memset (ctx, 0, sizeof (quic_ctx_t));
ctx->c_thread_index = thread_index;
- QUIC_DBG (1, "Allocated quic_ctx %u on thread %u",
+ QUIC_DBG (3, "Allocated quic_ctx %u on thread %u",
ctx - qm->ctx_pool[thread_index], thread_index);
return ctx - qm->ctx_pool[thread_index];
}
return clib_min (max_enqueue / packet_size, QUIC_SEND_PACKET_VEC_SIZE);
}
+static quicly_context_t *
+quic_get_quicly_ctx_from_ctx (quic_ctx_t * ctx)
+{
+ app_worker_t *app_wrk;
+ application_t *app;
+ app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
+ if (!app_wrk)
+ return 0;
+ app = application_get (app_wrk->app_index);
+ return (quicly_context_t *) app->quicly_ctx;
+}
+
+static quicly_context_t *
+quic_get_quicly_ctx_from_udp (u64 udp_session_handle)
+{
+ session_t *udp_session;
+ application_t *app;
+ udp_session = session_get_from_handle (udp_session_handle);
+ app = application_get (udp_session->opaque);
+ return (quicly_context_t *) app->quicly_ctx;
+}
static void
quic_ack_rx_data (session_t * stream_session)
session_t *udp_session;
quicly_conn_t *conn;
size_t num_packets, i, max_packets;
+ quicly_packet_allocator_t *pa;
quicly_context_t *quicly_context;
- app_worker_t *app_wrk;
- application_t *app;
int err = 0;
/* We have sctx, get qctx */
if (quic_sendable_packet_count (udp_session) < 2)
goto stop_sending;
- app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
- if (!app_wrk)
+ quicly_context = quic_get_quicly_ctx_from_ctx (ctx);
+ if (!quicly_context)
{
clib_warning ("Tried to send packets on non existing app worker %u",
ctx->parent_app_wrk_id);
quic_connection_delete (ctx);
return 1;
}
- app = application_get (app_wrk->app_index);
-
- quicly_context = (quicly_context_t *) app->quicly_ctx;
+ pa = quicly_context->packet_allocator;
do
{
max_packets = quic_sendable_packet_count (udp_session);
if ((err = quic_send_datagram (udp_session, packets[i])))
goto quicly_error;
- quicly_context->packet_allocator->
- free_packet (quicly_context->packet_allocator, packets[i]);
+ pa->free_packet (pa, packets[i]);
}
}
while (num_packets > 0 && num_packets == max_packets);
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL |
SVM_FIFO_WANT_DEQ_NOTIF_IF_EMPTY);
- rv = app_worker_accept_notify (app_wrk, stream_session);
- if (rv)
+ if ((rv = app_worker_accept_notify (app_wrk, stream_session)))
{
QUIC_DBG (1, "failed to notify accept worker app");
session_free_w_fifos (stream_session);
*
*****************************************************************************/
-/* single-entry session cache */
-struct st_util_session_cache_t
-{
- ptls_encrypt_ticket_t super;
- uint8_t id[32];
- ptls_iovec_t data;
-};
-
static int
-encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
- int is_encrypt, ptls_buffer_t * dst, ptls_iovec_t src)
+quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
+ int is_encrypt, ptls_buffer_t * dst, ptls_iovec_t src)
{
- struct st_util_session_cache_t *self = (void *) _self;
+ quic_session_cache_t *self = (void *) _self;
int ret;
if (is_encrypt)
return 0;
}
-/* *INDENT-OFF* */
-static struct st_util_session_cache_t sc = {
- .super = {
- .cb = encrypt_ticket_cb,
- },
-};
-
-static ptls_context_t quic_tlsctx = {
- .random_bytes = ptls_openssl_random_bytes,
- .get_time = &ptls_get_time,
- .key_exchanges = ptls_openssl_key_exchanges,
- .cipher_suites = ptls_openssl_cipher_suites,
- .certificates = {
- .list = NULL,
- .count = 0
- },
- .esni = NULL,
- .on_client_hello = NULL,
- .emit_certificate = NULL,
- .sign_certificate = NULL,
- .verify_certificate = NULL,
- .ticket_lifetime = 86400,
- .max_early_data_size = 8192,
- .hkdf_label_prefix__obsolete = NULL,
- .require_dhe_on_psk = 1,
- .encrypt_ticket = &sc.super,
-};
-/* *INDENT-ON* */
+typedef struct quicly_ctx_data_
+{
+ quicly_context_t quicly_ctx;
+ char cid_key[17];
+ ptls_context_t ptls_ctx;
+} quicly_ctx_data_t;
static void
-allocate_quicly_ctx (application_t * app, u8 is_client)
+quic_store_quicly_ctx (application_t * app, u8 is_client)
{
- struct
- {
- quicly_context_t _;
- char cid_key[17];
- } *ctx_data;
+ quic_main_t *qm = &quic_main;
quicly_context_t *quicly_ctx;
ptls_iovec_t key_vec;
- QUIC_DBG (2, "Called allocate_quicly_ctx");
-
if (app->quicly_ctx)
- {
- QUIC_DBG (1, "Trying to reallocate quicly_ctx");
- return;
- }
+ return;
+
+ quicly_ctx_data_t *quicly_ctx_data =
+ clib_mem_alloc (sizeof (quicly_ctx_data_t));
+ clib_memset (quicly_ctx_data, 0, sizeof (*quicly_ctx_data)); /* picotls depends on this */
+ quicly_ctx = &quicly_ctx_data->quicly_ctx;
+ ptls_context_t *ptls_ctx = &quicly_ctx_data->ptls_ctx;
+ ptls_ctx->random_bytes = ptls_openssl_random_bytes;
+ ptls_ctx->get_time = &ptls_get_time;
+ ptls_ctx->key_exchanges = ptls_openssl_key_exchanges;
+ ptls_ctx->cipher_suites = qm->quic_ciphers[qm->default_cipher];
+ ptls_ctx->certificates.list = NULL;
+ ptls_ctx->certificates.count = 0;
+ ptls_ctx->esni = NULL;
+ ptls_ctx->on_client_hello = NULL;
+ ptls_ctx->emit_certificate = NULL;
+ ptls_ctx->sign_certificate = NULL;
+ ptls_ctx->verify_certificate = NULL;
+ ptls_ctx->ticket_lifetime = 86400;
+ ptls_ctx->max_early_data_size = 8192;
+ ptls_ctx->hkdf_label_prefix__obsolete = NULL;
+ ptls_ctx->require_dhe_on_psk = 1;
+ ptls_ctx->encrypt_ticket = &qm->session_cache.super;
- ctx_data = malloc (sizeof (*ctx_data));
- quicly_ctx = &ctx_data->_;
app->quicly_ctx = (u64 *) quicly_ctx;
memcpy (quicly_ctx, &quicly_spec_context, sizeof (quicly_context_t));
quicly_ctx->max_packet_size = QUIC_MAX_PACKET_SIZE;
- quicly_ctx->tls = &quic_tlsctx;
+ quicly_ctx->tls = ptls_ctx;
quicly_ctx->stream_open = &on_stream_open;
quicly_ctx->closed_by_peer = &on_closed_by_peer;
quicly_ctx->now = &quicly_vpp_now_cb;
-
quicly_amend_ptls_context (quicly_ctx->tls);
quicly_ctx->event_log.mask = 0; /* logs */
quicly_ctx->transport_params.max_stream_data.bidi_remote = (QUIC_FIFO_SIZE - 1); /* max_enq is SIZE - 1 */
quicly_ctx->transport_params.max_stream_data.uni = QUIC_INT_MAX;
- quicly_ctx->tls->random_bytes (ctx_data->cid_key, 16);
- ctx_data->cid_key[16] = 0;
- key_vec = ptls_iovec_init (ctx_data->cid_key, strlen (ctx_data->cid_key));
+ quicly_ctx->tls->random_bytes (quicly_ctx_data->cid_key, 16);
+ quicly_ctx_data->cid_key[16] = 0;
+ key_vec =
+ ptls_iovec_init (quicly_ctx_data->cid_key,
+ strlen (quicly_ctx_data->cid_key));
quicly_ctx->cid_encryptor =
quicly_new_default_cid_encryptor (&ptls_openssl_bfecb,
&ptls_openssl_sha256, key_vec);
- if (!is_client && app->tls_key != NULL && app->tls_cert != NULL)
+ if (is_client)
+ return;
+ if (app->tls_key != NULL && app->tls_cert != NULL)
{
- load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key);
- load_bio_certificate_chain (quicly_ctx->tls, (char *) app->tls_cert);
+ if (load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key))
+ {
+ QUIC_DBG (1, "failed to read private key from app configuration\n");
+ }
+ if (load_bio_certificate_chain (quicly_ctx->tls,
+ (char *) app->tls_cert))
+ {
+ QUIC_DBG (1, "failed to load certificate\n");
+ }
}
}
ctx->parent_app_id = app_wrk->app_index;
cargs->sep_ext.ns_index = app->ns_index;
- allocate_quicly_ctx (app, 1 /* is client */ );
+ quic_store_quicly_ctx (app, 1 /* is client */ );
if ((error = vnet_connect (cargs)))
return error;
quicly_stream_t *stream = ctx->stream;
quicly_reset_stream (stream, QUIC_APP_ERROR_CLOSE_NOTIFY);
quic_send_packets (ctx);
+ return;
}
switch (ctx->conn_state)
app = application_get (app_wrk->app_index);
QUIC_DBG (2, "Called quic_start_listen for app %d", app_wrk->app_index);
- allocate_quicly_ctx (app, 0 /* is_client */ );
+ quic_store_quicly_ctx (app, 0 /* is_client */ );
sep->transport_proto = TRANSPORT_PROTO_UDPC;
memset (args, 0, sizeof (*args));
app_worker_t *app_wrk;
u32 ctx_id = ctx->c_c_index;
u32 thread_index = ctx->c_thread_index;
+ int rv;
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
if (!app_wrk)
}
quic_session->session_state = SESSION_STATE_CONNECTING;
- if (app_worker_connect_notify (app_wrk, quic_session, ctx->client_opaque))
+ if ((rv = app_worker_connect_notify (app_wrk, quic_session,
+ ctx->client_opaque)))
{
- QUIC_DBG (1, "failed to notify app");
+ QUIC_DBG (1, "failed to notify app %d", rv);
quic_proto_on_close (ctx_id, thread_index);
return -1;
}
quic_ctx_t *temp_ctx, *new_ctx;
clib_bihash_kv_16_8_t kv;
quicly_conn_t *conn;
+ session_t *udp_session;
temp_ctx = arg;
new_ctx_id = quic_ctx_alloc (thread_index);
memcpy (new_ctx, temp_ctx, sizeof (quic_ctx_t));
- free (temp_ctx);
+ clib_mem_free (temp_ctx);
new_ctx->c_thread_index = thread_index;
new_ctx->c_c_index = new_ctx_id;
new_ctx->timer_handle = QUIC_TIMER_HANDLE_INVALID;
quic_update_timer (new_ctx);
- /* Trigger read on this connection ? */
+ /* Trigger write on this connection if necessary */
+ udp_session = session_get_from_handle (new_ctx->udp_session_handle);
+ if (svm_fifo_max_dequeue (udp_session->tx_fifo))
+ if (session_send_io_evt_to_thread (udp_session->tx_fifo,
+ SESSION_IO_EVT_TX))
+ QUIC_DBG (4, "Cannot send TX event");
}
static void
{
tw_timer_wheel_1t_3w_1024sl_ov_t *tw;
quic_ctx_t *ctx, *temp_ctx;
- clib_bihash_kv_16_8_t kv;
- quicly_conn_t *conn;
u32 thread_index = vlib_get_thread_index ();
QUIC_DBG (2, "Transferring conn %u to thread %u", ctx_index, dest_thread);
- temp_ctx = malloc (sizeof (quic_ctx_t));
+ temp_ctx = clib_mem_alloc (sizeof (quic_ctx_t));
ASSERT (temp_ctx);
ctx = quic_ctx_get (ctx_index, thread_index);
memcpy (temp_ctx, ctx, sizeof (quic_ctx_t));
- /* Remove from lookup hash, timer wheel and thread-local pool */
- conn = ctx->conn;
- quic_make_connection_key (&kv, quicly_get_master_id (conn));
- clib_bihash_add_del_16_8 (&quic_main.connection_hash, &kv, 0 /* is_add */ );
+ /* Remove from timer wheel and thread-local pool */
if (ctx->timer_handle != QUIC_TIMER_HANDLE_INVALID)
{
tw = &quic_main.wrk_ctx[thread_index].timer_wheel;
(void *) temp_ctx);
}
-static void
-quic_transfer_connection_rpc (void *arg)
-{
- u64 arg_int = (u64) arg;
- u32 ctx_index, dest_thread;
-
- ctx_index = (u32) (arg_int >> 32);
- dest_thread = (u32) (arg_int & UINT32_MAX);
- quic_transfer_connection (ctx_index, dest_thread);
-}
-
-/*
- * This assumes that the connection is not yet associated to a session
- * So currently it only works on the client side when receiving the first packet
- * from the server
- */
-static void
-quic_move_connection_to_thread (u32 ctx_index, u32 owner_thread,
- u32 to_thread)
-{
- QUIC_DBG (2, "Requesting transfer of conn %u from thread %u", ctx_index,
- owner_thread);
- u64 arg = ((u64) ctx_index) << 32 | to_thread;
- session_send_rpc_evt_to_thread (owner_thread, quic_transfer_connection_rpc,
- (void *) arg);
-}
-
static int
quic_session_connected_callback (u32 quic_app_index, u32 ctx_index,
session_t * udp_session, u8 is_fail)
transport_connection_t *tc;
app_worker_t *app_wrk;
quicly_conn_t *conn;
- application_t *app;
quic_ctx_t *ctx;
u32 thread_index = vlib_get_thread_index ();
int ret;
+ quicly_context_t *quicly_ctx;
+
ctx = quic_ctx_get (ctx_index, thread_index);
if (is_fail)
{
u32 api_context;
- int rv = 0;
-
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
if (app_wrk)
{
api_context = ctx->c_s_index;
app_worker_connect_notify (app_wrk, 0, api_context);
}
- return rv;
- }
-
- app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_id);
- if (!app_wrk)
- {
- QUIC_DBG (1, "Appwrk not found");
- return -1;
+ return 0;
}
- app = application_get (app_wrk->app_index);
ctx->c_thread_index = thread_index;
ctx->c_c_index = ctx_index;
ctx->udp_session_handle = session_handle (udp_session);
udp_session->opaque = ctx->parent_app_id;
- udp_session->session_state = SESSION_STATE_READY;
/* Init QUIC lib connection
* Generate required sockaddr & salen */
tc = session_get_transport (udp_session);
quic_build_sockaddr (sa, &salen, &tc->rmt_ip, tc->rmt_port, tc->is_ip4);
- ret =
- quicly_connect (&ctx->conn,
- (quicly_context_t *) app->quicly_ctx,
- (char *) ctx->srv_hostname, sa, salen,
- &quic_main.next_cid, &quic_main.hs_properties, NULL);
+ quicly_ctx = quic_get_quicly_ctx_from_ctx (ctx);
+ ret = quicly_connect (&ctx->conn, quicly_ctx, (char *) ctx->srv_hostname,
+ sa, salen, &quic_main.next_cid,
+ &quic_main.hs_properties, NULL);
++quic_main.next_cid.master_id;
/* Save context handle in quicly connection */
quic_store_conn_ctx (ctx->conn, ctx);
QUIC_DBG (2, "Registering conn with id %lu %lu", kv.key[0], kv.key[1]);
clib_bihash_add_del_16_8 (&quic_main.connection_hash, &kv, 1 /* is_add */ );
- quic_send_packets (ctx);
-
/* UDP stack quirk? preemptively transfer connection if that happens */
if (udp_session->thread_index != thread_index)
quic_transfer_connection (ctx_index, udp_session->thread_index);
+ else
+ quic_send_packets (ctx);
return ret;
}
clib_warning ("UDP session reset???");
}
+static void
+quic_session_migrate_callback (session_t * s, session_handle_t new_sh)
+{
+ /*
+ * TODO we need better way to get the connection from the session
+ * This will become possible once we stop storing the app id in the UDP
+ * session opaque
+ */
+ u32 thread_index = vlib_get_thread_index ();
+ u64 old_session_handle = session_handle (s);
+ u32 new_thread = session_thread_from_handle (new_sh);
+ quic_ctx_t *ctx;
+
+ QUIC_DBG (1, "Session %x migrated to %lx", s->session_index, new_sh);
+ /* *INDENT-OFF* */
+ pool_foreach (ctx, quic_main.ctx_pool[thread_index],
+ ({
+ if (ctx->udp_session_handle == old_session_handle)
+ {
+ /* Right ctx found, move associated conn */
+ QUIC_DBG (5, "Found right ctx: %x", ctx->c_c_index);
+ ctx->udp_session_handle = new_sh;
+ quic_transfer_connection (ctx->c_c_index, new_thread);
+ return;
+ }
+ }));
+ /* *INDENT-ON* */
+ QUIC_DBG (0, "BUG: Connection to migrate not found");
+}
+
int
quic_session_accepted_callback (session_t * udp_session)
{
return 0;
}
-
static int
quic_custom_app_rx_callback (transport_connection_t * tc)
{
/*
* Returns 0 if a matching connection is found and is on the right thread.
+ * Otherwise returns -1.
* If a connection is found, even on the wrong thread, ctx_thread and ctx_index
* will be set.
*/
if (clib_bihash_search_16_8 (h, &kv, &kv) == 0)
{
u32 index = kv.value & UINT32_MAX;
- u8 thread_id = kv.value >> 32;
+ u32 thread_id = kv.value >> 32;
/* Check if this connection belongs to this thread, otherwise
* ask for it to be moved */
if (thread_id != caller_thread_index)
return rv;
}
app_wrk = app_worker_get (quic_session->app_wrk_index);
- rv = app_worker_accept_notify (app_wrk, quic_session);
- if (rv)
+ if ((rv = app_worker_accept_notify (app_wrk, quic_session)))
{
QUIC_DBG (1, "failed to notify accept worker app");
return rv;
}
static int
-quic_create_connection (quicly_context_t * quicly_ctx,
- u32 ctx_index, struct sockaddr *sa,
+quic_create_connection (u32 ctx_index, struct sockaddr *sa,
socklen_t salen, quicly_decoded_packet_t packet)
{
clib_bihash_kv_16_8_t kv;
quic_ctx_t *ctx;
quicly_conn_t *conn;
u32 thread_index = vlib_get_thread_index ();
+ quicly_context_t *quicly_ctx;
int rv;
/* new connection, accept and create context if packet is valid
* TODO: check if socket is actually listening? */
+ ctx = quic_ctx_get (ctx_index, thread_index);
+ quicly_ctx = quic_get_quicly_ctx_from_ctx (ctx);
if ((rv = quicly_accept (&conn, quicly_ctx, sa, salen,
&packet, ptls_iovec_init (NULL, 0),
&quic_main.next_cid, NULL)))
assert (conn != NULL);
++quic_main.next_cid.master_id;
- ctx = quic_ctx_get (ctx_index, thread_index);
/* Save ctx handle in quicly connection */
quic_store_conn_ctx (conn, ctx);
ctx->conn = conn;
}
static int
-quic_reset_connection (quicly_context_t * quicly_ctx, u64 udp_session_handle,
+quic_reset_connection (u64 udp_session_handle,
struct sockaddr *sa, socklen_t salen,
quicly_decoded_packet_t packet)
{
int rv;
quicly_datagram_t *dgram;
session_t *udp_session;
- if (packet.cid.dest.plaintext.node_id == 0
- && packet.cid.dest.plaintext.thread_id == 0)
- {
- dgram = quicly_send_stateless_reset (quicly_ctx, sa, salen,
- &packet.cid.dest.plaintext);
- if (dgram == NULL)
- return 1;
- udp_session = session_get_from_handle (udp_session_handle);
- rv = quic_send_datagram (udp_session, dgram);
- if (svm_fifo_set_event (udp_session->tx_fifo))
- session_send_io_evt_to_thread (udp_session->tx_fifo,
- SESSION_IO_EVT_TX);
- return rv;
- }
- return 0;
+ quicly_context_t *quicly_ctx;
+ if (packet.cid.dest.plaintext.node_id != 0
+ || packet.cid.dest.plaintext.thread_id != 0)
+ return 0;
+ quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
+ dgram = quicly_send_stateless_reset (quicly_ctx, sa, salen,
+ &packet.cid.dest.plaintext);
+ if (dgram == NULL)
+ return 1;
+ udp_session = session_get_from_handle (udp_session_handle);
+ rv = quic_send_datagram (udp_session, dgram);
+ if (svm_fifo_set_event (udp_session->tx_fifo))
+ session_send_io_evt_to_thread (udp_session->tx_fifo, SESSION_IO_EVT_TX);
+ return rv;
}
static int
u64 udp_session_handle = session_handle (udp_session);
int rv = 0;
u32 thread_index = vlib_get_thread_index ();
+ quicly_context_t *quicly_ctx;
+
app = application_get_if_valid (app_index);
if (!app)
{
rv = 0;
quic_build_sockaddr (sa, &salen, &ph.rmt_ip, ph.rmt_port, ph.is_ip4);
- plen = quicly_decode_packet ((quicly_context_t *) app->quicly_ctx,
- &packet, data, ph.data_length);
+ quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
+ plen = quicly_decode_packet (quicly_ctx, &packet, data, ph.data_length);
if (plen != SIZE_MAX)
{
ctx = quic_ctx_get (ctx_index, thread_index);
quic_receive (ctx, ctx->conn, packet);
}
- else if (ctx_thread != UINT32_MAX)
+ else if (ctx_index != UINT32_MAX)
{
- /* Connection found but on wrong thread, ask move */
- quic_move_connection_to_thread (ctx_index, ctx_thread,
- thread_index);
+ /* Connection found but on wrong thread, just wait for
+ * session_migrate_callback to be called */
+ return 0;
}
else if ((packet.octets.base[0] & QUICLY_PACKET_TYPE_BITMASK) ==
QUICLY_PACKET_TYPE_INITIAL)
if (ctx->udp_session_handle == udp_session_handle)
{
/* Right ctx found, create conn & remove from pool */
- quic_create_connection ((quicly_context_t *) app->quicly_ctx,
- *ctx_index_ptr, sa, salen, packet);
+ quic_create_connection (*ctx_index_ptr, sa, salen, packet);
pool_put (opening_ctx_pool, ctx_index_ptr);
goto ctx_search_done;
}
}
else
{
- quic_reset_connection ((quicly_context_t *) app->quicly_ctx,
- udp_session_handle, sa, salen, packet);
+ quic_reset_connection (udp_session_handle, sa, salen, packet);
}
}
ctx_search_done:
.session_disconnect_callback = quic_session_disconnect_callback,
.session_connected_callback = quic_session_connected_callback,
.session_reset_callback = quic_session_reset_callback,
+ .session_migrate_callback = quic_session_migrate_callback,
.add_segment_callback = quic_add_segment_callback,
.del_segment_callback = quic_del_segment_callback,
.builtin_app_rx_callback = quic_app_rx_callback,
};
/* *INDENT-ON* */
+static void
+quic_register_cipher_suite (quic_crypto_engine_t type,
+ ptls_cipher_suite_t ** ciphers)
+{
+ quic_main_t *qm = &quic_main;
+ vec_validate (qm->quic_ciphers, type);
+ qm->quic_ciphers[type] = ciphers;
+}
+
static clib_error_t *
quic_init (vlib_main_t * vm)
{
qm->app_index = a->app_index;
qm->tstamp_ticks_per_clock = vm->clib_time.seconds_per_clock
/ QUIC_TSTAMP_RESOLUTION;
+ qm->session_cache.super.cb = quic_encrypt_ticket_cb;
transport_register_protocol (TRANSPORT_PROTO_QUIC, &quic_proto,
FIB_PROTOCOL_IP4, ~0);
transport_register_protocol (TRANSPORT_PROTO_QUIC, &quic_proto,
FIB_PROTOCOL_IP6, ~0);
+ quic_register_cipher_suite (CRYPTO_ENGINE_VPP, vpp_crypto_cipher_suites);
+ quic_register_cipher_suite (CRYPTO_ENGINE_PICOTLS,
+ ptls_openssl_cipher_suites);
+ qm->default_cipher = CRYPTO_ENGINE_PICOTLS;
vec_free (a->name);
return 0;
}
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (input, "vpp"))
- {
- quic_tlsctx.cipher_suites = vpp_crypto_cipher_suites;
- return 0;
- }
- else if (unformat (input, "picotls"))
- {
- quic_tlsctx.cipher_suites = ptls_openssl_cipher_suites;
- return 0;
- }
- else
- return clib_error_return (0, "unknown input '%U'",
- format_unformat_error, input);
- }
-
- return clib_error_return (0, "unknown input '%U'",
- format_unformat_error, input);
+ quic_main_t *qm = &quic_main;
+ if (unformat_check_input (input) == UNFORMAT_END_OF_INPUT)
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ if (unformat (input, "vpp"))
+ qm->default_cipher = CRYPTO_ENGINE_VPP;
+ else if (unformat (input, "picotls"))
+ qm->default_cipher = CRYPTO_ENGINE_PICOTLS;
+ else
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ return 0;
}
/* *INDENT-OFF* */
VLIB_CLI_COMMAND(quic_plugin_crypto_command, static)=
{
- .path = "quic set crypto api",
- .short_help = "quic set crypto api [picotls, vpp]",
- .function = quic_plugin_crypto_command_fn,
+ .path = "quic set crypto api",
+ .short_help = "quic set crypto api [picotls, vpp]",
+ .function = quic_plugin_crypto_command_fn,
};
-
VLIB_PLUGIN_REGISTER () =
{
.version = VPP_BUILD_VER,