/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
#include <vppinfra/bihash_16_8.h>
#include <quicly.h>
-#include <quicly/streambuf.h>
-#define QUIC_DEBUG 0
-#define QUIC_DEBUG_LEVEL_CLIENT 0
-#define QUIC_DEBUG_LEVEL_SERVER 0
+#include <vnet/crypto/crypto.h>
+#include <vppinfra/lock.h>
-#define QUIC_DEFAULT_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
+/* QUIC log levels
+ * 1 - errors
+ * 2 - connection/stream events
+ * 3 - packet events
+ * 4 - timer events
+ **/
+#define QUIC_DEBUG 0
#define QUIC_TSTAMP_RESOLUTION 0.001 /* QUIC tick resolution (1ms) */
+#define QUIC_TIMER_HANDLE_INVALID ((u32) ~0)
+#define QUIC_SESSION_INVALID ((u32) ~0 - 1)
+#define QUIC_MAX_PACKET_SIZE 1280
+
+#define QUIC_INT_MAX 0x3FFFFFFFFFFFFFFF
+#define QUIC_DEFAULT_FIFO_SIZE (64 << 10)
+#define QUIC_SEND_PACKET_VEC_SIZE 16
+#define QUIC_IV_LEN 17
+
+#define QUIC_MAX_COALESCED_PACKET 4
+
+#define QUIC_RCV_MAX_PACKETS 16
+
+#define QUIC_DEFAULT_CONN_TIMEOUT (30 * 1000) /* 30 seconds */
+
+/* Taken from quicly.c */
+#define QUICLY_QUIC_BIT 0x40
+#define QUICLY_PACKET_TYPE_INITIAL (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0)
+#define QUICLY_PACKET_TYPE_0RTT (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x10)
+#define QUICLY_PACKET_TYPE_HANDSHAKE (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x20)
+#define QUICLY_PACKET_TYPE_RETRY (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x30)
+#define QUICLY_PACKET_TYPE_BITMASK 0xf0
+
+/* error codes */
+#define QUIC_ERROR_FULL_FIFO 0xff10
+#define QUIC_APP_ERROR_CLOSE_NOTIFY QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0)
+#define QUIC_APP_ALLOCATION_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x1)
+#define QUIC_APP_ACCEPT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x2)
+#define QUIC_APP_CONNECT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x3)
+
+#define QUIC_DECRYPT_PACKET_OK 0
+#define QUIC_DECRYPT_PACKET_NOTOFFLOADED 1
+#define QUIC_DECRYPT_PACKET_ERROR 2
#if QUIC_DEBUG
-#define QUIC_DBG(_lvl, _fmt, _args...) \
+#define QUIC_DBG(_lvl, _fmt, _args...) \
if (_lvl <= QUIC_DEBUG) \
clib_warning (_fmt, ##_args)
#else
#define QUIC_DBG(_lvl, _fmt, _args...)
#endif
-#define QUIC_CONN_STATE_OPENED 0
-#define QUIC_CONN_STATE_HANDSHAKE 1
-#define QUIC_CONN_STATE_READY 2
+#if CLIB_ASSERT_ENABLE
+#define QUIC_ASSERT(truth) ASSERT (truth)
+#else
+#define QUIC_ASSERT(truth) \
+ do { \
+ if (PREDICT_FALSE (! (truth))) \
+ QUIC_ERR ("ASSERT(%s) failed", # truth); \
+ } while (0)
+#endif
+
+#define QUIC_ERR(_fmt, _args...) \
+ do { \
+ clib_warning ("QUIC-ERR: " _fmt, ##_args); \
+ } while (0)
+
+
-/* *INDENT-OFF* */
-typedef CLIB_PACKED (struct quic_ctx_id_
+extern vlib_node_registration_t quic_input_node;
+
+typedef enum
{
- u32 parent_app_wrk_id;
- u32 parent_app_id;
- union {
- CLIB_PACKED (struct {
- session_handle_t quic_session_handle; /* TODO: remove */
- session_handle_t udp_session_handle;
- quicly_conn_t *conn;
- u32 listener_ctx_id;
- u8 udp_is_ip4;
- });
- CLIB_PACKED (struct {
- session_handle_t stream_session_handle; /* TODO: remove */
- quicly_stream_t *stream;
- u32 quic_connection_ctx_id;
- });
- };
- u8 is_stream;
-}) quic_ctx_id_t;
-/* *INDENT-ON* */
+#define quic_error(n,s) QUIC_ERROR_##n,
+#include <plugins/quic/quic_error.def>
+#undef quic_error
+ QUIC_N_ERROR,
+} quic_error_t;
+
+typedef enum quic_ctx_conn_state_
+{
+ QUIC_CONN_STATE_OPENED,
+ QUIC_CONN_STATE_HANDSHAKE,
+ QUIC_CONN_STATE_READY,
+ QUIC_CONN_STATE_PASSIVE_CLOSING,
+ QUIC_CONN_STATE_PASSIVE_CLOSING_APP_CLOSED,
+ QUIC_CONN_STATE_PASSIVE_CLOSING_QUIC_CLOSED,
+ QUIC_CONN_STATE_ACTIVE_CLOSING,
+} quic_ctx_conn_state_t;
-STATIC_ASSERT (sizeof (quic_ctx_id_t) <= 42, "ctx id must be less than 42");
+typedef enum quic_packet_type_
+{
+ QUIC_PACKET_TYPE_NONE,
+ QUIC_PACKET_TYPE_RECEIVE,
+ QUIC_PACKET_TYPE_MIGRATE,
+ QUIC_PACKET_TYPE_ACCEPT,
+ QUIC_PACKET_TYPE_RESET,
+ QUIC_PACKET_TYPE_DROP,
+} quic_packet_type_t;
+
+typedef enum quic_ctx_flags_
+{
+ QUIC_F_IS_STREAM = (1 << 0),
+ QUIC_F_IS_LISTENER = (1 << 1),
+} quic_ctx_flags_t;
+
+typedef enum quic_cc_type
+{
+ QUIC_CC_RENO,
+ QUIC_CC_CUBIC,
+} quic_cc_type_t;
/* This structure is used to implement the concept of VPP connection for QUIC.
* We create one per connection and one per stream. */
union
{
transport_connection_t connection;
- quic_ctx_id_t c_quic_ctx_id;
+ struct
+ { /** QUIC ctx case */
+ quicly_conn_t *conn;
+ u32 listener_ctx_id;
+ u32 client_opaque;
+ u8 *srv_hostname;
+ u8 conn_state;
+ u8 udp_is_ip4;
+ u8 _qctx_end_marker; /* Leave this at the end */
+ };
+ struct
+ { /** STREAM ctx case */
+ quicly_stream_t *stream;
+ u64 bytes_written;
+ u32 quic_connection_ctx_id;
+ u8 _sctx_end_marker; /* Leave this at the end */
+ };
};
- u8 *srv_hostname;
- u32 client_opaque;
+ session_handle_t udp_session_handle;
u32 timer_handle;
- u8 conn_state;
- u8 is_listener;
+ u32 parent_app_wrk_id;
+ u32 parent_app_id;
+ u32 ckpair_index;
+ u32 crypto_engine;
+ u32 crypto_context_index;
+ u8 flags;
+
+ struct
+ {
+ ptls_cipher_context_t *hp_ctx;
+ ptls_aead_context_t *aead_ctx;
+ } ingress_keys;
+ int key_phase_ingress;
+
} quic_ctx_t;
+/* Make sure our custom fields don't overlap with the fields we use in
+ .connection
+*/
+STATIC_ASSERT (offsetof (quic_ctx_t, _qctx_end_marker) <=
+ TRANSPORT_CONN_ID_LEN,
+ "connection data must be less than TRANSPORT_CONN_ID_LEN bytes");
+STATIC_ASSERT (offsetof (quic_ctx_t, _sctx_end_marker) <=
+ TRANSPORT_CONN_ID_LEN,
+ "connection data must be less than TRANSPORT_CONN_ID_LEN bytes");
+
+/* single-entry session cache */
+typedef struct quic_session_cache_
+{
+ ptls_encrypt_ticket_t super;
+ uint8_t id[32];
+ ptls_iovec_t data;
+} quic_session_cache_t;
+
typedef struct quic_stream_data_
{
- quicly_streambuf_t streambuf;
u32 ctx_id;
+ u32 thread_index;
+ u32 app_rx_data_len; /**< bytes received, to be read by external app */
+ u32 app_tx_data_len; /**< bytes sent */
} quic_stream_data_t;
+typedef struct quic_crypto_context_data_
+{
+ quicly_context_t quicly_ctx;
+ char cid_key[QUIC_IV_LEN];
+ ptls_context_t ptls_ctx;
+} quic_crypto_context_data_t;
+
typedef struct quic_worker_ctx_
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
int64_t time_now; /**< worker time */
tw_timer_wheel_1t_3w_1024sl_ov_t timer_wheel; /**< worker timer wheel */
- u32 *opening_ctx_pool;
+ quicly_cid_plaintext_t next_cid;
+ crypto_context_t *crypto_ctx_pool; /**< per thread pool of crypto contexes */
+ clib_bihash_24_8_t crypto_context_hash; /**< per thread [params:crypto_ctx_index] hash */
} quic_worker_ctx_t;
+typedef struct quic_rx_packet_ctx_
+{
+ quicly_decoded_packet_t packet;
+ u8 data[QUIC_MAX_PACKET_SIZE];
+ u32 ctx_index;
+ u32 thread_index;
+ union
+ {
+ struct sockaddr sa;
+ struct sockaddr_in6 sa6;
+ };
+ socklen_t salen;
+ u8 ptype;
+ session_dgram_hdr_t ph;
+} quic_rx_packet_ctx_t;
+
typedef struct quic_main_
{
u32 app_index;
quic_ctx_t **ctx_pool;
quic_worker_ctx_t *wrk_ctx;
- clib_bihash_16_8_t connection_hash; /* quicly connection id -> conn handle */
+ clib_bihash_16_8_t connection_hash; /**< quic connection id -> conn handle */
f64 tstamp_ticks_per_clock;
- u32 fake_app_listener_index; /* ugly hack for accept cb */
- /*
- * Config
- */
- quicly_context_t quicly_ctx;
+ ptls_cipher_suite_t ***quic_ciphers; /**< available ciphers by crypto engine */
+ uword *available_crypto_engines; /**< Bitmap for registered engines */
+ u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */
+ u64 max_packets_per_key; /**< number of packets that can be sent without a key update */
+ u8 default_quic_cc;
+
ptls_handshake_properties_t hs_properties;
- quicly_cid_plaintext_t next_cid;
- u8 use_test_cert_in_ca;
- char *ca_cert_path;
+ quic_session_cache_t session_cache;
+
+ u32 udp_fifo_size;
+ u32 udp_fifo_prealloc;
+ u32 connection_timeout;
+
+ u8 vnet_crypto_enabled;
+
+ clib_rwlock_t crypto_keys_quic_rw_lock;
} quic_main_t;
#endif /* __included_quic_h__ */
Code Review / vpp.git / blobdiff