23 #define TLS_INVALID_HANDLE ~0 24 #define TLS_IDX_MASK 0x00FFFFFF 25 #define TLS_ENGINE_TYPE_SHIFT 29 33 .handle = ctx->tls_session_handle,
45 for (i = 0; i <
vec_len (tls_vfts); i++)
47 if (tls_vfts[i].ctx_alloc)
107 memset (ctx, 0xfb,
sizeof (*ctx));
200 app_session =
session_get (ctx->c_s_index, ctx->c_thread_index);
209 TLS_DBG (1,
"failed to allocate fifos");
237 app_session =
session_get (ctx->c_s_index, ctx->c_thread_index);
248 ctx->parent_app_api_context))
250 TLS_DBG (1,
"failed to notify app");
277 if (!tls_vfts[preferred].ctx_alloc)
286 ctx_index = tls_vfts[engine_type].
ctx_alloc ();
294 tls_vfts[ctx->tls_ctx_engine].
ctx_free (ctx);
300 u32 ctx_index, engine_type;
302 return tls_vfts[engine_type].
ctx_get (ctx_index);
308 u32 ctx_index, engine_type;
328 return tls_vfts[ctx->tls_ctx_engine].
ctx_write (ctx, app_session);
334 return tls_vfts[ctx->tls_ctx_engine].
ctx_read (ctx, tls_session);
367 TLS_DBG (1,
"TCP disconnecting handle %x session %u", tls_session->
opaque,
392 memcpy (ctx, lctx,
sizeof (*lctx));
394 ctx->tls_ctx_handle = ctx_handle;
396 tls_session->
opaque = ctx_handle;
398 ctx->listener_ctx_index = tls_listener->
opaque;
406 TLS_DBG (1,
"Accept on listener %u new connection [%u]%x",
441 api_context = ho_ctx->c_s_index;
456 ctx->tls_ctx_handle = ctx_handle;
458 TLS_DBG (1,
"TCP connect for %u returned %u. New connection [%u]%x",
460 (ctx) ? ctx_handle : ~0);
463 tls_session->
opaque = ctx_handle;
512 ctx->parent_app_wrk_index = sep->app_wrk_index;
513 ctx->parent_app_api_context = sep->opaque;
514 ctx->tcp_is_ip4 = sep->is_ip4;
523 ctx->tls_ctx_engine = engine_type;
528 cargs->api_context = ctx_index;
529 cargs->sep_ext.ns_index = app->
ns_index;
533 TLS_DBG (1,
"New connect request %u engine %d", ctx_index, engine_type);
542 TLS_DBG (1,
"Disconnecting %x", ctx_handle);
579 args->sep_ext = *sep;
580 args->sep_ext.ns_index = app->
ns_index;
585 tls_al_handle = args->handle;
588 tls_listener->
opaque = lctx_index;
593 lctx->parent_app_wrk_index = sep->app_wrk_index;
594 lctx->tls_session_handle = tls_al_handle;
596 lctx->tcp_is_ip4 = sep->is_ip4;
597 lctx->tls_ctx_engine = engine_type;
601 TLS_DBG (1,
"Started listening %d, engine type %d", lctx_index,
615 .handle = lctx->tls_session_handle,
622 engine_type = lctx->tls_ctx_engine;
663 u32 tcp_si, tcp_ti, ctx_index, ctx_engine, app_si, app_ti;
669 s =
format (s,
"[%d:%d][TLS] app_wrk %u index %u engine %u tcp %d:%d",
670 app_ti, app_si, ctx->parent_app_wrk_index, ctx_index,
671 ctx_engine, tcp_ti, tcp_si);
679 u32 ctx_index = va_arg (*args,
u32);
680 u32 thread_index = va_arg (*args,
u32);
681 u32 verbose = va_arg (*args,
u32);
703 u32 tc_index = va_arg (*args,
u32);
704 u32 __clib_unused verbose = va_arg (*args,
u32);
713 s =
format (s,
"[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
714 app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
722 u32 tc_index = va_arg (*args,
u32);
724 s =
format (s,
"[TLS] half-open app %u", ctx->parent_app_wrk_index);
750 tls_vfts[type] = *vft;
756 u32 add_segment_size = (4096ULL << 20) - 1, first_seg_size = 32 << 20;
758 u32 num_threads, fifo_size = 128 << 10;
772 a->options = options;
773 a->name =
format (0,
"tls");
813 if (
unformat (input,
"use-test-cert-in-ca"))
tls_main_t * vnet_tls_get_main(void)
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
int app_worker_lock_and_send_event(app_worker_t *app, session_t *s, u8 evt_type)
Send event to application.
u32 connection_index
Index of the transport connection associated to the session.
static tls_main_t tls_main
int app_worker_init_accepted(session_t *s)
static tls_engine_type_t tls_get_engine_type(tls_engine_type_t preferred)
session_type_t session_type
Type built from transport and network protocol types.
static const transport_proto_vft_t tls_proto
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
#define TLS_ENGINE_TYPE_SHIFT
u32 ns_index
Namespace the application belongs to.
struct _vnet_connect_args vnet_connect_args_t
struct _vnet_unlisten_args_t vnet_unlisten_args_t
u32 tls_ctx_half_open_alloc(void)
u32 tls_listener_ctx_alloc(void)
void tls_session_reset_callback(session_t *s)
u32 session_index
Index in thread pool where session was allocated.
clib_rwlock_t half_open_rwlock
int(* ctx_init_server)(tls_ctx_t *ctx)
#define clib_memcpy_fast(a, b, c)
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
void session_transport_delete_notify(transport_connection_t *tc)
Notification from transport that connection is being deleted.
svm_fifo_t * rx_fifo
Pointers to rx/tx buffers.
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
static session_t * listen_session_get_from_handle(session_handle_t handle)
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
u8 * format_tls_connection(u8 *s, va_list *args)
void(* ctx_free)(tls_ctx_t *ctx)
int(* ctx_init_client)(tls_ctx_t *ctx)
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
void tls_session_disconnect_callback(session_t *tls_session)
static session_t * session_get(u32 si, u32 thread_index)
int vnet_unlisten(vnet_unlisten_args_t *a)
int tls_app_rx_callback(session_t *tls_session)
int(* ctx_read)(tls_ctx_t *ctx, session_t *tls_session)
static int tls_ctx_read(tls_ctx_t *ctx, session_t *tls_session)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
struct _vnet_bind_args_t vnet_listen_args_t
static session_handle_t session_handle(session_t *s)
void session_transport_closing_notify(transport_connection_t *tc)
Notification from transport that connection is being closed.
static void tls_ctx_free(tls_ctx_t *ctx)
void tls_listener_ctx_free(tls_ctx_t *ctx)
#define VLIB_INIT_FUNCTION(x)
struct _vnet_disconnect_args_t vnet_disconnect_args_t
u8 * format_tls_listener(u8 *s, va_list *args)
static tls_engine_vft_t * tls_vfts
#define clib_error_return(e, args...)
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
int tls_del_segment_callback(u32 client_index, u64 segment_handle)
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
tls_ctx_t *(* ctx_get)(u32 ctx_index)
static u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
int tls_add_vpp_q_builtin_tx_evt(session_t *s)
u8 tls_engine
Preferred tls engine.
struct _vnet_app_attach_args_t vnet_app_attach_args_t
struct _transport_proto_vft transport_proto_vft_t
struct _session_endpoint_cfg session_endpoint_cfg_t
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void clib_rwlock_init(clib_rwlock_t *p)
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
int app_worker_accept_notify(app_worker_t *app_wrk, session_t *s)
static session_t * session_get_from_handle(session_handle_t handle)
session_t * app_listener_get_session(app_listener_t *al)
static int tls_add_app_q_evt(app_worker_t *app, session_t *app_session)
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
void tls_ctx_half_open_reader_unlock()
#define pool_put(P, E)
Free an object E in pool P.
int tls_session_accept_callback(session_t *tls_session)
#define APP_INVALID_INDEX
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
int(* ctx_start_listen)(tls_ctx_t *ctx)
app_worker_t * app_worker_get_if_valid(u32 wrk_index)
static u64 listen_session_get_handle(session_t *s)
int(* ctx_write)(tls_ctx_t *ctx, session_t *app_session)
int vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
static u8 svm_fifo_set_event(svm_fifo_t *f)
Sets fifo event flag.
u8 * format_tls_ctx(u8 *s, va_list *args)
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
tls_engine_type_t tls_get_available_engine(void)
static_always_inline uword vlib_get_thread_index(void)
void tls_disconnect(u32 ctx_handle, u32 thread_index)
transport_connection_t * tls_listener_get(u32 listener_index)
#define vec_free(V)
Free vector's memory (no header).
void session_free(session_t *s)
static int tls_ctx_write(tls_ctx_t *ctx, session_t *app_session)
#define clib_warning(format, args...)
struct _stream_session_cb_vft session_cb_vft_t
int tls_add_vpp_q_tx_evt(session_t *s)
struct _transport_connection transport_connection_t
transport_connection_t connection
static int tls_ctx_init_client(tls_ctx_t *ctx)
int app_worker_init_connected(app_worker_t *app_wrk, session_t *s)
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
application_t * application_get(u32 app_index)
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
int tls_add_segment_callback(u32 client_index, u64 segment_handle)
int tls_connect(transport_endpoint_cfg_t *tep)
static int tls_ctx_init_server(tls_ctx_t *ctx)
apps acting as transports
app_listener_t * app_listener_get_w_handle(session_handle_t handle)
#define pool_put_index(p, i)
Free pool element with given index.
int(* ctx_stop_listen)(tls_ctx_t *ctx)
int tls_custom_tx_callback(void *session)
int vnet_listen(vnet_listen_args_t *a)
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
int vnet_connect(vnet_connect_args_t *a)
tls_ctx_t * half_open_ctx_pool
u8 thread_index
Index of the thread that allocated the session.
session_t * session_alloc(u32 thread_index)
u32 tls_stop_listen(u32 lctx_index)
app_worker_t * app_worker_get(u32 wrk_index)
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
volatile u8 session_state
State in session layer state machine.
int tls_add_vpp_q_rx_evt(session_t *s)
u32 opaque
Opaque, for general use.
void session_close(session_t *s)
Initialize session closing procedure.
int app_worker_alloc_connects_segment_manager(app_worker_t *app)
int vnet_disconnect_session(vnet_disconnect_args_t *a)
int session_send_io_evt_to_thread_custom(void *data, u32 thread_index, session_evt_type_t evt_type)
int tls_notify_app_accept(tls_ctx_t *ctx)
u32 app_index
Index of owning app.
int session_lookup_add_connection(transport_connection_t *tc, u64 value)
Add transport connection to a session table.
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
void tls_ctx_half_open_free(u32 ho_index)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
static u32 tls_ctx_alloc(tls_engine_type_t engine_type)
static void tls_disconnect_transport(tls_ctx_t *ctx)
u32 app_wrk_index
Index of the app worker that owns the session.
struct _session_endpoint session_endpoint_t
enum tls_engine_type_ tls_engine_type_t
u8 * format_tls_half_open(u8 *s, va_list *args)
static clib_error_t * tls_init(vlib_main_t *vm)
static session_cb_vft_t tls_app_cb_vft
int app_worker_connect_notify(app_worker_t *app_wrk, session_t *s, u32 opaque)
#define TLS_DBG(_lvl, _fmt, _args...)
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
tls_ctx_t * listener_ctx_pool
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, session_t *tls_session, u8 is_fail)
static session_t * listen_session_get(u32 ls_index)
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)
u32 listener_index
Parent listener session index if the result of an accept.