#include <vnet/session/session.h>
#include <vlib/unix/plugin.h>
#include <vpp/app/version.h>
-#include <openssl/pem.h>
#include <vppinfra/lock.h>
#include <quic/quic.h>
+#include <quic/certs.h>
+#include <quic/error.h>
+#include <quic/quic_crypto.h>
#include <quicly/defaults.h>
-#include <picotls/openssl.h>
-#include <picotls/pembase64.h>
-#include <quic/quic_crypto.h>
static quic_main_t quic_main;
static void quic_update_timer (quic_ctx_t * ctx);
-static u8 *
-quic_format_err (u8 * s, va_list * args)
-{
- u64 code = va_arg (*args, u64);
- switch (code)
- {
- case 0:
- s = format (s, "no error");
- break;
- /* app errors */
- case QUIC_ERROR_FULL_FIFO:
- s = format (s, "full fifo");
- break;
- case QUIC_APP_ERROR_CLOSE_NOTIFY:
- s = format (s, "QUIC_APP_ERROR_CLOSE_NOTIFY");
- break;
- case QUIC_APP_ALLOCATION_ERROR:
- s = format (s, "QUIC_APP_ALLOCATION_ERROR");
- break;
- case QUIC_APP_ACCEPT_NOTIFY_ERROR:
- s = format (s, "QUIC_APP_ACCEPT_NOTIFY_ERROR");
- break;
- case QUIC_APP_CONNECT_NOTIFY_ERROR:
- s = format (s, "QUIC_APP_CONNECT_NOTIFY_ERROR");
- break;
- /* quicly errors */
- case QUICLY_ERROR_PACKET_IGNORED:
- s = format (s, "QUICLY_ERROR_PACKET_IGNORED");
- break;
- case QUICLY_ERROR_SENDBUF_FULL:
- s = format (s, "QUICLY_ERROR_SENDBUF_FULL");
- break;
- case QUICLY_ERROR_FREE_CONNECTION:
- s = format (s, "QUICLY_ERROR_FREE_CONNECTION");
- break;
- case QUICLY_ERROR_RECEIVED_STATELESS_RESET:
- s = format (s, "QUICLY_ERROR_RECEIVED_STATELESS_RESET");
- break;
- case QUICLY_TRANSPORT_ERROR_NONE:
- s = format (s, "QUICLY_TRANSPORT_ERROR_NONE");
- break;
- case QUICLY_TRANSPORT_ERROR_INTERNAL:
- s = format (s, "QUICLY_TRANSPORT_ERROR_INTERNAL");
- break;
- case QUICLY_TRANSPORT_ERROR_SERVER_BUSY:
- s = format (s, "QUICLY_TRANSPORT_ERROR_SERVER_BUSY");
- break;
- case QUICLY_TRANSPORT_ERROR_FLOW_CONTROL:
- s = format (s, "QUICLY_TRANSPORT_ERROR_FLOW_CONTROL");
- break;
- case QUICLY_TRANSPORT_ERROR_STREAM_ID:
- s = format (s, "QUICLY_TRANSPORT_ERROR_STREAM_ID");
- break;
- case QUICLY_TRANSPORT_ERROR_STREAM_STATE:
- s = format (s, "QUICLY_TRANSPORT_ERROR_STREAM_STATE");
- break;
- case QUICLY_TRANSPORT_ERROR_FINAL_OFFSET:
- s = format (s, "QUICLY_TRANSPORT_ERROR_FINAL_OFFSET");
- break;
- case QUICLY_TRANSPORT_ERROR_FRAME_ENCODING:
- s = format (s, "QUICLY_TRANSPORT_ERROR_FRAME_ENCODING");
- break;
- case QUICLY_TRANSPORT_ERROR_TRANSPORT_PARAMETER:
- s = format (s, "QUICLY_TRANSPORT_ERROR_TRANSPORT_PARAMETER");
- break;
- case QUICLY_TRANSPORT_ERROR_VERSION_NEGOTIATION:
- s = format (s, "QUICLY_TRANSPORT_ERROR_VERSION_NEGOTIATION");
- break;
- case QUICLY_TRANSPORT_ERROR_PROTOCOL_VIOLATION:
- s = format (s, "QUICLY_TRANSPORT_ERROR_PROTOCOL_VIOLATION");
- break;
- case QUICLY_TRANSPORT_ERROR_INVALID_MIGRATION:
- s = format (s, "QUICLY_TRANSPORT_ERROR_INVALID_MIGRATION");
- break;
- /* picotls errors */
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_CLOSE_NOTIFY):
- s =
- format (s, "PTLS_ALERT_CLOSE_NOTIFY");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_UNEXPECTED_MESSAGE):
- s =
- format (s, "PTLS_ALERT_UNEXPECTED_MESSAGE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_BAD_RECORD_MAC):
- s =
- format (s, "PTLS_ALERT_BAD_RECORD_MAC");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_HANDSHAKE_FAILURE):
- s =
- format (s, "PTLS_ALERT_HANDSHAKE_FAILURE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_BAD_CERTIFICATE):
- s =
- format (s, "PTLS_ALERT_BAD_CERTIFICATE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_CERTIFICATE_REVOKED):
- s =
- format (s, "PTLS_ALERT_CERTIFICATE_REVOKED");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_CERTIFICATE_EXPIRED):
- s =
- format (s, "PTLS_ALERT_CERTIFICATE_EXPIRED");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_CERTIFICATE_UNKNOWN):
- s =
- format (s, "PTLS_ALERT_CERTIFICATE_UNKNOWN");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_ILLEGAL_PARAMETER):
- s =
- format (s, "PTLS_ALERT_ILLEGAL_PARAMETER");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_UNKNOWN_CA):
- s =
- format (s, "PTLS_ALERT_UNKNOWN_CA");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_DECODE_ERROR):
- s =
- format (s, "PTLS_ALERT_DECODE_ERROR");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_DECRYPT_ERROR):
- s =
- format (s, "PTLS_ALERT_DECRYPT_ERROR");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_PROTOCOL_VERSION):
- s =
- format (s, "PTLS_ALERT_PROTOCOL_VERSION");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_INTERNAL_ERROR):
- s =
- format (s, "PTLS_ALERT_INTERNAL_ERROR");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_USER_CANCELED):
- s =
- format (s, "PTLS_ALERT_USER_CANCELED");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_MISSING_EXTENSION):
- s =
- format (s, "PTLS_ALERT_MISSING_EXTENSION");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_UNRECOGNIZED_NAME):
- s =
- format (s, "PTLS_ALERT_UNRECOGNIZED_NAME");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_CERTIFICATE_REQUIRED):
- s =
- format (s, "PTLS_ALERT_CERTIFICATE_REQUIRED");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ALERT_NO_APPLICATION_PROTOCOL):
- s =
- format (s, "PTLS_ALERT_NO_APPLICATION_PROTOCOL");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_NO_MEMORY):
- s =
- format (s, "PTLS_ERROR_NO_MEMORY");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_IN_PROGRESS):
- s =
- format (s, "PTLS_ERROR_IN_PROGRESS");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_LIBRARY):
- s =
- format (s, "PTLS_ERROR_LIBRARY");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCOMPATIBLE_KEY):
- s =
- format (s, "PTLS_ERROR_INCOMPATIBLE_KEY");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_SESSION_NOT_FOUND):
- s =
- format (s, "PTLS_ERROR_SESSION_NOT_FOUND");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_STATELESS_RETRY):
- s =
- format (s, "PTLS_ERROR_STATELESS_RETRY");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_NOT_AVAILABLE):
- s =
- format (s, "PTLS_ERROR_NOT_AVAILABLE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_COMPRESSION_FAILURE):
- s =
- format (s, "PTLS_ERROR_COMPRESSION_FAILURE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_INCORRECT_ENCODING):
- s =
- format (s, "PTLS_ERROR_BER_INCORRECT_ENCODING");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_MALFORMED_TYPE):
- s =
- format (s, "PTLS_ERROR_BER_MALFORMED_TYPE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_MALFORMED_LENGTH):
- s =
- format (s, "PTLS_ERROR_BER_MALFORMED_LENGTH");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_EXCESSIVE_LENGTH):
- s =
- format (s, "PTLS_ERROR_BER_EXCESSIVE_LENGTH");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_ELEMENT_TOO_SHORT):
- s =
- format (s, "PTLS_ERROR_BER_ELEMENT_TOO_SHORT");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_BER_UNEXPECTED_EOC):
- s =
- format (s, "PTLS_ERROR_BER_UNEXPECTED_EOC");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_DER_INDEFINITE_LENGTH):
- s =
- format (s, "PTLS_ERROR_DER_INDEFINITE_LENGTH");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_ASN1_SYNTAX):
- s =
- format (s, "PTLS_ERROR_INCORRECT_ASN1_SYNTAX");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_PEM_KEY_VERSION):
- s =
- format (s, "PTLS_ERROR_INCORRECT_PEM_KEY_VERSION");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_PEM_ECDSA_KEY_VERSION):
- s =
- format (s, "PTLS_ERROR_INCORRECT_PEM_ECDSA_KEY_VERSION");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_PEM_ECDSA_CURVE):
- s =
- format (s, "PTLS_ERROR_INCORRECT_PEM_ECDSA_CURVE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_PEM_ECDSA_KEYSIZE):
- s =
- format (s, "PTLS_ERROR_INCORRECT_PEM_ECDSA_KEYSIZE");
- break;
- case QUICLY_TRANSPORT_ERROR_TLS_ALERT_BASE + PTLS_ERROR_TO_ALERT (PTLS_ERROR_INCORRECT_ASN1_ECDSA_KEY_SYNTAX):
- s =
- format (s, "PTLS_ERROR_INCORRECT_ASN1_ECDSA_KEY_SYNTAX");
- break;
- default:
- s = format (s, "unknown error 0x%lx", code);
- break;
- }
- return s;
-}
-
static u32
quic_ctx_alloc (u32 thread_index)
{
memset (ctx, 0, sizeof (quic_ctx_t));
ctx->c_thread_index = thread_index;
- QUIC_DBG (1, "Allocated quic_ctx %u on thread %u",
+ QUIC_DBG (3, "Allocated quic_ctx %u on thread %u",
ctx - qm->ctx_pool[thread_index], thread_index);
return ctx - qm->ctx_pool[thread_index];
}
return clib_min (max_enqueue / packet_size, QUIC_SEND_PACKET_VEC_SIZE);
}
+static quicly_context_t *
+quic_get_quicly_ctx_from_ctx (quic_ctx_t * ctx)
+{
+ app_worker_t *app_wrk;
+ application_t *app;
+ app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
+ if (!app_wrk)
+ return 0;
+ app = application_get (app_wrk->app_index);
+ return (quicly_context_t *) app->quicly_ctx;
+}
+
+static quicly_context_t *
+quic_get_quicly_ctx_from_udp (u64 udp_session_handle)
+{
+ session_t *udp_session;
+ application_t *app;
+ udp_session = session_get_from_handle (udp_session_handle);
+ app = application_get (udp_session->opaque);
+ return (quicly_context_t *) app->quicly_ctx;
+}
static void
quic_ack_rx_data (session_t * stream_session)
quic_ctx_get (stream_session->connection_index,
stream_session->thread_index);
ASSERT (quic_ctx_is_stream (sctx));
- stream = sctx->c_quic_ctx_id.stream;
+ stream = sctx->stream;
stream_data = (quic_stream_data_t *) stream->data;
f = stream_session->rx_fifo;
}
static void
-quic_connection_closed (u32 ctx_index, u32 thread_index, u8 notify_transport)
+quic_connection_delete (quic_ctx_t * ctx)
{
- QUIC_DBG (2, "QUIC connection closed");
tw_timer_wheel_1t_3w_1024sl_ov_t *tw;
clib_bihash_kv_16_8_t kv;
quicly_conn_t *conn;
- quic_ctx_t *ctx;
- ctx = quic_ctx_get (ctx_index, thread_index);
+ QUIC_DBG (2, "Deleting connection %u", ctx->c_c_index);
+
ASSERT (!quic_ctx_is_stream (ctx));
- /* TODO if connection is not established, just delete the session? */
/* Stop the timer */
if (ctx->timer_handle != QUIC_TIMER_HANDLE_INVALID)
{
- tw = &quic_main.wrk_ctx[thread_index].timer_wheel;
+ tw = &quic_main.wrk_ctx[ctx->c_thread_index].timer_wheel;
tw_timer_stop_1t_3w_1024sl_ov (tw, ctx->timer_handle);
}
/* Delete the connection from the connection map */
- conn = ctx->c_quic_ctx_id.conn;
+ conn = ctx->conn;
quic_make_connection_key (&kv, quicly_get_master_id (conn));
- QUIC_DBG (2, "Deleting conn with id %lu %lu", kv.key[0], kv.key[1]);
+ QUIC_DBG (2, "Deleting conn with id %lu %lu from map", kv.key[0],
+ kv.key[1]);
clib_bihash_add_del_16_8 (&quic_main.connection_hash, &kv, 0 /* is_add */ );
quic_disconnect_transport (ctx);
- if (notify_transport)
- session_transport_closing_notify (&ctx->connection);
- else
- session_transport_delete_notify (&ctx->connection);
- /* Do not try to send anything anymore */
- quicly_free (ctx->c_quic_ctx_id.conn);
- ctx->c_quic_ctx_id.conn = NULL;
+
+ if (ctx->conn)
+ quicly_free (ctx->conn);
+ ctx->conn = NULL;
+
+ session_transport_delete_notify (&ctx->connection);
quic_ctx_free (ctx);
}
+/**
+ * Called when quicly return an error
+ * This function interacts tightly with quic_proto_on_close
+ */
+static void
+quic_connection_closed (quic_ctx_t * ctx)
+{
+ QUIC_DBG (2, "QUIC connection %u/%u closed", ctx->c_thread_index,
+ ctx->c_c_index);
+
+ /* TODO if connection is not established, just delete the session? */
+ /* Actually should send connect or accept error */
+
+ switch (ctx->conn_state)
+ {
+ case QUIC_CONN_STATE_READY:
+ /* Error on an opened connection (timeout...)
+ This puts the session in closing state, we should receive a notification
+ when the app has closed its session */
+ session_transport_reset_notify (&ctx->connection);
+ /* This ensures we delete the connection when the app confirms the close */
+ ctx->conn_state = QUIC_CONN_STATE_PASSIVE_CLOSING_QUIC_CLOSED;
+ break;
+ case QUIC_CONN_STATE_PASSIVE_CLOSING:
+ ctx->conn_state = QUIC_CONN_STATE_PASSIVE_CLOSING_QUIC_CLOSED;
+ /* quic_proto_on_close will eventually be called when the app confirms the close
+ , we delete the connection at that point */
+ break;
+ case QUIC_CONN_STATE_PASSIVE_CLOSING_APP_CLOSED:
+ /* App already confirmed close, we can delete the connection */
+ session_transport_delete_notify (&ctx->connection);
+ quic_connection_delete (ctx);
+ break;
+ case QUIC_CONN_STATE_PASSIVE_CLOSING_QUIC_CLOSED:
+ QUIC_DBG (0, "BUG");
+ break;
+ case QUIC_CONN_STATE_ACTIVE_CLOSING:
+ session_transport_delete_notify (&ctx->connection);
+ quic_connection_delete (ctx);
+ break;
+ default:
+ QUIC_DBG (0, "BUG");
+ break;
+ }
+}
+
static int
quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
{
session_t *udp_session;
quicly_conn_t *conn;
size_t num_packets, i, max_packets;
+ quicly_packet_allocator_t *pa;
quicly_context_t *quicly_context;
- app_worker_t *app_wrk;
- application_t *app;
int err = 0;
/* We have sctx, get qctx */
if (quic_ctx_is_stream (ctx))
- ctx =
- quic_ctx_get (ctx->c_quic_ctx_id.quic_connection_ctx_id,
- ctx->c_thread_index);
+ ctx = quic_ctx_get (ctx->quic_connection_ctx_id, ctx->c_thread_index);
ASSERT (!quic_ctx_is_stream (ctx));
if (!udp_session)
goto quicly_error;
- conn = ctx->c_quic_ctx_id.conn;
+ conn = ctx->conn;
if (!conn)
return 0;
if (quic_sendable_packet_count (udp_session) < 2)
goto stop_sending;
- app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
- if (!app_wrk)
+ quicly_context = quic_get_quicly_ctx_from_ctx (ctx);
+ if (!quicly_context)
{
clib_warning ("Tried to send packets on non existing app worker %u",
ctx->parent_app_wrk_id);
- quic_connection_closed (ctx->c_c_index, ctx->c_thread_index,
- 1 /* notify_transport */ );
+ quic_connection_delete (ctx);
return 1;
}
- app = application_get (app_wrk->app_index);
-
- quicly_context = (quicly_context_t *) app->quicly_ctx;
+ pa = quicly_context->packet_allocator;
do
{
max_packets = quic_sendable_packet_count (udp_session);
if ((err = quic_send_datagram (udp_session, packets[i])))
goto quicly_error;
- quicly_context->packet_allocator->
- free_packet (quicly_context->packet_allocator, packets[i]);
+ pa->free_packet (pa, packets[i]);
}
}
while (num_packets > 0 && num_packets == max_packets);
if (err && err != QUICLY_ERROR_PACKET_IGNORED
&& err != QUICLY_ERROR_FREE_CONNECTION)
clib_warning ("Quic error '%U'.", quic_format_err, err);
- quic_connection_closed (ctx->c_c_index, ctx->c_thread_index,
- 1 /* notify_transport */ );
+ quic_connection_closed (ctx);
return 1;
}
sctx = quic_ctx_get (sctx_id, qctx->c_thread_index);
sctx->parent_app_wrk_id = qctx->parent_app_wrk_id;
sctx->parent_app_id = qctx->parent_app_id;
- sctx->c_quic_ctx_id.quic_connection_ctx_id = qctx->c_c_index;
+ sctx->quic_connection_ctx_id = qctx->c_c_index;
sctx->c_c_index = sctx_id;
sctx->c_s_index = stream_session->session_index;
- sctx->c_quic_ctx_id.stream = stream;
+ sctx->stream = stream;
sctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
sctx->flags |= QUIC_F_IS_STREAM;
stream_session->app_wrk_index = sctx->parent_app_wrk_id;
stream_session->connection_index = sctx->c_c_index;
stream_session->session_type =
- session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC,
- qctx->c_quic_ctx_id.udp_is_ip4);
+ session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC, qctx->udp_is_ip4);
quic_session = session_get (qctx->c_s_index, qctx->c_thread_index);
stream_session->listener_handle = listen_session_get_handle (quic_session);
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL |
SVM_FIFO_WANT_DEQ_NOTIF_IF_EMPTY);
- rv = app_worker_accept_notify (app_wrk, stream_session);
- if (rv)
+ if ((rv = app_worker_accept_notify (app_wrk, stream_session)))
{
QUIC_DBG (1, "failed to notify accept worker app");
session_free_w_fifos (stream_session);
session_handle (quic_session), quic_format_err, code,
reason_len, reason);
#endif
- ctx->c_quic_ctx_id.conn_state = QUIC_CONN_STATE_PASSIVE_CLOSING;
+ ctx->conn_state = QUIC_CONN_STATE_PASSIVE_CLOSING;
session_transport_closing_notify (&ctx->connection);
}
session_t *quic_session;
/* This timeout is in ms which is the unit of our timer */
- next_timeout = quicly_get_first_timeout (ctx->c_quic_ctx_id.conn);
+ next_timeout = quicly_get_first_timeout (ctx->conn);
next_interval = next_timeout - quic_get_time (NULL);
if (next_timeout == 0 || next_interval <= 0)
*
*****************************************************************************/
-/* single-entry session cache */
-struct st_util_session_cache_t
-{
- ptls_encrypt_ticket_t super;
- uint8_t id[32];
- ptls_iovec_t data;
-};
-
static int
-encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
- int is_encrypt, ptls_buffer_t * dst, ptls_iovec_t src)
+quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
+ int is_encrypt, ptls_buffer_t * dst, ptls_iovec_t src)
{
- struct st_util_session_cache_t *self = (void *) _self;
+ quic_session_cache_t *self = (void *) _self;
int ret;
if (is_encrypt)
return 0;
}
-/* *INDENT-OFF* */
-static struct st_util_session_cache_t sc = {
- .super = {
- .cb = encrypt_ticket_cb,
- },
-};
-
-static ptls_context_t quic_tlsctx = {
- .random_bytes = ptls_openssl_random_bytes,
- .get_time = &ptls_get_time,
- .key_exchanges = ptls_openssl_key_exchanges,
- .cipher_suites = ptls_openssl_cipher_suites,
- .certificates = {
- .list = NULL,
- .count = 0
- },
- .esni = NULL,
- .on_client_hello = NULL,
- .emit_certificate = NULL,
- .sign_certificate = NULL,
- .verify_certificate = NULL,
- .ticket_lifetime = 86400,
- .max_early_data_size = 8192,
- .hkdf_label_prefix__obsolete = NULL,
- .require_dhe_on_psk = 1,
- .encrypt_ticket = &sc.super,
-};
-/* *INDENT-ON* */
-
-static int
-ptls_compare_separator_line (const char *line, const char *begin_or_end,
- const char *label)
-{
- int ret = strncmp (line, "-----", 5);
- size_t text_index = 5;
-
- if (ret == 0)
- {
- size_t begin_or_end_length = strlen (begin_or_end);
- ret = strncmp (line + text_index, begin_or_end, begin_or_end_length);
- text_index += begin_or_end_length;
- }
-
- if (ret == 0)
- {
- ret = line[text_index] - ' ';
- text_index++;
- }
-
- if (ret == 0)
- {
- size_t label_length = strlen (label);
- ret = strncmp (line + text_index, label, label_length);
- text_index += label_length;
- }
-
- if (ret == 0)
- {
- ret = strncmp (line + text_index, "-----", 5);
- }
-
- return ret;
-}
-
-static int
-ptls_get_bio_pem_object (BIO * bio, const char *label, ptls_buffer_t * buf)
-{
- int ret = PTLS_ERROR_PEM_LABEL_NOT_FOUND;
- char line[256];
- ptls_base64_decode_state_t state;
-
- /* Get the label on a line by itself */
- while (BIO_gets (bio, line, 256))
- {
- if (ptls_compare_separator_line (line, "BEGIN", label) == 0)
- {
- ret = 0;
- ptls_base64_decode_init (&state);
- break;
- }
- }
- /* Get the data in the buffer */
- while (ret == 0 && BIO_gets (bio, line, 256))
- {
- if (ptls_compare_separator_line (line, "END", label) == 0)
- {
- if (state.status == PTLS_BASE64_DECODE_DONE
- || (state.status == PTLS_BASE64_DECODE_IN_PROGRESS
- && state.nbc == 0))
- {
- ret = 0;
- }
- else
- {
- ret = PTLS_ERROR_INCORRECT_BASE64;
- }
- break;
- }
- else
- {
- ret = ptls_base64_decode (line, &state, buf);
- }
- }
-
- return ret;
-}
-
-static int
-ptls_load_bio_pem_objects (BIO * bio, const char *label, ptls_iovec_t * list,
- size_t list_max, size_t * nb_objects)
-{
- int ret = 0;
- size_t count = 0;
-
- *nb_objects = 0;
-
- if (ret == 0)
- {
- while (count < list_max)
- {
- ptls_buffer_t buf;
-
- ptls_buffer_init (&buf, "", 0);
-
- ret = ptls_get_bio_pem_object (bio, label, &buf);
-
- if (ret == 0)
- {
- if (buf.off > 0 && buf.is_allocated)
- {
- list[count].base = buf.base;
- list[count].len = buf.off;
- count++;
- }
- else
- {
- ptls_buffer_dispose (&buf);
- }
- }
- else
- {
- ptls_buffer_dispose (&buf);
- break;
- }
- }
- }
-
- if (ret == PTLS_ERROR_PEM_LABEL_NOT_FOUND && count > 0)
- {
- ret = 0;
- }
-
- *nb_objects = count;
-
- return ret;
-}
-
-#define PTLS_MAX_CERTS_IN_CONTEXT 16
-
-static int
-ptls_load_bio_certificates (ptls_context_t * ctx, BIO * bio)
+typedef struct quicly_ctx_data_
{
- int ret = 0;
-
- ctx->certificates.list =
- (ptls_iovec_t *) malloc (PTLS_MAX_CERTS_IN_CONTEXT *
- sizeof (ptls_iovec_t));
-
- if (ctx->certificates.list == NULL)
- {
- ret = PTLS_ERROR_NO_MEMORY;
- }
- else
- {
- ret =
- ptls_load_bio_pem_objects (bio, "CERTIFICATE", ctx->certificates.list,
- PTLS_MAX_CERTS_IN_CONTEXT,
- &ctx->certificates.count);
- }
-
- return ret;
-}
-
-static inline void
-load_bio_certificate_chain (ptls_context_t * ctx, const char *cert_data)
-{
- BIO *cert_bio;
- cert_bio = BIO_new_mem_buf (cert_data, -1);
- if (ptls_load_bio_certificates (ctx, cert_bio) != 0)
- {
- BIO_free (cert_bio);
- fprintf (stderr, "failed to load certificate:%s\n", strerror (errno));
- exit (1);
- }
- BIO_free (cert_bio);
-}
-
-static inline void
-load_bio_private_key (ptls_context_t * ctx, const char *pk_data)
-{
- static ptls_openssl_sign_certificate_t sc;
- EVP_PKEY *pkey;
- BIO *key_bio;
-
- key_bio = BIO_new_mem_buf (pk_data, -1);
- pkey = PEM_read_bio_PrivateKey (key_bio, NULL, NULL, NULL);
- BIO_free (key_bio);
-
- if (pkey == NULL)
- {
- fprintf (stderr, "failed to read private key from app configuration\n");
- exit (1);
- }
-
- ptls_openssl_init_sign_certificate (&sc, pkey);
- EVP_PKEY_free (pkey);
-
- ctx->sign_certificate = &sc.super;
-}
+ quicly_context_t quicly_ctx;
+ char cid_key[17];
+ ptls_context_t ptls_ctx;
+} quicly_ctx_data_t;
static void
-allocate_quicly_ctx (application_t * app, u8 is_client)
+quic_store_quicly_ctx (application_t * app, u8 is_client)
{
- struct
- {
- quicly_context_t _;
- char cid_key[17];
- } *ctx_data;
+ quic_main_t *qm = &quic_main;
quicly_context_t *quicly_ctx;
ptls_iovec_t key_vec;
- QUIC_DBG (2, "Called allocate_quicly_ctx");
-
if (app->quicly_ctx)
- {
- QUIC_DBG (1, "Trying to reallocate quicly_ctx");
- return;
- }
+ return;
+
+ quicly_ctx_data_t *quicly_ctx_data =
+ clib_mem_alloc (sizeof (quicly_ctx_data_t));
+ clib_memset (quicly_ctx_data, 0, sizeof (*quicly_ctx_data)); /* picotls depends on this */
+ quicly_ctx = &quicly_ctx_data->quicly_ctx;
+ ptls_context_t *ptls_ctx = &quicly_ctx_data->ptls_ctx;
+ ptls_ctx->random_bytes = ptls_openssl_random_bytes;
+ ptls_ctx->get_time = &ptls_get_time;
+ ptls_ctx->key_exchanges = ptls_openssl_key_exchanges;
+ ptls_ctx->cipher_suites = qm->quic_ciphers[qm->default_cipher];
+ ptls_ctx->certificates.list = NULL;
+ ptls_ctx->certificates.count = 0;
+ ptls_ctx->esni = NULL;
+ ptls_ctx->on_client_hello = NULL;
+ ptls_ctx->emit_certificate = NULL;
+ ptls_ctx->sign_certificate = NULL;
+ ptls_ctx->verify_certificate = NULL;
+ ptls_ctx->ticket_lifetime = 86400;
+ ptls_ctx->max_early_data_size = 8192;
+ ptls_ctx->hkdf_label_prefix__obsolete = NULL;
+ ptls_ctx->require_dhe_on_psk = 1;
+ ptls_ctx->encrypt_ticket = &qm->session_cache.super;
- ctx_data = malloc (sizeof (*ctx_data));
- quicly_ctx = &ctx_data->_;
app->quicly_ctx = (u64 *) quicly_ctx;
memcpy (quicly_ctx, &quicly_spec_context, sizeof (quicly_context_t));
quicly_ctx->max_packet_size = QUIC_MAX_PACKET_SIZE;
- quicly_ctx->tls = &quic_tlsctx;
+ quicly_ctx->tls = ptls_ctx;
quicly_ctx->stream_open = &on_stream_open;
quicly_ctx->closed_by_peer = &on_closed_by_peer;
quicly_ctx->now = &quicly_vpp_now_cb;
-
quicly_amend_ptls_context (quicly_ctx->tls);
quicly_ctx->event_log.mask = 0; /* logs */
quicly_ctx->event_log.cb = quicly_new_default_event_logger (stderr);
quicly_ctx->transport_params.max_data = QUIC_INT_MAX;
- quicly_ctx->transport_params.max_streams_uni = QUIC_INT_MAX;
- quicly_ctx->transport_params.max_streams_bidi = QUIC_INT_MAX;
+ quicly_ctx->transport_params.max_streams_uni = (uint64_t) 1 << 60;
+ quicly_ctx->transport_params.max_streams_bidi = (uint64_t) 1 << 60;
quicly_ctx->transport_params.max_stream_data.bidi_local = (QUIC_FIFO_SIZE - 1); /* max_enq is SIZE - 1 */
quicly_ctx->transport_params.max_stream_data.bidi_remote = (QUIC_FIFO_SIZE - 1); /* max_enq is SIZE - 1 */
quicly_ctx->transport_params.max_stream_data.uni = QUIC_INT_MAX;
- quicly_ctx->tls->random_bytes (ctx_data->cid_key, 16);
- ctx_data->cid_key[16] = 0;
- key_vec = ptls_iovec_init (ctx_data->cid_key, strlen (ctx_data->cid_key));
+ quicly_ctx->tls->random_bytes (quicly_ctx_data->cid_key, 16);
+ quicly_ctx_data->cid_key[16] = 0;
+ key_vec =
+ ptls_iovec_init (quicly_ctx_data->cid_key,
+ strlen (quicly_ctx_data->cid_key));
quicly_ctx->cid_encryptor =
quicly_new_default_cid_encryptor (&ptls_openssl_bfecb,
&ptls_openssl_sha256, key_vec);
- if (!is_client && app->tls_key != NULL && app->tls_cert != NULL)
+ if (is_client)
+ return;
+ if (app->tls_key != NULL && app->tls_cert != NULL)
{
- load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key);
- load_bio_certificate_chain (quicly_ctx->tls, (char *) app->tls_cert);
+ if (load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key))
+ {
+ QUIC_DBG (1, "failed to read private key from app configuration\n");
+ }
+ if (load_bio_certificate_chain (quicly_ctx->tls,
+ (char *) app->tls_cert))
+ {
+ QUIC_DBG (1, "failed to load certificate\n");
+ }
}
}
sctx->parent_app_wrk_id = qctx->parent_app_wrk_id;
sctx->parent_app_id = qctx->parent_app_id;
- sctx->c_quic_ctx_id.quic_connection_ctx_id = qctx->c_c_index;
+ sctx->quic_connection_ctx_id = qctx->c_c_index;
sctx->c_c_index = sctx_index;
sctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
sctx->flags |= QUIC_F_IS_STREAM;
- conn = qctx->c_quic_ctx_id.conn;
+ conn = qctx->conn;
if (!conn || !quicly_connection_is_ready (conn))
return -1;
QUIC_DBG (2, "Stream open failed with %d", rv);
return -1;
}
- sctx->c_quic_ctx_id.stream = stream;
+ sctx->stream = stream;
QUIC_DBG (2, "Opened stream %d, creating session", stream->stream_id);
stream_session->connection_index = sctx_index;
stream_session->listener_handle = quic_session_handle;
stream_session->session_type =
- session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC,
- qctx->c_quic_ctx_id.udp_is_ip4);
+ session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC, qctx->udp_is_ip4);
sctx->c_s_index = stream_session->session_index;
ctx->parent_app_wrk_id = sep->app_wrk_index;
ctx->c_s_index = QUIC_SESSION_INVALID;
ctx->c_c_index = ctx_index;
- ctx->c_quic_ctx_id.udp_is_ip4 = sep->is_ip4;
+ ctx->udp_is_ip4 = sep->is_ip4;
ctx->timer_handle = QUIC_TIMER_HANDLE_INVALID;
- ctx->c_quic_ctx_id.conn_state = QUIC_CONN_STATE_HANDSHAKE;
- ctx->c_quic_ctx_id.client_opaque = sep->opaque;
+ ctx->conn_state = QUIC_CONN_STATE_HANDSHAKE;
+ ctx->client_opaque = sep->opaque;
ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
if (sep->hostname)
{
- ctx->c_quic_ctx_id.srv_hostname = format (0, "%v", sep->hostname);
- vec_terminate_c_string (ctx->c_quic_ctx_id.srv_hostname);
+ ctx->srv_hostname = format (0, "%v", sep->hostname);
+ vec_terminate_c_string (ctx->srv_hostname);
}
else
{
/* needed by quic for crypto + determining client / server */
- ctx->c_quic_ctx_id.srv_hostname =
+ ctx->srv_hostname =
format (0, "%U", format_ip46_address, &sep->ip, sep->is_ip4);
}
ctx->parent_app_id = app_wrk->app_index;
cargs->sep_ext.ns_index = app->ns_index;
- allocate_quicly_ctx (app, 1 /* is client */ );
+ quic_store_quicly_ctx (app, 1 /* is client */ );
if ((error = vnet_connect (cargs)))
return error;
#endif
if (quic_ctx_is_stream (ctx))
{
- quicly_stream_t *stream = ctx->c_quic_ctx_id.stream;
+ quicly_stream_t *stream = ctx->stream;
quicly_reset_stream (stream, QUIC_APP_ERROR_CLOSE_NOTIFY);
quic_send_packets (ctx);
+ return;
}
- else if (ctx->c_quic_ctx_id.conn_state == QUIC_CONN_STATE_PASSIVE_CLOSING)
- quic_connection_closed (ctx->c_c_index, ctx->c_thread_index,
- 0 /* notify_transport */ );
- else
+
+ switch (ctx->conn_state)
{
- quicly_conn_t *conn = ctx->c_quic_ctx_id.conn;
+ case QUIC_CONN_STATE_READY:
+ ctx->conn_state = QUIC_CONN_STATE_ACTIVE_CLOSING;
+ quicly_conn_t *conn = ctx->conn;
/* Start connection closing. Keep sending packets until quicly_send
returns QUICLY_ERROR_FREE_CONNECTION */
quicly_close (conn, QUIC_APP_ERROR_CLOSE_NOTIFY, "Closed by peer");
/* This also causes all streams to be closed (and the cb called) */
quic_send_packets (ctx);
+ break;
+ case QUIC_CONN_STATE_PASSIVE_CLOSING:
+ ctx->conn_state = QUIC_CONN_STATE_PASSIVE_CLOSING_APP_CLOSED;
+ /* send_packets will eventually return an error, we delete the conn at
+ that point */
+ break;
+ case QUIC_CONN_STATE_PASSIVE_CLOSING_QUIC_CLOSED:
+ quic_connection_delete (ctx);
+ break;
+ default:
+ QUIC_DBG (0, "BUG");
+ break;
}
}
app = application_get (app_wrk->app_index);
QUIC_DBG (2, "Called quic_start_listen for app %d", app_wrk->app_index);
- allocate_quicly_ctx (app, 0 /* is_client */ );
+ quic_store_quicly_ctx (app, 0 /* is_client */ );
sep->transport_proto = TRANSPORT_PROTO_UDPC;
memset (args, 0, sizeof (*args));
str = format (str, "Listener, UDP %ld", ctx->udp_session_handle);
else if (quic_ctx_is_stream (ctx))
str = format (str, "Stream %ld conn %d",
- ctx->c_quic_ctx_id.stream->stream_id,
- ctx->c_quic_ctx_id.quic_connection_ctx_id);
+ ctx->stream->stream_id, ctx->quic_connection_ctx_id);
else /* connection */
str = format (str, "Conn %d UDP %d", ctx->c_c_index,
ctx->udp_session_handle);
ctx->parent_app_wrk_id);
if (verbose == 1)
- s = format (s, "%-50s%-15d", str, ctx->c_quic_ctx_id.conn_state);
+ s = format (s, "%-50s%-15d", str, ctx->conn_state);
else
s = format (s, "%s\n", str);
vec_free (str);
app_worker_t *app_wrk;
u32 ctx_id = ctx->c_c_index;
u32 thread_index = ctx->c_thread_index;
+ int rv;
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
if (!app_wrk)
quic_session->connection_index = ctx->c_c_index;
quic_session->listener_handle = SESSION_INVALID_HANDLE;
quic_session->session_type =
- session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC,
- ctx->c_quic_ctx_id.udp_is_ip4);
+ session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC, ctx->udp_is_ip4);
if (app_worker_init_connected (app_wrk, quic_session))
{
QUIC_DBG (1, "failed to app_worker_init_connected");
quic_proto_on_close (ctx_id, thread_index);
- return app_worker_connect_notify (app_wrk, NULL,
- ctx->c_quic_ctx_id.client_opaque);
+ return app_worker_connect_notify (app_wrk, NULL, ctx->client_opaque);
}
quic_session->session_state = SESSION_STATE_CONNECTING;
- if (app_worker_connect_notify
- (app_wrk, quic_session, ctx->c_quic_ctx_id.client_opaque))
+ if ((rv = app_worker_connect_notify (app_wrk, quic_session,
+ ctx->client_opaque)))
{
- QUIC_DBG (1, "failed to notify app");
+ QUIC_DBG (1, "failed to notify app %d", rv);
quic_proto_on_close (ctx_id, thread_index);
return -1;
}
quic_ctx_t *temp_ctx, *new_ctx;
clib_bihash_kv_16_8_t kv;
quicly_conn_t *conn;
+ session_t *udp_session;
temp_ctx = arg;
new_ctx_id = quic_ctx_alloc (thread_index);
memcpy (new_ctx, temp_ctx, sizeof (quic_ctx_t));
- free (temp_ctx);
+ clib_mem_free (temp_ctx);
new_ctx->c_thread_index = thread_index;
new_ctx->c_c_index = new_ctx_id;
- conn = new_ctx->c_quic_ctx_id.conn;
+ conn = new_ctx->conn;
quic_store_conn_ctx (conn, new_ctx);
quic_make_connection_key (&kv, quicly_get_master_id (conn));
kv.value = ((u64) thread_index) << 32 | (u64) new_ctx_id;
new_ctx->timer_handle = QUIC_TIMER_HANDLE_INVALID;
quic_update_timer (new_ctx);
- /* Trigger read on this connection ? */
+ /* Trigger write on this connection if necessary */
+ udp_session = session_get_from_handle (new_ctx->udp_session_handle);
+ if (svm_fifo_max_dequeue (udp_session->tx_fifo))
+ if (session_send_io_evt_to_thread (udp_session->tx_fifo,
+ SESSION_IO_EVT_TX))
+ QUIC_DBG (4, "Cannot send TX event");
}
static void
{
tw_timer_wheel_1t_3w_1024sl_ov_t *tw;
quic_ctx_t *ctx, *temp_ctx;
- clib_bihash_kv_16_8_t kv;
- quicly_conn_t *conn;
u32 thread_index = vlib_get_thread_index ();
QUIC_DBG (2, "Transferring conn %u to thread %u", ctx_index, dest_thread);
- temp_ctx = malloc (sizeof (quic_ctx_t));
+ temp_ctx = clib_mem_alloc (sizeof (quic_ctx_t));
ASSERT (temp_ctx);
ctx = quic_ctx_get (ctx_index, thread_index);
memcpy (temp_ctx, ctx, sizeof (quic_ctx_t));
- /* Remove from lookup hash, timer wheel and thread-local pool */
- conn = ctx->c_quic_ctx_id.conn;
- quic_make_connection_key (&kv, quicly_get_master_id (conn));
- clib_bihash_add_del_16_8 (&quic_main.connection_hash, &kv, 0 /* is_add */ );
+ /* Remove from timer wheel and thread-local pool */
if (ctx->timer_handle != QUIC_TIMER_HANDLE_INVALID)
{
tw = &quic_main.wrk_ctx[thread_index].timer_wheel;
(void *) temp_ctx);
}
-static void
-quic_transfer_connection_rpc (void *arg)
-{
- u64 arg_int = (u64) arg;
- u32 ctx_index, dest_thread;
-
- ctx_index = (u32) (arg_int >> 32);
- dest_thread = (u32) (arg_int & UINT32_MAX);
- quic_transfer_connection (ctx_index, dest_thread);
-}
-
-/*
- * This assumes that the connection is not yet associated to a session
- * So currently it only works on the client side when receiving the first packet
- * from the server
- */
-static void
-quic_move_connection_to_thread (u32 ctx_index, u32 owner_thread,
- u32 to_thread)
-{
- QUIC_DBG (2, "Requesting transfer of conn %u from thread %u", ctx_index,
- owner_thread);
- u64 arg = ((u64) ctx_index) << 32 | to_thread;
- session_send_rpc_evt_to_thread (owner_thread, quic_transfer_connection_rpc,
- (void *) arg);
-}
-
static int
quic_session_connected_callback (u32 quic_app_index, u32 ctx_index,
session_t * udp_session, u8 is_fail)
transport_connection_t *tc;
app_worker_t *app_wrk;
quicly_conn_t *conn;
- application_t *app;
quic_ctx_t *ctx;
u32 thread_index = vlib_get_thread_index ();
int ret;
+ quicly_context_t *quicly_ctx;
+
ctx = quic_ctx_get (ctx_index, thread_index);
if (is_fail)
{
u32 api_context;
- int rv = 0;
-
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
if (app_wrk)
{
api_context = ctx->c_s_index;
app_worker_connect_notify (app_wrk, 0, api_context);
}
- return rv;
- }
-
- app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
- if (!app_wrk)
- {
- QUIC_DBG (1, "Appwrk not found");
- return -1;
+ return 0;
}
- app = application_get (app_wrk->app_index);
ctx->c_thread_index = thread_index;
ctx->c_c_index = ctx_index;
ctx->udp_session_handle = session_handle (udp_session);
udp_session->opaque = ctx->parent_app_id;
- udp_session->session_state = SESSION_STATE_READY;
/* Init QUIC lib connection
* Generate required sockaddr & salen */
tc = session_get_transport (udp_session);
quic_build_sockaddr (sa, &salen, &tc->rmt_ip, tc->rmt_port, tc->is_ip4);
- ret =
- quicly_connect (&ctx->c_quic_ctx_id.conn,
- (quicly_context_t *) app->quicly_ctx,
- (char *) ctx->c_quic_ctx_id.srv_hostname, sa, salen,
- &quic_main.next_cid, &quic_main.hs_properties, NULL);
+ quicly_ctx = quic_get_quicly_ctx_from_ctx (ctx);
+ ret = quicly_connect (&ctx->conn, quicly_ctx, (char *) ctx->srv_hostname,
+ sa, salen, &quic_main.next_cid,
+ &quic_main.hs_properties, NULL);
++quic_main.next_cid.master_id;
/* Save context handle in quicly connection */
- quic_store_conn_ctx (ctx->c_quic_ctx_id.conn, ctx);
+ quic_store_conn_ctx (ctx->conn, ctx);
assert (ret == 0);
/* Register connection in connections map */
- conn = ctx->c_quic_ctx_id.conn;
+ conn = ctx->conn;
quic_make_connection_key (&kv, quicly_get_master_id (conn));
kv.value = ((u64) thread_index) << 32 | (u64) ctx_index;
QUIC_DBG (2, "Registering conn with id %lu %lu", kv.key[0], kv.key[1]);
clib_bihash_add_del_16_8 (&quic_main.connection_hash, &kv, 1 /* is_add */ );
- quic_send_packets (ctx);
-
/* UDP stack quirk? preemptively transfer connection if that happens */
if (udp_session->thread_index != thread_index)
quic_transfer_connection (ctx_index, udp_session->thread_index);
+ else
+ quic_send_packets (ctx);
return ret;
}
clib_warning ("UDP session reset???");
}
+static void
+quic_session_migrate_callback (session_t * s, session_handle_t new_sh)
+{
+ /*
+ * TODO we need better way to get the connection from the session
+ * This will become possible once we stop storing the app id in the UDP
+ * session opaque
+ */
+ u32 thread_index = vlib_get_thread_index ();
+ u64 old_session_handle = session_handle (s);
+ u32 new_thread = session_thread_from_handle (new_sh);
+ quic_ctx_t *ctx;
+
+ QUIC_DBG (1, "Session %x migrated to %lx", s->session_index, new_sh);
+ /* *INDENT-OFF* */
+ pool_foreach (ctx, quic_main.ctx_pool[thread_index],
+ ({
+ if (ctx->udp_session_handle == old_session_handle)
+ {
+ /* Right ctx found, move associated conn */
+ QUIC_DBG (5, "Found right ctx: %x", ctx->c_c_index);
+ ctx->udp_session_handle = new_sh;
+ quic_transfer_connection (ctx->c_c_index, new_thread);
+ return;
+ }
+ }));
+ /* *INDENT-ON* */
+ QUIC_DBG (0, "BUG: Connection to migrate not found");
+}
+
int
quic_session_accepted_callback (session_t * udp_session)
{
ctx->c_s_index = QUIC_SESSION_INVALID;
ctx->udp_session_handle = session_handle (udp_session);
QUIC_DBG (2, "ACCEPTED UDP 0x%lx", ctx->udp_session_handle);
- ctx->c_quic_ctx_id.listener_ctx_id = udp_listen_session->opaque;
+ ctx->listener_ctx_id = udp_listen_session->opaque;
lctx = quic_ctx_get (udp_listen_session->opaque,
udp_listen_session->thread_index);
- ctx->c_quic_ctx_id.udp_is_ip4 = lctx->c_is_ip4;
+ ctx->udp_is_ip4 = lctx->c_is_ip4;
ctx->parent_app_id = lctx->parent_app_id;
ctx->parent_app_wrk_id = lctx->parent_app_wrk_id;
ctx->timer_handle = QUIC_TIMER_HANDLE_INVALID;
- ctx->c_quic_ctx_id.conn_state = QUIC_CONN_STATE_OPENED;
+ ctx->conn_state = QUIC_CONN_STATE_OPENED;
ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
udp_session->opaque = ctx->parent_app_id;
return 0;
}
-
static int
quic_custom_app_rx_callback (transport_connection_t * tc)
{
}
static int
-quic_custom_tx_callback (void *s)
+quic_custom_tx_callback (void *s, u32 max_burst_size)
{
session_t *stream_session = (session_t *) s;
quicly_stream_t *stream;
if (!svm_fifo_max_dequeue (stream_session->tx_fifo))
return 0;
- stream = ctx->c_quic_ctx_id.stream;
+ stream = ctx->stream;
if (!quicly_sendstate_is_open (&stream->sendstate))
{
QUIC_DBG (1, "Warning: tried to send on closed stream");
/*
* Returns 0 if a matching connection is found and is on the right thread.
+ * Otherwise returns -1.
* If a connection is found, even on the wrong thread, ctx_thread and ctx_index
* will be set.
*/
if (clib_bihash_search_16_8 (h, &kv, &kv) == 0)
{
u32 index = kv.value & UINT32_MAX;
- u8 thread_id = kv.value >> 32;
+ u32 thread_id = kv.value >> 32;
/* Check if this connection belongs to this thread, otherwise
* ask for it to be moved */
if (thread_id != caller_thread_index)
return -1;
}
ctx_ = quic_ctx_get (index, vlib_get_thread_index ());
- conn_ = ctx_->c_quic_ctx_id.conn;
+ conn_ = ctx_->conn;
if (conn_ && quicly_is_destination (conn_, sa, salen, packet))
{
QUIC_DBG (3, "Connection found");
/* ctx pointer may change if a new stream is opened */
ctx = quic_ctx_get (ctx_id, thread_index);
/* Conn may be set to null if the connection is terminated */
- if (ctx->c_quic_ctx_id.conn
- && ctx->c_quic_ctx_id.conn_state == QUIC_CONN_STATE_HANDSHAKE)
+ if (ctx->conn && ctx->conn_state == QUIC_CONN_STATE_HANDSHAKE)
{
if (quicly_connection_is_ready (conn))
{
- ctx->c_quic_ctx_id.conn_state = QUIC_CONN_STATE_READY;
+ ctx->conn_state = QUIC_CONN_STATE_READY;
if (quicly_is_client (conn))
{
quic_on_client_connected (ctx);
quic_session->session_state = SESSION_STATE_LISTENING;
ctx->c_s_index = quic_session->session_index;
- lctx = quic_ctx_get (ctx->c_quic_ctx_id.listener_ctx_id, 0);
+ lctx = quic_ctx_get (ctx->listener_ctx_id, 0);
quic_session->app_wrk_index = lctx->parent_app_wrk_id;
quic_session->connection_index = ctx->c_c_index;
quic_session->session_type =
- session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC,
- ctx->c_quic_ctx_id.udp_is_ip4);
+ session_type_from_proto_and_ip (TRANSPORT_PROTO_QUIC, ctx->udp_is_ip4);
quic_session->listener_handle = lctx->c_s_index;
/* TODO: don't alloc fifos when we don't transfer data on this session
return rv;
}
app_wrk = app_worker_get (quic_session->app_wrk_index);
- rv = app_worker_accept_notify (app_wrk, quic_session);
- if (rv)
+ if ((rv = app_worker_accept_notify (app_wrk, quic_session)))
{
QUIC_DBG (1, "failed to notify accept worker app");
return rv;
}
static int
-quic_create_connection (quicly_context_t * quicly_ctx,
- u32 ctx_index, struct sockaddr *sa,
+quic_create_connection (u32 ctx_index, struct sockaddr *sa,
socklen_t salen, quicly_decoded_packet_t packet)
{
clib_bihash_kv_16_8_t kv;
quic_ctx_t *ctx;
quicly_conn_t *conn;
u32 thread_index = vlib_get_thread_index ();
+ quicly_context_t *quicly_ctx;
int rv;
/* new connection, accept and create context if packet is valid
* TODO: check if socket is actually listening? */
+ ctx = quic_ctx_get (ctx_index, thread_index);
+ quicly_ctx = quic_get_quicly_ctx_from_ctx (ctx);
if ((rv = quicly_accept (&conn, quicly_ctx, sa, salen,
&packet, ptls_iovec_init (NULL, 0),
&quic_main.next_cid, NULL)))
assert (conn != NULL);
++quic_main.next_cid.master_id;
- ctx = quic_ctx_get (ctx_index, thread_index);
/* Save ctx handle in quicly connection */
quic_store_conn_ctx (conn, ctx);
- ctx->c_quic_ctx_id.conn = conn;
- ctx->c_quic_ctx_id.conn_state = QUIC_CONN_STATE_HANDSHAKE;
+ ctx->conn = conn;
+ ctx->conn_state = QUIC_CONN_STATE_HANDSHAKE;
quic_create_quic_session (ctx);
}
static int
-quic_reset_connection (quicly_context_t * quicly_ctx, u64 udp_session_handle,
+quic_reset_connection (u64 udp_session_handle,
struct sockaddr *sa, socklen_t salen,
quicly_decoded_packet_t packet)
{
int rv;
quicly_datagram_t *dgram;
session_t *udp_session;
- if (packet.cid.dest.plaintext.node_id == 0
- && packet.cid.dest.plaintext.thread_id == 0)
- {
- dgram = quicly_send_stateless_reset (quicly_ctx, sa, salen,
- &packet.cid.dest.plaintext);
- if (dgram == NULL)
- return 1;
- udp_session = session_get_from_handle (udp_session_handle);
- rv = quic_send_datagram (udp_session, dgram);
- if (svm_fifo_set_event (udp_session->tx_fifo))
- session_send_io_evt_to_thread (udp_session->tx_fifo,
- SESSION_IO_EVT_TX);
- return rv;
- }
- return 0;
+ quicly_context_t *quicly_ctx;
+ if (packet.cid.dest.plaintext.node_id != 0
+ || packet.cid.dest.plaintext.thread_id != 0)
+ return 0;
+ quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
+ dgram = quicly_send_stateless_reset (quicly_ctx, sa, salen,
+ &packet.cid.dest.plaintext);
+ if (dgram == NULL)
+ return 1;
+ udp_session = session_get_from_handle (udp_session_handle);
+ rv = quic_send_datagram (udp_session, dgram);
+ if (svm_fifo_set_event (udp_session->tx_fifo))
+ session_send_io_evt_to_thread (udp_session->tx_fifo, SESSION_IO_EVT_TX);
+ return rv;
}
static int
u64 udp_session_handle = session_handle (udp_session);
int rv = 0;
u32 thread_index = vlib_get_thread_index ();
+ quicly_context_t *quicly_ctx;
+
app = application_get_if_valid (app_index);
if (!app)
{
rv = 0;
quic_build_sockaddr (sa, &salen, &ph.rmt_ip, ph.rmt_port, ph.is_ip4);
- plen = quicly_decode_packet ((quicly_context_t *) app->quicly_ctx,
- &packet, data, ph.data_length);
+ quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
+ plen = quicly_decode_packet (quicly_ctx, &packet, data, ph.data_length);
if (plen != SIZE_MAX)
{
if (err == 0)
{
ctx = quic_ctx_get (ctx_index, thread_index);
- quic_receive (ctx, ctx->c_quic_ctx_id.conn, packet);
+ quic_receive (ctx, ctx->conn, packet);
}
- else if (ctx_thread != UINT32_MAX)
+ else if (ctx_index != UINT32_MAX)
{
- /* Connection found but on wrong thread, ask move */
- quic_move_connection_to_thread (ctx_index, ctx_thread,
- thread_index);
+ /* Connection found but on wrong thread, just wait for
+ * session_migrate_callback to be called */
+ return 0;
}
else if ((packet.octets.base[0] & QUICLY_PACKET_TYPE_BITMASK) ==
QUICLY_PACKET_TYPE_INITIAL)
if (ctx->udp_session_handle == udp_session_handle)
{
/* Right ctx found, create conn & remove from pool */
- quic_create_connection ((quicly_context_t *) app->quicly_ctx,
- *ctx_index_ptr, sa, salen, packet);
+ quic_create_connection (*ctx_index_ptr, sa, salen, packet);
pool_put (opening_ctx_pool, ctx_index_ptr);
goto ctx_search_done;
}
}
else
{
- quic_reset_connection ((quicly_context_t *) app->quicly_ctx,
- udp_session_handle, sa, salen, packet);
+ quic_reset_connection (udp_session_handle, sa, salen, packet);
}
}
ctx_search_done:
.session_disconnect_callback = quic_session_disconnect_callback,
.session_connected_callback = quic_session_connected_callback,
.session_reset_callback = quic_session_reset_callback,
+ .session_migrate_callback = quic_session_migrate_callback,
.add_segment_callback = quic_add_segment_callback,
.del_segment_callback = quic_del_segment_callback,
.builtin_app_rx_callback = quic_app_rx_callback,
};
/* *INDENT-ON* */
+static void
+quic_register_cipher_suite (quic_crypto_engine_t type,
+ ptls_cipher_suite_t ** ciphers)
+{
+ quic_main_t *qm = &quic_main;
+ vec_validate (qm->quic_ciphers, type);
+ qm->quic_ciphers[type] = ciphers;
+}
+
static clib_error_t *
quic_init (vlib_main_t * vm)
{
qm->app_index = a->app_index;
qm->tstamp_ticks_per_clock = vm->clib_time.seconds_per_clock
/ QUIC_TSTAMP_RESOLUTION;
+ qm->session_cache.super.cb = quic_encrypt_ticket_cb;
transport_register_protocol (TRANSPORT_PROTO_QUIC, &quic_proto,
FIB_PROTOCOL_IP4, ~0);
transport_register_protocol (TRANSPORT_PROTO_QUIC, &quic_proto,
FIB_PROTOCOL_IP6, ~0);
+ quic_register_cipher_suite (CRYPTO_ENGINE_VPP, vpp_crypto_cipher_suites);
+ quic_register_cipher_suite (CRYPTO_ENGINE_PICOTLS,
+ ptls_openssl_cipher_suites);
+ qm->default_cipher = CRYPTO_ENGINE_PICOTLS;
vec_free (a->name);
return 0;
}
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (input, "vpp"))
- {
- quic_tlsctx.cipher_suites = vpp_crypto_cipher_suites;
- return 0;
- }
- else if (unformat (input, "picotls"))
- {
- quic_tlsctx.cipher_suites = ptls_openssl_cipher_suites;
- return 0;
- }
- else
- return clib_error_return (0, "unknown input '%U'",
- format_unformat_error, input);
- }
-
- return clib_error_return (0, "unknown input '%U'",
- format_unformat_error, input);
+ quic_main_t *qm = &quic_main;
+ if (unformat_check_input (input) == UNFORMAT_END_OF_INPUT)
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ if (unformat (input, "vpp"))
+ qm->default_cipher = CRYPTO_ENGINE_VPP;
+ else if (unformat (input, "picotls"))
+ qm->default_cipher = CRYPTO_ENGINE_PICOTLS;
+ else
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ return 0;
}
/* *INDENT-OFF* */
VLIB_CLI_COMMAND(quic_plugin_crypto_command, static)=
{
- .path = "quic set crypto api",
- .short_help = "quic set crypto api [picotls, vpp]",
- .function = quic_plugin_crypto_command_fn,
+ .path = "quic set crypto api",
+ .short_help = "quic set crypto api [picotls, vpp]",
+ .function = quic_plugin_crypto_command_fn,
};
-
VLIB_PLUGIN_REGISTER () =
{
.version = VPP_BUILD_VER,
Code Review / vpp.git / blobdiff