23 #define TLS_INVALID_HANDLE ~0 24 #define TLS_IDX_MASK 0x00FFFFFF 25 #define TLS_ENGINE_TYPE_SHIFT 29 33 for (i = 0; i <
vec_len (tls_vfts); i++)
35 if (tls_vfts[i].ctx_alloc)
62 memset (ctx, 0,
sizeof (*ctx));
97 memset (ctx, 0,
sizeof (*ctx));
104 memset (ctx, 0,
sizeof (*ctx));
163 app_session->app_index = ctx->parent_app_index;
164 app_session->connection_index = ctx->tls_ctx_handle;
165 app_session->session_type = app_listener->session_type;
166 app_session->listener_index = app_listener->session_index;
169 TLS_DBG (1,
"failed to allocate fifos");
172 ctx->c_s_index = app_session->session_index;
174 return app->cb_fns.session_accept_callback (app_session);
181 stream_session_t *app_session;
186 cb_fn = app->cb_fns.session_connected_callback;
193 app_session->app_index = ctx->parent_app_index;
194 app_session->connection_index = ctx->tls_ctx_handle;
195 app_session->session_type =
201 ctx->c_s_index = app_session->session_index;
203 if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
206 TLS_DBG (1,
"failed to notify app");
214 return cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, 0,
228 if (!tls_vfts[preferred].ctx_alloc)
237 ctx_index = tls_vfts[engine_type].
ctx_alloc ();
245 tls_vfts[ctx->tls_ctx_engine].
ctx_free (ctx);
251 u32 ctx_index, engine_type;
253 return tls_vfts[engine_type].
ctx_get (ctx_index);
259 u32 ctx_index, engine_type;
279 return tls_vfts[ctx->tls_ctx_engine].
ctx_write (ctx, app_session);
285 return tls_vfts[ctx->tls_ctx_engine].
ctx_read (ctx, tls_session);
329 app->cb_fns.session_disconnect_callback (app_session);
344 memcpy (ctx, lctx,
sizeof (*lctx));
346 ctx->tls_ctx_handle = ctx_handle;
348 tls_session->opaque = ctx_handle;
350 ctx->listener_ctx_index = tls_listener->opaque;
352 TLS_DBG (1,
"Accept on listener %u new connection [%u]%x",
390 cb_fn = app->cb_fns.session_connected_callback;
396 return cb_fn (ho_ctx->parent_app_index, ho_ctx->c_s_index, 0,
407 ctx->tls_ctx_handle = ctx_handle;
409 TLS_DBG (1,
"TCP connect for %u returned %u. New connection [%u]%x",
411 (ctx) ? ctx_handle : ~0);
414 tls_session->opaque = ctx_handle;
456 ctx->parent_app_index = sep->app_index;
457 ctx->parent_app_api_context = sep->opaque;
458 ctx->tcp_is_ip4 = sep->is_ip4;
467 ctx->tls_ctx_engine = engine_type;
474 TLS_DBG (1,
"New connect request %u engine %d", ctx_index, engine_type);
484 TLS_DBG (1,
"Disconnecting %x", ctx_handle);
494 app_session->server_rx_fifo,
495 app_session->server_tx_fifo);
532 tls_listener->opaque = lctx_index;
537 lctx->parent_app_index = sep->app_index;
538 lctx->tls_session_handle = tls_handle;
540 lctx->tcp_is_ip4 = sep->is_ip4;
541 lctx->tls_ctx_engine = engine_type;
543 TLS_DBG (1,
"Started listening %d, engine type %d", lctx_index,
581 u32 thread_index = va_arg (*args,
u32);
582 u32 child_si, child_ti;
585 if (thread_index != child_ti)
586 clib_warning (
"app and tls sessions are on different threads!");
588 s =
format (s,
"[#%d][TLS] app %u child %u", child_ti,
589 ctx->parent_app_index, child_si);
596 u32 ctx_index = va_arg (*args,
u32);
597 u32 thread_index = va_arg (*args,
u32);
598 u32 verbose = va_arg (*args,
u32);
608 s =
format (s,
"%-15s",
"state");
618 u32 tc_index = va_arg (*args,
u32);
620 u32 listener_index, thread_index;
624 return format (s,
"[TLS] listener app %u child %u", ctx->parent_app_index,
631 u32 tc_index = va_arg (*args,
u32);
633 s =
format (s,
"[TLS] half-open app %u", ctx->parent_app_index);
658 tls_vfts[type] = *vft;
667 u32 segment_size = 512 << 20;
669 u32 fifo_size = 64 << 10;
674 memset (a, 0,
sizeof (*a));
675 memset (options, 0,
sizeof (options));
679 a->options = options;
680 a->name =
format (0,
"tls");
718 if (
unformat (input,
"use-test-cert-in-ca"))
int tls_add_segment_callback(u32 client_index, const ssvm_private_t *fs)
tls_main_t * vnet_tls_get_main(void)
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static void clib_rwlock_reader_lock(clib_rwlock_t *p)
static tls_main_t tls_main
void tls_session_reset_callback(stream_session_t *s)
static tls_engine_type_t tls_get_engine_type(tls_engine_type_t preferred)
enum tls_engine_type_ tls_engine_type_t
int tls_session_accept_callback(stream_session_t *tls_session)
static const transport_proto_vft_t tls_proto
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
#define TLS_ENGINE_TYPE_SHIFT
struct _transport_connection transport_connection_t
u32 tls_ctx_half_open_alloc(void)
u32 tls_listener_ctx_alloc(void)
int tls_app_rx_callback(stream_session_t *tls_session)
clib_rwlock_t half_open_rwlock
int application_stop_listen(application_t *srv, session_handle_t handle)
Stop listening on session associated to handle.
int(* ctx_init_server)(tls_ctx_t *ctx)
int application_connect(u32 client_index, u32 api_context, session_endpoint_t *sep)
static clib_error_t * tls_config_fn(vlib_main_t *vm, unformat_input_t *input)
#define pool_get_aligned_will_expand(P, YESNO, A)
See if pool_get will expand the pool or not.
struct _transport_proto_vft transport_proto_vft_t
#define vec_terminate_c_string(V)
(If necessary) NULL terminate a vector containing a c-string.
int tls_connect(transport_endpoint_t *tep)
tls_ctx_t *(* ctx_get_w_thread)(u32 ctx_index, u8 thread_index)
int application_send_event(application_t *app, stream_session_t *s, u8 evt_type)
Send event to application.
u8 * format_tls_connection(u8 *s, va_list *args)
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
void(* ctx_free)(tls_ctx_t *ctx)
int(* ctx_init_client)(tls_ctx_t *ctx)
transport_connection_t * tls_connection_get(u32 ctx_index, u32 thread_index)
static void session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)
void segment_manager_dealloc_fifos(u32 segment_index, svm_fifo_t *rx_fifo, svm_fifo_t *tx_fifo)
static stream_session_t * session_get_from_handle(session_handle_t handle)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
static tls_ctx_t * tls_ctx_get_w_thread(u32 ctx_handle, u8 thread_index)
static stream_session_t * listen_session_get_from_handle(session_handle_t handle)
struct _svm_fifo svm_fifo_t
void session_free(stream_session_t *s)
segment_manager_t * application_get_listen_segment_manager(application_t *app, stream_session_t *s)
static void tls_ctx_free(tls_ctx_t *ctx)
void tls_listener_ctx_free(tls_ctx_t *ctx)
#define VLIB_INIT_FUNCTION(x)
int(* ctx_read)(tls_ctx_t *ctx, stream_session_t *tls_session)
int tls_app_tx_callback(stream_session_t *app_session)
u8 * format_tls_listener(u8 *s, va_list *args)
static tls_engine_vft_t * tls_vfts
struct _stream_session_cb_vft session_cb_vft_t
static stream_session_t * listen_session_get(u32 index)
#define clib_error_return(e, args...)
static void tls_ctx_parse_handle(u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
struct _stream_session_t stream_session_t
int session_send_io_evt_to_thread(svm_fifo_t *f, session_evt_type_t evt_type)
tls_ctx_t *(* ctx_get)(u32 ctx_index)
static u8 tls_ctx_handshake_is_over(tls_ctx_t *ctx)
struct _vnet_app_attach_args_t vnet_app_attach_args_t
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void clib_rwlock_init(clib_rwlock_t *p)
struct _session_endpoint session_endpoint_t
u32 tls_listener_ctx_index(tls_ctx_t *ctx)
static void clib_rwlock_reader_unlock(clib_rwlock_t *p)
u8(* ctx_handshake_is_over)(tls_ctx_t *ctx)
void tls_ctx_half_open_reader_unlock()
static int tls_add_app_q_evt(application_t *app, stream_session_t *app_session)
static session_handle_t session_handle(stream_session_t *s)
#define pool_put(P, E)
Free an object E in pool P.
#define APP_INVALID_INDEX
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
int session_alloc_fifos(segment_manager_t *sm, stream_session_t *s)
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
static u8 svm_fifo_set_event(svm_fifo_t *f)
Sets fifo event flag.
u8 * format_tls_ctx(u8 *s, va_list *args)
#define VLIB_EARLY_CONFIG_FUNCTION(x, n,...)
tls_engine_type_t tls_get_available_engine(void)
static_always_inline uword vlib_get_thread_index(void)
void tls_disconnect(u32 ctx_handle, u32 thread_index)
int tls_del_segment_callback(u32 client_index, const ssvm_private_t *fs)
static session_type_t session_type_from_proto_and_ip(transport_proto_t proto, u8 is_ip4)
transport_connection_t * tls_listener_get(u32 listener_index)
static int tls_ctx_read(tls_ctx_t *ctx, stream_session_t *tls_session)
#define vec_free(V)
Free vector's memory (no header).
segment_manager_t * application_get_connect_segment_manager(application_t *app)
#define clib_warning(format, args...)
#define clib_memcpy(a, b, c)
apps acting as transports
transport_connection_t connection
static int tls_ctx_init_client(tls_ctx_t *ctx)
int application_start_listen(application_t *srv, session_endpoint_t *sep, session_handle_t *res)
Start listening local transport endpoint for requested transport.
struct _application application_t
#define TLS_DBG(_fmt, _args...)
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
void transport_register_protocol(transport_proto_t transport_proto, const transport_proto_vft_t *vft, fib_protocol_t fib_proto, u32 output_node)
Register transport virtual function table.
static tls_ctx_t * tls_ctx_get(u32 ctx_handle)
static stream_session_t * session_get_from_handle_if_valid(session_handle_t handle)
static int tls_ctx_init_server(tls_ctx_t *ctx)
#define pool_put_index(p, i)
Free pool element with given index.
void stream_session_disconnect(stream_session_t *s)
Initialize session disconnect.
tls_ctx_t * tls_listener_ctx_get(u32 ctx_index)
tls_ctx_t * half_open_ctx_pool
stream_session_t * session_alloc(u32 thread_index)
u32 tls_stop_listen(u32 lctx_index)
int tls_session_connected_callback(u32 tls_app_index, u32 ho_ctx_index, stream_session_t *tls_session, u8 is_fail)
u32 tls_ctx_half_open_index(tls_ctx_t *ctx)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * vnet_application_attach(vnet_app_attach_args_t *a)
Attach application to vpp.
int(* ctx_write)(tls_ctx_t *ctx, stream_session_t *app_session)
application_t * application_get(u32 index)
struct _transport_endpoint transport_endpoint_t
int tls_add_vpp_q_evt(svm_fifo_t *f, u8 evt_type)
struct _segment_manager segment_manager_t
int tls_notify_app_accept(tls_ctx_t *ctx)
void tls_ctx_half_open_free(u32 ho_index)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
static u32 tls_ctx_alloc(tls_engine_type_t engine_type)
void tls_session_disconnect_callback(stream_session_t *tls_session)
int application_alloc_connects_segment_manager(application_t *app)
static int tls_ctx_write(tls_ctx_t *ctx, stream_session_t *app_session)
u8 * format_tls_half_open(u8 *s, va_list *args)
static clib_error_t * tls_init(vlib_main_t *vm)
static session_cb_vft_t tls_app_cb_vft
static u64 listen_session_get_handle(stream_session_t *s)
u32 tls_start_listen(u32 app_listener_index, transport_endpoint_t *tep)
struct _session_endpoint_extended session_endpoint_extended_t
tls_ctx_t * listener_ctx_pool
application_t * application_get_if_valid(u32 index)
tls_ctx_t * tls_ctx_half_open_get(u32 ctx_index)
static void listen_session_parse_handle(session_handle_t handle, u32 *index, u32 *thread_index)