aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session
AgeCommit message (Collapse)AuthorFilesLines
2018-03-07tls: enforce certificate verificationFlorin Coras7-82/+122
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-05tls: add stop listen handlerFlorin Coras1-2/+14
Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras15-152/+525
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-01session: zero out ips in local endpoint lookup only if localFlorin Coras1-29/+61
Change-Id: I3425b1533b3d31210166e7b3798685464ad1c489 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15session: fix fifo allocation for empty connect seg-managersFlorin Coras1-1/+0
Change-Id: Ibc5b1149f3fbbe3dfe1f069ab69bfed7de660582 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15session: avoid session handle conflict with vclFlorin Coras6-13/+63
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras15-429/+1161
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-05session: segment manager refactorFlorin Coras9-446/+596
- use valloc as a 'central' segment baseva manager - use per segment manager segment pools and use rwlocks to guard them - add session test that exercises segment creation - embed segment manager properties into application since they're shared - fix rw locks Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: use clib rwlocks instead of custom implementationFlorin Coras2-27/+9
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27Fix session/tcp coverity warningsFlorin Coras2-2/+11
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: disconnect and echo client improvementsFlorin Coras5-15/+26
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-26session: move builtin apps to their own folderFlorin Coras3-42/+16
This consolidates builtin apps under session-apps folder. It also removes duplicate builtin echo server/client implementations. Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-25session: add support for memfd segmentsFlorin Coras10-230/+342
- update segment manager and session api to work with both flavors of ssvm segments - added generic ssvm slave/master init and del functions - cleanup/refactor tcp_echo - fixed uses of svm fifo pool as vector Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-24SCTP stack (RFC4960)Marco Varlese3-2/+25
== CONTENT == * SCTP chunks definition as per RFC4960; * Helper functions to set/get values to/from the corresponding chunks; * Hooks to the session/application layers; * Complete state-machine handling; * Implementation for unexpected chunk received in a certain state (state-machine error handling) * Support for 1-single connection; * Sample application to test receive/transmit data-path; * Test to validate SCTP stack; Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-01-23VPPAPIGEN: vppapigen replacement in Python PLY.Ole Troan1-1/+1
This is a version of the VPP API generator in Python PLY. It supports the existing language, and has a plugin architecture for generators. Currently C and JSON are supported. Changes: - vl_api_version to option version = "major.minor.patch" - enum support - Added error checking and reporting - import support (removed the C pre-processor) - services (tying request/reply together) Version: option version = "1.0.0"; Enum: enum colours { RED, BLUE = 50, }; define foo { vl_api_colours_t colours; }; Services: service { rpc foo returns foo_reply; rpc foo_dump returns stream foo_details; rpc want_stats returns want_stats_reply events ip4_counters, ip6_counters; }; Future planned features: - unions - bool, text - array support (including length) - proto3 output plugin - Refactor C/C++ generator as a plugin - Refactor Java generator as a plugin Change-Id: Ifa289966c790e1b1a8e2938a91e69331e3a58bdf Signed-off-by: Ole Troan <ot@cisco.com>
2018-01-11api: remove transport specific code from handlersFlorin Coras1-11/+11
This does not update api client code. In other words, if the client assumes the transport is shmem based, this patch does not change that. Furthermore, code that checks queue size, for tail dropping, is not updated. Done for the following apis: Plugins - acl - gtpu - memif - nat - pppoe VNET - bfd - bier - tapv2 - vhost user - dhcp - flow - geneve - ip - punt - ipsec/ipsec-gre - l2 - l2tp - lisp-cp/one-cp - lisp-gpe - map - mpls - policer - session - span - udp - tap - vxlan/vxlan-gpe - interface VPP - api/api.c OAM - oam_api.c Stats - stats.c Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-09api: refactor vlibmemoryFlorin Coras8-45/+40
- separate client/server code for both memory and socket apis - separate memory api code from generic vlib api code - move unix_shared_memory_fifo to svm and rename to svm_fifo_t - overall declutter Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-22tcp: add builtin server/client transfer testFlorin Coras1-0/+1
Change-Id: Iab0baabf2f27bc7ad7fbf2d2789a493752b07d8a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-18session api: Fix Coverity Warning CID 180115Dave Wallace1-1/+1
Change-Id: I87e3de556910851d16af343bfcbede49500843ff Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-12-14session: cleanup attach flagsFlorin Coras6-39/+28
Change-Id: I39d21d15677f57e10b69b8842f2cbca277abddf0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-12session: fix proxy removalFlorin Coras1-20/+68
Change-Id: Ia7cb4dc18710d15352629d78d9e0c34fb65762f3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-11session: generalize handling of network transportsFlorin Coras11-185/+241
- compute session type out of transport and network protos - make session, session lookup and session queue code network protocol agnostic This does not update the session layer to support non-ip network layer protocols Change-Id: Ifc2f92845e158b649d59462eb7d51c12af536691 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-10make sure the very first fragment triggers an rx_callbackAndreas Schultz1-0/+1
On the first session server, the first payload packet gets queued but the Rx callback will only be invoked when the second packet is received. By initializing enqueue_epoch in the session, we can make sure that the RX callback will be invoked for the first packet as well. Change-Id: I60e2cf8d4d2ca71d461ca003d459c8e6e6956a4d Signed-off-by: Andreas Schultz <aschultz@warp10.net>
2017-12-10VPP-1077 Add meaningful error info, when executing command with ↵Swarup Nayak1-1/+1
enable/disable option Change-Id: I47dd6f9637f0214971e3191852d84aa92d64b8c0 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-06session: support for rule tags overwritingFlorin Coras2-67/+156
Change-Id: I0cf48b69042996afcb8b192f5fd98165058d9e1d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-01session: allocate cb messages from client ringFlorin Coras1-5/+5
Change-Id: Ib644a1840c5f24203b6968561f467fbe5e255055 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-29session: fix preallocation of local endpoint tableFlorin Coras4-14/+40
Change-Id: I67a73e31bda9e497859297fcc1765e880572884a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-28Shut down session queue input nodes on exitDave Barach2-0/+21
Shut off (especially) worker-thread session queue input nodes. Otherwise, vpp can crash when the main thread unmaps the API segment. Change-Id: Idf855e7570e0066cc921ae34bc53afabaa9e1dba Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-28tcp: fix retransmissions under buffer shortageFlorin Coras1-2/+1
- add debugging scaffolding for simulating buffer shortage Change-Id: Ice519d74f9c4e4094c4586c548185135b7bb5f2d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-27session: return bound listener for proxy acceptsFlorin Coras3-1/+14
This, if such a listener exists. Change-Id: I974cc858c1e2fee50189c3c67e4abb76be32a98a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-26Fix session rule port endianness.Milan Lenco2-14/+16
Change-Id: I43a7ac5b6c33810a465568d1955f400f4ef08786 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-11-22session: do not check transport for local table bindsFlorin Coras1-9/+9
Change-Id: I326c4472e5da8b6c0737655952d1983c7a0ea996 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-22session: more rules unit tests and cli improvementsFlorin Coras3-17/+142
Change-Id: I7e5545297ab9f2db8d7d07e44c744bdb0a0874a7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-21session: unset fifo event before reading fifo sizeFlorin Coras1-6/+4
Change-Id: Ic32a76e5f7c48fd52f2e93ee18ba23fb6ad1b855 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-20session/tcp: filtering improvementsFlorin Coras5-106/+204
- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-19session: fix session rules api to use transport protoFlorin Coras1-0/+1
Change-Id: Ie7b795715530e0920763098eb468c55fb17b1a2c Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-17vppcom: improve listener session handlingFlorin Coras2-16/+36
Change-Id: I86b2e2c5a655e53a915fbf62ff04ee23c86de234 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-12session: add handle to disconnect_session_reply api msg.Dave Wallace1-1/+1
Change-Id: I40f80110f5224b676d60252f9721fd1bc8a10b58 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-11-10session: add app ns index to ns create apiFlorin Coras2-3/+31
Change-Id: I86bfe4e8b0a899cc54c9b37eeb5eec701d0baf3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10session: use listener logic for proxy rulesFlorin Coras5-53/+133
This moves session proxy logic from session rules tables to table/logic used to manage session listeners in order to avoid overlap of semantically different rules. Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10session: use pool for segment manager propertiesFlorin Coras5-37/+83
Change-Id: I280fea2610dcfc0b2da84973b9f567daec42f1f6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app index in unbindFlorin Coras1-1/+1
Change-Id: Iff1a665b6cf9ca2def0fcdacf02d7f8c579c0f4e Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: lookup/rules table improvements and cleanupFlorin Coras6-206/+361
Change-Id: I5217364220023df34d5bee071cb750df1661b093 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app ns list cli dumpFlorin Coras1-4/+8
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08session: fix show app ns table cliFlorin Coras1-10/+15
Change-Id: I188e0471636683345bd9daa779c3680a616c2244 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07session: fix v6 double bindsFlorin Coras4-8/+100
Change-Id: Ie747b490901254e962cf61814491851b891129ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-06session: add rule tagsFlorin Coras12-235/+468
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05session: add api to dump rulesFlorin Coras7-25/+253
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-03session: support drop action in rules tableFlorin Coras4-36/+114
Change-Id: Ided2980373ed5329c68f958f61be893428bccd31 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02session/udp: init rw locksFlorin Coras1-1/+6
Change-Id: I68152d7338ce0d7805e50ccf9e9046de02cfd206 Signed-off-by: Florin Coras <fcoras@cisco.com>