• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * nghttp2 - HTTP/2 C Library
3  *
4  * Copyright (c) 2015 Tatsuhiro Tsujikawa
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining
7  * a copy of this software and associated documentation files (the
8  * "Software"), to deal in the Software without restriction, including
9  * without limitation the rights to use, copy, modify, merge, publish,
10  * distribute, sublicense, and/or sell copies of the Software, and to
11  * permit persons to whom the Software is furnished to do so, subject to
12  * the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be
15  * included in all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21  * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23  * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
24  */
25 #include "shrpx_connection.h"
26 
27 #ifdef HAVE_UNISTD_H
28 #  include <unistd.h>
29 #endif // HAVE_UNISTD_H
30 #include <netinet/tcp.h>
31 
32 #include <limits>
33 
34 #include <openssl/err.h>
35 
36 #include "shrpx_tls.h"
37 #include "shrpx_memcached_request.h"
38 #include "shrpx_log.h"
39 #include "memchunk.h"
40 #include "util.h"
41 #include "ssl_compat.h"
42 
43 using namespace nghttp2;
44 using namespace std::chrono_literals;
45 
46 namespace shrpx {
47 
48 #if !LIBRESSL_3_5_API && !LIBRESSL_2_7_API && !OPENSSL_1_1_API
49 
BIO_get_data(BIO * bio)50 void *BIO_get_data(BIO *bio) { return bio->ptr; }
BIO_set_data(BIO * bio,void * ptr)51 void BIO_set_data(BIO *bio, void *ptr) { bio->ptr = ptr; }
BIO_set_init(BIO * bio,int init)52 void BIO_set_init(BIO *bio, int init) { bio->init = init; }
53 
54 #endif // !LIBRESSL_3_5_API && !LIBRESSL_2_7_API && !OPENSSL_1_1_API
55 
Connection(struct ev_loop * loop,int fd,SSL * ssl,MemchunkPool * mcpool,ev_tstamp write_timeout,ev_tstamp read_timeout,const RateLimitConfig & write_limit,const RateLimitConfig & read_limit,IOCb writecb,IOCb readcb,TimerCb timeoutcb,void * data,size_t tls_dyn_rec_warmup_threshold,ev_tstamp tls_dyn_rec_idle_timeout,Proto proto)56 Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl,
57                        MemchunkPool *mcpool, ev_tstamp write_timeout,
58                        ev_tstamp read_timeout,
59                        const RateLimitConfig &write_limit,
60                        const RateLimitConfig &read_limit, IOCb writecb,
61                        IOCb readcb, TimerCb timeoutcb, void *data,
62                        size_t tls_dyn_rec_warmup_threshold,
63                        ev_tstamp tls_dyn_rec_idle_timeout, Proto proto)
64     :
65 #ifdef ENABLE_HTTP3
66       conn_ref{nullptr, this},
67 #endif // ENABLE_HTTP3
68       tls{DefaultMemchunks(mcpool), DefaultPeekMemchunks(mcpool),
69           DefaultMemchunks(mcpool)},
70       wlimit(loop, &wev, write_limit.rate, write_limit.burst),
71       rlimit(loop, &rev, read_limit.rate, read_limit.burst, this),
72       loop(loop),
73       data(data),
74       fd(fd),
75       tls_dyn_rec_warmup_threshold(tls_dyn_rec_warmup_threshold),
76       tls_dyn_rec_idle_timeout(util::duration_from(tls_dyn_rec_idle_timeout)),
77       proto(proto),
78       read_timeout(read_timeout) {
79 
80   ev_io_init(&wev, writecb, fd, EV_WRITE);
81   ev_io_init(&rev, readcb, proto == Proto::HTTP3 ? 0 : fd, EV_READ);
82 
83   wev.data = this;
84   rev.data = this;
85 
86   ev_timer_init(&wt, timeoutcb, 0., write_timeout);
87   ev_timer_init(&rt, timeoutcb, 0., read_timeout);
88 
89   wt.data = this;
90   rt.data = this;
91 
92   if (ssl) {
93     set_ssl(ssl);
94   }
95 }
96 
~Connection()97 Connection::~Connection() { disconnect(); }
98 
disconnect()99 void Connection::disconnect() {
100   if (tls.ssl) {
101     if (proto != Proto::HTTP3) {
102       SSL_set_shutdown(tls.ssl,
103                        SSL_get_shutdown(tls.ssl) | SSL_RECEIVED_SHUTDOWN);
104       ERR_clear_error();
105 
106       if (tls.cached_session) {
107         SSL_SESSION_free(tls.cached_session);
108         tls.cached_session = nullptr;
109       }
110 
111       if (tls.cached_session_lookup_req) {
112         tls.cached_session_lookup_req->canceled = true;
113         tls.cached_session_lookup_req = nullptr;
114       }
115 
116       SSL_shutdown(tls.ssl);
117     }
118 
119     SSL_free(tls.ssl);
120     tls.ssl = nullptr;
121 
122     tls.wbuf.reset();
123     tls.rbuf.reset();
124     tls.last_write_idle = {};
125     tls.warmup_writelen = 0;
126     tls.last_writelen = 0;
127     tls.last_readlen = 0;
128     tls.handshake_state = TLSHandshakeState::NORMAL;
129     tls.initial_handshake_done = false;
130     tls.reneg_started = false;
131     tls.sct_requested = false;
132     tls.early_data_finish = false;
133   }
134 
135   if (proto != Proto::HTTP3 && fd != -1) {
136     shutdown(fd, SHUT_WR);
137     close(fd);
138     fd = -1;
139   }
140 
141   // Stop watchers here because they could be activated in
142   // SSL_shutdown().
143   ev_timer_stop(loop, &rt);
144   ev_timer_stop(loop, &wt);
145 
146   rlimit.stopw();
147   wlimit.stopw();
148 }
149 
prepare_client_handshake()150 void Connection::prepare_client_handshake() {
151   SSL_set_connect_state(tls.ssl);
152   // This prevents SSL_read_early_data from being called.
153   tls.early_data_finish = true;
154 }
155 
prepare_server_handshake()156 void Connection::prepare_server_handshake() {
157   auto &tlsconf = get_config()->tls;
158   if (proto != Proto::HTTP3 && !tlsconf.session_cache.memcached.host.empty()) {
159     auto bio = BIO_new(tlsconf.bio_method);
160     BIO_set_data(bio, this);
161     SSL_set_bio(tls.ssl, bio, bio);
162   }
163 
164   SSL_set_accept_state(tls.ssl);
165   tls.server_handshake = true;
166 }
167 
168 // BIO implementation is inspired by openldap implementation:
169 // http://www.openldap.org/devel/cvsweb.cgi/~checkout~/libraries/libldap/tls_o.c
170 namespace {
shrpx_bio_write(BIO * b,const char * buf,int len)171 int shrpx_bio_write(BIO *b, const char *buf, int len) {
172   if (buf == nullptr || len <= 0) {
173     return 0;
174   }
175 
176   auto conn = static_cast<Connection *>(BIO_get_data(b));
177   auto &wbuf = conn->tls.wbuf;
178 
179   BIO_clear_retry_flags(b);
180 
181   if (conn->tls.initial_handshake_done) {
182     // After handshake finished, send |buf| of length |len| to the
183     // socket directly.
184 
185     // Only when TLS session was prematurely ended before server sent
186     // all handshake message, this condition is true.  This could be
187     // alert from SSL_shutdown().  Since connection is already down,
188     // just return error.
189     if (wbuf.rleft()) {
190       return -1;
191     }
192     auto nwrite = conn->write_clear(buf, len);
193     if (nwrite < 0) {
194       return -1;
195     }
196 
197     if (nwrite == 0) {
198       BIO_set_retry_write(b);
199       return -1;
200     }
201 
202     return nwrite;
203   }
204 
205   wbuf.append(buf, len);
206 
207   return len;
208 }
209 } // namespace
210 
211 namespace {
shrpx_bio_read(BIO * b,char * buf,int len)212 int shrpx_bio_read(BIO *b, char *buf, int len) {
213   if (buf == nullptr || len <= 0) {
214     return 0;
215   }
216 
217   auto conn = static_cast<Connection *>(BIO_get_data(b));
218   auto &rbuf = conn->tls.rbuf;
219 
220   BIO_clear_retry_flags(b);
221 
222   if (conn->tls.initial_handshake_done && rbuf.rleft() == 0) {
223     auto nread = conn->read_clear(buf, len);
224     if (nread < 0) {
225       return -1;
226     }
227     if (nread == 0) {
228       BIO_set_retry_read(b);
229       return -1;
230     }
231     return nread;
232   }
233 
234   if (rbuf.rleft() == 0) {
235     BIO_set_retry_read(b);
236     return -1;
237   }
238 
239   return rbuf.remove(buf, len);
240 }
241 } // namespace
242 
243 namespace {
shrpx_bio_puts(BIO * b,const char * str)244 int shrpx_bio_puts(BIO *b, const char *str) {
245   return shrpx_bio_write(b, str, strlen(str));
246 }
247 } // namespace
248 
249 namespace {
shrpx_bio_gets(BIO * b,char * buf,int len)250 int shrpx_bio_gets(BIO *b, char *buf, int len) { return -1; }
251 } // namespace
252 
253 namespace {
shrpx_bio_ctrl(BIO * b,int cmd,long num,void * ptr)254 long shrpx_bio_ctrl(BIO *b, int cmd, long num, void *ptr) {
255   switch (cmd) {
256   case BIO_CTRL_FLUSH:
257     return 1;
258   }
259 
260   return 0;
261 }
262 } // namespace
263 
264 namespace {
shrpx_bio_create(BIO * b)265 int shrpx_bio_create(BIO *b) {
266 #if OPENSSL_1_1_API || LIBRESSL_3_5_API
267   BIO_set_init(b, 1);
268 #else  // !OPENSSL_1_1_API && !LIBRESSL_3_5_API
269   b->init = 1;
270   b->num = 0;
271   b->ptr = nullptr;
272   b->flags = 0;
273 #endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API
274   return 1;
275 }
276 } // namespace
277 
278 namespace {
shrpx_bio_destroy(BIO * b)279 int shrpx_bio_destroy(BIO *b) {
280   if (b == nullptr) {
281     return 0;
282   }
283 
284 #if !OPENSSL_1_1_API && !LIBRESSL_3_5_API
285   b->ptr = nullptr;
286   b->init = 0;
287   b->flags = 0;
288 #endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API
289 
290   return 1;
291 }
292 } // namespace
293 
294 #if OPENSSL_1_1_API || LIBRESSL_3_5_API
295 
create_bio_method()296 BIO_METHOD *create_bio_method() {
297   auto meth = BIO_meth_new(BIO_TYPE_FD, "nghttpx-bio");
298   BIO_meth_set_write(meth, shrpx_bio_write);
299   BIO_meth_set_read(meth, shrpx_bio_read);
300   BIO_meth_set_puts(meth, shrpx_bio_puts);
301   BIO_meth_set_gets(meth, shrpx_bio_gets);
302   BIO_meth_set_ctrl(meth, shrpx_bio_ctrl);
303   BIO_meth_set_create(meth, shrpx_bio_create);
304   BIO_meth_set_destroy(meth, shrpx_bio_destroy);
305 
306   return meth;
307 }
308 
309 #else // !OPENSSL_1_1_API && !LIBRESSL_3_5_API
310 
create_bio_method()311 BIO_METHOD *create_bio_method() {
312   static auto meth = new BIO_METHOD{
313       BIO_TYPE_FD,    "nghttpx-bio",    shrpx_bio_write,
314       shrpx_bio_read, shrpx_bio_puts,   shrpx_bio_gets,
315       shrpx_bio_ctrl, shrpx_bio_create, shrpx_bio_destroy,
316   };
317 
318   return meth;
319 }
320 
321 #endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API
322 
set_ssl(SSL * ssl)323 void Connection::set_ssl(SSL *ssl) {
324   tls.ssl = ssl;
325 
326   SSL_set_app_data(tls.ssl, this);
327 }
328 
329 namespace {
330 // We should buffer at least full encrypted TLS record here.
331 // Theoretically, peer can send client hello in several TLS records,
332 // which could exceed this limit, but it is not portable, and we don't
333 // have to handle such exotic behaviour.
read_buffer_full(DefaultPeekMemchunks & rbuf)334 bool read_buffer_full(DefaultPeekMemchunks &rbuf) {
335   return rbuf.rleft_buffered() >= 20_k;
336 }
337 } // namespace
338 
tls_handshake()339 int Connection::tls_handshake() {
340   wlimit.stopw();
341   ev_timer_stop(loop, &wt);
342 
343   auto &tlsconf = get_config()->tls;
344 
345   if (!tls.server_handshake || tlsconf.session_cache.memcached.host.empty()) {
346     return tls_handshake_simple();
347   }
348 
349   std::array<uint8_t, 16_k> buf;
350 
351   if (ev_is_active(&rev)) {
352     auto nread = read_clear(buf.data(), buf.size());
353     if (nread < 0) {
354       if (LOG_ENABLED(INFO)) {
355         LOG(INFO) << "tls: handshake read error";
356       }
357       return -1;
358     }
359     tls.rbuf.append(buf.data(), nread);
360     if (read_buffer_full(tls.rbuf)) {
361       rlimit.stopw();
362     }
363   }
364 
365   if (tls.initial_handshake_done) {
366     return write_tls_pending_handshake();
367   }
368 
369   switch (tls.handshake_state) {
370   case TLSHandshakeState::WAIT_FOR_SESSION_CACHE:
371     return SHRPX_ERR_INPROGRESS;
372   case TLSHandshakeState::GOT_SESSION_CACHE: {
373     // Use the same trick invented by @kazuho in h2o project.
374 
375     // Discard all outgoing data.
376     tls.wbuf.reset();
377     // Rewind buffered incoming data to replay client hello.
378     tls.rbuf.disable_peek(false);
379 
380     auto ssl_ctx = SSL_get_SSL_CTX(tls.ssl);
381     auto ssl_opts = SSL_get_options(tls.ssl);
382     SSL_free(tls.ssl);
383 
384     auto ssl = tls::create_ssl(ssl_ctx);
385     if (!ssl) {
386       return -1;
387     }
388     if (ssl_opts & SSL_OP_NO_TICKET) {
389       SSL_set_options(ssl, SSL_OP_NO_TICKET);
390     }
391 
392     set_ssl(ssl);
393 
394     prepare_server_handshake();
395 
396     tls.handshake_state = TLSHandshakeState::NORMAL;
397     break;
398   }
399   case TLSHandshakeState::CANCEL_SESSION_CACHE:
400     tls.handshake_state = TLSHandshakeState::NORMAL;
401     break;
402   default:
403     break;
404   }
405 
406   int rv;
407 
408   ERR_clear_error();
409 
410 #if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
411   if (!tls.server_handshake || tls.early_data_finish) {
412     rv = SSL_do_handshake(tls.ssl);
413   } else {
414     for (;;) {
415       size_t nread;
416 
417       rv = SSL_read_early_data(tls.ssl, buf.data(), buf.size(), &nread);
418       if (rv == SSL_READ_EARLY_DATA_ERROR) {
419         // If we have early data, and server sends ServerHello, assume
420         // that handshake is completed in server side, and start
421         // processing request.  If we don't exit handshake code here,
422         // server waits for EndOfEarlyData and Finished message from
423         // client, which voids the purpose of 0-RTT data.  The left
424         // over of handshake is done through write_tls or read_tls.
425         if (tlsconf.no_postpone_early_data &&
426             (tls.handshake_state == TLSHandshakeState::WRITE_STARTED ||
427              tls.wbuf.rleft()) &&
428             tls.earlybuf.rleft()) {
429           rv = 1;
430         }
431 
432         break;
433       }
434 
435       if (LOG_ENABLED(INFO)) {
436         LOG(INFO) << "tls: read early data " << nread << " bytes";
437       }
438 
439       tls.earlybuf.append(buf.data(), nread);
440 
441       if (rv == SSL_READ_EARLY_DATA_FINISH) {
442         if (LOG_ENABLED(INFO)) {
443           LOG(INFO) << "tls: read all early data; total "
444                     << tls.earlybuf.rleft() << " bytes";
445         }
446         tls.early_data_finish = true;
447         // The same reason stated above.
448         if (tlsconf.no_postpone_early_data &&
449             (tls.handshake_state == TLSHandshakeState::WRITE_STARTED ||
450              tls.wbuf.rleft()) &&
451             tls.earlybuf.rleft()) {
452           rv = 1;
453         } else {
454           ERR_clear_error();
455           rv = SSL_do_handshake(tls.ssl);
456         }
457         break;
458       }
459     }
460   }
461 #else  // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
462   rv = SSL_do_handshake(tls.ssl);
463 #endif // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
464 
465   if (rv <= 0) {
466     auto err = SSL_get_error(tls.ssl, rv);
467     switch (err) {
468     case SSL_ERROR_WANT_READ:
469       if (read_buffer_full(tls.rbuf)) {
470         if (LOG_ENABLED(INFO)) {
471           LOG(INFO) << "tls: handshake message is too large";
472         }
473         return -1;
474       }
475       break;
476     case SSL_ERROR_WANT_WRITE:
477       break;
478     case SSL_ERROR_SSL: {
479       if (LOG_ENABLED(INFO)) {
480         LOG(INFO) << "tls: handshake libssl error: "
481                   << ERR_error_string(ERR_get_error(), nullptr);
482       }
483 
484       struct iovec iov[1];
485       auto iovcnt = tls.wbuf.riovec(iov, 1);
486       auto nwrite = writev_clear(iov, iovcnt);
487       if (nwrite > 0) {
488         tls.wbuf.drain(nwrite);
489       }
490 
491       return SHRPX_ERR_NETWORK;
492     }
493     default:
494       if (LOG_ENABLED(INFO)) {
495         LOG(INFO) << "tls: handshake libssl error " << err;
496       }
497       return SHRPX_ERR_NETWORK;
498     }
499   }
500 
501   if (tls.handshake_state == TLSHandshakeState::WAIT_FOR_SESSION_CACHE) {
502     if (LOG_ENABLED(INFO)) {
503       LOG(INFO) << "tls: handshake is still in progress";
504     }
505     return SHRPX_ERR_INPROGRESS;
506   }
507 
508   // Don't send handshake data if handshake was completed in OpenSSL
509   // routine.  We have to check HTTP/2 requirement if HTTP/2 was
510   // negotiated before sending finished message to the peer.
511   if ((rv != 1
512 #ifdef OPENSSL_IS_BORINGSSL
513        || SSL_in_init(tls.ssl)
514 #endif // OPENSSL_IS_BORINGSSL
515            ) &&
516       tls.wbuf.rleft()) {
517     // First write indicates that resumption stuff has done.
518     if (tls.handshake_state != TLSHandshakeState::WRITE_STARTED) {
519       tls.handshake_state = TLSHandshakeState::WRITE_STARTED;
520       // If peek has already disabled, this is noop.
521       tls.rbuf.disable_peek(true);
522     }
523     std::array<struct iovec, 4> iov;
524     auto iovcnt = tls.wbuf.riovec(iov.data(), iov.size());
525     auto nwrite = writev_clear(iov.data(), iovcnt);
526     if (nwrite < 0) {
527       if (LOG_ENABLED(INFO)) {
528         LOG(INFO) << "tls: handshake write error";
529       }
530       return -1;
531     }
532     tls.wbuf.drain(nwrite);
533 
534     if (tls.wbuf.rleft()) {
535       wlimit.startw();
536       ev_timer_again(loop, &wt);
537     }
538   }
539 
540   if (!read_buffer_full(tls.rbuf)) {
541     // We may have stopped reading
542     rlimit.startw();
543   }
544 
545   if (rv != 1) {
546     if (LOG_ENABLED(INFO)) {
547       LOG(INFO) << "tls: handshake is still in progress";
548     }
549     return SHRPX_ERR_INPROGRESS;
550   }
551 
552 #ifdef OPENSSL_IS_BORINGSSL
553   if (!tlsconf.no_postpone_early_data && SSL_in_early_data(tls.ssl) &&
554       SSL_in_init(tls.ssl)) {
555     auto nread = SSL_read(tls.ssl, buf.data(), buf.size());
556     if (nread <= 0) {
557       auto err = SSL_get_error(tls.ssl, nread);
558       switch (err) {
559       case SSL_ERROR_WANT_READ:
560       case SSL_ERROR_WANT_WRITE:
561         break;
562       case SSL_ERROR_ZERO_RETURN:
563         return SHRPX_ERR_EOF;
564       case SSL_ERROR_SSL:
565         if (LOG_ENABLED(INFO)) {
566           LOG(INFO) << "SSL_read: "
567                     << ERR_error_string(ERR_get_error(), nullptr);
568         }
569         return SHRPX_ERR_NETWORK;
570       default:
571         if (LOG_ENABLED(INFO)) {
572           LOG(INFO) << "SSL_read: SSL_get_error returned " << err;
573         }
574         return SHRPX_ERR_NETWORK;
575       }
576     } else {
577       tls.earlybuf.append(buf.data(), nread);
578     }
579 
580     if (SSL_in_init(tls.ssl)) {
581       return SHRPX_ERR_INPROGRESS;
582     }
583   }
584 #endif // OPENSSL_IS_BORINGSSL
585 
586   // Handshake was done
587 
588   rv = check_http2_requirement();
589   if (rv != 0) {
590     return -1;
591   }
592 
593   // Just in case
594   tls.rbuf.disable_peek(true);
595 
596   tls.initial_handshake_done = true;
597 
598   return write_tls_pending_handshake();
599 }
600 
tls_handshake_simple()601 int Connection::tls_handshake_simple() {
602   wlimit.stopw();
603   ev_timer_stop(loop, &wt);
604 
605   if (tls.initial_handshake_done) {
606     return write_tls_pending_handshake();
607   }
608 
609   if (SSL_get_fd(tls.ssl) == -1) {
610     SSL_set_fd(tls.ssl, fd);
611   }
612 
613   int rv;
614 #if OPENSSL_1_1_1_API || defined(OPENSSL_IS_BORINGSSL)
615   auto &tlsconf = get_config()->tls;
616   std::array<uint8_t, 16_k> buf;
617 #endif // OPENSSL_1_1_1_API || defined(OPENSSL_IS_BORINGSSL)
618 
619   ERR_clear_error();
620 
621 #if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
622   if (!tls.server_handshake || tls.early_data_finish) {
623     rv = SSL_do_handshake(tls.ssl);
624   } else {
625     for (;;) {
626       size_t nread;
627 
628       rv = SSL_read_early_data(tls.ssl, buf.data(), buf.size(), &nread);
629       if (rv == SSL_READ_EARLY_DATA_ERROR) {
630         // If we have early data, and server sends ServerHello, assume
631         // that handshake is completed in server side, and start
632         // processing request.  If we don't exit handshake code here,
633         // server waits for EndOfEarlyData and Finished message from
634         // client, which voids the purpose of 0-RTT data.  The left
635         // over of handshake is done through write_tls or read_tls.
636         if (tlsconf.no_postpone_early_data && tls.earlybuf.rleft()) {
637           rv = 1;
638         }
639 
640         break;
641       }
642 
643       if (LOG_ENABLED(INFO)) {
644         LOG(INFO) << "tls: read early data " << nread << " bytes";
645       }
646 
647       tls.earlybuf.append(buf.data(), nread);
648 
649       if (rv == SSL_READ_EARLY_DATA_FINISH) {
650         if (LOG_ENABLED(INFO)) {
651           LOG(INFO) << "tls: read all early data; total "
652                     << tls.earlybuf.rleft() << " bytes";
653         }
654         tls.early_data_finish = true;
655         // The same reason stated above.
656         if (tlsconf.no_postpone_early_data && tls.earlybuf.rleft()) {
657           rv = 1;
658         } else {
659           ERR_clear_error();
660           rv = SSL_do_handshake(tls.ssl);
661         }
662         break;
663       }
664     }
665   }
666 #else  // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
667   rv = SSL_do_handshake(tls.ssl);
668 #endif // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
669 
670   if (rv <= 0) {
671     auto err = SSL_get_error(tls.ssl, rv);
672     switch (err) {
673     case SSL_ERROR_WANT_READ:
674       if (read_buffer_full(tls.rbuf)) {
675         if (LOG_ENABLED(INFO)) {
676           LOG(INFO) << "tls: handshake message is too large";
677         }
678         return -1;
679       }
680       break;
681     case SSL_ERROR_WANT_WRITE:
682       wlimit.startw();
683       ev_timer_again(loop, &wt);
684       break;
685     case SSL_ERROR_SSL: {
686       if (LOG_ENABLED(INFO)) {
687         LOG(INFO) << "tls: handshake libssl error: "
688                   << ERR_error_string(ERR_get_error(), nullptr);
689       }
690       return SHRPX_ERR_NETWORK;
691     }
692     default:
693       if (LOG_ENABLED(INFO)) {
694         LOG(INFO) << "tls: handshake libssl error " << err;
695       }
696       return SHRPX_ERR_NETWORK;
697     }
698   }
699 
700   if (rv != 1) {
701     if (LOG_ENABLED(INFO)) {
702       LOG(INFO) << "tls: handshake is still in progress";
703     }
704     return SHRPX_ERR_INPROGRESS;
705   }
706 
707 #ifdef OPENSSL_IS_BORINGSSL
708   if (!tlsconf.no_postpone_early_data && SSL_in_early_data(tls.ssl) &&
709       SSL_in_init(tls.ssl)) {
710     auto nread = SSL_read(tls.ssl, buf.data(), buf.size());
711     if (nread <= 0) {
712       auto err = SSL_get_error(tls.ssl, nread);
713       switch (err) {
714       case SSL_ERROR_WANT_READ:
715       case SSL_ERROR_WANT_WRITE:
716         break;
717       case SSL_ERROR_ZERO_RETURN:
718         return SHRPX_ERR_EOF;
719       case SSL_ERROR_SSL:
720         if (LOG_ENABLED(INFO)) {
721           LOG(INFO) << "SSL_read: "
722                     << ERR_error_string(ERR_get_error(), nullptr);
723         }
724         return SHRPX_ERR_NETWORK;
725       default:
726         if (LOG_ENABLED(INFO)) {
727           LOG(INFO) << "SSL_read: SSL_get_error returned " << err;
728         }
729         return SHRPX_ERR_NETWORK;
730       }
731     } else {
732       tls.earlybuf.append(buf.data(), nread);
733     }
734 
735     if (SSL_in_init(tls.ssl)) {
736       return SHRPX_ERR_INPROGRESS;
737     }
738   }
739 #endif // OPENSSL_IS_BORINGSSL
740 
741   // Handshake was done
742 
743   rv = check_http2_requirement();
744   if (rv != 0) {
745     return -1;
746   }
747 
748   tls.initial_handshake_done = true;
749 
750   return write_tls_pending_handshake();
751 }
752 
write_tls_pending_handshake()753 int Connection::write_tls_pending_handshake() {
754   // Send handshake data left in the buffer
755   while (tls.wbuf.rleft()) {
756     std::array<struct iovec, 4> iov;
757     auto iovcnt = tls.wbuf.riovec(iov.data(), iov.size());
758     auto nwrite = writev_clear(iov.data(), iovcnt);
759     if (nwrite < 0) {
760       if (LOG_ENABLED(INFO)) {
761         LOG(INFO) << "tls: handshake write error";
762       }
763       return -1;
764     }
765     if (nwrite == 0) {
766       wlimit.startw();
767       ev_timer_again(loop, &wt);
768 
769       return SHRPX_ERR_INPROGRESS;
770     }
771     tls.wbuf.drain(nwrite);
772   }
773 
774 #ifdef OPENSSL_IS_BORINGSSL
775   if (!SSL_in_init(tls.ssl)) {
776     // This will send a session ticket.
777     auto nwrite = SSL_write(tls.ssl, "", 0);
778     if (nwrite < 0) {
779       auto err = SSL_get_error(tls.ssl, nwrite);
780       switch (err) {
781       case SSL_ERROR_WANT_READ:
782         if (LOG_ENABLED(INFO)) {
783           LOG(INFO) << "Close connection due to TLS renegotiation";
784         }
785         return SHRPX_ERR_NETWORK;
786       case SSL_ERROR_WANT_WRITE:
787         break;
788       case SSL_ERROR_SSL:
789         if (LOG_ENABLED(INFO)) {
790           LOG(INFO) << "SSL_write: "
791                     << ERR_error_string(ERR_get_error(), nullptr);
792         }
793         return SHRPX_ERR_NETWORK;
794       default:
795         if (LOG_ENABLED(INFO)) {
796           LOG(INFO) << "SSL_write: SSL_get_error returned " << err;
797         }
798         return SHRPX_ERR_NETWORK;
799       }
800     }
801   }
802 #endif // OPENSSL_IS_BORINGSSL
803 
804   // We have to start read watcher, since later stage of code expects
805   // this.
806   rlimit.startw();
807 
808   // We may have whole request in tls.rbuf.  This means that we don't
809   // get notified further read event.  This is especially true for
810   // HTTP/1.1.
811   handle_tls_pending_read();
812 
813   if (LOG_ENABLED(INFO)) {
814     LOG(INFO) << "SSL/TLS handshake completed";
815     nghttp2::tls::TLSSessionInfo tls_info{};
816     if (nghttp2::tls::get_tls_session_info(&tls_info, tls.ssl)) {
817       LOG(INFO) << "cipher=" << tls_info.cipher
818                 << " protocol=" << tls_info.protocol
819                 << " resumption=" << (tls_info.session_reused ? "yes" : "no")
820                 << " session_id="
821                 << util::format_hex(tls_info.session_id,
822                                     tls_info.session_id_length);
823     }
824   }
825 
826   return 0;
827 }
828 
check_http2_requirement()829 int Connection::check_http2_requirement() {
830   const unsigned char *next_proto = nullptr;
831   unsigned int next_proto_len;
832 
833 #ifndef OPENSSL_NO_NEXTPROTONEG
834   SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
835 #endif // !OPENSSL_NO_NEXTPROTONEG
836 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
837   if (next_proto == nullptr) {
838     SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);
839   }
840 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
841   if (next_proto == nullptr ||
842       !util::check_h2_is_selected(StringRef{next_proto, next_proto_len})) {
843     return 0;
844   }
845   if (!nghttp2::tls::check_http2_tls_version(tls.ssl)) {
846     if (LOG_ENABLED(INFO)) {
847       LOG(INFO) << "TLSv1.2 was not negotiated.  HTTP/2 must not be used.";
848     }
849     return -1;
850   }
851 
852   auto check_block_list = false;
853   if (tls.server_handshake) {
854     check_block_list = !get_config()->tls.no_http2_cipher_block_list;
855   } else {
856     check_block_list = !get_config()->tls.client.no_http2_cipher_block_list;
857   }
858 
859   if (check_block_list &&
860       nghttp2::tls::check_http2_cipher_block_list(tls.ssl)) {
861     if (LOG_ENABLED(INFO)) {
862       LOG(INFO) << "The negotiated cipher suite is in HTTP/2 cipher suite "
863                    "block list.  HTTP/2 must not be used.";
864     }
865     return -1;
866   }
867 
868   return 0;
869 }
870 
871 namespace {
872 constexpr size_t SHRPX_SMALL_WRITE_LIMIT = 1300;
873 } // namespace
874 
get_tls_write_limit()875 size_t Connection::get_tls_write_limit() {
876 
877   if (tls_dyn_rec_warmup_threshold == 0) {
878     return std::numeric_limits<ssize_t>::max();
879   }
880 
881   auto t = std::chrono::steady_clock::now();
882 
883   if (tls.last_write_idle.time_since_epoch().count() >= 0 &&
884       t - tls.last_write_idle > tls_dyn_rec_idle_timeout) {
885     // Time out, use small record size
886     tls.warmup_writelen = 0;
887     return SHRPX_SMALL_WRITE_LIMIT;
888   }
889 
890   if (tls.warmup_writelen >= tls_dyn_rec_warmup_threshold) {
891     return std::numeric_limits<ssize_t>::max();
892   }
893 
894   return SHRPX_SMALL_WRITE_LIMIT;
895 }
896 
update_tls_warmup_writelen(size_t n)897 void Connection::update_tls_warmup_writelen(size_t n) {
898   if (tls.warmup_writelen < tls_dyn_rec_warmup_threshold) {
899     tls.warmup_writelen += n;
900   }
901 }
902 
start_tls_write_idle()903 void Connection::start_tls_write_idle() {
904   if (tls.last_write_idle.time_since_epoch().count() < 0) {
905     tls.last_write_idle = std::chrono::steady_clock::now();
906   }
907 }
908 
write_tls(const void * data,size_t len)909 ssize_t Connection::write_tls(const void *data, size_t len) {
910   // SSL_write requires the same arguments (buf pointer and its
911   // length) on SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
912   // get_write_limit() may return smaller length than previously
913   // passed to SSL_write, which violates OpenSSL assumption.  To avoid
914   // this, we keep last length passed to SSL_write to
915   // tls.last_writelen if SSL_write indicated I/O blocking.
916   if (tls.last_writelen == 0) {
917     len = std::min(len, wlimit.avail());
918     len = std::min(len, get_tls_write_limit());
919     if (len == 0) {
920       return 0;
921     }
922   } else {
923     len = tls.last_writelen;
924     tls.last_writelen = 0;
925   }
926 
927   tls.last_write_idle = std::chrono::steady_clock::time_point(-1s);
928 
929   auto &tlsconf = get_config()->tls;
930   auto via_bio =
931       tls.server_handshake && !tlsconf.session_cache.memcached.host.empty();
932 
933   ERR_clear_error();
934 
935 #if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
936   int rv;
937   if (SSL_is_init_finished(tls.ssl)) {
938     rv = SSL_write(tls.ssl, data, len);
939   } else {
940     size_t nwrite;
941     rv = SSL_write_early_data(tls.ssl, data, len, &nwrite);
942     // Use the same semantics with SSL_write.
943     if (rv == 1) {
944       rv = nwrite;
945     }
946   }
947 #else  // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
948   auto rv = SSL_write(tls.ssl, data, len);
949 #endif // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
950 
951   if (rv <= 0) {
952     auto err = SSL_get_error(tls.ssl, rv);
953     switch (err) {
954     case SSL_ERROR_WANT_READ:
955       if (LOG_ENABLED(INFO)) {
956         LOG(INFO) << "Close connection due to TLS renegotiation";
957       }
958       return SHRPX_ERR_NETWORK;
959     case SSL_ERROR_WANT_WRITE:
960       tls.last_writelen = len;
961       // starting write watcher and timer is done in write_clear via
962       // bio otherwise.
963       if (!via_bio) {
964         wlimit.startw();
965         ev_timer_again(loop, &wt);
966       }
967 
968       return 0;
969     case SSL_ERROR_SSL:
970       if (LOG_ENABLED(INFO)) {
971         LOG(INFO) << "SSL_write: "
972                   << ERR_error_string(ERR_get_error(), nullptr);
973       }
974       return SHRPX_ERR_NETWORK;
975     default:
976       if (LOG_ENABLED(INFO)) {
977         LOG(INFO) << "SSL_write: SSL_get_error returned " << err;
978       }
979       return SHRPX_ERR_NETWORK;
980     }
981   }
982 
983   if (!via_bio) {
984     wlimit.drain(rv);
985 
986     if (ev_is_active(&wt)) {
987       ev_timer_again(loop, &wt);
988     }
989   }
990 
991   update_tls_warmup_writelen(rv);
992 
993   return rv;
994 }
995 
read_tls(void * data,size_t len)996 ssize_t Connection::read_tls(void *data, size_t len) {
997   ERR_clear_error();
998 
999 #if OPENSSL_1_1_1_API
1000   if (tls.earlybuf.rleft()) {
1001     return tls.earlybuf.remove(data, len);
1002   }
1003 #endif // OPENSSL_1_1_1_API
1004 
1005   // SSL_read requires the same arguments (buf pointer and its
1006   // length) on SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
1007   // rlimit_.avail() or rlimit_.avail() may return different length
1008   // than the length previously passed to SSL_read, which violates
1009   // OpenSSL assumption.  To avoid this, we keep last length passed
1010   // to SSL_read to tls_last_readlen_ if SSL_read indicated I/O
1011   // blocking.
1012   if (tls.last_readlen == 0) {
1013     len = std::min(len, rlimit.avail());
1014     if (len == 0) {
1015       return 0;
1016     }
1017   } else {
1018     len = tls.last_readlen;
1019     tls.last_readlen = 0;
1020   }
1021 
1022   auto &tlsconf = get_config()->tls;
1023   auto via_bio =
1024       tls.server_handshake && !tlsconf.session_cache.memcached.host.empty();
1025 
1026 #if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
1027   if (!tls.early_data_finish) {
1028     // TLSv1.3 handshake is still going on.
1029     size_t nread;
1030     auto rv = SSL_read_early_data(tls.ssl, data, len, &nread);
1031     if (rv == SSL_READ_EARLY_DATA_ERROR) {
1032       auto err = SSL_get_error(tls.ssl, rv);
1033       switch (err) {
1034       case SSL_ERROR_WANT_READ:
1035         tls.last_readlen = len;
1036         return 0;
1037       case SSL_ERROR_SSL:
1038         if (LOG_ENABLED(INFO)) {
1039           LOG(INFO) << "SSL_read: "
1040                     << ERR_error_string(ERR_get_error(), nullptr);
1041         }
1042         return SHRPX_ERR_NETWORK;
1043       default:
1044         if (LOG_ENABLED(INFO)) {
1045           LOG(INFO) << "SSL_read: SSL_get_error returned " << err;
1046         }
1047         return SHRPX_ERR_NETWORK;
1048       }
1049     }
1050 
1051     if (LOG_ENABLED(INFO)) {
1052       LOG(INFO) << "tls: read early data " << nread << " bytes";
1053     }
1054 
1055     if (rv == SSL_READ_EARLY_DATA_FINISH) {
1056       if (LOG_ENABLED(INFO)) {
1057         LOG(INFO) << "tls: read all early data";
1058       }
1059       tls.early_data_finish = true;
1060       // We may have stopped write watcher in write_tls.
1061       wlimit.startw();
1062     }
1063 
1064     if (!via_bio) {
1065       rlimit.drain(nread);
1066     }
1067 
1068     return nread;
1069   }
1070 #endif // OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
1071 
1072   auto rv = SSL_read(tls.ssl, data, len);
1073 
1074   if (rv <= 0) {
1075     auto err = SSL_get_error(tls.ssl, rv);
1076     switch (err) {
1077     case SSL_ERROR_WANT_READ:
1078       tls.last_readlen = len;
1079       return 0;
1080     case SSL_ERROR_WANT_WRITE:
1081       if (LOG_ENABLED(INFO)) {
1082         LOG(INFO) << "Close connection due to TLS renegotiation";
1083       }
1084       return SHRPX_ERR_NETWORK;
1085     case SSL_ERROR_ZERO_RETURN:
1086       return SHRPX_ERR_EOF;
1087     case SSL_ERROR_SSL:
1088       if (LOG_ENABLED(INFO)) {
1089         LOG(INFO) << "SSL_read: " << ERR_error_string(ERR_get_error(), nullptr);
1090       }
1091       return SHRPX_ERR_NETWORK;
1092     default:
1093       if (LOG_ENABLED(INFO)) {
1094         LOG(INFO) << "SSL_read: SSL_get_error returned " << err;
1095       }
1096       return SHRPX_ERR_NETWORK;
1097     }
1098   }
1099 
1100   if (!via_bio) {
1101     rlimit.drain(rv);
1102   }
1103 
1104   return rv;
1105 }
1106 
write_clear(const void * data,size_t len)1107 ssize_t Connection::write_clear(const void *data, size_t len) {
1108   len = std::min(len, wlimit.avail());
1109   if (len == 0) {
1110     return 0;
1111   }
1112 
1113   ssize_t nwrite;
1114   while ((nwrite = write(fd, data, len)) == -1 && errno == EINTR)
1115     ;
1116   if (nwrite == -1) {
1117     if (errno == EAGAIN || errno == EWOULDBLOCK) {
1118       wlimit.startw();
1119       ev_timer_again(loop, &wt);
1120       return 0;
1121     }
1122     return SHRPX_ERR_NETWORK;
1123   }
1124 
1125   wlimit.drain(nwrite);
1126 
1127   if (ev_is_active(&wt)) {
1128     ev_timer_again(loop, &wt);
1129   }
1130 
1131   return nwrite;
1132 }
1133 
writev_clear(struct iovec * iov,int iovcnt)1134 ssize_t Connection::writev_clear(struct iovec *iov, int iovcnt) {
1135   iovcnt = limit_iovec(iov, iovcnt, wlimit.avail());
1136   if (iovcnt == 0) {
1137     return 0;
1138   }
1139 
1140   ssize_t nwrite;
1141   while ((nwrite = writev(fd, iov, iovcnt)) == -1 && errno == EINTR)
1142     ;
1143   if (nwrite == -1) {
1144     if (errno == EAGAIN || errno == EWOULDBLOCK) {
1145       wlimit.startw();
1146       ev_timer_again(loop, &wt);
1147       return 0;
1148     }
1149     return SHRPX_ERR_NETWORK;
1150   }
1151 
1152   wlimit.drain(nwrite);
1153 
1154   if (ev_is_active(&wt)) {
1155     ev_timer_again(loop, &wt);
1156   }
1157 
1158   return nwrite;
1159 }
1160 
read_clear(void * data,size_t len)1161 ssize_t Connection::read_clear(void *data, size_t len) {
1162   len = std::min(len, rlimit.avail());
1163   if (len == 0) {
1164     return 0;
1165   }
1166 
1167   ssize_t nread;
1168   while ((nread = read(fd, data, len)) == -1 && errno == EINTR)
1169     ;
1170   if (nread == -1) {
1171     if (errno == EAGAIN || errno == EWOULDBLOCK) {
1172       return 0;
1173     }
1174     return SHRPX_ERR_NETWORK;
1175   }
1176 
1177   if (nread == 0) {
1178     return SHRPX_ERR_EOF;
1179   }
1180 
1181   rlimit.drain(nread);
1182 
1183   return nread;
1184 }
1185 
read_nolim_clear(void * data,size_t len)1186 ssize_t Connection::read_nolim_clear(void *data, size_t len) {
1187   ssize_t nread;
1188   while ((nread = read(fd, data, len)) == -1 && errno == EINTR)
1189     ;
1190   if (nread == -1) {
1191     if (errno == EAGAIN || errno == EWOULDBLOCK) {
1192       return 0;
1193     }
1194     return SHRPX_ERR_NETWORK;
1195   }
1196 
1197   if (nread == 0) {
1198     return SHRPX_ERR_EOF;
1199   }
1200 
1201   return nread;
1202 }
1203 
peek_clear(void * data,size_t len)1204 ssize_t Connection::peek_clear(void *data, size_t len) {
1205   ssize_t nread;
1206   while ((nread = recv(fd, data, len, MSG_PEEK)) == -1 && errno == EINTR)
1207     ;
1208   if (nread == -1) {
1209     if (errno == EAGAIN || errno == EWOULDBLOCK) {
1210       return 0;
1211     }
1212     return SHRPX_ERR_NETWORK;
1213   }
1214 
1215   if (nread == 0) {
1216     return SHRPX_ERR_EOF;
1217   }
1218 
1219   return nread;
1220 }
1221 
handle_tls_pending_read()1222 void Connection::handle_tls_pending_read() {
1223   if (!ev_is_active(&rev)) {
1224     return;
1225   }
1226   rlimit.handle_tls_pending_read();
1227 }
1228 
get_tcp_hint(TCPHint * hint) const1229 int Connection::get_tcp_hint(TCPHint *hint) const {
1230 #if defined(TCP_INFO) && defined(TCP_NOTSENT_LOWAT)
1231   struct tcp_info tcp_info;
1232   socklen_t tcp_info_len = sizeof(tcp_info);
1233   int rv;
1234 
1235   rv = getsockopt(fd, IPPROTO_TCP, TCP_INFO, &tcp_info, &tcp_info_len);
1236 
1237   if (rv != 0) {
1238     return -1;
1239   }
1240 
1241   auto avail_packets = tcp_info.tcpi_snd_cwnd > tcp_info.tcpi_unacked
1242                            ? tcp_info.tcpi_snd_cwnd - tcp_info.tcpi_unacked
1243                            : 0;
1244 
1245   // http://www.slideshare.net/kazuho/programming-tcp-for-responsiveness
1246 
1247   // TODO 29 (5 (header) + 8 (explicit nonce) + 16 (tag)) is TLS
1248   // overhead for AES-GCM.  For CHACHA20_POLY1305, it is 21 since it
1249   // does not need 8 bytes explicit nonce.
1250   //
1251   // For TLSv1.3, AES-GCM and CHACHA20_POLY1305 overhead are now 22
1252   // bytes (5 (header) + 1 (ContentType) + 16 (tag)).
1253   size_t tls_overhead;
1254 #  ifdef TLS1_3_VERSION
1255   if (SSL_version(tls.ssl) == TLS1_3_VERSION) {
1256     tls_overhead = 22;
1257   } else
1258 #  endif // TLS1_3_VERSION
1259   {
1260     tls_overhead = 29;
1261   }
1262 
1263   auto writable_size =
1264       (avail_packets + 2) * (tcp_info.tcpi_snd_mss - tls_overhead);
1265   if (writable_size > 16_k) {
1266     writable_size = writable_size & ~(16_k - 1);
1267   } else {
1268     if (writable_size < 536) {
1269       LOG(INFO) << "writable_size is too small: " << writable_size;
1270     }
1271     // TODO is this required?
1272     writable_size = std::max(writable_size, static_cast<size_t>(536 * 2));
1273   }
1274 
1275   // if (LOG_ENABLED(INFO)) {
1276   //   LOG(INFO) << "snd_cwnd=" << tcp_info.tcpi_snd_cwnd
1277   //             << ", unacked=" << tcp_info.tcpi_unacked
1278   //             << ", snd_mss=" << tcp_info.tcpi_snd_mss
1279   //             << ", rtt=" << tcp_info.tcpi_rtt << "us"
1280   //             << ", rcv_space=" << tcp_info.tcpi_rcv_space
1281   //             << ", writable=" << writable_size;
1282   // }
1283 
1284   hint->write_buffer_size = writable_size;
1285   // TODO tcpi_rcv_space is considered as rwin, is that correct?
1286   hint->rwin = tcp_info.tcpi_rcv_space;
1287 
1288   return 0;
1289 #else  // !defined(TCP_INFO) || !defined(TCP_NOTSENT_LOWAT)
1290   return -1;
1291 #endif // !defined(TCP_INFO) || !defined(TCP_NOTSENT_LOWAT)
1292 }
1293 
again_rt(ev_tstamp t)1294 void Connection::again_rt(ev_tstamp t) {
1295   read_timeout = t;
1296   rt.repeat = t;
1297   ev_timer_again(loop, &rt);
1298   last_read = std::chrono::steady_clock::now();
1299 }
1300 
again_rt()1301 void Connection::again_rt() {
1302   rt.repeat = read_timeout;
1303   ev_timer_again(loop, &rt);
1304   last_read = std::chrono::steady_clock::now();
1305 }
1306 
expired_rt()1307 bool Connection::expired_rt() {
1308   auto delta = read_timeout - util::ev_tstamp_from(
1309                                   std::chrono::steady_clock::now() - last_read);
1310   if (delta < 1e-9) {
1311     return true;
1312   }
1313   rt.repeat = delta;
1314   ev_timer_again(loop, &rt);
1315   return false;
1316 }
1317 
1318 } // namespace shrpx
1319