* TODO(QUIC SERVER): Implement retry logic
*/
-#define INIT_DCID_LEN 8
#define INIT_CRYPTO_RECV_BUF_LEN 16384
#define INIT_CRYPTO_SEND_BUF_LEN 16384
#define INIT_APP_BUF_LEN 8192
const QUIC_TERMINATE_CAUSE *tcause,
int force_immediate);
static int ch_stateless_reset_token_handler(const unsigned char *data, size_t datalen, void *arg);
-static void ch_default_packet_handler(QUIC_URXE *e, void *arg);
-static int ch_server_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
- const QUIC_CONN_ID *peer_dcid);
static void ch_on_txp_ack_tx(const OSSL_QUIC_FRAME_ACK *ack, uint32_t pn_space,
void *arg);
static void ch_rx_handle_version_neg(QUIC_CHANNEL *ch, OSSL_QRX_PKT *pkt);
*
* TODO(QUIC FUTURE): optimise this to only be called for unparsable packets
*/
-static int ch_stateless_reset_token_handler(const unsigned char *data,
+static int ossl_unused ch_stateless_reset_token_handler(const unsigned char *data,
size_t datalen, void *arg)
{
QUIC_SRT_ELEM srte;
OSSL_QRX_ARGS qrx_args = {0};
QUIC_TLS_ARGS tls_args = {0};
uint32_t pn_space;
- size_t rx_short_cid_len = ch->is_server ? INIT_DCID_LEN : 0;
+ size_t rx_short_dcid_len = ossl_quic_port_get_rx_short_dcid_len(ch->port);
+ size_t tx_init_dcid_len = ossl_quic_port_get_tx_init_dcid_len(ch->port);
if (ch->port == NULL)
goto err;
/* For clients, generate our initial DCID. */
if (!ch->is_server
- && !gen_rand_conn_id(ch->port->libctx, INIT_DCID_LEN, &ch->init_dcid))
+ && !gen_rand_conn_id(ch->port->libctx, tx_init_dcid_len, &ch->init_dcid))
goto err;
/* We plug in a network write BIO to the QTX later when we get one. */
ossl_quic_tx_packetiser_set_ack_tx_cb(ch->txp, ch_on_txp_ack_tx, ch);
- if ((ch->demux = ossl_quic_demux_new(/*BIO=*/NULL,
- /*Short CID Len=*/rx_short_cid_len,
- get_time, ch)) == NULL)
- goto err;
-
/*
* Setup a handler to detect stateless reset tokens.
*/
- ossl_quic_demux_set_stateless_reset_handler(ch->demux,
- &ch_stateless_reset_token_handler,
- ch);
-
- /*
- * If we are a server, setup our handler for packets not corresponding to
- * any known DCID on our end. This is for handling clients establishing new
- * connections.
- */
- if (ch->is_server)
- ossl_quic_demux_set_default_handler(ch->demux,
- ch_default_packet_handler,
- ch);
+ //ossl_quic_demux_set_stateless_reset_handler(ch->demux,
+ // &ch_stateless_reset_token_handler,
+ // ch);
qrx_args.libctx = ch->port->libctx;
- qrx_args.demux = ch->demux;
- qrx_args.short_conn_id_len = rx_short_cid_len;
+ qrx_args.demux = ch->port->demux;
+ qrx_args.short_conn_id_len = rx_short_dcid_len;
qrx_args.max_deferred = 32;
if ((ch->qrx = ossl_qrx_new(&qrx_args)) == NULL)
ossl_quic_tls_free(ch->qtls);
ossl_qrx_free(ch->qrx);
- ossl_quic_demux_free(ch->demux);
OPENSSL_free(ch->local_transport_params);
OPENSSL_free((char *)ch->terminate_cause.reason);
OSSL_ERR_STATE_free(ch->err_state);
QUIC_DEMUX *ossl_quic_channel_get0_demux(QUIC_CHANNEL *ch)
{
- return ch->demux;
+ return ch->port->demux;
}
QUIC_PORT *ossl_quic_channel_get0_port(QUIC_CHANNEL *ch)
int ossl_quic_channel_has_pending(const QUIC_CHANNEL *ch)
{
- return ossl_quic_demux_has_pending(ch->demux)
+ return ossl_quic_demux_has_pending(ch->port->demux)
|| ossl_qrx_processed_read_pending(ch->qrx);
}
* Get DEMUX to BIO_recvmmsg from the network and queue incoming datagrams
* to the appropriate QRX instance.
*/
- ret = ossl_quic_demux_pump(ch->demux);
+ ret = ossl_quic_demux_pump(ch->port->demux);
if (ret == QUIC_DEMUX_PUMP_RES_STATELESS_RESET)
ch_stateless_reset(ch);
else if (ret == QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL)
ch_start_terminating(ch, &tcause, 1);
}
-/*
- * This is called by the demux when we get a packet not destined for any known
- * DCID.
- */
-static void ch_default_packet_handler(QUIC_URXE *e, void *arg)
-{
- QUIC_CHANNEL *ch = arg;
- PACKET pkt;
- QUIC_PKT_HDR hdr;
-
- if (!ossl_assert(ch->is_server))
- goto undesirable;
-
- /*
- * We only support one connection to our server currently, so if we already
- * started one, ignore any new connection attempts.
- */
- if (ch->state != QUIC_CHANNEL_STATE_IDLE)
- goto undesirable;
-
- /*
- * We have got a packet for an unknown DCID. This might be an attempt to
- * open a new connection.
- */
- if (e->data_len < QUIC_MIN_INITIAL_DGRAM_LEN)
- goto undesirable;
-
- if (!PACKET_buf_init(&pkt, ossl_quic_urxe_data(e), e->data_len))
- goto err;
-
- /*
- * We set short_conn_id_len to SIZE_MAX here which will cause the decode
- * operation to fail if we get a 1-RTT packet. This is fine since we only
- * care about Initial packets.
- */
- if (!ossl_quic_wire_decode_pkt_hdr(&pkt, SIZE_MAX, 1, 0, &hdr, NULL))
- goto undesirable;
-
- switch (hdr.version) {
- case QUIC_VERSION_1:
- break;
-
- case QUIC_VERSION_NONE:
- default:
- /* Unknown version or proactive version negotiation request, bail. */
- /* TODO(QUIC SERVER): Handle version negotiation on server side */
- goto undesirable;
- }
-
- /*
- * We only care about Initial packets which might be trying to establish a
- * connection.
- */
- if (hdr.type != QUIC_PKT_TYPE_INITIAL)
- goto undesirable;
-
- /*
- * Assume this is a valid attempt to initiate a connection.
- *
- * We do not register the DCID in the initial packet we received and that
- * DCID is not actually used again, thus after provisioning the correct
- * Initial keys derived from it (which is done in the call below) we pass
- * the received packet directly to the QRX so that it can process it as a
- * one-time thing, instead of going through the usual DEMUX DCID-based
- * routing.
- */
- if (!ch_server_on_new_conn(ch, &e->peer,
- &hdr.src_conn_id,
- &hdr.dst_conn_id))
- goto err;
-
- ossl_qrx_inject_urxe(ch->qrx, e);
- return;
-
-err:
- ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
- "internal error");
-undesirable:
- ossl_quic_demux_release_urxe(ch->demux, e);
-}
-
/* Try to generate packets and if possible, flush them to the network. */
static int ch_tx(QUIC_CHANNEL *ch)
{
if (!ch_update_poll_desc(ch, net_rbio, /*for_write=*/0))
return 0;
- ossl_quic_demux_set_bio(ch->demux, net_rbio);
+ ossl_quic_demux_set_bio(ch->port->demux, net_rbio);
ch->net_rbio = net_rbio;
return 1;
}
}
/* Called when we, as a server, get a new incoming connection. */
-static int ch_server_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
- const QUIC_CONN_ID *peer_dcid)
+int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
+ const QUIC_CONN_ID *peer_scid,
+ const QUIC_CONN_ID *peer_dcid)
{
if (!ossl_assert(ch->state == QUIC_CHANNEL_STATE_IDLE && ch->is_server))
return 0;
+
/* Generate a SCID we will use for the connection. */
- if (!gen_rand_conn_id(ch->port->libctx, INIT_DCID_LEN,
+ if (!gen_rand_conn_id(ch->port->libctx,
+ ossl_quic_port_get_tx_init_dcid_len(ch->port),
&ch->cur_local_cid))
return 0;
* QUIC Port Structure
* ===================
*/
+#define INIT_DCID_LEN 8
+
static int port_init(QUIC_PORT *port);
static void port_cleanup(QUIC_PORT *port);
static OSSL_TIME get_time(void *arg);
static void port_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags);
-//static void port_default_packet_handler(QUIC_URXE *e, void *arg);
+static void port_default_packet_handler(QUIC_URXE *e, void *arg);
DEFINE_LIST_OF_IMPL(ch, QUIC_CHANNEL);
if ((port = OPENSSL_zalloc(sizeof(QUIC_PORT))) == NULL)
return NULL;
- port->libctx = args->libctx;
- port->propq = args->propq;
- port->mutex = args->mutex;
- port->now_cb = args->now_cb;
- port->now_cb_arg = args->now_cb_arg;
- port->channel_ctx = args->channel_ctx;
+ port->libctx = args->libctx;
+ port->propq = args->propq;
+ port->mutex = args->mutex;
+ port->now_cb = args->now_cb;
+ port->now_cb_arg = args->now_cb_arg;
+ port->channel_ctx = args->channel_ctx;
+ port->is_multi_conn = args->is_multi_conn;
if (!port_init(port)) {
OPENSSL_free(port);
static int port_init(QUIC_PORT *port)
{
- size_t rx_short_cid_len = 8;
+ size_t rx_short_dcid_len = (port->is_multi_conn ? INIT_DCID_LEN : 0);
if (port->channel_ctx == NULL)
goto err;
if ((port->demux = ossl_quic_demux_new(/*BIO=*/NULL,
- /*Short CID Len=*/rx_short_cid_len,
+ /*Short CID Len=*/rx_short_dcid_len,
get_time, port)) == NULL)
goto err;
* connections.
*/
// if (is_server)
- //ossl_quic_demux_set_default_handler(port->demux,
- // port_default_packet_handler,
- // port);
+ ossl_quic_demux_set_default_handler(port->demux,
+ port_default_packet_handler,
+ port);
ossl_quic_reactor_init(&port->rtor, port_tick, port, ossl_time_zero());
+ port->rx_short_dcid_len = (unsigned char)rx_short_dcid_len;
+ port->tx_init_dcid_len = INIT_DCID_LEN;
return 1;
err:
return ossl_quic_port_get_time(port);
}
+int ossl_quic_port_get_rx_short_dcid_len(const QUIC_PORT *port)
+{
+ return port->rx_short_dcid_len;
+}
+
+int ossl_quic_port_get_tx_init_dcid_len(const QUIC_PORT *port)
+{
+ return port->tx_init_dcid_len;
+}
/*
* QUIC Port: Network BIO Configuration
QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls)
{
- return port_make_channel(port, tls, /*is_server=*/1);
+ QUIC_CHANNEL *ch;
+
+ assert(port->tserver_ch == NULL);
+
+ ch = port_make_channel(port, tls, /*is_server=*/1);
+ port->tserver_ch = ch;
+ return ch;
}
/*
{
/* TODO */
}
+
+/*
+ * Handles an incoming connection request and potentially decides to make a
+ * connection from it. If a new connection is made, the new channel is written
+ * to *new_ch.
+ */
+static void port_on_new_conn(QUIC_PORT *port, const BIO_ADDR *peer,
+ const QUIC_CONN_ID *scid,
+ const QUIC_CONN_ID *dcid,
+ QUIC_CHANNEL **new_ch)
+{
+ if (port->tserver_ch != NULL) {
+ /* Specially assign to existing channel */
+ if (!ossl_quic_channel_on_new_conn(port->tserver_ch, peer, scid, dcid))
+ return;
+
+ *new_ch = port->tserver_ch;
+ port->tserver_ch = NULL;
+ return;
+ }
+}
+
+/*
+ * This is called by the demux when we get a packet not destined for any known
+ * DCID.
+ */
+static void port_default_packet_handler(QUIC_URXE *e, void *arg)
+{
+ QUIC_PORT *port = arg;
+ PACKET pkt;
+ QUIC_PKT_HDR hdr;
+ QUIC_CHANNEL *new_ch = NULL;
+
+ if (port->tserver_ch == NULL)
+ goto undesirable;
+
+ /*
+ * We have got a packet for an unknown DCID. This might be an attempt to
+ * open a new connection.
+ */
+ if (e->data_len < QUIC_MIN_INITIAL_DGRAM_LEN)
+ goto undesirable;
+
+ if (!PACKET_buf_init(&pkt, ossl_quic_urxe_data(e), e->data_len))
+ goto undesirable;
+
+ /*
+ * We set short_conn_id_len to SIZE_MAX here which will cause the decode
+ * operation to fail if we get a 1-RTT packet. This is fine since we only
+ * care about Initial packets.
+ */
+ if (!ossl_quic_wire_decode_pkt_hdr(&pkt, SIZE_MAX, 1, 0, &hdr, NULL))
+ goto undesirable;
+
+ switch (hdr.version) {
+ case QUIC_VERSION_1:
+ break;
+
+ case QUIC_VERSION_NONE:
+ default:
+ /* Unknown version or proactive version negotiation request, bail. */
+ /* TODO(QUIC SERVER): Handle version negotiation on server side */
+ goto undesirable;
+ }
+
+ /*
+ * We only care about Initial packets which might be trying to establish a
+ * connection.
+ */
+ if (hdr.type != QUIC_PKT_TYPE_INITIAL)
+ goto undesirable;
+
+ /*
+ * Try to process this as a valid attempt to initiate a connection.
+ *
+ * We do not register the DCID in the Initial packet we received as
+ * that DCID is not actually used again, thus after provisioning
+ * the new connection and associated Initial keys, we inject the
+ * received packet directly to the new channel's QRX so that it can
+ * process it as a one-time thing, instead of going through the usual
+ * DEMUX DCID-based routing.
+ */
+ port_on_new_conn(port, &e->peer, &hdr.src_conn_id, &hdr.dst_conn_id,
+ &new_ch);
+ if (new_ch != NULL)
+ ossl_qrx_inject_urxe(new_ch->qrx, e);
+
+ return;
+
+undesirable:
+ ossl_quic_demux_release_urxe(port->demux, e);
+}
projects / openssl.git / commitdiff