aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/tls
AgeCommit message (Collapse)AuthorFilesLines
2024-10-25session: support of multiple extended configsMatus Fabian1-6/+12
This allow configuration for each transport protocol when combined, e.g. HTTPS=HTTP+TLS. Extended config of session endpoint config is now chunk of memory, which allow seamless integration with VCL, and internal representation is hidden behind APIs, which is better for future improvements. By default chunk is allocated to 512B if the app doesn't do so before. Type: improvement Change-Id: I323f19ec255eba31c58c06b8b83af45aab7f5bb1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2024-09-26tls: cleanup engine hs cb and improve ctx formattingFlorin Coras3-20/+15
Handshake completion is now tracked via a ctx flag so we no longer need ctx_handshake_is_over. Also, as we no longer prealloc application sessions, improve ctx state formatting. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If48588ecde13e56fb99d1a46238bda53ed4eae1b
2024-08-13tls: add basic tls record parsersFlorin Coras2-0/+529
Type: improvement Change-Id: Ia6a9f69b787950e3dbffd13ae577e499d6d2f55f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-07-16tls: track app owner of transport sessionFlorin Coras2-1/+4
Allow other apps to own transport sessions for tls. Type: improvement Change-Id: Ida04cef1dc49acb7117cbed8657e26890bf43d2a Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-07-09tls: refactor vft functionsn to allow for reuseFlorin Coras3-140/+152
Type: refactor Change-Id: I3d7ff64e2e54b113f8d4b26f2dbf5b9c67b80976 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-08tls: fix session state update on acceptFlorin Coras1-1/+3
Only set state to ready if session is not already closing. Type: fix Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-26tls: init session for accepted ctxFlorin Coras1-7/+7
Make sure session is marked as invalid. Type: improvement Change-Id: I1c861645de95ef15a24acd4fe6dd5364a55b4fb8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-24tls: pass session state to engine on client initFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
2024-03-20tls: avoid app session preallocationFlorin Coras1-42/+14
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-12misc: remove GNU Indent directivesDamjan Marion1-2/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras2-22/+10
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-23tls: initialize app session app wrkFlorin Coras1-1/+2
Type: fix Change-Id: I8832839738b96495bd775a778dd736bb25e1236c Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-20tls: fix transport endpoint getFlorin Coras1-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
Make sure ctx is initialized before ho is marked as done. Type: fix Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: set app closed flag in frameworkFlorin Coras1-0/+1
Set the flag in tls framework as opposed to tls engines. This is similar to passive close. Type: improvement Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras2-23/+25
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-23tls: fix ho leak on tcp connect returnFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
2024-01-23tls: overlap parent opaque with listener ctxFlorin Coras1-5/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
2024-01-23tls: set flag whenever app session is freedFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
2023-12-14tls: no closed notify if no app sessionFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0e58bb970d371818217390d451cf26925b04970f
2023-12-13tls: postpone ho cleanup if not fully establishedFlorin Coras2-8/+80
If ho cleans up on first worker before owner of established session receives connected notification, the ho session is prematurely cleaned up. Wait for established ctx to be allocated before freeing ho. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
2023-11-10tls: fix forced ho cleanupFlorin Coras1-3/+13
Do not force cleanup of tcp half-open connection if tcp's cleanup notification to tls is pending. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
2023-11-09tls: fix handling of client and server init errorsFlorin Coras1-11/+9
- notify app on failed connect - avoid cleanup of ctx before transport cleanup to be able to handle pending rx notifications. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
2023-11-08tls: avoid reads after tcp transport removedFlorin Coras1-4/+18
Make sure underlying transport connection is not removed on rescheduled read event. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-09-26tls: init connection for prealloced app sessionsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
2023-09-22tls: ignore tx events for not fully established sessionsFlorin Coras1-6/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401a116a1a46c0dc5d591115de5ff0eef2f6440b
2023-09-04session: fix allocation of proxy fifosFlorin Coras1-0/+1
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-09session: async rx event notificationsFlorin Coras1-4/+4
Move from synchronous flushing of io and ctrl events from transports to applications to an async model via a new session_input input node that runs in interrupt mode. Events are coalesced per application worker. On the one hand, this helps by minimizing message queue locking churn. And on the other, it opens the possibility for further optimizations of event message generation, obviates need for rx rescheduling rpcs and is a first step towards a fully async data/io rx path. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
2023-05-26tls: fix memory leak when client/server init errorXiaoming Jiang1-2/+18
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I484f3759b6c27052e08741398ec389729285f035
2022-12-02session: move connects to first workerFlorin Coras1-0/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-10-31tls: use safe pool reallocsFlorin Coras2-51/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-05-04tls: free app session if connect notify refusedFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iee6784c37a835b49d962ae6f87c279cbe65dde15
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-07tls http: run config fns after init onesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan2-0/+8
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion1-2/+1
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-02-28tls: handle read write ssl errorsFlorin Coras2-0/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2022-02-28tls: Receive only when the app_session is availableSaravanan Murugesan1-0/+5
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: Icfd5e3c0bb034684c7bc43be46927294536ba08a
2022-02-17tls http srtp: fix session index for listenersFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-10session: use transport endpoint cfg for listenFlorin Coras1-1/+1
Makes it similar to connects. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I38c328670054e1a9ba4dc4ea8fe7519a5a09e8be
2022-02-05session: track bytes dequeued in snd paramsFlorin Coras1-2/+1
Also reset send params flags before calling transports to avoid explicit resets in all transports. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1da7b3fab009728e7fee4199425ced933fa8a122
2021-12-21tls: don't add listen to lookup tableFilip Tehlar1-0/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0432dd0209f9c7702a8497161e21e178ee243bb1
2021-11-19tls: add option to config additional segment sizeFlorin Coras2-4/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-06-17tls: increase engine bits room in handle to support custom engine typejxm1-1/+1
Type: improvement Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I80a51e841f9727b68d1de713b6b6d51675ef53c5
2021-05-29tls: fix handling of failed connectsFlorin Coras1-16/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifbf43dd69aa07be485fe7fa01c917512e423036e