+ swrap_destructor ();
+ if (ldp->init)
+ ldp->init = 0;
+ */
/* Don't use clib_warning() here because that calls writev()
* which will call ldp_init().
*/
if (LDP_DEBUG > 0)
- printf ("%s:%d: LDP<%d>: LDP destructor: done!\n",
- __func__, __LINE__, getpid ());
+ fprintf (stderr, "%s:%d: LDP<%d>: LDP destructor: done!\n",
+ __func__, __LINE__, getpid ());
}