return 0;
}
-int
-tls_add_vpp_q_builtin_tx_evt (session_t * s)
-{
- if (svm_fifo_set_event (s->tx_fifo))
- session_send_io_evt_to_thread_custom (s, s->thread_index,
- SESSION_IO_EVT_BUILTIN_TX);
- return 0;
-}
-
static inline int
tls_add_app_q_evt (app_worker_t * app, session_t * app_session)
{
return rv;
}
ctx->app_session_handle = session_handle (app_session);
- session_lookup_add_connection (&ctx->connection,
- session_handle (app_session));
ctx->parent_app_wrk_index = app_session->app_wrk_index;
app_wrk = app_worker_get (app_session->app_wrk_index);
return app_worker_accept_notify (app_wrk, app_session);
}
int
-tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
+tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
{
session_t *app_session;
app_worker_t *app_wrk;
return -1;
}
- if (is_failed)
+ if (err)
goto failed;
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
app_session->session_type =
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
- if (app_worker_init_connected (app_wrk, app_session))
+ if ((err = app_worker_init_connected (app_wrk, app_session)))
goto failed;
app_session->session_state = SESSION_STATE_CONNECTING;
if (app_worker_connect_notify (app_wrk, app_session,
- ctx->parent_app_api_context))
+ SESSION_E_NONE, ctx->parent_app_api_context))
{
TLS_DBG (1, "failed to notify app");
tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
ctx->app_session_handle = session_handle (app_session);
app_session->session_state = SESSION_STATE_READY;
- session_lookup_add_connection (&ctx->connection,
- session_handle (app_session));
return 0;
session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
ctx->no_app_session = 1;
tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
- return app_worker_connect_notify (app_wrk, 0, ctx->parent_app_api_context);
+ return app_worker_connect_notify (app_wrk, 0, err,
+ ctx->parent_app_api_context);
}
static inline void
}
static inline int
-tls_ctx_write (tls_ctx_t * ctx, session_t * app_session)
+tls_ctx_write (tls_ctx_t * ctx, session_t * app_session,
+ transport_send_params_t * sp)
{
- return tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session);
+ u32 n_wrote;
+
+ sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS;
+ n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp);
+ return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0;
}
static inline int
tls_session_reset_callback (session_t * s)
{
tls_ctx_t *ctx;
+ transport_connection_t *tc;
+ session_t *app_session;
ctx = tls_ctx_get (s->opaque);
- session_transport_reset_notify (&ctx->connection);
- session_transport_closed_notify (&ctx->connection);
- tls_disconnect_transport (ctx);
+ ctx->is_passive_close = 1;
+ tc = &ctx->connection;
+ if (tls_ctx_handshake_is_over (ctx))
+ {
+ session_transport_reset_notify (tc);
+ session_transport_closed_notify (tc);
+ tls_disconnect_transport (ctx);
+ }
+ else
+ if ((app_session =
+ session_get_if_valid (ctx->c_s_index, ctx->c_thread_index)))
+ {
+ session_free (app_session);
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
+ }
}
int
/* Preallocate app session. Avoids allocating a session post handshake
* on tls_session rx and potentially invalidating the session pool */
app_session = session_alloc (ctx->c_thread_index);
- app_session->session_state = SESSION_STATE_CLOSED;
+ app_session->session_state = SESSION_STATE_CREATED;
ctx->c_s_index = app_session->session_index;
TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
return 0;
}
+int
+tls_app_tx_callback (session_t * tls_session)
+{
+ tls_ctx_t *ctx;
+
+ ctx = tls_ctx_get (tls_session->opaque);
+ transport_connection_reschedule (&ctx->connection);
+
+ return 0;
+}
+
int
tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
- session_t * tls_session, u8 is_fail)
+ session_t * tls_session, session_error_t err)
{
session_t *app_session;
tls_ctx_t *ho_ctx, *ctx;
ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
- if (is_fail)
+ if (err)
{
app_worker_t *app_wrk;
u32 api_context;
if (app_wrk)
{
api_context = ho_ctx->c_s_index;
- app_worker_connect_notify (app_wrk, 0, api_context);
+ app_worker_connect_notify (app_wrk, 0, err, api_context);
}
tls_ctx_half_open_reader_unlock ();
tls_ctx_half_open_free (ho_ctx_index);
/* Preallocate app session. Avoids allocating a session post handshake
* on tls_session rx and potentially invalidating the session pool */
app_session = session_alloc (ctx->c_thread_index);
- app_session->session_state = SESSION_STATE_CLOSED;
+ app_session->session_state = SESSION_STATE_CREATED;
ctx->c_s_index = app_session->session_index;
return tls_ctx_init_client (ctx);
.add_segment_callback = tls_add_segment_callback,
.del_segment_callback = tls_del_segment_callback,
.builtin_app_rx_callback = tls_app_rx_callback,
+ .builtin_app_tx_callback = tls_app_tx_callback,
.session_cleanup_callback = tls_app_session_cleanup,
};
/* *INDENT-ON* */
return -1;
}
- sep->transport_proto = TRANSPORT_PROTO_TCP;
clib_memset (args, 0, sizeof (*args));
args->app_index = tm->app_index;
args->sep_ext = *sep;
args->sep_ext.ns_index = app->ns_index;
+ args->sep_ext.transport_proto = TRANSPORT_PROTO_TCP;
if (vnet_listen (args))
return -1;
u32
tls_stop_listen (u32 lctx_index)
{
+ session_endpoint_t sep = SESSION_ENDPOINT_NULL;
crypto_engine_type_t engine_type;
+ transport_connection_t *lc;
tls_ctx_t *lctx;
+ session_t *ls;
int rv;
lctx = tls_listener_ctx_get (lctx_index);
+
+ /* Cleanup listener from session lookup table */
+ ls = session_get_from_handle (lctx->tls_session_handle);
+ lc = session_get_transport (ls);
+
+ sep.fib_index = lc->fib_index;
+ sep.port = lc->lcl_port;
+ sep.is_ip4 = lc->is_ip4;
+ sep.transport_proto = TRANSPORT_PROTO_TLS;
+ clib_memcpy (&sep.ip, &lc->lcl_ip, sizeof (lc->lcl_ip));
+ session_lookup_del_session_endpoint2 (&sep);
+
vnet_unlisten_args_t a = {
.handle = lctx->tls_session_handle,
.app_index = tls_main.app_index,
}
int
-tls_custom_tx_callback (void *session, u32 max_burst_size)
+tls_custom_tx_callback (void *session, transport_send_params_t * sp)
{
session_t *app_session = (session_t *) session;
tls_ctx_t *ctx;
return 0;
ctx = tls_ctx_get (app_session->connection_index);
- tls_ctx_write (ctx, app_session);
- return 0;
+ return tls_ctx_write (ctx, app_session, sp);
}
u8 *
return s;
}
+static u8 *
+format_tls_listener_ctx (u8 * s, va_list * args)
+{
+ session_t *tls_listener;
+ app_listener_t *al;
+ u32 app_si, app_ti;
+ tls_ctx_t *ctx;
+
+ ctx = va_arg (*args, tls_ctx_t *);
+
+ al = app_listener_get_w_handle (ctx->tls_session_handle);
+ tls_listener = app_listener_get_session (al);
+ session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
+ s = format (s, "[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
+ app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
+ tls_listener->thread_index, tls_listener->session_index);
+
+ return s;
+}
+
+static u8 *
+format_tls_ctx_state (u8 * s, va_list * args)
+{
+ tls_ctx_t *ctx;
+ session_t *ts;
+
+ ctx = va_arg (*args, tls_ctx_t *);
+ ts = session_get_from_handle (ctx->app_session_handle);
+ if (ts->session_state == SESSION_STATE_LISTENING)
+ s = format (s, "%s", "LISTEN");
+ else if (tls_ctx_handshake_is_over (ctx))
+ s = format (s, "%s", "ESTABLISHED");
+ else
+ s = format (s, "%s", "HANDSHAKE");
+
+ return s;
+}
+
u8 *
format_tls_connection (u8 * s, va_list * args)
{
s = format (s, "%-50U", format_tls_ctx, ctx);
if (verbose)
{
- session_t *ts;
- ts = session_get_from_handle (ctx->app_session_handle);
- s = format (s, "state: %-7u", ts->session_state);
+ s = format (s, "%-15U", format_tls_ctx_state, ctx);
if (verbose > 1)
s = format (s, "\n");
}
{
u32 tc_index = va_arg (*args, u32);
u32 __clib_unused thread_index = va_arg (*args, u32);
- u32 __clib_unused verbose = va_arg (*args, u32);
+ u32 verbose = va_arg (*args, u32);
tls_ctx_t *ctx = tls_listener_ctx_get (tc_index);
- session_t *tls_listener;
- app_listener_t *al;
- u32 app_si, app_ti;
- al = app_listener_get_w_handle (ctx->tls_session_handle);
- tls_listener = app_listener_get_session (al);
- session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
- s = format (s, "[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
- app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
- tls_listener->thread_index, tls_listener->session_index);
+ s = format (s, "%-50U", format_tls_listener_ctx, ctx);
+ if (verbose)
+ s = format (s, "%-15U", format_tls_ctx_state, ctx);
return s;
}
.get_transport_endpoint = tls_transport_endpoint_get,
.get_transport_listener_endpoint = tls_transport_listener_endpoint_get,
.transport_options = {
+ .name = "tls",
+ .short_name = "J",
.tx_type = TRANSPORT_TX_INTERNAL,
.service_type = TRANSPORT_SERVICE_APP,
},
{
u32 add_segment_size = 256 << 20, first_seg_size = 32 << 20;
vlib_thread_main_t *vtm = vlib_get_thread_main ();
- u32 num_threads, fifo_size = 128 << 10;
+ u32 num_threads, fifo_size = 128 << 12;
vnet_app_attach_args_t _a, *a = &_a;
u64 options[APP_OPTIONS_N_OPTIONS];
tls_main_t *tm = &tls_main;
tls_config_fn (vlib_main_t * vm, unformat_input_t * input)
{
tls_main_t *tm = &tls_main;
+ uword tmp;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (input, "use-test-cert-in-ca"))
else if (unformat (input, "first-segment-size %U", unformat_memory_size,
&tm->first_seg_size))
;
- else if (unformat (input, "fifo-size %U", unformat_memory_size,
- &tm->fifo_size))
- ;
+ else if (unformat (input, "fifo-size %U", unformat_memory_size, &tmp))
+ {
+ if (tmp >= 0x100000000ULL)
+ {
+ return clib_error_return
+ (0, "fifo-size %llu (0x%llx) too large", tmp, tmp);
+ }
+ tm->fifo_size = tmp;
+ }
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, input);
Code Review / vpp.git / blobdiff