From 4a98b9360e2552340a0953a4bed6aed95c29e3df Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Wed, 31 Jan 2024 13:45:39 -0800 Subject: tls: convert ctx fields to connection flags Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras --- src/plugins/tlsopenssl/tls_async.c | 2 +- src/plugins/tlsopenssl/tls_openssl.c | 20 +++++++++++--------- src/plugins/tlspicotls/tls_picotls.c | 6 +++--- src/vnet/tls/tls.c | 35 ++++++++++++++++++----------------- src/vnet/tls/tls.h | 13 +++++++------ 5 files changed, 40 insertions(+), 36 deletions(-) diff --git a/src/plugins/tlsopenssl/tls_async.c b/src/plugins/tlsopenssl/tls_async.c index 89b4f77e331..bea9b892fa2 100644 --- a/src/plugins/tlsopenssl/tls_async.c +++ b/src/plugins/tlsopenssl/tls_async.c @@ -437,7 +437,7 @@ tls_async_do_job (int eidx, u32 thread_index) if (ctx) { - ctx->resume = 1; + ctx->flags |= TLS_CONN_F_RESUME; session_send_rpc_evt_to_thread (thread_index, event_handler, event); } return 1; diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index e63413a3904..ee425362fd5 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -65,9 +65,10 @@ openssl_ctx_free (tls_ctx_t * ctx) openssl_ctx_t *oc = (openssl_ctx_t *) ctx; /* Cleanup ssl ctx unless migrated */ - if (!ctx->is_migrated) + if (!(ctx->flags & TLS_CONN_F_MIGRATED)) { - if (SSL_is_init_finished (oc->ssl) && !ctx->is_passive_close) + if (SSL_is_init_finished (oc->ssl) && + !(ctx->flags & TLS_CONN_F_PASSIVE_CLOSE)) SSL_shutdown (oc->ssl); SSL_free (oc->ssl); @@ -277,7 +278,7 @@ openssl_handle_handshake_failure (tls_ctx_t * ctx) ctx->c_s_index = SESSION_INVALID_INDEX; tls_disconnect_transport (ctx); } - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; } else { @@ -297,9 +298,9 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) while (SSL_in_init (oc->ssl)) { - if (ctx->resume) + if (ctx->flags & TLS_CONN_F_RESUME) { - ctx->resume = 0; + ctx->flags &= ~TLS_CONN_F_RESUME; } else if (!svm_fifo_max_dequeue_cons (tls_session->rx_fifo)) break; @@ -364,7 +365,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) else { /* Need to check transport status */ - if (ctx->is_passive_close) + if (ctx->flags & TLS_CONN_F_PASSIVE_CLOSE) { openssl_handle_handshake_failure (ctx); return -1; @@ -441,7 +442,8 @@ openssl_ctx_write_tls (tls_ctx_t *ctx, session_t *app_session, check_tls_fifo: - if (PREDICT_FALSE (ctx->app_closed && BIO_ctrl_pending (oc->rbio) <= 0)) + if (PREDICT_FALSE ((ctx->flags & TLS_CONN_F_APP_CLOSED) && + BIO_ctrl_pending (oc->rbio) <= 0)) openssl_confirm_app_close (ctx); /* Deschedule and wait for deq notification if fifo is almost full */ @@ -513,7 +515,7 @@ done: if (read) tls_add_vpp_q_tx_evt (us); - if (PREDICT_FALSE (ctx->app_closed && + if (PREDICT_FALSE ((ctx->flags & TLS_CONN_F_APP_CLOSED) && !svm_fifo_max_enqueue_prod (us->rx_fifo))) openssl_confirm_app_close (ctx); @@ -1070,7 +1072,7 @@ openssl_app_close (tls_ctx_t * ctx) && !svm_fifo_max_dequeue_cons (app_session->tx_fifo)) openssl_confirm_app_close (ctx); else - ctx->app_closed = 1; + ctx->flags |= TLS_CONN_F_APP_CLOSED; return 0; } diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 4c19084fea3..f6b267f0901 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -180,7 +180,7 @@ static void picotls_handle_handshake_failure (tls_ctx_t * ctx) { session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; ctx->c_s_index = SESSION_INVALID_INDEX; tls_disconnect_transport (ctx); } @@ -213,7 +213,7 @@ picotls_app_close (tls_ctx_t * ctx) if (!svm_fifo_max_dequeue_cons (app_session->tx_fifo)) picotls_confirm_app_close (ctx); else - ctx->app_closed = 1; + ctx->flags |= TLS_CONN_F_APP_CLOSED; return 0; } @@ -625,7 +625,7 @@ picotls_ctx_write (tls_ctx_t *ctx, session_t *app_session, check_tls_fifo: - if (ctx->app_closed) + if (ctx->flags & TLS_CONN_F_APP_CLOSED) picotls_app_close (ctx); /* Deschedule and wait for deq notification if fifo is almost full */ diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index a27d731aca0..db5d1c6feeb 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -164,7 +164,7 @@ tls_ctx_ho_try_free (u32 ho_index) tls_add_postponed_ho_cleanups (ho_index); return; } - if (!ctx->no_app_session) + if (!(ctx->flags & TLS_CONN_F_NO_APP_SESSION)) session_half_open_delete_notify (&ctx->connection); tls_ctx_half_open_free (ho_index); } @@ -216,7 +216,7 @@ tls_notify_app_accept (tls_ctx_t * ctx) { TLS_DBG (1, "failed to allocate fifos"); session_free (app_session); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; return rv; } ctx->app_session_handle = session_handle (app_session); @@ -237,7 +237,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err) { if (ctx->tls_type == TRANSPORT_PROTO_TLS) session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; return -1; } @@ -246,7 +246,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err) /* Free app session pre-allocated when transport was established */ if (ctx->tls_type == TRANSPORT_PROTO_TLS) session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; goto send_reply; } @@ -276,7 +276,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err) if ((err = app_worker_init_connected (app_wrk, app_session))) { app_worker_connect_notify (app_wrk, 0, err, ctx->parent_app_api_context); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; session_free (app_session); return -1; } @@ -290,7 +290,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err) { TLS_DBG (1, "failed to notify app"); session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; return -1; } @@ -447,7 +447,7 @@ tls_session_reset_callback (session_t * s) session_t *app_session; ctx = tls_ctx_get (s->opaque); - ctx->is_passive_close = 1; + ctx->flags |= TLS_CONN_F_PASSIVE_CLOSE; tc = &ctx->connection; if (tls_ctx_handshake_is_over (ctx)) { @@ -462,7 +462,7 @@ tls_session_reset_callback (session_t * s) { session_free (app_session); ctx->c_s_index = SESSION_INVALID_INDEX; - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; tls_disconnect_transport (ctx); } } @@ -500,7 +500,7 @@ tls_session_disconnect_callback (session_t * tls_session) || vlib_thread_is_main_w_barrier ()); ctx = tls_ctx_get_w_thread (tls_session->opaque, tls_session->thread_index); - ctx->is_passive_close = 1; + ctx->flags |= TLS_CONN_F_PASSIVE_CLOSE; tls_ctx_transport_close (ctx); } @@ -543,7 +543,7 @@ tls_session_accept_callback (session_t * tls_session) { /* Do not free ctx yet, in case we have pending rx events */ session_free (app_session); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; tls_disconnect_transport (ctx); } @@ -564,7 +564,8 @@ tls_app_rx_callback (session_t *ts) return 0; ctx = tls_ctx_get (ts->opaque); - if (PREDICT_FALSE (ctx->no_app_session || ctx->app_closed)) + if (PREDICT_FALSE ((ctx->flags & TLS_CONN_F_NO_APP_SESSION) || + (ctx->flags & TLS_CONN_F_APP_CLOSED))) { TLS_DBG (1, "Local App closed"); return 0; @@ -693,7 +694,7 @@ tls_app_session_cleanup (session_t * s, session_cleanup_ntf_t ntf) } ctx = tls_ctx_get (s->opaque); - if (!ctx->no_app_session) + if (!(ctx->flags & TLS_CONN_F_NO_APP_SESSION)) session_transport_delete_notify (&ctx->connection); tls_ctx_free (ctx); } @@ -719,7 +720,7 @@ dtls_migrate_ctx (void *arg) /* Probably the app detached while the session was migrating. Cleanup */ if (session_half_open_migrated_notify (&ctx->connection)) { - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ()); return; } @@ -738,7 +739,7 @@ dtls_session_migrate_callback (session_t *us, session_handle_t new_sh) ctx = tls_ctx_get_w_thread (us->opaque, us->thread_index); ctx->tls_session_handle = new_sh; cloned_ctx = tls_ctx_detach (ctx); - ctx->is_migrated = 1; + ctx->flags |= TLS_CONN_F_MIGRATED; session_half_open_migrate_notify (&ctx->connection); session_send_rpc_evt_to_thread (new_thread, dtls_migrate_ctx, @@ -753,7 +754,7 @@ tls_session_transport_closed_callback (session_t *ts) tls_ctx_t *ctx; ctx = tls_ctx_get_w_thread (ts->opaque, ts->thread_index); - if (!ctx->no_app_session) + if (!(ctx->flags & TLS_CONN_F_NO_APP_SESSION)) session_transport_closed_notify (&ctx->connection); } @@ -1003,7 +1004,7 @@ tls_cleanup_ho (u32 ho_index) if (ctx->tls_session_handle == SESSION_INVALID_HANDLE) { ASSERT (ctx->flags & TLS_CONN_F_HO_DONE); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; return; } @@ -1016,7 +1017,7 @@ tls_cleanup_ho (u32 ho_index) tls_ctx_half_open_free (ho_index); } else - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; } int diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 60f96ee5f4f..f678867e664 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -57,7 +57,13 @@ typedef struct tls_cxt_id_ STATIC_ASSERT (sizeof (tls_ctx_id_t) <= TRANSPORT_CONN_ID_LEN, "ctx id must be less than TRANSPORT_CONN_ID_LEN"); -#define foreach_tls_conn_flags _ (HO_DONE, "ho done") +#define foreach_tls_conn_flags \ + _ (HO_DONE, "ho-done") \ + _ (PASSIVE_CLOSE, "passive-close") \ + _ (APP_CLOSED, "app-closed") \ + _ (MIGRATED, "migrated") \ + _ (NO_APP_SESSION, "no-app-session") \ + _ (RESUME, "resume") typedef enum tls_conn_flags_bit_ { @@ -93,11 +99,6 @@ typedef struct tls_ctx_ #define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx #define migration_ctx c_tls_ctx_id.migrate_ctx - u8 is_passive_close; - u8 resume; - u8 app_closed; - u8 no_app_session; - u8 is_migrated; tls_conn_flags_t flags; u8 *srv_hostname; u32 evt_index; -- cgit 1.2.3-korg