summaryrefslogtreecommitdiffstats
path: root/src/vcl/vcl_bapi.c
diff options
context:
space:
mode:
authorPing Yu <ping.yu@intel.com>2018-11-30 19:16:17 -0500
committerFlorin Coras <florin.coras@gmail.com>2019-01-04 19:55:47 +0000
commit34a3a08d993cbbb3846b83b69b5338d452463e15 (patch)
tree3613106e74772d42036c0d547aaae81898e5aec2 /src/vcl/vcl_bapi.c
parent33331edd3ab8c2c2109203be7568587664f08abc (diff)
Add TLS support for VCL
Ater this patch, vcl_test_client and vcl_test_server can work happily with TLS connection. "-S" is to indicate TLS connection. Change-Id: I761894b0b5929912691625f0fe63604725b55978 Signed-off-by: Ping Yu <ping.yu@intel.com>
Diffstat (limited to 'src/vcl/vcl_bapi.c')
-rw-r--r--src/vcl/vcl_bapi.c64
1 files changed, 64 insertions, 0 deletions
diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c
index b513bd7a6b3..de5e80a55b3 100644
--- a/src/vcl/vcl_bapi.c
+++ b/src/vcl/vcl_bapi.c
@@ -367,6 +367,31 @@ vl_api_connect_session_reply_t_handler (vl_api_connect_sock_reply_t * mp)
ntohl (mp->retval));
}
+static void
+ vl_api_application_tls_cert_add_reply_t_handler
+ (vl_api_application_tls_cert_add_reply_t * mp)
+{
+ if (mp->retval)
+ {
+ clib_warning ("VCL<%d>: add cert failed: %U", getpid (),
+ format_api_error, ntohl (mp->retval));
+ return;
+ }
+}
+
+static void
+ vl_api_application_tls_key_add_reply_t_handler
+ (vl_api_application_tls_key_add_reply_t * mp)
+{
+ if (mp->retval)
+ {
+ clib_warning ("VCL<%d>: add key failed: %U", getpid (),
+ format_api_error, ntohl (mp->retval));
+ return;
+ }
+
+}
+
#define foreach_sock_msg \
_(SESSION_ENABLE_DISABLE_REPLY, session_enable_disable_reply) \
_(BIND_SOCK_REPLY, bind_sock_reply) \
@@ -375,6 +400,8 @@ _(CONNECT_SESSION_REPLY, connect_session_reply) \
_(DISCONNECT_SESSION_REPLY, disconnect_session_reply) \
_(APPLICATION_ATTACH_REPLY, application_attach_reply) \
_(APPLICATION_DETACH_REPLY, application_detach_reply) \
+_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \
+_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \
_(MAP_ANOTHER_SEGMENT, map_another_segment) \
_(UNMAP_SEGMENT, unmap_segment) \
_(APP_CUT_THROUGH_REGISTRATION_ADD, app_cut_through_registration_add) \
@@ -444,6 +471,7 @@ vppcom_app_send_attach (void)
bmp->options[APP_OPTIONS_PREALLOC_FIFO_PAIRS] =
vcm->cfg.preallocated_fifo_pairs;
bmp->options[APP_OPTIONS_EVT_QUEUE_SIZE] = vcm->cfg.event_queue_size;
+ bmp->options[APP_OPTIONS_TLS_ENGINE] = TLS_ENGINE_OPENSSL;
if (nsid_len)
{
bmp->namespace_id_len = nsid_len;
@@ -596,6 +624,42 @@ vppcom_send_accept_session_reply (u64 handle, u32 context, int retval)
vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & rmp);
}
+void
+vppcom_send_application_tls_cert_add (vcl_session_t * session, char *cert,
+ u32 cert_len)
+{
+ vcl_worker_t *wrk = vcl_worker_get_current ();
+ vl_api_application_tls_cert_add_t *cert_mp;
+
+ cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + cert_len);
+ clib_memset (cert_mp, 0, sizeof (*cert_mp));
+ cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD);
+ cert_mp->client_index = wrk->my_client_index;
+ cert_mp->context = session->session_index;
+ cert_mp->cert_len = clib_host_to_net_u16 (cert_len);
+ clib_memcpy_fast (cert_mp->cert, cert, cert_len);
+ vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & cert_mp);
+
+}
+
+void
+vppcom_send_application_tls_key_add (vcl_session_t * session, char *key,
+ u32 key_len)
+{
+ vcl_worker_t *wrk = vcl_worker_get_current ();
+ vl_api_application_tls_key_add_t *key_mp;
+
+ key_mp = vl_msg_api_alloc (sizeof (*key_mp) + key_len);
+ clib_memset (key_mp, 0, sizeof (*key_mp));
+ key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD);
+ key_mp->client_index = wrk->my_client_index;
+ key_mp->context = session->session_index;
+ key_mp->key_len = clib_host_to_net_u16 (key_len);
+ clib_memcpy_fast (key_mp->key, key, key_len);
+ vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & key_mp);
+
+}
+
u32
vcl_max_nsid_len (void)
{