1 /* 2 * nghttp2 - HTTP/2 C Library 3 * 4 * Copyright (c) 2015 Tatsuhiro Tsujikawa 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining 7 * a copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sublicense, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be 15 * included in all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 #ifndef SHRPX_CONNECTION_H 26 #define SHRPX_CONNECTION_H 27 28 #include "shrpx_config.h" 29 30 #include <sys/uio.h> 31 32 #include <ev.h> 33 34 #include <openssl/ssl.h> 35 36 #include <nghttp2/nghttp2.h> 37 38 #ifdef ENABLE_HTTP3 39 # include <ngtcp2/ngtcp2_crypto.h> 40 #endif // ENABLE_HTTP3 41 42 #include "shrpx_rate_limit.h" 43 #include "shrpx_error.h" 44 #include "memchunk.h" 45 46 namespace shrpx { 47 48 struct MemcachedRequest; 49 50 namespace tls { 51 struct TLSSessionCache; 52 } // namespace tls 53 54 enum class TLSHandshakeState { 55 NORMAL, 56 WAIT_FOR_SESSION_CACHE, 57 GOT_SESSION_CACHE, 58 CANCEL_SESSION_CACHE, 59 WRITE_STARTED, 60 }; 61 62 struct TLSConnection { 63 DefaultMemchunks wbuf; 64 DefaultPeekMemchunks rbuf; 65 // Stores TLSv1.3 early data. 66 DefaultMemchunks earlybuf; 67 SSL *ssl; 68 SSL_SESSION *cached_session; 69 MemcachedRequest *cached_session_lookup_req; 70 tls::TLSSessionCache *client_session_cache; 71 std::chrono::steady_clock::time_point last_write_idle; 72 size_t warmup_writelen; 73 // length passed to SSL_write and SSL_read last time. This is 74 // required since these functions require the exact same parameters 75 // on non-blocking I/O. 76 size_t last_writelen, last_readlen; 77 TLSHandshakeState handshake_state; 78 bool initial_handshake_done; 79 bool reneg_started; 80 // true if ssl is prepared to do handshake as server. 81 bool server_handshake; 82 // true if ssl is initialized as server, and client requested 83 // signed_certificate_timestamp extension. 84 bool sct_requested; 85 // true if TLSv1.3 early data has been completely received. Since 86 // SSL_read_early_data acts like SSL_do_handshake, this field may be 87 // true even if the negotiated TLS version is TLSv1.2 or earlier. 88 // This value is also true if this is client side connection for 89 // convenience. 90 bool early_data_finish; 91 }; 92 93 struct TCPHint { 94 size_t write_buffer_size; 95 uint32_t rwin; 96 }; 97 98 template <typename T> using EVCb = void (*)(struct ev_loop *, T *, int); 99 100 using IOCb = EVCb<ev_io>; 101 using TimerCb = EVCb<ev_timer>; 102 103 struct Connection { 104 Connection(struct ev_loop *loop, int fd, SSL *ssl, MemchunkPool *mcpool, 105 ev_tstamp write_timeout, ev_tstamp read_timeout, 106 const RateLimitConfig &write_limit, 107 const RateLimitConfig &read_limit, IOCb writecb, IOCb readcb, 108 TimerCb timeoutcb, void *data, size_t tls_dyn_rec_warmup_threshold, 109 ev_tstamp tls_dyn_rec_idle_timeout, Proto proto); 110 ~Connection(); 111 112 void disconnect(); 113 114 void prepare_client_handshake(); 115 void prepare_server_handshake(); 116 117 int tls_handshake(); 118 int tls_handshake_simple(); 119 int write_tls_pending_handshake(); 120 121 int check_http2_requirement(); 122 123 // All write_* and writev_clear functions return number of bytes 124 // written. If nothing cannot be written (e.g., there is no 125 // allowance in RateLimit or underlying connection blocks), return 126 // 0. SHRPX_ERR_NETWORK is returned in case of error. 127 // 128 // All read_* functions return number of bytes read. If nothing 129 // cannot be read (e.g., there is no allowance in Ratelimit or 130 // underlying connection blocks), return 0. SHRPX_ERR_EOF is 131 // returned in case of EOF and no data was read. Otherwise 132 // SHRPX_ERR_NETWORK is return in case of error. 133 nghttp2_ssize write_tls(const void *data, size_t len); 134 nghttp2_ssize read_tls(void *data, size_t len); 135 136 size_t get_tls_write_limit(); 137 // Updates the number of bytes written in warm up period. 138 void update_tls_warmup_writelen(size_t n); 139 // Tells there is no immediate write now. This triggers timer to 140 // determine fallback to short record size mode. 141 void start_tls_write_idle(); 142 143 nghttp2_ssize write_clear(const void *data, size_t len); 144 nghttp2_ssize writev_clear(struct iovec *iov, int iovcnt); 145 nghttp2_ssize read_clear(void *data, size_t len); 146 // Read at most |len| bytes of data from socket without rate limit. 147 nghttp2_ssize read_nolim_clear(void *data, size_t len); 148 // Peek at most |len| bytes of data from socket without rate limit. 149 nghttp2_ssize peek_clear(void *data, size_t len); 150 151 void handle_tls_pending_read(); 152 153 void set_ssl(SSL *ssl); 154 155 int get_tcp_hint(TCPHint *hint) const; 156 157 // These functions are provided for read timer which is frequently 158 // restarted. We do a trick to make a bit more efficient than just 159 // calling ev_timer_again(). 160 161 // Restarts read timer with timeout value |t|. 162 void again_rt(ev_tstamp t); 163 // Restarts read timer without changing timeout. 164 void again_rt(); 165 // Returns true if read timer expired. 166 bool expired_rt(); 167 168 #ifdef ENABLE_HTTP3 169 // This must be the first member of Connection. 170 ngtcp2_crypto_conn_ref conn_ref; 171 #endif // ENABLE_HTTP3 172 TLSConnection tls; 173 ev_io wev; 174 ev_io rev; 175 ev_timer wt; 176 ev_timer rt; 177 RateLimit wlimit; 178 RateLimit rlimit; 179 struct ev_loop *loop; 180 void *data; 181 int fd; 182 size_t tls_dyn_rec_warmup_threshold; 183 std::chrono::steady_clock::duration tls_dyn_rec_idle_timeout; 184 // Application protocol used over the connection. This field is not 185 // used in this object at the moment. The rest of the program may 186 // use this value when it is useful. 187 Proto proto; 188 // The point of time when last read is observed. Note: since we use 189 // |rt| as idle timer, the activity is not limited to read. 190 std::chrono::steady_clock::time_point last_read; 191 // Timeout for read timer |rt|. 192 ev_tstamp read_timeout; 193 }; 194 195 #ifdef ENABLE_HTTP3 196 static_assert(std::is_standard_layout<Connection>::value, 197 "Connection is not standard layout"); 198 #endif // ENABLE_HTTP3 199 200 // Creates BIO_method shared by all SSL objects. 201 BIO_METHOD *create_bio_method(); 202 203 } // namespace shrpx 204 205 #endif // SHRPX_CONNECTION_H 206