23 #define TLS_INVALID_HANDLE ~0 24 #define TLS_IDX_MASK 0x00FFFFFF 25 #define TLS_ENGINE_TYPE_SHIFT 29 33 .handle = ctx->tls_session_handle,
45 for (i = 0; i <
vec_len (tls_vfts); i++)
47 if (tls_vfts[i].ctx_alloc)
107 memset (ctx, 0xfb,
sizeof (*ctx));
210 app_session->app_wrk_index = ctx->parent_app_index;
211 app_session->connection_index = ctx->tls_ctx_handle;
214 app_session->session_type = app_listener->session_type;
215 app_session->listener_index = app_listener->session_index;
217 app_session->t_app_index = tls_main.
app_index;
221 TLS_DBG (1,
"failed to allocate fifos");
224 ctx->c_s_index = app_session->session_index;
228 return app->
cb_fns.session_accept_callback (app_session);
235 stream_session_t *app_session;
248 cb_fn = app->
cb_fns.session_connected_callback;
255 app_session->app_wrk_index = ctx->parent_app_index;
256 app_session->connection_index = ctx->tls_ctx_handle;
257 app_session->session_type =
259 app_session->t_app_index = tls_main.
app_index;
266 if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
269 TLS_DBG (1,
"failed to notify app");
276 ctx->c_s_index = app_session->session_index;
285 return cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, 0,
299 if (!tls_vfts[preferred].ctx_alloc)
308 ctx_index = tls_vfts[engine_type].
ctx_alloc ();
316 tls_vfts[ctx->tls_ctx_engine].
ctx_free (ctx);
322 u32 ctx_index, engine_type;
324 return tls_vfts[engine_type].
ctx_get (ctx_index);
330 u32 ctx_index, engine_type;
350 return tls_vfts[ctx->tls_ctx_engine].
ctx_write (ctx, app_session);
356 return tls_vfts[ctx->tls_ctx_engine].
ctx_read (ctx, tls_session);
402 app->
cb_fns.session_disconnect_callback (app_session);
417 memcpy (ctx, lctx,
sizeof (*lctx));
419 ctx->tls_ctx_handle = ctx_handle;
421 tls_session->opaque = ctx_handle;
423 ctx->listener_ctx_index = tls_listener->opaque;
425 TLS_DBG (1,
"Accept on listener %u new connection [%u]%x",
464 u32 wrk_index, api_context;
468 wrk_index = ho_ctx->parent_app_index;
472 api_context = ho_ctx->c_s_index;
474 cb_fn = app->
cb_fns.session_connected_callback;
475 rv = cb_fn (wrk_index, api_context, 0, 1 );
489 ctx->tls_ctx_handle = ctx_handle;
491 TLS_DBG (1,
"TCP connect for %u returned %u. New connection [%u]%x",
493 (ctx) ? ctx_handle : ~0);
496 tls_session->opaque = ctx_handle;
540 ctx->parent_app_index = sep->app_wrk_index;
541 ctx->parent_app_api_context = sep->opaque;
542 ctx->tcp_is_ip4 = sep->is_ip4;
551 ctx->tls_ctx_engine = engine_type;
556 cargs->api_context = ctx_index;
560 TLS_DBG (1,
"New connect request %u engine %d", ctx_index, engine_type);
569 TLS_DBG (1,
"Disconnecting %x", ctx_handle);
605 args->sep_ext = *sep;
609 tls_handle = args->handle;
612 tls_listener->opaque = lctx_index;
617 lctx->parent_app_index = sep->app_wrk_index;
618 lctx->tls_session_handle = tls_handle;
620 lctx->tcp_is_ip4 = sep->is_ip4;
621 lctx->tls_ctx_engine = engine_type;
625 TLS_DBG (1,
"Started listening %d, engine type %d", lctx_index,
638 .handle = lctx->tls_session_handle,
645 engine_type = lctx->tls_ctx_engine;
672 u32 thread_index = va_arg (*args,
u32);
673 u32 child_si, child_ti;
676 if (thread_index != child_ti)
677 clib_warning (
"app and tls sessions are on different threads!");
679 s =
format (s,
"[#%d][TLS] app %u child %u", child_ti,
680 ctx->parent_app_index, child_si);
687 u32 ctx_index = va_arg (*args,
u32);
688 u32 thread_index = va_arg (*args,
u32);
689 u32 verbose = va_arg (*args,
u32);
701 s =
format (s,
"state: %-7u", ts->session_state);
711 u32 tc_index = va_arg (*args,
u32);
713 u32 listener_index, thread_index;
717 return format (s,
"[TLS] listener app %u child %u", ctx->parent_app_index,
724 u32 tc_index = va_arg (*args,
u32);
726 s =
format (s,
"[TLS] half-open app %u", ctx->parent_app_index);
751 tls_vfts[type] = *vft;
760 u32 segment_size = 512 << 20;
762 u32 fifo_size = 64 << 10;
772 a->options = options;
773 a->name =
format (0,
"tls");
812 if (
unformat (input,
"use-test-cert-in-ca"))
tls_main_t * vnet_tls_get_main(void)
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
static tls_main_t tls_main
void tls_session_reset_callback(stream_session_t *s)
app_worker_t * app_worker_get(u32 wrk_index)
static tls_engine_type_t tls_get_engine_type(tls_engine_type_t preferred)
enum tls_engine_type_ tls_engine_type_t
int tls_session_accept_callback(stream_session_t *tls_session)
static const transport_proto_vft_t tls_proto
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
#define TLS_ENGINE_TYPE_SHIFT
struct _transport_connection transport_connection_t
struct _vnet_connect_args vnet_connect_args_t
u32 tls_ctx_half_open_alloc(void)
u32 tls_listener_ctx_alloc(void)
int tls_app_rx_callback(stream_session_t *tls_session)
clib_rwlock_t half_open_rwlock
static int tls_add_app_q_evt(app_worker_t *app, stream_session_t *app_session)
int(* ctx_init_server)(tls_ctx_t *ctx)
clib_error_t * vnet_unbind(vnet_unbind_args_t *a)
#define clib_memcpy_fast(a, b, c)
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
void session_transport_delete_notify(transport_connection_t *tc)
Notification from transport that connection is being deleted.
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
struct _transport_proto_vft transport_proto_vft_t
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
u8 * format_tls_connection(u8 *s, va_list *args)
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
void(* ctx_free)(tls_ctx_t *ctx)
int(* ctx_init_client)(tls_ctx_t *ctx)
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
static stream_session_t * session_get_from_handle(session_handle_t handle)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
static stream_session_t * listen_session_get_from_handle(session_handle_t handle)
segment_manager_t * app_worker_get_listen_segment_manager(app_worker_t *app, stream_session_t *listener)
static void tls_ctx_free(tls_ctx_t *ctx)
void tls_listener_ctx_free(tls_ctx_t *ctx)
#define VLIB_INIT_FUNCTION(x)
int(* ctx_read)(tls_ctx_t *ctx, stream_session_t *tls_session)
struct _vnet_disconnect_args_t vnet_disconnect_args_t
int tls_add_vpp_q_builtin_tx_evt(stream_session_t *s)
int tls_app_tx_callback(stream_session_t *app_session)
u8 * format_tls_listener(u8 *s, va_list *args)
static tls_engine_vft_t * tls_vfts
struct _stream_session_cb_vft session_cb_vft_t
struct _vnet_unbind_args_t vnet_unbind_args_t
int tls_add_vpp_q_rx_evt(stream_session_t *s)
static stream_session_t * listen_session_get(u32 index)
#define clib_error_return(e, args...)
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
int tls_del_segment_callback(u32 client_index, u64 segment_handle)
struct _stream_session_t stream_session_t
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
tls_ctx_t *(* ctx_get)(u32 ctx_index)
static u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
void session_close(stream_session_t *s)
Initialize session closing procedure.
u8 tls_engine
Preferred tls engine.
struct _vnet_app_attach_args_t vnet_app_attach_args_t
struct _session_endpoint_cfg session_endpoint_cfg_t
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void clib_rwlock_init(clib_rwlock_t *p)
struct _session_endpoint session_endpoint_t
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
void tls_ctx_half_open_reader_unlock()
app_worker_t * app_worker_get_if_valid(u32 wrk_index)
int tls_add_vpp_q_tx_evt(stream_session_t *s)
static session_handle_t session_handle(stream_session_t *s)
#define pool_put(P, E)
Free an object E in pool P.
#define APP_INVALID_INDEX
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
int(* ctx_start_listen)(tls_ctx_t *ctx)
clib_error_t * vnet_connect(vnet_connect_args_t *a)
int session_alloc_fifos(segment_manager_t *sm, stream_session_t *s)
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
static u8 svm_fifo_set_event(svm_fifo_t *f)
Sets fifo event flag.
u8 * format_tls_ctx(u8 *s, va_list *args)
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
tls_engine_type_t tls_get_available_engine(void)
static_always_inline uword vlib_get_thread_index(void)
void tls_disconnect(u32 ctx_handle, u32 thread_index)
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
transport_connection_t * tls_listener_get(u32 listener_index)
static int tls_ctx_read(tls_ctx_t *ctx, stream_session_t *tls_session)
#define vec_free(V)
Free vector's memory (no header).
#define clib_warning(format, args...)
apps acting as transports
transport_connection_t connection
static int tls_ctx_init_client(tls_ctx_t *ctx)
int vnet_disconnect_session(vnet_disconnect_args_t *a)
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
application_t * application_get(u32 app_index)
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
int tls_add_segment_callback(u32 client_index, u64 segment_handle)
int app_worker_lock_and_send_event(app_worker_t *app, stream_session_t *s, u8 evt_type)
Send event to application.
int tls_connect(transport_endpoint_cfg_t *tep)
static int tls_ctx_init_server(tls_ctx_t *ctx)
#define pool_put_index(p, i)
Free pool element with given index.
clib_error_t * vnet_bind(vnet_bind_args_t *a)
int(* ctx_stop_listen)(tls_ctx_t *ctx)
session_cb_vft_t cb_fns
Callbacks: shoulder-taps for the server/client.
int app_worker_alloc_connects_segment_manager(app_worker_t *app_wrk)
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
tls_ctx_t * half_open_ctx_pool
stream_session_t * session_alloc(u32 thread_index)
u32 tls_stop_listen(u32 lctx_index)
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, stream_session_t *tls_session, u8 is_fail)
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
int(* ctx_write)(tls_ctx_t *ctx, stream_session_t *app_session)
int tls_add_vpp_q_builtin_rx_evt(stream_session_t *s)
#define clib_error_get_code(err)
struct _segment_manager segment_manager_t
int session_send_io_evt_to_thread_custom(void *data, u32 thread_index, session_evt_type_t evt_type)
int tls_notify_app_accept(tls_ctx_t *ctx)
u32 app_index
Index of owning app.
int session_lookup_add_connection(transport_connection_t *tc, u64 value)
Add transport connection to a session table.
void tls_ctx_half_open_free(u32 ho_index)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
static u32 tls_ctx_alloc(tls_engine_type_t engine_type)
void tls_session_disconnect_callback(stream_session_t *tls_session)
static void tls_disconnect_transport(tls_ctx_t *ctx)
static int tls_ctx_write(tls_ctx_t *ctx, stream_session_t *app_session)
segment_manager_t * app_worker_get_connect_segment_manager(app_worker_t *app)
u8 * format_tls_half_open(u8 *s, va_list *args)
static clib_error_t * tls_init(vlib_main_t *vm)
static session_cb_vft_t tls_app_cb_vft
struct _vnet_bind_args_t vnet_bind_args_t
static u64 listen_session_get_handle(stream_session_t *s)
#define TLS_DBG(_lvl, _fmt, _args...)
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
tls_ctx_t * listener_ctx_pool
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)
static void listen_session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)