Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
|
|
Half-open tls sessions are now tracked by the app worker and are cleaned
up only when tcp cleans up its half-open session, i.e., independent of
when the established tls context is allocated.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5d594d7095192dd527daf4ea1358ffeccdfcc7a
|
|
Type: feature
Basic dtls transport protocol implementation that relies on openssl
wire protocol implementation. Retries/timeouts not yet supported.
To test using vcl test apps, first ensure all arp entries are properly
resolved and subsequently:
server: vcl_server -p dtls 1234
client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
|
|
Type: improvement
- allow apps to request rescheduling of tx events via
SESSION_F_CUSTOM_TX flag
- limit max burst per session custom tx dispatch
In tls
- use the new infra to reschedule tx events
- use max burst bytes as upper limit to number of bytes to be encrypted
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
|
|
Type: improvement
Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Make sure one tls ctx has one event availble
Thus ctx has the same life time with event, which can simplify the
management.
Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: refactor
This patch does the following conversions
TLS_ENGINE_X -> CRYPTO_ENGINE_X
tls_engine_type_t -> crypto_engine_t
It does not change numbering of engines
Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type:fix
Also changes the way the ctx is freed. TLS now waits for tcp delete
notification before freeing the ctx.
Change-Id: I2f606a9ce7b3755ae9d11d6fe714fe11b65dcb98
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type:feature
To be used by transports overwriting the connection id.
Change-Id: Ia5dbd9dccc2e3eb62e602514b24882ddc12ff1f2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Make app-listener the handle for app listens. Consequently transport and
local listen sessions are now associated to the app-listener.
Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Rename core data structures. This will break compatibility for out of
tree builtin apps.
- stream_session_t to session_t
- server_rx/tx_fifo to rx/tx_fifo
- stream_session.h to session_types.h
- update copyright
Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Avoid allocating session and possibly reallocating thread session pool
on builtin session rx.
Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
TLS can enqueue events to itself when app session queue cannot be
entirely drained. If a pending disconnect is handled before any such
event, session layer may try to dequeue data on deallocated sessions.
Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
move un-necessary session based operation to listener
split orignal openssl ctx to be session based ctx and listen ctx
Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
Thus when engine buffer is full during a burst in performance
tesing, this code will help VPP handle retry machansim.
Change-Id: I0f9fc05d3dba8a54d34dca4c6137700d6c80f714
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- add infra for pluggable tls "engines"
- makes mbedtls specific code a plugin
Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|