X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvcl%2Fldp.c;h=e53a61e8e8c0c9e8809eef12692d57de18119132;hb=5f9f3c8de8d5d9f83a437661a98e5cc2453705f9;hp=f3ac3107a50c3e1fe7a449d96d3db31cf4c55540;hpb=4dee8cdb4ebcf7a7c11ae1ca67427d787b7e6cd4;p=vpp.git

diff --git a/src/vcl/ldp.c b/src/vcl/ldp.c
index f3ac3107a50..e53a61e8e8c 100644
--- a/src/vcl/ldp.c
+++ b/src/vcl/ldp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Copyright (c) 2016-2019 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
@@ -99,6 +99,7 @@ typedef struct
   u32 vlsh_bit_val;
   u32 vlsh_bit_mask;
   u32 debug;
+  u8 transparent_tls;
 
   /** vcl needs next epoll_create to go to libc_epoll */
   u8 vcl_needs_real_epoll;
@@ -114,6 +115,7 @@ static ldp_main_t ldp_main = {
   .vlsh_bit_val = (1 << LDP_SID_BIT_MIN),
   .vlsh_bit_mask = (1 << LDP_SID_BIT_MIN) - 1,
   .debug = LDP_DEBUG_INIT,
+  .transparent_tls = 0,
 };
 
 static ldp_main_t *ldp = &ldp_main;
@@ -130,11 +132,8 @@ ldp_worker_get_current (void)
 static inline void
 ldp_set_app_name (char *app_name)
 {
-  int rv = snprintf (ldp->app_name, LDP_APP_NAME_MAX,
-		     "ldp-%d-%s", getpid (), app_name);
-
-  if (rv >= LDP_APP_NAME_MAX)
-    app_name[LDP_APP_NAME_MAX - 1] = 0;
+  snprintf (ldp->app_name, LDP_APP_NAME_MAX,
+	    "ldp-%d-%s", getpid (), app_name);
 }
 
 static inline char *
@@ -161,6 +160,14 @@ ldp_fd_to_vlsh (int fd)
   return (fd - ldp->vlsh_bit_val);
 }
 
+static void
+ldp_alloc_workers (void)
+{
+  if (ldp->workers)
+    return;
+  pool_alloc (ldp->workers, LDP_MAX_NWORKERS);
+}
+
 static inline int
 ldp_init (void)
 {
@@ -184,7 +191,7 @@ ldp_init (void)
       return rv;
     }
   ldp->vcl_needs_real_epoll = 0;
-  pool_alloc (ldp->workers, LDP_MAX_NWORKERS);
+  ldp_alloc_workers ();
   ldpw = ldp_worker_get_current ();
 
   char *env_var_str = getenv (LDP_ENV_DEBUG);
@@ -260,6 +267,11 @@ ldp_init (void)
 	  return -1;
 	}
     }
+  env_var_str = getenv (LDP_ENV_TLS_TRANS);
+  if (env_var_str)
+    {
+      ldp->transparent_tls = 1;
+    }
 
   /* *INDENT-OFF* */
   pool_foreach (ldpw, ldp->workers, ({
@@ -470,8 +482,13 @@ writev (int fd, const struct iovec * iov, int iovcnt)
   return size;
 }
 
+#ifdef HAVE_FCNTL64
+int
+fcntl64 (int fd, int cmd, ...)
+#else
 int
 fcntl (int fd, int cmd, ...)
+#endif
 {
   vls_handle_t vlsh;
   int rv = 0;
@@ -519,7 +536,11 @@ fcntl (int fd, int cmd, ...)
     }
   else
     {
+#ifdef HAVE_FCNTL64
+      rv = libc_vfcntl64 (fd, cmd, ap);
+#else
       rv = libc_vfcntl (fd, cmd, ap);
+#endif
     }
 
   va_end (ap);
@@ -646,6 +667,9 @@ ldp_select_libc_map_merge (clib_bitmap_t * result, fd_set * __restrict libcb)
 {
   uword fd;
 
+  if (!libcb)
+    return;
+
   /* *INDENT-OFF* */
   clib_bitmap_foreach (fd, result, ({
     FD_SET ((int)fd, libcb);
@@ -728,7 +752,8 @@ ldp_pselect (int nfds, fd_set * __restrict readfds,
       goto done;
     }
 
-  libc_tspec = si_bits ? libc_tspec : *timeout;
+  if (!si_bits)
+    libc_tspec = timeout ? *timeout : libc_tspec;
 
   do
     {
@@ -858,6 +883,71 @@ pselect (int nfds, fd_set * __restrict readfds,
 }
 #endif
 
+/* If transparent TLS mode is turned on, then ldp will load key and cert.
+ */
+static int
+load_tls_cert (vls_handle_t vlsh)
+{
+  char *env_var_str = getenv (LDP_ENV_TLS_CERT);
+  char inbuf[4096];
+  char *tls_cert;
+  int cert_size;
+  FILE *fp;
+
+  if (env_var_str)
+    {
+      fp = fopen (env_var_str, "r");
+      if (fp == NULL)
+	{
+	  LDBG (0, "ERROR: failed to open cert file %s \n", env_var_str);
+	  return -1;
+	}
+      cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp);
+      tls_cert = inbuf;
+      vppcom_session_tls_add_cert (vlsh_to_session_index (vlsh), tls_cert,
+				   cert_size);
+      fclose (fp);
+    }
+  else
+    {
+      LDBG (0, "ERROR: failed to read LDP environment %s\n",
+	    LDP_ENV_TLS_CERT);
+      return -1;
+    }
+  return 0;
+}
+
+static int
+load_tls_key (vls_handle_t vlsh)
+{
+  char *env_var_str = getenv (LDP_ENV_TLS_KEY);
+  char inbuf[4096];
+  char *tls_key;
+  int key_size;
+  FILE *fp;
+
+  if (env_var_str)
+    {
+      fp = fopen (env_var_str, "r");
+      if (fp == NULL)
+	{
+	  LDBG (0, "ERROR: failed to open key file %s \n", env_var_str);
+	  return -1;
+	}
+      key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp);
+      tls_key = inbuf;
+      vppcom_session_tls_add_key (vlsh_to_session_index (vlsh), tls_key,
+				  key_size);
+      fclose (fp);
+    }
+  else
+    {
+      LDBG (0, "ERROR: failed to read LDP environment %s\n", LDP_ENV_TLS_KEY);
+      return -1;
+    }
+  return 0;
+}
+
 int
 socket (int domain, int type, int protocol)
 {
@@ -871,8 +961,14 @@ socket (int domain, int type, int protocol)
   if (((domain == AF_INET) || (domain == AF_INET6)) &&
       ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM)))
     {
-      u8 proto = ((sock_type == SOCK_DGRAM) ?
-		  VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP);
+      u8 proto;
+      if (ldp->transparent_tls)
+	{
+	  proto = VPPCOM_PROTO_TLS;
+	}
+      else
+	proto = ((sock_type == SOCK_DGRAM) ?
+		 VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP);
 
       LDBG (0, "calling vls_create: proto %u (%s), is_nonblocking %u",
 	    proto, vppcom_proto_str (proto), is_nonblocking);
@@ -885,6 +981,13 @@ socket (int domain, int type, int protocol)
 	}
       else
 	{
+	  if (ldp->transparent_tls)
+	    {
+	      if (load_tls_cert (vlsh) < 0 || load_tls_key (vlsh) < 0)
+		{
+		  return -1;
+		}
+	    }
 	  rv = ldp_vlsh_to_fd (vlsh);
 	}
     }
@@ -1478,7 +1581,7 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags,
 	  __SOCKADDR_ARG addr, socklen_t * __restrict addr_len)
 {
   vls_handle_t sid;
-  ssize_t size;
+  ssize_t size, rv;
 
   if ((errno = -ldp_init ()))
     return -1;
@@ -1495,7 +1598,11 @@ recvfrom (int fd, void *__restrict buf, size_t n, int flags,
 	  size = vls_recvfrom (sid, buf, n, flags, &ep);
 
 	  if (size > 0)
-	    size = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep);
+	    {
+	      rv = ldp_copy_ep_to_sockaddr (addr, addr_len, &ep);
+	      if (rv < 0)
+		size = rv;
+	    }
 	}
       else
 	size = vls_recvfrom (sid, buf, n, flags, NULL);
@@ -1821,6 +1928,7 @@ setsockopt (int fd, int level, int optname,
 			     (void *) optval, &optlen);
 	      break;
 	    case TCP_CONGESTION:
+	    case TCP_CORK:
 	      /* Ignore */
 	      rv = 0;
 	      break;
@@ -2032,6 +2140,12 @@ epoll_create1 (int flags)
 
   if (ldp->vcl_needs_real_epoll)
     {
+      /* Make sure workers have been allocated */
+      if (!ldp->workers)
+	{
+	  ldp_alloc_workers ();
+	  ldpw = ldp_worker_get_current ();
+	}
       rv = libc_epoll_create1 (flags);
       ldp->vcl_needs_real_epoll = 0;
       ldpw->vcl_mq_epfd = rv;
@@ -2367,8 +2481,11 @@ ldp_constructor (void)
 {
   swrap_constructor ();
   if (ldp_init () != 0)
-    fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n",
-	     getpid ());
+    {
+      fprintf (stderr, "\nLDP<%d>: ERROR: ldp_constructor: failed!\n",
+	       getpid ());
+      _exit (1);
+    }
   else if (LDP_DEBUG > 0)
     clib_warning ("LDP<%d>: LDP constructor: done!\n", getpid ());
 }