1 /* 2 * nghttp2 - HTTP/2 C Library 3 * 4 * Copyright (c) 2015 Tatsuhiro Tsujikawa 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining 7 * a copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sublicense, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be 15 * included in all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 #ifndef SHRPX_CONNECTION_H 26 #define SHRPX_CONNECTION_H 27 28 #include "shrpx_config.h" 29 30 #include <sys/uio.h> 31 32 #include <ev.h> 33 34 #include <openssl/ssl.h> 35 36 #ifdef ENABLE_HTTP3 37 # include <ngtcp2/ngtcp2_crypto.h> 38 #endif // ENABLE_HTTP3 39 40 #include "shrpx_rate_limit.h" 41 #include "shrpx_error.h" 42 #include "memchunk.h" 43 44 namespace shrpx { 45 46 struct MemcachedRequest; 47 48 namespace tls { 49 struct TLSSessionCache; 50 } // namespace tls 51 52 enum class TLSHandshakeState { 53 NORMAL, 54 WAIT_FOR_SESSION_CACHE, 55 GOT_SESSION_CACHE, 56 CANCEL_SESSION_CACHE, 57 WRITE_STARTED, 58 }; 59 60 struct TLSConnection { 61 DefaultMemchunks wbuf; 62 DefaultPeekMemchunks rbuf; 63 // Stores TLSv1.3 early data. 64 DefaultMemchunks earlybuf; 65 SSL *ssl; 66 SSL_SESSION *cached_session; 67 MemcachedRequest *cached_session_lookup_req; 68 tls::TLSSessionCache *client_session_cache; 69 std::chrono::steady_clock::time_point last_write_idle; 70 size_t warmup_writelen; 71 // length passed to SSL_write and SSL_read last time. This is 72 // required since these functions require the exact same parameters 73 // on non-blocking I/O. 74 size_t last_writelen, last_readlen; 75 TLSHandshakeState handshake_state; 76 bool initial_handshake_done; 77 bool reneg_started; 78 // true if ssl is prepared to do handshake as server. 79 bool server_handshake; 80 // true if ssl is initialized as server, and client requested 81 // signed_certificate_timestamp extension. 82 bool sct_requested; 83 // true if TLSv1.3 early data has been completely received. Since 84 // SSL_read_early_data acts like SSL_do_handshake, this field may be 85 // true even if the negotiated TLS version is TLSv1.2 or earlier. 86 // This value is also true if this is client side connection for 87 // convenience. 88 bool early_data_finish; 89 }; 90 91 struct TCPHint { 92 size_t write_buffer_size; 93 uint32_t rwin; 94 }; 95 96 template <typename T> using EVCb = void (*)(struct ev_loop *, T *, int); 97 98 using IOCb = EVCb<ev_io>; 99 using TimerCb = EVCb<ev_timer>; 100 101 struct Connection { 102 Connection(struct ev_loop *loop, int fd, SSL *ssl, MemchunkPool *mcpool, 103 ev_tstamp write_timeout, ev_tstamp read_timeout, 104 const RateLimitConfig &write_limit, 105 const RateLimitConfig &read_limit, IOCb writecb, IOCb readcb, 106 TimerCb timeoutcb, void *data, size_t tls_dyn_rec_warmup_threshold, 107 ev_tstamp tls_dyn_rec_idle_timeout, Proto proto); 108 ~Connection(); 109 110 void disconnect(); 111 112 void prepare_client_handshake(); 113 void prepare_server_handshake(); 114 115 int tls_handshake(); 116 int tls_handshake_simple(); 117 int write_tls_pending_handshake(); 118 119 int check_http2_requirement(); 120 121 // All write_* and writev_clear functions return number of bytes 122 // written. If nothing cannot be written (e.g., there is no 123 // allowance in RateLimit or underlying connection blocks), return 124 // 0. SHRPX_ERR_NETWORK is returned in case of error. 125 // 126 // All read_* functions return number of bytes read. If nothing 127 // cannot be read (e.g., there is no allowance in Ratelimit or 128 // underlying connection blocks), return 0. SHRPX_ERR_EOF is 129 // returned in case of EOF and no data was read. Otherwise 130 // SHRPX_ERR_NETWORK is return in case of error. 131 ssize_t write_tls(const void *data, size_t len); 132 ssize_t read_tls(void *data, size_t len); 133 134 size_t get_tls_write_limit(); 135 // Updates the number of bytes written in warm up period. 136 void update_tls_warmup_writelen(size_t n); 137 // Tells there is no immediate write now. This triggers timer to 138 // determine fallback to short record size mode. 139 void start_tls_write_idle(); 140 141 ssize_t write_clear(const void *data, size_t len); 142 ssize_t writev_clear(struct iovec *iov, int iovcnt); 143 ssize_t read_clear(void *data, size_t len); 144 // Read at most |len| bytes of data from socket without rate limit. 145 ssize_t read_nolim_clear(void *data, size_t len); 146 // Peek at most |len| bytes of data from socket without rate limit. 147 ssize_t peek_clear(void *data, size_t len); 148 149 void handle_tls_pending_read(); 150 151 void set_ssl(SSL *ssl); 152 153 int get_tcp_hint(TCPHint *hint) const; 154 155 // These functions are provided for read timer which is frequently 156 // restarted. We do a trick to make a bit more efficient than just 157 // calling ev_timer_again(). 158 159 // Restarts read timer with timeout value |t|. 160 void again_rt(ev_tstamp t); 161 // Restarts read timer without chainging timeout. 162 void again_rt(); 163 // Returns true if read timer expired. 164 bool expired_rt(); 165 166 #ifdef ENABLE_HTTP3 167 // This must be the first member of Connection. 168 ngtcp2_crypto_conn_ref conn_ref; 169 #endif // ENABLE_HTTP3 170 TLSConnection tls; 171 ev_io wev; 172 ev_io rev; 173 ev_timer wt; 174 ev_timer rt; 175 RateLimit wlimit; 176 RateLimit rlimit; 177 struct ev_loop *loop; 178 void *data; 179 int fd; 180 size_t tls_dyn_rec_warmup_threshold; 181 std::chrono::steady_clock::duration tls_dyn_rec_idle_timeout; 182 // Application protocol used over the connection. This field is not 183 // used in this object at the moment. The rest of the program may 184 // use this value when it is useful. 185 Proto proto; 186 // The point of time when last read is observed. Note: since we use 187 // |rt| as idle timer, the activity is not limited to read. 188 std::chrono::steady_clock::time_point last_read; 189 // Timeout for read timer |rt|. 190 ev_tstamp read_timeout; 191 }; 192 193 #ifdef ENABLE_HTTP3 194 static_assert(std::is_standard_layout<Connection>::value, 195 "Conneciton is not standard layout"); 196 #endif // ENABLE_HTTP3 197 198 // Creates BIO_method shared by all SSL objects. 199 BIO_METHOD *create_bio_method(); 200 201 } // namespace shrpx 202 203 #endif // SHRPX_CONNECTION_H 204