#define TLS_INVALID_HANDLE ~0
#define TLS_IDX_MASK 0x00FFFFFF
-#define TLS_ENGINE_TYPE_SHIFT 29
+#define TLS_ENGINE_TYPE_SHIFT 28
void tls_disconnect (u32 ctx_handle, u32 thread_index);
/* Free app session pre-allocated when transport was established */
if (ctx->tls_type == TRANSPORT_PROTO_TLS)
session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
- goto failed;
+ ctx->no_app_session = 1;
+ goto send_reply;
}
/* For DTLS the app session is not preallocated because the underlying udp
failed:
ctx->no_app_session = 1;
tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
+send_reply:
return app_worker_connect_notify (app_wrk, 0, err,
ctx->parent_app_api_context);
}
sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS;
n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp);
- sp->max_burst_size = n_wrote;
+ sp->bytes_dequeued = n_wrote;
return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0;
}
return 0;
ctx = tls_ctx_get (tls_session->opaque);
+ if (PREDICT_FALSE (ctx->no_app_session))
+ {
+ TLS_DBG (1, "Local App closed");
+ return 0;
+ }
tls_ctx_read (ctx, tls_session);
return 0;
}
ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
- if (err)
- {
- app_worker_t *app_wrk;
- u32 api_context;
- int rv = 0;
-
- app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
- if (app_wrk)
- {
- api_context = ho_ctx->parent_app_api_context;
- app_worker_connect_notify (app_wrk, 0, err, api_context);
- }
- tls_ctx_half_open_reader_unlock ();
- return rv;
- }
-
ctx_handle = tls_ctx_alloc (ho_ctx->tls_ctx_engine);
ctx = tls_ctx_get (ctx_handle);
clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx));
tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
session_t *tls_session, session_error_t err)
{
+ if (err)
+ {
+ app_worker_t *app_wrk;
+ tls_ctx_t *ho_ctx;
+ u32 api_context;
+
+ ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
+ app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
+ if (app_wrk)
+ {
+ api_context = ho_ctx->parent_app_api_context;
+ app_worker_connect_notify (app_wrk, 0, err, api_context);
+ }
+ tls_ctx_half_open_reader_unlock ();
+
+ return 0;
+ }
+
if (session_get_transport_proto (tls_session) == TRANSPORT_PROTO_TCP)
return tls_session_connected_cb (tls_app_index, ho_ctx_index, tls_session,
err);
}
u32
-tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
+tls_start_listen (u32 app_listener_index, transport_endpoint_cfg_t *tep)
{
vnet_listen_args_t _bargs, *args = &_bargs;
transport_endpt_crypto_cfg_t *ccfg;
lctx->tls_ctx_engine = engine_type;
lctx->tls_type = sep->transport_proto;
lctx->ckpair_index = ccfg->ckpair_index;
+ lctx->c_s_index = app_listener_index;
+ lctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
if (tls_vfts[engine_type].ctx_start_listen (lctx))
{
>= SESSION_STATE_TRANSPORT_CLOSED))
return 0;
- sp->flags = 0;
ctx = tls_ctx_get (app_session->connection_index);
return tls_ctx_write (ctx, app_session, sp);
}
static clib_error_t *
tls_enable (vlib_main_t * vm, u8 is_en)
{
- u32 add_segment_size = 256 << 20, first_seg_size = 32 << 20;
vnet_app_detach_args_t _da, *da = &_da;
vnet_app_attach_args_t _a, *a = &_a;
u64 options[APP_OPTIONS_N_OPTIONS];
return 0;
}
- first_seg_size = tm->first_seg_size ? tm->first_seg_size : first_seg_size;
fifo_size = tm->fifo_size ? tm->fifo_size : fifo_size;
clib_memset (a, 0, sizeof (*a));
a->api_client_index = APP_INVALID_INDEX;
a->options = options;
a->name = format (0, "tls");
- a->options[APP_OPTIONS_SEGMENT_SIZE] = first_seg_size;
- a->options[APP_OPTIONS_ADD_SEGMENT_SIZE] = add_segment_size;
+ a->options[APP_OPTIONS_SEGMENT_SIZE] = tm->first_seg_size;
+ a->options[APP_OPTIONS_ADD_SEGMENT_SIZE] = tm->add_seg_size;
a->options[APP_OPTIONS_RX_FIFO_SIZE] = fifo_size;
a->options[APP_OPTIONS_TX_FIFO_SIZE] = fifo_size;
a->options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
vec_validate (tm->rx_bufs, num_threads - 1);
vec_validate (tm->tx_bufs, num_threads - 1);
+ tm->first_seg_size = 32 << 20;
+ tm->add_seg_size = 256 << 20;
+
transport_register_protocol (TRANSPORT_PROTO_TLS, &tls_proto,
FIB_PROTOCOL_IP4, ~0);
transport_register_protocol (TRANSPORT_PROTO_TLS, &tls_proto,
else if (unformat (input, "first-segment-size %U", unformat_memory_size,
&tm->first_seg_size))
;
+ else if (unformat (input, "add-segment-size %U", unformat_memory_size,
+ &tm->add_seg_size))
+ ;
else if (unformat (input, "fifo-size %U", unformat_memory_size, &tmp))
{
if (tmp >= 0x100000000ULL)