X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvcl%2Fldp.c;h=0dbc6a51efcc5fbab3543383bc5e7f4d0f399e74;hb=2a6642e95dc18d7c56f87b74a70658b8312b8c08;hp=6dc44ece42fca6fee57b98551de565d32754e260;hpb=8509aa29e389bb57a7224d1ace0c55ba64db427b;p=vpp.git diff --git a/src/vcl/ldp.c b/src/vcl/ldp.c index 6dc44ece42f..0dbc6a51efc 100644 --- a/src/vcl/ldp.c +++ b/src/vcl/ldp.c @@ -99,6 +99,7 @@ typedef struct u32 vlsh_bit_val; u32 vlsh_bit_mask; u32 debug; + u8 transparent_tls; /** vcl needs next epoll_create to go to libc_epoll */ u8 vcl_needs_real_epoll; @@ -108,12 +109,17 @@ typedef struct #define LDBG(_lvl, _fmt, _args...) \ if (ldp->debug > _lvl) \ - clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args) + { \ + int errno_saved = errno; \ + clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args); \ + errno = errno_saved; \ + } static ldp_main_t ldp_main = { .vlsh_bit_val = (1 << LDP_SID_BIT_MIN), .vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1, .debug = LDP_DEBUG_INIT, + .transparent_tls = 0, }; static ldp_main_t *ldp = &ldp_main; @@ -130,11 +136,8 @@ ldp_worker_get_current (void) static inline void ldp_set_app_name (char *app_name) { - int rv = snprintf (ldp->app_name, LDP_APP_NAME_MAX, - "ldp-%d-%s", getpid (), app_name); - - if (rv >= LDP_APP_NAME_MAX) - app_name[LDP_APP_NAME_MAX - 1] = 0; + snprintf (ldp->app_name, LDP_APP_NAME_MAX, + "ldp-%d-%s", getpid (), app_name); } static inline char * @@ -268,6 +271,11 @@ ldp_init (void) return -1; } } + env_var_str = getenv (LDP_ENV_TLS_TRANS); + if (env_var_str) + { + ldp->transparent_tls = 1; + } /* *INDENT-OFF* */ pool_foreach (ldpw, ldp->workers, ({ @@ -372,24 +380,19 @@ readv (int fd, const struct iovec * iov, int iovcnt) vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) { - do + for (i = 0; i < iovcnt; ++i) { - for (i = 0; i < iovcnt; ++i) + rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); + if (rv <= 0) + break; + else { - rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); - if (rv < 0) + total += rv; + if (rv < iov[i].iov_len) break; - else - { - total += rv; - if (rv < iov[i].iov_len) - break; - } } } - while ((rv >= 0) && (total == 0)); - - if (rv < 0) + if (rv < 0 && total == 0) { errno = -rv; size = -1; @@ -445,24 +448,20 @@ writev (int fd, const struct iovec * iov, int iovcnt) vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) { - do + for (i = 0; i < iovcnt; ++i) { - for (i = 0; i < iovcnt; ++i) + rv = vls_write_msg (vlsh, iov[i].iov_base, iov[i].iov_len); + if (rv < 0) + break; + else { - rv = vls_write_msg (vlsh, iov[i].iov_base, iov[i].iov_len); - if (rv < 0) + total += rv; + if (rv < iov[i].iov_len) break; - else - { - total += rv; - if (rv < iov[i].iov_len) - break; - } } } - while ((rv >= 0) && (total == 0)); - if (rv < 0) + if (rv < 0 && total == 0) { errno = -rv; size = -1; @@ -478,8 +477,13 @@ writev (int fd, const struct iovec * iov, int iovcnt) return size; } +#ifdef HAVE_FCNTL64 +int +fcntl64 (int fd, int cmd, ...) +#else int fcntl (int fd, int cmd, ...) +#endif { vls_handle_t vlsh; int rv = 0; @@ -527,7 +531,11 @@ fcntl (int fd, int cmd, ...) } else { +#ifdef HAVE_FCNTL64 + rv = libc_vfcntl64 (fd, cmd, ap); +#else rv = libc_vfcntl (fd, cmd, ap); +#endif } va_end (ap); @@ -636,6 +644,7 @@ ldp_select_vcl_map_to_libc (clib_bitmap_t * vclb, fd_set * __restrict libcb) /* *INDENT-OFF* */ clib_bitmap_foreach (si, vclb, ({ vlsh = vls_session_index_to_vlsh (si); + ASSERT (vlsh != VLS_INVALID_HANDLE); fd = ldp_vlsh_to_fd (vlsh); if (PREDICT_FALSE (fd < 0)) { @@ -870,6 +879,71 @@ pselect (int nfds, fd_set * __restrict readfds, } #endif +/* If transparent TLS mode is turned on, then ldp will load key and cert. + */ +static int +load_tls_cert (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_CERT); + char inbuf[4096]; + char *tls_cert; + int cert_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str); + return -1; + } + cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_cert = inbuf; + vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert, + cert_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", + LDP_ENV_TLS_CERT); + return -1; + } + return 0; +} + +static int +load_tls_key (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_KEY); + char inbuf[4096]; + char *tls_key; + int key_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open key file %s \n", env_var_str); + return -1; + } + key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_key = inbuf; + vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key, + key_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY); + return -1; + } + return 0; +} + int socket (int domain, int type, int protocol) { @@ -883,8 +957,14 @@ socket (int domain, int type, int protocol) if (((domain == AF_INET) || (domain == AF_INET6)) && ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) { - u8 proto = ((sock_type == SOCK_DGRAM) ? - VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); + u8 proto; + if (ldp->transparent_tls) + { + proto = VPPCOM_PROTO_TLS; + } + else + proto = ((sock_type == SOCK_DGRAM) ? + VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); LDBG (0, "calling vls_create: proto %u (%s), is_nonblocking %u", proto, vppcom_proto_str (proto), is_nonblocking); @@ -897,6 +977,13 @@ socket (int domain, int type, int protocol) } else { + if (ldp->transparent_tls) + { + if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0) + { + return -1; + } + } rv = ldp_vlsh_to_fd (vlsh); } } @@ -1415,7 +1502,10 @@ recv (int fd, void *buf, size_t n, int flags) { size = vls_recvfrom (vlsh, buf, n, flags, NULL); if (size < 0) - errno = -size; + { + errno = -size; + size = -1; + } } else {