diff options
| author |   Florin Coras <fcoras@cisco.com> | 2019-01-14 23:33:46 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-01-17 20:31:54 +0000 |
| commit | 58a93e8ef288b0bae75ec7186ba96bdcaf85d0d4 (patch) | |
| tree | 2345aa718a507bd8bfc1857d705e9614e408be18 /src/vnet/tls | |
| parent | 72b04288d9a670829050a6ca5d931ae5b55b33ed (diff) | |
tls: preallocate app sessions on connect/accept
Avoid allocating session and possibly reallocating thread session pool
on builtin session rx.
Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/tls')
| -rw-r--r-- | src/vnet/tls/tls.c | 25 | ||||
| -rw-r--r-- | src/vnet/tls/tls.h | 7 |
2 files changed, 22 insertions, 10 deletions
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 34de539b295..d51d5dbaa38 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -206,7 +206,7 @@ tls_notify_app_accept (tls_ctx_t * ctx) app = application_get (app_wrk->app_index); lctx = tls_listener_ctx_get (ctx->listener_ctx_index); - app_session = session_alloc (vlib_get_thread_index ()); + app_session = session_get (ctx->c_s_index, ctx->c_thread_index); app_session->app_wrk_index = ctx->parent_app_index; app_session->connection_index = ctx->tls_ctx_handle; @@ -221,7 +221,6 @@ tls_notify_app_accept (tls_ctx_t * ctx) TLS_DBG (1, "failed to allocate fifos"); return rv; } - ctx->c_s_index = app_session->session_index; ctx->app_session_handle = session_handle (app_session); session_lookup_add_connection (&ctx->connection, session_handle (app_session)); @@ -251,7 +250,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) goto failed; sm = app_worker_get_connect_segment_manager (app_wrk); - app_session = session_alloc (vlib_get_thread_index ()); + app_session = session_get (ctx->c_s_index, ctx->c_thread_index); app_session->app_wrk_index = ctx->parent_app_index; app_session->connection_index = ctx->tls_ctx_handle; app_session->session_type = @@ -261,7 +260,6 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) if (session_alloc_fifos (sm, app_session)) goto failed; - ctx->app_session_handle = session_handle (app_session); app_session->session_state = SESSION_STATE_CONNECTING; if (cb_fn (ctx->parent_app_index, ctx->parent_app_api_context, app_session, 0 /* not failed */ )) @@ -271,9 +269,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) return -1; } - /* parent_app_api_context should not be overwitten before used, - * so defer setting c_s_index */ - ctx->c_s_index = app_session->session_index; + ctx->app_session_handle = session_handle (app_session); app_session->session_state = SESSION_STATE_READY; session_lookup_add_connection (&ctx->connection, session_handle (app_session)); @@ -405,7 +401,7 @@ tls_session_disconnect_callback (stream_session_t * tls_session) int tls_session_accept_callback (stream_session_t * tls_session) { - stream_session_t *tls_listener; + stream_session_t *tls_listener, *app_session; tls_ctx_t *lctx, *ctx; u32 ctx_handle; @@ -422,6 +418,12 @@ tls_session_accept_callback (stream_session_t * tls_session) ctx->tls_session_handle = session_handle (tls_session); ctx->listener_ctx_index = tls_listener->opaque; + /* Preallocate app session. Avoids allocating a session post handshake + * on tls_session rx and potentially invalidating the session pool */ + app_session = session_alloc (ctx->c_thread_index); + app_session->session_state = SESSION_STATE_CLOSED; + ctx->c_s_index = app_session->session_index; + TLS_DBG (1, "Accept on listener %u new connection [%u]%x", tls_listener->opaque, vlib_get_thread_index (), ctx_handle); @@ -453,6 +455,7 @@ int tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, stream_session_t * tls_session, u8 is_fail) { + stream_session_t *app_session; tls_ctx_t *ho_ctx, *ctx; u32 ctx_handle; @@ -496,6 +499,12 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, tls_session->opaque = ctx_handle; tls_session->session_state = SESSION_STATE_READY; + /* Preallocate app session. Avoids allocating a session post handshake + * on tls_session rx and potentially invalidating the session pool */ + app_session = session_alloc (ctx->c_thread_index); + app_session->session_state = SESSION_STATE_CLOSED; + ctx->c_s_index = app_session->session_index; + return tls_ctx_init_client (ctx); } diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 09f1bdc7b07..c4f04673f2e 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -39,7 +39,10 @@ typedef CLIB_PACKED (struct tls_cxt_id_ { u32 parent_app_index; - session_handle_t app_session_handle; + union { + session_handle_t app_session_handle; + u32 parent_app_api_ctx; + }; session_handle_t tls_session_handle; u32 ssl_ctx; u32 listener_ctx_index; @@ -67,7 +70,7 @@ typedef struct tls_ctx_ #define tls_ctx_handle c_c_index /* Temporary storage for session open opaque. Overwritten once * underlying tcp connection is established */ -#define parent_app_api_context c_s_index +#define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx u8 is_passive_close; u8 resume; |