diff options
author | Florin Coras <fcoras@cisco.com> | 2019-08-08 17:38:26 -0700 |
---|---|---|
committer | Dave Barach <openvpp@barachs.net> | 2019-08-09 11:49:49 +0000 |
commit | d09236d17d86a5d50166b2017f8f30a560c6e1b8 (patch) | |
tree | 68d5a288f64ae59d38c1d8758299da891df5891c | |
parent | f03c49413f270386d46a82dd9a3bce819cf81250 (diff) |
tls: mark as no lookup transport
Type:fix
Also fix transport close while handshake is ongoing.
Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29
Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 38 | ||||
-rw-r--r-- | src/vnet/session/session.c | 2 | ||||
-rw-r--r-- | src/vnet/tls/tls.c | 2 |
3 files changed, 27 insertions, 15 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index ee6b0e3172e..8d0fd36a04f 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -205,6 +205,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) #endif +static void +openssl_handle_handshake_failure (tls_ctx_t * ctx) +{ + if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) + { + /* + * Cleanup pre-allocated app session and close transport + */ + session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); + ctx->no_app_session = 1; + ctx->c_s_index = SESSION_INVALID_INDEX; + tls_disconnect_transport (ctx); + } + else + { + /* + * Also handles cleanup of the pre-allocated session + */ + tls_notify_app_connected (ctx, /* is failed */ 1); + } +} + int openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) { @@ -240,19 +262,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) ERR_error_string (ERR_get_error (), buf); clib_warning ("Err: %s", buf); - /* - * Cleanup pre-allocated app session and close transport - */ - if (SSL_is_server (oc->ssl)) - { - session_free (session_get (ctx->c_s_index, - ctx->c_thread_index)); - ctx->no_app_session = 1; - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); - } - else - tls_notify_app_connected (ctx, /* is failed */ 1); + openssl_handle_handshake_failure (ctx); return -1; } @@ -758,7 +768,7 @@ openssl_transport_close (tls_ctx_t * ctx) { if (!openssl_handshake_is_over (ctx)) { - session_close (session_get_from_handle (ctx->tls_session_handle)); + openssl_handle_handshake_failure (ctx); return 0; } session_transport_closing_notify (&ctx->connection); diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index 33f1e26fd6d..7b53a47023a 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -235,7 +235,7 @@ session_delete (session_t * s) /* Delete from the main lookup table. */ if ((rv = session_lookup_del_session (s))) - clib_warning ("hash delete error, rv %d", rv); + clib_warning ("session %u hash delete rv %d", s->session_index, rv); session_free_w_fifos (s); } diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 1358f9cb345..4fff72f1cda 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -411,6 +411,7 @@ tls_session_accept_callback (session_t * tls_session) tls_session->opaque = ctx_handle; ctx->tls_session_handle = session_handle (tls_session); ctx->listener_ctx_index = tls_listener->opaque; + ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; /* Preallocate app session. Avoids allocating a session post handshake * on tls_session rx and potentially invalidating the session pool */ @@ -469,6 +470,7 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, ctx->c_thread_index = vlib_get_thread_index (); ctx->tls_ctx_handle = ctx_handle; + ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x", ho_ctx_index, is_fail, vlib_get_thread_index (), |