From a54b62d77794dee48510e7c128d3ab2fc90934b3 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Wed, 21 Apr 2021 09:05:56 -0700
Subject: vcl session: refactor passing of crypto context

Pass tls/quic crypto context using extended config instead of bloating
conect/listen messages.

Type: refactor

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0bc637ae310e6c31ef1e16847501dcb81453ee94
---
 src/plugins/hs_apps/proxy.c | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

(limited to 'src/plugins/hs_apps/proxy.c')

diff --git a/src/plugins/hs_apps/proxy.c b/src/plugins/hs_apps/proxy.c
index 000815813ce..1a49a0f1f3a 100644
--- a/src/plugins/hs_apps/proxy.c
+++ b/src/plugins/hs_apps/proxy.c
@@ -42,6 +42,8 @@ proxy_cb_fn (void *data, u32 data_len)
   a.app_index = pa->app_index;
   clib_memcpy (&a.sep_ext, &pa->sep, sizeof (pa->sep));
   vnet_connect (&a);
+  if (a.sep_ext.ext_cfg)
+    clib_mem_free (a.sep_ext.ext_cfg);
 }
 
 static void
@@ -50,6 +52,8 @@ proxy_call_main_thread (vnet_connect_args_t * a)
   if (vlib_get_thread_index () == 0)
     {
       vnet_connect (a);
+      if (a->sep_ext.ext_cfg)
+	clib_mem_free (a->sep_ext.ext_cfg);
     }
   else
     {
@@ -282,6 +286,12 @@ proxy_add_segment_callback (u32 client_index, u64 segment_handle)
   return -1;
 }
 
+static int
+proxy_transport_needs_crypto (transport_proto_t proto)
+{
+  return proto == TRANSPORT_PROTO_TLS;
+}
+
 static int
 proxy_rx_callback (session_t * s)
 {
@@ -353,9 +363,16 @@ proxy_rx_callback (session_t * s)
       clib_spinlock_unlock_if_init (&pm->sessions_lock);
 
       clib_memcpy (&a->sep_ext, &pm->client_sep, sizeof (pm->client_sep));
-      a->sep_ext.ckpair_index = pm->ckpair_index;
       a->api_context = proxy_index;
       a->app_index = pm->active_open_app_index;
+
+      if (proxy_transport_needs_crypto (a->sep.transport_proto))
+	{
+	  session_endpoint_alloc_ext_cfg (&a->sep_ext,
+					  TRANSPORT_ENDPT_EXT_CFG_CRYPTO);
+	  a->sep_ext.ext_cfg->crypto.ckpair_index = pm->ckpair_index;
+	}
+
       proxy_call_main_thread (a);
     }
 
@@ -697,13 +714,24 @@ proxy_server_listen ()
 {
   proxy_main_t *pm = &proxy_main;
   vnet_listen_args_t _a, *a = &_a;
+  int rv;
+
   clib_memset (a, 0, sizeof (*a));
 
   a->app_index = pm->server_app_index;
   clib_memcpy (&a->sep_ext, &pm->server_sep, sizeof (pm->server_sep));
-  a->sep_ext.ckpair_index = pm->ckpair_index;
+  if (proxy_transport_needs_crypto (a->sep.transport_proto))
+    {
+      session_endpoint_alloc_ext_cfg (&a->sep_ext,
+				      TRANSPORT_ENDPT_EXT_CFG_CRYPTO);
+      a->sep_ext.ext_cfg->crypto.ckpair_index = pm->ckpair_index;
+    }
+
+  rv = vnet_listen (a);
+  if (a->sep_ext.ext_cfg)
+    clib_mem_free (a->sep_ext.ext_cfg);
 
-  return vnet_listen (a);
+  return rv;
 }
 
 static void
-- 
cgit 1.2.3-korg