aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-01-14 23:33:46 -0800
committerDave Barach <openvpp@barachs.net>2019-01-17 20:31:54 +0000
commit58a93e8ef288b0bae75ec7186ba96bdcaf85d0d4 (patch)
tree2345aa718a507bd8bfc1857d705e9614e408be18 /src/vnet/tls
parent72b04288d9a670829050a6ca5d931ae5b55b33ed (diff)
tls: preallocate app sessions on connect/accept
Avoid allocating session and possibly reallocating thread session pool on builtin session rx. Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/tls')
-rw-r--r--src/vnet/tls/tls.c25
-rw-r--r--src/vnet/tls/tls.h7
2 files changed, 22 insertions, 10 deletions
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 34de539b295..d51d5dbaa38 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -206,7 +206,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
app = application_get (app_wrk->app_index);
lctx = tls_listener_ctx_get (ctx->listener_ctx_index);
- app_session = session_alloc (vlib_get_thread_index ());
+ app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
app_session->app_wrk_index = ctx->parent_app_index;
app_session->connection_index = ctx->tls_ctx_handle;
@@ -221,7 +221,6 @@ tls_notify_app_accept (tls_ctx_t * ctx)
TLS_DBG (1, "failed to allocate fifos");
return rv;
}
- ctx->c_s_index = app_session->session_index;
ctx->app_session_handle = session_handle (app_session);
session_lookup_add_connection (&ctx->connection,
session_handle (app_session));
@@ -251,7 +250,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
goto failed;
sm = app_worker_get_connect_segment_manager (app_wrk);
- app_session = session_alloc (vlib_get_thread_index ());
+ app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
app_session->app_wrk_index = ctx->parent_app_index;
app_session->connection_index = ctx->tls_ctx_handle;
app_session->session_type =
@@ -261,7 +260,6 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
if (session_alloc_fifos (sm, app_session))
goto failed;
- ctx->app_session_handle = session_handle (app_session);
app_session->session_state = SESSION_STATE_CONNECTING;
if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context,
app_session, 0 /* not failed */ ))
@@ -271,9 +269,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
return -1;
}
- /* parent_app_api_context should not be overwitten before used,
- * so defer setting c_s_index */
- ctx->c_s_index = app_session->session_index;
+ ctx->app_session_handle = session_handle (app_session);
app_session->session_state = SESSION_STATE_READY;
session_lookup_add_connection (&ctx->connection,
session_handle (app_session));
@@ -405,7 +401,7 @@ tls_session_disconnect_callback (stream_session_t * tls_session)
int
tls_session_accept_callback (stream_session_t * tls_session)
{
- stream_session_t *tls_listener;
+ stream_session_t *tls_listener, *app_session;
tls_ctx_t *lctx, *ctx;
u32 ctx_handle;
@@ -422,6 +418,12 @@ tls_session_accept_callback (stream_session_t * tls_session)
ctx->tls_session_handle = session_handle (tls_session);
ctx->listener_ctx_index = tls_listener->opaque;
+ /* Preallocate app session. Avoids allocating a session post handshake
+ * on tls_session rx and potentially invalidating the session pool */
+ app_session = session_alloc (ctx->c_thread_index);
+ app_session->session_state = SESSION_STATE_CLOSED;
+ ctx->c_s_index = app_session->session_index;
+
TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
@@ -453,6 +455,7 @@ int
tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
stream_session_t * tls_session, u8 is_fail)
{
+ stream_session_t *app_session;
tls_ctx_t *ho_ctx, *ctx;
u32 ctx_handle;
@@ -496,6 +499,12 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
tls_session->opaque = ctx_handle;
tls_session->session_state = SESSION_STATE_READY;
+ /* Preallocate app session. Avoids allocating a session post handshake
+ * on tls_session rx and potentially invalidating the session pool */
+ app_session = session_alloc (ctx->c_thread_index);
+ app_session->session_state = SESSION_STATE_CLOSED;
+ ctx->c_s_index = app_session->session_index;
+
return tls_ctx_init_client (ctx);
}
diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index 09f1bdc7b07..c4f04673f2e 100644
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -39,7 +39,10 @@
typedef CLIB_PACKED (struct tls_cxt_id_
{
u32 parent_app_index;
- session_handle_t app_session_handle;
+ union {
+ session_handle_t app_session_handle;
+ u32 parent_app_api_ctx;
+ };
session_handle_t tls_session_handle;
u32 ssl_ctx;
u32 listener_ctx_index;
@@ -67,7 +70,7 @@ typedef struct tls_ctx_
#define tls_ctx_handle c_c_index
/* Temporary storage for session open opaque. Overwritten once
* underlying tcp connection is established */
-#define parent_app_api_context c_s_index
+#define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx
u8 is_passive_close;
u8 resume;