FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
tls.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
17 #include <vppinfra/lock.h>
18 #include <vnet/tls/tls.h>
19 
22 
23 #define TLS_INVALID_HANDLE ~0
24 #define TLS_IDX_MASK 0x00FFFFFF
25 #define TLS_ENGINE_TYPE_SHIFT 29
26 
27 void tls_disconnect (u32 ctx_handle, u32 thread_index);
28 
29 static void
31 {
33  .handle = ctx->tls_session_handle,
34  .app_index = tls_main.app_index,
35  };
36 
37  if (vnet_disconnect_session (&a))
38  clib_warning ("disconnect returned");
39 }
40 
43 {
44  int i;
45  for (i = 0; i < vec_len (tls_vfts); i++)
46  {
47  if (tls_vfts[i].ctx_alloc)
48  return i;
49  }
50  return TLS_ENGINE_NONE;
51 }
52 
53 int
55 {
56  if (svm_fifo_set_event (s->server_rx_fifo))
58  return 0;
59 }
60 
61 int
63 {
64  if (svm_fifo_set_event (s->server_rx_fifo))
66  return 0;
67 }
68 
69 int
71 {
72  if (svm_fifo_set_event (s->server_tx_fifo))
74  return 0;
75 }
76 
77 int
79 {
80  if (svm_fifo_set_event (s->server_tx_fifo))
81  session_send_io_evt_to_thread_custom (s, s->thread_index,
83  return 0;
84 }
85 
86 static inline int
88 {
89  return app_worker_lock_and_send_event (app, app_session, FIFO_EVENT_APP_RX);
90 }
91 
92 u32
94 {
95  tls_main_t *tm = &tls_main;
96  tls_ctx_t *ctx;
97 
98  pool_get (tm->listener_ctx_pool, ctx);
99  clib_memset (ctx, 0, sizeof (*ctx));
100  return ctx - tm->listener_ctx_pool;
101 }
102 
103 void
105 {
106  if (CLIB_DEBUG)
107  memset (ctx, 0xfb, sizeof (*ctx));
108  pool_put (tls_main.listener_ctx_pool, ctx);
109 }
110 
111 tls_ctx_t *
113 {
114  return pool_elt_at_index (tls_main.listener_ctx_pool, ctx_index);
115 }
116 
117 u32
119 {
120  return (ctx - tls_main.listener_ctx_pool);
121 }
122 
123 u32
125 {
126  tls_main_t *tm = &tls_main;
127  u8 will_expand = 0;
128  tls_ctx_t *ctx;
129  u32 ctx_index;
130 
131  pool_get_aligned_will_expand (tm->half_open_ctx_pool, will_expand, 0);
132  if (PREDICT_FALSE (will_expand && vlib_num_workers ()))
133  {
135  pool_get (tm->half_open_ctx_pool, ctx);
136  ctx_index = ctx - tm->half_open_ctx_pool;
138  }
139  else
140  {
141  /* reader lock assumption: only main thread will call pool_get */
143  pool_get (tm->half_open_ctx_pool, ctx);
144  ctx_index = ctx - tm->half_open_ctx_pool;
146  }
147  clib_memset (ctx, 0, sizeof (*ctx));
148  return ctx_index;
149 }
150 
151 void
153 {
154  tls_main_t *tm = &tls_main;
156  pool_put_index (tls_main.half_open_ctx_pool, ho_index);
158 }
159 
160 tls_ctx_t *
162 {
163  tls_main_t *tm = &tls_main;
165  return pool_elt_at_index (tm->half_open_ctx_pool, ctx_index);
166 }
167 
168 void
170 {
172 }
173 
174 u32
176 {
177  return (ctx - tls_main.half_open_ctx_pool);
178 }
179 
180 void
182 {
183  app_worker_t *app;
184  app = app_worker_get_if_valid (app_session->app_wrk_index);
185  if (PREDICT_TRUE (app != 0))
186  tls_add_app_q_evt (app, app_session);
187 }
188 
189 int
191 {
192  stream_session_t *app_listener, *app_session;
193  segment_manager_t *sm;
194  app_worker_t *app_wrk;
195  application_t *app;
196  tls_ctx_t *lctx;
197  int rv;
198 
199  app_wrk = app_worker_get_if_valid (ctx->parent_app_index);
200  if (!app_wrk)
201  {
202  tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
203  return -1;
204  }
205 
206  app = application_get (app_wrk->app_index);
207  lctx = tls_listener_ctx_get (ctx->listener_ctx_index);
208 
209  app_session = session_alloc (vlib_get_thread_index ());
210  app_session->app_wrk_index = ctx->parent_app_index;
211  app_session->connection_index = ctx->tls_ctx_handle;
212 
213  app_listener = listen_session_get_from_handle (lctx->app_session_handle);
214  app_session->session_type = app_listener->session_type;
215  app_session->listener_index = app_listener->session_index;
216  sm = app_worker_get_listen_segment_manager (app_wrk, app_listener);
217  app_session->t_app_index = tls_main.app_index;
218 
219  if ((rv = session_alloc_fifos (sm, app_session)))
220  {
221  TLS_DBG (1, "failed to allocate fifos");
222  return rv;
223  }
224  ctx->c_s_index = app_session->session_index;
225  ctx->app_session_handle = session_handle (app_session);
227  session_handle (app_session));
228  return app->cb_fns.session_accept_callback (app_session);
229 }
230 
231 int
233 {
234  int (*cb_fn) (u32, u32, stream_session_t *, u8);
235  stream_session_t *app_session;
236  segment_manager_t *sm;
237  app_worker_t *app_wrk;
238  application_t *app;
239 
240  app_wrk = app_worker_get_if_valid (ctx->parent_app_index);
241  if (!app_wrk)
242  {
244  return -1;
245  }
246 
247  app = application_get (app_wrk->app_index);
248  cb_fn = app->cb_fns.session_connected_callback;
249 
250  if (is_failed)
251  goto failed;
252 
254  app_session = session_alloc (vlib_get_thread_index ());
255  app_session->app_wrk_index = ctx->parent_app_index;
256  app_session->connection_index = ctx->tls_ctx_handle;
257  app_session->session_type =
259  app_session->t_app_index = tls_main.app_index;
260 
261  if (session_alloc_fifos (sm, app_session))
262  goto failed;
263 
264  ctx->app_session_handle = session_handle (app_session);
265  app_session->session_state = SESSION_STATE_CONNECTING;
266  if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
267  app_session, 0 /* not failed */ ))
268  {
269  TLS_DBG (1, "failed to notify app");
270  tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
271  return -1;
272  }
273 
274  /* parent_app_api_context should not be overwitten before used,
275  * so defer setting c_s_index */
276  ctx->c_s_index = app_session->session_index;
277  app_session->session_state = SESSION_STATE_READY;
279  session_handle (app_session));
280 
281  return 0;
282 
283 failed:
284  tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
285  return cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, 0,
286  1 /* failed */ );
287 }
288 
289 static inline void
290 tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type)
291 {
292  *ctx_index = ctx_handle & TLS_IDX_MASK;
293  *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT;
294 }
295 
296 static inline tls_engine_type_t
298 {
299  if (!tls_vfts[preferred].ctx_alloc)
300  return tls_get_available_engine ();
301  return preferred;
302 }
303 
304 static inline u32
306 {
307  u32 ctx_index;
308  ctx_index = tls_vfts[engine_type].ctx_alloc ();
309  return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
310 }
311 
312 static inline void
314 {
315  vec_free (ctx->srv_hostname);
316  tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx);
317 }
318 
319 static inline tls_ctx_t *
320 tls_ctx_get (u32 ctx_handle)
321 {
322  u32 ctx_index, engine_type;
323  tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
324  return tls_vfts[engine_type].ctx_get (ctx_index);
325 }
326 
327 static inline tls_ctx_t *
328 tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index)
329 {
330  u32 ctx_index, engine_type;
331  tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
332  return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index);
333 }
334 
335 static inline int
337 {
338  return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx);
339 }
340 
341 static inline int
343 {
344  return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx);
345 }
346 
347 static inline int
349 {
350  return tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session);
351 }
352 
353 static inline int
355 {
356  return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session);
357 }
358 
359 static inline u8
361 {
362  return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
363 }
364 
365 void
367 {
368  clib_warning ("called...");
369 }
370 
371 int
372 tls_add_segment_callback (u32 client_index, u64 segment_handle)
373 {
374  /* No-op for builtin */
375  return 0;
376 }
377 
378 int
379 tls_del_segment_callback (u32 client_index, u64 segment_handle)
380 {
381  return 0;
382 }
383 
384 void
386 {
387  stream_session_t *app_session;
388  tls_ctx_t *ctx;
389  app_worker_t *app_wrk;
390  application_t *app;
391 
392  ctx = tls_ctx_get (tls_session->opaque);
393  if (!tls_ctx_handshake_is_over (ctx))
394  {
395  session_close (tls_session);
396  return;
397  }
398  ctx->is_passive_close = 1;
399  app_wrk = app_worker_get (ctx->parent_app_index);
400  app = application_get (app_wrk->app_index);
401  app_session = session_get_from_handle (ctx->app_session_handle);
402  app->cb_fns.session_disconnect_callback (app_session);
403 }
404 
405 int
407 {
408  stream_session_t *tls_listener;
409  tls_ctx_t *lctx, *ctx;
410  u32 ctx_handle;
411 
412  tls_listener = listen_session_get (tls_session->listener_index);
413  lctx = tls_listener_ctx_get (tls_listener->opaque);
414 
415  ctx_handle = tls_ctx_alloc (lctx->tls_ctx_engine);
416  ctx = tls_ctx_get (ctx_handle);
417  memcpy (ctx, lctx, sizeof (*lctx));
418  ctx->c_thread_index = vlib_get_thread_index ();
419  ctx->tls_ctx_handle = ctx_handle;
420  tls_session->session_state = SESSION_STATE_READY;
421  tls_session->opaque = ctx_handle;
422  ctx->tls_session_handle = session_handle (tls_session);
423  ctx->listener_ctx_index = tls_listener->opaque;
424 
425  TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
426  tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
427 
428  return tls_ctx_init_server (ctx);
429 }
430 
431 int
433 {
434  tls_ctx_t *ctx;
435  if (PREDICT_FALSE (app_session->session_state == SESSION_STATE_CLOSED))
436  return 0;
437  ctx = tls_ctx_get (app_session->connection_index);
438  tls_ctx_write (ctx, app_session);
439  return 0;
440 }
441 
442 int
444 {
445  tls_ctx_t *ctx;
446 
447  ctx = tls_ctx_get (tls_session->opaque);
448  tls_ctx_read (ctx, tls_session);
449  return 0;
450 }
451 
452 int
453 tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
454  stream_session_t * tls_session, u8 is_fail)
455 {
456  tls_ctx_t *ho_ctx, *ctx;
457  u32 ctx_handle;
458 
459  ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
460 
461  if (is_fail)
462  {
463  int (*cb_fn) (u32, u32, stream_session_t *, u8), rv = 0;
464  u32 wrk_index, api_context;
465  app_worker_t *app_wrk;
466  application_t *app;
467 
468  wrk_index = ho_ctx->parent_app_index;
469  app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index);
470  if (app_wrk)
471  {
472  api_context = ho_ctx->c_s_index;
473  app = application_get (app_wrk->app_index);
474  cb_fn = app->cb_fns.session_connected_callback;
475  rv = cb_fn (wrk_index, api_context, 0, 1 /* failed */ );
476  }
478  tls_ctx_half_open_free (ho_ctx_index);
479  return rv;
480  }
481 
482  ctx_handle = tls_ctx_alloc (ho_ctx->tls_ctx_engine);
483  ctx = tls_ctx_get (ctx_handle);
484  clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx));
486  tls_ctx_half_open_free (ho_ctx_index);
487 
488  ctx->c_thread_index = vlib_get_thread_index ();
489  ctx->tls_ctx_handle = ctx_handle;
490 
491  TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x",
492  ho_ctx_index, is_fail, vlib_get_thread_index (),
493  (ctx) ? ctx_handle : ~0);
494 
495  ctx->tls_session_handle = session_handle (tls_session);
496  tls_session->opaque = ctx_handle;
497  tls_session->session_state = SESSION_STATE_READY;
498 
499  return tls_ctx_init_client (ctx);
500 }
501 
502 /* *INDENT-OFF* */
504  .session_accept_callback = tls_session_accept_callback,
505  .session_disconnect_callback = tls_session_disconnect_callback,
506  .session_connected_callback = tls_session_connected_callback,
507  .session_reset_callback = tls_session_reset_callback,
508  .add_segment_callback = tls_add_segment_callback,
509  .del_segment_callback = tls_del_segment_callback,
510  .builtin_app_rx_callback = tls_app_rx_callback,
511  .builtin_app_tx_callback = tls_app_tx_callback,
512 };
513 /* *INDENT-ON* */
514 
515 int
517 {
518  vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs;
520  tls_engine_type_t engine_type;
521  tls_main_t *tm = &tls_main;
522  app_worker_t *app_wrk;
523  clib_error_t *error;
524  application_t *app;
525  tls_ctx_t *ctx;
526  u32 ctx_index;
527 
528  sep = (session_endpoint_cfg_t *) tep;
529  app_wrk = app_worker_get (sep->app_wrk_index);
530  app = application_get (app_wrk->app_index);
531  engine_type = tls_get_engine_type (app->tls_engine);
532  if (engine_type == TLS_ENGINE_NONE)
533  {
534  clib_warning ("No tls engine_type available");
535  return -1;
536  }
537 
538  ctx_index = tls_ctx_half_open_alloc ();
539  ctx = tls_ctx_half_open_get (ctx_index);
540  ctx->parent_app_index = sep->app_wrk_index;
541  ctx->parent_app_api_context = sep->opaque;
542  ctx->tcp_is_ip4 = sep->is_ip4;
543  if (sep->hostname)
544  {
545  ctx->srv_hostname = format (0, "%v", sep->hostname);
547  }
549 
551  ctx->tls_ctx_engine = engine_type;
552 
553  clib_memcpy_fast (&cargs->sep, sep, sizeof (session_endpoint_t));
554  cargs->sep.transport_proto = TRANSPORT_PROTO_TCP;
555  cargs->app_index = tm->app_index;
556  cargs->api_context = ctx_index;
557  if ((error = vnet_connect (cargs)))
558  return clib_error_get_code (error);
559 
560  TLS_DBG (1, "New connect request %u engine %d", ctx_index, engine_type);
561  return 0;
562 }
563 
564 void
565 tls_disconnect (u32 ctx_handle, u32 thread_index)
566 {
567  tls_ctx_t *ctx;
568 
569  TLS_DBG (1, "Disconnecting %x", ctx_handle);
570 
571  ctx = tls_ctx_get (ctx_handle);
574  tls_ctx_free (ctx);
575 }
576 
577 u32
578 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
579 {
580  vnet_bind_args_t _bargs, *args = &_bargs;
581  app_worker_t *app_wrk;
582  tls_main_t *tm = &tls_main;
583  session_handle_t tls_handle;
585  stream_session_t *tls_listener;
586  stream_session_t *app_listener;
587  tls_engine_type_t engine_type;
588  application_t *app;
589  tls_ctx_t *lctx;
590  u32 lctx_index;
591 
592  sep = (session_endpoint_cfg_t *) tep;
593  app_wrk = app_worker_get (sep->app_wrk_index);
594  app = application_get (app_wrk->app_index);
595  engine_type = tls_get_engine_type (app->tls_engine);
596  if (engine_type == TLS_ENGINE_NONE)
597  {
598  clib_warning ("No tls engine_type available");
599  return -1;
600  }
601 
602  sep->transport_proto = TRANSPORT_PROTO_TCP;
603  clib_memset (args, 0, sizeof (*args));
604  args->app_index = tm->app_index;
605  args->sep_ext = *sep;
606  if (vnet_bind (args))
607  return -1;
608 
609  tls_handle = args->handle;
610  lctx_index = tls_listener_ctx_alloc ();
611  tls_listener = listen_session_get_from_handle (tls_handle);
612  tls_listener->opaque = lctx_index;
613 
614  app_listener = listen_session_get (app_listener_index);
615 
616  lctx = tls_listener_ctx_get (lctx_index);
617  lctx->parent_app_index = sep->app_wrk_index;
618  lctx->tls_session_handle = tls_handle;
619  lctx->app_session_handle = listen_session_get_handle (app_listener);
620  lctx->tcp_is_ip4 = sep->is_ip4;
621  lctx->tls_ctx_engine = engine_type;
622 
623  tls_vfts[engine_type].ctx_start_listen (lctx);
624 
625  TLS_DBG (1, "Started listening %d, engine type %d", lctx_index,
626  engine_type);
627  return lctx_index;
628 }
629 
630 u32
631 tls_stop_listen (u32 lctx_index)
632 {
633  tls_engine_type_t engine_type;
634  tls_ctx_t *lctx;
635 
636  lctx = tls_listener_ctx_get (lctx_index);
638  .handle = lctx->tls_session_handle,
639  .app_index = tls_main.app_index,
640  .wrk_map_index = 0 /* default wrk */
641  };
642  if (vnet_unbind (&a))
643  clib_warning ("unbind returned");
644 
645  engine_type = lctx->tls_ctx_engine;
646  tls_vfts[engine_type].ctx_stop_listen (lctx);
647 
648  tls_listener_ctx_free (lctx);
649  return 0;
650 }
651 
653 tls_connection_get (u32 ctx_index, u32 thread_index)
654 {
655  tls_ctx_t *ctx;
656  ctx = tls_ctx_get_w_thread (ctx_index, thread_index);
657  return &ctx->connection;
658 }
659 
661 tls_listener_get (u32 listener_index)
662 {
663  tls_ctx_t *ctx;
664  ctx = tls_listener_ctx_get (listener_index);
665  return &ctx->connection;
666 }
667 
668 u8 *
669 format_tls_ctx (u8 * s, va_list * args)
670 {
671  tls_ctx_t *ctx = va_arg (*args, tls_ctx_t *);
672  u32 thread_index = va_arg (*args, u32);
673  u32 child_si, child_ti;
674 
675  session_parse_handle (ctx->tls_session_handle, &child_si, &child_ti);
676  if (thread_index != child_ti)
677  clib_warning ("app and tls sessions are on different threads!");
678 
679  s = format (s, "[#%d][TLS] app %u child %u", child_ti,
680  ctx->parent_app_index, child_si);
681  return s;
682 }
683 
684 u8 *
685 format_tls_connection (u8 * s, va_list * args)
686 {
687  u32 ctx_index = va_arg (*args, u32);
688  u32 thread_index = va_arg (*args, u32);
689  u32 verbose = va_arg (*args, u32);
690  tls_ctx_t *ctx;
691 
692  ctx = tls_ctx_get_w_thread (ctx_index, thread_index);
693  if (!ctx)
694  return s;
695 
696  s = format (s, "%-50U", format_tls_ctx, ctx, thread_index);
697  if (verbose)
698  {
699  stream_session_t *ts;
700  ts = session_get_from_handle (ctx->app_session_handle);
701  s = format (s, "state: %-7u", ts->session_state);
702  if (verbose > 1)
703  s = format (s, "\n");
704  }
705  return s;
706 }
707 
708 u8 *
709 format_tls_listener (u8 * s, va_list * args)
710 {
711  u32 tc_index = va_arg (*args, u32);
712  tls_ctx_t *ctx = tls_listener_ctx_get (tc_index);
713  u32 listener_index, thread_index;
714 
715  listen_session_parse_handle (ctx->tls_session_handle, &listener_index,
716  &thread_index);
717  return format (s, "[TLS] listener app %u child %u", ctx->parent_app_index,
718  listener_index);
719 }
720 
721 u8 *
722 format_tls_half_open (u8 * s, va_list * args)
723 {
724  u32 tc_index = va_arg (*args, u32);
725  tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index);
726  s = format (s, "[TLS] half-open app %u", ctx->parent_app_index);
728  return s;
729 }
730 
731 /* *INDENT-OFF* */
733  .open = tls_connect,
734  .close = tls_disconnect,
735  .bind = tls_start_listen,
736  .get_connection = tls_connection_get,
737  .get_listener = tls_listener_get,
738  .unbind = tls_stop_listen,
739  .tx_type = TRANSPORT_TX_INTERNAL,
740  .service_type = TRANSPORT_SERVICE_APP,
741  .format_connection = format_tls_connection,
742  .format_half_open = format_tls_half_open,
743  .format_listener = format_tls_listener,
744 };
745 /* *INDENT-ON* */
746 
747 void
749 {
750  vec_validate (tls_vfts, type);
751  tls_vfts[type] = *vft;
752 }
753 
754 static clib_error_t *
756 {
758  vnet_app_attach_args_t _a, *a = &_a;
759  u64 options[APP_OPTIONS_N_OPTIONS];
760  u32 segment_size = 512 << 20;
761  tls_main_t *tm = &tls_main;
762  u32 fifo_size = 64 << 10;
763  u32 num_threads;
764 
765  num_threads = 1 /* main thread */ + vtm->n_threads;
766 
767  clib_memset (a, 0, sizeof (*a));
768  clib_memset (options, 0, sizeof (options));
769 
770  a->session_cb_vft = &tls_app_cb_vft;
771  a->api_client_index = APP_INVALID_INDEX;
772  a->options = options;
773  a->name = format (0, "tls");
774  a->options[APP_OPTIONS_SEGMENT_SIZE] = segment_size;
775  a->options[APP_OPTIONS_RX_FIFO_SIZE] = fifo_size;
776  a->options[APP_OPTIONS_TX_FIFO_SIZE] = fifo_size;
777  a->options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
778  a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
779  a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_TRANSPORT_APP;
780 
781  if (vnet_application_attach (a))
782  {
783  clib_warning ("failed to attach tls app");
784  return clib_error_return (0, "failed to attach tls app");
785  }
786 
787  if (!tm->ca_cert_path)
789 
790  tm->app_index = a->app_index;
792 
793  vec_validate (tm->rx_bufs, num_threads - 1);
794  vec_validate (tm->tx_bufs, num_threads - 1);
795 
797  FIB_PROTOCOL_IP4, ~0);
799  FIB_PROTOCOL_IP6, ~0);
800  vec_free (a->name);
801  return 0;
802 }
803 
805 
806 static clib_error_t *
808 {
809  tls_main_t *tm = &tls_main;
811  {
812  if (unformat (input, "use-test-cert-in-ca"))
813  tm->use_test_cert_in_ca = 1;
814  else if (unformat (input, "ca-cert-path %s", &tm->ca_cert_path))
815  ;
816  else
817  return clib_error_return (0, "unknown input `%U'",
818  format_unformat_error, input);
819  }
820  return 0;
821 }
822 
824 
825 tls_main_t *
827 {
828  return &tls_main;
829 }
830 
831 /*
832  * fd.io coding-style-patch-verification: ON
833  *
834  * Local Variables:
835  * eval: (c-set-style "gnu")
836  * End:
837  */
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:826
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:439
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
Definition: lock.h:139
static tls_main_t tls_main
Definition: tls.c:20
void tls_session_reset_callback(stream_session_t *s)
Definition: tls.c:366
app_worker_t * app_worker_get(u32 wrk_index)
Definition: application.c:517
static tls_engine_type_t tls_get_engine_type(tls_engine_type_t preferred)
Definition: tls.c:297
enum tls_engine_type_ tls_engine_type_t
int tls_session_accept_callback(stream_session_t *tls_session)
Definition: tls.c:406
a
Definition: bitmap.h:538
static const transport_proto_vft_t tls_proto
Definition: tls.c:732
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
Definition: lock.h:177
#define TLS_ENGINE_TYPE_SHIFT
Definition: tls.c:25
struct _transport_connection transport_connection_t
struct _vnet_connect_args vnet_connect_args_t
u32 tls_ctx_half_open_alloc(void)
Definition: tls.c:124
#define PREDICT_TRUE(x)
Definition: clib.h:112
u32 tls_listener_ctx_alloc(void)
Definition: tls.c:93
int tls_app_rx_callback(stream_session_t *tls_session)
Definition: tls.c:443
clib_rwlock_t half_open_rwlock
Definition: tls.h:82
unsigned long u64
Definition: types.h:89
static int tls_add_app_q_evt(app_worker_t *app, stream_session_t *app_session)
Definition: tls.c:87
char * ca_cert_path
Definition: tls.h:90
int(* ctx_init_server)(tls_ctx_t *ctx)
Definition: tls.h:100
clib_error_t * vnet_unbind(vnet_unbind_args_t *a)
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
void session_transport_delete_notify(transport_connection_t *tc)
Notification from transport that connection is being deleted.
Definition: session.c:820
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
Definition: tls.c:807
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
Definition: pool.h:242
struct _transport_proto_vft transport_proto_vft_t
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
Definition: vec.h:1018
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
Definition: tls.h:98
u8 * format_tls_connection(u8 *s, va_list *args)
Definition: tls.c:685
int i
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:181
void(* ctx_free)(tls_ctx_t *ctx)
Definition: tls.h:96
int(* ctx_init_client)(tls_ctx_t *ctx)
Definition: tls.h:99
u8 use_test_cert_in_ca
Definition: tls.h:89
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
Definition: tls.c:653
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
Definition: session.h:382
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:419
u64 session_handle_t
Definition: session.h:111
static stream_session_t * session_get_from_handle(session_handle_t handle)
Definition: session.h:390
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:236
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
Definition: tls.c:328
unsigned char u8
Definition: types.h:56
static stream_session_t * listen_session_get_from_handle(session_handle_t handle)
Definition: session.h:672
app transport service
u32 app_index
Definition: tls.h:79
segment_manager_t * app_worker_get_listen_segment_manager(app_worker_t *app, stream_session_t *listener)
Definition: application.c:943
static void tls_ctx_free(tls_ctx_t *ctx)
Definition: tls.c:313
void tls_listener_ctx_free(tls_ctx_t *ctx)
Definition: tls.c:104
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:163
int(* ctx_read)(tls_ctx_t *ctx, stream_session_t *tls_session)
Definition: tls.h:101
struct _vnet_disconnect_args_t vnet_disconnect_args_t
int tls_add_vpp_q_builtin_tx_evt(stream_session_t *s)
Definition: tls.c:78
int tls_app_tx_callback(stream_session_t *app_session)
Definition: tls.c:432
u8 * format_tls_listener(u8 *s, va_list *args)
Definition: tls.c:709
static tls_engine_vft_t * tls_vfts
Definition: tls.c:21
struct _stream_session_cb_vft session_cb_vft_t
struct _vnet_unbind_args_t vnet_unbind_args_t
int tls_add_vpp_q_rx_evt(stream_session_t *s)
Definition: tls.c:54
static stream_session_t * listen_session_get(u32 index)
Definition: session.h:695
u8 is_passive_close
Definition: tls.h:72
#define clib_error_return(e, args...)
Definition: error.h:99
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
Definition: tls.c:290
int tls_del_segment_callback(u32 client_index, u64 segment_handle)
Definition: tls.c:379
unsigned int u32
Definition: types.h:88
struct _stream_session_t stream_session_t
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
Definition: session.c:88
tls_ctx_t *(* ctx_get)(u32 ctx_index)
Definition: tls.h:97
static u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
Definition: tls.c:360
void session_close(stream_session_t *s)
Initialize session closing procedure.
Definition: session.c:1135
u8 tls_engine
Preferred tls engine.
Definition: application.h:166
struct _vnet_app_attach_args_t vnet_app_attach_args_t
struct _session_endpoint_cfg session_endpoint_cfg_t
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:511
static void clib_rwlock_init(clib_rwlock_t *p)
Definition: lock.h:122
#define TLS_IDX_MASK
Definition: tls.c:24
struct _session_endpoint session_endpoint_t
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
Definition: tls.c:118
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
Definition: lock.h:157
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
Definition: tls.h:103
long ctx[MAX_CONNS]
Definition: main.c:144
void tls_ctx_half_open_reader_unlock()
Definition: tls.c:169
app_worker_t * app_worker_get_if_valid(u32 wrk_index)
Definition: application.c:523
struct _unformat_input_t unformat_input_t
int tls_add_vpp_q_tx_evt(stream_session_t *s)
Definition: tls.c:70
Definition: tls.h:77
static session_handle_t session_handle(stream_session_t *s)
Definition: session.h:364
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:286
#define APP_INVALID_INDEX
Definition: application.h:219
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:232
#define PREDICT_FALSE(x)
Definition: clib.h:111
int(* ctx_start_listen)(tls_ctx_t *ctx)
Definition: tls.h:104
clib_error_t * vnet_connect(vnet_connect_args_t *a)
Definition: tls.h:53
u32(* ctx_alloc)(void)
Definition: tls.h:95
int session_alloc_fifos(segment_manager_t *sm, stream_session_t *s)
Definition: session.c:202
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
Definition: lock.h:185
static u8 svm_fifo_set_event(svm_fifo_t *f)
Sets fifo event flag.
Definition: svm_fifo.h:167
u8 * format_tls_ctx(u8 *s, va_list *args)
Definition: tls.c:669
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
Definition: init.h:216
#define UNFORMAT_END_OF_INPUT
Definition: format.h:144
u8 ** rx_bufs
Definition: tls.h:83
tls_engine_type_t tls_get_available_engine(void)
Definition: tls.c:42
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:212
void tls_disconnect(u32 ctx_handle, u32 thread_index)
Definition: tls.c:565
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
Definition: session.h:440
vlib_main_t * vm
Definition: buffer.c:301
transport_connection_t * tls_listener_get(u32 listener_index)
Definition: tls.c:661
static int tls_ctx_read(tls_ctx_t *ctx, stream_session_t *tls_session)
Definition: tls.c:354
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
#define clib_warning(format, args...)
Definition: error.h:59
apps acting as transports
transport_connection_t connection
Definition: tls.h:57
static int tls_ctx_init_client(tls_ctx_t *ctx)
Definition: tls.c:342
int vnet_disconnect_session(vnet_disconnect_args_t *a)
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:748
application_t * application_get(u32 app_index)
Definition: application.c:213
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
Definition: transport.c:238
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
Definition: tls.c:320
int tls_add_segment_callback(u32 client_index, u64 segment_handle)
Definition: tls.c:372
int app_worker_lock_and_send_event(app_worker_t *app, stream_session_t *s, u8 evt_type)
Send event to application.
Definition: application.c:1418
int tls_connect(transport_endpoint_cfg_t *tep)
Definition: tls.c:516
static int tls_ctx_init_server(tls_ctx_t *ctx)
Definition: tls.c:336
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:311
clib_error_t * vnet_bind(vnet_bind_args_t *a)
int(* ctx_stop_listen)(tls_ctx_t *ctx)
Definition: tls.h:105
session_cb_vft_t cb_fns
Callbacks: shoulder-taps for the server/client.
Definition: application.h:130
int app_worker_alloc_connects_segment_manager(app_worker_t *app_wrk)
Definition: application.c:913
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
Definition: tls.c:112
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:81
stream_session_t * session_alloc(u32 thread_index)
Definition: session.c:144
u8 ** tx_bufs
Definition: tls.h:84
u32 tls_stop_listen(u32 lctx_index)
Definition: tls.c:631
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, stream_session_t *tls_session, u8 is_fail)
Definition: tls.c:453
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
Definition: tls.c:175
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
int(* ctx_write)(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.h:102
int tls_add_vpp_q_builtin_rx_evt(stream_session_t *s)
Definition: tls.c:62
#define clib_error_get_code(err)
Definition: error.h:77
struct _segment_manager segment_manager_t
u8 * srv_hostname
Definition: tls.h:74
int session_send_io_evt_to_thread_custom(void *data, u32 thread_index, session_evt_type_t evt_type)
Definition: session.c:94
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:190
u32 app_index
Index of owning app.
Definition: application.h:71
int session_lookup_add_connection(transport_connection_t *tc, u64 value)
Add transport connection to a session table.
void tls_ctx_half_open_free(u32 ho_index)
Definition: tls.c:152
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
static u32 vlib_num_workers()
Definition: threads.h:366
static u32 tls_ctx_alloc(tls_engine_type_t engine_type)
Definition: tls.c:305
void tls_session_disconnect_callback(stream_session_t *tls_session)
Definition: tls.c:385
static void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30
static int tls_ctx_write(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:348
#define TLS_CA_CERT_PATH
Definition: tls.h:28
segment_manager_t * app_worker_get_connect_segment_manager(app_worker_t *app)
Definition: application.c:928
u8 * format_tls_half_open(u8 *s, va_list *args)
Definition: tls.c:722
static clib_error_t * tls_init(vlib_main_t *vm)
Definition: tls.c:755
static session_cb_vft_t tls_app_cb_vft
Definition: tls.c:503
struct _vnet_bind_args_t vnet_bind_args_t
static u64 listen_session_get_handle(stream_session_t *s)
Definition: session.h:665
#define TLS_DBG(_lvl, _fmt, _args...)
Definition: tls.h:35
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
Definition: tls.c:578
tls_ctx_t * listener_ctx_pool
Definition: tls.h:80
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:972
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)
Definition: tls.c:161
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:170
static void listen_session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
Definition: session.h:678