OpenSDN source code
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
ovsdb_client_ssl.cc
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Juniper Networks, Inc. All rights reserved.
3  */
4 
5 #include <boost/bind.hpp>
6 #include <base/logging.h>
7 
8 #include <oper/agent_sandesh.h>
9 #include <ovsdb_types.h>
10 #include <ovsdb_client_ssl.h>
11 #include <ovsdb_client_connection_state.h>
12 
13 #include <ovs_tor_agent/tor_agent_param.h>
14 
15 using OVSDB::OvsdbClientSession;
16 using OVSDB::OvsdbClientSsl;
17 using OVSDB::OvsdbClientSslSession;
18 using OVSDB::OvsdbClientTcpSessionReader;
19 using OVSDB::ConnectionStateTable;
20 
21 OvsdbClientSsl::OvsdbClientSsl(Agent *agent, IpAddress tor_ip, int tor_port,
22  IpAddress tsn_ip, int keepalive_interval,
23  int ha_stale_route_interval,
24  const std::string &ssl_cert,
25  const std::string &ssl_privkey,
26  const std::string &ssl_cacert,
27  OvsPeerManager *manager) :
28  SslServer(agent->event_manager(), boost::asio::ssl::context::tlsv1_server),
29  OvsdbClient(manager, keepalive_interval, ha_stale_route_interval),
30  agent_(agent), ssl_server_port_(tor_port), tsn_ip_(tsn_ip.to_v4()),
31  shutdown_(false) {
32  // Get SSL context from base class and update
33  boost::asio::ssl::context *ctx = context();
34  boost::system::error_code ec;
35 
36  // Verify peer to have a valid certificate
37  ctx->set_verify_mode((boost::asio::ssl::verify_peer |
38  boost::asio::ssl::verify_fail_if_no_peer_cert), ec);
39  assert(ec.value() == 0);
40 
41  ctx->use_certificate_chain_file(ssl_cert, ec);
42  if (ec.value() != 0) {
43  LOG(ERROR, "Error : " << ec.message() << ", while using cert file : "
44  << ssl_cert);
45  exit(EINVAL);
46  }
47 
48  ctx->use_private_key_file(ssl_privkey, boost::asio::ssl::context::pem, ec);
49  if (ec.value() != 0) {
50  LOG(ERROR, "Error : " << ec.message() << ", while using privkey file : "
51  << ssl_privkey);
52  exit(EINVAL);
53  }
54 
55  ctx->load_verify_file(ssl_cacert, ec);
56  if (ec.value() != 0) {
57  LOG(ERROR, "Error : " << ec.message() << ", while using cacert file : "
58  << ssl_cacert);
59  exit(EINVAL);
60  }
61 }
62 
63 OvsdbClientSsl::~OvsdbClientSsl() {
64 }
65 
66 void OvsdbClientSsl::RegisterClients() {
67  RegisterConnectionTable(agent_);
68  Initialize(ssl_server_port_);
69 }
70 
71 SslSession *OvsdbClientSsl::AllocSession(SslSocket *socket) {
72  SslSession *session = new OvsdbClientSslSession(agent_, peer_manager_,
73  this, socket);
74  session->set_observer(boost::bind(&OvsdbClientSsl::OnSessionEvent,
75  this, _1, _2));
76  return session;
77 }
78 
79 void OvsdbClientSsl::OnSessionEvent(TcpSession *session,
80  TcpSession::Event event) {
81  OvsdbClientSslSession *ssl = static_cast<OvsdbClientSslSession *>(session);
82  ssl->EnqueueEvent(event);
83 }
84 
85 const std::string OvsdbClientSsl::protocol() {
86  return "PSSL";
87 }
88 
89 const std::string OvsdbClientSsl::server() {
90  return LocalEndpoint().address().to_string();
91 }
92 
93 uint16_t OvsdbClientSsl::port() {
94  return LocalEndpoint().port();
95 }
96 
97 Ip4Address OvsdbClientSsl::tsn_ip() {
98  return tsn_ip_;
99 }
100 
101 void OvsdbClientSsl::shutdown() {
102  if (shutdown_)
103  return;
104  shutdown_ = true;
105  OvsdbClientSslSession *ssl =
106  static_cast<OvsdbClientSslSession *>(NextSession(NULL));
107  while (ssl != NULL) {
108  if (!ssl->IsClosed()) {
109  ssl->TriggerClose();
110  }
111  ssl = static_cast<OvsdbClientSslSession *>(NextSession(ssl));
112  }
113 }
114 
115 OvsdbClientSession *OvsdbClientSsl::FindSession(Ip4Address ip, uint16_t port) {
116  SessionKey key(ip, port);
117  SessionMap::iterator it;
118  if (port != 0) {
119  it = session_map_.find(key);
120  } else {
121  it = session_map_.upper_bound(key);
122  }
123  if (it != session_map_.end() && it->first.first == ip) {
124  return it->second;
125  }
126  return NULL;
127 }
128 
129 OvsdbClientSession *OvsdbClientSsl::NextSession(OvsdbClientSession *session) {
130  SessionMap::iterator it;
131  if (session == NULL) {
132  it = session_map_.begin();
133  } else {
134  OvsdbClientSslSession *ssl =
135  static_cast<OvsdbClientSslSession *>(session);
136  SessionKey key(ssl->remote_endpoint().address().to_v4(),
137  ssl->remote_endpoint().port());
138  it = session_map_.upper_bound(key);
139  }
140  if (it != session_map_.end()) {
141  return it->second;
142  }
143  return NULL;
144 }
145 
146 void OvsdbClientSsl::AddSessionInfo(SandeshOvsdbClient &client) {
147  SandeshOvsdbClientSession session;
148  std::vector<SandeshOvsdbClientSession> session_list;
149  OvsdbClientSslSession *ssl = static_cast<OvsdbClientSslSession *>(NextSession(NULL));
150  while (ssl != NULL) {
151  ssl->AddSessionInfo(session);
152  session_list.push_back(session);
153  ssl = static_cast<OvsdbClientSslSession *>(NextSession(ssl));
154  }
155  client.set_sessions(session_list);
156 }
157 
158 // AcceptSession callback from SSLserver, to accept a session
159 bool OvsdbClientSsl::AcceptSession(TcpSession *session) {
160  if (shutdown_) {
161  // don't accept session while shutting down
162  return false;
163  }
164  return true;
165 }
166 
167 OvsdbClientSslSession::OvsdbClientSslSession(Agent *agent,
168  OvsPeerManager *manager, OvsdbClientSsl *server, SslSocket *sock,
169  bool async_ready) : OvsdbClientSession(agent, manager),
170  SslSession(server, sock, async_ready), status_("Init") {
171 
172  reader_ = new OvsdbClientTcpSessionReader(this,
173  boost::bind(&OvsdbClientSslSession::RecvMsg, this, _1, _2));
174 
175  // Process session events in KSync workqueue task context,
176  session_event_queue_ = new WorkQueue<OvsdbSessionEvent>(
177  agent->task_scheduler()->GetTaskId("Agent::KSync"), 0,
178  boost::bind(&OvsdbClientSslSession::ProcessSessionEvent, this, _1));
179  session_event_queue_->set_name("OVSDB ssl session event queue");
180 }
181 
182 OvsdbClientSslSession::~OvsdbClientSslSession() {
183  delete reader_;
184  session_event_queue_->Shutdown();
185  delete session_event_queue_;
186 }
187 
188 void OvsdbClientSslSession::OnRead(Buffer buffer) {
189  reader_->OnRead(buffer);
190 }
191 
192 void OvsdbClientSslSession::SendMsg(u_int8_t *buf, std::size_t len) {
193  OVSDB_PKT_TRACE(Trace, "Sending: " + std::string((char *)buf, len));
194  Send(buf, len, NULL);
195 }
196 
197 bool OvsdbClientSslSession::RecvMsg(const u_int8_t *buf, std::size_t len) {
198  OVSDB_PKT_TRACE(Trace, "Received: " + std::string((const char*)buf, len));
199  MessageProcess(buf, len);
200  return true;
201 }
202 
203 int OvsdbClientSslSession::keepalive_interval() {
204  OvsdbClientSsl *ovs_server = static_cast<OvsdbClientSsl *>(server());
205  return ovs_server->keepalive_interval();
206 }
207 
208 const boost::system::error_code &
209 OvsdbClientSslSession::ovsdb_close_reason() const {
210  return close_reason();
211 }
212 
213 ConnectionStateTable *OvsdbClientSslSession::connection_table() {
214  OvsdbClientSsl *ovs_server = static_cast<OvsdbClientSsl *>(server());
215  return ovs_server->connection_table();
216 }
217 
218 KSyncObjectManager *OvsdbClientSslSession::ksync_obj_manager() {
219  OvsdbClientSsl *ovs_server = static_cast<OvsdbClientSsl *>(server());
220  return ovs_server->ksync_obj_manager();
221 }
222 
223 Ip4Address OvsdbClientSslSession::tsn_ip() {
224  OvsdbClientSsl *ovs_server = static_cast<OvsdbClientSsl *>(server());
225  return ovs_server->tsn_ip();
226 }
227 
228 void OvsdbClientSslSession::OnCleanup() {
229  OvsdbClientSsl *ovs_server = static_cast<OvsdbClientSsl *>(server());
230  ovs_server->DeleteSession(this);
231 }
232 
233 void OvsdbClientSslSession::TriggerClose() {
234  // Close the session and return
235  Close();
236 
237  // SSL session will not notify event for self closed session
238  // generate explicit event
239  EnqueueEvent(TcpSession::CLOSE);
240 }
241 
242 Ip4Address OvsdbClientSslSession::remote_ip() const {
243  return remote_endpoint().address().to_v4();
244 }
245 
246 uint16_t OvsdbClientSslSession::remote_port() const {
247  return remote_endpoint().port();
248 }
249 
250 bool OvsdbClientSslSession::ProcessSessionEvent(OvsdbSessionEvent ovs_event) {
251  boost::system::error_code ec;
252  switch (ovs_event.event) {
253  case TcpSession::CLOSE:
254  {
255  OvsdbClientSsl *ovs_server =
256  static_cast<OvsdbClientSsl *>(server());
257  boost::asio::ip::tcp::endpoint ep = remote_endpoint();
258  OvsdbClientSsl::SessionKey key(ep.address().to_v4(), ep.port());
259  ovs_server->session_map_.erase(key);
260 
261  OnClose();
262  }
263  break;
264  case TcpSession::ACCEPT:
265  {
266  OvsdbClientSsl *ovs_server =
267  static_cast<OvsdbClientSsl *>(server());
268  boost::asio::ip::tcp::endpoint ep = remote_endpoint();
269  OvsdbClientSsl::SessionKey key(ep.address().to_v4(), ep.port());
270  std::pair<OvsdbClientSsl::SessionMap::iterator, bool> ret =
271  ovs_server->session_map_.insert
272  (std::pair<OvsdbClientSsl::SessionKey,
273  OvsdbClientSslSession *>(key, this));
274  // assert if entry already exists
275  assert(ret.second == true);
276  }
277  set_status("Established");
278  OnEstablish();
279  break;
280  default:
281  assert(false);
282  break;
283  }
284  return true;
285 }
286 
287 void OvsdbClientSslSession::EnqueueEvent(TcpSession::Event event) {
288  OvsdbSessionEvent ovs_event;
289  ovs_event.event = event;
290  session_event_queue_->Enqueue(ovs_event);
291 }
292 
TcpSession::Close
void Close()
Definition: tcp_session.cc:354
tor_agent_param.h
TcpSession::Buffer
boost::asio::const_buffer Buffer
Definition: tcp_session.h:64
TcpServer::DeleteSession
virtual void DeleteSession(TcpSession *session)
Definition: tcp_server.cc:197
OVSDB::OvsdbClientSslSession::SendMsg
void SendMsg(u_int8_t *buf, std::size_t len)
Definition: ovsdb_client_ssl.cc:192
WorkQueue::Shutdown
void Shutdown(bool delete_entries=true)
Definition: queue_task.h:152
OVSDB::OvsdbClientSsl::OvsdbClientSslSession
friend class OvsdbClientSslSession
Definition: ovsdb_client_ssl.h:114
ovsdb_client_connection_state.h
OVSDB::OvsdbClientSslSession::ksync_obj_manager
KSyncObjectManager * ksync_obj_manager()
Definition: ovsdb_client_ssl.cc:218
IpAddress
boost::asio::ip::address IpAddress
Definition: address.h:13
OVSDB::OvsdbClientSsl::FindSession
OvsdbClientSession * FindSession(Ip4Address ip, uint16_t port)
Definition: ovsdb_client_ssl.cc:115
SslServer::context
boost::asio::ssl::context * context()
Definition: ssl_server.cc:41
OVSDB::OvsdbClient::RegisterConnectionTable
void RegisterConnectionTable(Agent *agent)
Definition: ovsdb_client.cc:36
TcpSession::close_reason
const boost::system::error_code & close_reason() const
Definition: tcp_session.h:145
OVSDB::OvsdbClientSslSession::OvsdbClientSslSession
OvsdbClientSslSession(Agent *agent, OvsPeerManager *manager, OvsdbClientSsl *server, SslSocket *sock, bool async_ready=true)
Definition: ovsdb_client_ssl.cc:167
OVSDB::OvsdbClientSsl::SessionKey
std::pair< Ip4Address, uint16_t > SessionKey
Definition: ovsdb_client_ssl.h:88
TcpSession::Send
virtual bool Send(const uint8_t *data, size_t size, size_t *sent)
Definition: tcp_session.cc:428
SslSession::SslSocket
boost::asio::ssl::stream< boost::asio::ip::tcp::socket > SslSocket
Definition: ssl_session.h:18
OVSDB::OvsdbClientSsl::server
const std::string server()
Definition: ovsdb_client_ssl.cc:89
OVSDB::OvsdbClientSslSession::remote_ip
virtual Ip4Address remote_ip() const
Definition: ovsdb_client_ssl.cc:242
TaskScheduler::GetTaskId
int GetTaskId(const std::string &name)
Definition: task.cc:856
TcpServer::LocalEndpoint
Endpoint LocalEndpoint() const
Definition: tcp_server.cc:306
OVSDB::OvsdbClientSsl::NextSession
OvsdbClientSession * NextSession(OvsdbClientSession *session)
Definition: ovsdb_client_ssl.cc:129
OVSDB::OvsdbClientSsl::protocol
const std::string protocol()
Definition: ovsdb_client_ssl.cc:85
TcpSession::set_observer
void set_observer(EventObserver observer)
Definition: tcp_session.cc:218
OVSDB::OvsdbClientSslSession::OnRead
virtual void OnRead(Buffer buffer)
Definition: ovsdb_client_ssl.cc:188
OVSDB::OvsdbClientSsl::AddSessionInfo
void AddSessionInfo(SandeshOvsdbClient &client)
Definition: ovsdb_client_ssl.cc:146
Agent::task_scheduler
TaskScheduler * task_scheduler() const
Definition: agent.h:1120
OVSDB_PKT_TRACE
#define OVSDB_PKT_TRACE(obj,...)
Definition: ovsdb_client_idl.h:28
TcpMessageReader::OnRead
virtual void OnRead(Buffer buffer)
Definition: tcp_session.cc:671
OVSDB::OvsdbClientSslSession::set_status
void set_status(std::string status)
Definition: ovsdb_client_ssl.h:50
Agent
Definition: agent.h:358
OVSDB::OvsdbClientSsl::AcceptSession
bool AcceptSession(TcpSession *session)
Definition: ovsdb_client_ssl.cc:159
OVSDB::OvsdbClientSslSession::connection_table
ConnectionStateTable * connection_table()
Definition: ovsdb_client_ssl.cc:213
SslServer::SslSocket
boost::asio::ssl::stream< boost::asio::ip::tcp::socket > SslSocket
Definition: ssl_server.h:16
OVSDB::OvsdbClient::keepalive_interval
int keepalive_interval() const
Definition: ovsdb_client.cc:48
OVSDB::OvsdbClientSession::AddSessionInfo
void AddSessionInfo(SandeshOvsdbClientSession &session)
Definition: ovsdb_client_session.cc:144
Trace
Definition: trace.h:220
OVSDB::OvsdbClientSslSession::ovsdb_close_reason
const boost::system::error_code & ovsdb_close_reason() const
Definition: ovsdb_client_ssl.cc:209
ovsdb_client_ssl.h
OVSDB::OvsdbClientSslSession::reader_
OvsdbClientTcpSessionReader * reader_
Definition: ovsdb_client_ssl.h:81
agent_sandesh.h
Ip4Address
boost::asio::ip::address_v4 Ip4Address
Definition: address.h:14
TcpSession::IsClosed
bool IsClosed() const
Definition: tcp_session.h:125
OVSDB::OvsdbClientSslSession::ProcessSessionEvent
bool ProcessSessionEvent(OvsdbSessionEvent event)
Definition: ovsdb_client_ssl.cc:250
OVSDB::OvsdbClientSslSession::session_event_queue_
WorkQueue< OvsdbSessionEvent > * session_event_queue_
Definition: ovsdb_client_ssl.h:82
OVSDB::OvsdbClientSsl::AllocSession
virtual SslSession * AllocSession(SslSocket *socket)
Definition: ovsdb_client_ssl.cc:71
OVSDB::OvsdbClient::connection_table
ConnectionStateTable * connection_table()
Definition: ovsdb_client.cc:40
TcpSession::server
TcpServer * server()
Definition: tcp_session.h:88
TcpSession::remote_endpoint
Endpoint remote_endpoint() const
Definition: tcp_session.h:135
OVSDB::OvsdbClientSsl::OnSessionEvent
void OnSessionEvent(TcpSession *session, TcpSession::Event event)
Definition: ovsdb_client_ssl.cc:79
OVSDB::OvsdbClientSession::MessageProcess
void MessageProcess(const u_int8_t *buf, std::size_t len)
Definition: ovsdb_client_session.cc:43
LOG
#define LOG(_Level, _Msg)
Definition: logging.h:33
TcpServer::Initialize
virtual bool Initialize(unsigned short port)
Definition: tcp_server.cc:59
OVSDB::OvsdbClientSslSession::remote_port
virtual uint16_t remote_port() const
Definition: ovsdb_client_ssl.cc:246
OVSDB::OvsdbClient::peer_manager_
OvsPeerManager * peer_manager_
Definition: ovsdb_client.h:64
OVSDB::OvsdbClient::ksync_obj_manager
KSyncObjectManager * ksync_obj_manager()
Definition: ovsdb_client.cc:44
WorkQueue::Enqueue
bool Enqueue(QueueEntryT entry)
Definition: queue_task.h:248
OVSDB::OvsdbClientSslSession::RecvMsg
bool RecvMsg(const u_int8_t *buf, std::size_t len)
Definition: ovsdb_client_ssl.cc:197
OVSDB::OvsdbClientSslSession::EnqueueEvent
void EnqueueEvent(TcpSession::Event event)
Definition: ovsdb_client_ssl.cc:287
WorkQueue::set_name
void set_name(const std::string &name)
Definition: queue_task.h:307