Compare commits
15 Commits
v24.02-rc2
...
v23.10
| Author | SHA1 | Date | |
|---|---|---|---|
|
7c4027fa5e | ||
|
|
fe95c23795 | ||
|
|
015a6f7f17 | ||
|
|
471dc6b1e3 | ||
|
|
1ec3a70f66 | ||
|
|
9003233377 | ||
|
|
3c06859f9f | ||
|
|
4ba523740f | ||
|
|
05919da49d | ||
|
|
b53daca83f | ||
|
|
15d0c7a3fb | ||
|
|
f9af6b32ef | ||
|
|
ee2e502736 | ||
|
|
e7295fd974 | ||
|
|
14df6fc1ea |
@ -2,3 +2,4 @@
|
||||
host=gerrit.fd.io
|
||||
port=29418
|
||||
project=vpp
|
||||
defaultbranch=stable/2310
|
||||
|
||||
@ -6,6 +6,7 @@ Release notes
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
||||
v23.10
|
||||
v23.06
|
||||
v23.02
|
||||
v22.10.1
|
||||
|
||||
629
docs/aboutvpp/releasenotes/v23.10.rst
Normal file
629
docs/aboutvpp/releasenotes/v23.10.rst
Normal file
File diff suppressed because it is too large
Load Diff
@ -163,7 +163,7 @@ openssl_lctx_get (u32 lctx_index)
|
||||
return -1;
|
||||
|
||||
static int
|
||||
openssl_read_from_ssl_into_fifo (svm_fifo_t * f, SSL * ssl)
|
||||
openssl_read_from_ssl_into_fifo (svm_fifo_t *f, SSL *ssl, u32 max_len)
|
||||
{
|
||||
int read, rv, n_fs, i;
|
||||
const int n_segs = 2;
|
||||
@ -174,6 +174,7 @@ openssl_read_from_ssl_into_fifo (svm_fifo_t * f, SSL * ssl)
|
||||
if (!max_enq)
|
||||
return 0;
|
||||
|
||||
max_enq = clib_min (max_len, max_enq);
|
||||
n_fs = svm_fifo_provision_chunks (f, fs, n_segs, max_enq);
|
||||
if (n_fs < 0)
|
||||
return 0;
|
||||
@ -533,9 +534,10 @@ static inline int
|
||||
openssl_ctx_read_tls (tls_ctx_t *ctx, session_t *tls_session)
|
||||
{
|
||||
openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
|
||||
const u32 max_len = 128 << 10;
|
||||
session_t *app_session;
|
||||
int read;
|
||||
svm_fifo_t *f;
|
||||
int read;
|
||||
|
||||
if (PREDICT_FALSE (SSL_in_init (oc->ssl)))
|
||||
{
|
||||
@ -549,7 +551,7 @@ openssl_ctx_read_tls (tls_ctx_t *ctx, session_t *tls_session)
|
||||
app_session = session_get_from_handle (ctx->app_session_handle);
|
||||
f = app_session->rx_fifo;
|
||||
|
||||
read = openssl_read_from_ssl_into_fifo (f, oc->ssl);
|
||||
read = openssl_read_from_ssl_into_fifo (f, oc->ssl, max_len);
|
||||
|
||||
/* Unrecoverable protocol error. Reset connection */
|
||||
if (PREDICT_FALSE (read < 0))
|
||||
@ -558,8 +560,7 @@ openssl_ctx_read_tls (tls_ctx_t *ctx, session_t *tls_session)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* If handshake just completed, session may still be in accepting state */
|
||||
if (read && app_session->session_state >= SESSION_STATE_READY)
|
||||
if (read)
|
||||
tls_notify_app_enqueue (ctx, app_session);
|
||||
|
||||
if ((SSL_pending (oc->ssl) > 0) ||
|
||||
|
||||
@ -445,7 +445,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session)
|
||||
app_session = session_get_from_handle (ctx->app_session_handle);
|
||||
wrote = ptls_tcp_to_app_write (ptls_ctx, app_session->rx_fifo, tcp_rx_fifo);
|
||||
|
||||
if (wrote && app_session->session_state >= SESSION_STATE_READY)
|
||||
if (wrote)
|
||||
tls_notify_app_enqueue (ctx, app_session);
|
||||
|
||||
if (ptls_ctx->read_buffer_offset || svm_fifo_max_dequeue (tcp_rx_fifo))
|
||||
|
||||
@ -77,10 +77,12 @@ app_worker_flush_events_inline (app_worker_t *app_wrk, u32 thread_index,
|
||||
{
|
||||
application_t *app = application_get (app_wrk->app_index);
|
||||
svm_msg_q_t *mq = app_wrk->event_queue;
|
||||
u8 ring_index, mq_is_cong;
|
||||
session_state_t old_state;
|
||||
session_event_t *evt;
|
||||
u32 n_evts = 128, i;
|
||||
u8 ring_index, mq_is_cong;
|
||||
session_t *s;
|
||||
int rv;
|
||||
|
||||
n_evts = clib_min (n_evts, clib_fifo_elts (app_wrk->wrk_evts[thread_index]));
|
||||
|
||||
@ -111,16 +113,18 @@ app_worker_flush_events_inline (app_worker_t *app_wrk, u32 thread_index,
|
||||
{
|
||||
case SESSION_IO_EVT_RX:
|
||||
s = session_get (evt->session_index, thread_index);
|
||||
s->flags &= ~SESSION_F_RX_EVT;
|
||||
/* Application didn't confirm accept yet */
|
||||
if (PREDICT_FALSE (s->session_state == SESSION_STATE_ACCEPTING))
|
||||
if (PREDICT_FALSE (s->session_state == SESSION_STATE_ACCEPTING ||
|
||||
s->session_state == SESSION_STATE_CONNECTING))
|
||||
break;
|
||||
s->flags &= ~SESSION_F_RX_EVT;
|
||||
app->cb_fns.builtin_app_rx_callback (s);
|
||||
break;
|
||||
/* Handle sessions that might not be on current thread */
|
||||
case SESSION_IO_EVT_BUILTIN_RX:
|
||||
s = session_get_from_handle_if_valid (evt->session_handle);
|
||||
if (!s || s->session_state == SESSION_STATE_ACCEPTING)
|
||||
if (!s || s->session_state == SESSION_STATE_ACCEPTING ||
|
||||
s->session_state == SESSION_STATE_CONNECTING)
|
||||
break;
|
||||
s->flags &= ~SESSION_F_RX_EVT;
|
||||
app->cb_fns.builtin_app_rx_callback (s);
|
||||
@ -145,16 +149,56 @@ app_worker_flush_events_inline (app_worker_t *app_wrk, u32 thread_index,
|
||||
break;
|
||||
case SESSION_CTRL_EVT_ACCEPTED:
|
||||
s = session_get (evt->session_index, thread_index);
|
||||
app->cb_fns.session_accept_callback (s);
|
||||
old_state = s->session_state;
|
||||
if (app->cb_fns.session_accept_callback (s))
|
||||
{
|
||||
session_close (s);
|
||||
s->app_wrk_index = SESSION_INVALID_INDEX;
|
||||
break;
|
||||
}
|
||||
if (is_builtin)
|
||||
{
|
||||
if (s->flags & SESSION_F_RX_EVT)
|
||||
{
|
||||
s->flags &= ~SESSION_F_RX_EVT;
|
||||
app->cb_fns.builtin_app_rx_callback (s);
|
||||
}
|
||||
if (old_state >= SESSION_STATE_TRANSPORT_CLOSING)
|
||||
{
|
||||
session_set_state (s, old_state);
|
||||
app_worker_close_notify (app_wrk, s);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case SESSION_CTRL_EVT_CONNECTED:
|
||||
if (!(evt->as_u64[1] & 0xffffffff))
|
||||
s = session_get (evt->session_index, thread_index);
|
||||
{
|
||||
s = session_get (evt->session_index, thread_index);
|
||||
old_state = s->session_state;
|
||||
}
|
||||
else
|
||||
s = 0;
|
||||
app->cb_fns.session_connected_callback (app_wrk->wrk_index,
|
||||
evt->as_u64[1] >> 32, s,
|
||||
evt->as_u64[1] & 0xffffffff);
|
||||
rv = app->cb_fns.session_connected_callback (
|
||||
app_wrk->wrk_index, evt->as_u64[1] >> 32, s,
|
||||
evt->as_u64[1] & 0xffffffff);
|
||||
if (!s)
|
||||
break;
|
||||
if (rv)
|
||||
{
|
||||
session_close (s);
|
||||
s->app_wrk_index = SESSION_INVALID_INDEX;
|
||||
break;
|
||||
}
|
||||
if (s->flags & SESSION_F_RX_EVT)
|
||||
{
|
||||
s->flags &= ~SESSION_F_RX_EVT;
|
||||
app->cb_fns.builtin_app_rx_callback (s);
|
||||
}
|
||||
if (old_state >= SESSION_STATE_TRANSPORT_CLOSING)
|
||||
{
|
||||
session_set_state (s, old_state);
|
||||
app_worker_close_notify (app_wrk, s);
|
||||
}
|
||||
break;
|
||||
case SESSION_CTRL_EVT_DISCONNECTED:
|
||||
s = session_get (evt->session_index, thread_index);
|
||||
|
||||
@ -456,6 +456,7 @@ session_mq_accepted_reply_handler (session_worker_t *wrk,
|
||||
a->app_index = mp->context;
|
||||
a->handle = mp->handle;
|
||||
vnet_disconnect_session (a);
|
||||
s->app_wrk_index = SESSION_INVALID_INDEX;
|
||||
return;
|
||||
}
|
||||
|
||||
@ -1784,7 +1785,7 @@ session_event_dispatch_io (session_worker_t * wrk, vlib_node_runtime_t * node,
|
||||
break;
|
||||
case SESSION_IO_EVT_RX:
|
||||
s = session_event_get_session (wrk, e);
|
||||
if (!s)
|
||||
if (!s || s->session_state >= SESSION_STATE_TRANSPORT_CLOSED)
|
||||
break;
|
||||
transport_app_rx_evt (session_get_transport_proto (s),
|
||||
s->connection_index, s->thread_index);
|
||||
|
||||
@ -227,7 +227,12 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
|
||||
app_session->opaque = ctx->parent_app_api_context;
|
||||
|
||||
if ((err = app_worker_init_connected (app_wrk, app_session)))
|
||||
goto failed;
|
||||
{
|
||||
app_worker_connect_notify (app_wrk, 0, err, ctx->parent_app_api_context);
|
||||
ctx->no_app_session = 1;
|
||||
session_free (app_session);
|
||||
return -1;
|
||||
}
|
||||
|
||||
app_session->session_state = SESSION_STATE_READY;
|
||||
parent_app_api_ctx = ctx->parent_app_api_context;
|
||||
@ -244,9 +249,6 @@ tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err)
|
||||
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
ctx->no_app_session = 1;
|
||||
tls_disconnect (ctx->tls_ctx_handle, vlib_get_thread_index ());
|
||||
send_reply:
|
||||
return app_worker_connect_notify (app_wrk, 0, err,
|
||||
ctx->parent_app_api_context);
|
||||
@ -486,6 +488,9 @@ tls_session_accept_callback (session_t * tls_session)
|
||||
* on tls_session rx and potentially invalidating the session pool */
|
||||
app_session = session_alloc (ctx->c_thread_index);
|
||||
app_session->session_state = SESSION_STATE_CREATED;
|
||||
app_session->session_type =
|
||||
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
|
||||
app_session->connection_index = ctx->tls_ctx_handle;
|
||||
ctx->c_s_index = app_session->session_index;
|
||||
|
||||
TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
|
||||
@ -511,7 +516,7 @@ tls_app_rx_callback (session_t * tls_session)
|
||||
return 0;
|
||||
|
||||
ctx = tls_ctx_get (tls_session->opaque);
|
||||
if (PREDICT_FALSE (ctx->no_app_session))
|
||||
if (PREDICT_FALSE (ctx->no_app_session || ctx->app_closed))
|
||||
{
|
||||
TLS_DBG (1, "Local App closed");
|
||||
return 0;
|
||||
@ -938,15 +943,18 @@ tls_cleanup_ho (u32 ho_index)
|
||||
int
|
||||
tls_custom_tx_callback (void *session, transport_send_params_t * sp)
|
||||
{
|
||||
session_t *app_session = (session_t *) session;
|
||||
session_t *as = (session_t *) session;
|
||||
tls_ctx_t *ctx;
|
||||
|
||||
if (PREDICT_FALSE (app_session->session_state
|
||||
>= SESSION_STATE_TRANSPORT_CLOSED))
|
||||
return 0;
|
||||
if (PREDICT_FALSE (as->session_state >= SESSION_STATE_TRANSPORT_CLOSED ||
|
||||
as->session_state <= SESSION_STATE_ACCEPTING))
|
||||
{
|
||||
sp->flags |= TRANSPORT_SND_F_DESCHED;
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = tls_ctx_get (app_session->connection_index);
|
||||
return tls_ctx_write (ctx, app_session, sp);
|
||||
ctx = tls_ctx_get (as->connection_index);
|
||||
return tls_ctx_write (ctx, as, sp);
|
||||
}
|
||||
|
||||
u8 *
|
||||
@ -1057,6 +1065,7 @@ format_tls_half_open (u8 * s, va_list * args)
|
||||
{
|
||||
u32 ho_index = va_arg (*args, u32);
|
||||
u32 __clib_unused thread_index = va_arg (*args, u32);
|
||||
u32 __clib_unused verbose = va_arg (*args, u32);
|
||||
session_t *tcp_ho;
|
||||
tls_ctx_t *ho_ctx;
|
||||
|
||||
@ -1102,7 +1111,7 @@ tls_enable (vlib_main_t * vm, u8 is_en)
|
||||
vnet_app_attach_args_t _a, *a = &_a;
|
||||
u64 options[APP_OPTIONS_N_OPTIONS];
|
||||
tls_main_t *tm = &tls_main;
|
||||
u32 fifo_size = 128 << 12;
|
||||
u32 fifo_size = 512 << 10;
|
||||
|
||||
if (!is_en)
|
||||
{
|
||||
|
||||
@ -152,6 +152,7 @@ clib_file_get_resolved_basename (char *fmt, ...)
|
||||
if (r < 1)
|
||||
return 0;
|
||||
|
||||
buffer[r] = 0;
|
||||
p = buffer + r - 1;
|
||||
while (p > buffer && p[-1] != '/')
|
||||
p--;
|
||||
@ -159,6 +160,7 @@ clib_file_get_resolved_basename (char *fmt, ...)
|
||||
while (p[0])
|
||||
vec_add1 (s, p++[0]);
|
||||
|
||||
vec_add1 (s, 0);
|
||||
return s;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user