summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session.c
AgeCommit message (Collapse)AuthorFilesLines
2018-04-16session: use generic session pool for listenersFlorin Coras1-5/+1
Change-Id: I825f3822910a6ee368b9004e39ca16ac6833e30c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-07tls: enforce certificate verificationFlorin Coras1-5/+4
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras1-63/+159
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-05session: segment manager refactorFlorin Coras1-3/+5
- use valloc as a 'central' segment baseva manager - use per segment manager segment pools and use rwlocks to guard them - add session test that exercises segment creation - embed segment manager properties into application since they're shared - fix rw locks Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: use clib rwlocks instead of custom implementationFlorin Coras1-10/+5
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: disconnect and echo client improvementsFlorin Coras1-4/+20
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-25session: add support for memfd segmentsFlorin Coras1-22/+60
- update segment manager and session api to work with both flavors of ssvm segments - added generic ssvm slave/master init and del functions - cleanup/refactor tcp_echo - fixed uses of svm fifo pool as vector Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-09api: refactor vlibmemoryFlorin Coras1-6/+6
- separate client/server code for both memory and socket apis - separate memory api code from generic vlib api code - move unix_shared_memory_fifo to svm and rename to svm_fifo_t - overall declutter Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-11session: generalize handling of network transportsFlorin Coras1-38/+59
- compute session type out of transport and network protos - make session, session lookup and session queue code network protocol agnostic This does not update the session layer to support non-ip network layer protocols Change-Id: Ifc2f92845e158b649d59462eb7d51c12af536691 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-10make sure the very first fragment triggers an rx_callbackAndreas Schultz1-0/+1
On the first session server, the first payload packet gets queued but the Rx callback will only be invoked when the second packet is received. By initializing enqueue_epoch in the session, we can make sure that the RX callback will be invoked for the first packet as well. Change-Id: I60e2cf8d4d2ca71d461ca003d459c8e6e6956a4d Signed-off-by: Andreas Schultz <aschultz@warp10.net>
2017-11-29session: fix preallocation of local endpoint tableFlorin Coras1-0/+11
Change-Id: I67a73e31bda9e497859297fcc1765e880572884a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02session/udp: init rw locksFlorin Coras1-1/+6
Change-Id: I68152d7338ce0d7805e50ccf9e9046de02cfd206 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras1-1/+1
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-17session: return local transport endpoint in connect replyFlorin Coras1-1/+1
Change-Id: I7794d5a0774017da4c1c15f45783a18754994ac8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16session: fix build when debugging is onFlorin Coras1-1/+1
Change-Id: I193832a0cd0557fffc034a1223f67fa64a4d45ae Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16udp: refactor udp codeFlorin Coras1-133/+328
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10session: add support for application namespacingFlorin Coras1-35/+56
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-19session/tcp: improve preallocated segment handlingFlorin Coras1-12/+6
- add preallocated segment flag - don't remove pre-allocated segments except if application detaches - when preallocating fifos in multiple segments, completely fill a segment before moving to the next - detach server application from segment-managers when deleting app - batch syn/syn-ack/fin (re)transmissions - loosen up close-wait and time-wait times Change-Id: I412f53ce601cc83b3acc26aeffd7fa2d52d73b03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-18Fixes for issues Coverity has reported (VPP-972)Chris Luke1-4/+1
177117: fstat() returns -1 on error; the code is checking for any positive value instead 175142: final return could never be reached; simple refactoring 175235,175236: Warning suppressed with an explicit cast to (void) 174817: Final return couldn't be reached; is is_in_order is 0 then 'rv' is already returned above 172095,172093: If is_is_set does not get set to 1, then return 0 has already been invoked 174405: Re-kill this (nothing sets rv) 171136: Looks like a cmd line flag to set test_bytes was missing; added it, and refactored the argc/argv processing to avoid two other potential segv's 176813: Add range checking for term width/height. First stab at a reasonable range is 1-512 for both. 175350: Fix implicit casting in shift operation 174272: Not a c+p error; try using a coverity annotation to ignore it 174273,175320: Annotated FORWARD_NULL Change-Id: I58d0f860fc2209f59f8d1b6b344d631b8d429ace Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-09-12tcp: horizontal scaling improvmentsFlorin Coras1-10/+11
- do not scale syn-ack window - fix the max number of outstanding syns in builtin client - fix syn-sent ack validation to use modulo arithmetic - improve retransmit timer handler - fix output buffer allocator leakeage - improved debugging Change-Id: Iac3bc0eadf7d0b494a93e22d210a3153b61b3273 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-01Add fixed-size, preallocated pool supportDave Barach1-20/+12
Simply call pool_init_fixed(...) before using the pool. Note that fixed, preallocated pools live in individually-mmap'ed address segments, except for the free element bitmap. A large fixed pool can exceed 4gb. Fix tcp buffer allocator leak, remove broken assert Change-Id: I4421082e12a77c41c6e20f7747f3150dcd01fc26 Signed-off-by: Dave Barach <dave@barachs.net>
2017-08-30tcp: re-enable persist timer if no data available to sendFlorin Coras1-1/+7
Additionally, flush rx fifos for closed sessions. Change-Id: If2cc563fbda0451e7572650e98b15f0a694a0ff9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-29session: segment manager improvementsFlorin Coras1-4/+5
- cleanup connects segment manager even if first - fix segment manager allocation for listen sessions - improve handling of process private segments (mheaps/main heap) - added segment manager cli Change-Id: Ic2ca97c3622ab2286d5fb5772aeb57680e64f769 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-08-25tcp: retransmit and multi-buffer segment fixes and improvementsFlorin Coras1-19/+86
- set session state as closed on session manager delete - enable retransmit as opposed to persist timer after persist timer completes - properly discard buffer chain bytes when new data overlaps ooo segments - don't use rxt bytes in snd space estimate used on tx path Change-Id: Id9cab686e532e5fe70c775d5440260e8eb890a9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-16tcp: fix v6 sessionsroot1-1/+3
Change-Id: Ia6dd5e948b17b2f3866fe70838eabb09e35415e1 Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-15tcp: state machine improvementsFlorin Coras1-4/+6
- Add SYN_RCVD timeout - Fix FIN_WAIT_1 to CLOSING transition Change-Id: I42ca7fc087f6fdfae15bd7a6175dd3226ed341c7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-11Fix tcp multi buffer segments retransmissionFlorin Coras1-3/+3
- Fix tcp/udp sw checksum computation - Fix allocation of multi buffer tcp segments for retransmits - Send FIN only if/when tx fifo is empty Change-Id: I2e43a14b87a72c9e547b4339b9a51811cf5732c4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-10Improve the svm fifo allocatorDave Barach1-3/+10
- Round up requested fifo size to the next power of two - Maintain per-segment power-of-two freelists - Allocate fifos in chunks, to amortize alignment overhead - Detach builtin test client application after each run so we can use different fifo sizes each time - Be more suspicious of session / application indices Useful prep work for dynamically resizing fifos. As far as the svm fifo code is concerned, it's OK to set fifo->nitems anywhere in the interval: [0, 1<<(fifo->freelist_index) + FIFO_SEGMENT_MIN_FIFO_SIZE] It's unlikely that setting nitems below the path MTU will work out very well... Change-Id: Idad73a027dfb7412056cb02988b77e300fa7e8a7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-08-10TCP proxy prototypeDave Barach1-18/+25
- Clean up internal API client registration - Add proxy server - Add a reference count to the svm fifo Change-Id: I5ace1c85497062ed412d26ae76a9e6741af1e984 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-02Fix tcp tx buffer allocationFlorin Coras1-8/+74
- Make tcp output buffer allocation macro an inline function - Use per ip version per thread tx frames for retransmits and timer events - Fix / parameterize tcp data structure preallocation - Add a couple of gdb-callable show commands - Fix local endpoint cleanup Change-Id: I67b47b7570aa14cb4634b6fd93c57cd2eacbfa29 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-30Make tcp active open data structures thread safeFlorin Coras1-7/+7
- Cleanup half-open connections and timers on the right thread - Ensure half-open connection and transport endpoint pools are thread safe - Enqueue TX events to the correct vpp thread in the builtin client - Use transport proto in transport connections instead of session type Change-Id: Id13239a206afbff6f34a38afa510fe014e4b2049 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-25Cleanup/refactor session layer codeFlorin Coras1-493/+13
Change-Id: Ica99e8cb919fca6b069c37c969d60e8ccc2c6bf9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-07-21Improvements to tcp rx path and debuggingFlorin Coras1-4/+34
- Increment rcv_nxt for fin packets - Call tcp_segment_rcv only if buffer has data - Parse rcv opts before deleting half-open connection - Fix initial rcv_wnd - Improved event logging Change-Id: I9b83c04f432c4cec832c480b03e534deff02c3b1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-07-15Fixes and improved tcp/session debuggingFlorin Coras1-6/+68
- Fix rx sack option parsing - Add session sack scoreboard tracing and replaying - Add svm fifo tracing and replaying - Scoreboard/svm fifo ooo segment reception fixes - Improved overall debugging Change-Id: Ieae07eba355e66f5935253232bb00f2dfb7ece00 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-07-11Horizontal (nSessions) scaling draftDave Barach1-16/+56
- Data structure preallocation. - Input state machine fixes for mid-stream 3-way handshake retries. - Batch connections in the builtin_client - Multiple private fifo segment support - Fix elog simultaneous event type registration - Fix sacks when segment hole is added after highest sacked - Add "accepting" session state for sessions pending accept - Add ssvm non-recursive locking - Estimate RTT for syn-ack - Don't init fifo pointers. We're using relative offsets for ooo segments - CLI to dump individual session Change-Id: Ie0598563fd246537bafba4feed7985478ea1d415 Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-19Overall tcp performance improvements (VPP-846)Florin Coras1-7/+18
- limit minimum rto per connection - cleanup sack scoreboard - switched svm fifo out-of-order data handling from absolute offsets to relative offsets. - improve cwnd handling when using sacks - add cc event debug stats - improved uri tcp test client/server: bugfixes and added half-duplex mode - expanded builtin client/server - updated uri socket client/server code to work in half-duplex - ensure session node unsets fifo event for empty fifo - fix session detach Change-Id: Ia446972340e32a65e0694ee2844355167d0c170d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-09Implement sack based tcp loss recovery (RFC 6675)Florin Coras1-1/+10
- refactor existing congestion control code (RFC 6582/5681). Handling of ack feedback now consists of: ack parsing, cc event detection, event handling, congestion control update - extend sack scoreboard to support sack based retransmissions - basic implementation of Eifel detection algorithm (RFC 3522) for detecting spurious retransmissions - actually initialize the per-thread frame freelist hash tables - increase worker stack size to 2mb - fix session queue node out-of-buffer handling - ensure that the local buffer cache vec_len matches reality - avoid 2x spurious event requeues when short of buffers - count out-of-buffer events - make the builtin server thread-safe - fix bihash template threading issue: need to paint -1 across uninitialized working_copy_length vector elements (via rebase from master) Change-Id: I646cb9f1add9a67d08f4a87badbcb117980ebfc4 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com>
2017-06-01Improve fifo allocator performanceDave Barach1-6/+32
- add option to preallocate fifos in a segment - track active fifos with doubly linked list instead of vector - update udp redirect test code to read fifo pointers from API call instead of digging them up from fifo segment header - input-node based active-open session generator Change-Id: I804b81e99d95f8690d17e12660c6645995e28a9a Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com>
2017-05-17VPP-846: tcp perf / scale / hardeningDave Barach1-6/+10
Fix builtin server event queue handling Change-Id: I21b49c37188746cadb2fd9423291c5dc1335798c Signed-off-by: Dave Barach <dbarach@cisco.com>
2017-05-16Fixes to tcp active opens and receptionDave Barach1-1/+5
- Properly initialize connection index - Add new session to main hash table - Drop packets that are completely in the past with respect to the rcv wnd (e.g., retransmits due to premature timer pops) Change-Id: Ic0873018ff0a4c59e0913863dc7f0c0f822d5c34 Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-05-10Builtin debug cli http serverDave Barach1-1/+1
Visit http://<vpp-ip>/show/interface or similar. Change-Id: I076b4661cf19d1b94bb01efdadb5849446be915e Signed-off-by: Dave Barach <dave@barachs.net>
2017-05-09Add support for tcp/session buffer chainsFlorin Coras1-11/+78
Change-Id: I01c6e3dc3a1b2785df37bb66b19c4b5cbb8f3211 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-05-01TCP ooo reception fixesFlorin Coras1-0/+15
- Improve svm fifo handling of out-of-order segments - Ensure tsval_recent is updated only if rcv_las falls withing the segments's sequence space - Avoid directly dropping old ACKs - Improve debugging Change-Id: I88dbe2394a0ad7eb389a4cc12d013a13733953aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-04-24Session layer improvementsFlorin Coras1-60/+78
Among others: - Moved app event queue to shared memory segment - Use private memory segment for builtin apps - Remove pid from svm fifo - Protect session fifo (de)allocation - Use fifo event for session disconnects - Have session queue node poll in all wk threads Change-Id: I89dbf7fdfebef12f5ef2b34ba3ef3c2c07f49ff2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-04-13Session layer refactoringFlorin Coras1-427/+137
Major refactoring of the session layer api - Add attatch api for application binding to the the session layer - Simplify listen/connect calls - Update application CLI - Add transport endpoint to accept callback - Associate segment manager to application and allow for multiple binds/connects per app Additional: - svm fifo cleanup - add fifo free, format fns - add fifo offset enqueue unit test Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-02TCP cc/window management fixes and debuggingFlorin Coras1-1/+5
- added persist timer - update rcv_las whenever sending an ack - moved fifo size to its own cache line - improved session and builtin client debugging Change-Id: Ia649cf942cf0c061a713e8b67f0eb6974a6cd55b Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-27TCP/session improvementsFlorin Coras1-18/+45
- Added svm fifo flag for tracking fifo dequeue events (replaces event length). Updated all code to switch to the new scheme. - More session debugging - Fix peek index wrap - Add a trivial socket test client - Fast retransmit/cc fixes - tx and rx SACK fixes and unit testing - SRTT computation fix - remove dupack/ack burst filters - improve ack rx - improved segment rx - builtin client test code Change-Id: Ic4eb2d5ca446eb2260ccd3ccbcdaa73c64e7f4e1 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com>
2017-03-13VPP-659 Improve tcp/session debugging and testingFlorin Coras1-16/+8
- event-logging support for tcp and session layer - improvements to uri test code - builtin_server on port 1234 - use the CLOSEWAIT timer when we rx FIN in FIN_WAIT_2 state Change-Id: Ibc445f164b2086b20323bf89c77cffd3059f570f Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-10VPP-659 TCP improvementsFlorin Coras1-11/+27
- builtin test echo server - fix SYN-ACK retransmit canceling - avoid sending spurious ACK if in LAST_ACK - improved client dummy test app - renamed tx fifo dequeuing and sending functions to avoid confusion - improved RST handling Change-Id: Ia14aad3df319540dcf6e6a4e18a9f8d423a4b83b Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-07Register TCP with IP only if session is enabledFlorin Coras1-1/+4
Change-Id: I73154179e78aeae5f879125237bce593d0978fae Signed-off-by: Florin Coras <fcoras@cisco.com>