23 #define TLS_INVALID_HANDLE ~0 24 #define TLS_IDX_MASK 0x00FFFFFF 25 #define TLS_ENGINE_TYPE_SHIFT 29 33 .handle = ctx->tls_session_handle,
45 for (i = 0; i <
vec_len (tls_vfts); i++)
47 if (tls_vfts[i].ctx_alloc)
98 memset (ctx, 0xfb,
sizeof (*ctx));
191 app_session =
session_get (ctx->c_s_index, ctx->c_thread_index);
200 TLS_DBG (1,
"failed to allocate fifos");
226 app_session =
session_get (ctx->c_s_index, ctx->c_thread_index);
237 SESSION_E_NONE, ctx->parent_app_api_context))
239 TLS_DBG (1,
"failed to notify app");
255 ctx->parent_app_api_context);
268 if (!tls_vfts[preferred].ctx_alloc)
277 ctx_index = tls_vfts[engine_type].
ctx_alloc ();
284 u32 ctx_index, engine_type;
286 return tls_vfts[engine_type].
ctx_get (ctx_index);
292 u32 ctx_index, engine_type;
316 n_wrote = tls_vfts[ctx->tls_ctx_engine].
ctx_write (ctx, app_session, sp);
323 return tls_vfts[ctx->tls_ctx_engine].
ctx_read (ctx, tls_session);
341 tls_vfts[ctx->tls_ctx_engine].
ctx_free (ctx);
394 TLS_DBG (1,
"TCP disconnecting handle %x session %u", tls_session->
opaque,
418 memcpy (ctx, lctx,
sizeof (*lctx));
420 ctx->tls_ctx_handle = ctx_handle;
422 tls_session->
opaque = ctx_handle;
424 ctx->listener_ctx_index = tls_listener->
opaque;
434 TLS_DBG (1,
"Accept on listener %u new connection [%u]%x",
480 api_context = ho_ctx->c_s_index;
495 ctx->tls_ctx_handle = ctx_handle;
498 TLS_DBG (1,
"TCP connect for %u returned %u. New connection [%u]%x",
500 (ctx) ? ctx_handle : ~0);
503 tls_session->
opaque = ctx_handle;
573 ctx->parent_app_wrk_index = sep->app_wrk_index;
574 ctx->parent_app_api_context = sep->opaque;
575 ctx->tcp_is_ip4 = sep->is_ip4;
584 ctx->tls_ctx_engine = engine_type;
587 cargs->sep.transport_proto = TRANSPORT_PROTO_TCP;
589 cargs->api_context = ctx_index;
590 cargs->sep_ext.ns_index = app->
ns_index;
594 TLS_DBG (1,
"New connect request %u engine %d", ctx_index, engine_type);
603 TLS_DBG (1,
"Disconnecting %x", ctx_handle);
637 args->sep_ext = *sep;
638 args->sep_ext.ns_index = app->
ns_index;
639 args->sep_ext.transport_proto = TRANSPORT_PROTO_TCP;
644 tls_al_handle = args->handle;
647 tls_listener->
opaque = lctx_index;
652 lctx->parent_app_wrk_index = sep->app_wrk_index;
653 lctx->tls_session_handle = tls_al_handle;
655 lctx->tcp_is_ip4 = sep->is_ip4;
656 lctx->tls_ctx_engine = engine_type;
659 if (tls_vfts[engine_type].ctx_start_listen (lctx))
662 .handle = lctx->tls_session_handle,
672 TLS_DBG (1,
"Started listening %d, engine type %d", lctx_index,
693 sep.fib_index = lc->fib_index;
694 sep.port = lc->lcl_port;
695 sep.is_ip4 = lc->is_ip4;
696 sep.transport_proto = TRANSPORT_PROTO_TLS;
697 clib_memcpy (&sep.ip, &lc->lcl_ip, sizeof (lc->lcl_ip));
701 .handle = lctx->tls_session_handle,
708 engine_type = lctx->tls_ctx_engine;
738 >= SESSION_STATE_TRANSPORT_CLOSED))
748 u32 tcp_si, tcp_ti, ctx_index, ctx_engine, app_si, app_ti;
754 s =
format (s,
"[%d:%d][TLS] app_wrk %u index %u engine %u tcp %d:%d",
755 app_ti, app_si, ctx->parent_app_wrk_index, ctx_index,
756 ctx_engine, tcp_ti, tcp_si);
774 s =
format (s,
"[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
775 app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
790 s =
format (s,
"%s",
"LISTEN");
794 s =
format (s,
"%s",
"CLOSED");
796 s =
format (s,
"%s",
"APP-CLOSED");
797 else if (ts->
session_state >= SESSION_STATE_TRANSPORT_CLOSING)
798 s =
format (s,
"%s",
"CLOSING");
800 s =
format (s,
"%s",
"ESTABLISHED");
802 s =
format (s,
"%s",
"HANDSHAKE");
811 u32 ctx_index = va_arg (*args,
u32);
812 u32 thread_index = va_arg (*args,
u32);
813 u32 verbose = va_arg (*args,
u32);
833 u32 tc_index = va_arg (*args,
u32);
834 u32 __clib_unused thread_index = va_arg (*args,
u32);
835 u32 verbose = va_arg (*args,
u32);
847 u32 tc_index = va_arg (*args,
u32);
848 u32 __clib_unused thread_index = va_arg (*args,
u32);
850 s =
format (s,
"[TLS] half-open app %u", ctx->parent_app_wrk_index);
893 .transport_options = {
906 tls_vfts[
type] = *vft;
912 u32 add_segment_size = 256 << 20, first_seg_size = 32 << 20;
914 u32 num_threads, fifo_size = 128 << 12;
929 a->name =
format (0,
"tls");
970 if (
unformat (input,
"use-test-cert-in-ca"))
979 if (tmp >= 0x100000000ULL)
982 (0,
"fifo-size %llu (0x%llx) too large", tmp, tmp);
tls_main_t * vnet_tls_get_main(void)
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
int app_worker_lock_and_send_event(app_worker_t *app, session_t *s, u8 evt_type)
Send event to application.
static u8 * format_tls_listener_ctx(u8 *s, va_list *args)
u32 connection_index
Index of the transport connection associated to the session.
static tls_main_t tls_main
int tls_notify_app_connected(tls_ctx_t *ctx, session_error_t err)
int app_worker_init_accepted(session_t *s)
session_type_t session_type
Type built from transport and network protocol types.
static const transport_proto_vft_t tls_proto
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
void tls_disconnect_transport(tls_ctx_t *ctx)
int app_worker_connect_notify(app_worker_t *app_wrk, session_t *s, session_error_t err, u32 opaque)
#define TLS_ENGINE_TYPE_SHIFT
crypto_engine_type_t tls_get_available_engine(void)
u32 ns_index
Namespace the application belongs to.
struct _vnet_connect_args vnet_connect_args_t
struct _vnet_unlisten_args_t vnet_unlisten_args_t
u32 tls_ctx_half_open_alloc(void)
u32 tls_listener_ctx_alloc(void)
void tls_session_reset_callback(session_t *s)
u32 session_index
Index in thread pool where session was allocated.
clib_rwlock_t half_open_rwlock
int(* ctx_init_server)(tls_ctx_t *ctx)
#define clib_memcpy_fast(a, b, c)
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
void session_transport_delete_notify(transport_connection_t *tc)
Notification from transport that connection is being deleted.
transport_connection_t * session_get_transport(session_t *s)
svm_fifo_t * rx_fifo
Pointers to rx/tx buffers.
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
static session_t * session_get_if_valid(u64 si, u32 thread_index)
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
static session_t * listen_session_get_from_handle(session_handle_t handle)
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
int session_lookup_del_session_endpoint2(session_endpoint_t *sep)
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
int tls_app_tx_callback(session_t *tls_session)
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
void session_transport_reset_notify(transport_connection_t *tc)
Notify application that connection has been reset.
u8 * format_tls_connection(u8 *s, va_list *args)
void(* ctx_free)(tls_ctx_t *ctx)
int(* ctx_init_client)(tls_ctx_t *ctx)
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
void tls_session_disconnect_callback(session_t *tls_session)
static session_t * session_get(u32 si, u32 thread_index)
int vnet_unlisten(vnet_unlisten_args_t *a)
int tls_app_rx_callback(session_t *tls_session)
int(* ctx_read)(tls_ctx_t *ctx, session_t *tls_session)
static int tls_ctx_read(tls_ctx_t *ctx, session_t *tls_session)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
#define SESSION_ENDPOINT_NULL
struct _vnet_bind_args_t vnet_listen_args_t
static session_handle_t session_handle(session_t *s)
void session_get_endpoint(session_t *s, transport_endpoint_t *tep, u8 is_lcl)
#define clib_memcpy(d, s, n)
static int tls_ctx_transport_close(tls_ctx_t *ctx)
void tls_listener_ctx_free(tls_ctx_t *ctx)
#define VLIB_INIT_FUNCTION(x)
struct _vnet_disconnect_args_t vnet_disconnect_args_t
u8 * format_tls_listener(u8 *s, va_list *args)
static tls_engine_vft_t * tls_vfts
#define clib_error_return(e, args...)
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
int tls_del_segment_callback(u32 client_index, u64 segment_handle)
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
tls_ctx_t *(* ctx_get)(u32 ctx_index)
u8 tls_engine
Preferred tls engine.
struct _vnet_app_attach_args_t vnet_app_attach_args_t
struct _transport_proto_vft transport_proto_vft_t
struct _session_endpoint_cfg session_endpoint_cfg_t
vl_api_fib_path_type_t type
#define TRANSPORT_PACER_MIN_MSS
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void clib_rwlock_init(clib_rwlock_t *p)
static u8 * format_tls_ctx_state(u8 *s, va_list *args)
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
int app_worker_accept_notify(app_worker_t *app_wrk, session_t *s)
static session_t * session_get_from_handle(session_handle_t handle)
session_t * app_listener_get_session(app_listener_t *al)
static int tls_add_app_q_evt(app_worker_t *app, session_t *app_session)
static void tls_transport_listener_endpoint_get(u32 ctx_handle, transport_endpoint_t *tep, u8 is_lcl)
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
void tls_ctx_half_open_reader_unlock()
static u32 tls_ctx_alloc(crypto_engine_type_t engine_type)
#define pool_put(P, E)
Free an object E in pool P.
int tls_session_accept_callback(session_t *tls_session)
#define APP_INVALID_INDEX
static void tls_transport_endpoint_get(u32 ctx_handle, u32 thread_index, transport_endpoint_t *tep, u8 is_lcl)
app_worker_t * app_worker_get_if_valid(u32 wrk_index)
#define SESSION_INVALID_INDEX
u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
static u64 listen_session_get_handle(session_t *s)
int vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
static int tls_ctx_app_close(tls_ctx_t *ctx)
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
static u8 svm_fifo_set_event(svm_fifo_t *f)
Set fifo event flag.
u8 * format_tls_ctx(u8 *s, va_list *args)
void transport_connection_reschedule(transport_connection_t *tc)
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
session_handle_t listener_handle
Parent listener session index if the result of an accept.
static_always_inline uword vlib_get_thread_index(void)
void tls_disconnect(u32 ctx_handle, u32 thread_index)
transport_connection_t * tls_listener_get(u32 listener_index)
int(* ctx_write)(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
sll srl srl sll sra u16x4 i
#define vec_free(V)
Free vector's memory (no header).
void session_free(session_t *s)
#define clib_warning(format, args...)
Don't register connection in lookup.
int tls_add_vpp_q_tx_evt(session_t *s)
struct _transport_connection transport_connection_t
transport_connection_t connection
static int tls_ctx_init_client(tls_ctx_t *ctx)
int app_worker_init_connected(app_worker_t *app_wrk, session_t *s)
static u8 vlib_thread_is_main_w_barrier(void)
application_t * application_get(u32 app_index)
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
int tls_add_segment_callback(u32 client_index, u64 segment_handle)
int tls_connect(transport_endpoint_cfg_t *tep)
static int tls_ctx_init_server(tls_ctx_t *ctx)
apps acting as transports
app_listener_t * app_listener_get_w_handle(session_handle_t handle)
Get app listener for listener session handle.
#define pool_put_index(p, i)
Free pool element with given index.
int(* ctx_stop_listen)(tls_ctx_t *ctx)
int vnet_listen(vnet_listen_args_t *a)
static int tls_ctx_write(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
int vnet_connect(vnet_connect_args_t *a)
tls_ctx_t * half_open_ctx_pool
u8 thread_index
Index of the thread that allocated the session.
session_t * session_alloc(u32 thread_index)
u32 tls_stop_listen(u32 lctx_index)
int(* ctx_app_close)(tls_ctx_t *ctx)
static void tls_app_session_cleanup(session_t *s, session_cleanup_ntf_t ntf)
app_worker_t * app_worker_get(u32 wrk_index)
void tls_ctx_free(tls_ctx_t *ctx)
static crypto_engine_type_t tls_get_engine_type(crypto_engine_type_t preferred)
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
volatile u8 session_state
State in session layer state machine.
int tls_add_vpp_q_rx_evt(session_t *s)
void session_transport_closed_notify(transport_connection_t *tc)
Notification from transport that it is closed.
u32 opaque
Opaque, for general use.
void session_close(session_t *s)
Initialize session closing procedure.
int app_worker_alloc_connects_segment_manager(app_worker_t *app)
int vnet_disconnect_session(vnet_disconnect_args_t *a)
int tls_notify_app_accept(tls_ctx_t *ctx)
u32 app_index
Index of owning app.
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
static struct option options[]
void tls_ctx_half_open_free(u32 ho_index)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, session_t *tls_session, session_error_t err)
enum session_error_ session_error_t
u32 app_wrk_index
Index of the app worker that owns the session.
enum crypto_engine_type_ crypto_engine_type_t
int(* session_accept_callback)(session_t *new_session)
Notify server of newly accepted session.
struct _session_endpoint session_endpoint_t
int tls_custom_tx_callback(void *session, transport_send_params_t *sp)
u8 * format_tls_half_open(u8 *s, va_list *args)
int(* ctx_transport_close)(tls_ctx_t *ctx)
static clib_error_t * tls_init(vlib_main_t *vm)
static session_cb_vft_t tls_app_cb_vft
#define TLS_DBG(_lvl, _fmt, _args...)
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
tls_ctx_t * listener_ctx_pool
static session_t * listen_session_get(u32 ls_index)
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)