tls_ctx_half_open_alloc (void)
{
tls_main_t *tm = &tls_main;
- u8 will_expand = 0;
tls_ctx_t *ctx;
- u32 ctx_index;
- pool_get_aligned_will_expand (tm->half_open_ctx_pool, will_expand, 0);
- if (PREDICT_FALSE (will_expand && vlib_num_workers ()))
- {
- clib_rwlock_writer_lock (&tm->half_open_rwlock);
- pool_get_zero (tm->half_open_ctx_pool, ctx);
- ctx->c_c_index = ctx - tm->half_open_ctx_pool;
- ctx_index = ctx->c_c_index;
- clib_rwlock_writer_unlock (&tm->half_open_rwlock);
- }
- else
- {
- /* reader lock assumption: only main thread will call pool_get */
- clib_rwlock_reader_lock (&tm->half_open_rwlock);
- pool_get_zero (tm->half_open_ctx_pool, ctx);
- ctx->c_c_index = ctx - tm->half_open_ctx_pool;
- ctx_index = ctx->c_c_index;
- clib_rwlock_reader_unlock (&tm->half_open_rwlock);
- }
- return ctx_index;
+ pool_get_aligned_safe (tm->half_open_ctx_pool, ctx, CLIB_CACHE_LINE_BYTES);
+
+ clib_memset (ctx, 0, sizeof (*ctx));
+ ctx->c_c_index = ctx - tm->half_open_ctx_pool;
+ ctx->c_thread_index = transport_cl_thread ();
+
+ return ctx->c_c_index;
}
void
tls_ctx_half_open_free (u32 ho_index)
{
- tls_main_t *tm = &tls_main;
- clib_rwlock_writer_lock (&tm->half_open_rwlock);
pool_put_index (tls_main.half_open_ctx_pool, ho_index);
- clib_rwlock_writer_unlock (&tm->half_open_rwlock);
}
tls_ctx_t *
tls_ctx_half_open_get (u32 ctx_index)
{
tls_main_t *tm = &tls_main;
- clib_rwlock_reader_lock (&tm->half_open_rwlock);
return pool_elt_at_index (tm->half_open_ctx_pool, ctx_index);
}
-void
-tls_ctx_half_open_reader_unlock ()
-{
- clib_rwlock_reader_unlock (&tls_main.half_open_rwlock);
-}
-
-u32
-tls_ctx_half_open_index (tls_ctx_t * ctx)
-{
- return (ctx - tls_main.half_open_ctx_pool);
-}
-
void
tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session)
{
int
tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
{
+ u32 parent_app_api_ctx;
session_t *app_session;
app_worker_t *app_wrk;
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
if (!app_wrk)
{
- tls_disconnect_transport (ctx);
+ if (ctx->tls_type == TRANSPORT_PROTO_TLS)
+ session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+ ctx->no_app_session = 1;
return -1;
}
goto failed;
app_session->session_state = SESSION_STATE_READY;
- if (app_worker_connect_notify (app_wrk, app_session,
- SESSION_E_NONE, ctx->parent_app_api_context))
+ parent_app_api_ctx = ctx->parent_app_api_context;
+ ctx->app_session_handle = session_handle (app_session);
+
+ if (app_worker_connect_notify (app_wrk, app_session, SESSION_E_NONE,
+ parent_app_api_ctx))
{
TLS_DBG (1, "failed to notify app");
- app_session->session_state = SESSION_STATE_CONNECTING;
- tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
+ session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+ ctx->no_app_session = 1;
return -1;
}
- ctx->app_session_handle = session_handle (app_session);
-
return 0;
failed:
return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
}
+int
+tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id)
+{
+ return tls_vfts[tls_engine_id].ctx_reinit_cachain ();
+}
+
+void
+tls_notify_app_io_error (tls_ctx_t *ctx)
+{
+ ASSERT (tls_ctx_handshake_is_over (ctx));
+
+ session_transport_reset_notify (&ctx->connection);
+ session_transport_closed_notify (&ctx->connection);
+ tls_disconnect_transport (ctx);
+}
+
void
tls_session_reset_callback (session_t * s)
{
ho_index = s->opaque;
ctx = tls_ctx_half_open_get (ho_index);
session_half_open_delete_notify (&ctx->connection);
- tls_ctx_half_open_reader_unlock ();
tls_ctx_half_open_free (ho_index);
}
return 0;
ctx = tls_ctx_get (tls_session->opaque);
+ if (PREDICT_FALSE (ctx->no_app_session))
+ {
+ TLS_DBG (1, "Local App closed");
+ return 0;
+ }
tls_ctx_read (ctx, tls_session);
return 0;
}
ctx = tls_ctx_get (ctx_handle);
clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx));
/* Half-open freed on tcp half-open cleanup notification */
- tls_ctx_half_open_reader_unlock ();
ctx->c_thread_index = vlib_get_thread_index ();
ctx->tls_ctx_handle = ctx_handle;
api_context = ho_ctx->parent_app_api_context;
app_worker_connect_notify (app_wrk, 0, err, api_context);
}
- tls_ctx_half_open_reader_unlock ();
return 0;
}
ctx->srv_hostname = format (0, "%s", ccfg->hostname);
vec_terminate_c_string (ctx->srv_hostname);
}
- tls_ctx_half_open_reader_unlock ();
ctx->tls_ctx_engine = engine_type;
lctx->tls_ctx_engine = engine_type;
lctx->tls_type = sep->transport_proto;
lctx->ckpair_index = ccfg->ckpair_index;
+ lctx->c_s_index = app_listener_index;
lctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
if (tls_vfts[engine_type].ctx_start_listen (lctx))
static transport_connection_t *
tls_half_open_get (u32 ho_index)
{
- tls_main_t *tm = &tls_main;
tls_ctx_t *ctx;
ctx = tls_ctx_half_open_get (ho_index);
- clib_rwlock_reader_unlock (&tm->half_open_rwlock);
return &ctx->connection;
}
static void
tls_cleanup_ho (u32 ho_index)
{
- tls_main_t *tm = &tls_main;
- session_handle_t tcp_sh;
tls_ctx_t *ctx;
ctx = tls_ctx_half_open_get (ho_index);
- tcp_sh = ctx->tls_session_handle;
- clib_rwlock_reader_unlock (&tm->half_open_rwlock);
- session_cleanup_half_open (tcp_sh);
+ session_cleanup_half_open (ctx->tls_session_handle);
tls_ctx_half_open_free (ho_index);
}
ho_ctx->parent_app_wrk_index, ho_ctx->tls_ctx_engine,
tcp_ho->thread_index, tcp_ho->session_index);
- tls_ctx_half_open_reader_unlock ();
return s;
}
if (!tm->ca_cert_path)
tm->ca_cert_path = TLS_CA_CERT_PATH;
- clib_rwlock_init (&tm->half_open_rwlock);
-
vec_validate (tm->rx_bufs, num_threads - 1);
vec_validate (tm->tx_bufs, num_threads - 1);
return 0;
}
-VLIB_EARLY_CONFIG_FUNCTION (tls_config_fn, "tls");
+VLIB_CONFIG_FUNCTION (tls_config_fn, "tls");
tls_main_t *
vnet_tls_get_main (void)