23 #define TLS_INVALID_HANDLE ~0 24 #define TLS_IDX_MASK 0x00FFFFFF 25 #define TLS_ENGINE_TYPE_SHIFT 29 33 for (i = 0; i <
vec_len (tls_vfts); i++)
35 if (tls_vfts[i].ctx_alloc)
44 session_fifo_event_t evt;
50 evt.event_type = evt_type;
69 session_fifo_event_t evt;
81 if (app->cb_fns.builtin_app_rx_callback)
82 return app->cb_fns.builtin_app_rx_callback (app_session);
86 evt.fifo = app_session->server_rx_fifo;
110 memset (ctx, 0,
sizeof (*ctx));
145 memset (ctx, 0,
sizeof (*ctx));
152 memset (ctx, 0,
sizeof (*ctx));
211 app_session->app_index = ctx->parent_app_index;
212 app_session->connection_index = ctx->tls_ctx_handle;
213 app_session->session_type = app_listener->session_type;
214 app_session->listener_index = app_listener->session_index;
217 TLS_DBG (1,
"failed to allocate fifos");
220 ctx->c_s_index = app_session->session_index;
222 return app->cb_fns.session_accept_callback (app_session);
229 stream_session_t *app_session;
234 cb_fn = app->cb_fns.session_connected_callback;
241 app_session->app_index = ctx->parent_app_index;
242 app_session->connection_index = ctx->tls_ctx_handle;
243 app_session->session_type =
249 ctx->c_s_index = app_session->session_index;
251 if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
254 TLS_DBG (1,
"failed to notify app");
262 return cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, 0,
276 if (!tls_vfts[preferred].ctx_alloc)
285 ctx_index = tls_vfts[engine_type].
ctx_alloc ();
293 tls_vfts[ctx->tls_ctx_engine].
ctx_free (ctx);
299 u32 ctx_index, engine_type;
301 return tls_vfts[engine_type].
ctx_get (ctx_index);
307 u32 ctx_index, engine_type;
327 return tls_vfts[ctx->tls_ctx_engine].
ctx_write (ctx, app_session);
333 return tls_vfts[ctx->tls_ctx_engine].
ctx_read (ctx, tls_session);
377 app->cb_fns.session_disconnect_callback (app_session);
388 tls_session->listener_index);
393 memcpy (ctx, lctx,
sizeof (*lctx));
395 ctx->tls_ctx_handle = ctx_handle;
397 tls_session->opaque = ctx_handle;
399 ctx->listener_ctx_index = tls_listener->opaque;
401 TLS_DBG (1,
"Accept on listener %u new connection [%u]%x",
439 cb_fn = app->cb_fns.session_connected_callback;
445 return cb_fn (ho_ctx->parent_app_index, ho_ctx->c_s_index, 0,
456 ctx->tls_ctx_handle = ctx_handle;
458 TLS_DBG (1,
"TCP connect for %u returned %u. New connection [%u]%x",
460 (ctx) ? ctx_handle : ~0);
463 tls_session->opaque = ctx_handle;
505 ctx->parent_app_index = sep->app_index;
506 ctx->parent_app_api_context = sep->opaque;
507 ctx->tcp_is_ip4 = sep->is_ip4;
516 ctx->tls_ctx_engine = engine_type;
523 TLS_DBG (1,
"New connect request %u engine %d", ctx_index, engine_type);
533 TLS_DBG (1,
"Disconnecting %x", ctx_handle);
543 app_session->server_rx_fifo,
544 app_session->server_tx_fifo);
582 tls_listener->opaque = lctx_index;
588 lctx->parent_app_index = sep->app_index;
589 lctx->tls_session_handle = tls_handle;
591 lctx->tcp_is_ip4 = sep->is_ip4;
592 lctx->tls_ctx_engine = engine_type;
594 TLS_DBG (1,
"Started listening %d, engine type %d", lctx_index,
632 u32 thread_index = va_arg (*args,
u32);
633 u32 child_si, child_ti;
636 if (thread_index != child_ti)
637 clib_warning (
"app and tls sessions are on different threads!");
639 s =
format (s,
"[#%d][TLS] app %u child %u", child_ti,
640 ctx->parent_app_index, child_si);
647 u32 ctx_index = va_arg (*args,
u32);
648 u32 thread_index = va_arg (*args,
u32);
649 u32 verbose = va_arg (*args,
u32);
659 s =
format (s,
"%-15s",
"state");
669 u32 tc_index = va_arg (*args,
u32);
671 u32 listener_index, type;
675 return format (s,
"[TLS] listener app %u child %u", ctx->parent_app_index,
682 u32 tc_index = va_arg (*args,
u32);
684 s =
format (s,
"[TLS] half-open app %u", ctx->parent_app_index);
709 tls_vfts[type] = *vft;
718 u32 segment_size = 512 << 20;
720 u32 fifo_size = 64 << 10;
725 memset (a, 0,
sizeof (*a));
726 memset (options, 0,
sizeof (options));
730 a->options = options;
731 a->name =
format (0,
"tls");
769 if (
unformat (input,
"use-test-cert-in-ca"))
int tls_add_segment_callback(u32 client_index, const ssvm_private_t *fs)
tls_main_t * vnet_tls_get_main(void)
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
static tls_main_t tls_main
void tls_session_reset_callback(stream_session_t *s)
static svm_queue_t * session_manager_get_vpp_event_queue(u32 thread_index)
static tls_engine_type_t tls_get_engine_type(tls_engine_type_t preferred)
int svm_queue_add(svm_queue_t *q, u8 *elem, int nowait)
enum tls_engine_type_ tls_engine_type_t
int tls_session_accept_callback(stream_session_t *tls_session)
static const transport_proto_vft_t tls_proto
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
#define TLS_ENGINE_TYPE_SHIFT
struct _transport_connection transport_connection_t
u32 tls_ctx_half_open_alloc(void)
u32 tls_listener_ctx_alloc(void)
int tls_app_rx_callback(stream_session_t *tls_session)
clib_rwlock_t half_open_rwlock
int application_stop_listen(application_t *srv, session_handle_t handle)
Stop listening on session associated to handle.
int(* ctx_init_server)(tls_ctx_t *ctx)
int application_connect(u32 client_index, u32 api_context, session_endpoint_t *sep)
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
struct _transport_proto_vft transport_proto_vft_t
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
int tls_connect(transport_endpoint_t *tep)
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
u8 * format_tls_connection(u8 *s, va_list *args)
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
void(* ctx_free)(tls_ctx_t *ctx)
int(* ctx_init_client)(tls_ctx_t *ctx)
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
void segment_manager_dealloc_fifos(u32 segment_index, svm_fifo_t *rx_fifo, svm_fifo_t *tx_fifo)
static stream_session_t * session_get_from_handle(session_handle_t handle)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
static stream_session_t * listen_session_get_from_handle(session_handle_t handle)
struct _svm_fifo svm_fifo_t
void session_free(stream_session_t *s)
segment_manager_t * application_get_listen_segment_manager(application_t *app, stream_session_t *s)
static void tls_ctx_free(tls_ctx_t *ctx)
void tls_listener_ctx_free(tls_ctx_t *ctx)
#define VLIB_INIT_FUNCTION(x)
int(* ctx_read)(tls_ctx_t *ctx, stream_session_t *tls_session)
int tls_app_tx_callback(stream_session_t *app_session)
u8 * format_tls_listener(u8 *s, va_list *args)
static tls_engine_vft_t * tls_vfts
static u32 svm_fifo_max_dequeue(svm_fifo_t *f)
struct _stream_session_cb_vft session_cb_vft_t
#define clib_error_return(e, args...)
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
struct _stream_session_t stream_session_t
tls_ctx_t *(* ctx_get)(u32 ctx_index)
static u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
struct _vnet_app_attach_args_t vnet_app_attach_args_t
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void clib_rwlock_init(clib_rwlock_t *p)
struct _session_endpoint session_endpoint_t
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
void tls_ctx_half_open_reader_unlock()
static int tls_add_app_q_evt(application_t *app, stream_session_t *app_session)
static session_handle_t session_handle(stream_session_t *s)
#define pool_put(P, E)
Free an object E in pool P.
#define APP_INVALID_INDEX
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
static void listen_session_parse_handle(session_handle_t handle, u32 *type, u32 *index)
int session_alloc_fifos(segment_manager_t *sm, stream_session_t *s)
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
static u8 svm_fifo_set_event(svm_fifo_t *f)
Sets fifo event flag.
u8 * format_tls_ctx(u8 *s, va_list *args)
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
tls_engine_type_t tls_get_available_engine(void)
static_always_inline uword vlib_get_thread_index(void)
void tls_disconnect(u32 ctx_handle, u32 thread_index)
int tls_del_segment_callback(u32 client_index, const ssvm_private_t *fs)
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
transport_connection_t * tls_listener_get(u32 listener_index)
static int tls_ctx_read(tls_ctx_t *ctx, stream_session_t *tls_session)
#define vec_free(V)
Free vector's memory (no header).
segment_manager_t * application_get_connect_segment_manager(application_t *app)
#define clib_warning(format, args...)
#define clib_memcpy(a, b, c)
apps acting as transports
transport_connection_t connection
static int tls_ctx_init_client(tls_ctx_t *ctx)
int application_start_listen(application_t *srv, session_endpoint_t *sep, session_handle_t *res)
Start listening local transport endpoint for requested transport.
struct _application application_t
#define TLS_DBG(_fmt, _args...)
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
static stream_session_t * session_get_from_handle_if_valid(session_handle_t handle)
static int tls_ctx_init_server(tls_ctx_t *ctx)
#define pool_put_index(p, i)
Free pool element with given index.
void stream_session_disconnect(stream_session_t *s)
Initialize session disconnect.
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
tls_ctx_t * half_open_ctx_pool
stream_session_t * session_alloc(u32 thread_index)
u32 tls_stop_listen(u32 lctx_index)
int svm_fifo_dequeue_drop(svm_fifo_t *f, u32 max_bytes)
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, stream_session_t *tls_session, u8 is_fail)
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
static stream_session_t * listen_session_get(session_type_t type, u32 index)
clib_error_t * vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
int(* ctx_write)(tls_ctx_t *ctx, stream_session_t *app_session)
application_t * application_get(u32 index)
struct _transport_endpoint transport_endpoint_t
int tls_add_vpp_q_evt(svm_fifo_t *f, u8 evt_type)
struct _segment_manager segment_manager_t
struct _svm_queue svm_queue_t
int tls_notify_app_accept(tls_ctx_t *ctx)
void tls_ctx_half_open_free(u32 ho_index)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
static u32 tls_ctx_alloc(tls_engine_type_t engine_type)
void tls_session_disconnect_callback(stream_session_t *tls_session)
int application_alloc_connects_segment_manager(application_t *app)
static int tls_ctx_write(tls_ctx_t *ctx, stream_session_t *app_session)
u8 * format_tls_half_open(u8 *s, va_list *args)
static clib_error_t * tls_init(vlib_main_t *vm)
static session_cb_vft_t tls_app_cb_vft
static u64 listen_session_get_handle(stream_session_t *s)
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
struct _session_endpoint_extended session_endpoint_extended_t
tls_ctx_t * listener_ctx_pool
application_t * application_get_if_valid(u32 index)
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)