summaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
AgeCommit message (Collapse)AuthorFilesLines
2019-10-30tls: fix on tcp connection resetZeyu Zhang1-2/+10
VPP would fail in tcp_connection_reset() if the tls or app session was just created. Type: fix Change-Id: I45d107f57e4f3fc468c15ca3392d5e1c413bd690 Signed-off-by: Zeyu Zhang <zeyu.zhang@intel.com>
2019-10-12tls: allow disconnects from main threadFlorin Coras1-1/+4
Type: fix Use api with explicit thread index to retrieve tls contex on close. Change-Id: Ibdc4338747300b7fc8f91ef3e10bcd48ce7ae366 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-10-09hsa: use crypto_engine_type_t for TLSNathan Skrzypczak2-12/+12
Type: refactor This patch does the following conversions TLS_ENGINE_X -> CRYPTO_ENGINE_X tls_engine_type_t -> crypto_engine_t It does not change numbering of engines Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-09session: Add certificate storeNathan Skrzypczak2-0/+3
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-08-09tls: mark as no lookup transportFlorin Coras1-0/+2
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-09tls: handle transport resetFlorin Coras1-1/+6
Type:fix Change-Id: I5994fb53dc4b9fd58920b3d67472c38b41db27c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-08tls: fix close with dataFlorin Coras2-1/+20
Type:fix Also changes the way the ctx is freed. TLS now waits for tcp delete notification before freeing the ctx. Change-Id: I2f606a9ce7b3755ae9d11d6fe714fe11b65dcb98 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-27session: define connection id lengthFlorin Coras1-4/+5
Type:feature To be used by transports overwriting the connection id. Change-Id: Ia5dbd9dccc2e3eb62e602514b24882ddc12ff1f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-26session tcp: handle rxt and acks as custom eventsFlorin Coras1-1/+1
Type: feature Control ack generation and retransmissions with session layer scheduler. Change-Id: Iacdf9f84ab81f44851980aa45a83e75f29be2b7b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-24tls: handle engine listen failureFlorin Coras1-1/+12
Type:fix Change-Id: I528b7cfcb7a6aada94ee3649378e6fbe84d2e4e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-12tls quic: reduce default segment sizesAloys Augustin1-1/+1
This reduces the memory required by tls and quic, allowing to run them (and their tests) in more constrained environments by default. Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: fix
2019-07-12session: add thread index to all formattersAloys Augustin1-0/+2
Add a thread_index argument to half-open and listener session formatters because QUIC can have listeners and half-open sessions in any thread. Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-06-27session: Add transport vft protocol optionsNathan Skrzypczak1-3/+5
Type: refactor Change-Id: I4e0afc206e4871596c2ed8a6ca00914a379f1526 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-06-17session: use listener_handle instead of listener_indexNathan Skrzypczak1-2/+3
Type: refactor Change-Id: I97fa59a0ba0b6b7a98698926020ffffcf6ae6ba3 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-07add TLS endpoint functionYu Ping1-0/+26
a bit like QUIC, and the added function can get the endpoint info in TLS, so that the VCL layer can get those info correctly Change-Id: Ied7aa3077087c1814499364dfa7654a088ad9910 Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-04-18tls: allow engines to customize closeFlorin Coras2-18/+26
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02session: use app cb function wrappersFlorin Coras1-7/+3
Change-Id: I77ad9eb4d4c7699397aa4be6a973ef37c60db4c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras2-5/+14
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-11tls: fixes and improvementsFlorin Coras1-27/+32
- disconnect sessions through session layer apis instead of directly notifying the app worker. - improve cli - increase fifo sizes for tls app Change-Id: I8a7d2865b3b00724e2a9da29fa4a906ea867da9b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session/tls: remove unused t_app_index fieldFlorin Coras1-2/+0
Change-Id: Idbf7f3a57dc399798b8dba9463daeb7d66470ab1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session: use transport custom tx for app transportsFlorin Coras1-12/+13
Change-Id: I675f7090fa6b2ffdfb4ee748df858bfb7e39ce5a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session: cleanup instances of deprecated io evtsFlorin Coras1-5/+5
Change-Id: Iad119e05ae5e570fbfcf66747c95822cee647c99 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-20tls: add vcl testFlorin Coras1-0/+5
Change-Id: If4c7efaf6506a827e7a95a56c2f6b6060df03fa1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18tls: fix openssl/mbedtls use of app_wrk indexFlorin Coras2-15/+15
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18session: move fifo allocation logic to app workerFlorin Coras1-31/+16
Change-Id: I1662ec4b5503cb64a8a86a2441842311d959b3a6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras2-6/+8
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09tls: move test certificates to separate header fileFlorin Coras2-9/+88
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09session: refactor listen logicFlorin Coras2-5/+6
Make app-listener the handle for app listens. Consequently transport and local listen sessions are now associated to the app-listener. Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-06transport: cleanupFlorin Coras1-3/+3
- move transport specific types to transport_types - add transport wrapper functions for interaction with transport protocol vfts Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras2-38/+38
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-17tls: preallocate app sessions on connect/acceptFlorin Coras2-10/+22
Avoid allocating session and possibly reallocating thread session pool on builtin session rx. Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-03Fix an issue in tls.cPing Yu1-1/+3
Curernt code will overwrite parent_app_api_context, and defer the setting after this value is used in callback. Change-Id: Ie16e432fd0f4214e6deff3aa3b58b3be824b0331 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-12-28session: free session after transport and app confirmFlorin Coras1-2/+2
In addition to that, a bit of refactoring. Change-Id: Iea1eabc2167bcdef185ec53bc09bae087c5398e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30session: segment handle in accept/connect notificationsFlorin Coras1-2/+2
Change-Id: I03884b6cde9d4c38ae13d1994fd8d37d44016ef0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-2/+2
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-28session: extend connect api for internal appsFlorin Coras1-5/+5
Change-Id: Ie4c5cfc4c97acb321a46b4df589dc44de1b616ba Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-5/+5
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-18tls: fix connection failures/interrupts at scale (VPP-1464)Florin Coras1-12/+18
Change-Id: I0bc4062c1fd3202ee201acb36a2bb14fc6ee1543 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-16tls: fix multi threaded medium scale test (VPP-1457)Florin Coras1-1/+4
- ensure session enqueue epoch does not wrap between two enqueues - use 3 states for echo clients app, to distinguish between starting and closing phases - force tcp fin retransmit if out of buffers while sending a fin Change-Id: I6f2cab46affd1148aba2a33fb6d58bcc54f32805 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-02tls: fix disconnects for sessions with pending dataFlorin Coras2-13/+59
TLS can enqueue events to itself when app session queue cannot be entirely drained. If a pending disconnect is handled before any such event, session layer may try to dequeue data on deallocated sessions. Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-15tls: use application interface apisFlorin Coras1-15/+23
This also exposes app to tls sessions. As a result "sh session verbose" will show for each tls session both the application's session (app to tls) and the tls session (tls to tcp). Change-Id: I1e65c63362ce58f314e762d7db78b44479e1e3a5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-10session: lock app worker mq for io eventsFlorin Coras1-1/+1
Also fixes vcl client/server stats and closing procedure. Change-Id: I7d5a274ea0a3c8ea13062bf61bf402248dfe1a19 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-08session: detect namespace for transport appsFlorin Coras1-0/+1
Change-Id: I770607cb213d538a29d7bd5762682981b01e9d18 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-07session: fix reentrant listensFlorin Coras1-8/+9
Change-Id: I72d400401a308012b43513179870823f6f921e44 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-06session: support multiple worker bindsFlorin Coras1-8/+8
Allows app workers to listen on the same session endpoint. Incoming connects are spread across the workers in a round-robin fashion Change-Id: Ib5f5817230d9abc6127a85cdbdcad70d980c0f7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-29Fix race condition in tls half open ctx get/putPing Yu1-4/+5
Change-Id: I603094215162bfe7d41bbff1b9fe8ab974aa3fab Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-08-28tls: fix handling of failed connectsFlorin Coras1-8/+11
Change-Id: I48f32fdf1859420d2966dd8553f3a8f9a082e2ae Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-24session: add support for multiple app workersFlorin Coras1-32/+49
Refactor session layer to support multiple workers per application. Change-Id: Ie67354688d396449d14bbbb8c56050206e307cd8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-17optimize init_server to reduce session overheadPing Yu2-0/+12
move un-necessary session based operation to listener split orignal openssl ctx to be session based ctx and listen ctx Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-08-16Fix a segment fault issue in TLSPing Yu1-2/+3
The root cause is it uses a dangling reference after memory move Need to call session_alloc first, then use index to get the app listener point Change-Id: If5b7e0d6ddc761e5327660c47ce620e375319b4d Signed-off-by: Ping Yu <ping.yu@intel.com>