aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
AgeCommit message (Collapse)AuthorFilesLines
2019-02-06transport: cleanupFlorin Coras1-3/+3
- move transport specific types to transport_types - add transport wrapper functions for interaction with transport protocol vfts Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras2-38/+38
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-17tls: preallocate app sessions on connect/acceptFlorin Coras2-10/+22
Avoid allocating session and possibly reallocating thread session pool on builtin session rx. Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-03Fix an issue in tls.cPing Yu1-1/+3
Curernt code will overwrite parent_app_api_context, and defer the setting after this value is used in callback. Change-Id: Ie16e432fd0f4214e6deff3aa3b58b3be824b0331 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-12-28session: free session after transport and app confirmFlorin Coras1-2/+2
In addition to that, a bit of refactoring. Change-Id: Iea1eabc2167bcdef185ec53bc09bae087c5398e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30session: segment handle in accept/connect notificationsFlorin Coras1-2/+2
Change-Id: I03884b6cde9d4c38ae13d1994fd8d37d44016ef0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-2/+2
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-28session: extend connect api for internal appsFlorin Coras1-5/+5
Change-Id: Ie4c5cfc4c97acb321a46b4df589dc44de1b616ba Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-5/+5
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-18tls: fix connection failures/interrupts at scale (VPP-1464)Florin Coras1-12/+18
Change-Id: I0bc4062c1fd3202ee201acb36a2bb14fc6ee1543 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-16tls: fix multi threaded medium scale test (VPP-1457)Florin Coras1-1/+4
- ensure session enqueue epoch does not wrap between two enqueues - use 3 states for echo clients app, to distinguish between starting and closing phases - force tcp fin retransmit if out of buffers while sending a fin Change-Id: I6f2cab46affd1148aba2a33fb6d58bcc54f32805 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-02tls: fix disconnects for sessions with pending dataFlorin Coras2-13/+59
TLS can enqueue events to itself when app session queue cannot be entirely drained. If a pending disconnect is handled before any such event, session layer may try to dequeue data on deallocated sessions. Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-15tls: use application interface apisFlorin Coras1-15/+23
This also exposes app to tls sessions. As a result "sh session verbose" will show for each tls session both the application's session (app to tls) and the tls session (tls to tcp). Change-Id: I1e65c63362ce58f314e762d7db78b44479e1e3a5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-10session: lock app worker mq for io eventsFlorin Coras1-1/+1
Also fixes vcl client/server stats and closing procedure. Change-Id: I7d5a274ea0a3c8ea13062bf61bf402248dfe1a19 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-08session: detect namespace for transport appsFlorin Coras1-0/+1
Change-Id: I770607cb213d538a29d7bd5762682981b01e9d18 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-07session: fix reentrant listensFlorin Coras1-8/+9
Change-Id: I72d400401a308012b43513179870823f6f921e44 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-06session: support multiple worker bindsFlorin Coras1-8/+8
Allows app workers to listen on the same session endpoint. Incoming connects are spread across the workers in a round-robin fashion Change-Id: Ib5f5817230d9abc6127a85cdbdcad70d980c0f7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-29Fix race condition in tls half open ctx get/putPing Yu1-4/+5
Change-Id: I603094215162bfe7d41bbff1b9fe8ab974aa3fab Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-08-28tls: fix handling of failed connectsFlorin Coras1-8/+11
Change-Id: I48f32fdf1859420d2966dd8553f3a8f9a082e2ae Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-24session: add support for multiple app workersFlorin Coras1-32/+49
Refactor session layer to support multiple workers per application. Change-Id: Ie67354688d396449d14bbbb8c56050206e307cd8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-17optimize init_server to reduce session overheadPing Yu2-0/+12
move un-necessary session based operation to listener split orignal openssl ctx to be session based ctx and listen ctx Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-08-16Fix a segment fault issue in TLSPing Yu1-2/+3
The root cause is it uses a dangling reference after memory move Need to call session_alloc first, then use index to get the app listener point Change-Id: If5b7e0d6ddc761e5327660c47ce620e375319b4d Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-19Add a new communication channel between VPP and openssl enginePing Yu1-1/+1
Thus when engine buffer is full during a burst in performance tesing, this code will help VPP handle retry machansim. Change-Id: I0f9fc05d3dba8a54d34dca4c6137700d6c80f714 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-17session: use msg queue for eventsFlorin Coras1-50/+2
Change-Id: I3c58367eec2243fe19b75be78a175c5261863e9e Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-15TLS async supportPing Yu1-0/+1
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-04-16session: use generic session pool for listenersFlorin Coras1-8/+5
Change-Id: I825f3822910a6ee368b9004e39ca16ac6833e30c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29No need for this routine to be globalDave Barach1-1/+1
Causes subtle misbehavior elsewhere Change-Id: I3a0ade26e8e03b8c5dc8e722f6a01fb99ec7a1e0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-23session: allow builtin apps to register namesFlorin Coras1-2/+3
Change-Id: I4b428e170436671b329657283cf7653befc85c9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-19session: fix coverity warningsFlorin Coras1-1/+2
Change-Id: I022dc40476ea9c30957b12bf1bd0629c6eb41cda Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-15tls: add openssl engineFlorin Coras2-159/+136
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-08tls: make tls engines pluggableFlorin Coras2-0/+940
- add infra for pluggable tls "engines" - makes mbedtls specific code a plugin Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7 Signed-off-by: Florin Coras <fcoras@cisco.com>