diff options
Diffstat (limited to 'src/plugins/tlspicotls/tls_picotls.c')
-rw-r--r-- | src/plugins/tlspicotls/tls_picotls.c | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index ba1fdd8c05c..7375b928206 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -27,11 +27,11 @@ static ptls_key_exchange_algorithm_t *default_key_exchange[] = { static u32 picotls_ctx_alloc (void) { - u8 thread_id = vlib_get_thread_index (); + u32 thread_id = vlib_get_thread_index (); picotls_main_t *pm = &picotls_main; picotls_ctx_t **ctx; - pool_get (pm->ctx_pool[thread_id], ctx); + pool_get_aligned_safe (pm->ctx_pool[thread_id], ctx, CLIB_CACHE_LINE_BYTES); if (!(*ctx)) *ctx = clib_mem_alloc (sizeof (picotls_ctx_t)); @@ -179,8 +179,7 @@ picotls_stop_listen (tls_ctx_t * lctx) static void picotls_handle_handshake_failure (tls_ctx_t * ctx) { - session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; + ctx->flags |= TLS_CONN_F_NO_APP_SESSION; ctx->c_s_index = SESSION_INVALID_INDEX; tls_disconnect_transport (ctx); } @@ -205,6 +204,22 @@ picotls_transport_close (tls_ctx_t * ctx) } static int +picotls_transport_reset (tls_ctx_t *ctx) +{ + if (!picotls_handshake_is_over (ctx)) + { + picotls_handle_handshake_failure (ctx); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + + return 0; +} + +static int picotls_app_close (tls_ctx_t * ctx) { session_t *app_session; @@ -213,7 +228,7 @@ picotls_app_close (tls_ctx_t * ctx) if (!svm_fifo_max_dequeue_cons (app_session->tx_fifo)) picotls_confirm_app_close (ctx); else - ctx->app_closed = 1; + ctx->flags |= TLS_CONN_F_APP_CLOSED; return 0; } @@ -224,14 +239,14 @@ picotls_do_handshake (picotls_ctx_t *ptls_ctx, session_t *tcp_session) int rv = PTLS_ERROR_IN_PROGRESS, write = 0, i = 0, read = 0, len; svm_fifo_t *tcp_rx_fifo = tcp_session->rx_fifo; ptls_buffer_t *buf = &ptls_ctx->read_buffer; - const int n_segs = 2, max_len = 16384; + u32 n_segs = 2, max_len = 16384; ptls_t *tls = ptls_ctx->tls; svm_fifo_seg_t fs[n_segs]; uword deq_now; ptls_buffer_init (buf, "", 0); - len = svm_fifo_segments (tcp_rx_fifo, 0, fs, n_segs, max_len); + len = svm_fifo_segments (tcp_rx_fifo, 0, fs, &n_segs, max_len); if (len <= 0) return 0; @@ -309,7 +324,7 @@ ptls_tcp_to_app_write (picotls_ctx_t *ptls_ctx, svm_fifo_t *app_rx_fifo, u32 ai = 0, thread_index, min_buf_len, to_copy, left, wrote = 0; ptls_buffer_t *buf = &ptls_ctx->read_buffer; int ret, i = 0, read = 0, tcp_len, n_fs_app; - const int n_segs = 4, max_len = 1 << 16; + u32 n_segs = 4, max_len = 1 << 16; svm_fifo_seg_t tcp_fs[n_segs], app_fs[n_segs]; picotls_main_t *pm = &picotls_main; uword deq_now; @@ -321,7 +336,7 @@ ptls_tcp_to_app_write (picotls_ctx_t *ptls_ctx, svm_fifo_t *app_rx_fifo, if (n_fs_app <= 0) return 0; - tcp_len = svm_fifo_segments (tcp_rx_fifo, 0, tcp_fs, n_segs, max_len); + tcp_len = svm_fifo_segments (tcp_rx_fifo, 0, tcp_fs, &n_segs, max_len); if (tcp_len <= 0) return 0; @@ -437,6 +452,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session) } } + ctx->flags |= TLS_CONN_F_HS_DONE; if (!svm_fifo_max_dequeue (tcp_session->rx_fifo)) return 0; } @@ -445,7 +461,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session) app_session = session_get_from_handle (ctx->app_session_handle); wrote = ptls_tcp_to_app_write (ptls_ctx, app_session->rx_fifo, tcp_rx_fifo); - if (wrote && app_session->session_state >= SESSION_STATE_READY) + if (wrote) tls_notify_app_enqueue (ctx, app_session); if (ptls_ctx->read_buffer_offset || svm_fifo_max_dequeue (tcp_rx_fifo)) @@ -489,7 +505,7 @@ ptls_app_to_tcp_write (picotls_ctx_t *ptls_ctx, session_t *app_session, { u32 wrote = 0, max_enq, thread_index, app_buf_len, left, ti = 0; int read = 0, rv, i = 0, len, n_tcp_segs = 4, deq_len; - const int n_app_segs = 2, min_chunk = 2048; + u32 n_app_segs = 2, min_chunk = 2048; svm_fifo_seg_t app_fs[n_app_segs], tcp_fs[n_tcp_segs]; picotls_main_t *pm = &picotls_main; ptls_buffer_t _buf, *buf = &_buf; @@ -500,7 +516,7 @@ ptls_app_to_tcp_write (picotls_ctx_t *ptls_ctx, session_t *app_session, thread_index = app_session->thread_index; app_tx_fifo = app_session->tx_fifo; - len = svm_fifo_segments (app_tx_fifo, 0, app_fs, n_app_segs, max_len); + len = svm_fifo_segments (app_tx_fifo, 0, app_fs, &n_app_segs, max_len); if (len <= 0) return 0; @@ -625,7 +641,7 @@ picotls_ctx_write (tls_ctx_t *ctx, session_t *app_session, check_tls_fifo: - if (ctx->app_closed) + if (ctx->flags & TLS_CONN_F_APP_CLOSED) picotls_app_close (ctx); /* Deschedule and wait for deq notification if fifo is almost full */ @@ -722,6 +738,13 @@ picotls_init_client_ptls_ctx (ptls_context_t **client_ptls_ctx) return 0; } +int +picotls_reinit_ca_chain (void) +{ + /* Not supported yet */ + return 0; +} + const static tls_engine_vft_t picotls_engine = { .ctx_alloc = picotls_ctx_alloc, .ctx_free = picotls_ctx_free, @@ -735,7 +758,9 @@ const static tls_engine_vft_t picotls_engine = { .ctx_read = picotls_ctx_read, .ctx_write = picotls_ctx_write, .ctx_transport_close = picotls_transport_close, + .ctx_transport_reset = picotls_transport_reset, .ctx_app_close = picotls_app_close, + .ctx_reinit_cachain = picotls_reinit_ca_chain, }; static clib_error_t * @@ -761,18 +786,14 @@ tls_picotls_init (vlib_main_t * vm) return error; } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (tls_picotls_init) = { .runs_after = VLIB_INITS ("tls_init"), }; -/* *INDENT-ON* */ -/* *INDENT-OFF* */ VLIB_PLUGIN_REGISTER () = { .version = VPP_BUILD_VER, .description = "Transport Layer Security (TLS) Engine, Picotls Based", }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON |