vcl session: refactor passing of crypto context

Pass tls/quic crypto context using extended config instead of bloating conect/listen messages. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0bc637ae310e6c31ef1e16847501dcb81453ee94
author: Florin Coras <fcoras@cisco.com> 2021-04-21 09:05:56 -0700
committer: Florin Coras <florin.coras@gmail.com> 2021-04-22 16:07:11 +0000
commit: a54b62d77794dee48510e7c128d3ab2fc90934b3 (patch)
tree: 019fb22c41ccf585c6a99bb778dc291f672abdc1 /src/vnet
parent: c7e7819ad5c152168a5f1a217c3b72043fd48797 (diff)
7 files changed, 72 insertions, 61 deletions
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index a93e4b9dbbf..56a514192af 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -615,7 +615,7 @@ app_rx_mqs_alloc (application_t *app)
   cfg->q_nitems = evt_q_length;
   cfg->ring_cfgs = rc;
 
-  eqs->ssvm.ssvm_size = svm_msg_q_size_to_alloc (cfg) * n_mqs + (16 << 10);
+  eqs->ssvm.ssvm_size = svm_msg_q_size_to_alloc (cfg) * n_mqs + (1 << 20);
   eqs->ssvm.name = format (0, "%s-rx-mqs-seg%c", app->name, 0);
 
   if (ssvm_server_init (&eqs->ssvm, SSVM_SEGMENT_MEMFD))
diff --git a/src/vnet/session/application_interface.c b/src/vnet/session/application_interface.c
index a6d1a029f13..74f456a1eab 100644
--- a/src/vnet/session/application_interface.c
+++ b/src/vnet/session/application_interface.c
@@ -51,15 +51,6 @@ unformat_vnet_uri (unformat_input_t * input, va_list * args)
       sep->is_ip4 = 1;
       return 1;
     }
-  else if (unformat (input, "%U://[%s]%U/%d", unformat_transport_proto,
-		     &transport_proto, &sep->hostname, unformat_ip4_address,
-		     &sep->ip.ip4, &port))
-    {
-      sep->transport_proto = transport_proto;
-      sep->port = clib_host_to_net_u16 (port);
-      sep->is_ip4 = 1;
-      return 1;
-    }
   else if (unformat (input, "%U://%U/%d", unformat_transport_proto,
 		     &transport_proto, unformat_ip6_address, &sep->ip.ip6,
 		     &port))
@@ -69,15 +60,6 @@ unformat_vnet_uri (unformat_input_t * input, va_list * args)
       sep->is_ip4 = 0;
       return 1;
     }
-  else if (unformat (input, "%U://[%s]%U/%d", unformat_transport_proto,
-		     &transport_proto, &sep->hostname, unformat_ip6_address,
-		     &sep->ip.ip6, &port))
-    {
-      sep->transport_proto = transport_proto;
-      sep->port = clib_host_to_net_u16 (port);
-      sep->is_ip4 = 0;
-      return 1;
-    }
   else if (unformat (input, "%U://session/%lu", unformat_transport_proto,
 		     &transport_proto, &sep->parent_handle))
     {
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h
index be6c74c6529..ba148e287ad 100644
--- a/src/vnet/session/application_interface.h
+++ b/src/vnet/session/application_interface.h
@@ -314,8 +314,6 @@ typedef struct session_listen_msg_
   u8 proto;
   u8 is_ip4;
   ip46_address_t ip;
-  u32 ckpair_index;
-  u8 crypto_engine;
   u8 flags;
   uword ext_config;
 } __clib_packed session_listen_msg_t;
@@ -399,18 +397,7 @@ typedef struct session_connect_msg_
   u32 ckpair_index;
   u8 crypto_engine;
   u8 flags;
-  union
-  {
-    struct
-    {
-      u8 hostname[16];
-      u8 hostname_len;
-    } __clib_packed;
-    struct
-    {
-      uword ext_config;
-    } __clib_packed;
-  };
+  uword ext_config;
 } __clib_packed session_connect_msg_t;
 
 STATIC_ASSERT (sizeof (session_connect_msg_t) <= SESSION_CTRL_MSG_MAX_SIZE,
@@ -870,6 +857,20 @@ typedef struct app_sapi_msg_
   };
 } __clib_packed app_sapi_msg_t;
 
+static inline void
+session_endpoint_alloc_ext_cfg (session_endpoint_cfg_t *sep_ext,
+				transport_endpt_ext_cfg_type_t type)
+{
+  transport_endpt_ext_cfg_t *cfg;
+  u32 cfg_size;
+
+  cfg_size = sizeof (transport_endpt_ext_cfg_t);
+  cfg = clib_mem_alloc (cfg_size);
+  clib_memset (cfg, 0, cfg_size);
+  cfg->type = type;
+  sep_ext->ext_cfg = cfg;
+}
+
 #endif /* __included_uri_h__ */
 
 /*
diff --git a/src/vnet/session/session_node.c b/src/vnet/session/session_node.c
index a4db02362d3..93ed7b7c3f2 100644
--- a/src/vnet/session/session_node.c
+++ b/src/vnet/session/session_node.c
@@ -78,8 +78,6 @@ session_mq_listen_handler (void *data)
   a->sep.fib_index = mp->vrf;
   a->sep.sw_if_index = ENDPOINT_INVALID_INDEX;
   a->sep.transport_proto = mp->proto;
-  a->sep_ext.ckpair_index = mp->ckpair_index;
-  a->sep_ext.crypto_engine = mp->crypto_engine;
   a->app_index = app->app_index;
   a->wrk_map_index = mp->wrk_index;
   a->sep_ext.transport_flags = mp->flags;
@@ -151,14 +149,7 @@ session_mq_connect_handler (void *data)
   a->sep.peer.port = mp->lcl_port;
   a->sep.peer.sw_if_index = ENDPOINT_INVALID_INDEX;
   a->sep_ext.parent_handle = mp->parent_handle;
-  a->sep_ext.ckpair_index = mp->ckpair_index;
-  a->sep_ext.crypto_engine = mp->crypto_engine;
   a->sep_ext.transport_flags = mp->flags;
-  if (mp->hostname_len)
-    {
-      vec_validate (a->sep_ext.hostname, mp->hostname_len - 1);
-      clib_memcpy_fast (a->sep_ext.hostname, mp->hostname, mp->hostname_len);
-    }
   a->api_context = mp->context;
   a->app_index = app->app_index;
   a->wrk_map_index = mp->wrk_index;
@@ -175,8 +166,6 @@ session_mq_connect_handler (void *data)
 
   if (mp->ext_config)
     session_mq_free_ext_config (app, mp->ext_config);
-
-  vec_free (a->sep_ext.hostname);
 }
 
 static void
diff --git a/src/vnet/session/session_types.h b/src/vnet/session/session_types.h
index 148f100f512..9211df9e46d 100644
--- a/src/vnet/session/session_types.h
+++ b/src/vnet/session/session_types.h
@@ -44,10 +44,7 @@ typedef struct _session_endpoint_cfg
   u32 opaque;
   u32 ns_index;
   u8 original_tp;
-  u8 *hostname;
   u64 parent_handle;
-  u32 ckpair_index;
-  u8 crypto_engine;
   u8 flags;
   transport_endpt_ext_cfg_t *ext_cfg;
 } session_endpoint_cfg_t;
@@ -83,8 +80,8 @@ typedef struct _session_endpoint_cfg
     .fib_index = ENDPOINT_INVALID_INDEX, .is_ip4 = 0, .port = 0,              \
     .peer = TRANSPORT_ENDPOINT_NULL, .transport_proto = 0,                    \
     .app_wrk_index = ENDPOINT_INVALID_INDEX,                                  \
-    .opaque = ENDPOINT_INVALID_INDEX, .hostname = 0,                          \
-    .parent_handle = SESSION_INVALID_HANDLE, .ckpair_index = 0, .ext_cfg = 0, \
+    .opaque = ENDPOINT_INVALID_INDEX,                                         \
+    .parent_handle = SESSION_INVALID_HANDLE, .ext_cfg = 0,                    \
   }
 
 #define session_endpoint_to_transport(_sep) ((transport_endpoint_t *)_sep)
diff --git a/src/vnet/session/transport_types.h b/src/vnet/session/transport_types.h
index 0041adb2c64..7ea8d5f0416 100644
--- a/src/vnet/session/transport_types.h
+++ b/src/vnet/session/transport_types.h
@@ -259,11 +259,28 @@ typedef struct transport_endpt_attr_
   };
 } transport_endpt_attr_t;
 
+typedef enum transport_endpt_ext_cfg_type_
+{
+  TRANSPORT_ENDPT_EXT_CFG_NONE,
+  TRANSPORT_ENDPT_EXT_CFG_CRYPTO,
+} transport_endpt_ext_cfg_type_t;
+
+typedef struct transport_endpt_crypto_cfg_
+{
+  u32 ckpair_index;
+  u8 crypto_engine;
+  u8 hostname[256]; /**< full domain len is 255 as per rfc 3986 */
+} transport_endpt_crypto_cfg_t;
+
 typedef struct transport_endpt_ext_cfg_
 {
   u16 type;
   u16 len;
-  u8 data[0];
+  union
+  {
+    transport_endpt_crypto_cfg_t crypto;
+    u8 data[0];
+  };
 } transport_endpt_ext_cfg_t;
 
 typedef clib_bihash_24_8_t transport_endpoint_table_t;
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index a950f142932..808c151dac5 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -280,8 +280,15 @@ tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type)
 }
 
 static inline crypto_engine_type_t
-tls_get_engine_type (crypto_engine_type_t preferred)
+tls_get_engine_type (crypto_engine_type_t requested,
+		     crypto_engine_type_t preferred)
 {
+  if (requested != CRYPTO_ENGINE_NONE)
+    {
+      if (tls_vfts[requested].ctx_alloc)
+	return requested;
+      return CRYPTO_ENGINE_NONE;
+    }
   if (!tls_vfts[preferred].ctx_alloc)
     return tls_get_available_engine ();
   return preferred;
@@ -662,6 +669,7 @@ int
 tls_connect (transport_endpoint_cfg_t * tep)
 {
   vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs;
+  transport_endpt_crypto_cfg_t *ccfg;
   crypto_engine_type_t engine_type;
   session_endpoint_cfg_t *sep;
   tls_main_t *tm = &tls_main;
@@ -672,9 +680,14 @@ tls_connect (transport_endpoint_cfg_t * tep)
   int rv;
 
   sep = (session_endpoint_cfg_t *) tep;
+  if (!sep->ext_cfg)
+    return -1;
+
   app_wrk = app_worker_get (sep->app_wrk_index);
   app = application_get (app_wrk->app_index);
-  engine_type = tls_get_engine_type (app->tls_engine);
+
+  ccfg = &sep->ext_cfg->crypto;
+  engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine);
   if (engine_type == CRYPTO_ENGINE_NONE)
     {
       clib_warning ("No tls engine_type available");
@@ -686,11 +699,11 @@ tls_connect (transport_endpoint_cfg_t * tep)
   ctx->parent_app_wrk_index = sep->app_wrk_index;
   ctx->parent_app_api_context = sep->opaque;
   ctx->tcp_is_ip4 = sep->is_ip4;
-  ctx->ckpair_index = sep->ckpair_index;
   ctx->tls_type = sep->transport_proto;
-  if (sep->hostname)
+  ctx->ckpair_index = ccfg->ckpair_index;
+  if (ccfg->hostname[0])
     {
-      ctx->srv_hostname = format (0, "%v", sep->hostname);
+      ctx->srv_hostname = format (0, "%s", ccfg->hostname);
       vec_terminate_c_string (ctx->srv_hostname);
     }
   tls_ctx_half_open_reader_unlock ();
@@ -725,6 +738,7 @@ u32
 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
 {
   vnet_listen_args_t _bargs, *args = &_bargs;
+  transport_endpt_crypto_cfg_t *ccfg;
   app_worker_t *app_wrk;
   tls_main_t *tm = &tls_main;
   session_handle_t tls_al_handle;
@@ -738,9 +752,14 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
   u32 lctx_index;
 
   sep = (session_endpoint_cfg_t *) tep;
+  if (!sep->ext_cfg)
+    return -1;
+
   app_wrk = app_worker_get (sep->app_wrk_index);
   app = application_get (app_wrk->app_index);
-  engine_type = tls_get_engine_type (app->tls_engine);
+
+  ccfg = &sep->ext_cfg->crypto;
+  engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine);
   if (engine_type == CRYPTO_ENGINE_NONE)
     {
       clib_warning ("No tls engine_type available");
@@ -774,8 +793,8 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
   lctx->app_session_handle = listen_session_get_handle (app_listener);
   lctx->tcp_is_ip4 = sep->is_ip4;
   lctx->tls_ctx_engine = engine_type;
-  lctx->ckpair_index = sep->ckpair_index;
   lctx->tls_type = sep->transport_proto;
+  lctx->ckpair_index = ccfg->ckpair_index;
 
   if (tls_vfts[engine_type].ctx_start_listen (lctx))
     {
@@ -1076,6 +1095,7 @@ int
 dtls_connect (transport_endpoint_cfg_t *tep)
 {
   vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs;
+  transport_endpt_crypto_cfg_t *ccfg;
   crypto_engine_type_t engine_type;
   session_endpoint_cfg_t *sep;
   tls_main_t *tm = &tls_main;
@@ -1086,9 +1106,14 @@ dtls_connect (transport_endpoint_cfg_t *tep)
   int rv;
 
   sep = (session_endpoint_cfg_t *) tep;
+  if (!sep->ext_cfg)
+    return -1;
+
   app_wrk = app_worker_get (sep->app_wrk_index);
   app = application_get (app_wrk->app_index);
-  engine_type = tls_get_engine_type (app->tls_engine);
+
+  ccfg = &sep->ext_cfg->crypto;
+  engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine);
   if (engine_type == CRYPTO_ENGINE_NONE)
     {
       clib_warning ("No tls engine_type available");
@@ -1100,12 +1125,12 @@ dtls_connect (transport_endpoint_cfg_t *tep)
   ctx->parent_app_wrk_index = sep->app_wrk_index;
   ctx->parent_app_api_context = sep->opaque;
   ctx->tcp_is_ip4 = sep->is_ip4;
-  ctx->ckpair_index = sep->ckpair_index;
+  ctx->ckpair_index = ccfg->ckpair_index;
   ctx->tls_type = sep->transport_proto;
   ctx->tls_ctx_handle = ctx_handle;
-  if (sep->hostname)
+  if (ccfg->hostname[0])
     {
-      ctx->srv_hostname = format (0, "%v", sep->hostname);
+      ctx->srv_hostname = format (0, "%s", ccfg->hostname);
       vec_terminate_c_string (ctx->srv_hostname);
     }
author	Florin Coras <fcoras@cisco.com>	2021-04-21 09:05:56 -0700
committer	Florin Coras <florin.coras@gmail.com>	2021-04-22 16:07:11 +0000
commit	a54b62d77794dee48510e7c128d3ab2fc90934b3 (patch)
tree	019fb22c41ccf585c6a99bb778dc291f672abdc1 /src/vnet
parent	c7e7819ad5c152168a5f1a217c3b72043fd48797 (diff)