X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Ftls%2Ftls.c;h=73a54c86282320ba7169de753305734e32285f62;hb=aab0604c47f9d6e3fadb894b3f081085833f62b3;hp=28c1f5855ea3ab3d68c642b0f5a576d462367ae5;hpb=6faac1622e0d5352da987c73a6f3f1ec55896116;p=vpp.git

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 28c1f5855ea..73a54c86282 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -211,8 +211,6 @@ tls_notify_app_accept (tls_ctx_t * ctx)
       return rv;
     }
   ctx->app_session_handle = session_handle (app_session);
-  session_lookup_add_connection (&ctx->connection,
-				 session_handle (app_session));
   ctx->parent_app_wrk_index = app_session->app_wrk_index;
   app_wrk = app_worker_get (app_session->app_wrk_index);
   return app_worker_accept_notify (app_wrk, app_session);
@@ -254,8 +252,6 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
 
   ctx->app_session_handle = session_handle (app_session);
   app_session->session_state = SESSION_STATE_READY;
-  session_lookup_add_connection (&ctx->connection,
-				 session_handle (app_session));
 
   return 0;
 
@@ -358,11 +354,26 @@ void
 tls_session_reset_callback (session_t * s)
 {
   tls_ctx_t *ctx;
+  transport_connection_t *tc;
+  session_t *app_session;
 
   ctx = tls_ctx_get (s->opaque);
-  session_transport_reset_notify (&ctx->connection);
-  session_transport_closed_notify (&ctx->connection);
-  tls_disconnect_transport (ctx);
+  ctx->is_passive_close = 1;
+  tc = &ctx->connection;
+  if (tls_ctx_handshake_is_over (ctx))
+    {
+      session_transport_reset_notify (tc);
+      session_transport_closed_notify (tc);
+      tls_disconnect_transport (ctx);
+    }
+  else
+    if ((app_session =
+	 session_get_if_valid (ctx->c_s_index, ctx->c_thread_index)))
+    {
+      session_free (app_session);
+      ctx->c_s_index = SESSION_INVALID_INDEX;
+      tls_disconnect_transport (ctx);
+    }
 }
 
 int
@@ -420,7 +431,7 @@ tls_session_accept_callback (session_t * tls_session)
   /* Preallocate app session. Avoids allocating a session post handshake
    * on tls_session rx and potentially invalidating the session pool */
   app_session = session_alloc (ctx->c_thread_index);
-  app_session->session_state = SESSION_STATE_CLOSED;
+  app_session->session_state = SESSION_STATE_CREATED;
   ctx->c_s_index = app_session->session_index;
 
   TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
@@ -487,7 +498,7 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
   /* Preallocate app session. Avoids allocating a session post handshake
    * on tls_session rx and potentially invalidating the session pool */
   app_session = session_alloc (ctx->c_thread_index);
-  app_session->session_state = SESSION_STATE_CLOSED;
+  app_session->session_state = SESSION_STATE_CREATED;
   ctx->c_s_index = app_session->session_index;
 
   return tls_ctx_init_client (ctx);
@@ -607,11 +618,11 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
       return -1;
     }
 
-  sep->transport_proto = TRANSPORT_PROTO_TCP;
   clib_memset (args, 0, sizeof (*args));
   args->app_index = tm->app_index;
   args->sep_ext = *sep;
   args->sep_ext.ns_index = app->ns_index;
+  args->sep_ext.transport_proto = TRANSPORT_PROTO_TCP;
   if (vnet_listen (args))
     return -1;
 
@@ -652,11 +663,26 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
 u32
 tls_stop_listen (u32 lctx_index)
 {
+  session_endpoint_t sep = SESSION_ENDPOINT_NULL;
   crypto_engine_type_t engine_type;
+  transport_connection_t *lc;
   tls_ctx_t *lctx;
+  session_t *ls;
   int rv;
 
   lctx = tls_listener_ctx_get (lctx_index);
+
+  /* Cleanup listener from session lookup table */
+  ls = session_get_from_handle (lctx->tls_session_handle);
+  lc = session_get_transport (ls);
+
+  sep.fib_index = lc->fib_index;
+  sep.port = lc->lcl_port;
+  sep.is_ip4 = lc->is_ip4;
+  sep.transport_proto = TRANSPORT_PROTO_TLS;
+  clib_memcpy (&sep.ip, &lc->lcl_ip, sizeof (lc->lcl_ip));
+  session_lookup_del_session_endpoint2 (&sep);
+
   vnet_unlisten_args_t a = {
     .handle = lctx->tls_session_handle,
     .app_index = tls_main.app_index,
@@ -719,6 +745,44 @@ format_tls_ctx (u8 * s, va_list * args)
   return s;
 }
 
+static u8 *
+format_tls_listener_ctx (u8 * s, va_list * args)
+{
+  session_t *tls_listener;
+  app_listener_t *al;
+  u32 app_si, app_ti;
+  tls_ctx_t *ctx;
+
+  ctx = va_arg (*args, tls_ctx_t *);
+
+  al = app_listener_get_w_handle (ctx->tls_session_handle);
+  tls_listener = app_listener_get_session (al);
+  session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
+  s = format (s, "[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
+	      app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
+	      tls_listener->thread_index, tls_listener->session_index);
+
+  return s;
+}
+
+static u8 *
+format_tls_ctx_state (u8 * s, va_list * args)
+{
+  tls_ctx_t *ctx;
+  session_t *ts;
+
+  ctx = va_arg (*args, tls_ctx_t *);
+  ts = session_get_from_handle (ctx->app_session_handle);
+  if (ts->session_state == SESSION_STATE_LISTENING)
+    s = format (s, "%s", "LISTEN");
+  else if (tls_ctx_handshake_is_over (ctx))
+    s = format (s, "%s", "ESTABLISHED");
+  else
+    s = format (s, "%s", "HANDSHAKE");
+
+  return s;
+}
+
 u8 *
 format_tls_connection (u8 * s, va_list * args)
 {
@@ -734,9 +798,7 @@ format_tls_connection (u8 * s, va_list * args)
   s = format (s, "%-50U", format_tls_ctx, ctx);
   if (verbose)
     {
-      session_t *ts;
-      ts = session_get_from_handle (ctx->app_session_handle);
-      s = format (s, "state: %-7u", ts->session_state);
+      s = format (s, "%-15U", format_tls_ctx_state, ctx);
       if (verbose > 1)
 	s = format (s, "\n");
     }
@@ -748,18 +810,12 @@ format_tls_listener (u8 * s, va_list * args)
 {
   u32 tc_index = va_arg (*args, u32);
   u32 __clib_unused thread_index = va_arg (*args, u32);
-  u32 __clib_unused verbose = va_arg (*args, u32);
+  u32 verbose = va_arg (*args, u32);
   tls_ctx_t *ctx = tls_listener_ctx_get (tc_index);
-  session_t *tls_listener;
-  app_listener_t *al;
-  u32 app_si, app_ti;
 
-  al = app_listener_get_w_handle (ctx->tls_session_handle);
-  tls_listener = app_listener_get_session (al);
-  session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
-  s = format (s, "[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
-	      app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
-	      tls_listener->thread_index, tls_listener->session_index);
+  s = format (s, "%-50U", format_tls_listener_ctx, ctx);
+  if (verbose)
+    s = format (s, "%-15U", format_tls_ctx_state, ctx);
   return s;
 }
 
@@ -884,6 +940,7 @@ static clib_error_t *
 tls_config_fn (vlib_main_t * vm, unformat_input_t * input)
 {
   tls_main_t *tm = &tls_main;
+  uword tmp;
   while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
     {
       if (unformat (input, "use-test-cert-in-ca"))
@@ -893,9 +950,15 @@ tls_config_fn (vlib_main_t * vm, unformat_input_t * input)
       else if (unformat (input, "first-segment-size %U", unformat_memory_size,
 			 &tm->first_seg_size))
 	;
-      else if (unformat (input, "fifo-size %U", unformat_memory_size,
-			 &tm->fifo_size))
-	;
+      else if (unformat (input, "fifo-size %U", unformat_memory_size, &tmp))
+	{
+	  if (tmp >= 0x100000000ULL)
+	    {
+	      return clib_error_return
+		(0, "fifo-size %llu (0x%llx) too large", tmp, tmp);
+	    }
+	  tm->fifo_size = tmp;
+	}
       else
 	return clib_error_return (0, "unknown input `%U'",
 				  format_unformat_error, input);