X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fsession%2Fapplication.c;h=7777c7275b33a426c7c6be565257fe0c72d1ab2e;hb=d8f48e2166747b529aa23762ac314dd686590c89;hp=ab678888a7181fbd8ba5164a4d6748866bc30a88;hpb=2eed1a12b425701d6109c9b55c9c1cac806de724;p=vpp.git diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index ab678888a71..7777c7275b3 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -52,9 +52,9 @@ static void app_listener_free (application_t * app, app_listener_t * app_listener) { clib_bitmap_free (app_listener->workers); - pool_put (app->listeners, app_listener); if (CLIB_DEBUG) clib_memset (app_listener, 0xfa, sizeof (*app_listener)); + pool_put (app->listeners, app_listener); } session_handle_t @@ -115,7 +115,7 @@ app_listener_lookup (application_t * app, session_endpoint_cfg_t * sep_ext) } fib_proto = session_endpoint_fib_proto (sep); - table_index = application_session_table (app, fib_proto); + table_index = session_lookup_get_index_for_fib (fib_proto, sep->fib_index); handle = session_lookup_endpoint_listener (table_index, sep, 1); if (handle != SESSION_INVALID_HANDLE) { @@ -133,10 +133,10 @@ app_listener_alloc_and_init (application_t * app, { app_listener_t *app_listener; transport_connection_t *tc; + u32 al_index, table_index; session_handle_t lh; session_type_t st; session_t *ls = 0; - u32 al_index; int rv; app_listener = app_listener_alloc (app); @@ -151,7 +151,6 @@ app_listener_alloc_and_init (application_t * app, && session_endpoint_is_local ((session_endpoint_t *) sep)) { session_type_t local_st; - u32 table_index; local_st = session_type_from_proto_and_ip (TRANSPORT_PROTO_NONE, sep->is_ip4); @@ -213,7 +212,16 @@ app_listener_alloc_and_init (application_t * app, * connections */ tc = session_get_transport (ls); if (!(tc->flags & TRANSPORT_CONNECTION_F_NO_LOOKUP)) - session_lookup_add_connection (tc, lh); + { + fib_protocol_t fib_proto; + fib_proto = session_endpoint_fib_proto ((session_endpoint_t *) sep); + table_index = session_lookup_get_index_for_fib (fib_proto, + sep->fib_index); + ASSERT (table_index != SESSION_TABLE_INVALID_INDEX); + session_lookup_add_session_endpoint (table_index, + (session_endpoint_t *) sep, + lh); + } } if (!ls) @@ -542,6 +550,12 @@ application_alloc_and_init (app_init_args_t * a) props->use_mq_eventfd = 1; if (options[APP_OPTIONS_TLS_ENGINE]) app->tls_engine = options[APP_OPTIONS_TLS_ENGINE]; + if (options[APP_OPTIONS_MAX_FIFO_SIZE]) + props->max_fifo_size = options[APP_OPTIONS_MAX_FIFO_SIZE]; + if (options[APP_OPTIONS_HIGH_WATERMARK]) + props->high_watermark = options[APP_OPTIONS_HIGH_WATERMARK]; + if (options[APP_OPTIONS_LOW_WATERMARK]) + props->low_watermark = options[APP_OPTIONS_LOW_WATERMARK]; props->segment_type = seg_type; /* Add app to lookup by api_client_index table */ @@ -591,8 +605,6 @@ application_free (application_t * app) if (application_is_builtin (app)) application_name_table_del (app); vec_free (app->name); - vec_free (app->tls_cert); - vec_free (app->tls_key); pool_put (app_main.app_pool, app); } @@ -692,8 +704,7 @@ application_alloc_worker_and_init (application_t * app, app_worker_t ** wrk) sm = segment_manager_alloc (); sm->app_wrk_index = app_wrk->wrk_index; - if ((rv = segment_manager_init (sm, app->sm_properties.segment_size, - app->sm_properties.prealloc_fifos))) + if ((rv = segment_manager_init (sm))) { app_worker_free (app_wrk); return rv; @@ -951,6 +962,8 @@ vnet_listen (vnet_listen_args_t * a) application_t *app; int rv; + ASSERT (vlib_thread_is_main_w_barrier ()); + app = application_get_if_valid (a->app_index); if (!app) return VNET_API_ERROR_APPLICATION_NOT_ATTACHED; @@ -1001,6 +1014,8 @@ vnet_connect (vnet_connect_args_t * a) app_worker_t *client_wrk; application_t *client; + ASSERT (vlib_thread_is_main_w_barrier ()); + if (session_endpoint_is_zero (&a->sep)) return VNET_API_ERROR_INVALID_VALUE; @@ -1038,6 +1053,8 @@ vnet_unlisten (vnet_unlisten_args_t * a) app_listener_t *al; application_t *app; + ASSERT (vlib_thread_is_main_w_barrier ()); + if (!(app = application_get_if_valid (a->app_index))) return VNET_API_ERROR_APPLICATION_NOT_ATTACHED; @@ -1299,24 +1316,20 @@ application_get_segment_manager_properties (u32 app_index) clib_error_t * vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a) { - application_t *app; - app = application_get (a->app_index); - if (!app) - return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED, - 0, "app %u doesn't exist", a->app_index); - app->tls_cert = vec_dup (a->cert); + /* Deprected, will be remove after 20.01 */ + app_cert_key_pair_t *ckpair; + ckpair = app_cert_key_pair_get_default (); + ckpair->cert = vec_dup (a->cert); return 0; } clib_error_t * vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a) { - application_t *app; - app = application_get (a->app_index); - if (!app) - return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED, - 0, "app %u doesn't exist", a->app_index); - app->tls_key = vec_dup (a->key); + /* Deprected, will be remove after 20.01 */ + app_cert_key_pair_t *ckpair; + ckpair = app_cert_key_pair_get_default (); + ckpair->key = vec_dup (a->key); return 0; } @@ -1369,6 +1382,70 @@ application_format_connects (application_t * app, int verbose) /* *INDENT-ON* */ } +u8 * +format_cert_key_pair (u8 * s, va_list * args) +{ + app_cert_key_pair_t *ckpair = va_arg (*args, app_cert_key_pair_t *); + int key_len = 0, cert_len = 0; + cert_len = vec_len (ckpair->cert); + key_len = vec_len (ckpair->key); + if (ckpair->cert_key_index == 0) + s = format (s, "DEFAULT (cert:%d, key:%d)", cert_len, key_len); + else + s = format (s, "%d (cert:%d, key:%d)", ckpair->cert_key_index, + cert_len, key_len); + return s; +} + +u8 * +format_crypto_engine (u8 * s, va_list * args) +{ + u32 engine = va_arg (*args, u32); + switch (engine) + { + case CRYPTO_ENGINE_NONE: + return format (s, "none"); + case CRYPTO_ENGINE_MBEDTLS: + return format (s, "mbedtls"); + case CRYPTO_ENGINE_OPENSSL: + return format (s, "openssl"); + case CRYPTO_ENGINE_PICOTLS: + return format (s, "picotls"); + case CRYPTO_ENGINE_VPP: + return format (s, "vpp"); + default: + return format (s, "unknown engine"); + } + return s; +} + +uword +unformat_crypto_engine (unformat_input_t * input, va_list * args) +{ + u8 *a = va_arg (*args, u8 *); + if (unformat (input, "mbedtls")) + *a = CRYPTO_ENGINE_MBEDTLS; + else if (unformat (input, "openssl")) + *a = CRYPTO_ENGINE_OPENSSL; + else if (unformat (input, "picotls")) + *a = CRYPTO_ENGINE_PICOTLS; + else if (unformat (input, "vpp")) + *a = CRYPTO_ENGINE_VPP; + else + return 0; + return 1; +} + +u8 * +format_crypto_context (u8 * s, va_list * args) +{ + crypto_context_t *crctx = va_arg (*args, crypto_context_t *); + s = format (s, "[0x%x][sub%d,ckpair%x]", crctx->ctx_index, + crctx->n_subscribers, crctx->ckpair_index); + s = format (s, "[%U]", format_crypto_engine, crctx->crypto_engine); + return s; +} + u8 * format_application (u8 * s, va_list * args) { @@ -1453,11 +1530,63 @@ application_format_all_clients (vlib_main_t * vm, int verbose) /* *INDENT-ON* */ } +static clib_error_t * +show_certificate_command_fn (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + app_cert_key_pair_t *ckpair; + session_cli_return_if_not_enabled (); + + /* *INDENT-OFF* */ + pool_foreach (ckpair, app_main.cert_key_pair_store, ({ + vlib_cli_output (vm, "%U", format_cert_key_pair, ckpair); + })); + /* *INDENT-ON* */ + return 0; +} + +static inline void +appliction_format_app_mq (vlib_main_t * vm, application_t * app) +{ + app_worker_map_t *map; + app_worker_t *wrk; + /* *INDENT-OFF* */ + pool_foreach (map, app->worker_maps, ({ + wrk = app_worker_get (map->wrk_index); + vlib_cli_output (vm, "[A%d][%d]%U", app->app_index, + map->wrk_index, format_svm_msg_q, + wrk->event_queue); + })); + /* *INDENT-ON* */ +} + +static clib_error_t * +appliction_format_all_app_mq (vlib_main_t * vm) +{ + application_t *app; + int i, n_threads; + + n_threads = vec_len (vlib_mains); + + for (i = 0; i < n_threads; i++) + { + vlib_cli_output (vm, "[Ctrl%d]%U", i, format_svm_msg_q, + session_main_get_vpp_event_queue (i)); + } + + /* *INDENT-OFF* */ + pool_foreach (app, app_main.app_pool, ({ + appliction_format_app_mq (vm, app); + })); + /* *INDENT-ON* */ + return 0; +} + static clib_error_t * show_app_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { - int do_server = 0, do_client = 0; + int do_server = 0, do_client = 0, do_mq = 0; application_t *app; u32 app_index = ~0; int verbose = 0; @@ -1470,6 +1599,8 @@ show_app_command_fn (vlib_main_t * vm, unformat_input_t * input, do_server = 1; else if (unformat (input, "client")) do_client = 1; + else if (unformat (input, "mq")) + do_mq = 1; else if (unformat (input, "%u", &app_index)) ; else if (unformat (input, "verbose")) @@ -1479,6 +1610,22 @@ show_app_command_fn (vlib_main_t * vm, unformat_input_t * input, format_unformat_error, input); } + if (do_mq && app_index != ~0) + { + app = application_get_if_valid (app_index); + if (!app) + return clib_error_return (0, "No app with index %u", app_index); + + appliction_format_app_mq (vm, app); + return 0; + } + + if (do_mq) + { + appliction_format_all_app_mq (vm); + return 0; + } + if (do_server) { application_format_all_listeners (vm, verbose); @@ -1515,15 +1662,122 @@ show_app_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } +/* Certificate store */ + +static app_cert_key_pair_t * +app_cert_key_pair_alloc () +{ + app_cert_key_pair_t *ckpair; + pool_get (app_main.cert_key_pair_store, ckpair); + clib_memset (ckpair, 0, sizeof (*ckpair)); + ckpair->cert_key_index = ckpair - app_main.cert_key_pair_store; + return ckpair; +} + +app_cert_key_pair_t * +app_cert_key_pair_get_if_valid (u32 index) +{ + if (pool_is_free_index (app_main.cert_key_pair_store, index)) + return 0; + return app_cert_key_pair_get (index); +} + +app_cert_key_pair_t * +app_cert_key_pair_get (u32 index) +{ + return pool_elt_at_index (app_main.cert_key_pair_store, index); +} + +app_cert_key_pair_t * +app_cert_key_pair_get_default () +{ + /* To maintain legacy bapi */ + return app_cert_key_pair_get (0); +} + +int +vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a) +{ + app_cert_key_pair_t *ckpair = app_cert_key_pair_alloc (); + ckpair->cert = vec_dup (a->cert); + ckpair->key = vec_dup (a->key); + a->index = ckpair->cert_key_index; + return 0; +} + +int +vnet_app_add_cert_key_interest (u32 index, u32 app_index) +{ + app_cert_key_pair_t *ckpair; + if (!(ckpair = app_cert_key_pair_get_if_valid (index))) + return -1; + if (vec_search (ckpair->app_interests, app_index) != ~0) + vec_add1 (ckpair->app_interests, app_index); + return 0; +} + +int +vnet_app_del_cert_key_pair (u32 index) +{ + app_cert_key_pair_t *ckpair; + application_t *app; + u32 *app_index; + + if (!(ckpair = app_cert_key_pair_get_if_valid (index))) + return (VNET_API_ERROR_INVALID_VALUE); + + vec_foreach (app_index, ckpair->app_interests) + { + if ((app = application_get_if_valid (*app_index)) + && app->cb_fns.app_cert_key_pair_delete_callback) + app->cb_fns.app_cert_key_pair_delete_callback (ckpair); + } + + vec_free (ckpair->cert); + vec_free (ckpair->key); + pool_put (app_main.cert_key_pair_store, ckpair); + return 0; +} + +clib_error_t * +application_init (vlib_main_t * vm) +{ + /* Add a certificate with index 0 to support legacy apis */ + (void) app_cert_key_pair_alloc (); + app_main.last_crypto_engine = CRYPTO_ENGINE_LAST; + return 0; +} + /* *INDENT-OFF* */ +VLIB_INIT_FUNCTION (application_init); + VLIB_CLI_COMMAND (show_app_command, static) = { .path = "show app", - .short_help = "show app [server|client] [verbose]", + .short_help = "show app [app_id] [server|client] [mq] [verbose]", .function = show_app_command_fn, }; + +VLIB_CLI_COMMAND (show_certificate_command, static) = +{ + .path = "show app certificate", + .short_help = "list app certs and keys present in store", + .function = show_certificate_command_fn, +}; /* *INDENT-ON* */ +crypto_engine_type_t +app_crypto_engine_type_add (void) +{ + return (++app_main.last_crypto_engine); +} + +u8 +app_crypto_engine_n_types (void) +{ + return (app_main.last_crypto_engine + 1); +} + /* * fd.io coding-style-patch-verification: ON *