diff options
-rw-r--r-- | .gitmodules | 2 | ||||
-rw-r--r-- | Makefile | 27 | ||||
-rw-r--r-- | README.md | 44 | ||||
-rw-r--r-- | configs/nginx-test.conf | 80 | ||||
-rw-r--r-- | configs/nginx.conf | 112 | ||||
-rw-r--r-- | configs/startup-test.conf | 28 | ||||
-rw-r--r-- | configs/vppset-test | 1 | ||||
-rw-r--r-- | packages/nginx_ldp.mk | 13 | ||||
-rw-r--r-- | packages/nginx_vcl.mk | 15 | ||||
-rw-r--r-- | packages/openssl.mk | 6 | ||||
-rwxr-xr-x | packages/verify.sh | 69 | ||||
-rw-r--r-- | packages/vpp_ldp.mk | 58 | ||||
-rw-r--r-- | packages/vpp_vcl.mk | 55 | ||||
-rw-r--r-- | vpp_patches/other/2001/0001-3.0.0.patch (renamed from vpp_patches/other/0001-3.0.0.patch) | 0 | ||||
-rw-r--r-- | vpp_patches/other/2005/0001-3.0.0.patch | 113 | ||||
-rw-r--r-- | vpp_patches/other/2005/0001-picotls-patch.patch | 45 | ||||
-rw-r--r-- | vpp_patches/other/master/0001-3.0.0.patch | 114 | ||||
-rw-r--r-- | vpp_patches/vcl/master/0001-ngxvcl-api.patch | 1698 | ||||
-rw-r--r-- | vpp_patches/vcl/other/0001-ngxvcl-api.patch (renamed from vpp_patches/vcl/0001-ngxvcl-api.patch) | 0 |
19 files changed, 2290 insertions, 190 deletions
diff --git a/.gitmodules b/.gitmodules index 69878e6..7e346ce 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "vpp"] path = vpp - url = https://gerrit.fd.io/r/vpp + url = https://github.com/FDio/vpp.git @@ -29,10 +29,13 @@ vpp ?= master MAKE ?= make MAKE_ARGS ?= -j openssl3_enable ?= 0 +openssl3_lib_ready ?= 0 debug ?= 0 BUILD_DIR ?= $(CURDIR)/_build INSTALL_DIR ?= $(CURDIR)/_install +MAIN_BRANCH := master + B := $(BUILD_DIR) I := $(INSTALL_DIR) @@ -87,16 +90,40 @@ $(BR)/.deps.ok: @touch $@ .PHONY: build-vcl +ifeq ($(openssl3_enable)_$(openssl3_lib_ready), 1_1) +build-vcl: $(BR)/.deps.ok nginx-dl vpp_vcl-build nginx_vcl-build +else ifeq ($(openssl3_enable),1) build-vcl: $(BR)/.deps.ok openssl-dl nginx-dl openssl-build vpp_vcl-build nginx_vcl-build +else +build-vcl: $(BR)/.deps.ok nginx-dl vpp_vcl-build nginx_vcl-build +endif .PHONY: build-ldp +ifeq ($(openssl3_enable)_$(openssl3_lib_ready), 1_1) +build-ldp: $(BR)/.deps.ok nginx-dl vpp_ldp-build nginx_ldp-build +else ifeq ($(openssl3_enable),1) build-ldp: $(BR)/.deps.ok openssl-dl nginx-dl openssl-build vpp_ldp-build nginx_ldp-build +else +build-ldp: $(BR)/.deps.ok nginx-dl vpp_ldp-build nginx_ldp-build +endif .PHONY: deb-vcl +ifeq ($(openssl3_enable)_$(openssl3_lib_ready), 1_1) +deb-vcl: build-vcl vpp_vcl-deb nginx_vcl-deb +else ifeq ($(openssl3_enable),1) deb-vcl: build-vcl openssl-deb vpp_vcl-deb nginx_vcl-deb +else +deb-vcl: build-vcl vpp_vcl-deb nginx_vcl-deb +endif .PHONY: deb-ldp +ifeq ($(openssl3_enable)_$(openssl3_lib_ready), 1_1) +deb-ldp: build-ldp vpp_ldp-deb nginx_ldp-deb +else ifeq ($(openssl3_enable),1) deb-ldp: build-ldp openssl-deb vpp_ldp-deb nginx_ldp-deb +else +deb-ldp: build-ldp vpp_ldp-deb nginx_ldp-deb +endif .PHONY: verify-vcl verify-vcl: build-vcl @@ -3,9 +3,9 @@ This repository is to provide an optimized NGINX based on VPP host stack. We provide two ways of VPP host stack integration, i.e. LDP and VCL. LDP is basically un-modified NGINX with VPP via LD_PRELOAD, while VCL NGINX is to integrate VPP host stack directly with NGINX code change. -This repository provides the nginx build and openssl3.0.0 build, as well -as the integration of VPP host stacks, namely the LDP and VCL VPP and nginx -builds, and generates the installation deb packages to the specified location. +This repository provides the nginx build, as well as the integration of +VPP host stacks, namely the LDP and VCL VPP and nginx builds, and generates +the installation deb packages to the specified location. # 2 Repository Layout **configs**: configuration files for VPP, NGINX and VCL @@ -14,8 +14,6 @@ builds, and generates the installation deb packages to the specified location. **vpp_patches**: lock-free LDP and pinned-VPP patches -**openssl_patches**: openssl patches - **scripts**: scripts for VPP, NGINX and client test **packages**: Makefiles for building and downloading @@ -40,7 +38,7 @@ Build vcl DEB package and store the DEB files in folder '/path/to/this/repo/deb- $ make deb-vcl Build vcl vpp and vcl nginx -Nginx and Openssl are in folder '/path/to/this/repo/_install/local' +Nginx is in folder '/path/to/this/repo/_build/usr/local/nginx' Vpp is in '/path/to/this/repo/vpp' $ make build-vcl @@ -48,7 +46,7 @@ Build ldp DEB package and store the DEB files in folder '/path/to/this/repo/deb- $ make deb-ldp Build ldp vpp and ldp nginx -Nginx and Openssl are in folder '/path/to/this/repo/_install/local' +Nginx is in folder '/path/to/this/repo/_build/usr/local/nginx' Vpp is in '/path/to/this/repo/vpp' $ make build-ldp @@ -60,6 +58,13 @@ If you don't take the parameter, the default is master. For example: $ make deb-vcl +You can choose whether openssl3.0.0 is supported or not. +$ make deb-vcl openssl3_enable=1 + +If you already have OpensSL3.0 and don't want to compile Openssl3.0, +you can add the option 'openssl3_lib_ready' +$ make deb-vcl openssl3_enable=1 openssl3_lib_ready=1 + Verify that vcl starts properly $ make verify-vcl @@ -123,7 +128,7 @@ Now the original NGINX code has been modified to VCL-supporting code. Then you can configure and build NGINX. ```bash -$ ./configure --with-vcl --vpp-lib-path=/path/to/vpp/build-root/install-vpp-native/vpp/lib --vpp-src-path=/path/to/vpp/src +$ ./configure --with-vcl --vpp-lib-path=/path/to/this/repo/vpp/build-root/install-vpp-native/vpp/lib --vpp-src-path=/path/to/this/repo/vpp/src $ sudo make install ``` @@ -131,21 +136,21 @@ $ sudo make install - Run VPP first - Refer to startup.conf provided in "configs" to start VPP. (learn how to use startup.conf in section 4.1.1) - - If you choose to use the Makefile to build automatically, the VPP is stored in '/path/to/this/repo/_install/local/vpp' + - If you choose to use the Makefile to build automatically, the VPP is stored in '/path/to/this/repo/vpp' ```bash - ./vpp -c /path/to/startup.conf + ./vpp -c /path/to/this/repo/configs/startup.conf ``` Start NGINX - refer to vcl.conf and nginx.conf provided under "configs" - - If you choose to use the Makefile to build automatically, the NGINX is stored in '/path/to/this/repo/_install/local/nginx' + - If you choose to use the Makefile to build automatically, the NGINX is stored in '/path/to/this/repo/_build/usr/local/nginx' ``` - # export VCL_CONFIG=/path/to/vcl.conf - # export LD_LIBRARY_PATH=/path/to/vpp/build-root/install-vpp-native/vpp/lib - # /usr/local/nginx/sbin/nginx -c /path/to/nginx.conf + # export VCL_CONFIG=/path/to/this/repo/configs/vcl.conf + # export LD_LIBRARY_PATH=/path/to/this/repo/vpp/build-root/install-vpp-native/vpp/lib + # /path/to/this/repo/_build/usr/local/nginx/sbin/nginx -c /path/to/this/repo/configs/nginx.conf ``` ## 3.2 LDP NGINX @@ -160,17 +165,16 @@ This patch removes VLS session locks for saving approximately 100% CPU cycles on You may need root privilege. ```bash -$ cd /path/to/vpp -$ patch -p1 < /path/to/this/repo/vpp_patches/ldp/0001-LDP-remove-lock.patch +$ cd /path/to/this/repo/vpp $ make build && make build-release ``` **Start NGINX** -If you choose to use the Makefile to build automatically, the VPP is stored in '/path/to/this/repo/_install/local/vpp' -If you choose to use the Makefile to build automatically, the NGINX is stored in '/path/to/this/repo/_install/local/nginx' +If you choose to use the Makefile to build automatically, the VPP is stored in '/path/to/this/repo/vpp' +If you choose to use the Makefile to build automatically, the NGINX is stored in '/path/to/this/repo/_build/usr/local/nginx' ```bash -$ export VCL_CONFIG=path/to/vcl.conf -$ LD_PRELOAD=path/to/vpp/build-root/install-vpp-native/vpp/lib/libvcl_ldpreload.so /usr/local/nginx/sbin/nginx -c path/to/nginx.conf +$ export VCL_CONFIG=path/to/this/repo/vcl.conf +$ LD_PRELOAD=/path/to/this/repo/vpp/build-root/install-vpp-native/vpp/lib/libvcl_ldpreload.so /path/to/this/repo/_build/usr/local/nginx/sbin/nginx -c path/to/this/repo/configs/nginx.conf ``` ## 3.3 Enable VPP TLS diff --git a/configs/nginx-test.conf b/configs/nginx-test.conf new file mode 100644 index 0000000..e67e8fa --- /dev/null +++ b/configs/nginx-test.conf @@ -0,0 +1,80 @@ +#user xxx; +worker_processes 1; +#worker_processes 2; +#worker_processes 4; +#worker_processes 8; + +master_process on; +daemon off; + +worker_rlimit_nofile 10240; +events { + use epoll; + worker_connections 10240; + accept_mutex off; + multi_accept off; +} + + +http { + access_log off; + include mime.types; + default_type application/octet-stream; + sendfile on; + + + ##RPS test + keepalive_timeout 300s; + keepalive_requests 1000000; + + server { + listen 80; + root html; + index index.html index.htm; + location /return { + return 204; + } + location /64B.json { + return 200 '{"status":"success","result":"this is a 64Byte json file test!"}'; + } + location /1KB.json{ + return 201 '{"status":"success","result":"Hello from NGINX, 1KB test! \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + "}'; + } + location /2KB.json{ + return 202 '{"status":"success","result":"Hello from NGINX, 2KB test! \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + "}'; + } + } + } diff --git a/configs/nginx.conf b/configs/nginx.conf index d184b89..6770ea0 100644 --- a/configs/nginx.conf +++ b/configs/nginx.conf @@ -10,7 +10,6 @@ daemon off; worker_rlimit_nofile 10240; events { use epoll; - #epoll_events 512; worker_connections 10240; accept_mutex off; multi_accept off; @@ -29,88 +28,53 @@ http { keepalive_requests 1000000; server { - listen 443; - #ssl_protocols TLSv1.2; - #ssl_prefer_server_ciphers on; + listen 80; root html; index index.html index.htm; location /return { return 204; } location /64B.json { - return 200 '{"status":"success","result":"this is \ - a 64Byte json file test!"}'; - } + return 200 '{"status":"success","result":"this is a 64Byte json file test!"}'; + } location /1KB.json{ - return 201 '{"status":"success","result":"\ - Nanchang, which was the capital of Yuzhang \ - Prefecture during the HanDynasty, \ - now falls under the jurisdiction of Hongzhou. \ - It straddles the borderof the \ - influence of the Ye and Zhen constellations , \ - and is adjacent to theHeng \ - and the Lu mountains . The three rivers enfold \ - it like the frontpart \ - of a garment and the five lakes encircle it \ - like a girdle. Itcontrols \ - the savage Jing area and connects Ou and Yue, \ - and itsproducts are \ - nature’s jewels. The radiance of its legendary \ - sword shootsdirectly upward \ - between the constellations Niu and Dou. \ - Its talented peopleare outstanding,\ - and the spirit of intelligence pervades the \ - place. This wasthe place where Xu \ - Ru spent the night on his visit to Chen Fan (10). \ - The mightyHongzhou spreads \ - out immensely amid the fog, and the intellectual \ - luminariesare as numerous as\ - meteors chasing one another. \ + return 201 '{"status":"success","result":"Hello from NGINX, 1KB test! \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ "}'; - } + } location /2KB.json{ - return 202 '{"status":"success","result":"\ - Hello from NGINX, 2KB test\ - Nanchang, which was the capital of Yuzhang \ - Prefecture during the HanDynasty, \ - now falls under the jurisdiction of Hongzhou. \ - It straddles the borderof the \ - influence of the Ye and Zhen constellations , \ - and is adjacent to theHeng \ - and the Lu mountains . The three rivers enfold \ - it like the frontpart \ - of a garment and the five lakes encircle it \ - like a girdle. Itcontrols \ - the savage Jing area and connects Ou and Yue, \ - and itsproducts are \ - nature’s jewels. The radiance of its legendary \ - sword shootsdirectly upward \ - between the constellations Niu and Dou. \ - Its talented peopleare outstanding,\ - and the spirit of intelligence pervades \ - the place. This wasthe place where Xu \ - Ru spent the night on his visit to \ - Chen Fan (10). The mightyHongzhou spreads \ - out immensely amid the fog, and the intellectual \ - luminariesare as numerous as\ - meteors chasing one another.\ - of a garment and the five lakes encircle \ - it like a girdle. Itcontrols \ - the savage Jing area and connects \ - Ou and Yue, and itsproducts are \ - nature’s jewels. The radiance of its \ - legendary sword shootsdirectly upward \ - between the constellations Niu and Dou. \ - Its talented peopleare outstanding,\ - and the spirit of intelligence pervades \ - the place. This wasthe place where Xu \ - Ru spent the night on his visit to \ - Chen Fan (10). The mightyHongzhou spreads \ - out immensely amid the fog, and the \ - intellectual luminariesare as numerous as\ - meteors chasing one another. \ + return 202 '{"status":"success","result":"Hello from NGINX, 2KB test! \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ + 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ "}'; - } - + } } } diff --git a/configs/startup-test.conf b/configs/startup-test.conf new file mode 100644 index 0000000..cf41cca --- /dev/null +++ b/configs/startup-test.conf @@ -0,0 +1,28 @@ +unix { + interactive + log /tmp/vpp.log + full-coredump + cli-listen /run/vpp/cli.sock + exec /tmp/vppset-test +} + +api-trace { + on +} + +session { + evt_qs_memfd_seg +} + +socksvr { + default +} + +cpu { + main-core 0 + ##Start 4 VPP workers + #corelist-workers 1-4 + ##start 1 VPP worker + corelist-workers 1 +} + diff --git a/configs/vppset-test b/configs/vppset-test new file mode 100644 index 0000000..082ac46 --- /dev/null +++ b/configs/vppset-test @@ -0,0 +1 @@ +set int state local0 up diff --git a/packages/nginx_ldp.mk b/packages/nginx_ldp.mk index f7756de..db9386a 100644 --- a/packages/nginx_ldp.mk +++ b/packages/nginx_ldp.mk @@ -41,14 +41,15 @@ endef define nginx_ldp_build_cmds @$(MAKE) -C $(nginx_ldp_src_dir) + @$(MAKE) -C $(nginx_ldp_src_dir) DESTDIR=$(B) install + @cp configs/mime.types $(B)$(nginx_ldp_install_dir)/conf/. + @cp configs/nginx.conf $(B)$(nginx_ldp_install_dir)/conf/. + @cp configs/tls-* $(B)$(nginx_ldp_install_dir)/conf/. + @cp configs/vcl.conf $(B)$(nginx_ldp_install_dir)/conf/. endef define nginx_ldp_install_cmds - @$(MAKE) -C $(nginx_ldp_src_dir) install - @cp configs/mime.types $(nginx_ldp_install_dir)/conf/. - @cp configs/nginx.conf $(nginx_ldp_install_dir)/conf/. - @cp configs/tls-* $(nginx_ldp_install_dir)/conf/. - @cp configs/vcl.conf $(nginx_ldp_install_dir)/conf/. + @true endef define nginx_ldp_pkg_deb_cmds @@ -56,7 +57,7 @@ define nginx_ldp_pkg_deb_cmds -t deb \ -n $(nginx_ldp_pkg_deb_name) \ -v $(nginx_ldp_version) \ - -C $(nginx_ldp_install_dir) \ + -C $(B)$(nginx_ldp_install_dir) \ -p $(nginx_ldp_pkg_deb_dir) \ --prefix $(nginx_ldp_deb_inst_dir) \ --license $(LICENSE) \ diff --git a/packages/nginx_vcl.mk b/packages/nginx_vcl.mk index 2b3425f..3f2f80d 100644 --- a/packages/nginx_vcl.mk +++ b/packages/nginx_vcl.mk @@ -16,6 +16,8 @@ nginx_vcl_patch_dir := $(CURDIR)/nginx_patches nginx_vcl_src_dir := $(B)/nginx_vcl vpp_vcl_src_dir := $(CURDIR)/vpp nginx_vcl_install_dir := /usr/local/nginx +nginx_vcl_tmp1_dir := $(B)/nginx_vcl_backup1 +nginx_vcl_tmp2_dir := $(B)/nginx_vcl_backup2 nginx_vcl_deb_inst_dir := /usr/local/nginx nginx_vcl_pkg_deb_name := nginx nginx_vcl_pkg_deb_dir := $(I)/deb-vcl @@ -46,14 +48,15 @@ endef define nginx_vcl_build_cmds @$(MAKE) -C $(nginx_vcl_src_dir) + @$(MAKE) -C $(nginx_vcl_src_dir) DESTDIR=$(B) install + @cp configs/mime.types $(B)$(nginx_vcl_install_dir)/conf/. + @cp configs/nginx.conf $(B)$(nginx_vcl_install_dir)/conf/. + @cp configs/tls-* $(B)$(nginx_vcl_install_dir)/conf/. + @cp configs/vcl.conf $(B)$(nginx_vcl_install_dir)/conf/. endef define nginx_vcl_install_cmds - @$(MAKE) -C $(nginx_vcl_src_dir) install - @cp configs/mime.types $(nginx_vcl_install_dir)/conf/. - @cp configs/nginx.conf $(nginx_vcl_install_dir)/conf/. - @cp configs/tls-* $(nginx_vcl_install_dir)/conf/. - @cp configs/vcl.conf $(nginx_vcl_install_dir)/conf/. + @true endef define nginx_vcl_pkg_deb_cmds @@ -61,7 +64,7 @@ define nginx_vcl_pkg_deb_cmds -t deb \ -n $(nginx_vcl_pkg_deb_name) \ -v $(nginx_vcl_version) \ - -C $(nginx_vcl_install_dir) \ + -C $(B)$(nginx_vcl_install_dir) \ -p $(nginx_vcl_pkg_deb_dir) \ --prefix $(nginx_vcl_deb_inst_dir) \ --license $(LICENSE) \ diff --git a/packages/openssl.mk b/packages/openssl.mk index b31257a..227dce8 100644 --- a/packages/openssl.mk +++ b/packages/openssl.mk @@ -33,9 +33,9 @@ define openssl_config_cmds endef define openssl_build_cmds - @$(MAKE) -C $(openssl_build_dir) depend - @$(MAKE) -C $(openssl_build_dir) - @$(MAKE) -C $(openssl_build_dir) install + $(MAKE) -C $(openssl_build_dir) depend + $(MAKE) -C $(openssl_build_dir) + $(MAKE) -C $(openssl_build_dir) install endef define openssl_install_cmds diff --git a/packages/verify.sh b/packages/verify.sh index 6b3d7a3..b849d68 100755 --- a/packages/verify.sh +++ b/packages/verify.sh @@ -3,21 +3,17 @@ ngxvcl=${BR}/_build/nginx_vcl ngxldp=${BR}/_build/nginx_ldp +tls_tcp=tls + function test_vcl(){ echo "" echo "====================================================================" echo "Testing ..." echo "" export LD_LIBRARY_PATH=/usr/local/ssl/lib - cp ${BR}/configs/startup.conf ${BR}/configs/startup-test.conf - - sed -i 's|/var/log/vpp/vpp.log|/tmp/vpp.log|' ${BR}/configs/startup-test.conf - sed -i 's|cli-vpp1.sock|cli.sock|' ${BR}/configs/startup-test.conf - sed -i 's|/path/to/configs/vppenvset|configs/vppset|' ${BR}/configs/startup-test.conf - sed -i 's|socket-name /path/to/vpp-api.sock|default|' ${BR}/configs/startup-test.conf - echo "set int state local0 up" > ${BR}/configs/vppset - ${BR}/vpp/build-root/install-vpp-native/vpp/bin/vpp -c configs/startup-test.conf & + cp ${BR}/configs/vppset-test /tmp/. + ${BR}/vpp/build-root/install-vpp-native/vpp/bin/vpp -c ${BR}/configs/startup-test.conf & vpp_pid=$! sleep 5 @@ -32,9 +28,16 @@ function test_vcl(){ sudo killall -v -s 9 nginx || echo "continue execute" - cp ${BR}/configs/nginx.conf ${BR}/configs/nginx-test.conf - sed -i 's|#worker_processes 1|worker_processes 1|' ${BR}/configs/nginx-test.conf - + mdir=0 + if [ ! -d /usr/local/nginx/logs ]; then + mdir=2 + if [ ! -d /usr/local/nginx ]; then + mdir=1 + fi + fi + if [ ${mdir} -ne 0 ]; then + mkdir -p /usr/local/nginx/logs + fi ${ngxvcl}/objs/nginx -c ${BR}/configs/nginx-test.conf & nginx_pid=$! sleep 5 @@ -60,10 +63,13 @@ function test_vcl(){ sudo killall -v -s 9 nginx || echo "" sudo kill -9 ${vpp_pid} || echo "" - rm -f ${BR}/configs/nginx-test.conf - rm -f ${BR}/configs/startup-test.conf - rm -f ${BR}/configs/vppset - rm -f /tmp/vpp.log + + rm /tmp/vppset-test + if [ ${mdir} -eq 1 ]; then + rm -rf /usr/local/nginx + elif [ ${mdir} -eq 2 ]; then + rm -rf /usr/local/nginx/logs + fi if [ ${ret} -eq 1 ]; then exit 1; @@ -77,21 +83,23 @@ function test_ldp(){ echo "" export LD_LIBRARY_PATH=/usr/local/ssl/lib - cp ${BR}/configs/startup.conf ${BR}/configs/startup-test.conf - - sed -i 's|/var/log/vpp/vpp.log|/tmp/vpp.log|' ${BR}/configs/startup-test.conf - sed -i 's|cli-vpp1.sock|cli.sock|' ${BR}/configs/startup-test.conf - sed -i 's|/path/to/configs/vppenvset|configs/vppset|' ${BR}/configs/startup-test.conf - sed -i 's|socket-name /path/to/vpp-api.sock|default|' ${BR}/configs/startup-test.conf - echo "set int state local0 up" > ${BR}/configs/vppset - ${BR}/vpp/build-root/install-vpp-native/vpp/bin/vpp -c configs/startup-test.conf & + cp ${BR}/configs/vppset-test /tmp/. + ${BR}/vpp/build-root/install-vpp-native/vpp/bin/vpp -c ${BR}/configs/startup-test.conf & vpp_pid=$! sleep 5 - cp ${BR}/configs/nginx.conf ${BR}/configs/nginx-test.conf - sed -i 's|#worker_processes 1|worker_processes 1|' ${BR}/configs/nginx-test.conf + mdir=0 + if [ ! -d /usr/local/nginx/logs ]; then + mdir=2 + if [ ! -d /usr/local/nginx ]; then + mdir=1 + fi + fi + if [ ${mdir} -ne 0 ]; then + mkdir -p /usr/local/nginx/logs + fi export VCL_CONFIG=${BR}/configs/vcl.conf export LDP_TRANSPARENT_TLS=1 @@ -113,7 +121,6 @@ function test_ldp(){ ret=1 fi - v=`ps -A|grep "${nginx_pid}" | wc -l` if [ ${v} -eq 1 ]; then echo "LDP test: nginx OK" @@ -126,10 +133,12 @@ function test_ldp(){ sudo killall -v -s 9 nginx || echo "" sudo kill -9 ${vpp_pid} || echo "" - rm -f ${BR}/configs/nginx-test.conf - rm -f ${BR}/configs/startup-test.conf - rm -f ${BR}/configs/vppset - rm -rf /tmp/vpp.log + rm /tmp/vppset-test + if [ ${mdir} -eq 1 ]; then + rm -rf /usr/local/nginx + elif [ ${mdir} -eq 2 ]; then + rm -rf /usr/local/nginx/logs + fi if [ ${ret} -eq 1 ]; then exit 1 diff --git a/packages/vpp_ldp.mk b/packages/vpp_ldp.mk index 8b1fd7a..05e8398 100644 --- a/packages/vpp_ldp.mk +++ b/packages/vpp_ldp.mk @@ -27,8 +27,8 @@ endef define vpp_ldp_patch_cmds @echo "--- ldp vpp patching ---" @cd $(vpp_ldp_src_dir); \ - git reset --hard; git clean -f; git checkout master; \ - if [ $(_VPP_VER) != "master" ] ; then \ + git reset --hard; git clean -f; git checkout $(MAIN_BRANCH); \ + if [ $(_VPP_VER) != $(MAIN_BRANCH) ] ; then \ echo "--- vpp version: $(_VPP_VER) ---"; \ if [ $(_VPP_VER) = "2005" ]; then \ git checkout v20.05; \ @@ -41,14 +41,20 @@ define vpp_ldp_patch_cmds echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ done - @if [ $(openssl3_enable) = 1 ]; then \ + @if [ $(openssl3_enable) -eq 1 ]; then \ for f in $(CURDIR)/vpp_patches/other/*.patch ; do \ echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ done; \ - if [ $(_VPP_VER) = "master" -o $(_VPP_VER) = "2005" ]; then \ - echo "--- vpp master ---"; \ - for f in $(CURDIR)/vpp_patches/other/master/*; do \ + if [ $(_VPP_VER) = $(MAIN_BRANCH) ]; then \ + echo "--- vpp $(MAIN_BRANCH) ---"; \ + for f in $(CURDIR)/vpp_patches/other/$(MAIN_BRANCH)/*; do \ + echo Applying patch: $$(basename $$f) ; \ + patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ + done; \ + elif [ $(_VPP_VER) = "2005" ]; then \ + echo "--- vpp 20.05 ---"; \ + for f in $(CURDIR)/vpp_patches/other/2005/*; do \ echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ done; \ @@ -60,25 +66,6 @@ define vpp_ldp_patch_cmds done; \ fi; \ fi - @if [ $(_VPP_VER) = "master" ]; then \ - echo "--- patch master ---"; \ - for f in $(CURDIR)/vpp_patches/ldp/master/*.patch ; do \ - echo Applying patch: $$(basename $$f) ; \ - patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ - done; \ - elif [ $(_VPP_VER) = "2005" ]; then \ - echo "--- patch v20.05 ---"; \ - for f in $(CURDIR)/vpp_patches/ldp/2005/*.patch ; do \ - echo Applying patch: $$(basename $$f) ; \ - patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ - done; \ - elif [ $(_VPP_VER) = "2001" ]; then \ - echo "--- patch 2001 ---"; \ - for f in $(CURDIR)/vpp_patches/ldp/2001/*.patch ; do \ - echo Applying patch: $$(basename $$f) ; \ - patch -p1 -d $(vpp_ldp_src_dir) < $$f ; \ - done; \ - fi @true endef @@ -90,16 +77,15 @@ endef define vpp_ldp_build_cmds @cd $(vpp_ldp_src_dir); \ echo "---build : $(vpp_ldp_src_dir)"; \ - if [ $(openssl3_enable) = 1 ]; then \ + if [ $(openssl3_enable) -eq 1 ]; then \ export OPENSSL_ROOT_DIR=$(openssl_install_dir); \ export LD_LIBRARY_PATH=$(openssl_install_dir)/lib; \ fi; \ $(MAKE) wipe-release; $(MAKE) wipe; \ cd build-root; $(MAKE) distclean; cd ..; \ - if [ $(debug) = 1 ]; then $(MAKE) build; \ + if [ $(debug) -eq 1 ]; then $(MAKE) build; \ else $(MAKE) build-release; \ - fi; \ - $(MAKE) pkg-deb; + fi endef define vpp_ldp_install_cmds @@ -107,15 +93,23 @@ define vpp_ldp_install_cmds endef define vpp_ldp_pkg_deb_cmds - @true + @cd $(vpp_ldp_src_dir); \ + echo "---build deb: $(vpp_ldp_src_dir)"; \ + if [ $(openssl3_enable) -eq 1 ]; then \ + export OPENSSL_ROOT_DIR=$(openssl_install_dir); \ + export LD_LIBRARY_PATH=$(openssl_install_dir)/lib; \ + fi; \ + $(MAKE) pkg-deb; endef define vpp_ldp_pkg_deb_cp_cmds @echo "--- move deb to $(CURDIR)/deb-ldp ---" @mkdir -p deb-ldp @ls deb-ldp/ ;rm -f deb-ldp/* - @mv $(I)/openssl-deb/*.deb . - @rm $(B)/.openssl.pkg-deb.ok + @if [ $(openssl3_enable) -eq 1 ]; then \ + mv $(I)/openssl-deb/*.deb .; \ + rm $(B)/.openssl.pkg-deb.ok; \ + fi @mv $(vpp_ldp_pkg_deb_dir)/*.deb deb-ldp/. endef diff --git a/packages/vpp_vcl.mk b/packages/vpp_vcl.mk index 2b2dd64..a923d01 100644 --- a/packages/vpp_vcl.mk +++ b/packages/vpp_vcl.mk @@ -27,8 +27,8 @@ endef define vpp_vcl_patch_cmds @echo "--- vpp patching ---" @cd $(vpp_vcl_src_dir); \ - git reset --hard; git clean -f; git checkout master; \ - if [ $(_VPP_VER) != "master" ]; then \ + git reset --hard; git clean -f; git checkout $(MAIN_BRANCH); \ + if [ $(_VPP_VER) != $(MAIN_BRANCH) ]; then \ echo "--- vpp version: $(_VPP_VER) ---"; \ if [ $(_VPP_VER) = "2005" ]; then \ git checkout v20.05; \ @@ -41,14 +41,20 @@ define vpp_vcl_patch_cmds echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ done - @if [ $(openssl3_enable) = 1 ]; then \ + @if [ $(openssl3_enable) -eq 1 ]; then \ for f in $(CURDIR)/vpp_patches/other/*.patch ; do \ echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ done; \ - if [ $(_VPP_VER) = "2005" -o $(_VPP_VER) = "master" ]; then \ - echo "--- vpp master ---"; \ - for f in $(CURDIR)/vpp_patches/other/master/*.patch;do\ + if [ $(_VPP_VER) = $(MAIN_BRANCH) ]; then \ + echo "--- vpp $(MAIN_BRANCH) ---"; \ + for f in $(CURDIR)/vpp_patches/other/$(MAIN_BRANCH)/*.patch;do\ + echo Applying patch: $$(basename $$f) ; \ + patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ + done; \ + elif [ $(_VPP_VER) = "2005" ]; then \ + echo "--- vpp 20.05 ---"; \ + for f in $(CURDIR)/vpp_patches/other/2005/*.patch;do\ echo Applying patch: $$(basename $$f) ; \ patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ done; \ @@ -60,11 +66,17 @@ define vpp_vcl_patch_cmds done; \ fi; \ fi - @for f in $(CURDIR)/vpp_patches/vcl/*.patch ; do \ - echo Applying patch: $$(basename $$f) ; \ - patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ - done - + @if [ $(_VPP_VER) = $(MAIN_BRANCH) ]; then \ + for f in $(CURDIR)/vpp_patches/vcl/$(MAIN_BRANCH)/*.patch ; do \ + echo Applying patch: $$(basename $$f) ; \ + patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ + done; \ + else \ + for f in $(CURDIR)/vpp_patches/vcl/other/*.patch ; do \ + echo Applying patch: $$(basename $$f) ; \ + patch -p1 -d $(vpp_vcl_src_dir) < $$f ; \ + done; \ + fi @true endef @@ -76,16 +88,15 @@ endef define vpp_vcl_build_cmds @cd $(vpp_vcl_src_dir); \ echo "--- build : $(vpp_vcl_src_dir)"; \ - if [ $(openssl3_enable) = 1 ]; then \ + if [ $(openssl3_enable) -eq 1 ]; then \ export OPENSSL_ROOT_DIR=$(openssl_install_dir); \ export LD_LIBRARY_PATH=$(openssl_install_dir)/lib; \ fi; \ $(MAKE) wipe-release; $(MAKE) wipe; \ cd build-root; $(MAKE) distclean; cd ..; \ - if [ $(debug) = 1 ]; then $(MAKE) build;\ + if [ $(debug) -eq 1 ]; then $(MAKE) build;\ else $(MAKE) build-release; \ - fi; \ - $(MAKE) pkg-deb; + fi endef define vpp_vcl_install_cmds @@ -93,15 +104,23 @@ define vpp_vcl_install_cmds endef define vpp_vcl_pkg_deb_cmds - @true + @cd $(vpp_vcl_src_dir); \ + echo "--- build deb : $(vpp_vcl_src_dir)"; \ + if [ $(openssl3_enable) -eq 1 ]; then \ + export OPENSSL_ROOT_DIR=$(openssl_install_dir); \ + export LD_LIBRARY_PATH=$(openssl_install_dir)/lib; \ + fi; \ + $(MAKE) pkg-deb; endef define vpp_vcl_pkg_deb_cp_cmds @echo "--- move deb to $(CURDIR)/dev-vcl ---" @mkdir -p deb-vcl @rm -f deb-vcl/* - @mv $(I)/openssl-deb/*.deb . - @rm $(B)/.openssl.pkg-deb.ok + @if [ $(openssl3_enable) -eq 1 ]; then \ + mv $(I)/openssl-deb/*.deb .; \ + rm $(B)/.openssl.pkg-deb.ok; \ + fi @mv $(vpp_vcl_pkg_deb_dir)/*.deb deb-vcl/. endef diff --git a/vpp_patches/other/0001-3.0.0.patch b/vpp_patches/other/2001/0001-3.0.0.patch index 69fd197..69fd197 100644 --- a/vpp_patches/other/0001-3.0.0.patch +++ b/vpp_patches/other/2001/0001-3.0.0.patch diff --git a/vpp_patches/other/2005/0001-3.0.0.patch b/vpp_patches/other/2005/0001-3.0.0.patch new file mode 100644 index 0000000..69fd197 --- /dev/null +++ b/vpp_patches/other/2005/0001-3.0.0.patch @@ -0,0 +1,113 @@ +From ff2148e2aec6c8fb9717f655aee424d9ec59f802 Mon Sep 17 00:00:00 2001 +From: "xiaolongx.jiang" <xiaolongx.jiang@intel.com> +Date: Wed, 13 May 2020 09:42:07 +0000 +Subject: [PATCH] 3.0.0 + +Signed-off-by: xiaolongx.jiang <xiaolongx.jiang@intel.com> +--- + src/plugins/crypto_openssl/CMakeLists.txt | 26 ---------------- + src/plugins/ikev2/CMakeLists.txt | 38 ----------------------- + src/plugins/tlsopenssl/tls_openssl.c | 2 -- + 3 files changed, 66 deletions(-) + delete mode 100644 src/plugins/crypto_openssl/CMakeLists.txt + delete mode 100644 src/plugins/ikev2/CMakeLists.txt + +diff --git a/src/plugins/crypto_openssl/CMakeLists.txt b/src/plugins/crypto_openssl/CMakeLists.txt +deleted file mode 100644 +index d014144ec..000000000 +--- a/src/plugins/crypto_openssl/CMakeLists.txt ++++ /dev/null +@@ -1,26 +0,0 @@ +-# Copyright (c) 2018 Cisco and/or its affiliates. +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at: +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-if(NOT OPENSSL_FOUND) +- return() +-endif() +- +-include_directories(${OPENSSL_INCLUDE_DIR}) +- +-add_vpp_plugin(crypto_openssl +- SOURCES +- main.c +- +- LINK_LIBRARIES +- ${OPENSSL_LIBRARIES} +-) +diff --git a/src/plugins/ikev2/CMakeLists.txt b/src/plugins/ikev2/CMakeLists.txt +deleted file mode 100644 +index dac246524..000000000 +--- a/src/plugins/ikev2/CMakeLists.txt ++++ /dev/null +@@ -1,38 +0,0 @@ +-# Copyright (c) 2018 Cisco and/or its affiliates. +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at: +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-add_definitions (-DWITH_LIBSSL=1) +-include_directories(${OPENSSL_INCLUDE_DIR}) +- +-add_vpp_plugin(ikev2 +- SOURCES +- ikev2.c +- ikev2_api.c +- ikev2_cli.c +- ikev2_crypto.c +- ikev2_format.c +- ikev2_payload.c +- +- API_FILES +- ikev2.api +- +- API_TEST_SOURCES +- ikev2_test.c +- +- INSTALL_HEADERS +- ikev2.h +- ikev2_priv.h +- +- LINK_LIBRARIES +- ${OPENSSL_LIBRARIES} +-) +diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c +index 669a50348..a9799a21f 100644 +--- a/src/plugins/tlsopenssl/tls_openssl.c ++++ b/src/plugins/tlsopenssl/tls_openssl.c +@@ -564,7 +564,6 @@ openssl_ctx_init_client (tls_ctx_t * ctx) + return -1; + } + +- SSL_CTX_set_ecdh_auto (oc->ssl_ctx, 1); + SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + #ifdef HAVE_OPENSSL_ASYNC + if (om->async) +@@ -680,7 +679,6 @@ openssl_start_listen (tls_ctx_t * lctx) + } + #endif + SSL_CTX_set_options (ssl_ctx, flags); +- SSL_CTX_set_ecdh_auto (ssl_ctx, 1); + + rv = SSL_CTX_set_cipher_list (ssl_ctx, (const char *) om->ciphers); + if (rv != 1) +-- +2.17.1 + diff --git a/vpp_patches/other/2005/0001-picotls-patch.patch b/vpp_patches/other/2005/0001-picotls-patch.patch new file mode 100644 index 0000000..9811fbc --- /dev/null +++ b/vpp_patches/other/2005/0001-picotls-patch.patch @@ -0,0 +1,45 @@ +From 9f3edc2ca7eb417b46ab40beac45838ee58cc223 Mon Sep 17 00:00:00 2001 +From: "xiaolongx.jiang" <xiaolongx.jiang@intel.com> +Date: Fri, 8 May 2020 10:01:36 +0000 +Subject: [PATCH] picotls: patch + +Signed-off-by: xiaolongx.jiang <xiaolongx.jiang@intel.com> +--- + .../0001-picotls-openssl-3.0.0.patch | 25 +++++++++++++++++++ + 1 file changed, 25 insertions(+) + create mode 100644 build/external/patches/quicly_0.1.0-vpp/0001-picotls-openssl-3.0.0.patch + +diff --git a/build/external/patches/quicly_0.1.0-vpp/0001-picotls-openssl-3.0.0.patch b/build/external/patches/quicly_0.1.0-vpp/0001-picotls-openssl-3.0.0.patch +new file mode 100644 +index 000000000..d998fb852 +--- /dev/null ++++ b/build/external/patches/quicly_0.1.0-vpp/0001-picotls-openssl-3.0.0.patch +@@ -0,0 +1,25 @@ ++From e99a421de5a66bd4af275c1ff77c2a3764febdf4 Mon Sep 17 00:00:00 2001 ++From: "xiaolongx.jiang" <xiaolongx.jiang@intel.com> ++Date: Fri, 8 May 2020 08:25:12 +0000 ++Subject: [PATCH] picotls: openssl-3.0.0 ++ ++Signed-off-by: xiaolongx.jiang <xiaolongx.jiang@intel.com> ++--- ++ .../deps/picotls/CMakeLists.txt | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/deps/picotls/CMakeLists.txt b/deps/picotls/CMakeLists.txt ++index 14411e2ec..4e230c701 100644 ++--- a/deps/picotls/CMakeLists.txt +++++ b/deps/picotls/CMakeLists.txt ++@@ -95,6 +95,7 @@ ADD_EXECUTABLE(test-minicrypto.t ++ SET(TEST_EXES test-minicrypto.t) ++ ++ FIND_PACKAGE(OpenSSL) +++set(OPENSSL_VERSION 3.0.0) ++ IF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.1")) ++ MESSAGE(STATUS " Enabling OpenSSL support") ++ INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR}) ++-- ++2.17.1 ++ +-- +2.17.1 + diff --git a/vpp_patches/other/master/0001-3.0.0.patch b/vpp_patches/other/master/0001-3.0.0.patch new file mode 100644 index 0000000..89f2f66 --- /dev/null +++ b/vpp_patches/other/master/0001-3.0.0.patch @@ -0,0 +1,114 @@ +From e6aefe2a1fc3fbbf78945c07d5eb709cdf4d4241 Mon Sep 17 00:00:00 2001 +From: Xiaolong Jiang <xiaolongx.jiang@intel.com> +Date: Fri, 25 Sep 2020 18:11:08 +0800 +Subject: [PATCH] 3.0.0 + +Signed-off-by: Xiaolong Jiang <xiaolongx.jiang@intel.com> +--- + src/plugins/crypto_openssl/CMakeLists.txt | 26 --------------- + src/plugins/ikev2/CMakeLists.txt | 39 ----------------------- + src/plugins/tlsopenssl/tls_openssl.c | 2 -- + 3 files changed, 67 deletions(-) + delete mode 100644 src/plugins/crypto_openssl/CMakeLists.txt + delete mode 100644 src/plugins/ikev2/CMakeLists.txt + +diff --git a/src/plugins/crypto_openssl/CMakeLists.txt b/src/plugins/crypto_openssl/CMakeLists.txt +deleted file mode 100644 +index d014144ec..000000000 +--- a/src/plugins/crypto_openssl/CMakeLists.txt ++++ /dev/null +@@ -1,26 +0,0 @@ +-# Copyright (c) 2018 Cisco and/or its affiliates. +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at: +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-if(NOT OPENSSL_FOUND) +- return() +-endif() +- +-include_directories(${OPENSSL_INCLUDE_DIR}) +- +-add_vpp_plugin(crypto_openssl +- SOURCES +- main.c +- +- LINK_LIBRARIES +- ${OPENSSL_LIBRARIES} +-) +diff --git a/src/plugins/ikev2/CMakeLists.txt b/src/plugins/ikev2/CMakeLists.txt +deleted file mode 100644 +index 6f2e5a681..000000000 +--- a/src/plugins/ikev2/CMakeLists.txt ++++ /dev/null +@@ -1,39 +0,0 @@ +-# Copyright (c) 2018 Cisco and/or its affiliates. +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at: +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-add_definitions (-DWITH_LIBSSL=1) +-include_directories(${OPENSSL_INCLUDE_DIR}) +- +-add_vpp_plugin(ikev2 +- SOURCES +- ikev2.c +- ikev2_api.c +- ikev2_cli.c +- ikev2_crypto.c +- ikev2_format.c +- ikev2_payload.c +- +- API_FILES +- ikev2_types.api +- ikev2.api +- +- API_TEST_SOURCES +- ikev2_test.c +- +- INSTALL_HEADERS +- ikev2.h +- ikev2_priv.h +- +- LINK_LIBRARIES +- ${OPENSSL_LIBRARIES} +-) +diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c +index 669a50348..a9799a21f 100644 +--- a/src/plugins/tlsopenssl/tls_openssl.c ++++ b/src/plugins/tlsopenssl/tls_openssl.c +@@ -564,7 +564,6 @@ openssl_ctx_init_client (tls_ctx_t * ctx) + return -1; + } + +- SSL_CTX_set_ecdh_auto (oc->ssl_ctx, 1); + SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + #ifdef HAVE_OPENSSL_ASYNC + if (om->async) +@@ -680,7 +679,6 @@ openssl_start_listen (tls_ctx_t * lctx) + } + #endif + SSL_CTX_set_options (ssl_ctx, flags); +- SSL_CTX_set_ecdh_auto (ssl_ctx, 1); + + rv = SSL_CTX_set_cipher_list (ssl_ctx, (const char *) om->ciphers); + if (rv != 1) +-- +2.17.1 + diff --git a/vpp_patches/vcl/master/0001-ngxvcl-api.patch b/vpp_patches/vcl/master/0001-ngxvcl-api.patch new file mode 100644 index 0000000..6200295 --- /dev/null +++ b/vpp_patches/vcl/master/0001-ngxvcl-api.patch @@ -0,0 +1,1698 @@ +From e4d25bd08881a6805faa4d3a4716e84f48c0540c Mon Sep 17 00:00:00 2001 +From: "xiaolongx.jiang" <xiaolongx.jiang@intel.com> +Date: Mon, 21 Sep 2020 13:19:21 +0800 +Subject: [PATCH] ngxvcl api + +Signed-off-by: xiaolongx.jiang <xiaolongx.jiang@intel.com> +--- + src/vcl/CMakeLists.txt | 10 +- + src/vcl/ngxvcl.c | 1574 ++++++++++++++++++++++++++++++++++++++++ + src/vcl/ngxvcl.h | 70 ++ + 3 files changed, 1653 insertions(+), 1 deletion(-) + create mode 100644 src/vcl/ngxvcl.c + create mode 100644 src/vcl/ngxvcl.h + +diff --git a/src/vcl/CMakeLists.txt b/src/vcl/CMakeLists.txt +index e6d8f98ff..8a878f49f 100644 +--- a/src/vcl/CMakeLists.txt ++++ b/src/vcl/CMakeLists.txt +@@ -39,10 +39,18 @@ add_vpp_library(vcl_ldpreload + vppinfra svm vlibmemoryclient rt pthread vppcom dl + ) + ++add_vpp_library(ngxvcl ++ SOURCES ++ ngxvcl.c ++ ++ LINK_LIBRARIES ++ vppinfra svm vlibmemoryclient rt pthread vppcom dl ++) ++ + add_vpp_headers(vcl + ldp.h + ldp_glibc_socket.h + vppcom.h + vcl_locked.h + ldp_socket_wrapper.h +-) +\ No newline at end of file ++) +diff --git a/src/vcl/ngxvcl.c b/src/vcl/ngxvcl.c +new file mode 100644 +index 000000000..8cfa6ba8f +--- /dev/null ++++ b/src/vcl/ngxvcl.c +@@ -0,0 +1,1574 @@ ++#include <vcl/ngxvcl.h> ++#include <vcl/vcl_private.h> ++ ++#define MAX_NGX_WORKERS 100 ++#define VFD_OFFSET 0X003F3F3F ++#define NGXVCL_TLS_ON "NGXVCL_TLS_ON" ++#define NGXVCL_TLS_CERT "NGXVCL_TLS_CERT" ++#define NGXVCL_TLS_KEY "NGXVCL_TLS_KEY" ++ ++typedef unsigned char u8; ++typedef unsigned short u16; ++typedef unsigned int u32; ++ ++typedef struct ngxvcl_main_t_ ++{ ++ u32 listen_session_index; ++ u32 master_worker_index; ++ /** Not include master worker index. */ ++ u32 *workers_subscribed_by_ls; ++ clib_bitmap_t *listeners; ++ uword *worker_index_by_pid; ++ int wait_vep_only; ++ int intercepted_sigchld; ++ u8 transparent_tls; ++} ngxvcl_main_t; ++ ++static ngxvcl_main_t *nvm = NULL; ++ ++static u8 *sendfile_io_buffer = NULL; ++ ++static int epoll_fd_for_evtfd = 0; ++ ++static u8 use_mq_eventfd = 0; ++ ++static int wait_kep_next = 0; ++ ++static inline _Bool is_offset_vfd(int fd) ++{ ++ return fd >= VFD_OFFSET; ++} ++static inline int vfd_to_offset_vfd(int vfd) ++{ ++ return vfd + VFD_OFFSET; ++} ++static inline int offset_vfd_to_vfd(int offset_fd) ++{ ++ int vfd = offset_fd - VFD_OFFSET; ++ ++ return (vcl_get_worker_index () << 24) | (vfd & 0X00FFFFFF); ++} ++ ++static int copy_ep_to_sockaddr(struct sockaddr *addr, socklen_t *len, ++ vppcom_endpt_t *ep) ++{ ++ int rv = 0; ++ int sa_len, copy_len; ++ ++ if (addr && len && ep) ++ { ++ addr->sa_family = (ep->is_ip4 == VPPCOM_IS_IP4) ? AF_INET : AF_INET6; ++ ++ switch (addr->sa_family) ++ { ++ case AF_INET: ++ ((struct sockaddr_in *)addr)->sin_port = ep->port; ++ if (*len > sizeof(struct sockaddr_in)) ++ *len = sizeof(struct sockaddr_in); ++ sa_len = sizeof(struct sockaddr_in) - sizeof(struct in_addr); ++ copy_len = *len - sa_len; ++ if (copy_len > 0) ++ memcpy(&((struct sockaddr_in *)addr)->sin_addr, ep->ip, ++ copy_len); ++ break; ++ ++ case AF_INET6: ++ ((struct sockaddr_in6 *)addr)->sin6_port = ep->port; ++ if (*len > sizeof(struct sockaddr_in6)) ++ *len = sizeof(struct sockaddr_in6); ++ sa_len = sizeof(struct sockaddr_in6) - sizeof(struct in6_addr); ++ copy_len = *len - sa_len; ++ if (copy_len > 0) ++ memcpy( ++ ((struct sockaddr_in6 *)addr)->sin6_addr.__in6_u.__u6_addr8, ++ ep->ip, copy_len); ++ break; ++ ++ default: ++ /* Not possible */ ++ rv = -EAFNOSUPPORT; ++ break; ++ } ++ } ++ ++ return rv; ++} ++ ++static void listener_wrk_stop_listen(u32 wrk_index) { ++ vcl_worker_t *wrk; ++ vcl_session_t *s; ++ ++ wrk = vcl_worker_get(wrk_index); ++ s = vcl_session_get (wrk, nvm->listen_session_index); ++ if (s->session_state != VCL_STATE_LISTEN) ++ return; ++ vcl_send_session_unlisten(wrk, s); ++ s->session_state = VCL_STATE_LISTEN_NO_MQ; ++ clib_bitmap_set(nvm->listeners, wrk_index, 0); ++} ++ ++static void ++share_listen_session (vcl_worker_t * wrk) ++{ ++ vcl_session_t *s; ++ ++ s = vcl_session_get (wrk, nvm->listen_session_index); ++ s->session_state = VCL_STATE_LISTEN_NO_MQ; ++ vppcom_session_listen((vcl_get_worker_index() << 24 | nvm->listen_session_index), ~0); ++ clib_bitmap_set(nvm->listeners, vcl_get_worker_index(), 1); ++ if (clib_bitmap_get(nvm->listeners, 0) == 1) ++ listener_wrk_stop_listen (0); ++ vec_add1 (nvm->workers_subscribed_by_ls, wrk->wrk_index); ++} ++ ++static void ++worker_copy_on_fork (vcl_worker_t * parent_wrk) ++{ ++ vcl_worker_t *wrk = vcl_worker_get_current (); ++ ++ wrk->vpp_event_queues = vec_dup (parent_wrk->vpp_event_queues); ++ wrk->sessions = pool_dup (parent_wrk->sessions); ++ wrk->session_index_by_vpp_handles = ++ hash_dup (parent_wrk->session_index_by_vpp_handles); ++ ++ share_listen_session (wrk); ++} ++ ++static void ++ngxvcl_cleanup_child_worker (u32 child_wrk_index) ++{ ++ vcl_worker_t *child_wrk = vcl_worker_get(child_wrk_index); ++ vcl_session_t *s; ++ ++ /** Unshare listen session. */ ++ s = vcl_session_get (child_wrk, nvm->listen_session_index); ++ clib_bitmap_set (nvm->listeners, child_wrk_index, 0); ++ vec_del1 (nvm->workers_subscribed_by_ls, child_wrk_index); ++ vcl_session_cleanup (child_wrk, s, vcl_session_handle (s), 1); ++ ++ hash_unset (nvm->worker_index_by_pid, child_wrk->current_pid); ++ vcl_worker_cleanup (child_wrk, 1 /* notify vpp */); ++} ++ ++static struct sigaction old_sa; ++ ++static void ++ngxvcl_intercept_sigchld_handler (int signum, siginfo_t * si, void *uc) ++{ ++ vcl_worker_t *wrk; ++ u32 child_wrk_index; ++ ++ if (vcl_get_worker_index () == ~0) ++ return; ++ ++ if (sigaction (SIGCHLD, &old_sa, 0)) ++ { ++ VERR ("couldn't restore sigchld"); ++ exit (-1); ++ } ++ ++ wrk = vcl_worker_get_current (); ++ child_wrk_index = *(hash_get (nvm->worker_index_by_pid, si->si_pid)); ++ ++ if (si->si_pid != vcl_worker_get(child_wrk_index)->current_pid) ++ { ++ VDBG (0, "unexpected child pid %u", si->si_pid); ++ goto done; ++ } ++ ++ ngxvcl_cleanup_child_worker (child_wrk_index); ++ wrk->forked_child = ~0; ++ ++done: ++ if (old_sa.sa_flags & SA_SIGINFO) ++ { ++ void (*fn) (int, siginfo_t *, void *) = old_sa.sa_sigaction; ++ fn (signum, si, uc); ++ } ++ else ++ { ++ void (*fn) (int) = old_sa.sa_handler; ++ if (fn) ++ fn (signum); ++ } ++} ++ ++static void ++ngxvcl_incercept_sigchld () ++{ ++ if (!nvm->intercepted_sigchld) ++ { ++ struct sigaction sa; ++ clib_memset (&sa, 0, sizeof (sa)); ++ sa.sa_sigaction = ngxvcl_intercept_sigchld_handler; ++ sa.sa_flags = SA_SIGINFO; ++ if (sigaction (SIGCHLD, &sa, &old_sa)) ++ { ++ VERR ("couldn't intercept sigchld"); ++ exit (-1); ++ } ++ nvm->intercepted_sigchld = 1; ++ } ++} ++ ++static void ++app_pre_fork (void) ++{ ++ ngxvcl_incercept_sigchld (); ++ vcl_flush_mq_events (); ++} ++ ++static void ++app_fork_parent_handler (void) ++{ ++ vcm->forking = 1; ++ while (vcm->forking) ++ ; ++} ++ ++static void ++app_fork_child_handler (void) ++{ ++ vcl_worker_t *parent_wrk; ++ int parent_wrk_index; ++ ++ parent_wrk_index = vcl_get_worker_index (); ++ VDBG (0, "initializing forked child %u with parent wrk %u", getpid (), ++ parent_wrk_index); ++ ++ vcl_set_worker_index (~0); ++ ++ /* ++ * Register worker with vpp and share listen session ++ */ ++ if (vppcom_worker_register ()) ++ { ++ VDBG (0, "couldn't register new worker!"); ++ return; ++ } ++ ++ parent_wrk = vcl_worker_get (parent_wrk_index); ++ worker_copy_on_fork (parent_wrk); ++ hash_set(nvm->worker_index_by_pid, getpid(), vcl_get_worker_index()); ++ parent_wrk->forked_child = vcl_get_worker_index (); ++ ++ sendfile_io_buffer = NULL; ++ ++ VDBG (0, "forked child main worker initialized"); ++ vcm->forking = 0; ++} ++ ++static void ++sendfile_io_buffer_free (void) ++{ ++ vec_free (sendfile_io_buffer); ++} ++ ++void ngxvcl_wait_vep_only() ++{ ++ if (use_mq_eventfd) ++ return; ++ nvm->wait_vep_only = 1; ++} ++ ++void ngxvcl_wait_kep_and_vep() ++{ ++ if (use_mq_eventfd) ++ return; ++ nvm->wait_vep_only = 0; ++} ++ ++void ngxvcl_app_create(char *app_name) ++{ ++ int rv = vppcom_app_create(app_name); ++ ++ if (rv) ++ { ++ errno = -rv; ++ perror("ERROR when calling ngxvcl_app_create()!"); ++ fprintf(stderr, "\nERROR: ngxvcl_app_create() failed (errno = %d)!\n", -rv); ++ exit(1); ++ } ++ ++ pthread_atfork(app_pre_fork, app_fork_parent_handler, ++ app_fork_child_handler); ++ atexit(sendfile_io_buffer_free); ++ ++ nvm = clib_mem_alloc (sizeof (ngxvcl_main_t)); ++ if (!nvm) ++ { ++ clib_warning ("NgxVCL<%d>: ERROR: clib_mem_alloc() failed!", getpid ()); ++ ASSERT (nvm); ++ return; ++ } ++ clib_memset(nvm, 0, sizeof(ngxvcl_main_t)); ++ clib_bitmap_validate(nvm->listeners, MAX_NGX_WORKERS + 1); ++ clib_bitmap_set(nvm->listeners, vcl_get_worker_index(), 1); ++ hash_set(nvm->worker_index_by_pid, getpid(), vcl_get_worker_index()); ++ ++ if (getenv (NGXVCL_TLS_ON)) ++ nvm->transparent_tls = 1; ++ ++ use_mq_eventfd = vcm->cfg.use_mq_eventfd; ++} ++ ++void ngxvcl_app_destroy(void) ++{ ++ vec_free(nvm->workers_subscribed_by_ls); ++ clib_bitmap_free(nvm->listeners); ++ hash_free(nvm->worker_index_by_pid); ++ clib_mem_free(nvm); ++ vppcom_app_destroy(); ++} ++ ++static int ++ngxvcl_load_tls_cert (uint32_t sh) ++{ ++ char *env_var_str = getenv (NGXVCL_TLS_CERT); ++ char inbuf[4096]; ++ char *tls_cert; ++ int cert_size; ++ FILE *fp; ++ ++ if (env_var_str) ++ { ++ fp = fopen (env_var_str, "r"); ++ if (fp == NULL) ++ { ++ VDBG (0, "ERROR: failed to open cert file %s \n", env_var_str); ++ return -1; ++ } ++ cert_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); ++ tls_cert = inbuf; ++ vppcom_session_tls_add_cert (sh, tls_cert, ++ cert_size); ++ fclose (fp); ++ } ++ else ++ { ++ VDBG (0, "ERROR: failed to read LDP environment %s\n", ++ NGXVCL_TLS_CERT); ++ return -1; ++ } ++ return 0; ++} ++ ++static int ++ngxvcl_load_tls_key (uint32_t sh) ++{ ++ char *env_var_str = getenv (NGXVCL_TLS_KEY); ++ char inbuf[4096]; ++ char *tls_key; ++ int key_size; ++ FILE *fp; ++ ++ if (env_var_str) ++ { ++ fp = fopen (env_var_str, "r"); ++ if (fp == NULL) ++ { ++ VDBG (0, "ERROR: failed to open key file %s \n", env_var_str); ++ return -1; ++ } ++ key_size = fread (inbuf, sizeof (char), sizeof (inbuf), fp); ++ tls_key = inbuf; ++ vppcom_session_tls_add_key (sh, tls_key, ++ key_size); ++ fclose (fp); ++ } ++ else ++ { ++ VDBG (0, "ERROR: failed to read NGXVCL environment %s\n", NGXVCL_TLS_KEY); ++ return -1; ++ } ++ return 0; ++} ++ ++int ngxvcl_socket(int domain, int type, int protocol) ++{ ++ int rv, sock_type = type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK); ++ u8 is_nonblocking = type & SOCK_NONBLOCK ? 1 : 0; ++ ++ if (((domain == AF_INET) || (domain == AF_INET6)) && ++ ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) ++ { ++ u8 proto; ++ ++ if (nvm->transparent_tls) ++ proto = VPPCOM_PROTO_TLS; ++ else ++ proto = ((sock_type == SOCK_DGRAM) ? VPPCOM_PROTO_UDP : VPPCOM_PROTO_TCP); ++ ++ rv = vppcom_session_create(proto, is_nonblocking); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ else { ++ if (nvm->transparent_tls) ++ if (ngxvcl_load_tls_cert (rv) < 0 || ngxvcl_load_tls_key (rv) < 0) ++ return -1; ++ ++ rv = vfd_to_offset_vfd(rv); ++ } ++ } ++ else ++ { ++ rv = -1; ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_close(int offset_vfd) ++{ ++ int rv, epfd, vfd = offset_vfd_to_vfd(offset_vfd); ++ ++ epfd = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_LIBC_EPFD, 0, 0); ++ if (epfd > 0) { ++ rv = close(epfd); ++ if (rv < 0) { ++ u32 size = sizeof(epfd); ++ epfd = 0; ++ vppcom_session_attr(vfd, VPPCOM_ATTR_SET_LIBC_EPFD, &epfd, &size); ++ } ++ } ++ else if (epfd < 0) { ++ errno = -epfd; ++ rv = -1; ++ return rv; ++ } ++ ++ rv = vppcom_session_close(offset_vfd_to_vfd(offset_vfd)); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_close(int fd) ++{ ++ int rv; ++ ++ if (is_offset_vfd(fd)) ++ rv = ngxvcl_close(fd); ++ else ++ rv = close(fd); ++ ++ return rv; ++} ++ ++int ngxvcl_bind(int offset_vfd, const struct sockaddr *addr, socklen_t addrlen) ++{ ++ int rv; ++ vppcom_endpt_t ep; ++ ++ switch (addr->sa_family) ++ { ++ case AF_INET: ++ if (addrlen != sizeof(struct sockaddr_in)) ++ { ++ errno = EINVAL; ++ rv = -1; ++ goto done; ++ } ++ ep.is_ip4 = VPPCOM_IS_IP4; ++ ep.ip = (u8 *)&((const struct sockaddr_in *)addr)->sin_addr; ++ ep.port = (u16)((const struct sockaddr_in *)addr)->sin_port; ++ break; ++ case AF_INET6: ++ if (addrlen != sizeof(struct sockaddr_in6)) ++ { ++ errno = EINVAL; ++ rv = -1; ++ goto done; ++ } ++ ep.is_ip4 = VPPCOM_IS_IP6; ++ ep.ip = (u8 *)&((const struct sockaddr_in6 *)addr)->sin6_addr; ++ ep.port = (u16)((const struct sockaddr_in6 *)addr)->sin6_port; ++ break; ++ default: ++ errno = EAFNOSUPPORT; ++ rv = -1; ++ goto done; ++ } ++ ++ rv = vppcom_session_bind(offset_vfd_to_vfd(offset_vfd), &ep); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ goto done; ++ } ++ ++ nvm->master_worker_index = offset_vfd_to_vfd(offset_vfd) >> 24; ++ nvm->listen_session_index = offset_vfd_to_vfd(offset_vfd) & 0X00FFFFFF; ++ ++done: ++ return rv; ++} ++ ++int ngxvcl_listen(int offset_vfd, int backlog) ++{ ++ int rv; ++ ++ ASSERT((u32)(offset_vfd_to_vfd(offset_vfd) & 0X00FFFFFF) == nvm->listen_session_index); ++ ++ rv = vppcom_session_listen(offset_vfd_to_vfd(offset_vfd), backlog); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_accept4(int offset_vfd, struct sockaddr *addr, socklen_t *addrlen, ++ int flags) ++{ ++ int accepted_fd, rv; ++ vppcom_endpt_t ep; ++ u8 src_addr[sizeof(struct sockaddr_in6)]; ++ memset(&ep, 0, sizeof(ep)); ++ ep.ip = src_addr; ++ ++ accepted_fd = vppcom_session_accept(offset_vfd_to_vfd(offset_vfd), &ep, flags); ++ ++ if (accepted_fd < 0) ++ { ++ errno = -accepted_fd; ++ rv = -1; ++ } ++ else ++ { ++ rv = copy_ep_to_sockaddr(addr, addrlen, &ep); ++ ++ if (rv != VPPCOM_OK) ++ { ++ (void)vppcom_session_close(accepted_fd); ++ errno = -rv; ++ rv = -1; ++ } ++ else ++ { ++ rv = vfd_to_offset_vfd(accepted_fd); ++ } ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_accept(int offset_vfd, struct sockaddr *addr, socklen_t *addrlen) ++{ ++ return ngxvcl_accept4(offset_vfd, addr, addrlen, 0); ++} ++ ++int ngxvcl_connect(int offset_vfd, const struct sockaddr *addr, socklen_t addrlen) ++{ ++ int rv; ++ ++ if (!addr) ++ { ++ errno = EINVAL; ++ rv = -1; ++ goto done; ++ } ++ ++ vppcom_endpt_t ep; ++ ++ switch (addr->sa_family) ++ { ++ case AF_INET: ++ if (addrlen != sizeof(struct sockaddr_in)) ++ { ++ errno = EINVAL; ++ rv = -1; ++ goto done; ++ } ++ ep.is_ip4 = VPPCOM_IS_IP4; ++ ep.ip = (u8 *)&((const struct sockaddr_in *)addr)->sin_addr; ++ ep.port = (u16)((const struct sockaddr_in *)addr)->sin_port; ++ break; ++ case AF_INET6: ++ if (addrlen != sizeof(struct sockaddr_in6)) ++ { ++ errno = EINVAL; ++ rv = -1; ++ goto done; ++ } ++ ep.is_ip4 = VPPCOM_IS_IP6; ++ ep.ip = (u8 *)&((const struct sockaddr_in6 *)addr)->sin6_addr; ++ ep.port = (u16)((const struct sockaddr_in6 *)addr)->sin6_port; ++ break; ++ default: ++ errno = EAFNOSUPPORT; ++ rv = -1; ++ goto done; ++ } ++ ++ rv = vppcom_session_connect(offset_vfd_to_vfd(offset_vfd), &ep); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ ++done: ++ return rv; ++} ++ ++int ngxvcl_read(int offset_vfd, void *buf, size_t count) ++{ ++ ssize_t size; ++ ++ size = vppcom_session_read(offset_vfd_to_vfd(offset_vfd), buf, count); ++ ++ if (size < 0) ++ { ++ errno = -size; ++ size = -1; ++ } ++ ++ return size; ++} ++ ++int ngxvcl_write(int offset_vfd, const void *buf, size_t count) ++{ ++ ssize_t size = 0; ++ ++ size = vppcom_session_write_msg(offset_vfd_to_vfd(offset_vfd), (void *)buf, count); ++ ++ if (size < 0) ++ { ++ errno = -size; ++ size = -1; ++ } ++ ++ return size; ++} ++ ++int ngxvcl_epoll_create(int size) ++{ ++ int rv, vepfd; ++ ++ rv = vppcom_epoll_create(); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ return -1; ++ } ++ else ++ vepfd = rv; ++ ++ if (use_mq_eventfd) { ++ int libc_epfd; ++ u32 size = sizeof (u32); ++ struct epoll_event e = { 0 }; ++ ++ libc_epfd = epoll_create1 (EPOLL_CLOEXEC); ++ if (libc_epfd < 0) ++ return libc_epfd; ++ rv = vppcom_session_attr (vepfd, VPPCOM_ATTR_SET_LIBC_EPFD, &libc_epfd, &size); ++ if (rv < 0) ++ { ++ errno = -rv; ++ return -1; ++ } ++ e.events = EPOLLIN; ++ if (epoll_ctl (libc_epfd, EPOLL_CTL_ADD, vcl_worker_get_current ()->app_event_queue->q->consumer_evtfd, &e) < 0) ++ return -1; ++ epoll_fd_for_evtfd = libc_epfd; ++ } ++ ++ return vfd_to_offset_vfd (vepfd); ++} ++ ++int ngxvcl_kvfd_epoll_ctl(int offset_vepfd, int op, int fd, struct epoll_event *event) ++{ ++ int rv, vepfd = offset_vfd_to_vfd(offset_vepfd); ++ ++ if (is_offset_vfd(fd)) { ++ rv = vppcom_epoll_ctl(vepfd, op, offset_vfd_to_vfd(fd), ++ event); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ else { ++ int libc_epfd; ++ u32 size = sizeof (vepfd); ++ ++ libc_epfd = vppcom_session_attr (vepfd, VPPCOM_ATTR_GET_LIBC_EPFD, 0, 0); ++ if (!libc_epfd) { ++ libc_epfd = epoll_create1 (EPOLL_CLOEXEC); ++ if (libc_epfd < 0) ++ { ++ rv = libc_epfd; ++ return rv; ++ } ++ rv = vppcom_session_attr (vepfd, VPPCOM_ATTR_SET_LIBC_EPFD, &libc_epfd, &size); ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ return rv; ++ } ++ } ++ else if (libc_epfd < 0) { ++ errno = -vepfd; ++ rv = -1; ++ return rv; ++ } ++ ++ rv = epoll_ctl (libc_epfd, op, fd, event); ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_epoll_wait(int offset_vepfd, struct epoll_event *events, int maxevents, ++ int timeout) ++{ ++ int rv = 0, vepfd = offset_vfd_to_vfd (offset_vepfd); ++ ++ if (use_mq_eventfd) { ++ int i, n_evts = 0, veprv; ++ struct epoll_event temp_evts[2]; ++ ++again: ++ rv = epoll_wait (epoll_fd_for_evtfd, temp_evts, 2, timeout); ++ ++ if (PREDICT_TRUE (rv > 0)) ++ for (i = 0; i < rv; i++) { ++ if (PREDICT_FALSE (n_evts == maxevents)) ++ return n_evts; ++ if (PREDICT_TRUE (temp_evts[i].data.u32 == 0)) { ++ veprv = vppcom_epoll_wait(vepfd, events + n_evts, maxevents - n_evts, 0); ++ if (PREDICT_FALSE (veprv < 0)) { ++ errno = -veprv; ++ return -1; ++ } ++ n_evts += veprv; ++ } ++ else { ++ events[n_evts] = temp_evts[i]; ++ n_evts += 1; ++ } ++ } ++ ++ if (PREDICT_FALSE (!n_evts && rv > 0)) ++ goto again; ++ ++ return n_evts; ++ } ++ ++ if (nvm->wait_vep_only) ++ { ++ rv = vppcom_epoll_wait(vepfd, events, maxevents, timeout); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ ++ return rv; ++ } ++ else ++ { ++ double time_to_wait = (double) 0, max_time; ++ int libc_epfd; ++ clib_time_t clib_time = {}; ++ ++ if (clib_time.init_cpu_time == 0) ++ clib_time_init (&clib_time); ++ time_to_wait = ((timeout >= 0) ? (double) timeout / 1000 : 0); ++ max_time = clib_time_now (&clib_time) + time_to_wait; ++ ++ libc_epfd = vppcom_session_attr (vepfd, VPPCOM_ATTR_GET_LIBC_EPFD, 0, 0); ++ if (libc_epfd < 0) ++ { ++ errno = -libc_epfd; ++ rv = -1; ++ return rv; ++ } ++ ++ do { ++ if (nvm->wait_vep_only) { ++ int time_remained = 0; ++ if (timeout > 0) { ++ time_remained = (int)(1000 * (max_time - clib_time_now (&clib_time))); ++ } ++ else ++ time_remained = timeout; ++ rv = vppcom_epoll_wait(vepfd, events, maxevents, time_remained); ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ return rv; ++ } ++ ++ if (!wait_kep_next) ++ { ++ rv = vppcom_epoll_wait(vepfd, events, maxevents, 0); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ return rv; ++ } ++ else if (rv > 0) ++ { ++ wait_kep_next = 1; ++ return rv; ++ } ++ } ++ else ++ wait_kep_next = 0; ++ ++ if (libc_epfd > 0) { ++ rv = epoll_wait(libc_epfd, events, maxevents, 0); ++ if (rv != 0) ++ return rv; ++ } ++ } while ((timeout == -1) || (clib_time_now (&clib_time) < max_time)); ++ ++ return rv; ++ } ++} ++ ++ssize_t ngxvcl_readv(int offset_vfd, const struct iovec *iov, int iovcnt) ++{ ++ int rv = 0, i, total = 0; ++ ssize_t size = 0; ++ ++ do ++ { ++ for (i = 0; i < iovcnt; ++i) ++ { ++ rv = vppcom_session_read(offset_vfd_to_vfd(offset_vfd), iov[i].iov_base, ++ iov[i].iov_len); ++ if (rv < 0) ++ break; ++ else ++ { ++ total += rv; ++ if ((size_t)rv < iov[i].iov_len) ++ break; ++ } ++ } ++ } while ((rv >= 0) && (total == 0)); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ size = -1; ++ } ++ else ++ size = total; ++ ++ return size; ++} ++ ++ssize_t ngxvcl_writev(int offset_vfd, const struct iovec *iov, int iovcnt) ++{ ++ ssize_t size = 0, total = 0; ++ int i, rv = 0; ++ ++ do ++ { ++ for (i = 0; i < iovcnt; ++i) ++ { ++ rv = vppcom_session_write_msg(offset_vfd_to_vfd(offset_vfd), ++ iov[i].iov_base, iov[i].iov_len); ++ if (rv < 0) ++ break; ++ else ++ { ++ total += rv; ++ if ((size_t)rv < iov[i].iov_len) ++ break; ++ } ++ } ++ } while ((rv >= 0) && (total == 0)); ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ size = -1; ++ } ++ else ++ size = total; ++ ++ return size; ++} ++ ++int ngxvcl_kvfd_fcntl(int fd, int cmd, ...) ++{ ++ int rv = 0; ++ va_list ap; ++ ++ va_start(ap, cmd); ++ ++ if (is_offset_vfd(fd)) ++ { ++ int flags = va_arg(ap, int), vfd = offset_vfd_to_vfd(fd); ++ u32 size; ++ ++ size = sizeof(flags); ++ rv = -EOPNOTSUPP; ++ ++ switch (cmd) ++ { ++ case F_SETFL: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_FLAGS, &flags, &size); ++ break; ++ case F_GETFL: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_FLAGS, &flags, &size); ++ if (rv == VPPCOM_OK) ++ rv = flags; ++ break; ++ case F_SETFD: ++ /* TODO handle this */ ++ rv = 0; ++ break; ++ default: ++ rv = -EOPNOTSUPP; ++ break; ++ } ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ else ++ { ++ long int args[4]; ++ ++ for (int i = 0; i < 4; i++) ++ args[i] = va_arg(ap, long int); ++ ++ rv = fcntl(fd, cmd, args[0], args[1], args[2], args[3]); ++ } ++ ++ va_end(ap); ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_ioctl(int fd, unsigned long int cmd, ...) ++{ ++ va_list ap; ++ int rv; ++ ++ va_start(ap, cmd); ++ ++ if (is_offset_vfd(fd)) ++ { ++ int vfd = offset_vfd_to_vfd(fd); ++ ++ switch (cmd) ++ { ++ case FIONREAD: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_NREAD, 0, 0); ++ break; ++ ++ case FIONBIO: ++ { ++ u32 flags = va_arg(ap, int) ? O_NONBLOCK : 0; ++ u32 size = sizeof(flags); ++ ++ /* TBD: When VPPCOM_ATTR_[GS]ET_FLAGS supports flags other than ++ * non-blocking, the flags should be read here and merged ++ * with O_NONBLOCK. ++ */ ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_FLAGS, &flags, &size); ++ } ++ break; ++ ++ default: ++ rv = -EOPNOTSUPP; ++ break; ++ } ++ ++ if (rv < 0) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ else ++ { ++ long int args[4]; ++ ++ for (int i = 0; i < 4; i++) ++ args[i] = va_arg(ap, long int); ++ ++ rv = ioctl(fd, cmd, args[0], args[1], args[2], args[3]); ++ } ++ ++ va_end(ap); ++ ++ return rv; ++} ++ ++int ngxvcl_socketpair(int domain, int type, int protocol, int fds[2]) ++{ ++ int rv, sock_type = type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK); ++ ++ if (((domain == AF_INET) || (domain == AF_INET6)) && ++ ((sock_type == SOCK_STREAM) || (sock_type == SOCK_DGRAM))) ++ { ++ errno = ENOSYS; ++ rv = -1; ++ } ++ else ++ { ++ rv = socketpair(domain, type, protocol, fds); ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_getsockname(int fd, struct sockaddr *addr, socklen_t *len) ++{ ++ int rv; ++ ++ if (is_offset_vfd(fd)) ++ { ++ vppcom_endpt_t ep; ++ u8 addr_buf[sizeof(struct in6_addr)]; ++ u32 size = sizeof(ep); ++ ++ ep.ip = addr_buf; ++ ++ rv = vppcom_session_attr(offset_vfd_to_vfd(fd), ++ VPPCOM_ATTR_GET_LCL_ADDR, &ep, &size); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ else ++ { ++ rv = copy_ep_to_sockaddr(addr, len, &ep); ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ } ++ else ++ { ++ rv = getsockname(fd, addr, len); ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_getsockopt(int fd, int level, int optname, void *optval, ++ socklen_t *optlen) ++{ ++ int rv; ++ ++ if (is_offset_vfd(fd)) ++ { ++ int vfd = offset_vfd_to_vfd(fd); ++ ++ rv = -EOPNOTSUPP; ++ ++ switch (level) ++ { ++ case SOL_TCP: ++ switch (optname) ++ { ++ case TCP_NODELAY: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_TCP_NODELAY, ++ optval, optlen); ++ break; ++ case TCP_MAXSEG: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_TCP_USER_MSS, ++ optval, optlen); ++ break; ++ case TCP_KEEPIDLE: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_TCP_KEEPIDLE, ++ optval, optlen); ++ break; ++ case TCP_KEEPINTVL: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_TCP_KEEPINTVL, ++ optval, optlen); ++ break; ++ case TCP_INFO: ++ if (optval && optlen && (*optlen == sizeof(struct tcp_info))) ++ { ++ memset(optval, 0, *optlen); ++ rv = VPPCOM_OK; ++ } ++ else ++ rv = -EFAULT; ++ break; ++ case TCP_CONGESTION: ++ strcpy(optval, "cubic"); ++ *optlen = strlen("cubic"); ++ rv = 0; ++ break; ++ default: ++ break; ++ } ++ break; ++ case SOL_IPV6: ++ switch (optname) ++ { ++ case IPV6_V6ONLY: ++ rv = ++ vppcom_session_attr(vfd, VPPCOM_ATTR_GET_V6ONLY, ++ optval, optlen); ++ break; ++ default: ++ break; ++ } ++ break; ++ case SOL_SOCKET: ++ switch (optname) ++ { ++ case SO_ACCEPTCONN: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_LISTEN, ++ optval, optlen); ++ break; ++ case SO_KEEPALIVE: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_KEEPALIVE, ++ optval, optlen); ++ break; ++ case SO_PROTOCOL: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_PROTOCOL, ++ optval, optlen); ++ *(int *)optval = *(int *)optval ? SOCK_DGRAM : SOCK_STREAM; ++ break; ++ case SO_SNDBUF: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_TX_FIFO_LEN, ++ optval, optlen); ++ break; ++ case SO_RCVBUF: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_RX_FIFO_LEN, ++ optval, optlen); ++ break; ++ case SO_REUSEADDR: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_REUSEADDR, ++ optval, optlen); ++ break; ++ case SO_BROADCAST: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_BROADCAST, ++ optval, optlen); ++ break; ++ case SO_ERROR: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_GET_ERROR, ++ optval, optlen); ++ break; ++ default: ++ break; ++ } ++ break; ++ default: ++ break; ++ } ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ else ++ { ++ rv = getsockopt(fd, level, optname, optval, optlen); ++ } ++ ++ return rv; ++} ++ ++int ngxvcl_kvfd_setsockopt(int fd, int level, int optname, const void *optval, ++ socklen_t optlen) ++{ ++ int rv; ++ ++ if (is_offset_vfd(fd)) ++ { ++ int vfd = offset_vfd_to_vfd(fd); ++ ++ rv = -EOPNOTSUPP; ++ ++ switch (level) ++ { ++ case SOL_TCP: ++ switch (optname) ++ { ++ case TCP_NODELAY: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_TCP_NODELAY, ++ (void *)optval, &optlen); ++ break; ++ case TCP_MAXSEG: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_TCP_USER_MSS, ++ (void *)optval, &optlen); ++ break; ++ case TCP_KEEPIDLE: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_TCP_KEEPIDLE, ++ (void *)optval, &optlen); ++ break; ++ case TCP_KEEPINTVL: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_TCP_KEEPINTVL, ++ (void *)optval, &optlen); ++ break; ++ case TCP_CONGESTION: ++ case TCP_CORK: ++ /* Ignore */ ++ rv = 0; ++ break; ++ default: ++ break; ++ } ++ break; ++ case SOL_IPV6: ++ switch (optname) ++ { ++ case IPV6_V6ONLY: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_V6ONLY, ++ (void *)optval, &optlen); ++ break; ++ default: ++ break; ++ } ++ break; ++ case SOL_SOCKET: ++ switch (optname) ++ { ++ case SO_KEEPALIVE: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_KEEPALIVE, ++ (void *)optval, &optlen); ++ break; ++ case SO_REUSEADDR: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_REUSEADDR, ++ (void *)optval, &optlen); ++ break; ++ case SO_BROADCAST: ++ rv = vppcom_session_attr(vfd, VPPCOM_ATTR_SET_BROADCAST, ++ (void *)optval, &optlen); ++ break; ++ default: ++ break; ++ } ++ break; ++ default: ++ break; ++ } ++ ++ if (rv != VPPCOM_OK) ++ { ++ errno = -rv; ++ rv = -1; ++ } ++ } ++ else ++ { ++ rv = setsockopt(fd, level, optname, optval, optlen); ++ } ++ ++ return rv; ++} ++ ++ssize_t ngxvcl_send(int offset_vfd, const void *buf, size_t n, int flags) ++{ ++ ssize_t size; ++ ++ size = vppcom_session_sendto(offset_vfd_to_vfd(offset_vfd), (void *)buf, ++ n, flags, NULL); ++ ++ if (size < VPPCOM_OK) ++ { ++ errno = -size; ++ size = -1; ++ } ++ ++ return size; ++} ++ ++ssize_t ngxvcl_sendfile(int out_offset_vfd, int in_kfd, off_t *offset, size_t len) ++{ ++ ssize_t size = 0; ++ int rv, out_vfd = offset_vfd_to_vfd(out_offset_vfd); ++ ssize_t results = 0; ++ size_t n_bytes_left = len; ++ size_t bytes_to_read; ++ int nbytes; ++ u8 eagain = 0; ++ u32 flags, flags_len = sizeof(flags); ++ ++ rv = vppcom_session_attr(out_vfd, VPPCOM_ATTR_GET_FLAGS, &flags, ++ &flags_len); ++ ++ if (rv != VPPCOM_OK) ++ { ++ vec_reset_length (sendfile_io_buffer); ++ errno = -rv; ++ size = -1; ++ goto done; ++ } ++ ++ if (offset) ++ { ++ off_t off = lseek(in_kfd, *offset, SEEK_SET); ++ ++ if (off == -1) ++ { ++ size = -1; ++ goto done; ++ } ++ } ++ ++ do ++ { ++ size = vppcom_session_attr(out_vfd, VPPCOM_ATTR_GET_NWRITE, 0, 0); ++ ++ if (size < 0) ++ { ++ vec_reset_length (sendfile_io_buffer); ++ errno = -size; ++ size = -1; ++ goto done; ++ } ++ ++ bytes_to_read = size; ++ ++ if (bytes_to_read == 0) ++ { ++ if (flags & O_NONBLOCK) ++ { ++ if (!results) ++ eagain = 1; ++ goto update_offset; ++ } ++ else ++ continue; ++ } ++ ++ bytes_to_read = clib_min (n_bytes_left, bytes_to_read); ++ vec_validate (sendfile_io_buffer, bytes_to_read); ++ nbytes = read (in_kfd, sendfile_io_buffer, bytes_to_read); ++ ++ if (nbytes < 0) ++ { ++ if (results == 0) ++ { ++ vec_reset_length (sendfile_io_buffer); ++ size = -1; ++ goto done; ++ } ++ goto update_offset; ++ } ++ ++ size = vppcom_session_write(out_vfd, sendfile_io_buffer, nbytes); ++ ++ if (size < 0) ++ { ++ if (size == VPPCOM_EAGAIN) ++ { ++ if (flags & O_NONBLOCK) ++ { ++ if (!results) ++ eagain = 1; ++ goto update_offset; ++ } ++ else ++ continue; ++ } ++ if (results == 0) ++ { ++ vec_reset_length (sendfile_io_buffer); ++ errno = -size; ++ size = -1; ++ goto done; ++ } ++ goto update_offset; ++ } ++ ++ results += nbytes; ++ n_bytes_left = n_bytes_left - nbytes; ++ } while (n_bytes_left > 0); ++ ++update_offset: ++ vec_reset_length (sendfile_io_buffer); ++ if (offset) ++ { ++ off_t off = lseek(in_kfd, *offset, SEEK_SET); ++ ++ if (off == -1) ++ { ++ size = -1; ++ goto done; ++ } ++ ++ *offset += results + 1; ++ } ++ if (eagain) ++ { ++ errno = EAGAIN; ++ size = -1; ++ } ++ else ++ size = results; ++ ++done: ++ return size; ++} ++ ++ssize_t ngxvcl_recv(int offset_vfd, void *buf, size_t n, int flags) ++{ ++ ssize_t size; ++ ++ size = vppcom_session_recvfrom(offset_vfd_to_vfd(offset_vfd), buf, n, flags, NULL); ++ ++ if (size < 0) ++ errno = -size; ++ ++ return size; ++} ++ ++ssize_t ngxvcl_sendto(int offset_vfd, const void *buf, size_t n, int flags, ++ const struct sockaddr *addr, socklen_t addr_len) ++{ ++ ssize_t size; ++ ++ vppcom_endpt_t *ep = 0; ++ vppcom_endpt_t _ep; ++ ++ if (addr) ++ { ++ ep = &_ep; ++ switch (addr->sa_family) ++ { ++ case AF_INET: ++ ep->is_ip4 = VPPCOM_IS_IP4; ++ ep->ip = (uint8_t *)&((const struct sockaddr_in *)addr)->sin_addr; ++ ep->port = (uint16_t)((const struct sockaddr_in *)addr)->sin_port; ++ break; ++ case AF_INET6: ++ ep->is_ip4 = VPPCOM_IS_IP6; ++ ep->ip = (uint8_t *)&((const struct sockaddr_in6 *)addr)->sin6_addr; ++ ep->port = (uint16_t)((const struct sockaddr_in6 *)addr)->sin6_port; ++ break; ++ default: ++ errno = EAFNOSUPPORT; ++ size = -1; ++ goto done; ++ } ++ } ++ ++ size = vppcom_session_sendto(offset_vfd_to_vfd(offset_vfd), (void *)buf, n, flags, ep); ++ ++ if (size < 0) ++ { ++ errno = -size; ++ size = -1; ++ } ++ ++done: ++ return size; ++} ++ ++ssize_t ngxvcl_recvfrom(int offset_vfd, void *buf, size_t n, int flags, ++ struct sockaddr *addr, socklen_t *addr_len) ++{ ++ int vfd = offset_vfd_to_vfd(offset_vfd); ++ ssize_t size, rv; ++ ++ vppcom_endpt_t ep; ++ u8 src_addr[sizeof(struct sockaddr_in6)]; ++ ++ if (addr) ++ { ++ ep.ip = src_addr; ++ size = vppcom_session_recvfrom(vfd, buf, n, flags, &ep); ++ ++ if (size > 0) ++ { ++ rv = copy_ep_to_sockaddr(addr, addr_len, &ep); ++ ++ if (rv < 0) ++ size = rv; ++ } ++ } ++ else ++ size = vppcom_session_recvfrom(vfd, buf, n, flags, NULL); ++ ++ if (size < 0) ++ { ++ errno = -size; ++ size = -1; ++ } ++ ++ return size; ++} ++ ++ssize_t ngxvcl_sendmsg(int offset_vfd, const struct msghdr *message, int flags) ++{ ++ ssize_t size; ++ ++ errno = ENOSYS; ++ size = -1; ++ ++ return size; ++} ++ ++ssize_t ngxvcl_recvmsg(int offset_vfd, struct msghdr *message, int flags) ++{ ++ ssize_t size; ++ ++ errno = ENOSYS; ++ size = -1; ++ ++ return size; ++} ++ ++int ngxvcl_shutdown(int offset_vfd, int how) ++{ ++ int rv = 0, flags, vfd = offset_vfd_to_vfd(offset_vfd); ++ u32 flags_len = sizeof(flags); ++ ++ if (vppcom_session_attr(vfd, VPPCOM_ATTR_SET_SHUT, &how, &flags_len)) ++ { ++ vppcom_session_close(vfd); ++ return -1; ++ } ++ ++ if (vppcom_session_attr(vfd, VPPCOM_ATTR_GET_SHUT, &flags, &flags_len)) ++ { ++ vppcom_session_close(vfd); ++ return -1; ++ } ++ ++ if (flags == SHUT_RDWR) ++ rv = vppcom_session_close(vfd); ++ ++ return rv; ++} +diff --git a/src/vcl/ngxvcl.h b/src/vcl/ngxvcl.h +new file mode 100644 +index 000000000..60b5116a8 +--- /dev/null ++++ b/src/vcl/ngxvcl.h +@@ -0,0 +1,70 @@ ++#ifndef _NGXVCL_H_ ++#define _NGXVCL_H_ ++ ++#define _GNU_SOURCE ++#include <arpa/inet.h> ++#include <fcntl.h> ++#include <netinet/tcp.h> ++#include <stdarg.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <sys/errno.h> ++#include <sys/ioctl.h> ++#include <sys/sendfile.h> ++#include <sys/socket.h> ++#include <sys/uio.h> ++#include <unistd.h> ++#include <vcl/vppcom.h> ++ ++void ngxvcl_wait_vep_only(); ++void ngxvcl_wait_kep_and_vep(); ++ ++void ngxvcl_app_create(char *app_name); ++void ngxvcl_app_destroy(void); ++ ++int ngxvcl_socket(int domain, int type, int protocol); ++int ngxvcl_close(int offset_vfd); ++int ngxvcl_kvfd_close(int fd); ++int ngxvcl_bind(int offset_vfd, const struct sockaddr *addr, socklen_t addrlen); ++int ngxvcl_listen(int offset_vfd, int backlog); ++ ++int ngxvcl_accept4(int offset_vfd, struct sockaddr *addr, socklen_t *addrlen, ++ int flags); ++int ngxvcl_accept(int offset_vfd, struct sockaddr *addr, socklen_t *addrlen); ++ ++int ngxvcl_connect(int offset_vfd, const struct sockaddr *addr, socklen_t addrlen); ++int ngxvcl_read(int offset_vfd, void *buf, size_t count); ++int ngxvcl_write(int offset_vfd, const void *buf, size_t count); ++ ++int ngxvcl_epoll_create(int size); ++int ngxvcl_kvfd_epoll_ctl(int offset_vepfd, int op, int fd, struct epoll_event *event); ++int ngxvcl_kvfd_epoll_wait(int offset_vepfd, struct epoll_event *events, int maxevents, ++ int timeout); ++ ++ssize_t ngxvcl_readv(int offset_vfd, const struct iovec *iov, int iovcnt); ++ssize_t ngxvcl_writev(int offset_vfd, const struct iovec *iov, int iovcnt); ++ ++int ngxvcl_kvfd_fcntl(int fd, int cmd, ...); ++int ngxvcl_kvfd_ioctl(int fd, unsigned long int cmd, ...); ++ ++int ngxvcl_socketpair(int domain, int type, int protocol, int fds[2]); ++int ngxvcl_kvfd_getsockname(int fd, struct sockaddr *addr, socklen_t *len); ++int ngxvcl_kvfd_getsockopt(int fd, int level, int optname, void *optval, ++ socklen_t *optlen); ++int ngxvcl_kvfd_setsockopt(int fd, int level, int optname, const void *optval, ++ socklen_t optlen); ++ ++ssize_t ngxvcl_send(int fd, const void *buf, size_t n, int flags); ++ssize_t ngxvcl_sendfile(int out_offset_vfd, int in_kfd, off_t *offset, size_t len); ++ssize_t ngxvcl_recv(int offset_vfd, void *buf, size_t n, int flags); ++ssize_t ngxvcl_sendto(int offset_vfd, const void *buf, size_t n, int flags, ++ const struct sockaddr *addr, socklen_t addr_len); ++ssize_t ngxvcl_recvfrom(int offset_vfd, void *buf, size_t n, int flags, ++ struct sockaddr *addr, socklen_t *addr_len); ++ssize_t ngxvcl_sendmsg(int offset_vfd, const struct msghdr *message, int flags); ++ssize_t ngxvcl_recvmsg(int offset_vfd, struct msghdr *message, int flags); ++ ++int ngxvcl_shutdown(int offset_vfd, int how); ++ ++#endif +-- +2.17.1 + diff --git a/vpp_patches/vcl/0001-ngxvcl-api.patch b/vpp_patches/vcl/other/0001-ngxvcl-api.patch index f294b36..f294b36 100644 --- a/vpp_patches/vcl/0001-ngxvcl-api.patch +++ b/vpp_patches/vcl/other/0001-ngxvcl-api.patch |