diff options
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/session/application.c | 2 | ||||
-rw-r--r-- | src/vnet/session/application_interface.c | 18 | ||||
-rw-r--r-- | src/vnet/session/application_interface.h | 29 | ||||
-rw-r--r-- | src/vnet/session/session_node.c | 11 | ||||
-rw-r--r-- | src/vnet/session/session_types.h | 7 | ||||
-rw-r--r-- | src/vnet/session/transport_types.h | 19 | ||||
-rw-r--r-- | src/vnet/tls/tls.c | 47 |
7 files changed, 72 insertions, 61 deletions
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index a93e4b9dbbf..56a514192af 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -615,7 +615,7 @@ app_rx_mqs_alloc (application_t *app) cfg->q_nitems = evt_q_length; cfg->ring_cfgs = rc; - eqs->ssvm.ssvm_size = svm_msg_q_size_to_alloc (cfg) * n_mqs + (16 << 10); + eqs->ssvm.ssvm_size = svm_msg_q_size_to_alloc (cfg) * n_mqs + (1 << 20); eqs->ssvm.name = format (0, "%s-rx-mqs-seg%c", app->name, 0); if (ssvm_server_init (&eqs->ssvm, SSVM_SEGMENT_MEMFD)) diff --git a/src/vnet/session/application_interface.c b/src/vnet/session/application_interface.c index a6d1a029f13..74f456a1eab 100644 --- a/src/vnet/session/application_interface.c +++ b/src/vnet/session/application_interface.c @@ -51,15 +51,6 @@ unformat_vnet_uri (unformat_input_t * input, va_list * args) sep->is_ip4 = 1; return 1; } - else if (unformat (input, "%U://[%s]%U/%d", unformat_transport_proto, - &transport_proto, &sep->hostname, unformat_ip4_address, - &sep->ip.ip4, &port)) - { - sep->transport_proto = transport_proto; - sep->port = clib_host_to_net_u16 (port); - sep->is_ip4 = 1; - return 1; - } else if (unformat (input, "%U://%U/%d", unformat_transport_proto, &transport_proto, unformat_ip6_address, &sep->ip.ip6, &port)) @@ -69,15 +60,6 @@ unformat_vnet_uri (unformat_input_t * input, va_list * args) sep->is_ip4 = 0; return 1; } - else if (unformat (input, "%U://[%s]%U/%d", unformat_transport_proto, - &transport_proto, &sep->hostname, unformat_ip6_address, - &sep->ip.ip6, &port)) - { - sep->transport_proto = transport_proto; - sep->port = clib_host_to_net_u16 (port); - sep->is_ip4 = 0; - return 1; - } else if (unformat (input, "%U://session/%lu", unformat_transport_proto, &transport_proto, &sep->parent_handle)) { diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h index be6c74c6529..ba148e287ad 100644 --- a/src/vnet/session/application_interface.h +++ b/src/vnet/session/application_interface.h @@ -314,8 +314,6 @@ typedef struct session_listen_msg_ u8 proto; u8 is_ip4; ip46_address_t ip; - u32 ckpair_index; - u8 crypto_engine; u8 flags; uword ext_config; } __clib_packed session_listen_msg_t; @@ -399,18 +397,7 @@ typedef struct session_connect_msg_ u32 ckpair_index; u8 crypto_engine; u8 flags; - union - { - struct - { - u8 hostname[16]; - u8 hostname_len; - } __clib_packed; - struct - { - uword ext_config; - } __clib_packed; - }; + uword ext_config; } __clib_packed session_connect_msg_t; STATIC_ASSERT (sizeof (session_connect_msg_t) <= SESSION_CTRL_MSG_MAX_SIZE, @@ -870,6 +857,20 @@ typedef struct app_sapi_msg_ }; } __clib_packed app_sapi_msg_t; +static inline void +session_endpoint_alloc_ext_cfg (session_endpoint_cfg_t *sep_ext, + transport_endpt_ext_cfg_type_t type) +{ + transport_endpt_ext_cfg_t *cfg; + u32 cfg_size; + + cfg_size = sizeof (transport_endpt_ext_cfg_t); + cfg = clib_mem_alloc (cfg_size); + clib_memset (cfg, 0, cfg_size); + cfg->type = type; + sep_ext->ext_cfg = cfg; +} + #endif /* __included_uri_h__ */ /* diff --git a/src/vnet/session/session_node.c b/src/vnet/session/session_node.c index a4db02362d3..93ed7b7c3f2 100644 --- a/src/vnet/session/session_node.c +++ b/src/vnet/session/session_node.c @@ -78,8 +78,6 @@ session_mq_listen_handler (void *data) a->sep.fib_index = mp->vrf; a->sep.sw_if_index = ENDPOINT_INVALID_INDEX; a->sep.transport_proto = mp->proto; - a->sep_ext.ckpair_index = mp->ckpair_index; - a->sep_ext.crypto_engine = mp->crypto_engine; a->app_index = app->app_index; a->wrk_map_index = mp->wrk_index; a->sep_ext.transport_flags = mp->flags; @@ -151,14 +149,7 @@ session_mq_connect_handler (void *data) a->sep.peer.port = mp->lcl_port; a->sep.peer.sw_if_index = ENDPOINT_INVALID_INDEX; a->sep_ext.parent_handle = mp->parent_handle; - a->sep_ext.ckpair_index = mp->ckpair_index; - a->sep_ext.crypto_engine = mp->crypto_engine; a->sep_ext.transport_flags = mp->flags; - if (mp->hostname_len) - { - vec_validate (a->sep_ext.hostname, mp->hostname_len - 1); - clib_memcpy_fast (a->sep_ext.hostname, mp->hostname, mp->hostname_len); - } a->api_context = mp->context; a->app_index = app->app_index; a->wrk_map_index = mp->wrk_index; @@ -175,8 +166,6 @@ session_mq_connect_handler (void *data) if (mp->ext_config) session_mq_free_ext_config (app, mp->ext_config); - - vec_free (a->sep_ext.hostname); } static void diff --git a/src/vnet/session/session_types.h b/src/vnet/session/session_types.h index 148f100f512..9211df9e46d 100644 --- a/src/vnet/session/session_types.h +++ b/src/vnet/session/session_types.h @@ -44,10 +44,7 @@ typedef struct _session_endpoint_cfg u32 opaque; u32 ns_index; u8 original_tp; - u8 *hostname; u64 parent_handle; - u32 ckpair_index; - u8 crypto_engine; u8 flags; transport_endpt_ext_cfg_t *ext_cfg; } session_endpoint_cfg_t; @@ -83,8 +80,8 @@ typedef struct _session_endpoint_cfg .fib_index = ENDPOINT_INVALID_INDEX, .is_ip4 = 0, .port = 0, \ .peer = TRANSPORT_ENDPOINT_NULL, .transport_proto = 0, \ .app_wrk_index = ENDPOINT_INVALID_INDEX, \ - .opaque = ENDPOINT_INVALID_INDEX, .hostname = 0, \ - .parent_handle = SESSION_INVALID_HANDLE, .ckpair_index = 0, .ext_cfg = 0, \ + .opaque = ENDPOINT_INVALID_INDEX, \ + .parent_handle = SESSION_INVALID_HANDLE, .ext_cfg = 0, \ } #define session_endpoint_to_transport(_sep) ((transport_endpoint_t *)_sep) diff --git a/src/vnet/session/transport_types.h b/src/vnet/session/transport_types.h index 0041adb2c64..7ea8d5f0416 100644 --- a/src/vnet/session/transport_types.h +++ b/src/vnet/session/transport_types.h @@ -259,11 +259,28 @@ typedef struct transport_endpt_attr_ }; } transport_endpt_attr_t; +typedef enum transport_endpt_ext_cfg_type_ +{ + TRANSPORT_ENDPT_EXT_CFG_NONE, + TRANSPORT_ENDPT_EXT_CFG_CRYPTO, +} transport_endpt_ext_cfg_type_t; + +typedef struct transport_endpt_crypto_cfg_ +{ + u32 ckpair_index; + u8 crypto_engine; + u8 hostname[256]; /**< full domain len is 255 as per rfc 3986 */ +} transport_endpt_crypto_cfg_t; + typedef struct transport_endpt_ext_cfg_ { u16 type; u16 len; - u8 data[0]; + union + { + transport_endpt_crypto_cfg_t crypto; + u8 data[0]; + }; } transport_endpt_ext_cfg_t; typedef clib_bihash_24_8_t transport_endpoint_table_t; diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index a950f142932..808c151dac5 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -280,8 +280,15 @@ tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type) } static inline crypto_engine_type_t -tls_get_engine_type (crypto_engine_type_t preferred) +tls_get_engine_type (crypto_engine_type_t requested, + crypto_engine_type_t preferred) { + if (requested != CRYPTO_ENGINE_NONE) + { + if (tls_vfts[requested].ctx_alloc) + return requested; + return CRYPTO_ENGINE_NONE; + } if (!tls_vfts[preferred].ctx_alloc) return tls_get_available_engine (); return preferred; @@ -662,6 +669,7 @@ int tls_connect (transport_endpoint_cfg_t * tep) { vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs; + transport_endpt_crypto_cfg_t *ccfg; crypto_engine_type_t engine_type; session_endpoint_cfg_t *sep; tls_main_t *tm = &tls_main; @@ -672,9 +680,14 @@ tls_connect (transport_endpoint_cfg_t * tep) int rv; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -686,11 +699,11 @@ tls_connect (transport_endpoint_cfg_t * tep) ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; - ctx->ckpair_index = sep->ckpair_index; ctx->tls_type = sep->transport_proto; - if (sep->hostname) + ctx->ckpair_index = ccfg->ckpair_index; + if (ccfg->hostname[0]) { - ctx->srv_hostname = format (0, "%v", sep->hostname); + ctx->srv_hostname = format (0, "%s", ccfg->hostname); vec_terminate_c_string (ctx->srv_hostname); } tls_ctx_half_open_reader_unlock (); @@ -725,6 +738,7 @@ u32 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) { vnet_listen_args_t _bargs, *args = &_bargs; + transport_endpt_crypto_cfg_t *ccfg; app_worker_t *app_wrk; tls_main_t *tm = &tls_main; session_handle_t tls_al_handle; @@ -738,9 +752,14 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) u32 lctx_index; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -774,8 +793,8 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) lctx->app_session_handle = listen_session_get_handle (app_listener); lctx->tcp_is_ip4 = sep->is_ip4; lctx->tls_ctx_engine = engine_type; - lctx->ckpair_index = sep->ckpair_index; lctx->tls_type = sep->transport_proto; + lctx->ckpair_index = ccfg->ckpair_index; if (tls_vfts[engine_type].ctx_start_listen (lctx)) { @@ -1076,6 +1095,7 @@ int dtls_connect (transport_endpoint_cfg_t *tep) { vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs; + transport_endpt_crypto_cfg_t *ccfg; crypto_engine_type_t engine_type; session_endpoint_cfg_t *sep; tls_main_t *tm = &tls_main; @@ -1086,9 +1106,14 @@ dtls_connect (transport_endpoint_cfg_t *tep) int rv; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -1100,12 +1125,12 @@ dtls_connect (transport_endpoint_cfg_t *tep) ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; - ctx->ckpair_index = sep->ckpair_index; + ctx->ckpair_index = ccfg->ckpair_index; ctx->tls_type = sep->transport_proto; ctx->tls_ctx_handle = ctx_handle; - if (sep->hostname) + if (ccfg->hostname[0]) { - ctx->srv_hostname = format (0, "%v", sep->hostname); + ctx->srv_hostname = format (0, "%s", ccfg->hostname); vec_terminate_c_string (ctx->srv_hostname); } |