From 4aaedaa2ffaf0cee9ceae62c785f940b6fe23535 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Fri, 10 Nov 2023 09:48:39 -0800
Subject: tls: fix forced ho cleanup

Do not force cleanup of tcp half-open connection if tcp's cleanup
notification to tls is pending.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
---
 src/vnet/tls/tls.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'src/vnet/tls')

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index c2fe4d7e75b..32077c2a85b 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -427,7 +427,8 @@ tls_session_cleanup_ho (session_t *s)
   /* session opaque stores the opaque passed on connect */
   ho_index = s->opaque;
   ctx = tls_ctx_half_open_get (ho_index);
-  session_half_open_delete_notify (&ctx->connection);
+  if (!ctx->no_app_session)
+    session_half_open_delete_notify (&ctx->connection);
   tls_ctx_half_open_free (ho_index);
 }
 
@@ -946,10 +947,19 @@ static void
 tls_cleanup_ho (u32 ho_index)
 {
   tls_ctx_t *ctx;
+  session_t *s;
 
   ctx = tls_ctx_half_open_get (ho_index);
-  session_cleanup_half_open (ctx->tls_session_handle);
-  tls_ctx_half_open_free (ho_index);
+  s = session_get_from_handle (ctx->tls_session_handle);
+  /* If no pending cleanup notification, force cleanup now. Otherwise,
+   * wait for cleanup notification and set no app session on ctx */
+  if (s->session_state != SESSION_STATE_TRANSPORT_DELETED)
+    {
+      session_cleanup_half_open (ctx->tls_session_handle);
+      tls_ctx_half_open_free (ho_index);
+    }
+  else
+    ctx->no_app_session = 1;
 }
 
 int
-- 
cgit 1.2.3-korg