diff options
| -rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 14 | ||||
| -rw-r--r-- | src/plugins/tlspicotls/tls_picotls.c | 1 | ||||
| -rw-r--r-- | src/vnet/tls/tls.c | 56 |
3 files changed, 15 insertions, 56 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 75e58f6579a..a21e3bb54c1 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -263,8 +263,6 @@ openssl_check_async_status (tls_ctx_t * ctx, openssl_resume_handler * handler, static void openssl_handle_handshake_failure (tls_ctx_t * ctx) { - session_t *app_session; - /* Failed to renegotiate handshake */ if (ctx->flags & TLS_CONN_F_HS_DONE) { @@ -275,18 +273,8 @@ openssl_handle_handshake_failure (tls_ctx_t * ctx) if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) { - /* - * Cleanup pre-allocated app session and close transport - */ - app_session = - session_get_if_valid (ctx->c_s_index, ctx->c_thread_index); - if (app_session) - { - session_free (app_session); - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); - } ctx->flags |= TLS_CONN_F_NO_APP_SESSION; + tls_disconnect_transport (ctx); } else { diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 81c4b2ecf57..7375b928206 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -179,7 +179,6 @@ picotls_stop_listen (tls_ctx_t * lctx) static void picotls_handle_handshake_failure (tls_ctx_t * ctx) { - session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); ctx->flags |= TLS_CONN_F_NO_APP_SESSION; ctx->c_s_index = SESSION_INVALID_INDEX; tls_disconnect_transport (ctx); diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 3c06498e6e0..3096dd53106 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -205,12 +205,13 @@ tls_notify_app_accept (tls_ctx_t * ctx) lctx = tls_listener_ctx_get (ctx->listener_ctx_index); app_listener = listen_session_get_from_handle (lctx->app_session_handle); - app_session = session_get (ctx->c_s_index, ctx->c_thread_index); - app_session->app_wrk_index = ctx->parent_app_wrk_index; - app_session->connection_index = ctx->tls_ctx_handle; + app_session = session_alloc (ctx->c_thread_index); + app_session->session_state = SESSION_STATE_ACCEPTING; app_session->session_type = app_listener->session_type; app_session->listener_handle = listen_session_get_handle (app_listener); - app_session->session_state = SESSION_STATE_ACCEPTING; + app_session->app_wrk_index = ctx->parent_app_wrk_index; + app_session->connection_index = ctx->tls_ctx_handle; + ctx->c_s_index = app_session->session_index; if ((rv = app_worker_init_accepted (app_session))) { @@ -235,43 +236,36 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err) app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index); if (!app_wrk) { - if (ctx->tls_type == TRANSPORT_PROTO_TLS) - session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); ctx->flags |= TLS_CONN_F_NO_APP_SESSION; return -1; } if (err) { - /* Free app session pre-allocated when transport was established */ - if (ctx->tls_type == TRANSPORT_PROTO_TLS) - session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); ctx->flags |= TLS_CONN_F_NO_APP_SESSION; goto send_reply; } - /* For DTLS the app session is not preallocated because the underlying udp - * session might migrate to a different worker during the handshake */ + app_session = session_alloc (ctx->c_thread_index); + app_session->session_state = SESSION_STATE_CREATED; + app_session->connection_index = ctx->tls_ctx_handle; + if (ctx->tls_type == TRANSPORT_PROTO_DTLS) { - session_type_t st; /* Cleanup half-open session as we don't get notification from udp */ session_half_open_delete_notify (&ctx->connection); - app_session = session_alloc (ctx->c_thread_index); - app_session->session_state = SESSION_STATE_CREATED; - ctx->c_s_index = app_session->session_index; - st = + app_session->session_type = session_type_from_proto_and_ip (TRANSPORT_PROTO_DTLS, ctx->tcp_is_ip4); - app_session->session_type = st; - app_session->connection_index = ctx->tls_ctx_handle; } else { - app_session = session_get (ctx->c_s_index, ctx->c_thread_index); + app_session->session_type = + session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4); } app_session->app_wrk_index = ctx->parent_app_wrk_index; app_session->opaque = ctx->parent_app_api_context; + ctx->c_s_index = app_session->session_index; if ((err = app_worker_init_connected (app_wrk, app_session))) { @@ -494,7 +488,7 @@ tls_session_disconnect_callback (session_t * tls_session) int tls_session_accept_callback (session_t * tls_session) { - session_t *tls_listener, *app_session; + session_t *tls_listener; tls_ctx_t *lctx, *ctx; u32 ctx_handle; @@ -514,23 +508,12 @@ tls_session_accept_callback (session_t * tls_session) ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; ctx->ckpair_index = lctx->ckpair_index; - /* Preallocate app session. Avoids allocating a session post handshake - * on tls_session rx and potentially invalidating the session pool */ - app_session = session_alloc (ctx->c_thread_index); - app_session->session_state = SESSION_STATE_CREATED; - app_session->session_type = - session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4); - app_session->connection_index = ctx->tls_ctx_handle; - app_session->app_wrk_index = APP_INVALID_INDEX; - ctx->c_s_index = app_session->session_index; - TLS_DBG (1, "Accept on listener %u new connection [%u]%x", tls_listener->opaque, vlib_get_thread_index (), ctx_handle); if (tls_ctx_init_server (ctx)) { /* Do not free ctx yet, in case we have pending rx events */ - session_free (app_session); ctx->flags |= TLS_CONN_F_NO_APP_SESSION; tls_disconnect_transport (ctx); } @@ -577,9 +560,7 @@ int tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index, session_t *tls_session, session_error_t err) { - session_t *app_session; tls_ctx_t *ho_ctx, *ctx; - session_type_t st; u32 ctx_handle; ho_ctx = tls_ctx_half_open_get (ho_ctx_index); @@ -603,15 +584,6 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index, tls_session->opaque = ctx_handle; tls_session->session_state = SESSION_STATE_READY; - /* Preallocate app session. Avoids allocating a session post handshake - * on tls_session rx and potentially invalidating the session pool */ - app_session = session_alloc (ctx->c_thread_index); - app_session->session_state = SESSION_STATE_CREATED; - ctx->c_s_index = app_session->session_index; - st = session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4); - app_session->session_type = st; - app_session->connection_index = ctx->tls_ctx_handle; - if (tls_ctx_init_client (ctx)) { tls_notify_app_connected (ctx, SESSION_E_TLS_HANDSHAKE); |