X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fvnet%2Ftls%2Ftls.c;h=0fdd68c7d385aa9d18aedc5a98e9bffb07e2a1ba;hp=4b12248a0511cc1053aabbd1bd2970f30496d746;hb=fa76a76;hpb=decda5b466843b3164ba13f248f9e0bb93111782 diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 4b12248a051..0fdd68c7d38 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -26,6 +26,18 @@ static tls_engine_vft_t *tls_vfts; void tls_disconnect (u32 ctx_handle, u32 thread_index); +static void +tls_disconnect_transport (tls_ctx_t * ctx) +{ + vnet_disconnect_args_t a = { + .handle = ctx->tls_session_handle, + .app_index = tls_main.app_index, + }; + + if (vnet_disconnect_session (&a)) + clib_warning ("disconnect returned"); +} + tls_engine_type_t tls_get_available_engine (void) { @@ -39,17 +51,42 @@ tls_get_available_engine (void) } int -tls_add_vpp_q_evt (svm_fifo_t * f, u8 evt_type) +tls_add_vpp_q_rx_evt (stream_session_t * s) +{ + if (svm_fifo_set_event (s->server_rx_fifo)) + session_send_io_evt_to_thread (s->server_rx_fifo, FIFO_EVENT_APP_RX); + return 0; +} + +int +tls_add_vpp_q_builtin_rx_evt (stream_session_t * s) +{ + if (svm_fifo_set_event (s->server_rx_fifo)) + session_send_io_evt_to_thread (s->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + return 0; +} + +int +tls_add_vpp_q_tx_evt (stream_session_t * s) { - if (svm_fifo_set_event (f)) - session_send_io_evt_to_thread (f, evt_type); + if (svm_fifo_set_event (s->server_tx_fifo)) + session_send_io_evt_to_thread (s->server_tx_fifo, FIFO_EVENT_APP_TX); + return 0; +} + +int +tls_add_vpp_q_builtin_tx_evt (stream_session_t * s) +{ + if (svm_fifo_set_event (s->server_tx_fifo)) + session_send_io_evt_to_thread_custom (s, s->thread_index, + FIFO_EVENT_BUILTIN_TX); return 0; } static inline int -tls_add_app_q_evt (application_t * app, stream_session_t * app_session) +tls_add_app_q_evt (app_worker_t * app, stream_session_t * app_session) { - return application_send_event (app, app_session, FIFO_EVENT_APP_RX); + return app_worker_lock_and_send_event (app, app_session, FIFO_EVENT_APP_RX); } u32 @@ -59,13 +96,15 @@ tls_listener_ctx_alloc (void) tls_ctx_t *ctx; pool_get (tm->listener_ctx_pool, ctx); - memset (ctx, 0, sizeof (*ctx)); + clib_memset (ctx, 0, sizeof (*ctx)); return ctx - tm->listener_ctx_pool; } void tls_listener_ctx_free (tls_ctx_t * ctx) { + if (CLIB_DEBUG) + memset (ctx, 0xfb, sizeof (*ctx)); pool_put (tls_main.listener_ctx_pool, ctx); } @@ -94,16 +133,18 @@ tls_ctx_half_open_alloc (void) { clib_rwlock_writer_lock (&tm->half_open_rwlock); pool_get (tm->half_open_ctx_pool, ctx); - memset (ctx, 0, sizeof (*ctx)); ctx_index = ctx - tm->half_open_ctx_pool; clib_rwlock_writer_unlock (&tm->half_open_rwlock); } else { + /* reader lock assumption: only main thread will call pool_get */ + clib_rwlock_reader_lock (&tm->half_open_rwlock); pool_get (tm->half_open_ctx_pool, ctx); - memset (ctx, 0, sizeof (*ctx)); ctx_index = ctx - tm->half_open_ctx_pool; + clib_rwlock_reader_unlock (&tm->half_open_rwlock); } + clib_memset (ctx, 0, sizeof (*ctx)); return ctx_index; } @@ -139,8 +180,8 @@ tls_ctx_half_open_index (tls_ctx_t * ctx) void tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session) { - application_t *app; - app = application_get_if_valid (app_session->app_index); + app_worker_t *app; + app = app_worker_get_if_valid (app_session->app_wrk_index); if (PREDICT_TRUE (app != 0)) tls_add_app_q_evt (app, app_session); } @@ -150,21 +191,31 @@ tls_notify_app_accept (tls_ctx_t * ctx) { stream_session_t *app_listener, *app_session; segment_manager_t *sm; + app_worker_t *app_wrk; application_t *app; tls_ctx_t *lctx; int rv; - app = application_get (ctx->parent_app_index); + app_wrk = app_worker_get_if_valid (ctx->parent_app_index); + if (!app_wrk) + { + tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ()); + return -1; + } + + app = application_get (app_wrk->app_index); lctx = tls_listener_ctx_get (ctx->listener_ctx_index); app_session = session_alloc (vlib_get_thread_index ()); - app_session->app_index = ctx->parent_app_index; + app_session->app_wrk_index = ctx->parent_app_index; app_session->connection_index = ctx->tls_ctx_handle; app_listener = listen_session_get_from_handle (lctx->app_session_handle); app_session->session_type = app_listener->session_type; app_session->listener_index = app_listener->session_index; - sm = application_get_listen_segment_manager (app, app_listener); + sm = app_worker_get_listen_segment_manager (app_wrk, app_listener); + app_session->t_app_index = tls_main.app_index; + if ((rv = session_alloc_fifos (sm, app_session))) { TLS_DBG (1, "failed to allocate fifos"); @@ -172,6 +223,8 @@ tls_notify_app_accept (tls_ctx_t * ctx) } ctx->c_s_index = app_session->session_index; ctx->app_session_handle = session_handle (app_session); + session_lookup_add_connection (&ctx->connection, + session_handle (app_session)); return app->cb_fns.session_accept_callback (app_session); } @@ -181,33 +234,48 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) int (*cb_fn) (u32, u32, stream_session_t *, u8); stream_session_t *app_session; segment_manager_t *sm; + app_worker_t *app_wrk; application_t *app; - app = application_get (ctx->parent_app_index); + app_wrk = app_worker_get_if_valid (ctx->parent_app_index); + if (!app_wrk) + { + tls_disconnect_transport (ctx); + return -1; + } + + app = application_get (app_wrk->app_index); cb_fn = app->cb_fns.session_connected_callback; if (is_failed) goto failed; - sm = application_get_connect_segment_manager (app); + sm = app_worker_get_connect_segment_manager (app_wrk); app_session = session_alloc (vlib_get_thread_index ()); - app_session->app_index = ctx->parent_app_index; + app_session->app_wrk_index = ctx->parent_app_index; app_session->connection_index = ctx->tls_ctx_handle; app_session->session_type = session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4); + app_session->t_app_index = tls_main.app_index; + if (session_alloc_fifos (sm, app_session)) goto failed; ctx->app_session_handle = session_handle (app_session); ctx->c_s_index = app_session->session_index; - app_session->session_state = SESSION_STATE_READY; + app_session->session_state = SESSION_STATE_CONNECTING; if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, app_session, 0 /* not failed */ )) { TLS_DBG (1, "failed to notify app"); tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ()); + return -1; } + app_session->session_state = SESSION_STATE_READY; + session_lookup_add_connection (&ctx->connection, + session_handle (app_session)); + return 0; failed: @@ -299,14 +367,14 @@ tls_session_reset_callback (stream_session_t * s) } int -tls_add_segment_callback (u32 client_index, const ssvm_private_t * fs) +tls_add_segment_callback (u32 client_index, u64 segment_handle) { /* No-op for builtin */ return 0; } int -tls_del_segment_callback (u32 client_index, const ssvm_private_t * fs) +tls_del_segment_callback (u32 client_index, u64 segment_handle) { return 0; } @@ -316,6 +384,7 @@ tls_session_disconnect_callback (stream_session_t * tls_session) { stream_session_t *app_session; tls_ctx_t *ctx; + app_worker_t *app_wrk; application_t *app; ctx = tls_ctx_get (tls_session->opaque); @@ -325,7 +394,8 @@ tls_session_disconnect_callback (stream_session_t * tls_session) return; } ctx->is_passive_close = 1; - app = application_get (ctx->parent_app_index); + app_wrk = app_worker_get (ctx->parent_app_index); + app = application_get (app_wrk->app_index); app_session = session_get_from_handle (ctx->app_session_handle); app->cb_fns.session_disconnect_callback (app_session); } @@ -381,26 +451,35 @@ int tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, stream_session_t * tls_session, u8 is_fail) { - int (*cb_fn) (u32, u32, stream_session_t *, u8); - application_t *app; tls_ctx_t *ho_ctx, *ctx; u32 ctx_handle; ho_ctx = tls_ctx_half_open_get (ho_ctx_index); - app = application_get (ho_ctx->parent_app_index); - cb_fn = app->cb_fns.session_connected_callback; if (is_fail) { + int (*cb_fn) (u32, u32, stream_session_t *, u8), rv = 0; + u32 wrk_index, api_context; + app_worker_t *app_wrk; + application_t *app; + + wrk_index = ho_ctx->parent_app_index; + app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index); + if (app_wrk) + { + api_context = ho_ctx->c_s_index; + app = application_get (app_wrk->app_index); + cb_fn = app->cb_fns.session_connected_callback; + rv = cb_fn (wrk_index, api_context, 0, 1 /* failed */ ); + } tls_ctx_half_open_reader_unlock (); tls_ctx_half_open_free (ho_ctx_index); - return cb_fn (ho_ctx->parent_app_index, ho_ctx->c_s_index, 0, - 1 /* failed */ ); + return rv; } ctx_handle = tls_ctx_alloc (ho_ctx->tls_ctx_engine); ctx = tls_ctx_get (ctx_handle); - clib_memcpy (ctx, ho_ctx, sizeof (*ctx)); + clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx)); tls_ctx_half_open_reader_unlock (); tls_ctx_half_open_free (ho_ctx_index); @@ -432,19 +511,21 @@ static session_cb_vft_t tls_app_cb_vft = { /* *INDENT-ON* */ int -tls_connect (transport_endpoint_t * tep) +tls_connect (transport_endpoint_cfg_t * tep) { - session_endpoint_extended_t *sep; + vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs; + session_endpoint_cfg_t *sep; tls_engine_type_t engine_type; - session_endpoint_t tls_sep; tls_main_t *tm = &tls_main; + app_worker_t *app_wrk; + clib_error_t *error; application_t *app; tls_ctx_t *ctx; u32 ctx_index; - int rv; - sep = (session_endpoint_extended_t *) tep; - app = application_get (sep->app_index); + sep = (session_endpoint_cfg_t *) tep; + app_wrk = app_worker_get (sep->app_wrk_index); + app = application_get (app_wrk->app_index); engine_type = tls_get_engine_type (app->tls_engine); if (engine_type == TLS_ENGINE_NONE) { @@ -454,7 +535,7 @@ tls_connect (transport_endpoint_t * tep) ctx_index = tls_ctx_half_open_alloc (); ctx = tls_ctx_half_open_get (ctx_index); - ctx->parent_app_index = sep->app_index; + ctx->parent_app_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; if (sep->hostname) @@ -464,13 +545,15 @@ tls_connect (transport_endpoint_t * tep) } tls_ctx_half_open_reader_unlock (); - application_alloc_connects_segment_manager (app); + app_worker_alloc_connects_segment_manager (app_wrk); ctx->tls_ctx_engine = engine_type; - clib_memcpy (&tls_sep, sep, sizeof (tls_sep)); - tls_sep.transport_proto = TRANSPORT_PROTO_TCP; - if ((rv = application_connect (tm->app_index, ctx_index, &tls_sep))) - return rv; + clib_memcpy_fast (&cargs->sep, sep, sizeof (session_endpoint_t)); + cargs->sep.transport_proto = TRANSPORT_PROTO_TCP; + cargs->app_index = tm->app_index; + cargs->api_context = ctx_index; + if ((error = vnet_connect (cargs))) + return clib_error_get_code (error); TLS_DBG (1, "New connect request %u engine %d", ctx_index, engine_type); return 0; @@ -479,41 +562,34 @@ tls_connect (transport_endpoint_t * tep) void tls_disconnect (u32 ctx_handle, u32 thread_index) { - stream_session_t *tls_session, *app_session; tls_ctx_t *ctx; TLS_DBG (1, "Disconnecting %x", ctx_handle); ctx = tls_ctx_get (ctx_handle); - tls_session = session_get_from_handle (ctx->tls_session_handle); - stream_session_disconnect (tls_session); - - app_session = session_get_from_handle_if_valid (ctx->app_session_handle); - if (app_session) - { - segment_manager_dealloc_fifos (app_session->svm_segment_index, - app_session->server_rx_fifo, - app_session->server_tx_fifo); - session_free (app_session); - } + tls_disconnect_transport (ctx); + stream_session_delete_notify (&ctx->connection); tls_ctx_free (ctx); } u32 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) { + vnet_bind_args_t _bargs, *args = &_bargs; + app_worker_t *app_wrk; tls_main_t *tm = &tls_main; - application_t *tls_app, *app; session_handle_t tls_handle; - session_endpoint_extended_t *sep; + session_endpoint_cfg_t *sep; stream_session_t *tls_listener; - tls_ctx_t *lctx; - u32 lctx_index; stream_session_t *app_listener; tls_engine_type_t engine_type; + application_t *app; + tls_ctx_t *lctx; + u32 lctx_index; - sep = (session_endpoint_extended_t *) tep; - app = application_get (sep->app_index); + sep = (session_endpoint_cfg_t *) tep; + app_wrk = app_worker_get (sep->app_wrk_index); + app = application_get (app_wrk->app_index); engine_type = tls_get_engine_type (app->tls_engine); if (engine_type == TLS_ENGINE_NONE) { @@ -521,21 +597,22 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) return -1; } - lctx_index = tls_listener_ctx_alloc (); - - tls_app = application_get (tm->app_index); sep->transport_proto = TRANSPORT_PROTO_TCP; - if (application_start_listen (tls_app, (session_endpoint_t *) sep, - &tls_handle)) - return ~0; + clib_memset (args, 0, sizeof (*args)); + args->app_index = tm->app_index; + args->sep_ext = *sep; + if (vnet_bind (args)) + return -1; + tls_handle = args->handle; + lctx_index = tls_listener_ctx_alloc (); tls_listener = listen_session_get_from_handle (tls_handle); tls_listener->opaque = lctx_index; app_listener = listen_session_get (app_listener_index); lctx = tls_listener_ctx_get (lctx_index); - lctx->parent_app_index = sep->app_index; + lctx->parent_app_index = sep->app_wrk_index; lctx->tls_session_handle = tls_handle; lctx->app_session_handle = listen_session_get_handle (app_listener); lctx->tcp_is_ip4 = sep->is_ip4; @@ -551,14 +628,17 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) u32 tls_stop_listen (u32 lctx_index) { - tls_main_t *tm = &tls_main; - application_t *tls_app; - tls_ctx_t *lctx; tls_engine_type_t engine_type; + tls_ctx_t *lctx; lctx = tls_listener_ctx_get (lctx_index); - tls_app = application_get (tm->app_index); - application_stop_listen (tls_app, lctx->tls_session_handle); + vnet_unbind_args_t a = { + .handle = lctx->tls_session_handle, + .app_index = tls_main.app_index, + .wrk_map_index = 0 /* default wrk */ + }; + if (vnet_unbind (&a)) + clib_warning ("unbind returned"); engine_type = lctx->tls_ctx_engine; tls_vfts[engine_type].ctx_stop_listen (lctx); @@ -614,7 +694,9 @@ format_tls_connection (u8 * s, va_list * args) s = format (s, "%-50U", format_tls_ctx, ctx, thread_index); if (verbose) { - s = format (s, "%-15s", "state"); + stream_session_t *ts; + ts = session_get_from_handle (ctx->app_session_handle); + s = format (s, "state: %-7u", ts->session_state); if (verbose > 1) s = format (s, "\n"); } @@ -680,8 +762,8 @@ tls_init (vlib_main_t * vm) num_threads = 1 /* main thread */ + vtm->n_threads; - memset (a, 0, sizeof (*a)); - memset (options, 0, sizeof (options)); + clib_memset (a, 0, sizeof (*a)); + clib_memset (options, 0, sizeof (options)); a->session_cb_vft = &tls_app_cb_vft; a->api_client_index = APP_INVALID_INDEX; @@ -692,6 +774,7 @@ tls_init (vlib_main_t * vm) a->options[APP_OPTIONS_TX_FIFO_SIZE] = fifo_size; a->options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN; a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE; + a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_TRANSPORT_APP; if (vnet_application_attach (a)) {