aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
AgeCommit message (Collapse)AuthorFilesLines
2024-04-08tls: fix session state update on acceptFlorin Coras1-1/+3
Only set state to ready if session is not already closing. Type: fix Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-26tls: init session for accepted ctxFlorin Coras1-7/+7
Make sure session is marked as invalid. Type: improvement Change-Id: I1c861645de95ef15a24acd4fe6dd5364a55b4fb8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-24tls: pass session state to engine on client initFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
2024-03-20tls: avoid app session preallocationFlorin Coras1-42/+14
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-12misc: remove GNU Indent directivesDamjan Marion1-2/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras2-22/+10
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-23tls: initialize app session app wrkFlorin Coras1-1/+2
Type: fix Change-Id: I8832839738b96495bd775a778dd736bb25e1236c Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-20tls: fix transport endpoint getFlorin Coras1-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
Make sure ctx is initialized before ho is marked as done. Type: fix Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: set app closed flag in frameworkFlorin Coras1-0/+1
Set the flag in tls framework as opposed to tls engines. This is similar to passive close. Type: improvement Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras2-23/+25
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-23tls: fix ho leak on tcp connect returnFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
2024-01-23tls: overlap parent opaque with listener ctxFlorin Coras1-5/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
2024-01-23tls: set flag whenever app session is freedFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
2023-12-14tls: no closed notify if no app sessionFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0e58bb970d371818217390d451cf26925b04970f
2023-12-13tls: postpone ho cleanup if not fully establishedFlorin Coras2-8/+80
If ho cleans up on first worker before owner of established session receives connected notification, the ho session is prematurely cleaned up. Wait for established ctx to be allocated before freeing ho. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
2023-11-10tls: fix forced ho cleanupFlorin Coras1-3/+13
Do not force cleanup of tcp half-open connection if tcp's cleanup notification to tls is pending. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
2023-11-09tls: fix handling of client and server init errorsFlorin Coras1-11/+9
- notify app on failed connect - avoid cleanup of ctx before transport cleanup to be able to handle pending rx notifications. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
2023-11-08tls: avoid reads after tcp transport removedFlorin Coras1-4/+18
Make sure underlying transport connection is not removed on rescheduled read event. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-09-26tls: init connection for prealloced app sessionsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
2023-09-22tls: ignore tx events for not fully established sessionsFlorin Coras1-6/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401a116a1a46c0dc5d591115de5ff0eef2f6440b
2023-09-04session: fix allocation of proxy fifosFlorin Coras1-0/+1
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-09session: async rx event notificationsFlorin Coras1-4/+4
Move from synchronous flushing of io and ctrl events from transports to applications to an async model via a new session_input input node that runs in interrupt mode. Events are coalesced per application worker. On the one hand, this helps by minimizing message queue locking churn. And on the other, it opens the possibility for further optimizations of event message generation, obviates need for rx rescheduling rpcs and is a first step towards a fully async data/io rx path. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
2023-05-26tls: fix memory leak when client/server init errorXiaoming Jiang1-2/+18
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I484f3759b6c27052e08741398ec389729285f035
2022-12-02session: move connects to first workerFlorin Coras1-0/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-10-31tls: use safe pool reallocsFlorin Coras2-51/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-05-04tls: free app session if connect notify refusedFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iee6784c37a835b49d962ae6f87c279cbe65dde15
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-07tls http: run config fns after init onesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan2-0/+8
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion1-2/+1
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-02-28tls: handle read write ssl errorsFlorin Coras2-0/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2022-02-28tls: Receive only when the app_session is availableSaravanan Murugesan1-0/+5
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: Icfd5e3c0bb034684c7bc43be46927294536ba08a
2022-02-17tls http srtp: fix session index for listenersFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-10session: use transport endpoint cfg for listenFlorin Coras1-1/+1
Makes it similar to connects. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I38c328670054e1a9ba4dc4ea8fe7519a5a09e8be
2022-02-05session: track bytes dequeued in snd paramsFlorin Coras1-2/+1
Also reset send params flags before calling transports to avoid explicit resets in all transports. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1da7b3fab009728e7fee4199425ced933fa8a122
2021-12-21tls: don't add listen to lookup tableFilip Tehlar1-0/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0432dd0209f9c7702a8497161e21e178ee243bb1
2021-11-19tls: add option to config additional segment sizeFlorin Coras2-4/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-06-17tls: increase engine bits room in handle to support custom engine typejxm1-1/+1
Type: improvement Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I80a51e841f9727b68d1de713b6b6d51675ef53c5
2021-05-29tls: fix handling of failed connectsFlorin Coras1-16/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifbf43dd69aa07be485fe7fa01c917512e423036e
2021-05-20tls svm: prealloc tcp fifo chunks before ssl writeFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c47b55ec6f0c83f2d13e0e737d0559a32f7c837
2021-05-18tls: fix dtls with no workersFlorin Coras1-6/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecc33fda7f28c037289775ffe0525a50f89a2b8c
2021-05-14tls: switch dtls to vc and track half-opensFlorin Coras1-4/+59
Also adds support for half-open support transport migration. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id04c194138956336f93246bbed0332a7030c67e2
2021-05-12tls: switch to vc service and track half-open sessionsFlorin Coras2-13/+64
Half-open tls sessions are now tracked by the app worker and are cleaned up only when tcp cleans up its half-open session, i.e., independent of when the established tls context is allocated. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5d594d7095192dd527daf4ea1358ffeccdfcc7a
2021-05-07session: connects seg manager is always firstFlorin Coras1-2/+0
By convention, connects segment manager will be first. Therefore it will be the one with the first segment wherein lies the app's message queue. Saves us the trouble of allocating it on first connect, if app started by listening, and we no longer need to track if it's assignable to a listener or if it can be removed. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iba9a8ffaab618eeb41ec2144dcfee62d006dc7a2