X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvcl%2Fldp.c;h=b51d2e0ebb45bc25f6d11684974257c1f7a8ce34;hb=5f33d0d43784bd08c334dac58220040a3d0da28a;hp=0f2412bc70ac14f5186c8c5397107844d4309b91;hpb=b2c31b685fd2cf28436ca32bc93e23eb24c74878;p=vpp.git diff --git a/src/vcl/ldp.c b/src/vcl/ldp.c index 0f2412bc70a..b51d2e0ebb4 100644 --- a/src/vcl/ldp.c +++ b/src/vcl/ldp.c @@ -100,10 +100,15 @@ typedef struct u32 vlsh_bit_val; u32 vlsh_bit_mask; u32 debug; - u8 transparent_tls; /** vcl needs next epoll_create to go to libc_epoll */ u8 vcl_needs_real_epoll; + + /** + * crypto state used only for testing + */ + u8 transparent_tls; + u32 ckpair_index; } ldp_main_t; #define LDP_DEBUG ldp->debug @@ -121,6 +126,7 @@ static ldp_main_t ldp_main = { .vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1, .debug = LDP_DEBUG_INIT, .transparent_tls = 0, + .ckpair_index = ~0, }; static ldp_main_t *ldp = &ldp_main; @@ -173,14 +179,13 @@ ldp_alloc_workers (void) pool_alloc (ldp->workers, LDP_MAX_NWORKERS); } -static inline int +static int ldp_init (void) { ldp_worker_ctx_t *ldpw; int rv; - if (PREDICT_TRUE (ldp->init)) - return 0; + ASSERT (!ldp->init); ldp->init = 1; ldp->vcl_needs_real_epoll = 1; @@ -289,14 +294,20 @@ ldp_init (void) return 0; } +#define ldp_init_check() \ + if (PREDICT_FALSE (!ldp->init)) \ + { \ + if ((errno = -ldp_init ())) \ + return -1; \ + } + int close (int fd) { vls_handle_t vlsh; int rv, epfd; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -347,8 +358,7 @@ read (int fd, void *buf, size_t nbytes) vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -375,8 +385,7 @@ readv (int fd, const struct iovec * iov, int iovcnt) vls_handle_t vlsh; ssize_t size = 0; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -415,8 +424,7 @@ write (int fd, const void *buf, size_t nbytes) vls_handle_t vlsh; ssize_t size = 0; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -443,8 +451,7 @@ writev (int fd, const struct iovec * iov, int iovcnt) vls_handle_t vlsh; int i, rv = 0; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -537,8 +544,7 @@ fcntl (int fd, int cmd, ...) va_list ap; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); va_start (ap, cmd); rv = fcntl_internal (fd, cmd, ap); @@ -553,8 +559,7 @@ fcntl64 (int fd, int cmd, ...) va_list ap; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); va_start (ap, cmd); rv = fcntl_internal (fd, cmd, ap); @@ -569,8 +574,7 @@ ioctl (int fd, unsigned long int cmd, ...) va_list ap; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); va_start (ap, cmd); @@ -632,7 +636,7 @@ ldp_select_init_maps (fd_set * __restrict original, memset (original, 0, n_bytes); /* *INDENT-OFF* */ - clib_bitmap_foreach (fd, *resultb, ({ + clib_bitmap_foreach (fd, *resultb) { if (fd > nfds) break; vlsh = ldp_fd_to_vlsh (fd); @@ -640,7 +644,7 @@ ldp_select_init_maps (fd_set * __restrict original, clib_bitmap_set_no_check (*libcb, fd, 1); else *vclb = clib_bitmap_set (*vclb, vlsh_to_session_index (vlsh), 1); - })); + } /* *INDENT-ON* */ si_bits_set = clib_bitmap_last_set (*vclb) + 1; @@ -662,7 +666,7 @@ ldp_select_vcl_map_to_libc (clib_bitmap_t * vclb, fd_set * __restrict libcb) return 0; /* *INDENT-OFF* */ - clib_bitmap_foreach (si, vclb, ({ + clib_bitmap_foreach (si, vclb) { vlsh = vls_session_index_to_vlsh (si); ASSERT (vlsh != VLS_INVALID_HANDLE); fd = ldp_vlsh_to_fd (vlsh); @@ -672,7 +676,7 @@ ldp_select_vcl_map_to_libc (clib_bitmap_t * vclb, fd_set * __restrict libcb) return -1; } FD_SET (fd, libcb); - })); + } /* *INDENT-ON* */ return 0; @@ -687,9 +691,8 @@ ldp_select_libc_map_merge (clib_bitmap_t * result, fd_set * __restrict libcb) return; /* *INDENT-OFF* */ - clib_bitmap_foreach (fd, result, ({ + clib_bitmap_foreach (fd, result) FD_SET ((int)fd, libcb); - })); /* *INDENT-ON* */ } @@ -903,68 +906,71 @@ pselect (int nfds, fd_set * __restrict readfds, /* If transparent TLS mode is turned on, then ldp will load key and cert. */ static int -load_tls_cert (vls_handle_t vlsh) +load_cert_key_pair (void) { - char *env_var_str = getenv (LDP_ENV_TLS_CERT); - char inbuf[4096]; - char *tls_cert; - int cert_size; + char *cert_str = getenv (LDP_ENV_TLS_CERT); + char *key_str = getenv (LDP_ENV_TLS_KEY); + char cert_buf[4096], key_buf[4096]; + int cert_size, key_size; + vppcom_cert_key_pair_t crypto; + int ckp_index; FILE *fp; - if (env_var_str) - { - fp = fopen (env_var_str, "r"); - if (fp == NULL) - { - LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str); - return -1; - } - cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); - tls_cert = inbuf; - vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert, - cert_size); - fclose (fp); - } - else + if (!cert_str || !key_str) { LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_CERT); return -1; } - return 0; -} -static int -load_tls_key (vls_handle_t vlsh) -{ - char *env_var_str = getenv (LDP_ENV_TLS_KEY); - char inbuf[4096]; - char *tls_key; - int key_size; - FILE *fp; + fp = fopen (cert_str, "r"); + if (fp == NULL) + { + LDBG (0, "ERROR: failed to open cert file %s \n", cert_str); + return -1; + } + cert_size = fread (cert_buf, sizeof (char), sizeof (cert_buf), fp); + fclose (fp); - if (env_var_str) + fp = fopen (key_str, "r"); + if (fp == NULL) { - fp = fopen (env_var_str, "r"); - if (fp == NULL) - { - LDBG (0, "ERROR: failed to open key file %s \n", env_var_str); - return -1; - } - key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); - tls_key = inbuf; - vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key, - key_size); - fclose (fp); + LDBG (0, "ERROR: failed to open key file %s \n", key_str); + return -1; } - else + key_size = fread (key_buf, sizeof (char), sizeof (key_buf), fp); + fclose (fp); + + crypto.cert = cert_buf; + crypto.key = key_buf; + crypto.cert_len = cert_size; + crypto.key_len = key_size; + ckp_index = vppcom_add_cert_key_pair (&crypto); + if (ckp_index < 0) { - LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY); + LDBG (0, "ERROR: failed to add cert key pair\n"); return -1; } + + ldp->ckpair_index = ckp_index; + return 0; } +static int +assign_cert_key_pair (vls_handle_t vlsh) +{ + uint32_t ckp_len; + + if (ldp->ckpair_index == ~0 && load_cert_key_pair () < 0) + return -1; + + ckp_len = sizeof (ldp->ckpair_index); + return vppcom_session_attr (vlsh_to_session_index (vlsh), + VPPCOM_ATTR_SET_CKPAIR, &ldp->ckpair_index, + &ckp_len); +} + int socket (int domain, int type, int protocol) { @@ -972,8 +978,7 @@ socket (int domain, int type, int protocol) u8 is_nonblocking = type & SOCK_NONBLOCK ? 1 : 0; vls_handle_t vlsh; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (((domain == AF_INET) || (domain == AF_INET6)) && ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) @@ -1000,10 +1005,8 @@ socket (int domain, int type, int protocol) { if (ldp->transparent_tls) { - if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0) - { - return -1; - } + if (assign_cert_key_pair (vlsh) < 0) + return -1; } rv = ldp_vlsh_to_fd (vlsh); } @@ -1029,8 +1032,7 @@ socketpair (int domain, int type, int protocol, int fds[2]) { int rv, sock_type = type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK); - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (((domain == AF_INET) || (domain == AF_INET6)) && ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) @@ -1054,8 +1056,7 @@ bind (int fd, __CONST_SOCKADDR_ARG addr, socklen_t len) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1128,8 +1129,7 @@ ldp_copy_ep_to_sockaddr (__SOCKADDR_ARG addr, socklen_t * __restrict len, int rv = 0; int sa_len, copy_len; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (addr && len && ep) { @@ -1173,8 +1173,7 @@ getsockname (int fd, __SOCKADDR_ARG addr, socklen_t * __restrict len) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1215,8 +1214,7 @@ connect (int fd, __CONST_SOCKADDR_ARG addr, socklen_t len) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (!addr) { @@ -1297,8 +1295,7 @@ getpeername (int fd, __SOCKADDR_ARG addr, socklen_t * __restrict len) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1338,8 +1335,7 @@ send (int fd, const void *buf, size_t n, int flags) vls_handle_t vlsh = ldp_fd_to_vlsh (fd); ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (vlsh != VLS_INVALID_HANDLE) { @@ -1365,8 +1361,7 @@ sendfile (int out_fd, int in_fd, off_t * offset, size_t len) vls_handle_t vlsh; ssize_t size = 0; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (out_fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1515,8 +1510,7 @@ recv (int fd, void *buf, size_t n, int flags) vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1606,8 +1600,7 @@ sendto (int fd, const void *buf, size_t n, int flags, vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != INVALID_SESSION_ID) @@ -1634,8 +1627,7 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags, vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1661,8 +1653,7 @@ sendmsg (int fd, const struct msghdr * msg, int flags) vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1709,8 +1700,7 @@ sendmmsg (int fd, struct mmsghdr *vmessages, unsigned int vlen, int flags) const char *func_str; u32 sh = ldp_fd_to_vlsh (fd); - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (sh != INVALID_SESSION_ID) { @@ -1755,8 +1745,7 @@ recvmsg (int fd, struct msghdr * msg, int flags) vls_handle_t vlsh; ssize_t size; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1811,8 +1800,7 @@ recvmmsg (int fd, struct mmsghdr *vmessages, const char *func_str; u32 sh = ldp_fd_to_vlsh (fd); - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (sh != INVALID_SESSION_ID) { @@ -1859,8 +1847,7 @@ getsockopt (int fd, int level, int optname, vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -1946,9 +1933,15 @@ getsockopt (int fd, int level, int optname, case SO_REUSEADDR: rv = vls_attr (vlsh, VPPCOM_ATTR_GET_REUSEADDR, optval, optlen); break; + case SO_REUSEPORT: + rv = vls_attr (vlsh, VPPCOM_ATTR_GET_REUSEPORT, optval, optlen); + break; case SO_BROADCAST: rv = vls_attr (vlsh, VPPCOM_ATTR_GET_BROADCAST, optval, optlen); break; + case SO_DOMAIN: + rv = vls_attr (vlsh, VPPCOM_ATTR_GET_DOMAIN, optval, optlen); + break; case SO_ERROR: rv = vls_attr (vlsh, VPPCOM_ATTR_GET_ERROR, optval, optlen); break; @@ -1983,8 +1976,7 @@ setsockopt (int fd, int level, int optname, vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -2047,10 +2039,17 @@ setsockopt (int fd, int level, int optname, rv = vls_attr (vlsh, VPPCOM_ATTR_SET_REUSEADDR, (void *) optval, &optlen); break; + case SO_REUSEPORT: + rv = vls_attr (vlsh, VPPCOM_ATTR_SET_REUSEPORT, (void *) optval, + &optlen); + break; case SO_BROADCAST: rv = vls_attr (vlsh, VPPCOM_ATTR_SET_BROADCAST, (void *) optval, &optlen); break; + case SO_LINGER: + rv = 0; + break; default: LDBG (0, "ERROR: fd %d: setsockopt SOL_SOCKET: vlsh %u " "optname %d unsupported!", fd, vlsh, optname); @@ -2081,8 +2080,7 @@ listen (int fd, int n) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -2113,8 +2111,7 @@ ldp_accept4 (int listen_fd, __SOCKADDR_ARG addr, vls_handle_t listen_vlsh, accept_vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); listen_vlsh = ldp_fd_to_vlsh (listen_fd); if (listen_vlsh != VLS_INVALID_HANDLE) @@ -2181,8 +2178,7 @@ shutdown (int fd, int how) int rv = 0, flags; u32 flags_len = sizeof (flags); - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vlsh = ldp_fd_to_vlsh (fd); if (vlsh != VLS_INVALID_HANDLE) @@ -2203,6 +2199,8 @@ shutdown (int fd, int how) if (flags == SHUT_RDWR) rv = close (fd); + else if (flags == SHUT_WR) + rv = vls_shutdown (vlsh); } else { @@ -2220,8 +2218,7 @@ epoll_create1 (int flags) vls_handle_t vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (ldp->vcl_needs_real_epoll || vls_use_real_epoll ()) { @@ -2264,8 +2261,7 @@ epoll_ctl (int epfd, int op, int fd, struct epoll_event *event) vls_handle_t vep_vlsh, vlsh; int rv; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); vep_vlsh = ldp_fd_to_vlsh (epfd); if (PREDICT_FALSE (vep_vlsh == VLS_INVALID_HANDLE)) @@ -2352,8 +2348,7 @@ ldp_epoll_pwait (int epfd, struct epoll_event *events, int maxevents, int libc_epfd, rv = 0; vls_handle_t ep_vlsh; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (PREDICT_FALSE (!events || (timeout < -1))) { @@ -2429,8 +2424,7 @@ ldp_epoll_pwait_eventfd (int epfd, struct epoll_event *events, int libc_epfd, rv = 0, num_ev; vls_handle_t ep_vlsh; - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); if (PREDICT_FALSE (!events || (timeout < -1))) { @@ -2500,7 +2494,8 @@ ldp_epoll_pwait_eventfd (int epfd, struct epoll_event *events, ldpw->mq_epfd_added = 1; } - rv = vls_epoll_wait (ep_vlsh, events, maxevents, 0); + /* Request to only drain unhandled to prevent libc_epoll_wait starved */ + rv = vls_epoll_wait (ep_vlsh, events, maxevents, -2); if (rv > 0) goto done; else if (PREDICT_FALSE (rv < 0)) @@ -2664,8 +2659,7 @@ int ppoll (struct pollfd *fds, nfds_t nfds, const struct timespec *timeout, const sigset_t * sigmask) { - if ((errno = -ldp_init ())) - return -1; + ldp_init_check (); clib_warning ("LDP<%d>: LDP-TBD", getpid ()); errno = ENOSYS;