FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
tls.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2019 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vnet/session/application_interface.h>
17 #include <vppinfra/lock.h>
18 #include <vnet/tls/tls.h>
19 
20 static tls_main_t tls_main;
21 static tls_engine_vft_t *tls_vfts;
22 
23 #define TLS_INVALID_HANDLE ~0
24 #define TLS_IDX_MASK 0x00FFFFFF
25 #define TLS_ENGINE_TYPE_SHIFT 29
26 
27 void tls_disconnect (u32 ctx_handle, u32 thread_index);
28 
29 void
30 tls_disconnect_transport (tls_ctx_t * ctx)
31 {
32  vnet_disconnect_args_t a = {
33  .handle = ctx->tls_session_handle,
34  .app_index = tls_main.app_index,
35  };
36 
37  if (vnet_disconnect_session (&a))
38  clib_warning ("disconnect returned");
39 }
40 
41 crypto_engine_type_t
42 tls_get_available_engine (void)
43 {
44  int i;
45  for (i = 0; i < vec_len (tls_vfts); i++)
46  {
47  if (tls_vfts[i].ctx_alloc)
48  return i;
49  }
50  return CRYPTO_ENGINE_NONE;
51 }
52 
53 int
54 tls_add_vpp_q_rx_evt (session_t * s)
55 {
56  if (svm_fifo_set_event (s->rx_fifo))
57  session_send_io_evt_to_thread (s->rx_fifo, SESSION_IO_EVT_RX);
58  return 0;
59 }
60 
61 int
62 tls_add_vpp_q_builtin_rx_evt (session_t * s)
63 {
64  if (svm_fifo_set_event (s->rx_fifo))
65  session_send_io_evt_to_thread (s->rx_fifo, SESSION_IO_EVT_BUILTIN_RX);
66  return 0;
67 }
68 
69 int
70 tls_add_vpp_q_tx_evt (session_t * s)
71 {
72  if (svm_fifo_set_event (s->tx_fifo))
73  session_send_io_evt_to_thread (s->tx_fifo, SESSION_IO_EVT_TX);
74  return 0;
75 }
76 
77 static inline int
78 tls_add_app_q_evt (app_worker_t * app, session_t * app_session)
79 {
80  return app_worker_lock_and_send_event (app, app_session, SESSION_IO_EVT_RX);
81 }
82 
83 u32
84 tls_listener_ctx_alloc (void)
85 {
86  tls_main_t *tm = &tls_main;
87  tls_ctx_t *ctx;
88 
89  pool_get (tm->listener_ctx_pool, ctx);
90  clib_memset (ctx, 0, sizeof (*ctx));
91  return ctx - tm->listener_ctx_pool;
92 }
93 
94 void
95 tls_listener_ctx_free (tls_ctx_t * ctx)
96 {
97  if (CLIB_DEBUG)
98  memset (ctx, 0xfb, sizeof (*ctx));
99  pool_put (tls_main.listener_ctx_pool, ctx);
100 }
101 
102 tls_ctx_t *
103 tls_listener_ctx_get (u32 ctx_index)
104 {
105  return pool_elt_at_index (tls_main.listener_ctx_pool, ctx_index);
106 }
107 
108 u32
109 tls_listener_ctx_index (tls_ctx_t * ctx)
110 {
111  return (ctx - tls_main.listener_ctx_pool);
112 }
113 
114 u32
115 tls_ctx_half_open_alloc (void)
116 {
117  tls_main_t *tm = &tls_main;
118  u8 will_expand = 0;
119  tls_ctx_t *ctx;
120  u32 ctx_index;
121 
122  pool_get_aligned_will_expand (tm->half_open_ctx_pool, will_expand, 0);
123  if (PREDICT_FALSE (will_expand && vlib_num_workers ()))
124  {
125  clib_rwlock_writer_lock (&tm->half_open_rwlock);
126  pool_get (tm->half_open_ctx_pool, ctx);
127  ctx_index = ctx - tm->half_open_ctx_pool;
128  clib_rwlock_writer_unlock (&tm->half_open_rwlock);
129  }
130  else
131  {
132  /* reader lock assumption: only main thread will call pool_get */
133  clib_rwlock_reader_lock (&tm->half_open_rwlock);
134  pool_get (tm->half_open_ctx_pool, ctx);
135  ctx_index = ctx - tm->half_open_ctx_pool;
136  clib_rwlock_reader_unlock (&tm->half_open_rwlock);
137  }
138  clib_memset (ctx, 0, sizeof (*ctx));
139  return ctx_index;
140 }
141 
142 void
143 tls_ctx_half_open_free (u32 ho_index)
144 {
145  tls_main_t *tm = &tls_main;
146  clib_rwlock_writer_lock (&tm->half_open_rwlock);
147  pool_put_index (tls_main.half_open_ctx_pool, ho_index);
148  clib_rwlock_writer_unlock (&tm->half_open_rwlock);
149 }
150 
151 tls_ctx_t *
152 tls_ctx_half_open_get (u32 ctx_index)
153 {
154  tls_main_t *tm = &tls_main;
155  clib_rwlock_reader_lock (&tm->half_open_rwlock);
156  return pool_elt_at_index (tm->half_open_ctx_pool, ctx_index);
157 }
158 
159 void
160 tls_ctx_half_open_reader_unlock ()
161 {
162  clib_rwlock_reader_unlock (&tls_main.half_open_rwlock);
163 }
164 
165 u32
166 tls_ctx_half_open_index (tls_ctx_t * ctx)
167 {
168  return (ctx - tls_main.half_open_ctx_pool);
169 }
170 
171 void
172 tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session)
173 {
174  app_worker_t *app_wrk;
175  app_wrk = app_worker_get_if_valid (app_session->app_wrk_index);
176  if (PREDICT_TRUE (app_wrk != 0))
177  tls_add_app_q_evt (app_wrk, app_session);
178 }
179 
180 int
181 tls_notify_app_accept (tls_ctx_t * ctx)
182 {
183  session_t *app_listener, *app_session;
184  app_worker_t *app_wrk;
185  tls_ctx_t *lctx;
186  int rv;
187 
188  lctx = tls_listener_ctx_get (ctx->listener_ctx_index);
189  app_listener = listen_session_get_from_handle (lctx->app_session_handle);
190 
191  app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
192  app_session->app_wrk_index = ctx->parent_app_wrk_index;
193  app_session->connection_index = ctx->tls_ctx_handle;
194  app_session->session_type = app_listener->session_type;
195  app_session->listener_handle = listen_session_get_handle (app_listener);
196  app_session->session_state = SESSION_STATE_ACCEPTING;
197 
198  if ((rv = app_worker_init_accepted (app_session)))
199  {
200  TLS_DBG (1, "failed to allocate fifos");
201  session_free (app_session);
202  return rv;
203  }
204  ctx->app_session_handle = session_handle (app_session);
205  ctx->parent_app_wrk_index = app_session->app_wrk_index;
206  app_wrk = app_worker_get (app_session->app_wrk_index);
207  return app_worker_accept_notify (app_wrk, app_session);
208 }
209 
210 int
211 tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
212 {
213  session_t *app_session;
214  app_worker_t *app_wrk;
215 
216  app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
217  if (!app_wrk)
218  {
219  tls_disconnect_transport (ctx);
220  return -1;
221  }
222 
223  if (err)
224  goto failed;
225 
226  app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
227  app_session->app_wrk_index = ctx->parent_app_wrk_index;
228  app_session->connection_index = ctx->tls_ctx_handle;
229  app_session->session_type =
230  session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
231 
232  if ((err = app_worker_init_connected (app_wrk, app_session)))
233  goto failed;
234 
235  app_session->session_state = SESSION_STATE_CONNECTING;
236  if (app_worker_connect_notify (app_wrk, app_session,
237  SESSION_E_NONE, ctx->parent_app_api_context))
238  {
239  TLS_DBG (1, "failed to notify app");
240  tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
241  return -1;
242  }
243 
244  ctx->app_session_handle = session_handle (app_session);
245  app_session->session_state = SESSION_STATE_READY;
246 
247  return 0;
248 
249 failed:
250  /* Free app session pre-allocated when transport was established */
251  session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
252  ctx->no_app_session = 1;
253  tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
254  return app_worker_connect_notify (app_wrk, 0, err,
255  ctx->parent_app_api_context);
256 }
257 
258 static inline void
259 tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type)
260 {
261  *ctx_index = ctx_handle & TLS_IDX_MASK;
262  *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT;
263 }
264 
265 static inline crypto_engine_type_t
266 tls_get_engine_type (crypto_engine_type_t preferred)
267 {
268  if (!tls_vfts[preferred].ctx_alloc)
269  return tls_get_available_engine ();
270  return preferred;
271 }
272 
273 static inline u32
274 tls_ctx_alloc (crypto_engine_type_t engine_type)
275 {
276  u32 ctx_index;
277  ctx_index = tls_vfts[engine_type].ctx_alloc ();
278  return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
279 }
280 
281 static inline tls_ctx_t *
282 tls_ctx_get (u32 ctx_handle)
283 {
284  u32 ctx_index, engine_type;
285  tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
286  return tls_vfts[engine_type].ctx_get (ctx_index);
287 }
288 
289 static inline tls_ctx_t *
290 tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index)
291 {
292  u32 ctx_index, engine_type;
293  tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
294  return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index);
295 }
296 
297 static inline int
298 tls_ctx_init_server (tls_ctx_t * ctx)
299 {
300  return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx);
301 }
302 
303 static inline int
304 tls_ctx_init_client (tls_ctx_t * ctx)
305 {
306  return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx);
307 }
308 
309 static inline int
310 tls_ctx_write (tls_ctx_t * ctx, session_t * app_session,
311  transport_send_params_t * sp)
312 {
313  u32 n_wrote;
314 
315  sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS;
316  n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp);
317  return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0;
318 }
319 
320 static inline int
321 tls_ctx_read (tls_ctx_t * ctx, session_t * tls_session)
322 {
323  return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session);
324 }
325 
326 static inline int
327 tls_ctx_transport_close (tls_ctx_t * ctx)
328 {
329  return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx);
330 }
331 
332 static inline int
333 tls_ctx_app_close (tls_ctx_t * ctx)
334 {
335  return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx);
336 }
337 
338 void
339 tls_ctx_free (tls_ctx_t * ctx)
340 {
341  tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx);
342 }
343 
344 u8
345 tls_ctx_handshake_is_over (tls_ctx_t * ctx)
346 {
347  return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
348 }
349 
350 void
351 tls_session_reset_callback (session_t * s)
352 {
353  tls_ctx_t *ctx;
354  transport_connection_t *tc;
355  session_t *app_session;
356 
357  ctx = tls_ctx_get (s->opaque);
358  ctx->is_passive_close = 1;
359  tc = &ctx->connection;
360  if (tls_ctx_handshake_is_over (ctx))
361  {
362  session_transport_reset_notify (tc);
363  session_transport_closed_notify (tc);
364  tls_disconnect_transport (ctx);
365  }
366  else
367  if ((app_session =
368  session_get_if_valid (ctx->c_s_index, ctx->c_thread_index)))
369  {
370  session_free (app_session);
371  ctx->c_s_index = SESSION_INVALID_INDEX;
372  tls_disconnect_transport (ctx);
373  }
374 }
375 
376 int
377 tls_add_segment_callback (u32 client_index, u64 segment_handle)
378 {
379  /* No-op for builtin */
380  return 0;
381 }
382 
383 int
384 tls_del_segment_callback (u32 client_index, u64 segment_handle)
385 {
386  return 0;
387 }
388 
389 void
390 tls_session_disconnect_callback (session_t * tls_session)
391 {
392  tls_ctx_t *ctx;
393 
394  TLS_DBG (1, "TCP disconnecting handle %x session %u", tls_session->opaque,
395  tls_session->session_index);
396 
397  ASSERT (tls_session->thread_index == vlib_get_thread_index ()
398  || vlib_thread_is_main_w_barrier ());
399 
400  ctx = tls_ctx_get_w_thread (tls_session->opaque, tls_session->thread_index);
401  ctx->is_passive_close = 1;
402  tls_ctx_transport_close (ctx);
403 }
404 
405 int
406 tls_session_accept_callback (session_t * tls_session)
407 {
408  session_t *tls_listener, *app_session;
409  tls_ctx_t *lctx, *ctx;
410  u32 ctx_handle;
411 
412  tls_listener =
413  listen_session_get_from_handle (tls_session->listener_handle);
414  lctx = tls_listener_ctx_get (tls_listener->opaque);
415 
416  ctx_handle = tls_ctx_alloc (lctx->tls_ctx_engine);
417  ctx = tls_ctx_get (ctx_handle);
418  memcpy (ctx, lctx, sizeof (*lctx));
419  ctx->c_thread_index = vlib_get_thread_index ();
420  ctx->tls_ctx_handle = ctx_handle;
421  tls_session->session_state = SESSION_STATE_READY;
422  tls_session->opaque = ctx_handle;
423  ctx->tls_session_handle = session_handle (tls_session);
424  ctx->listener_ctx_index = tls_listener->opaque;
425  ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
426  ctx->ckpair_index = lctx->ckpair_index;
427 
428  /* Preallocate app session. Avoids allocating a session post handshake
429  * on tls_session rx and potentially invalidating the session pool */
430  app_session = session_alloc (ctx->c_thread_index);
431  app_session->session_state = SESSION_STATE_CREATED;
432  ctx->c_s_index = app_session->session_index;
433 
434  TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
435  tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
436 
437  return tls_ctx_init_server (ctx);
438 }
439 
440 int
441 tls_app_rx_callback (session_t * tls_session)
442 {
443  tls_ctx_t *ctx;
444 
445  ctx = tls_ctx_get (tls_session->opaque);
446  tls_ctx_read (ctx, tls_session);
447  return 0;
448 }
449 
450 int
451 tls_app_tx_callback (session_t * tls_session)
452 {
453  tls_ctx_t *ctx;
454 
455  ctx = tls_ctx_get (tls_session->opaque);
456  transport_connection_reschedule (&ctx->connection);
457 
458  return 0;
459 }
460 
461 int
462 tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
463  session_t * tls_session, session_error_t err)
464 {
465  session_t *app_session;
466  tls_ctx_t *ho_ctx, *ctx;
467  u32 ctx_handle;
468 
469  ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
470 
471  if (err)
472  {
473  app_worker_t *app_wrk;
474  u32 api_context;
475  int rv = 0;
476 
477  app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
478  if (app_wrk)
479  {
480  api_context = ho_ctx->c_s_index;
481  app_worker_connect_notify (app_wrk, 0, err, api_context);
482  }
483  tls_ctx_half_open_reader_unlock ();
484  tls_ctx_half_open_free (ho_ctx_index);
485  return rv;
486  }
487 
488  ctx_handle = tls_ctx_alloc (ho_ctx->tls_ctx_engine);
489  ctx = tls_ctx_get (ctx_handle);
490  clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx));
491  tls_ctx_half_open_reader_unlock ();
492  tls_ctx_half_open_free (ho_ctx_index);
493 
494  ctx->c_thread_index = vlib_get_thread_index ();
495  ctx->tls_ctx_handle = ctx_handle;
496  ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
497 
498  TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x",
499  ho_ctx_index, is_fail, vlib_get_thread_index (),
500  (ctx) ? ctx_handle : ~0);
501 
502  ctx->tls_session_handle = session_handle (tls_session);
503  tls_session->opaque = ctx_handle;
504  tls_session->session_state = SESSION_STATE_READY;
505 
506  /* Preallocate app session. Avoids allocating a session post handshake
507  * on tls_session rx and potentially invalidating the session pool */
508  app_session = session_alloc (ctx->c_thread_index);
509  app_session->session_state = SESSION_STATE_CREATED;
510  ctx->c_s_index = app_session->session_index;
511 
512  return tls_ctx_init_client (ctx);
513 }
514 
515 static void
516 tls_app_session_cleanup (session_t * s, session_cleanup_ntf_t ntf)
517 {
518  tls_ctx_t *ctx;
519 
520  if (ntf == SESSION_CLEANUP_TRANSPORT)
521  {
522  /* Allow cleanup of tcp session */
523  if (s->session_state == SESSION_STATE_TRANSPORT_DELETED)
524  session_close (s);
525  return;
526  }
527 
528  ctx = tls_ctx_get (s->opaque);
529  if (!ctx->no_app_session)
530  session_transport_delete_notify (&ctx->connection);
531  tls_ctx_free (ctx);
532 }
533 
534 /* *INDENT-OFF* */
535 static session_cb_vft_t tls_app_cb_vft = {
536  .session_accept_callback = tls_session_accept_callback,
537  .session_disconnect_callback = tls_session_disconnect_callback,
538  .session_connected_callback = tls_session_connected_callback,
539  .session_reset_callback = tls_session_reset_callback,
540  .add_segment_callback = tls_add_segment_callback,
541  .del_segment_callback = tls_del_segment_callback,
542  .builtin_app_rx_callback = tls_app_rx_callback,
543  .builtin_app_tx_callback = tls_app_tx_callback,
544  .session_cleanup_callback = tls_app_session_cleanup,
545 };
546 /* *INDENT-ON* */
547 
548 int
549 tls_connect (transport_endpoint_cfg_t * tep)
550 {
551  vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs;
552  session_endpoint_cfg_t *sep;
553  crypto_engine_type_t engine_type;
554  tls_main_t *tm = &tls_main;
555  app_worker_t *app_wrk;
556  application_t *app;
557  tls_ctx_t *ctx;
558  u32 ctx_index;
559  int rv;
560 
561  sep = (session_endpoint_cfg_t *) tep;
562  app_wrk = app_worker_get (sep->app_wrk_index);
563  app = application_get (app_wrk->app_index);
564  engine_type = tls_get_engine_type (app->tls_engine);
565  if (engine_type == CRYPTO_ENGINE_NONE)
566  {
567  clib_warning ("No tls engine_type available");
568  return -1;
569  }
570 
571  ctx_index = tls_ctx_half_open_alloc ();
572  ctx = tls_ctx_half_open_get (ctx_index);
573  ctx->parent_app_wrk_index = sep->app_wrk_index;
574  ctx->parent_app_api_context = sep->opaque;
575  ctx->tcp_is_ip4 = sep->is_ip4;
576  if (sep->hostname)
577  {
578  ctx->srv_hostname = format (0, "%v", sep->hostname);
579  vec_terminate_c_string (ctx->srv_hostname);
580  }
581  tls_ctx_half_open_reader_unlock ();
582 
583  app_worker_alloc_connects_segment_manager (app_wrk);
584  ctx->tls_ctx_engine = engine_type;
585 
586  clib_memcpy_fast (&cargs->sep, sep, sizeof (session_endpoint_t));
587  cargs->sep.transport_proto = TRANSPORT_PROTO_TCP;
588  cargs->app_index = tm->app_index;
589  cargs->api_context = ctx_index;
590  cargs->sep_ext.ns_index = app->ns_index;
591  if ((rv = vnet_connect (cargs)))
592  return rv;
593 
594  TLS_DBG (1, "New connect request %u engine %d", ctx_index, engine_type);
595  return 0;
596 }
597 
598 void
599 tls_disconnect (u32 ctx_handle, u32 thread_index)
600 {
601  tls_ctx_t *ctx;
602 
603  TLS_DBG (1, "Disconnecting %x", ctx_handle);
604 
605  ctx = tls_ctx_get (ctx_handle);
606  tls_ctx_app_close (ctx);
607 }
608 
609 u32
610 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
611 {
612  vnet_listen_args_t _bargs, *args = &_bargs;
613  app_worker_t *app_wrk;
614  tls_main_t *tm = &tls_main;
615  session_handle_t tls_al_handle;
616  session_endpoint_cfg_t *sep;
617  session_t *tls_listener;
618  session_t *app_listener;
619  crypto_engine_type_t engine_type;
620  application_t *app;
621  app_listener_t *al;
622  tls_ctx_t *lctx;
623  u32 lctx_index;
624 
625  sep = (session_endpoint_cfg_t *) tep;
626  app_wrk = app_worker_get (sep->app_wrk_index);
627  app = application_get (app_wrk->app_index);
628  engine_type = tls_get_engine_type (app->tls_engine);
629  if (engine_type == CRYPTO_ENGINE_NONE)
630  {
631  clib_warning ("No tls engine_type available");
632  return -1;
633  }
634 
635  clib_memset (args, 0, sizeof (*args));
636  args->app_index = tm->app_index;
637  args->sep_ext = *sep;
638  args->sep_ext.ns_index = app->ns_index;
639  args->sep_ext.transport_proto = TRANSPORT_PROTO_TCP;
640  if (vnet_listen (args))
641  return -1;
642 
643  lctx_index = tls_listener_ctx_alloc ();
644  tls_al_handle = args->handle;
645  al = app_listener_get_w_handle (tls_al_handle);
646  tls_listener = app_listener_get_session (al);
647  tls_listener->opaque = lctx_index;
648 
649  app_listener = listen_session_get (app_listener_index);
650 
651  lctx = tls_listener_ctx_get (lctx_index);
652  lctx->parent_app_wrk_index = sep->app_wrk_index;
653  lctx->tls_session_handle = tls_al_handle;
654  lctx->app_session_handle = listen_session_get_handle (app_listener);
655  lctx->tcp_is_ip4 = sep->is_ip4;
656  lctx->tls_ctx_engine = engine_type;
657  lctx->ckpair_index = sep->ckpair_index;
658 
659  if (tls_vfts[engine_type].ctx_start_listen (lctx))
660  {
661  vnet_unlisten_args_t a = {
662  .handle = lctx->tls_session_handle,
663  .app_index = tls_main.app_index,
664  .wrk_map_index = 0
665  };
666  if ((vnet_unlisten (&a)))
667  clib_warning ("unlisten returned");
668  tls_listener_ctx_free (lctx);
669  lctx_index = SESSION_INVALID_INDEX;
670  }
671 
672  TLS_DBG (1, "Started listening %d, engine type %d", lctx_index,
673  engine_type);
674  return lctx_index;
675 }
676 
677 u32
678 tls_stop_listen (u32 lctx_index)
679 {
680  session_endpoint_t sep = SESSION_ENDPOINT_NULL;
681  crypto_engine_type_t engine_type;
682  transport_connection_t *lc;
683  tls_ctx_t *lctx;
684  session_t *ls;
685  int rv;
686 
687  lctx = tls_listener_ctx_get (lctx_index);
688 
689  /* Cleanup listener from session lookup table */
690  ls = session_get_from_handle (lctx->tls_session_handle);
691  lc = session_get_transport (ls);
692 
693  sep.fib_index = lc->fib_index;
694  sep.port = lc->lcl_port;
695  sep.is_ip4 = lc->is_ip4;
696  sep.transport_proto = TRANSPORT_PROTO_TLS;
697  clib_memcpy (&sep.ip, &lc->lcl_ip, sizeof (lc->lcl_ip));
698  session_lookup_del_session_endpoint2 (&sep);
699 
700  vnet_unlisten_args_t a = {
701  .handle = lctx->tls_session_handle,
702  .app_index = tls_main.app_index,
703  .wrk_map_index = 0 /* default wrk */
704  };
705  if ((rv = vnet_unlisten (&a)))
706  clib_warning ("unlisten returned %d", rv);
707 
708  engine_type = lctx->tls_ctx_engine;
709  tls_vfts[engine_type].ctx_stop_listen (lctx);
710 
711  tls_listener_ctx_free (lctx);
712  return 0;
713 }
714 
715 transport_connection_t *
716 tls_connection_get (u32 ctx_index, u32 thread_index)
717 {
718  tls_ctx_t *ctx;
719  ctx = tls_ctx_get_w_thread (ctx_index, thread_index);
720  return &ctx->connection;
721 }
722 
723 transport_connection_t *
724 tls_listener_get (u32 listener_index)
725 {
726  tls_ctx_t *ctx;
727  ctx = tls_listener_ctx_get (listener_index);
728  return &ctx->connection;
729 }
730 
731 int
732 tls_custom_tx_callback (void *session, transport_send_params_t * sp)
733 {
734  session_t *app_session = (session_t *) session;
735  tls_ctx_t *ctx;
736 
737  if (PREDICT_FALSE (app_session->session_state
738  >= SESSION_STATE_TRANSPORT_CLOSED))
739  return 0;
740 
741  ctx = tls_ctx_get (app_session->connection_index);
742  return tls_ctx_write (ctx, app_session, sp);
743 }
744 
745 u8 *
746 format_tls_ctx (u8 * s, va_list * args)
747 {
748  u32 tcp_si, tcp_ti, ctx_index, ctx_engine, app_si, app_ti;
749  tls_ctx_t *ctx = va_arg (*args, tls_ctx_t *);
750 
751  session_parse_handle (ctx->tls_session_handle, &tcp_si, &tcp_ti);
752  tls_ctx_parse_handle (ctx->tls_ctx_handle, &ctx_index, &ctx_engine);
753  session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
754  s = format (s, "[%d:%d][TLS] app_wrk %u index %u engine %u tcp %d:%d",
755  app_ti, app_si, ctx->parent_app_wrk_index, ctx_index,
756  ctx_engine, tcp_ti, tcp_si);
757 
758  return s;
759 }
760 
761 static u8 *
762 format_tls_listener_ctx (u8 * s, va_list * args)
763 {
764  session_t *tls_listener;
765  app_listener_t *al;
766  u32 app_si, app_ti;
767  tls_ctx_t *ctx;
768 
769  ctx = va_arg (*args, tls_ctx_t *);
770 
771  al = app_listener_get_w_handle (ctx->tls_session_handle);
772  tls_listener = app_listener_get_session (al);
773  session_parse_handle (ctx->app_session_handle, &app_si, &app_ti);
774  s = format (s, "[%d:%d][TLS] app_wrk %u engine %u tcp %d:%d",
775  app_ti, app_si, ctx->parent_app_wrk_index, ctx->tls_ctx_engine,
776  tls_listener->thread_index, tls_listener->session_index);
777 
778  return s;
779 }
780 
781 static u8 *
782 format_tls_ctx_state (u8 * s, va_list * args)
783 {
784  tls_ctx_t *ctx;
785  session_t *ts;
786 
787  ctx = va_arg (*args, tls_ctx_t *);
788  ts = session_get_from_handle (ctx->app_session_handle);
789  if (ts->session_state == SESSION_STATE_LISTENING)
790  s = format (s, "%s", "LISTEN");
791  else
792  {
793  if (ts->session_state >= SESSION_STATE_TRANSPORT_CLOSED)
794  s = format (s, "%s", "CLOSED");
795  else if (ts->session_state == SESSION_STATE_APP_CLOSED)
796  s = format (s, "%s", "APP-CLOSED");
797  else if (ts->session_state >= SESSION_STATE_TRANSPORT_CLOSING)
798  s = format (s, "%s", "CLOSING");
799  else if (tls_ctx_handshake_is_over (ctx))
800  s = format (s, "%s", "ESTABLISHED");
801  else
802  s = format (s, "%s", "HANDSHAKE");
803  }
804 
805  return s;
806 }
807 
808 u8 *
809 format_tls_connection (u8 * s, va_list * args)
810 {
811  u32 ctx_index = va_arg (*args, u32);
812  u32 thread_index = va_arg (*args, u32);
813  u32 verbose = va_arg (*args, u32);
814  tls_ctx_t *ctx;
815 
816  ctx = tls_ctx_get_w_thread (ctx_index, thread_index);
817  if (!ctx)
818  return s;
819 
820  s = format (s, "%-50U", format_tls_ctx, ctx);
821  if (verbose)
822  {
823  s = format (s, "%-15U", format_tls_ctx_state, ctx);
824  if (verbose > 1)
825  s = format (s, "\n");
826  }
827  return s;
828 }
829 
830 u8 *
831 format_tls_listener (u8 * s, va_list * args)
832 {
833  u32 tc_index = va_arg (*args, u32);
834  u32 __clib_unused thread_index = va_arg (*args, u32);
835  u32 verbose = va_arg (*args, u32);
836  tls_ctx_t *ctx = tls_listener_ctx_get (tc_index);
837 
838  s = format (s, "%-50U", format_tls_listener_ctx, ctx);
839  if (verbose)
840  s = format (s, "%-15U", format_tls_ctx_state, ctx);
841  return s;
842 }
843 
844 u8 *
845 format_tls_half_open (u8 * s, va_list * args)
846 {
847  u32 tc_index = va_arg (*args, u32);
848  u32 __clib_unused thread_index = va_arg (*args, u32);
849  tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index);
850  s = format (s, "[TLS] half-open app %u", ctx->parent_app_wrk_index);
851  tls_ctx_half_open_reader_unlock ();
852  return s;
853 }
854 
855 static void
856 tls_transport_endpoint_get (u32 ctx_handle, u32 thread_index,
857  transport_endpoint_t * tep, u8 is_lcl)
858 {
859  tls_ctx_t *ctx = tls_ctx_get_w_thread (ctx_handle, thread_index);
860  session_t *tcp_session;
861 
862  tcp_session = session_get_from_handle (ctx->tls_session_handle);
863  session_get_endpoint (tcp_session, tep, is_lcl);
864 }
865 
866 static void
867 tls_transport_listener_endpoint_get (u32 ctx_handle,
868  transport_endpoint_t * tep, u8 is_lcl)
869 {
870  session_t *tls_listener;
871  app_listener_t *al;
872  tls_ctx_t *ctx = tls_listener_ctx_get (ctx_handle);
873 
874  al = app_listener_get_w_handle (ctx->tls_session_handle);
875  tls_listener = app_listener_get_session (al);
876  session_get_endpoint (tls_listener, tep, is_lcl);
877 }
878 
879 /* *INDENT-OFF* */
880 static const transport_proto_vft_t tls_proto = {
881  .connect = tls_connect,
882  .close = tls_disconnect,
883  .start_listen = tls_start_listen,
884  .stop_listen = tls_stop_listen,
885  .get_connection = tls_connection_get,
886  .get_listener = tls_listener_get,
887  .custom_tx = tls_custom_tx_callback,
888  .format_connection = format_tls_connection,
889  .format_half_open = format_tls_half_open,
890  .format_listener = format_tls_listener,
891  .get_transport_endpoint = tls_transport_endpoint_get,
892  .get_transport_listener_endpoint = tls_transport_listener_endpoint_get,
893  .transport_options = {
894  .name = "tls",
895  .short_name = "J",
896  .tx_type = TRANSPORT_TX_INTERNAL,
897  .service_type = TRANSPORT_SERVICE_APP,
898  },
899 };
900 /* *INDENT-ON* */
901 
902 void
903 tls_register_engine (const tls_engine_vft_t * vft, crypto_engine_type_t type)
904 {
905  vec_validate (tls_vfts, type);
906  tls_vfts[type] = *vft;
907 }
908 
909 static clib_error_t *
910 tls_init (vlib_main_t * vm)
911 {
912  u32 add_segment_size = 256 << 20, first_seg_size = 32 << 20;
913  vlib_thread_main_t *vtm = vlib_get_thread_main ();
914  u32 num_threads, fifo_size = 128 << 12;
915  vnet_app_attach_args_t _a, *a = &_a;
916  u64 options[APP_OPTIONS_N_OPTIONS];
917  tls_main_t *tm = &tls_main;
918 
919  first_seg_size = tm->first_seg_size ? tm->first_seg_size : first_seg_size;
920  fifo_size = tm->fifo_size ? tm->fifo_size : fifo_size;
921  num_threads = 1 /* main thread */ + vtm->n_threads;
922 
923  clib_memset (a, 0, sizeof (*a));
924  clib_memset (options, 0, sizeof (options));
925 
926  a->session_cb_vft = &tls_app_cb_vft;
927  a->api_client_index = APP_INVALID_INDEX;
928  a->options = options;
929  a->name = format (0, "tls");
930  a->options[APP_OPTIONS_SEGMENT_SIZE] = first_seg_size;
931  a->options[APP_OPTIONS_ADD_SEGMENT_SIZE] = add_segment_size;
932  a->options[APP_OPTIONS_RX_FIFO_SIZE] = fifo_size;
933  a->options[APP_OPTIONS_TX_FIFO_SIZE] = fifo_size;
934  a->options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
935  a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
936  a->options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_TRANSPORT_APP;
937 
938  if (vnet_application_attach (a))
939  {
940  clib_warning ("failed to attach tls app");
941  return clib_error_return (0, "failed to attach tls app");
942  }
943 
944  if (!tm->ca_cert_path)
945  tm->ca_cert_path = TLS_CA_CERT_PATH;
946 
947  tm->app_index = a->app_index;
948  clib_rwlock_init (&tm->half_open_rwlock);
949 
950  vec_validate (tm->rx_bufs, num_threads - 1);
951  vec_validate (tm->tx_bufs, num_threads - 1);
952 
953  transport_register_protocol (TRANSPORT_PROTO_TLS, &tls_proto,
954  FIB_PROTOCOL_IP4, ~0);
955  transport_register_protocol (TRANSPORT_PROTO_TLS, &tls_proto,
956  FIB_PROTOCOL_IP6, ~0);
957  vec_free (a->name);
958  return 0;
959 }
960 
961 VLIB_INIT_FUNCTION (tls_init);
962 
963 static clib_error_t *
964 tls_config_fn (vlib_main_t * vm, unformat_input_t * input)
965 {
966  tls_main_t *tm = &tls_main;
967  uword tmp;
968  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
969  {
970  if (unformat (input, "use-test-cert-in-ca"))
971  tm->use_test_cert_in_ca = 1;
972  else if (unformat (input, "ca-cert-path %s", &tm->ca_cert_path))
973  ;
974  else if (unformat (input, "first-segment-size %U", unformat_memory_size,
975  &tm->first_seg_size))
976  ;
977  else if (unformat (input, "fifo-size %U", unformat_memory_size, &tmp))
978  {
979  if (tmp >= 0x100000000ULL)
980  {
981  return clib_error_return
982  (0, "fifo-size %llu (0x%llx) too large", tmp, tmp);
983  }
984  tm->fifo_size = tmp;
985  }
986  else
987  return clib_error_return (0, "unknown input `%U'",
988  format_unformat_error, input);
989  }
990  return 0;
991 }
992 
993 VLIB_EARLY_CONFIG_FUNCTION (tls_config_fn, "tls");
994 
995 tls_main_t *
996 vnet_tls_get_main (void)
997 {
998  return &tls_main;
999 }
1000 
1001 /*
1002  * fd.io coding-style-patch-verification: ON
1003  *
1004  * Local Variables:
1005  * eval: (c-set-style "gnu")
1006  * End:
1007  */
vnet_tls_get_main
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:996
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:509
clib_rwlock_reader_lock
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
Definition: lock.h:167
app_worker_lock_and_send_event
int app_worker_lock_and_send_event(app_worker_t *app, session_t *s, u8 evt_type)
Send event to application.
Definition: application_worker.c:776
format_tls_listener_ctx
static u8 * format_tls_listener_ctx(u8 *s, va_list *args)
Definition: tls.c:762
session_::connection_index
u32 connection_index
Index of the transport connection associated to the session.
Definition: session_types.h:206
tls_main
static tls_main_t tls_main
Definition: tls.c:20
session_
Definition: session_types.h:181
tls_notify_app_connected
int tls_notify_app_connected(tls_ctx_t *ctx, session_error_t err)
Definition: tls.c:211
APP_OPTIONS_RX_FIFO_SIZE
Definition: application_interface.h:200
app_worker_init_accepted
int app_worker_init_accepted(session_t *s)
Definition: application_worker.c:355
vlib_thread_main_t::n_threads
u32 n_threads
Definition: threads.h:315
session_::session_type
session_type_t session_type
Type built from transport and network protocol types.
Definition: session_types.h:188
a
a
Definition: bitmap.h:538
tls_proto
static const transport_proto_vft_t tls_proto
Definition: tls.c:880
clib_rwlock_writer_lock
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
Definition: lock.h:190
tls_disconnect_transport
void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30
session_::tx_fifo
svm_fifo_t * tx_fifo
Definition: session_types.h:185
app_worker_connect_notify
int app_worker_connect_notify(app_worker_t *app_wrk, session_t *s, session_error_t err, u32 opaque)
Definition: application_worker.c:404
TLS_ENGINE_TYPE_SHIFT
#define TLS_ENGINE_TYPE_SHIFT
Definition: tls.c:25
tls_get_available_engine
crypto_engine_type_t tls_get_available_engine(void)
Definition: tls.c:42
application_::ns_index
u32 ns_index
Namespace the application belongs to.
Definition: application.h:116
vnet_connect_args_t
struct _vnet_connect_args vnet_connect_args_t
tls_ctx_::no_app_session
u8 no_app_session
Definition: tls.h:80
vnet_unlisten_args_t
struct _vnet_unlisten_args_t vnet_unlisten_args_t
tls_ctx_half_open_alloc
u32 tls_ctx_half_open_alloc(void)
Definition: tls.c:115
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:121
tls_listener_ctx_alloc
u32 tls_listener_ctx_alloc(void)
Definition: tls.c:84
tls_session_reset_callback
void tls_session_reset_callback(session_t *s)
Definition: tls.c:351
session_::session_index
u32 session_index
Index in thread pool where session was allocated.
Definition: session_types.h:194
tls_main_::half_open_rwlock
clib_rwlock_t half_open_rwlock
Definition: tls.h:91
u64
unsigned long u64
Definition: types.h:89
tls_main_::ca_cert_path
char * ca_cert_path
Definition: tls.h:99
tls_engine_vft_::ctx_init_server
int(* ctx_init_server)(tls_ctx_t *ctx)
Definition: tls.h:111
clib_memcpy_fast
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
session_transport_delete_notify
void session_transport_delete_notify(transport_connection_t *tc)
Notification from transport that connection is being deleted.
Definition: session.c:970
session_get_transport
transport_connection_t * session_get_transport(session_t *s)
Definition: session.c:1620
session_::rx_fifo
svm_fifo_t * rx_fifo
Pointers to rx/tx buffers.
Definition: session_types.h:184
tls_add_vpp_q_builtin_rx_evt
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62
session_get_if_valid
static session_t * session_get_if_valid(u64 si, u32 thread_index)
Definition: session.h:308
application_interface.h
tls_config_fn
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
Definition: tls.c:964
listen_session_get_from_handle
static session_t * listen_session_get_from_handle(session_handle_t handle)
Definition: session.h:571
pool_get_aligned_will_expand
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
Definition: pool.h:258
session_lookup_del_session_endpoint2
int session_lookup_del_session_endpoint2(session_endpoint_t *sep)
Definition: session_lookup.c:307
vec_terminate_c_string
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
Definition: vec.h:1090
tls_app_tx_callback
int tls_app_tx_callback(session_t *tls_session)
Definition: tls.c:451
tls_engine_vft_::ctx_get_w_thread
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
Definition: tls.h:109
transport_send_params_::max_burst_size
u32 max_burst_size
Definition: transport.h:58
vlib_thread_main_t
Definition: threads.h:287
session_transport_reset_notify
void session_transport_reset_notify(transport_connection_t *tc)
Notify application that connection has been reset.
Definition: session.c:1071
format_tls_connection
u8 * format_tls_connection(u8 *s, va_list *args)
Definition: tls.c:809
tls_engine_vft_::ctx_free
void(* ctx_free)(tls_ctx_t *ctx)
Definition: tls.h:107
tls_engine_vft_::ctx_init_client
int(* ctx_init_client)(tls_ctx_t *ctx)
Definition: tls.h:110
tls_main_::use_test_cert_in_ca
u8 use_test_cert_in_ca
Definition: tls.h:98
tls_connection_get
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
Definition: tls.c:716
tls_session_disconnect_callback
void tls_session_disconnect_callback(session_t *tls_session)
Definition: tls.c:390
vm
vlib_main_t * vm
Definition: in2out_ed.c:1582
session_get
static session_t * session_get(u32 si, u32 thread_index)
Definition: session.h:301
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
vnet_unlisten
int vnet_unlisten(vnet_unlisten_args_t *a)
Definition: application.c:1056
tls_app_rx_callback
int tls_app_rx_callback(session_t *tls_session)
Definition: tls.c:441
tls_engine_vft_::ctx_read
int(* ctx_read)(tls_ctx_t *ctx, session_t *tls_session)
Definition: tls.h:112
tls_ctx_read
static int tls_ctx_read(tls_ctx_t *ctx, session_t *tls_session)
Definition: tls.c:321
pool_get
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:252
tls_ctx_get_w_thread
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
Definition: tls.c:290
APP_OPTIONS_N_OPTIONS
Definition: application_interface.h:213
session_parse_handle
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
Definition: session_types.h:304
tls_register_engine
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
Definition: tls.c:903
u8
unsigned char u8
Definition: types.h:56
SESSION_ENDPOINT_NULL
#define SESSION_ENDPOINT_NULL
Definition: session_types.h:68
vnet_listen_args_t
struct _vnet_bind_args_t vnet_listen_args_t
SESSION_IO_EVT_TX
Definition: session_types.h:332
session_handle
static session_handle_t session_handle(session_t *s)
Definition: session_types.h:286
session_cb_vft_
Definition: application_interface.h:32
session_get_endpoint
void session_get_endpoint(session_t *s, transport_endpoint_t *tep, u8 is_lcl)
Definition: session.c:1631
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
tls_main_::app_index
u32 app_index
Definition: tls.h:88
app_worker_
Definition: application.h:32
tls_ctx_transport_close
static int tls_ctx_transport_close(tls_ctx_t *ctx)
Definition: tls.c:327
tls_listener_ctx_free
void tls_listener_ctx_free(tls_ctx_t *ctx)
Definition: tls.c:95
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
vnet_disconnect_args_t
struct _vnet_disconnect_args_t vnet_disconnect_args_t
format_tls_listener
u8 * format_tls_listener(u8 *s, va_list *args)
Definition: tls.c:831
tls_vfts
static tls_engine_vft_t * tls_vfts
Definition: tls.c:21
tls_ctx_::is_passive_close
u8 is_passive_close
Definition: tls.h:77
clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:99
tls_ctx_parse_handle
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
Definition: tls.c:259
tls_del_segment_callback
int tls_del_segment_callback(u32 client_index, u64 segment_handle)
Definition: tls.c:384
u32
unsigned int u32
Definition: types.h:88
session_send_io_evt_to_thread
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
Definition: session.c:79
tls_engine_vft_::ctx_get
tls_ctx_t *(* ctx_get)(u32 ctx_index)
Definition: tls.h:108
application_::tls_engine
u8 tls_engine
Preferred tls engine.
Definition: application.h:124
vnet_app_attach_args_t
struct _vnet_app_attach_args_t vnet_app_attach_args_t
transport_proto_vft_t
struct _transport_proto_vft transport_proto_vft_t
app_listener_
Definition: application.h:82
session_endpoint_cfg_t
struct _session_endpoint_cfg session_endpoint_cfg_t
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
APP_OPTIONS_SEGMENT_SIZE
Definition: application_interface.h:197
TRANSPORT_PACER_MIN_MSS
#define TRANSPORT_PACER_MIN_MSS
Definition: transport.h:22
session_type_from_proto_and_ip
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
Definition: session_types.h:227
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:534
clib_rwlock_init
static void clib_rwlock_init(clib_rwlock_t *p)
Definition: lock.h:150
TLS_IDX_MASK
#define TLS_IDX_MASK
Definition: tls.c:24
format_tls_ctx_state
static u8 * format_tls_ctx_state(u8 *s, va_list *args)
Definition: tls.c:782
tls_listener_ctx_index
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
Definition: tls.c:109
clib_rwlock_reader_unlock
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
Definition: lock.h:182
app_worker_accept_notify
int app_worker_accept_notify(app_worker_t *app_wrk, session_t *s)
Definition: application_worker.c:378
session_get_from_handle
static session_t * session_get_from_handle(session_handle_t handle)
Definition: session.h:321
app_listener_get_session
session_t * app_listener_get_session(app_listener_t *al)
Definition: application.c:280
tls_add_app_q_evt
static int tls_add_app_q_evt(app_worker_t *app, session_t *app_session)
Definition: tls.c:78
tls_transport_listener_endpoint_get
static void tls_transport_listener_endpoint_get(u32 ctx_handle, transport_endpoint_t *tep, u8 is_lcl)
Definition: tls.c:867
tls_engine_vft_::ctx_handshake_is_over
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
Definition: tls.h:115
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
tls_ctx_half_open_reader_unlock
void tls_ctx_half_open_reader_unlock()
Definition: tls.c:160
unformat_input_t
struct _unformat_input_t unformat_input_t
tls_ctx_alloc
static u32 tls_ctx_alloc(crypto_engine_type_t engine_type)
Definition: tls.c:274
tls_main_
Definition: tls.h:86
pool_put
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:302
tls_session_accept_callback
int tls_session_accept_callback(session_t *tls_session)
Definition: tls.c:406
APP_INVALID_INDEX
#define APP_INVALID_INDEX
Definition: application.h:178
transport_send_params_
Definition: transport.h:44
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:120
tls_main_::first_seg_size
u64 first_seg_size
Definition: tls.h:100
tls_transport_endpoint_get
static void tls_transport_endpoint_get(u32 ctx_handle, u32 thread_index, transport_endpoint_t *tep, u8 is_lcl)
Definition: tls.c:856
app_worker_get_if_valid
app_worker_t * app_worker_get_if_valid(u32 wrk_index)
Definition: application_worker.c:48
SESSION_INVALID_INDEX
#define SESSION_INVALID_INDEX
Definition: session_types.h:22
tls_ctx_handshake_is_over
u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
Definition: tls.c:345
tls_ctx_
Definition: tls.h:58
tls_engine_vft_::ctx_alloc
u32(* ctx_alloc)(void)
Definition: tls.h:106
tls_ctx_::ckpair_index
u32 ckpair_index
Definition: tls.h:83
listen_session_get_handle
static u64 listen_session_get_handle(session_t *s)
Definition: session.h:563
tls_main_::fifo_size
u32 fifo_size
Definition: tls.h:101
vnet_application_attach
int vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
Definition: application.c:827
tls_engine_vft_
Definition: tls.h:104
tls_ctx_app_close
static int tls_ctx_app_close(tls_ctx_t *ctx)
Definition: tls.c:333
clib_rwlock_writer_unlock
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
Definition: lock.h:204
svm_fifo_set_event
static u8 svm_fifo_set_event(svm_fifo_t *f)
Set fifo event flag.
Definition: svm_fifo.h:701
SESSION_IO_EVT_RX
Definition: session_types.h:331
format_tls_ctx
u8 * format_tls_ctx(u8 *s, va_list *args)
Definition: tls.c:746
transport_connection_reschedule
void transport_connection_reschedule(transport_connection_t *tc)
Definition: transport.c:756
TRANSPORT_SERVICE_APP
app transport service
Definition: transport_types.h:39
VLIB_EARLY_CONFIG_FUNCTION
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
Definition: init.h:226
FIB_PROTOCOL_IP6
Definition: fib_types.h:38
UNFORMAT_END_OF_INPUT
#define UNFORMAT_END_OF_INPUT
Definition: format.h:145
tls_main_::rx_bufs
u8 ** rx_bufs
Definition: tls.h:92
session_::listener_handle
session_handle_t listener_handle
Parent listener session index if the result of an accept.
Definition: session_types.h:214
vlib_get_thread_index
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:219
tls_disconnect
void tls_disconnect(u32 ctx_handle, u32 thread_index)
Definition: tls.c:599
tls_listener_get
transport_connection_t * tls_listener_get(u32 listener_index)
Definition: tls.c:724
tls_engine_vft_::ctx_write
int(* ctx_write)(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
Definition: tls.h:113
i
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:317
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
session_free
void session_free(session_t *s)
Definition: session.c:210
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
TRANSPORT_CONNECTION_F_NO_LOOKUP
Don&#39;t register connection in lookup.
Definition: transport_types.h:50
tls_add_vpp_q_tx_evt
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70
transport_connection_t
struct _transport_connection transport_connection_t
APP_OPTIONS_ADD_SEGMENT_SIZE
Definition: application_interface.h:198
tls_ctx_::connection
transport_connection_t connection
Definition: tls.h:62
tls_ctx_init_client
static int tls_ctx_init_client(tls_ctx_t *ctx)
Definition: tls.c:304
app_worker_init_connected
int app_worker_init_connected(app_worker_t *app_wrk, session_t *s)
Definition: application_worker.c:385
SESSION_IO_EVT_BUILTIN_RX
Definition: session_types.h:334
vlib_thread_is_main_w_barrier
static u8 vlib_thread_is_main_w_barrier(void)
Definition: threads.h:530
application_get
application_t * application_get(u32 app_index)
Definition: application.c:426
transport_register_protocol
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
Definition: transport.c:246
tls_ctx_get
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
Definition: tls.c:282
tls_add_segment_callback
int tls_add_segment_callback(u32 client_index, u64 segment_handle)
Definition: tls.c:377
tls_connect
int tls_connect(transport_endpoint_cfg_t *tep)
Definition: tls.c:549
tls_ctx_init_server
static int tls_ctx_init_server(tls_ctx_t *ctx)
Definition: tls.c:298
TRANSPORT_TX_INTERNAL
apps acting as transports
Definition: transport_types.h:30
app_listener_get_w_handle
app_listener_t * app_listener_get_w_handle(session_handle_t handle)
Get app listener for listener session handle.
Definition: application.c:88
pool_put_index
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:331
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
APP_OPTIONS_TX_FIFO_SIZE
Definition: application_interface.h:201
tls_engine_vft_::ctx_stop_listen
int(* ctx_stop_listen)(tls_ctx_t *ctx)
Definition: tls.h:117
vnet_listen
int vnet_listen(vnet_listen_args_t *a)
Definition: application.c:965
tls_ctx_write
static int tls_ctx_write(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
Definition: tls.c:310
tls_listener_ctx_get
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
Definition: tls.c:103
vnet_connect
int vnet_connect(vnet_connect_args_t *a)
Definition: application.c:1019
clib_max
#define clib_max(x, y)
Definition: clib.h:320
tls_main_::half_open_ctx_pool
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:90
session_::thread_index
u8 thread_index
Index of the thread that allocated the session.
Definition: session_types.h:200
session_alloc
session_t * session_alloc(u32 thread_index)
Definition: session.c:184
clib_error_t
Definition: clib_error.h:21
tls_main_::tx_bufs
u8 ** tx_bufs
Definition: tls.h:93
tls_stop_listen
u32 tls_stop_listen(u32 lctx_index)
Definition: tls.c:678
tls_engine_vft_::ctx_app_close
int(* ctx_app_close)(tls_ctx_t *ctx)
Definition: tls.h:119
tls_app_session_cleanup
static void tls_app_session_cleanup(session_t *s, session_cleanup_ntf_t ntf)
Definition: tls.c:516
transport_endpoint_pair_
Definition: transport_types.h:209
app_worker_get
app_worker_t * app_worker_get(u32 wrk_index)
Definition: application_worker.c:42
tls_ctx_free
void tls_ctx_free(tls_ctx_t *ctx)
Definition: tls.c:339
session_handle_t
u64 session_handle_t
Definition: session_types.h:118
application_
Definition: application.h:95
tls_get_engine_type
static crypto_engine_type_t tls_get_engine_type(crypto_engine_type_t preferred)
Definition: tls.c:266
tls_ctx_half_open_index
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
Definition: tls.c:166
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
session_::session_state
volatile u8 session_state
State in session layer state machine.
Definition: session_types.h:191
FIB_PROTOCOL_IP4
Definition: fib_types.h:37
tls_add_vpp_q_rx_evt
int tls_add_vpp_q_rx_evt(session_t *s)
Definition: tls.c:54
session_transport_closed_notify
void session_transport_closed_notify(transport_connection_t *tc)
Notification from transport that it is closed.
Definition: session.c:1036
session_::opaque
u32 opaque
Opaque, for general use.
Definition: session_types.h:221
vlib_main_t
Definition: main.h:120
session_close
void session_close(session_t *s)
Initialize session closing procedure.
Definition: session.c:1363
uword
u64 uword
Definition: types.h:112
app_worker_alloc_connects_segment_manager
int app_worker_alloc_connects_segment_manager(app_worker_t *app)
Definition: application_worker.c:571
vnet_disconnect_session
int vnet_disconnect_session(vnet_disconnect_args_t *a)
Definition: application.c:1087
session_cleanup_ntf_t
session_cleanup_ntf_t
Definition: session_types.h:120
tls_ctx_::srv_hostname
u8 * srv_hostname
Definition: tls.h:81
transport_endpoint_
Definition: transport_types.h:190
unformat_memory_size
unformat_function_t unformat_memory_size
Definition: format.h:296
tls_notify_app_accept
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:181
app_worker_::app_index
u32 app_index
Index of owning app.
Definition: application.h:43
tls_notify_app_enqueue
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:172
options
static struct option options[]
Definition: main.c:52
tls_ctx_half_open_free
void tls_ctx_half_open_free(u32 ho_index)
Definition: tls.c:143
format_unformat_error
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
vlib_get_thread_main
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
vlib_num_workers
static u32 vlib_num_workers()
Definition: threads.h:377
tls_session_connected_callback
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, session_t *tls_session, session_error_t err)
Definition: tls.c:462
session_error_t
enum session_error_ session_error_t
SESSION_CLEANUP_TRANSPORT
Definition: session_types.h:122
session_::app_wrk_index
u32 app_wrk_index
Index of the app worker that owns the session.
Definition: session_types.h:197
crypto_engine_type_t
enum crypto_engine_type_ crypto_engine_type_t
CRYPTO_ENGINE_NONE
Definition: application_interface.h:168
session_cb_vft_::session_accept_callback
int(* session_accept_callback)(session_t *new_session)
Notify server of newly accepted session.
Definition: application_interface.h:41
TLS_CA_CERT_PATH
#define TLS_CA_CERT_PATH
Definition: tls.h:29
APP_OPTIONS_FLAGS
Definition: application_interface.h:195
session_endpoint_t
struct _session_endpoint session_endpoint_t
tls_custom_tx_callback
int tls_custom_tx_callback(void *session, transport_send_params_t *sp)
Definition: tls.c:732
format_tls_half_open
u8 * format_tls_half_open(u8 *s, va_list *args)
Definition: tls.c:845
tls_engine_vft_::ctx_transport_close
int(* ctx_transport_close)(tls_ctx_t *ctx)
Definition: tls.h:118
tls_init
static clib_error_t * tls_init(vlib_main_t *vm)
Definition: tls.c:910
tls_app_cb_vft
static session_cb_vft_t tls_app_cb_vft
Definition: tls.c:535
TLS_DBG
#define TLS_DBG(_lvl, _fmt, _args...)
Definition: tls.h:36
tls_start_listen
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
Definition: tls.c:610
tls_main_::listener_ctx_pool
tls_ctx_t * listener_ctx_pool
Definition: tls.h:89
listen_session_get
static session_t * listen_session_get(u32 ls_index)
Definition: session.h:594
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
tls_ctx_half_open_get
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)
Definition: tls.c:152
unformat_check_input
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:171