diff options
author | Florin Coras <fcoras@cisco.com> | 2021-03-10 16:15:11 -0800 |
---|---|---|
committer | Dave Barach <openvpp@barachs.net> | 2021-03-11 20:15:25 +0000 |
commit | d5403ac610c985acc780e625b4328d001efd0e63 (patch) | |
tree | eaea9b708ce0fc70be234ddfcc6b23235618bd1d | |
parent | 1e6a0f64653c8142fa7032aba127ab4894bafc3c (diff) |
hsa: add support for tls to proxy
Type: improvement
Change-Id: I934e1e981bfa3e5ef81a61b2180604f9b9fc991b
Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r-- | src/plugins/hs_apps/proxy.c | 123 | ||||
-rw-r--r-- | src/plugins/hs_apps/proxy.h | 5 |
2 files changed, 89 insertions, 39 deletions
diff --git a/src/plugins/hs_apps/proxy.c b/src/plugins/hs_apps/proxy.c index 834d03f8dbd..295968a2450 100644 --- a/src/plugins/hs_apps/proxy.c +++ b/src/plugins/hs_apps/proxy.c @@ -26,7 +26,7 @@ proxy_main_t proxy_main; typedef struct { - char uri[128]; + session_endpoint_cfg_t sep; u32 app_index; u32 api_context; } proxy_connect_args_t; @@ -37,11 +37,11 @@ proxy_cb_fn (void *data, u32 data_len) proxy_connect_args_t *pa = (proxy_connect_args_t *) data; vnet_connect_args_t a; - memset (&a, 0, sizeof (a)); + clib_memset (&a, 0, sizeof (a)); a.api_context = pa->api_context; a.app_index = pa->app_index; - a.uri = pa->uri; - vnet_connect_uri (&a); + clib_memcpy (&a.sep_ext, &pa->sep, sizeof (pa->sep)); + vnet_connect (&a); } static void @@ -49,14 +49,14 @@ proxy_call_main_thread (vnet_connect_args_t * a) { if (vlib_get_thread_index () == 0) { - vnet_connect_uri (a); + vnet_connect (a); } else { proxy_connect_args_t args; args.api_context = a->api_context; args.app_index = a->app_index; - clib_memcpy (args.uri, a->uri, vec_len (a->uri)); + clib_memcpy (&args.sep, &a->sep_ext, sizeof (a->sep_ext)); vl_api_rpc_call_main_thread (proxy_cb_fn, (u8 *) & args, sizeof (args)); } } @@ -352,7 +352,8 @@ proxy_rx_callback (session_t * s) clib_spinlock_unlock_if_init (&pm->sessions_lock); - a->uri = (char *) pm->client_uri; + clib_memcpy (&a->sep_ext, &pm->client_sep, sizeof (pm->client_sep)); + a->sep_ext.ckpair_index = pm->ckpair_index; a->api_context = proxy_index; a->app_index = pm->active_open_app_index; proxy_call_main_thread (a); @@ -368,6 +369,8 @@ proxy_force_ack (void *handlep) session_t *ao_s; ao_s = session_get_from_handle (pointer_to_uword (handlep)); + if (session_get_transport_proto (ao_s) != TRANSPORT_PROTO_TCP) + return; tc = session_get_transport (ao_s); tcp_send_ack ((tcp_connection_t *) tc); } @@ -695,9 +698,28 @@ proxy_server_listen () proxy_main_t *pm = &proxy_main; vnet_listen_args_t _a, *a = &_a; clib_memset (a, 0, sizeof (*a)); + a->app_index = pm->server_app_index; - a->uri = (char *) pm->server_uri; - return vnet_bind_uri (a); + clib_memcpy (&a->sep_ext, &pm->server_sep, sizeof (pm->server_sep)); + a->sep_ext.ckpair_index = pm->ckpair_index; + + return vnet_listen (a); +} + +static void +proxy_server_add_ckpair (void) +{ + vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair; + proxy_main_t *pm = &proxy_main; + + clib_memset (ck_pair, 0, sizeof (*ck_pair)); + ck_pair->cert = (u8 *) test_srv_crt_rsa; + ck_pair->key = (u8 *) test_srv_key_rsa; + ck_pair->cert_len = test_srv_crt_rsa_len; + ck_pair->key_len = test_srv_key_rsa_len; + vnet_app_add_cert_key_pair (ck_pair); + + pm->ckpair_index = ck_pair->index; } static int @@ -716,6 +738,8 @@ proxy_server_create (vlib_main_t * vm) for (i = 0; i < num_threads; i++) vec_validate (pm->rx_buf[i], pm->rcv_buffer_size); + proxy_server_add_ckpair (); + if (proxy_server_attach ()) { clib_warning ("failed to attach server app"); @@ -748,9 +772,12 @@ static clib_error_t * proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { - proxy_main_t *pm = &proxy_main; + unformat_input_t _line_input, *line_input = &_line_input; char *default_server_uri = "tcp://0.0.0.0/23"; char *default_client_uri = "tcp://6.0.2.2/23"; + u8 *server_uri = 0, *client_uri = 0; + proxy_main_t *pm = &proxy_main; + clib_error_t *error = 0; int rv, tmp32; u64 tmp64; @@ -762,58 +789,76 @@ proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input, pm->prealloc_fifos = 0; pm->private_segment_count = 0; pm->private_segment_size = 0; - pm->server_uri = 0; - pm->client_uri = 0; + if (vlib_num_workers ()) clib_spinlock_init (&pm->sessions_lock); - while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + unformat_user (input, unformat_line_input, line_input); + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { - if (unformat (input, "fifo-size %U", - unformat_memory_size, &pm->fifo_size)) + if (unformat (line_input, "fifo-size %U", unformat_memory_size, + &pm->fifo_size)) ; - else if (unformat (input, "max-fifo-size %U", - unformat_memory_size, &pm->max_fifo_size)) + else if (unformat (line_input, "max-fifo-size %U", unformat_memory_size, + &pm->max_fifo_size)) ; - else if (unformat (input, "high-watermark %d", &tmp32)) + else if (unformat (line_input, "high-watermark %d", &tmp32)) pm->high_watermark = (u8) tmp32; - else if (unformat (input, "low-watermark %d", &tmp32)) + else if (unformat (line_input, "low-watermark %d", &tmp32)) pm->low_watermark = (u8) tmp32; - else if (unformat (input, "rcv-buf-size %d", &pm->rcv_buffer_size)) + else if (unformat (line_input, "rcv-buf-size %d", &pm->rcv_buffer_size)) ; - else if (unformat (input, "prealloc-fifos %d", &pm->prealloc_fifos)) + else if (unformat (line_input, "prealloc-fifos %d", &pm->prealloc_fifos)) ; - else if (unformat (input, "private-segment-count %d", + else if (unformat (line_input, "private-segment-count %d", &pm->private_segment_count)) ; - else if (unformat (input, "private-segment-size %U", + else if (unformat (line_input, "private-segment-size %U", unformat_memory_size, &tmp64)) { if (tmp64 >= 0x100000000ULL) - return clib_error_return - (0, "private segment size %lld (%llu) too large", tmp64, tmp64); + { + error = clib_error_return ( + 0, "private segment size %lld (%llu) too large", tmp64, tmp64); + goto done; + } pm->private_segment_size = tmp64; } - else if (unformat (input, "server-uri %s", &pm->server_uri)) - vec_add1 (pm->server_uri, 0); - else if (unformat (input, "client-uri %s", &pm->client_uri)) - vec_add1 (pm->client_uri, 0); + else if (unformat (line_input, "server-uri %s", &server_uri)) + vec_add1 (server_uri, 0); + else if (unformat (line_input, "client-uri %s", &client_uri)) + vec_add1 (client_uri, 0); else - return clib_error_return (0, "unknown input `%U'", - format_unformat_error, input); + { + error = clib_error_return (0, "unknown input `%U'", + format_unformat_error, line_input); + goto done; + } } - if (!pm->server_uri) + if (!server_uri) { clib_warning ("No server-uri provided, Using default: %s", default_server_uri); - pm->server_uri = format (0, "%s%c", default_server_uri, 0); + server_uri = format (0, "%s%c", default_server_uri, 0); } - if (!pm->client_uri) + if (!client_uri) { clib_warning ("No client-uri provided, Using default: %s", default_client_uri); - pm->client_uri = format (0, "%s%c", default_client_uri, 0); + client_uri = format (0, "%s%c", default_client_uri, 0); + } + + if (parse_uri ((char *) server_uri, &pm->server_sep)) + { + error = clib_error_return (0, "Invalid server uri %v", server_uri); + goto done; + } + if (parse_uri ((char *) client_uri, &pm->client_sep)) + { + error = clib_error_return (0, "Invalid client uri %v", server_uri); + goto done; } vnet_session_enable_disable (vm, 1 /* turn on session and transport */ ); @@ -824,10 +869,14 @@ proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input, case 0: break; default: - return clib_error_return (0, "server_create returned %d", rv); + error = clib_error_return (0, "server_create returned %d", rv); } - return 0; +done: + unformat_free (line_input); + vec_free (client_uri); + vec_free (server_uri); + return error; } /* *INDENT-OFF* */ diff --git a/src/plugins/hs_apps/proxy.h b/src/plugins/hs_apps/proxy.h index 4f74ea025fb..aef23e1e556 100644 --- a/src/plugins/hs_apps/proxy.h +++ b/src/plugins/hs_apps/proxy.h @@ -67,9 +67,10 @@ typedef struct u32 private_segment_count; /**< Number of private fifo segs */ u32 private_segment_size; /**< size of private fifo segs */ int rcv_buffer_size; - u8 *server_uri; - u8 *client_uri; + session_endpoint_cfg_t server_sep; + session_endpoint_cfg_t client_sep; + u32 ckpair_index; /* * Test state variables */ |