clib_warning ("disconnect returned");
}
-tls_engine_type_t
+crypto_engine_type_t
tls_get_available_engine (void)
{
int i;
if (tls_vfts[i].ctx_alloc)
return i;
}
- return TLS_ENGINE_NONE;
+ return CRYPTO_ENGINE_NONE;
}
int
return 0;
failed:
+ /* Free app session pre-allocated when transport was established */
+ session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+ ctx->no_app_session = 1;
tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
return app_worker_connect_notify (app_wrk, 0, ctx->parent_app_api_context);
}
*engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT;
}
-static inline tls_engine_type_t
-tls_get_engine_type (tls_engine_type_t preferred)
+static inline crypto_engine_type_t
+tls_get_engine_type (crypto_engine_type_t preferred)
{
if (!tls_vfts[preferred].ctx_alloc)
return tls_get_available_engine ();
}
static inline u32
-tls_ctx_alloc (tls_engine_type_t engine_type)
+tls_ctx_alloc (crypto_engine_type_t engine_type)
{
u32 ctx_index;
ctx_index = tls_vfts[engine_type].ctx_alloc ();
void
tls_ctx_free (tls_ctx_t * ctx)
{
- vec_free (ctx->srv_hostname);
tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx);
}
void
tls_session_reset_callback (session_t * s)
{
- clib_warning ("called...");
+ tls_ctx_t *ctx;
+ transport_connection_t *tc;
+ session_t *app_session;
+
+ ctx = tls_ctx_get (s->opaque);
+ tc = &ctx->connection;
+ if (tls_ctx_handshake_is_over (ctx))
+ {
+ session_transport_reset_notify (tc);
+ session_transport_closed_notify (tc);
+ }
+ else if ((app_session = session_get (tc->s_index, tc->thread_index)))
+ session_free (app_session);
+ tls_disconnect_transport (ctx);
}
int
TLS_DBG (1, "TCP disconnecting handle %x session %u", tls_session->opaque,
tls_session->session_index);
- ctx = tls_ctx_get (tls_session->opaque);
+ ASSERT (tls_session->thread_index == vlib_get_thread_index ()
+ || vlib_thread_is_main_w_barrier ());
+
+ ctx = tls_ctx_get_w_thread (tls_session->opaque, tls_session->thread_index);
ctx->is_passive_close = 1;
tls_ctx_transport_close (ctx);
}
tls_session->opaque = ctx_handle;
ctx->tls_session_handle = session_handle (tls_session);
ctx->listener_ctx_index = tls_listener->opaque;
+ ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
+ ctx->ckpair_index = lctx->ckpair_index;
/* Preallocate app session. Avoids allocating a session post handshake
* on tls_session rx and potentially invalidating the session pool */
ctx->c_thread_index = vlib_get_thread_index ();
ctx->tls_ctx_handle = ctx_handle;
+ ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x",
ho_ctx_index, is_fail, vlib_get_thread_index (),
return tls_ctx_init_client (ctx);
}
+static void
+tls_app_session_cleanup (session_t * s, session_cleanup_ntf_t ntf)
+{
+ tls_ctx_t *ctx;
+
+ if (ntf == SESSION_CLEANUP_TRANSPORT)
+ return;
+
+ ctx = tls_ctx_get (s->opaque);
+ if (!ctx->no_app_session)
+ session_transport_delete_notify (&ctx->connection);
+ tls_ctx_free (ctx);
+}
+
/* *INDENT-OFF* */
static session_cb_vft_t tls_app_cb_vft = {
.session_accept_callback = tls_session_accept_callback,
.add_segment_callback = tls_add_segment_callback,
.del_segment_callback = tls_del_segment_callback,
.builtin_app_rx_callback = tls_app_rx_callback,
+ .session_cleanup_callback = tls_app_session_cleanup,
};
/* *INDENT-ON* */
{
vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs;
session_endpoint_cfg_t *sep;
- tls_engine_type_t engine_type;
+ crypto_engine_type_t engine_type;
tls_main_t *tm = &tls_main;
app_worker_t *app_wrk;
application_t *app;
app_wrk = app_worker_get (sep->app_wrk_index);
app = application_get (app_wrk->app_index);
engine_type = tls_get_engine_type (app->tls_engine);
- if (engine_type == TLS_ENGINE_NONE)
+ if (engine_type == CRYPTO_ENGINE_NONE)
{
clib_warning ("No tls engine_type available");
return -1;
session_endpoint_cfg_t *sep;
session_t *tls_listener;
session_t *app_listener;
- tls_engine_type_t engine_type;
+ crypto_engine_type_t engine_type;
application_t *app;
app_listener_t *al;
tls_ctx_t *lctx;
app_wrk = app_worker_get (sep->app_wrk_index);
app = application_get (app_wrk->app_index);
engine_type = tls_get_engine_type (app->tls_engine);
- if (engine_type == TLS_ENGINE_NONE)
+ if (engine_type == CRYPTO_ENGINE_NONE)
{
clib_warning ("No tls engine_type available");
return -1;
lctx->app_session_handle = listen_session_get_handle (app_listener);
lctx->tcp_is_ip4 = sep->is_ip4;
lctx->tls_ctx_engine = engine_type;
+ lctx->ckpair_index = sep->ckpair_index;
if (tls_vfts[engine_type].ctx_start_listen (lctx))
{
u32
tls_stop_listen (u32 lctx_index)
{
- tls_engine_type_t engine_type;
+ crypto_engine_type_t engine_type;
tls_ctx_t *lctx;
int rv;
}
int
-tls_custom_tx_callback (void *session)
+tls_custom_tx_callback (void *session, u32 max_burst_size)
{
session_t *app_session = (session_t *) session;
tls_ctx_t *ctx;
/* *INDENT-ON* */
void
-tls_register_engine (const tls_engine_vft_t * vft, tls_engine_type_t type)
+tls_register_engine (const tls_engine_vft_t * vft, crypto_engine_type_t type)
{
vec_validate (tls_vfts, type);
tls_vfts[type] = *vft;