FD.io VPP  v21.01.1
Vector Packet Processing
quic.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef __included_quic_h__
17 #define __included_quic_h__
18 
20 
21 #include <vppinfra/lock.h>
23 #include <vppinfra/bihash_16_8.h>
24 
25 #include <quicly.h>
26 
27 #include <vnet/crypto/crypto.h>
28 #include <vppinfra/lock.h>
29 
30 /* QUIC log levels
31  * 1 - errors
32  * 2 - connection/stream events
33  * 3 - packet events
34  * 4 - timer events
35  **/
36 
37 #define QUIC_DEBUG 0
38 #define QUIC_TSTAMP_RESOLUTION 0.001 /* QUIC tick resolution (1ms) */
39 #define QUIC_TIMER_HANDLE_INVALID ((u32) ~0)
40 #define QUIC_SESSION_INVALID ((u32) ~0 - 1)
41 #define QUIC_MAX_PACKET_SIZE 1280
42 
43 #define QUIC_INT_MAX 0x3FFFFFFFFFFFFFFF
44 #define QUIC_DEFAULT_FIFO_SIZE (64 << 10)
45 #define QUIC_SEND_PACKET_VEC_SIZE 16
46 #define QUIC_IV_LEN 17
47 
48 #define QUIC_MAX_COALESCED_PACKET 4
49 
50 #define QUIC_SEND_MAX_BATCH_PACKETS 16
51 #define QUIC_RCV_MAX_BATCH_PACKETS 16
52 
53 #define QUIC_DEFAULT_CONN_TIMEOUT (30 * 1000) /* 30 seconds */
54 
55 /* Taken from quicly.c */
56 #define QUICLY_QUIC_BIT 0x40
57 
58 #define QUICLY_PACKET_TYPE_INITIAL (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0)
59 #define QUICLY_PACKET_TYPE_0RTT (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x10)
60 #define QUICLY_PACKET_TYPE_HANDSHAKE (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x20)
61 #define QUICLY_PACKET_TYPE_RETRY (QUICLY_LONG_HEADER_BIT | QUICLY_QUIC_BIT | 0x30)
62 #define QUICLY_PACKET_TYPE_BITMASK 0xf0
63 
64 /* error codes */
65 #define QUIC_ERROR_FULL_FIFO 0xff10
66 #define QUIC_APP_ERROR_CLOSE_NOTIFY QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0)
67 #define QUIC_APP_ALLOCATION_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x1)
68 #define QUIC_APP_ACCEPT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x2)
69 #define QUIC_APP_CONNECT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x3)
70 
71 #define QUIC_DECRYPT_PACKET_OK 0
72 #define QUIC_DECRYPT_PACKET_NOTOFFLOADED 1
73 #define QUIC_DECRYPT_PACKET_ERROR 2
74 
75 #if QUIC_DEBUG
76 #define QUIC_DBG(_lvl, _fmt, _args...) \
77  if (_lvl <= QUIC_DEBUG) \
78  clib_warning (_fmt, ##_args)
79 #else
80 #define QUIC_DBG(_lvl, _fmt, _args...)
81 #endif
82 
83 #if CLIB_ASSERT_ENABLE
84 #define QUIC_ASSERT(truth) ASSERT (truth)
85 #else
86 #define QUIC_ASSERT(truth) \
87  do { \
88  if (PREDICT_FALSE (! (truth))) \
89  QUIC_ERR ("ASSERT(%s) failed", # truth); \
90  } while (0)
91 #endif
92 
93 #define QUIC_ERR(_fmt, _args...) \
94  do { \
95  clib_warning ("QUIC-ERR: " _fmt, ##_args); \
96  } while (0)
97 
98 
99 
101 
102 typedef enum
103 {
104 #define quic_error(n,s) QUIC_ERROR_##n,
106 #undef quic_error
108 } quic_error_t;
109 
111 {
120 
121 typedef enum quic_packet_type_
122 {
130 
131 typedef enum quic_ctx_flags_
132 {
133  QUIC_F_IS_STREAM = (1 << 0),
134  QUIC_F_IS_LISTENER = (1 << 1),
136 
137 /* This structure is used to implement the concept of VPP connection for QUIC.
138  * We create one per connection and one per stream. */
139 typedef struct quic_ctx_
140 {
141  union
142  {
144  struct
145  { /** QUIC ctx case */
146  quicly_conn_t *conn;
152  u8 _qctx_end_marker; /* Leave this at the end */
153  };
154  struct
155  { /** STREAM ctx case */
156  quicly_stream_t *stream;
159  u8 _sctx_end_marker; /* Leave this at the end */
160  };
161  };
170 
171  struct
172  {
173  ptls_cipher_context_t *hp_ctx;
174  ptls_aead_context_t *aead_ctx;
175  } ingress_keys;
177 
178 } quic_ctx_t;
179 
180 /* Make sure our custom fields don't overlap with the fields we use in
181  .connection
182 */
183 STATIC_ASSERT (offsetof (quic_ctx_t, _qctx_end_marker) <=
185  "connection data must be less than TRANSPORT_CONN_ID_LEN bytes");
186 STATIC_ASSERT (offsetof (quic_ctx_t, _sctx_end_marker) <=
188  "connection data must be less than TRANSPORT_CONN_ID_LEN bytes");
189 
190 /* single-entry session cache */
191 typedef struct quic_session_cache_
192 {
193  ptls_encrypt_ticket_t super;
194  uint8_t id[32];
195  ptls_iovec_t data;
197 
198 typedef struct quic_stream_data_
199 {
202  u32 app_rx_data_len; /**< bytes received, to be read by external app */
203  u32 app_tx_data_len; /**< bytes sent */
205 
207 {
208  quicly_context_t quicly_ctx;
209  char cid_key[QUIC_IV_LEN];
210  ptls_context_t ptls_ctx;
212 
213 typedef struct quic_encrypt_cb_ctx_
214 {
215  quicly_datagram_t *packet;
217  {
218  size_t payload_from;
220  ptls_cipher_context_t *hp;
221  } snd_ctx[QUIC_MAX_COALESCED_PACKET];
224 
226 {
227  vnet_crypto_op_t aead_crypto_tx_packets_ops[QUIC_SEND_MAX_BATCH_PACKETS],
228  aead_crypto_rx_packets_ops[QUIC_RCV_MAX_BATCH_PACKETS];
229  size_t nb_tx_packets, nb_rx_packets;
231 
232 typedef struct quic_worker_ctx_
233 {
234  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
235  int64_t time_now; /**< worker time */
236  tw_timer_wheel_1t_3w_1024sl_ov_t timer_wheel; /**< worker timer wheel */
237  quicly_cid_plaintext_t next_cid;
238  crypto_context_t *crypto_ctx_pool; /**< per thread pool of crypto contexes */
239  clib_bihash_24_8_t crypto_context_hash; /**< per thread [params:crypto_ctx_index] hash */
242 
243 typedef struct quic_rx_packet_ctx_
244 {
245  quicly_decoded_packet_t packet;
249  union
250  {
251  struct sockaddr sa;
252  struct sockaddr_in6 sa6;
253  };
254  socklen_t salen;
258 
259 typedef struct quic_main_
260 {
264  clib_bihash_16_8_t connection_hash; /**< quic connection id -> conn handle */
266 
267  ptls_cipher_suite_t ***quic_ciphers; /**< available ciphers by crypto engine */
268  uword *available_crypto_engines; /**< Bitmap for registered engines */
269  u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */
270  u64 max_packets_per_key; /**< number of packets that can be sent without a key update */
271 
272  ptls_handshake_properties_t hs_properties;
274 
278 
280 
282 } quic_main_t;
283 
284 #endif /* __included_quic_h__ */
285 
286 /*
287  * fd.io coding-style-patch-verification: ON
288  *
289  * Local Variables:
290  * eval: (c-set-style "gnu")
291  * End:
292  */
#define QUIC_RCV_MAX_BATCH_PACKETS
Definition: quic.h:51
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60
uword * available_crypto_engines
Bitmap for registered engines.
Definition: quic.h:268
ptls_context_t ptls_ctx
Definition: quic.h:210
struct quic_session_cache_ quic_session_cache_t
enum quic_ctx_conn_state_ quic_ctx_conn_state_t
quic_worker_ctx_t * wrk_ctx
Definition: quic.h:263
quicly_stream_t * stream
STREAM ctx case.
Definition: quic.h:156
int key_phase_ingress
Definition: quic.h:176
quic_packet_type_
Definition: quic.h:121
ptls_cipher_context_t * hp_ctx
Definition: quic.h:173
unsigned long u64
Definition: types.h:89
u32 parent_app_wrk_id
Definition: quic.h:164
u32 timer_handle
Definition: quic.h:163
quicly_datagram_t * packet
Definition: quic.h:215
size_t snd_ctx_count
Definition: quic.h:222
int64_t time_now
worker time
Definition: quic.h:235
clib_bihash_16_8_t connection_hash
quic connection id -> conn handle
Definition: quic.h:264
u32 client_opaque
Definition: quic.h:148
struct quic_ctx_ quic_ctx_t
struct quic_worker_ctx_ quic_worker_ctx_t
f64 tstamp_ticks_per_clock
Definition: quic.h:265
struct quic_encrypt_cb_ctx_ quic_encrypt_cb_ctx
unsigned char u8
Definition: types.h:56
u8 data[128]
Definition: ipsec_types.api:90
double f64
Definition: types.h:142
session_dgram_hdr_t ph
Definition: quic.h:256
#define QUIC_MAX_COALESCED_PACKET
Definition: quic.h:48
clib_rwlock_t crypto_keys_quic_rw_lock
Definition: quic.h:281
u8 default_crypto_engine
Used if you do connect with CRYPTO_ENGINE_NONE (0)
Definition: quic.h:269
u64 bytes_written
Definition: quic.h:157
struct quic_ctx_::@710 ingress_keys
unsigned int u32
Definition: types.h:88
ptls_handshake_properties_t hs_properties
Definition: quic.h:272
#define QUIC_MAX_PACKET_SIZE
Definition: quic.h:41
#define QUIC_IV_LEN
Definition: quic.h:46
u32 parent_app_id
Definition: quic.h:165
u32 app_index
Definition: quic.h:261
clib_bihash_24_8_t crypto_context_hash
per thread [params:crypto_ctx_index] hash
Definition: quic.h:239
u8 conn_state
Definition: quic.h:150
struct quic_rx_packet_ctx_ quic_rx_packet_ctx_t
u32 app_rx_data_len
bytes received, to be read by external app
Definition: quic.h:202
struct quic_crypto_context_data_ quic_crypto_context_data_t
u64 max_packets_per_key
number of packets that can be sent without a key update
Definition: quic.h:270
quic_ctx_conn_state_
Definition: quic.h:110
u32 thread_index
Definition: quic.h:201
ptls_iovec_t data
Definition: quic.h:195
quicly_conn_t * conn
QUIC ctx case.
Definition: quic.h:146
transport_connection_t connection
Definition: quic.h:143
u32 ckpair_index
Definition: quic.h:166
ptls_cipher_suite_t *** quic_ciphers
available ciphers by crypto engine
Definition: quic.h:267
ptls_encrypt_ticket_t super
Definition: quic.h:193
struct quic_main_ quic_main_t
struct _transport_connection transport_connection_t
STATIC_ASSERT(offsetof(quic_ctx_t, _qctx_end_marker)<=TRANSPORT_CONN_ID_LEN, "connection data must be less than TRANSPORT_CONN_ID_LEN bytes")
#define TRANSPORT_CONN_ID_LEN
crypto_context_t * crypto_ctx_pool
per thread pool of crypto contexes
Definition: quic.h:238
socklen_t salen
Definition: quic.h:254
tw_timer_wheel_1t_3w_1024sl_ov_t timer_wheel
worker timer wheel
Definition: quic.h:236
#define QUIC_SEND_MAX_BATCH_PACKETS
Definition: quic.h:50
u32 quic_connection_ctx_id
Definition: quic.h:158
u8 vnet_crypto_enabled
Definition: quic.h:279
u32 udp_fifo_prealloc
Definition: quic.h:276
session_handle_t udp_session_handle
Definition: quic.h:162
quic_ctx_flags_
Definition: quic.h:131
enum quic_packet_type_ quic_packet_type_t
u8 flags
Definition: quic.h:169
struct _vlib_node_registration vlib_node_registration_t
u32 crypto_context_index
Definition: quic.h:168
u8 * srv_hostname
Definition: quic.h:149
quicly_context_t quicly_ctx
Definition: quic.h:208
ptls_aead_context_t * aead_ctx
Definition: quic.h:174
u64 session_handle_t
quic_error_t
Definition: quic.h:102
struct quic_stream_data_ quic_stream_data_t
quicly_decoded_packet_t packet
Definition: quic.h:245
vlib_node_registration_t quic_input_node
(constructor) VLIB_REGISTER_NODE (quic_input_node)
Definition: quic.c:2936
u64 uword
Definition: types.h:112
u8 udp_is_ip4
Definition: quic.h:151
quic_crypto_batch_ctx_t crypto_context_batch
Definition: quic.h:240
quic_session_cache_t session_cache
Definition: quic.h:273
quic_ctx_t ** ctx_pool
Definition: quic.h:262
u32 connection_timeout
Definition: quic.h:277
quicly_cid_plaintext_t next_cid
Definition: quic.h:237
u32 app_tx_data_len
bytes sent
Definition: quic.h:203
u32 udp_fifo_size
Definition: quic.h:275
struct quic_crypto_batch_ctx_ quic_crypto_batch_ctx_t
enum quic_ctx_flags_ quic_ctx_flags_t
u32 crypto_engine
Definition: quic.h:167
u32 listener_ctx_id
Definition: quic.h:147
size_t nb_tx_packets
Definition: quic.h:229