tls: avoid app session preallocation
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
This commit is contained in:
Florin Coras
committed by
Dave Barach
Dave Barach
parent
40c95f50ba
commit
e565902654
@ -263,8 +263,6 @@ openssl_check_async_status (tls_ctx_t * ctx, openssl_resume_handler * handler,
|
||||
static void
|
||||
openssl_handle_handshake_failure (tls_ctx_t * ctx)
|
||||
{
|
||||
session_t *app_session;
|
||||
|
||||
/* Failed to renegotiate handshake */
|
||||
if (ctx->flags & TLS_CONN_F_HS_DONE)
|
||||
{
|
||||
@ -275,18 +273,8 @@ openssl_handle_handshake_failure (tls_ctx_t * ctx)
|
||||
|
||||
if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
|
||||
{
|
||||
/*
|
||||
* Cleanup pre-allocated app session and close transport
|
||||
*/
|
||||
app_session =
|
||||
session_get_if_valid (ctx->c_s_index, ctx->c_thread_index);
|
||||
if (app_session)
|
||||
{
|
||||
session_free (app_session);
|
||||
ctx->c_s_index = SESSION_INVALID_INDEX;
|
||||
tls_disconnect_transport (ctx);
|
||||
}
|
||||
ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
|
||||
tls_disconnect_transport (ctx);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -179,7 +179,6 @@ picotls_stop_listen (tls_ctx_t * lctx)
|
||||
static void
|
||||
picotls_handle_handshake_failure (tls_ctx_t * ctx)
|
||||
{
|
||||
session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
|
||||
ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
|
||||
ctx->c_s_index = SESSION_INVALID_INDEX;
|
||||
tls_disconnect_transport (ctx);
|
||||
|
||||
@ -205,12 +205,13 @@ tls_notify_app_accept (tls_ctx_t * ctx)
|
||||
lctx = tls_listener_ctx_get (ctx->listener_ctx_index);
|
||||
app_listener = listen_session_get_from_handle (lctx->app_session_handle);
|
||||
|
||||
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
|
||||
app_session->app_wrk_index = ctx->parent_app_wrk_index;
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
app_session = session_alloc (ctx->c_thread_index);
|
||||
app_session->session_state = SESSION_STATE_ACCEPTING;
|
||||
app_session->session_type = app_listener->session_type;
|
||||
app_session->listener_handle = listen_session_get_handle (app_listener);
|
||||
app_session->session_state = SESSION_STATE_ACCEPTING;
|
||||
app_session->app_wrk_index = ctx->parent_app_wrk_index;
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
|
||||
if ((rv = app_worker_init_accepted (app_session)))
|
||||
{
|
||||
@ -235,43 +236,36 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
|
||||
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
|
||||
if (!app_wrk)
|
||||
{
|
||||
if (ctx->tls_type == TRANSPORT_PROTO_TLS)
|
||||
session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
|
||||
ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (err)
|
||||
{
|
||||
/* Free app session pre-allocated when transport was established */
|
||||
if (ctx->tls_type == TRANSPORT_PROTO_TLS)
|
||||
session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
|
||||
ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
|
||||
goto send_reply;
|
||||
}
|
||||
|
||||
/* For DTLS the app session is not preallocated because the underlying udp
|
||||
* session might migrate to a different worker during the handshake */
|
||||
if (ctx->tls_type == TRANSPORT_PROTO_DTLS)
|
||||
{
|
||||
session_type_t st;
|
||||
/* Cleanup half-open session as we don't get notification from udp */
|
||||
session_half_open_delete_notify (&ctx->connection);
|
||||
app_session = session_alloc (ctx->c_thread_index);
|
||||
app_session->session_state = SESSION_STATE_CREATED;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
st =
|
||||
session_type_from_proto_and_ip (TRANSPORT_PROTO_DTLS, ctx->tcp_is_ip4);
|
||||
app_session->session_type = st;
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
|
||||
if (ctx->tls_type == TRANSPORT_PROTO_DTLS)
|
||||
{
|
||||
/* Cleanup half-open session as we don't get notification from udp */
|
||||
session_half_open_delete_notify (&ctx->connection);
|
||||
app_session->session_type =
|
||||
session_type_from_proto_and_ip (TRANSPORT_PROTO_DTLS, ctx->tcp_is_ip4);
|
||||
}
|
||||
else
|
||||
{
|
||||
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
|
||||
app_session->session_type =
|
||||
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
|
||||
}
|
||||
|
||||
app_session->app_wrk_index = ctx->parent_app_wrk_index;
|
||||
app_session->opaque = ctx->parent_app_api_context;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
|
||||
if ((err = app_worker_init_connected (app_wrk, app_session)))
|
||||
{
|
||||
@ -494,7 +488,7 @@ tls_session_disconnect_callback (session_t * tls_session)
|
||||
int
|
||||
tls_session_accept_callback (session_t * tls_session)
|
||||
{
|
||||
session_t *tls_listener, *app_session;
|
||||
session_t *tls_listener;
|
||||
tls_ctx_t *lctx, *ctx;
|
||||
u32 ctx_handle;
|
||||
|
||||
@ -514,23 +508,12 @@ tls_session_accept_callback (session_t * tls_session)
|
||||
ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
|
||||
ctx->ckpair_index = lctx->ckpair_index;
|
||||
|
||||
/* Preallocate app session. Avoids allocating a session post handshake
|
||||
* on tls_session rx and potentially invalidating the session pool */
|
||||
app_session = session_alloc (ctx->c_thread_index);
|
||||
app_session->session_state = SESSION_STATE_CREATED;
|
||||
app_session->session_type =
|
||||
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
app_session->app_wrk_index = APP_INVALID_INDEX;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
|
||||
TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
|
||||
tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
|
||||
|
||||
if (tls_ctx_init_server (ctx))
|
||||
{
|
||||
/* Do not free ctx yet, in case we have pending rx events */
|
||||
session_free (app_session);
|
||||
ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
|
||||
tls_disconnect_transport (ctx);
|
||||
}
|
||||
@ -577,9 +560,7 @@ int
|
||||
tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
|
||||
session_t *tls_session, session_error_t err)
|
||||
{
|
||||
session_t *app_session;
|
||||
tls_ctx_t *ho_ctx, *ctx;
|
||||
session_type_t st;
|
||||
u32 ctx_handle;
|
||||
|
||||
ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
|
||||
@ -603,15 +584,6 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
|
||||
tls_session->opaque = ctx_handle;
|
||||
tls_session->session_state = SESSION_STATE_READY;
|
||||
|
||||
/* Preallocate app session. Avoids allocating a session post handshake
|
||||
* on tls_session rx and potentially invalidating the session pool */
|
||||
app_session = session_alloc (ctx->c_thread_index);
|
||||
app_session->session_state = SESSION_STATE_CREATED;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
st = session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
|
||||
app_session->session_type = st;
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
|
||||
if (tls_ctx_init_client (ctx))
|
||||
{
|
||||
tls_notify_app_connected (ctx, SESSION_E_TLS_HANDSHAKE);
|
||||
|
||||
Reference in New Issue
Block a user