Break passive vconns out into separate pvconn routines and data structures.

[openvswitch] / lib / vconn-ssl.c

diff --git a/lib/vconn-ssl.c b/lib/vconn-ssl.c
index 0da4c578da8fce6a851d05bf19616a1b5b1d7e90..bac39b5e195624a7549de9beac6a8bba5442f7d1 100644 (file)
--- a/lib/vconn-ssl.c
+++ b/lib/vconn-ssl.c
@@ -31,6 +31,7 @@
  * derivatives without specific, written prior permission.
  */
 
+#include <config.h>
 #include "vconn-ssl.h"
 #include "dhparams.h"
 #include <assert.h>
@@ -51,6 +52,7 @@
 #include "ofp-print.h"
 #include "socket-util.h"
 #include "vconn.h"
+#include "vconn-provider.h"
 
 #include "vlog.h"
 #define THIS_MODULE VLM_vconn_ssl
@@ -144,6 +146,10 @@ static SSL_CTX *ctx;
 /* Required configuration. */
 static bool has_private_key, has_certificate, has_ca_cert;
 
+/* Who knows what can trigger various SSL errors, so let's throttle them down
+ * quite a bit. */
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
+
 static int ssl_init(void);
 static int do_ssl_init(void);
 static bool ssl_wants_io(int ssl_error);
@@ -221,9 +227,8 @@ new_ssl_vconn(const char *name, int fd, enum session_type type,
 
     /* Create and return the ssl_vconn. */
     sslv = xmalloc(sizeof *sslv);
-    sslv->vconn.class = &ssl_vconn_class;
-    sslv->vconn.connect_status = EAGAIN;
-    sslv->vconn.ip = sin->sin_addr.s_addr;
+    vconn_init(&sslv->vconn, &ssl_vconn_class, EAGAIN, sin->sin_addr.s_addr,
+               name);
     sslv->state = state;
     sslv->type = type;
     sslv->fd = fd;
@@ -246,7 +251,7 @@ error:
 static struct ssl_vconn *
 ssl_vconn_cast(struct vconn *vconn)
 {
-    assert(vconn->class == &ssl_vconn_class);
+    vconn_assert_class(vconn, &ssl_vconn_class);
     return CONTAINER_OF(vconn, struct ssl_vconn, vconn);
 }
 
@@ -270,7 +275,8 @@ ssl_open(const char *name, char *suffix, struct vconn **vconnp)
     host_name = strtok_r(suffix, "::", &save_ptr);
     port_string = strtok_r(NULL, "::", &save_ptr);
     if (!host_name) {
-        fatal(0, "%s: bad peer name format", name);
+        error(0, "%s: bad peer name format", name);
+        return EAFNOSUPPORT;
     }
 
     memset(&sin, 0, sizeof sin);
@@ -366,11 +372,11 @@ interpret_ssl_error(const char *function, int ret, int error,
 
     switch (error) {
     case SSL_ERROR_NONE:
-        VLOG_ERR("%s: unexpected SSL_ERROR_NONE", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
         break;
 
     case SSL_ERROR_ZERO_RETURN:
-        VLOG_ERR("%s: unexpected SSL_ERROR_ZERO_RETURN", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
         break;
 
     case SSL_ERROR_WANT_READ:
@@ -382,15 +388,16 @@ interpret_ssl_error(const char *function, int ret, int error,
         return EAGAIN;
 
     case SSL_ERROR_WANT_CONNECT:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_CONNECT", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
         break;
 
     case SSL_ERROR_WANT_ACCEPT:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
         break;
 
     case SSL_ERROR_WANT_X509_LOOKUP:
-        VLOG_ERR("%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function);
+        VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
+                    function);
         break;
 
     case SSL_ERROR_SYSCALL: {
@@ -398,14 +405,17 @@ interpret_ssl_error(const char *function, int ret, int error,
         if (queued_error == 0) {
             if (ret < 0) {
                 int status = errno;
-                VLOG_WARN("%s: system error (%s)", function, strerror(status));
+                VLOG_WARN_RL(&rl, "%s: system error (%s)",
+                             function, strerror(status));
                 return status;
             } else {
-                VLOG_WARN("%s: unexpected SSL connection close", function);
+                VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
+                             function);
                 return EPROTO;
             }
         } else {
-            VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+            VLOG_DBG_RL(&rl, "%s: %s",
+                        function, ERR_error_string(queued_error, NULL));
             break;
         }
     }
@@ -413,15 +423,17 @@ interpret_ssl_error(const char *function, int ret, int error,
     case SSL_ERROR_SSL: {
         int queued_error = ERR_get_error();
         if (queued_error != 0) {
-            VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
+            VLOG_DBG_RL(&rl, "%s: %s",
+                        function, ERR_error_string(queued_error, NULL));
         } else {
-            VLOG_ERR("%s: SSL_ERROR_SSL without queued error", function);
+            VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error",
+                        function);
         }
         break;
     }
 
     default:
-        VLOG_ERR("%s: bad SSL error code %d", function, error);
+        VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
         break;
     }
     return EIO;
@@ -448,7 +460,8 @@ again:
         struct ofp_header *oh = rx->data;
         size_t length = ntohs(oh->length);
         if (length < sizeof(struct ofp_header)) {
-            VLOG_ERR("received too-short ofp_header (%zu bytes)", length);
+            VLOG_ERR_RL(&rl, "received too-short ofp_header (%zu bytes)",
+                        length);
             return EPROTO;
         }
         want_bytes = length - rx->size;
@@ -491,7 +504,7 @@ again:
         if (error == SSL_ERROR_ZERO_RETURN) {
             /* Connection closed (EOF). */
             if (rx->size) {
-                VLOG_WARN("SSL_read: unexpected connection close");
+                VLOG_WARN_RL(&rl, "SSL_read: unexpected connection close");
                 return EPROTO;
             } else {
                 return EOF;
@@ -539,7 +552,7 @@ ssl_do_tx(struct vconn *vconn)
         } else {
             int ssl_error = SSL_get_error(sslv->ssl, ret);
             if (ssl_error == SSL_ERROR_ZERO_RETURN) {
-                VLOG_WARN("SSL_write: connection closed");
+                VLOG_WARN_RL(&rl, "SSL_write: connection closed");
                 return EPIPE;
             } else {
                 return interpret_ssl_error("SSL_write", ret, ssl_error,
@@ -650,24 +663,26 @@ struct vconn_class ssl_vconn_class = {
 \f
 /* Passive SSL. */
 
-struct pssl_vconn
+struct pssl_pvconn
 {
-    struct vconn vconn;
+    struct pvconn pvconn;
     int fd;
 };
 
-static struct pssl_vconn *
-pssl_vconn_cast(struct vconn *vconn)
+struct pvconn_class pssl_pvconn_class;
+
+static struct pssl_pvconn *
+pssl_pvconn_cast(struct pvconn *pvconn)
 {
-    assert(vconn->class == &pssl_vconn_class);
-    return CONTAINER_OF(vconn, struct pssl_vconn, vconn);
+    pvconn_assert_class(pvconn, &pssl_pvconn_class);
+    return CONTAINER_OF(pvconn, struct pssl_pvconn, pvconn);
 }
 
 static int
-pssl_open(const char *name, char *suffix, struct vconn **vconnp)
+pssl_open(const char *name, char *suffix, struct pvconn **pvconnp)
 {
     struct sockaddr_in sin;
-    struct pssl_vconn *pssl;
+    struct pssl_pvconn *pssl;
     int retval;
     int fd;
     unsigned int yes = 1;
@@ -718,25 +733,24 @@ pssl_open(const char *name, char *suffix, struct vconn **vconnp)
     }
 
     pssl = xmalloc(sizeof *pssl);
-    pssl->vconn.class = &pssl_vconn_class;
-    pssl->vconn.connect_status = 0;
+    pvconn_init(&pssl->pvconn, &pssl_pvconn_class, name);
     pssl->fd = fd;
-    *vconnp = &pssl->vconn;
+    *pvconnp = &pssl->pvconn;
     return 0;
 }
 
 static void
-pssl_close(struct vconn *vconn)
+pssl_close(struct pvconn *pvconn)
 {
-    struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
+    struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn);
     close(pssl->fd);
     free(pssl);
 }
 
 static int
-pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
+pssl_accept(struct pvconn *pvconn, struct vconn **new_vconnp)
 {
-    struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
+    struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn);
     struct sockaddr_in sin;
     socklen_t sin_len = sizeof sin;
     char name[128];
@@ -747,7 +761,7 @@ pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
     if (new_fd < 0) {
         int error = errno;
         if (error != EAGAIN) {
-            VLOG_DBG("accept: %s", strerror(error));
+            VLOG_DBG_RL(&rl, "accept: %s", strerror(error));
         }
         return error;
     }
@@ -767,19 +781,18 @@ pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
 }
 
 static void
-pssl_wait(struct vconn *vconn, enum vconn_wait_type wait)
+pssl_wait(struct pvconn *pvconn)
 {
-    struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
-    assert(wait == WAIT_ACCEPT);
+    struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn);
     poll_fd_wait(pssl->fd, POLLIN);
 }
 
-struct vconn_class pssl_vconn_class = {
-    .name = "pssl",
-    .open = pssl_open,
-    .close = pssl_close,
-    .accept = pssl_accept,
-    .wait = pssl_wait,
+struct pvconn_class pssl_pvconn_class = {
+    "pssl",
+    pssl_open,
+    pssl_close,
+    pssl_accept,
+    pssl_wait,
 };
 \f
 /*
@@ -863,7 +876,8 @@ tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength)
             return dh->dh;
         }
     }
-    VLOG_ERR("no Diffie-Hellman parameters for key length %d", keylength);
+    VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
+                keylength);
     return NULL;
 }