X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvcl%2Fldp.c;h=95c0edcff0ab4b6a4a1c4272d1b8181516996388;hb=b4e5e50fe;hp=088c118b6edec4e9f75a8d7f8800e71dd63ffadf;hpb=0ed24e93b207850078ca7f58cd4106cc4a906952;p=vpp.git diff --git a/src/vcl/ldp.c b/src/vcl/ldp.c index 088c118b6ed..95c0edcff0a 100644 --- a/src/vcl/ldp.c +++ b/src/vcl/ldp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Cisco and/or its affiliates. + * Copyright (c) 2016-2019 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -99,6 +99,7 @@ typedef struct u32 vlsh_bit_val; u32 vlsh_bit_mask; u32 debug; + u8 transparent_tls; /** vcl needs next epoll_create to go to libc_epoll */ u8 vcl_needs_real_epoll; @@ -108,12 +109,17 @@ typedef struct #define LDBG(_lvl, _fmt, _args...) \ if (ldp->debug > _lvl) \ - clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args) + { \ + int errno_saved = errno; \ + clib_warning ("ldp<%d>: " _fmt, getpid(), ##_args); \ + errno = errno_saved; \ + } static ldp_main_t ldp_main = { .vlsh_bit_val = (1 << LDP_SID_BIT_MIN), .vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1, .debug = LDP_DEBUG_INIT, + .transparent_tls = 0, }; static ldp_main_t *ldp = &ldp_main; @@ -130,11 +136,8 @@ ldp_worker_get_current (void) static inline void ldp_set_app_name (char *app_name) { - int rv = snprintf (ldp->app_name, LDP_APP_NAME_MAX, - "ldp-%d-%s", getpid (), app_name); - - if (rv >= LDP_APP_NAME_MAX) - app_name[LDP_APP_NAME_MAX - 1] = 0; + snprintf (ldp->app_name, LDP_APP_NAME_MAX, + "ldp-%d-%s", getpid (), app_name); } static inline char * @@ -161,6 +164,14 @@ ldp_fd_to_vlsh (int fd) return (fd - ldp->vlsh_bit_val); } +static void +ldp_alloc_workers (void) +{ + if (ldp->workers) + return; + pool_alloc (ldp->workers, LDP_MAX_NWORKERS); +} + static inline int ldp_init (void) { @@ -184,7 +195,7 @@ ldp_init (void) return rv; } ldp->vcl_needs_real_epoll = 0; - pool_alloc (ldp->workers, LDP_MAX_NWORKERS); + ldp_alloc_workers (); ldpw = ldp_worker_get_current (); char *env_var_str = getenv (LDP_ENV_DEBUG); @@ -260,8 +271,18 @@ ldp_init (void) return -1; } } + env_var_str = getenv (LDP_ENV_TLS_TRANS); + if (env_var_str) + { + ldp->transparent_tls = 1; + } + + /* *INDENT-OFF* */ + pool_foreach (ldpw, ldp->workers, ({ + clib_memset (&ldpw->clib_time, 0, sizeof (ldpw->clib_time)); + })); + /* *INDENT-ON* */ - clib_time_init (&ldpw->clib_time); LDBG (0, "LDP initialization: done!"); return 0; @@ -359,24 +380,19 @@ readv (int fd, const struct iovec * iov, int iovcnt) vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) { - do + for (i = 0; i < iovcnt; ++i) { - for (i = 0; i < iovcnt; ++i) + rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); + if (rv <= 0) + break; + else { - rv = vls_read (vlsh, iov[i].iov_base, iov[i].iov_len); - if (rv < 0) + total += rv; + if (rv < iov[i].iov_len) break; - else - { - total += rv; - if (rv < iov[i].iov_len) - break; - } } } - while ((rv >= 0) && (total == 0)); - - if (rv < 0) + if (rv < 0 && total == 0) { errno = -rv; size = -1; @@ -465,8 +481,13 @@ writev (int fd, const struct iovec * iov, int iovcnt) return size; } +#ifdef HAVE_FCNTL64 +int +fcntl64 (int fd, int cmd, ...) +#else int fcntl (int fd, int cmd, ...) +#endif { vls_handle_t vlsh; int rv = 0; @@ -514,7 +535,11 @@ fcntl (int fd, int cmd, ...) } else { +#ifdef HAVE_FCNTL64 + rv = libc_vfcntl64 (fd, cmd, ap); +#else rv = libc_vfcntl (fd, cmd, ap); +#endif } va_end (ap); @@ -623,6 +648,7 @@ ldp_select_vcl_map_to_libc (clib_bitmap_t * vclb, fd_set * __restrict libcb) /* *INDENT-OFF* */ clib_bitmap_foreach (si, vclb, ({ vlsh = vls_session_index_to_vlsh (si); + ASSERT (vlsh != VLS_INVALID_HANDLE); fd = ldp_vlsh_to_fd (vlsh); if (PREDICT_FALSE (fd < 0)) { @@ -641,6 +667,9 @@ ldp_select_libc_map_merge (clib_bitmap_t * result, fd_set * __restrict libcb) { uword fd; + if (!libcb) + return; + /* *INDENT-OFF* */ clib_bitmap_foreach (fd, result, ({ FD_SET ((int)fd, libcb); @@ -668,6 +697,9 @@ ldp_pselect (int nfds, fd_set * __restrict readfds, return -1; } + if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0)) + clib_time_init (&ldpw->clib_time); + if (timeout) { time_out = (timeout->tv_sec == 0 && timeout->tv_nsec == 0) ? @@ -720,7 +752,8 @@ ldp_pselect (int nfds, fd_set * __restrict readfds, goto done; } - libc_tspec = si_bits ? libc_tspec : *timeout; + if (!si_bits) + libc_tspec = timeout ? *timeout : libc_tspec; do { @@ -739,10 +772,9 @@ ldp_pselect (int nfds, fd_set * __restrict readfds, vec_len (ldpw->ex_bitmap) * sizeof (clib_bitmap_t)); - rv = vppcom_select (si_bits, readfds ? ldpw->rd_bitmap : NULL, - writefds ? ldpw->wr_bitmap : NULL, - exceptfds ? ldpw->ex_bitmap : NULL, - vcl_timeout); + rv = vls_select (si_bits, readfds ? ldpw->rd_bitmap : NULL, + writefds ? ldpw->wr_bitmap : NULL, + exceptfds ? ldpw->ex_bitmap : NULL, vcl_timeout); if (rv < 0) { errno = -rv; @@ -851,6 +883,71 @@ pselect (int nfds, fd_set * __restrict readfds, } #endif +/* If transparent TLS mode is turned on, then ldp will load key and cert. + */ +static int +load_tls_cert (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_CERT); + char inbuf[4096]; + char *tls_cert; + int cert_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str); + return -1; + } + cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_cert = inbuf; + vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert, + cert_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", + LDP_ENV_TLS_CERT); + return -1; + } + return 0; +} + +static int +load_tls_key (vls_handle_t vlsh) +{ + char *env_var_str = getenv (LDP_ENV_TLS_KEY); + char inbuf[4096]; + char *tls_key; + int key_size; + FILE *fp; + + if (env_var_str) + { + fp = fopen (env_var_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open key file %s \n", env_var_str); + return -1; + } + key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); + tls_key = inbuf; + vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key, + key_size); + fclose (fp); + } + else + { + LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY); + return -1; + } + return 0; +} + int socket (int domain, int type, int protocol) { @@ -864,8 +961,14 @@ socket (int domain, int type, int protocol) if (((domain == AF_INET) || (domain == AF_INET6)) && ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) { - u8 proto = ((sock_type == SOCK_DGRAM) ? - VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); + u8 proto; + if (ldp->transparent_tls) + { + proto = VPPCOM_PROTO_TLS; + } + else + proto = ((sock_type == SOCK_DGRAM) ? + VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); LDBG (0, "calling vls_create: proto %u (%s), is_nonblocking %u", proto, vppcom_proto_str (proto), is_nonblocking); @@ -878,6 +981,13 @@ socket (int domain, int type, int protocol) } else { + if (ldp->transparent_tls) + { + if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0) + { + return -1; + } + } rv = ldp_vlsh_to_fd (vlsh); } } @@ -1471,7 +1581,7 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags, __SOCKADDR_ARG addr, socklen_t * __restrict addr_len) { vls_handle_t sid; - ssize_t size; + ssize_t size, rv; if ((errno = -ldp_init ())) return -1; @@ -1488,7 +1598,11 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags, size = vls_recvfrom (sid, buf, n, flags, &ep); if (size > 0) - size = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep); + { + rv = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep); + if (rv < 0) + size = rv; + } } else size = vls_recvfrom (sid, buf, n, flags, NULL); @@ -1814,6 +1928,7 @@ setsockopt (int fd, int level, int optname, (void *) optval, &optlen); break; case TCP_CONGESTION: + case TCP_CORK: /* Ignore */ rv = 0; break; @@ -2025,6 +2140,12 @@ epoll_create1 (int flags) if (ldp->vcl_needs_real_epoll) { + /* Make sure workers have been allocated */ + if (!ldp->workers) + { + ldp_alloc_workers (); + ldpw = ldp_worker_get_current (); + } rv = libc_epoll_create1 (flags); ldp->vcl_needs_real_epoll = 0; ldpw->vcl_mq_epfd = rv; @@ -2142,7 +2263,7 @@ ldp_epoll_pwait (int epfd, struct epoll_event *events, int maxevents, int timeout, const sigset_t * sigmask) { ldp_worker_ctx_t *ldpw = ldp_worker_get_current (); - double time_to_wait = (double) 0, time_out, now = 0; + double time_to_wait = (double) 0, max_time; int libc_epfd, rv = 0; vls_handle_t ep_vlsh; @@ -2166,8 +2287,10 @@ ldp_epoll_pwait (int epfd, struct epoll_event *events, int maxevents, return -1; } + if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0)) + clib_time_init (&ldpw->clib_time); time_to_wait = ((timeout >= 0) ? (double) timeout / 1000 : 0); - time_out = clib_time_now (&ldpw->clib_time) + time_to_wait; + max_time = clib_time_now (&ldpw->clib_time) + time_to_wait; libc_epfd = vls_attr (ep_vlsh, VPPCOM_ATTR_GET_LIBC_EPFD, 0, 0); if (PREDICT_FALSE (libc_epfd < 0)) @@ -2179,8 +2302,7 @@ ldp_epoll_pwait (int epfd, struct epoll_event *events, int maxevents, LDBG (2, "epfd %d: vep_idx %d, libc_epfd %d, events %p, maxevents %d, " "timeout %d, sigmask %p: time_to_wait %.02f", epfd, ep_vlsh, - libc_epfd, events, maxevents, timeout, sigmask, time_to_wait, - time_out); + libc_epfd, events, maxevents, timeout, sigmask, time_to_wait); do { if (!ldpw->epoll_wait_vcl) @@ -2207,11 +2329,8 @@ ldp_epoll_pwait (int epfd, struct epoll_event *events, int maxevents, if (rv != 0) goto done; } - - if (timeout != -1) - now = clib_time_now (&ldpw->clib_time); } - while (now < time_out); + while ((timeout == -1) || (clib_time_now (&ldpw->clib_time) < max_time)); done: return rv; @@ -2237,14 +2356,15 @@ poll (struct pollfd *fds, nfds_t nfds, int timeout) int rv, i, n_revents = 0; vls_handle_t vlsh; vcl_poll_t *vp; - double wait_for_time; + double max_time; LDBG (3, "fds %p, nfds %d, timeout %d", fds, nfds, timeout); - if (timeout >= 0) - wait_for_time = (f64) timeout / 1000; - else - wait_for_time = -1; + if (PREDICT_FALSE (ldpw->clib_time.init_cpu_time == 0)) + clib_time_init (&ldpw->clib_time); + + max_time = (timeout >= 0) ? (f64) timeout / 1000 : 0; + max_time += clib_time_now (&ldpw->clib_time); for (i = 0; i < nfds; i++) { @@ -2304,8 +2424,7 @@ poll (struct pollfd *fds, nfds_t nfds, int timeout) goto done; } } - while ((wait_for_time == -1) || - (clib_time_now (&ldpw->clib_time) < wait_for_time)); + while ((timeout < 0) || (clib_time_now (&ldpw->clib_time) < max_time)); rv = 0; done: @@ -2362,8 +2481,11 @@ ldp_constructor (void) { swrap_constructor (); if (ldp_init () != 0) - fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n", - getpid ()); + { + fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n", + getpid ()); + _exit (1); + } else if (LDP_DEBUG > 0) clib_warning ("LDP<%d>: LDP constructor: done!\n", getpid ()); } @@ -2374,16 +2496,18 @@ ldp_constructor (void) void ldp_destructor (void) { - swrap_destructor (); - if (ldp->init) - ldp->init = 0; + /* + swrap_destructor (); + if (ldp->init) + ldp->init = 0; + */ /* Don't use clib_warning() here because that calls writev() * which will call ldp_init(). */ if (LDP_DEBUG > 0) - printf ("%s:%d: LDP<%d>: LDP destructor: done!\n", - __func__, __LINE__, getpid ()); + fprintf (stderr, "%s:%d: LDP<%d>: LDP destructor: done!\n", + __func__, __LINE__, getpid ()); }