/src/openssl/ssl/quic/quic_txp.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/quic_txp.h" |
11 | | #include "internal/quic_fifd.h" |
12 | | #include "internal/quic_stream_map.h" |
13 | | #include "internal/quic_error.h" |
14 | | #include "internal/common.h" |
15 | | #include <openssl/err.h> |
16 | | |
17 | 0 | #define MIN_CRYPTO_HDR_SIZE 3 |
18 | | |
19 | 0 | #define MIN_FRAME_SIZE_HANDSHAKE_DONE 1 |
20 | 0 | #define MIN_FRAME_SIZE_MAX_DATA 2 |
21 | 0 | #define MIN_FRAME_SIZE_ACK 5 |
22 | 0 | #define MIN_FRAME_SIZE_CRYPTO (MIN_CRYPTO_HDR_SIZE + 1) |
23 | 0 | #define MIN_FRAME_SIZE_STREAM 3 /* minimum useful size (for non-FIN) */ |
24 | 0 | #define MIN_FRAME_SIZE_MAX_STREAMS_BIDI 2 |
25 | 0 | #define MIN_FRAME_SIZE_MAX_STREAMS_UNI 2 |
26 | | |
27 | | /* |
28 | | * Packet Archetypes |
29 | | * ================= |
30 | | */ |
31 | | |
32 | | /* Generate normal packets containing most frame types, subject to EL. */ |
33 | 0 | #define TX_PACKETISER_ARCHETYPE_NORMAL 0 |
34 | | |
35 | | /* |
36 | | * A probe packet is different in that: |
37 | | * - It bypasses CC, but *is* counted as in flight for purposes of CC; |
38 | | * - It must be ACK-eliciting. |
39 | | */ |
40 | 0 | #define TX_PACKETISER_ARCHETYPE_PROBE 1 |
41 | | |
42 | | /* |
43 | | * An ACK-only packet is different in that: |
44 | | * - It bypasses CC, and is considered a 'non-inflight' packet; |
45 | | * - It may not contain anything other than an ACK frame, not even padding. |
46 | | */ |
47 | 0 | #define TX_PACKETISER_ARCHETYPE_ACK_ONLY 2 |
48 | | |
49 | 0 | #define TX_PACKETISER_ARCHETYPE_NUM 3 |
50 | | |
51 | | struct ossl_quic_tx_packetiser_st { |
52 | | OSSL_QUIC_TX_PACKETISER_ARGS args; |
53 | | |
54 | | /* |
55 | | * Opaque initial token blob provided by caller. TXP frees using the |
56 | | * callback when it is no longer needed. |
57 | | */ |
58 | | const unsigned char *initial_token; |
59 | | size_t initial_token_len; |
60 | | ossl_quic_initial_token_free_fn *initial_token_free_cb; |
61 | | void *initial_token_free_cb_arg; |
62 | | |
63 | | /* Subcomponents of the TXP that we own. */ |
64 | | QUIC_FIFD fifd; /* QUIC Frame-in-Flight Dispatcher */ |
65 | | |
66 | | /* Internal state. */ |
67 | | uint64_t next_pn[QUIC_PN_SPACE_NUM]; /* Next PN to use in given PN space. */ |
68 | | OSSL_TIME last_tx_time; /* Last time a packet was generated, or 0. */ |
69 | | |
70 | | /* Internal state - frame (re)generation flags. */ |
71 | | unsigned int want_handshake_done : 1; |
72 | | unsigned int want_max_data : 1; |
73 | | unsigned int want_max_streams_bidi : 1; |
74 | | unsigned int want_max_streams_uni : 1; |
75 | | |
76 | | /* Internal state - frame (re)generation flags - per PN space. */ |
77 | | unsigned int want_ack : QUIC_PN_SPACE_NUM; |
78 | | unsigned int force_ack_eliciting : QUIC_PN_SPACE_NUM; |
79 | | |
80 | | /* |
81 | | * Internal state - connection close terminal state. |
82 | | * Once this is set, it is not unset unlike other want_ flags - we keep |
83 | | * sending it in every packet. |
84 | | */ |
85 | | unsigned int want_conn_close : 1; |
86 | | |
87 | | /* Has the handshake been completed? */ |
88 | | unsigned int handshake_complete : 1; |
89 | | |
90 | | OSSL_QUIC_FRAME_CONN_CLOSE conn_close_frame; |
91 | | |
92 | | /* |
93 | | * Counts of the number of bytes received and sent while in the closing |
94 | | * state. |
95 | | */ |
96 | | uint64_t closing_bytes_recv; |
97 | | uint64_t closing_bytes_xmit; |
98 | | |
99 | | /* Internal state - packet assembly. */ |
100 | | struct txp_el { |
101 | | unsigned char *scratch; /* scratch buffer for packet assembly */ |
102 | | size_t scratch_len; /* number of bytes allocated for scratch */ |
103 | | OSSL_QTX_IOVEC *iovec; /* scratch iovec array for use with QTX */ |
104 | | size_t alloc_iovec; /* size of iovec array */ |
105 | | } el[QUIC_ENC_LEVEL_NUM]; |
106 | | |
107 | | /* Message callback related arguments */ |
108 | | ossl_msg_cb msg_callback; |
109 | | void *msg_callback_arg; |
110 | | SSL *msg_callback_ssl; |
111 | | |
112 | | /* Callbacks. */ |
113 | | void (*ack_tx_cb)(const OSSL_QUIC_FRAME_ACK *ack, |
114 | | uint32_t pn_space, |
115 | | void *arg); |
116 | | void *ack_tx_cb_arg; |
117 | | }; |
118 | | |
119 | | /* |
120 | | * The TX helper records state used while generating frames into packets. It |
121 | | * enables serialization into the packet to be done "transactionally" where |
122 | | * serialization of a frame can be rolled back if it fails midway (e.g. if it |
123 | | * does not fit). |
124 | | */ |
125 | | struct tx_helper { |
126 | | OSSL_QUIC_TX_PACKETISER *txp; |
127 | | /* |
128 | | * The Maximum Packet Payload Length in bytes. This is the amount of |
129 | | * space we have to generate frames into. |
130 | | */ |
131 | | size_t max_ppl; |
132 | | /* |
133 | | * Number of bytes we have generated so far. |
134 | | */ |
135 | | size_t bytes_appended; |
136 | | /* |
137 | | * Number of scratch bytes in txp->scratch we have used so far. Some iovecs |
138 | | * will reference this scratch buffer. When we need to use more of it (e.g. |
139 | | * when we need to put frame headers somewhere), we append to the scratch |
140 | | * buffer, resizing if necessary, and increase this accordingly. |
141 | | */ |
142 | | size_t scratch_bytes; |
143 | | /* |
144 | | * Bytes reserved in the MaxPPL budget. We keep this number of bytes spare |
145 | | * until reserve_allowed is set to 1. Currently this is always at most 1, as |
146 | | * a PING frame takes up one byte and this mechanism is only used to ensure |
147 | | * we can encode a PING frame if we have been asked to ensure a packet is |
148 | | * ACK-eliciting and we are unusure if we are going to add any other |
149 | | * ACK-eliciting frames before we reach our MaxPPL budget. |
150 | | */ |
151 | | size_t reserve; |
152 | | /* |
153 | | * Number of iovecs we have currently appended. This is the number of |
154 | | * entries valid in txp->iovec. |
155 | | */ |
156 | | size_t num_iovec; |
157 | | /* The EL this TX helper is being used for. */ |
158 | | uint32_t enc_level; |
159 | | /* |
160 | | * Whether we are allowed to make use of the reserve bytes in our MaxPPL |
161 | | * budget. This is used to ensure we have room to append a PING frame later |
162 | | * if we need to. Once we know we will not need to append a PING frame, this |
163 | | * is set to 1. |
164 | | */ |
165 | | unsigned int reserve_allowed : 1; |
166 | | /* |
167 | | * Set to 1 if we have appended a STREAM frame with an implicit length. If |
168 | | * this happens we should never append another frame after that frame as it |
169 | | * cannot be validly encoded. This is just a safety check. |
170 | | */ |
171 | | unsigned int done_implicit : 1; |
172 | | struct { |
173 | | /* |
174 | | * The fields in this structure are valid if active is set, which means |
175 | | * that a serialization transaction is currently in progress. |
176 | | */ |
177 | | unsigned char *data; |
178 | | WPACKET wpkt; |
179 | | unsigned int active : 1; |
180 | | } txn; |
181 | | }; |
182 | | |
183 | | static void tx_helper_rollback(struct tx_helper *h); |
184 | | static int txp_el_ensure_iovec(struct txp_el *el, size_t num); |
185 | | |
186 | | /* Initialises the TX helper. */ |
187 | | static int tx_helper_init(struct tx_helper *h, OSSL_QUIC_TX_PACKETISER *txp, |
188 | | uint32_t enc_level, size_t max_ppl, size_t reserve) |
189 | 0 | { |
190 | 0 | if (reserve > max_ppl) |
191 | 0 | return 0; |
192 | | |
193 | 0 | h->txp = txp; |
194 | 0 | h->enc_level = enc_level; |
195 | 0 | h->max_ppl = max_ppl; |
196 | 0 | h->reserve = reserve; |
197 | 0 | h->num_iovec = 0; |
198 | 0 | h->bytes_appended = 0; |
199 | 0 | h->scratch_bytes = 0; |
200 | 0 | h->reserve_allowed = 0; |
201 | 0 | h->done_implicit = 0; |
202 | 0 | h->txn.data = NULL; |
203 | 0 | h->txn.active = 0; |
204 | |
|
205 | 0 | if (max_ppl > h->txp->el[enc_level].scratch_len) { |
206 | 0 | unsigned char *scratch; |
207 | |
|
208 | 0 | scratch = OPENSSL_realloc(h->txp->el[enc_level].scratch, max_ppl); |
209 | 0 | if (scratch == NULL) |
210 | 0 | return 0; |
211 | | |
212 | 0 | h->txp->el[enc_level].scratch = scratch; |
213 | 0 | h->txp->el[enc_level].scratch_len = max_ppl; |
214 | 0 | } |
215 | | |
216 | 0 | return 1; |
217 | 0 | } |
218 | | |
219 | | static void tx_helper_cleanup(struct tx_helper *h) |
220 | 0 | { |
221 | 0 | if (h->txn.active) |
222 | 0 | tx_helper_rollback(h); |
223 | |
|
224 | 0 | h->txp = NULL; |
225 | 0 | } |
226 | | |
227 | | static void tx_helper_unrestrict(struct tx_helper *h) |
228 | 0 | { |
229 | 0 | h->reserve_allowed = 1; |
230 | 0 | } |
231 | | |
232 | | /* |
233 | | * Append an extent of memory to the iovec list. The memory must remain |
234 | | * allocated until we finish generating the packet and call the QTX. |
235 | | * |
236 | | * In general, the buffers passed to this function will be from one of two |
237 | | * ranges: |
238 | | * |
239 | | * - Application data contained in stream buffers managed elsewhere |
240 | | * in the QUIC stack; or |
241 | | * |
242 | | * - Control frame data appended into txp->scratch using tx_helper_begin and |
243 | | * tx_helper_commit. |
244 | | * |
245 | | */ |
246 | | static int tx_helper_append_iovec(struct tx_helper *h, |
247 | | const unsigned char *buf, |
248 | | size_t buf_len) |
249 | 0 | { |
250 | 0 | struct txp_el *el = &h->txp->el[h->enc_level]; |
251 | |
|
252 | 0 | if (buf_len == 0) |
253 | 0 | return 1; |
254 | | |
255 | 0 | if (!ossl_assert(!h->done_implicit)) |
256 | 0 | return 0; |
257 | | |
258 | 0 | if (!txp_el_ensure_iovec(el, h->num_iovec + 1)) |
259 | 0 | return 0; |
260 | | |
261 | 0 | el->iovec[h->num_iovec].buf = buf; |
262 | 0 | el->iovec[h->num_iovec].buf_len = buf_len; |
263 | |
|
264 | 0 | ++h->num_iovec; |
265 | 0 | h->bytes_appended += buf_len; |
266 | 0 | return 1; |
267 | 0 | } |
268 | | |
269 | | /* |
270 | | * How many more bytes of space do we have left in our plaintext packet payload? |
271 | | */ |
272 | | static size_t tx_helper_get_space_left(struct tx_helper *h) |
273 | 0 | { |
274 | 0 | return h->max_ppl |
275 | 0 | - (h->reserve_allowed ? 0 : h->reserve) - h->bytes_appended; |
276 | 0 | } |
277 | | |
278 | | /* |
279 | | * Begin a control frame serialization transaction. This allows the |
280 | | * serialization of the control frame to be backed out if it turns out it won't |
281 | | * fit. Write the control frame to the returned WPACKET. Ensure you always |
282 | | * call tx_helper_rollback or tx_helper_commit (or tx_helper_cleanup). Returns |
283 | | * NULL on failure. |
284 | | */ |
285 | | static WPACKET *tx_helper_begin(struct tx_helper *h) |
286 | 0 | { |
287 | 0 | size_t space_left, len; |
288 | 0 | unsigned char *data; |
289 | 0 | struct txp_el *el = &h->txp->el[h->enc_level]; |
290 | |
|
291 | 0 | if (!ossl_assert(!h->txn.active)) |
292 | 0 | return NULL; |
293 | | |
294 | 0 | if (!ossl_assert(!h->done_implicit)) |
295 | 0 | return NULL; |
296 | | |
297 | 0 | data = (unsigned char *)el->scratch + h->scratch_bytes; |
298 | 0 | len = el->scratch_len - h->scratch_bytes; |
299 | |
|
300 | 0 | space_left = tx_helper_get_space_left(h); |
301 | 0 | if (!ossl_assert(space_left <= len)) |
302 | 0 | return NULL; |
303 | | |
304 | 0 | if (!WPACKET_init_static_len(&h->txn.wpkt, data, len, 0)) |
305 | 0 | return NULL; |
306 | | |
307 | 0 | if (!WPACKET_set_max_size(&h->txn.wpkt, space_left)) { |
308 | 0 | WPACKET_cleanup(&h->txn.wpkt); |
309 | 0 | return NULL; |
310 | 0 | } |
311 | | |
312 | 0 | h->txn.data = data; |
313 | 0 | h->txn.active = 1; |
314 | 0 | return &h->txn.wpkt; |
315 | 0 | } |
316 | | |
317 | | static void tx_helper_end(struct tx_helper *h, int success) |
318 | 0 | { |
319 | 0 | if (success) |
320 | 0 | WPACKET_finish(&h->txn.wpkt); |
321 | 0 | else |
322 | 0 | WPACKET_cleanup(&h->txn.wpkt); |
323 | |
|
324 | 0 | h->txn.active = 0; |
325 | 0 | h->txn.data = NULL; |
326 | 0 | } |
327 | | |
328 | | /* Abort a control frame serialization transaction. */ |
329 | | static void tx_helper_rollback(struct tx_helper *h) |
330 | 0 | { |
331 | 0 | if (!h->txn.active) |
332 | 0 | return; |
333 | | |
334 | 0 | tx_helper_end(h, 0); |
335 | 0 | } |
336 | | |
337 | | /* Commit a control frame. */ |
338 | | static int tx_helper_commit(struct tx_helper *h) |
339 | 0 | { |
340 | 0 | size_t l = 0; |
341 | |
|
342 | 0 | if (!h->txn.active) |
343 | 0 | return 0; |
344 | | |
345 | 0 | if (!WPACKET_get_total_written(&h->txn.wpkt, &l)) { |
346 | 0 | tx_helper_end(h, 0); |
347 | 0 | return 0; |
348 | 0 | } |
349 | | |
350 | 0 | if (!tx_helper_append_iovec(h, h->txn.data, l)) { |
351 | 0 | tx_helper_end(h, 0); |
352 | 0 | return 0; |
353 | 0 | } |
354 | | |
355 | 0 | if (h->txp->msg_callback != NULL && l > 0) { |
356 | 0 | uint64_t ftype; |
357 | 0 | int ctype = SSL3_RT_QUIC_FRAME_FULL; |
358 | 0 | PACKET pkt; |
359 | |
|
360 | 0 | if (!PACKET_buf_init(&pkt, h->txn.data, l) |
361 | 0 | || !ossl_quic_wire_peek_frame_header(&pkt, &ftype, NULL)) { |
362 | 0 | tx_helper_end(h, 0); |
363 | 0 | return 0; |
364 | 0 | } |
365 | | |
366 | 0 | if (ftype == OSSL_QUIC_FRAME_TYPE_PADDING) |
367 | 0 | ctype = SSL3_RT_QUIC_FRAME_PADDING; |
368 | 0 | else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(ftype) |
369 | 0 | || ftype == OSSL_QUIC_FRAME_TYPE_CRYPTO) |
370 | 0 | ctype = SSL3_RT_QUIC_FRAME_HEADER; |
371 | |
|
372 | 0 | h->txp->msg_callback(1, OSSL_QUIC1_VERSION, ctype, h->txn.data, l, |
373 | 0 | h->txp->msg_callback_ssl, |
374 | 0 | h->txp->msg_callback_arg); |
375 | 0 | } |
376 | | |
377 | 0 | h->scratch_bytes += l; |
378 | 0 | tx_helper_end(h, 1); |
379 | 0 | return 1; |
380 | 0 | } |
381 | | |
382 | | struct archetype_data { |
383 | | unsigned int allow_ack : 1; |
384 | | unsigned int allow_ping : 1; |
385 | | unsigned int allow_crypto : 1; |
386 | | unsigned int allow_handshake_done : 1; |
387 | | unsigned int allow_path_challenge : 1; |
388 | | unsigned int allow_path_response : 1; |
389 | | unsigned int allow_new_conn_id : 1; |
390 | | unsigned int allow_retire_conn_id : 1; |
391 | | unsigned int allow_stream_rel : 1; |
392 | | unsigned int allow_conn_fc : 1; |
393 | | unsigned int allow_conn_close : 1; |
394 | | unsigned int allow_cfq_other : 1; |
395 | | unsigned int allow_new_token : 1; |
396 | | unsigned int allow_force_ack_eliciting : 1; |
397 | | unsigned int allow_padding : 1; |
398 | | unsigned int require_ack_eliciting : 1; |
399 | | unsigned int bypass_cc : 1; |
400 | | }; |
401 | | |
402 | | struct txp_pkt_geom { |
403 | | size_t cmpl, cmppl, hwm, pkt_overhead; |
404 | | uint32_t archetype; |
405 | | struct archetype_data adata; |
406 | | }; |
407 | | |
408 | | struct txp_pkt { |
409 | | struct tx_helper h; |
410 | | int h_valid; |
411 | | QUIC_TXPIM_PKT *tpkt; |
412 | | QUIC_STREAM *stream_head; |
413 | | QUIC_PKT_HDR phdr; |
414 | | struct txp_pkt_geom geom; |
415 | | int force_pad; |
416 | | }; |
417 | | |
418 | | static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space, |
419 | | void *arg); |
420 | | static void on_regen_notify(uint64_t frame_type, uint64_t stream_id, |
421 | | QUIC_TXPIM_PKT *pkt, void *arg); |
422 | | static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id, |
423 | | QUIC_TXPIM_PKT *pkt, void *arg); |
424 | | static void on_sstream_updated(uint64_t stream_id, void *arg); |
425 | | static int sstream_is_pending(QUIC_SSTREAM *sstream); |
426 | | static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp, |
427 | | uint32_t enc_level, |
428 | | uint32_t archetype, |
429 | | uint64_t cc_limit, |
430 | | uint32_t *conn_close_enc_level); |
431 | | static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp); |
432 | | static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp, |
433 | | size_t pl, |
434 | | uint32_t enc_level, |
435 | | size_t hdr_len, |
436 | | size_t *r); |
437 | | static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp); |
438 | | static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp, |
439 | | struct txp_pkt *pkt, |
440 | | int chosen_for_conn_close); |
441 | | static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp, |
442 | | uint32_t enc_level, uint32_t archetype, |
443 | | size_t running_total); |
444 | | static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp); |
445 | | static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt, |
446 | | OSSL_QUIC_TX_PACKETISER *txp); |
447 | | static int txp_pkt_append_padding(struct txp_pkt *pkt, |
448 | | OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes); |
449 | | static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp, struct txp_pkt *pkt, |
450 | | uint32_t archetype, int *txpim_pkt_reffed); |
451 | | static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp, |
452 | | uint64_t cc_limit); |
453 | | |
454 | | OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args) |
455 | 0 | { |
456 | 0 | OSSL_QUIC_TX_PACKETISER *txp; |
457 | |
|
458 | 0 | if (args == NULL |
459 | 0 | || args->qtx == NULL |
460 | 0 | || args->txpim == NULL |
461 | 0 | || args->cfq == NULL |
462 | 0 | || args->ackm == NULL |
463 | 0 | || args->qsm == NULL |
464 | 0 | || args->conn_txfc == NULL |
465 | 0 | || args->conn_rxfc == NULL |
466 | 0 | || args->max_streams_bidi_rxfc == NULL |
467 | 0 | || args->max_streams_uni_rxfc == NULL) { |
468 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
469 | 0 | return NULL; |
470 | 0 | } |
471 | | |
472 | 0 | txp = OPENSSL_zalloc(sizeof(*txp)); |
473 | 0 | if (txp == NULL) |
474 | 0 | return NULL; |
475 | | |
476 | 0 | txp->args = *args; |
477 | 0 | txp->last_tx_time = ossl_time_zero(); |
478 | |
|
479 | 0 | if (!ossl_quic_fifd_init(&txp->fifd, |
480 | 0 | txp->args.cfq, txp->args.ackm, txp->args.txpim, |
481 | 0 | get_sstream_by_id, txp, |
482 | 0 | on_regen_notify, txp, |
483 | 0 | on_confirm_notify, txp, |
484 | 0 | on_sstream_updated, txp)) { |
485 | 0 | OPENSSL_free(txp); |
486 | 0 | return NULL; |
487 | 0 | } |
488 | | |
489 | 0 | return txp; |
490 | 0 | } |
491 | | |
492 | | void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp) |
493 | 0 | { |
494 | 0 | uint32_t enc_level; |
495 | |
|
496 | 0 | if (txp == NULL) |
497 | 0 | return; |
498 | | |
499 | 0 | ossl_quic_tx_packetiser_set_initial_token(txp, NULL, 0, NULL, NULL); |
500 | 0 | ossl_quic_fifd_cleanup(&txp->fifd); |
501 | 0 | OPENSSL_free(txp->conn_close_frame.reason); |
502 | |
|
503 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
504 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
505 | 0 | ++enc_level) { |
506 | 0 | OPENSSL_free(txp->el[enc_level].iovec); |
507 | 0 | OPENSSL_free(txp->el[enc_level].scratch); |
508 | 0 | } |
509 | |
|
510 | 0 | OPENSSL_free(txp); |
511 | 0 | } |
512 | | |
513 | | void ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp, |
514 | | const unsigned char *token, |
515 | | size_t token_len, |
516 | | ossl_quic_initial_token_free_fn *free_cb, |
517 | | void *free_cb_arg) |
518 | 0 | { |
519 | 0 | if (txp->initial_token != NULL && txp->initial_token_free_cb != NULL) |
520 | 0 | txp->initial_token_free_cb(txp->initial_token, txp->initial_token_len, |
521 | 0 | txp->initial_token_free_cb_arg); |
522 | |
|
523 | 0 | txp->initial_token = token; |
524 | 0 | txp->initial_token_len = token_len; |
525 | 0 | txp->initial_token_free_cb = free_cb; |
526 | 0 | txp->initial_token_free_cb_arg = free_cb_arg; |
527 | 0 | } |
528 | | |
529 | | int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp, |
530 | | const QUIC_CONN_ID *dcid) |
531 | 0 | { |
532 | 0 | if (dcid == NULL) { |
533 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
534 | 0 | return 0; |
535 | 0 | } |
536 | | |
537 | 0 | txp->args.cur_dcid = *dcid; |
538 | 0 | return 1; |
539 | 0 | } |
540 | | |
541 | | int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp, |
542 | | const QUIC_CONN_ID *scid) |
543 | 0 | { |
544 | 0 | if (scid == NULL) { |
545 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
546 | 0 | return 0; |
547 | 0 | } |
548 | | |
549 | 0 | txp->args.cur_scid = *scid; |
550 | 0 | return 1; |
551 | 0 | } |
552 | | |
553 | | /* Change the destination L4 address the TXP uses to send datagrams. */ |
554 | | int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp, |
555 | | const BIO_ADDR *peer) |
556 | 0 | { |
557 | 0 | if (peer == NULL) { |
558 | 0 | BIO_ADDR_clear(&txp->args.peer); |
559 | 0 | return 1; |
560 | 0 | } |
561 | | |
562 | 0 | txp->args.peer = *peer; |
563 | 0 | return 1; |
564 | 0 | } |
565 | | |
566 | | void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp, |
567 | | void (*cb)(const OSSL_QUIC_FRAME_ACK *ack, |
568 | | uint32_t pn_space, |
569 | | void *arg), |
570 | | void *cb_arg) |
571 | 0 | { |
572 | 0 | txp->ack_tx_cb = cb; |
573 | 0 | txp->ack_tx_cb_arg = cb_arg; |
574 | 0 | } |
575 | | |
576 | | int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp, |
577 | | uint32_t enc_level) |
578 | 0 | { |
579 | 0 | if (enc_level >= QUIC_ENC_LEVEL_NUM) { |
580 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); |
581 | 0 | return 0; |
582 | 0 | } |
583 | | |
584 | 0 | if (enc_level != QUIC_ENC_LEVEL_0RTT) |
585 | 0 | txp->args.crypto[ossl_quic_enc_level_to_pn_space(enc_level)] = NULL; |
586 | |
|
587 | 0 | return 1; |
588 | 0 | } |
589 | | |
590 | | void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp) |
591 | 0 | { |
592 | 0 | txp->handshake_complete = 1; |
593 | 0 | } |
594 | | |
595 | | void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp) |
596 | 0 | { |
597 | 0 | txp->want_handshake_done = 1; |
598 | 0 | } |
599 | | |
600 | | void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp, |
601 | | uint32_t pn_space) |
602 | 0 | { |
603 | 0 | txp->force_ack_eliciting |= (1UL << pn_space); |
604 | 0 | } |
605 | | |
606 | | void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp, |
607 | | uint32_t pn_space) |
608 | 0 | { |
609 | 0 | txp->want_ack |= (1UL << pn_space); |
610 | 0 | } |
611 | | |
612 | 0 | #define TXP_ERR_INTERNAL 0 /* Internal (e.g. alloc) error */ |
613 | 0 | #define TXP_ERR_SUCCESS 1 /* Success */ |
614 | | #define TXP_ERR_SPACE 2 /* Not enough room for another packet */ |
615 | | #define TXP_ERR_INPUT 3 /* Invalid/malformed input */ |
616 | | |
617 | | /* |
618 | | * Generates a datagram by polling the various ELs to determine if they want to |
619 | | * generate any frames, and generating a datagram which coalesces packets for |
620 | | * any ELs which do. |
621 | | */ |
622 | | int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, |
623 | | QUIC_TXP_STATUS *status) |
624 | 0 | { |
625 | | /* |
626 | | * Called to generate one or more datagrams, each containing one or more |
627 | | * packets. |
628 | | * |
629 | | * There are some tricky things to note here: |
630 | | * |
631 | | * - The TXP is only concerned with generating encrypted packets; |
632 | | * other packets use a different path. |
633 | | * |
634 | | * - Any datagram containing an Initial packet must have a payload length |
635 | | * (DPL) of at least 1200 bytes. This padding need not necessarily be |
636 | | * found in the Initial packet. |
637 | | * |
638 | | * - It is desirable to be able to coalesce an Initial packet |
639 | | * with a Handshake packet. Since, before generating the Handshake |
640 | | * packet, we do not know how long it will be, we cannot know the |
641 | | * correct amount of padding to ensure a DPL of at least 1200 bytes. |
642 | | * Thus this padding must added to the Handshake packet (or whatever |
643 | | * packet is the last in the datagram). |
644 | | * |
645 | | * - However, at the time that we generate the Initial packet, |
646 | | * we do not actually know for sure that we will be followed |
647 | | * in the datagram by another packet. For example, suppose we have |
648 | | * some queued data (e.g. crypto stream data for the HANDSHAKE EL) |
649 | | * it looks like we will want to send on the HANDSHAKE EL. |
650 | | * We could assume padding will be placed in the Handshake packet |
651 | | * subsequently and avoid adding any padding to the Initial packet |
652 | | * (which would leave no room for the Handshake packet in the |
653 | | * datagram). |
654 | | * |
655 | | * However, this is not actually a safe assumption. Suppose that we |
656 | | * are using a link with a MDPL of 1200 bytes, the minimum allowed by |
657 | | * QUIC. Suppose that the Initial packet consumes 1195 bytes in total. |
658 | | * Since it is not possible to fit a Handshake packet in just 5 bytes, |
659 | | * upon trying to add a Handshake packet after generating the Initial |
660 | | * packet, we will discover we have no room to fit it! This is not a |
661 | | * problem in itself as another datagram can be sent subsequently, but |
662 | | * it is a problem because we were counting to use that packet to hold |
663 | | * the essential padding. But if we have already finished encrypting |
664 | | * the Initial packet, we cannot go and add padding to it anymore. |
665 | | * This leaves us stuck. |
666 | | * |
667 | | * Because of this, we have to plan multiple packets simultaneously, such |
668 | | * that we can start generating a Handshake (or 0-RTT or 1-RTT, or so on) |
669 | | * packet while still having the option to go back and add padding to the |
670 | | * Initial packet if it turns out to be needed. |
671 | | * |
672 | | * Trying to predict ahead of time (e.g. during Initial packet generation) |
673 | | * whether we will successfully generate a subsequent packet is fraught with |
674 | | * error as it relies on a large number of variables: |
675 | | * |
676 | | * - Do we have room to fit a packet header? (Consider that due to |
677 | | * variable-length integer encoding this is highly variable and can even |
678 | | * depend on payload length due to a variable-length Length field.) |
679 | | * |
680 | | * - Can we fit even a single one of the frames we want to put in this |
681 | | * packet in the packet? (Each frame type has a bespoke encoding. While |
682 | | * our encodings of some frame types are adaptive based on the available |
683 | | * room - e.g. STREAM frames - ultimately all frame types have some |
684 | | * absolute minimum number of bytes to be successfully encoded. For |
685 | | * example, if after an Initial packet there is enough room to encode |
686 | | * only one byte of frame data, it is quite likely we can't send any of |
687 | | * the frames we wanted to send.) While this is not strictly a problem |
688 | | * because we could just fill the packet with padding frames, this is a |
689 | | * pointless packet and is wasteful. |
690 | | * |
691 | | * Thus we adopt a multi-phase architecture: |
692 | | * |
693 | | * 1. Archetype Selection: Determine desired packet archetype. |
694 | | * |
695 | | * 2. Packet Staging: Generation of packet information and packet payload |
696 | | * data (frame data) into staging areas. |
697 | | * |
698 | | * 3. Packet Adjustment: Adjustment of staged packets, adding padding to |
699 | | * the staged packets if needed. |
700 | | * |
701 | | * 4. Commit: The packets are sent to the QTX and recorded as having been |
702 | | * sent to the FIFM. |
703 | | * |
704 | | */ |
705 | 0 | int res = 0, rc; |
706 | 0 | uint32_t archetype, enc_level; |
707 | 0 | uint32_t conn_close_enc_level = QUIC_ENC_LEVEL_NUM; |
708 | 0 | struct txp_pkt pkt[QUIC_ENC_LEVEL_NUM]; |
709 | 0 | size_t pkts_done = 0; |
710 | 0 | uint64_t cc_limit = txp->args.cc_method->get_tx_allowance(txp->args.cc_data); |
711 | 0 | int need_padding = 0, txpim_pkt_reffed; |
712 | |
|
713 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
714 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
715 | 0 | ++enc_level) |
716 | 0 | pkt[enc_level].h_valid = 0; |
717 | |
|
718 | 0 | memset(status, 0, sizeof(*status)); |
719 | | |
720 | | /* |
721 | | * Should not be needed, but a sanity check in case anyone else has been |
722 | | * using the QTX. |
723 | | */ |
724 | 0 | ossl_qtx_finish_dgram(txp->args.qtx); |
725 | | |
726 | | /* 1. Archetype Selection */ |
727 | 0 | archetype = txp_determine_archetype(txp, cc_limit); |
728 | | |
729 | | /* 2. Packet Staging */ |
730 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
731 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
732 | 0 | ++enc_level) { |
733 | 0 | size_t running_total = (enc_level > QUIC_ENC_LEVEL_INITIAL) |
734 | 0 | ? pkt[enc_level - 1].geom.hwm : 0; |
735 | |
|
736 | 0 | pkt[enc_level].geom.hwm = running_total; |
737 | |
|
738 | 0 | if (!txp_should_try_staging(txp, enc_level, archetype, cc_limit, |
739 | 0 | &conn_close_enc_level)) |
740 | 0 | continue; |
741 | | |
742 | 0 | if (!txp_pkt_init(&pkt[enc_level], txp, enc_level, archetype, |
743 | 0 | running_total)) |
744 | | /* |
745 | | * If this fails this is not a fatal error - it means the geometry |
746 | | * planning determined there was not enough space for another |
747 | | * packet. So just proceed with what we've already planned for. |
748 | | */ |
749 | 0 | break; |
750 | | |
751 | 0 | rc = txp_generate_for_el(txp, &pkt[enc_level], |
752 | 0 | conn_close_enc_level == enc_level); |
753 | 0 | if (rc != TXP_ERR_SUCCESS) |
754 | 0 | goto out; |
755 | | |
756 | 0 | if (pkt[enc_level].force_pad) |
757 | | /* |
758 | | * txp_generate_for_el emitted a frame which forces packet padding. |
759 | | */ |
760 | 0 | need_padding = 1; |
761 | |
|
762 | 0 | pkt[enc_level].geom.hwm = running_total |
763 | 0 | + pkt[enc_level].h.bytes_appended |
764 | 0 | + pkt[enc_level].geom.pkt_overhead; |
765 | 0 | } |
766 | | |
767 | | /* 3. Packet Adjustment */ |
768 | 0 | if (pkt[QUIC_ENC_LEVEL_INITIAL].h_valid |
769 | 0 | && pkt[QUIC_ENC_LEVEL_INITIAL].h.bytes_appended > 0) |
770 | | /* |
771 | | * We have an Initial packet in this datagram, so we need to make sure |
772 | | * the total size of the datagram is adequate. |
773 | | */ |
774 | 0 | need_padding = 1; |
775 | |
|
776 | 0 | if (need_padding) { |
777 | 0 | size_t total_dgram_size = 0; |
778 | 0 | const size_t min_dpl = QUIC_MIN_INITIAL_DGRAM_LEN; |
779 | 0 | uint32_t first_el = QUIC_ENC_LEVEL_NUM; |
780 | |
|
781 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
782 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
783 | 0 | ++enc_level) |
784 | 0 | if (pkt[enc_level].h_valid && pkt[enc_level].h.bytes_appended > 0) { |
785 | 0 | if (first_el == QUIC_ENC_LEVEL_NUM) |
786 | 0 | first_el = enc_level; |
787 | |
|
788 | 0 | txp_pkt_postgen_update_pkt_overhead(&pkt[enc_level], txp); |
789 | 0 | total_dgram_size += pkt[enc_level].geom.pkt_overhead |
790 | 0 | + pkt[enc_level].h.bytes_appended; |
791 | 0 | } |
792 | |
|
793 | 0 | if (first_el != QUIC_ENC_LEVEL_NUM |
794 | 0 | && total_dgram_size < min_dpl) { |
795 | 0 | size_t deficit = min_dpl - total_dgram_size; |
796 | |
|
797 | 0 | if (!txp_pkt_append_padding(&pkt[first_el], txp, deficit)) |
798 | 0 | goto out; |
799 | 0 | } |
800 | 0 | } |
801 | | |
802 | | /* 4. Commit */ |
803 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
804 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
805 | 0 | ++enc_level) { |
806 | |
|
807 | 0 | if (!pkt[enc_level].h_valid) |
808 | | /* Did not attempt to generate a packet for this EL. */ |
809 | 0 | continue; |
810 | | |
811 | 0 | if (pkt[enc_level].h.bytes_appended == 0) |
812 | | /* Nothing was generated for this EL, so skip. */ |
813 | 0 | continue; |
814 | | |
815 | 0 | rc = txp_pkt_commit(txp, &pkt[enc_level], archetype, |
816 | 0 | &txpim_pkt_reffed); |
817 | 0 | if (rc) |
818 | 0 | status->sent_ack_eliciting |
819 | 0 | = status->sent_ack_eliciting |
820 | 0 | || pkt[enc_level].tpkt->ackm_pkt.is_ack_eliciting; |
821 | |
|
822 | 0 | if (txpim_pkt_reffed) |
823 | 0 | pkt[enc_level].tpkt = NULL; /* don't free */ |
824 | |
|
825 | 0 | if (!rc) |
826 | 0 | goto out; |
827 | | |
828 | 0 | ++pkts_done; |
829 | 0 | } |
830 | | |
831 | 0 | status->sent_handshake |
832 | 0 | = (pkt[QUIC_ENC_LEVEL_HANDSHAKE].h_valid |
833 | 0 | && pkt[QUIC_ENC_LEVEL_HANDSHAKE].h.bytes_appended > 0); |
834 | | |
835 | | /* Flush & Cleanup */ |
836 | 0 | res = 1; |
837 | 0 | out: |
838 | 0 | ossl_qtx_finish_dgram(txp->args.qtx); |
839 | |
|
840 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
841 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
842 | 0 | ++enc_level) |
843 | 0 | txp_pkt_cleanup(&pkt[enc_level], txp); |
844 | |
|
845 | 0 | status->sent_pkt = pkts_done; |
846 | |
|
847 | 0 | return res; |
848 | 0 | } |
849 | | |
850 | | static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_ARCHETYPE_NUM] = { |
851 | | /* EL 0(INITIAL) */ |
852 | | { |
853 | | /* EL 0(INITIAL) - Archetype 0(NORMAL) */ |
854 | | { |
855 | | /*allow_ack =*/ 1, |
856 | | /*allow_ping =*/ 1, |
857 | | /*allow_crypto =*/ 1, |
858 | | /*allow_handshake_done =*/ 0, |
859 | | /*allow_path_challenge =*/ 0, |
860 | | /*allow_path_response =*/ 0, |
861 | | /*allow_new_conn_id =*/ 0, |
862 | | /*allow_retire_conn_id =*/ 0, |
863 | | /*allow_stream_rel =*/ 0, |
864 | | /*allow_conn_fc =*/ 0, |
865 | | /*allow_conn_close =*/ 1, |
866 | | /*allow_cfq_other =*/ 0, |
867 | | /*allow_new_token =*/ 0, |
868 | | /*allow_force_ack_eliciting =*/ 1, |
869 | | /*allow_padding =*/ 1, |
870 | | /*require_ack_eliciting =*/ 0, |
871 | | /*bypass_cc =*/ 0, |
872 | | }, |
873 | | /* EL 0(INITIAL) - Archetype 1(PROBE) */ |
874 | | { |
875 | | /*allow_ack =*/ 1, |
876 | | /*allow_ping =*/ 1, |
877 | | /*allow_crypto =*/ 1, |
878 | | /*allow_handshake_done =*/ 0, |
879 | | /*allow_path_challenge =*/ 0, |
880 | | /*allow_path_response =*/ 0, |
881 | | /*allow_new_conn_id =*/ 0, |
882 | | /*allow_retire_conn_id =*/ 0, |
883 | | /*allow_stream_rel =*/ 0, |
884 | | /*allow_conn_fc =*/ 0, |
885 | | /*allow_conn_close =*/ 1, |
886 | | /*allow_cfq_other =*/ 0, |
887 | | /*allow_new_token =*/ 0, |
888 | | /*allow_force_ack_eliciting =*/ 1, |
889 | | /*allow_padding =*/ 1, |
890 | | /*require_ack_eliciting =*/ 1, |
891 | | /*bypass_cc =*/ 1, |
892 | | }, |
893 | | /* EL 0(INITIAL) - Archetype 2(ACK_ONLY) */ |
894 | | { |
895 | | /*allow_ack =*/ 1, |
896 | | /*allow_ping =*/ 0, |
897 | | /*allow_crypto =*/ 0, |
898 | | /*allow_handshake_done =*/ 0, |
899 | | /*allow_path_challenge =*/ 0, |
900 | | /*allow_path_response =*/ 0, |
901 | | /*allow_new_conn_id =*/ 0, |
902 | | /*allow_retire_conn_id =*/ 0, |
903 | | /*allow_stream_rel =*/ 0, |
904 | | /*allow_conn_fc =*/ 0, |
905 | | /*allow_conn_close =*/ 0, |
906 | | /*allow_cfq_other =*/ 0, |
907 | | /*allow_new_token =*/ 0, |
908 | | /*allow_force_ack_eliciting =*/ 1, |
909 | | /*allow_padding =*/ 0, |
910 | | /*require_ack_eliciting =*/ 0, |
911 | | /*bypass_cc =*/ 1, |
912 | | }, |
913 | | }, |
914 | | /* EL 1(HANDSHAKE) */ |
915 | | { |
916 | | /* EL 1(HANDSHAKE) - Archetype 0(NORMAL) */ |
917 | | { |
918 | | /*allow_ack =*/ 1, |
919 | | /*allow_ping =*/ 1, |
920 | | /*allow_crypto =*/ 1, |
921 | | /*allow_handshake_done =*/ 0, |
922 | | /*allow_path_challenge =*/ 0, |
923 | | /*allow_path_response =*/ 0, |
924 | | /*allow_new_conn_id =*/ 0, |
925 | | /*allow_retire_conn_id =*/ 0, |
926 | | /*allow_stream_rel =*/ 0, |
927 | | /*allow_conn_fc =*/ 0, |
928 | | /*allow_conn_close =*/ 1, |
929 | | /*allow_cfq_other =*/ 0, |
930 | | /*allow_new_token =*/ 0, |
931 | | /*allow_force_ack_eliciting =*/ 1, |
932 | | /*allow_padding =*/ 1, |
933 | | /*require_ack_eliciting =*/ 0, |
934 | | /*bypass_cc =*/ 0, |
935 | | }, |
936 | | /* EL 1(HANDSHAKE) - Archetype 1(PROBE) */ |
937 | | { |
938 | | /*allow_ack =*/ 1, |
939 | | /*allow_ping =*/ 1, |
940 | | /*allow_crypto =*/ 1, |
941 | | /*allow_handshake_done =*/ 0, |
942 | | /*allow_path_challenge =*/ 0, |
943 | | /*allow_path_response =*/ 0, |
944 | | /*allow_new_conn_id =*/ 0, |
945 | | /*allow_retire_conn_id =*/ 0, |
946 | | /*allow_stream_rel =*/ 0, |
947 | | /*allow_conn_fc =*/ 0, |
948 | | /*allow_conn_close =*/ 1, |
949 | | /*allow_cfq_other =*/ 0, |
950 | | /*allow_new_token =*/ 0, |
951 | | /*allow_force_ack_eliciting =*/ 1, |
952 | | /*allow_padding =*/ 1, |
953 | | /*require_ack_eliciting =*/ 1, |
954 | | /*bypass_cc =*/ 1, |
955 | | }, |
956 | | /* EL 1(HANDSHAKE) - Archetype 2(ACK_ONLY) */ |
957 | | { |
958 | | /*allow_ack =*/ 1, |
959 | | /*allow_ping =*/ 0, |
960 | | /*allow_crypto =*/ 0, |
961 | | /*allow_handshake_done =*/ 0, |
962 | | /*allow_path_challenge =*/ 0, |
963 | | /*allow_path_response =*/ 0, |
964 | | /*allow_new_conn_id =*/ 0, |
965 | | /*allow_retire_conn_id =*/ 0, |
966 | | /*allow_stream_rel =*/ 0, |
967 | | /*allow_conn_fc =*/ 0, |
968 | | /*allow_conn_close =*/ 0, |
969 | | /*allow_cfq_other =*/ 0, |
970 | | /*allow_new_token =*/ 0, |
971 | | /*allow_force_ack_eliciting =*/ 1, |
972 | | /*allow_padding =*/ 0, |
973 | | /*require_ack_eliciting =*/ 0, |
974 | | /*bypass_cc =*/ 1, |
975 | | }, |
976 | | }, |
977 | | /* EL 2(0RTT) */ |
978 | | { |
979 | | /* EL 2(0RTT) - Archetype 0(NORMAL) */ |
980 | | { |
981 | | /*allow_ack =*/ 0, |
982 | | /*allow_ping =*/ 1, |
983 | | /*allow_crypto =*/ 0, |
984 | | /*allow_handshake_done =*/ 0, |
985 | | /*allow_path_challenge =*/ 0, |
986 | | /*allow_path_response =*/ 0, |
987 | | /*allow_new_conn_id =*/ 1, |
988 | | /*allow_retire_conn_id =*/ 1, |
989 | | /*allow_stream_rel =*/ 1, |
990 | | /*allow_conn_fc =*/ 1, |
991 | | /*allow_conn_close =*/ 1, |
992 | | /*allow_cfq_other =*/ 0, |
993 | | /*allow_new_token =*/ 0, |
994 | | /*allow_force_ack_eliciting =*/ 0, |
995 | | /*allow_padding =*/ 1, |
996 | | /*require_ack_eliciting =*/ 0, |
997 | | /*bypass_cc =*/ 0, |
998 | | }, |
999 | | /* EL 2(0RTT) - Archetype 1(PROBE) */ |
1000 | | { |
1001 | | /*allow_ack =*/ 0, |
1002 | | /*allow_ping =*/ 1, |
1003 | | /*allow_crypto =*/ 0, |
1004 | | /*allow_handshake_done =*/ 0, |
1005 | | /*allow_path_challenge =*/ 0, |
1006 | | /*allow_path_response =*/ 0, |
1007 | | /*allow_new_conn_id =*/ 1, |
1008 | | /*allow_retire_conn_id =*/ 1, |
1009 | | /*allow_stream_rel =*/ 1, |
1010 | | /*allow_conn_fc =*/ 1, |
1011 | | /*allow_conn_close =*/ 1, |
1012 | | /*allow_cfq_other =*/ 0, |
1013 | | /*allow_new_token =*/ 0, |
1014 | | /*allow_force_ack_eliciting =*/ 0, |
1015 | | /*allow_padding =*/ 1, |
1016 | | /*require_ack_eliciting =*/ 1, |
1017 | | /*bypass_cc =*/ 1, |
1018 | | }, |
1019 | | /* EL 2(0RTT) - Archetype 2(ACK_ONLY) */ |
1020 | | { |
1021 | | /*allow_ack =*/ 0, |
1022 | | /*allow_ping =*/ 0, |
1023 | | /*allow_crypto =*/ 0, |
1024 | | /*allow_handshake_done =*/ 0, |
1025 | | /*allow_path_challenge =*/ 0, |
1026 | | /*allow_path_response =*/ 0, |
1027 | | /*allow_new_conn_id =*/ 0, |
1028 | | /*allow_retire_conn_id =*/ 0, |
1029 | | /*allow_stream_rel =*/ 0, |
1030 | | /*allow_conn_fc =*/ 0, |
1031 | | /*allow_conn_close =*/ 0, |
1032 | | /*allow_cfq_other =*/ 0, |
1033 | | /*allow_new_token =*/ 0, |
1034 | | /*allow_force_ack_eliciting =*/ 0, |
1035 | | /*allow_padding =*/ 0, |
1036 | | /*require_ack_eliciting =*/ 0, |
1037 | | /*bypass_cc =*/ 1, |
1038 | | }, |
1039 | | }, |
1040 | | /* EL 3(1RTT) */ |
1041 | | { |
1042 | | /* EL 3(1RTT) - Archetype 0(NORMAL) */ |
1043 | | { |
1044 | | /*allow_ack =*/ 1, |
1045 | | /*allow_ping =*/ 1, |
1046 | | /*allow_crypto =*/ 1, |
1047 | | /*allow_handshake_done =*/ 1, |
1048 | | /*allow_path_challenge =*/ 0, |
1049 | | /*allow_path_response =*/ 1, |
1050 | | /*allow_new_conn_id =*/ 1, |
1051 | | /*allow_retire_conn_id =*/ 1, |
1052 | | /*allow_stream_rel =*/ 1, |
1053 | | /*allow_conn_fc =*/ 1, |
1054 | | /*allow_conn_close =*/ 1, |
1055 | | /*allow_cfq_other =*/ 1, |
1056 | | /*allow_new_token =*/ 1, |
1057 | | /*allow_force_ack_eliciting =*/ 1, |
1058 | | /*allow_padding =*/ 1, |
1059 | | /*require_ack_eliciting =*/ 0, |
1060 | | /*bypass_cc =*/ 0, |
1061 | | }, |
1062 | | /* EL 3(1RTT) - Archetype 1(PROBE) */ |
1063 | | { |
1064 | | /*allow_ack =*/ 1, |
1065 | | /*allow_ping =*/ 1, |
1066 | | /*allow_crypto =*/ 1, |
1067 | | /*allow_handshake_done =*/ 1, |
1068 | | /*allow_path_challenge =*/ 0, |
1069 | | /*allow_path_response =*/ 1, |
1070 | | /*allow_new_conn_id =*/ 1, |
1071 | | /*allow_retire_conn_id =*/ 1, |
1072 | | /*allow_stream_rel =*/ 1, |
1073 | | /*allow_conn_fc =*/ 1, |
1074 | | /*allow_conn_close =*/ 1, |
1075 | | /*allow_cfq_other =*/ 1, |
1076 | | /*allow_new_token =*/ 1, |
1077 | | /*allow_force_ack_eliciting =*/ 1, |
1078 | | /*allow_padding =*/ 1, |
1079 | | /*require_ack_eliciting =*/ 1, |
1080 | | /*bypass_cc =*/ 1, |
1081 | | }, |
1082 | | /* EL 3(1RTT) - Archetype 2(ACK_ONLY) */ |
1083 | | { |
1084 | | /*allow_ack =*/ 1, |
1085 | | /*allow_ping =*/ 0, |
1086 | | /*allow_crypto =*/ 0, |
1087 | | /*allow_handshake_done =*/ 0, |
1088 | | /*allow_path_challenge =*/ 0, |
1089 | | /*allow_path_response =*/ 0, |
1090 | | /*allow_new_conn_id =*/ 0, |
1091 | | /*allow_retire_conn_id =*/ 0, |
1092 | | /*allow_stream_rel =*/ 0, |
1093 | | /*allow_conn_fc =*/ 0, |
1094 | | /*allow_conn_close =*/ 0, |
1095 | | /*allow_cfq_other =*/ 0, |
1096 | | /*allow_new_token =*/ 0, |
1097 | | /*allow_force_ack_eliciting =*/ 1, |
1098 | | /*allow_padding =*/ 0, |
1099 | | /*require_ack_eliciting =*/ 0, |
1100 | | /*bypass_cc =*/ 1, |
1101 | | } |
1102 | | } |
1103 | | }; |
1104 | | |
1105 | | static int txp_get_archetype_data(uint32_t enc_level, |
1106 | | uint32_t archetype, |
1107 | | struct archetype_data *a) |
1108 | 0 | { |
1109 | 0 | if (enc_level >= QUIC_ENC_LEVEL_NUM |
1110 | 0 | || archetype >= TX_PACKETISER_ARCHETYPE_NUM) |
1111 | 0 | return 0; |
1112 | | |
1113 | | /* No need to avoid copying this as it should not exceed one int in size. */ |
1114 | 0 | *a = archetypes[enc_level][archetype]; |
1115 | 0 | return 1; |
1116 | 0 | } |
1117 | | |
1118 | | static int txp_determine_geometry(OSSL_QUIC_TX_PACKETISER *txp, |
1119 | | uint32_t archetype, |
1120 | | uint32_t enc_level, |
1121 | | size_t running_total, |
1122 | | QUIC_PKT_HDR *phdr, |
1123 | | struct txp_pkt_geom *geom) |
1124 | 0 | { |
1125 | 0 | size_t mdpl, cmpl, hdr_len; |
1126 | | |
1127 | | /* Get information about packet archetype. */ |
1128 | 0 | if (!txp_get_archetype_data(enc_level, archetype, &geom->adata)) |
1129 | 0 | return 0; |
1130 | | |
1131 | | /* Assemble packet header. */ |
1132 | 0 | phdr->type = ossl_quic_enc_level_to_pkt_type(enc_level); |
1133 | 0 | phdr->spin_bit = 0; |
1134 | 0 | phdr->pn_len = txp_determine_pn_len(txp); |
1135 | 0 | phdr->partial = 0; |
1136 | 0 | phdr->fixed = 1; |
1137 | 0 | phdr->reserved = 0; |
1138 | 0 | phdr->version = QUIC_VERSION_1; |
1139 | 0 | phdr->dst_conn_id = txp->args.cur_dcid; |
1140 | 0 | phdr->src_conn_id = txp->args.cur_scid; |
1141 | | |
1142 | | /* |
1143 | | * We need to know the length of the payload to get an accurate header |
1144 | | * length for non-1RTT packets, because the Length field found in |
1145 | | * Initial/Handshake/0-RTT packets uses a variable-length encoding. However, |
1146 | | * we don't have a good idea of the length of our payload, because the |
1147 | | * length of the payload depends on the room in the datagram after fitting |
1148 | | * the header, which depends on the size of the header. |
1149 | | * |
1150 | | * In general, it does not matter if a packet is slightly shorter (because |
1151 | | * e.g. we predicted use of a 2-byte length field, but ended up only needing |
1152 | | * a 1-byte length field). However this does matter for Initial packets |
1153 | | * which must be at least 1200 bytes, which is also the assumed default MTU; |
1154 | | * therefore in many cases Initial packets will be padded to 1200 bytes, |
1155 | | * which means if we overestimated the header size, we will be short by a |
1156 | | * few bytes and the server will ignore the packet for being too short. In |
1157 | | * this case, however, such packets always *will* be padded to meet 1200 |
1158 | | * bytes, which requires a 2-byte length field, so we don't actually need to |
1159 | | * worry about this. Thus we estimate the header length assuming a 2-byte |
1160 | | * length field here, which should in practice work well in all cases. |
1161 | | */ |
1162 | 0 | phdr->len = OSSL_QUIC_VLINT_2B_MAX - phdr->pn_len; |
1163 | |
|
1164 | 0 | if (enc_level == QUIC_ENC_LEVEL_INITIAL) { |
1165 | 0 | phdr->token = txp->initial_token; |
1166 | 0 | phdr->token_len = txp->initial_token_len; |
1167 | 0 | } else { |
1168 | 0 | phdr->token = NULL; |
1169 | 0 | phdr->token_len = 0; |
1170 | 0 | } |
1171 | |
|
1172 | 0 | hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(phdr->dst_conn_id.id_len, |
1173 | 0 | phdr); |
1174 | 0 | if (hdr_len == 0) |
1175 | 0 | return 0; |
1176 | | |
1177 | | /* MDPL: Maximum datagram payload length. */ |
1178 | 0 | mdpl = txp_get_mdpl(txp); |
1179 | | |
1180 | | /* |
1181 | | * CMPL: Maximum encoded packet size we can put into this datagram given any |
1182 | | * previous packets coalesced into it. |
1183 | | */ |
1184 | 0 | if (running_total > mdpl) |
1185 | | /* Should not be possible, but if it happens: */ |
1186 | 0 | cmpl = 0; |
1187 | 0 | else |
1188 | 0 | cmpl = mdpl - running_total; |
1189 | | |
1190 | | /* CMPPL: Maximum amount we can put into the current packet payload */ |
1191 | 0 | if (!txp_determine_ppl_from_pl(txp, cmpl, enc_level, hdr_len, &geom->cmppl)) |
1192 | 0 | return 0; |
1193 | | |
1194 | 0 | geom->cmpl = cmpl; |
1195 | 0 | geom->pkt_overhead = cmpl - geom->cmppl; |
1196 | 0 | geom->archetype = archetype; |
1197 | 0 | return 1; |
1198 | 0 | } |
1199 | | |
1200 | | static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp, |
1201 | | uint64_t cc_limit) |
1202 | 0 | { |
1203 | 0 | OSSL_ACKM_PROBE_INFO *probe_info |
1204 | 0 | = ossl_ackm_get0_probe_request(txp->args.ackm); |
1205 | 0 | uint32_t pn_space; |
1206 | | |
1207 | | /* |
1208 | | * If ACKM has requested probe generation (e.g. due to PTO), we generate a |
1209 | | * Probe-archetype packet. Actually, we determine archetype on a |
1210 | | * per-datagram basis, so if any EL wants a probe, do a pass in which |
1211 | | * we try and generate a probe (if needed) for all ELs. |
1212 | | */ |
1213 | 0 | if (probe_info->anti_deadlock_initial > 0 |
1214 | 0 | || probe_info->anti_deadlock_handshake > 0) |
1215 | 0 | return TX_PACKETISER_ARCHETYPE_PROBE; |
1216 | | |
1217 | 0 | for (pn_space = QUIC_PN_SPACE_INITIAL; |
1218 | 0 | pn_space < QUIC_PN_SPACE_NUM; |
1219 | 0 | ++pn_space) |
1220 | 0 | if (probe_info->pto[pn_space] > 0) |
1221 | 0 | return TX_PACKETISER_ARCHETYPE_PROBE; |
1222 | | |
1223 | | /* |
1224 | | * If we are out of CC budget, we cannot send a normal packet, |
1225 | | * but we can do an ACK-only packet (potentially, if we |
1226 | | * want to send an ACK). |
1227 | | */ |
1228 | 0 | if (cc_limit == 0) |
1229 | 0 | return TX_PACKETISER_ARCHETYPE_ACK_ONLY; |
1230 | | |
1231 | | /* All other packets. */ |
1232 | 0 | return TX_PACKETISER_ARCHETYPE_NORMAL; |
1233 | 0 | } |
1234 | | |
1235 | | static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp, |
1236 | | uint32_t enc_level, |
1237 | | uint32_t archetype, |
1238 | | uint64_t cc_limit, |
1239 | | uint32_t *conn_close_enc_level) |
1240 | 0 | { |
1241 | 0 | struct archetype_data a; |
1242 | 0 | uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
1243 | 0 | QUIC_CFQ_ITEM *cfq_item; |
1244 | |
|
1245 | 0 | if (!ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level)) |
1246 | 0 | return 0; |
1247 | | |
1248 | 0 | if (!txp_get_archetype_data(enc_level, archetype, &a)) |
1249 | 0 | return 0; |
1250 | | |
1251 | 0 | if (!a.bypass_cc && cc_limit == 0) |
1252 | | /* CC not allowing us to send. */ |
1253 | 0 | return 0; |
1254 | | |
1255 | | /* |
1256 | | * We can produce CONNECTION_CLOSE frames on any EL in principle, which |
1257 | | * means we need to choose which EL we would prefer to use. After a |
1258 | | * connection is fully established we have only one provisioned EL and this |
1259 | | * is a non-issue. Where multiple ELs are provisioned, it is possible the |
1260 | | * peer does not have the keys for the EL yet, which suggests in general it |
1261 | | * is preferable to use the lowest EL which is still provisioned. |
1262 | | * |
1263 | | * However (RFC 9000 s. 10.2.3 & 12.5) we are also required to not send |
1264 | | * application CONNECTION_CLOSE frames in non-1-RTT ELs, so as to not |
1265 | | * potentially leak application data on a connection which has yet to be |
1266 | | * authenticated. Thus when we have an application CONNECTION_CLOSE frame |
1267 | | * queued and need to send it on a non-1-RTT EL, we have to convert it |
1268 | | * into a transport CONNECTION_CLOSE frame which contains no application |
1269 | | * data. Since this loses information, it suggests we should use the 1-RTT |
1270 | | * EL to avoid this if possible, even if a lower EL is also available. |
1271 | | * |
1272 | | * At the same time, just because we have the 1-RTT EL provisioned locally |
1273 | | * does not necessarily mean the peer does, for example if a handshake |
1274 | | * CRYPTO frame has been lost. It is fairly important that CONNECTION_CLOSE |
1275 | | * is signalled in a way we know our peer can decrypt, as we stop processing |
1276 | | * connection retransmission logic for real after connection close and |
1277 | | * simply 'blindly' retransmit the same CONNECTION_CLOSE frame. |
1278 | | * |
1279 | | * This is not a major concern for clients, since if a client has a 1-RTT EL |
1280 | | * provisioned the server is guaranteed to also have a 1-RTT EL provisioned. |
1281 | | * |
1282 | | * TODO(QUIC SERVER): Revisit this when server support is added. |
1283 | | */ |
1284 | 0 | if (*conn_close_enc_level > enc_level |
1285 | 0 | && *conn_close_enc_level != QUIC_ENC_LEVEL_1RTT) |
1286 | 0 | *conn_close_enc_level = enc_level; |
1287 | | |
1288 | | /* Do we need to send a PTO probe? */ |
1289 | 0 | if (a.allow_force_ack_eliciting) { |
1290 | 0 | OSSL_ACKM_PROBE_INFO *probe_info |
1291 | 0 | = ossl_ackm_get0_probe_request(txp->args.ackm); |
1292 | |
|
1293 | 0 | if ((enc_level == QUIC_ENC_LEVEL_INITIAL |
1294 | 0 | && probe_info->anti_deadlock_initial > 0) |
1295 | 0 | || (enc_level == QUIC_ENC_LEVEL_HANDSHAKE |
1296 | 0 | && probe_info->anti_deadlock_handshake > 0) |
1297 | 0 | || probe_info->pto[pn_space] > 0) |
1298 | 0 | return 1; |
1299 | 0 | } |
1300 | | |
1301 | | /* Does the crypto stream for this EL want to produce anything? */ |
1302 | 0 | if (a.allow_crypto && sstream_is_pending(txp->args.crypto[pn_space])) |
1303 | 0 | return 1; |
1304 | | |
1305 | | /* Does the ACKM for this PN space want to produce anything? */ |
1306 | 0 | if (a.allow_ack && (ossl_ackm_is_ack_desired(txp->args.ackm, pn_space) |
1307 | 0 | || (txp->want_ack & (1UL << pn_space)) != 0)) |
1308 | 0 | return 1; |
1309 | | |
1310 | | /* Do we need to force emission of an ACK-eliciting packet? */ |
1311 | 0 | if (a.allow_force_ack_eliciting |
1312 | 0 | && (txp->force_ack_eliciting & (1UL << pn_space)) != 0) |
1313 | 0 | return 1; |
1314 | | |
1315 | | /* Does the connection-level RXFC want to produce a frame? */ |
1316 | 0 | if (a.allow_conn_fc && (txp->want_max_data |
1317 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0))) |
1318 | 0 | return 1; |
1319 | | |
1320 | | /* Do we want to produce a MAX_STREAMS frame? */ |
1321 | 0 | if (a.allow_conn_fc |
1322 | 0 | && (txp->want_max_streams_bidi |
1323 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, |
1324 | 0 | 0) |
1325 | 0 | || txp->want_max_streams_uni |
1326 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, |
1327 | 0 | 0))) |
1328 | 0 | return 1; |
1329 | | |
1330 | | /* Do we want to produce a HANDSHAKE_DONE frame? */ |
1331 | 0 | if (a.allow_handshake_done && txp->want_handshake_done) |
1332 | 0 | return 1; |
1333 | | |
1334 | | /* Do we want to produce a CONNECTION_CLOSE frame? */ |
1335 | 0 | if (a.allow_conn_close && txp->want_conn_close && |
1336 | 0 | *conn_close_enc_level == enc_level) |
1337 | | /* |
1338 | | * This is a bit of a special case since CONNECTION_CLOSE can appear in |
1339 | | * most packet types, and when we decide we want to send it this status |
1340 | | * isn't tied to a specific EL. So if we want to send it, we send it |
1341 | | * only on the lowest non-dropped EL. |
1342 | | */ |
1343 | 0 | return 1; |
1344 | | |
1345 | | /* Does the CFQ have any frames queued for this PN space? */ |
1346 | 0 | if (enc_level != QUIC_ENC_LEVEL_0RTT) |
1347 | 0 | for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space); |
1348 | 0 | cfq_item != NULL; |
1349 | 0 | cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) { |
1350 | 0 | uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item); |
1351 | |
|
1352 | 0 | switch (frame_type) { |
1353 | 0 | case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID: |
1354 | 0 | if (a.allow_new_conn_id) |
1355 | 0 | return 1; |
1356 | 0 | break; |
1357 | 0 | case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID: |
1358 | 0 | if (a.allow_retire_conn_id) |
1359 | 0 | return 1; |
1360 | 0 | break; |
1361 | 0 | case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN: |
1362 | 0 | if (a.allow_new_token) |
1363 | 0 | return 1; |
1364 | 0 | break; |
1365 | 0 | case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE: |
1366 | 0 | if (a.allow_path_response) |
1367 | 0 | return 1; |
1368 | 0 | break; |
1369 | 0 | default: |
1370 | 0 | if (a.allow_cfq_other) |
1371 | 0 | return 1; |
1372 | 0 | break; |
1373 | 0 | } |
1374 | 0 | } |
1375 | | |
1376 | 0 | if (a.allow_stream_rel && txp->handshake_complete) { |
1377 | 0 | QUIC_STREAM_ITER it; |
1378 | | |
1379 | | /* If there are any active streams, 0/1-RTT wants to produce a packet. |
1380 | | * Whether a stream is on the active list is required to be precise |
1381 | | * (i.e., a stream is never on the active list if we cannot produce a |
1382 | | * frame for it), and all stream-related frames are governed by |
1383 | | * a.allow_stream_rel (i.e., if we can send one type of stream-related |
1384 | | * frame, we can send any of them), so we don't need to inspect |
1385 | | * individual streams on the active list, just confirm that the active |
1386 | | * list is non-empty. |
1387 | | */ |
1388 | 0 | ossl_quic_stream_iter_init(&it, txp->args.qsm, 0); |
1389 | 0 | if (it.stream != NULL) |
1390 | 0 | return 1; |
1391 | 0 | } |
1392 | | |
1393 | 0 | return 0; |
1394 | 0 | } |
1395 | | |
1396 | | static int sstream_is_pending(QUIC_SSTREAM *sstream) |
1397 | 0 | { |
1398 | 0 | OSSL_QUIC_FRAME_STREAM hdr; |
1399 | 0 | OSSL_QTX_IOVEC iov[2]; |
1400 | 0 | size_t num_iov = OSSL_NELEM(iov); |
1401 | |
|
1402 | 0 | return ossl_quic_sstream_get_stream_frame(sstream, 0, &hdr, iov, &num_iov); |
1403 | 0 | } |
1404 | | |
1405 | | /* Determine how many bytes we should use for the encoded PN. */ |
1406 | | static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp) |
1407 | 0 | { |
1408 | 0 | return 4; /* TODO(QUIC FUTURE) */ |
1409 | 0 | } |
1410 | | |
1411 | | /* Determine plaintext packet payload length from payload length. */ |
1412 | | static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp, |
1413 | | size_t pl, |
1414 | | uint32_t enc_level, |
1415 | | size_t hdr_len, |
1416 | | size_t *r) |
1417 | 0 | { |
1418 | 0 | if (pl < hdr_len) |
1419 | 0 | return 0; |
1420 | | |
1421 | 0 | pl -= hdr_len; |
1422 | |
|
1423 | 0 | if (!ossl_qtx_calculate_plaintext_payload_len(txp->args.qtx, enc_level, |
1424 | 0 | pl, &pl)) |
1425 | 0 | return 0; |
1426 | | |
1427 | 0 | *r = pl; |
1428 | 0 | return 1; |
1429 | 0 | } |
1430 | | |
1431 | | static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp) |
1432 | 0 | { |
1433 | 0 | return ossl_qtx_get_mdpl(txp->args.qtx); |
1434 | 0 | } |
1435 | | |
1436 | | static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space, |
1437 | | void *arg) |
1438 | 0 | { |
1439 | 0 | OSSL_QUIC_TX_PACKETISER *txp = arg; |
1440 | 0 | QUIC_STREAM *s; |
1441 | |
|
1442 | 0 | if (stream_id == UINT64_MAX) |
1443 | 0 | return txp->args.crypto[pn_space]; |
1444 | | |
1445 | 0 | s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1446 | 0 | if (s == NULL) |
1447 | 0 | return NULL; |
1448 | | |
1449 | 0 | return s->sstream; |
1450 | 0 | } |
1451 | | |
1452 | | static void on_regen_notify(uint64_t frame_type, uint64_t stream_id, |
1453 | | QUIC_TXPIM_PKT *pkt, void *arg) |
1454 | 0 | { |
1455 | 0 | OSSL_QUIC_TX_PACKETISER *txp = arg; |
1456 | |
|
1457 | 0 | switch (frame_type) { |
1458 | 0 | case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE: |
1459 | 0 | txp->want_handshake_done = 1; |
1460 | 0 | break; |
1461 | 0 | case OSSL_QUIC_FRAME_TYPE_MAX_DATA: |
1462 | 0 | txp->want_max_data = 1; |
1463 | 0 | break; |
1464 | 0 | case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI: |
1465 | 0 | txp->want_max_streams_bidi = 1; |
1466 | 0 | break; |
1467 | 0 | case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI: |
1468 | 0 | txp->want_max_streams_uni = 1; |
1469 | 0 | break; |
1470 | 0 | case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN: |
1471 | 0 | txp->want_ack |= (1UL << pkt->ackm_pkt.pkt_space); |
1472 | 0 | break; |
1473 | 0 | case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA: |
1474 | 0 | { |
1475 | 0 | QUIC_STREAM *s |
1476 | 0 | = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1477 | |
|
1478 | 0 | if (s == NULL) |
1479 | 0 | return; |
1480 | | |
1481 | 0 | s->want_max_stream_data = 1; |
1482 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, s); |
1483 | 0 | } |
1484 | 0 | break; |
1485 | 0 | case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: |
1486 | 0 | { |
1487 | 0 | QUIC_STREAM *s |
1488 | 0 | = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1489 | |
|
1490 | 0 | if (s == NULL) |
1491 | 0 | return; |
1492 | | |
1493 | 0 | ossl_quic_stream_map_schedule_stop_sending(txp->args.qsm, s); |
1494 | 0 | } |
1495 | 0 | break; |
1496 | 0 | case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: |
1497 | 0 | { |
1498 | 0 | QUIC_STREAM *s |
1499 | 0 | = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1500 | |
|
1501 | 0 | if (s == NULL) |
1502 | 0 | return; |
1503 | | |
1504 | 0 | s->want_reset_stream = 1; |
1505 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, s); |
1506 | 0 | } |
1507 | 0 | break; |
1508 | 0 | default: |
1509 | 0 | assert(0); |
1510 | 0 | break; |
1511 | 0 | } |
1512 | 0 | } |
1513 | | |
1514 | | static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp, |
1515 | | uint32_t enc_level, uint32_t archetype, |
1516 | | size_t running_total) |
1517 | 0 | { |
1518 | 0 | if (!txp_determine_geometry(txp, archetype, enc_level, |
1519 | 0 | running_total, &pkt->phdr, &pkt->geom)) |
1520 | 0 | return 0; |
1521 | | |
1522 | | /* |
1523 | | * Initialise TX helper. If we must be ACK eliciting, reserve 1 byte for |
1524 | | * PING. |
1525 | | */ |
1526 | 0 | if (!tx_helper_init(&pkt->h, txp, enc_level, |
1527 | 0 | pkt->geom.cmppl, |
1528 | 0 | pkt->geom.adata.require_ack_eliciting ? 1 : 0)) |
1529 | 0 | return 0; |
1530 | | |
1531 | 0 | pkt->h_valid = 1; |
1532 | 0 | pkt->tpkt = NULL; |
1533 | 0 | pkt->stream_head = NULL; |
1534 | 0 | pkt->force_pad = 0; |
1535 | 0 | return 1; |
1536 | 0 | } |
1537 | | |
1538 | | static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp) |
1539 | 0 | { |
1540 | 0 | if (!pkt->h_valid) |
1541 | 0 | return; |
1542 | | |
1543 | 0 | tx_helper_cleanup(&pkt->h); |
1544 | 0 | pkt->h_valid = 0; |
1545 | |
|
1546 | 0 | if (pkt->tpkt != NULL) { |
1547 | 0 | ossl_quic_txpim_pkt_release(txp->args.txpim, pkt->tpkt); |
1548 | 0 | pkt->tpkt = NULL; |
1549 | 0 | } |
1550 | 0 | } |
1551 | | |
1552 | | static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt, |
1553 | | OSSL_QUIC_TX_PACKETISER *txp) |
1554 | 0 | { |
1555 | | /* |
1556 | | * After we have staged and generated our packets, but before we commit |
1557 | | * them, it is possible for the estimated packet overhead (packet header + |
1558 | | * AEAD tag size) to shrink slightly because we generated a short packet |
1559 | | * whose which can be represented in fewer bytes as a variable-length |
1560 | | * integer than we were (pessimistically) budgeting for. We need to account |
1561 | | * for this to ensure that we get our padding calculation exactly right. |
1562 | | * |
1563 | | * Update pkt_overhead to be accurate now that we know how much data is |
1564 | | * going in a packet. |
1565 | | */ |
1566 | 0 | size_t hdr_len, ciphertext_len; |
1567 | |
|
1568 | 0 | if (pkt->h.enc_level == QUIC_ENC_LEVEL_INITIAL) |
1569 | | /* |
1570 | | * Don't update overheads for the INITIAL EL - we have not finished |
1571 | | * appending padding to it and would potentially miscalculate the |
1572 | | * correct padding if we now update the pkt_overhead field to switch to |
1573 | | * e.g. a 1-byte length field in the packet header. Since we are padding |
1574 | | * to QUIC_MIN_INITIAL_DGRAM_LEN which requires a 2-byte length field, |
1575 | | * this is guaranteed to be moot anyway. See comment in |
1576 | | * txp_determine_geometry for more information. |
1577 | | */ |
1578 | 0 | return 1; |
1579 | | |
1580 | 0 | if (!ossl_qtx_calculate_ciphertext_payload_len(txp->args.qtx, pkt->h.enc_level, |
1581 | 0 | pkt->h.bytes_appended, |
1582 | 0 | &ciphertext_len)) |
1583 | 0 | return 0; |
1584 | | |
1585 | 0 | pkt->phdr.len = ciphertext_len; |
1586 | |
|
1587 | 0 | hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(pkt->phdr.dst_conn_id.id_len, |
1588 | 0 | &pkt->phdr); |
1589 | |
|
1590 | 0 | pkt->geom.pkt_overhead = hdr_len + ciphertext_len - pkt->h.bytes_appended; |
1591 | 0 | return 1; |
1592 | 0 | } |
1593 | | |
1594 | | static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id, |
1595 | | QUIC_TXPIM_PKT *pkt, void *arg) |
1596 | 0 | { |
1597 | 0 | OSSL_QUIC_TX_PACKETISER *txp = arg; |
1598 | |
|
1599 | 0 | switch (frame_type) { |
1600 | 0 | case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: |
1601 | 0 | { |
1602 | 0 | QUIC_STREAM *s |
1603 | 0 | = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1604 | |
|
1605 | 0 | if (s == NULL) |
1606 | 0 | return; |
1607 | | |
1608 | 0 | s->acked_stop_sending = 1; |
1609 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, s); |
1610 | 0 | } |
1611 | 0 | break; |
1612 | 0 | case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: |
1613 | 0 | { |
1614 | 0 | QUIC_STREAM *s |
1615 | 0 | = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1616 | |
|
1617 | 0 | if (s == NULL) |
1618 | 0 | return; |
1619 | | |
1620 | | /* |
1621 | | * We must already be in RESET_SENT or RESET_RECVD if we are |
1622 | | * here, so we don't need to check state here. |
1623 | | */ |
1624 | 0 | ossl_quic_stream_map_notify_reset_stream_acked(txp->args.qsm, s); |
1625 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, s); |
1626 | 0 | } |
1627 | 0 | break; |
1628 | 0 | default: |
1629 | 0 | assert(0); |
1630 | 0 | break; |
1631 | 0 | } |
1632 | 0 | } |
1633 | | |
1634 | | static int txp_pkt_append_padding(struct txp_pkt *pkt, |
1635 | | OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes) |
1636 | 0 | { |
1637 | 0 | WPACKET *wpkt; |
1638 | |
|
1639 | 0 | if (num_bytes == 0) |
1640 | 0 | return 1; |
1641 | | |
1642 | 0 | if (!ossl_assert(pkt->h_valid)) |
1643 | 0 | return 0; |
1644 | | |
1645 | 0 | if (!ossl_assert(pkt->tpkt != NULL)) |
1646 | 0 | return 0; |
1647 | | |
1648 | 0 | wpkt = tx_helper_begin(&pkt->h); |
1649 | 0 | if (wpkt == NULL) |
1650 | 0 | return 0; |
1651 | | |
1652 | 0 | if (!ossl_quic_wire_encode_padding(wpkt, num_bytes)) { |
1653 | 0 | tx_helper_rollback(&pkt->h); |
1654 | 0 | return 0; |
1655 | 0 | } |
1656 | | |
1657 | 0 | if (!tx_helper_commit(&pkt->h)) |
1658 | 0 | return 0; |
1659 | | |
1660 | 0 | pkt->tpkt->ackm_pkt.num_bytes += num_bytes; |
1661 | | /* Cannot be non-inflight if we have a PADDING frame */ |
1662 | 0 | pkt->tpkt->ackm_pkt.is_inflight = 1; |
1663 | 0 | return 1; |
1664 | 0 | } |
1665 | | |
1666 | | static void on_sstream_updated(uint64_t stream_id, void *arg) |
1667 | 0 | { |
1668 | 0 | OSSL_QUIC_TX_PACKETISER *txp = arg; |
1669 | 0 | QUIC_STREAM *s; |
1670 | |
|
1671 | 0 | s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id); |
1672 | 0 | if (s == NULL) |
1673 | 0 | return; |
1674 | | |
1675 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, s); |
1676 | 0 | } |
1677 | | |
1678 | | /* |
1679 | | * Returns 1 if we can send that many bytes in closing state, 0 otherwise. |
1680 | | * Also maintains the bytes sent state if it returns a success. |
1681 | | */ |
1682 | | static int try_commit_conn_close(OSSL_QUIC_TX_PACKETISER *txp, size_t n) |
1683 | 0 | { |
1684 | 0 | int res; |
1685 | | |
1686 | | /* We can always send the first connection close frame */ |
1687 | 0 | if (txp->closing_bytes_recv == 0) |
1688 | 0 | return 1; |
1689 | | |
1690 | | /* |
1691 | | * RFC 9000 s. 10.2.1 Closing Connection State: |
1692 | | * To avoid being used for an amplification attack, such |
1693 | | * endpoints MUST limit the cumulative size of packets it sends |
1694 | | * to three times the cumulative size of the packets that are |
1695 | | * received and attributed to the connection. |
1696 | | * and: |
1697 | | * An endpoint in the closing state MUST either discard packets |
1698 | | * received from an unvalidated address or limit the cumulative |
1699 | | * size of packets it sends to an unvalidated address to three |
1700 | | * times the size of packets it receives from that address. |
1701 | | */ |
1702 | 0 | res = txp->closing_bytes_xmit + n <= txp->closing_bytes_recv * 3; |
1703 | | |
1704 | | /* |
1705 | | * Attribute the bytes to the connection, if we are allowed to send them |
1706 | | * and this isn't the first closing frame. |
1707 | | */ |
1708 | 0 | if (res && txp->closing_bytes_recv != 0) |
1709 | 0 | txp->closing_bytes_xmit += n; |
1710 | 0 | return res; |
1711 | 0 | } |
1712 | | |
1713 | | void ossl_quic_tx_packetiser_record_received_closing_bytes( |
1714 | | OSSL_QUIC_TX_PACKETISER *txp, size_t n) |
1715 | 0 | { |
1716 | 0 | txp->closing_bytes_recv += n; |
1717 | 0 | } |
1718 | | |
1719 | | static int txp_generate_pre_token(OSSL_QUIC_TX_PACKETISER *txp, |
1720 | | struct txp_pkt *pkt, |
1721 | | int chosen_for_conn_close, |
1722 | | int *can_be_non_inflight) |
1723 | 0 | { |
1724 | 0 | const uint32_t enc_level = pkt->h.enc_level; |
1725 | 0 | const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
1726 | 0 | const struct archetype_data *a = &pkt->geom.adata; |
1727 | 0 | QUIC_TXPIM_PKT *tpkt = pkt->tpkt; |
1728 | 0 | struct tx_helper *h = &pkt->h; |
1729 | 0 | const OSSL_QUIC_FRAME_ACK *ack; |
1730 | 0 | OSSL_QUIC_FRAME_ACK ack2; |
1731 | |
|
1732 | 0 | tpkt->ackm_pkt.largest_acked = QUIC_PN_INVALID; |
1733 | | |
1734 | | /* ACK Frames (Regenerate) */ |
1735 | 0 | if (a->allow_ack |
1736 | 0 | && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_ACK |
1737 | 0 | && (txp->want_ack |
1738 | 0 | || ossl_ackm_is_ack_desired(txp->args.ackm, pn_space)) |
1739 | 0 | && (ack = ossl_ackm_get_ack_frame(txp->args.ackm, pn_space)) != NULL) { |
1740 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
1741 | |
|
1742 | 0 | if (wpkt == NULL) |
1743 | 0 | return 0; |
1744 | | |
1745 | | /* We do not currently support ECN */ |
1746 | 0 | ack2 = *ack; |
1747 | 0 | ack2.ecn_present = 0; |
1748 | |
|
1749 | 0 | if (ossl_quic_wire_encode_frame_ack(wpkt, |
1750 | 0 | txp->args.ack_delay_exponent, |
1751 | 0 | &ack2)) { |
1752 | 0 | if (!tx_helper_commit(h)) |
1753 | 0 | return 0; |
1754 | | |
1755 | 0 | tpkt->had_ack_frame = 1; |
1756 | |
|
1757 | 0 | if (ack->num_ack_ranges > 0) |
1758 | 0 | tpkt->ackm_pkt.largest_acked = ack->ack_ranges[0].end; |
1759 | |
|
1760 | 0 | if (txp->ack_tx_cb != NULL) |
1761 | 0 | txp->ack_tx_cb(&ack2, pn_space, txp->ack_tx_cb_arg); |
1762 | 0 | } else { |
1763 | 0 | tx_helper_rollback(h); |
1764 | 0 | } |
1765 | 0 | } |
1766 | | |
1767 | | /* CONNECTION_CLOSE Frames (Regenerate) */ |
1768 | 0 | if (a->allow_conn_close && txp->want_conn_close && chosen_for_conn_close) { |
1769 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
1770 | 0 | OSSL_QUIC_FRAME_CONN_CLOSE f, *pf = &txp->conn_close_frame; |
1771 | 0 | size_t l; |
1772 | |
|
1773 | 0 | if (wpkt == NULL) |
1774 | 0 | return 0; |
1775 | | |
1776 | | /* |
1777 | | * Application CONNECTION_CLOSE frames may only be sent in the |
1778 | | * Application PN space, as otherwise they may be sent before a |
1779 | | * connection is authenticated and leak application data. Therefore, if |
1780 | | * we need to send a CONNECTION_CLOSE frame in another PN space and were |
1781 | | * given an application CONNECTION_CLOSE frame, convert it into a |
1782 | | * transport CONNECTION_CLOSE frame, removing any sensitive application |
1783 | | * data. |
1784 | | * |
1785 | | * RFC 9000 s. 10.2.3: "A CONNECTION_CLOSE of type 0x1d MUST be replaced |
1786 | | * by a CONNECTION_CLOSE of type 0x1c when sending the frame in Initial |
1787 | | * or Handshake packets. Otherwise, information about the application |
1788 | | * state might be revealed. Endpoints MUST clear the value of the Reason |
1789 | | * Phrase field and SHOULD use the APPLICATION_ERROR code when |
1790 | | * converting to a CONNECTION_CLOSE of type 0x1c." |
1791 | | */ |
1792 | 0 | if (pn_space != QUIC_PN_SPACE_APP && pf->is_app) { |
1793 | 0 | pf = &f; |
1794 | 0 | pf->is_app = 0; |
1795 | 0 | pf->frame_type = 0; |
1796 | 0 | pf->error_code = QUIC_ERR_APPLICATION_ERROR; |
1797 | 0 | pf->reason = NULL; |
1798 | 0 | pf->reason_len = 0; |
1799 | 0 | } |
1800 | |
|
1801 | 0 | if (ossl_quic_wire_encode_frame_conn_close(wpkt, pf) |
1802 | 0 | && WPACKET_get_total_written(wpkt, &l) |
1803 | 0 | && try_commit_conn_close(txp, l)) { |
1804 | 0 | if (!tx_helper_commit(h)) |
1805 | 0 | return 0; |
1806 | | |
1807 | 0 | tpkt->had_conn_close = 1; |
1808 | 0 | *can_be_non_inflight = 0; |
1809 | 0 | } else { |
1810 | 0 | tx_helper_rollback(h); |
1811 | 0 | } |
1812 | 0 | } |
1813 | | |
1814 | 0 | return 1; |
1815 | 0 | } |
1816 | | |
1817 | | static int try_len(size_t space_left, size_t orig_len, |
1818 | | size_t base_hdr_len, size_t lenbytes, |
1819 | | uint64_t maxn, size_t *hdr_len, size_t *payload_len) |
1820 | 0 | { |
1821 | 0 | size_t n; |
1822 | 0 | size_t maxn_ = maxn > SIZE_MAX ? SIZE_MAX : (size_t)maxn; |
1823 | |
|
1824 | 0 | *hdr_len = base_hdr_len + lenbytes; |
1825 | |
|
1826 | 0 | if (orig_len == 0 && space_left >= *hdr_len) { |
1827 | 0 | *payload_len = 0; |
1828 | 0 | return 1; |
1829 | 0 | } |
1830 | | |
1831 | 0 | n = orig_len; |
1832 | 0 | if (n > maxn_) |
1833 | 0 | n = maxn_; |
1834 | 0 | if (n + *hdr_len > space_left) |
1835 | 0 | n = (space_left >= *hdr_len) ? space_left - *hdr_len : 0; |
1836 | |
|
1837 | 0 | *payload_len = n; |
1838 | 0 | return n > 0; |
1839 | 0 | } |
1840 | | |
1841 | | static int determine_len(size_t space_left, size_t orig_len, |
1842 | | size_t base_hdr_len, |
1843 | | uint64_t *hlen, uint64_t *len) |
1844 | 0 | { |
1845 | 0 | int ok = 0; |
1846 | 0 | size_t chosen_payload_len = 0; |
1847 | 0 | size_t chosen_hdr_len = 0; |
1848 | 0 | size_t payload_len[4], hdr_len[4]; |
1849 | 0 | int i, valid[4] = {0}; |
1850 | |
|
1851 | 0 | valid[0] = try_len(space_left, orig_len, base_hdr_len, |
1852 | 0 | 1, OSSL_QUIC_VLINT_1B_MAX, |
1853 | 0 | &hdr_len[0], &payload_len[0]); |
1854 | 0 | valid[1] = try_len(space_left, orig_len, base_hdr_len, |
1855 | 0 | 2, OSSL_QUIC_VLINT_2B_MAX, |
1856 | 0 | &hdr_len[1], &payload_len[1]); |
1857 | 0 | valid[2] = try_len(space_left, orig_len, base_hdr_len, |
1858 | 0 | 4, OSSL_QUIC_VLINT_4B_MAX, |
1859 | 0 | &hdr_len[2], &payload_len[2]); |
1860 | 0 | valid[3] = try_len(space_left, orig_len, base_hdr_len, |
1861 | 0 | 8, OSSL_QUIC_VLINT_8B_MAX, |
1862 | 0 | &hdr_len[3], &payload_len[3]); |
1863 | |
|
1864 | 0 | for (i = OSSL_NELEM(valid) - 1; i >= 0; --i) |
1865 | 0 | if (valid[i] && payload_len[i] >= chosen_payload_len) { |
1866 | 0 | chosen_payload_len = payload_len[i]; |
1867 | 0 | chosen_hdr_len = hdr_len[i]; |
1868 | 0 | ok = 1; |
1869 | 0 | } |
1870 | |
|
1871 | 0 | *hlen = chosen_hdr_len; |
1872 | 0 | *len = chosen_payload_len; |
1873 | 0 | return ok; |
1874 | 0 | } |
1875 | | |
1876 | | /* |
1877 | | * Given a CRYPTO frame header with accurate chdr->len and a budget |
1878 | | * (space_left), try to find the optimal value of chdr->len to fill as much of |
1879 | | * the budget as possible. This is slightly hairy because larger values of |
1880 | | * chdr->len cause larger encoded sizes of the length field of the frame, which |
1881 | | * in turn mean less space available for payload data. We check all possible |
1882 | | * encodings and choose the optimal encoding. |
1883 | | */ |
1884 | | static int determine_crypto_len(struct tx_helper *h, |
1885 | | OSSL_QUIC_FRAME_CRYPTO *chdr, |
1886 | | size_t space_left, |
1887 | | uint64_t *hlen, |
1888 | | uint64_t *len) |
1889 | 0 | { |
1890 | 0 | size_t orig_len; |
1891 | 0 | size_t base_hdr_len; /* CRYPTO header length without length field */ |
1892 | |
|
1893 | 0 | if (chdr->len > SIZE_MAX) |
1894 | 0 | return 0; |
1895 | | |
1896 | 0 | orig_len = (size_t)chdr->len; |
1897 | |
|
1898 | 0 | chdr->len = 0; |
1899 | 0 | base_hdr_len = ossl_quic_wire_get_encoded_frame_len_crypto_hdr(chdr); |
1900 | 0 | chdr->len = orig_len; |
1901 | 0 | if (base_hdr_len == 0) |
1902 | 0 | return 0; |
1903 | | |
1904 | 0 | --base_hdr_len; |
1905 | |
|
1906 | 0 | return determine_len(space_left, orig_len, base_hdr_len, hlen, len); |
1907 | 0 | } |
1908 | | |
1909 | | static int determine_stream_len(struct tx_helper *h, |
1910 | | OSSL_QUIC_FRAME_STREAM *shdr, |
1911 | | size_t space_left, |
1912 | | uint64_t *hlen, |
1913 | | uint64_t *len) |
1914 | 0 | { |
1915 | 0 | size_t orig_len; |
1916 | 0 | size_t base_hdr_len; /* STREAM header length without length field */ |
1917 | |
|
1918 | 0 | if (shdr->len > SIZE_MAX) |
1919 | 0 | return 0; |
1920 | | |
1921 | 0 | orig_len = (size_t)shdr->len; |
1922 | |
|
1923 | 0 | shdr->len = 0; |
1924 | 0 | base_hdr_len = ossl_quic_wire_get_encoded_frame_len_stream_hdr(shdr); |
1925 | 0 | shdr->len = orig_len; |
1926 | 0 | if (base_hdr_len == 0) |
1927 | 0 | return 0; |
1928 | | |
1929 | 0 | if (shdr->has_explicit_len) |
1930 | 0 | --base_hdr_len; |
1931 | |
|
1932 | 0 | return determine_len(space_left, orig_len, base_hdr_len, hlen, len); |
1933 | 0 | } |
1934 | | |
1935 | | static int txp_generate_crypto_frames(OSSL_QUIC_TX_PACKETISER *txp, |
1936 | | struct txp_pkt *pkt, |
1937 | | int *have_ack_eliciting) |
1938 | 0 | { |
1939 | 0 | const uint32_t enc_level = pkt->h.enc_level; |
1940 | 0 | const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
1941 | 0 | QUIC_TXPIM_PKT *tpkt = pkt->tpkt; |
1942 | 0 | struct tx_helper *h = &pkt->h; |
1943 | 0 | size_t num_stream_iovec; |
1944 | 0 | OSSL_QUIC_FRAME_STREAM shdr = {0}; |
1945 | 0 | OSSL_QUIC_FRAME_CRYPTO chdr = {0}; |
1946 | 0 | OSSL_QTX_IOVEC iov[2]; |
1947 | 0 | uint64_t hdr_bytes; |
1948 | 0 | WPACKET *wpkt; |
1949 | 0 | QUIC_TXPIM_CHUNK chunk = {0}; |
1950 | 0 | size_t i, space_left; |
1951 | |
|
1952 | 0 | for (i = 0;; ++i) { |
1953 | 0 | space_left = tx_helper_get_space_left(h); |
1954 | |
|
1955 | 0 | if (space_left < MIN_FRAME_SIZE_CRYPTO) |
1956 | 0 | return 1; /* no point trying */ |
1957 | | |
1958 | | /* Do we have any CRYPTO data waiting? */ |
1959 | 0 | num_stream_iovec = OSSL_NELEM(iov); |
1960 | 0 | if (!ossl_quic_sstream_get_stream_frame(txp->args.crypto[pn_space], |
1961 | 0 | i, &shdr, iov, |
1962 | 0 | &num_stream_iovec)) |
1963 | 0 | return 1; /* nothing to do */ |
1964 | | |
1965 | | /* Convert STREAM frame header to CRYPTO frame header */ |
1966 | 0 | chdr.offset = shdr.offset; |
1967 | 0 | chdr.len = shdr.len; |
1968 | |
|
1969 | 0 | if (chdr.len == 0) |
1970 | 0 | return 1; /* nothing to do */ |
1971 | | |
1972 | | /* Find best fit (header length, payload length) combination. */ |
1973 | 0 | if (!determine_crypto_len(h, &chdr, space_left, &hdr_bytes, |
1974 | 0 | &chdr.len)) |
1975 | 0 | return 1; /* can't fit anything */ |
1976 | | |
1977 | | /* |
1978 | | * Truncate IOVs to match our chosen length. |
1979 | | * |
1980 | | * The length cannot be more than SIZE_MAX because this length comes |
1981 | | * from our send stream buffer. |
1982 | | */ |
1983 | 0 | ossl_quic_sstream_adjust_iov((size_t)chdr.len, iov, num_stream_iovec); |
1984 | | |
1985 | | /* |
1986 | | * Ensure we have enough iovecs allocated (1 for the header, up to 2 for |
1987 | | * the stream data.) |
1988 | | */ |
1989 | 0 | if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3)) |
1990 | 0 | return 0; /* alloc error */ |
1991 | | |
1992 | | /* Encode the header. */ |
1993 | 0 | wpkt = tx_helper_begin(h); |
1994 | 0 | if (wpkt == NULL) |
1995 | 0 | return 0; /* alloc error */ |
1996 | | |
1997 | 0 | if (!ossl_quic_wire_encode_frame_crypto_hdr(wpkt, &chdr)) { |
1998 | 0 | tx_helper_rollback(h); |
1999 | 0 | return 1; /* can't fit */ |
2000 | 0 | } |
2001 | | |
2002 | 0 | if (!tx_helper_commit(h)) |
2003 | 0 | return 0; /* alloc error */ |
2004 | | |
2005 | | /* Add payload iovecs to the helper (infallible). */ |
2006 | 0 | for (i = 0; i < num_stream_iovec; ++i) |
2007 | 0 | tx_helper_append_iovec(h, iov[i].buf, iov[i].buf_len); |
2008 | |
|
2009 | 0 | *have_ack_eliciting = 1; |
2010 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2011 | | |
2012 | | /* Log chunk to TXPIM. */ |
2013 | 0 | chunk.stream_id = UINT64_MAX; /* crypto stream */ |
2014 | 0 | chunk.start = chdr.offset; |
2015 | 0 | chunk.end = chdr.offset + chdr.len - 1; |
2016 | 0 | chunk.has_fin = 0; /* Crypto stream never ends */ |
2017 | 0 | if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk)) |
2018 | 0 | return 0; /* alloc error */ |
2019 | 0 | } |
2020 | 0 | } |
2021 | | |
2022 | | struct chunk_info { |
2023 | | OSSL_QUIC_FRAME_STREAM shdr; |
2024 | | OSSL_QTX_IOVEC iov[2]; |
2025 | | size_t num_stream_iovec; |
2026 | | int valid; |
2027 | | }; |
2028 | | |
2029 | | static int txp_plan_stream_chunk(OSSL_QUIC_TX_PACKETISER *txp, |
2030 | | struct tx_helper *h, |
2031 | | QUIC_SSTREAM *sstream, |
2032 | | QUIC_TXFC *stream_txfc, |
2033 | | size_t skip, |
2034 | | struct chunk_info *chunk) |
2035 | 0 | { |
2036 | 0 | uint64_t fc_credit, fc_swm, fc_limit; |
2037 | |
|
2038 | 0 | chunk->num_stream_iovec = OSSL_NELEM(chunk->iov); |
2039 | 0 | chunk->valid = ossl_quic_sstream_get_stream_frame(sstream, skip, |
2040 | 0 | &chunk->shdr, |
2041 | 0 | chunk->iov, |
2042 | 0 | &chunk->num_stream_iovec); |
2043 | 0 | if (!chunk->valid) |
2044 | 0 | return 1; |
2045 | | |
2046 | 0 | if (!ossl_assert(chunk->shdr.len > 0 || chunk->shdr.is_fin)) |
2047 | | /* Should only have 0-length chunk if FIN */ |
2048 | 0 | return 0; |
2049 | | |
2050 | | /* Clamp according to connection and stream-level TXFC. */ |
2051 | 0 | fc_credit = ossl_quic_txfc_get_credit(stream_txfc); |
2052 | 0 | fc_swm = ossl_quic_txfc_get_swm(stream_txfc); |
2053 | 0 | fc_limit = fc_swm + fc_credit; |
2054 | |
|
2055 | 0 | if (chunk->shdr.len > 0 && chunk->shdr.offset + chunk->shdr.len > fc_limit) { |
2056 | 0 | chunk->shdr.len = (fc_limit <= chunk->shdr.offset) |
2057 | 0 | ? 0 : fc_limit - chunk->shdr.offset; |
2058 | 0 | chunk->shdr.is_fin = 0; |
2059 | 0 | } |
2060 | |
|
2061 | 0 | if (chunk->shdr.len == 0 && !chunk->shdr.is_fin) { |
2062 | | /* |
2063 | | * Nothing to do due to TXFC. Since SSTREAM returns chunks in ascending |
2064 | | * order of offset we don't need to check any later chunks, so stop |
2065 | | * iterating here. |
2066 | | */ |
2067 | 0 | chunk->valid = 0; |
2068 | 0 | return 1; |
2069 | 0 | } |
2070 | | |
2071 | 0 | return 1; |
2072 | 0 | } |
2073 | | |
2074 | | /* |
2075 | | * Returns 0 on fatal error (e.g. allocation failure), 1 on success. |
2076 | | * *packet_full is set to 1 if there is no longer enough room for another STREAM |
2077 | | * frame, and *stream_drained is set to 1 if all stream buffers have now been |
2078 | | * sent. |
2079 | | */ |
2080 | | static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp, |
2081 | | struct txp_pkt *pkt, |
2082 | | uint64_t id, |
2083 | | QUIC_SSTREAM *sstream, |
2084 | | QUIC_TXFC *stream_txfc, |
2085 | | QUIC_STREAM *next_stream, |
2086 | | size_t min_ppl, |
2087 | | int *have_ack_eliciting, |
2088 | | int *packet_full, |
2089 | | int *stream_drained, |
2090 | | uint64_t *new_credit_consumed) |
2091 | 0 | { |
2092 | 0 | int rc = 0; |
2093 | 0 | struct chunk_info chunks[2] = {0}; |
2094 | 0 | const uint32_t enc_level = pkt->h.enc_level; |
2095 | 0 | QUIC_TXPIM_PKT *tpkt = pkt->tpkt; |
2096 | 0 | struct tx_helper *h = &pkt->h; |
2097 | 0 | OSSL_QUIC_FRAME_STREAM *shdr; |
2098 | 0 | WPACKET *wpkt; |
2099 | 0 | QUIC_TXPIM_CHUNK chunk; |
2100 | 0 | size_t i, j, space_left; |
2101 | 0 | int needs_padding_if_implicit, can_fill_payload, use_explicit_len; |
2102 | 0 | int could_have_following_chunk; |
2103 | 0 | uint64_t orig_len; |
2104 | 0 | uint64_t hdr_len_implicit, payload_len_implicit; |
2105 | 0 | uint64_t hdr_len_explicit, payload_len_explicit; |
2106 | 0 | uint64_t fc_swm, fc_new_hwm; |
2107 | |
|
2108 | 0 | fc_swm = ossl_quic_txfc_get_swm(stream_txfc); |
2109 | 0 | fc_new_hwm = fc_swm; |
2110 | | |
2111 | | /* |
2112 | | * Load the first two chunks if any offered by the send stream. We retrieve |
2113 | | * the next chunk in advance so we can determine if we need to send any more |
2114 | | * chunks from the same stream after this one, which is needed when |
2115 | | * determining when we can use an implicit length in a STREAM frame. |
2116 | | */ |
2117 | 0 | for (i = 0; i < 2; ++i) { |
2118 | 0 | if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i, &chunks[i])) |
2119 | 0 | goto err; |
2120 | | |
2121 | 0 | if (i == 0 && !chunks[i].valid) { |
2122 | | /* No chunks, nothing to do. */ |
2123 | 0 | *stream_drained = 1; |
2124 | 0 | rc = 1; |
2125 | 0 | goto err; |
2126 | 0 | } |
2127 | 0 | } |
2128 | | |
2129 | 0 | for (i = 0;; ++i) { |
2130 | 0 | space_left = tx_helper_get_space_left(h); |
2131 | |
|
2132 | 0 | if (!chunks[i % 2].valid) { |
2133 | | /* Out of chunks; we're done. */ |
2134 | 0 | *stream_drained = 1; |
2135 | 0 | rc = 1; |
2136 | 0 | goto err; |
2137 | 0 | } |
2138 | | |
2139 | 0 | if (space_left < MIN_FRAME_SIZE_STREAM) { |
2140 | 0 | *packet_full = 1; |
2141 | 0 | rc = 1; |
2142 | 0 | goto err; |
2143 | 0 | } |
2144 | | |
2145 | 0 | if (!ossl_assert(!h->done_implicit)) |
2146 | | /* |
2147 | | * Logic below should have ensured we didn't append an |
2148 | | * implicit-length unless we filled the packet or didn't have |
2149 | | * another stream to handle, so this should not be possible. |
2150 | | */ |
2151 | 0 | goto err; |
2152 | | |
2153 | 0 | shdr = &chunks[i % 2].shdr; |
2154 | 0 | orig_len = shdr->len; |
2155 | 0 | if (i > 0) |
2156 | | /* Load next chunk for lookahead. */ |
2157 | 0 | if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i + 1, |
2158 | 0 | &chunks[(i + 1) % 2])) |
2159 | 0 | goto err; |
2160 | | |
2161 | | /* |
2162 | | * Find best fit (header length, payload length) combination for if we |
2163 | | * use an implicit length. |
2164 | | */ |
2165 | 0 | shdr->has_explicit_len = 0; |
2166 | 0 | hdr_len_implicit = payload_len_implicit = 0; |
2167 | 0 | if (!determine_stream_len(h, shdr, space_left, |
2168 | 0 | &hdr_len_implicit, &payload_len_implicit)) { |
2169 | 0 | *packet_full = 1; |
2170 | 0 | rc = 1; |
2171 | 0 | goto err; /* can't fit anything */ |
2172 | 0 | } |
2173 | | |
2174 | | /* |
2175 | | * If using the implicit-length representation would need padding, we |
2176 | | * can't use it. |
2177 | | */ |
2178 | 0 | needs_padding_if_implicit = (h->bytes_appended + hdr_len_implicit |
2179 | 0 | + payload_len_implicit < min_ppl); |
2180 | | |
2181 | | /* |
2182 | | * If there is a next stream, we don't use the implicit length so we can |
2183 | | * add more STREAM frames after this one, unless there is enough data |
2184 | | * for this STREAM frame to fill the packet. |
2185 | | */ |
2186 | 0 | can_fill_payload = (hdr_len_implicit + payload_len_implicit |
2187 | 0 | >= space_left); |
2188 | | |
2189 | | /* |
2190 | | * Is there is a stream after this one, or another chunk pending |
2191 | | * transmission in this stream? |
2192 | | */ |
2193 | 0 | could_have_following_chunk |
2194 | 0 | = (next_stream != NULL || chunks[(i + 1) % 2].valid); |
2195 | | |
2196 | | /* Choose between explicit or implicit length representations. */ |
2197 | 0 | use_explicit_len = !((can_fill_payload || !could_have_following_chunk) |
2198 | 0 | && !needs_padding_if_implicit); |
2199 | |
|
2200 | 0 | if (use_explicit_len) { |
2201 | | /* |
2202 | | * Find best fit (header length, payload length) combination for if |
2203 | | * we use an explicit length. |
2204 | | */ |
2205 | 0 | shdr->has_explicit_len = 1; |
2206 | 0 | hdr_len_explicit = payload_len_explicit = 0; |
2207 | 0 | if (!determine_stream_len(h, shdr, space_left, |
2208 | 0 | &hdr_len_explicit, &payload_len_explicit)) { |
2209 | 0 | *packet_full = 1; |
2210 | 0 | rc = 1; |
2211 | 0 | goto err; /* can't fit anything */ |
2212 | 0 | } |
2213 | | |
2214 | 0 | shdr->len = payload_len_explicit; |
2215 | 0 | } else { |
2216 | 0 | shdr->has_explicit_len = 0; |
2217 | 0 | shdr->len = payload_len_implicit; |
2218 | 0 | } |
2219 | | |
2220 | | /* If this is a FIN, don't keep filling the packet with more FINs. */ |
2221 | 0 | if (shdr->is_fin) |
2222 | 0 | chunks[(i + 1) % 2].valid = 0; |
2223 | | |
2224 | | /* |
2225 | | * We are now committed to our length (shdr->len can't change). |
2226 | | * If we truncated the chunk, clear the FIN bit. |
2227 | | */ |
2228 | 0 | if (shdr->len < orig_len) |
2229 | 0 | shdr->is_fin = 0; |
2230 | | |
2231 | | /* Truncate IOVs to match our chosen length. */ |
2232 | 0 | ossl_quic_sstream_adjust_iov((size_t)shdr->len, chunks[i % 2].iov, |
2233 | 0 | chunks[i % 2].num_stream_iovec); |
2234 | | |
2235 | | /* |
2236 | | * Ensure we have enough iovecs allocated (1 for the header, up to 2 for |
2237 | | * the stream data.) |
2238 | | */ |
2239 | 0 | if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3)) |
2240 | 0 | goto err; /* alloc error */ |
2241 | | |
2242 | | /* Encode the header. */ |
2243 | 0 | wpkt = tx_helper_begin(h); |
2244 | 0 | if (wpkt == NULL) |
2245 | 0 | goto err; /* alloc error */ |
2246 | | |
2247 | 0 | shdr->stream_id = id; |
2248 | 0 | if (!ossl_assert(ossl_quic_wire_encode_frame_stream_hdr(wpkt, shdr))) { |
2249 | | /* (Should not be possible.) */ |
2250 | 0 | tx_helper_rollback(h); |
2251 | 0 | *packet_full = 1; |
2252 | 0 | rc = 1; |
2253 | 0 | goto err; /* can't fit */ |
2254 | 0 | } |
2255 | | |
2256 | 0 | if (!tx_helper_commit(h)) |
2257 | 0 | goto err; /* alloc error */ |
2258 | | |
2259 | | /* Add payload iovecs to the helper (infallible). */ |
2260 | 0 | for (j = 0; j < chunks[i % 2].num_stream_iovec; ++j) |
2261 | 0 | tx_helper_append_iovec(h, chunks[i % 2].iov[j].buf, |
2262 | 0 | chunks[i % 2].iov[j].buf_len); |
2263 | |
|
2264 | 0 | *have_ack_eliciting = 1; |
2265 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2266 | 0 | if (!shdr->has_explicit_len) |
2267 | 0 | h->done_implicit = 1; |
2268 | | |
2269 | | /* Log new TXFC credit which was consumed. */ |
2270 | 0 | if (shdr->len > 0 && shdr->offset + shdr->len > fc_new_hwm) |
2271 | 0 | fc_new_hwm = shdr->offset + shdr->len; |
2272 | | |
2273 | | /* Log chunk to TXPIM. */ |
2274 | 0 | chunk.stream_id = shdr->stream_id; |
2275 | 0 | chunk.start = shdr->offset; |
2276 | 0 | chunk.end = shdr->offset + shdr->len - 1; |
2277 | 0 | chunk.has_fin = shdr->is_fin; |
2278 | 0 | chunk.has_stop_sending = 0; |
2279 | 0 | chunk.has_reset_stream = 0; |
2280 | 0 | if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk)) |
2281 | 0 | goto err; /* alloc error */ |
2282 | | |
2283 | 0 | if (shdr->len < orig_len) { |
2284 | | /* |
2285 | | * If we did not serialize all of this chunk we definitely do not |
2286 | | * want to try the next chunk (and we must not mark the stream |
2287 | | * as drained). |
2288 | | */ |
2289 | 0 | rc = 1; |
2290 | 0 | goto err; |
2291 | 0 | } |
2292 | 0 | } |
2293 | | |
2294 | 0 | err: |
2295 | 0 | *new_credit_consumed = fc_new_hwm - fc_swm; |
2296 | 0 | return rc; |
2297 | 0 | } |
2298 | | |
2299 | | static void txp_enlink_tmp(QUIC_STREAM **tmp_head, QUIC_STREAM *stream) |
2300 | 0 | { |
2301 | 0 | stream->txp_next = *tmp_head; |
2302 | 0 | *tmp_head = stream; |
2303 | 0 | } |
2304 | | |
2305 | | static int txp_generate_stream_related(OSSL_QUIC_TX_PACKETISER *txp, |
2306 | | struct txp_pkt *pkt, |
2307 | | size_t min_ppl, |
2308 | | int *have_ack_eliciting, |
2309 | | QUIC_STREAM **tmp_head) |
2310 | 0 | { |
2311 | 0 | QUIC_STREAM_ITER it; |
2312 | 0 | WPACKET *wpkt; |
2313 | 0 | uint64_t cwm; |
2314 | 0 | QUIC_STREAM *stream, *snext; |
2315 | 0 | struct tx_helper *h = &pkt->h; |
2316 | |
|
2317 | 0 | for (ossl_quic_stream_iter_init(&it, txp->args.qsm, 1); |
2318 | 0 | it.stream != NULL;) { |
2319 | |
|
2320 | 0 | stream = it.stream; |
2321 | 0 | ossl_quic_stream_iter_next(&it); |
2322 | 0 | snext = it.stream; |
2323 | |
|
2324 | 0 | stream->txp_sent_fc = 0; |
2325 | 0 | stream->txp_sent_stop_sending = 0; |
2326 | 0 | stream->txp_sent_reset_stream = 0; |
2327 | 0 | stream->txp_drained = 0; |
2328 | 0 | stream->txp_blocked = 0; |
2329 | 0 | stream->txp_txfc_new_credit_consumed = 0; |
2330 | | |
2331 | | /* Stream Abort Frames (STOP_SENDING, RESET_STREAM) */ |
2332 | 0 | if (stream->want_stop_sending) { |
2333 | 0 | OSSL_QUIC_FRAME_STOP_SENDING f; |
2334 | |
|
2335 | 0 | wpkt = tx_helper_begin(h); |
2336 | 0 | if (wpkt == NULL) |
2337 | 0 | return 0; /* alloc error */ |
2338 | | |
2339 | 0 | f.stream_id = stream->id; |
2340 | 0 | f.app_error_code = stream->stop_sending_aec; |
2341 | 0 | if (!ossl_quic_wire_encode_frame_stop_sending(wpkt, &f)) { |
2342 | 0 | tx_helper_rollback(h); /* can't fit */ |
2343 | 0 | txp_enlink_tmp(tmp_head, stream); |
2344 | 0 | break; |
2345 | 0 | } |
2346 | | |
2347 | 0 | if (!tx_helper_commit(h)) |
2348 | 0 | return 0; /* alloc error */ |
2349 | | |
2350 | 0 | *have_ack_eliciting = 1; |
2351 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2352 | 0 | stream->txp_sent_stop_sending = 1; |
2353 | 0 | } |
2354 | | |
2355 | 0 | if (stream->want_reset_stream) { |
2356 | 0 | OSSL_QUIC_FRAME_RESET_STREAM f; |
2357 | |
|
2358 | 0 | if (!ossl_assert(stream->send_state == QUIC_SSTREAM_STATE_RESET_SENT)) |
2359 | 0 | return 0; |
2360 | | |
2361 | 0 | wpkt = tx_helper_begin(h); |
2362 | 0 | if (wpkt == NULL) |
2363 | 0 | return 0; /* alloc error */ |
2364 | | |
2365 | 0 | f.stream_id = stream->id; |
2366 | 0 | f.app_error_code = stream->reset_stream_aec; |
2367 | 0 | if (!ossl_quic_stream_send_get_final_size(stream, &f.final_size)) |
2368 | 0 | return 0; /* should not be possible */ |
2369 | | |
2370 | 0 | if (!ossl_quic_wire_encode_frame_reset_stream(wpkt, &f)) { |
2371 | 0 | tx_helper_rollback(h); /* can't fit */ |
2372 | 0 | txp_enlink_tmp(tmp_head, stream); |
2373 | 0 | break; |
2374 | 0 | } |
2375 | | |
2376 | 0 | if (!tx_helper_commit(h)) |
2377 | 0 | return 0; /* alloc error */ |
2378 | | |
2379 | 0 | *have_ack_eliciting = 1; |
2380 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2381 | 0 | stream->txp_sent_reset_stream = 1; |
2382 | | |
2383 | | /* |
2384 | | * The final size of the stream as indicated by RESET_STREAM is used |
2385 | | * to ensure a consistent view of flow control state by both |
2386 | | * parties; if we happen to send a RESET_STREAM that consumes more |
2387 | | * flow control credit, make sure we account for that. |
2388 | | */ |
2389 | 0 | if (!ossl_assert(f.final_size <= ossl_quic_txfc_get_swm(&stream->txfc))) |
2390 | 0 | return 0; |
2391 | | |
2392 | 0 | stream->txp_txfc_new_credit_consumed |
2393 | 0 | = f.final_size - ossl_quic_txfc_get_swm(&stream->txfc); |
2394 | 0 | } |
2395 | | |
2396 | | /* |
2397 | | * Stream Flow Control Frames (MAX_STREAM_DATA) |
2398 | | * |
2399 | | * RFC 9000 s. 13.3: "An endpoint SHOULD stop sending MAX_STREAM_DATA |
2400 | | * frames when the receiving part of the stream enters a "Size Known" or |
2401 | | * "Reset Recvd" state." -- In practice, RECV is the only state |
2402 | | * in which it makes sense to generate more MAX_STREAM_DATA frames. |
2403 | | */ |
2404 | 0 | if (stream->recv_state == QUIC_RSTREAM_STATE_RECV |
2405 | 0 | && (stream->want_max_stream_data |
2406 | 0 | || ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 0))) { |
2407 | |
|
2408 | 0 | wpkt = tx_helper_begin(h); |
2409 | 0 | if (wpkt == NULL) |
2410 | 0 | return 0; /* alloc error */ |
2411 | | |
2412 | 0 | cwm = ossl_quic_rxfc_get_cwm(&stream->rxfc); |
2413 | |
|
2414 | 0 | if (!ossl_quic_wire_encode_frame_max_stream_data(wpkt, stream->id, |
2415 | 0 | cwm)) { |
2416 | 0 | tx_helper_rollback(h); /* can't fit */ |
2417 | 0 | txp_enlink_tmp(tmp_head, stream); |
2418 | 0 | break; |
2419 | 0 | } |
2420 | | |
2421 | 0 | if (!tx_helper_commit(h)) |
2422 | 0 | return 0; /* alloc error */ |
2423 | | |
2424 | 0 | *have_ack_eliciting = 1; |
2425 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2426 | 0 | stream->txp_sent_fc = 1; |
2427 | 0 | } |
2428 | | |
2429 | | /* |
2430 | | * Stream Data Frames (STREAM) |
2431 | | * |
2432 | | * RFC 9000 s. 3.3: A sender MUST NOT send a STREAM [...] frame for a |
2433 | | * stream in the "Reset Sent" state [or any terminal state]. We don't |
2434 | | * send any more STREAM frames if we are sending, have sent, or are |
2435 | | * planning to send, RESET_STREAM. The other terminal state is Data |
2436 | | * Recvd, but txp_generate_stream_frames() is guaranteed to generate |
2437 | | * nothing in this case. |
2438 | | */ |
2439 | 0 | if (ossl_quic_stream_has_send_buffer(stream) |
2440 | 0 | && !ossl_quic_stream_send_is_reset(stream)) { |
2441 | 0 | int packet_full = 0, stream_drained = 0; |
2442 | |
|
2443 | 0 | if (!ossl_assert(!stream->want_reset_stream)) |
2444 | 0 | return 0; |
2445 | | |
2446 | 0 | if (!txp_generate_stream_frames(txp, pkt, |
2447 | 0 | stream->id, stream->sstream, |
2448 | 0 | &stream->txfc, |
2449 | 0 | snext, min_ppl, |
2450 | 0 | have_ack_eliciting, |
2451 | 0 | &packet_full, |
2452 | 0 | &stream_drained, |
2453 | 0 | &stream->txp_txfc_new_credit_consumed)) { |
2454 | | /* Fatal error (allocation, etc.) */ |
2455 | 0 | txp_enlink_tmp(tmp_head, stream); |
2456 | 0 | return 0; |
2457 | 0 | } |
2458 | | |
2459 | 0 | if (stream_drained) |
2460 | 0 | stream->txp_drained = 1; |
2461 | |
|
2462 | 0 | if (packet_full) { |
2463 | 0 | txp_enlink_tmp(tmp_head, stream); |
2464 | 0 | break; |
2465 | 0 | } |
2466 | 0 | } |
2467 | | |
2468 | 0 | txp_enlink_tmp(tmp_head, stream); |
2469 | 0 | } |
2470 | | |
2471 | 0 | return 1; |
2472 | 0 | } |
2473 | | |
2474 | | static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp, |
2475 | | struct txp_pkt *pkt, |
2476 | | int chosen_for_conn_close) |
2477 | 0 | { |
2478 | 0 | int rc = TXP_ERR_SUCCESS; |
2479 | 0 | const uint32_t enc_level = pkt->h.enc_level; |
2480 | 0 | const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
2481 | 0 | int have_ack_eliciting = 0, done_pre_token = 0; |
2482 | 0 | const struct archetype_data a = pkt->geom.adata; |
2483 | | /* |
2484 | | * Cleared if we encode any non-ACK-eliciting frame type which rules out the |
2485 | | * packet being a non-inflight frame. This means any non-ACK ACK-eliciting |
2486 | | * frame, even PADDING frames. ACK eliciting frames always cause a packet to |
2487 | | * become ineligible for non-inflight treatment so it is not necessary to |
2488 | | * clear this in cases where have_ack_eliciting is set, as it is ignored in |
2489 | | * that case. |
2490 | | */ |
2491 | 0 | int can_be_non_inflight = 1; |
2492 | 0 | QUIC_CFQ_ITEM *cfq_item; |
2493 | 0 | QUIC_TXPIM_PKT *tpkt = NULL; |
2494 | 0 | struct tx_helper *h = &pkt->h; |
2495 | 0 | size_t min_ppl = 0; |
2496 | | |
2497 | | /* Maximum PN reached? */ |
2498 | 0 | if (!ossl_quic_pn_valid(txp->next_pn[pn_space])) |
2499 | 0 | goto fatal_err; |
2500 | | |
2501 | 0 | if (!ossl_assert(pkt->tpkt == NULL)) |
2502 | 0 | goto fatal_err; |
2503 | | |
2504 | 0 | if ((pkt->tpkt = tpkt = ossl_quic_txpim_pkt_alloc(txp->args.txpim)) == NULL) |
2505 | 0 | goto fatal_err; |
2506 | | |
2507 | | /* |
2508 | | * Frame Serialization |
2509 | | * =================== |
2510 | | * |
2511 | | * We now serialize frames into the packet in descending order of priority. |
2512 | | */ |
2513 | | |
2514 | | /* HANDSHAKE_DONE (Regenerate) */ |
2515 | 0 | if (a.allow_handshake_done && txp->want_handshake_done |
2516 | 0 | && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_HANDSHAKE_DONE) { |
2517 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
2518 | |
|
2519 | 0 | if (wpkt == NULL) |
2520 | 0 | goto fatal_err; |
2521 | | |
2522 | 0 | if (ossl_quic_wire_encode_frame_handshake_done(wpkt)) { |
2523 | 0 | tpkt->had_handshake_done_frame = 1; |
2524 | 0 | have_ack_eliciting = 1; |
2525 | |
|
2526 | 0 | if (!tx_helper_commit(h)) |
2527 | 0 | goto fatal_err; |
2528 | | |
2529 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2530 | 0 | } else { |
2531 | 0 | tx_helper_rollback(h); |
2532 | 0 | } |
2533 | 0 | } |
2534 | | |
2535 | | /* MAX_DATA (Regenerate) */ |
2536 | 0 | if (a.allow_conn_fc |
2537 | 0 | && (txp->want_max_data |
2538 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0)) |
2539 | 0 | && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_DATA) { |
2540 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
2541 | 0 | uint64_t cwm = ossl_quic_rxfc_get_cwm(txp->args.conn_rxfc); |
2542 | |
|
2543 | 0 | if (wpkt == NULL) |
2544 | 0 | goto fatal_err; |
2545 | | |
2546 | 0 | if (ossl_quic_wire_encode_frame_max_data(wpkt, cwm)) { |
2547 | 0 | tpkt->had_max_data_frame = 1; |
2548 | 0 | have_ack_eliciting = 1; |
2549 | |
|
2550 | 0 | if (!tx_helper_commit(h)) |
2551 | 0 | goto fatal_err; |
2552 | | |
2553 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2554 | 0 | } else { |
2555 | 0 | tx_helper_rollback(h); |
2556 | 0 | } |
2557 | 0 | } |
2558 | | |
2559 | | /* MAX_STREAMS_BIDI (Regenerate) */ |
2560 | 0 | if (a.allow_conn_fc |
2561 | 0 | && (txp->want_max_streams_bidi |
2562 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 0)) |
2563 | 0 | && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_BIDI) { |
2564 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
2565 | 0 | uint64_t max_streams |
2566 | 0 | = ossl_quic_rxfc_get_cwm(txp->args.max_streams_bidi_rxfc); |
2567 | |
|
2568 | 0 | if (wpkt == NULL) |
2569 | 0 | goto fatal_err; |
2570 | | |
2571 | 0 | if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/0, |
2572 | 0 | max_streams)) { |
2573 | 0 | tpkt->had_max_streams_bidi_frame = 1; |
2574 | 0 | have_ack_eliciting = 1; |
2575 | |
|
2576 | 0 | if (!tx_helper_commit(h)) |
2577 | 0 | goto fatal_err; |
2578 | | |
2579 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2580 | 0 | } else { |
2581 | 0 | tx_helper_rollback(h); |
2582 | 0 | } |
2583 | 0 | } |
2584 | | |
2585 | | /* MAX_STREAMS_UNI (Regenerate) */ |
2586 | 0 | if (a.allow_conn_fc |
2587 | 0 | && (txp->want_max_streams_uni |
2588 | 0 | || ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 0)) |
2589 | 0 | && tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_UNI) { |
2590 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
2591 | 0 | uint64_t max_streams |
2592 | 0 | = ossl_quic_rxfc_get_cwm(txp->args.max_streams_uni_rxfc); |
2593 | |
|
2594 | 0 | if (wpkt == NULL) |
2595 | 0 | goto fatal_err; |
2596 | | |
2597 | 0 | if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/1, |
2598 | 0 | max_streams)) { |
2599 | 0 | tpkt->had_max_streams_uni_frame = 1; |
2600 | 0 | have_ack_eliciting = 1; |
2601 | |
|
2602 | 0 | if (!tx_helper_commit(h)) |
2603 | 0 | goto fatal_err; |
2604 | | |
2605 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2606 | 0 | } else { |
2607 | 0 | tx_helper_rollback(h); |
2608 | 0 | } |
2609 | 0 | } |
2610 | | |
2611 | | /* GCR Frames */ |
2612 | 0 | for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space); |
2613 | 0 | cfq_item != NULL; |
2614 | 0 | cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) { |
2615 | 0 | uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item); |
2616 | 0 | const unsigned char *encoded = ossl_quic_cfq_item_get_encoded(cfq_item); |
2617 | 0 | size_t encoded_len = ossl_quic_cfq_item_get_encoded_len(cfq_item); |
2618 | |
|
2619 | 0 | switch (frame_type) { |
2620 | 0 | case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID: |
2621 | 0 | if (!a.allow_new_conn_id) |
2622 | 0 | continue; |
2623 | 0 | break; |
2624 | 0 | case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID: |
2625 | 0 | if (!a.allow_retire_conn_id) |
2626 | 0 | continue; |
2627 | 0 | break; |
2628 | 0 | case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN: |
2629 | 0 | if (!a.allow_new_token) |
2630 | 0 | continue; |
2631 | | |
2632 | | /* |
2633 | | * NEW_TOKEN frames are handled via GCR, but some |
2634 | | * Regenerate-strategy frames should come before them (namely |
2635 | | * ACK, CONNECTION_CLOSE, PATH_CHALLENGE and PATH_RESPONSE). If |
2636 | | * we find a NEW_TOKEN frame, do these now. If there are no |
2637 | | * NEW_TOKEN frames in the GCR queue we will handle these below. |
2638 | | */ |
2639 | 0 | if (!done_pre_token) |
2640 | 0 | if (txp_generate_pre_token(txp, pkt, |
2641 | 0 | chosen_for_conn_close, |
2642 | 0 | &can_be_non_inflight)) |
2643 | 0 | done_pre_token = 1; |
2644 | |
|
2645 | 0 | break; |
2646 | 0 | case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE: |
2647 | 0 | if (!a.allow_path_response) |
2648 | 0 | continue; |
2649 | | |
2650 | | /* |
2651 | | * RFC 9000 s. 8.2.2: An endpoint MUST expand datagrams that |
2652 | | * contain a PATH_RESPONSE frame to at least the smallest |
2653 | | * allowed maximum datagram size of 1200 bytes. |
2654 | | */ |
2655 | 0 | pkt->force_pad = 1; |
2656 | 0 | break; |
2657 | 0 | default: |
2658 | 0 | if (!a.allow_cfq_other) |
2659 | 0 | continue; |
2660 | 0 | break; |
2661 | 0 | } |
2662 | | |
2663 | | /* |
2664 | | * If the frame is too big, don't try to schedule any more GCR frames in |
2665 | | * this packet rather than sending subsequent ones out of order. |
2666 | | */ |
2667 | 0 | if (encoded_len > tx_helper_get_space_left(h)) |
2668 | 0 | break; |
2669 | | |
2670 | 0 | if (!tx_helper_append_iovec(h, encoded, encoded_len)) |
2671 | 0 | goto fatal_err; |
2672 | | |
2673 | 0 | ossl_quic_txpim_pkt_add_cfq_item(tpkt, cfq_item); |
2674 | |
|
2675 | 0 | if (ossl_quic_frame_type_is_ack_eliciting(frame_type)) { |
2676 | 0 | have_ack_eliciting = 1; |
2677 | 0 | tx_helper_unrestrict(h); /* no longer need PING */ |
2678 | 0 | } |
2679 | 0 | } |
2680 | | |
2681 | | /* |
2682 | | * If we didn't generate ACK, CONNECTION_CLOSE, PATH_CHALLENGE or |
2683 | | * PATH_RESPONSE (as desired) before, do so now. |
2684 | | */ |
2685 | 0 | if (!done_pre_token) |
2686 | 0 | if (txp_generate_pre_token(txp, pkt, |
2687 | 0 | chosen_for_conn_close, |
2688 | 0 | &can_be_non_inflight)) |
2689 | 0 | done_pre_token = 1; |
2690 | | |
2691 | | /* CRYPTO Frames */ |
2692 | 0 | if (a.allow_crypto) |
2693 | 0 | if (!txp_generate_crypto_frames(txp, pkt, &have_ack_eliciting)) |
2694 | 0 | goto fatal_err; |
2695 | | |
2696 | | /* Stream-specific frames */ |
2697 | 0 | if (a.allow_stream_rel && txp->handshake_complete) |
2698 | 0 | if (!txp_generate_stream_related(txp, pkt, min_ppl, |
2699 | 0 | &have_ack_eliciting, |
2700 | 0 | &pkt->stream_head)) |
2701 | 0 | goto fatal_err; |
2702 | | |
2703 | | /* PING */ |
2704 | 0 | tx_helper_unrestrict(h); |
2705 | |
|
2706 | 0 | if ((a.require_ack_eliciting |
2707 | 0 | || (txp->force_ack_eliciting & (1UL << pn_space)) != 0) |
2708 | 0 | && !have_ack_eliciting && a.allow_ping) { |
2709 | 0 | WPACKET *wpkt; |
2710 | |
|
2711 | 0 | wpkt = tx_helper_begin(h); |
2712 | 0 | if (wpkt == NULL) |
2713 | 0 | goto fatal_err; |
2714 | | |
2715 | 0 | if (!ossl_quic_wire_encode_frame_ping(wpkt) |
2716 | 0 | || !tx_helper_commit(h)) |
2717 | | /* |
2718 | | * We treat a request to be ACK-eliciting as a requirement, so this |
2719 | | * is an error. |
2720 | | */ |
2721 | 0 | goto fatal_err; |
2722 | | |
2723 | 0 | have_ack_eliciting = 1; |
2724 | 0 | } |
2725 | | |
2726 | | /* PADDING */ |
2727 | 0 | if (a.allow_padding && h->bytes_appended < min_ppl) { |
2728 | 0 | WPACKET *wpkt = tx_helper_begin(h); |
2729 | 0 | if (wpkt == NULL) |
2730 | 0 | goto fatal_err; |
2731 | | |
2732 | 0 | if (!ossl_quic_wire_encode_padding(wpkt, min_ppl - h->bytes_appended) |
2733 | 0 | || !tx_helper_commit(h)) |
2734 | 0 | goto fatal_err; |
2735 | | |
2736 | 0 | can_be_non_inflight = 0; |
2737 | 0 | } |
2738 | | |
2739 | | /* |
2740 | | * ACKM Data |
2741 | | * ========= |
2742 | | */ |
2743 | 0 | if (have_ack_eliciting) |
2744 | 0 | can_be_non_inflight = 0; |
2745 | | |
2746 | | /* ACKM Data */ |
2747 | 0 | tpkt->ackm_pkt.num_bytes = h->bytes_appended + pkt->geom.pkt_overhead; |
2748 | 0 | tpkt->ackm_pkt.pkt_num = txp->next_pn[pn_space]; |
2749 | | /* largest_acked is set in txp_generate_pre_token */ |
2750 | 0 | tpkt->ackm_pkt.pkt_space = pn_space; |
2751 | 0 | tpkt->ackm_pkt.is_inflight = !can_be_non_inflight; |
2752 | 0 | tpkt->ackm_pkt.is_ack_eliciting = have_ack_eliciting; |
2753 | 0 | tpkt->ackm_pkt.is_pto_probe = 0; |
2754 | 0 | tpkt->ackm_pkt.is_mtu_probe = 0; |
2755 | 0 | tpkt->ackm_pkt.time = txp->args.now(txp->args.now_arg); |
2756 | | |
2757 | | /* Done. */ |
2758 | 0 | return rc; |
2759 | | |
2760 | 0 | fatal_err: |
2761 | | /* |
2762 | | * Handler for fatal errors, i.e. errors causing us to abort the entire |
2763 | | * packet rather than just one frame. Examples of such errors include |
2764 | | * allocation errors. |
2765 | | */ |
2766 | 0 | if (tpkt != NULL) { |
2767 | 0 | ossl_quic_txpim_pkt_release(txp->args.txpim, tpkt); |
2768 | 0 | pkt->tpkt = NULL; |
2769 | 0 | } |
2770 | 0 | return TXP_ERR_INTERNAL; |
2771 | 0 | } |
2772 | | |
2773 | | /* |
2774 | | * Commits and queues a packet for transmission. There is no backing out after |
2775 | | * this. |
2776 | | * |
2777 | | * This: |
2778 | | * |
2779 | | * - Sends the packet to the QTX for encryption and transmission; |
2780 | | * |
2781 | | * - Records the packet as having been transmitted in FIFM. ACKM is informed, |
2782 | | * etc. and the TXPIM record is filed. |
2783 | | * |
2784 | | * - Informs various subsystems of frames that were sent and clears frame |
2785 | | * wanted flags so that we do not generate the same frames again. |
2786 | | * |
2787 | | * Assumptions: |
2788 | | * |
2789 | | * - pkt is a txp_pkt for the correct EL; |
2790 | | * |
2791 | | * - pkt->tpkt is valid; |
2792 | | * |
2793 | | * - pkt->tpkt->ackm_pkt has been fully filled in; |
2794 | | * |
2795 | | * - Stream chunk records have been appended to pkt->tpkt for STREAM and |
2796 | | * CRYPTO frames, but not for RESET_STREAM or STOP_SENDING frames; |
2797 | | * |
2798 | | * - The chosen stream list for the packet can be fully walked from |
2799 | | * pkt->stream_head using stream->txp_next; |
2800 | | * |
2801 | | * - pkt->has_ack_eliciting is set correctly. |
2802 | | * |
2803 | | */ |
2804 | | static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp, |
2805 | | struct txp_pkt *pkt, |
2806 | | uint32_t archetype, |
2807 | | int *txpim_pkt_reffed) |
2808 | 0 | { |
2809 | 0 | int rc = 1; |
2810 | 0 | uint32_t enc_level = pkt->h.enc_level; |
2811 | 0 | uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
2812 | 0 | QUIC_TXPIM_PKT *tpkt = pkt->tpkt; |
2813 | 0 | QUIC_STREAM *stream; |
2814 | 0 | OSSL_QTX_PKT txpkt; |
2815 | 0 | struct archetype_data a; |
2816 | |
|
2817 | 0 | *txpim_pkt_reffed = 0; |
2818 | | |
2819 | | /* Cannot send a packet with an empty payload. */ |
2820 | 0 | if (pkt->h.bytes_appended == 0) |
2821 | 0 | return 0; |
2822 | | |
2823 | 0 | if (!txp_get_archetype_data(enc_level, archetype, &a)) |
2824 | 0 | return 0; |
2825 | | |
2826 | | /* Packet Information for QTX */ |
2827 | 0 | txpkt.hdr = &pkt->phdr; |
2828 | 0 | txpkt.iovec = txp->el[enc_level].iovec; |
2829 | 0 | txpkt.num_iovec = pkt->h.num_iovec; |
2830 | 0 | txpkt.local = NULL; |
2831 | 0 | txpkt.peer = BIO_ADDR_family(&txp->args.peer) == AF_UNSPEC |
2832 | 0 | ? NULL : &txp->args.peer; |
2833 | 0 | txpkt.pn = txp->next_pn[pn_space]; |
2834 | 0 | txpkt.flags = OSSL_QTX_PKT_FLAG_COALESCE; /* always try to coalesce */ |
2835 | | |
2836 | | /* Generate TXPIM chunks representing STOP_SENDING and RESET_STREAM frames. */ |
2837 | 0 | for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next) |
2838 | 0 | if (stream->txp_sent_stop_sending || stream->txp_sent_reset_stream) { |
2839 | | /* Log STOP_SENDING/RESET_STREAM chunk to TXPIM. */ |
2840 | 0 | QUIC_TXPIM_CHUNK chunk; |
2841 | |
|
2842 | 0 | chunk.stream_id = stream->id; |
2843 | 0 | chunk.start = UINT64_MAX; |
2844 | 0 | chunk.end = 0; |
2845 | 0 | chunk.has_fin = 0; |
2846 | 0 | chunk.has_stop_sending = stream->txp_sent_stop_sending; |
2847 | 0 | chunk.has_reset_stream = stream->txp_sent_reset_stream; |
2848 | 0 | if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk)) |
2849 | 0 | return 0; /* alloc error */ |
2850 | 0 | } |
2851 | | |
2852 | | /* Dispatch to FIFD. */ |
2853 | 0 | if (!ossl_quic_fifd_pkt_commit(&txp->fifd, tpkt)) |
2854 | 0 | return 0; |
2855 | | |
2856 | | /* |
2857 | | * Transmission and Post-Packet Generation Bookkeeping |
2858 | | * =================================================== |
2859 | | * |
2860 | | * No backing out anymore - at this point the ACKM has recorded the packet |
2861 | | * as having been sent, so we need to increment our next PN counter, or |
2862 | | * the ACKM will complain when we try to record a duplicate packet with |
2863 | | * the same PN later. At this point actually sending the packet may still |
2864 | | * fail. In this unlikely event it will simply be handled as though it |
2865 | | * were a lost packet. |
2866 | | */ |
2867 | 0 | ++txp->next_pn[pn_space]; |
2868 | 0 | *txpim_pkt_reffed = 1; |
2869 | | |
2870 | | /* Send the packet. */ |
2871 | 0 | if (!ossl_qtx_write_pkt(txp->args.qtx, &txpkt)) |
2872 | 0 | return 0; |
2873 | | |
2874 | | /* |
2875 | | * Record FC and stream abort frames as sent; deactivate streams which no |
2876 | | * longer have anything to do. |
2877 | | */ |
2878 | 0 | for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next) { |
2879 | 0 | if (stream->txp_sent_fc) { |
2880 | 0 | stream->want_max_stream_data = 0; |
2881 | 0 | ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 1); |
2882 | 0 | } |
2883 | |
|
2884 | 0 | if (stream->txp_sent_stop_sending) |
2885 | 0 | stream->want_stop_sending = 0; |
2886 | |
|
2887 | 0 | if (stream->txp_sent_reset_stream) |
2888 | 0 | stream->want_reset_stream = 0; |
2889 | |
|
2890 | 0 | if (stream->txp_txfc_new_credit_consumed > 0) { |
2891 | 0 | if (!ossl_assert(ossl_quic_txfc_consume_credit(&stream->txfc, |
2892 | 0 | stream->txp_txfc_new_credit_consumed))) |
2893 | | /* |
2894 | | * Should not be possible, but we should continue with our |
2895 | | * bookkeeping as we have already committed the packet to the |
2896 | | * FIFD. Just change the value we return. |
2897 | | */ |
2898 | 0 | rc = 0; |
2899 | |
|
2900 | 0 | stream->txp_txfc_new_credit_consumed = 0; |
2901 | 0 | } |
2902 | | |
2903 | | /* |
2904 | | * If we no longer need to generate any flow control (MAX_STREAM_DATA), |
2905 | | * STOP_SENDING or RESET_STREAM frames, nor any STREAM frames (because |
2906 | | * the stream is drained of data or TXFC-blocked), we can mark the |
2907 | | * stream as inactive. |
2908 | | */ |
2909 | 0 | ossl_quic_stream_map_update_state(txp->args.qsm, stream); |
2910 | |
|
2911 | 0 | if (stream->txp_drained) { |
2912 | 0 | assert(!ossl_quic_sstream_has_pending(stream->sstream)); |
2913 | | |
2914 | | /* |
2915 | | * Transition to DATA_SENT if stream has a final size and we have |
2916 | | * sent all data. |
2917 | | */ |
2918 | 0 | if (ossl_quic_sstream_get_final_size(stream->sstream, NULL)) |
2919 | 0 | ossl_quic_stream_map_notify_all_data_sent(txp->args.qsm, stream); |
2920 | 0 | } |
2921 | 0 | } |
2922 | | |
2923 | | /* We have now sent the packet, so update state accordingly. */ |
2924 | 0 | if (tpkt->ackm_pkt.is_ack_eliciting) |
2925 | 0 | txp->force_ack_eliciting &= ~(1UL << pn_space); |
2926 | |
|
2927 | 0 | if (tpkt->had_handshake_done_frame) |
2928 | 0 | txp->want_handshake_done = 0; |
2929 | |
|
2930 | 0 | if (tpkt->had_max_data_frame) { |
2931 | 0 | txp->want_max_data = 0; |
2932 | 0 | ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 1); |
2933 | 0 | } |
2934 | |
|
2935 | 0 | if (tpkt->had_max_streams_bidi_frame) { |
2936 | 0 | txp->want_max_streams_bidi = 0; |
2937 | 0 | ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 1); |
2938 | 0 | } |
2939 | |
|
2940 | 0 | if (tpkt->had_max_streams_uni_frame) { |
2941 | 0 | txp->want_max_streams_uni = 0; |
2942 | 0 | ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 1); |
2943 | 0 | } |
2944 | |
|
2945 | 0 | if (tpkt->had_ack_frame) |
2946 | 0 | txp->want_ack &= ~(1UL << pn_space); |
2947 | |
|
2948 | 0 | if (tpkt->had_conn_close) |
2949 | 0 | txp->want_conn_close = 0; |
2950 | | |
2951 | | /* |
2952 | | * Decrement probe request counts if we have sent a packet that meets |
2953 | | * the requirement of a probe, namely being ACK-eliciting. |
2954 | | */ |
2955 | 0 | if (tpkt->ackm_pkt.is_ack_eliciting) { |
2956 | 0 | OSSL_ACKM_PROBE_INFO *probe_info |
2957 | 0 | = ossl_ackm_get0_probe_request(txp->args.ackm); |
2958 | |
|
2959 | 0 | if (enc_level == QUIC_ENC_LEVEL_INITIAL |
2960 | 0 | && probe_info->anti_deadlock_initial > 0) |
2961 | 0 | --probe_info->anti_deadlock_initial; |
2962 | |
|
2963 | 0 | if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE |
2964 | 0 | && probe_info->anti_deadlock_handshake > 0) |
2965 | 0 | --probe_info->anti_deadlock_handshake; |
2966 | |
|
2967 | 0 | if (a.allow_force_ack_eliciting /* (i.e., not for 0-RTT) */ |
2968 | 0 | && probe_info->pto[pn_space] > 0) |
2969 | 0 | --probe_info->pto[pn_space]; |
2970 | 0 | } |
2971 | |
|
2972 | 0 | return rc; |
2973 | 0 | } |
2974 | | |
2975 | | /* Ensure the iovec array is at least num elements long. */ |
2976 | | static int txp_el_ensure_iovec(struct txp_el *el, size_t num) |
2977 | 0 | { |
2978 | 0 | OSSL_QTX_IOVEC *iovec; |
2979 | |
|
2980 | 0 | if (el->alloc_iovec >= num) |
2981 | 0 | return 1; |
2982 | | |
2983 | 0 | num = el->alloc_iovec != 0 ? el->alloc_iovec * 2 : 8; |
2984 | |
|
2985 | 0 | iovec = OPENSSL_realloc(el->iovec, sizeof(OSSL_QTX_IOVEC) * num); |
2986 | 0 | if (iovec == NULL) |
2987 | 0 | return 0; |
2988 | | |
2989 | 0 | el->iovec = iovec; |
2990 | 0 | el->alloc_iovec = num; |
2991 | 0 | return 1; |
2992 | 0 | } |
2993 | | |
2994 | | int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp, |
2995 | | const OSSL_QUIC_FRAME_CONN_CLOSE *f) |
2996 | 0 | { |
2997 | 0 | char *reason = NULL; |
2998 | 0 | size_t reason_len = f->reason_len; |
2999 | 0 | size_t max_reason_len = txp_get_mdpl(txp) / 2; |
3000 | |
|
3001 | 0 | if (txp->want_conn_close) |
3002 | 0 | return 0; |
3003 | | |
3004 | | /* |
3005 | | * Arbitrarily limit the length of the reason length string to half of the |
3006 | | * MDPL. |
3007 | | */ |
3008 | 0 | if (reason_len > max_reason_len) |
3009 | 0 | reason_len = max_reason_len; |
3010 | |
|
3011 | 0 | if (reason_len > 0) { |
3012 | 0 | reason = OPENSSL_memdup(f->reason, reason_len); |
3013 | 0 | if (reason == NULL) |
3014 | 0 | return 0; |
3015 | 0 | } |
3016 | | |
3017 | 0 | txp->conn_close_frame = *f; |
3018 | 0 | txp->conn_close_frame.reason = reason; |
3019 | 0 | txp->conn_close_frame.reason_len = reason_len; |
3020 | 0 | txp->want_conn_close = 1; |
3021 | 0 | return 1; |
3022 | 0 | } |
3023 | | |
3024 | | void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp, |
3025 | | ossl_msg_cb msg_callback, |
3026 | | SSL *msg_callback_ssl) |
3027 | 0 | { |
3028 | 0 | txp->msg_callback = msg_callback; |
3029 | 0 | txp->msg_callback_ssl = msg_callback_ssl; |
3030 | 0 | } |
3031 | | |
3032 | | void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp, |
3033 | | void *msg_callback_arg) |
3034 | 0 | { |
3035 | 0 | txp->msg_callback_arg = msg_callback_arg; |
3036 | 0 | } |
3037 | | |
3038 | | QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp, |
3039 | | uint32_t pn_space) |
3040 | 0 | { |
3041 | 0 | if (pn_space >= QUIC_PN_SPACE_NUM) |
3042 | 0 | return UINT64_MAX; |
3043 | | |
3044 | 0 | return txp->next_pn[pn_space]; |
3045 | 0 | } |
3046 | | |
3047 | | OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp) |
3048 | 0 | { |
3049 | | /* |
3050 | | * TXP-specific deadline computations which rely on TXP innards. This is in |
3051 | | * turn relied on by the QUIC_CHANNEL code to determine the channel event |
3052 | | * handling deadline. |
3053 | | */ |
3054 | 0 | OSSL_TIME deadline = ossl_time_infinite(); |
3055 | 0 | uint32_t enc_level, pn_space; |
3056 | | |
3057 | | /* |
3058 | | * ACK generation is not CC-gated - packets containing only ACKs are allowed |
3059 | | * to bypass CC. We want to generate ACK frames even if we are currently |
3060 | | * restricted by CC so the peer knows we have received data. The generate |
3061 | | * call will take care of selecting the correct packet archetype. |
3062 | | */ |
3063 | 0 | for (enc_level = QUIC_ENC_LEVEL_INITIAL; |
3064 | 0 | enc_level < QUIC_ENC_LEVEL_NUM; |
3065 | 0 | ++enc_level) |
3066 | 0 | if (ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level)) { |
3067 | 0 | pn_space = ossl_quic_enc_level_to_pn_space(enc_level); |
3068 | 0 | deadline = ossl_time_min(deadline, |
3069 | 0 | ossl_ackm_get_ack_deadline(txp->args.ackm, pn_space)); |
3070 | 0 | } |
3071 | | |
3072 | | /* When will CC let us send more? */ |
3073 | 0 | if (txp->args.cc_method->get_tx_allowance(txp->args.cc_data) == 0) |
3074 | 0 | deadline = ossl_time_min(deadline, |
3075 | 0 | txp->args.cc_method->get_wakeup_deadline(txp->args.cc_data)); |
3076 | |
|
3077 | 0 | return deadline; |
3078 | 0 | } |