nginx: src/event/quic/ngx_event_quic

comparison src/event/quic/ngx_event_quic_ssl.c @ 8782:b3f6ad181df4 quic

QUIC: refactored CRYPTO and STREAM buffer ordering. Generic function ngx_quic_order_bufs() is introduced. This function creates and maintains a chain of buffers with holes. Holes are marked with b->sync flag. Several buffers and holes in this chain may share the same underlying memory buffer. When processing STREAM frames with this function, frame data is copied only once to the right place in the stream input chain. Previously data could be copied twice. First when buffering an out-of-order frame data, and then when filling stream buffer from ordered frame queue. Now there's only one data chain for both tasks.

author	Roman Arutyunyan <arut@nginx.com>
date	Tue, 25 May 2021 13:55:12 +0300
parents	4117aa7fa38e
children	80d396fd8ee8

comparison

equal deleted inserted replaced

-:81d491f0dc8c
+:b3f6ad181df4
 #endif
 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
+static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data);
 static SSL_QUIC_METHOD quic_method = {
 #if BORINGSSL_API_VERSION >= 10
 ngx_quic_set_read_secret,
 static int
 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
 {
-u_char                    *p, *end;
+u_char                 *p, *end;
-size_t                     client_params_len;
+size_t                  client_params_len;
-const uint8_t             *client_params;
+const uint8_t          *client_params;
-ngx_quic_tp_t              ctp;
+ngx_quic_tp_t           ctp;
-ngx_quic_frame_t          *frame;
+ngx_quic_frame_t       *frame;
-ngx_connection_t          *c;
+ngx_connection_t       *c;
-ngx_quic_connection_t     *qc;
+ngx_quic_send_ctx_t    *ctx;
-ngx_quic_frames_stream_t  *fs;
+ngx_quic_connection_t  *qc;
 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 qc = ngx_quic_get_connection(c);
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 }
 qc->client_tp_done = 1;
 }
-fs = &qc->crypto[level];
+ctx = ngx_quic_get_send_ctx(qc, level);
 frame = ngx_quic_alloc_frame(c);
 if (frame == NULL) {
 return 0;
 }
 return 0;
 }
 frame->level = level;
 frame->type = NGX_QUIC_FT_CRYPTO;
-frame->u.crypto.offset = fs->sent;
+frame->u.crypto.offset = ctx->crypto_sent;
 frame->u.crypto.length = len;
-fs->sent += len;
+ctx->crypto_sent += len;
 ngx_quic_queue_frame(qc, frame);
 return 1;
 }
 ngx_int_t
 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
 ngx_quic_frame_t *frame)
 {
-uint64_t                   last;
+size_t                    len;
-ngx_int_t                  rc;
+uint64_t                  last;
-ngx_quic_send_ctx_t       *ctx;
+ngx_buf_t                *b;
-ngx_quic_connection_t     *qc;
+ngx_chain_t              *cl, **ll;
-ngx_quic_crypto_frame_t   *f;
+ngx_quic_send_ctx_t      *ctx;
-ngx_quic_frames_stream_t  *fs;
+ngx_quic_connection_t    *qc;
+ngx_quic_crypto_frame_t  *f;
-qc = ngx_quic_get_connection(c);
-fs = &qc->crypto[pkt->level];
+qc = ngx_quic_get_connection(c);
+ctx = ngx_quic_get_send_ctx(qc, pkt->level);
 f = &frame->u.crypto;
 /* no overflow since both values are 62-bit */
 last = f->offset + f->length;
-if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) {
+if (last > ctx->crypto_received + NGX_QUIC_MAX_BUFFERED) {
 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED;
 return NGX_ERROR;
 }
-rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input,
+if (last <= ctx->crypto_received) {
-NULL);
+if (pkt->level == ssl_encryption_initial) {
-if (rc != NGX_DECLINED) {
+/* speeding up handshake completion */
-return rc;
-}
+if (!ngx_queue_empty(&ctx->sent)) {
-/* speeding up handshake completion */
-if (pkt->level == ssl_encryption_initial) {
-ctx = ngx_quic_get_send_ctx(qc, pkt->level);
-if (!ngx_queue_empty(&ctx->sent)) {
-ngx_quic_resend_frames(c, ctx);
-ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
-while (!ngx_queue_empty(&ctx->sent)) {
 ngx_quic_resend_frames(c, ctx);
+ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
+while (!ngx_queue_empty(&ctx->sent)) {
+ngx_quic_resend_frames(c, ctx);
+}
 }
 }
+return NGX_OK;
+}
+if (f->offset > ctx->crypto_received) {
+return ngx_quic_order_bufs(c, &ctx->crypto, frame->data,
+f->offset - ctx->crypto_received);
+}
+ngx_quic_trim_bufs(frame->data, ctx->crypto_received - f->offset);
+if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) {
+return NGX_ERROR;
+}
+ngx_quic_trim_bufs(ctx->crypto, last - ctx->crypto_received);
+ctx->crypto_received = last;
+cl = ctx->crypto;
+ll = &cl;
+len = 0;
+while (*ll) {
+b = (*ll)->buf;
+if (b->sync && b->pos != b->last) {
+/* hole */
+break;
+}
+len += b->last - b->pos;
+ll = &(*ll)->next;
+}
+ctx->crypto_received += len;
+ctx->crypto = *ll;
+*ll = NULL;
+if (cl) {
+if (ngx_quic_crypto_input(c, cl) != NGX_OK) {
+return NGX_ERROR;
+}
+ngx_quic_free_bufs(c, cl);
 }
 return NGX_OK;
 }
-ngx_int_t
+static ngx_int_t
-ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
+ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
 {
 int                     n, sslerr;
 ngx_buf_t              *b;
 ngx_chain_t            *cl;
 ngx_ssl_conn_t         *ssl_conn;
+ngx_quic_frame_t       *frame;
 ngx_quic_connection_t  *qc;
 qc = ngx_quic_get_connection(c);
 ssl_conn = c->ssl->connection;
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
 (int) SSL_quic_read_level(ssl_conn),
 (int) SSL_quic_write_level(ssl_conn));
-for (cl = frame->data; cl; cl = cl->next) {
+for (cl = data; cl; cl = cl->next) {
 b = cl->buf;
 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn),
 b->pos, b->last - b->pos))
 {

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_ssl.c @ 8782:b3f6ad181df4 quic