nginx-quic: src/event/ngx_event

comparison src/event/ngx_event_quic.c @ 7691:714a19dba6af quic

Style and handlers. Cleanup in ngx_event_quic.c: + reorderded functions, structures + added missing prototypes + added separate handlers for each frame type + numerous indentation/comments/TODO fixes + removed non-implemented qc->state and corresponding enum; this requires deep thinking, stub was unused. + streams inside quic connection are now in own structure

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 18 Mar 2020 13:02:19 +0300
parents	ae35ccba7aa6
children	cfc429911c0d

comparison

equal deleted inserted replaced

-:ae35ccba7aa6
+:714a19dba6af
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_event.h>
-/* TODO: real states, these are stubs */
+typedef struct {
-typedef enum  {
+ngx_rbtree_node_t                  node;
-NGX_QUIC_ST_INITIAL,
+ngx_buf_t                         *b;
-NGX_QUIC_ST_HANDSHAKE,
+ngx_connection_t                  *c;
-NGX_QUIC_ST_APP_DATA
+ngx_quic_stream_t                  s;
-} ngx_quic_state_t;
+} ngx_quic_stream_node_t;
+typedef struct {
+ngx_rbtree_t                      tree;
+ngx_rbtree_node_t                 sentinel;
+ngx_msec_t                        timeout;
+ngx_connection_handler_pt         handler;
+} ngx_quic_streams_t;
 struct ngx_quic_connection_s {
+ngx_str_t                         scid;
-ngx_quic_state_t   state;
+ngx_str_t                         dcid;
-ngx_ssl_t         *ssl;
+ngx_str_t                         token;
-ngx_quic_frame_t  *frames;
+/* current packet numbers  for each namespace */
+ngx_uint_t                        initial_pn;
-ngx_str_t          scid;
+ngx_uint_t                        handshake_pn;
-ngx_str_t          dcid;
+ngx_uint_t                        appdata_pn;
-ngx_str_t          token;
+ngx_quic_secrets_t                secrets;
-/* current packet numbers for each namespace */
+ngx_ssl_t                        *ssl;
-ngx_uint_t         initial_pn;
+ngx_quic_frame_t                 *frames;
-ngx_uint_t         handshake_pn;
-ngx_uint_t         appdata_pn;
+ngx_quic_streams_t                streams;
-ngx_quic_secrets_t secrets;
-/* streams */
-ngx_rbtree_t               stree;
-ngx_rbtree_node_t          stree_sentinel;
-ngx_msec_t                 stream_timeout;
-ngx_connection_handler_pt  stream_handler;
 };
-typedef struct {
-ngx_rbtree_node_t      node;
-ngx_buf_t             *b;
-ngx_connection_t      *c;
-ngx_quic_stream_t      s;
-} ngx_quic_stream_node_t;
-static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b);
-static ngx_int_t ngx_quic_output(ngx_connection_t *c);
-static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
-ngx_quic_header_t *pkt);
-static void ngx_quic_close_connection(ngx_connection_t *c);
-static ngx_quic_stream_node_t *ngx_quic_stream_lookup(ngx_rbtree_t *rbtree,
-ngx_uint_t key);
-static void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
-ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
-static void ngx_quic_handshake_handler(ngx_event_t *rev);
-static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c,
-ngx_quic_header_t *pkt);
-static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c,
-ngx_quic_header_t *pkt);
-static ngx_int_t ngx_quic_app_input(ngx_connection_t *c,
-ngx_quic_header_t *pkt);
 #if BORINGSSL_API_VERSION >= 10
 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
 #else
 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const uint8_t *read_secret,
 const uint8_t *write_secret, size_t secret_len);
 #endif
 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, uint8_t alert);
+static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
+ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c);
+static void ngx_quic_handshake_handler(ngx_event_t *rev);
+static void ngx_quic_close_connection(ngx_connection_t *c);
+static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b);
+static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c,
+ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c,
+ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_app_input(ngx_connection_t *c,
+ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c,
+ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c,
+ngx_quic_header_t *pkt, ngx_quic_ack_frame_t *f);
+static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c,
+ngx_quic_header_t *pkt, ngx_quic_crypto_frame_t *frame);
+static ngx_int_t ngx_quic_handle_stream_frame(ngx_connection_t *c,
+ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *frame);
+static void ngx_quic_queue_frame(ngx_quic_connection_t *qc,
+ngx_quic_frame_t *frame);
+static ngx_int_t ngx_quic_output(ngx_connection_t *c);
+ngx_int_t ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start,
+ngx_quic_frame_t *end, size_t total);
+static ngx_int_t ngx_quic_send_packet(ngx_connection_t *c,
+ngx_quic_connection_t *qc, enum ssl_encryption_level_t level,
+ngx_str_t *payload);
+static void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
+ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
+static ngx_quic_stream_node_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree,
+ngx_uint_t key);
 static ssize_t ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf,
 size_t size);
 static ssize_t ngx_quic_stream_send(ngx_connection_t *c, u_char *buf,
 size_t size);
 static ngx_chain_t *ngx_quic_stream_send_chain(ngx_connection_t *c,
 ngx_chain_t *in, off_t limit);
 static SSL_QUIC_METHOD quic_method = {
 #if BORINGSSL_API_VERSION >= 10
 ngx_quic_set_read_secret,
 ngx_quic_set_write_secret,
 {
 SSL_CTX_set_quic_method(ctx, &quic_method);
 }
-void
-ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout,
-ngx_connection_handler_pt handler)
-{
-ngx_buf_t          *b;
-ngx_quic_header_t   pkt;
-ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic handshake");
-c->log->action = "QUIC handshaking";
-ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
-b = c->buffer;
-pkt.log = c->log;
-pkt.raw = b;
-pkt.data = b->start;
-pkt.len = b->last - b->start;
-if (ngx_quic_new_connection(c, ssl, &pkt) != NGX_OK) {
-ngx_quic_close_connection(c);
-return;
-}
-// we don't need stream handler for initial packet processing
-c->quic->stream_handler = handler;
-c->quic->stream_timeout = timeout;
-ngx_add_timer(c->read, timeout);
-c->read->handler = ngx_quic_handshake_handler;
-return;
-}
-static void
-ngx_quic_handshake_handler(ngx_event_t *rev)
-{
-ssize_t                 n;
-ngx_connection_t       *c;
-u_char                  buf[512];
-ngx_buf_t               b;
-b.start = buf;
-b.end = buf + 512;
-b.pos = b.last = b.start;
-c = rev->data;
-ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic handshake handler");
-if (rev->timedout) {
-ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
-ngx_quic_close_connection(c);
-return;
-}
-if (c->close) {
-ngx_quic_close_connection(c);
-return;
-}
-n = c->recv(c, b.start, b.end - b.start);
-if (n == NGX_AGAIN) {
-return;
-}
-if (n == NGX_ERROR) {
-c->read->eof = 1;
-ngx_quic_close_connection(c);
-return;
-}
-b.last += n;
-if (ngx_quic_input(c, &b) != NGX_OK) {
-ngx_quic_close_connection(c);
-return;
-}
-}
-static void
-ngx_quic_close_connection(ngx_connection_t *c)
-{
-ngx_pool_t  *pool;
-/* XXX wait for all streams to close */
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"close quic connection: %d", c->fd);
-if (c->ssl) {
-(void) ngx_ssl_shutdown(c);
-}
-#if (NGX_STAT_STUB)
-(void) ngx_atomic_fetch_add(ngx_stat_active, -1);
-#endif
-c->destroyed = 1;
-pool = c->pool;
-ngx_close_connection(c);
-ngx_destroy_pool(pool);
-}
-ngx_connection_t *
-ngx_quic_create_uni_stream(ngx_connection_t *c)
-{
-/* XXX */
-return NULL;
-}
-static ngx_int_t
-ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b)
-{
-u_char             *p;
-ngx_int_t           rc;
-ngx_quic_header_t   pkt;
-if (c->quic == NULL) {
-// XXX: possible?
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "BUG: no QUIC in connection");
-return NGX_ERROR;
-}
-p = b->start;
-do {
-ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
-pkt.raw = b;
-pkt.data = p;
-pkt.len = b->last - p;
-pkt.log = c->log;
-if (p[0] == 0) {
-/* XXX: no idea WTF is this, just ignore */
-ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES");
-break;
-}
-// TODO: check current state
-if (p[0] & NGX_QUIC_PKT_LONG) {
-if ((p[0] & 0xf0) == NGX_QUIC_PKT_INITIAL) {
-rc = ngx_quic_initial_input(c, &pkt);
-} else if ((p[0] & 0xf0) == NGX_QUIC_PKT_HANDSHAKE) {
-rc = ngx_quic_handshake_input(c, &pkt);
-} else {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"BUG: unknown quic state");
-return NGX_ERROR;
-}
-} else {
-rc = ngx_quic_app_input(c, &pkt);
-}
-if (rc == NGX_ERROR) {
-return NGX_ERROR;
-}
-/* b->pos is at header end, adjust by actual packet length */
-p = b->pos + pkt.len;
-b->pos = p;       /* reset b->pos to the next packet start */
-} while (p < b->last);
-return NGX_OK;
-}
-static ngx_int_t
-ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc,
-enum ssl_encryption_level_t level, ngx_str_t *payload)
-{
-ngx_str_t          res;
-ngx_quic_header_t  pkt;
-pkt.log = c->log;
-static ngx_str_t  initial_token = ngx_null_string;
-ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
-ngx_quic_hexdump0(c->log, "payload", payload->data, payload->len);
-pkt.level = level;
-pkt.dcid = qc->dcid;
-pkt.scid = qc->scid;
-if (level == ssl_encryption_initial) {
-pkt.number = &qc->initial_pn;
-pkt.flags = NGX_QUIC_PKT_INITIAL;
-pkt.secret = &qc->secrets.server.in;
-pkt.token = initial_token;
-} else if (level == ssl_encryption_handshake) {
-pkt.number = &qc->handshake_pn;
-pkt.flags = NGX_QUIC_PKT_HANDSHAKE;
-pkt.secret = &qc->secrets.server.hs;
-} else {
-pkt.number = &qc->appdata_pn;
-pkt.secret = &qc->secrets.server.ad;
-}
-if (ngx_quic_encrypt(c->pool, c->ssl->connection, &pkt, payload, &res)
-!= NGX_OK)
-{
-return NGX_ERROR;
-}
-ngx_quic_hexdump0(c->log, "packet to send", res.data, res.len);
-c->send(c, res.data, res.len); // TODO: err handling
-(*pkt.number)++;
-return NGX_OK;
-}
-/* pack a group of frames [start; end) into memory p and send as single packet */
-ngx_int_t
-ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start,
-ngx_quic_frame_t *end, size_t total)
-{
-ssize_t            len;
-u_char            *p;
-ngx_str_t          out;
-ngx_quic_frame_t  *f;
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"sending frames %p...%p", start, end);
-p = ngx_pnalloc(c->pool, total);
-if (p == NULL) {
-return NGX_ERROR;
-}
-out.data = p;
-for (f = start; f != end; f = f->next) {
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "frame: %s", f->info);
-len = ngx_quic_create_frame(p, p + total, f);
-if (len == -1) {
-return NGX_ERROR;
-}
-p += len;
-}
-out.len = p - out.data;
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"packet ready: %ui bytes at level %d",
-out.len, start->level);
-// IOVEC/sendmsg_chain ?
-if (ngx_quic_send_packet(c, c->quic, start->level, &out) != NGX_OK) {
-return NGX_ERROR;
-}
-return NGX_OK;
-}
-static ngx_int_t
-ngx_quic_output(ngx_connection_t *c)
-{
-size_t                  len;
-ngx_uint_t              lvl;
-ngx_quic_frame_t       *f, *start;
-ngx_quic_connection_t  *qc;
-qc = c->quic;
-if (qc->frames == NULL) {
-return NGX_OK;
-}
-lvl = qc->frames->level;
-start = qc->frames;
-f = start;
-do {
-len = 0;
-do {
-/* process same-level group of frames */
-len += ngx_quic_frame_len(f);// TODO: handle overflow, max size
-f = f->next;
-} while (f && f->level == lvl);
-if (ngx_quic_frames_send(c, start, f, len) != NGX_OK) {
-return NGX_ERROR;
-}
-if (f == NULL) {
-break;
-}
-lvl = f->level; // TODO: must not decrease (ever, also between calls)
-start = f;
-} while (1);
-qc->frames = NULL;
-return NGX_OK;
-}
 #if BORINGSSL_API_VERSION >= 10
 static int
 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
 }
 #endif
-static void
-ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame)
-{
-ngx_quic_frame_t *f;
-if (qc->frames == NULL) {
-qc->frames = frame;
-return;
-}
-for (f = qc->frames; f->next; f = f->next) {
-if (f->next->level > frame->level) {
-break;
-}
-}
-frame->next = f->next;
-f->next = frame;
-}
 static int
 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
 {
-u_char                   *p;
+u_char                 *p;
-ngx_quic_frame_t         *frame;
+ngx_quic_frame_t       *frame;
-ngx_connection_t         *c;
+ngx_connection_t       *c;
-ngx_quic_connection_t    *qc;
+ngx_quic_connection_t  *qc;
 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 qc = c->quic;
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 return 1;
 }
+void
+ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout,
+ngx_connection_handler_pt handler)
+{
+ngx_buf_t          *b;
+ngx_quic_header_t   pkt;
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic handshake");
+c->log->action = "QUIC handshaking";
+ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
+b = c->buffer;
+pkt.log = c->log;
+pkt.raw = b;
+pkt.data = b->start;
+pkt.len = b->last - b->start;
+if (ngx_quic_new_connection(c, ssl, &pkt) != NGX_OK) {
+ngx_quic_close_connection(c);
+return;
+}
+// we don't need stream handler for initial packet processing
+c->quic->streams.handler = handler;
+c->quic->streams.timeout = timeout;
+ngx_add_timer(c->read, timeout);
+c->read->handler = ngx_quic_handshake_handler;
+return;
+}
 static ngx_int_t
-ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
+ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
-ngx_quic_frame_t *frame)
+ngx_quic_header_t *pkt)
 {
-int             sslerr;
+ngx_quic_connection_t  *qc;
-ssize_t         n;
-ngx_ssl_conn_t *ssl_conn;
+if (ngx_buf_size(pkt->raw) < 1200) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram");
-ssl_conn = c->ssl->connection;
+return NGX_ERROR;
+}
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"SSL_quic_read_level: %d, SSL_quic_write_level: %d",
+if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
-(int) SSL_quic_read_level(ssl_conn),
+return NGX_ERROR;
-(int) SSL_quic_write_level(ssl_conn));
+}
+if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_INITIAL) {
-if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn),
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
-frame->u.crypto.data, frame->u.crypto.len))
+"invalid initial packet: 0x%xi", pkt->flags);
+return NGX_ERROR;
+}
+if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
+if (qc == NULL) {
+return NGX_ERROR;
+}
+ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel,
+ngx_quic_rbtree_insert_stream);
+c->quic = qc;
+qc->ssl = ssl;
+qc->dcid.len = pkt->dcid.len;
+qc->dcid.data = ngx_pnalloc(c->pool, pkt->dcid.len);
+if (qc->dcid.data == NULL) {
+return NGX_ERROR;
+}
+ngx_memcpy(qc->dcid.data, pkt->dcid.data, qc->dcid.len);
+qc->scid.len = pkt->scid.len;
+qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len);
+if (qc->scid.data == NULL) {
+return NGX_ERROR;
+}
+ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len);
+qc->token.len = pkt->token.len;
+qc->token.data = ngx_pnalloc(c->pool, qc->token.len);
+if (qc->token.data == NULL) {
+return NGX_ERROR;
+}
+ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len);
+if (ngx_quic_set_initial_secret(c->pool, &qc->secrets, &qc->dcid)
+!= NGX_OK)
 {
-ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+return NGX_ERROR;
-"SSL_provide_quic_data() failed");
+}
-return NGX_ERROR;
-}
+pkt->secret = &qc->secrets.client.in;
+pkt->level = ssl_encryption_initial;
-n = SSL_do_handshake(ssl_conn);
+if (ngx_quic_decrypt(c->pool, NULL, pkt) != NGX_OK) {
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
+return NGX_ERROR;
+}
-if (n == -1) {
-sslerr = SSL_get_error(ssl_conn, n);
+if (ngx_quic_init_connection(c) != NGX_OK) {
+return NGX_ERROR;
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
+}
-sslerr);
+return ngx_quic_payload_handler(c, pkt);
-if (sslerr == SSL_ERROR_SSL) {
+}
-ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
-}
-}
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic ssl cipher: %s", SSL_get_cipher(ssl_conn));
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"SSL_quic_read_level: %d, SSL_quic_write_level: %d",
-(int) SSL_quic_read_level(ssl_conn),
-(int) SSL_quic_write_level(ssl_conn));
-return NGX_OK;
-}
 static ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
 return NGX_OK;
 }
-static ssize_t
+static void
-ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, size_t size)
+ngx_quic_handshake_handler(ngx_event_t *rev)
 {
-ssize_t                  len;
+ssize_t            n;
-ngx_buf_t               *b;
+ngx_buf_t          b;
-ngx_quic_stream_t       *qs;
+ngx_connection_t  *c;
-ngx_quic_connection_t   *qc;
-ngx_quic_stream_node_t  *sn;
+u_char             buf[512];
-qs = c->qs;
+b.start = buf;
-qc = qs->parent->quic;
+b.end = buf + 512;
+b.pos = b.last = b.start;
-// XXX: get direct pointer from stream structure?
-sn = ngx_quic_stream_lookup(&qc->stree, qs->id);
+c = rev->data;
-if (sn == NULL) {
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic handshake handler");
-return NGX_ERROR;
-}
+if (rev->timedout) {
+ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
-// XXX: how to return EOF?
+ngx_quic_close_connection(c);
+return;
-b = sn->b;
+}
-if (b->last - b->pos == 0) {
+if (c->close) {
-c->read->ready = 0;
+ngx_quic_close_connection(c);
-ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+return;
-"quic recv() not ready");
+}
-return NGX_AGAIN; // ?
-}
+n = c->recv(c, b.start, b.end - b.start);
-len = ngx_min(b->last - b->pos, (ssize_t) size);
+if (n == NGX_AGAIN) {
+return;
-ngx_memcpy(buf, b->pos, len);
+}
-b->pos += len;
+if (n == NGX_ERROR) {
+c->read->eof = 1;
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ngx_quic_close_connection(c);
-"quic recv: %z of %uz", len, size);
+return;
+}
-return len;
-}
+b.last += n;
+if (ngx_quic_input(c, &b) != NGX_OK) {
-static ssize_t
+ngx_quic_close_connection(c);
-ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, size_t size)
+return;
-{
+}
-u_char                  *p;
+}
-ngx_connection_t        *pc;
-ngx_quic_frame_t        *frame;
-ngx_quic_stream_t       *qs;
+static void
-ngx_quic_connection_t   *qc;
+ngx_quic_close_connection(ngx_connection_t *c)
-ngx_quic_stream_node_t  *sn;
+{
+ngx_pool_t  *pool;
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send: %uz", size);
+/* XXX wait for all streams to close */
-qs = c->qs;
-pc = qs->parent;
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-qc = pc->quic;
+"close quic connection: %d", c->fd);
-// XXX: get direct pointer from stream structure?
+if (c->ssl) {
-sn = ngx_quic_stream_lookup(&qc->stree, qs->id);
+(void) ngx_ssl_shutdown(c);
+}
-if (sn == NULL) {
-return NGX_ERROR;
+#if (NGX_STAT_STUB)
-}
+(void) ngx_atomic_fetch_add(ngx_stat_active, -1);
+#endif
-frame = ngx_pcalloc(pc->pool, sizeof(ngx_quic_frame_t));
-if (frame == NULL) {
+c->destroyed = 1;
-return 0;
-}
+pool = c->pool;
-p = ngx_pnalloc(pc->pool, size);
+ngx_close_connection(c);
-if (p == NULL) {
-return 0;
+ngx_destroy_pool(pool);
 }
-ngx_memcpy(p, buf, size);
+static ngx_int_t
-frame->level = ssl_encryption_application;
+ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b)
-frame->type = NGX_QUIC_FT_STREAM6; /* OFF=1 LEN=1 FIN=0 */
+{
-frame->u.stream.off = 1;
+u_char             *p;
-frame->u.stream.len = 1;
+ngx_int_t           rc;
-frame->u.stream.fin = 0;
+ngx_quic_header_t   pkt;
-frame->u.stream.type = frame->type;
+if (c->quic == NULL) {
-frame->u.stream.stream_id = qs->id;
+// XXX: possible?
-frame->u.stream.offset = c->sent;
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "BUG: no QUIC in connection");
-frame->u.stream.length = size;
+return NGX_ERROR;
-frame->u.stream.data = p;
+}
-c->sent += size;
+p = b->start;
-ngx_sprintf(frame->info, "stream %xi len=%ui level=%d",
+do {
-qs->id, size, frame->level);
+ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
+pkt.raw = b;
-ngx_quic_queue_frame(qc, frame);
+pkt.data = p;
+pkt.len = b->last - p;
-return size;
+pkt.log = c->log;
-}
+if (p[0] == 0) {
+/* XXX: no idea WTF is this, just ignore */
-static ngx_chain_t *
+ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES");
-ngx_quic_stream_send_chain(ngx_connection_t *c, ngx_chain_t *in,
+break;
-off_t limit)
+}
-{
-size_t      len;
+// TODO: check current state
-ssize_t     n;
+if (p[0] & NGX_QUIC_PKT_LONG) {
-ngx_buf_t  *b;
+if ((p[0] & 0xf0) == NGX_QUIC_PKT_INITIAL) {
-for ( /* void */; in; in = in->next) {
+rc = ngx_quic_initial_input(c, &pkt);
-b = in->buf;
+} else if ((p[0] & 0xf0) == NGX_QUIC_PKT_HANDSHAKE) {
-if (!ngx_buf_in_memory(b)) {
+rc = ngx_quic_handshake_input(c, &pkt);
-continue;
-}
+} else {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
-if (ngx_buf_size(b) == 0) {
+"BUG: unknown quic state");
-continue;
+return NGX_ERROR;
 }
-len = b->last - b->pos;
+} else {
+rc = ngx_quic_app_input(c, &pkt);
-n = ngx_quic_stream_send(c, b->pos, len);
+}
-if (n == NGX_ERROR) {
+if (rc == NGX_ERROR) {
-return NGX_CHAIN_ERROR;
+return NGX_ERROR;
 }
-if (n == NGX_AGAIN) {
+/* b->pos is at header end, adjust by actual packet length */
-return in;
+p = b->pos + pkt.len;
-}
+b->pos = p;       /* reset b->pos to the next packet start */
-if (n != (ssize_t) len) {
+} while (p < b->last);
-b->pos += n;
-return in;
+return NGX_OK;
 }
-}
-return NULL;
+static ngx_int_t
-}
+ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
+{
+ngx_ssl_conn_t         *ssl_conn;
-/* process all payload from the current packet and generate ack if required */
+ngx_quic_connection_t  *qc;
+qc = c->quic;
+ssl_conn = c->ssl->connection;
+if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+pkt->secret = &qc->secrets.client.in;
+pkt->level = ssl_encryption_initial;
+if (ngx_quic_decrypt(c->pool, ssl_conn, pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+return ngx_quic_payload_handler(c, pkt);
+}
+static ngx_int_t
+ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
+{
+ngx_ssl_conn_t         *ssl_conn;
+ngx_quic_connection_t  *qc;
+qc = c->quic;
+ssl_conn = c->ssl->connection;
+/* extract cleartext data into pkt */
+if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+if (pkt->dcid.len != qc->dcid.len) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl");
+return NGX_ERROR;
+}
+if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid");
+return NGX_ERROR;
+}
+if (pkt->scid.len != qc->scid.len) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl");
+return NGX_ERROR;
+}
+if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid");
+return NGX_ERROR;
+}
+if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_HANDSHAKE) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"invalid packet type: 0x%xi", pkt->flags);
+return NGX_ERROR;
+}
+if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+pkt->secret = &qc->secrets.client.hs;
+pkt->level = ssl_encryption_handshake;
+if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+return ngx_quic_payload_handler(c, pkt);
+}
+static ngx_int_t
+ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
+{
+ngx_quic_connection_t  *qc;
+qc = c->quic;
+if (qc->secrets.client.ad.key.len == 0) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"no read keys yet, packet ignored");
+return NGX_DECLINED;
+}
+if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) {
+return NGX_ERROR;
+}
+pkt->secret = &qc->secrets.client.ad;
+pkt->level = ssl_encryption_application;
+if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) {
+return NGX_ERROR;
+}
+return ngx_quic_payload_handler(c, pkt);
+}
 static ngx_int_t
 ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt)
 {
-u_char                  *end, *p;
+u_char                 *end, *p;
-ssize_t                  len;
+ssize_t                 len;
-ngx_buf_t               *b;
+ngx_uint_t              ack_this, do_close;
-ngx_log_t               *log;
+ngx_quic_frame_t        frame, *ack_frame;
-ngx_uint_t               ack_this, do_close;
+ngx_quic_connection_t  *qc;
-ngx_pool_t              *pool;
-ngx_event_t             *rev, *wev;
-ngx_quic_frame_t         frame, *ack_frame;
-ngx_quic_connection_t   *qc;
-ngx_quic_stream_node_t  *sn;
 qc = c->quic;
 p = pkt->payload.data;
 end = p + pkt->payload.len;
 while (p < end) {
 len = ngx_quic_parse_frame(p, end, &frame);
 if (len < 0) {
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"unknown frame type %xi", frame.type);
+"failed to parse frame type %xi", frame.type);
-// XXX: log here
 return NGX_ERROR;
 }
 p += len;
 switch (frame.type) {
 case NGX_QUIC_FT_ACK:
-// TODO: handle ack
 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "ACK: { largest=%ui delay=%ui first=%ui count=%ui}",
 frame.u.ack.largest,
 frame.u.ack.delay,
 frame.u.ack.first_range,
 frame.u.ack.range_count);
+if (ngx_quic_handle_ack_frame(c, pkt, &frame.u.ack) != NGX_OK) {
+return NGX_ERROR;
+}
 break;
 case NGX_QUIC_FT_CRYPTO:
-ngx_quic_hexdump0(c->log, "CRYPTO frame",
-frame.u.crypto.data, frame.u.crypto.len);
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic CRYPTO frame length: %uL off:%uL pp:%p",
 frame.u.crypto.len, frame.u.crypto.offset,
 frame.u.crypto.data);
-if (frame.u.crypto.offset != 0x0) {
+ngx_quic_hexdump0(c->log, "CRYPTO frame contents",
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+frame.u.crypto.data, frame.u.crypto.len);
-"crypto frame with non-zero offset");
-// TODO: support packet spanning with offsets
+if (ngx_quic_handle_crypto_frame(c, pkt, &frame.u.crypto)
+!= NGX_OK)
+{
 return NGX_ERROR;
 }
-if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) {
-return NGX_ERROR;
-}
 ack_this = 1;
+break;
-continue;
 case NGX_QUIC_FT_PADDING:
-continue;
+break;
 case NGX_QUIC_FT_PING:
 ack_this = 1;
-continue;
+break;
 case NGX_QUIC_FT_NEW_CONNECTION_ID:
 ack_this = 1;
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "NCID: { seq=%ui retire=%ui len=%ui}",
 frame.u.ncid.seqnum,
 frame.u.ncid.retire,
 frame.u.ncid.len);
-continue;
+break;
 case NGX_QUIC_FT_CONNECTION_CLOSE:
 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "CONN.CLOSE: { %s (0x%xi) type=0x%xi reason='%V'}",
 ngx_quic_error_text(frame.u.close.error_code),
 case NGX_QUIC_FT_STREAM4:
 case NGX_QUIC_FT_STREAM5:
 case NGX_QUIC_FT_STREAM6:
 case NGX_QUIC_FT_STREAM7:
-ack_this = 1;
 ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"STREAM frame 0x%xi id 0x%xi offset 0x%xi len 0x%xi bits:off=%d len=%d fin=%d",
+"STREAM frame { 0x%xi id 0x%xi offset 0x%xi len 0x%xi bits:off=%d len=%d fin=%d }",
 frame.type,
 frame.u.stream.stream_id,
 frame.u.stream.offset,
 frame.u.stream.length,
 frame.u.stream.off,
 frame.u.stream.len,
 frame.u.stream.fin);
-sn = ngx_quic_stream_lookup(&qc->stree, frame.u.stream.stream_id);
+ngx_quic_hexdump0(c->log, "STREAM frame contents",
-if (sn == NULL) {
+frame.u.stream.data, frame.u.stream.length);
-ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "stream is new");
+if (ngx_quic_handle_stream_frame(c, pkt, &frame.u.stream)
-sn = ngx_pcalloc(c->pool, sizeof(ngx_quic_stream_node_t));
+!= NGX_OK)
-if (sn == NULL) {
+{
 return NGX_ERROR;
-}
-sn->c = ngx_get_connection(-1, c->log); // TODO: free on connection termination
-if (sn->c == NULL) {
-return NGX_ERROR;
-}
-pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, c->log);
-if (pool == NULL) {
-/* XXX free connection */
-return NGX_ERROR;
-}
-log = ngx_palloc(pool, sizeof(ngx_log_t));
-if (log == NULL) {
-/* XXX free pool and connection */
-return NGX_ERROR;
-}
-*log = *c->log;
-pool->log = log;
-sn->c->log = log;
-sn->c->pool = pool;
-sn->c->listening = c->listening;
-sn->c->sockaddr = c->sockaddr;
-sn->c->local_sockaddr = c->local_sockaddr;
-rev = sn->c->read;
-wev = sn->c->write;
-rev->ready = 1;
-rev->log = c->log;
-wev->log = c->log;
-sn->c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
-sn->node.key = frame.u.stream.stream_id;
-sn->b = ngx_create_temp_buf(pool, 16 * 1024); // XXX enough for everyone
-if (sn->b == NULL) {
-return NGX_ERROR;
-}
-b = sn->b;
-ngx_memcpy(b->start, frame.u.stream.data, frame.u.stream.length);
-b->last = b->start + frame.u.stream.length;
-ngx_rbtree_insert(&qc->stree, &sn->node);
-sn->s.id = frame.u.stream.stream_id;
-sn->s.unidirectional = (sn->s.id & 0x02) ? 1 : 0;
-sn->s.parent = c;
-sn->c->qs = &sn->s;
-sn->c->recv = ngx_quic_stream_recv;
-sn->c->send = ngx_quic_stream_send;
-sn->c->send_chain = ngx_quic_stream_send_chain;
-qc->stream_handler(sn->c);
-} else {
-ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "existing stream");
-b = sn->b;
-if ((size_t) (b->end - b->pos) < frame.u.stream.length) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"no space in stream buffer");
-return NGX_ERROR;
-}
-ngx_memcpy(b->pos, frame.u.stream.data, frame.u.stream.length);
-b->pos += frame.u.stream.length;
-// TODO: ngx_post_event(&c->read, &ngx_posted_events) ???
 }
-ngx_quic_hexdump0(c->log, "STREAM.data",
+ack_this = 1;
-frame.u.stream.data, frame.u.stream.length);
 break;
 default:
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"unexpected frame type 0x%xd in packet", frame.type);
+"unsupported frame type 0x%xd in packet", frame.type);
 return NGX_ERROR;
 }
 }
 if (p != end) {
 return ngx_quic_output(c);
 }
+static ngx_int_t
+ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
+ngx_quic_ack_frame_t *f)
+{
+/* TODO: handle ACK here */
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
+ngx_quic_crypto_frame_t *f)
+{
+int              sslerr;
+ssize_t          n;
+ngx_ssl_conn_t  *ssl_conn;
+if (f->offset != 0x0) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"crypto frame with non-zero offset");
+// TODO: add support for crypto frames spanning packets
+return NGX_ERROR;
+}
+ssl_conn = c->ssl->connection;
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"SSL_quic_read_level: %d, SSL_quic_write_level: %d",
+(int) SSL_quic_read_level(ssl_conn),
+(int) SSL_quic_write_level(ssl_conn));
+if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn),
+f->data, f->len))
+{
+ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+"SSL_provide_quic_data() failed");
+return NGX_ERROR;
+}
+n = SSL_do_handshake(ssl_conn);
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
+if (n == -1) {
+sslerr = SSL_get_error(ssl_conn, n);
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
+sslerr);
+if (sslerr == SSL_ERROR_SSL) {
+ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+}
+}
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic ssl cipher: %s", SSL_get_cipher(ssl_conn));
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"SSL_quic_read_level: %d, SSL_quic_write_level: %d",
+(int) SSL_quic_read_level(ssl_conn),
+(int) SSL_quic_write_level(ssl_conn));
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_handle_stream_frame(ngx_connection_t *c,
+ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *f)
+{
+ngx_buf_t               *b;
+ngx_log_t               *log;
+ngx_pool_t              *pool;
+ngx_event_t             *rev, *wev;
+ngx_quic_connection_t   *qc;
+ngx_quic_stream_node_t  *sn;
+qc = c->quic;
+sn = ngx_quic_find_stream(&qc->streams.tree, f->stream_id);
+if (sn) {
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "existing stream");
+b = sn->b;
+if ((size_t) (b->end - b->pos) < f->length) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer");
+return NGX_ERROR;
+}
+ngx_memcpy(b->pos, f->data, f->length);
+b->pos += f->length;
+// TODO: notify
+return NGX_OK;
+}
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "stream is new");
+sn = ngx_pcalloc(c->pool, sizeof(ngx_quic_stream_node_t));
+if (sn == NULL) {
+return NGX_ERROR;
+}
+sn->c = ngx_get_connection(-1, c->log); // TODO: free on connection termination
+if (sn->c == NULL) {
+return NGX_ERROR;
+}
+pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, c->log);
+if (pool == NULL) {
+/* XXX free connection */
+return NGX_ERROR;
+}
+log = ngx_palloc(pool, sizeof(ngx_log_t));
+if (log == NULL) {
+/* XXX free pool and connection */
+return NGX_ERROR;
+}
+*log = *c->log;
+pool->log = log;
+sn->c->log = log;
+sn->c->pool = pool;
+sn->c->listening = c->listening;
+sn->c->sockaddr = c->sockaddr;
+sn->c->local_sockaddr = c->local_sockaddr;
+rev = sn->c->read;
+wev = sn->c->write;
+rev->ready = 1;
+rev->log = c->log;
+wev->log = c->log;
+sn->c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
+sn->node.key = f->stream_id;
+sn->b = ngx_create_temp_buf(pool, 16 * 1024); // XXX enough for everyone
+if (sn->b == NULL) {
+return NGX_ERROR;
+}
+b = sn->b;
+ngx_memcpy(b->start, f->data, f->length);
+b->last = b->start + f->length;
+ngx_rbtree_insert(&qc->streams.tree, &sn->node);
+sn->s.id = f->stream_id;
+sn->s.unidirectional = (sn->s.id & 0x02) ? 1 : 0;
+sn->s.parent = c;
+sn->c->qs = &sn->s;
+sn->c->recv = ngx_quic_stream_recv;
+sn->c->send = ngx_quic_stream_send;
+sn->c->send_chain = ngx_quic_stream_send_chain;
+qc->streams.handler(sn->c);
+return NGX_OK;
+}
+static void
+ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame)
+{
+ngx_quic_frame_t *f;
+if (qc->frames == NULL) {
+qc->frames = frame;
+return;
+}
+for (f = qc->frames; f->next; f = f->next) {
+if (f->next->level > frame->level) {
+break;
+}
+}
+frame->next = f->next;
+f->next = frame;
+}
+static ngx_int_t
+ngx_quic_output(ngx_connection_t *c)
+{
+size_t                  len;
+ngx_uint_t              lvl;
+ngx_quic_frame_t       *f, *start;
+ngx_quic_connection_t  *qc;
+qc = c->quic;
+if (qc->frames == NULL) {
+return NGX_OK;
+}
+lvl = qc->frames->level;
+start = qc->frames;
+f = start;
+do {
+len = 0;
+do {
+/* process same-level group of frames */
+len += ngx_quic_frame_len(f);// TODO: handle overflow, max size
+f = f->next;
+} while (f && f->level == lvl);
+if (ngx_quic_frames_send(c, start, f, len) != NGX_OK) {
+return NGX_ERROR;
+}
+if (f == NULL) {
+break;
+}
+lvl = f->level; // TODO: must not decrease (ever, also between calls)
+start = f;
+} while (1);
+qc->frames = NULL;
+return NGX_OK;
+}
+/* pack a group of frames [start; end) into memory p and send as single packet */
+ngx_int_t
+ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start,
+ngx_quic_frame_t *end, size_t total)
+{
+ssize_t            len;
+u_char            *p;
+ngx_str_t          out;
+ngx_quic_frame_t  *f;
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"sending frames %p...%p", start, end);
+p = ngx_pnalloc(c->pool, total);
+if (p == NULL) {
+return NGX_ERROR;
+}
+out.data = p;
+for (f = start; f != end; f = f->next) {
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "frame: %s", f->info);
+len = ngx_quic_create_frame(p, p + total, f);
+if (len == -1) {
+return NGX_ERROR;
+}
+p += len;
+}
+out.len = p - out.data;
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"packet ready: %ui bytes at level %d",
+out.len, start->level);
+// IOVEC/sendmsg_chain ?
+if (ngx_quic_send_packet(c, c->quic, start->level, &out) != NGX_OK) {
+return NGX_ERROR;
+}
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc,
+enum ssl_encryption_level_t level, ngx_str_t *payload)
+{
+ngx_str_t         res;
+ngx_quic_header_t pkt;
+pkt.log = c->log;
+static ngx_str_t  initial_token = ngx_null_string;
+ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
+ngx_quic_hexdump0(c->log, "payload", payload->data, payload->len);
+pkt.level = level;
+pkt.dcid = qc->dcid;
+pkt.scid = qc->scid;
+if (level == ssl_encryption_initial) {
+pkt.number = &qc->initial_pn;
+pkt.flags = NGX_QUIC_PKT_INITIAL;
+pkt.secret = &qc->secrets.server.in;
+pkt.token = initial_token;
+} else if (level == ssl_encryption_handshake) {
+pkt.number = &qc->handshake_pn;
+pkt.flags = NGX_QUIC_PKT_HANDSHAKE;
+pkt.secret = &qc->secrets.server.hs;
+} else {
+pkt.number = &qc->appdata_pn;
+pkt.secret = &qc->secrets.server.ad;
+}
+if (ngx_quic_encrypt(c->pool, c->ssl->connection, &pkt, payload, &res)
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+ngx_quic_hexdump0(c->log, "packet to send", res.data, res.len);
+c->send(c, res.data, res.len); // TODO: err handling
+(*pkt.number)++;
+return NGX_OK;
+}
+ngx_connection_t *
+ngx_quic_create_uni_stream(ngx_connection_t *c)
+{
+/* XXX */
+return NULL;
+}
 static void
 ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
 {
-ngx_rbtree_node_t           **p;
+ngx_rbtree_node_t       **p;
-ngx_quic_stream_node_t       *qn, *qnt;
+ngx_quic_stream_node_t   *qn, *qnt;
 for ( ;; ) {
 if (node->key < temp->key) {
 ngx_rbt_red(node);
 }
 static ngx_quic_stream_node_t *
-ngx_quic_stream_lookup(ngx_rbtree_t *rbtree, ngx_uint_t key)
+ngx_quic_find_stream(ngx_rbtree_t *rbtree, ngx_uint_t key)
 {
 ngx_rbtree_node_t  *node, *sentinel;
 node = rbtree->root;
 sentinel = rbtree->sentinel;
 return NULL;
 }
-static ngx_int_t
+static ssize_t
-ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
+ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, size_t size)
-ngx_quic_header_t *pkt)
+{
-{
+ssize_t                  len;
-ngx_quic_connection_t  *qc;
+ngx_buf_t               *b;
+ngx_quic_stream_t       *qs;
-if (ngx_buf_size(pkt->raw) < 1200) {
+ngx_quic_connection_t   *qc;
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram");
+ngx_quic_stream_node_t  *sn;
-return NGX_ERROR;
-}
+qs = c->qs;
+qc = qs->parent->quic;
-if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
-return NGX_ERROR;
+// XXX: get direct pointer from stream structure?
-}
+sn = ngx_quic_find_stream(&qc->streams.tree, qs->id);
-if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_INITIAL) {
+if (sn == NULL) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+return NGX_ERROR;
-"invalid initial packet: 0x%xi", pkt->flags);
+}
-return NGX_ERROR;
-}
+// XXX: how to return EOF?
-if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
+b = sn->b;
-return NGX_ERROR;
-}
+if (b->last - b->pos == 0) {
+c->read->ready = 0;
-qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
-if (qc == NULL) {
+"quic recv() not ready");
-return NGX_ERROR;
+return NGX_AGAIN; // ?
 }
-ngx_rbtree_init(&qc->stree, &qc->stree_sentinel,
+len = ngx_min(b->last - b->pos, (ssize_t) size);
-ngx_quic_rbtree_insert_stream);
+ngx_memcpy(buf, b->pos, len);
-c->quic = qc;
-qc->ssl = ssl;
+b->pos += len;
-qc->dcid.len = pkt->dcid.len;
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-qc->dcid.data = ngx_pnalloc(c->pool, pkt->dcid.len);
+"quic recv: %z of %uz", len, size);
-if (qc->dcid.data == NULL) {
-return NGX_ERROR;
+return len;
 }
-ngx_memcpy(qc->dcid.data, pkt->dcid.data, qc->dcid.len);
-qc->scid.len = pkt->scid.len;
+static ssize_t
-qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len);
+ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, size_t size)
-if (qc->scid.data == NULL) {
+{
-return NGX_ERROR;
+u_char                  *p;
-}
+ngx_connection_t        *pc;
-ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len);
+ngx_quic_frame_t        *frame;
+ngx_quic_stream_t       *qs;
-qc->token.len = pkt->token.len;
+ngx_quic_connection_t   *qc;
-qc->token.data = ngx_pnalloc(c->pool, qc->token.len);
+ngx_quic_stream_node_t  *sn;
-if (qc->token.data == NULL) {
-return NGX_ERROR;
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send: %uz", size);
-}
-ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len);
+qs = c->qs;
+pc = qs->parent;
+qc = pc->quic;
-if (ngx_quic_set_initial_secret(c->pool, &qc->secrets, &qc->dcid)
-!= NGX_OK)
+// XXX: get direct pointer from stream structure?
-{
+sn = ngx_quic_find_stream(&qc->streams.tree, qs->id);
-return NGX_ERROR;
-}
+if (sn == NULL) {
+return NGX_ERROR;
-pkt->secret = &qc->secrets.client.in;
+}
-pkt->level = ssl_encryption_initial;
+frame = ngx_pcalloc(pc->pool, sizeof(ngx_quic_frame_t));
-if (ngx_quic_decrypt(c->pool, NULL, pkt) != NGX_OK) {
+if (frame == NULL) {
-return NGX_ERROR;
+return 0;
 }
-if (ngx_quic_init_connection(c) != NGX_OK) {
+p = ngx_pnalloc(pc->pool, size);
-return NGX_ERROR;
+if (p == NULL) {
-}
+return 0;
+}
-return ngx_quic_payload_handler(c, pkt);
-}
+ngx_memcpy(p, buf, size);
+frame->level = ssl_encryption_application;
-static ngx_int_t
+frame->type = NGX_QUIC_FT_STREAM6; /* OFF=1 LEN=1 FIN=0 */
-ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
+frame->u.stream.off = 1;
-{
+frame->u.stream.len = 1;
-ngx_ssl_conn_t         *ssl_conn;
+frame->u.stream.fin = 0;
-ngx_quic_connection_t  *qc;
+frame->u.stream.type = frame->type;
-qc = c->quic;
+frame->u.stream.stream_id = qs->id;
-ssl_conn = c->ssl->connection;
+frame->u.stream.offset = c->sent;
+frame->u.stream.length = size;
-if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
+frame->u.stream.data = p;
-return NGX_ERROR;
-}
+c->sent += size;
-if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
+ngx_sprintf(frame->info, "stream %xi len=%ui level=%d",
-return NGX_ERROR;
+qs->id, size, frame->level);
-}
+ngx_quic_queue_frame(qc, frame);
-pkt->secret = &qc->secrets.client.in;
-pkt->level = ssl_encryption_initial;
+return size;
+}
-if (ngx_quic_decrypt(c->pool, ssl_conn, pkt) != NGX_OK) {
-return NGX_ERROR;
-}
+static ngx_chain_t *
+ngx_quic_stream_send_chain(ngx_connection_t *c, ngx_chain_t *in,
-return ngx_quic_payload_handler(c, pkt);
+off_t limit)
-}
+{
+size_t      len;
+ssize_t     n;
-static ngx_int_t
+ngx_buf_t  *b;
-ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
-{
+for ( /* void */; in; in = in->next) {
-ngx_ssl_conn_t         *ssl_conn;
+b = in->buf;
-ngx_quic_connection_t  *qc;
+if (!ngx_buf_in_memory(b)) {
-qc = c->quic;
+continue;
-ssl_conn = c->ssl->connection;
+}
-/* extract cleartext data into pkt */
+if (ngx_buf_size(b) == 0) {
-if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
+continue;
-return NGX_ERROR;
+}
-}
+len = b->last - b->pos;
-if (pkt->dcid.len != qc->dcid.len) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl");
+n = ngx_quic_stream_send(c, b->pos, len);
-return NGX_ERROR;
-}
+if (n == NGX_ERROR) {
+return NGX_CHAIN_ERROR;
-if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) {
+}
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid");
-return NGX_ERROR;
+if (n == NGX_AGAIN) {
-}
+return in;
+}
-if (pkt->scid.len != qc->scid.len) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl");
+if (n != (ssize_t) len) {
-return NGX_ERROR;
+b->pos += n;
-}
+return in;
+}
-if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) {
+}
-ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid");
-return NGX_ERROR;
+return NULL;
 }
-if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_HANDSHAKE) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"invalid packet type: 0x%xi", pkt->flags);
-return NGX_ERROR;
-}
-if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) {
-return NGX_ERROR;
-}
-pkt->secret = &qc->secrets.client.hs;
-pkt->level = ssl_encryption_handshake;
-if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) {
-return NGX_ERROR;
-}
-return ngx_quic_payload_handler(c, pkt);
-}
-static ngx_int_t
-ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
-{
-ngx_quic_connection_t  *qc;
-qc = c->quic;
-if (qc->secrets.client.ad.key.len == 0) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"no read keys yet, packet ignored");
-return NGX_DECLINED;
-}
-if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) {
-return NGX_ERROR;
-}
-pkt->secret = &qc->secrets.client.ad;
-pkt->level = ssl_encryption_application;
-if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) {
-return NGX_ERROR;
-}
-return ngx_quic_payload_handler(c, pkt);
-}

Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 7691:714a19dba6af quic