2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/quic_txp.h"
11 #include "internal/quic_fifd.h"
12 #include "internal/quic_stream_map.h"
13 #include "internal/quic_error.h"
14 #include "internal/common.h"
15 #include <openssl/err.h>
17 #define MIN_CRYPTO_HDR_SIZE 3
19 #define MIN_FRAME_SIZE_HANDSHAKE_DONE 1
20 #define MIN_FRAME_SIZE_MAX_DATA 2
21 #define MIN_FRAME_SIZE_ACK 5
22 #define MIN_FRAME_SIZE_CRYPTO (MIN_CRYPTO_HDR_SIZE + 1)
23 #define MIN_FRAME_SIZE_STREAM 3 /* minimum useful size (for non-FIN) */
24 #define MIN_FRAME_SIZE_MAX_STREAMS_BIDI 2
25 #define MIN_FRAME_SIZE_MAX_STREAMS_UNI 2
32 /* Generate normal packets containing most frame types, subject to EL. */
33 #define TX_PACKETISER_ARCHETYPE_NORMAL 0
36 * A probe packet is different in that:
37 * - It bypasses CC, but *is* counted as in flight for purposes of CC;
38 * - It must be ACK-eliciting.
40 #define TX_PACKETISER_ARCHETYPE_PROBE 1
43 * An ACK-only packet is different in that:
44 * - It bypasses CC, and is considered a 'non-inflight' packet;
45 * - It may not contain anything other than an ACK frame, not even padding.
47 #define TX_PACKETISER_ARCHETYPE_ACK_ONLY 2
49 #define TX_PACKETISER_ARCHETYPE_NUM 3
51 struct ossl_quic_tx_packetiser_st {
52 OSSL_QUIC_TX_PACKETISER_ARGS args;
55 * Opaque initial token blob provided by caller. TXP frees using the
56 * callback when it is no longer needed.
58 const unsigned char *initial_token;
59 size_t initial_token_len;
60 ossl_quic_initial_token_free_fn *initial_token_free_cb;
61 void *initial_token_free_cb_arg;
63 /* Subcomponents of the TXP that we own. */
64 QUIC_FIFD fifd; /* QUIC Frame-in-Flight Dispatcher */
67 uint64_t next_pn[QUIC_PN_SPACE_NUM]; /* Next PN to use in given PN space. */
68 OSSL_TIME last_tx_time; /* Last time a packet was generated, or 0. */
70 /* Internal state - frame (re)generation flags. */
71 unsigned int want_handshake_done : 1;
72 unsigned int want_max_data : 1;
73 unsigned int want_max_streams_bidi : 1;
74 unsigned int want_max_streams_uni : 1;
76 /* Internal state - frame (re)generation flags - per PN space. */
77 unsigned int want_ack : QUIC_PN_SPACE_NUM;
78 unsigned int force_ack_eliciting : QUIC_PN_SPACE_NUM;
81 * Internal state - connection close terminal state.
82 * Once this is set, it is not unset unlike other want_ flags - we keep
83 * sending it in every packet.
85 unsigned int want_conn_close : 1;
87 /* Has the handshake been completed? */
88 unsigned int handshake_complete : 1;
90 OSSL_QUIC_FRAME_CONN_CLOSE conn_close_frame;
93 * Counts of the number of bytes received and sent while in the closing
96 uint64_t closing_bytes_recv;
97 uint64_t closing_bytes_xmit;
99 /* Internal state - packet assembly. */
101 unsigned char *scratch; /* scratch buffer for packet assembly */
102 size_t scratch_len; /* number of bytes allocated for scratch */
103 OSSL_QTX_IOVEC *iovec; /* scratch iovec array for use with QTX */
104 size_t alloc_iovec; /* size of iovec array */
105 } el[QUIC_ENC_LEVEL_NUM];
107 /* Message callback related arguments */
108 ossl_msg_cb msg_callback;
109 void *msg_callback_arg;
110 SSL *msg_callback_ssl;
113 void (*ack_tx_cb)(const OSSL_QUIC_FRAME_ACK *ack,
120 * The TX helper records state used while generating frames into packets. It
121 * enables serialization into the packet to be done "transactionally" where
122 * serialization of a frame can be rolled back if it fails midway (e.g. if it
126 OSSL_QUIC_TX_PACKETISER *txp;
128 * The Maximum Packet Payload Length in bytes. This is the amount of
129 * space we have to generate frames into.
133 * Number of bytes we have generated so far.
135 size_t bytes_appended;
137 * Number of scratch bytes in txp->scratch we have used so far. Some iovecs
138 * will reference this scratch buffer. When we need to use more of it (e.g.
139 * when we need to put frame headers somewhere), we append to the scratch
140 * buffer, resizing if necessary, and increase this accordingly.
142 size_t scratch_bytes;
144 * Bytes reserved in the MaxPPL budget. We keep this number of bytes spare
145 * until reserve_allowed is set to 1. Currently this is always at most 1, as
146 * a PING frame takes up one byte and this mechanism is only used to ensure
147 * we can encode a PING frame if we have been asked to ensure a packet is
148 * ACK-eliciting and we are unusure if we are going to add any other
149 * ACK-eliciting frames before we reach our MaxPPL budget.
153 * Number of iovecs we have currently appended. This is the number of
154 * entries valid in txp->iovec.
157 /* The EL this TX helper is being used for. */
160 * Whether we are allowed to make use of the reserve bytes in our MaxPPL
161 * budget. This is used to ensure we have room to append a PING frame later
162 * if we need to. Once we know we will not need to append a PING frame, this
165 unsigned int reserve_allowed : 1;
167 * Set to 1 if we have appended a STREAM frame with an implicit length. If
168 * this happens we should never append another frame after that frame as it
169 * cannot be validly encoded. This is just a safety check.
171 unsigned int done_implicit : 1;
174 * The fields in this structure are valid if active is set, which means
175 * that a serialization transaction is currently in progress.
179 unsigned int active : 1;
183 static void tx_helper_rollback(struct tx_helper *h);
184 static int txp_el_ensure_iovec(struct txp_el *el, size_t num);
186 /* Initialises the TX helper. */
187 static int tx_helper_init(struct tx_helper *h, OSSL_QUIC_TX_PACKETISER *txp,
188 uint32_t enc_level, size_t max_ppl, size_t reserve)
190 if (reserve > max_ppl)
194 h->enc_level = enc_level;
195 h->max_ppl = max_ppl;
196 h->reserve = reserve;
198 h->bytes_appended = 0;
199 h->scratch_bytes = 0;
200 h->reserve_allowed = 0;
201 h->done_implicit = 0;
205 if (max_ppl > h->txp->el[enc_level].scratch_len) {
206 unsigned char *scratch;
208 scratch = OPENSSL_realloc(h->txp->el[enc_level].scratch, max_ppl);
212 h->txp->el[enc_level].scratch = scratch;
213 h->txp->el[enc_level].scratch_len = max_ppl;
219 static void tx_helper_cleanup(struct tx_helper *h)
222 tx_helper_rollback(h);
227 static void tx_helper_unrestrict(struct tx_helper *h)
229 h->reserve_allowed = 1;
233 * Append an extent of memory to the iovec list. The memory must remain
234 * allocated until we finish generating the packet and call the QTX.
236 * In general, the buffers passed to this function will be from one of two
239 * - Application data contained in stream buffers managed elsewhere
240 * in the QUIC stack; or
242 * - Control frame data appended into txp->scratch using tx_helper_begin and
246 static int tx_helper_append_iovec(struct tx_helper *h,
247 const unsigned char *buf,
250 struct txp_el *el = &h->txp->el[h->enc_level];
255 if (!ossl_assert(!h->done_implicit))
258 if (!txp_el_ensure_iovec(el, h->num_iovec + 1))
261 el->iovec[h->num_iovec].buf = buf;
262 el->iovec[h->num_iovec].buf_len = buf_len;
265 h->bytes_appended += buf_len;
270 * How many more bytes of space do we have left in our plaintext packet payload?
272 static size_t tx_helper_get_space_left(struct tx_helper *h)
275 - (h->reserve_allowed ? 0 : h->reserve) - h->bytes_appended;
279 * Begin a control frame serialization transaction. This allows the
280 * serialization of the control frame to be backed out if it turns out it won't
281 * fit. Write the control frame to the returned WPACKET. Ensure you always
282 * call tx_helper_rollback or tx_helper_commit (or tx_helper_cleanup). Returns
285 static WPACKET *tx_helper_begin(struct tx_helper *h)
287 size_t space_left, len;
289 struct txp_el *el = &h->txp->el[h->enc_level];
291 if (!ossl_assert(!h->txn.active))
294 if (!ossl_assert(!h->done_implicit))
297 data = (unsigned char *)el->scratch + h->scratch_bytes;
298 len = el->scratch_len - h->scratch_bytes;
300 space_left = tx_helper_get_space_left(h);
301 if (!ossl_assert(space_left <= len))
304 if (!WPACKET_init_static_len(&h->txn.wpkt, data, len, 0))
307 if (!WPACKET_set_max_size(&h->txn.wpkt, space_left)) {
308 WPACKET_cleanup(&h->txn.wpkt);
317 static void tx_helper_end(struct tx_helper *h, int success)
320 WPACKET_finish(&h->txn.wpkt);
322 WPACKET_cleanup(&h->txn.wpkt);
328 /* Abort a control frame serialization transaction. */
329 static void tx_helper_rollback(struct tx_helper *h)
337 /* Commit a control frame. */
338 static int tx_helper_commit(struct tx_helper *h)
345 if (!WPACKET_get_total_written(&h->txn.wpkt, &l)) {
350 if (!tx_helper_append_iovec(h, h->txn.data, l)) {
355 if (h->txp->msg_callback != NULL && l > 0) {
357 int ctype = SSL3_RT_QUIC_FRAME_FULL;
360 if (!PACKET_buf_init(&pkt, h->txn.data, l)
361 || !ossl_quic_wire_peek_frame_header(&pkt, &ftype, NULL)) {
366 if (ftype == OSSL_QUIC_FRAME_TYPE_PADDING)
367 ctype = SSL3_RT_QUIC_FRAME_PADDING;
368 else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(ftype)
369 || ftype == OSSL_QUIC_FRAME_TYPE_CRYPTO)
370 ctype = SSL3_RT_QUIC_FRAME_HEADER;
372 h->txp->msg_callback(1, OSSL_QUIC1_VERSION, ctype, h->txn.data, l,
373 h->txp->msg_callback_ssl,
374 h->txp->msg_callback_arg);
377 h->scratch_bytes += l;
382 struct archetype_data {
383 unsigned int allow_ack : 1;
384 unsigned int allow_ping : 1;
385 unsigned int allow_crypto : 1;
386 unsigned int allow_handshake_done : 1;
387 unsigned int allow_path_challenge : 1;
388 unsigned int allow_path_response : 1;
389 unsigned int allow_new_conn_id : 1;
390 unsigned int allow_retire_conn_id : 1;
391 unsigned int allow_stream_rel : 1;
392 unsigned int allow_conn_fc : 1;
393 unsigned int allow_conn_close : 1;
394 unsigned int allow_cfq_other : 1;
395 unsigned int allow_new_token : 1;
396 unsigned int allow_force_ack_eliciting : 1;
397 unsigned int allow_padding : 1;
398 unsigned int require_ack_eliciting : 1;
399 unsigned int bypass_cc : 1;
402 struct txp_pkt_geom {
403 size_t cmpl, cmppl, hwm, pkt_overhead;
405 struct archetype_data adata;
411 QUIC_TXPIM_PKT *tpkt;
412 QUIC_STREAM *stream_head;
414 struct txp_pkt_geom geom;
418 static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space,
420 static void on_regen_notify(uint64_t frame_type, uint64_t stream_id,
421 QUIC_TXPIM_PKT *pkt, void *arg);
422 static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id,
423 QUIC_TXPIM_PKT *pkt, void *arg);
424 static void on_sstream_updated(uint64_t stream_id, void *arg);
425 static int sstream_is_pending(QUIC_SSTREAM *sstream);
426 static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp,
430 uint32_t *conn_close_enc_level);
431 static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp);
432 static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp,
437 static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp);
438 static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp,
440 int chosen_for_conn_close);
441 static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp,
442 uint32_t enc_level, uint32_t archetype,
443 size_t running_total);
444 static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp);
445 static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt,
446 OSSL_QUIC_TX_PACKETISER *txp);
447 static int txp_pkt_append_padding(struct txp_pkt *pkt,
448 OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes);
449 static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp, struct txp_pkt *pkt,
451 static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp,
454 OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args)
456 OSSL_QUIC_TX_PACKETISER *txp;
460 || args->txpim == NULL
462 || args->ackm == NULL
464 || args->conn_txfc == NULL
465 || args->conn_rxfc == NULL
466 || args->max_streams_bidi_rxfc == NULL
467 || args->max_streams_uni_rxfc == NULL) {
468 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
472 txp = OPENSSL_zalloc(sizeof(*txp));
477 txp->last_tx_time = ossl_time_zero();
479 if (!ossl_quic_fifd_init(&txp->fifd,
480 txp->args.cfq, txp->args.ackm, txp->args.txpim,
481 get_sstream_by_id, txp,
482 on_regen_notify, txp,
483 on_confirm_notify, txp,
484 on_sstream_updated, txp)) {
492 void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp)
499 ossl_quic_tx_packetiser_set_initial_token(txp, NULL, 0, NULL, NULL);
500 ossl_quic_fifd_cleanup(&txp->fifd);
501 OPENSSL_free(txp->conn_close_frame.reason);
503 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
504 enc_level < QUIC_ENC_LEVEL_NUM;
506 OPENSSL_free(txp->el[enc_level].iovec);
507 OPENSSL_free(txp->el[enc_level].scratch);
513 void ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp,
514 const unsigned char *token,
516 ossl_quic_initial_token_free_fn *free_cb,
519 if (txp->initial_token != NULL && txp->initial_token_free_cb != NULL)
520 txp->initial_token_free_cb(txp->initial_token, txp->initial_token_len,
521 txp->initial_token_free_cb_arg);
523 txp->initial_token = token;
524 txp->initial_token_len = token_len;
525 txp->initial_token_free_cb = free_cb;
526 txp->initial_token_free_cb_arg = free_cb_arg;
529 int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp,
530 const QUIC_CONN_ID *dcid)
533 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
537 txp->args.cur_dcid = *dcid;
541 int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp,
542 const QUIC_CONN_ID *scid)
545 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
549 txp->args.cur_scid = *scid;
553 /* Change the destination L4 address the TXP uses to send datagrams. */
554 int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp,
555 const BIO_ADDR *peer)
558 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
562 txp->args.peer = *peer;
566 void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp,
567 void (*cb)(const OSSL_QUIC_FRAME_ACK *ack,
573 txp->ack_tx_cb_arg = cb_arg;
576 int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp,
579 if (enc_level >= QUIC_ENC_LEVEL_NUM) {
580 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
584 if (enc_level != QUIC_ENC_LEVEL_0RTT)
585 txp->args.crypto[ossl_quic_enc_level_to_pn_space(enc_level)] = NULL;
590 void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp)
592 txp->handshake_complete = 1;
595 void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp)
597 txp->want_handshake_done = 1;
600 void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp,
603 txp->force_ack_eliciting |= (1UL << pn_space);
606 void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp,
609 txp->want_ack |= (1UL << pn_space);
612 #define TXP_ERR_INTERNAL 0 /* Internal (e.g. alloc) error */
613 #define TXP_ERR_SUCCESS 1 /* Success */
614 #define TXP_ERR_SPACE 2 /* Not enough room for another packet */
615 #define TXP_ERR_INPUT 3 /* Invalid/malformed input */
618 * Generates a datagram by polling the various ELs to determine if they want to
619 * generate any frames, and generating a datagram which coalesces packets for
622 int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp,
623 QUIC_TXP_STATUS *status)
626 * Called to generate one or more datagrams, each containing one or more
629 * There are some tricky things to note here:
631 * - The TXP is only concerned with generating encrypted packets;
632 * other packets use a different path.
634 * - Any datagram containing an Initial packet must have a payload length
635 * (DPL) of at least 1200 bytes. This padding need not necessarily be
636 * found in the Initial packet.
638 * - It is desirable to be able to coalesce an Initial packet
639 * with a Handshake packet. Since, before generating the Handshake
640 * packet, we do not know how long it will be, we cannot know the
641 * correct amount of padding to ensure a DPL of at least 1200 bytes.
642 * Thus this padding must added to the Handshake packet (or whatever
643 * packet is the last in the datagram).
645 * - However, at the time that we generate the Initial packet,
646 * we do not actually know for sure that we will be followed
647 * in the datagram by another packet. For example, suppose we have
648 * some queued data (e.g. crypto stream data for the HANDSHAKE EL)
649 * it looks like we will want to send on the HANDSHAKE EL.
650 * We could assume padding will be placed in the Handshake packet
651 * subsequently and avoid adding any padding to the Initial packet
652 * (which would leave no room for the Handshake packet in the
655 * However, this is not actually a safe assumption. Suppose that we
656 * are using a link with a MDPL of 1200 bytes, the minimum allowed by
657 * QUIC. Suppose that the Initial packet consumes 1195 bytes in total.
658 * Since it is not possible to fit a Handshake packet in just 5 bytes,
659 * upon trying to add a Handshake packet after generating the Initial
660 * packet, we will discover we have no room to fit it! This is not a
661 * problem in itself as another datagram can be sent subsequently, but
662 * it is a problem because we were counting to use that packet to hold
663 * the essential padding. But if we have already finished encrypting
664 * the Initial packet, we cannot go and add padding to it anymore.
665 * This leaves us stuck.
667 * Because of this, we have to plan multiple packets simultaneously, such
668 * that we can start generating a Handshake (or 0-RTT or 1-RTT, or so on)
669 * packet while still having the option to go back and add padding to the
670 * Initial packet if it turns out to be needed.
672 * Trying to predict ahead of time (e.g. during Initial packet generation)
673 * whether we will successfully generate a subsequent packet is fraught with
674 * error as it relies on a large number of variables:
676 * - Do we have room to fit a packet header? (Consider that due to
677 * variable-length integer encoding this is highly variable and can even
678 * depend on payload length due to a variable-length Length field.)
680 * - Can we fit even a single one of the frames we want to put in this
681 * packet in the packet? (Each frame type has a bespoke encoding. While
682 * our encodings of some frame types are adaptive based on the available
683 * room - e.g. STREAM frames - ultimately all frame types have some
684 * absolute minimum number of bytes to be successfully encoded. For
685 * example, if after an Initial packet there is enough room to encode
686 * only one byte of frame data, it is quite likely we can't send any of
687 * the frames we wanted to send.) While this is not strictly a problem
688 * because we could just fill the packet with padding frames, this is a
689 * pointless packet and is wasteful.
691 * Thus we adopt a multi-phase architecture:
693 * 1. Archetype Selection: Determine desired packet archetype.
695 * 2. Packet Staging: Generation of packet information and packet payload
696 * data (frame data) into staging areas.
698 * 3. Packet Adjustment: Adjustment of staged packets, adding padding to
699 * the staged packets if needed.
701 * 4. Commit: The packets are sent to the QTX and recorded as having been
705 int res = TX_PACKETISER_RES_FAILURE, rc;
706 uint32_t archetype, enc_level;
707 uint32_t conn_close_enc_level = QUIC_ENC_LEVEL_NUM;
708 struct txp_pkt pkt[QUIC_ENC_LEVEL_NUM];
709 size_t pkts_done = 0;
710 uint64_t cc_limit = txp->args.cc_method->get_tx_allowance(txp->args.cc_data);
711 int need_padding = 0;
713 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
714 enc_level < QUIC_ENC_LEVEL_NUM;
716 pkt[enc_level].h_valid = 0;
719 * Should not be needed, but a sanity check in case anyone else has been
722 ossl_qtx_finish_dgram(txp->args.qtx);
724 /* 1. Archetype Selection */
725 archetype = txp_determine_archetype(txp, cc_limit);
727 /* 2. Packet Staging */
728 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
729 enc_level < QUIC_ENC_LEVEL_NUM;
731 size_t running_total = (enc_level > QUIC_ENC_LEVEL_INITIAL)
732 ? pkt[enc_level - 1].geom.hwm : 0;
734 pkt[enc_level].geom.hwm = running_total;
736 if (!txp_should_try_staging(txp, enc_level, archetype, cc_limit,
737 &conn_close_enc_level))
740 if (!txp_pkt_init(&pkt[enc_level], txp, enc_level, archetype,
743 * If this fails this is not a fatal error - it means the geometry
744 * planning determined there was not enough space for another
745 * packet. So just proceed with what we've already planned for.
749 rc = txp_generate_for_el(txp, &pkt[enc_level],
750 conn_close_enc_level == enc_level);
751 if (rc != TXP_ERR_SUCCESS)
754 if (pkt[enc_level].force_pad)
756 * txp_generate_for_el emitted a frame which forces packet padding.
760 pkt[enc_level].geom.hwm = running_total
761 + pkt[enc_level].h.bytes_appended
762 + pkt[enc_level].geom.pkt_overhead;
765 /* 3. Packet Adjustment */
766 if (pkt[QUIC_ENC_LEVEL_INITIAL].h_valid
767 && pkt[QUIC_ENC_LEVEL_INITIAL].h.bytes_appended > 0)
769 * We have an Initial packet in this datagram, so we need to make sure
770 * the total size of the datagram is adequate.
775 size_t total_dgram_size = 0;
776 const size_t min_dpl = QUIC_MIN_INITIAL_DGRAM_LEN;
777 uint32_t first_el = QUIC_ENC_LEVEL_NUM;
779 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
780 enc_level < QUIC_ENC_LEVEL_NUM;
782 if (pkt[enc_level].h_valid && pkt[enc_level].h.bytes_appended > 0) {
783 if (first_el == QUIC_ENC_LEVEL_NUM)
784 first_el = enc_level;
786 txp_pkt_postgen_update_pkt_overhead(&pkt[enc_level], txp);
787 total_dgram_size += pkt[enc_level].geom.pkt_overhead
788 + pkt[enc_level].h.bytes_appended;
791 if (first_el != QUIC_ENC_LEVEL_NUM
792 && total_dgram_size < min_dpl) {
793 size_t deficit = min_dpl - total_dgram_size;
795 if (!txp_pkt_append_padding(&pkt[first_el], txp, deficit))
801 memset(status, 0, sizeof(*status));
803 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
804 enc_level < QUIC_ENC_LEVEL_NUM;
807 if (!pkt[enc_level].h_valid)
808 /* Did not attempt to generate a packet for this EL. */
811 if (pkt[enc_level].h.bytes_appended == 0)
812 /* Nothing was generated for this EL, so skip. */
815 if (!txp_pkt_commit(txp, &pkt[enc_level], archetype))
818 status->sent_ack_eliciting
819 = status->sent_ack_eliciting
820 || pkt[enc_level].tpkt->ackm_pkt.is_ack_eliciting;
822 pkt[enc_level].tpkt = NULL; /* don't free */
826 status->sent_handshake
827 = (pkt[QUIC_ENC_LEVEL_HANDSHAKE].h_valid
828 && pkt[QUIC_ENC_LEVEL_HANDSHAKE].h.bytes_appended > 0);
830 /* Flush & Cleanup */
831 res = TX_PACKETISER_RES_NO_PKT;
833 ossl_qtx_finish_dgram(txp->args.qtx);
835 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
836 enc_level < QUIC_ENC_LEVEL_NUM;
838 txp_pkt_cleanup(&pkt[enc_level], txp);
841 * If we already successfully did at least one, make sure we report this via
844 return pkts_done > 0 ? TX_PACKETISER_RES_SENT_PKT : res;
847 static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_ARCHETYPE_NUM] = {
850 /* EL 0(INITIAL) - Archetype 0(NORMAL) */
854 /*allow_crypto =*/ 1,
855 /*allow_handshake_done =*/ 0,
856 /*allow_path_challenge =*/ 0,
857 /*allow_path_response =*/ 0,
858 /*allow_new_conn_id =*/ 0,
859 /*allow_retire_conn_id =*/ 0,
860 /*allow_stream_rel =*/ 0,
861 /*allow_conn_fc =*/ 0,
862 /*allow_conn_close =*/ 1,
863 /*allow_cfq_other =*/ 0,
864 /*allow_new_token =*/ 0,
865 /*allow_force_ack_eliciting =*/ 1,
866 /*allow_padding =*/ 1,
867 /*require_ack_eliciting =*/ 0,
870 /* EL 0(INITIAL) - Archetype 1(PROBE) */
874 /*allow_crypto =*/ 1,
875 /*allow_handshake_done =*/ 0,
876 /*allow_path_challenge =*/ 0,
877 /*allow_path_response =*/ 0,
878 /*allow_new_conn_id =*/ 0,
879 /*allow_retire_conn_id =*/ 0,
880 /*allow_stream_rel =*/ 0,
881 /*allow_conn_fc =*/ 0,
882 /*allow_conn_close =*/ 1,
883 /*allow_cfq_other =*/ 0,
884 /*allow_new_token =*/ 0,
885 /*allow_force_ack_eliciting =*/ 1,
886 /*allow_padding =*/ 1,
887 /*require_ack_eliciting =*/ 1,
890 /* EL 0(INITIAL) - Archetype 2(ACK_ONLY) */
894 /*allow_crypto =*/ 0,
895 /*allow_handshake_done =*/ 0,
896 /*allow_path_challenge =*/ 0,
897 /*allow_path_response =*/ 0,
898 /*allow_new_conn_id =*/ 0,
899 /*allow_retire_conn_id =*/ 0,
900 /*allow_stream_rel =*/ 0,
901 /*allow_conn_fc =*/ 0,
902 /*allow_conn_close =*/ 0,
903 /*allow_cfq_other =*/ 0,
904 /*allow_new_token =*/ 0,
905 /*allow_force_ack_eliciting =*/ 1,
906 /*allow_padding =*/ 0,
907 /*require_ack_eliciting =*/ 0,
911 /* EL 1(HANDSHAKE) */
913 /* EL 1(HANDSHAKE) - Archetype 0(NORMAL) */
917 /*allow_crypto =*/ 1,
918 /*allow_handshake_done =*/ 0,
919 /*allow_path_challenge =*/ 0,
920 /*allow_path_response =*/ 0,
921 /*allow_new_conn_id =*/ 0,
922 /*allow_retire_conn_id =*/ 0,
923 /*allow_stream_rel =*/ 0,
924 /*allow_conn_fc =*/ 0,
925 /*allow_conn_close =*/ 1,
926 /*allow_cfq_other =*/ 0,
927 /*allow_new_token =*/ 0,
928 /*allow_force_ack_eliciting =*/ 1,
929 /*allow_padding =*/ 1,
930 /*require_ack_eliciting =*/ 0,
933 /* EL 1(HANDSHAKE) - Archetype 1(PROBE) */
937 /*allow_crypto =*/ 1,
938 /*allow_handshake_done =*/ 0,
939 /*allow_path_challenge =*/ 0,
940 /*allow_path_response =*/ 0,
941 /*allow_new_conn_id =*/ 0,
942 /*allow_retire_conn_id =*/ 0,
943 /*allow_stream_rel =*/ 0,
944 /*allow_conn_fc =*/ 0,
945 /*allow_conn_close =*/ 1,
946 /*allow_cfq_other =*/ 0,
947 /*allow_new_token =*/ 0,
948 /*allow_force_ack_eliciting =*/ 1,
949 /*allow_padding =*/ 1,
950 /*require_ack_eliciting =*/ 1,
953 /* EL 1(HANDSHAKE) - Archetype 2(ACK_ONLY) */
957 /*allow_crypto =*/ 0,
958 /*allow_handshake_done =*/ 0,
959 /*allow_path_challenge =*/ 0,
960 /*allow_path_response =*/ 0,
961 /*allow_new_conn_id =*/ 0,
962 /*allow_retire_conn_id =*/ 0,
963 /*allow_stream_rel =*/ 0,
964 /*allow_conn_fc =*/ 0,
965 /*allow_conn_close =*/ 0,
966 /*allow_cfq_other =*/ 0,
967 /*allow_new_token =*/ 0,
968 /*allow_force_ack_eliciting =*/ 1,
969 /*allow_padding =*/ 0,
970 /*require_ack_eliciting =*/ 0,
976 /* EL 2(0RTT) - Archetype 0(NORMAL) */
980 /*allow_crypto =*/ 0,
981 /*allow_handshake_done =*/ 0,
982 /*allow_path_challenge =*/ 0,
983 /*allow_path_response =*/ 0,
984 /*allow_new_conn_id =*/ 1,
985 /*allow_retire_conn_id =*/ 1,
986 /*allow_stream_rel =*/ 1,
987 /*allow_conn_fc =*/ 1,
988 /*allow_conn_close =*/ 1,
989 /*allow_cfq_other =*/ 0,
990 /*allow_new_token =*/ 0,
991 /*allow_force_ack_eliciting =*/ 0,
992 /*allow_padding =*/ 1,
993 /*require_ack_eliciting =*/ 0,
996 /* EL 2(0RTT) - Archetype 1(PROBE) */
1000 /*allow_crypto =*/ 0,
1001 /*allow_handshake_done =*/ 0,
1002 /*allow_path_challenge =*/ 0,
1003 /*allow_path_response =*/ 0,
1004 /*allow_new_conn_id =*/ 1,
1005 /*allow_retire_conn_id =*/ 1,
1006 /*allow_stream_rel =*/ 1,
1007 /*allow_conn_fc =*/ 1,
1008 /*allow_conn_close =*/ 1,
1009 /*allow_cfq_other =*/ 0,
1010 /*allow_new_token =*/ 0,
1011 /*allow_force_ack_eliciting =*/ 0,
1012 /*allow_padding =*/ 1,
1013 /*require_ack_eliciting =*/ 1,
1016 /* EL 2(0RTT) - Archetype 2(ACK_ONLY) */
1020 /*allow_crypto =*/ 0,
1021 /*allow_handshake_done =*/ 0,
1022 /*allow_path_challenge =*/ 0,
1023 /*allow_path_response =*/ 0,
1024 /*allow_new_conn_id =*/ 0,
1025 /*allow_retire_conn_id =*/ 0,
1026 /*allow_stream_rel =*/ 0,
1027 /*allow_conn_fc =*/ 0,
1028 /*allow_conn_close =*/ 0,
1029 /*allow_cfq_other =*/ 0,
1030 /*allow_new_token =*/ 0,
1031 /*allow_force_ack_eliciting =*/ 0,
1032 /*allow_padding =*/ 0,
1033 /*require_ack_eliciting =*/ 0,
1039 /* EL 3(1RTT) - Archetype 0(NORMAL) */
1043 /*allow_crypto =*/ 1,
1044 /*allow_handshake_done =*/ 1,
1045 /*allow_path_challenge =*/ 0,
1046 /*allow_path_response =*/ 1,
1047 /*allow_new_conn_id =*/ 1,
1048 /*allow_retire_conn_id =*/ 1,
1049 /*allow_stream_rel =*/ 1,
1050 /*allow_conn_fc =*/ 1,
1051 /*allow_conn_close =*/ 1,
1052 /*allow_cfq_other =*/ 1,
1053 /*allow_new_token =*/ 1,
1054 /*allow_force_ack_eliciting =*/ 1,
1055 /*allow_padding =*/ 1,
1056 /*require_ack_eliciting =*/ 0,
1059 /* EL 3(1RTT) - Archetype 1(PROBE) */
1063 /*allow_crypto =*/ 1,
1064 /*allow_handshake_done =*/ 1,
1065 /*allow_path_challenge =*/ 0,
1066 /*allow_path_response =*/ 1,
1067 /*allow_new_conn_id =*/ 1,
1068 /*allow_retire_conn_id =*/ 1,
1069 /*allow_stream_rel =*/ 1,
1070 /*allow_conn_fc =*/ 1,
1071 /*allow_conn_close =*/ 1,
1072 /*allow_cfq_other =*/ 1,
1073 /*allow_new_token =*/ 1,
1074 /*allow_force_ack_eliciting =*/ 1,
1075 /*allow_padding =*/ 1,
1076 /*require_ack_eliciting =*/ 1,
1079 /* EL 3(1RTT) - Archetype 2(ACK_ONLY) */
1083 /*allow_crypto =*/ 0,
1084 /*allow_handshake_done =*/ 0,
1085 /*allow_path_challenge =*/ 0,
1086 /*allow_path_response =*/ 0,
1087 /*allow_new_conn_id =*/ 0,
1088 /*allow_retire_conn_id =*/ 0,
1089 /*allow_stream_rel =*/ 0,
1090 /*allow_conn_fc =*/ 0,
1091 /*allow_conn_close =*/ 0,
1092 /*allow_cfq_other =*/ 0,
1093 /*allow_new_token =*/ 0,
1094 /*allow_force_ack_eliciting =*/ 1,
1095 /*allow_padding =*/ 0,
1096 /*require_ack_eliciting =*/ 0,
1102 static int txp_get_archetype_data(uint32_t enc_level,
1104 struct archetype_data *a)
1106 if (enc_level >= QUIC_ENC_LEVEL_NUM
1107 || archetype >= TX_PACKETISER_ARCHETYPE_NUM)
1110 /* No need to avoid copying this as it should not exceed one int in size. */
1111 *a = archetypes[enc_level][archetype];
1115 static int txp_determine_geometry(OSSL_QUIC_TX_PACKETISER *txp,
1118 size_t running_total,
1120 struct txp_pkt_geom *geom)
1122 size_t mdpl, cmpl, hdr_len;
1124 /* Get information about packet archetype. */
1125 if (!txp_get_archetype_data(enc_level, archetype, &geom->adata))
1128 /* Assemble packet header. */
1129 phdr->type = ossl_quic_enc_level_to_pkt_type(enc_level);
1131 phdr->pn_len = txp_determine_pn_len(txp);
1135 phdr->version = QUIC_VERSION_1;
1136 phdr->dst_conn_id = txp->args.cur_dcid;
1137 phdr->src_conn_id = txp->args.cur_scid;
1140 * We need to know the length of the payload to get an accurate header
1141 * length for non-1RTT packets, because the Length field found in
1142 * Initial/Handshake/0-RTT packets uses a variable-length encoding. However,
1143 * we don't have a good idea of the length of our payload, because the
1144 * length of the payload depends on the room in the datagram after fitting
1145 * the header, which depends on the size of the header.
1147 * In general, it does not matter if a packet is slightly shorter (because
1148 * e.g. we predicted use of a 2-byte length field, but ended up only needing
1149 * a 1-byte length field). However this does matter for Initial packets
1150 * which must be at least 1200 bytes, which is also the assumed default MTU;
1151 * therefore in many cases Initial packets will be padded to 1200 bytes,
1152 * which means if we overestimated the header size, we will be short by a
1153 * few bytes and the server will ignore the packet for being too short. In
1154 * this case, however, such packets always *will* be padded to meet 1200
1155 * bytes, which requires a 2-byte length field, so we don't actually need to
1156 * worry about this. Thus we estimate the header length assuming a 2-byte
1157 * length field here, which should in practice work well in all cases.
1159 phdr->len = OSSL_QUIC_VLINT_2B_MAX - phdr->pn_len;
1161 if (enc_level == QUIC_ENC_LEVEL_INITIAL) {
1162 phdr->token = txp->initial_token;
1163 phdr->token_len = txp->initial_token_len;
1166 phdr->token_len = 0;
1169 hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(phdr->dst_conn_id.id_len,
1174 /* MDPL: Maximum datagram payload length. */
1175 mdpl = txp_get_mdpl(txp);
1178 * CMPL: Maximum encoded packet size we can put into this datagram given any
1179 * previous packets coalesced into it.
1181 if (running_total > mdpl)
1182 /* Should not be possible, but if it happens: */
1185 cmpl = mdpl - running_total;
1187 /* CMPPL: Maximum amount we can put into the current packet payload */
1188 if (!txp_determine_ppl_from_pl(txp, cmpl, enc_level, hdr_len, &geom->cmppl))
1192 geom->pkt_overhead = cmpl - geom->cmppl;
1193 geom->archetype = archetype;
1197 static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp,
1200 OSSL_ACKM_PROBE_INFO *probe_info
1201 = ossl_ackm_get0_probe_request(txp->args.ackm);
1205 * If ACKM has requested probe generation (e.g. due to PTO), we generate a
1206 * Probe-archetype packet. Actually, we determine archetype on a
1207 * per-datagram basis, so if any EL wants a probe, do a pass in which
1208 * we try and generate a probe (if needed) for all ELs.
1210 if (probe_info->anti_deadlock_initial > 0
1211 || probe_info->anti_deadlock_handshake > 0)
1212 return TX_PACKETISER_ARCHETYPE_PROBE;
1214 for (pn_space = QUIC_PN_SPACE_INITIAL;
1215 pn_space < QUIC_PN_SPACE_NUM;
1217 if (probe_info->pto[pn_space] > 0)
1218 return TX_PACKETISER_ARCHETYPE_PROBE;
1221 * If we are out of CC budget, we cannot send a normal packet,
1222 * but we can do an ACK-only packet (potentially, if we
1223 * want to send an ACK).
1226 return TX_PACKETISER_ARCHETYPE_ACK_ONLY;
1228 /* All other packets. */
1229 return TX_PACKETISER_ARCHETYPE_NORMAL;
1232 static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp,
1236 uint32_t *conn_close_enc_level)
1238 struct archetype_data a;
1239 uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
1240 QUIC_CFQ_ITEM *cfq_item;
1242 if (!ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level))
1245 if (!txp_get_archetype_data(enc_level, archetype, &a))
1248 if (!a.bypass_cc && cc_limit == 0)
1249 /* CC not allowing us to send. */
1253 * We can produce CONNECTION_CLOSE frames on any EL in principle, which
1254 * means we need to choose which EL we would prefer to use. After a
1255 * connection is fully established we have only one provisioned EL and this
1256 * is a non-issue. Where multiple ELs are provisioned, it is possible the
1257 * peer does not have the keys for the EL yet, which suggests in general it
1258 * is preferable to use the lowest EL which is still provisioned.
1260 * However (RFC 9000 s. 10.2.3 & 12.5) we are also required to not send
1261 * application CONNECTION_CLOSE frames in non-1-RTT ELs, so as to not
1262 * potentially leak application data on a connection which has yet to be
1263 * authenticated. Thus when we have an application CONNECTION_CLOSE frame
1264 * queued and need to send it on a non-1-RTT EL, we have to convert it
1265 * into a transport CONNECTION_CLOSE frame which contains no application
1266 * data. Since this loses information, it suggests we should use the 1-RTT
1267 * EL to avoid this if possible, even if a lower EL is also available.
1269 * At the same time, just because we have the 1-RTT EL provisioned locally
1270 * does not necessarily mean the peer does, for example if a handshake
1271 * CRYPTO frame has been lost. It is fairly important that CONNECTION_CLOSE
1272 * is signalled in a way we know our peer can decrypt, as we stop processing
1273 * connection retransmission logic for real after connection close and
1274 * simply 'blindly' retransmit the same CONNECTION_CLOSE frame.
1276 * This is not a major concern for clients, since if a client has a 1-RTT EL
1277 * provisioned the server is guaranteed to also have a 1-RTT EL provisioned.
1279 * TODO(QUIC): Revisit this when server support is added.
1281 if (*conn_close_enc_level > enc_level
1282 && *conn_close_enc_level != QUIC_ENC_LEVEL_1RTT)
1283 *conn_close_enc_level = enc_level;
1285 /* Do we need to send a PTO probe? */
1286 if (a.allow_force_ack_eliciting) {
1287 OSSL_ACKM_PROBE_INFO *probe_info
1288 = ossl_ackm_get0_probe_request(txp->args.ackm);
1290 if ((enc_level == QUIC_ENC_LEVEL_INITIAL
1291 && probe_info->anti_deadlock_initial > 0)
1292 || (enc_level == QUIC_ENC_LEVEL_HANDSHAKE
1293 && probe_info->anti_deadlock_handshake > 0)
1294 || probe_info->pto[pn_space] > 0)
1298 /* Does the crypto stream for this EL want to produce anything? */
1299 if (a.allow_crypto && sstream_is_pending(txp->args.crypto[pn_space]))
1302 /* Does the ACKM for this PN space want to produce anything? */
1303 if (a.allow_ack && (ossl_ackm_is_ack_desired(txp->args.ackm, pn_space)
1304 || (txp->want_ack & (1UL << pn_space)) != 0))
1307 /* Do we need to force emission of an ACK-eliciting packet? */
1308 if (a.allow_force_ack_eliciting
1309 && (txp->force_ack_eliciting & (1UL << pn_space)) != 0)
1312 /* Does the connection-level RXFC want to produce a frame? */
1313 if (a.allow_conn_fc && (txp->want_max_data
1314 || ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0)))
1317 /* Do we want to produce a MAX_STREAMS frame? */
1319 && (txp->want_max_streams_bidi
1320 || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc,
1322 || txp->want_max_streams_uni
1323 || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc,
1327 /* Do we want to produce a HANDSHAKE_DONE frame? */
1328 if (a.allow_handshake_done && txp->want_handshake_done)
1331 /* Do we want to produce a CONNECTION_CLOSE frame? */
1332 if (a.allow_conn_close && txp->want_conn_close &&
1333 *conn_close_enc_level == enc_level)
1335 * This is a bit of a special case since CONNECTION_CLOSE can appear in
1336 * most packet types, and when we decide we want to send it this status
1337 * isn't tied to a specific EL. So if we want to send it, we send it
1338 * only on the lowest non-dropped EL.
1342 /* Does the CFQ have any frames queued for this PN space? */
1343 if (enc_level != QUIC_ENC_LEVEL_0RTT)
1344 for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space);
1346 cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) {
1347 uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item);
1349 switch (frame_type) {
1350 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
1351 if (a.allow_new_conn_id)
1354 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
1355 if (a.allow_retire_conn_id)
1358 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
1359 if (a.allow_new_token)
1362 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
1363 if (a.allow_path_response)
1367 if (a.allow_cfq_other)
1373 if (a.allow_stream_rel && txp->handshake_complete) {
1374 QUIC_STREAM_ITER it;
1376 /* If there are any active streams, 0/1-RTT wants to produce a packet.
1377 * Whether a stream is on the active list is required to be precise
1378 * (i.e., a stream is never on the active list if we cannot produce a
1379 * frame for it), and all stream-related frames are governed by
1380 * a.allow_stream_rel (i.e., if we can send one type of stream-related
1381 * frame, we can send any of them), so we don't need to inspect
1382 * individual streams on the active list, just confirm that the active
1383 * list is non-empty.
1385 ossl_quic_stream_iter_init(&it, txp->args.qsm, 0);
1386 if (it.stream != NULL)
1393 static int sstream_is_pending(QUIC_SSTREAM *sstream)
1395 OSSL_QUIC_FRAME_STREAM hdr;
1396 OSSL_QTX_IOVEC iov[2];
1397 size_t num_iov = OSSL_NELEM(iov);
1399 return ossl_quic_sstream_get_stream_frame(sstream, 0, &hdr, iov, &num_iov);
1402 /* Determine how many bytes we should use for the encoded PN. */
1403 static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp)
1405 return 4; /* TODO(QUIC) */
1408 /* Determine plaintext packet payload length from payload length. */
1409 static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp,
1420 if (!ossl_qtx_calculate_plaintext_payload_len(txp->args.qtx, enc_level,
1428 static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp)
1430 return ossl_qtx_get_mdpl(txp->args.qtx);
1433 static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space,
1436 OSSL_QUIC_TX_PACKETISER *txp = arg;
1439 if (stream_id == UINT64_MAX)
1440 return txp->args.crypto[pn_space];
1442 s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1449 static void on_regen_notify(uint64_t frame_type, uint64_t stream_id,
1450 QUIC_TXPIM_PKT *pkt, void *arg)
1452 OSSL_QUIC_TX_PACKETISER *txp = arg;
1454 switch (frame_type) {
1455 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
1456 txp->want_handshake_done = 1;
1458 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
1459 txp->want_max_data = 1;
1461 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
1462 txp->want_max_streams_bidi = 1;
1464 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
1465 txp->want_max_streams_uni = 1;
1467 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
1468 txp->want_ack |= (1UL << pkt->ackm_pkt.pkt_space);
1470 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
1473 = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1478 s->want_max_stream_data = 1;
1479 ossl_quic_stream_map_update_state(txp->args.qsm, s);
1482 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
1485 = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1490 ossl_quic_stream_map_schedule_stop_sending(txp->args.qsm, s);
1493 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
1496 = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1501 s->want_reset_stream = 1;
1502 ossl_quic_stream_map_update_state(txp->args.qsm, s);
1511 static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp,
1512 uint32_t enc_level, uint32_t archetype,
1513 size_t running_total)
1515 if (!txp_determine_geometry(txp, archetype, enc_level,
1516 running_total, &pkt->phdr, &pkt->geom))
1520 * Initialise TX helper. If we must be ACK eliciting, reserve 1 byte for
1523 if (!tx_helper_init(&pkt->h, txp, enc_level,
1525 pkt->geom.adata.require_ack_eliciting ? 1 : 0))
1530 pkt->stream_head = NULL;
1535 static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp)
1540 tx_helper_cleanup(&pkt->h);
1543 if (pkt->tpkt != NULL) {
1544 ossl_quic_txpim_pkt_release(txp->args.txpim, pkt->tpkt);
1549 static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt,
1550 OSSL_QUIC_TX_PACKETISER *txp)
1553 * After we have staged and generated our packets, but before we commit
1554 * them, it is possible for the estimated packet overhead (packet header +
1555 * AEAD tag size) to shrink slightly because we generated a short packet
1556 * whose which can be represented in fewer bytes as a variable-length
1557 * integer than we were (pessimistically) budgeting for. We need to account
1558 * for this to ensure that we get our padding calculation exactly right.
1560 * Update pkt_overhead to be accurate now that we know how much data is
1561 * going in a packet.
1563 size_t hdr_len, ciphertext_len;
1565 if (pkt->h.enc_level == QUIC_ENC_LEVEL_INITIAL)
1567 * Don't update overheads for the INITIAL EL - we have not finished
1568 * appending padding to it and would potentially miscalculate the
1569 * correct padding if we now update the pkt_overhead field to switch to
1570 * e.g. a 1-byte length field in the packet header. Since we are padding
1571 * to QUIC_MIN_INITIAL_DGRAM_LEN which requires a 2-byte length field,
1572 * this is guaranteed to be moot anyway. See comment in
1573 * txp_determine_geometry for more information.
1577 if (!ossl_qtx_calculate_ciphertext_payload_len(txp->args.qtx, pkt->h.enc_level,
1578 pkt->h.bytes_appended,
1582 pkt->phdr.len = ciphertext_len;
1584 hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(pkt->phdr.dst_conn_id.id_len,
1587 pkt->geom.pkt_overhead = hdr_len + ciphertext_len - pkt->h.bytes_appended;
1591 static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id,
1592 QUIC_TXPIM_PKT *pkt, void *arg)
1594 OSSL_QUIC_TX_PACKETISER *txp = arg;
1596 switch (frame_type) {
1597 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
1600 = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1605 s->acked_stop_sending = 1;
1606 ossl_quic_stream_map_update_state(txp->args.qsm, s);
1609 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
1612 = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1618 * We must already be in RESET_SENT or RESET_RECVD if we are
1619 * here, so we don't need to check state here.
1621 ossl_quic_stream_map_notify_reset_stream_acked(txp->args.qsm, s);
1622 ossl_quic_stream_map_update_state(txp->args.qsm, s);
1631 static int txp_pkt_append_padding(struct txp_pkt *pkt,
1632 OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes)
1639 if (!ossl_assert(pkt->h_valid))
1642 if (!ossl_assert(pkt->tpkt != NULL))
1645 wpkt = tx_helper_begin(&pkt->h);
1649 if (!ossl_quic_wire_encode_padding(wpkt, num_bytes)) {
1650 tx_helper_rollback(&pkt->h);
1654 if (!tx_helper_commit(&pkt->h))
1657 pkt->tpkt->ackm_pkt.num_bytes += num_bytes;
1658 /* Cannot be non-inflight if we have a PADDING frame */
1659 pkt->tpkt->ackm_pkt.is_inflight = 1;
1663 static void on_sstream_updated(uint64_t stream_id, void *arg)
1665 OSSL_QUIC_TX_PACKETISER *txp = arg;
1668 s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);
1672 ossl_quic_stream_map_update_state(txp->args.qsm, s);
1676 * Returns 1 if we can send that many bytes in closing state, 0 otherwise.
1677 * Also maintains the bytes sent state if it returns a success.
1679 static int try_commit_conn_close(OSSL_QUIC_TX_PACKETISER *txp, size_t n)
1683 /* We can always send the first connection close frame */
1684 if (txp->closing_bytes_recv == 0)
1688 * RFC 9000 s. 10.2.1 Closing Connection State:
1689 * To avoid being used for an amplification attack, such
1690 * endpoints MUST limit the cumulative size of packets it sends
1691 * to three times the cumulative size of the packets that are
1692 * received and attributed to the connection.
1694 * An endpoint in the closing state MUST either discard packets
1695 * received from an unvalidated address or limit the cumulative
1696 * size of packets it sends to an unvalidated address to three
1697 * times the size of packets it receives from that address.
1699 res = txp->closing_bytes_xmit + n <= txp->closing_bytes_recv * 3;
1702 * Attribute the bytes to the connection, if we are allowed to send them
1703 * and this isn't the first closing frame.
1705 if (res && txp->closing_bytes_recv != 0)
1706 txp->closing_bytes_xmit += n;
1710 void ossl_quic_tx_packetiser_record_received_closing_bytes(
1711 OSSL_QUIC_TX_PACKETISER *txp, size_t n)
1713 txp->closing_bytes_recv += n;
1716 static int txp_generate_pre_token(OSSL_QUIC_TX_PACKETISER *txp,
1717 struct txp_pkt *pkt,
1718 int chosen_for_conn_close,
1719 int *can_be_non_inflight)
1721 const uint32_t enc_level = pkt->h.enc_level;
1722 const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
1723 const struct archetype_data *a = &pkt->geom.adata;
1724 QUIC_TXPIM_PKT *tpkt = pkt->tpkt;
1725 struct tx_helper *h = &pkt->h;
1726 const OSSL_QUIC_FRAME_ACK *ack;
1727 OSSL_QUIC_FRAME_ACK ack2;
1729 tpkt->ackm_pkt.largest_acked = QUIC_PN_INVALID;
1731 /* ACK Frames (Regenerate) */
1733 && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_ACK
1735 || ossl_ackm_is_ack_desired(txp->args.ackm, pn_space))
1736 && (ack = ossl_ackm_get_ack_frame(txp->args.ackm, pn_space)) != NULL) {
1737 WPACKET *wpkt = tx_helper_begin(h);
1742 /* We do not currently support ECN */
1744 ack2.ecn_present = 0;
1746 if (ossl_quic_wire_encode_frame_ack(wpkt,
1747 txp->args.ack_delay_exponent,
1749 if (!tx_helper_commit(h))
1752 tpkt->had_ack_frame = 1;
1754 if (ack->num_ack_ranges > 0)
1755 tpkt->ackm_pkt.largest_acked = ack->ack_ranges[0].end;
1757 if (txp->ack_tx_cb != NULL)
1758 txp->ack_tx_cb(&ack2, pn_space, txp->ack_tx_cb_arg);
1760 tx_helper_rollback(h);
1764 /* CONNECTION_CLOSE Frames (Regenerate) */
1765 if (a->allow_conn_close && txp->want_conn_close && chosen_for_conn_close) {
1766 WPACKET *wpkt = tx_helper_begin(h);
1767 OSSL_QUIC_FRAME_CONN_CLOSE f, *pf = &txp->conn_close_frame;
1774 * Application CONNECTION_CLOSE frames may only be sent in the
1775 * Application PN space, as otherwise they may be sent before a
1776 * connection is authenticated and leak application data. Therefore, if
1777 * we need to send a CONNECTION_CLOSE frame in another PN space and were
1778 * given an application CONNECTION_CLOSE frame, convert it into a
1779 * transport CONNECTION_CLOSE frame, removing any sensitive application
1782 * RFC 9000 s. 10.2.3: "A CONNECTION_CLOSE of type 0x1d MUST be replaced
1783 * by a CONNECTION_CLOSE of type 0x1c when sending the frame in Initial
1784 * or Handshake packets. Otherwise, information about the application
1785 * state might be revealed. Endpoints MUST clear the value of the Reason
1786 * Phrase field and SHOULD use the APPLICATION_ERROR code when
1787 * converting to a CONNECTION_CLOSE of type 0x1c."
1789 if (pn_space != QUIC_PN_SPACE_APP && pf->is_app) {
1793 pf->error_code = QUIC_ERR_APPLICATION_ERROR;
1798 if (ossl_quic_wire_encode_frame_conn_close(wpkt, pf)
1799 && WPACKET_get_total_written(wpkt, &l)
1800 && try_commit_conn_close(txp, l)) {
1801 if (!tx_helper_commit(h))
1804 *can_be_non_inflight = 0;
1806 tx_helper_rollback(h);
1813 static int try_len(size_t space_left, size_t orig_len,
1814 size_t base_hdr_len, size_t lenbytes,
1815 uint64_t maxn, size_t *hdr_len, size_t *payload_len)
1818 size_t maxn_ = maxn > SIZE_MAX ? SIZE_MAX : (size_t)maxn;
1820 *hdr_len = base_hdr_len + lenbytes;
1822 if (orig_len == 0 && space_left >= *hdr_len) {
1830 if (n + *hdr_len > space_left)
1831 n = (space_left >= *hdr_len) ? space_left - *hdr_len : 0;
1837 static int determine_len(size_t space_left, size_t orig_len,
1838 size_t base_hdr_len,
1839 uint64_t *hlen, uint64_t *len)
1842 size_t chosen_payload_len = 0;
1843 size_t chosen_hdr_len = 0;
1844 size_t payload_len[4], hdr_len[4];
1845 int i, valid[4] = {0};
1847 valid[0] = try_len(space_left, orig_len, base_hdr_len,
1848 1, OSSL_QUIC_VLINT_1B_MAX,
1849 &hdr_len[0], &payload_len[0]);
1850 valid[1] = try_len(space_left, orig_len, base_hdr_len,
1851 2, OSSL_QUIC_VLINT_2B_MAX,
1852 &hdr_len[1], &payload_len[1]);
1853 valid[2] = try_len(space_left, orig_len, base_hdr_len,
1854 4, OSSL_QUIC_VLINT_4B_MAX,
1855 &hdr_len[2], &payload_len[2]);
1856 valid[3] = try_len(space_left, orig_len, base_hdr_len,
1857 8, OSSL_QUIC_VLINT_8B_MAX,
1858 &hdr_len[3], &payload_len[3]);
1860 for (i = OSSL_NELEM(valid) - 1; i >= 0; --i)
1861 if (valid[i] && payload_len[i] >= chosen_payload_len) {
1862 chosen_payload_len = payload_len[i];
1863 chosen_hdr_len = hdr_len[i];
1867 *hlen = chosen_hdr_len;
1868 *len = chosen_payload_len;
1873 * Given a CRYPTO frame header with accurate chdr->len and a budget
1874 * (space_left), try to find the optimal value of chdr->len to fill as much of
1875 * the budget as possible. This is slightly hairy because larger values of
1876 * chdr->len cause larger encoded sizes of the length field of the frame, which
1877 * in turn mean less space available for payload data. We check all possible
1878 * encodings and choose the optimal encoding.
1880 static int determine_crypto_len(struct tx_helper *h,
1881 OSSL_QUIC_FRAME_CRYPTO *chdr,
1887 size_t base_hdr_len; /* CRYPTO header length without length field */
1889 if (chdr->len > SIZE_MAX)
1892 orig_len = (size_t)chdr->len;
1895 base_hdr_len = ossl_quic_wire_get_encoded_frame_len_crypto_hdr(chdr);
1896 chdr->len = orig_len;
1897 if (base_hdr_len == 0)
1902 return determine_len(space_left, orig_len, base_hdr_len, hlen, len);
1905 static int determine_stream_len(struct tx_helper *h,
1906 OSSL_QUIC_FRAME_STREAM *shdr,
1912 size_t base_hdr_len; /* STREAM header length without length field */
1914 if (shdr->len > SIZE_MAX)
1917 orig_len = (size_t)shdr->len;
1920 base_hdr_len = ossl_quic_wire_get_encoded_frame_len_stream_hdr(shdr);
1921 shdr->len = orig_len;
1922 if (base_hdr_len == 0)
1925 if (shdr->has_explicit_len)
1928 return determine_len(space_left, orig_len, base_hdr_len, hlen, len);
1931 static int txp_generate_crypto_frames(OSSL_QUIC_TX_PACKETISER *txp,
1932 struct txp_pkt *pkt,
1933 int *have_ack_eliciting)
1935 const uint32_t enc_level = pkt->h.enc_level;
1936 const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
1937 QUIC_TXPIM_PKT *tpkt = pkt->tpkt;
1938 struct tx_helper *h = &pkt->h;
1939 size_t num_stream_iovec;
1940 OSSL_QUIC_FRAME_STREAM shdr = {0};
1941 OSSL_QUIC_FRAME_CRYPTO chdr = {0};
1942 OSSL_QTX_IOVEC iov[2];
1945 QUIC_TXPIM_CHUNK chunk = {0};
1946 size_t i, space_left;
1949 space_left = tx_helper_get_space_left(h);
1951 if (space_left < MIN_FRAME_SIZE_CRYPTO)
1952 return 1; /* no point trying */
1954 /* Do we have any CRYPTO data waiting? */
1955 num_stream_iovec = OSSL_NELEM(iov);
1956 if (!ossl_quic_sstream_get_stream_frame(txp->args.crypto[pn_space],
1959 return 1; /* nothing to do */
1961 /* Convert STREAM frame header to CRYPTO frame header */
1962 chdr.offset = shdr.offset;
1963 chdr.len = shdr.len;
1966 return 1; /* nothing to do */
1968 /* Find best fit (header length, payload length) combination. */
1969 if (!determine_crypto_len(h, &chdr, space_left, &hdr_bytes,
1971 return 1; /* can't fit anything */
1974 * Truncate IOVs to match our chosen length.
1976 * The length cannot be more than SIZE_MAX because this length comes
1977 * from our send stream buffer.
1979 ossl_quic_sstream_adjust_iov((size_t)chdr.len, iov, num_stream_iovec);
1982 * Ensure we have enough iovecs allocated (1 for the header, up to 2 for
1983 * the the stream data.)
1985 if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))
1986 return 0; /* alloc error */
1988 /* Encode the header. */
1989 wpkt = tx_helper_begin(h);
1991 return 0; /* alloc error */
1993 if (!ossl_quic_wire_encode_frame_crypto_hdr(wpkt, &chdr)) {
1994 tx_helper_rollback(h);
1995 return 1; /* can't fit */
1998 if (!tx_helper_commit(h))
1999 return 0; /* alloc error */
2001 /* Add payload iovecs to the helper (infallible). */
2002 for (i = 0; i < num_stream_iovec; ++i)
2003 tx_helper_append_iovec(h, iov[i].buf, iov[i].buf_len);
2005 *have_ack_eliciting = 1;
2006 tx_helper_unrestrict(h); /* no longer need PING */
2008 /* Log chunk to TXPIM. */
2009 chunk.stream_id = UINT64_MAX; /* crypto stream */
2010 chunk.start = chdr.offset;
2011 chunk.end = chdr.offset + chdr.len - 1;
2012 chunk.has_fin = 0; /* Crypto stream never ends */
2013 if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))
2014 return 0; /* alloc error */
2019 OSSL_QUIC_FRAME_STREAM shdr;
2020 OSSL_QTX_IOVEC iov[2];
2021 size_t num_stream_iovec;
2025 static int txp_plan_stream_chunk(OSSL_QUIC_TX_PACKETISER *txp,
2026 struct tx_helper *h,
2027 QUIC_SSTREAM *sstream,
2028 QUIC_TXFC *stream_txfc,
2030 struct chunk_info *chunk)
2032 uint64_t fc_credit, fc_swm, fc_limit;
2034 chunk->num_stream_iovec = OSSL_NELEM(chunk->iov);
2035 chunk->valid = ossl_quic_sstream_get_stream_frame(sstream, skip,
2038 &chunk->num_stream_iovec);
2042 if (!ossl_assert(chunk->shdr.len > 0 || chunk->shdr.is_fin))
2043 /* Should only have 0-length chunk if FIN */
2046 /* Clamp according to connection and stream-level TXFC. */
2047 fc_credit = ossl_quic_txfc_get_credit(stream_txfc);
2048 fc_swm = ossl_quic_txfc_get_swm(stream_txfc);
2049 fc_limit = fc_swm + fc_credit;
2051 if (chunk->shdr.len > 0 && chunk->shdr.offset + chunk->shdr.len > fc_limit) {
2052 chunk->shdr.len = (fc_limit <= chunk->shdr.offset)
2053 ? 0 : fc_limit - chunk->shdr.offset;
2054 chunk->shdr.is_fin = 0;
2057 if (chunk->shdr.len == 0 && !chunk->shdr.is_fin) {
2059 * Nothing to do due to TXFC. Since SSTREAM returns chunks in ascending
2060 * order of offset we don't need to check any later chunks, so stop
2071 * Returns 0 on fatal error (e.g. allocation failure), 1 on success.
2072 * *packet_full is set to 1 if there is no longer enough room for another STREAM
2073 * frame, and *stream_drained is set to 1 if all stream buffers have now been
2076 static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp,
2077 struct txp_pkt *pkt,
2079 QUIC_SSTREAM *sstream,
2080 QUIC_TXFC *stream_txfc,
2081 QUIC_STREAM *next_stream,
2083 int *have_ack_eliciting,
2085 int *stream_drained,
2086 uint64_t *new_credit_consumed)
2089 struct chunk_info chunks[2] = {0};
2090 const uint32_t enc_level = pkt->h.enc_level;
2091 QUIC_TXPIM_PKT *tpkt = pkt->tpkt;
2092 struct tx_helper *h = &pkt->h;
2093 OSSL_QUIC_FRAME_STREAM *shdr;
2095 QUIC_TXPIM_CHUNK chunk;
2096 size_t i, j, space_left;
2097 int needs_padding_if_implicit, can_fill_payload, use_explicit_len;
2098 int could_have_following_chunk;
2100 uint64_t hdr_len_implicit, payload_len_implicit;
2101 uint64_t hdr_len_explicit, payload_len_explicit;
2102 uint64_t fc_swm, fc_new_hwm;
2104 fc_swm = ossl_quic_txfc_get_swm(stream_txfc);
2105 fc_new_hwm = fc_swm;
2108 * Load the first two chunks if any offered by the send stream. We retrieve
2109 * the next chunk in advance so we can determine if we need to send any more
2110 * chunks from the same stream after this one, which is needed when
2111 * determining when we can use an implicit length in a STREAM frame.
2113 for (i = 0; i < 2; ++i) {
2114 if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i, &chunks[i]))
2117 if (i == 0 && !chunks[i].valid) {
2118 /* No chunks, nothing to do. */
2119 *stream_drained = 1;
2126 space_left = tx_helper_get_space_left(h);
2128 if (!chunks[i % 2].valid) {
2129 /* Out of chunks; we're done. */
2130 *stream_drained = 1;
2135 if (space_left < MIN_FRAME_SIZE_STREAM) {
2141 if (!ossl_assert(!h->done_implicit))
2143 * Logic below should have ensured we didn't append an
2144 * implicit-length unless we filled the packet or didn't have
2145 * another stream to handle, so this should not be possible.
2149 shdr = &chunks[i % 2].shdr;
2150 orig_len = shdr->len;
2152 /* Load next chunk for lookahead. */
2153 if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i + 1,
2154 &chunks[(i + 1) % 2]))
2158 * Find best fit (header length, payload length) combination for if we
2159 * use an implicit length.
2161 shdr->has_explicit_len = 0;
2162 hdr_len_implicit = payload_len_implicit = 0;
2163 if (!determine_stream_len(h, shdr, space_left,
2164 &hdr_len_implicit, &payload_len_implicit)) {
2167 goto err; /* can't fit anything */
2171 * If using the implicit-length representation would need padding, we
2174 needs_padding_if_implicit = (h->bytes_appended + hdr_len_implicit
2175 + payload_len_implicit < min_ppl);
2178 * If there is a next stream, we don't use the implicit length so we can
2179 * add more STREAM frames after this one, unless there is enough data
2180 * for this STREAM frame to fill the packet.
2182 can_fill_payload = (hdr_len_implicit + payload_len_implicit
2186 * Is there is a stream after this one, or another chunk pending
2187 * transmission in this stream?
2189 could_have_following_chunk
2190 = (next_stream != NULL || chunks[(i + 1) % 2].valid);
2192 /* Choose between explicit or implicit length representations. */
2193 use_explicit_len = !((can_fill_payload || !could_have_following_chunk)
2194 && !needs_padding_if_implicit);
2196 if (use_explicit_len) {
2198 * Find best fit (header length, payload length) combination for if
2199 * we use an explicit length.
2201 shdr->has_explicit_len = 1;
2202 hdr_len_explicit = payload_len_explicit = 0;
2203 if (!determine_stream_len(h, shdr, space_left,
2204 &hdr_len_explicit, &payload_len_explicit)) {
2207 goto err; /* can't fit anything */
2210 shdr->len = payload_len_explicit;
2212 shdr->has_explicit_len = 0;
2213 shdr->len = payload_len_implicit;
2216 /* If this is a FIN, don't keep filling the packet with more FINs. */
2218 chunks[(i + 1) % 2].valid = 0;
2221 * We are now committed to our length (shdr->len can't change).
2222 * If we truncated the chunk, clear the FIN bit.
2224 if (shdr->len < orig_len)
2227 /* Truncate IOVs to match our chosen length. */
2228 ossl_quic_sstream_adjust_iov((size_t)shdr->len, chunks[i % 2].iov,
2229 chunks[i % 2].num_stream_iovec);
2232 * Ensure we have enough iovecs allocated (1 for the header, up to 2 for
2233 * the the stream data.)
2235 if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))
2236 goto err; /* alloc error */
2238 /* Encode the header. */
2239 wpkt = tx_helper_begin(h);
2241 goto err; /* alloc error */
2243 shdr->stream_id = id;
2244 if (!ossl_assert(ossl_quic_wire_encode_frame_stream_hdr(wpkt, shdr))) {
2245 /* (Should not be possible.) */
2246 tx_helper_rollback(h);
2249 goto err; /* can't fit */
2252 if (!tx_helper_commit(h))
2253 goto err; /* alloc error */
2255 /* Add payload iovecs to the helper (infallible). */
2256 for (j = 0; j < chunks[i % 2].num_stream_iovec; ++j)
2257 tx_helper_append_iovec(h, chunks[i % 2].iov[j].buf,
2258 chunks[i % 2].iov[j].buf_len);
2260 *have_ack_eliciting = 1;
2261 tx_helper_unrestrict(h); /* no longer need PING */
2262 if (!shdr->has_explicit_len)
2263 h->done_implicit = 1;
2265 /* Log new TXFC credit which was consumed. */
2266 if (shdr->len > 0 && shdr->offset + shdr->len > fc_new_hwm)
2267 fc_new_hwm = shdr->offset + shdr->len;
2269 /* Log chunk to TXPIM. */
2270 chunk.stream_id = shdr->stream_id;
2271 chunk.start = shdr->offset;
2272 chunk.end = shdr->offset + shdr->len - 1;
2273 chunk.has_fin = shdr->is_fin;
2274 chunk.has_stop_sending = 0;
2275 chunk.has_reset_stream = 0;
2276 if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))
2277 goto err; /* alloc error */
2279 if (shdr->len < orig_len) {
2281 * If we did not serialize all of this chunk we definitely do not
2282 * want to try the next chunk (and we must not mark the stream
2291 *new_credit_consumed = fc_new_hwm - fc_swm;
2295 static void txp_enlink_tmp(QUIC_STREAM **tmp_head, QUIC_STREAM *stream)
2297 stream->txp_next = *tmp_head;
2301 static int txp_generate_stream_related(OSSL_QUIC_TX_PACKETISER *txp,
2302 struct txp_pkt *pkt,
2304 int *have_ack_eliciting,
2305 QUIC_STREAM **tmp_head)
2307 QUIC_STREAM_ITER it;
2310 QUIC_STREAM *stream, *snext;
2311 struct tx_helper *h = &pkt->h;
2313 for (ossl_quic_stream_iter_init(&it, txp->args.qsm, 1);
2314 it.stream != NULL;) {
2317 ossl_quic_stream_iter_next(&it);
2320 stream->txp_sent_fc = 0;
2321 stream->txp_sent_stop_sending = 0;
2322 stream->txp_sent_reset_stream = 0;
2323 stream->txp_drained = 0;
2324 stream->txp_blocked = 0;
2325 stream->txp_txfc_new_credit_consumed = 0;
2327 /* Stream Abort Frames (STOP_SENDING, RESET_STREAM) */
2328 if (stream->want_stop_sending) {
2329 OSSL_QUIC_FRAME_STOP_SENDING f;
2331 wpkt = tx_helper_begin(h);
2333 return 0; /* alloc error */
2335 f.stream_id = stream->id;
2336 f.app_error_code = stream->stop_sending_aec;
2337 if (!ossl_quic_wire_encode_frame_stop_sending(wpkt, &f)) {
2338 tx_helper_rollback(h); /* can't fit */
2339 txp_enlink_tmp(tmp_head, stream);
2343 if (!tx_helper_commit(h))
2344 return 0; /* alloc error */
2346 *have_ack_eliciting = 1;
2347 tx_helper_unrestrict(h); /* no longer need PING */
2348 stream->txp_sent_stop_sending = 1;
2351 if (stream->want_reset_stream) {
2352 OSSL_QUIC_FRAME_RESET_STREAM f;
2354 if (!ossl_assert(stream->send_state == QUIC_SSTREAM_STATE_RESET_SENT))
2357 wpkt = tx_helper_begin(h);
2359 return 0; /* alloc error */
2361 f.stream_id = stream->id;
2362 f.app_error_code = stream->reset_stream_aec;
2363 if (!ossl_quic_stream_send_get_final_size(stream, &f.final_size))
2364 return 0; /* should not be possible */
2366 if (!ossl_quic_wire_encode_frame_reset_stream(wpkt, &f)) {
2367 tx_helper_rollback(h); /* can't fit */
2368 txp_enlink_tmp(tmp_head, stream);
2372 if (!tx_helper_commit(h))
2373 return 0; /* alloc error */
2375 *have_ack_eliciting = 1;
2376 tx_helper_unrestrict(h); /* no longer need PING */
2377 stream->txp_sent_reset_stream = 1;
2380 * The final size of the stream as indicated by RESET_STREAM is used
2381 * to ensure a consistent view of flow control state by both
2382 * parties; if we happen to send a RESET_STREAM that consumes more
2383 * flow control credit, make sure we account for that.
2385 if (!ossl_assert(f.final_size <= ossl_quic_txfc_get_swm(&stream->txfc)))
2388 stream->txp_txfc_new_credit_consumed
2389 = f.final_size - ossl_quic_txfc_get_swm(&stream->txfc);
2393 * Stream Flow Control Frames (MAX_STREAM_DATA)
2395 * RFC 9000 s. 13.3: "An endpoint SHOULD stop sending MAX_STREAM_DATA
2396 * frames when the receiving part of the stream enters a "Size Known" or
2397 * "Reset Recvd" state." -- In practice, RECV is the only state
2398 * in which it makes sense to generate more MAX_STREAM_DATA frames.
2400 if (stream->recv_state == QUIC_RSTREAM_STATE_RECV
2401 && (stream->want_max_stream_data
2402 || ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 0))) {
2404 wpkt = tx_helper_begin(h);
2406 return 0; /* alloc error */
2408 cwm = ossl_quic_rxfc_get_cwm(&stream->rxfc);
2410 if (!ossl_quic_wire_encode_frame_max_stream_data(wpkt, stream->id,
2412 tx_helper_rollback(h); /* can't fit */
2413 txp_enlink_tmp(tmp_head, stream);
2417 if (!tx_helper_commit(h))
2418 return 0; /* alloc error */
2420 *have_ack_eliciting = 1;
2421 tx_helper_unrestrict(h); /* no longer need PING */
2422 stream->txp_sent_fc = 1;
2426 * Stream Data Frames (STREAM)
2428 * RFC 9000 s. 3.3: A sender MUST NOT send a STREAM [...] frame for a
2429 * stream in the "Reset Sent" state [or any terminal state]. We don't
2430 * send any more STREAM frames if we are sending, have sent, or are
2431 * planning to send, RESET_STREAM. The other terminal state is Data
2432 * Recvd, but txp_generate_stream_frames() is guaranteed to generate
2433 * nothing in this case.
2435 if (ossl_quic_stream_has_send_buffer(stream)
2436 && !ossl_quic_stream_send_is_reset(stream)) {
2437 int packet_full = 0, stream_drained = 0;
2439 if (!ossl_assert(!stream->want_reset_stream))
2442 if (!txp_generate_stream_frames(txp, pkt,
2443 stream->id, stream->sstream,
2449 &stream->txp_txfc_new_credit_consumed)) {
2450 /* Fatal error (allocation, etc.) */
2451 txp_enlink_tmp(tmp_head, stream);
2456 stream->txp_drained = 1;
2459 txp_enlink_tmp(tmp_head, stream);
2464 txp_enlink_tmp(tmp_head, stream);
2470 static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp,
2471 struct txp_pkt *pkt,
2472 int chosen_for_conn_close)
2474 int rc = TXP_ERR_SUCCESS;
2475 const uint32_t enc_level = pkt->h.enc_level;
2476 const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
2477 int have_ack_eliciting = 0, done_pre_token = 0;
2478 const struct archetype_data a = pkt->geom.adata;
2480 * Cleared if we encode any non-ACK-eliciting frame type which rules out the
2481 * packet being a non-inflight frame. This means any non-ACK ACK-eliciting
2482 * frame, even PADDING frames. ACK eliciting frames always cause a packet to
2483 * become ineligible for non-inflight treatment so it is not necessary to
2484 * clear this in cases where have_ack_eliciting is set, as it is ignored in
2487 int can_be_non_inflight = 1;
2488 QUIC_CFQ_ITEM *cfq_item;
2489 QUIC_TXPIM_PKT *tpkt = NULL;
2490 struct tx_helper *h = &pkt->h;
2493 /* Maximum PN reached? */
2494 if (!ossl_quic_pn_valid(txp->next_pn[pn_space]))
2497 if (!ossl_assert(pkt->tpkt == NULL))
2500 if ((pkt->tpkt = tpkt = ossl_quic_txpim_pkt_alloc(txp->args.txpim)) == NULL)
2504 * Frame Serialization
2505 * ===================
2507 * We now serialize frames into the packet in descending order of priority.
2510 /* HANDSHAKE_DONE (Regenerate) */
2511 if (a.allow_handshake_done && txp->want_handshake_done
2512 && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_HANDSHAKE_DONE) {
2513 WPACKET *wpkt = tx_helper_begin(h);
2518 if (ossl_quic_wire_encode_frame_handshake_done(wpkt)) {
2519 tpkt->had_handshake_done_frame = 1;
2520 have_ack_eliciting = 1;
2522 if (!tx_helper_commit(h))
2525 tx_helper_unrestrict(h); /* no longer need PING */
2527 tx_helper_rollback(h);
2531 /* MAX_DATA (Regenerate) */
2533 && (txp->want_max_data
2534 || ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0))
2535 && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_DATA) {
2536 WPACKET *wpkt = tx_helper_begin(h);
2537 uint64_t cwm = ossl_quic_rxfc_get_cwm(txp->args.conn_rxfc);
2542 if (ossl_quic_wire_encode_frame_max_data(wpkt, cwm)) {
2543 tpkt->had_max_data_frame = 1;
2544 have_ack_eliciting = 1;
2546 if (!tx_helper_commit(h))
2549 tx_helper_unrestrict(h); /* no longer need PING */
2551 tx_helper_rollback(h);
2555 /* MAX_STREAMS_BIDI (Regenerate) */
2557 && (txp->want_max_streams_bidi
2558 || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 0))
2559 && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_BIDI) {
2560 WPACKET *wpkt = tx_helper_begin(h);
2561 uint64_t max_streams
2562 = ossl_quic_rxfc_get_cwm(txp->args.max_streams_bidi_rxfc);
2567 if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/0,
2569 tpkt->had_max_streams_bidi_frame = 1;
2570 have_ack_eliciting = 1;
2572 if (!tx_helper_commit(h))
2575 tx_helper_unrestrict(h); /* no longer need PING */
2577 tx_helper_rollback(h);
2581 /* MAX_STREAMS_UNI (Regenerate) */
2583 && (txp->want_max_streams_uni
2584 || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 0))
2585 && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_UNI) {
2586 WPACKET *wpkt = tx_helper_begin(h);
2587 uint64_t max_streams
2588 = ossl_quic_rxfc_get_cwm(txp->args.max_streams_uni_rxfc);
2593 if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/1,
2595 tpkt->had_max_streams_uni_frame = 1;
2596 have_ack_eliciting = 1;
2598 if (!tx_helper_commit(h))
2601 tx_helper_unrestrict(h); /* no longer need PING */
2603 tx_helper_rollback(h);
2608 for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space);
2610 cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) {
2611 uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item);
2612 const unsigned char *encoded = ossl_quic_cfq_item_get_encoded(cfq_item);
2613 size_t encoded_len = ossl_quic_cfq_item_get_encoded_len(cfq_item);
2615 switch (frame_type) {
2616 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
2617 if (!a.allow_new_conn_id)
2620 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
2621 if (!a.allow_retire_conn_id)
2624 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
2625 if (!a.allow_new_token)
2629 * NEW_TOKEN frames are handled via GCR, but some
2630 * Regenerate-strategy frames should come before them (namely
2631 * ACK, CONNECTION_CLOSE, PATH_CHALLENGE and PATH_RESPONSE). If
2632 * we find a NEW_TOKEN frame, do these now. If there are no
2633 * NEW_TOKEN frames in the GCR queue we will handle these below.
2635 if (!done_pre_token)
2636 if (txp_generate_pre_token(txp, pkt,
2637 chosen_for_conn_close,
2638 &can_be_non_inflight))
2642 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
2643 if (!a.allow_path_response)
2647 * RFC 9000 s. 8.2.2: An endpoint MUST expand datagrams that
2648 * contain a PATH_RESPONSE frame to at least the smallest
2649 * allowed maximum datagram size of 1200 bytes.
2654 if (!a.allow_cfq_other)
2660 * If the frame is too big, don't try to schedule any more GCR frames in
2661 * this packet rather than sending subsequent ones out of order.
2663 if (encoded_len > tx_helper_get_space_left(h))
2666 if (!tx_helper_append_iovec(h, encoded, encoded_len))
2669 ossl_quic_txpim_pkt_add_cfq_item(tpkt, cfq_item);
2671 if (ossl_quic_frame_type_is_ack_eliciting(frame_type)) {
2672 have_ack_eliciting = 1;
2673 tx_helper_unrestrict(h); /* no longer need PING */
2678 * If we didn't generate ACK, CONNECTION_CLOSE, PATH_CHALLENGE or
2679 * PATH_RESPONSE (as desired) before, do so now.
2681 if (!done_pre_token)
2682 if (txp_generate_pre_token(txp, pkt,
2683 chosen_for_conn_close,
2684 &can_be_non_inflight))
2689 if (!txp_generate_crypto_frames(txp, pkt, &have_ack_eliciting))
2692 /* Stream-specific frames */
2693 if (a.allow_stream_rel && txp->handshake_complete)
2694 if (!txp_generate_stream_related(txp, pkt, min_ppl,
2695 &have_ack_eliciting,
2700 tx_helper_unrestrict(h);
2702 if ((a.require_ack_eliciting
2703 || (txp->force_ack_eliciting & (1UL << pn_space)) != 0)
2704 && !have_ack_eliciting && a.allow_ping) {
2707 wpkt = tx_helper_begin(h);
2711 if (!ossl_quic_wire_encode_frame_ping(wpkt)
2712 || !tx_helper_commit(h))
2714 * We treat a request to be ACK-eliciting as a requirement, so this
2719 have_ack_eliciting = 1;
2723 if (a.allow_padding && h->bytes_appended < min_ppl) {
2724 WPACKET *wpkt = tx_helper_begin(h);
2728 if (!ossl_quic_wire_encode_padding(wpkt, min_ppl - h->bytes_appended)
2729 || !tx_helper_commit(h))
2732 can_be_non_inflight = 0;
2739 if (have_ack_eliciting)
2740 can_be_non_inflight = 0;
2743 tpkt->ackm_pkt.num_bytes = h->bytes_appended + pkt->geom.pkt_overhead;
2744 tpkt->ackm_pkt.pkt_num = txp->next_pn[pn_space];
2745 /* largest_acked is set in txp_generate_pre_token */
2746 tpkt->ackm_pkt.pkt_space = pn_space;
2747 tpkt->ackm_pkt.is_inflight = !can_be_non_inflight;
2748 tpkt->ackm_pkt.is_ack_eliciting = have_ack_eliciting;
2749 tpkt->ackm_pkt.is_pto_probe = 0;
2750 tpkt->ackm_pkt.is_mtu_probe = 0;
2751 tpkt->ackm_pkt.time = txp->args.now(txp->args.now_arg);
2758 * Handler for fatal errors, i.e. errors causing us to abort the entire
2759 * packet rather than just one frame. Examples of such errors include
2760 * allocation errors.
2763 ossl_quic_txpim_pkt_release(txp->args.txpim, tpkt);
2766 return TXP_ERR_INTERNAL;
2770 * Commits and queues a packet for transmission. There is no backing out after
2775 * - Sends the packet to the QTX for encryption and transmission;
2777 * - Records the packet as having been transmitted in FIFM. ACKM is informed,
2778 * etc. and the TXPIM record is filed.
2780 * - Informs various subsystems of frames that were sent and clears frame
2781 * wanted flags so that we do not generate the same frames again.
2785 * - pkt is a txp_pkt for the correct EL;
2787 * - pkt->tpkt is valid;
2789 * - pkt->tpkt->ackm_pkt has been fully filled in;
2791 * - Stream chunk records have been appended to pkt->tpkt for STREAM and
2792 * CRYPTO frames, but not for RESET_STREAM or STOP_SENDING frames;
2794 * - The chosen stream list for the packet can be fully walked from
2795 * pkt->stream_head using stream->txp_next;
2797 * - pkt->has_ack_eliciting is set correctly.
2800 static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp,
2801 struct txp_pkt *pkt,
2805 uint32_t enc_level = pkt->h.enc_level;
2806 uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
2807 QUIC_TXPIM_PKT *tpkt = pkt->tpkt;
2808 QUIC_STREAM *stream;
2810 struct archetype_data a;
2812 /* Cannot send a packet with an empty payload. */
2813 if (pkt->h.bytes_appended == 0)
2816 if (!txp_get_archetype_data(enc_level, archetype, &a))
2819 /* Packet Information for QTX */
2820 txpkt.hdr = &pkt->phdr;
2821 txpkt.iovec = txp->el[enc_level].iovec;
2822 txpkt.num_iovec = pkt->h.num_iovec;
2824 txpkt.peer = BIO_ADDR_family(&txp->args.peer) == AF_UNSPEC
2825 ? NULL : &txp->args.peer;
2826 txpkt.pn = txp->next_pn[pn_space];
2827 txpkt.flags = OSSL_QTX_PKT_FLAG_COALESCE; /* always try to coalesce */
2829 /* Generate TXPIM chunks representing STOP_SENDING and RESET_STREAM frames. */
2830 for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next)
2831 if (stream->txp_sent_stop_sending || stream->txp_sent_reset_stream) {
2832 /* Log STOP_SENDING/RESET_STREAM chunk to TXPIM. */
2833 QUIC_TXPIM_CHUNK chunk;
2835 chunk.stream_id = stream->id;
2836 chunk.start = UINT64_MAX;
2839 chunk.has_stop_sending = stream->txp_sent_stop_sending;
2840 chunk.has_reset_stream = stream->txp_sent_reset_stream;
2841 if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))
2842 return 0; /* alloc error */
2845 /* Dispatch to FIFD. */
2846 if (!ossl_quic_fifd_pkt_commit(&txp->fifd, tpkt))
2849 /* Send the packet. */
2850 if (!ossl_qtx_write_pkt(txp->args.qtx, &txpkt))
2854 * Post-Packet Generation Bookkeeping
2855 * ==================================
2857 * No backing out anymore - we have sent the packet and need to record this
2861 ++txp->next_pn[pn_space];
2864 * Record FC and stream abort frames as sent; deactivate streams which no
2865 * longer have anything to do.
2867 for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next) {
2868 if (stream->txp_sent_fc) {
2869 stream->want_max_stream_data = 0;
2870 ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 1);
2873 if (stream->txp_sent_stop_sending)
2874 stream->want_stop_sending = 0;
2876 if (stream->txp_sent_reset_stream)
2877 stream->want_reset_stream = 0;
2879 if (stream->txp_txfc_new_credit_consumed > 0) {
2880 if (!ossl_assert(ossl_quic_txfc_consume_credit(&stream->txfc,
2881 stream->txp_txfc_new_credit_consumed)))
2883 * Should not be possible, but we should continue with our
2884 * bookkeeping as we have already committed the packet to the
2885 * FIFD. Just change the value we return.
2889 stream->txp_txfc_new_credit_consumed = 0;
2893 * If we no longer need to generate any flow control (MAX_STREAM_DATA),
2894 * STOP_SENDING or RESET_STREAM frames, nor any STREAM frames (because
2895 * the stream is drained of data or TXFC-blocked), we can mark the
2896 * stream as inactive.
2898 ossl_quic_stream_map_update_state(txp->args.qsm, stream);
2900 if (stream->txp_drained) {
2901 assert(!ossl_quic_sstream_has_pending(stream->sstream));
2904 * Transition to DATA_SENT if stream has a final size and we have
2907 if (ossl_quic_sstream_get_final_size(stream->sstream, NULL))
2908 ossl_quic_stream_map_notify_all_data_sent(txp->args.qsm, stream);
2912 /* We have now sent the packet, so update state accordingly. */
2913 if (tpkt->ackm_pkt.is_ack_eliciting)
2914 txp->force_ack_eliciting &= ~(1UL << pn_space);
2916 if (tpkt->had_handshake_done_frame)
2917 txp->want_handshake_done = 0;
2919 if (tpkt->had_max_data_frame) {
2920 txp->want_max_data = 0;
2921 ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 1);
2924 if (tpkt->had_max_streams_bidi_frame) {
2925 txp->want_max_streams_bidi = 0;
2926 ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 1);
2929 if (tpkt->had_max_streams_uni_frame) {
2930 txp->want_max_streams_uni = 0;
2931 ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 1);
2934 if (tpkt->had_ack_frame)
2935 txp->want_ack &= ~(1UL << pn_space);
2938 * Decrement probe request counts if we have sent a packet that meets
2939 * the requirement of a probe, namely being ACK-eliciting.
2941 if (tpkt->ackm_pkt.is_ack_eliciting) {
2942 OSSL_ACKM_PROBE_INFO *probe_info
2943 = ossl_ackm_get0_probe_request(txp->args.ackm);
2945 if (enc_level == QUIC_ENC_LEVEL_INITIAL
2946 && probe_info->anti_deadlock_initial > 0)
2947 --probe_info->anti_deadlock_initial;
2949 if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE
2950 && probe_info->anti_deadlock_handshake > 0)
2951 --probe_info->anti_deadlock_handshake;
2953 if (a.allow_force_ack_eliciting /* (i.e., not for 0-RTT) */
2954 && probe_info->pto[pn_space] > 0)
2955 --probe_info->pto[pn_space];
2961 /* Ensure the iovec array is at least num elements long. */
2962 static int txp_el_ensure_iovec(struct txp_el *el, size_t num)
2964 OSSL_QTX_IOVEC *iovec;
2966 if (el->alloc_iovec >= num)
2969 num = el->alloc_iovec != 0 ? el->alloc_iovec * 2 : 8;
2971 iovec = OPENSSL_realloc(el->iovec, sizeof(OSSL_QTX_IOVEC) * num);
2976 el->alloc_iovec = num;
2980 int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp,
2981 const OSSL_QUIC_FRAME_CONN_CLOSE *f)
2983 char *reason = NULL;
2984 size_t reason_len = f->reason_len;
2985 size_t max_reason_len = txp_get_mdpl(txp) / 2;
2987 if (txp->want_conn_close)
2991 * Arbitrarily limit the length of the reason length string to half of the
2994 if (reason_len > max_reason_len)
2995 reason_len = max_reason_len;
2997 if (reason_len > 0) {
2998 reason = OPENSSL_memdup(f->reason, reason_len);
3003 txp->conn_close_frame = *f;
3004 txp->conn_close_frame.reason = reason;
3005 txp->conn_close_frame.reason_len = reason_len;
3006 txp->want_conn_close = 1;
3010 void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp,
3011 ossl_msg_cb msg_callback,
3012 SSL *msg_callback_ssl)
3014 txp->msg_callback = msg_callback;
3015 txp->msg_callback_ssl = msg_callback_ssl;
3018 void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp,
3019 void *msg_callback_arg)
3021 txp->msg_callback_arg = msg_callback_arg;
3024 QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp,
3027 if (pn_space >= QUIC_PN_SPACE_NUM)
3030 return txp->next_pn[pn_space];
3033 OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp)
3036 * TXP-specific deadline computations which rely on TXP innards. This is in
3037 * turn relied on by the QUIC_CHANNEL code to determine the channel event
3038 * handling deadline.
3040 OSSL_TIME deadline = ossl_time_infinite();
3041 uint32_t enc_level, pn_space;
3044 * ACK generation is not CC-gated - packets containing only ACKs are allowed
3045 * to bypass CC. We want to generate ACK frames even if we are currently
3046 * restricted by CC so the peer knows we have received data. The generate
3047 * call will take care of selecting the correct packet archetype.
3049 for (enc_level = QUIC_ENC_LEVEL_INITIAL;
3050 enc_level < QUIC_ENC_LEVEL_NUM;
3052 if (ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level)) {
3053 pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
3054 deadline = ossl_time_min(deadline,
3055 ossl_ackm_get_ack_deadline(txp->args.ackm, pn_space));
3058 /* When will CC let us send more? */
3059 if (txp->args.cc_method->get_tx_allowance(txp->args.cc_data) == 0)
3060 deadline = ossl_time_min(deadline,
3061 txp->args.cc_method->get_wakeup_deadline(txp->args.cc_data));