X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Ftls%2Ftls.c;h=3f21e6e3cb23e830ebbdf9a048c514483a9898e8;hb=288eaab5964b9211350acad8d742fae4789577fe;hp=34de539b29513b8f59c73996af730758858844cf;hpb=d8e94ba8231138e86f31c745c82a0adf54531164;p=vpp.git

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 34de539b295..3f21e6e3cb2 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -51,40 +51,40 @@ tls_get_available_engine (void)
 }
 
 int
-tls_add_vpp_q_rx_evt (stream_session_t * s)
+tls_add_vpp_q_rx_evt (session_t * s)
 {
-  if (svm_fifo_set_event (s->server_rx_fifo))
-    session_send_io_evt_to_thread (s->server_rx_fifo, FIFO_EVENT_APP_RX);
+  if (svm_fifo_set_event (s->rx_fifo))
+    session_send_io_evt_to_thread (s->rx_fifo, FIFO_EVENT_APP_RX);
   return 0;
 }
 
 int
-tls_add_vpp_q_builtin_rx_evt (stream_session_t * s)
+tls_add_vpp_q_builtin_rx_evt (session_t * s)
 {
-  if (svm_fifo_set_event (s->server_rx_fifo))
-    session_send_io_evt_to_thread (s->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
+  if (svm_fifo_set_event (s->rx_fifo))
+    session_send_io_evt_to_thread (s->rx_fifo, FIFO_EVENT_BUILTIN_RX);
   return 0;
 }
 
 int
-tls_add_vpp_q_tx_evt (stream_session_t * s)
+tls_add_vpp_q_tx_evt (session_t * s)
 {
-  if (svm_fifo_set_event (s->server_tx_fifo))
-    session_send_io_evt_to_thread (s->server_tx_fifo, FIFO_EVENT_APP_TX);
+  if (svm_fifo_set_event (s->tx_fifo))
+    session_send_io_evt_to_thread (s->tx_fifo, FIFO_EVENT_APP_TX);
   return 0;
 }
 
 int
-tls_add_vpp_q_builtin_tx_evt (stream_session_t * s)
+tls_add_vpp_q_builtin_tx_evt (session_t * s)
 {
-  if (svm_fifo_set_event (s->server_tx_fifo))
+  if (svm_fifo_set_event (s->tx_fifo))
     session_send_io_evt_to_thread_custom (s, s->thread_index,
 					  FIFO_EVENT_BUILTIN_TX);
   return 0;
 }
 
 static inline int
-tls_add_app_q_evt (app_worker_t * app, stream_session_t * app_session)
+tls_add_app_q_evt (app_worker_t * app, session_t * app_session)
 {
   return app_worker_lock_and_send_event (app, app_session, FIFO_EVENT_APP_RX);
 }
@@ -178,7 +178,7 @@ tls_ctx_half_open_index (tls_ctx_t * ctx)
 }
 
 void
-tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session)
+tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session)
 {
   app_worker_t *app;
   app = app_worker_get_if_valid (app_session->app_wrk_index);
@@ -189,7 +189,7 @@ tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session)
 int
 tls_notify_app_accept (tls_ctx_t * ctx)
 {
-  stream_session_t *app_listener, *app_session;
+  session_t *app_listener, *app_session;
   segment_manager_t *sm;
   app_worker_t *app_wrk;
   application_t *app;
@@ -206,7 +206,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
   app = application_get (app_wrk->app_index);
   lctx = tls_listener_ctx_get (ctx->listener_ctx_index);
 
-  app_session = session_alloc (vlib_get_thread_index ());
+  app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
   app_session->app_wrk_index = ctx->parent_app_index;
   app_session->connection_index = ctx->tls_ctx_handle;
 
@@ -221,7 +221,6 @@ tls_notify_app_accept (tls_ctx_t * ctx)
       TLS_DBG (1, "failed to allocate fifos");
       return rv;
     }
-  ctx->c_s_index = app_session->session_index;
   ctx->app_session_handle = session_handle (app_session);
   session_lookup_add_connection (&ctx->connection,
 				 session_handle (app_session));
@@ -231,8 +230,8 @@ tls_notify_app_accept (tls_ctx_t * ctx)
 int
 tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
 {
-  int (*cb_fn) (u32, u32, stream_session_t *, u8);
-  stream_session_t *app_session;
+  int (*cb_fn) (u32, u32, session_t *, u8);
+  session_t *app_session;
   segment_manager_t *sm;
   app_worker_t *app_wrk;
   application_t *app;
@@ -251,7 +250,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
     goto failed;
 
   sm = app_worker_get_connect_segment_manager (app_wrk);
-  app_session = session_alloc (vlib_get_thread_index ());
+  app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
   app_session->app_wrk_index = ctx->parent_app_index;
   app_session->connection_index = ctx->tls_ctx_handle;
   app_session->session_type =
@@ -261,7 +260,6 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
   if (session_alloc_fifos (sm, app_session))
     goto failed;
 
-  ctx->app_session_handle = session_handle (app_session);
   app_session->session_state = SESSION_STATE_CONNECTING;
   if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
 	     app_session, 0 /* not failed */ ))
@@ -271,9 +269,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
       return -1;
     }
 
-  /* parent_app_api_context should not be overwitten before used,
-   * so defer setting c_s_index */
-  ctx->c_s_index = app_session->session_index;
+  ctx->app_session_handle = session_handle (app_session);
   app_session->session_state = SESSION_STATE_READY;
   session_lookup_add_connection (&ctx->connection,
 				 session_handle (app_session));
@@ -345,13 +341,13 @@ tls_ctx_init_client (tls_ctx_t * ctx)
 }
 
 static inline int
-tls_ctx_write (tls_ctx_t * ctx, stream_session_t * app_session)
+tls_ctx_write (tls_ctx_t * ctx, session_t * app_session)
 {
   return tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session);
 }
 
 static inline int
-tls_ctx_read (tls_ctx_t * ctx, stream_session_t * tls_session)
+tls_ctx_read (tls_ctx_t * ctx, session_t * tls_session)
 {
   return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session);
 }
@@ -363,7 +359,7 @@ tls_ctx_handshake_is_over (tls_ctx_t * ctx)
 }
 
 void
-tls_session_reset_callback (stream_session_t * s)
+tls_session_reset_callback (session_t * s)
 {
   clib_warning ("called...");
 }
@@ -382,9 +378,9 @@ tls_del_segment_callback (u32 client_index, u64 segment_handle)
 }
 
 void
-tls_session_disconnect_callback (stream_session_t * tls_session)
+tls_session_disconnect_callback (session_t * tls_session)
 {
-  stream_session_t *app_session;
+  session_t *app_session;
   tls_ctx_t *ctx;
   app_worker_t *app_wrk;
   application_t *app;
@@ -403,9 +399,9 @@ tls_session_disconnect_callback (stream_session_t * tls_session)
 }
 
 int
-tls_session_accept_callback (stream_session_t * tls_session)
+tls_session_accept_callback (session_t * tls_session)
 {
-  stream_session_t *tls_listener;
+  session_t *tls_listener, *app_session;
   tls_ctx_t *lctx, *ctx;
   u32 ctx_handle;
 
@@ -422,6 +418,12 @@ tls_session_accept_callback (stream_session_t * tls_session)
   ctx->tls_session_handle = session_handle (tls_session);
   ctx->listener_ctx_index = tls_listener->opaque;
 
+  /* Preallocate app session. Avoids allocating a session post handshake
+   * on tls_session rx and potentially invalidating the session pool */
+  app_session = session_alloc (ctx->c_thread_index);
+  app_session->session_state = SESSION_STATE_CLOSED;
+  ctx->c_s_index = app_session->session_index;
+
   TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
 	   tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
 
@@ -429,7 +431,7 @@ tls_session_accept_callback (stream_session_t * tls_session)
 }
 
 int
-tls_app_tx_callback (stream_session_t * app_session)
+tls_app_tx_callback (session_t * app_session)
 {
   tls_ctx_t *ctx;
   if (PREDICT_FALSE (app_session->session_state == SESSION_STATE_CLOSED))
@@ -440,7 +442,7 @@ tls_app_tx_callback (stream_session_t * app_session)
 }
 
 int
-tls_app_rx_callback (stream_session_t * tls_session)
+tls_app_rx_callback (session_t * tls_session)
 {
   tls_ctx_t *ctx;
 
@@ -451,8 +453,9 @@ tls_app_rx_callback (stream_session_t * tls_session)
 
 int
 tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
-				stream_session_t * tls_session, u8 is_fail)
+				session_t * tls_session, u8 is_fail)
 {
+  session_t *app_session;
   tls_ctx_t *ho_ctx, *ctx;
   u32 ctx_handle;
 
@@ -460,7 +463,7 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
 
   if (is_fail)
     {
-      int (*cb_fn) (u32, u32, stream_session_t *, u8), rv = 0;
+      int (*cb_fn) (u32, u32, session_t *, u8), rv = 0;
       u32 wrk_index, api_context;
       app_worker_t *app_wrk;
       application_t *app;
@@ -496,6 +499,12 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
   tls_session->opaque = ctx_handle;
   tls_session->session_state = SESSION_STATE_READY;
 
+  /* Preallocate app session. Avoids allocating a session post handshake
+   * on tls_session rx and potentially invalidating the session pool */
+  app_session = session_alloc (ctx->c_thread_index);
+  app_session->session_state = SESSION_STATE_CLOSED;
+  ctx->c_s_index = app_session->session_index;
+
   return tls_ctx_init_client (ctx);
 }
 
@@ -582,8 +591,8 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
   tls_main_t *tm = &tls_main;
   session_handle_t tls_handle;
   session_endpoint_cfg_t *sep;
-  stream_session_t *tls_listener;
-  stream_session_t *app_listener;
+  session_t *tls_listener;
+  session_t *app_listener;
   tls_engine_type_t engine_type;
   application_t *app;
   tls_ctx_t *lctx;
@@ -696,7 +705,7 @@ format_tls_connection (u8 * s, va_list * args)
   s = format (s, "%-50U", format_tls_ctx, ctx, thread_index);
   if (verbose)
     {
-      stream_session_t *ts;
+      session_t *ts;
       ts = session_get_from_handle (ctx->app_session_handle);
       s = format (s, "state: %-7u", ts->session_state);
       if (verbose > 1)