X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvcl%2Fldp.c;h=95c0edcff0ab4b6a4a1c4272d1b8181516996388;hb=067f9544d52c95c0b60b0e8425fce1e295120180;hp=f3ac3107a50c3e1fe7a449d96d3db31cf4c55540;hpb=4dee8cdb4ebcf7a7c11ae1ca67427d787b7e6cd4;p=vpp.git diff --git a/src/vcl/ldp.c b/src/vcl/ldp.c index f3ac3107a50..95c0edcff0a 100644 --- a/src/vcl/ldp.c +++ b/src/vcl/ldp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Cisco and/or its affiliates. + * Copyright (c) 2016-2019 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -99,6 +99,7 @@ typedef struct u32 vlsh_bit_val; u32 vlsh_bit_mask; u32 debug; + u8 transparent_tls; /** vcl needs next epoll_create to go to libc_epoll */ u8 vcl_needs_real_epoll; @@ -108,12 +109,17 @@ typedef struct #define LDBG(_lvl, _fmt, _args...) \ if (ldp->debug > _lvl) \ - clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args) + { \ + int errno_saved = errno; \ + clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args); \ + errno = errno_saved; \ + } static ldp_main_t ldp_main = { .vlsh_bit_val = (1 << LDP_SID_BIT_MIN), .vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1, .debug = LDP_DEBUG_INIT, + .transparent_tls = 0, }; static ldp_main_t *ldp = &ldp_main; @@ -130,11 +136,8 @@ ldp_worker_get_current (void) static inline void ldp_set_app_name (char *app_name) { - int rv = snprintf (ldp->app_name, LDP_APP_NAME_MAX, - "ldp-%d-%s", getpid (), app_name); - - if (rv >= LDP_APP_NAME_MAX) - app_name[LDP_APP_NAME_MAX - 1] = 0; + snprintf (ldp->app_name, LDP_APP_NAME_MAX, + "ldp-%d-%s", getpid (), app_name); } static inline char * @@ -161,6 +164,14 @@ ldp_fd_to_vlsh (int fd) return (fd - ldp->vlsh_bit_val); } +static void +ldp_alloc_workers (void) +{ + if (ldp->workers) + return; + pool_alloc (ldp->workers, LDP_MAX_NWORKERS); +} + static inline int ldp_init (void) { @@ -184,7 +195,7 @@ ldp_init (void) return rv; } ldp->vcl_needs_real_epoll = 0; - pool_alloc (ldp->workers, LDP_MAX_NWORKERS); + ldp_alloc_workers (); ldpw = ldp_worker_get_current (); char *env_var_str = getenv (LDP_ENV_DEBUG); @@ -260,6 +271,11 @@ ldp_init (void) return -1; } } + env_var_str = getenv (LDP_ENV_TLS_TRANS); + if (env_var_str) + { + ldp->transparent_tls = 1; + } /* *INDENT-OFF* */ pool_foreach (ldpw, ldp->workers, ({ @@ -364,24 +380,19 @@ readv (int fd, const struct iovec * iov, int iovcnt) vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) { - do + for (i = 0; i < iovcnt; ++i) { - for (i = 0; i < iovcnt; ++i) + rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); + if (rv <= 0) + break; + else { - rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); - if (rv < 0) + total += rv; + if (rv < iov[i].iov_len) break; - else - { - total += rv; - if (rv < iov[i].iov_len) - break; - } } } - while ((rv >= 0) && (total == 0)); - - if (rv < 0) + if (rv < 0 && total == 0) { errno = -rv; size = -1; @@ -470,8 +481,13 @@ writev (int fd, const struct iovec * iov, int iovcnt) return size; } +#ifdef HAVE_FCNTL64 +int +fcntl64 (int fd, int cmd, ...) +#else int fcntl (int fd, int cmd, ...) +#endif { vls_handle_t vlsh; int rv = 0; @@ -519,7 +535,11 @@ fcntl (int fd, int cmd, ...) } else { +#ifdef HAVE_FCNTL64 + rv = libc_vfcntl64 (fd, cmd, ap); +#else rv = libc_vfcntl (fd, cmd, ap); +#endif } va_end (ap); @@ -628,6 +648,7 @@ ldp_select_vcl_map_to_libc (clib_bitmap_t * vclb, fd_set * __restrict libcb) /* *INDENT-OFF* */ clib_bitmap_foreach (si, vclb, ({ vlsh = vls_session_index_to_vlsh (si); + ASSERT (vlsh != VLS_INVALID_HANDLE); fd = ldp_vlsh_to_fd (vlsh); if (PREDICT_FALSE (fd < 0)) { @@ -646,6 +667,9 @@ ldp_select_libc_map_merge (clib_bitmap_t * result, fd_set * __restrict libcb) { uword fd; + if (!libcb) + return; + /* *INDENT-OFF* */ clib_bitmap_foreach (fd, result, ({ FD_SET ((int)fd, libcb); @@ -728,7 +752,8 @@ ldp_pselect (int nfds, fd_set * __restrict readfds, goto done; } - libc_tspec = si_bits ? libc_tspec : *timeout; + if (!si_bits) + libc_tspec = timeout ? *timeout : libc_tspec; do { @@ -858,6 +883,71 @@ pselect (int nfds, fd_set * __restrict readfds, } #endif +/* If transparent TLS mode is turned on, then ldp will load key and cert. + */ +static int +load_tls_cert (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_CERT); + char inbuf[4096]; + char *tls_cert; + int cert_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str); + return -1; + } + cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_cert = inbuf; + vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert, + cert_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", + LDP_ENV_TLS_CERT); + return -1; + } + return 0; +} + +static int +load_tls_key (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_KEY); + char inbuf[4096]; + char *tls_key; + int key_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open key file %s \n", env_var_str); + return -1; + } + key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_key = inbuf; + vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key, + key_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY); + return -1; + } + return 0; +} + int socket (int domain, int type, int protocol) { @@ -871,8 +961,14 @@ socket (int domain, int type, int protocol) if (((domain == AF_INET) || (domain == AF_INET6)) && ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) { - u8 proto = ((sock_type == SOCK_DGRAM) ? - VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); + u8 proto; + if (ldp->transparent_tls) + { + proto = VPPCOM_PROTO_TLS; + } + else + proto = ((sock_type == SOCK_DGRAM) ? + VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); LDBG (0, "calling vls_create: proto %u (%s), is_nonblocking %u", proto, vppcom_proto_str (proto), is_nonblocking); @@ -885,6 +981,13 @@ socket (int domain, int type, int protocol) } else { + if (ldp->transparent_tls) + { + if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0) + { + return -1; + } + } rv = ldp_vlsh_to_fd (vlsh); } } @@ -1478,7 +1581,7 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags, __SOCKADDR_ARG addr, socklen_t * __restrict addr_len) { vls_handle_t sid; - ssize_t size; + ssize_t size, rv; if ((errno = -ldp_init ())) return -1; @@ -1495,7 +1598,11 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags, size = vls_recvfrom (sid, buf, n, flags, &ep); if (size > 0) - size = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep); + { + rv = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep); + if (rv < 0) + size = rv; + } } else size = vls_recvfrom (sid, buf, n, flags, NULL); @@ -1821,6 +1928,7 @@ setsockopt (int fd, int level, int optname, (void *) optval, &optlen); break; case TCP_CONGESTION: + case TCP_CORK: /* Ignore */ rv = 0; break; @@ -2032,6 +2140,12 @@ epoll_create1 (int flags) if (ldp->vcl_needs_real_epoll) { + /* Make sure workers have been allocated */ + if (!ldp->workers) + { + ldp_alloc_workers (); + ldpw = ldp_worker_get_current (); + } rv = libc_epoll_create1 (flags); ldp->vcl_needs_real_epoll = 0; ldpw->vcl_mq_epfd = rv; @@ -2367,8 +2481,11 @@ ldp_constructor (void) { swrap_constructor (); if (ldp_init () != 0) - fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n", - getpid ()); + { + fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n", + getpid ()); + _exit (1); + } else if (LDP_DEBUG > 0) clib_warning ("LDP<%d>: LDP constructor: done!\n", getpid ()); }