1 /* 2 * nghttp2 - HTTP/2 C Library 3 * 4 * Copyright (c) 2015 Tatsuhiro Tsujikawa 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining 7 * a copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sublicense, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be 15 * included in all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 #ifndef SHRPX_CONNECTION_H 26 #define SHRPX_CONNECTION_H 27 28 #include "shrpx_config.h" 29 30 #include <sys/uio.h> 31 32 #include <ev.h> 33 34 #include "ssl_compat.h" 35 36 #ifdef NGHTTP2_OPENSSL_IS_WOLFSSL 37 # include <wolfssl/options.h> 38 # include <wolfssl/openssl/ssl.h> 39 #else // !NGHTTP2_OPENSSL_IS_WOLFSSL 40 # include <openssl/ssl.h> 41 #endif // !NGHTTP2_OPENSSL_IS_WOLFSSL 42 43 #include <nghttp2/nghttp2.h> 44 45 #ifdef ENABLE_HTTP3 46 # include <ngtcp2/ngtcp2_crypto.h> 47 #endif // ENABLE_HTTP3 48 49 #include "shrpx_rate_limit.h" 50 #include "shrpx_error.h" 51 #include "memchunk.h" 52 53 namespace shrpx { 54 55 struct MemcachedRequest; 56 57 namespace tls { 58 struct TLSSessionCache; 59 } // namespace tls 60 61 enum class TLSHandshakeState { 62 NORMAL, 63 WAIT_FOR_SESSION_CACHE, 64 GOT_SESSION_CACHE, 65 CANCEL_SESSION_CACHE, 66 WRITE_STARTED, 67 }; 68 69 struct TLSConnection { 70 DefaultMemchunks wbuf; 71 DefaultPeekMemchunks rbuf; 72 // Stores TLSv1.3 early data. 73 DefaultMemchunks earlybuf; 74 SSL *ssl; 75 SSL_SESSION *cached_session; 76 MemcachedRequest *cached_session_lookup_req; 77 tls::TLSSessionCache *client_session_cache; 78 std::chrono::steady_clock::time_point last_write_idle; 79 size_t warmup_writelen; 80 // length passed to SSL_write and SSL_read last time. This is 81 // required since these functions require the exact same parameters 82 // on non-blocking I/O. 83 size_t last_writelen, last_readlen; 84 TLSHandshakeState handshake_state; 85 bool initial_handshake_done; 86 bool reneg_started; 87 // true if ssl is prepared to do handshake as server. 88 bool server_handshake; 89 // true if ssl is initialized as server, and client requested 90 // signed_certificate_timestamp extension. 91 bool sct_requested; 92 // true if TLSv1.3 early data has been completely received. Since 93 // SSL_read_early_data acts like SSL_do_handshake, this field may be 94 // true even if the negotiated TLS version is TLSv1.2 or earlier. 95 // This value is also true if this is client side connection for 96 // convenience. 97 bool early_data_finish; 98 }; 99 100 struct TCPHint { 101 size_t write_buffer_size; 102 uint32_t rwin; 103 }; 104 105 template <typename T> using EVCb = void (*)(struct ev_loop *, T *, int); 106 107 using IOCb = EVCb<ev_io>; 108 using TimerCb = EVCb<ev_timer>; 109 110 struct Connection { 111 Connection(struct ev_loop *loop, int fd, SSL *ssl, MemchunkPool *mcpool, 112 ev_tstamp write_timeout, ev_tstamp read_timeout, 113 const RateLimitConfig &write_limit, 114 const RateLimitConfig &read_limit, IOCb writecb, IOCb readcb, 115 TimerCb timeoutcb, void *data, size_t tls_dyn_rec_warmup_threshold, 116 ev_tstamp tls_dyn_rec_idle_timeout, Proto proto); 117 ~Connection(); 118 119 void disconnect(); 120 121 void prepare_client_handshake(); 122 void prepare_server_handshake(); 123 124 int tls_handshake(); 125 int tls_handshake_simple(); 126 int write_tls_pending_handshake(); 127 128 int check_http2_requirement(); 129 130 // All write_* and writev_clear functions return number of bytes 131 // written. If nothing cannot be written (e.g., there is no 132 // allowance in RateLimit or underlying connection blocks), return 133 // 0. SHRPX_ERR_NETWORK is returned in case of error. 134 // 135 // All read_* functions return number of bytes read. If nothing 136 // cannot be read (e.g., there is no allowance in Ratelimit or 137 // underlying connection blocks), return 0. SHRPX_ERR_EOF is 138 // returned in case of EOF and no data was read. Otherwise 139 // SHRPX_ERR_NETWORK is return in case of error. 140 nghttp2_ssize write_tls(const void *data, size_t len); 141 nghttp2_ssize read_tls(void *data, size_t len); 142 143 size_t get_tls_write_limit(); 144 // Updates the number of bytes written in warm up period. 145 void update_tls_warmup_writelen(size_t n); 146 // Tells there is no immediate write now. This triggers timer to 147 // determine fallback to short record size mode. 148 void start_tls_write_idle(); 149 150 nghttp2_ssize write_clear(const void *data, size_t len); 151 nghttp2_ssize writev_clear(struct iovec *iov, int iovcnt); 152 nghttp2_ssize read_clear(void *data, size_t len); 153 // Read at most |len| bytes of data from socket without rate limit. 154 nghttp2_ssize read_nolim_clear(void *data, size_t len); 155 // Peek at most |len| bytes of data from socket without rate limit. 156 nghttp2_ssize peek_clear(void *data, size_t len); 157 158 void handle_tls_pending_read(); 159 160 void set_ssl(SSL *ssl); 161 162 int get_tcp_hint(TCPHint *hint) const; 163 164 // These functions are provided for read timer which is frequently 165 // restarted. We do a trick to make a bit more efficient than just 166 // calling ev_timer_again(). 167 168 // Restarts read timer with timeout value |t|. 169 void again_rt(ev_tstamp t); 170 // Restarts read timer without changing timeout. 171 void again_rt(); 172 // Returns true if read timer expired. 173 bool expired_rt(); 174 175 #ifdef ENABLE_HTTP3 176 // This must be the first member of Connection. 177 ngtcp2_crypto_conn_ref conn_ref; 178 #endif // ENABLE_HTTP3 179 TLSConnection tls; 180 ev_io wev; 181 ev_io rev; 182 ev_timer wt; 183 ev_timer rt; 184 RateLimit wlimit; 185 RateLimit rlimit; 186 struct ev_loop *loop; 187 void *data; 188 int fd; 189 size_t tls_dyn_rec_warmup_threshold; 190 std::chrono::steady_clock::duration tls_dyn_rec_idle_timeout; 191 // Application protocol used over the connection. This field is not 192 // used in this object at the moment. The rest of the program may 193 // use this value when it is useful. 194 Proto proto; 195 // The point of time when last read is observed. Note: since we use 196 // |rt| as idle timer, the activity is not limited to read. 197 std::chrono::steady_clock::time_point last_read; 198 // Timeout for read timer |rt|. 199 ev_tstamp read_timeout; 200 }; 201 202 #ifdef ENABLE_HTTP3 203 static_assert(std::is_standard_layout<Connection>::value, 204 "Connection is not standard layout"); 205 #endif // ENABLE_HTTP3 206 207 // Creates BIO_method shared by all SSL objects. 208 BIO_METHOD *create_bio_method(); 209 210 } // namespace shrpx 211 212 #endif // SHRPX_CONNECTION_H 213