aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
diff options
context:
space:
mode:
authorPing Yu <ping.yu@intel.com>2018-08-13 06:20:00 -0400
committerFlorin Coras <florin.coras@gmail.com>2018-08-17 14:48:10 +0000
commitdecda5b466843b3164ba13f248f9e0bb93111782 (patch)
tree3a33e53c4e42e36e2d37209ab954cddad900bc2c /src/vnet/tls
parent38b99d06ad00d09f406998e23c1d6cf44e11b86e (diff)
optimize init_server to reduce session overhead
move un-necessary session based operation to listener split orignal openssl ctx to be session based ctx and listen ctx Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5 Signed-off-by: Ping Yu <ping.yu@intel.com>
Diffstat (limited to 'src/vnet/tls')
-rw-r--r--src/vnet/tls/tls.c8
-rw-r--r--src/vnet/tls/tls.h4
2 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 88b4548c3aa..4b12248a051 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -541,6 +541,8 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
lctx->tcp_is_ip4 = sep->is_ip4;
lctx->tls_ctx_engine = engine_type;
+ tls_vfts[engine_type].ctx_start_listen (lctx);
+
TLS_DBG (1, "Started listening %d, engine type %d", lctx_index,
engine_type);
return lctx_index;
@@ -552,9 +554,15 @@ tls_stop_listen (u32 lctx_index)
tls_main_t *tm = &tls_main;
application_t *tls_app;
tls_ctx_t *lctx;
+ tls_engine_type_t engine_type;
+
lctx = tls_listener_ctx_get (lctx_index);
tls_app = application_get (tm->app_index);
application_stop_listen (tls_app, lctx->tls_session_handle);
+
+ engine_type = lctx->tls_ctx_engine;
+ tls_vfts[engine_type].ctx_stop_listen (lctx);
+
tls_listener_ctx_free (lctx);
return 0;
}
diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index f67f307550b..5515cb25b8a 100644
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -41,6 +41,7 @@ typedef CLIB_PACKED (struct tls_cxt_id_
u32 parent_app_index;
session_handle_t app_session_handle;
session_handle_t tls_session_handle;
+ u32 ssl_ctx;
u32 listener_ctx_index;
u8 tcp_is_ip4;
u8 tls_engine_id;
@@ -62,6 +63,7 @@ typedef struct tls_ctx_
#define listener_ctx_index c_tls_ctx_id.listener_ctx_index
#define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
#define tls_ctx_engine c_tls_ctx_id.tls_engine_id
+#define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
#define tls_ctx_handle c_c_index
/* Temporary storage for session open opaque. Overwritten once
* underlying tcp connection is established */
@@ -99,6 +101,8 @@ typedef struct tls_engine_vft_
int (*ctx_read) (tls_ctx_t * ctx, stream_session_t * tls_session);
int (*ctx_write) (tls_ctx_t * ctx, stream_session_t * app_session);
u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
+ int (*ctx_start_listen) (tls_ctx_t * ctx);
+ int (*ctx_stop_listen) (tls_ctx_t * ctx);
} tls_engine_vft_t;
typedef enum tls_engine_type_