aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session/stream_session.h
AgeCommit message (Collapse)AuthorFilesLines
2018-03-07tls: enforce certificate verificationFlorin Coras1-2/+13
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras1-10/+23
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15session: avoid session handle conflict with vclFlorin Coras1-0/+1
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras1-6/+67
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-11session: generalize handling of network transportsFlorin Coras1-14/+2
- compute session type out of transport and network protos - make session, session lookup and session queue code network protocol agnostic This does not update the session layer to support non-ip network layer protocols Change-Id: Ifc2f92845e158b649d59462eb7d51c12af536691 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16udp: refactor udp codeFlorin Coras1-0/+1
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10session: add support for application namespacingFlorin Coras1-0/+39
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-25tcp: retransmit and multi-buffer segment fixes and improvementsFlorin Coras1-1/+1
- set session state as closed on session manager delete - enable retransmit as opposed to persist timer after persist timer completes - properly discard buffer chain bytes when new data overlaps ooo segments - don't use rxt bytes in snd space estimate used on tx path Change-Id: Id9cab686e532e5fe70c775d5440260e8eb890a9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-16tcp: improve builtin http serverFlorin Coras1-7/+1
Additionally: - remove opaques from stream_session_t - ensure first segment manager is only used once per app. Change-Id: I143d1fdb8effc88815ef969b78122ba3ac29e06e Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-15tcp: state machine improvementsFlorin Coras1-3/+0
- Add SYN_RCVD timeout - Fix FIN_WAIT_1 to CLOSING transition Change-Id: I42ca7fc087f6fdfae15bd7a6175dd3226ed341c7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-10TCP proxy prototypeDave Barach1-1/+4
- Clean up internal API client registration - Add proxy server - Add a reference count to the svm fifo Change-Id: I5ace1c85497062ed412d26ae76a9e6741af1e984 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-07-25Cleanup/refactor session layer codeFlorin Coras1-0/+98
Change-Id: Ica99e8cb919fca6b069c37c969d60e8ccc2c6bf9 Signed-off-by: Florin Coras <fcoras@cisco.com>