tls: ignore tx events for not fully established sessions

[vpp.git] / src / vnet / tls / tls.c

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 85ac7f8..1461d0c 100644 (file)
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -61,8 +61,7 @@ tls_add_vpp_q_rx_evt (session_t * s)
 int
 tls_add_vpp_q_builtin_rx_evt (session_t * s)
 {
-  if (svm_fifo_set_event (s->rx_fifo))
-    session_send_io_evt_to_thread (s->rx_fifo, SESSION_IO_EVT_BUILTIN_RX);
+  session_enqueue_notify (s);
   return 0;
 }
 
@@ -75,9 +74,10 @@ tls_add_vpp_q_tx_evt (session_t * s)
 }
 
 static inline int
-tls_add_app_q_evt (app_worker_t * app, session_t * app_session)
+tls_add_app_q_evt (app_worker_t *app_wrk, session_t *app_session)
 {
-  return app_worker_lock_and_send_event (app, app_session, SESSION_IO_EVT_RX);
+  app_worker_add_event (app_wrk, app_session, SESSION_IO_EVT_RX);
+  return 0;
 }
 
 u32
@@ -121,6 +121,7 @@ tls_ctx_half_open_alloc (void)
 
   clib_memset (ctx, 0, sizeof (*ctx));
   ctx->c_c_index = ctx - tm->half_open_ctx_pool;
+  ctx->c_thread_index = transport_cl_thread ();
 
   return ctx->c_c_index;
 }
@@ -223,6 +224,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
     }
 
   app_session->app_wrk_index = ctx->parent_app_wrk_index;
+  app_session->opaque = ctx->parent_app_api_context;
 
   if ((err = app_worker_init_connected (app_wrk, app_session)))
     goto failed;
@@ -462,6 +464,7 @@ tls_session_accept_callback (session_t * tls_session)
   session_t *tls_listener, *app_session;
   tls_ctx_t *lctx, *ctx;
   u32 ctx_handle;
+  int rv;
 
   tls_listener =
     listen_session_get_from_handle (tls_session->listener_handle);
@@ -488,7 +491,14 @@ tls_session_accept_callback (session_t * tls_session)
   TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
           tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
 
-  return tls_ctx_init_server (ctx);
+  rv = tls_ctx_init_server (ctx);
+  if (rv)
+    {
+      session_free (app_session);
+      tls_ctx_free (ctx);
+    }
+
+  return rv;
 }
 
 int
@@ -529,6 +539,7 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
   tls_ctx_t *ho_ctx, *ctx;
   session_type_t st;
   u32 ctx_handle;
+  int rv;
 
   ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
 
@@ -558,7 +569,14 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
   app_session->session_type = st;
   app_session->connection_index = ctx->tls_ctx_handle;
 
-  return tls_ctx_init_client (ctx);
+  rv = tls_ctx_init_client (ctx);
+  if (rv)
+    {
+      session_free (app_session);
+      tls_ctx_free (ctx);
+    }
+
+  return rv;
 }
 
 int
@@ -920,15 +938,18 @@ tls_cleanup_ho (u32 ho_index)
 int
 tls_custom_tx_callback (void *session, transport_send_params_t * sp)
 {
-  session_t *app_session = (session_t *) session;
+  session_t *as = (session_t *) session;
   tls_ctx_t *ctx;
 
-  if (PREDICT_FALSE (app_session->session_state
-                    >= SESSION_STATE_TRANSPORT_CLOSED))
-    return 0;
+  if (PREDICT_FALSE (as->session_state >= SESSION_STATE_TRANSPORT_CLOSED ||
+                    as->session_state <= SESSION_STATE_ACCEPTING))
+    {
+      sp->flags |= TRANSPORT_SND_F_DESCHED;
+      return 0;
+    }
 
-  ctx = tls_ctx_get (app_session->connection_index);
-  return tls_ctx_write (ctx, app_session, sp);
+  ctx = tls_ctx_get (as->connection_index);
+  return tls_ctx_write (ctx, as, sp);
 }
 
 u8 *