virtio: fix the missing unlock

[vpp.git] / src / vnet / tls / tls.c

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index e201d47..c168995 100644 (file)
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -115,11 +115,10 @@ u32
 tls_ctx_half_open_alloc (void)
 {
   tls_main_t *tm = &tls_main;
-  u8 will_expand = 0;
+  u8 will_expand = pool_get_will_expand (tm->half_open_ctx_pool);
   tls_ctx_t *ctx;
   u32 ctx_index;
 
-  pool_get_aligned_will_expand (tm->half_open_ctx_pool, will_expand, 0);
   if (PREDICT_FALSE (will_expand && vlib_num_workers ()))
     {
       clib_rwlock_writer_lock (&tm->half_open_rwlock);
@@ -211,13 +210,16 @@ tls_notify_app_accept (tls_ctx_t * ctx)
 int
 tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
 {
+  u32 parent_app_api_ctx;
   session_t *app_session;
   app_worker_t *app_wrk;
 
   app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
   if (!app_wrk)
     {
-      tls_disconnect_transport (ctx);
+      if (ctx->tls_type == TRANSPORT_PROTO_TLS)
+       session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+      ctx->no_app_session = 1;
       return -1;
     }
 
@@ -256,17 +258,18 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
     goto failed;
 
   app_session->session_state = SESSION_STATE_READY;
-  if (app_worker_connect_notify (app_wrk, app_session,
-                                SESSION_E_NONE, ctx->parent_app_api_context))
+  parent_app_api_ctx = ctx->parent_app_api_context;
+  ctx->app_session_handle = session_handle (app_session);
+
+  if (app_worker_connect_notify (app_wrk, app_session, SESSION_E_NONE,
+                                parent_app_api_ctx))
     {
       TLS_DBG (1, "failed to notify app");
-      app_session->session_state = SESSION_STATE_CONNECTING;
-      tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
+      session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+      ctx->no_app_session = 1;
       return -1;
     }
 
-  ctx->app_session_handle = session_handle (app_session);
-
   return 0;
 
 failed:
@@ -399,6 +402,22 @@ tls_ctx_handshake_is_over (tls_ctx_t * ctx)
   return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
 }
 
+int
+tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id)
+{
+  return tls_vfts[tls_engine_id].ctx_reinit_cachain ();
+}
+
+void
+tls_notify_app_io_error (tls_ctx_t *ctx)
+{
+  ASSERT (tls_ctx_handshake_is_over (ctx));
+
+  session_transport_reset_notify (&ctx->connection);
+  session_transport_closed_notify (&ctx->connection);
+  tls_disconnect_transport (ctx);
+}
+
 void
 tls_session_reset_callback (session_t * s)
 {
@@ -513,6 +532,11 @@ tls_app_rx_callback (session_t * tls_session)
     return 0;
 
   ctx = tls_ctx_get (tls_session->opaque);
+  if (PREDICT_FALSE (ctx->no_app_session))
+    {
+      TLS_DBG (1, "Local App closed");
+      return 0;
+    }
   tls_ctx_read (ctx, tls_session);
   return 0;
 }
@@ -834,6 +858,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_cfg_t *tep)
   lctx->tls_ctx_engine = engine_type;
   lctx->tls_type = sep->transport_proto;
   lctx->ckpair_index = ccfg->ckpair_index;
+  lctx->c_s_index = app_listener_index;
   lctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
 
   if (tls_vfts[engine_type].ctx_start_listen (lctx))
@@ -1364,7 +1389,7 @@ tls_config_fn (vlib_main_t * vm, unformat_input_t * input)
   return 0;
 }
 
-VLIB_EARLY_CONFIG_FUNCTION (tls_config_fn, "tls");
+VLIB_CONFIG_FUNCTION (tls_config_fn, "tls");
 
 tls_main_t *
 vnet_tls_get_main (void)