aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2021-03-10 16:15:11 -0800
committerDave Barach <openvpp@barachs.net>2021-03-11 20:15:25 +0000
commitd5403ac610c985acc780e625b4328d001efd0e63 (patch)
treeeaea9b708ce0fc70be234ddfcc6b23235618bd1d
parent1e6a0f64653c8142fa7032aba127ab4894bafc3c (diff)
hsa: add support for tls to proxy
Type: improvement Change-Id: I934e1e981bfa3e5ef81a61b2180604f9b9fc991b Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r--src/plugins/hs_apps/proxy.c123
-rw-r--r--src/plugins/hs_apps/proxy.h5
2 files changed, 89 insertions, 39 deletions
diff --git a/src/plugins/hs_apps/proxy.c b/src/plugins/hs_apps/proxy.c
index 834d03f8dbd..295968a2450 100644
--- a/src/plugins/hs_apps/proxy.c
+++ b/src/plugins/hs_apps/proxy.c
@@ -26,7 +26,7 @@ proxy_main_t proxy_main;
typedef struct
{
- char uri[128];
+ session_endpoint_cfg_t sep;
u32 app_index;
u32 api_context;
} proxy_connect_args_t;
@@ -37,11 +37,11 @@ proxy_cb_fn (void *data, u32 data_len)
proxy_connect_args_t *pa = (proxy_connect_args_t *) data;
vnet_connect_args_t a;
- memset (&a, 0, sizeof (a));
+ clib_memset (&a, 0, sizeof (a));
a.api_context = pa->api_context;
a.app_index = pa->app_index;
- a.uri = pa->uri;
- vnet_connect_uri (&a);
+ clib_memcpy (&a.sep_ext, &pa->sep, sizeof (pa->sep));
+ vnet_connect (&a);
}
static void
@@ -49,14 +49,14 @@ proxy_call_main_thread (vnet_connect_args_t * a)
{
if (vlib_get_thread_index () == 0)
{
- vnet_connect_uri (a);
+ vnet_connect (a);
}
else
{
proxy_connect_args_t args;
args.api_context = a->api_context;
args.app_index = a->app_index;
- clib_memcpy (args.uri, a->uri, vec_len (a->uri));
+ clib_memcpy (&args.sep, &a->sep_ext, sizeof (a->sep_ext));
vl_api_rpc_call_main_thread (proxy_cb_fn, (u8 *) & args, sizeof (args));
}
}
@@ -352,7 +352,8 @@ proxy_rx_callback (session_t * s)
clib_spinlock_unlock_if_init (&pm->sessions_lock);
- a->uri = (char *) pm->client_uri;
+ clib_memcpy (&a->sep_ext, &pm->client_sep, sizeof (pm->client_sep));
+ a->sep_ext.ckpair_index = pm->ckpair_index;
a->api_context = proxy_index;
a->app_index = pm->active_open_app_index;
proxy_call_main_thread (a);
@@ -368,6 +369,8 @@ proxy_force_ack (void *handlep)
session_t *ao_s;
ao_s = session_get_from_handle (pointer_to_uword (handlep));
+ if (session_get_transport_proto (ao_s) != TRANSPORT_PROTO_TCP)
+ return;
tc = session_get_transport (ao_s);
tcp_send_ack ((tcp_connection_t *) tc);
}
@@ -695,9 +698,28 @@ proxy_server_listen ()
proxy_main_t *pm = &proxy_main;
vnet_listen_args_t _a, *a = &_a;
clib_memset (a, 0, sizeof (*a));
+
a->app_index = pm->server_app_index;
- a->uri = (char *) pm->server_uri;
- return vnet_bind_uri (a);
+ clib_memcpy (&a->sep_ext, &pm->server_sep, sizeof (pm->server_sep));
+ a->sep_ext.ckpair_index = pm->ckpair_index;
+
+ return vnet_listen (a);
+}
+
+static void
+proxy_server_add_ckpair (void)
+{
+ vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair;
+ proxy_main_t *pm = &proxy_main;
+
+ clib_memset (ck_pair, 0, sizeof (*ck_pair));
+ ck_pair->cert = (u8 *) test_srv_crt_rsa;
+ ck_pair->key = (u8 *) test_srv_key_rsa;
+ ck_pair->cert_len = test_srv_crt_rsa_len;
+ ck_pair->key_len = test_srv_key_rsa_len;
+ vnet_app_add_cert_key_pair (ck_pair);
+
+ pm->ckpair_index = ck_pair->index;
}
static int
@@ -716,6 +738,8 @@ proxy_server_create (vlib_main_t * vm)
for (i = 0; i < num_threads; i++)
vec_validate (pm->rx_buf[i], pm->rcv_buffer_size);
+ proxy_server_add_ckpair ();
+
if (proxy_server_attach ())
{
clib_warning ("failed to attach server app");
@@ -748,9 +772,12 @@ static clib_error_t *
proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- proxy_main_t *pm = &proxy_main;
+ unformat_input_t _line_input, *line_input = &_line_input;
char *default_server_uri = "tcp://0.0.0.0/23";
char *default_client_uri = "tcp://6.0.2.2/23";
+ u8 *server_uri = 0, *client_uri = 0;
+ proxy_main_t *pm = &proxy_main;
+ clib_error_t *error = 0;
int rv, tmp32;
u64 tmp64;
@@ -762,58 +789,76 @@ proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input,
pm->prealloc_fifos = 0;
pm->private_segment_count = 0;
pm->private_segment_size = 0;
- pm->server_uri = 0;
- pm->client_uri = 0;
+
if (vlib_num_workers ())
clib_spinlock_init (&pm->sessions_lock);
- while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ unformat_user (input, unformat_line_input, line_input);
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (input, "fifo-size %U",
- unformat_memory_size, &pm->fifo_size))
+ if (unformat (line_input, "fifo-size %U", unformat_memory_size,
+ &pm->fifo_size))
;
- else if (unformat (input, "max-fifo-size %U",
- unformat_memory_size, &pm->max_fifo_size))
+ else if (unformat (line_input, "max-fifo-size %U", unformat_memory_size,
+ &pm->max_fifo_size))
;
- else if (unformat (input, "high-watermark %d", &tmp32))
+ else if (unformat (line_input, "high-watermark %d", &tmp32))
pm->high_watermark = (u8) tmp32;
- else if (unformat (input, "low-watermark %d", &tmp32))
+ else if (unformat (line_input, "low-watermark %d", &tmp32))
pm->low_watermark = (u8) tmp32;
- else if (unformat (input, "rcv-buf-size %d", &pm->rcv_buffer_size))
+ else if (unformat (line_input, "rcv-buf-size %d", &pm->rcv_buffer_size))
;
- else if (unformat (input, "prealloc-fifos %d", &pm->prealloc_fifos))
+ else if (unformat (line_input, "prealloc-fifos %d", &pm->prealloc_fifos))
;
- else if (unformat (input, "private-segment-count %d",
+ else if (unformat (line_input, "private-segment-count %d",
&pm->private_segment_count))
;
- else if (unformat (input, "private-segment-size %U",
+ else if (unformat (line_input, "private-segment-size %U",
unformat_memory_size, &tmp64))
{
if (tmp64 >= 0x100000000ULL)
- return clib_error_return
- (0, "private segment size %lld (%llu) too large", tmp64, tmp64);
+ {
+ error = clib_error_return (
+ 0, "private segment size %lld (%llu) too large", tmp64, tmp64);
+ goto done;
+ }
pm->private_segment_size = tmp64;
}
- else if (unformat (input, "server-uri %s", &pm->server_uri))
- vec_add1 (pm->server_uri, 0);
- else if (unformat (input, "client-uri %s", &pm->client_uri))
- vec_add1 (pm->client_uri, 0);
+ else if (unformat (line_input, "server-uri %s", &server_uri))
+ vec_add1 (server_uri, 0);
+ else if (unformat (line_input, "client-uri %s", &client_uri))
+ vec_add1 (client_uri, 0);
else
- return clib_error_return (0, "unknown input `%U'",
- format_unformat_error, input);
+ {
+ error = clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
}
- if (!pm->server_uri)
+ if (!server_uri)
{
clib_warning ("No server-uri provided, Using default: %s",
default_server_uri);
- pm->server_uri = format (0, "%s%c", default_server_uri, 0);
+ server_uri = format (0, "%s%c", default_server_uri, 0);
}
- if (!pm->client_uri)
+ if (!client_uri)
{
clib_warning ("No client-uri provided, Using default: %s",
default_client_uri);
- pm->client_uri = format (0, "%s%c", default_client_uri, 0);
+ client_uri = format (0, "%s%c", default_client_uri, 0);
+ }
+
+ if (parse_uri ((char *) server_uri, &pm->server_sep))
+ {
+ error = clib_error_return (0, "Invalid server uri %v", server_uri);
+ goto done;
+ }
+ if (parse_uri ((char *) client_uri, &pm->client_sep))
+ {
+ error = clib_error_return (0, "Invalid client uri %v", server_uri);
+ goto done;
}
vnet_session_enable_disable (vm, 1 /* turn on session and transport */ );
@@ -824,10 +869,14 @@ proxy_server_create_command_fn (vlib_main_t * vm, unformat_input_t * input,
case 0:
break;
default:
- return clib_error_return (0, "server_create returned %d", rv);
+ error = clib_error_return (0, "server_create returned %d", rv);
}
- return 0;
+done:
+ unformat_free (line_input);
+ vec_free (client_uri);
+ vec_free (server_uri);
+ return error;
}
/* *INDENT-OFF* */
diff --git a/src/plugins/hs_apps/proxy.h b/src/plugins/hs_apps/proxy.h
index 4f74ea025fb..aef23e1e556 100644
--- a/src/plugins/hs_apps/proxy.h
+++ b/src/plugins/hs_apps/proxy.h
@@ -67,9 +67,10 @@ typedef struct
u32 private_segment_count; /**< Number of private fifo segs */
u32 private_segment_size; /**< size of private fifo segs */
int rcv_buffer_size;
- u8 *server_uri;
- u8 *client_uri;
+ session_endpoint_cfg_t server_sep;
+ session_endpoint_cfg_t client_sep;
+ u32 ckpair_index;
/*
* Test state variables
*/