#define tls_session_handle c_tls_ctx_id.tls_session_handle
#define listener_ctx_index c_tls_ctx_id.listener_ctx_index
#define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
-
+#define tls_ctx_idx c_c_index
/* Temporary storage for session open opaque. Overwritten once
* underlying tcp connection is established */
#define parent_app_api_context c_s_index
typedef struct tls_main_
{
u32 app_index;
- tls_ctx_t **ctx_pool;
+ tls_ctx_t ***ctx_pool;
mbedtls_ctr_drbg_context *ctr_drbgs;
mbedtls_entropy_context *entropy_pools;
tls_ctx_t *listener_ctx_pool;
{
u8 thread_index = vlib_get_thread_index ();
tls_main_t *tm = &tls_main;
- tls_ctx_t *ctx;
+ tls_ctx_t **ctx;
pool_get (tm->ctx_pool[thread_index], ctx);
- memset (ctx, 0, sizeof (*ctx));
- ctx->c_thread_index = thread_index;
+ if (!(*ctx))
+ *ctx = clib_mem_alloc (sizeof (tls_ctx_t));
+
+ memset (*ctx, 0, sizeof (tls_ctx_t));
+ (*ctx)->c_thread_index = thread_index;
return ctx - tm->ctx_pool[thread_index];
}
void
tls_ctx_free (tls_ctx_t * ctx)
{
- pool_put (tls_main.ctx_pool[vlib_get_thread_index ()], ctx);
+ pool_put_index (tls_main.ctx_pool[vlib_get_thread_index ()],
+ ctx->tls_ctx_idx);
}
tls_ctx_t *
tls_ctx_get (u32 ctx_index)
{
- return pool_elt_at_index (tls_main.ctx_pool[vlib_get_thread_index ()],
- ctx_index);
+ tls_ctx_t **ctx;
+ ctx = pool_elt_at_index (tls_main.ctx_pool[vlib_get_thread_index ()],
+ ctx_index);
+ return (*ctx);
}
tls_ctx_t *
tls_ctx_get_w_thread (u32 ctx_index, u8 thread_index)
{
- return pool_elt_at_index (tls_main.ctx_pool[thread_index], ctx_index);
-}
-
-u32
-tls_ctx_index (tls_ctx_t * ctx)
-{
- return (ctx - tls_main.ctx_pool[vlib_get_thread_index ()]);
+ tls_ctx_t **ctx;
+ ctx = pool_elt_at_index (tls_main.ctx_pool[thread_index], ctx_index);
+ return (*ctx);
}
u32
return -1;
}
- ctx_ptr = uword_to_pointer (tls_ctx_index (ctx), void *);
+ ctx_ptr = uword_to_pointer (ctx->tls_ctx_idx, void *);
mbedtls_ssl_set_bio (&ctx->ssl, ctx_ptr, tls_net_send, tls_net_recv, NULL);
mbedtls_debug_set_threshold (TLS_DEBUG_LEVEL_CLIENT);
}
mbedtls_ssl_session_reset (&ctx->ssl);
- ctx_ptr = uword_to_pointer (tls_ctx_index (ctx), void *);
+ ctx_ptr = uword_to_pointer (ctx->tls_ctx_idx, void *);
mbedtls_ssl_set_bio (&ctx->ssl, ctx_ptr, tls_net_send, tls_net_recv, NULL);
mbedtls_debug_set_threshold (TLS_DEBUG_LEVEL_SERVER);
app_session = session_alloc (vlib_get_thread_index ());
app_session->app_index = ctx->parent_app_index;
- app_session->connection_index = tls_ctx_index (ctx);
+ app_session->connection_index = ctx->tls_ctx_idx;
app_session->session_type = app_listener->session_type;
app_session->listener_index = app_listener->session_index;
if ((rv = session_alloc_fifos (sm, app_session)))
return rv;
}
ctx->c_s_index = app_session->session_index;
- ctx->c_c_index = tls_ctx_index (ctx);
ctx->app_session_handle = session_handle (app_session);
return app->cb_fns.session_accept_callback (app_session);
}
sm = application_get_connect_segment_manager (app);
app_session = session_alloc (vlib_get_thread_index ());
app_session->app_index = ctx->parent_app_index;
- app_session->connection_index = tls_ctx_index (ctx);
+ app_session->connection_index = ctx->tls_ctx_idx;
app_session->session_type =
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
if (session_alloc_fifos (sm, app_session))
ctx->app_session_handle = session_handle (app_session);
ctx->c_s_index = app_session->session_index;
- ctx->c_c_index = tls_ctx_index (ctx);
app_session->session_state = SESSION_STATE_READY;
if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
app_session, 0 /* not failed */ ))
{
TLS_DBG (1, "failed to notify app");
- tls_disconnect (tls_ctx_index (ctx), vlib_get_thread_index ());
+ tls_disconnect (ctx->tls_ctx_idx, vlib_get_thread_index ());
}
return 0;
ctx = tls_ctx_get (ctx_index);
memcpy (ctx, lctx, sizeof (*lctx));
ctx->c_thread_index = vlib_get_thread_index ();
+ ctx->tls_ctx_idx = ctx_index;
tls_session->session_state = SESSION_STATE_READY;
tls_session->opaque = ctx_index;
ctx->tls_session_handle = session_handle (tls_session);
cb_fn = app->cb_fns.session_connected_callback;
if (is_fail)
- goto failed;
+ {
+ tls_ctx_half_open_reader_unlock ();
+ tls_ctx_half_open_free (ho_ctx_index);
+ return cb_fn (ho_ctx->parent_app_index, ho_ctx->c_s_index, 0,
+ 1 /* failed */ );
+ }
ctx_index = tls_ctx_alloc ();
ctx = tls_ctx_get (ctx_index);
clib_memcpy (ctx, ho_ctx, sizeof (*ctx));
- ctx->c_thread_index = vlib_get_thread_index ();
tls_ctx_half_open_reader_unlock ();
tls_ctx_half_open_free (ho_ctx_index);
+ ctx->c_thread_index = vlib_get_thread_index ();
+ ctx->tls_ctx_idx = ctx_index;
+
TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%u",
ho_ctx_index, is_fail, vlib_get_thread_index (),
(ctx) ? ctx_index : ~0);
tls_session->session_state = SESSION_STATE_READY;
return tls_ctx_init_client (ctx);
-
-failed:
- tls_ctx_half_open_reader_unlock ();
- tls_ctx_half_open_free (ho_ctx_index);
- return cb_fn (ho_ctx->parent_app_index, ho_ctx->c_s_index, 0,
- 1 /* failed */ );
}
/* *INDENT-OFF* */