X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fsession%2Fsession_api.c;h=c0ed1250dab84c7f259f5f26c5087b5865e208a4;hb=1a9e2f96d;hp=00e67dcd2d0310ac373886fc05d68585ffb960be;hpb=9609e26f8712246f62d54c1178aefce57e3b6c06;p=vpp.git diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c index 00e67dcd2d0..c0ed1250dab 100644 --- a/src/vnet/session/session_api.c +++ b/src/vnet/session/session_api.c @@ -834,6 +834,8 @@ vl_api_app_namespace_add_del_t_handler (vl_api_app_namespace_add_del_t * mp) vnet_app_namespace_add_del_args_t args = { .ns_id = ns_id, + .netns = 0, + .sock_name = 0, .secret = clib_net_to_host_u64 (mp->secret), .sw_if_index = clib_net_to_host_u32 (mp->sw_if_index), .ip4_fib_id = clib_net_to_host_u32 (mp->ip4_fib_id), @@ -884,6 +886,7 @@ vl_api_app_namespace_add_del_v2_t_handler ( vnet_app_namespace_add_del_args_t args = { .ns_id = ns_id, .netns = netns, + .sock_name = 0, .secret = clib_net_to_host_u64 (mp->secret), .sw_if_index = clib_net_to_host_u32 (mp->sw_if_index), .ip4_fib_id = clib_net_to_host_u32 (mp->ip4_fib_id), @@ -896,7 +899,7 @@ vl_api_app_namespace_add_del_v2_t_handler ( appns_index = app_namespace_index_from_id (ns_id); if (appns_index == APP_NAMESPACE_INVALID_INDEX) { - clib_warning ("app ns lookup failed"); + clib_warning ("app ns lookup failed id:%s", ns_id); rv = VNET_API_ERROR_UNSPECIFIED; } } @@ -910,6 +913,54 @@ done: })); } +static void +vl_api_app_namespace_add_del_v3_t_handler ( + vl_api_app_namespace_add_del_v3_t *mp) +{ + vl_api_app_namespace_add_del_v3_reply_t *rmp; + u8 *ns_id = 0, *netns = 0, *sock_name = 0; + u32 appns_index = 0; + int rv = 0; + if (session_main_is_enabled () == 0) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto done; + } + mp->namespace_id[sizeof (mp->namespace_id) - 1] = 0; + mp->netns[sizeof (mp->netns) - 1] = 0; + ns_id = format (0, "%s", &mp->namespace_id); + netns = format (0, "%s", &mp->netns); + sock_name = format (0, "%s", &mp->sock_name); + vnet_app_namespace_add_del_args_t args = { + .ns_id = ns_id, + .netns = netns, + .sock_name = sock_name, + .secret = clib_net_to_host_u64 (mp->secret), + .sw_if_index = clib_net_to_host_u32 (mp->sw_if_index), + .ip4_fib_id = clib_net_to_host_u32 (mp->ip4_fib_id), + .ip6_fib_id = clib_net_to_host_u32 (mp->ip6_fib_id), + .is_add = mp->is_add, + }; + rv = vnet_app_namespace_add_del (&args); + if (!rv && mp->is_add) + { + appns_index = app_namespace_index_from_id (ns_id); + if (appns_index == APP_NAMESPACE_INVALID_INDEX) + { + clib_warning ("app ns lookup failed id:%s", ns_id); + rv = VNET_API_ERROR_UNSPECIFIED; + } + } + vec_free (ns_id); + vec_free (netns); + vec_free (sock_name); +done: + REPLY_MACRO2 (VL_API_APP_NAMESPACE_ADD_DEL_V3_REPLY, ({ + if (!rv) + rmp->appns_index = clib_host_to_net_u32 (appns_index); + })); +} + static void vl_api_session_rule_add_del_t_handler (vl_api_session_rule_add_del_t * mp) { @@ -1385,7 +1436,7 @@ done: vec_free (fds); } -static void +void sapi_socket_close_w_handle (u32 api_handle) { app_namespace_t *app_ns = app_namespace_get (api_handle >> 16); @@ -1443,10 +1494,7 @@ sapi_add_del_worker_handler (app_namespace_t * app_ns, } if (!mp->is_add) - { - sapi_socket_close_w_handle (sapi_handle); - goto done; - } + goto done; /* Send fifo segment fd if needed */ if (ssvm_type (args.segment) == SSVM_SEGMENT_MEMFD) @@ -1488,6 +1536,83 @@ done: clib_socket_sendmsg (cs, &msg, sizeof (msg), fds, n_fds); } +static void +sapi_add_del_cert_key_handler (app_namespace_t *app_ns, clib_socket_t *cs, + app_sapi_cert_key_add_del_msg_t *mp) +{ + vnet_app_add_cert_key_pair_args_t _a, *a = &_a; + app_sapi_cert_key_add_del_reply_msg_t *rmp; + app_sapi_msg_t msg = { 0 }; + int rv = 0; + + if (mp->is_add) + { + const u32 max_certkey_len = 2e4, max_cert_len = 1e4, max_key_len = 1e4; + clib_error_t *err; + u8 *certkey = 0; + u32 key_len; + + if (mp->certkey_len > max_certkey_len) + { + rv = SESSION_E_INVALID; + goto send_reply; + } + + vec_validate (certkey, mp->certkey_len - 1); + err = clib_socket_recvmsg (cs, certkey, mp->certkey_len, 0, 0); + if (err) + { + clib_error_report (err); + clib_error_free (err); + rv = SESSION_E_INVALID; + goto send_reply; + } + + if (mp->cert_len > max_cert_len) + { + rv = SESSION_E_INVALID; + goto send_reply; + } + + if (mp->certkey_len < mp->cert_len) + { + rv = SESSION_E_INVALID; + goto send_reply; + } + + key_len = mp->certkey_len - mp->cert_len; + if (key_len > max_key_len) + { + rv = SESSION_E_INVALID; + goto send_reply; + } + + clib_memset (a, 0, sizeof (*a)); + a->cert = certkey; + a->key = certkey + mp->cert_len; + a->cert_len = mp->cert_len; + a->key_len = key_len; + rv = vnet_app_add_cert_key_pair (a); + + vec_free (certkey); + } + else + { + rv = vnet_app_del_cert_key_pair (mp->index); + } + +send_reply: + + msg.type = APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY_REPLY; + rmp = &msg.cert_key_add_del_reply; + rmp->retval = rv; + rmp->context = mp->context; + if (!rv && mp->is_add) + rmp->index = a->index; + + clib_socket_sendmsg (cs, &msg, sizeof (msg), 0, 0); +} + static void sapi_socket_detach (app_namespace_t * app_ns, clib_socket_t * cs) { @@ -1496,7 +1621,6 @@ sapi_socket_detach (app_namespace_t * app_ns, clib_socket_t * cs) u32 api_client_handle; api_client_handle = appns_sapi_socket_handle (app_ns, cs); - sapi_socket_close_w_handle (api_client_handle); /* Cleanup everything because app worker closed socket or crashed */ handle = (app_ns_api_handle_t *) & cs->private_data; @@ -1548,6 +1672,9 @@ sapi_sock_read_ready (clib_file_t * cf) case APP_SAPI_MSG_TYPE_ADD_DEL_WORKER: sapi_add_del_worker_handler (app_ns, cs, &msg.worker_add_del); break; + case APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY: + sapi_add_del_cert_key_handler (app_ns, cs, &msg.cert_key_add_del); + break; default: clib_warning ("app wrk %u unknown message type: %u", handle->aah_app_wrk_index, msg.type); @@ -1644,26 +1771,29 @@ appns_sapi_add_ns_socket (app_namespace_t * app_ns) struct stat file_stat; clib_error_t *err; clib_socket_t *cs; - u8 *dir = 0; - int rv = 0; - - vec_add (dir, vlib_unix_get_runtime_dir (), - strlen (vlib_unix_get_runtime_dir ())); - vec_add (dir, (u8 *) subdir, strlen (subdir)); + char dir[4096]; - err = vlib_unix_recursive_mkdir ((char *) dir); - if (err) + if (app_ns->netns) { - clib_error_report (err); - rv = -1; - goto error; + if (!app_ns->sock_name) + app_ns->sock_name = format (0, "@vpp/session/%v%c", app_ns->ns_id, 0); + if (app_ns->sock_name[0] != '@') + return VNET_API_ERROR_INVALID_VALUE; } - - /* Use abstract sockets if a netns was provided */ - if (app_ns->netns) - app_ns->sock_name = format (0, "@vpp/session/%v%c", app_ns->ns_id, 0); else - app_ns->sock_name = format (0, "%v%v%c", dir, app_ns->ns_id, 0); + { + snprintf (dir, sizeof (dir), "%s%s", vlib_unix_get_runtime_dir (), + subdir); + err = vlib_unix_recursive_mkdir ((char *) dir); + if (err) + { + clib_error_report (err); + return VNET_API_ERROR_SYSCALL_ERROR_1; + } + + if (!app_ns->sock_name) + app_ns->sock_name = format (0, "%s%v%c", dir, app_ns->ns_id, 0); + } /* * Create and initialize socket to listen on @@ -1677,15 +1807,11 @@ appns_sapi_add_ns_socket (app_namespace_t * app_ns) if ((err = clib_socket_init_netns (cs, app_ns->netns))) { clib_error_report (err); - rv = -1; - goto error; + return -1; } if (!app_ns->netns && stat ((char *) app_ns->sock_name, &file_stat) == -1) - { - rv = -1; - goto error; - } + return -1; /* * Start polling it @@ -1703,9 +1829,7 @@ appns_sapi_add_ns_socket (app_namespace_t * app_ns) handle->aah_file_index = clib_file_add (&file_main, &cf); handle->aah_app_wrk_index = APP_INVALID_INDEX; -error: - vec_free (dir); - return rv; + return 0; } static void