1 // Copyright (C) 2018-2019, Cloudflare, Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright notice,
9 // this list of conditions and the following disclaimer.
10 //
11 // * Redistributions in binary form must reproduce the above copyright
12 // notice, this list of conditions and the following disclaimer in the
13 // documentation and/or other materials provided with the distribution.
14 //
15 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
16 // IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
17 // THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 // PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
19 // CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 // EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
22 // PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23 // LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
24 // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
27 //! �� Savoury implementation of the QUIC transport protocol and HTTP/3.
28 //!
29 //! [quiche] is an implementation of the QUIC transport protocol and HTTP/3 as
30 //! specified by the [IETF]. It provides a low level API for processing QUIC
31 //! packets and handling connection state. The application is responsible for
32 //! providing I/O (e.g. sockets handling) as well as an event loop with support
33 //! for timers.
34 //!
35 //! [quiche]: https://github.com/cloudflare/quiche/
36 //! [ietf]: https://quicwg.org/
37 //!
38 //! ## Connection setup
39 //!
40 //! The first step in establishing a QUIC connection using quiche is creating a
41 //! configuration object:
42 //!
43 //! ```
44 //! let config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
45 //! # Ok::<(), quiche::Error>(())
46 //! ```
47 //!
48 //! This is shared among multiple connections and can be used to configure a
49 //! QUIC endpoint.
50 //!
51 //! On the client-side the [`connect()`] utility function can be used to create
52 //! a new connection, while [`accept()`] is for servers:
53 //!
54 //! ```
55 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
56 //! # let server_name = "quic.tech";
57 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
58 //! # let to = "127.0.0.1:1234".parse().unwrap();
59 //! // Client connection.
60 //! let conn = quiche::connect(Some(&server_name), &scid, to, &mut config)?;
61 //!
62 //! // Server connection.
63 //! # let from = "127.0.0.1:1234".parse().unwrap();
64 //! let conn = quiche::accept(&scid, None, from, &mut config)?;
65 //! # Ok::<(), quiche::Error>(())
66 //! ```
67 //!
68 //! In both cases, the application is responsible for generating a new source
69 //! connection ID that will be used to identify the new connection.
70 //!
71 //! The application also need to pass the address of the remote peer of the
72 //! connection: in the case of a client that would be the address of the server
73 //! it is trying to connect to, and for a server that is the address of the
74 //! client that initiated the connection.
75 //!
76 //! ## Handling incoming packets
77 //!
78 //! Using the connection's [`recv()`] method the application can process
79 //! incoming packets that belong to that connection from the network:
80 //!
81 //! ```no_run
82 //! # let mut buf = [0; 512];
83 //! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
84 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
85 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
86 //! # let from = "127.0.0.1:1234".parse().unwrap();
87 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
88 //! loop {
89 //! let (read, from) = socket.recv_from(&mut buf).unwrap();
90 //!
91 //! let recv_info = quiche::RecvInfo { from };
92 //!
93 //! let read = match conn.recv(&mut buf[..read], recv_info) {
94 //! Ok(v) => v,
95 //!
96 //! Err(quiche::Error::Done) => {
97 //! // Done reading.
98 //! break;
99 //! },
100 //!
101 //! Err(e) => {
102 //! // An error occurred, handle it.
103 //! break;
104 //! },
105 //! };
106 //! }
107 //! # Ok::<(), quiche::Error>(())
108 //! ```
109 //!
110 //! The application has to pass a [`RecvInfo`] structure in order to provide
111 //! additional information about the received packet (such as the address it
112 //! was received from).
113 //!
114 //! ## Generating outgoing packets
115 //!
116 //! Outgoing packet are generated using the connection's [`send()`] method
117 //! instead:
118 //!
119 //! ```no_run
120 //! # let mut out = [0; 512];
121 //! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
122 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
123 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
124 //! # let from = "127.0.0.1:1234".parse().unwrap();
125 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
126 //! loop {
127 //! let (write, send_info) = match conn.send(&mut out) {
128 //! Ok(v) => v,
129 //!
130 //! Err(quiche::Error::Done) => {
131 //! // Done writing.
132 //! break;
133 //! },
134 //!
135 //! Err(e) => {
136 //! // An error occurred, handle it.
137 //! break;
138 //! },
139 //! };
140 //!
141 //! socket.send_to(&out[..write], &send_info.to).unwrap();
142 //! }
143 //! # Ok::<(), quiche::Error>(())
144 //! ```
145 //!
146 //! The application will be provided with a [`SendInfo`] structure providing
147 //! additional information about the newly created packet (such as the address
148 //! the packet should be sent to).
149 //!
150 //! When packets are sent, the application is responsible for maintaining a
151 //! timer to react to time-based connection events. The timer expiration can be
152 //! obtained using the connection's [`timeout()`] method.
153 //!
154 //! ```
155 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
156 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
157 //! # let from = "127.0.0.1:1234".parse().unwrap();
158 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
159 //! let timeout = conn.timeout();
160 //! # Ok::<(), quiche::Error>(())
161 //! ```
162 //!
163 //! The application is responsible for providing a timer implementation, which
164 //! can be specific to the operating system or networking framework used. When
165 //! a timer expires, the connection's [`on_timeout()`] method should be called,
166 //! after which additional packets might need to be sent on the network:
167 //!
168 //! ```no_run
169 //! # let mut out = [0; 512];
170 //! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
171 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
172 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
173 //! # let from = "127.0.0.1:1234".parse().unwrap();
174 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
175 //! // Timeout expired, handle it.
176 //! conn.on_timeout();
177 //!
178 //! // Send more packets as needed after timeout.
179 //! loop {
180 //! let (write, send_info) = match conn.send(&mut out) {
181 //! Ok(v) => v,
182 //!
183 //! Err(quiche::Error::Done) => {
184 //! // Done writing.
185 //! break;
186 //! },
187 //!
188 //! Err(e) => {
189 //! // An error occurred, handle it.
190 //! break;
191 //! },
192 //! };
193 //!
194 //! socket.send_to(&out[..write], &send_info.to).unwrap();
195 //! }
196 //! # Ok::<(), quiche::Error>(())
197 //! ```
198 //!
199 //! ## Sending and receiving stream data
200 //!
201 //! After some back and forth, the connection will complete its handshake and
202 //! will be ready for sending or receiving application data.
203 //!
204 //! Data can be sent on a stream by using the [`stream_send()`] method:
205 //!
206 //! ```no_run
207 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
208 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
209 //! # let from = "127.0.0.1:1234".parse().unwrap();
210 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
211 //! if conn.is_established() {
212 //! // Handshake completed, send some data on stream 0.
213 //! conn.stream_send(0, b"hello", true)?;
214 //! }
215 //! # Ok::<(), quiche::Error>(())
216 //! ```
217 //!
218 //! The application can check whether there are any readable streams by using
219 //! the connection's [`readable()`] method, which returns an iterator over all
220 //! the streams that have outstanding data to read.
221 //!
222 //! The [`stream_recv()`] method can then be used to retrieve the application
223 //! data from the readable stream:
224 //!
225 //! ```no_run
226 //! # let mut buf = [0; 512];
227 //! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
228 //! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
229 //! # let from = "127.0.0.1:1234".parse().unwrap();
230 //! # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
231 //! if conn.is_established() {
232 //! // Iterate over readable streams.
233 //! for stream_id in conn.readable() {
234 //! // Stream is readable, read until there's no more data.
235 //! while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
236 //! println!("Got {} bytes on stream {}", read, stream_id);
237 //! }
238 //! }
239 //! }
240 //! # Ok::<(), quiche::Error>(())
241 //! ```
242 //!
243 //! ## HTTP/3
244 //!
245 //! The quiche [HTTP/3 module] provides a high level API for sending and
246 //! receiving HTTP requests and responses on top of the QUIC transport protocol.
247 //!
248 //! [`connect()`]: fn.connect.html
249 //! [`accept()`]: fn.accept.html
250 //! [`recv()`]: struct.Connection.html#method.recv
251 //! [`RecvInfo`]: struct.RecvInfo.html
252 //! [`send()`]: struct.Connection.html#method.send
253 //! [`SendInfo`]: struct.SendInfo.html
254 //! [`timeout()`]: struct.Connection.html#method.timeout
255 //! [`on_timeout()`]: struct.Connection.html#method.on_timeout
256 //! [`stream_send()`]: struct.Connection.html#method.stream_send
257 //! [`readable()`]: struct.Connection.html#method.readable
258 //! [`stream_recv()`]: struct.Connection.html#method.stream_recv
259 //! [HTTP/3 module]: h3/index.html
260 //!
261 //! ## Congestion Control
262 //!
263 //! The quiche library provides a high-level API for configuring which
264 //! congestion control algorithm to use throughout the QUIC connection.
265 //!
266 //! When a QUIC connection is created, the application can optionally choose
267 //! which CC algorithm to use. See [`CongestionControlAlgorithm`] for currently
268 //! available congestion control algorithms.
269 //!
270 //! For example:
271 //!
272 //! ```
273 //! let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
274 //! config.set_cc_algorithm(quiche::CongestionControlAlgorithm::Reno);
275 //! ```
276 //!
277 //! Alternatively, you can configure the congestion control algorithm to use
278 //! by its name.
279 //!
280 //! ```
281 //! let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
282 //! config.set_cc_algorithm_name("reno").unwrap();
283 //! ```
284 //!
285 //! Note that the CC algorithm should be configured before calling [`connect()`]
286 //! or [`accept()`]. Otherwise the connection will use a default CC algorithm.
287 //!
288 //! [`CongestionControlAlgorithm`]: enum.CongestionControlAlgorithm.html
289
290 #![allow(improper_ctypes)]
291 #![allow(clippy::suspicious_operation_groupings)]
292 #![allow(clippy::upper_case_acronyms)]
293 #![warn(missing_docs)]
294
295 #[macro_use]
296 extern crate log;
297
298 use std::cmp;
299 use std::time;
300
301 use std::net::SocketAddr;
302
303 use std::pin::Pin;
304 use std::str::FromStr;
305
306 use std::sync::Mutex;
307
308 use std::collections::VecDeque;
309
310 /// The current QUIC wire version.
311 pub const PROTOCOL_VERSION: u32 = PROTOCOL_VERSION_V1;
312
313 /// Supported QUIC versions.
314 ///
315 /// Note that the older ones might not be fully supported.
316 const PROTOCOL_VERSION_V1: u32 = 0x0000_0001;
317 const PROTOCOL_VERSION_DRAFT27: u32 = 0xff00_001b;
318 const PROTOCOL_VERSION_DRAFT28: u32 = 0xff00_001c;
319 const PROTOCOL_VERSION_DRAFT29: u32 = 0xff00_001d;
320
321 /// The maximum length of a connection ID.
322 pub const MAX_CONN_ID_LEN: usize = crate::packet::MAX_CID_LEN as usize;
323
324 /// The minimum length of Initial packets sent by a client.
325 pub const MIN_CLIENT_INITIAL_LEN: usize = 1200;
326
327 #[cfg(not(feature = "fuzzing"))]
328 const PAYLOAD_MIN_LEN: usize = 4;
329
330 #[cfg(feature = "fuzzing")]
331 // Due to the fact that in fuzzing mode we use a zero-length AEAD tag (which
332 // would normally be 16 bytes), we need to adjust the minimum payload size to
333 // account for that.
334 const PAYLOAD_MIN_LEN: usize = 20;
335
336 const MAX_AMPLIFICATION_FACTOR: usize = 3;
337
338 // The maximum number of tracked packet number ranges that need to be acked.
339 //
340 // This represents more or less how many ack blocks can fit in a typical packet.
341 const MAX_ACK_RANGES: usize = 68;
342
343 // The highest possible stream ID allowed.
344 const MAX_STREAM_ID: u64 = 1 << 60;
345
346 // The default max_datagram_size used in congestion control.
347 const MAX_SEND_UDP_PAYLOAD_SIZE: usize = 1200;
348
349 // The default length of DATAGRAM queues.
350 const DEFAULT_MAX_DGRAM_QUEUE_LEN: usize = 0;
351
352 // The DATAGRAM standard recommends either none or 65536 as maximum DATAGRAM
353 // frames size. We enforce the recommendation for forward compatibility.
354 const MAX_DGRAM_FRAME_SIZE: u64 = 65536;
355
356 // The length of the payload length field.
357 const PAYLOAD_LENGTH_LEN: usize = 2;
358
359 // The number of undecryptable that can be buffered.
360 const MAX_UNDECRYPTABLE_PACKETS: usize = 10;
361
362 const RESERVED_VERSION_MASK: u32 = 0xfafafafa;
363
364 /// A specialized [`Result`] type for quiche operations.
365 ///
366 /// This type is used throughout quiche's public API for any operation that
367 /// can produce an error.
368 ///
369 /// [`Result`]: https://doc.rust-lang.org/std/result/enum.Result.html
370 pub type Result<T> = std::result::Result<T, Error>;
371
372 /// A QUIC error.
373 #[derive(Clone, Copy, Debug, PartialEq)]
374 pub enum Error {
375 /// There is no more work to do.
376 Done,
377
378 /// The provided buffer is too short.
379 BufferTooShort,
380
381 /// The provided packet cannot be parsed because its version is unknown.
382 UnknownVersion,
383
384 /// The provided packet cannot be parsed because it contains an invalid
385 /// frame.
386 InvalidFrame,
387
388 /// The provided packet cannot be parsed.
389 InvalidPacket,
390
391 /// The operation cannot be completed because the connection is in an
392 /// invalid state.
393 InvalidState,
394
395 /// The operation cannot be completed because the stream is in an
396 /// invalid state.
397 ///
398 /// The stream ID is provided as associated data.
399 InvalidStreamState(u64),
400
401 /// The peer's transport params cannot be parsed.
402 InvalidTransportParam,
403
404 /// A cryptographic operation failed.
405 CryptoFail,
406
407 /// The TLS handshake failed.
408 TlsFail,
409
410 /// The peer violated the local flow control limits.
411 FlowControl,
412
413 /// The peer violated the local stream limits.
414 StreamLimit,
415
416 /// The specified stream was stopped by the peer.
417 ///
418 /// The error code sent as part of the `STOP_SENDING` frame is provided as
419 /// associated data.
420 StreamStopped(u64),
421
422 /// The received data exceeds the stream's final size.
423 FinalSize,
424
425 /// Error in congestion control.
426 CongestionControl,
427 }
428
429 impl Error {
to_wire(self) -> u64430 fn to_wire(self) -> u64 {
431 match self {
432 Error::Done => 0x0,
433 Error::InvalidFrame => 0x7,
434 Error::InvalidStreamState(..) => 0x5,
435 Error::InvalidTransportParam => 0x8,
436 Error::FlowControl => 0x3,
437 Error::StreamLimit => 0x4,
438 Error::FinalSize => 0x6,
439 _ => 0xa,
440 }
441 }
442
443 #[cfg(feature = "ffi")]
to_c(self) -> libc::ssize_t444 fn to_c(self) -> libc::ssize_t {
445 match self {
446 Error::Done => -1,
447 Error::BufferTooShort => -2,
448 Error::UnknownVersion => -3,
449 Error::InvalidFrame => -4,
450 Error::InvalidPacket => -5,
451 Error::InvalidState => -6,
452 Error::InvalidStreamState(_) => -7,
453 Error::InvalidTransportParam => -8,
454 Error::CryptoFail => -9,
455 Error::TlsFail => -10,
456 Error::FlowControl => -11,
457 Error::StreamLimit => -12,
458 Error::FinalSize => -13,
459 Error::CongestionControl => -14,
460 Error::StreamStopped { .. } => -15,
461 }
462 }
463 }
464
465 impl std::fmt::Display for Error {
fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result466 fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
467 write!(f, "{:?}", self)
468 }
469 }
470
471 impl std::error::Error for Error {
source(&self) -> Option<&(dyn std::error::Error + 'static)>472 fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
473 None
474 }
475 }
476
477 impl std::convert::From<octets::BufferTooShortError> for Error {
from(_err: octets::BufferTooShortError) -> Self478 fn from(_err: octets::BufferTooShortError) -> Self {
479 Error::BufferTooShort
480 }
481 }
482
483 /// Ancillary information about incoming packets.
484 #[derive(Clone, Copy, Debug, PartialEq)]
485 pub struct RecvInfo {
486 /// The address the packet was received from.
487 pub from: SocketAddr,
488 }
489
490 /// Ancillary information about outgoing packets.
491 #[derive(Clone, Copy, Debug, PartialEq)]
492 pub struct SendInfo {
493 /// The address the packet should be sent to.
494 pub to: SocketAddr,
495
496 /// The time to send the packet out.
497 pub at: time::Instant,
498 }
499
500 /// Represents information carried by `CONNECTION_CLOSE` frames.
501 #[derive(Clone, Debug, PartialEq)]
502 pub struct ConnectionError {
503 /// Whether the error came from the application or the transport layer.
504 pub is_app: bool,
505
506 /// The error code carried by the `CONNECTION_CLOSE` frame.
507 pub error_code: u64,
508
509 /// The reason carried by the `CONNECTION_CLOSE` frame.
510 pub reason: Vec<u8>,
511 }
512
513 /// The stream's side to shutdown.
514 ///
515 /// This should be used when calling [`stream_shutdown()`].
516 ///
517 /// [`stream_shutdown()`]: struct.Connection.html#method.stream_shutdown
518 #[repr(C)]
519 pub enum Shutdown {
520 /// Stop receiving stream data.
521 Read = 0,
522
523 /// Stop sending stream data.
524 Write = 1,
525 }
526
527 /// Stores configuration shared between multiple connections.
528 pub struct Config {
529 local_transport_params: TransportParams,
530
531 version: u32,
532
533 // BoringSSL's SSL_CTX structure is technically safe to share across threads
534 // but once shared, functions that modify it can't be used any more. We can't
535 // encode that in Rust, so just make it Send+Sync with a mutex to fulfill
536 // the Sync constraint.
537 tls_ctx: Mutex<tls::Context>,
538
539 application_protos: Vec<Vec<u8>>,
540
541 grease: bool,
542
543 cc_algorithm: CongestionControlAlgorithm,
544
545 hystart: bool,
546
547 dgram_recv_max_queue_len: usize,
548 dgram_send_max_queue_len: usize,
549
550 max_send_udp_payload_size: usize,
551 }
552
553 // See https://quicwg.org/base-drafts/rfc9000.html#section-15
is_reserved_version(version: u32) -> bool554 fn is_reserved_version(version: u32) -> bool {
555 version & RESERVED_VERSION_MASK == version
556 }
557
558 impl Config {
559 /// Creates a config object with the given version.
560 ///
561 /// ## Examples:
562 ///
563 /// ```
564 /// let config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
565 /// # Ok::<(), quiche::Error>(())
566 /// ```
new(version: u32) -> Result<Config>567 pub fn new(version: u32) -> Result<Config> {
568 if !is_reserved_version(version) && !version_is_supported(version) {
569 return Err(Error::UnknownVersion);
570 }
571
572 let tls_ctx = Mutex::new(tls::Context::new()?);
573
574 Ok(Config {
575 local_transport_params: TransportParams::default(),
576 version,
577 tls_ctx,
578 application_protos: Vec::new(),
579 grease: true,
580 cc_algorithm: CongestionControlAlgorithm::CUBIC,
581 hystart: true,
582
583 dgram_recv_max_queue_len: DEFAULT_MAX_DGRAM_QUEUE_LEN,
584 dgram_send_max_queue_len: DEFAULT_MAX_DGRAM_QUEUE_LEN,
585
586 max_send_udp_payload_size: MAX_SEND_UDP_PAYLOAD_SIZE,
587 })
588 }
589
590 /// Configures the given certificate chain.
591 ///
592 /// The content of `file` is parsed as a PEM-encoded leaf certificate,
593 /// followed by optional intermediate certificates.
594 ///
595 /// ## Examples:
596 ///
597 /// ```no_run
598 /// # let mut config = quiche::Config::new(0xbabababa)?;
599 /// config.load_cert_chain_from_pem_file("/path/to/cert.pem")?;
600 /// # Ok::<(), quiche::Error>(())
601 /// ```
load_cert_chain_from_pem_file(&mut self, file: &str) -> Result<()>602 pub fn load_cert_chain_from_pem_file(&mut self, file: &str) -> Result<()> {
603 self.tls_ctx
604 .lock()
605 .unwrap()
606 .use_certificate_chain_file(file)
607 }
608
609 /// Configures the given private key.
610 ///
611 /// The content of `file` is parsed as a PEM-encoded private key.
612 ///
613 /// ## Examples:
614 ///
615 /// ```no_run
616 /// # let mut config = quiche::Config::new(0xbabababa)?;
617 /// config.load_priv_key_from_pem_file("/path/to/key.pem")?;
618 /// # Ok::<(), quiche::Error>(())
619 /// ```
load_priv_key_from_pem_file(&mut self, file: &str) -> Result<()>620 pub fn load_priv_key_from_pem_file(&mut self, file: &str) -> Result<()> {
621 self.tls_ctx.lock().unwrap().use_privkey_file(file)
622 }
623
624 /// Specifies a file where trusted CA certificates are stored for the
625 /// purposes of certificate verification.
626 ///
627 /// The content of `file` is parsed as a PEM-encoded certificate chain.
628 ///
629 /// ## Examples:
630 ///
631 /// ```no_run
632 /// # let mut config = quiche::Config::new(0xbabababa)?;
633 /// config.load_verify_locations_from_file("/path/to/cert.pem")?;
634 /// # Ok::<(), quiche::Error>(())
635 /// ```
load_verify_locations_from_file(&mut self, file: &str) -> Result<()>636 pub fn load_verify_locations_from_file(&mut self, file: &str) -> Result<()> {
637 self.tls_ctx
638 .lock()
639 .unwrap()
640 .load_verify_locations_from_file(file)
641 }
642
643 /// Specifies a directory where trusted CA certificates are stored for the
644 /// purposes of certificate verification.
645 ///
646 /// The content of `dir` a set of PEM-encoded certificate chains.
647 ///
648 /// ## Examples:
649 ///
650 /// ```no_run
651 /// # let mut config = quiche::Config::new(0xbabababa)?;
652 /// config.load_verify_locations_from_directory("/path/to/certs")?;
653 /// # Ok::<(), quiche::Error>(())
654 /// ```
load_verify_locations_from_directory( &mut self, dir: &str, ) -> Result<()>655 pub fn load_verify_locations_from_directory(
656 &mut self, dir: &str,
657 ) -> Result<()> {
658 self.tls_ctx
659 .lock()
660 .unwrap()
661 .load_verify_locations_from_directory(dir)
662 }
663
664 /// Configures whether to verify the peer's certificate.
665 ///
666 /// The default value is `true` for client connections, and `false` for
667 /// server ones.
verify_peer(&mut self, verify: bool)668 pub fn verify_peer(&mut self, verify: bool) {
669 self.tls_ctx.lock().unwrap().set_verify(verify);
670 }
671
672 /// Configures whether to send GREASE values.
673 ///
674 /// The default value is `true`.
grease(&mut self, grease: bool)675 pub fn grease(&mut self, grease: bool) {
676 self.grease = grease;
677 }
678
679 /// Enables logging of secrets.
680 ///
681 /// When logging is enabled, the [`set_keylog()`] method must be called on
682 /// the connection for its cryptographic secrets to be logged in the
683 /// [keylog] format to the specified writer.
684 ///
685 /// [`set_keylog()`]: struct.Connection.html#method.set_keylog
686 /// [keylog]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
log_keys(&mut self)687 pub fn log_keys(&mut self) {
688 self.tls_ctx.lock().unwrap().enable_keylog();
689 }
690
691 /// Configures the session ticket key material.
692 ///
693 /// On the server this key will be used to encrypt and decrypt session
694 /// tickets, used to perform session resumption without server-side state.
695 ///
696 /// By default a key is generated internally, and rotated regularly, so
697 /// applications don't need to call this unless they need to use a
698 /// specific key (e.g. in order to support resumption across multiple
699 /// servers), in which case the application is also responsible for
700 /// rotating the key to provide forward secrecy.
set_ticket_key(&mut self, key: &[u8]) -> Result<()>701 pub fn set_ticket_key(&mut self, key: &[u8]) -> Result<()> {
702 self.tls_ctx.lock().unwrap().set_ticket_key(key)
703 }
704
705 /// Enables sending or receiving early data.
enable_early_data(&mut self)706 pub fn enable_early_data(&mut self) {
707 self.tls_ctx.lock().unwrap().set_early_data_enabled(true);
708 }
709
710 /// Configures the list of supported application protocols.
711 ///
712 /// The list of protocols `protos` must be in wire-format (i.e. a series
713 /// of non-empty, 8-bit length-prefixed strings).
714 ///
715 /// On the client this configures the list of protocols to send to the
716 /// server as part of the ALPN extension.
717 ///
718 /// On the server this configures the list of supported protocols to match
719 /// against the client-supplied list.
720 ///
721 /// Applications must set a value, but no default is provided.
722 ///
723 /// ## Examples:
724 ///
725 /// ```
726 /// # let mut config = quiche::Config::new(0xbabababa)?;
727 /// config.set_application_protos(b"\x08http/1.1\x08http/0.9")?;
728 /// # Ok::<(), quiche::Error>(())
729 /// ```
set_application_protos(&mut self, protos: &[u8]) -> Result<()>730 pub fn set_application_protos(&mut self, protos: &[u8]) -> Result<()> {
731 let mut b = octets::Octets::with_slice(&protos);
732
733 let mut protos_list = Vec::new();
734
735 while let Ok(proto) = b.get_bytes_with_u8_length() {
736 protos_list.push(proto.to_vec());
737 }
738
739 self.application_protos = protos_list;
740
741 self.tls_ctx
742 .lock()
743 .unwrap()
744 .set_alpn(&self.application_protos)
745 }
746
747 /// Sets the `max_idle_timeout` transport parameter, in milliseconds.
748 ///
749 /// The default value is infinite, that is, no timeout is used.
set_max_idle_timeout(&mut self, v: u64)750 pub fn set_max_idle_timeout(&mut self, v: u64) {
751 self.local_transport_params.max_idle_timeout = v;
752 }
753
754 /// Sets the `max_udp_payload_size transport` parameter.
755 ///
756 /// The default value is `65527`.
set_max_recv_udp_payload_size(&mut self, v: usize)757 pub fn set_max_recv_udp_payload_size(&mut self, v: usize) {
758 self.local_transport_params.max_udp_payload_size = v as u64;
759 }
760
761 /// Sets the maximum outgoing UDP payload size.
762 ///
763 /// The default and minimum value is `1200`.
set_max_send_udp_payload_size(&mut self, v: usize)764 pub fn set_max_send_udp_payload_size(&mut self, v: usize) {
765 self.max_send_udp_payload_size = cmp::max(v, MAX_SEND_UDP_PAYLOAD_SIZE);
766 }
767
768 /// Sets the `initial_max_data` transport parameter.
769 ///
770 /// When set to a non-zero value quiche will only allow at most `v` bytes
771 /// of incoming stream data to be buffered for the whole connection (that
772 /// is, data that is not yet read by the application) and will allow more
773 /// data to be received as the buffer is consumed by the application.
774 ///
775 /// The default value is `0`.
set_initial_max_data(&mut self, v: u64)776 pub fn set_initial_max_data(&mut self, v: u64) {
777 self.local_transport_params.initial_max_data = v;
778 }
779
780 /// Sets the `initial_max_stream_data_bidi_local` transport parameter.
781 ///
782 /// When set to a non-zero value quiche will only allow at most `v` bytes
783 /// of incoming stream data to be buffered for each locally-initiated
784 /// bidirectional stream (that is, data that is not yet read by the
785 /// application) and will allow more data to be received as the buffer is
786 /// consumed by the application.
787 ///
788 /// The default value is `0`.
set_initial_max_stream_data_bidi_local(&mut self, v: u64)789 pub fn set_initial_max_stream_data_bidi_local(&mut self, v: u64) {
790 self.local_transport_params
791 .initial_max_stream_data_bidi_local = v;
792 }
793
794 /// Sets the `initial_max_stream_data_bidi_remote` transport parameter.
795 ///
796 /// When set to a non-zero value quiche will only allow at most `v` bytes
797 /// of incoming stream data to be buffered for each remotely-initiated
798 /// bidirectional stream (that is, data that is not yet read by the
799 /// application) and will allow more data to be received as the buffer is
800 /// consumed by the application.
801 ///
802 /// The default value is `0`.
set_initial_max_stream_data_bidi_remote(&mut self, v: u64)803 pub fn set_initial_max_stream_data_bidi_remote(&mut self, v: u64) {
804 self.local_transport_params
805 .initial_max_stream_data_bidi_remote = v;
806 }
807
808 /// Sets the `initial_max_stream_data_uni` transport parameter.
809 ///
810 /// When set to a non-zero value quiche will only allow at most `v` bytes
811 /// of incoming stream data to be buffered for each unidirectional stream
812 /// (that is, data that is not yet read by the application) and will allow
813 /// more data to be received as the buffer is consumed by the application.
814 ///
815 /// The default value is `0`.
set_initial_max_stream_data_uni(&mut self, v: u64)816 pub fn set_initial_max_stream_data_uni(&mut self, v: u64) {
817 self.local_transport_params.initial_max_stream_data_uni = v;
818 }
819
820 /// Sets the `initial_max_streams_bidi` transport parameter.
821 ///
822 /// When set to a non-zero value quiche will only allow `v` number of
823 /// concurrent remotely-initiated bidirectional streams to be open at any
824 /// given time and will increase the limit automatically as streams are
825 /// completed.
826 ///
827 /// A bidirectional stream is considered completed when all incoming data
828 /// has been read by the application (up to the `fin` offset) or the
829 /// stream's read direction has been shutdown, and all outgoing data has
830 /// been acked by the peer (up to the `fin` offset) or the stream's write
831 /// direction has been shutdown.
832 ///
833 /// The default value is `0`.
set_initial_max_streams_bidi(&mut self, v: u64)834 pub fn set_initial_max_streams_bidi(&mut self, v: u64) {
835 self.local_transport_params.initial_max_streams_bidi = v;
836 }
837
838 /// Sets the `initial_max_streams_uni` transport parameter.
839 ///
840 /// When set to a non-zero value quiche will only allow `v` number of
841 /// concurrent remotely-initiated unidirectional streams to be open at any
842 /// given time and will increase the limit automatically as streams are
843 /// completed.
844 ///
845 /// A unidirectional stream is considered completed when all incoming data
846 /// has been read by the application (up to the `fin` offset) or the
847 /// stream's read direction has been shutdown.
848 ///
849 /// The default value is `0`.
set_initial_max_streams_uni(&mut self, v: u64)850 pub fn set_initial_max_streams_uni(&mut self, v: u64) {
851 self.local_transport_params.initial_max_streams_uni = v;
852 }
853
854 /// Sets the `ack_delay_exponent` transport parameter.
855 ///
856 /// The default value is `3`.
set_ack_delay_exponent(&mut self, v: u64)857 pub fn set_ack_delay_exponent(&mut self, v: u64) {
858 self.local_transport_params.ack_delay_exponent = v;
859 }
860
861 /// Sets the `max_ack_delay` transport parameter.
862 ///
863 /// The default value is `25`.
set_max_ack_delay(&mut self, v: u64)864 pub fn set_max_ack_delay(&mut self, v: u64) {
865 self.local_transport_params.max_ack_delay = v;
866 }
867
868 /// Sets the `disable_active_migration` transport parameter.
869 ///
870 /// The default value is `false`.
set_disable_active_migration(&mut self, v: bool)871 pub fn set_disable_active_migration(&mut self, v: bool) {
872 self.local_transport_params.disable_active_migration = v;
873 }
874
875 /// Sets the congestion control algorithm used by string.
876 ///
877 /// The default value is `cubic`. On error `Error::CongestionControl`
878 /// will be returned.
879 ///
880 /// ## Examples:
881 ///
882 /// ```
883 /// # let mut config = quiche::Config::new(0xbabababa)?;
884 /// config.set_cc_algorithm_name("reno");
885 /// # Ok::<(), quiche::Error>(())
886 /// ```
set_cc_algorithm_name(&mut self, name: &str) -> Result<()>887 pub fn set_cc_algorithm_name(&mut self, name: &str) -> Result<()> {
888 self.cc_algorithm = CongestionControlAlgorithm::from_str(name)?;
889
890 Ok(())
891 }
892
893 /// Sets the congestion control algorithm used.
894 ///
895 /// The default value is `CongestionControlAlgorithm::CUBIC`.
set_cc_algorithm(&mut self, algo: CongestionControlAlgorithm)896 pub fn set_cc_algorithm(&mut self, algo: CongestionControlAlgorithm) {
897 self.cc_algorithm = algo;
898 }
899
900 /// Configures whether to enable HyStart++.
901 ///
902 /// The default value is `true`.
enable_hystart(&mut self, v: bool)903 pub fn enable_hystart(&mut self, v: bool) {
904 self.hystart = v;
905 }
906
907 /// Configures whether to enable receiving DATAGRAM frames.
908 ///
909 /// When enabled, the `max_datagram_frame_size` transport parameter is set
910 /// to 65536 as recommended by draft-ietf-quic-datagram-01.
911 ///
912 /// The default is `false`.
enable_dgram( &mut self, enabled: bool, recv_queue_len: usize, send_queue_len: usize, )913 pub fn enable_dgram(
914 &mut self, enabled: bool, recv_queue_len: usize, send_queue_len: usize,
915 ) {
916 self.local_transport_params.max_datagram_frame_size = if enabled {
917 Some(MAX_DGRAM_FRAME_SIZE)
918 } else {
919 None
920 };
921 self.dgram_recv_max_queue_len = recv_queue_len;
922 self.dgram_send_max_queue_len = send_queue_len;
923 }
924 }
925
926 /// A QUIC connection.
927 pub struct Connection {
928 /// QUIC wire version used for the connection.
929 version: u32,
930
931 /// Peer's connection ID.
932 dcid: ConnectionId<'static>,
933
934 /// Local connection ID.
935 scid: ConnectionId<'static>,
936
937 /// Unique opaque ID for the connection that can be used for logging.
938 trace_id: String,
939
940 /// Packet number spaces.
941 pkt_num_spaces: [packet::PktNumSpace; packet::EPOCH_COUNT],
942
943 /// Peer's transport parameters.
944 peer_transport_params: TransportParams,
945
946 /// Local transport parameters.
947 local_transport_params: TransportParams,
948
949 /// TLS handshake state.
950 ///
951 /// Due to the requirement for `Connection` to be Send+Sync, and the fact
952 /// that BoringSSL's SSL structure is not thread safe, we need to wrap the
953 /// handshake object in a mutex.
954 handshake: Mutex<tls::Handshake>,
955
956 /// Serialized TLS session buffer.
957 ///
958 /// This field is populated when a new session ticket is processed on the
959 /// client. On the server this is empty.
960 session: Option<Vec<u8>>,
961
962 /// Loss recovery and congestion control state.
963 recovery: recovery::Recovery,
964
965 peer_addr: SocketAddr,
966
967 /// List of supported application protocols.
968 application_protos: Vec<Vec<u8>>,
969
970 /// Total number of received packets.
971 recv_count: usize,
972
973 /// Total number of sent packets.
974 sent_count: usize,
975
976 /// Total number of bytes received from the peer.
977 rx_data: u64,
978
979 /// Local flow control limit for the connection.
980 max_rx_data: u64,
981
982 /// Updated local flow control limit for the connection. This is used to
983 /// trigger sending MAX_DATA frames after a certain threshold.
984 max_rx_data_next: u64,
985
986 /// Whether we send MAX_DATA frame.
987 almost_full: bool,
988
989 /// Number of stream data bytes that can be buffered.
990 tx_cap: usize,
991
992 /// Total number of bytes sent to the peer.
993 tx_data: u64,
994
995 /// Peer's flow control limit for the connection.
996 max_tx_data: u64,
997
998 /// Total number of bytes the server can send before the peer's address
999 /// is verified.
1000 max_send_bytes: usize,
1001
1002 /// Streams map, indexed by stream ID.
1003 streams: stream::StreamMap,
1004
1005 /// Peer's original destination connection ID. Used by the client to
1006 /// validate the server's transport parameter.
1007 odcid: Option<ConnectionId<'static>>,
1008
1009 /// Peer's retry source connection ID. Used by the client during stateless
1010 /// retry to validate the server's transport parameter.
1011 rscid: Option<ConnectionId<'static>>,
1012
1013 /// Received address verification token.
1014 token: Option<Vec<u8>>,
1015
1016 /// Error code and reason to be sent to the peer in a CONNECTION_CLOSE
1017 /// frame.
1018 local_error: Option<ConnectionError>,
1019
1020 /// Error code and reason received from the peer in a CONNECTION_CLOSE
1021 /// frame.
1022 peer_error: Option<ConnectionError>,
1023
1024 /// Received path challenge.
1025 challenge: Option<Vec<u8>>,
1026
1027 /// The connection-level limit at which send blocking occurred.
1028 blocked_limit: Option<u64>,
1029
1030 /// Idle timeout expiration time.
1031 idle_timer: Option<time::Instant>,
1032
1033 /// Draining timeout expiration time.
1034 draining_timer: Option<time::Instant>,
1035
1036 /// List of raw packets that were received before they could be decrypted.
1037 undecryptable_pkts: VecDeque<(Vec<u8>, RecvInfo)>,
1038
1039 /// The negotiated ALPN protocol.
1040 alpn: Vec<u8>,
1041
1042 /// Whether this is a server-side connection.
1043 is_server: bool,
1044
1045 /// Whether the initial secrets have been derived.
1046 derived_initial_secrets: bool,
1047
1048 /// Whether a version negotiation packet has already been received. Only
1049 /// relevant for client connections.
1050 did_version_negotiation: bool,
1051
1052 /// Whether stateless retry has been performed.
1053 did_retry: bool,
1054
1055 /// Whether the peer already updated its connection ID.
1056 got_peer_conn_id: bool,
1057
1058 /// Whether the peer's address has been verified.
1059 verified_peer_address: bool,
1060
1061 /// Whether the peer has verified our address.
1062 peer_verified_address: bool,
1063
1064 /// Whether the peer's transport parameters were parsed.
1065 parsed_peer_transport_params: bool,
1066
1067 /// Whether the connection handshake has been completed.
1068 handshake_completed: bool,
1069
1070 /// Whether the HANDSHAKE_DONE has been sent.
1071 handshake_done_sent: bool,
1072
1073 /// Whether the connection handshake has been confirmed.
1074 handshake_confirmed: bool,
1075
1076 /// Whether an ack-eliciting packet has been sent since last receiving a
1077 /// packet.
1078 ack_eliciting_sent: bool,
1079
1080 /// Whether the connection is closed.
1081 closed: bool,
1082
1083 /// Whether to send GREASE.
1084 grease: bool,
1085
1086 /// TLS keylog writer.
1087 keylog: Option<Box<dyn std::io::Write + Send + Sync>>,
1088
1089 /// Qlog streaming output.
1090 #[cfg(feature = "qlog")]
1091 qlog_streamer: Option<qlog::QlogStreamer>,
1092
1093 /// Whether peer transport parameters were qlogged.
1094 #[cfg(feature = "qlog")]
1095 qlogged_peer_params: bool,
1096
1097 /// DATAGRAM queues.
1098 dgram_recv_queue: dgram::DatagramQueue,
1099 dgram_send_queue: dgram::DatagramQueue,
1100
1101 /// Whether to emit DATAGRAM frames in the next packet.
1102 emit_dgram: bool,
1103 }
1104
1105 /// Creates a new server-side connection.
1106 ///
1107 /// The `scid` parameter represents the server's source connection ID, while
1108 /// the optional `odcid` parameter represents the original destination ID the
1109 /// client sent before a stateless retry (this is only required when using
1110 /// the [`retry()`] function).
1111 ///
1112 /// [`retry()`]: fn.retry.html
1113 ///
1114 /// ## Examples:
1115 ///
1116 /// ```no_run
1117 /// # let mut config = quiche::Config::new(0xbabababa)?;
1118 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1119 /// # let from = "127.0.0.1:1234".parse().unwrap();
1120 /// let conn = quiche::accept(&scid, None, from, &mut config)?;
1121 /// # Ok::<(), quiche::Error>(())
1122 /// ```
1123 #[inline]
accept( scid: &ConnectionId, odcid: Option<&ConnectionId>, from: SocketAddr, config: &mut Config, ) -> Result<Pin<Box<Connection>>>1124 pub fn accept(
1125 scid: &ConnectionId, odcid: Option<&ConnectionId>, from: SocketAddr,
1126 config: &mut Config,
1127 ) -> Result<Pin<Box<Connection>>> {
1128 let conn = Connection::new(scid, odcid, from, config, true)?;
1129
1130 Ok(conn)
1131 }
1132
1133 /// Creates a new client-side connection.
1134 ///
1135 /// The `scid` parameter is used as the connection's source connection ID,
1136 /// while the optional `server_name` parameter is used to verify the peer's
1137 /// certificate.
1138 ///
1139 /// ## Examples:
1140 ///
1141 /// ```no_run
1142 /// # let mut config = quiche::Config::new(0xbabababa)?;
1143 /// # let server_name = "quic.tech";
1144 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1145 /// # let to = "127.0.0.1:1234".parse().unwrap();
1146 /// let conn = quiche::connect(Some(&server_name), &scid, to, &mut config)?;
1147 /// # Ok::<(), quiche::Error>(())
1148 /// ```
1149 #[inline]
connect( server_name: Option<&str>, scid: &ConnectionId, to: SocketAddr, config: &mut Config, ) -> Result<Pin<Box<Connection>>>1150 pub fn connect(
1151 server_name: Option<&str>, scid: &ConnectionId, to: SocketAddr,
1152 config: &mut Config,
1153 ) -> Result<Pin<Box<Connection>>> {
1154 let conn = Connection::new(scid, None, to, config, false)?;
1155
1156 if let Some(server_name) = server_name {
1157 conn.handshake.lock().unwrap().set_host_name(server_name)?;
1158 }
1159
1160 Ok(conn)
1161 }
1162
1163 /// Writes a version negotiation packet.
1164 ///
1165 /// The `scid` and `dcid` parameters are the source connection ID and the
1166 /// destination connection ID extracted from the received client's Initial
1167 /// packet that advertises an unsupported version.
1168 ///
1169 /// ## Examples:
1170 ///
1171 /// ```no_run
1172 /// # let mut buf = [0; 512];
1173 /// # let mut out = [0; 512];
1174 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
1175 /// let (len, src) = socket.recv_from(&mut buf).unwrap();
1176 ///
1177 /// let hdr =
1178 /// quiche::Header::from_slice(&mut buf[..len], quiche::MAX_CONN_ID_LEN)?;
1179 ///
1180 /// if hdr.version != quiche::PROTOCOL_VERSION {
1181 /// let len = quiche::negotiate_version(&hdr.scid, &hdr.dcid, &mut out)?;
1182 /// socket.send_to(&out[..len], &src).unwrap();
1183 /// }
1184 /// # Ok::<(), quiche::Error>(())
1185 /// ```
1186 #[inline]
negotiate_version( scid: &ConnectionId, dcid: &ConnectionId, out: &mut [u8], ) -> Result<usize>1187 pub fn negotiate_version(
1188 scid: &ConnectionId, dcid: &ConnectionId, out: &mut [u8],
1189 ) -> Result<usize> {
1190 packet::negotiate_version(scid, dcid, out)
1191 }
1192
1193 /// Writes a stateless retry packet.
1194 ///
1195 /// The `scid` and `dcid` parameters are the source connection ID and the
1196 /// destination connection ID extracted from the received client's Initial
1197 /// packet, while `new_scid` is the server's new source connection ID and
1198 /// `token` is the address validation token the client needs to echo back.
1199 ///
1200 /// The application is responsible for generating the address validation
1201 /// token to be sent to the client, and verifying tokens sent back by the
1202 /// client. The generated token should include the `dcid` parameter, such
1203 /// that it can be later extracted from the token and passed to the
1204 /// [`accept()`] function as its `odcid` parameter.
1205 ///
1206 /// [`accept()`]: fn.accept.html
1207 ///
1208 /// ## Examples:
1209 ///
1210 /// ```no_run
1211 /// # let mut config = quiche::Config::new(0xbabababa)?;
1212 /// # let mut buf = [0; 512];
1213 /// # let mut out = [0; 512];
1214 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1215 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
1216 /// # fn mint_token(hdr: &quiche::Header, src: &std::net::SocketAddr) -> Vec<u8> {
1217 /// # vec![]
1218 /// # }
1219 /// # fn validate_token<'a>(src: &std::net::SocketAddr, token: &'a [u8]) -> Option<quiche::ConnectionId<'a>> {
1220 /// # None
1221 /// # }
1222 /// let (len, src) = socket.recv_from(&mut buf).unwrap();
1223 ///
1224 /// let hdr = quiche::Header::from_slice(&mut buf[..len], quiche::MAX_CONN_ID_LEN)?;
1225 ///
1226 /// let token = hdr.token.as_ref().unwrap();
1227 ///
1228 /// // No token sent by client, create a new one.
1229 /// if token.is_empty() {
1230 /// let new_token = mint_token(&hdr, &src);
1231 ///
1232 /// let len = quiche::retry(
1233 /// &hdr.scid, &hdr.dcid, &scid, &new_token, hdr.version, &mut out,
1234 /// )?;
1235 ///
1236 /// socket.send_to(&out[..len], &src).unwrap();
1237 /// return Ok(());
1238 /// }
1239 ///
1240 /// // Client sent token, validate it.
1241 /// let odcid = validate_token(&src, token);
1242 ///
1243 /// if odcid.is_none() {
1244 /// // Invalid address validation token.
1245 /// return Ok(());
1246 /// }
1247 ///
1248 /// let conn = quiche::accept(&scid, odcid.as_ref(), src, &mut config)?;
1249 /// # Ok::<(), quiche::Error>(())
1250 /// ```
1251 #[inline]
retry( scid: &ConnectionId, dcid: &ConnectionId, new_scid: &ConnectionId, token: &[u8], version: u32, out: &mut [u8], ) -> Result<usize>1252 pub fn retry(
1253 scid: &ConnectionId, dcid: &ConnectionId, new_scid: &ConnectionId,
1254 token: &[u8], version: u32, out: &mut [u8],
1255 ) -> Result<usize> {
1256 packet::retry(scid, dcid, new_scid, token, version, out)
1257 }
1258
1259 /// Returns true if the given protocol version is supported.
1260 #[inline]
version_is_supported(version: u32) -> bool1261 pub fn version_is_supported(version: u32) -> bool {
1262 matches!(
1263 version,
1264 PROTOCOL_VERSION_V1 |
1265 PROTOCOL_VERSION_DRAFT27 |
1266 PROTOCOL_VERSION_DRAFT28 |
1267 PROTOCOL_VERSION_DRAFT29
1268 )
1269 }
1270
1271 /// Pushes a frame to the output packet if there is enough space.
1272 ///
1273 /// Returns `true` on success, `false` otherwise. In case of failure it means
1274 /// there is no room to add the frame in the packet. You may retry to add the
1275 /// frame later.
1276 macro_rules! push_frame_to_pkt {
1277 ($out:expr, $frames:expr, $frame:expr, $left:expr) => {{
1278 if $frame.wire_len() <= $left {
1279 $left -= $frame.wire_len();
1280
1281 $frame.to_bytes(&mut $out)?;
1282
1283 $frames.push($frame);
1284
1285 true
1286 } else {
1287 false
1288 }
1289 }};
1290 }
1291
1292 /// Conditional qlog action.
1293 ///
1294 /// Executes the provided body if the qlog feature is enabled and quiche
1295 /// has been condifigured with a log writer.
1296 macro_rules! qlog_with {
1297 ($qlog_streamer:expr, $qlog_streamer_ref:ident, $body:block) => {{
1298 #[cfg(feature = "qlog")]
1299 {
1300 if let Some($qlog_streamer_ref) = &mut $qlog_streamer {
1301 $body
1302 }
1303 }
1304 }};
1305 }
1306
1307 impl Connection {
new( scid: &ConnectionId, odcid: Option<&ConnectionId>, peer: SocketAddr, config: &mut Config, is_server: bool, ) -> Result<Pin<Box<Connection>>>1308 fn new(
1309 scid: &ConnectionId, odcid: Option<&ConnectionId>, peer: SocketAddr,
1310 config: &mut Config, is_server: bool,
1311 ) -> Result<Pin<Box<Connection>>> {
1312 let tls = config.tls_ctx.lock().unwrap().new_handshake()?;
1313 Connection::with_tls(scid, odcid, peer, config, tls, is_server)
1314 }
1315
with_tls( scid: &ConnectionId, odcid: Option<&ConnectionId>, peer: SocketAddr, config: &mut Config, tls: tls::Handshake, is_server: bool, ) -> Result<Pin<Box<Connection>>>1316 fn with_tls(
1317 scid: &ConnectionId, odcid: Option<&ConnectionId>, peer: SocketAddr,
1318 config: &mut Config, tls: tls::Handshake, is_server: bool,
1319 ) -> Result<Pin<Box<Connection>>> {
1320 let max_rx_data = config.local_transport_params.initial_max_data;
1321
1322 let scid_as_hex: Vec<String> =
1323 scid.iter().map(|b| format!("{:02x}", b)).collect();
1324
1325 let mut conn = Box::pin(Connection {
1326 version: config.version,
1327
1328 dcid: ConnectionId::default(),
1329 scid: scid.to_vec().into(),
1330
1331 trace_id: scid_as_hex.join(""),
1332
1333 pkt_num_spaces: [
1334 packet::PktNumSpace::new(),
1335 packet::PktNumSpace::new(),
1336 packet::PktNumSpace::new(),
1337 ],
1338
1339 peer_transport_params: TransportParams::default(),
1340
1341 local_transport_params: config.local_transport_params.clone(),
1342
1343 handshake: Mutex::new(tls),
1344
1345 session: None,
1346
1347 recovery: recovery::Recovery::new(&config),
1348
1349 peer_addr: peer,
1350
1351 application_protos: config.application_protos.clone(),
1352
1353 recv_count: 0,
1354 sent_count: 0,
1355
1356 rx_data: 0,
1357 max_rx_data,
1358 max_rx_data_next: max_rx_data,
1359 almost_full: false,
1360
1361 tx_cap: 0,
1362
1363 tx_data: 0,
1364 max_tx_data: 0,
1365
1366 max_send_bytes: 0,
1367
1368 streams: stream::StreamMap::new(
1369 config.local_transport_params.initial_max_streams_bidi,
1370 config.local_transport_params.initial_max_streams_uni,
1371 ),
1372
1373 odcid: None,
1374
1375 rscid: None,
1376
1377 token: None,
1378
1379 local_error: None,
1380
1381 peer_error: None,
1382
1383 challenge: None,
1384
1385 blocked_limit: None,
1386
1387 idle_timer: None,
1388
1389 draining_timer: None,
1390
1391 undecryptable_pkts: VecDeque::new(),
1392
1393 alpn: Vec::new(),
1394
1395 is_server,
1396
1397 derived_initial_secrets: false,
1398
1399 did_version_negotiation: false,
1400
1401 did_retry: false,
1402
1403 got_peer_conn_id: false,
1404
1405 // If we did stateless retry assume the peer's address is verified.
1406 verified_peer_address: odcid.is_some(),
1407
1408 // Assume clients validate the server's address implicitly.
1409 peer_verified_address: is_server,
1410
1411 parsed_peer_transport_params: false,
1412
1413 handshake_completed: false,
1414
1415 handshake_done_sent: false,
1416
1417 handshake_confirmed: false,
1418
1419 ack_eliciting_sent: false,
1420
1421 closed: false,
1422
1423 grease: config.grease,
1424
1425 keylog: None,
1426
1427 #[cfg(feature = "qlog")]
1428 qlog_streamer: None,
1429
1430 #[cfg(feature = "qlog")]
1431 qlogged_peer_params: false,
1432
1433 dgram_recv_queue: dgram::DatagramQueue::new(
1434 config.dgram_recv_max_queue_len,
1435 ),
1436
1437 dgram_send_queue: dgram::DatagramQueue::new(
1438 config.dgram_send_max_queue_len,
1439 ),
1440
1441 emit_dgram: true,
1442 });
1443
1444 if let Some(odcid) = odcid {
1445 conn.local_transport_params
1446 .original_destination_connection_id = Some(odcid.to_vec().into());
1447
1448 conn.local_transport_params.retry_source_connection_id =
1449 Some(scid.to_vec().into());
1450
1451 conn.did_retry = true;
1452 }
1453
1454 conn.local_transport_params.initial_source_connection_id =
1455 Some(scid.to_vec().into());
1456
1457 conn.handshake.lock().unwrap().init(&conn)?;
1458
1459 conn.handshake
1460 .lock()
1461 .unwrap()
1462 .use_legacy_codepoint(config.version != PROTOCOL_VERSION_V1);
1463
1464 conn.encode_transport_params()?;
1465
1466 // Derive initial secrets for the client. We can do this here because
1467 // we already generated the random destination connection ID.
1468 if !is_server {
1469 let mut dcid = [0; 16];
1470 rand::rand_bytes(&mut dcid[..]);
1471
1472 let (aead_open, aead_seal) = crypto::derive_initial_key_material(
1473 &dcid,
1474 conn.version,
1475 conn.is_server,
1476 )?;
1477
1478 conn.dcid = dcid.to_vec().into();
1479
1480 conn.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_open =
1481 Some(aead_open);
1482 conn.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_seal =
1483 Some(aead_seal);
1484
1485 conn.derived_initial_secrets = true;
1486 }
1487
1488 Ok(conn)
1489 }
1490
1491 /// Sets keylog output to the designated [`Writer`].
1492 ///
1493 /// This needs to be called as soon as the connection is created, to avoid
1494 /// missing some early logs.
1495 ///
1496 /// [`Writer`]: https://doc.rust-lang.org/std/io/trait.Write.html
1497 #[inline]
set_keylog(&mut self, writer: Box<dyn std::io::Write + Send + Sync>)1498 pub fn set_keylog(&mut self, writer: Box<dyn std::io::Write + Send + Sync>) {
1499 self.keylog = Some(writer);
1500 }
1501
1502 /// Sets qlog output to the designated [`Writer`].
1503 ///
1504 /// This needs to be called as soon as the connection is created, to avoid
1505 /// missing some early logs.
1506 ///
1507 /// [`Writer`]: https://doc.rust-lang.org/std/io/trait.Write.html
1508 #[cfg(feature = "qlog")]
set_qlog( &mut self, writer: Box<dyn std::io::Write + Send + Sync>, title: String, description: String, )1509 pub fn set_qlog(
1510 &mut self, writer: Box<dyn std::io::Write + Send + Sync>, title: String,
1511 description: String,
1512 ) {
1513 let vp = if self.is_server {
1514 qlog::VantagePointType::Server
1515 } else {
1516 qlog::VantagePointType::Client
1517 };
1518
1519 let trace = qlog::Trace::new(
1520 qlog::VantagePoint {
1521 name: None,
1522 ty: vp,
1523 flow: None,
1524 },
1525 Some(title.to_string()),
1526 Some(description.to_string()),
1527 Some(qlog::Configuration {
1528 time_offset: Some("0".to_string()),
1529 time_units: Some(qlog::TimeUnits::Ms),
1530 original_uris: None,
1531 }),
1532 None,
1533 );
1534
1535 let mut streamer = qlog::QlogStreamer::new(
1536 qlog::QLOG_VERSION.to_string(),
1537 Some(title),
1538 Some(description),
1539 None,
1540 std::time::Instant::now(),
1541 trace,
1542 writer,
1543 );
1544
1545 streamer.start_log().ok();
1546
1547 let handshake = self.handshake.lock().unwrap();
1548
1549 let ev = self.local_transport_params.to_qlog(
1550 qlog::TransportOwner::Local,
1551 self.version,
1552 handshake.alpn_protocol(),
1553 handshake.cipher(),
1554 );
1555
1556 streamer.add_event(ev).ok();
1557
1558 self.qlog_streamer = Some(streamer);
1559 }
1560
1561 /// Configures the given session for resumption.
1562 ///
1563 /// On the client, this can be used to offer the given serialized session,
1564 /// as returned by [`session()`], for resumption.
1565 ///
1566 /// This must only be called immediately after creating a connection, that
1567 /// is, before any packet is sent or received.
1568 ///
1569 /// [`session()`]: struct.Connection.html#method.session
1570 #[inline]
set_session(&mut self, session: &[u8]) -> Result<()>1571 pub fn set_session(&mut self, session: &[u8]) -> Result<()> {
1572 let mut b = octets::Octets::with_slice(session);
1573
1574 let session_len = b.get_u64()? as usize;
1575 let session_bytes = b.get_bytes(session_len)?;
1576
1577 self.handshake
1578 .lock()
1579 .unwrap()
1580 .set_session(session_bytes.as_ref())?;
1581
1582 let raw_params_len = b.get_u64()? as usize;
1583 let raw_params_bytes = b.get_bytes(raw_params_len)?;
1584
1585 let peer_params =
1586 TransportParams::decode(raw_params_bytes.as_ref(), self.is_server)?;
1587
1588 self.process_peer_transport_params(peer_params);
1589
1590 Ok(())
1591 }
1592
1593 /// Processes QUIC packets received from the peer.
1594 ///
1595 /// On success the number of bytes processed from the input buffer is
1596 /// returned. On error the connection will be closed by calling [`close()`]
1597 /// with the appropriate error code.
1598 ///
1599 /// Coalesced packets will be processed as necessary.
1600 ///
1601 /// Note that the contents of the input buffer `buf` might be modified by
1602 /// this function due to, for example, in-place decryption.
1603 ///
1604 /// [`close()`]: struct.Connection.html#method.close
1605 ///
1606 /// ## Examples:
1607 ///
1608 /// ```no_run
1609 /// # let mut buf = [0; 512];
1610 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
1611 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
1612 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1613 /// # let from = "127.0.0.1:1234".parse().unwrap();
1614 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
1615 /// loop {
1616 /// let (read, from) = socket.recv_from(&mut buf).unwrap();
1617 ///
1618 /// let recv_info = quiche::RecvInfo { from };
1619 ///
1620 /// let read = match conn.recv(&mut buf[..read], recv_info) {
1621 /// Ok(v) => v,
1622 ///
1623 /// Err(e) => {
1624 /// // An error occurred, handle it.
1625 /// break;
1626 /// },
1627 /// };
1628 /// }
1629 /// # Ok::<(), quiche::Error>(())
1630 /// ```
recv(&mut self, buf: &mut [u8], info: RecvInfo) -> Result<usize>1631 pub fn recv(&mut self, buf: &mut [u8], info: RecvInfo) -> Result<usize> {
1632 let len = buf.len();
1633
1634 if len == 0 {
1635 return Err(Error::BufferTooShort);
1636 }
1637
1638 // Keep track of how many bytes we received from the client, so we
1639 // can limit bytes sent back before address validation, to a multiple
1640 // of this. The limit needs to be increased early on, so that if there
1641 // is an error there is enough credit to send a CONNECTION_CLOSE.
1642 //
1643 // It doesn't matter if the packets received were valid or not, we only
1644 // need to track the total amount of bytes received.
1645 if !self.verified_peer_address {
1646 self.max_send_bytes += len * MAX_AMPLIFICATION_FACTOR;
1647 }
1648
1649 let mut done = 0;
1650 let mut left = len;
1651
1652 // Process coalesced packets.
1653 while left > 0 {
1654 let read = match self.recv_single(&mut buf[len - left..len], &info) {
1655 Ok(v) => v,
1656
1657 Err(Error::Done) => left,
1658
1659 Err(e) => {
1660 // In case of error processing the incoming packet, close
1661 // the connection.
1662 self.close(false, e.to_wire(), b"").ok();
1663 return Err(e);
1664 },
1665 };
1666
1667 done += read;
1668 left -= read;
1669 }
1670
1671 // Process previously undecryptable 0-RTT packets if the decryption key
1672 // is now available.
1673 if self.pkt_num_spaces[packet::EPOCH_APPLICATION]
1674 .crypto_0rtt_open
1675 .is_some()
1676 {
1677 while let Some((mut pkt, info)) = self.undecryptable_pkts.pop_front()
1678 {
1679 if let Err(e) = self.recv(&mut pkt, info) {
1680 self.undecryptable_pkts.clear();
1681
1682 // Even though the packet was previously "accepted", it
1683 // should be safe to forward the error, as it also comes
1684 // from the `recv()` method.
1685 return Err(e);
1686 }
1687 }
1688 }
1689
1690 Ok(done)
1691 }
1692
1693 /// Processes a single QUIC packet received from the peer.
1694 ///
1695 /// On success the number of bytes processed from the input buffer is
1696 /// returned. When the [`Done`] error is returned, processing of the
1697 /// remainder of the incoming UDP datagram should be interrupted.
1698 ///
1699 /// On error, an error other than [`Done`] is returned.
1700 ///
1701 /// [`Done`]: enum.Error.html#variant.Done
recv_single(&mut self, buf: &mut [u8], info: &RecvInfo) -> Result<usize>1702 fn recv_single(&mut self, buf: &mut [u8], info: &RecvInfo) -> Result<usize> {
1703 let now = time::Instant::now();
1704
1705 if buf.is_empty() {
1706 return Err(Error::Done);
1707 }
1708
1709 if self.is_closed() || self.is_draining() {
1710 return Err(Error::Done);
1711 }
1712
1713 let is_closing = self.local_error.is_some();
1714
1715 if is_closing {
1716 return Err(Error::Done);
1717 }
1718
1719 let mut b = octets::OctetsMut::with_slice(buf);
1720
1721 let mut hdr =
1722 Header::from_bytes(&mut b, self.scid.len()).map_err(|e| {
1723 drop_pkt_on_err(
1724 e,
1725 self.recv_count,
1726 self.is_server,
1727 &self.trace_id,
1728 )
1729 })?;
1730
1731 if hdr.ty == packet::Type::VersionNegotiation {
1732 // Version negotiation packets can only be sent by the server.
1733 if self.is_server {
1734 return Err(Error::Done);
1735 }
1736
1737 // Ignore duplicate version negotiation.
1738 if self.did_version_negotiation {
1739 return Err(Error::Done);
1740 }
1741
1742 // Ignore version negotiation if any other packet has already been
1743 // successfully processed.
1744 if self.recv_count > 0 {
1745 return Err(Error::Done);
1746 }
1747
1748 if hdr.dcid != self.scid {
1749 return Err(Error::Done);
1750 }
1751
1752 if hdr.scid != self.dcid {
1753 return Err(Error::Done);
1754 }
1755
1756 trace!("{} rx pkt {:?}", self.trace_id, hdr);
1757
1758 let versions = hdr.versions.ok_or(Error::Done)?;
1759
1760 // Ignore version negotiation if the version already selected is
1761 // listed.
1762 if versions.iter().any(|&v| v == self.version) {
1763 return Err(Error::Done);
1764 }
1765
1766 let supported_versions =
1767 versions.iter().filter(|&&v| version_is_supported(v));
1768
1769 let mut found_version = false;
1770
1771 for &v in supported_versions {
1772 found_version = true;
1773
1774 // The final version takes precedence over draft ones.
1775 if v == PROTOCOL_VERSION_V1 {
1776 self.version = v;
1777 break;
1778 }
1779
1780 self.version = cmp::max(self.version, v);
1781 }
1782
1783 if !found_version {
1784 // We don't support any of the versions offered.
1785 //
1786 // While a man-in-the-middle attacker might be able to
1787 // inject a version negotiation packet that triggers this
1788 // failure, the window of opportunity is very small and
1789 // this error is quite useful for debugging, so don't just
1790 // ignore the packet.
1791 return Err(Error::UnknownVersion);
1792 }
1793
1794 self.did_version_negotiation = true;
1795
1796 // Derive Initial secrets based on the new version.
1797 let (aead_open, aead_seal) = crypto::derive_initial_key_material(
1798 &self.dcid,
1799 self.version,
1800 self.is_server,
1801 )?;
1802
1803 // Reset connection state to force sending another Initial packet.
1804 self.drop_epoch_state(packet::EPOCH_INITIAL, now);
1805 self.got_peer_conn_id = false;
1806 self.handshake.lock().unwrap().clear()?;
1807
1808 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_open =
1809 Some(aead_open);
1810 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_seal =
1811 Some(aead_seal);
1812
1813 self.handshake
1814 .lock()
1815 .unwrap()
1816 .use_legacy_codepoint(self.version != PROTOCOL_VERSION_V1);
1817
1818 // Encode transport parameters again, as the new version might be
1819 // using a different format.
1820 self.encode_transport_params()?;
1821
1822 return Err(Error::Done);
1823 }
1824
1825 if hdr.ty == packet::Type::Retry {
1826 // Retry packets can only be sent by the server.
1827 if self.is_server {
1828 return Err(Error::Done);
1829 }
1830
1831 // Ignore duplicate retry.
1832 if self.did_retry {
1833 return Err(Error::Done);
1834 }
1835
1836 // Check if Retry packet is valid.
1837 if packet::verify_retry_integrity(&b, &self.dcid, self.version)
1838 .is_err()
1839 {
1840 return Err(Error::Done);
1841 }
1842
1843 trace!("{} rx pkt {:?}", self.trace_id, hdr);
1844
1845 self.token = hdr.token;
1846 self.did_retry = true;
1847
1848 // Remember peer's new connection ID.
1849 self.odcid = Some(self.dcid.clone());
1850
1851 self.dcid = hdr.scid.clone();
1852
1853 self.rscid = Some(self.dcid.clone());
1854
1855 // Derive Initial secrets using the new connection ID.
1856 let (aead_open, aead_seal) = crypto::derive_initial_key_material(
1857 &hdr.scid,
1858 self.version,
1859 self.is_server,
1860 )?;
1861
1862 // Reset connection state to force sending another Initial packet.
1863 self.drop_epoch_state(packet::EPOCH_INITIAL, now);
1864 self.got_peer_conn_id = false;
1865 self.handshake.lock().unwrap().clear()?;
1866
1867 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_open =
1868 Some(aead_open);
1869 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_seal =
1870 Some(aead_seal);
1871
1872 return Err(Error::Done);
1873 }
1874
1875 if self.is_server && !self.did_version_negotiation {
1876 if !version_is_supported(hdr.version) {
1877 return Err(Error::UnknownVersion);
1878 }
1879
1880 self.version = hdr.version;
1881 self.did_version_negotiation = true;
1882
1883 self.handshake
1884 .lock()
1885 .unwrap()
1886 .use_legacy_codepoint(self.version != PROTOCOL_VERSION_V1);
1887
1888 // Encode transport parameters again, as the new version might be
1889 // using a different format.
1890 self.encode_transport_params()?;
1891 }
1892
1893 if hdr.ty != packet::Type::Short && hdr.version != self.version {
1894 // At this point version negotiation was already performed, so
1895 // ignore packets that don't match the connection's version.
1896 return Err(Error::Done);
1897 }
1898
1899 // Long header packets have an explicit payload length, but short
1900 // packets don't so just use the remaining capacity in the buffer.
1901 let payload_len = if hdr.ty == packet::Type::Short {
1902 b.cap()
1903 } else {
1904 b.get_varint().map_err(|e| {
1905 drop_pkt_on_err(
1906 e.into(),
1907 self.recv_count,
1908 self.is_server,
1909 &self.trace_id,
1910 )
1911 })? as usize
1912 };
1913
1914 // Make sure the buffer is same or larger than an explicit
1915 // payload length.
1916 if payload_len > b.cap() {
1917 return Err(drop_pkt_on_err(
1918 Error::InvalidPacket,
1919 self.recv_count,
1920 self.is_server,
1921 &self.trace_id,
1922 ));
1923 }
1924
1925 // Derive initial secrets on the server.
1926 if !self.derived_initial_secrets {
1927 let (aead_open, aead_seal) = crypto::derive_initial_key_material(
1928 &hdr.dcid,
1929 self.version,
1930 self.is_server,
1931 )?;
1932
1933 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_open =
1934 Some(aead_open);
1935 self.pkt_num_spaces[packet::EPOCH_INITIAL].crypto_seal =
1936 Some(aead_seal);
1937
1938 self.derived_initial_secrets = true;
1939 }
1940
1941 // Select packet number space epoch based on the received packet's type.
1942 let epoch = hdr.ty.to_epoch()?;
1943
1944 // Select AEAD context used to open incoming packet.
1945 let aead = if hdr.ty == packet::Type::ZeroRTT {
1946 // Only use 0-RTT key if incoming packet is 0-RTT.
1947 self.pkt_num_spaces[epoch].crypto_0rtt_open.as_ref()
1948 } else {
1949 // Otherwise use the packet number space's main key.
1950 self.pkt_num_spaces[epoch].crypto_open.as_ref()
1951 };
1952
1953 // Finally, discard packet if no usable key is available.
1954 let aead = match aead {
1955 Some(v) => v,
1956
1957 None => {
1958 if hdr.ty == packet::Type::ZeroRTT &&
1959 self.undecryptable_pkts.len() < MAX_UNDECRYPTABLE_PACKETS &&
1960 !self.is_established()
1961 {
1962 // Buffer 0-RTT packets when the required read key is not
1963 // available yet, and process them later.
1964 //
1965 // TODO: in the future we might want to buffer other types
1966 // of undecryptable packets as well.
1967 let pkt_len = b.off() + payload_len;
1968 let pkt = (b.buf()[..pkt_len]).to_vec();
1969
1970 self.undecryptable_pkts.push_back((pkt, *info));
1971 return Ok(pkt_len);
1972 }
1973
1974 let e = drop_pkt_on_err(
1975 Error::CryptoFail,
1976 self.recv_count,
1977 self.is_server,
1978 &self.trace_id,
1979 );
1980
1981 return Err(e);
1982 },
1983 };
1984
1985 let aead_tag_len = aead.alg().tag_len();
1986
1987 packet::decrypt_hdr(&mut b, &mut hdr, &aead).map_err(|e| {
1988 drop_pkt_on_err(e, self.recv_count, self.is_server, &self.trace_id)
1989 })?;
1990
1991 let pn = packet::decode_pkt_num(
1992 self.pkt_num_spaces[epoch].largest_rx_pkt_num,
1993 hdr.pkt_num,
1994 hdr.pkt_num_len,
1995 );
1996
1997 let pn_len = hdr.pkt_num_len;
1998
1999 trace!(
2000 "{} rx pkt {:?} len={} pn={}",
2001 self.trace_id,
2002 hdr,
2003 payload_len,
2004 pn
2005 );
2006
2007 qlog_with!(self.qlog_streamer, q, {
2008 let packet_size = b.len();
2009
2010 let qlog_pkt_hdr = qlog::PacketHeader::with_type(
2011 hdr.ty.to_qlog(),
2012 pn,
2013 Some(packet_size as u64),
2014 Some(payload_len as u64),
2015 Some(hdr.version),
2016 Some(&hdr.scid),
2017 Some(&hdr.dcid),
2018 );
2019
2020 q.add_event(qlog::event::Event::packet_received(
2021 hdr.ty.to_qlog(),
2022 qlog_pkt_hdr,
2023 Some(Vec::new()),
2024 None,
2025 None,
2026 None,
2027 ))
2028 .ok();
2029 });
2030
2031 let mut payload = packet::decrypt_pkt(
2032 &mut b,
2033 pn,
2034 pn_len,
2035 payload_len,
2036 &aead,
2037 )
2038 .map_err(|e| {
2039 drop_pkt_on_err(e, self.recv_count, self.is_server, &self.trace_id)
2040 })?;
2041
2042 if self.pkt_num_spaces[epoch].recv_pkt_num.contains(pn) {
2043 trace!("{} ignored duplicate packet {}", self.trace_id, pn);
2044 return Err(Error::Done);
2045 }
2046
2047 // Packets with no frames are invalid.
2048 if payload.cap() == 0 {
2049 return Err(Error::InvalidPacket);
2050 }
2051
2052 if !self.is_server && !self.got_peer_conn_id {
2053 if self.odcid.is_none() {
2054 self.odcid = Some(self.dcid.clone());
2055 }
2056
2057 // Replace the randomly generated destination connection ID with
2058 // the one supplied by the server.
2059 self.dcid = hdr.scid.clone();
2060
2061 self.got_peer_conn_id = true;
2062 }
2063
2064 if self.is_server && !self.got_peer_conn_id {
2065 self.dcid = hdr.scid.clone();
2066
2067 if !self.did_retry &&
2068 (self.version >= PROTOCOL_VERSION_DRAFT28 ||
2069 self.version == PROTOCOL_VERSION_V1)
2070 {
2071 self.local_transport_params
2072 .original_destination_connection_id =
2073 Some(hdr.dcid.to_vec().into());
2074
2075 self.encode_transport_params()?;
2076 }
2077
2078 self.got_peer_conn_id = true;
2079 }
2080
2081 // To avoid sending an ACK in response to an ACK-only packet, we need
2082 // to keep track of whether this packet contains any frame other than
2083 // ACK and PADDING.
2084 let mut ack_elicited = false;
2085
2086 // Process packet payload.
2087 while payload.cap() > 0 {
2088 let frame = frame::Frame::from_bytes(&mut payload, hdr.ty)?;
2089
2090 qlog_with!(self.qlog_streamer, q, {
2091 q.add_frame(frame.to_qlog(), false).ok();
2092 });
2093
2094 if frame.ack_eliciting() {
2095 ack_elicited = true;
2096 }
2097
2098 if let Err(e) = self.process_frame(frame, epoch, now) {
2099 qlog_with!(self.qlog_streamer, q, {
2100 // Always conclude frame writing on error.
2101 q.finish_frames().ok();
2102 });
2103
2104 return Err(e);
2105 }
2106 }
2107
2108 qlog_with!(self.qlog_streamer, q, {
2109 // Always conclude frame writing.
2110 q.finish_frames().ok();
2111 });
2112
2113 qlog_with!(self.qlog_streamer, q, {
2114 let ev = self.recovery.to_qlog();
2115 q.add_event(ev).ok();
2116 });
2117
2118 // Only log the remote transport parameters once the connection is
2119 // established (i.e. after frames have been fully parsed) and only
2120 // once per connection.
2121 if self.is_established() {
2122 qlog_with!(self.qlog_streamer, q, {
2123 if !self.qlogged_peer_params {
2124 let handshake = self.handshake.lock().unwrap();
2125
2126 let ev = self.peer_transport_params.to_qlog(
2127 qlog::TransportOwner::Remote,
2128 self.version,
2129 handshake.alpn_protocol(),
2130 handshake.cipher(),
2131 );
2132
2133 q.add_event(ev).ok();
2134
2135 self.qlogged_peer_params = true;
2136 }
2137 });
2138 }
2139
2140 // Process acked frames.
2141 for acked in self.recovery.acked[epoch].drain(..) {
2142 match acked {
2143 frame::Frame::ACK { ranges, .. } => {
2144 // Stop acknowledging packets less than or equal to the
2145 // largest acknowledged in the sent ACK frame that, in
2146 // turn, got acked.
2147 if let Some(largest_acked) = ranges.last() {
2148 self.pkt_num_spaces[epoch]
2149 .recv_pkt_need_ack
2150 .remove_until(largest_acked);
2151 }
2152 },
2153
2154 frame::Frame::CryptoHeader { offset, length } => {
2155 self.pkt_num_spaces[epoch]
2156 .crypto_stream
2157 .send
2158 .ack_and_drop(offset, length);
2159 },
2160
2161 frame::Frame::StreamHeader {
2162 stream_id,
2163 offset,
2164 length,
2165 ..
2166 } => {
2167 let stream = match self.streams.get_mut(stream_id) {
2168 Some(v) => v,
2169
2170 None => continue,
2171 };
2172
2173 stream.send.ack_and_drop(offset, length);
2174
2175 // Only collect the stream if it is complete and not
2176 // readable. If it is readable, it will get collected when
2177 // stream_recv() is used.
2178 if stream.is_complete() && !stream.is_readable() {
2179 let local = stream.local;
2180 self.streams.collect(stream_id, local);
2181 }
2182 },
2183
2184 frame::Frame::ResetStream { stream_id, .. } => {
2185 let stream = match self.streams.get_mut(stream_id) {
2186 Some(v) => v,
2187
2188 None => continue,
2189 };
2190
2191 // Only collect the stream if it is complete and not
2192 // readable. If it is readable, it will get collected when
2193 // stream_recv() is used.
2194 if stream.is_complete() && !stream.is_readable() {
2195 let local = stream.local;
2196 self.streams.collect(stream_id, local);
2197 }
2198 },
2199
2200 _ => (),
2201 }
2202 }
2203
2204 // We only record the time of arrival of the largest packet number
2205 // that still needs to be acked, to be used for ACK delay calculation.
2206 if self.pkt_num_spaces[epoch].recv_pkt_need_ack.last() < Some(pn) {
2207 self.pkt_num_spaces[epoch].largest_rx_pkt_time = now;
2208 }
2209
2210 self.pkt_num_spaces[epoch].recv_pkt_num.insert(pn);
2211
2212 self.pkt_num_spaces[epoch].recv_pkt_need_ack.push_item(pn);
2213
2214 self.pkt_num_spaces[epoch].ack_elicited =
2215 cmp::max(self.pkt_num_spaces[epoch].ack_elicited, ack_elicited);
2216
2217 self.pkt_num_spaces[epoch].largest_rx_pkt_num =
2218 cmp::max(self.pkt_num_spaces[epoch].largest_rx_pkt_num, pn);
2219
2220 if let Some(idle_timeout) = self.idle_timeout() {
2221 self.idle_timer = Some(now + idle_timeout);
2222 }
2223
2224 // Update send capacity.
2225 self.tx_cap = cmp::min(
2226 self.recovery.cwnd_available() as u64,
2227 self.max_tx_data - self.tx_data,
2228 ) as usize;
2229
2230 self.recv_count += 1;
2231
2232 let read = b.off() + aead_tag_len;
2233
2234 // An Handshake packet has been received from the client and has been
2235 // successfully processed, so we can drop the initial state and consider
2236 // the client's address to be verified.
2237 if self.is_server && hdr.ty == packet::Type::Handshake {
2238 self.drop_epoch_state(packet::EPOCH_INITIAL, now);
2239
2240 self.verified_peer_address = true;
2241 }
2242
2243 self.ack_eliciting_sent = false;
2244
2245 Ok(read)
2246 }
2247
2248 /// Writes a single QUIC packet to be sent to the peer.
2249 ///
2250 /// On success the number of bytes written to the output buffer is
2251 /// returned, or [`Done`] if there was nothing to write.
2252 ///
2253 /// The application should call `send()` multiple times until [`Done`] is
2254 /// returned, indicating that there are no more packets to send. It is
2255 /// recommended that `send()` be called in the following cases:
2256 ///
2257 /// * When the application receives QUIC packets from the peer (that is,
2258 /// any time [`recv()`] is also called).
2259 ///
2260 /// * When the connection timer expires (that is, any time [`on_timeout()`]
2261 /// is also called).
2262 ///
2263 /// * When the application sends data to the peer (for examples, any time
2264 /// [`stream_send()`] or [`stream_shutdown()`] are called).
2265 ///
2266 /// [`Done`]: enum.Error.html#variant.Done
2267 /// [`recv()`]: struct.Connection.html#method.recv
2268 /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
2269 /// [`stream_send()`]: struct.Connection.html#method.stream_send
2270 /// [`stream_shutdown()`]: struct.Connection.html#method.stream_shutdown
2271 ///
2272 /// ## Examples:
2273 ///
2274 /// ```no_run
2275 /// # let mut out = [0; 512];
2276 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
2277 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
2278 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
2279 /// # let from = "127.0.0.1:1234".parse().unwrap();
2280 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
2281 /// loop {
2282 /// let (write, send_info) = match conn.send(&mut out) {
2283 /// Ok(v) => v,
2284 ///
2285 /// Err(quiche::Error::Done) => {
2286 /// // Done writing.
2287 /// break;
2288 /// },
2289 ///
2290 /// Err(e) => {
2291 /// // An error occurred, handle it.
2292 /// break;
2293 /// },
2294 /// };
2295 ///
2296 /// socket.send_to(&out[..write], &send_info.to).unwrap();
2297 /// }
2298 /// # Ok::<(), quiche::Error>(())
2299 /// ```
send(&mut self, out: &mut [u8]) -> Result<(usize, SendInfo)>2300 pub fn send(&mut self, out: &mut [u8]) -> Result<(usize, SendInfo)> {
2301 if out.is_empty() {
2302 return Err(Error::BufferTooShort);
2303 }
2304
2305 if self.is_closed() || self.is_draining() {
2306 return Err(Error::Done);
2307 }
2308
2309 if self.local_error.is_none() {
2310 self.do_handshake()?;
2311 }
2312
2313 // Process previously undecryptable 0-RTT packets if the decryption key
2314 // is now available.
2315 if self.pkt_num_spaces[packet::EPOCH_APPLICATION]
2316 .crypto_0rtt_open
2317 .is_some()
2318 {
2319 while let Some((mut pkt, info)) = self.undecryptable_pkts.pop_front()
2320 {
2321 if self.recv(&mut pkt, info).is_err() {
2322 self.undecryptable_pkts.clear();
2323
2324 // Forwarding the error value here could confuse
2325 // applications, as they may not expect getting a `recv()`
2326 // error when calling `send()`.
2327 //
2328 // We simply fall-through to sending packets, which should
2329 // take care of terminating the connection as needed.
2330 break;
2331 }
2332 }
2333 }
2334
2335 // There's no point in trying to send a packet if the Initial secrets
2336 // have not been derived yet, so return early.
2337 if !self.derived_initial_secrets {
2338 return Err(Error::Done);
2339 }
2340
2341 let mut has_initial = false;
2342
2343 let mut done = 0;
2344
2345 // Limit output packet size to respect the sender and receiver's
2346 // maximum UDP payload size limit.
2347 let mut left = cmp::min(out.len(), self.max_send_udp_payload_size());
2348
2349 // Limit data sent by the server based on the amount of data received
2350 // from the client before its address is validated.
2351 if !self.verified_peer_address && self.is_server {
2352 left = cmp::min(left, self.max_send_bytes);
2353 }
2354
2355 // Generate coalesced packets.
2356 while left > 0 {
2357 let (ty, written) = match self
2358 .send_single(&mut out[done..done + left], has_initial)
2359 {
2360 Ok(v) => v,
2361
2362 Err(Error::BufferTooShort) | Err(Error::Done) => break,
2363
2364 Err(e) => return Err(e),
2365 };
2366
2367 done += written;
2368 left -= written;
2369
2370 match ty {
2371 packet::Type::Initial => has_initial = true,
2372
2373 // No more packets can be coalesced after a 1-RTT.
2374 packet::Type::Short => break,
2375
2376 _ => (),
2377 };
2378
2379 // When sending multiple PTO probes, don't coalesce them together,
2380 // so they are sent on separate UDP datagrams.
2381 if let Ok(epoch) = ty.to_epoch() {
2382 if self.recovery.loss_probes[epoch] > 0 {
2383 break;
2384 }
2385 }
2386 }
2387
2388 if done == 0 {
2389 return Err(Error::Done);
2390 }
2391
2392 // Pad UDP datagram if it contains a QUIC Initial packet.
2393 if has_initial && left > 0 && done < MIN_CLIENT_INITIAL_LEN {
2394 let pad_len = cmp::min(left, MIN_CLIENT_INITIAL_LEN - done);
2395
2396 // Fill padding area with null bytes, to avoid leaking information
2397 // in case the application reuses the packet buffer.
2398 out[done..done + pad_len].fill(0);
2399
2400 done += pad_len;
2401 }
2402
2403 let info = SendInfo {
2404 to: self.peer_addr,
2405
2406 at: self
2407 .recovery
2408 .get_packet_send_time()
2409 .unwrap_or_else(time::Instant::now),
2410 };
2411
2412 Ok((done, info))
2413 }
2414
send_single( &mut self, out: &mut [u8], has_initial: bool, ) -> Result<(packet::Type, usize)>2415 fn send_single(
2416 &mut self, out: &mut [u8], has_initial: bool,
2417 ) -> Result<(packet::Type, usize)> {
2418 let now = time::Instant::now();
2419
2420 if out.is_empty() {
2421 return Err(Error::BufferTooShort);
2422 }
2423
2424 if self.is_draining() {
2425 return Err(Error::Done);
2426 }
2427
2428 let is_closing = self.local_error.is_some();
2429
2430 let mut b = octets::OctetsMut::with_slice(out);
2431
2432 let pkt_type = self.write_pkt_type()?;
2433
2434 let epoch = pkt_type.to_epoch()?;
2435
2436 // Process lost frames.
2437 for lost in self.recovery.lost[epoch].drain(..) {
2438 match lost {
2439 frame::Frame::CryptoHeader { offset, length } => {
2440 self.pkt_num_spaces[epoch]
2441 .crypto_stream
2442 .send
2443 .retransmit(offset, length);
2444 },
2445
2446 frame::Frame::StreamHeader {
2447 stream_id,
2448 offset,
2449 length,
2450 fin,
2451 } => {
2452 let stream = match self.streams.get_mut(stream_id) {
2453 Some(v) => v,
2454
2455 None => continue,
2456 };
2457
2458 let was_flushable = stream.is_flushable();
2459
2460 let empty_fin = length == 0 && fin;
2461
2462 stream.send.retransmit(offset, length);
2463
2464 // If the stream is now flushable push it to the flushable
2465 // queue, but only if it wasn't already queued.
2466 //
2467 // Consider the stream flushable also when we are sending a
2468 // zero-length frame that has the fin flag set.
2469 if (stream.is_flushable() || empty_fin) && !was_flushable {
2470 let urgency = stream.urgency;
2471 let incremental = stream.incremental;
2472 self.streams.push_flushable(
2473 stream_id,
2474 urgency,
2475 incremental,
2476 );
2477 }
2478 },
2479
2480 frame::Frame::ACK { .. } => {
2481 self.pkt_num_spaces[epoch].ack_elicited = true;
2482 },
2483
2484 frame::Frame::ResetStream {
2485 stream_id,
2486 error_code,
2487 final_size,
2488 } =>
2489 if self.streams.get(stream_id).is_some() {
2490 self.streams
2491 .mark_reset(stream_id, true, error_code, final_size);
2492 },
2493
2494 frame::Frame::HandshakeDone => {
2495 self.handshake_done_sent = false;
2496 },
2497
2498 frame::Frame::MaxStreamData { stream_id, .. } => {
2499 if self.streams.get(stream_id).is_some() {
2500 self.streams.mark_almost_full(stream_id, true);
2501 }
2502 },
2503
2504 frame::Frame::MaxData { .. } => {
2505 self.almost_full = true;
2506 },
2507
2508 _ => (),
2509 }
2510 }
2511
2512 let mut left = b.cap();
2513
2514 // Limit output packet size by congestion window size.
2515 left = cmp::min(left, self.recovery.cwnd_available());
2516
2517 let pn = self.pkt_num_spaces[epoch].next_pkt_num;
2518 let pn_len = packet::pkt_num_len(pn)?;
2519
2520 // The AEAD overhead at the current encryption level.
2521 let crypto_overhead = self.pkt_num_spaces[epoch]
2522 .crypto_overhead()
2523 .ok_or(Error::Done)?;
2524
2525 let hdr = Header {
2526 ty: pkt_type,
2527
2528 version: self.version,
2529
2530 dcid: ConnectionId::from_ref(&self.dcid),
2531 scid: ConnectionId::from_ref(&self.scid),
2532
2533 pkt_num: 0,
2534 pkt_num_len: pn_len,
2535
2536 // Only clone token for Initial packets, as other packets don't have
2537 // this field (Retry doesn't count, as it's not encoded as part of
2538 // this code path).
2539 token: if pkt_type == packet::Type::Initial {
2540 self.token.clone()
2541 } else {
2542 None
2543 },
2544
2545 versions: None,
2546 key_phase: false,
2547 };
2548
2549 hdr.to_bytes(&mut b)?;
2550
2551 // Calculate the space required for the packet, including the header
2552 // the payload length, the packet number and the AEAD overhead.
2553 let mut overhead = b.off() + pn_len + crypto_overhead;
2554
2555 // We assume that the payload length, which is only present in long
2556 // header packets, can always be encoded with a 2-byte varint.
2557 if pkt_type != packet::Type::Short {
2558 overhead += PAYLOAD_LENGTH_LEN;
2559 }
2560
2561 // Make sure we have enough space left for the packet overhead.
2562 match left.checked_sub(overhead) {
2563 Some(v) => left = v,
2564
2565 None => {
2566 // We can't send more because there isn't enough space available
2567 // in the output buffer.
2568 //
2569 // This usually happens when we try to send a new packet but
2570 // failed because cwnd is almost full. In such case app_limited
2571 // is set to false here to make cwnd grow when ACK is received.
2572 self.recovery.update_app_limited(false);
2573 return Err(Error::Done);
2574 },
2575 }
2576
2577 // Make sure there is enough space for the minimum payload length.
2578 if left < PAYLOAD_MIN_LEN {
2579 self.recovery.update_app_limited(false);
2580 return Err(Error::Done);
2581 }
2582
2583 let mut frames: Vec<frame::Frame> = Vec::new();
2584
2585 let mut ack_eliciting = false;
2586 let mut in_flight = false;
2587 let mut has_data = false;
2588
2589 let header_offset = b.off();
2590
2591 // Reserve space for payload length in advance. Since we don't yet know
2592 // what the final length will be, we reserve 2 bytes in all cases.
2593 //
2594 // Only long header packets have an explicit length field.
2595 if pkt_type != packet::Type::Short {
2596 b.skip(PAYLOAD_LENGTH_LEN)?;
2597 }
2598
2599 packet::encode_pkt_num(pn, &mut b)?;
2600
2601 let payload_offset = b.off();
2602
2603 // Create ACK frame.
2604 if self.pkt_num_spaces[epoch].recv_pkt_need_ack.len() > 0 &&
2605 (self.pkt_num_spaces[epoch].ack_elicited ||
2606 self.recovery.loss_probes[epoch] > 0) &&
2607 !is_closing
2608 {
2609 let ack_delay =
2610 self.pkt_num_spaces[epoch].largest_rx_pkt_time.elapsed();
2611
2612 let ack_delay = ack_delay.as_micros() as u64 /
2613 2_u64
2614 .pow(self.local_transport_params.ack_delay_exponent as u32);
2615
2616 let frame = frame::Frame::ACK {
2617 ack_delay,
2618 ranges: self.pkt_num_spaces[epoch].recv_pkt_need_ack.clone(),
2619 };
2620
2621 if push_frame_to_pkt!(b, frames, frame, left) {
2622 self.pkt_num_spaces[epoch].ack_elicited = false;
2623 }
2624 }
2625
2626 if pkt_type == packet::Type::Short && !is_closing {
2627 // Create HANDSHAKE_DONE frame.
2628 if self.is_established() &&
2629 !self.handshake_done_sent &&
2630 self.is_server
2631 {
2632 let frame = frame::Frame::HandshakeDone;
2633
2634 if push_frame_to_pkt!(b, frames, frame, left) {
2635 self.handshake_done_sent = true;
2636
2637 ack_eliciting = true;
2638 in_flight = true;
2639 }
2640 }
2641
2642 // Create MAX_STREAMS_BIDI frame.
2643 if self.streams.should_update_max_streams_bidi() {
2644 let frame = frame::Frame::MaxStreamsBidi {
2645 max: self.streams.max_streams_bidi_next(),
2646 };
2647
2648 if push_frame_to_pkt!(b, frames, frame, left) {
2649 self.streams.update_max_streams_bidi();
2650
2651 ack_eliciting = true;
2652 in_flight = true;
2653 }
2654 }
2655
2656 // Create MAX_STREAMS_UNI frame.
2657 if self.streams.should_update_max_streams_uni() {
2658 let frame = frame::Frame::MaxStreamsUni {
2659 max: self.streams.max_streams_uni_next(),
2660 };
2661
2662 if push_frame_to_pkt!(b, frames, frame, left) {
2663 self.streams.update_max_streams_uni();
2664
2665 ack_eliciting = true;
2666 in_flight = true;
2667 }
2668 }
2669
2670 // Create DATA_BLOCKED frame.
2671 if let Some(limit) = self.blocked_limit {
2672 let frame = frame::Frame::DataBlocked { limit };
2673
2674 if push_frame_to_pkt!(b, frames, frame, left) {
2675 self.blocked_limit = None;
2676
2677 ack_eliciting = true;
2678 in_flight = true;
2679 }
2680 }
2681
2682 // Create MAX_STREAM_DATA frames as needed.
2683 for stream_id in self.streams.almost_full() {
2684 let stream = match self.streams.get_mut(stream_id) {
2685 Some(v) => v,
2686
2687 None => {
2688 // The stream doesn't exist anymore, so remove it from
2689 // the almost full set.
2690 self.streams.mark_almost_full(stream_id, false);
2691 continue;
2692 },
2693 };
2694
2695 let frame = frame::Frame::MaxStreamData {
2696 stream_id,
2697 max: stream.recv.max_data_next(),
2698 };
2699
2700 if push_frame_to_pkt!(b, frames, frame, left) {
2701 stream.recv.update_max_data();
2702
2703 self.streams.mark_almost_full(stream_id, false);
2704
2705 ack_eliciting = true;
2706 in_flight = true;
2707
2708 // Also send MAX_DATA when MAX_STREAM_DATA is sent, to avoid a
2709 // potential race condition.
2710 self.almost_full = true;
2711 }
2712 }
2713
2714 // Create MAX_DATA frame as needed.
2715 if self.almost_full && self.max_rx_data < self.max_rx_data_next {
2716 let frame = frame::Frame::MaxData {
2717 max: self.max_rx_data_next,
2718 };
2719
2720 if push_frame_to_pkt!(b, frames, frame, left) {
2721 self.almost_full = false;
2722
2723 // Commits the new max_rx_data limit.
2724 self.max_rx_data = self.max_rx_data_next;
2725
2726 ack_eliciting = true;
2727 in_flight = true;
2728 }
2729 }
2730
2731 // Create STOP_SENDING frames as needed.
2732 for (stream_id, error_code) in self
2733 .streams
2734 .stopped()
2735 .map(|(&k, &v)| (k, v))
2736 .collect::<Vec<(u64, u64)>>()
2737 {
2738 let frame = frame::Frame::StopSending {
2739 stream_id,
2740 error_code,
2741 };
2742
2743 if push_frame_to_pkt!(b, frames, frame, left) {
2744 self.streams.mark_stopped(stream_id, false, 0);
2745
2746 ack_eliciting = true;
2747 in_flight = true;
2748 }
2749 }
2750
2751 // Create RESET_STREAM frames as needed.
2752 for (stream_id, (error_code, final_size)) in self
2753 .streams
2754 .reset()
2755 .map(|(&k, &v)| (k, v))
2756 .collect::<Vec<(u64, (u64, u64))>>()
2757 {
2758 let frame = frame::Frame::ResetStream {
2759 stream_id,
2760 error_code,
2761 final_size,
2762 };
2763
2764 if push_frame_to_pkt!(b, frames, frame, left) {
2765 self.streams.mark_reset(stream_id, false, 0, 0);
2766
2767 ack_eliciting = true;
2768 in_flight = true;
2769 }
2770 }
2771
2772 // Create STREAM_DATA_BLOCKED frames as needed.
2773 for (stream_id, limit) in self
2774 .streams
2775 .blocked()
2776 .map(|(&k, &v)| (k, v))
2777 .collect::<Vec<(u64, u64)>>()
2778 {
2779 let frame = frame::Frame::StreamDataBlocked { stream_id, limit };
2780
2781 if push_frame_to_pkt!(b, frames, frame, left) {
2782 self.streams.mark_blocked(stream_id, false, 0);
2783
2784 ack_eliciting = true;
2785 in_flight = true;
2786 }
2787 }
2788 }
2789
2790 // Create CONNECTION_CLOSE frame.
2791 if let Some(conn_err) = self.local_error.as_ref() {
2792 if conn_err.is_app {
2793 // Create ApplicationClose frame.
2794 if pkt_type == packet::Type::Short {
2795 let frame = frame::Frame::ApplicationClose {
2796 error_code: conn_err.error_code,
2797 reason: conn_err.reason.clone(),
2798 };
2799
2800 if push_frame_to_pkt!(b, frames, frame, left) {
2801 self.draining_timer =
2802 Some(now + (self.recovery.pto() * 3));
2803
2804 ack_eliciting = true;
2805 in_flight = true;
2806 }
2807 }
2808 } else {
2809 // Create ConnectionClose frame.
2810 let frame = frame::Frame::ConnectionClose {
2811 error_code: conn_err.error_code,
2812 frame_type: 0,
2813 reason: conn_err.reason.clone(),
2814 };
2815
2816 if push_frame_to_pkt!(b, frames, frame, left) {
2817 self.draining_timer = Some(now + (self.recovery.pto() * 3));
2818
2819 ack_eliciting = true;
2820 in_flight = true;
2821 }
2822 }
2823 }
2824
2825 // Create PATH_RESPONSE frame.
2826 if let Some(ref challenge) = self.challenge {
2827 let frame = frame::Frame::PathResponse {
2828 data: challenge.clone(),
2829 };
2830
2831 if push_frame_to_pkt!(b, frames, frame, left) {
2832 self.challenge = None;
2833
2834 ack_eliciting = true;
2835 in_flight = true;
2836 }
2837 }
2838
2839 // Create CRYPTO frame.
2840 if self.pkt_num_spaces[epoch].crypto_stream.is_flushable() &&
2841 left > frame::MAX_CRYPTO_OVERHEAD &&
2842 !is_closing
2843 {
2844 let crypto_off =
2845 self.pkt_num_spaces[epoch].crypto_stream.send.off_front();
2846
2847 // Encode the frame.
2848 //
2849 // Instead of creating a `frame::Frame` object, encode the frame
2850 // directly into the packet buffer.
2851 //
2852 // First we reserve some space in the output buffer for writing the
2853 // frame header (we assume the length field is always a 2-byte
2854 // varint as we don't know the value yet).
2855 //
2856 // Then we emit the data from the crypto stream's send buffer.
2857 //
2858 // Finally we go back and encode the frame header with the now
2859 // available information.
2860 let hdr_off = b.off();
2861 let hdr_len = 1 + // frame type
2862 octets::varint_len(crypto_off) + // offset
2863 2; // length, always encode as 2-byte varint
2864
2865 if let Some(max_len) = left.checked_sub(hdr_len) {
2866 let (mut crypto_hdr, mut crypto_payload) =
2867 b.split_at(hdr_off + hdr_len)?;
2868
2869 // Write stream data into the packet buffer.
2870 let (len, _) = self.pkt_num_spaces[epoch]
2871 .crypto_stream
2872 .send
2873 .emit(&mut crypto_payload.as_mut()[..max_len])?;
2874
2875 // Encode the frame's header.
2876 //
2877 // Due to how `OctetsMut::split_at()` works, `crypto_hdr` starts
2878 // from the initial offset of `b` (rather than the current
2879 // offset), so it needs to be advanced to the
2880 // initial frame offset.
2881 crypto_hdr.skip(hdr_off)?;
2882
2883 frame::encode_crypto_header(
2884 crypto_off,
2885 len as u64,
2886 &mut crypto_hdr,
2887 )?;
2888
2889 // Advance the packet buffer's offset.
2890 b.skip(hdr_len + len)?;
2891
2892 let frame = frame::Frame::CryptoHeader {
2893 offset: crypto_off,
2894 length: len,
2895 };
2896
2897 if push_frame_to_pkt!(b, frames, frame, left) {
2898 ack_eliciting = true;
2899 in_flight = true;
2900 has_data = true;
2901 }
2902 }
2903 }
2904
2905 // The preference of data-bearing frame to include in a packet
2906 // is managed by `self.emit_dgram`. However, whether any frames
2907 // can be sent depends on the state of their buffers. In the case
2908 // where one type is preferred but its buffer is empty, fall back
2909 // to the other type in order not to waste this function call.
2910 let mut dgram_emitted = false;
2911 let dgrams_to_emit = self.dgram_max_writable_len().is_some();
2912 let stream_to_emit = self.streams.has_flushable();
2913
2914 let mut do_dgram = self.emit_dgram && dgrams_to_emit;
2915 let do_stream = !self.emit_dgram && stream_to_emit;
2916
2917 if !do_stream && dgrams_to_emit {
2918 do_dgram = true;
2919 }
2920
2921 // Create DATAGRAM frame.
2922 if (pkt_type == packet::Type::Short || pkt_type == packet::Type::ZeroRTT) &&
2923 left > frame::MAX_DGRAM_OVERHEAD &&
2924 !is_closing &&
2925 do_dgram
2926 {
2927 if let Some(max_dgram_payload) = self.dgram_max_writable_len() {
2928 while let Some(len) = self.dgram_send_queue.peek_front_len() {
2929 if (len + frame::MAX_DGRAM_OVERHEAD) <= left {
2930 // Front of the queue fits this packet, send it
2931 match self.dgram_send_queue.pop() {
2932 Some(data) => {
2933 let frame = frame::Frame::Datagram { data };
2934
2935 if push_frame_to_pkt!(b, frames, frame, left) {
2936 ack_eliciting = true;
2937 in_flight = true;
2938 dgram_emitted = true;
2939 }
2940 },
2941
2942 None => continue,
2943 };
2944 } else if len > max_dgram_payload {
2945 // This dgram frame will never fit. Let's purge it.
2946 self.dgram_send_queue.pop();
2947 } else {
2948 break;
2949 }
2950 }
2951 }
2952 }
2953
2954 // Create a single STREAM frame for the first stream that is flushable.
2955 if (pkt_type == packet::Type::Short || pkt_type == packet::Type::ZeroRTT) &&
2956 left > frame::MAX_STREAM_OVERHEAD &&
2957 !is_closing &&
2958 !dgram_emitted
2959 {
2960 while let Some(stream_id) = self.streams.pop_flushable() {
2961 let stream = match self.streams.get_mut(stream_id) {
2962 Some(v) => v,
2963
2964 None => continue,
2965 };
2966
2967 // Avoid sending frames for streams that were already stopped.
2968 //
2969 // This might happen if stream data was buffered but not yet
2970 // flushed on the wire when a STOP_SENDING frame is received.
2971 if stream.send.is_stopped() {
2972 continue;
2973 }
2974
2975 let stream_off = stream.send.off_front();
2976
2977 // Encode the frame.
2978 //
2979 // Instead of creating a `frame::Frame` object, encode the frame
2980 // directly into the packet buffer.
2981 //
2982 // First we reserve some space in the output buffer for writing
2983 // the frame header (we assume the length field is
2984 // always a 2-byte varint as we don't know the
2985 // value yet).
2986 //
2987 // Then we emit the data from the stream's send buffer.
2988 //
2989 // Finally we go back and encode the frame header with the now
2990 // available information.
2991 let hdr_off = b.off();
2992 let hdr_len = 1 + // frame type
2993 octets::varint_len(stream_id) + // stream_id
2994 octets::varint_len(stream_off) + // offset
2995 2; // length, always encode as 2-byte varint
2996
2997 let max_len = match left.checked_sub(hdr_len) {
2998 Some(v) => v,
2999
3000 None => continue,
3001 };
3002
3003 let (mut stream_hdr, mut stream_payload) =
3004 b.split_at(hdr_off + hdr_len)?;
3005
3006 // Write stream data into the packet buffer.
3007 let (len, fin) =
3008 stream.send.emit(&mut stream_payload.as_mut()[..max_len])?;
3009
3010 // Encode the frame's header.
3011 //
3012 // Due to how `OctetsMut::split_at()` works, `stream_hdr` starts
3013 // from the initial offset of `b` (rather than the current
3014 // offset), so it needs to be advanced to the initial frame
3015 // offset.
3016 stream_hdr.skip(hdr_off)?;
3017
3018 frame::encode_stream_header(
3019 stream_id,
3020 stream_off,
3021 len as u64,
3022 fin,
3023 &mut stream_hdr,
3024 )?;
3025
3026 // Advance the packet buffer's offset.
3027 b.skip(hdr_len + len)?;
3028
3029 let frame = frame::Frame::StreamHeader {
3030 stream_id,
3031 offset: stream_off,
3032 length: len,
3033 fin,
3034 };
3035
3036 if push_frame_to_pkt!(b, frames, frame, left) {
3037 ack_eliciting = true;
3038 in_flight = true;
3039 has_data = true;
3040 }
3041
3042 // If the stream is still flushable, push it to the back of the
3043 // queue again.
3044 if stream.is_flushable() {
3045 let urgency = stream.urgency;
3046 let incremental = stream.incremental;
3047 self.streams.push_flushable(stream_id, urgency, incremental);
3048 }
3049
3050 // When fuzzing, try to coalesce multiple STREAM frames in the
3051 // same packet, so it's easier to generate fuzz corpora.
3052 if cfg!(feature = "fuzzing") && left > frame::MAX_STREAM_OVERHEAD
3053 {
3054 continue;
3055 }
3056
3057 break;
3058 }
3059 }
3060
3061 // Alternate trying to send DATAGRAMs next time.
3062 self.emit_dgram = !dgram_emitted;
3063
3064 // Create PING for PTO probe if no other ack-elicitng frame is sent.
3065 if self.recovery.loss_probes[epoch] > 0 &&
3066 !ack_eliciting &&
3067 left >= 1 &&
3068 !is_closing
3069 {
3070 let frame = frame::Frame::Ping;
3071
3072 if push_frame_to_pkt!(b, frames, frame, left) {
3073 ack_eliciting = true;
3074 in_flight = true;
3075 }
3076 }
3077
3078 if ack_eliciting {
3079 self.recovery.loss_probes[epoch] =
3080 self.recovery.loss_probes[epoch].saturating_sub(1);
3081 }
3082
3083 if frames.is_empty() {
3084 // When we reach this point we are not able to write more, so set
3085 // app_limited to false.
3086 self.recovery.update_app_limited(false);
3087 return Err(Error::Done);
3088 }
3089
3090 // When coalescing a 1-RTT packet, we can't add padding in the UDP
3091 // datagram, so use PADDING frames instead.
3092 //
3093 // This is only needed if an Initial packet has already been written to
3094 // the UDP datagram, as Initial always requires padding.
3095 if has_initial && pkt_type == packet::Type::Short && left >= 1 {
3096 let frame = frame::Frame::Padding { len: left };
3097
3098 if push_frame_to_pkt!(b, frames, frame, left) {
3099 in_flight = true;
3100 }
3101 }
3102
3103 // Pad payload so that it's always at least 4 bytes.
3104 if b.off() - payload_offset < PAYLOAD_MIN_LEN {
3105 let payload_len = b.off() - payload_offset;
3106
3107 let frame = frame::Frame::Padding {
3108 len: PAYLOAD_MIN_LEN - payload_len,
3109 };
3110
3111 #[allow(unused_assignments)]
3112 if push_frame_to_pkt!(b, frames, frame, left) {
3113 in_flight = true;
3114 }
3115 }
3116
3117 let payload_len = b.off() - payload_offset;
3118 let payload_len = payload_len + crypto_overhead;
3119
3120 // Fill in payload length.
3121 if pkt_type != packet::Type::Short {
3122 let len = pn_len + payload_len;
3123
3124 let (_, mut payload_with_len) = b.split_at(header_offset)?;
3125 payload_with_len
3126 .put_varint_with_len(len as u64, PAYLOAD_LENGTH_LEN)?;
3127 }
3128
3129 trace!(
3130 "{} tx pkt {:?} len={} pn={}",
3131 self.trace_id,
3132 hdr,
3133 payload_len,
3134 pn
3135 );
3136
3137 qlog_with!(self.qlog_streamer, q, {
3138 let qlog_pkt_hdr = qlog::PacketHeader::with_type(
3139 hdr.ty.to_qlog(),
3140 pn,
3141 Some(payload_len as u64 + payload_offset as u64),
3142 Some(payload_len as u64),
3143 Some(hdr.version),
3144 Some(&hdr.scid),
3145 Some(&hdr.dcid),
3146 );
3147
3148 let packet_sent_ev = qlog::event::Event::packet_sent_min(
3149 hdr.ty.to_qlog(),
3150 qlog_pkt_hdr,
3151 Some(Vec::new()),
3152 );
3153
3154 q.add_event(packet_sent_ev).ok();
3155 });
3156
3157 for frame in &mut frames {
3158 trace!("{} tx frm {:?}", self.trace_id, frame);
3159
3160 qlog_with!(self.qlog_streamer, q, {
3161 q.add_frame(frame.to_qlog(), false).ok();
3162 });
3163
3164 // Once frames have been serialized they are passed to the Recovery
3165 // module which manages retransmission. However, some frames do not
3166 // contain retransmittable data, so drop it here.
3167 frame.shrink_for_retransmission();
3168 }
3169
3170 qlog_with!(self.qlog_streamer, q, {
3171 q.finish_frames().ok();
3172 });
3173
3174 let aead = match self.pkt_num_spaces[epoch].crypto_seal {
3175 Some(ref v) => v,
3176 None => return Err(Error::InvalidState),
3177 };
3178
3179 let written = packet::encrypt_pkt(
3180 &mut b,
3181 pn,
3182 pn_len,
3183 payload_len,
3184 payload_offset,
3185 aead,
3186 )?;
3187
3188 let sent_pkt = recovery::Sent {
3189 pkt_num: pn,
3190 frames,
3191 time_sent: now,
3192 time_acked: None,
3193 time_lost: None,
3194 size: if ack_eliciting { written } else { 0 },
3195 ack_eliciting,
3196 in_flight,
3197 delivered: 0,
3198 delivered_time: now,
3199 recent_delivered_packet_sent_time: now,
3200 is_app_limited: false,
3201 has_data,
3202 };
3203
3204 self.recovery.on_packet_sent(
3205 sent_pkt,
3206 epoch,
3207 self.handshake_status(),
3208 now,
3209 &self.trace_id,
3210 );
3211
3212 qlog_with!(self.qlog_streamer, q, {
3213 let ev = self.recovery.to_qlog();
3214 q.add_event(ev).ok();
3215 });
3216
3217 self.pkt_num_spaces[epoch].next_pkt_num += 1;
3218
3219 self.sent_count += 1;
3220
3221 if self.dgram_send_queue.byte_size() > self.recovery.cwnd_available() {
3222 self.recovery.update_app_limited(false);
3223 }
3224
3225 // On the client, drop initial state after sending an Handshake packet.
3226 if !self.is_server && hdr.ty == packet::Type::Handshake {
3227 self.drop_epoch_state(packet::EPOCH_INITIAL, now);
3228 }
3229
3230 self.max_send_bytes = self.max_send_bytes.saturating_sub(written);
3231
3232 // (Re)start the idle timer if we are sending the first ack-eliciting
3233 // packet since last receiving a packet.
3234 if ack_eliciting && !self.ack_eliciting_sent {
3235 if let Some(idle_timeout) = self.idle_timeout() {
3236 self.idle_timer = Some(now + idle_timeout);
3237 }
3238 }
3239
3240 if ack_eliciting {
3241 self.ack_eliciting_sent = true;
3242 }
3243
3244 Ok((pkt_type, written))
3245 }
3246
3247 /// Reads contiguous data from a stream into the provided slice.
3248 ///
3249 /// The slice must be sized by the caller and will be populated up to its
3250 /// capacity.
3251 ///
3252 /// On success the amount of bytes read and a flag indicating the fin state
3253 /// is returned as a tuple, or [`Done`] if there is no data to read.
3254 ///
3255 /// [`Done`]: enum.Error.html#variant.Done
3256 ///
3257 /// ## Examples:
3258 ///
3259 /// ```no_run
3260 /// # let mut buf = [0; 512];
3261 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3262 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3263 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3264 /// # let from = "127.0.0.1:1234".parse().unwrap();
3265 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3266 /// # let stream_id = 0;
3267 /// while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
3268 /// println!("Got {} bytes on stream {}", read, stream_id);
3269 /// }
3270 /// # Ok::<(), quiche::Error>(())
3271 /// ```
stream_recv( &mut self, stream_id: u64, out: &mut [u8], ) -> Result<(usize, bool)>3272 pub fn stream_recv(
3273 &mut self, stream_id: u64, out: &mut [u8],
3274 ) -> Result<(usize, bool)> {
3275 // We can't read on our own unidirectional streams.
3276 if !stream::is_bidi(stream_id) &&
3277 stream::is_local(stream_id, self.is_server)
3278 {
3279 return Err(Error::InvalidStreamState(stream_id));
3280 }
3281
3282 let stream = self
3283 .streams
3284 .get_mut(stream_id)
3285 .ok_or(Error::InvalidStreamState(stream_id))?;
3286
3287 if !stream.is_readable() {
3288 return Err(Error::Done);
3289 }
3290
3291 #[cfg(feature = "qlog")]
3292 let offset = stream.recv.off_front();
3293
3294 let (read, fin) = stream.recv.emit(out)?;
3295
3296 self.max_rx_data_next = self.max_rx_data_next.saturating_add(read as u64);
3297
3298 let readable = stream.is_readable();
3299
3300 let complete = stream.is_complete();
3301
3302 let local = stream.local;
3303
3304 if stream.recv.almost_full() {
3305 self.streams.mark_almost_full(stream_id, true);
3306 }
3307
3308 if !readable {
3309 self.streams.mark_readable(stream_id, false);
3310 }
3311
3312 if complete {
3313 self.streams.collect(stream_id, local);
3314 }
3315
3316 qlog_with!(self.qlog_streamer, q, {
3317 let ev = qlog::event::Event::h3_data_moved(
3318 stream_id.to_string(),
3319 Some(offset.to_string()),
3320 Some(read as u64),
3321 Some(qlog::H3DataRecipient::Transport),
3322 None,
3323 None,
3324 );
3325 q.add_event(ev).ok();
3326 });
3327
3328 if self.should_update_max_data() {
3329 self.almost_full = true;
3330 }
3331
3332 Ok((read, fin))
3333 }
3334
3335 /// Writes data to a stream.
3336 ///
3337 /// On success the number of bytes written is returned, or [`Done`] if no
3338 /// data was written (e.g. because the stream has no capacity).
3339 ///
3340 /// In addition, if the peer has signalled that it doesn't want to receive
3341 /// any more data from this stream by sending the `STOP_SENDING` frame, the
3342 /// [`StreamStopped`] error will be returned instead of any data.
3343 ///
3344 /// Note that in order to avoid buffering an infinite amount of data in the
3345 /// stream's send buffer, streams are only allowed to buffer outgoing data
3346 /// up to the amount that the peer allows it to send (that is, up to the
3347 /// stream's outgoing flow control capacity).
3348 ///
3349 /// This means that the number of written bytes returned can be lower than
3350 /// the length of the input buffer when the stream doesn't have enough
3351 /// capacity for the operation to complete. The application should retry the
3352 /// operation once the stream is reported as writable again.
3353 ///
3354 /// Applications should call this method only after the handshake is
3355 /// completed (whenever [`is_established()`] returns `true`) or during
3356 /// early data if enabled (whenever [`is_in_early_data()`] returns `true`).
3357 ///
3358 /// [`Done`]: enum.Error.html#variant.Done
3359 /// [`StreamStopped`]: enum.Error.html#variant.StreamStopped
3360 /// [`is_established()`]: struct.Connection.html#method.is_established
3361 /// [`is_in_early_data()`]: struct.Connection.html#method.is_in_early_data
3362 ///
3363 /// ## Examples:
3364 ///
3365 /// ```no_run
3366 /// # let mut buf = [0; 512];
3367 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3368 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3369 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3370 /// # let from = "127.0.0.1:1234".parse().unwrap();
3371 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3372 /// # let stream_id = 0;
3373 /// conn.stream_send(stream_id, b"hello", true)?;
3374 /// # Ok::<(), quiche::Error>(())
3375 /// ```
stream_send( &mut self, stream_id: u64, buf: &[u8], fin: bool, ) -> Result<usize>3376 pub fn stream_send(
3377 &mut self, stream_id: u64, buf: &[u8], fin: bool,
3378 ) -> Result<usize> {
3379 // We can't write on the peer's unidirectional streams.
3380 if !stream::is_bidi(stream_id) &&
3381 !stream::is_local(stream_id, self.is_server)
3382 {
3383 return Err(Error::InvalidStreamState(stream_id));
3384 }
3385
3386 // Mark the connection as blocked if the connection-level flow control
3387 // limit doesn't let us buffer all the data.
3388 //
3389 // Note that this is separate from "send capacity" as that also takes
3390 // congestion control into consideration.
3391 if self.max_tx_data - self.tx_data < buf.len() as u64 {
3392 self.blocked_limit = Some(self.max_tx_data);
3393 }
3394
3395 // Truncate the input buffer based on the connection's send capacity if
3396 // necessary.
3397 let cap = self.tx_cap;
3398
3399 let (buf, fin) = if cap < buf.len() {
3400 (&buf[..cap], false)
3401 } else {
3402 (buf, fin)
3403 };
3404
3405 // Get existing stream or create a new one.
3406 let stream = self.get_or_create_stream(stream_id, true)?;
3407
3408 #[cfg(feature = "qlog")]
3409 let offset = stream.send.off_back();
3410
3411 let was_flushable = stream.is_flushable();
3412
3413 let sent = match stream.send.write(buf, fin) {
3414 Ok(v) => v,
3415
3416 Err(e) => {
3417 self.streams.mark_writable(stream_id, false);
3418 return Err(e);
3419 },
3420 };
3421
3422 let urgency = stream.urgency;
3423 let incremental = stream.incremental;
3424
3425 let flushable = stream.is_flushable();
3426
3427 let writable = stream.is_writable();
3428
3429 let empty_fin = buf.is_empty() && fin;
3430
3431 if sent < buf.len() {
3432 let max_off = stream.send.max_off();
3433
3434 self.streams.mark_blocked(stream_id, true, max_off);
3435 } else {
3436 self.streams.mark_blocked(stream_id, false, 0);
3437 }
3438
3439 // If the stream is now flushable push it to the flushable queue, but
3440 // only if it wasn't already queued.
3441 //
3442 // Consider the stream flushable also when we are sending a zero-length
3443 // frame that has the fin flag set.
3444 if (flushable || empty_fin) && !was_flushable {
3445 self.streams.push_flushable(stream_id, urgency, incremental);
3446 }
3447
3448 if !writable {
3449 self.streams.mark_writable(stream_id, false);
3450 }
3451
3452 self.tx_cap -= sent;
3453
3454 self.tx_data += sent as u64;
3455
3456 self.recovery.rate_check_app_limited();
3457
3458 qlog_with!(self.qlog_streamer, q, {
3459 let ev = qlog::event::Event::h3_data_moved(
3460 stream_id.to_string(),
3461 Some(offset.to_string()),
3462 Some(sent as u64),
3463 None,
3464 Some(qlog::H3DataRecipient::Transport),
3465 None,
3466 );
3467 q.add_event(ev).ok();
3468 });
3469
3470 Ok(sent)
3471 }
3472
3473 /// Sets the priority for a stream.
3474 ///
3475 /// A stream's priority determines the order in which stream data is sent
3476 /// on the wire (streams with lower priority are sent first). Streams are
3477 /// created with a default priority of `127`.
3478 ///
3479 /// The target stream is created if it did not exist before calling this
3480 /// method.
stream_priority( &mut self, stream_id: u64, urgency: u8, incremental: bool, ) -> Result<()>3481 pub fn stream_priority(
3482 &mut self, stream_id: u64, urgency: u8, incremental: bool,
3483 ) -> Result<()> {
3484 // Get existing stream or create a new one, but if the stream
3485 // has already been closed and collected, ignore the prioritization.
3486 let stream = match self.get_or_create_stream(stream_id, true) {
3487 Ok(v) => v,
3488
3489 Err(Error::Done) => return Ok(()),
3490
3491 Err(e) => return Err(e),
3492 };
3493
3494 if stream.urgency == urgency && stream.incremental == incremental {
3495 return Ok(());
3496 }
3497
3498 stream.urgency = urgency;
3499 stream.incremental = incremental;
3500
3501 // TODO: reprioritization
3502
3503 Ok(())
3504 }
3505
3506 /// Shuts down reading or writing from/to the specified stream.
3507 ///
3508 /// When the `direction` argument is set to [`Shutdown::Read`], outstanding
3509 /// data in the stream's receive buffer is dropped, and no additional data
3510 /// is added to it. Data received after calling this method is still
3511 /// validated and acked but not stored, and [`stream_recv()`] will not
3512 /// return it to the application. In addition, a `STOP_SENDING` frame will
3513 /// be sent to the peer to signal it to stop sending data.
3514 ///
3515 /// When the `direction` argument is set to [`Shutdown::Write`], outstanding
3516 /// data in the stream's send buffer is dropped, and no additional data
3517 /// is added to it. Data passed to [`stream_send()`] after calling this
3518 /// method will be ignored.
3519 ///
3520 /// [`Shutdown::Read`]: enum.Shutdown.html#variant.Read
3521 /// [`Shutdown::Write`]: enum.Shutdown.html#variant.Write
3522 /// [`stream_recv()`]: struct.Connection.html#method.stream_recv
3523 /// [`stream_send()`]: struct.Connection.html#method.stream_send
stream_shutdown( &mut self, stream_id: u64, direction: Shutdown, err: u64, ) -> Result<()>3524 pub fn stream_shutdown(
3525 &mut self, stream_id: u64, direction: Shutdown, err: u64,
3526 ) -> Result<()> {
3527 // Get existing stream.
3528 let stream = self.streams.get_mut(stream_id).ok_or(Error::Done)?;
3529
3530 match direction {
3531 Shutdown::Read => {
3532 stream.recv.shutdown()?;
3533
3534 if !stream.recv.is_fin() {
3535 self.streams.mark_stopped(stream_id, true, err);
3536 }
3537
3538 // Once shutdown, the stream is guaranteed to be non-readable.
3539 self.streams.mark_readable(stream_id, false);
3540 },
3541
3542 Shutdown::Write => {
3543 let final_size = stream.send.shutdown()?;
3544
3545 self.streams.mark_reset(stream_id, true, err, final_size);
3546
3547 // Once shutdown, the stream is guaranteed to be non-writable.
3548 self.streams.mark_writable(stream_id, false);
3549 },
3550 }
3551
3552 Ok(())
3553 }
3554
3555 /// Returns the stream's send capacity in bytes.
3556 ///
3557 /// If the specified stream doesn't exist (including when it has already
3558 /// been completed and closed), the [`InvalidStreamState`] error will be
3559 /// returned.
3560 ///
3561 /// In addition, if the peer has signalled that it doesn't want to receive
3562 /// any more data from this stream by sending the `STOP_SENDING` frame, the
3563 /// [`StreamStopped`] error will be returned.
3564 ///
3565 /// [`InvalidStreamState`]: enum.Error.html#variant.InvalidStreamState
3566 /// [`StreamStopped`]: enum.Error.html#variant.StreamStopped
3567 #[inline]
stream_capacity(&self, stream_id: u64) -> Result<usize>3568 pub fn stream_capacity(&self, stream_id: u64) -> Result<usize> {
3569 if let Some(stream) = self.streams.get(stream_id) {
3570 let cap = cmp::min(self.tx_cap, stream.send.cap()?);
3571 return Ok(cap);
3572 };
3573
3574 Err(Error::InvalidStreamState(stream_id))
3575 }
3576
3577 /// Returns true if the stream has data that can be read.
stream_readable(&self, stream_id: u64) -> bool3578 pub fn stream_readable(&self, stream_id: u64) -> bool {
3579 let stream = match self.streams.get(stream_id) {
3580 Some(v) => v,
3581
3582 None => return false,
3583 };
3584
3585 stream.is_readable()
3586 }
3587
3588 /// Returns true if all the data has been read from the specified stream.
3589 ///
3590 /// This instructs the application that all the data received from the
3591 /// peer on the stream has been read, and there won't be anymore in the
3592 /// future.
3593 ///
3594 /// Basically this returns true when the peer either set the `fin` flag
3595 /// for the stream, or sent `RESET_STREAM`.
3596 #[inline]
stream_finished(&self, stream_id: u64) -> bool3597 pub fn stream_finished(&self, stream_id: u64) -> bool {
3598 let stream = match self.streams.get(stream_id) {
3599 Some(v) => v,
3600
3601 None => return true,
3602 };
3603
3604 stream.recv.is_fin()
3605 }
3606
3607 /// Returns the number of bidirectional streams that can be created
3608 /// before the peer's stream count limit is reached.
3609 ///
3610 /// This can be useful to know if it's possible to create a bidirectional
3611 /// stream without trying it first.
3612 #[inline]
peer_streams_left_bidi(&self) -> u643613 pub fn peer_streams_left_bidi(&self) -> u64 {
3614 self.streams.peer_streams_left_bidi()
3615 }
3616
3617 /// Returns the number of unidirectional streams that can be created
3618 /// before the peer's stream count limit is reached.
3619 ///
3620 /// This can be useful to know if it's possible to create a unidirectional
3621 /// stream without trying it first.
3622 #[inline]
peer_streams_left_uni(&self) -> u643623 pub fn peer_streams_left_uni(&self) -> u64 {
3624 self.streams.peer_streams_left_uni()
3625 }
3626
3627 /// Initializes the stream's application data.
3628 ///
3629 /// This can be used by applications to store per-stream information without
3630 /// having to maintain their own stream map.
3631 ///
3632 /// Stream data can only be initialized once. Additional calls to this
3633 /// method will return [`Done`].
3634 ///
3635 /// [`Done`]: enum.Error.html#variant.Done
stream_init_application_data<T>( &mut self, stream_id: u64, data: T, ) -> Result<()> where T: std::any::Any + Send + Sync,3636 pub fn stream_init_application_data<T>(
3637 &mut self, stream_id: u64, data: T,
3638 ) -> Result<()>
3639 where
3640 T: std::any::Any + Send + Sync,
3641 {
3642 // Get existing stream.
3643 let stream = self.streams.get_mut(stream_id).ok_or(Error::Done)?;
3644
3645 if stream.data.is_some() {
3646 return Err(Error::Done);
3647 }
3648
3649 stream.data = Some(Box::new(data));
3650
3651 Ok(())
3652 }
3653
3654 /// Returns the stream's application data, if any was initialized.
3655 ///
3656 /// This returns a reference to the application data that was initialized
3657 /// by calling [`stream_init_application_data()`].
3658 ///
3659 /// [`stream_init_application_data()`]:
3660 /// struct.Connection.html#method.stream_init_application_data
stream_application_data( &mut self, stream_id: u64, ) -> Option<&mut dyn std::any::Any>3661 pub fn stream_application_data(
3662 &mut self, stream_id: u64,
3663 ) -> Option<&mut dyn std::any::Any> {
3664 // Get existing stream.
3665 let stream = self.streams.get_mut(stream_id)?;
3666
3667 if let Some(ref mut stream_data) = stream.data {
3668 return Some(stream_data.as_mut());
3669 }
3670
3671 None
3672 }
3673
3674 /// Returns an iterator over streams that have outstanding data to read.
3675 ///
3676 /// Note that the iterator will only include streams that were readable at
3677 /// the time the iterator itself was created (i.e. when `readable()` was
3678 /// called). To account for newly readable streams, the iterator needs to
3679 /// be created again.
3680 ///
3681 /// ## Examples:
3682 ///
3683 /// ```no_run
3684 /// # let mut buf = [0; 512];
3685 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3686 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3687 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3688 /// # let from = "127.0.0.1:1234".parse().unwrap();
3689 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3690 /// // Iterate over readable streams.
3691 /// for stream_id in conn.readable() {
3692 /// // Stream is readable, read until there's no more data.
3693 /// while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
3694 /// println!("Got {} bytes on stream {}", read, stream_id);
3695 /// }
3696 /// }
3697 /// # Ok::<(), quiche::Error>(())
3698 /// ```
3699 #[inline]
readable(&self) -> StreamIter3700 pub fn readable(&self) -> StreamIter {
3701 self.streams.readable()
3702 }
3703
3704 /// Returns an iterator over streams that can be written to.
3705 ///
3706 /// A "writable" stream is a stream that has enough flow control capacity to
3707 /// send data to the peer. To avoid buffering an infinite amount of data,
3708 /// streams are only allowed to buffer outgoing data up to the amount that
3709 /// the peer allows to send.
3710 ///
3711 /// Note that the iterator will only include streams that were writable at
3712 /// the time the iterator itself was created (i.e. when `writable()` was
3713 /// called). To account for newly writable streams, the iterator needs to
3714 /// be created again.
3715 ///
3716 /// ## Examples:
3717 ///
3718 /// ```no_run
3719 /// # let mut buf = [0; 512];
3720 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3721 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3722 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3723 /// # let from = "127.0.0.1:1234".parse().unwrap();
3724 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3725 /// // Iterate over writable streams.
3726 /// for stream_id in conn.writable() {
3727 /// // Stream is writable, write some data.
3728 /// if let Ok(written) = conn.stream_send(stream_id, &buf, false) {
3729 /// println!("Written {} bytes on stream {}", written, stream_id);
3730 /// }
3731 /// }
3732 /// # Ok::<(), quiche::Error>(())
3733 /// ```
3734 #[inline]
writable(&self) -> StreamIter3735 pub fn writable(&self) -> StreamIter {
3736 // If there is not enough connection-level send capacity, none of the
3737 // streams are writable, so return an empty iterator.
3738 if self.tx_cap == 0 {
3739 return StreamIter::default();
3740 }
3741
3742 self.streams.writable()
3743 }
3744
3745 /// Returns the maximum possible size of egress UDP payloads.
3746 ///
3747 /// This is the maximum size of UDP payloads that can be sent, and depends
3748 /// on both the configured maximum send payload size of the local endpoint
3749 /// (as configured with [`set_max_send_udp_payload_size()`]), as well as
3750 /// the transport parameter advertised by the remote peer.
3751 ///
3752 /// Note that this value can change during the lifetime of the connection,
3753 /// but should remain stable across consecutive calls to [`send()`].
3754 ///
3755 /// [`set_max_send_udp_payload_size()`]:
3756 /// struct.Config.html#method.set_max_send_udp_payload_size
3757 /// [`send()`]: struct.Connection.html#method.send
max_send_udp_payload_size(&self) -> usize3758 pub fn max_send_udp_payload_size(&self) -> usize {
3759 if self.is_established() {
3760 // We cap the maximum packet size to 16KB or so, so that it can be
3761 // always encoded with a 2-byte varint.
3762 cmp::min(16383, self.recovery.max_datagram_size())
3763 } else {
3764 // Allow for 1200 bytes (minimum QUIC packet size) during the
3765 // handshake.
3766 MIN_CLIENT_INITIAL_LEN
3767 }
3768 }
3769
3770 /// Reads the first received DATAGRAM.
3771 ///
3772 /// On success the DATAGRAM's data is returned along with its size.
3773 ///
3774 /// [`Done`] is returned if there is no data to read.
3775 ///
3776 /// [`BufferTooShort`] is returned if the provided buffer is too small for
3777 /// the DATAGRAM.
3778 ///
3779 /// [`Done`]: enum.Error.html#variant.Done
3780 /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
3781 ///
3782 /// ## Examples:
3783 ///
3784 /// ```no_run
3785 /// # let mut buf = [0; 512];
3786 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3787 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3788 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3789 /// # let from = "127.0.0.1:1234".parse().unwrap();
3790 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3791 /// let mut dgram_buf = [0; 512];
3792 /// while let Ok((len)) = conn.dgram_recv(&mut dgram_buf) {
3793 /// println!("Got {} bytes of DATAGRAM", len);
3794 /// }
3795 /// # Ok::<(), quiche::Error>(())
3796 /// ```
3797 #[inline]
dgram_recv(&mut self, buf: &mut [u8]) -> Result<usize>3798 pub fn dgram_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
3799 match self.dgram_recv_queue.pop() {
3800 Some(d) => {
3801 if d.len() > buf.len() {
3802 return Err(Error::BufferTooShort);
3803 }
3804
3805 buf[..d.len()].copy_from_slice(&d);
3806 Ok(d.len())
3807 },
3808
3809 None => Err(Error::Done),
3810 }
3811 }
3812
3813 /// Reads the first received DATAGRAM without removing it from the queue.
3814 ///
3815 /// On success the DATAGRAM's data is returned along with the actual number
3816 /// of bytes peeked. The requested length cannot exceed the DATAGRAM's
3817 /// actual length.
3818 ///
3819 /// [`Done`] is returned if there is no data to read.
3820 ///
3821 /// [`BufferTooShort`] is returned if the provided buffer is smaller the
3822 /// number of bytes to peek.
3823 ///
3824 /// [`Done`]: enum.Error.html#variant.Done
3825 /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
3826 #[inline]
dgram_recv_peek(&self, buf: &mut [u8], len: usize) -> Result<usize>3827 pub fn dgram_recv_peek(&self, buf: &mut [u8], len: usize) -> Result<usize> {
3828 self.dgram_recv_queue.peek_front_bytes(buf, len)
3829 }
3830
3831 /// Returns the length of the first stored DATAGRAM.
3832 #[inline]
dgram_recv_front_len(&self) -> Option<usize>3833 pub fn dgram_recv_front_len(&self) -> Option<usize> {
3834 self.dgram_recv_queue.peek_front_len()
3835 }
3836
3837 /// Returns the number of items in the DATAGRAM receive queue.
3838 #[inline]
dgram_recv_queue_len(&self) -> usize3839 pub fn dgram_recv_queue_len(&self) -> usize {
3840 self.dgram_recv_queue.len()
3841 }
3842
3843 /// Returns the total size of all items in the DATAGRAM receive queue.
3844 #[inline]
dgram_recv_queue_byte_size(&self) -> usize3845 pub fn dgram_recv_queue_byte_size(&self) -> usize {
3846 self.dgram_recv_queue.byte_size()
3847 }
3848
3849 /// Returns the number of items in the DATAGRAM send queue.
3850 #[inline]
dgram_send_queue_len(&self) -> usize3851 pub fn dgram_send_queue_len(&self) -> usize {
3852 self.dgram_send_queue.len()
3853 }
3854
3855 /// Returns the total size of all items in the DATAGRAM send queue.
3856 #[inline]
dgram_send_queue_byte_size(&self) -> usize3857 pub fn dgram_send_queue_byte_size(&self) -> usize {
3858 self.dgram_send_queue.byte_size()
3859 }
3860
3861 /// Sends data in a DATAGRAM frame.
3862 ///
3863 /// [`Done`] is returned if no data was written.
3864 /// [`InvalidState`] is returned if the peer does not support DATAGRAM.
3865 /// [`BufferTooShort`] is returned if the DATAGRAM frame length is larger
3866 /// than peer's supported DATAGRAM frame length. Use
3867 /// [`dgram_max_writable_len()`] to get the largest supported DATAGRAM
3868 /// frame length.
3869 ///
3870 /// Note that there is no flow control of DATAGRAM frames, so in order to
3871 /// avoid buffering an infinite amount of frames we apply an internal
3872 /// limit.
3873 ///
3874 /// [`Done`]: enum.Error.html#variant.Done
3875 /// [`InvalidState`]: enum.Error.html#variant.InvalidState
3876 /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
3877 /// [`dgram_max_writable_len()`]:
3878 /// struct.Connection.html#method.dgram_max_writable_len
3879 ///
3880 /// ## Examples:
3881 ///
3882 /// ```no_run
3883 /// # let mut buf = [0; 512];
3884 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3885 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3886 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3887 /// # let from = "127.0.0.1:1234".parse().unwrap();
3888 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3889 /// conn.dgram_send(b"hello")?;
3890 /// # Ok::<(), quiche::Error>(())
3891 /// ```
dgram_send(&mut self, buf: &[u8]) -> Result<()>3892 pub fn dgram_send(&mut self, buf: &[u8]) -> Result<()> {
3893 let max_payload_len = match self.dgram_max_writable_len() {
3894 Some(v) => v as usize,
3895 None => {
3896 return Err(Error::InvalidState);
3897 },
3898 };
3899
3900 if buf.len() > max_payload_len {
3901 return Err(Error::BufferTooShort);
3902 }
3903
3904 self.dgram_send_queue.push(buf)?;
3905
3906 if self.dgram_send_queue.byte_size() > self.recovery.cwnd_available() {
3907 self.recovery.update_app_limited(false);
3908 }
3909
3910 Ok(())
3911 }
3912
3913 /// Purges queued outgoing DATAGRAMs matching the predicate.
3914 ///
3915 /// In other words, remove all elements `e` such that `f(&e)` returns true.
3916 ///
3917 /// ## Examples:
3918 /// ```no_run
3919 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3920 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3921 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3922 /// # let from = "127.0.0.1:1234".parse().unwrap();
3923 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3924 /// conn.dgram_send(b"hello")?;
3925 /// conn.dgram_purge_outgoing(&|d: &[u8]| -> bool { d[0] == 0 });
3926 /// # Ok::<(), quiche::Error>(())
3927 /// ```
3928 #[inline]
dgram_purge_outgoing<F: Fn(&[u8]) -> bool>(&mut self, f: F)3929 pub fn dgram_purge_outgoing<F: Fn(&[u8]) -> bool>(&mut self, f: F) {
3930 self.dgram_send_queue.purge(f);
3931 }
3932
3933 /// Returns the maximum DATAGRAM payload that can be sent.
3934 ///
3935 /// [`None`] is returned if the peer hasn't advertised a maximum DATAGRAM
3936 /// frame size.
3937 ///
3938 /// ## Examples:
3939 ///
3940 /// ```no_run
3941 /// # let mut buf = [0; 512];
3942 /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3943 /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3944 /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3945 /// # let from = "127.0.0.1:1234".parse().unwrap();
3946 /// # let mut conn = quiche::accept(&scid, None, from, &mut config)?;
3947 /// if let Some(payload_size) = conn.dgram_max_writable_len() {
3948 /// if payload_size > 5 {
3949 /// conn.dgram_send(b"hello")?;
3950 /// }
3951 /// }
3952 /// # Ok::<(), quiche::Error>(())
3953 /// ```
3954 #[inline]
dgram_max_writable_len(&self) -> Option<usize>3955 pub fn dgram_max_writable_len(&self) -> Option<usize> {
3956 match self.peer_transport_params.max_datagram_frame_size {
3957 None => None,
3958 Some(peer_frame_len) => {
3959 // Start from the maximum packet size...
3960 let mut max_len = self.max_send_udp_payload_size();
3961 // ...subtract the Short packet header overhead...
3962 // (1 byte of pkt_len + len of dcid)
3963 max_len = max_len.saturating_sub(1 + self.dcid.len());
3964 // ...subtract the packet number (max len)...
3965 max_len = max_len.saturating_sub(packet::MAX_PKT_NUM_LEN);
3966 // ...subtract the crypto overhead...
3967 max_len = max_len.saturating_sub(
3968 self.pkt_num_spaces[packet::EPOCH_APPLICATION]
3969 .crypto_overhead()?,
3970 );
3971 // ...clamp to what peer can support...
3972 max_len = cmp::min(peer_frame_len as usize, max_len);
3973 // ...subtract frame overhead, checked for underflow.
3974 // (1 byte of frame type + len of length )
3975 max_len.checked_sub(1 + frame::MAX_DGRAM_OVERHEAD)
3976 },
3977 }
3978 }
3979
dgram_enabled(&self) -> bool3980 fn dgram_enabled(&self) -> bool {
3981 self.local_transport_params
3982 .max_datagram_frame_size
3983 .is_some()
3984 }
3985
3986 /// Returns the amount of time until the next timeout event.
3987 ///
3988 /// Once the given duration has elapsed, the [`on_timeout()`] method should
3989 /// be called. A timeout of `None` means that the timer should be disarmed.
3990 ///
3991 /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
timeout(&self) -> Option<time::Duration>3992 pub fn timeout(&self) -> Option<time::Duration> {
3993 if self.is_closed() {
3994 return None;
3995 }
3996
3997 let timeout = if self.is_draining() {
3998 // Draining timer takes precedence over all other timers. If it is
3999 // set it means the connection is closing so there's no point in
4000 // processing the other timers.
4001 self.draining_timer
4002 } else {
4003 // Use the lowest timer value (i.e. "sooner") among idle and loss
4004 // detection timers. If they are both unset (i.e. `None`) then the
4005 // result is `None`, but if at least one of them is set then a
4006 // `Some(...)` value is returned.
4007 let timers = [self.idle_timer, self.recovery.loss_detection_timer()];
4008
4009 timers.iter().filter_map(|&x| x).min()
4010 };
4011
4012 if let Some(timeout) = timeout {
4013 let now = time::Instant::now();
4014
4015 if timeout <= now {
4016 return Some(time::Duration::new(0, 0));
4017 }
4018
4019 return Some(timeout.duration_since(now));
4020 }
4021
4022 None
4023 }
4024
4025 /// Processes a timeout event.
4026 ///
4027 /// If no timeout has occurred it does nothing.
on_timeout(&mut self)4028 pub fn on_timeout(&mut self) {
4029 let now = time::Instant::now();
4030
4031 if let Some(draining_timer) = self.draining_timer {
4032 if draining_timer <= now {
4033 trace!("{} draining timeout expired", self.trace_id);
4034
4035 qlog_with!(self.qlog_streamer, q, {
4036 q.finish_log().ok();
4037 });
4038
4039 self.closed = true;
4040 }
4041
4042 // Draining timer takes precedence over all other timers. If it is
4043 // set it means the connection is closing so there's no point in
4044 // processing the other timers.
4045 return;
4046 }
4047
4048 if let Some(timer) = self.idle_timer {
4049 if timer <= now {
4050 trace!("{} idle timeout expired", self.trace_id);
4051
4052 qlog_with!(self.qlog_streamer, q, {
4053 q.finish_log().ok();
4054 });
4055
4056 self.closed = true;
4057 return;
4058 }
4059 }
4060
4061 if let Some(timer) = self.recovery.loss_detection_timer() {
4062 if timer <= now {
4063 trace!("{} loss detection timeout expired", self.trace_id);
4064
4065 self.recovery.on_loss_detection_timeout(
4066 self.handshake_status(),
4067 now,
4068 &self.trace_id,
4069 );
4070
4071 qlog_with!(self.qlog_streamer, q, {
4072 let ev = self.recovery.to_qlog();
4073 q.add_event(ev).ok();
4074 });
4075
4076 return;
4077 }
4078 }
4079 }
4080
4081 /// Closes the connection with the given error and reason.
4082 ///
4083 /// The `app` parameter specifies whether an application close should be
4084 /// sent to the peer. Otherwise a normal connection close is sent.
4085 ///
4086 /// Returns [`Done`] if the connection had already been closed.
4087 ///
4088 /// Note that the connection will not be closed immediately. An application
4089 /// should continue calling the [`recv()`], [`send()`], [`timeout()`] and
4090 /// [`on_timeout()`] methods as normal, until the [`is_closed()`] method
4091 /// returns `true`.
4092 ///
4093 /// [`Done`]: enum.Error.html#variant.Done
4094 /// [`recv()`]: struct.Connection.html#method.recv
4095 /// [`send()`]: struct.Connection.html#method.send
4096 /// [`timeout()`]: struct.Connection.html#method.timeout
4097 /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
4098 /// [`is_closed()`]: struct.Connection.html#method.is_closed
close(&mut self, app: bool, err: u64, reason: &[u8]) -> Result<()>4099 pub fn close(&mut self, app: bool, err: u64, reason: &[u8]) -> Result<()> {
4100 if self.is_closed() || self.is_draining() {
4101 return Err(Error::Done);
4102 }
4103
4104 if self.local_error.is_some() {
4105 return Err(Error::Done);
4106 }
4107
4108 self.local_error = Some(ConnectionError {
4109 is_app: app,
4110 error_code: err,
4111 reason: reason.to_vec(),
4112 });
4113
4114 // When no packet was successfully processed close connection immediately.
4115 if self.recv_count == 0 {
4116 self.closed = true;
4117 }
4118
4119 Ok(())
4120 }
4121
4122 /// Returns a string uniquely representing the connection.
4123 ///
4124 /// This can be used for logging purposes to differentiate between multiple
4125 /// connections.
4126 #[inline]
trace_id(&self) -> &str4127 pub fn trace_id(&self) -> &str {
4128 &self.trace_id
4129 }
4130
4131 /// Returns the negotiated ALPN protocol.
4132 ///
4133 /// If no protocol has been negotiated, the returned value is empty.
4134 #[inline]
application_proto(&self) -> &[u8]4135 pub fn application_proto(&self) -> &[u8] {
4136 self.alpn.as_ref()
4137 }
4138
4139 /// Returns the peer's leaf certificate (if any) as a DER-encoded buffer.
4140 #[inline]
peer_cert(&self) -> Option<Vec<u8>>4141 pub fn peer_cert(&self) -> Option<Vec<u8>> {
4142 self.handshake.lock().unwrap().peer_cert()
4143 }
4144
4145 /// Returns the serialized cryptographic session for the connection.
4146 ///
4147 /// This can be used by a client to cache a connection's session, and resume
4148 /// it later using the [`set_session()`] method.
4149 ///
4150 /// [`set_session()`]: struct.Connection.html#method.set_session
4151 #[inline]
session(&self) -> Option<Vec<u8>>4152 pub fn session(&self) -> Option<Vec<u8>> {
4153 self.session.clone()
4154 }
4155
4156 /// Returns the source connection ID.
4157 ///
4158 /// Note that the value returned can change throughout the connection's
4159 /// lifetime.
4160 #[inline]
source_id(&self) -> ConnectionId4161 pub fn source_id(&self) -> ConnectionId {
4162 ConnectionId::from_ref(self.scid.as_ref())
4163 }
4164
4165 /// Returns the destination connection ID.
4166 ///
4167 /// Note that the value returned can change throughout the connection's
4168 /// lifetime.
4169 #[inline]
destination_id(&self) -> ConnectionId4170 pub fn destination_id(&self) -> ConnectionId {
4171 ConnectionId::from_ref(self.dcid.as_ref())
4172 }
4173
4174 /// Returns true if the connection handshake is complete.
4175 #[inline]
is_established(&self) -> bool4176 pub fn is_established(&self) -> bool {
4177 self.handshake_completed
4178 }
4179
4180 /// Returns true if the connection is resumed.
4181 #[inline]
is_resumed(&self) -> bool4182 pub fn is_resumed(&self) -> bool {
4183 self.handshake.lock().unwrap().is_resumed()
4184 }
4185
4186 /// Returns true if the connection has a pending handshake that has
4187 /// progressed enough to send or receive early data.
4188 #[inline]
is_in_early_data(&self) -> bool4189 pub fn is_in_early_data(&self) -> bool {
4190 self.handshake.lock().unwrap().is_in_early_data()
4191 }
4192
4193 /// Returns whether there is stream or DATAGRAM data available to read.
4194 #[inline]
is_readable(&self) -> bool4195 pub fn is_readable(&self) -> bool {
4196 self.streams.has_readable() || self.dgram_recv_front_len().is_some()
4197 }
4198
4199 /// Returns true if the connection is draining.
4200 ///
4201 /// If this returns true, the connection object cannot yet be dropped, but
4202 /// no new application data can be sent or received. An application should
4203 /// continue calling the [`recv()`], [`send()`], [`timeout()`], and
4204 /// [`on_timeout()`] methods as normal, until the [`is_closed()`] method
4205 /// returns `true`.
4206 ///
4207 /// [`recv()`]: struct.Connection.html#method.recv
4208 /// [`send()`]: struct.Connection.html#method.send
4209 /// [`timeout()`]: struct.Connection.html#method.timeout
4210 /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
4211 /// [`is_closed()`]: struct.Connection.html#method.is_closed
4212 #[inline]
is_draining(&self) -> bool4213 pub fn is_draining(&self) -> bool {
4214 self.draining_timer.is_some()
4215 }
4216
4217 /// Returns true if the connection is closed.
4218 ///
4219 /// If this returns true, the connection object can be dropped.
4220 #[inline]
is_closed(&self) -> bool4221 pub fn is_closed(&self) -> bool {
4222 self.closed
4223 }
4224
4225 /// Returns the error received from the peer, if any.
4226 ///
4227 /// The values contained in the tuple are symmetric with the [`close()`]
4228 /// method.
4229 ///
4230 /// Note that a `Some` return value does not necessarily imply
4231 /// [`is_closed()`] or any other connection state.
4232 ///
4233 /// [`close()`]: struct.Connection.html#method.close
4234 /// [`is_closed()`]: struct.Connection.html#method.is_closed
4235 #[inline]
peer_error(&self) -> Option<&ConnectionError>4236 pub fn peer_error(&self) -> Option<&ConnectionError> {
4237 self.peer_error.as_ref()
4238 }
4239
4240 /// Collects and returns statistics about the connection.
4241 #[inline]
stats(&self) -> Stats4242 pub fn stats(&self) -> Stats {
4243 Stats {
4244 recv: self.recv_count,
4245 sent: self.sent_count,
4246 lost: self.recovery.lost_count,
4247 cwnd: self.recovery.cwnd(),
4248 rtt: self.recovery.rtt(),
4249 delivery_rate: self.recovery.delivery_rate(),
4250 }
4251 }
4252
encode_transport_params(&mut self) -> Result<()>4253 fn encode_transport_params(&mut self) -> Result<()> {
4254 let mut raw_params = [0; 128];
4255
4256 let raw_params = TransportParams::encode(
4257 &self.local_transport_params,
4258 self.is_server,
4259 &mut raw_params,
4260 )?;
4261
4262 self.handshake
4263 .lock()
4264 .unwrap()
4265 .set_quic_transport_params(raw_params)?;
4266
4267 Ok(())
4268 }
4269
parse_peer_transport_params( &mut self, peer_params: TransportParams, ) -> Result<()>4270 fn parse_peer_transport_params(
4271 &mut self, peer_params: TransportParams,
4272 ) -> Result<()> {
4273 if self.version >= PROTOCOL_VERSION_DRAFT28 ||
4274 self.version == PROTOCOL_VERSION_V1
4275 {
4276 // Validate initial_source_connection_id.
4277 match &peer_params.initial_source_connection_id {
4278 Some(v) if v != &self.dcid =>
4279 return Err(Error::InvalidTransportParam),
4280
4281 Some(_) => (),
4282
4283 // initial_source_connection_id must be sent by
4284 // both endpoints.
4285 None => return Err(Error::InvalidTransportParam),
4286 }
4287
4288 // Validate original_destination_connection_id.
4289 if let Some(odcid) = &self.odcid {
4290 match &peer_params.original_destination_connection_id {
4291 Some(v) if v != odcid =>
4292 return Err(Error::InvalidTransportParam),
4293
4294 Some(_) => (),
4295
4296 // original_destination_connection_id must be
4297 // sent by the server.
4298 None if !self.is_server =>
4299 return Err(Error::InvalidTransportParam),
4300
4301 None => (),
4302 }
4303 }
4304
4305 // Validate retry_source_connection_id.
4306 if let Some(rscid) = &self.rscid {
4307 match &peer_params.retry_source_connection_id {
4308 Some(v) if v != rscid =>
4309 return Err(Error::InvalidTransportParam),
4310
4311 Some(_) => (),
4312
4313 // retry_source_connection_id must be sent by
4314 // the server.
4315 None => return Err(Error::InvalidTransportParam),
4316 }
4317 }
4318 } else {
4319 // Legacy validation of the original connection ID when
4320 // stateless retry is performed, for drafts < 28.
4321 if self.did_retry &&
4322 peer_params.original_destination_connection_id != self.odcid
4323 {
4324 return Err(Error::InvalidTransportParam);
4325 }
4326 }
4327
4328 self.process_peer_transport_params(peer_params);
4329
4330 self.parsed_peer_transport_params = true;
4331
4332 Ok(())
4333 }
4334
process_peer_transport_params(&mut self, peer_params: TransportParams)4335 fn process_peer_transport_params(&mut self, peer_params: TransportParams) {
4336 self.max_tx_data = peer_params.initial_max_data;
4337
4338 // Update send capacity.
4339 self.tx_cap = cmp::min(
4340 self.recovery.cwnd_available() as u64,
4341 self.max_tx_data - self.tx_data,
4342 ) as usize;
4343
4344 self.streams
4345 .update_peer_max_streams_bidi(peer_params.initial_max_streams_bidi);
4346 self.streams
4347 .update_peer_max_streams_uni(peer_params.initial_max_streams_uni);
4348
4349 self.recovery.max_ack_delay =
4350 time::Duration::from_millis(peer_params.max_ack_delay);
4351
4352 self.recovery
4353 .update_max_datagram_size(peer_params.max_udp_payload_size as usize);
4354
4355 self.peer_transport_params = peer_params;
4356 }
4357
4358 /// Continues the handshake.
4359 ///
4360 /// If the connection is already established, it does nothing.
do_handshake(&mut self) -> Result<()>4361 fn do_handshake(&mut self) -> Result<()> {
4362 let handshake = self.handshake.lock().unwrap();
4363
4364 // Handshake is already complete, nothing more to do.
4365 if handshake.is_completed() {
4366 return Ok(());
4367 }
4368
4369 match handshake.do_handshake() {
4370 Ok(_) => (),
4371
4372 Err(Error::Done) => {
4373 // Try to parse transport parameters as soon as the first flight
4374 // of handshake data is processed.
4375 //
4376 // This is potentially dangerous as the handshake hasn't been
4377 // completed yet, though it's required to be able to send data
4378 // in 0.5 RTT.
4379 let raw_params = handshake.quic_transport_params();
4380
4381 if !self.parsed_peer_transport_params && !raw_params.is_empty() {
4382 let peer_params =
4383 TransportParams::decode(&raw_params, self.is_server)?;
4384
4385 // Unlock handshake object.
4386 drop(handshake);
4387
4388 self.parse_peer_transport_params(peer_params)?;
4389 }
4390
4391 return Ok(());
4392 },
4393
4394 Err(e) => return Err(e),
4395 };
4396
4397 self.handshake_completed = handshake.is_completed();
4398
4399 self.alpn = handshake.alpn_protocol().to_vec();
4400
4401 let cipher = handshake.cipher();
4402 let curve = handshake.curve();
4403 let sigalg = handshake.sigalg();
4404 let is_resumed = handshake.is_resumed();
4405
4406 let raw_params = handshake.quic_transport_params();
4407
4408 if !self.parsed_peer_transport_params && !raw_params.is_empty() {
4409 let peer_params =
4410 TransportParams::decode(&raw_params, self.is_server)?;
4411
4412 // Unlock handshake object.
4413 drop(handshake);
4414
4415 self.parse_peer_transport_params(peer_params)?;
4416 }
4417
4418 // Once the handshake is completed there's no point in processing 0-RTT
4419 // packets anymore, so clear the buffer now.
4420 if self.handshake_completed {
4421 self.undecryptable_pkts.clear();
4422 }
4423
4424 trace!("{} connection established: proto={:?} cipher={:?} curve={:?} sigalg={:?} resumed={} {:?}",
4425 &self.trace_id, std::str::from_utf8(self.application_proto()),
4426 cipher, curve, sigalg, is_resumed, self.peer_transport_params);
4427
4428 Ok(())
4429 }
4430
4431 /// Selects the packet type for the next outgoing packet.
write_pkt_type(&self) -> Result<packet::Type>4432 fn write_pkt_type(&self) -> Result<packet::Type> {
4433 // On error send packet in the latest epoch available, but only send
4434 // 1-RTT ones when the handshake is completed.
4435 if self
4436 .local_error
4437 .as_ref()
4438 .map_or(false, |conn_err| !conn_err.is_app)
4439 {
4440 let epoch = match self.handshake.lock().unwrap().write_level() {
4441 crypto::Level::Initial => packet::EPOCH_INITIAL,
4442 crypto::Level::ZeroRTT => unreachable!(),
4443 crypto::Level::Handshake => packet::EPOCH_HANDSHAKE,
4444 crypto::Level::OneRTT => packet::EPOCH_APPLICATION,
4445 };
4446
4447 if epoch == packet::EPOCH_APPLICATION && !self.is_established() {
4448 // Downgrade the epoch to handshake as the handshake is not
4449 // completed yet.
4450 return Ok(packet::Type::Handshake);
4451 }
4452
4453 return Ok(packet::Type::from_epoch(epoch));
4454 }
4455
4456 for epoch in packet::EPOCH_INITIAL..packet::EPOCH_COUNT {
4457 // Only send packets in a space when we have the send keys for it.
4458 if self.pkt_num_spaces[epoch].crypto_seal.is_none() {
4459 continue;
4460 }
4461
4462 // We are ready to send data for this packet number space.
4463 if self.pkt_num_spaces[epoch].ready() {
4464 return Ok(packet::Type::from_epoch(epoch));
4465 }
4466
4467 // There are lost frames in this packet number space.
4468 if !self.recovery.lost[epoch].is_empty() {
4469 return Ok(packet::Type::from_epoch(epoch));
4470 }
4471
4472 // We need to send PTO probe packets.
4473 if self.recovery.loss_probes[epoch] > 0 {
4474 return Ok(packet::Type::from_epoch(epoch));
4475 }
4476 }
4477
4478 // If there are flushable, almost full or blocked streams, use the
4479 // Application epoch.
4480 if (self.is_established() || self.is_in_early_data()) &&
4481 ((self.is_server && !self.handshake_done_sent) ||
4482 self.almost_full ||
4483 self.blocked_limit.is_some() ||
4484 self.dgram_send_queue.has_pending() ||
4485 self.local_error
4486 .as_ref()
4487 .map_or(false, |conn_err| conn_err.is_app) ||
4488 self.streams.should_update_max_streams_bidi() ||
4489 self.streams.should_update_max_streams_uni() ||
4490 self.streams.has_flushable() ||
4491 self.streams.has_almost_full() ||
4492 self.streams.has_blocked() ||
4493 self.streams.has_reset() ||
4494 self.streams.has_stopped())
4495 {
4496 if self.is_in_early_data() && !self.is_server {
4497 return Ok(packet::Type::ZeroRTT);
4498 }
4499
4500 return Ok(packet::Type::Short);
4501 }
4502
4503 Err(Error::Done)
4504 }
4505
4506 /// Returns the mutable stream with the given ID if it exists, or creates
4507 /// a new one otherwise.
get_or_create_stream( &mut self, id: u64, local: bool, ) -> Result<&mut stream::Stream>4508 fn get_or_create_stream(
4509 &mut self, id: u64, local: bool,
4510 ) -> Result<&mut stream::Stream> {
4511 self.streams.get_or_create(
4512 id,
4513 &self.local_transport_params,
4514 &self.peer_transport_params,
4515 local,
4516 self.is_server,
4517 )
4518 }
4519
4520 /// Processes an incoming frame.
process_frame( &mut self, frame: frame::Frame, epoch: packet::Epoch, now: time::Instant, ) -> Result<()>4521 fn process_frame(
4522 &mut self, frame: frame::Frame, epoch: packet::Epoch, now: time::Instant,
4523 ) -> Result<()> {
4524 trace!("{} rx frm {:?}", self.trace_id, frame);
4525
4526 match frame {
4527 frame::Frame::Padding { .. } => (),
4528
4529 frame::Frame::Ping => (),
4530
4531 frame::Frame::ACK { ranges, ack_delay } => {
4532 let ack_delay = ack_delay
4533 .checked_mul(2_u64.pow(
4534 self.peer_transport_params.ack_delay_exponent as u32,
4535 ))
4536 .ok_or(Error::InvalidFrame)?;
4537
4538 if epoch == packet::EPOCH_HANDSHAKE {
4539 self.peer_verified_address = true;
4540 }
4541
4542 // When we receive an ACK for a 1-RTT packet after handshake
4543 // completion, it means the handshake has been confirmed.
4544 if epoch == packet::EPOCH_APPLICATION && self.is_established() {
4545 self.peer_verified_address = true;
4546
4547 self.handshake_confirmed = true;
4548 }
4549
4550 self.recovery.on_ack_received(
4551 &ranges,
4552 ack_delay,
4553 epoch,
4554 self.handshake_status(),
4555 now,
4556 &self.trace_id,
4557 )?;
4558
4559 // Once the handshake is confirmed, we can drop Handshake keys.
4560 if self.handshake_confirmed {
4561 self.drop_epoch_state(packet::EPOCH_HANDSHAKE, now);
4562 }
4563 },
4564
4565 frame::Frame::ResetStream {
4566 stream_id,
4567 final_size,
4568 ..
4569 } => {
4570 // Peer can't send on our unidirectional streams.
4571 if !stream::is_bidi(stream_id) &&
4572 stream::is_local(stream_id, self.is_server)
4573 {
4574 return Err(Error::InvalidStreamState(stream_id));
4575 }
4576
4577 // Get existing stream or create a new one, but if the stream
4578 // has already been closed and collected, ignore the frame.
4579 //
4580 // This can happen if e.g. an ACK frame is lost, and the peer
4581 // retransmits another frame before it realizes that the stream
4582 // is gone.
4583 //
4584 // Note that it makes it impossible to check if the frame is
4585 // illegal, since we have no state, but since we ignore the
4586 // frame, it should be fine.
4587 let stream = match self.get_or_create_stream(stream_id, false) {
4588 Ok(v) => v,
4589
4590 Err(Error::Done) => return Ok(()),
4591
4592 Err(e) => return Err(e),
4593 };
4594
4595 self.rx_data += stream.recv.reset(final_size)? as u64;
4596
4597 if self.rx_data > self.max_rx_data {
4598 return Err(Error::FlowControl);
4599 }
4600 },
4601
4602 frame::Frame::StopSending {
4603 stream_id,
4604 error_code,
4605 } => {
4606 // STOP_SENDING on a receive-only stream is a fatal error.
4607 if !stream::is_local(stream_id, self.is_server) &&
4608 !stream::is_bidi(stream_id)
4609 {
4610 return Err(Error::InvalidStreamState(stream_id));
4611 }
4612
4613 // Get existing stream or create a new one, but if the stream
4614 // has already been closed and collected, ignore the frame.
4615 //
4616 // This can happen if e.g. an ACK frame is lost, and the peer
4617 // retransmits another frame before it realizes that the stream
4618 // is gone.
4619 //
4620 // Note that it makes it impossible to check if the frame is
4621 // illegal, since we have no state, but since we ignore the
4622 // frame, it should be fine.
4623 let stream = match self.get_or_create_stream(stream_id, false) {
4624 Ok(v) => v,
4625
4626 Err(Error::Done) => return Ok(()),
4627
4628 Err(e) => return Err(e),
4629 };
4630
4631 let was_writable = stream.is_writable();
4632
4633 // Try stopping the stream.
4634 if let Ok(final_size) = stream.send.stop(error_code) {
4635 self.streams
4636 .mark_reset(stream_id, true, error_code, final_size);
4637
4638 if !was_writable {
4639 self.streams.mark_writable(stream_id, true);
4640 }
4641 }
4642 },
4643
4644 frame::Frame::Crypto { data } => {
4645 // Push the data to the stream so it can be re-ordered.
4646 self.pkt_num_spaces[epoch].crypto_stream.recv.write(data)?;
4647
4648 // Feed crypto data to the TLS state, if there's data
4649 // available at the expected offset.
4650 let mut crypto_buf = [0; 512];
4651
4652 let level = crypto::Level::from_epoch(epoch);
4653
4654 let stream = &mut self.pkt_num_spaces[epoch].crypto_stream;
4655
4656 while let Ok((read, _)) = stream.recv.emit(&mut crypto_buf) {
4657 let recv_buf = &crypto_buf[..read];
4658 self.handshake
4659 .lock()
4660 .unwrap()
4661 .provide_data(level, &recv_buf)?;
4662 }
4663
4664 if self.is_established() {
4665 self.handshake.lock().unwrap().process_post_handshake()?;
4666 } else {
4667 self.do_handshake()?;
4668 }
4669 },
4670
4671 frame::Frame::CryptoHeader { .. } => unreachable!(),
4672
4673 // TODO: implement stateless retry
4674 frame::Frame::NewToken { .. } => (),
4675
4676 frame::Frame::Stream { stream_id, data } => {
4677 // Peer can't send on our unidirectional streams.
4678 if !stream::is_bidi(stream_id) &&
4679 stream::is_local(stream_id, self.is_server)
4680 {
4681 return Err(Error::InvalidStreamState(stream_id));
4682 }
4683
4684 let max_rx_data_left = self.max_rx_data - self.rx_data;
4685
4686 // Get existing stream or create a new one, but if the stream
4687 // has already been closed and collected, ignore the frame.
4688 //
4689 // This can happen if e.g. an ACK frame is lost, and the peer
4690 // retransmits another frame before it realizes that the stream
4691 // is gone.
4692 //
4693 // Note that it makes it impossible to check if the frame is
4694 // illegal, since we have no state, but since we ignore the
4695 // frame, it should be fine.
4696 let stream = match self.get_or_create_stream(stream_id, false) {
4697 Ok(v) => v,
4698
4699 Err(Error::Done) => return Ok(()),
4700
4701 Err(e) => return Err(e),
4702 };
4703
4704 // Check for the connection-level flow control limit.
4705 let max_off_delta =
4706 data.max_off().saturating_sub(stream.recv.max_off());
4707
4708 if max_off_delta > max_rx_data_left {
4709 return Err(Error::FlowControl);
4710 }
4711
4712 stream.recv.write(data)?;
4713
4714 if stream.is_readable() {
4715 self.streams.mark_readable(stream_id, true);
4716 }
4717
4718 self.rx_data += max_off_delta;
4719 },
4720
4721 frame::Frame::StreamHeader { .. } => unreachable!(),
4722
4723 frame::Frame::MaxData { max } => {
4724 self.max_tx_data = cmp::max(self.max_tx_data, max);
4725 },
4726
4727 frame::Frame::MaxStreamData { stream_id, max } => {
4728 // Peer can't receive on its own unidirectional streams.
4729 if !stream::is_bidi(stream_id) &&
4730 !stream::is_local(stream_id, self.is_server)
4731 {
4732 return Err(Error::InvalidStreamState(stream_id));
4733 }
4734
4735 // Get existing stream or create a new one, but if the stream
4736 // has already been closed and collected, ignore the frame.
4737 //
4738 // This can happen if e.g. an ACK frame is lost, and the peer
4739 // retransmits another frame before it realizes that the stream
4740 // is gone.
4741 //
4742 // Note that it makes it impossible to check if the frame is
4743 // illegal, since we have no state, but since we ignore the
4744 // frame, it should be fine.
4745 let stream = match self.get_or_create_stream(stream_id, false) {
4746 Ok(v) => v,
4747
4748 Err(Error::Done) => return Ok(()),
4749
4750 Err(e) => return Err(e),
4751 };
4752
4753 let was_flushable = stream.is_flushable();
4754
4755 stream.send.update_max_data(max);
4756
4757 let writable = stream.is_writable();
4758
4759 // If the stream is now flushable push it to the flushable queue,
4760 // but only if it wasn't already queued.
4761 if stream.is_flushable() && !was_flushable {
4762 let urgency = stream.urgency;
4763 let incremental = stream.incremental;
4764 self.streams.push_flushable(stream_id, urgency, incremental);
4765 }
4766
4767 if writable {
4768 self.streams.mark_writable(stream_id, true);
4769 }
4770 },
4771
4772 frame::Frame::MaxStreamsBidi { max } => {
4773 if max > MAX_STREAM_ID {
4774 return Err(Error::InvalidFrame);
4775 }
4776
4777 self.streams.update_peer_max_streams_bidi(max);
4778 },
4779
4780 frame::Frame::MaxStreamsUni { max } => {
4781 if max > MAX_STREAM_ID {
4782 return Err(Error::InvalidFrame);
4783 }
4784
4785 self.streams.update_peer_max_streams_uni(max);
4786 },
4787
4788 frame::Frame::DataBlocked { .. } => (),
4789
4790 frame::Frame::StreamDataBlocked { .. } => (),
4791
4792 frame::Frame::StreamsBlockedBidi { limit } =>
4793 if limit > MAX_STREAM_ID {
4794 return Err(Error::InvalidFrame);
4795 },
4796
4797 frame::Frame::StreamsBlockedUni { limit } =>
4798 if limit > MAX_STREAM_ID {
4799 return Err(Error::InvalidFrame);
4800 },
4801
4802 // TODO: implement connection migration
4803 frame::Frame::NewConnectionId { .. } => (),
4804
4805 // TODO: implement connection migration
4806 frame::Frame::RetireConnectionId { .. } => (),
4807
4808 frame::Frame::PathChallenge { data } => {
4809 self.challenge = Some(data);
4810 },
4811
4812 frame::Frame::PathResponse { .. } => (),
4813
4814 frame::Frame::ConnectionClose {
4815 error_code, reason, ..
4816 } => {
4817 self.peer_error = Some(ConnectionError {
4818 is_app: false,
4819 error_code,
4820 reason,
4821 });
4822 self.draining_timer = Some(now + (self.recovery.pto() * 3));
4823 },
4824
4825 frame::Frame::ApplicationClose { error_code, reason } => {
4826 self.peer_error = Some(ConnectionError {
4827 is_app: true,
4828 error_code,
4829 reason,
4830 });
4831 self.draining_timer = Some(now + (self.recovery.pto() * 3));
4832 },
4833
4834 frame::Frame::HandshakeDone => {
4835 if self.is_server {
4836 return Err(Error::InvalidPacket);
4837 }
4838
4839 self.peer_verified_address = true;
4840
4841 self.handshake_confirmed = true;
4842
4843 // Once the handshake is confirmed, we can drop Handshake keys.
4844 self.drop_epoch_state(packet::EPOCH_HANDSHAKE, now);
4845 },
4846
4847 frame::Frame::Datagram { data } => {
4848 // Close the connection if DATAGRAMs are not enabled.
4849 // quiche always advertises support for 64K sized DATAGRAM
4850 // frames, as recommended by the standard, so we don't need a
4851 // size check.
4852 if !self.dgram_enabled() {
4853 return Err(Error::InvalidState);
4854 }
4855
4856 // If recv queue is full, discard oldest
4857 if self.dgram_recv_queue.is_full() {
4858 self.dgram_recv_queue.pop();
4859 }
4860
4861 self.dgram_recv_queue.push(&data)?;
4862 },
4863 }
4864
4865 Ok(())
4866 }
4867
4868 /// Drops the keys and recovery state for the given epoch.
drop_epoch_state(&mut self, epoch: packet::Epoch, now: time::Instant)4869 fn drop_epoch_state(&mut self, epoch: packet::Epoch, now: time::Instant) {
4870 if self.pkt_num_spaces[epoch].crypto_open.is_none() {
4871 return;
4872 }
4873
4874 self.pkt_num_spaces[epoch].crypto_open = None;
4875 self.pkt_num_spaces[epoch].crypto_seal = None;
4876 self.pkt_num_spaces[epoch].clear();
4877
4878 self.recovery.on_pkt_num_space_discarded(
4879 epoch,
4880 self.handshake_status(),
4881 now,
4882 );
4883
4884 trace!("{} dropped epoch {} state", self.trace_id, epoch);
4885 }
4886
4887 /// Returns true if the connection-level flow control needs to be updated.
4888 ///
4889 /// This happens when the new max data limit is at least double the amount
4890 /// of data that can be received before blocking.
should_update_max_data(&self) -> bool4891 fn should_update_max_data(&self) -> bool {
4892 self.max_rx_data_next != self.max_rx_data &&
4893 self.max_rx_data_next / 2 > self.max_rx_data - self.rx_data
4894 }
4895
4896 /// Returns the idle timeout value.
4897 ///
4898 /// `None` is returned if both end-points disabled the idle timeout.
idle_timeout(&mut self) -> Option<time::Duration>4899 fn idle_timeout(&mut self) -> Option<time::Duration> {
4900 // If the transport parameter is set to 0, then the respective endpoint
4901 // decided to disable the idle timeout. If both are disabled we should
4902 // not set any timeout.
4903 if self.local_transport_params.max_idle_timeout == 0 &&
4904 self.peer_transport_params.max_idle_timeout == 0
4905 {
4906 return None;
4907 }
4908
4909 // If the local endpoint or the peer disabled the idle timeout, use the
4910 // other peer's value, otherwise use the minimum of the two values.
4911 let idle_timeout = if self.local_transport_params.max_idle_timeout == 0 {
4912 self.peer_transport_params.max_idle_timeout
4913 } else if self.peer_transport_params.max_idle_timeout == 0 {
4914 self.local_transport_params.max_idle_timeout
4915 } else {
4916 cmp::min(
4917 self.local_transport_params.max_idle_timeout,
4918 self.peer_transport_params.max_idle_timeout,
4919 )
4920 };
4921
4922 let idle_timeout = time::Duration::from_millis(idle_timeout);
4923 let idle_timeout = cmp::max(idle_timeout, 3 * self.recovery.pto());
4924
4925 Some(idle_timeout)
4926 }
4927
4928 /// Returns the connection's handshake status for use in loss recovery.
handshake_status(&self) -> recovery::HandshakeStatus4929 fn handshake_status(&self) -> recovery::HandshakeStatus {
4930 recovery::HandshakeStatus {
4931 has_handshake_keys: self.pkt_num_spaces[packet::EPOCH_HANDSHAKE]
4932 .has_keys(),
4933
4934 peer_verified_address: self.peer_verified_address,
4935
4936 completed: self.is_established(),
4937 }
4938 }
4939 }
4940
4941 /// Maps an `Error` to `Error::Done`, or itself.
4942 ///
4943 /// When a received packet that hasn't yet been authenticated triggers a failure
4944 /// it should, in most cases, be ignored, instead of raising a connection error,
4945 /// to avoid potential man-in-the-middle and man-on-the-side attacks.
4946 ///
4947 /// However, if no other packet was previously received, the connection should
4948 /// indeed be closed as the received packet might just be network background
4949 /// noise, and it shouldn't keep resources occupied indefinitely.
4950 ///
4951 /// This function maps an error to `Error::Done` to ignore a packet failure
4952 /// without aborting the connection, except when no other packet was previously
4953 /// received, in which case the error itself is returned, but only on the
4954 /// server-side as the client will already have armed the idle timer.
4955 ///
4956 /// This must only be used for errors preceding packet authentication. Failures
4957 /// happening after a packet has been authenticated should still cause the
4958 /// connection to be aborted.
drop_pkt_on_err( e: Error, recv_count: usize, is_server: bool, trace_id: &str, ) -> Error4959 fn drop_pkt_on_err(
4960 e: Error, recv_count: usize, is_server: bool, trace_id: &str,
4961 ) -> Error {
4962 // On the server, if no other packet has been successflully processed, abort
4963 // the connection to avoid keeping the connection open when only junk is
4964 // received.
4965 if is_server && recv_count == 0 {
4966 return e;
4967 }
4968
4969 trace!("{} dropped invalid packet", trace_id);
4970
4971 // Ignore other invalid packets that haven't been authenticated to prevent
4972 // man-in-the-middle and man-on-the-side attacks.
4973 Error::Done
4974 }
4975
4976 /// Statistics about the connection.
4977 ///
4978 /// A connection's statistics can be collected using the [`stats()`] method.
4979 ///
4980 /// [`stats()`]: struct.Connection.html#method.stats
4981 #[derive(Clone)]
4982 pub struct Stats {
4983 /// The number of QUIC packets received.
4984 pub recv: usize,
4985
4986 /// The number of QUIC packets sent.
4987 pub sent: usize,
4988
4989 /// The number of QUIC packets that were lost.
4990 pub lost: usize,
4991
4992 /// The estimated round-trip time of the connection.
4993 pub rtt: time::Duration,
4994
4995 /// The size of the connection's congestion window in bytes.
4996 pub cwnd: usize,
4997
4998 /// The most recent data delivery rate estimate in bytes/s.
4999 pub delivery_rate: u64,
5000 }
5001
5002 impl std::fmt::Debug for Stats {
5003 #[inline]
fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result5004 fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
5005 write!(
5006 f,
5007 "recv={} sent={} lost={} rtt={:?} cwnd={}",
5008 self.recv, self.sent, self.lost, self.rtt, self.cwnd,
5009 )
5010 }
5011 }
5012
5013 #[derive(Clone, Debug, PartialEq)]
5014 struct TransportParams {
5015 pub original_destination_connection_id: Option<ConnectionId<'static>>,
5016 pub max_idle_timeout: u64,
5017 pub stateless_reset_token: Option<Vec<u8>>,
5018 pub max_udp_payload_size: u64,
5019 pub initial_max_data: u64,
5020 pub initial_max_stream_data_bidi_local: u64,
5021 pub initial_max_stream_data_bidi_remote: u64,
5022 pub initial_max_stream_data_uni: u64,
5023 pub initial_max_streams_bidi: u64,
5024 pub initial_max_streams_uni: u64,
5025 pub ack_delay_exponent: u64,
5026 pub max_ack_delay: u64,
5027 pub disable_active_migration: bool,
5028 // pub preferred_address: ...,
5029 pub active_conn_id_limit: u64,
5030 pub initial_source_connection_id: Option<ConnectionId<'static>>,
5031 pub retry_source_connection_id: Option<ConnectionId<'static>>,
5032 pub max_datagram_frame_size: Option<u64>,
5033 }
5034
5035 impl Default for TransportParams {
default() -> TransportParams5036 fn default() -> TransportParams {
5037 TransportParams {
5038 original_destination_connection_id: None,
5039 max_idle_timeout: 0,
5040 stateless_reset_token: None,
5041 max_udp_payload_size: 65527,
5042 initial_max_data: 0,
5043 initial_max_stream_data_bidi_local: 0,
5044 initial_max_stream_data_bidi_remote: 0,
5045 initial_max_stream_data_uni: 0,
5046 initial_max_streams_bidi: 0,
5047 initial_max_streams_uni: 0,
5048 ack_delay_exponent: 3,
5049 max_ack_delay: 25,
5050 disable_active_migration: false,
5051 active_conn_id_limit: 2,
5052 initial_source_connection_id: None,
5053 retry_source_connection_id: None,
5054 max_datagram_frame_size: None,
5055 }
5056 }
5057 }
5058
5059 impl TransportParams {
decode(buf: &[u8], is_server: bool) -> Result<TransportParams>5060 fn decode(buf: &[u8], is_server: bool) -> Result<TransportParams> {
5061 let mut params = octets::Octets::with_slice(buf);
5062
5063 let mut tp = TransportParams::default();
5064
5065 while params.cap() > 0 {
5066 let id = params.get_varint()?;
5067
5068 let mut val = params.get_bytes_with_varint_length()?;
5069
5070 // TODO: forbid duplicated param
5071
5072 match id {
5073 0x0000 => {
5074 if is_server {
5075 return Err(Error::InvalidTransportParam);
5076 }
5077
5078 tp.original_destination_connection_id =
5079 Some(val.to_vec().into());
5080 },
5081
5082 0x0001 => {
5083 tp.max_idle_timeout = val.get_varint()?;
5084 },
5085
5086 0x0002 => {
5087 if is_server {
5088 return Err(Error::InvalidTransportParam);
5089 }
5090
5091 tp.stateless_reset_token = Some(val.get_bytes(16)?.to_vec());
5092 },
5093
5094 0x0003 => {
5095 tp.max_udp_payload_size = val.get_varint()?;
5096
5097 if tp.max_udp_payload_size < 1200 {
5098 return Err(Error::InvalidTransportParam);
5099 }
5100 },
5101
5102 0x0004 => {
5103 tp.initial_max_data = val.get_varint()?;
5104 },
5105
5106 0x0005 => {
5107 tp.initial_max_stream_data_bidi_local = val.get_varint()?;
5108 },
5109
5110 0x0006 => {
5111 tp.initial_max_stream_data_bidi_remote = val.get_varint()?;
5112 },
5113
5114 0x0007 => {
5115 tp.initial_max_stream_data_uni = val.get_varint()?;
5116 },
5117
5118 0x0008 => {
5119 let max = val.get_varint()?;
5120
5121 if max > MAX_STREAM_ID {
5122 return Err(Error::InvalidTransportParam);
5123 }
5124
5125 tp.initial_max_streams_bidi = max;
5126 },
5127
5128 0x0009 => {
5129 let max = val.get_varint()?;
5130
5131 if max > MAX_STREAM_ID {
5132 return Err(Error::InvalidTransportParam);
5133 }
5134
5135 tp.initial_max_streams_uni = max;
5136 },
5137
5138 0x000a => {
5139 let ack_delay_exponent = val.get_varint()?;
5140
5141 if ack_delay_exponent > 20 {
5142 return Err(Error::InvalidTransportParam);
5143 }
5144
5145 tp.ack_delay_exponent = ack_delay_exponent;
5146 },
5147
5148 0x000b => {
5149 let max_ack_delay = val.get_varint()?;
5150
5151 if max_ack_delay >= 2_u64.pow(14) {
5152 return Err(Error::InvalidTransportParam);
5153 }
5154
5155 tp.max_ack_delay = max_ack_delay;
5156 },
5157
5158 0x000c => {
5159 tp.disable_active_migration = true;
5160 },
5161
5162 0x000d => {
5163 if is_server {
5164 return Err(Error::InvalidTransportParam);
5165 }
5166
5167 // TODO: decode preferred_address
5168 },
5169
5170 0x000e => {
5171 let limit = val.get_varint()?;
5172
5173 if limit < 2 {
5174 return Err(Error::InvalidTransportParam);
5175 }
5176
5177 tp.active_conn_id_limit = limit;
5178 },
5179
5180 0x000f => {
5181 tp.initial_source_connection_id = Some(val.to_vec().into());
5182 },
5183
5184 0x00010 => {
5185 if is_server {
5186 return Err(Error::InvalidTransportParam);
5187 }
5188
5189 tp.retry_source_connection_id = Some(val.to_vec().into());
5190 },
5191
5192 0x0020 => {
5193 tp.max_datagram_frame_size = Some(val.get_varint()?);
5194 },
5195
5196 // Ignore unknown parameters.
5197 _ => (),
5198 }
5199 }
5200
5201 Ok(tp)
5202 }
5203
encode_param( b: &mut octets::OctetsMut, ty: u64, len: usize, ) -> Result<()>5204 fn encode_param(
5205 b: &mut octets::OctetsMut, ty: u64, len: usize,
5206 ) -> Result<()> {
5207 b.put_varint(ty)?;
5208 b.put_varint(len as u64)?;
5209
5210 Ok(())
5211 }
5212
encode<'a>( tp: &TransportParams, is_server: bool, out: &'a mut [u8], ) -> Result<&'a mut [u8]>5213 fn encode<'a>(
5214 tp: &TransportParams, is_server: bool, out: &'a mut [u8],
5215 ) -> Result<&'a mut [u8]> {
5216 let mut b = octets::OctetsMut::with_slice(out);
5217
5218 if is_server {
5219 if let Some(ref odcid) = tp.original_destination_connection_id {
5220 TransportParams::encode_param(&mut b, 0x0000, odcid.len())?;
5221 b.put_bytes(&odcid)?;
5222 }
5223 };
5224
5225 if tp.max_idle_timeout != 0 {
5226 TransportParams::encode_param(
5227 &mut b,
5228 0x0001,
5229 octets::varint_len(tp.max_idle_timeout),
5230 )?;
5231 b.put_varint(tp.max_idle_timeout)?;
5232 }
5233
5234 if is_server {
5235 if let Some(ref token) = tp.stateless_reset_token {
5236 TransportParams::encode_param(&mut b, 0x0002, token.len())?;
5237 b.put_bytes(&token)?;
5238 }
5239 }
5240
5241 if tp.max_udp_payload_size != 0 {
5242 TransportParams::encode_param(
5243 &mut b,
5244 0x0003,
5245 octets::varint_len(tp.max_udp_payload_size),
5246 )?;
5247 b.put_varint(tp.max_udp_payload_size)?;
5248 }
5249
5250 if tp.initial_max_data != 0 {
5251 TransportParams::encode_param(
5252 &mut b,
5253 0x0004,
5254 octets::varint_len(tp.initial_max_data),
5255 )?;
5256 b.put_varint(tp.initial_max_data)?;
5257 }
5258
5259 if tp.initial_max_stream_data_bidi_local != 0 {
5260 TransportParams::encode_param(
5261 &mut b,
5262 0x0005,
5263 octets::varint_len(tp.initial_max_stream_data_bidi_local),
5264 )?;
5265 b.put_varint(tp.initial_max_stream_data_bidi_local)?;
5266 }
5267
5268 if tp.initial_max_stream_data_bidi_remote != 0 {
5269 TransportParams::encode_param(
5270 &mut b,
5271 0x0006,
5272 octets::varint_len(tp.initial_max_stream_data_bidi_remote),
5273 )?;
5274 b.put_varint(tp.initial_max_stream_data_bidi_remote)?;
5275 }
5276
5277 if tp.initial_max_stream_data_uni != 0 {
5278 TransportParams::encode_param(
5279 &mut b,
5280 0x0007,
5281 octets::varint_len(tp.initial_max_stream_data_uni),
5282 )?;
5283 b.put_varint(tp.initial_max_stream_data_uni)?;
5284 }
5285
5286 if tp.initial_max_streams_bidi != 0 {
5287 TransportParams::encode_param(
5288 &mut b,
5289 0x0008,
5290 octets::varint_len(tp.initial_max_streams_bidi),
5291 )?;
5292 b.put_varint(tp.initial_max_streams_bidi)?;
5293 }
5294
5295 if tp.initial_max_streams_uni != 0 {
5296 TransportParams::encode_param(
5297 &mut b,
5298 0x0009,
5299 octets::varint_len(tp.initial_max_streams_uni),
5300 )?;
5301 b.put_varint(tp.initial_max_streams_uni)?;
5302 }
5303
5304 if tp.ack_delay_exponent != 0 {
5305 TransportParams::encode_param(
5306 &mut b,
5307 0x000a,
5308 octets::varint_len(tp.ack_delay_exponent),
5309 )?;
5310 b.put_varint(tp.ack_delay_exponent)?;
5311 }
5312
5313 if tp.max_ack_delay != 0 {
5314 TransportParams::encode_param(
5315 &mut b,
5316 0x000b,
5317 octets::varint_len(tp.max_ack_delay),
5318 )?;
5319 b.put_varint(tp.max_ack_delay)?;
5320 }
5321
5322 if tp.disable_active_migration {
5323 TransportParams::encode_param(&mut b, 0x000c, 0)?;
5324 }
5325
5326 // TODO: encode preferred_address
5327
5328 if tp.active_conn_id_limit != 2 {
5329 TransportParams::encode_param(
5330 &mut b,
5331 0x000e,
5332 octets::varint_len(tp.active_conn_id_limit),
5333 )?;
5334 b.put_varint(tp.active_conn_id_limit)?;
5335 }
5336
5337 if let Some(scid) = &tp.initial_source_connection_id {
5338 TransportParams::encode_param(&mut b, 0x000f, scid.len())?;
5339 b.put_bytes(&scid)?;
5340 }
5341
5342 if is_server {
5343 if let Some(scid) = &tp.retry_source_connection_id {
5344 TransportParams::encode_param(&mut b, 0x0010, scid.len())?;
5345 b.put_bytes(&scid)?;
5346 }
5347 }
5348
5349 if let Some(max_datagram_frame_size) = tp.max_datagram_frame_size {
5350 TransportParams::encode_param(
5351 &mut b,
5352 0x0020,
5353 octets::varint_len(max_datagram_frame_size),
5354 )?;
5355 b.put_varint(max_datagram_frame_size)?;
5356 }
5357
5358 let out_len = b.off();
5359
5360 Ok(&mut out[..out_len])
5361 }
5362
5363 /// Creates a qlog event for connection transport parameters and TLS fields
5364 #[cfg(feature = "qlog")]
to_qlog( &self, owner: qlog::TransportOwner, version: u32, alpn: &[u8], cipher: Option<crypto::Algorithm>, ) -> qlog::event::Event5365 pub fn to_qlog(
5366 &self, owner: qlog::TransportOwner, version: u32, alpn: &[u8],
5367 cipher: Option<crypto::Algorithm>,
5368 ) -> qlog::event::Event {
5369 let ocid = qlog::HexSlice::maybe_string(
5370 self.original_destination_connection_id.as_ref(),
5371 );
5372 let stateless_reset_token =
5373 qlog::HexSlice::maybe_string(self.stateless_reset_token.as_ref());
5374
5375 qlog::event::Event::transport_parameters_set(
5376 Some(owner),
5377 None, // resumption
5378 None, // early data
5379 String::from_utf8(alpn.to_vec()).ok(),
5380 Some(format!("{:x?}", version)),
5381 Some(format!("{:?}", cipher)),
5382 ocid,
5383 stateless_reset_token,
5384 Some(self.disable_active_migration),
5385 Some(self.max_idle_timeout),
5386 Some(self.max_udp_payload_size),
5387 Some(self.ack_delay_exponent),
5388 Some(self.max_ack_delay),
5389 Some(self.active_conn_id_limit),
5390 Some(self.initial_max_data.to_string()),
5391 Some(self.initial_max_stream_data_bidi_local.to_string()),
5392 Some(self.initial_max_stream_data_bidi_remote.to_string()),
5393 Some(self.initial_max_stream_data_uni.to_string()),
5394 Some(self.initial_max_streams_bidi.to_string()),
5395 Some(self.initial_max_streams_uni.to_string()),
5396 None, // preferred address
5397 )
5398 }
5399 }
5400
5401 #[doc(hidden)]
5402 pub mod testing {
5403 use super::*;
5404
5405 pub struct Pipe {
5406 pub client: Pin<Box<Connection>>,
5407 pub server: Pin<Box<Connection>>,
5408 }
5409
5410 impl Pipe {
default() -> Result<Pipe>5411 pub fn default() -> Result<Pipe> {
5412 let mut config = Config::new(crate::PROTOCOL_VERSION)?;
5413 config.load_cert_chain_from_pem_file("examples/cert.crt")?;
5414 config.load_priv_key_from_pem_file("examples/cert.key")?;
5415 config.set_application_protos(b"\x06proto1\x06proto2")?;
5416 config.set_initial_max_data(30);
5417 config.set_initial_max_stream_data_bidi_local(15);
5418 config.set_initial_max_stream_data_bidi_remote(15);
5419 config.set_initial_max_stream_data_uni(10);
5420 config.set_initial_max_streams_bidi(3);
5421 config.set_initial_max_streams_uni(3);
5422 config.set_max_idle_timeout(180_000);
5423 config.verify_peer(false);
5424 config.set_ack_delay_exponent(5);
5425
5426 Pipe::with_config(&mut config)
5427 }
5428
with_config(config: &mut Config) -> Result<Pipe>5429 pub fn with_config(config: &mut Config) -> Result<Pipe> {
5430 let mut client_scid = [0; 16];
5431 rand::rand_bytes(&mut client_scid[..]);
5432 let client_scid = ConnectionId::from_ref(&client_scid);
5433 let client_addr = "127.0.0.1:1234".parse().unwrap();
5434
5435 let mut server_scid = [0; 16];
5436 rand::rand_bytes(&mut server_scid[..]);
5437 let server_scid = ConnectionId::from_ref(&server_scid);
5438 let server_addr = "127.0.0.1:4321".parse().unwrap();
5439
5440 Ok(Pipe {
5441 client: connect(
5442 Some("quic.tech"),
5443 &client_scid,
5444 client_addr,
5445 config,
5446 )?,
5447 server: accept(&server_scid, None, server_addr, config)?,
5448 })
5449 }
5450
with_client_config(client_config: &mut Config) -> Result<Pipe>5451 pub fn with_client_config(client_config: &mut Config) -> Result<Pipe> {
5452 let mut client_scid = [0; 16];
5453 rand::rand_bytes(&mut client_scid[..]);
5454 let client_scid = ConnectionId::from_ref(&client_scid);
5455 let client_addr = "127.0.0.1:1234".parse().unwrap();
5456
5457 let mut server_scid = [0; 16];
5458 rand::rand_bytes(&mut server_scid[..]);
5459 let server_scid = ConnectionId::from_ref(&server_scid);
5460 let server_addr = "127.0.0.1:4321".parse().unwrap();
5461
5462 let mut config = Config::new(crate::PROTOCOL_VERSION)?;
5463 config.load_cert_chain_from_pem_file("examples/cert.crt")?;
5464 config.load_priv_key_from_pem_file("examples/cert.key")?;
5465 config.set_application_protos(b"\x06proto1\x06proto2")?;
5466 config.set_initial_max_data(30);
5467 config.set_initial_max_stream_data_bidi_local(15);
5468 config.set_initial_max_stream_data_bidi_remote(15);
5469 config.set_initial_max_streams_bidi(3);
5470 config.set_initial_max_streams_uni(3);
5471
5472 Ok(Pipe {
5473 client: connect(
5474 Some("quic.tech"),
5475 &client_scid,
5476 client_addr,
5477 client_config,
5478 )?,
5479 server: accept(&server_scid, None, server_addr, &mut config)?,
5480 })
5481 }
5482
with_server_config(server_config: &mut Config) -> Result<Pipe>5483 pub fn with_server_config(server_config: &mut Config) -> Result<Pipe> {
5484 let mut client_scid = [0; 16];
5485 rand::rand_bytes(&mut client_scid[..]);
5486 let client_scid = ConnectionId::from_ref(&client_scid);
5487 let client_addr = "127.0.0.1:1234".parse().unwrap();
5488
5489 let mut server_scid = [0; 16];
5490 rand::rand_bytes(&mut server_scid[..]);
5491 let server_scid = ConnectionId::from_ref(&server_scid);
5492 let server_addr = "127.0.0.1:4321".parse().unwrap();
5493
5494 let mut config = Config::new(crate::PROTOCOL_VERSION)?;
5495 config.set_application_protos(b"\x06proto1\x06proto2")?;
5496 config.set_initial_max_data(30);
5497 config.set_initial_max_stream_data_bidi_local(15);
5498 config.set_initial_max_stream_data_bidi_remote(15);
5499 config.set_initial_max_streams_bidi(3);
5500 config.set_initial_max_streams_uni(3);
5501
5502 Ok(Pipe {
5503 client: connect(
5504 Some("quic.tech"),
5505 &client_scid,
5506 client_addr,
5507 &mut config,
5508 )?,
5509 server: accept(&server_scid, None, server_addr, server_config)?,
5510 })
5511 }
5512
handshake(&mut self) -> Result<()>5513 pub fn handshake(&mut self) -> Result<()> {
5514 while !self.client.is_established() || !self.server.is_established() {
5515 let flight = emit_flight(&mut self.client)?;
5516 process_flight(&mut self.server, flight)?;
5517
5518 let flight = emit_flight(&mut self.server)?;
5519 process_flight(&mut self.client, flight)?;
5520 }
5521
5522 Ok(())
5523 }
5524
advance(&mut self) -> Result<()>5525 pub fn advance(&mut self) -> Result<()> {
5526 let mut client_done = false;
5527 let mut server_done = false;
5528
5529 while !client_done || !server_done {
5530 match emit_flight(&mut self.client) {
5531 Ok(flight) => process_flight(&mut self.server, flight)?,
5532
5533 Err(Error::Done) => client_done = true,
5534
5535 Err(e) => return Err(e),
5536 };
5537
5538 match emit_flight(&mut self.server) {
5539 Ok(flight) => process_flight(&mut self.client, flight)?,
5540
5541 Err(Error::Done) => server_done = true,
5542
5543 Err(e) => return Err(e),
5544 };
5545 }
5546
5547 Ok(())
5548 }
5549
client_recv(&mut self, buf: &mut [u8]) -> Result<usize>5550 pub fn client_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
5551 let info = RecvInfo {
5552 from: self.client.peer_addr,
5553 };
5554
5555 self.client.recv(buf, info)
5556 }
5557
server_recv(&mut self, buf: &mut [u8]) -> Result<usize>5558 pub fn server_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
5559 let info = RecvInfo {
5560 from: self.server.peer_addr,
5561 };
5562
5563 self.server.recv(buf, info)
5564 }
5565
send_pkt_to_server( &mut self, pkt_type: packet::Type, frames: &[frame::Frame], buf: &mut [u8], ) -> Result<usize>5566 pub fn send_pkt_to_server(
5567 &mut self, pkt_type: packet::Type, frames: &[frame::Frame],
5568 buf: &mut [u8],
5569 ) -> Result<usize> {
5570 let written = encode_pkt(&mut self.client, pkt_type, frames, buf)?;
5571 recv_send(&mut self.server, buf, written)
5572 }
5573 }
5574
recv_send( conn: &mut Connection, buf: &mut [u8], len: usize, ) -> Result<usize>5575 pub fn recv_send(
5576 conn: &mut Connection, buf: &mut [u8], len: usize,
5577 ) -> Result<usize> {
5578 let info = RecvInfo {
5579 from: conn.peer_addr,
5580 };
5581
5582 conn.recv(&mut buf[..len], info)?;
5583
5584 let mut off = 0;
5585
5586 match conn.send(&mut buf[off..]) {
5587 Ok((write, _)) => off += write,
5588
5589 Err(Error::Done) => (),
5590
5591 Err(e) => return Err(e),
5592 }
5593
5594 Ok(off)
5595 }
5596
process_flight( conn: &mut Connection, flight: Vec<Vec<u8>>, ) -> Result<()>5597 pub fn process_flight(
5598 conn: &mut Connection, flight: Vec<Vec<u8>>,
5599 ) -> Result<()> {
5600 for mut pkt in flight {
5601 let info = RecvInfo {
5602 from: conn.peer_addr,
5603 };
5604
5605 conn.recv(&mut pkt, info)?;
5606 }
5607
5608 Ok(())
5609 }
5610
emit_flight(conn: &mut Connection) -> Result<Vec<Vec<u8>>>5611 pub fn emit_flight(conn: &mut Connection) -> Result<Vec<Vec<u8>>> {
5612 let mut flight = Vec::new();
5613
5614 loop {
5615 let mut out = vec![0u8; 65535];
5616
5617 match conn.send(&mut out) {
5618 Ok((written, _)) => out.truncate(written),
5619
5620 Err(Error::Done) => break,
5621
5622 Err(e) => return Err(e),
5623 };
5624
5625 flight.push(out);
5626 }
5627
5628 if flight.is_empty() {
5629 return Err(Error::Done);
5630 }
5631
5632 Ok(flight)
5633 }
5634
encode_pkt( conn: &mut Connection, pkt_type: packet::Type, frames: &[frame::Frame], buf: &mut [u8], ) -> Result<usize>5635 pub fn encode_pkt(
5636 conn: &mut Connection, pkt_type: packet::Type, frames: &[frame::Frame],
5637 buf: &mut [u8],
5638 ) -> Result<usize> {
5639 let mut b = octets::OctetsMut::with_slice(buf);
5640
5641 let epoch = pkt_type.to_epoch()?;
5642
5643 let space = &mut conn.pkt_num_spaces[epoch];
5644
5645 let pn = space.next_pkt_num;
5646 let pn_len = 4;
5647
5648 let hdr = Header {
5649 ty: pkt_type,
5650 version: conn.version,
5651 dcid: ConnectionId::from_ref(&conn.dcid),
5652 scid: ConnectionId::from_ref(&conn.scid),
5653 pkt_num: 0,
5654 pkt_num_len: pn_len,
5655 token: conn.token.clone(),
5656 versions: None,
5657 key_phase: false,
5658 };
5659
5660 hdr.to_bytes(&mut b)?;
5661
5662 let payload_len = frames.iter().fold(0, |acc, x| acc + x.wire_len()) +
5663 space.crypto_overhead().unwrap();
5664
5665 if pkt_type != packet::Type::Short {
5666 let len = pn_len + payload_len;
5667 b.put_varint(len as u64)?;
5668 }
5669
5670 // Always encode packet number in 4 bytes, to allow encoding packets
5671 // with empty payloads.
5672 b.put_u32(pn as u32)?;
5673
5674 let payload_offset = b.off();
5675
5676 for frame in frames {
5677 frame.to_bytes(&mut b)?;
5678 }
5679
5680 let aead = match space.crypto_seal {
5681 Some(ref v) => v,
5682 None => return Err(Error::InvalidState),
5683 };
5684
5685 let written = packet::encrypt_pkt(
5686 &mut b,
5687 pn,
5688 pn_len,
5689 payload_len,
5690 payload_offset,
5691 aead,
5692 )?;
5693
5694 space.next_pkt_num += 1;
5695
5696 Ok(written)
5697 }
5698
decode_pkt( conn: &mut Connection, buf: &mut [u8], len: usize, ) -> Result<Vec<frame::Frame>>5699 pub fn decode_pkt(
5700 conn: &mut Connection, buf: &mut [u8], len: usize,
5701 ) -> Result<Vec<frame::Frame>> {
5702 let mut b = octets::OctetsMut::with_slice(&mut buf[..len]);
5703
5704 let mut hdr = Header::from_bytes(&mut b, conn.scid.len()).unwrap();
5705
5706 let epoch = hdr.ty.to_epoch()?;
5707
5708 let aead = conn.pkt_num_spaces[epoch].crypto_open.as_ref().unwrap();
5709
5710 let payload_len = b.cap();
5711
5712 packet::decrypt_hdr(&mut b, &mut hdr, &aead).unwrap();
5713
5714 let pn = packet::decode_pkt_num(
5715 conn.pkt_num_spaces[epoch].largest_rx_pkt_num,
5716 hdr.pkt_num,
5717 hdr.pkt_num_len,
5718 );
5719
5720 let mut payload =
5721 packet::decrypt_pkt(&mut b, pn, hdr.pkt_num_len, payload_len, aead)
5722 .unwrap();
5723
5724 let mut frames = Vec::new();
5725
5726 while payload.cap() > 0 {
5727 let frame = frame::Frame::from_bytes(&mut payload, hdr.ty)?;
5728 frames.push(frame);
5729 }
5730
5731 Ok(frames)
5732 }
5733 }
5734
5735 #[cfg(test)]
5736 mod tests {
5737 use super::*;
5738
5739 #[test]
transport_params()5740 fn transport_params() {
5741 // Server encodes, client decodes.
5742 let tp = TransportParams {
5743 original_destination_connection_id: None,
5744 max_idle_timeout: 30,
5745 stateless_reset_token: Some(vec![0xba; 16]),
5746 max_udp_payload_size: 23_421,
5747 initial_max_data: 424_645_563,
5748 initial_max_stream_data_bidi_local: 154_323_123,
5749 initial_max_stream_data_bidi_remote: 6_587_456,
5750 initial_max_stream_data_uni: 2_461_234,
5751 initial_max_streams_bidi: 12_231,
5752 initial_max_streams_uni: 18_473,
5753 ack_delay_exponent: 20,
5754 max_ack_delay: 2_u64.pow(14) - 1,
5755 disable_active_migration: true,
5756 active_conn_id_limit: 8,
5757 initial_source_connection_id: Some(b"woot woot".to_vec().into()),
5758 retry_source_connection_id: Some(b"retry".to_vec().into()),
5759 max_datagram_frame_size: Some(32),
5760 };
5761
5762 let mut raw_params = [42; 256];
5763 let raw_params =
5764 TransportParams::encode(&tp, true, &mut raw_params).unwrap();
5765 assert_eq!(raw_params.len(), 94);
5766
5767 let new_tp = TransportParams::decode(&raw_params, false).unwrap();
5768
5769 assert_eq!(new_tp, tp);
5770
5771 // Client encodes, server decodes.
5772 let tp = TransportParams {
5773 original_destination_connection_id: None,
5774 max_idle_timeout: 30,
5775 stateless_reset_token: None,
5776 max_udp_payload_size: 23_421,
5777 initial_max_data: 424_645_563,
5778 initial_max_stream_data_bidi_local: 154_323_123,
5779 initial_max_stream_data_bidi_remote: 6_587_456,
5780 initial_max_stream_data_uni: 2_461_234,
5781 initial_max_streams_bidi: 12_231,
5782 initial_max_streams_uni: 18_473,
5783 ack_delay_exponent: 20,
5784 max_ack_delay: 2_u64.pow(14) - 1,
5785 disable_active_migration: true,
5786 active_conn_id_limit: 8,
5787 initial_source_connection_id: Some(b"woot woot".to_vec().into()),
5788 retry_source_connection_id: None,
5789 max_datagram_frame_size: Some(32),
5790 };
5791
5792 let mut raw_params = [42; 256];
5793 let raw_params =
5794 TransportParams::encode(&tp, false, &mut raw_params).unwrap();
5795 assert_eq!(raw_params.len(), 69);
5796
5797 let new_tp = TransportParams::decode(&raw_params, true).unwrap();
5798
5799 assert_eq!(new_tp, tp);
5800 }
5801
5802 #[test]
unknown_version()5803 fn unknown_version() {
5804 let mut config = Config::new(0xbabababa).unwrap();
5805 config
5806 .set_application_protos(b"\x06proto1\x06proto2")
5807 .unwrap();
5808 config.verify_peer(false);
5809
5810 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
5811 assert_eq!(pipe.handshake(), Err(Error::UnknownVersion));
5812 }
5813
5814 #[test]
config_version_reserved()5815 fn config_version_reserved() {
5816 Config::new(0xbabababa).unwrap();
5817 Config::new(0x1a2a3a4a).unwrap();
5818 }
5819
5820 #[test]
config_version_invalid()5821 fn config_version_invalid() {
5822 assert_eq!(
5823 Config::new(0xb1bababa).err().unwrap(),
5824 Error::UnknownVersion
5825 );
5826 }
5827
5828 #[test]
version_negotiation()5829 fn version_negotiation() {
5830 let mut buf = [0; 65535];
5831
5832 let mut config = Config::new(0xbabababa).unwrap();
5833 config
5834 .set_application_protos(b"\x06proto1\x06proto2")
5835 .unwrap();
5836 config.verify_peer(false);
5837
5838 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
5839
5840 let (mut len, _) = pipe.client.send(&mut buf).unwrap();
5841
5842 let hdr = packet::Header::from_slice(&mut buf[..len], 0).unwrap();
5843 len = crate::negotiate_version(&hdr.scid, &hdr.dcid, &mut buf).unwrap();
5844
5845 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
5846
5847 assert_eq!(pipe.handshake(), Ok(()));
5848
5849 assert_eq!(pipe.client.version, PROTOCOL_VERSION);
5850 assert_eq!(pipe.server.version, PROTOCOL_VERSION);
5851 }
5852
5853 #[test]
verify_custom_root()5854 fn verify_custom_root() {
5855 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
5856 config.verify_peer(true);
5857 config
5858 .load_verify_locations_from_file("examples/rootca.crt")
5859 .unwrap();
5860 config
5861 .set_application_protos(b"\x06proto1\x06proto2")
5862 .unwrap();
5863
5864 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
5865 assert_eq!(pipe.handshake(), Ok(()));
5866 }
5867
5868 #[test]
missing_initial_source_connection_id()5869 fn missing_initial_source_connection_id() {
5870 let mut buf = [0; 65535];
5871
5872 let mut pipe = testing::Pipe::default().unwrap();
5873
5874 // Reset initial_source_connection_id.
5875 pipe.client
5876 .local_transport_params
5877 .initial_source_connection_id = None;
5878 assert_eq!(pipe.client.encode_transport_params(), Ok(()));
5879
5880 // Client sends initial flight.
5881 let (len, _) = pipe.client.send(&mut buf).unwrap();
5882
5883 // Server rejects transport parameters.
5884 assert_eq!(
5885 pipe.server_recv(&mut buf[..len]),
5886 Err(Error::InvalidTransportParam)
5887 );
5888 }
5889
5890 #[test]
invalid_initial_source_connection_id()5891 fn invalid_initial_source_connection_id() {
5892 let mut buf = [0; 65535];
5893
5894 let mut pipe = testing::Pipe::default().unwrap();
5895
5896 // Scramble initial_source_connection_id.
5897 pipe.client
5898 .local_transport_params
5899 .initial_source_connection_id = Some(b"bogus value".to_vec().into());
5900 assert_eq!(pipe.client.encode_transport_params(), Ok(()));
5901
5902 // Client sends initial flight.
5903 let (len, _) = pipe.client.send(&mut buf).unwrap();
5904
5905 // Server rejects transport parameters.
5906 assert_eq!(
5907 pipe.server_recv(&mut buf[..len]),
5908 Err(Error::InvalidTransportParam)
5909 );
5910 }
5911
5912 #[test]
handshake()5913 fn handshake() {
5914 let mut pipe = testing::Pipe::default().unwrap();
5915 assert_eq!(pipe.handshake(), Ok(()));
5916
5917 assert_eq!(
5918 pipe.client.application_proto(),
5919 pipe.server.application_proto()
5920 );
5921 }
5922
5923 #[test]
handshake_done()5924 fn handshake_done() {
5925 let mut pipe = testing::Pipe::default().unwrap();
5926
5927 // Disable session tickets on the server (SSL_OP_NO_TICKET) to avoid
5928 // triggering 1-RTT packet send with a CRYPTO frame.
5929 pipe.server
5930 .handshake
5931 .lock()
5932 .unwrap()
5933 .set_options(0x0000_4000);
5934
5935 assert_eq!(pipe.handshake(), Ok(()));
5936
5937 assert!(pipe.server.handshake_done_sent);
5938 }
5939
5940 #[test]
handshake_confirmation()5941 fn handshake_confirmation() {
5942 let mut pipe = testing::Pipe::default().unwrap();
5943
5944 // Client sends initial flight.
5945 let flight = testing::emit_flight(&mut pipe.client).unwrap();
5946 testing::process_flight(&mut pipe.server, flight).unwrap();
5947
5948 // Server sends initial flight.
5949 let flight = testing::emit_flight(&mut pipe.server).unwrap();
5950
5951 assert!(!pipe.client.is_established());
5952 assert!(!pipe.client.handshake_confirmed);
5953
5954 assert!(!pipe.server.is_established());
5955 assert!(!pipe.server.handshake_confirmed);
5956
5957 testing::process_flight(&mut pipe.client, flight).unwrap();
5958
5959 // Client sends Handshake packet and completes handshake.
5960 let flight = testing::emit_flight(&mut pipe.client).unwrap();
5961
5962 assert!(pipe.client.is_established());
5963 assert!(!pipe.client.handshake_confirmed);
5964
5965 assert!(!pipe.server.is_established());
5966 assert!(!pipe.server.handshake_confirmed);
5967
5968 testing::process_flight(&mut pipe.server, flight).unwrap();
5969
5970 // Server completes handshake and sends HANDSHAKE_DONE.
5971 let flight = testing::emit_flight(&mut pipe.server).unwrap();
5972
5973 assert!(pipe.client.is_established());
5974 assert!(!pipe.client.handshake_confirmed);
5975
5976 assert!(pipe.server.is_established());
5977 assert!(!pipe.server.handshake_confirmed);
5978
5979 testing::process_flight(&mut pipe.client, flight).unwrap();
5980
5981 // Client acks 1-RTT packet, and confirms handshake.
5982 let flight = testing::emit_flight(&mut pipe.client).unwrap();
5983
5984 assert!(pipe.client.is_established());
5985 assert!(pipe.client.handshake_confirmed);
5986
5987 assert!(pipe.server.is_established());
5988 assert!(!pipe.server.handshake_confirmed);
5989
5990 testing::process_flight(&mut pipe.server, flight).unwrap();
5991
5992 // Server handshake is confirmed.
5993 assert!(pipe.client.is_established());
5994 assert!(pipe.client.handshake_confirmed);
5995
5996 assert!(pipe.server.is_established());
5997 assert!(pipe.server.handshake_confirmed);
5998 }
5999
6000 #[test]
handshake_resumption()6001 fn handshake_resumption() {
6002 const SESSION_TICKET_KEY: [u8; 48] = [0xa; 48];
6003
6004 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6005 config
6006 .load_cert_chain_from_pem_file("examples/cert.crt")
6007 .unwrap();
6008 config
6009 .load_priv_key_from_pem_file("examples/cert.key")
6010 .unwrap();
6011 config
6012 .set_application_protos(b"\x06proto1\x06proto2")
6013 .unwrap();
6014 config.set_initial_max_data(30);
6015 config.set_initial_max_stream_data_bidi_local(15);
6016 config.set_initial_max_stream_data_bidi_remote(15);
6017 config.set_initial_max_streams_bidi(3);
6018 config.set_ticket_key(&SESSION_TICKET_KEY).unwrap();
6019
6020 // Perform initial handshake.
6021 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
6022 assert_eq!(pipe.handshake(), Ok(()));
6023
6024 assert_eq!(pipe.client.is_established(), true);
6025 assert_eq!(pipe.server.is_established(), true);
6026
6027 assert_eq!(pipe.client.is_resumed(), false);
6028 assert_eq!(pipe.server.is_resumed(), false);
6029
6030 // Extract session,
6031 let session = pipe.client.session().unwrap();
6032
6033 // Configure session on new connection and perform handshake.
6034 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6035 config
6036 .load_cert_chain_from_pem_file("examples/cert.crt")
6037 .unwrap();
6038 config
6039 .load_priv_key_from_pem_file("examples/cert.key")
6040 .unwrap();
6041 config
6042 .set_application_protos(b"\x06proto1\x06proto2")
6043 .unwrap();
6044 config.set_initial_max_data(30);
6045 config.set_initial_max_stream_data_bidi_local(15);
6046 config.set_initial_max_stream_data_bidi_remote(15);
6047 config.set_initial_max_streams_bidi(3);
6048 config.set_ticket_key(&SESSION_TICKET_KEY).unwrap();
6049
6050 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
6051
6052 assert_eq!(pipe.client.set_session(&session), Ok(()));
6053 assert_eq!(pipe.handshake(), Ok(()));
6054
6055 assert_eq!(pipe.client.is_established(), true);
6056 assert_eq!(pipe.server.is_established(), true);
6057
6058 assert_eq!(pipe.client.is_resumed(), true);
6059 assert_eq!(pipe.server.is_resumed(), true);
6060 }
6061
6062 #[test]
handshake_alpn_mismatch()6063 fn handshake_alpn_mismatch() {
6064 let mut buf = [0; 65535];
6065
6066 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
6067 config
6068 .set_application_protos(b"\x06proto3\x06proto4")
6069 .unwrap();
6070 config.verify_peer(false);
6071
6072 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
6073 assert_eq!(pipe.handshake(), Err(Error::TlsFail));
6074
6075 assert_eq!(pipe.client.application_proto(), b"");
6076 assert_eq!(pipe.server.application_proto(), b"");
6077
6078 // Server should only send one packet in response to ALPN mismatch.
6079 let (len, _) = pipe.server.send(&mut buf).unwrap();
6080 assert_eq!(len, 1200);
6081
6082 assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
6083 assert_eq!(pipe.server.sent_count, 1);
6084 }
6085
6086 #[test]
handshake_0rtt()6087 fn handshake_0rtt() {
6088 let mut buf = [0; 65535];
6089
6090 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6091 config
6092 .load_cert_chain_from_pem_file("examples/cert.crt")
6093 .unwrap();
6094 config
6095 .load_priv_key_from_pem_file("examples/cert.key")
6096 .unwrap();
6097 config
6098 .set_application_protos(b"\x06proto1\x06proto2")
6099 .unwrap();
6100 config.set_initial_max_data(30);
6101 config.set_initial_max_stream_data_bidi_local(15);
6102 config.set_initial_max_stream_data_bidi_remote(15);
6103 config.set_initial_max_streams_bidi(3);
6104 config.enable_early_data();
6105 config.verify_peer(false);
6106
6107 // Perform initial handshake.
6108 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6109 assert_eq!(pipe.handshake(), Ok(()));
6110
6111 // Extract session,
6112 let session = pipe.client.session().unwrap();
6113
6114 // Configure session on new connection.
6115 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6116 assert_eq!(pipe.client.set_session(&session), Ok(()));
6117
6118 // Client sends initial flight.
6119 let (len, _) = pipe.client.send(&mut buf).unwrap();
6120 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
6121
6122 // Client sends 0-RTT packet.
6123 let pkt_type = packet::Type::ZeroRTT;
6124
6125 let frames = [frame::Frame::Stream {
6126 stream_id: 4,
6127 data: stream::RangeBuf::from(b"aaaaa", 0, true),
6128 }];
6129
6130 assert_eq!(
6131 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6132 Ok(1200)
6133 );
6134
6135 assert_eq!(pipe.server.undecryptable_pkts.len(), 0);
6136
6137 // 0-RTT stream data is readable.
6138 let mut r = pipe.server.readable();
6139 assert_eq!(r.next(), Some(4));
6140 assert_eq!(r.next(), None);
6141
6142 let mut b = [0; 15];
6143 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
6144 assert_eq!(&b[..5], b"aaaaa");
6145 }
6146
6147 #[test]
handshake_0rtt_reordered()6148 fn handshake_0rtt_reordered() {
6149 let mut buf = [0; 65535];
6150
6151 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6152 config
6153 .load_cert_chain_from_pem_file("examples/cert.crt")
6154 .unwrap();
6155 config
6156 .load_priv_key_from_pem_file("examples/cert.key")
6157 .unwrap();
6158 config
6159 .set_application_protos(b"\x06proto1\x06proto2")
6160 .unwrap();
6161 config.set_initial_max_data(30);
6162 config.set_initial_max_stream_data_bidi_local(15);
6163 config.set_initial_max_stream_data_bidi_remote(15);
6164 config.set_initial_max_streams_bidi(3);
6165 config.enable_early_data();
6166 config.verify_peer(false);
6167
6168 // Perform initial handshake.
6169 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6170 assert_eq!(pipe.handshake(), Ok(()));
6171
6172 // Extract session,
6173 let session = pipe.client.session().unwrap();
6174
6175 // Configure session on new connection.
6176 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6177 assert_eq!(pipe.client.set_session(&session), Ok(()));
6178
6179 // Client sends initial flight.
6180 let (len, _) = pipe.client.send(&mut buf).unwrap();
6181 let mut initial = (&buf[..len]).to_vec();
6182
6183 // Client sends 0-RTT packet.
6184 let pkt_type = packet::Type::ZeroRTT;
6185
6186 let frames = [frame::Frame::Stream {
6187 stream_id: 4,
6188 data: stream::RangeBuf::from(b"aaaaa", 0, true),
6189 }];
6190
6191 let len =
6192 testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
6193 .unwrap();
6194 let mut zrtt = (&buf[..len]).to_vec();
6195
6196 // 0-RTT packet is received before the Initial one.
6197 assert_eq!(pipe.server_recv(&mut zrtt), Ok(zrtt.len()));
6198
6199 assert_eq!(pipe.server.undecryptable_pkts.len(), 1);
6200 assert_eq!(pipe.server.undecryptable_pkts[0].0.len(), zrtt.len());
6201
6202 let mut r = pipe.server.readable();
6203 assert_eq!(r.next(), None);
6204
6205 // Initial packet is also received.
6206 assert_eq!(pipe.server_recv(&mut initial), Ok(initial.len()));
6207
6208 // 0-RTT stream data is readable.
6209 let mut r = pipe.server.readable();
6210 assert_eq!(r.next(), Some(4));
6211 assert_eq!(r.next(), None);
6212
6213 let mut b = [0; 15];
6214 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
6215 assert_eq!(&b[..5], b"aaaaa");
6216 }
6217
6218 #[test]
handshake_0rtt_truncated()6219 fn handshake_0rtt_truncated() {
6220 let mut buf = [0; 65535];
6221
6222 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6223 config
6224 .load_cert_chain_from_pem_file("examples/cert.crt")
6225 .unwrap();
6226 config
6227 .load_priv_key_from_pem_file("examples/cert.key")
6228 .unwrap();
6229 config
6230 .set_application_protos(b"\x06proto1\x06proto2")
6231 .unwrap();
6232 config.set_initial_max_data(30);
6233 config.set_initial_max_stream_data_bidi_local(15);
6234 config.set_initial_max_stream_data_bidi_remote(15);
6235 config.set_initial_max_streams_bidi(3);
6236 config.enable_early_data();
6237 config.verify_peer(false);
6238
6239 // Perform initial handshake.
6240 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6241 assert_eq!(pipe.handshake(), Ok(()));
6242
6243 // Extract session,
6244 let session = pipe.client.session().unwrap();
6245
6246 // Configure session on new connection.
6247 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6248 assert_eq!(pipe.client.set_session(&session), Ok(()));
6249
6250 // Client sends initial flight.
6251 pipe.client.send(&mut buf).unwrap();
6252
6253 // Client sends 0-RTT packet.
6254 let pkt_type = packet::Type::ZeroRTT;
6255
6256 let frames = [frame::Frame::Stream {
6257 stream_id: 4,
6258 data: stream::RangeBuf::from(b"aaaaa", 0, true),
6259 }];
6260
6261 let len =
6262 testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
6263 .unwrap();
6264
6265 // Simulate a truncated packet by sending one byte less.
6266 let mut zrtt = (&buf[..len - 1]).to_vec();
6267
6268 // 0-RTT packet is received before the Initial one.
6269 assert_eq!(pipe.server_recv(&mut zrtt), Err(Error::InvalidPacket));
6270
6271 assert_eq!(pipe.server.undecryptable_pkts.len(), 0);
6272
6273 assert!(pipe.server.is_closed());
6274 }
6275
6276 #[test]
6277 /// Tests that a pre-v1 client can connect to a v1-enabled server, by making
6278 /// the server downgrade to the pre-v1 version.
handshake_downgrade_v1()6279 fn handshake_downgrade_v1() {
6280 let mut config = Config::new(PROTOCOL_VERSION_DRAFT29).unwrap();
6281 config
6282 .set_application_protos(b"\x06proto1\x06proto2")
6283 .unwrap();
6284 config.verify_peer(false);
6285
6286 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
6287 assert_eq!(pipe.handshake(), Ok(()));
6288
6289 assert_eq!(pipe.client.version, PROTOCOL_VERSION_DRAFT29);
6290 assert_eq!(pipe.server.version, PROTOCOL_VERSION_DRAFT29);
6291 }
6292
6293 #[test]
limit_handshake_data()6294 fn limit_handshake_data() {
6295 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
6296 config
6297 .load_cert_chain_from_pem_file("examples/cert-big.crt")
6298 .unwrap();
6299 config
6300 .load_priv_key_from_pem_file("examples/cert.key")
6301 .unwrap();
6302 config
6303 .set_application_protos(b"\x06proto1\x06proto2")
6304 .unwrap();
6305
6306 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
6307
6308 let flight = testing::emit_flight(&mut pipe.client).unwrap();
6309 let client_sent = flight.iter().fold(0, |out, p| out + p.len());
6310 testing::process_flight(&mut pipe.server, flight).unwrap();
6311
6312 let flight = testing::emit_flight(&mut pipe.server).unwrap();
6313 let server_sent = flight.iter().fold(0, |out, p| out + p.len());
6314
6315 assert_eq!(server_sent, client_sent * MAX_AMPLIFICATION_FACTOR);
6316 }
6317
6318 #[test]
stream()6319 fn stream() {
6320 let mut pipe = testing::Pipe::default().unwrap();
6321 assert_eq!(pipe.handshake(), Ok(()));
6322
6323 assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
6324 assert_eq!(pipe.advance(), Ok(()));
6325
6326 assert!(!pipe.server.stream_finished(4));
6327
6328 let mut r = pipe.server.readable();
6329 assert_eq!(r.next(), Some(4));
6330 assert_eq!(r.next(), None);
6331
6332 let mut b = [0; 15];
6333 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((12, true)));
6334 assert_eq!(&b[..12], b"hello, world");
6335
6336 assert!(pipe.server.stream_finished(4));
6337 }
6338
6339 #[test]
zero_rtt()6340 fn zero_rtt() {
6341 let mut buf = [0; 65535];
6342
6343 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6344 config
6345 .load_cert_chain_from_pem_file("examples/cert.crt")
6346 .unwrap();
6347 config
6348 .load_priv_key_from_pem_file("examples/cert.key")
6349 .unwrap();
6350 config
6351 .set_application_protos(b"\x06proto1\x06proto2")
6352 .unwrap();
6353 config.set_initial_max_data(30);
6354 config.set_initial_max_stream_data_bidi_local(15);
6355 config.set_initial_max_stream_data_bidi_remote(15);
6356 config.set_initial_max_streams_bidi(3);
6357 config.enable_early_data();
6358 config.verify_peer(false);
6359
6360 // Perform initial handshake.
6361 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6362 assert_eq!(pipe.handshake(), Ok(()));
6363
6364 // Extract session,
6365 let session = pipe.client.session().unwrap();
6366
6367 // Configure session on new connection.
6368 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6369 assert_eq!(pipe.client.set_session(&session), Ok(()));
6370
6371 // Client sends initial flight.
6372 let (len, _) = pipe.client.send(&mut buf).unwrap();
6373 let mut initial = (&buf[..len]).to_vec();
6374
6375 assert_eq!(pipe.client.is_in_early_data(), true);
6376
6377 // Client sends 0-RTT data.
6378 assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
6379
6380 let (len, _) = pipe.client.send(&mut buf).unwrap();
6381 let mut zrtt = (&buf[..len]).to_vec();
6382
6383 // Server receives packets.
6384 assert_eq!(pipe.server_recv(&mut initial), Ok(initial.len()));
6385 assert_eq!(pipe.server.is_in_early_data(), true);
6386
6387 assert_eq!(pipe.server_recv(&mut zrtt), Ok(zrtt.len()));
6388
6389 // 0-RTT stream data is readable.
6390 let mut r = pipe.server.readable();
6391 assert_eq!(r.next(), Some(4));
6392 assert_eq!(r.next(), None);
6393
6394 let mut b = [0; 15];
6395 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((12, true)));
6396 assert_eq!(&b[..12], b"hello, world");
6397 }
6398
6399 #[test]
stream_send_on_32bit_arch()6400 fn stream_send_on_32bit_arch() {
6401 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
6402 config
6403 .load_cert_chain_from_pem_file("examples/cert.crt")
6404 .unwrap();
6405 config
6406 .load_priv_key_from_pem_file("examples/cert.key")
6407 .unwrap();
6408 config
6409 .set_application_protos(b"\x06proto1\x06proto2")
6410 .unwrap();
6411 config.set_initial_max_data(2_u64.pow(32) + 5);
6412 config.set_initial_max_stream_data_bidi_local(15);
6413 config.set_initial_max_stream_data_bidi_remote(15);
6414 config.set_initial_max_stream_data_uni(10);
6415 config.set_initial_max_streams_bidi(3);
6416 config.set_initial_max_streams_uni(0);
6417 config.verify_peer(false);
6418
6419 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
6420 assert_eq!(pipe.handshake(), Ok(()));
6421
6422 // In 32bit arch, send_capacity() should be min(2^32+5, cwnd),
6423 // not min(5, cwnd)
6424 assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
6425
6426 assert_eq!(pipe.advance(), Ok(()));
6427
6428 assert!(!pipe.server.stream_finished(4));
6429 }
6430
6431 #[test]
empty_stream_frame()6432 fn empty_stream_frame() {
6433 let mut buf = [0; 65535];
6434
6435 let mut pipe = testing::Pipe::default().unwrap();
6436 assert_eq!(pipe.handshake(), Ok(()));
6437
6438 let frames = [frame::Frame::Stream {
6439 stream_id: 4,
6440 data: stream::RangeBuf::from(b"aaaaa", 0, false),
6441 }];
6442
6443 let pkt_type = packet::Type::Short;
6444 assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
6445
6446 let mut readable = pipe.server.readable();
6447 assert_eq!(readable.next(), Some(4));
6448
6449 assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((5, false)));
6450
6451 let frames = [frame::Frame::Stream {
6452 stream_id: 4,
6453 data: stream::RangeBuf::from(b"", 5, true),
6454 }];
6455
6456 let pkt_type = packet::Type::Short;
6457 assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
6458
6459 let mut readable = pipe.server.readable();
6460 assert_eq!(readable.next(), Some(4));
6461
6462 assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((0, true)));
6463
6464 let frames = [frame::Frame::Stream {
6465 stream_id: 4,
6466 data: stream::RangeBuf::from(b"", 15, true),
6467 }];
6468
6469 let pkt_type = packet::Type::Short;
6470 assert_eq!(
6471 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6472 Err(Error::FinalSize)
6473 );
6474 }
6475
6476 #[test]
6477 /// Tests that receiving a MAX_STREAM_DATA frame for a receive-only
6478 /// unidirectional stream is forbidden.
max_stream_data_receive_uni()6479 fn max_stream_data_receive_uni() {
6480 let mut buf = [0; 65535];
6481
6482 let mut pipe = testing::Pipe::default().unwrap();
6483 assert_eq!(pipe.handshake(), Ok(()));
6484
6485 // Client opens unidirectional stream.
6486 assert_eq!(pipe.client.stream_send(2, b"hello", false), Ok(5));
6487 assert_eq!(pipe.advance(), Ok(()));
6488
6489 // Client sends MAX_STREAM_DATA on local unidirectional stream.
6490 let frames = [frame::Frame::MaxStreamData {
6491 stream_id: 2,
6492 max: 1024,
6493 }];
6494
6495 let pkt_type = packet::Type::Short;
6496 assert_eq!(
6497 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6498 Err(Error::InvalidStreamState(2)),
6499 );
6500 }
6501
6502 #[test]
empty_payload()6503 fn empty_payload() {
6504 let mut buf = [0; 65535];
6505
6506 let mut pipe = testing::Pipe::default().unwrap();
6507 assert_eq!(pipe.handshake(), Ok(()));
6508
6509 // Send a packet with no frames.
6510 let pkt_type = packet::Type::Short;
6511 assert_eq!(
6512 pipe.send_pkt_to_server(pkt_type, &[], &mut buf),
6513 Err(Error::InvalidPacket)
6514 );
6515 }
6516
6517 #[test]
min_payload()6518 fn min_payload() {
6519 let mut buf = [0; 65535];
6520
6521 let mut pipe = testing::Pipe::default().unwrap();
6522
6523 // Send a non-ack-eliciting packet.
6524 let frames = [frame::Frame::Padding { len: 4 }];
6525
6526 let pkt_type = packet::Type::Initial;
6527 let written =
6528 testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
6529 .unwrap();
6530 assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
6531
6532 assert_eq!(pipe.server.max_send_bytes, 195);
6533
6534 // Force server to send a single PING frame.
6535 pipe.server.recovery.loss_probes[packet::EPOCH_INITIAL] = 1;
6536
6537 // Artifically limit the amount of bytes the server can send.
6538 pipe.server.max_send_bytes = 60;
6539
6540 assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
6541 }
6542
6543 #[test]
flow_control_limit()6544 fn flow_control_limit() {
6545 let mut buf = [0; 65535];
6546
6547 let mut pipe = testing::Pipe::default().unwrap();
6548 assert_eq!(pipe.handshake(), Ok(()));
6549
6550 let frames = [
6551 frame::Frame::Stream {
6552 stream_id: 4,
6553 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
6554 },
6555 frame::Frame::Stream {
6556 stream_id: 8,
6557 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
6558 },
6559 frame::Frame::Stream {
6560 stream_id: 12,
6561 data: stream::RangeBuf::from(b"a", 0, false),
6562 },
6563 ];
6564
6565 let pkt_type = packet::Type::Short;
6566 assert_eq!(
6567 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6568 Err(Error::FlowControl),
6569 );
6570 }
6571
6572 #[test]
flow_control_limit_dup()6573 fn flow_control_limit_dup() {
6574 let mut buf = [0; 65535];
6575
6576 let mut pipe = testing::Pipe::default().unwrap();
6577 assert_eq!(pipe.handshake(), Ok(()));
6578
6579 let frames = [
6580 // One byte less than stream limit.
6581 frame::Frame::Stream {
6582 stream_id: 4,
6583 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaa", 0, false),
6584 },
6585 // Same stream, but one byte more.
6586 frame::Frame::Stream {
6587 stream_id: 4,
6588 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
6589 },
6590 frame::Frame::Stream {
6591 stream_id: 12,
6592 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
6593 },
6594 ];
6595
6596 let pkt_type = packet::Type::Short;
6597 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6598 }
6599
6600 #[test]
flow_control_update()6601 fn flow_control_update() {
6602 let mut buf = [0; 65535];
6603
6604 let mut pipe = testing::Pipe::default().unwrap();
6605 assert_eq!(pipe.handshake(), Ok(()));
6606
6607 let frames = [
6608 frame::Frame::Stream {
6609 stream_id: 4,
6610 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
6611 },
6612 frame::Frame::Stream {
6613 stream_id: 8,
6614 data: stream::RangeBuf::from(b"a", 0, false),
6615 },
6616 ];
6617
6618 let pkt_type = packet::Type::Short;
6619
6620 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6621
6622 pipe.server.stream_recv(4, &mut buf).unwrap();
6623 pipe.server.stream_recv(8, &mut buf).unwrap();
6624
6625 let frames = [frame::Frame::Stream {
6626 stream_id: 8,
6627 data: stream::RangeBuf::from(b"a", 1, false),
6628 }];
6629
6630 let len = pipe
6631 .send_pkt_to_server(pkt_type, &frames, &mut buf)
6632 .unwrap();
6633
6634 assert!(len > 0);
6635
6636 let frames =
6637 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
6638 let mut iter = frames.iter();
6639
6640 // Ignore ACK.
6641 iter.next().unwrap();
6642
6643 assert_eq!(
6644 iter.next(),
6645 Some(&frame::Frame::MaxStreamData {
6646 stream_id: 4,
6647 max: 30
6648 })
6649 );
6650 assert_eq!(iter.next(), Some(&frame::Frame::MaxData { max: 46 }));
6651 }
6652
6653 #[test]
6654 /// Tests that flow control is properly updated even when a stream is shut
6655 /// down.
flow_control_drain()6656 fn flow_control_drain() {
6657 let mut pipe = testing::Pipe::default().unwrap();
6658 assert_eq!(pipe.handshake(), Ok(()));
6659
6660 // Client opens a stream and sends some data.
6661 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
6662 assert_eq!(pipe.advance(), Ok(()));
6663
6664 // Server receives data, without reading it.
6665 let mut r = pipe.server.readable();
6666 assert_eq!(r.next(), Some(4));
6667 assert_eq!(r.next(), None);
6668
6669 // In the meantime, client sends more data.
6670 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
6671 assert_eq!(pipe.client.stream_send(4, b"aaaaa", true), Ok(5));
6672
6673 assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
6674 assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
6675 assert_eq!(pipe.client.stream_send(8, b"aaaaa", true), Ok(5));
6676
6677 // Server shuts down one stream.
6678 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
6679
6680 let mut r = pipe.server.readable();
6681 assert_eq!(r.next(), None);
6682
6683 // Flush connection.
6684 assert_eq!(pipe.advance(), Ok(()));
6685 }
6686
6687 #[test]
stream_flow_control_limit_bidi()6688 fn stream_flow_control_limit_bidi() {
6689 let mut buf = [0; 65535];
6690
6691 let mut pipe = testing::Pipe::default().unwrap();
6692 assert_eq!(pipe.handshake(), Ok(()));
6693
6694 let frames = [frame::Frame::Stream {
6695 stream_id: 4,
6696 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaaa", 0, true),
6697 }];
6698
6699 let pkt_type = packet::Type::Short;
6700 assert_eq!(
6701 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6702 Err(Error::FlowControl),
6703 );
6704 }
6705
6706 #[test]
stream_flow_control_limit_uni()6707 fn stream_flow_control_limit_uni() {
6708 let mut buf = [0; 65535];
6709
6710 let mut pipe = testing::Pipe::default().unwrap();
6711 assert_eq!(pipe.handshake(), Ok(()));
6712
6713 let frames = [frame::Frame::Stream {
6714 stream_id: 2,
6715 data: stream::RangeBuf::from(b"aaaaaaaaaaa", 0, true),
6716 }];
6717
6718 let pkt_type = packet::Type::Short;
6719 assert_eq!(
6720 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6721 Err(Error::FlowControl),
6722 );
6723 }
6724
6725 #[test]
stream_flow_control_update()6726 fn stream_flow_control_update() {
6727 let mut buf = [0; 65535];
6728
6729 let mut pipe = testing::Pipe::default().unwrap();
6730 assert_eq!(pipe.handshake(), Ok(()));
6731
6732 let frames = [frame::Frame::Stream {
6733 stream_id: 4,
6734 data: stream::RangeBuf::from(b"aaaaaaa", 0, false),
6735 }];
6736
6737 let pkt_type = packet::Type::Short;
6738
6739 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6740
6741 pipe.server.stream_recv(4, &mut buf).unwrap();
6742
6743 let frames = [frame::Frame::Stream {
6744 stream_id: 4,
6745 data: stream::RangeBuf::from(b"a", 7, false),
6746 }];
6747
6748 let len = pipe
6749 .send_pkt_to_server(pkt_type, &frames, &mut buf)
6750 .unwrap();
6751
6752 assert!(len > 0);
6753
6754 let frames =
6755 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
6756 let mut iter = frames.iter();
6757
6758 // Ignore ACK.
6759 iter.next().unwrap();
6760
6761 assert_eq!(
6762 iter.next(),
6763 Some(&frame::Frame::MaxStreamData {
6764 stream_id: 4,
6765 max: 22,
6766 })
6767 );
6768 }
6769
6770 #[test]
stream_left_bidi()6771 fn stream_left_bidi() {
6772 let mut buf = [0; 65535];
6773
6774 let mut pipe = testing::Pipe::default().unwrap();
6775 assert_eq!(pipe.handshake(), Ok(()));
6776
6777 assert_eq!(3, pipe.client.peer_streams_left_bidi());
6778 assert_eq!(3, pipe.server.peer_streams_left_bidi());
6779
6780 pipe.server.stream_send(1, b"a", false).ok();
6781 assert_eq!(2, pipe.server.peer_streams_left_bidi());
6782 pipe.server.stream_send(5, b"a", false).ok();
6783 assert_eq!(1, pipe.server.peer_streams_left_bidi());
6784
6785 pipe.server.stream_send(9, b"a", false).ok();
6786 assert_eq!(0, pipe.server.peer_streams_left_bidi());
6787
6788 let frames = [frame::Frame::MaxStreamsBidi { max: MAX_STREAM_ID }];
6789
6790 let pkt_type = packet::Type::Short;
6791 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6792
6793 assert_eq!(MAX_STREAM_ID - 3, pipe.server.peer_streams_left_bidi());
6794 }
6795
6796 #[test]
stream_left_uni()6797 fn stream_left_uni() {
6798 let mut buf = [0; 65535];
6799
6800 let mut pipe = testing::Pipe::default().unwrap();
6801 assert_eq!(pipe.handshake(), Ok(()));
6802
6803 assert_eq!(3, pipe.client.peer_streams_left_uni());
6804 assert_eq!(3, pipe.server.peer_streams_left_uni());
6805
6806 pipe.server.stream_send(3, b"a", false).ok();
6807 assert_eq!(2, pipe.server.peer_streams_left_uni());
6808 pipe.server.stream_send(7, b"a", false).ok();
6809 assert_eq!(1, pipe.server.peer_streams_left_uni());
6810
6811 pipe.server.stream_send(11, b"a", false).ok();
6812 assert_eq!(0, pipe.server.peer_streams_left_uni());
6813
6814 let frames = [frame::Frame::MaxStreamsUni { max: MAX_STREAM_ID }];
6815
6816 let pkt_type = packet::Type::Short;
6817 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6818
6819 assert_eq!(MAX_STREAM_ID - 3, pipe.server.peer_streams_left_uni());
6820 }
6821
6822 #[test]
stream_limit_bidi()6823 fn stream_limit_bidi() {
6824 let mut buf = [0; 65535];
6825
6826 let mut pipe = testing::Pipe::default().unwrap();
6827 assert_eq!(pipe.handshake(), Ok(()));
6828
6829 let frames = [
6830 frame::Frame::Stream {
6831 stream_id: 4,
6832 data: stream::RangeBuf::from(b"a", 0, false),
6833 },
6834 frame::Frame::Stream {
6835 stream_id: 8,
6836 data: stream::RangeBuf::from(b"a", 0, false),
6837 },
6838 frame::Frame::Stream {
6839 stream_id: 12,
6840 data: stream::RangeBuf::from(b"a", 0, false),
6841 },
6842 frame::Frame::Stream {
6843 stream_id: 16,
6844 data: stream::RangeBuf::from(b"a", 0, false),
6845 },
6846 frame::Frame::Stream {
6847 stream_id: 20,
6848 data: stream::RangeBuf::from(b"a", 0, false),
6849 },
6850 frame::Frame::Stream {
6851 stream_id: 24,
6852 data: stream::RangeBuf::from(b"a", 0, false),
6853 },
6854 frame::Frame::Stream {
6855 stream_id: 28,
6856 data: stream::RangeBuf::from(b"a", 0, false),
6857 },
6858 ];
6859
6860 let pkt_type = packet::Type::Short;
6861 assert_eq!(
6862 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6863 Err(Error::StreamLimit),
6864 );
6865 }
6866
6867 #[test]
stream_limit_max_bidi()6868 fn stream_limit_max_bidi() {
6869 let mut buf = [0; 65535];
6870
6871 let mut pipe = testing::Pipe::default().unwrap();
6872 assert_eq!(pipe.handshake(), Ok(()));
6873
6874 let frames = [frame::Frame::MaxStreamsBidi { max: MAX_STREAM_ID }];
6875
6876 let pkt_type = packet::Type::Short;
6877 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6878
6879 let frames = [frame::Frame::MaxStreamsBidi {
6880 max: MAX_STREAM_ID + 1,
6881 }];
6882
6883 let pkt_type = packet::Type::Short;
6884 assert_eq!(
6885 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6886 Err(Error::InvalidFrame),
6887 );
6888 }
6889
6890 #[test]
stream_limit_uni()6891 fn stream_limit_uni() {
6892 let mut buf = [0; 65535];
6893
6894 let mut pipe = testing::Pipe::default().unwrap();
6895 assert_eq!(pipe.handshake(), Ok(()));
6896
6897 let frames = [
6898 frame::Frame::Stream {
6899 stream_id: 2,
6900 data: stream::RangeBuf::from(b"a", 0, false),
6901 },
6902 frame::Frame::Stream {
6903 stream_id: 6,
6904 data: stream::RangeBuf::from(b"a", 0, false),
6905 },
6906 frame::Frame::Stream {
6907 stream_id: 10,
6908 data: stream::RangeBuf::from(b"a", 0, false),
6909 },
6910 frame::Frame::Stream {
6911 stream_id: 14,
6912 data: stream::RangeBuf::from(b"a", 0, false),
6913 },
6914 frame::Frame::Stream {
6915 stream_id: 18,
6916 data: stream::RangeBuf::from(b"a", 0, false),
6917 },
6918 frame::Frame::Stream {
6919 stream_id: 22,
6920 data: stream::RangeBuf::from(b"a", 0, false),
6921 },
6922 frame::Frame::Stream {
6923 stream_id: 26,
6924 data: stream::RangeBuf::from(b"a", 0, false),
6925 },
6926 ];
6927
6928 let pkt_type = packet::Type::Short;
6929 assert_eq!(
6930 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6931 Err(Error::StreamLimit),
6932 );
6933 }
6934
6935 #[test]
stream_limit_max_uni()6936 fn stream_limit_max_uni() {
6937 let mut buf = [0; 65535];
6938
6939 let mut pipe = testing::Pipe::default().unwrap();
6940 assert_eq!(pipe.handshake(), Ok(()));
6941
6942 let frames = [frame::Frame::MaxStreamsUni { max: MAX_STREAM_ID }];
6943
6944 let pkt_type = packet::Type::Short;
6945 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6946
6947 let frames = [frame::Frame::MaxStreamsUni {
6948 max: MAX_STREAM_ID + 1,
6949 }];
6950
6951 let pkt_type = packet::Type::Short;
6952 assert_eq!(
6953 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6954 Err(Error::InvalidFrame),
6955 );
6956 }
6957
6958 #[test]
streams_blocked_max_bidi()6959 fn streams_blocked_max_bidi() {
6960 let mut buf = [0; 65535];
6961
6962 let mut pipe = testing::Pipe::default().unwrap();
6963 assert_eq!(pipe.handshake(), Ok(()));
6964
6965 let frames = [frame::Frame::StreamsBlockedBidi {
6966 limit: MAX_STREAM_ID,
6967 }];
6968
6969 let pkt_type = packet::Type::Short;
6970 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6971
6972 let frames = [frame::Frame::StreamsBlockedBidi {
6973 limit: MAX_STREAM_ID + 1,
6974 }];
6975
6976 let pkt_type = packet::Type::Short;
6977 assert_eq!(
6978 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
6979 Err(Error::InvalidFrame),
6980 );
6981 }
6982
6983 #[test]
streams_blocked_max_uni()6984 fn streams_blocked_max_uni() {
6985 let mut buf = [0; 65535];
6986
6987 let mut pipe = testing::Pipe::default().unwrap();
6988 assert_eq!(pipe.handshake(), Ok(()));
6989
6990 let frames = [frame::Frame::StreamsBlockedUni {
6991 limit: MAX_STREAM_ID,
6992 }];
6993
6994 let pkt_type = packet::Type::Short;
6995 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
6996
6997 let frames = [frame::Frame::StreamsBlockedUni {
6998 limit: MAX_STREAM_ID + 1,
6999 }];
7000
7001 let pkt_type = packet::Type::Short;
7002 assert_eq!(
7003 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
7004 Err(Error::InvalidFrame),
7005 );
7006 }
7007
7008 #[test]
stream_data_overlap()7009 fn stream_data_overlap() {
7010 let mut buf = [0; 65535];
7011
7012 let mut pipe = testing::Pipe::default().unwrap();
7013 assert_eq!(pipe.handshake(), Ok(()));
7014
7015 let frames = [
7016 frame::Frame::Stream {
7017 stream_id: 0,
7018 data: stream::RangeBuf::from(b"aaaaa", 0, false),
7019 },
7020 frame::Frame::Stream {
7021 stream_id: 0,
7022 data: stream::RangeBuf::from(b"bbbbb", 3, false),
7023 },
7024 frame::Frame::Stream {
7025 stream_id: 0,
7026 data: stream::RangeBuf::from(b"ccccc", 6, false),
7027 },
7028 ];
7029
7030 let pkt_type = packet::Type::Short;
7031 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
7032
7033 let mut b = [0; 15];
7034 assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((11, false)));
7035 assert_eq!(&b[..11], b"aaaaabbbccc");
7036 }
7037
7038 #[test]
stream_data_overlap_with_reordering()7039 fn stream_data_overlap_with_reordering() {
7040 let mut buf = [0; 65535];
7041
7042 let mut pipe = testing::Pipe::default().unwrap();
7043 assert_eq!(pipe.handshake(), Ok(()));
7044
7045 let frames = [
7046 frame::Frame::Stream {
7047 stream_id: 0,
7048 data: stream::RangeBuf::from(b"aaaaa", 0, false),
7049 },
7050 frame::Frame::Stream {
7051 stream_id: 0,
7052 data: stream::RangeBuf::from(b"ccccc", 6, false),
7053 },
7054 frame::Frame::Stream {
7055 stream_id: 0,
7056 data: stream::RangeBuf::from(b"bbbbb", 3, false),
7057 },
7058 ];
7059
7060 let pkt_type = packet::Type::Short;
7061 assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
7062
7063 let mut b = [0; 15];
7064 assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((11, false)));
7065 assert_eq!(&b[..11], b"aaaaabccccc");
7066 }
7067
7068 #[test]
reset_stream_flow_control()7069 fn reset_stream_flow_control() {
7070 let mut buf = [0; 65535];
7071
7072 let mut pipe = testing::Pipe::default().unwrap();
7073 assert_eq!(pipe.handshake(), Ok(()));
7074
7075 let frames = [
7076 frame::Frame::Stream {
7077 stream_id: 4,
7078 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
7079 },
7080 frame::Frame::Stream {
7081 stream_id: 8,
7082 data: stream::RangeBuf::from(b"a", 0, false),
7083 },
7084 frame::Frame::ResetStream {
7085 stream_id: 8,
7086 error_code: 0,
7087 final_size: 15,
7088 },
7089 frame::Frame::Stream {
7090 stream_id: 12,
7091 data: stream::RangeBuf::from(b"a", 0, false),
7092 },
7093 ];
7094
7095 let pkt_type = packet::Type::Short;
7096 assert_eq!(
7097 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
7098 Err(Error::FlowControl),
7099 );
7100 }
7101
7102 #[test]
path_challenge()7103 fn path_challenge() {
7104 let mut buf = [0; 65535];
7105
7106 let mut pipe = testing::Pipe::default().unwrap();
7107 assert_eq!(pipe.handshake(), Ok(()));
7108
7109 let frames = [frame::Frame::PathChallenge {
7110 data: vec![0xba; 8],
7111 }];
7112
7113 let pkt_type = packet::Type::Short;
7114
7115 let len = pipe
7116 .send_pkt_to_server(pkt_type, &frames, &mut buf)
7117 .unwrap();
7118
7119 assert!(len > 0);
7120
7121 let frames =
7122 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
7123 let mut iter = frames.iter();
7124
7125 // Ignore ACK.
7126 iter.next().unwrap();
7127
7128 assert_eq!(
7129 iter.next(),
7130 Some(&frame::Frame::PathResponse {
7131 data: vec![0xba; 8],
7132 })
7133 );
7134 }
7135
7136 #[test]
7137 /// Simulates reception of an early 1-RTT packet on the server, by
7138 /// delaying the client's Handshake packet that completes the handshake.
early_1rtt_packet()7139 fn early_1rtt_packet() {
7140 let mut buf = [0; 65535];
7141
7142 let mut pipe = testing::Pipe::default().unwrap();
7143
7144 // Client sends initial flight
7145 let flight = testing::emit_flight(&mut pipe.client).unwrap();
7146 testing::process_flight(&mut pipe.server, flight).unwrap();
7147
7148 // Server sends initial flight.
7149 let flight = testing::emit_flight(&mut pipe.server).unwrap();
7150 testing::process_flight(&mut pipe.client, flight).unwrap();
7151
7152 // Client sends Handshake packet.
7153 let flight = testing::emit_flight(&mut pipe.client).unwrap();
7154
7155 // Emulate handshake packet delay by not making server process client
7156 // packet.
7157 let delayed = flight.clone();
7158
7159 testing::emit_flight(&mut pipe.server).ok();
7160
7161 assert!(pipe.client.is_established());
7162
7163 // Send 1-RTT packet #0.
7164 let frames = [frame::Frame::Stream {
7165 stream_id: 0,
7166 data: stream::RangeBuf::from(b"hello, world", 0, true),
7167 }];
7168
7169 let pkt_type = packet::Type::Short;
7170 let written =
7171 testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
7172 .unwrap();
7173
7174 assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
7175
7176 // Send 1-RTT packet #1.
7177 let frames = [frame::Frame::Stream {
7178 stream_id: 4,
7179 data: stream::RangeBuf::from(b"hello, world", 0, true),
7180 }];
7181
7182 let written =
7183 testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
7184 .unwrap();
7185
7186 assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
7187
7188 assert!(!pipe.server.is_established());
7189
7190 // Client sent 1-RTT packets 0 and 1, but server hasn't received them.
7191 //
7192 // Note that `largest_rx_pkt_num` is initialized to 0, so we need to
7193 // send another 1-RTT packet to make this check meaningful.
7194 assert_eq!(
7195 pipe.server.pkt_num_spaces[packet::EPOCH_APPLICATION]
7196 .largest_rx_pkt_num,
7197 0
7198 );
7199
7200 // Process delayed packet.
7201 testing::process_flight(&mut pipe.server, delayed).unwrap();
7202
7203 assert!(pipe.server.is_established());
7204
7205 assert_eq!(
7206 pipe.server.pkt_num_spaces[packet::EPOCH_APPLICATION]
7207 .largest_rx_pkt_num,
7208 0
7209 );
7210 }
7211
7212 #[test]
stop_sending()7213 fn stop_sending() {
7214 let mut b = [0; 15];
7215
7216 let mut buf = [0; 65535];
7217
7218 let mut pipe = testing::Pipe::default().unwrap();
7219 assert_eq!(pipe.handshake(), Ok(()));
7220
7221 // Client sends some data, and closes stream.
7222 assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
7223 assert_eq!(pipe.advance(), Ok(()));
7224
7225 // Server gets data.
7226 let mut r = pipe.server.readable();
7227 assert_eq!(r.next(), Some(4));
7228 assert_eq!(r.next(), None);
7229
7230 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
7231 assert!(pipe.server.stream_finished(4));
7232
7233 let mut r = pipe.server.readable();
7234 assert_eq!(r.next(), None);
7235
7236 // Server sends data, until blocked.
7237 let mut r = pipe.server.writable();
7238 assert_eq!(r.next(), Some(4));
7239 assert_eq!(r.next(), None);
7240
7241 loop {
7242 if pipe.server.stream_send(4, b"world", false) == Ok(0) {
7243 break;
7244 }
7245
7246 assert_eq!(pipe.advance(), Ok(()));
7247 }
7248
7249 let mut r = pipe.server.writable();
7250 assert_eq!(r.next(), None);
7251
7252 // Client sends STOP_SENDING.
7253 let frames = [frame::Frame::StopSending {
7254 stream_id: 4,
7255 error_code: 42,
7256 }];
7257
7258 let pkt_type = packet::Type::Short;
7259 let len = pipe
7260 .send_pkt_to_server(pkt_type, &frames, &mut buf)
7261 .unwrap();
7262
7263 // Server sent a RESET_STREAM frame in response.
7264 let frames =
7265 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
7266
7267 let mut iter = frames.iter();
7268
7269 // Skip ACK frame.
7270 iter.next();
7271
7272 assert_eq!(
7273 iter.next(),
7274 Some(&frame::Frame::ResetStream {
7275 stream_id: 4,
7276 error_code: 42,
7277 final_size: 15,
7278 })
7279 );
7280
7281 // Stream is writable, but writing returns an error.
7282 let mut r = pipe.server.writable();
7283 assert_eq!(r.next(), Some(4));
7284 assert_eq!(r.next(), None);
7285
7286 assert_eq!(
7287 pipe.server.stream_send(4, b"world", true),
7288 Err(Error::StreamStopped(42)),
7289 );
7290
7291 assert_eq!(pipe.server.streams.len(), 1);
7292
7293 // Client acks RESET_STREAM frame.
7294 let mut ranges = ranges::RangeSet::default();
7295 ranges.insert(0..6);
7296
7297 let frames = [frame::Frame::ACK {
7298 ack_delay: 15,
7299 ranges,
7300 }];
7301
7302 assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(0));
7303
7304 // Stream is collected on the server after RESET_STREAM is acked.
7305 assert_eq!(pipe.server.streams.len(), 0);
7306
7307 // Sending STOP_SENDING again shouldn't trigger RESET_STREAM again.
7308 let frames = [frame::Frame::StopSending {
7309 stream_id: 4,
7310 error_code: 42,
7311 }];
7312
7313 let len = pipe
7314 .send_pkt_to_server(pkt_type, &frames, &mut buf)
7315 .unwrap();
7316
7317 let frames =
7318 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
7319
7320 assert_eq!(frames.len(), 1);
7321
7322 match frames.iter().next() {
7323 Some(frame::Frame::ACK { .. }) => (),
7324
7325 f => panic!("expected ACK frame, got {:?}", f),
7326 };
7327
7328 let mut r = pipe.server.writable();
7329 assert_eq!(r.next(), None);
7330 }
7331
7332 #[test]
stop_sending_fin()7333 fn stop_sending_fin() {
7334 let mut b = [0; 15];
7335
7336 let mut buf = [0; 65535];
7337
7338 let mut pipe = testing::Pipe::default().unwrap();
7339 assert_eq!(pipe.handshake(), Ok(()));
7340
7341 // Client sends some data, and closes stream.
7342 assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
7343 assert_eq!(pipe.advance(), Ok(()));
7344
7345 // Server gets data.
7346 let mut r = pipe.server.readable();
7347 assert_eq!(r.next(), Some(4));
7348 assert_eq!(r.next(), None);
7349
7350 assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
7351 assert!(pipe.server.stream_finished(4));
7352
7353 let mut r = pipe.server.readable();
7354 assert_eq!(r.next(), None);
7355
7356 // Server sends data, and closes stream.
7357 let mut r = pipe.server.writable();
7358 assert_eq!(r.next(), Some(4));
7359 assert_eq!(r.next(), None);
7360
7361 assert_eq!(pipe.server.stream_send(4, b"world", true), Ok(5));
7362
7363 // Client sends STOP_SENDING before server flushes stream.
7364 let frames = [frame::Frame::StopSending {
7365 stream_id: 4,
7366 error_code: 42,
7367 }];
7368
7369 let pkt_type = packet::Type::Short;
7370 let len = pipe
7371 .send_pkt_to_server(pkt_type, &frames, &mut buf)
7372 .unwrap();
7373
7374 // Server sent a RESET_STREAM frame in response.
7375 let frames =
7376 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
7377
7378 let mut iter = frames.iter();
7379
7380 // Skip ACK frame.
7381 iter.next();
7382
7383 assert_eq!(
7384 iter.next(),
7385 Some(&frame::Frame::ResetStream {
7386 stream_id: 4,
7387 error_code: 42,
7388 final_size: 5,
7389 })
7390 );
7391
7392 // No more frames are sent by the server.
7393 assert_eq!(iter.next(), None);
7394 }
7395
7396 #[test]
stream_shutdown_read()7397 fn stream_shutdown_read() {
7398 let mut buf = [0; 65535];
7399
7400 let mut pipe = testing::Pipe::default().unwrap();
7401 assert_eq!(pipe.handshake(), Ok(()));
7402
7403 // Client sends some data.
7404 assert_eq!(pipe.client.stream_send(4, b"hello, world", false), Ok(12));
7405 assert_eq!(pipe.advance(), Ok(()));
7406
7407 let mut r = pipe.server.readable();
7408 assert_eq!(r.next(), Some(4));
7409 assert_eq!(r.next(), None);
7410
7411 assert_eq!(pipe.client.streams.len(), 1);
7412 assert_eq!(pipe.server.streams.len(), 1);
7413
7414 // Server shuts down stream.
7415 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
7416
7417 let mut r = pipe.server.readable();
7418 assert_eq!(r.next(), None);
7419
7420 let (len, _) = pipe.server.send(&mut buf).unwrap();
7421
7422 let mut dummy = buf[..len].to_vec();
7423
7424 let frames =
7425 testing::decode_pkt(&mut pipe.client, &mut dummy, len).unwrap();
7426 let mut iter = frames.iter();
7427
7428 assert_eq!(
7429 iter.next(),
7430 Some(&frame::Frame::StopSending {
7431 stream_id: 4,
7432 error_code: 42,
7433 })
7434 );
7435
7436 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
7437
7438 assert_eq!(pipe.advance(), Ok(()));
7439
7440 // Sending more data is forbidden.
7441 let mut r = pipe.client.writable();
7442 assert_eq!(r.next(), Some(4));
7443 assert_eq!(r.next(), None);
7444
7445 assert_eq!(
7446 pipe.client.stream_send(4, b"bye", false),
7447 Err(Error::StreamStopped(42))
7448 );
7449
7450 // Server sends some data, without reading the incoming data, and closes
7451 // the stream.
7452 assert_eq!(pipe.server.stream_send(4, b"hello, world", true), Ok(12));
7453 assert_eq!(pipe.advance(), Ok(()));
7454
7455 // Client reads the data.
7456 let mut r = pipe.client.readable();
7457 assert_eq!(r.next(), Some(4));
7458 assert_eq!(r.next(), None);
7459
7460 assert_eq!(pipe.client.stream_recv(4, &mut buf), Ok((12, true)));
7461
7462 // Stream is collected on both sides.
7463 assert_eq!(pipe.client.streams.len(), 0);
7464 assert_eq!(pipe.server.streams.len(), 0);
7465
7466 assert_eq!(
7467 pipe.server.stream_shutdown(4, Shutdown::Read, 0),
7468 Err(Error::Done)
7469 );
7470 }
7471
7472 #[test]
stream_shutdown_read_after_fin()7473 fn stream_shutdown_read_after_fin() {
7474 let mut buf = [0; 65535];
7475
7476 let mut pipe = testing::Pipe::default().unwrap();
7477 assert_eq!(pipe.handshake(), Ok(()));
7478
7479 // Client sends some data.
7480 assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
7481 assert_eq!(pipe.advance(), Ok(()));
7482
7483 let mut r = pipe.server.readable();
7484 assert_eq!(r.next(), Some(4));
7485 assert_eq!(r.next(), None);
7486
7487 assert_eq!(pipe.client.streams.len(), 1);
7488 assert_eq!(pipe.server.streams.len(), 1);
7489
7490 // Server shuts down stream.
7491 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
7492
7493 let mut r = pipe.server.readable();
7494 assert_eq!(r.next(), None);
7495
7496 // Server has nothing to send.
7497 assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
7498
7499 assert_eq!(pipe.advance(), Ok(()));
7500
7501 // Server sends some data, without reading the incoming data, and closes
7502 // the stream.
7503 assert_eq!(pipe.server.stream_send(4, b"hello, world", true), Ok(12));
7504 assert_eq!(pipe.advance(), Ok(()));
7505
7506 // Client reads the data.
7507 let mut r = pipe.client.readable();
7508 assert_eq!(r.next(), Some(4));
7509 assert_eq!(r.next(), None);
7510
7511 assert_eq!(pipe.client.stream_recv(4, &mut buf), Ok((12, true)));
7512
7513 // Stream is collected on both sides.
7514 assert_eq!(pipe.client.streams.len(), 0);
7515 assert_eq!(pipe.server.streams.len(), 0);
7516
7517 assert_eq!(
7518 pipe.server.stream_shutdown(4, Shutdown::Read, 0),
7519 Err(Error::Done)
7520 );
7521 }
7522
7523 #[test]
stream_shutdown_write()7524 fn stream_shutdown_write() {
7525 let mut buf = [0; 65535];
7526
7527 let mut pipe = testing::Pipe::default().unwrap();
7528 assert_eq!(pipe.handshake(), Ok(()));
7529
7530 // Client sends some data.
7531 assert_eq!(pipe.client.stream_send(4, b"hello, world", false), Ok(12));
7532 assert_eq!(pipe.advance(), Ok(()));
7533
7534 let mut r = pipe.server.readable();
7535 assert_eq!(r.next(), Some(4));
7536 assert_eq!(r.next(), None);
7537
7538 let mut r = pipe.server.writable();
7539 assert_eq!(r.next(), Some(4));
7540 assert_eq!(r.next(), None);
7541
7542 assert_eq!(pipe.client.streams.len(), 1);
7543 assert_eq!(pipe.server.streams.len(), 1);
7544
7545 // Server sends some data.
7546 assert_eq!(pipe.server.stream_send(4, b"goodbye, world", false), Ok(14));
7547
7548 // Server shuts down stream.
7549 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Write, 42), Ok(()));
7550
7551 let mut r = pipe.server.writable();
7552 assert_eq!(r.next(), None);
7553
7554 let (len, _) = pipe.server.send(&mut buf).unwrap();
7555
7556 let mut dummy = buf[..len].to_vec();
7557
7558 let frames =
7559 testing::decode_pkt(&mut pipe.client, &mut dummy, len).unwrap();
7560 let mut iter = frames.iter();
7561
7562 assert_eq!(
7563 iter.next(),
7564 Some(&frame::Frame::ResetStream {
7565 stream_id: 4,
7566 error_code: 42,
7567 final_size: 14,
7568 })
7569 );
7570
7571 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
7572
7573 assert_eq!(pipe.advance(), Ok(()));
7574
7575 // Sending more data is forbidden.
7576 assert_eq!(
7577 pipe.server.stream_send(4, b"bye", false),
7578 Err(Error::FinalSize)
7579 );
7580
7581 // Client sends some data and closes the stream.
7582 assert_eq!(pipe.client.stream_send(4, b"bye", true), Ok(3));
7583 assert_eq!(pipe.advance(), Ok(()));
7584
7585 // Server reads the data.
7586 let mut r = pipe.server.readable();
7587 assert_eq!(r.next(), Some(4));
7588 assert_eq!(r.next(), None);
7589
7590 assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((15, true)));
7591
7592 // Stream is collected on both sides.
7593 // TODO: assert_eq!(pipe.client.streams.len(), 0);
7594 assert_eq!(pipe.server.streams.len(), 0);
7595
7596 assert_eq!(
7597 pipe.server.stream_shutdown(4, Shutdown::Write, 0),
7598 Err(Error::Done)
7599 );
7600 }
7601
7602 #[test]
7603 /// Tests that the order of flushable streams scheduled on the wire is the
7604 /// same as the order of `stream_send()` calls done by the application.
stream_round_robin()7605 fn stream_round_robin() {
7606 let mut buf = [0; 65535];
7607
7608 let mut pipe = testing::Pipe::default().unwrap();
7609 assert_eq!(pipe.handshake(), Ok(()));
7610
7611 assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
7612 assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
7613 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
7614
7615 let (len, _) = pipe.client.send(&mut buf).unwrap();
7616
7617 let frames =
7618 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
7619
7620 let mut iter = frames.iter();
7621
7622 // Skip ACK frame.
7623 iter.next();
7624
7625 assert_eq!(
7626 iter.next(),
7627 Some(&frame::Frame::Stream {
7628 stream_id: 8,
7629 data: stream::RangeBuf::from(b"aaaaa", 0, false),
7630 })
7631 );
7632
7633 let (len, _) = pipe.client.send(&mut buf).unwrap();
7634
7635 let frames =
7636 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
7637
7638 assert_eq!(
7639 frames.iter().next(),
7640 Some(&frame::Frame::Stream {
7641 stream_id: 0,
7642 data: stream::RangeBuf::from(b"aaaaa", 0, false),
7643 })
7644 );
7645
7646 let (len, _) = pipe.client.send(&mut buf).unwrap();
7647
7648 let frames =
7649 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
7650
7651 assert_eq!(
7652 frames.iter().next(),
7653 Some(&frame::Frame::Stream {
7654 stream_id: 4,
7655 data: stream::RangeBuf::from(b"aaaaa", 0, false),
7656 })
7657 );
7658 }
7659
7660 #[test]
7661 /// Tests the readable iterator.
stream_readable()7662 fn stream_readable() {
7663 let mut pipe = testing::Pipe::default().unwrap();
7664 assert_eq!(pipe.handshake(), Ok(()));
7665
7666 // No readable streams.
7667 let mut r = pipe.client.readable();
7668 assert_eq!(r.next(), None);
7669
7670 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
7671
7672 let mut r = pipe.client.readable();
7673 assert_eq!(r.next(), None);
7674
7675 let mut r = pipe.server.readable();
7676 assert_eq!(r.next(), None);
7677
7678 assert_eq!(pipe.advance(), Ok(()));
7679
7680 // Server received stream.
7681 let mut r = pipe.server.readable();
7682 assert_eq!(r.next(), Some(4));
7683 assert_eq!(r.next(), None);
7684
7685 assert_eq!(
7686 pipe.server.stream_send(4, b"aaaaaaaaaaaaaaa", false),
7687 Ok(15)
7688 );
7689 assert_eq!(pipe.advance(), Ok(()));
7690
7691 let mut r = pipe.client.readable();
7692 assert_eq!(r.next(), Some(4));
7693 assert_eq!(r.next(), None);
7694
7695 // Client drains stream.
7696 let mut b = [0; 15];
7697 pipe.client.stream_recv(4, &mut b).unwrap();
7698 assert_eq!(pipe.advance(), Ok(()));
7699
7700 let mut r = pipe.client.readable();
7701 assert_eq!(r.next(), None);
7702
7703 // Server shuts down stream.
7704 let mut r = pipe.server.readable();
7705 assert_eq!(r.next(), Some(4));
7706 assert_eq!(r.next(), None);
7707
7708 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 0), Ok(()));
7709
7710 let mut r = pipe.server.readable();
7711 assert_eq!(r.next(), None);
7712
7713 // Client creates multiple streams.
7714 assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
7715 assert_eq!(pipe.advance(), Ok(()));
7716
7717 assert_eq!(pipe.client.stream_send(12, b"aaaaa", false), Ok(5));
7718 assert_eq!(pipe.advance(), Ok(()));
7719
7720 let mut r = pipe.server.readable();
7721 assert_eq!(r.len(), 2);
7722
7723 assert!(r.next().is_some());
7724 assert!(r.next().is_some());
7725 assert!(r.next().is_none());
7726
7727 assert_eq!(r.len(), 0);
7728 }
7729
7730 #[test]
7731 /// Tests the writable iterator.
stream_writable()7732 fn stream_writable() {
7733 let mut pipe = testing::Pipe::default().unwrap();
7734 assert_eq!(pipe.handshake(), Ok(()));
7735
7736 // No writable streams.
7737 let mut w = pipe.client.writable();
7738 assert_eq!(w.next(), None);
7739
7740 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
7741
7742 // Client created stream.
7743 let mut w = pipe.client.writable();
7744 assert_eq!(w.next(), Some(4));
7745 assert_eq!(w.next(), None);
7746
7747 assert_eq!(pipe.advance(), Ok(()));
7748
7749 // Server created stream.
7750 let mut w = pipe.server.writable();
7751 assert_eq!(w.next(), Some(4));
7752 assert_eq!(w.next(), None);
7753
7754 assert_eq!(
7755 pipe.server.stream_send(4, b"aaaaaaaaaaaaaaa", false),
7756 Ok(15)
7757 );
7758
7759 // Server stream is full.
7760 let mut w = pipe.server.writable();
7761 assert_eq!(w.next(), None);
7762
7763 assert_eq!(pipe.advance(), Ok(()));
7764
7765 // Client drains stream.
7766 let mut b = [0; 15];
7767 pipe.client.stream_recv(4, &mut b).unwrap();
7768 assert_eq!(pipe.advance(), Ok(()));
7769
7770 // Server stream is writable again.
7771 let mut w = pipe.server.writable();
7772 assert_eq!(w.next(), Some(4));
7773 assert_eq!(w.next(), None);
7774
7775 // Server suts down stream.
7776 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Write, 0), Ok(()));
7777
7778 let mut w = pipe.server.writable();
7779 assert_eq!(w.next(), None);
7780
7781 // Client creates multiple streams.
7782 assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
7783 assert_eq!(pipe.advance(), Ok(()));
7784
7785 assert_eq!(pipe.client.stream_send(12, b"aaaaa", false), Ok(5));
7786 assert_eq!(pipe.advance(), Ok(()));
7787
7788 let mut w = pipe.server.writable();
7789 assert_eq!(w.len(), 2);
7790
7791 assert!(w.next().is_some());
7792 assert!(w.next().is_some());
7793 assert!(w.next().is_none());
7794
7795 assert_eq!(w.len(), 0);
7796
7797 // Server finishes stream.
7798 assert_eq!(pipe.server.stream_send(12, b"aaaaa", true), Ok(5));
7799
7800 let mut w = pipe.server.writable();
7801 assert_eq!(w.next(), Some(8));
7802 assert_eq!(w.next(), None);
7803 }
7804
7805 #[test]
7806 /// Tests that we don't exceed the per-connection flow control limit set by
7807 /// the peer.
flow_control_limit_send()7808 fn flow_control_limit_send() {
7809 let mut pipe = testing::Pipe::default().unwrap();
7810 assert_eq!(pipe.handshake(), Ok(()));
7811
7812 assert_eq!(
7813 pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
7814 Ok(15)
7815 );
7816 assert_eq!(pipe.advance(), Ok(()));
7817 assert_eq!(
7818 pipe.client.stream_send(4, b"aaaaaaaaaaaaaaa", false),
7819 Ok(15)
7820 );
7821 assert_eq!(pipe.advance(), Ok(()));
7822 assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(0));
7823 assert_eq!(pipe.advance(), Ok(()));
7824
7825 let mut r = pipe.server.readable();
7826 assert!(r.next().is_some());
7827 assert!(r.next().is_some());
7828 assert!(r.next().is_none());
7829 }
7830
7831 #[test]
7832 /// Tests that invalid packets received before any other valid ones cause
7833 /// the server to close the connection immediately.
invalid_initial_server()7834 fn invalid_initial_server() {
7835 let mut buf = [0; 65535];
7836 let mut pipe = testing::Pipe::default().unwrap();
7837
7838 let frames = [frame::Frame::Padding { len: 10 }];
7839
7840 let written = testing::encode_pkt(
7841 &mut pipe.client,
7842 packet::Type::Initial,
7843 &frames,
7844 &mut buf,
7845 )
7846 .unwrap();
7847
7848 // Corrupt the packets's last byte to make decryption fail (the last
7849 // byte is part of the AEAD tag, so changing it means that the packet
7850 // cannot be authenticated during decryption).
7851 buf[written - 1] = !buf[written - 1];
7852
7853 assert_eq!(pipe.server.timeout(), None);
7854
7855 assert_eq!(
7856 pipe.server_recv(&mut buf[..written]),
7857 Err(Error::CryptoFail)
7858 );
7859
7860 assert!(pipe.server.is_closed());
7861 }
7862
7863 #[test]
7864 /// Tests that invalid Initial packets received to cause
7865 /// the client to close the connection immediately.
invalid_initial_client()7866 fn invalid_initial_client() {
7867 let mut buf = [0; 65535];
7868 let mut pipe = testing::Pipe::default().unwrap();
7869
7870 // Client sends initial flight.
7871 let (len, _) = pipe.client.send(&mut buf).unwrap();
7872
7873 // Server sends initial flight.
7874 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(1200));
7875
7876 let frames = [frame::Frame::Padding { len: 10 }];
7877
7878 let written = testing::encode_pkt(
7879 &mut pipe.server,
7880 packet::Type::Initial,
7881 &frames,
7882 &mut buf,
7883 )
7884 .unwrap();
7885
7886 // Corrupt the packets's last byte to make decryption fail (the last
7887 // byte is part of the AEAD tag, so changing it means that the packet
7888 // cannot be authenticated during decryption).
7889 buf[written - 1] = !buf[written - 1];
7890
7891 // Client will ignore invalid packet.
7892 assert_eq!(pipe.client_recv(&mut buf[..written]), Ok(71));
7893
7894 // The connection should be alive...
7895 assert_eq!(pipe.client.is_closed(), false);
7896
7897 // ...and the idle timeout should be armed.
7898 assert!(pipe.client.idle_timer.is_some());
7899 }
7900
7901 #[test]
7902 /// Tests that packets with invalid payload length received before any other
7903 /// valid packet cause the server to close the connection immediately.
invalid_initial_payload()7904 fn invalid_initial_payload() {
7905 let mut buf = [0; 65535];
7906 let mut pipe = testing::Pipe::default().unwrap();
7907
7908 let mut b = octets::OctetsMut::with_slice(&mut buf);
7909
7910 let epoch = packet::Type::Initial.to_epoch().unwrap();
7911
7912 let pn = 0;
7913 let pn_len = packet::pkt_num_len(pn).unwrap();
7914
7915 let hdr = Header {
7916 ty: packet::Type::Initial,
7917 version: pipe.client.version,
7918 dcid: ConnectionId::from_ref(&pipe.client.dcid),
7919 scid: ConnectionId::from_ref(&pipe.client.scid),
7920 pkt_num: 0,
7921 pkt_num_len: pn_len,
7922 token: pipe.client.token.clone(),
7923 versions: None,
7924 key_phase: false,
7925 };
7926
7927 hdr.to_bytes(&mut b).unwrap();
7928
7929 // Payload length is invalid!!!
7930 let payload_len = 4096;
7931
7932 let len = pn_len + payload_len;
7933 b.put_varint(len as u64).unwrap();
7934
7935 packet::encode_pkt_num(pn, &mut b).unwrap();
7936
7937 let payload_offset = b.off();
7938
7939 let frames = [frame::Frame::Padding { len: 10 }];
7940
7941 for frame in &frames {
7942 frame.to_bytes(&mut b).unwrap();
7943 }
7944
7945 let space = &mut pipe.client.pkt_num_spaces[epoch];
7946
7947 // Use correct payload length when encrypting the packet.
7948 let payload_len = frames.iter().fold(0, |acc, x| acc + x.wire_len()) +
7949 space.crypto_overhead().unwrap();
7950
7951 let aead = space.crypto_seal.as_ref().unwrap();
7952
7953 let written = packet::encrypt_pkt(
7954 &mut b,
7955 pn,
7956 pn_len,
7957 payload_len,
7958 payload_offset,
7959 aead,
7960 )
7961 .unwrap();
7962
7963 assert_eq!(pipe.server.timeout(), None);
7964
7965 assert_eq!(
7966 pipe.server_recv(&mut buf[..written]),
7967 Err(Error::InvalidPacket)
7968 );
7969
7970 assert!(pipe.server.is_closed());
7971 }
7972
7973 #[test]
7974 /// Tests that invalid packets don't cause the connection to be closed.
invalid_packet()7975 fn invalid_packet() {
7976 let mut buf = [0; 65535];
7977
7978 let mut pipe = testing::Pipe::default().unwrap();
7979 assert_eq!(pipe.handshake(), Ok(()));
7980
7981 let frames = [frame::Frame::Padding { len: 10 }];
7982
7983 let written = testing::encode_pkt(
7984 &mut pipe.client,
7985 packet::Type::Short,
7986 &frames,
7987 &mut buf,
7988 )
7989 .unwrap();
7990
7991 // Corrupt the packets's last byte to make decryption fail (the last
7992 // byte is part of the AEAD tag, so changing it means that the packet
7993 // cannot be authenticated during decryption).
7994 buf[written - 1] = !buf[written - 1];
7995
7996 assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
7997
7998 // Corrupt the packets's first byte to make the header fail decoding.
7999 buf[0] = 255;
8000
8001 assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
8002 }
8003
8004 #[test]
recv_empty_buffer()8005 fn recv_empty_buffer() {
8006 let mut buf = [0; 65535];
8007
8008 let mut pipe = testing::Pipe::default().unwrap();
8009 assert_eq!(pipe.handshake(), Ok(()));
8010
8011 assert_eq!(pipe.server_recv(&mut buf[..0]), Err(Error::BufferTooShort));
8012 }
8013
8014 #[test]
8015 /// Tests that the MAX_STREAMS frame is sent for bidirectional streams.
stream_limit_update_bidi()8016 fn stream_limit_update_bidi() {
8017 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
8018 config
8019 .load_cert_chain_from_pem_file("examples/cert.crt")
8020 .unwrap();
8021 config
8022 .load_priv_key_from_pem_file("examples/cert.key")
8023 .unwrap();
8024 config
8025 .set_application_protos(b"\x06proto1\x06proto2")
8026 .unwrap();
8027 config.set_initial_max_data(30);
8028 config.set_initial_max_stream_data_bidi_local(15);
8029 config.set_initial_max_stream_data_bidi_remote(15);
8030 config.set_initial_max_stream_data_uni(10);
8031 config.set_initial_max_streams_bidi(3);
8032 config.set_initial_max_streams_uni(0);
8033 config.verify_peer(false);
8034
8035 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
8036 assert_eq!(pipe.handshake(), Ok(()));
8037
8038 // Client sends stream data.
8039 assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
8040 assert_eq!(pipe.advance(), Ok(()));
8041
8042 assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
8043 assert_eq!(pipe.advance(), Ok(()));
8044
8045 assert_eq!(pipe.client.stream_send(4, b"b", true), Ok(1));
8046 assert_eq!(pipe.advance(), Ok(()));
8047
8048 assert_eq!(pipe.client.stream_send(0, b"b", true), Ok(1));
8049 assert_eq!(pipe.advance(), Ok(()));
8050
8051 // Server reads stream data.
8052 let mut b = [0; 15];
8053 pipe.server.stream_recv(0, &mut b).unwrap();
8054 pipe.server.stream_recv(4, &mut b).unwrap();
8055 assert_eq!(pipe.advance(), Ok(()));
8056
8057 // Server sends stream data, with fin.
8058 assert_eq!(pipe.server.stream_send(0, b"a", false), Ok(1));
8059 assert_eq!(pipe.advance(), Ok(()));
8060
8061 assert_eq!(pipe.server.stream_send(4, b"a", false), Ok(1));
8062 assert_eq!(pipe.advance(), Ok(()));
8063
8064 assert_eq!(pipe.server.stream_send(4, b"b", true), Ok(1));
8065 assert_eq!(pipe.advance(), Ok(()));
8066
8067 assert_eq!(pipe.server.stream_send(0, b"b", true), Ok(1));
8068
8069 // Server sends MAX_STREAMS.
8070 assert_eq!(pipe.advance(), Ok(()));
8071
8072 // Client tries to create new streams.
8073 assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
8074 assert_eq!(pipe.advance(), Ok(()));
8075
8076 assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
8077 assert_eq!(pipe.advance(), Ok(()));
8078
8079 assert_eq!(pipe.client.stream_send(16, b"a", false), Ok(1));
8080 assert_eq!(pipe.advance(), Ok(()));
8081
8082 assert_eq!(
8083 pipe.client.stream_send(20, b"a", false),
8084 Err(Error::StreamLimit)
8085 );
8086
8087 assert_eq!(pipe.server.readable().len(), 3);
8088 }
8089
8090 #[test]
8091 /// Tests that the MAX_STREAMS frame is sent for unirectional streams.
stream_limit_update_uni()8092 fn stream_limit_update_uni() {
8093 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
8094 config
8095 .load_cert_chain_from_pem_file("examples/cert.crt")
8096 .unwrap();
8097 config
8098 .load_priv_key_from_pem_file("examples/cert.key")
8099 .unwrap();
8100 config
8101 .set_application_protos(b"\x06proto1\x06proto2")
8102 .unwrap();
8103 config.set_initial_max_data(30);
8104 config.set_initial_max_stream_data_bidi_local(15);
8105 config.set_initial_max_stream_data_bidi_remote(15);
8106 config.set_initial_max_stream_data_uni(10);
8107 config.set_initial_max_streams_bidi(0);
8108 config.set_initial_max_streams_uni(3);
8109 config.verify_peer(false);
8110
8111 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
8112 assert_eq!(pipe.handshake(), Ok(()));
8113
8114 // Client sends stream data.
8115 assert_eq!(pipe.client.stream_send(2, b"a", false), Ok(1));
8116 assert_eq!(pipe.advance(), Ok(()));
8117
8118 assert_eq!(pipe.client.stream_send(6, b"a", false), Ok(1));
8119 assert_eq!(pipe.advance(), Ok(()));
8120
8121 assert_eq!(pipe.client.stream_send(6, b"b", true), Ok(1));
8122 assert_eq!(pipe.advance(), Ok(()));
8123
8124 assert_eq!(pipe.client.stream_send(2, b"b", true), Ok(1));
8125 assert_eq!(pipe.advance(), Ok(()));
8126
8127 // Server reads stream data.
8128 let mut b = [0; 15];
8129 pipe.server.stream_recv(2, &mut b).unwrap();
8130 pipe.server.stream_recv(6, &mut b).unwrap();
8131
8132 // Server sends MAX_STREAMS.
8133 assert_eq!(pipe.advance(), Ok(()));
8134
8135 // Client tries to create new streams.
8136 assert_eq!(pipe.client.stream_send(10, b"a", false), Ok(1));
8137 assert_eq!(pipe.advance(), Ok(()));
8138
8139 assert_eq!(pipe.client.stream_send(14, b"a", false), Ok(1));
8140 assert_eq!(pipe.advance(), Ok(()));
8141
8142 assert_eq!(pipe.client.stream_send(18, b"a", false), Ok(1));
8143 assert_eq!(pipe.advance(), Ok(()));
8144
8145 assert_eq!(
8146 pipe.client.stream_send(22, b"a", false),
8147 Err(Error::StreamLimit)
8148 );
8149
8150 assert_eq!(pipe.server.readable().len(), 3);
8151 }
8152
8153 #[test]
8154 /// Tests that the stream's fin flag is properly flushed even if there's no
8155 /// data in the buffer, and that the buffer becomes readable on the other
8156 /// side.
stream_zero_length_fin()8157 fn stream_zero_length_fin() {
8158 let mut pipe = testing::Pipe::default().unwrap();
8159 assert_eq!(pipe.handshake(), Ok(()));
8160
8161 assert_eq!(
8162 pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
8163 Ok(15)
8164 );
8165 assert_eq!(pipe.advance(), Ok(()));
8166
8167 let mut r = pipe.server.readable();
8168 assert_eq!(r.next(), Some(0));
8169 assert!(r.next().is_none());
8170
8171 let mut b = [0; 15];
8172 pipe.server.stream_recv(0, &mut b).unwrap();
8173 assert_eq!(pipe.advance(), Ok(()));
8174
8175 // Client sends zero-length frame.
8176 assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
8177 assert_eq!(pipe.advance(), Ok(()));
8178
8179 // Stream should be readable on the server after receiving empty fin.
8180 let mut r = pipe.server.readable();
8181 assert_eq!(r.next(), Some(0));
8182 assert!(r.next().is_none());
8183
8184 let mut b = [0; 15];
8185 pipe.server.stream_recv(0, &mut b).unwrap();
8186 assert_eq!(pipe.advance(), Ok(()));
8187
8188 // Client sends zero-length frame (again).
8189 assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
8190 assert_eq!(pipe.advance(), Ok(()));
8191
8192 // Stream should _not_ be readable on the server after receiving empty
8193 // fin, because it was already finished.
8194 let mut r = pipe.server.readable();
8195 assert_eq!(r.next(), None);
8196 }
8197
8198 #[test]
8199 /// Tests that the stream's fin flag is properly flushed even if there's no
8200 /// data in the buffer, that the buffer becomes readable on the other
8201 /// side and stays readable even if the stream is fin'd locally.
stream_zero_length_fin_deferred_collection()8202 fn stream_zero_length_fin_deferred_collection() {
8203 let mut pipe = testing::Pipe::default().unwrap();
8204 assert_eq!(pipe.handshake(), Ok(()));
8205
8206 assert_eq!(
8207 pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
8208 Ok(15)
8209 );
8210 assert_eq!(pipe.advance(), Ok(()));
8211
8212 let mut r = pipe.server.readable();
8213 assert_eq!(r.next(), Some(0));
8214 assert!(r.next().is_none());
8215
8216 let mut b = [0; 15];
8217 pipe.server.stream_recv(0, &mut b).unwrap();
8218 assert_eq!(pipe.advance(), Ok(()));
8219
8220 // Client sends zero-length frame.
8221 assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
8222 assert_eq!(pipe.advance(), Ok(()));
8223
8224 // Server sends zero-length frame.
8225 assert_eq!(pipe.server.stream_send(0, b"", true), Ok(0));
8226 assert_eq!(pipe.advance(), Ok(()));
8227
8228 // Stream should be readable on the server after receiving empty fin.
8229 let mut r = pipe.server.readable();
8230 assert_eq!(r.next(), Some(0));
8231 assert!(r.next().is_none());
8232
8233 let mut b = [0; 15];
8234 pipe.server.stream_recv(0, &mut b).unwrap();
8235 assert_eq!(pipe.advance(), Ok(()));
8236
8237 // Client sends zero-length frame (again).
8238 assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
8239 assert_eq!(pipe.advance(), Ok(()));
8240
8241 // Stream should _not_ be readable on the server after receiving empty
8242 // fin, because it was already finished.
8243 let mut r = pipe.server.readable();
8244 assert_eq!(r.next(), None);
8245
8246 // Stream _is_readable on the client side.
8247 let mut r = pipe.client.readable();
8248 assert_eq!(r.next(), Some(0));
8249
8250 pipe.client.stream_recv(0, &mut b).unwrap();
8251 assert_eq!(pipe.advance(), Ok(()));
8252
8253 // Stream is completed and _is not_ readable.
8254 let mut r = pipe.client.readable();
8255 assert_eq!(r.next(), None);
8256 }
8257
8258 #[test]
8259 /// Tests that completed streams are garbage collected.
collect_streams()8260 fn collect_streams() {
8261 let mut buf = [0; 65535];
8262
8263 let mut pipe = testing::Pipe::default().unwrap();
8264 assert_eq!(pipe.handshake(), Ok(()));
8265
8266 assert_eq!(pipe.client.streams.len(), 0);
8267 assert_eq!(pipe.server.streams.len(), 0);
8268
8269 assert_eq!(pipe.client.stream_send(0, b"aaaaa", true), Ok(5));
8270 assert_eq!(pipe.advance(), Ok(()));
8271
8272 assert!(!pipe.client.stream_finished(0));
8273 assert!(!pipe.server.stream_finished(0));
8274
8275 assert_eq!(pipe.client.streams.len(), 1);
8276 assert_eq!(pipe.server.streams.len(), 1);
8277
8278 let mut b = [0; 5];
8279 pipe.server.stream_recv(0, &mut b).unwrap();
8280 assert_eq!(pipe.advance(), Ok(()));
8281
8282 assert_eq!(pipe.server.stream_send(0, b"aaaaa", true), Ok(5));
8283 assert_eq!(pipe.advance(), Ok(()));
8284
8285 assert!(!pipe.client.stream_finished(0));
8286 assert!(pipe.server.stream_finished(0));
8287
8288 assert_eq!(pipe.client.streams.len(), 1);
8289 assert_eq!(pipe.server.streams.len(), 0);
8290
8291 let mut b = [0; 5];
8292 pipe.client.stream_recv(0, &mut b).unwrap();
8293 assert_eq!(pipe.advance(), Ok(()));
8294
8295 assert_eq!(pipe.client.streams.len(), 0);
8296 assert_eq!(pipe.server.streams.len(), 0);
8297
8298 assert!(pipe.client.stream_finished(0));
8299 assert!(pipe.server.stream_finished(0));
8300
8301 assert_eq!(pipe.client.stream_send(0, b"", true), Err(Error::Done));
8302
8303 let frames = [frame::Frame::Stream {
8304 stream_id: 0,
8305 data: stream::RangeBuf::from(b"aa", 0, false),
8306 }];
8307
8308 let pkt_type = packet::Type::Short;
8309 assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
8310 }
8311
8312 #[test]
config_set_cc_algorithm_name()8313 fn config_set_cc_algorithm_name() {
8314 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8315
8316 assert_eq!(config.set_cc_algorithm_name("reno"), Ok(()));
8317
8318 // Unknown name.
8319 assert_eq!(
8320 config.set_cc_algorithm_name("???"),
8321 Err(Error::CongestionControl)
8322 );
8323 }
8324
8325 #[test]
peer_cert()8326 fn peer_cert() {
8327 let mut pipe = testing::Pipe::default().unwrap();
8328 assert_eq!(pipe.handshake(), Ok(()));
8329
8330 match pipe.client.peer_cert() {
8331 Some(c) => assert_eq!(c.len(), 753),
8332
8333 None => panic!("missing server certificate"),
8334 }
8335 }
8336
8337 #[test]
retry()8338 fn retry() {
8339 let mut buf = [0; 65535];
8340
8341 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8342 config
8343 .load_cert_chain_from_pem_file("examples/cert.crt")
8344 .unwrap();
8345 config
8346 .load_priv_key_from_pem_file("examples/cert.key")
8347 .unwrap();
8348 config
8349 .set_application_protos(b"\x06proto1\x06proto2")
8350 .unwrap();
8351
8352 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
8353
8354 // Client sends initial flight.
8355 let (mut len, _) = pipe.client.send(&mut buf).unwrap();
8356
8357 // Server sends Retry packet.
8358 let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
8359
8360 let odcid = hdr.dcid.clone();
8361
8362 let mut scid = [0; MAX_CONN_ID_LEN];
8363 rand::rand_bytes(&mut scid[..]);
8364 let scid = ConnectionId::from_ref(&scid);
8365
8366 let token = b"quiche test retry token";
8367
8368 len = packet::retry(
8369 &hdr.scid,
8370 &hdr.dcid,
8371 &scid,
8372 token,
8373 hdr.version,
8374 &mut buf,
8375 )
8376 .unwrap();
8377
8378 // Client receives Retry and sends new Initial.
8379 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
8380
8381 let (len, _) = pipe.client.send(&mut buf).unwrap();
8382
8383 let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
8384 assert_eq!(&hdr.token.unwrap(), token);
8385
8386 // Server accepts connection.
8387 let from = "127.0.0.1:1234".parse().unwrap();
8388 pipe.server = accept(&scid, Some(&odcid), from, &mut config).unwrap();
8389 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
8390
8391 assert_eq!(pipe.advance(), Ok(()));
8392
8393 assert!(pipe.client.is_established());
8394 assert!(pipe.server.is_established());
8395 }
8396
8397 #[test]
missing_retry_source_connection_id()8398 fn missing_retry_source_connection_id() {
8399 let mut buf = [0; 65535];
8400
8401 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8402 config
8403 .load_cert_chain_from_pem_file("examples/cert.crt")
8404 .unwrap();
8405 config
8406 .load_priv_key_from_pem_file("examples/cert.key")
8407 .unwrap();
8408 config
8409 .set_application_protos(b"\x06proto1\x06proto2")
8410 .unwrap();
8411
8412 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
8413
8414 // Client sends initial flight.
8415 let (mut len, _) = pipe.client.send(&mut buf).unwrap();
8416
8417 // Server sends Retry packet.
8418 let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
8419
8420 let mut scid = [0; MAX_CONN_ID_LEN];
8421 rand::rand_bytes(&mut scid[..]);
8422 let scid = ConnectionId::from_ref(&scid);
8423
8424 let token = b"quiche test retry token";
8425
8426 len = packet::retry(
8427 &hdr.scid,
8428 &hdr.dcid,
8429 &scid,
8430 token,
8431 hdr.version,
8432 &mut buf,
8433 )
8434 .unwrap();
8435
8436 // Client receives Retry and sends new Initial.
8437 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
8438
8439 let (len, _) = pipe.client.send(&mut buf).unwrap();
8440
8441 // Server accepts connection and send first flight. But original
8442 // destination connection ID is ignored.
8443 let from = "127.0.0.1:1234".parse().unwrap();
8444 pipe.server = accept(&scid, None, from, &mut config).unwrap();
8445 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
8446
8447 let flight = testing::emit_flight(&mut pipe.server).unwrap();
8448
8449 assert_eq!(
8450 testing::process_flight(&mut pipe.client, flight),
8451 Err(Error::InvalidTransportParam)
8452 );
8453 }
8454
8455 #[test]
invalid_retry_source_connection_id()8456 fn invalid_retry_source_connection_id() {
8457 let mut buf = [0; 65535];
8458
8459 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8460 config
8461 .load_cert_chain_from_pem_file("examples/cert.crt")
8462 .unwrap();
8463 config
8464 .load_priv_key_from_pem_file("examples/cert.key")
8465 .unwrap();
8466 config
8467 .set_application_protos(b"\x06proto1\x06proto2")
8468 .unwrap();
8469
8470 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
8471
8472 // Client sends initial flight.
8473 let (mut len, _) = pipe.client.send(&mut buf).unwrap();
8474
8475 // Server sends Retry packet.
8476 let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
8477
8478 let mut scid = [0; MAX_CONN_ID_LEN];
8479 rand::rand_bytes(&mut scid[..]);
8480 let scid = ConnectionId::from_ref(&scid);
8481
8482 let token = b"quiche test retry token";
8483
8484 len = packet::retry(
8485 &hdr.scid,
8486 &hdr.dcid,
8487 &scid,
8488 token,
8489 hdr.version,
8490 &mut buf,
8491 )
8492 .unwrap();
8493
8494 // Client receives Retry and sends new Initial.
8495 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
8496
8497 let (len, _) = pipe.client.send(&mut buf).unwrap();
8498
8499 // Server accepts connection and send first flight. But original
8500 // destination connection ID is invalid.
8501 let from = "127.0.0.1:1234".parse().unwrap();
8502 let odcid = ConnectionId::from_ref(b"bogus value");
8503 pipe.server = accept(&scid, Some(&odcid), from, &mut config).unwrap();
8504 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
8505
8506 let flight = testing::emit_flight(&mut pipe.server).unwrap();
8507
8508 assert_eq!(
8509 testing::process_flight(&mut pipe.client, flight),
8510 Err(Error::InvalidTransportParam)
8511 );
8512 }
8513
check_send(_: &mut impl Send)8514 fn check_send(_: &mut impl Send) {}
8515
8516 #[test]
config_must_be_send()8517 fn config_must_be_send() {
8518 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
8519 check_send(&mut config);
8520 }
8521
8522 #[test]
connection_must_be_send()8523 fn connection_must_be_send() {
8524 let mut pipe = testing::Pipe::default().unwrap();
8525 check_send(&mut pipe.client);
8526 }
8527
check_sync(_: &mut impl Sync)8528 fn check_sync(_: &mut impl Sync) {}
8529
8530 #[test]
config_must_be_sync()8531 fn config_must_be_sync() {
8532 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
8533 check_sync(&mut config);
8534 }
8535
8536 #[test]
connection_must_be_sync()8537 fn connection_must_be_sync() {
8538 let mut pipe = testing::Pipe::default().unwrap();
8539 check_sync(&mut pipe.client);
8540 }
8541
8542 #[test]
data_blocked()8543 fn data_blocked() {
8544 let mut buf = [0; 65535];
8545
8546 let mut pipe = testing::Pipe::default().unwrap();
8547 assert_eq!(pipe.handshake(), Ok(()));
8548
8549 assert_eq!(pipe.client.stream_send(0, b"aaaaaaaaaa", false), Ok(10));
8550 assert_eq!(pipe.client.blocked_limit, None);
8551 assert_eq!(pipe.advance(), Ok(()));
8552
8553 assert_eq!(pipe.client.stream_send(4, b"aaaaaaaaaa", false), Ok(10));
8554 assert_eq!(pipe.client.blocked_limit, None);
8555 assert_eq!(pipe.advance(), Ok(()));
8556
8557 assert_eq!(pipe.client.stream_send(8, b"aaaaaaaaaaa", false), Ok(10));
8558 assert_eq!(pipe.client.blocked_limit, Some(30));
8559
8560 let (len, _) = pipe.client.send(&mut buf).unwrap();
8561 assert_eq!(pipe.client.blocked_limit, None);
8562
8563 let frames =
8564 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
8565
8566 let mut iter = frames.iter();
8567
8568 assert_eq!(iter.next(), Some(&frame::Frame::DataBlocked { limit: 30 }));
8569
8570 assert_eq!(
8571 iter.next(),
8572 Some(&frame::Frame::Stream {
8573 stream_id: 8,
8574 data: stream::RangeBuf::from(b"aaaaaaaaaa", 0, false),
8575 })
8576 );
8577
8578 assert_eq!(iter.next(), None);
8579 }
8580
8581 #[test]
stream_data_blocked()8582 fn stream_data_blocked() {
8583 let mut buf = [0; 65535];
8584
8585 let mut pipe = testing::Pipe::default().unwrap();
8586 assert_eq!(pipe.handshake(), Ok(()));
8587
8588 assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
8589 assert_eq!(pipe.client.streams.blocked().len(), 0);
8590
8591 assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
8592 assert_eq!(pipe.client.streams.blocked().len(), 0);
8593
8594 assert_eq!(pipe.client.stream_send(0, b"aaaaaa", false), Ok(5));
8595 assert_eq!(pipe.client.streams.blocked().len(), 1);
8596
8597 let (len, _) = pipe.client.send(&mut buf).unwrap();
8598 assert_eq!(pipe.client.streams.blocked().len(), 0);
8599
8600 let frames =
8601 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
8602
8603 let mut iter = frames.iter();
8604
8605 // Skip ACK frame.
8606 iter.next();
8607
8608 assert_eq!(
8609 iter.next(),
8610 Some(&frame::Frame::StreamDataBlocked {
8611 stream_id: 0,
8612 limit: 15,
8613 })
8614 );
8615
8616 assert_eq!(
8617 iter.next(),
8618 Some(&frame::Frame::Stream {
8619 stream_id: 0,
8620 data: stream::RangeBuf::from(b"aaaaaaaaaaaaaaa", 0, false),
8621 })
8622 );
8623
8624 assert_eq!(iter.next(), None);
8625
8626 // Send from another stream, make sure we don't send STREAM_DATA_BLOCKED
8627 // again.
8628 assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
8629
8630 let (len, _) = pipe.client.send(&mut buf).unwrap();
8631 assert_eq!(pipe.client.streams.blocked().len(), 0);
8632
8633 let frames =
8634 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
8635
8636 let mut iter = frames.iter();
8637
8638 assert_eq!(
8639 iter.next(),
8640 Some(&frame::Frame::Stream {
8641 stream_id: 4,
8642 data: stream::RangeBuf::from(b"a", 0, false),
8643 })
8644 );
8645
8646 assert_eq!(iter.next(), None);
8647
8648 // Send again from blocked stream and make sure it is marked as blocked
8649 // again.
8650 assert_eq!(pipe.client.stream_send(0, b"aaaaaa", false), Ok(0));
8651 assert_eq!(pipe.client.streams.blocked().len(), 1);
8652
8653 let (len, _) = pipe.client.send(&mut buf).unwrap();
8654 assert_eq!(pipe.client.streams.blocked().len(), 0);
8655
8656 let frames =
8657 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
8658
8659 let mut iter = frames.iter();
8660
8661 assert_eq!(
8662 iter.next(),
8663 Some(&frame::Frame::StreamDataBlocked {
8664 stream_id: 0,
8665 limit: 15,
8666 })
8667 );
8668
8669 assert_eq!(iter.next(), Some(&frame::Frame::Padding { len: 1 }));
8670
8671 assert_eq!(iter.next(), None);
8672 }
8673
8674 #[test]
app_limited_true()8675 fn app_limited_true() {
8676 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8677 config
8678 .set_application_protos(b"\x06proto1\x06proto2")
8679 .unwrap();
8680 config.set_initial_max_data(50000);
8681 config.set_initial_max_stream_data_bidi_local(50000);
8682 config.set_initial_max_stream_data_bidi_remote(50000);
8683 config.set_max_recv_udp_payload_size(1200);
8684 config.verify_peer(false);
8685
8686 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
8687 assert_eq!(pipe.handshake(), Ok(()));
8688
8689 // Client sends stream data.
8690 assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
8691 assert_eq!(pipe.advance(), Ok(()));
8692
8693 // Server reads stream data.
8694 let mut b = [0; 15];
8695 pipe.server.stream_recv(0, &mut b).unwrap();
8696 assert_eq!(pipe.advance(), Ok(()));
8697
8698 // Server sends stream data smaller than cwnd.
8699 let send_buf = [0; 10000];
8700 assert_eq!(pipe.server.stream_send(0, &send_buf, false), Ok(10000));
8701 assert_eq!(pipe.advance(), Ok(()));
8702
8703 // app_limited should be true because we send less than cwnd.
8704 assert_eq!(pipe.server.recovery.app_limited(), true);
8705 }
8706
8707 #[test]
app_limited_false()8708 fn app_limited_false() {
8709 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8710 config
8711 .set_application_protos(b"\x06proto1\x06proto2")
8712 .unwrap();
8713 config.set_initial_max_data(50000);
8714 config.set_initial_max_stream_data_bidi_local(50000);
8715 config.set_initial_max_stream_data_bidi_remote(50000);
8716 config.set_max_recv_udp_payload_size(1200);
8717 config.verify_peer(false);
8718
8719 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
8720 assert_eq!(pipe.handshake(), Ok(()));
8721
8722 // Client sends stream data.
8723 assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
8724 assert_eq!(pipe.advance(), Ok(()));
8725
8726 // Server reads stream data.
8727 let mut b = [0; 15];
8728 pipe.server.stream_recv(0, &mut b).unwrap();
8729 assert_eq!(pipe.advance(), Ok(()));
8730
8731 // Server sends stream data bigger than cwnd.
8732 let send_buf1 = [0; 20000];
8733 assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
8734
8735 testing::emit_flight(&mut pipe.server).ok();
8736
8737 // We can't create a new packet header because there is no room by cwnd.
8738 // app_limited should be false because we can't send more by cwnd.
8739 assert_eq!(pipe.server.recovery.app_limited(), false);
8740 }
8741
8742 #[test]
app_limited_false_no_frame()8743 fn app_limited_false_no_frame() {
8744 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8745 config
8746 .set_application_protos(b"\x06proto1\x06proto2")
8747 .unwrap();
8748 config.set_initial_max_data(50000);
8749 config.set_initial_max_stream_data_bidi_local(50000);
8750 config.set_initial_max_stream_data_bidi_remote(50000);
8751 config.set_max_recv_udp_payload_size(1405);
8752 config.verify_peer(false);
8753
8754 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
8755 assert_eq!(pipe.handshake(), Ok(()));
8756
8757 // Client sends stream data.
8758 assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
8759 assert_eq!(pipe.advance(), Ok(()));
8760
8761 // Server reads stream data.
8762 let mut b = [0; 15];
8763 pipe.server.stream_recv(0, &mut b).unwrap();
8764 assert_eq!(pipe.advance(), Ok(()));
8765
8766 // Server sends stream data bigger than cwnd.
8767 let send_buf1 = [0; 20000];
8768 assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
8769
8770 testing::emit_flight(&mut pipe.server).ok();
8771
8772 // We can't create a new packet header because there is no room by cwnd.
8773 // app_limited should be false because we can't send more by cwnd.
8774 assert_eq!(pipe.server.recovery.app_limited(), false);
8775 }
8776
8777 #[test]
app_limited_false_no_header()8778 fn app_limited_false_no_header() {
8779 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8780 config
8781 .set_application_protos(b"\x06proto1\x06proto2")
8782 .unwrap();
8783 config.set_initial_max_data(50000);
8784 config.set_initial_max_stream_data_bidi_local(50000);
8785 config.set_initial_max_stream_data_bidi_remote(50000);
8786 config.set_max_recv_udp_payload_size(1406);
8787 config.verify_peer(false);
8788
8789 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
8790 assert_eq!(pipe.handshake(), Ok(()));
8791
8792 // Client sends stream data.
8793 assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
8794 assert_eq!(pipe.advance(), Ok(()));
8795
8796 // Server reads stream data.
8797 let mut b = [0; 15];
8798 pipe.server.stream_recv(0, &mut b).unwrap();
8799 assert_eq!(pipe.advance(), Ok(()));
8800
8801 // Server sends stream data bigger than cwnd.
8802 let send_buf1 = [0; 20000];
8803 assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
8804
8805 testing::emit_flight(&mut pipe.server).ok();
8806
8807 // We can't create a new frame because there is no room by cwnd.
8808 // app_limited should be false because we can't send more by cwnd.
8809 assert_eq!(pipe.server.recovery.app_limited(), false);
8810 }
8811
8812 #[test]
app_limited_not_changed_on_no_new_frames()8813 fn app_limited_not_changed_on_no_new_frames() {
8814 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
8815 config
8816 .set_application_protos(b"\x06proto1\x06proto2")
8817 .unwrap();
8818 config.set_initial_max_data(50000);
8819 config.set_initial_max_stream_data_bidi_local(50000);
8820 config.set_initial_max_stream_data_bidi_remote(50000);
8821 config.set_max_recv_udp_payload_size(1200);
8822 config.verify_peer(false);
8823
8824 let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
8825 assert_eq!(pipe.handshake(), Ok(()));
8826
8827 // Client sends stream data.
8828 assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
8829 assert_eq!(pipe.advance(), Ok(()));
8830
8831 // Server reads stream data.
8832 let mut b = [0; 15];
8833 pipe.server.stream_recv(0, &mut b).unwrap();
8834 assert_eq!(pipe.advance(), Ok(()));
8835
8836 // Client's app_limited is true because its bytes-in-flight
8837 // is much smaller than the current cwnd.
8838 assert_eq!(pipe.client.recovery.app_limited(), true);
8839
8840 // Client has no new frames to send - returns Done.
8841 assert_eq!(testing::emit_flight(&mut pipe.client), Err(Error::Done));
8842
8843 // Client's app_limited should remain the same.
8844 assert_eq!(pipe.client.recovery.app_limited(), true);
8845 }
8846
8847 #[test]
limit_ack_ranges()8848 fn limit_ack_ranges() {
8849 let mut buf = [0; 65535];
8850
8851 let mut pipe = testing::Pipe::default().unwrap();
8852 assert_eq!(pipe.handshake(), Ok(()));
8853
8854 let epoch = packet::EPOCH_APPLICATION;
8855
8856 assert_eq!(pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.len(), 0);
8857
8858 let frames = [frame::Frame::Ping, frame::Frame::Padding { len: 3 }];
8859
8860 let pkt_type = packet::Type::Short;
8861
8862 let mut last_packet_sent = 0;
8863
8864 for _ in 0..512 {
8865 let recv_count = pipe.server.recv_count;
8866
8867 last_packet_sent = pipe.client.pkt_num_spaces[epoch].next_pkt_num;
8868
8869 pipe.send_pkt_to_server(pkt_type, &frames, &mut buf)
8870 .unwrap();
8871
8872 assert_eq!(pipe.server.recv_count, recv_count + 1);
8873
8874 // Skip packet number.
8875 pipe.client.pkt_num_spaces[epoch].next_pkt_num += 1;
8876 }
8877
8878 assert_eq!(
8879 pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.len(),
8880 MAX_ACK_RANGES
8881 );
8882
8883 assert_eq!(
8884 pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.first(),
8885 Some(last_packet_sent - ((MAX_ACK_RANGES as u64) - 1) * 2)
8886 );
8887
8888 assert_eq!(
8889 pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.last(),
8890 Some(last_packet_sent)
8891 );
8892 }
8893
8894 #[test]
8895 /// Tests that streams are correctly scheduled based on their priority.
stream_priority()8896 fn stream_priority() {
8897 // Limit 1-RTT packet size to avoid congestion control interference.
8898 const MAX_TEST_PACKET_SIZE: usize = 540;
8899
8900 let mut buf = [0; 65535];
8901
8902 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
8903 config
8904 .load_cert_chain_from_pem_file("examples/cert.crt")
8905 .unwrap();
8906 config
8907 .load_priv_key_from_pem_file("examples/cert.key")
8908 .unwrap();
8909 config
8910 .set_application_protos(b"\x06proto1\x06proto2")
8911 .unwrap();
8912 config.set_initial_max_data(1_000_000);
8913 config.set_initial_max_stream_data_bidi_local(1_000_000);
8914 config.set_initial_max_stream_data_bidi_remote(1_000_000);
8915 config.set_initial_max_stream_data_uni(0);
8916 config.set_initial_max_streams_bidi(100);
8917 config.set_initial_max_streams_uni(0);
8918 config.verify_peer(false);
8919
8920 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
8921 assert_eq!(pipe.handshake(), Ok(()));
8922
8923 assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
8924 assert_eq!(pipe.advance(), Ok(()));
8925
8926 assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
8927 assert_eq!(pipe.advance(), Ok(()));
8928
8929 assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
8930 assert_eq!(pipe.advance(), Ok(()));
8931
8932 assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
8933 assert_eq!(pipe.advance(), Ok(()));
8934
8935 assert_eq!(pipe.client.stream_send(16, b"a", false), Ok(1));
8936 assert_eq!(pipe.advance(), Ok(()));
8937
8938 assert_eq!(pipe.client.stream_send(20, b"a", false), Ok(1));
8939 assert_eq!(pipe.advance(), Ok(()));
8940
8941 let mut b = [0; 1];
8942
8943 let out = [b'b'; 500];
8944
8945 // Server prioritizes streams as follows:
8946 // * Stream 8 and 16 have the same priority but are non-incremental.
8947 // * Stream 4, 12 and 20 have the same priority but 20 is non-incremental
8948 // and 4 and 12 are incremental.
8949 // * Stream 0 is on its own.
8950
8951 pipe.server.stream_recv(0, &mut b).unwrap();
8952 assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
8953 pipe.server.stream_send(0, &out, false).unwrap();
8954 pipe.server.stream_send(0, &out, false).unwrap();
8955 pipe.server.stream_send(0, &out, false).unwrap();
8956
8957 pipe.server.stream_recv(12, &mut b).unwrap();
8958 assert_eq!(pipe.server.stream_priority(12, 42, true), Ok(()));
8959 pipe.server.stream_send(12, &out, false).unwrap();
8960 pipe.server.stream_send(12, &out, false).unwrap();
8961 pipe.server.stream_send(12, &out, false).unwrap();
8962
8963 pipe.server.stream_recv(16, &mut b).unwrap();
8964 assert_eq!(pipe.server.stream_priority(16, 10, false), Ok(()));
8965 pipe.server.stream_send(16, &out, false).unwrap();
8966 pipe.server.stream_send(16, &out, false).unwrap();
8967 pipe.server.stream_send(16, &out, false).unwrap();
8968
8969 pipe.server.stream_recv(4, &mut b).unwrap();
8970 assert_eq!(pipe.server.stream_priority(4, 42, true), Ok(()));
8971 pipe.server.stream_send(4, &out, false).unwrap();
8972 pipe.server.stream_send(4, &out, false).unwrap();
8973 pipe.server.stream_send(4, &out, false).unwrap();
8974
8975 pipe.server.stream_recv(8, &mut b).unwrap();
8976 assert_eq!(pipe.server.stream_priority(8, 10, false), Ok(()));
8977 pipe.server.stream_send(8, &out, false).unwrap();
8978 pipe.server.stream_send(8, &out, false).unwrap();
8979 pipe.server.stream_send(8, &out, false).unwrap();
8980
8981 pipe.server.stream_recv(20, &mut b).unwrap();
8982 assert_eq!(pipe.server.stream_priority(20, 42, false), Ok(()));
8983 pipe.server.stream_send(20, &out, false).unwrap();
8984 pipe.server.stream_send(20, &out, false).unwrap();
8985 pipe.server.stream_send(20, &out, false).unwrap();
8986
8987 // First is stream 8.
8988 let mut off = 0;
8989
8990 for _ in 1..=3 {
8991 let (len, _) =
8992 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
8993
8994 let frames =
8995 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
8996 let stream = frames.iter().next().unwrap();
8997
8998 assert_eq!(stream, &frame::Frame::Stream {
8999 stream_id: 8,
9000 data: stream::RangeBuf::from(&out, off, false),
9001 });
9002
9003 off = match stream {
9004 frame::Frame::Stream { data, .. } => data.max_off(),
9005
9006 _ => unreachable!(),
9007 };
9008 }
9009
9010 // Then is stream 16.
9011 let mut off = 0;
9012
9013 for _ in 1..=3 {
9014 let (len, _) =
9015 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9016
9017 let frames =
9018 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9019 let stream = frames.iter().next().unwrap();
9020
9021 assert_eq!(stream, &frame::Frame::Stream {
9022 stream_id: 16,
9023 data: stream::RangeBuf::from(&out, off, false),
9024 });
9025
9026 off = match stream {
9027 frame::Frame::Stream { data, .. } => data.max_off(),
9028
9029 _ => unreachable!(),
9030 };
9031 }
9032
9033 // Then is stream 20.
9034 let mut off = 0;
9035
9036 for _ in 1..=3 {
9037 let (len, _) =
9038 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9039
9040 let frames =
9041 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9042 let stream = frames.iter().next().unwrap();
9043
9044 assert_eq!(stream, &frame::Frame::Stream {
9045 stream_id: 20,
9046 data: stream::RangeBuf::from(&out, off, false),
9047 });
9048
9049 off = match stream {
9050 frame::Frame::Stream { data, .. } => data.max_off(),
9051
9052 _ => unreachable!(),
9053 };
9054 }
9055
9056 // Then are stream 12 and 4, with the same priority, incrementally.
9057 let mut off = 0;
9058
9059 for _ in 1..=3 {
9060 let (len, _) =
9061 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9062
9063 let frames =
9064 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9065
9066 assert_eq!(
9067 frames.iter().next(),
9068 Some(&frame::Frame::Stream {
9069 stream_id: 12,
9070 data: stream::RangeBuf::from(&out, off, false),
9071 })
9072 );
9073
9074 let (len, _) =
9075 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9076
9077 let frames =
9078 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9079
9080 let stream = frames.iter().next().unwrap();
9081
9082 assert_eq!(stream, &frame::Frame::Stream {
9083 stream_id: 4,
9084 data: stream::RangeBuf::from(&out, off, false),
9085 });
9086
9087 off = match stream {
9088 frame::Frame::Stream { data, .. } => data.max_off(),
9089
9090 _ => unreachable!(),
9091 };
9092 }
9093
9094 // Final is stream 0.
9095 let mut off = 0;
9096
9097 for _ in 1..=3 {
9098 let (len, _) =
9099 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9100
9101 let frames =
9102 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9103 let stream = frames.iter().next().unwrap();
9104
9105 assert_eq!(stream, &frame::Frame::Stream {
9106 stream_id: 0,
9107 data: stream::RangeBuf::from(&out, off, false),
9108 });
9109
9110 off = match stream {
9111 frame::Frame::Stream { data, .. } => data.max_off(),
9112
9113 _ => unreachable!(),
9114 };
9115 }
9116
9117 assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
9118 }
9119
9120 #[test]
9121 /// Tests that changing a stream's priority is correctly propagated.
9122 ///
9123 /// Re-prioritization is not supported, so this should fail.
9124 #[should_panic]
stream_reprioritize()9125 fn stream_reprioritize() {
9126 let mut buf = [0; 65535];
9127
9128 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9129 config
9130 .load_cert_chain_from_pem_file("examples/cert.crt")
9131 .unwrap();
9132 config
9133 .load_priv_key_from_pem_file("examples/cert.key")
9134 .unwrap();
9135 config
9136 .set_application_protos(b"\x06proto1\x06proto2")
9137 .unwrap();
9138 config.set_initial_max_data(30);
9139 config.set_initial_max_stream_data_bidi_local(15);
9140 config.set_initial_max_stream_data_bidi_remote(15);
9141 config.set_initial_max_stream_data_uni(0);
9142 config.set_initial_max_streams_bidi(5);
9143 config.set_initial_max_streams_uni(0);
9144 config.verify_peer(false);
9145
9146 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9147 assert_eq!(pipe.handshake(), Ok(()));
9148
9149 assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
9150 assert_eq!(pipe.advance(), Ok(()));
9151
9152 assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
9153 assert_eq!(pipe.advance(), Ok(()));
9154
9155 assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
9156 assert_eq!(pipe.advance(), Ok(()));
9157
9158 assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
9159 assert_eq!(pipe.advance(), Ok(()));
9160
9161 let mut b = [0; 1];
9162
9163 pipe.server.stream_recv(0, &mut b).unwrap();
9164 assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
9165 pipe.server.stream_send(0, b"b", false).unwrap();
9166
9167 pipe.server.stream_recv(12, &mut b).unwrap();
9168 assert_eq!(pipe.server.stream_priority(12, 42, true), Ok(()));
9169 pipe.server.stream_send(12, b"b", false).unwrap();
9170
9171 pipe.server.stream_recv(8, &mut b).unwrap();
9172 assert_eq!(pipe.server.stream_priority(8, 10, true), Ok(()));
9173 pipe.server.stream_send(8, b"b", false).unwrap();
9174
9175 pipe.server.stream_recv(4, &mut b).unwrap();
9176 assert_eq!(pipe.server.stream_priority(4, 42, true), Ok(()));
9177 pipe.server.stream_send(4, b"b", false).unwrap();
9178
9179 // Stream 0 is re-prioritized!!!
9180 assert_eq!(pipe.server.stream_priority(0, 20, true), Ok(()));
9181
9182 // First is stream 8.
9183 let (len, _) = pipe.server.send(&mut buf).unwrap();
9184
9185 let frames =
9186 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9187
9188 assert_eq!(
9189 frames.iter().next(),
9190 Some(&frame::Frame::Stream {
9191 stream_id: 8,
9192 data: stream::RangeBuf::from(b"b", 0, false),
9193 })
9194 );
9195
9196 // Then is stream 0.
9197 let (len, _) = pipe.server.send(&mut buf).unwrap();
9198
9199 let frames =
9200 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9201
9202 assert_eq!(
9203 frames.iter().next(),
9204 Some(&frame::Frame::Stream {
9205 stream_id: 0,
9206 data: stream::RangeBuf::from(b"b", 0, false),
9207 })
9208 );
9209
9210 // Then are stream 12 and 4, with the same priority.
9211 let (len, _) = pipe.server.send(&mut buf).unwrap();
9212
9213 let frames =
9214 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9215
9216 assert_eq!(
9217 frames.iter().next(),
9218 Some(&frame::Frame::Stream {
9219 stream_id: 12,
9220 data: stream::RangeBuf::from(b"b", 0, false),
9221 })
9222 );
9223
9224 let (len, _) = pipe.server.send(&mut buf).unwrap();
9225
9226 let frames =
9227 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9228
9229 assert_eq!(
9230 frames.iter().next(),
9231 Some(&frame::Frame::Stream {
9232 stream_id: 4,
9233 data: stream::RangeBuf::from(b"b", 0, false),
9234 })
9235 );
9236
9237 assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
9238 }
9239
9240 #[test]
9241 /// Tests that streams and datagrams are correctly scheduled.
stream_datagram_priority()9242 fn stream_datagram_priority() {
9243 // Limit 1-RTT packet size to avoid congestion control interference.
9244 const MAX_TEST_PACKET_SIZE: usize = 540;
9245
9246 let mut buf = [0; 65535];
9247
9248 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9249 config
9250 .load_cert_chain_from_pem_file("examples/cert.crt")
9251 .unwrap();
9252 config
9253 .load_priv_key_from_pem_file("examples/cert.key")
9254 .unwrap();
9255 config
9256 .set_application_protos(b"\x06proto1\x06proto2")
9257 .unwrap();
9258 config.set_initial_max_data(1_000_000);
9259 config.set_initial_max_stream_data_bidi_local(1_000_000);
9260 config.set_initial_max_stream_data_bidi_remote(1_000_000);
9261 config.set_initial_max_stream_data_uni(0);
9262 config.set_initial_max_streams_bidi(100);
9263 config.set_initial_max_streams_uni(0);
9264 config.enable_dgram(true, 10, 10);
9265 config.verify_peer(false);
9266
9267 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9268 assert_eq!(pipe.handshake(), Ok(()));
9269
9270 assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
9271 assert_eq!(pipe.advance(), Ok(()));
9272
9273 assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
9274 assert_eq!(pipe.advance(), Ok(()));
9275
9276 let mut b = [0; 1];
9277
9278 let out = [b'b'; 500];
9279
9280 // Server prioritizes Stream 0 and 4 with the same urgency with
9281 // incremental, meaning the frames should be sent in round-robin
9282 // fashion. It also sends DATAGRAMS which are always interleaved with
9283 // STREAM frames. So we'll expect a mix of frame types regardless
9284 // of the order that the application writes things in.
9285
9286 pipe.server.stream_recv(0, &mut b).unwrap();
9287 assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
9288 pipe.server.stream_send(0, &out, false).unwrap();
9289 pipe.server.stream_send(0, &out, false).unwrap();
9290 pipe.server.stream_send(0, &out, false).unwrap();
9291
9292 assert_eq!(pipe.server.stream_priority(4, 255, true), Ok(()));
9293 pipe.server.stream_send(4, &out, false).unwrap();
9294 pipe.server.stream_send(4, &out, false).unwrap();
9295 pipe.server.stream_send(4, &out, false).unwrap();
9296
9297 for _ in 1..=6 {
9298 assert_eq!(pipe.server.dgram_send(&out), Ok(()));
9299 }
9300
9301 let mut off_0 = 0;
9302 let mut off_4 = 0;
9303
9304 for _ in 1..=3 {
9305 // DATAGRAM
9306 let (len, _) =
9307 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9308
9309 let frames =
9310 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9311 let mut frame_iter = frames.iter();
9312
9313 assert_eq!(frame_iter.next().unwrap(), &frame::Frame::Datagram {
9314 data: out.into(),
9315 });
9316 assert_eq!(frame_iter.next(), None);
9317
9318 // STREAM 0
9319 let (len, _) =
9320 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9321
9322 let frames =
9323 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9324 let mut frame_iter = frames.iter();
9325 let stream = frame_iter.next().unwrap();
9326
9327 assert_eq!(stream, &frame::Frame::Stream {
9328 stream_id: 0,
9329 data: stream::RangeBuf::from(&out, off_0, false),
9330 });
9331
9332 off_0 = match stream {
9333 frame::Frame::Stream { data, .. } => data.max_off(),
9334
9335 _ => unreachable!(),
9336 };
9337 assert_eq!(frame_iter.next(), None);
9338
9339 // DATAGRAM
9340 let (len, _) =
9341 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9342
9343 let frames =
9344 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9345 let mut frame_iter = frames.iter();
9346
9347 assert_eq!(frame_iter.next().unwrap(), &frame::Frame::Datagram {
9348 data: out.into(),
9349 });
9350 assert_eq!(frame_iter.next(), None);
9351
9352 // STREAM 4
9353 let (len, _) =
9354 pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
9355
9356 let frames =
9357 testing::decode_pkt(&mut pipe.client, &mut buf, len).unwrap();
9358 let mut frame_iter = frames.iter();
9359 let stream = frame_iter.next().unwrap();
9360
9361 assert_eq!(stream, &frame::Frame::Stream {
9362 stream_id: 4,
9363 data: stream::RangeBuf::from(&out, off_4, false),
9364 });
9365
9366 off_4 = match stream {
9367 frame::Frame::Stream { data, .. } => data.max_off(),
9368
9369 _ => unreachable!(),
9370 };
9371 assert_eq!(frame_iter.next(), None);
9372 }
9373 }
9374
9375 #[test]
9376 /// Tests that old data is retransmitted on PTO.
early_retransmit()9377 fn early_retransmit() {
9378 let mut buf = [0; 65535];
9379
9380 let mut pipe = testing::Pipe::default().unwrap();
9381 assert_eq!(pipe.handshake(), Ok(()));
9382
9383 // Client sends stream data.
9384 assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
9385 assert_eq!(pipe.advance(), Ok(()));
9386
9387 // Client sends more stream data, but packet is lost
9388 assert_eq!(pipe.client.stream_send(4, b"b", false), Ok(1));
9389 assert!(pipe.client.send(&mut buf).is_ok());
9390
9391 // Wait until PTO expires. Since the RTT is very low, wait a bit more.
9392 let timer = pipe.client.timeout().unwrap();
9393 std::thread::sleep(timer + time::Duration::from_millis(1));
9394
9395 pipe.client.on_timeout();
9396
9397 let epoch = packet::EPOCH_APPLICATION;
9398 assert_eq!(pipe.client.recovery.loss_probes[epoch], 1);
9399
9400 // Client retransmits stream data in PTO probe.
9401 let (len, _) = pipe.client.send(&mut buf).unwrap();
9402 assert_eq!(pipe.client.recovery.loss_probes[epoch], 0);
9403
9404 let frames =
9405 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
9406
9407 let mut iter = frames.iter();
9408
9409 // Skip ACK frame.
9410 iter.next();
9411
9412 assert_eq!(
9413 iter.next(),
9414 Some(&frame::Frame::Stream {
9415 stream_id: 4,
9416 data: stream::RangeBuf::from(b"b", 0, false),
9417 })
9418 );
9419 }
9420
9421 #[test]
9422 /// Tests that PTO probe packets are not coalesced together.
dont_coalesce_probes()9423 fn dont_coalesce_probes() {
9424 let mut buf = [0; 65535];
9425
9426 let mut pipe = testing::Pipe::default().unwrap();
9427
9428 // Client sends Initial packet.
9429 let (len, _) = pipe.client.send(&mut buf).unwrap();
9430 assert_eq!(len, 1200);
9431
9432 // Wait for PTO to expire.
9433 let timer = pipe.client.timeout().unwrap();
9434 std::thread::sleep(timer + time::Duration::from_millis(1));
9435
9436 pipe.client.on_timeout();
9437
9438 let epoch = packet::EPOCH_INITIAL;
9439 assert_eq!(pipe.client.recovery.loss_probes[epoch], 1);
9440
9441 // Client sends PTO probe.
9442 let (len, _) = pipe.client.send(&mut buf).unwrap();
9443 assert_eq!(len, 1200);
9444 assert_eq!(pipe.client.recovery.loss_probes[epoch], 0);
9445
9446 // Wait for PTO to expire.
9447 let timer = pipe.client.timeout().unwrap();
9448 std::thread::sleep(timer + time::Duration::from_millis(1));
9449
9450 pipe.client.on_timeout();
9451
9452 assert_eq!(pipe.client.recovery.loss_probes[epoch], 2);
9453
9454 // Client sends first PTO probe.
9455 let (len, _) = pipe.client.send(&mut buf).unwrap();
9456 assert_eq!(len, 1200);
9457 assert_eq!(pipe.client.recovery.loss_probes[epoch], 1);
9458
9459 // Client sends second PTO probe.
9460 let (len, _) = pipe.client.send(&mut buf).unwrap();
9461 assert_eq!(len, 1200);
9462 assert_eq!(pipe.client.recovery.loss_probes[epoch], 0);
9463 }
9464
9465 #[test]
coalesce_padding_short()9466 fn coalesce_padding_short() {
9467 let mut buf = [0; 65535];
9468
9469 let mut pipe = testing::Pipe::default().unwrap();
9470
9471 // Client sends first flight.
9472 let (len, _) = pipe.client.send(&mut buf).unwrap();
9473 assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
9474 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9475
9476 // Server sends first flight.
9477 let (len, _) = pipe.server.send(&mut buf).unwrap();
9478 assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
9479 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
9480
9481 let (len, _) = pipe.server.send(&mut buf).unwrap();
9482 assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
9483
9484 // Client sends stream data.
9485 assert_eq!(pipe.client.is_established(), true);
9486 assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
9487
9488 // Client sends second flight.
9489 let (len, _) = pipe.client.send(&mut buf).unwrap();
9490 assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
9491 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9492
9493 // None of the sent packets should have been dropped.
9494 assert_eq!(pipe.client.sent_count, pipe.server.recv_count);
9495 assert_eq!(pipe.server.sent_count, pipe.client.recv_count);
9496 }
9497
9498 #[test]
9499 /// Tests that client avoids handshake deadlock by arming PTO.
handshake_anti_deadlock()9500 fn handshake_anti_deadlock() {
9501 let mut buf = [0; 65535];
9502
9503 let mut config = Config::new(PROTOCOL_VERSION).unwrap();
9504 config
9505 .load_cert_chain_from_pem_file("examples/cert-big.crt")
9506 .unwrap();
9507 config
9508 .load_priv_key_from_pem_file("examples/cert.key")
9509 .unwrap();
9510 config
9511 .set_application_protos(b"\x06proto1\x06proto2")
9512 .unwrap();
9513
9514 let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
9515
9516 assert_eq!(pipe.client.handshake_status().has_handshake_keys, false);
9517 assert_eq!(pipe.client.handshake_status().peer_verified_address, false);
9518 assert_eq!(pipe.server.handshake_status().has_handshake_keys, false);
9519 assert_eq!(pipe.server.handshake_status().peer_verified_address, true);
9520
9521 // Client sends padded Initial.
9522 let (len, _) = pipe.client.send(&mut buf).unwrap();
9523 assert_eq!(len, 1200);
9524
9525 // Server receives client's Initial and sends own Initial and Handshake
9526 // until it's blocked by the anti-amplification limit.
9527 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9528 let flight = testing::emit_flight(&mut pipe.server).unwrap();
9529
9530 assert_eq!(pipe.client.handshake_status().has_handshake_keys, false);
9531 assert_eq!(pipe.client.handshake_status().peer_verified_address, false);
9532 assert_eq!(pipe.server.handshake_status().has_handshake_keys, true);
9533 assert_eq!(pipe.server.handshake_status().peer_verified_address, true);
9534
9535 // Client receives the server flight and sends Handshake ACK, but it is
9536 // lost.
9537 testing::process_flight(&mut pipe.client, flight).unwrap();
9538 testing::emit_flight(&mut pipe.client).unwrap();
9539
9540 assert_eq!(pipe.client.handshake_status().has_handshake_keys, true);
9541 assert_eq!(pipe.client.handshake_status().peer_verified_address, false);
9542 assert_eq!(pipe.server.handshake_status().has_handshake_keys, true);
9543 assert_eq!(pipe.server.handshake_status().peer_verified_address, true);
9544
9545 // Make sure client's PTO timer is armed.
9546 assert!(pipe.client.timeout().is_some());
9547 }
9548
9549 #[test]
9550 /// Tests that packets with corrupted type (from Handshake to Initial) are
9551 /// properly ignored.
handshake_packet_type_corruption()9552 fn handshake_packet_type_corruption() {
9553 let mut buf = [0; 65535];
9554
9555 let mut pipe = testing::Pipe::default().unwrap();
9556
9557 // Client sends padded Initial.
9558 let (len, _) = pipe.client.send(&mut buf).unwrap();
9559 assert_eq!(len, 1200);
9560
9561 // Server receives client's Initial and sends own Initial and Handshake.
9562 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9563
9564 let flight = testing::emit_flight(&mut pipe.server).unwrap();
9565 testing::process_flight(&mut pipe.client, flight).unwrap();
9566
9567 // Client sends Initial packet with ACK.
9568 let (ty, len) = pipe.client.send_single(&mut buf, false).unwrap();
9569 assert_eq!(ty, Type::Initial);
9570
9571 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9572
9573 // Client sends Handshake packet.
9574 let (ty, len) = pipe.client.send_single(&mut buf, false).unwrap();
9575 assert_eq!(ty, Type::Handshake);
9576
9577 // Packet type is corrupted to Initial.
9578 buf[0] &= !(0x20);
9579
9580 let hdr = Header::from_slice(&mut buf[..len], 0).unwrap();
9581 assert_eq!(hdr.ty, Type::Initial);
9582
9583 // Server receives corrupted packet without returning an error.
9584 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9585 }
9586
9587 #[test]
dgram_send_fails_invalidstate()9588 fn dgram_send_fails_invalidstate() {
9589 let mut pipe = testing::Pipe::default().unwrap();
9590 assert_eq!(pipe.handshake(), Ok(()));
9591
9592 assert_eq!(
9593 pipe.client.dgram_send(b"hello, world"),
9594 Err(Error::InvalidState)
9595 );
9596 }
9597
9598 #[test]
dgram_send_app_limited()9599 fn dgram_send_app_limited() {
9600 let mut buf = [0; 65535];
9601 let send_buf = [0xcf; 1000];
9602
9603 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9604 config
9605 .load_cert_chain_from_pem_file("examples/cert.crt")
9606 .unwrap();
9607 config
9608 .load_priv_key_from_pem_file("examples/cert.key")
9609 .unwrap();
9610 config
9611 .set_application_protos(b"\x06proto1\x06proto2")
9612 .unwrap();
9613 config.set_initial_max_data(30);
9614 config.set_initial_max_stream_data_bidi_local(15);
9615 config.set_initial_max_stream_data_bidi_remote(15);
9616 config.set_initial_max_stream_data_uni(10);
9617 config.set_initial_max_streams_bidi(3);
9618 config.set_initial_max_streams_uni(3);
9619 config.enable_dgram(true, 1000, 1000);
9620 config.set_max_recv_udp_payload_size(1200);
9621 config.verify_peer(false);
9622
9623 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9624 assert_eq!(pipe.handshake(), Ok(()));
9625
9626 for _ in 0..1000 {
9627 assert_eq!(pipe.client.dgram_send(&send_buf), Ok(()));
9628 }
9629
9630 assert!(!pipe.client.recovery.app_limited());
9631 assert_eq!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
9632
9633 let (len, _) = pipe.client.send(&mut buf).unwrap();
9634
9635 assert_ne!(pipe.client.dgram_send_queue.byte_size(), 0);
9636 assert_ne!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
9637 assert!(!pipe.client.recovery.app_limited());
9638
9639 assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
9640
9641 let flight = testing::emit_flight(&mut pipe.client).unwrap();
9642 testing::process_flight(&mut pipe.server, flight).unwrap();
9643
9644 let flight = testing::emit_flight(&mut pipe.server).unwrap();
9645 testing::process_flight(&mut pipe.client, flight).unwrap();
9646
9647 assert_ne!(pipe.client.dgram_send_queue.byte_size(), 0);
9648 assert_ne!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
9649
9650 assert!(!pipe.client.recovery.app_limited());
9651 }
9652
9653 #[test]
dgram_single_datagram()9654 fn dgram_single_datagram() {
9655 let mut buf = [0; 65535];
9656
9657 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9658 config
9659 .load_cert_chain_from_pem_file("examples/cert.crt")
9660 .unwrap();
9661 config
9662 .load_priv_key_from_pem_file("examples/cert.key")
9663 .unwrap();
9664 config
9665 .set_application_protos(b"\x06proto1\x06proto2")
9666 .unwrap();
9667 config.set_initial_max_data(30);
9668 config.set_initial_max_stream_data_bidi_local(15);
9669 config.set_initial_max_stream_data_bidi_remote(15);
9670 config.set_initial_max_stream_data_uni(10);
9671 config.set_initial_max_streams_bidi(3);
9672 config.set_initial_max_streams_uni(3);
9673 config.enable_dgram(true, 10, 10);
9674 config.verify_peer(false);
9675
9676 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9677 assert_eq!(pipe.handshake(), Ok(()));
9678
9679 assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
9680
9681 assert_eq!(pipe.advance(), Ok(()));
9682
9683 let result1 = pipe.server.dgram_recv(&mut buf);
9684 assert_eq!(result1, Ok(12));
9685
9686 let result2 = pipe.server.dgram_recv(&mut buf);
9687 assert_eq!(result2, Err(Error::Done));
9688 }
9689
9690 #[test]
dgram_multiple_datagrams()9691 fn dgram_multiple_datagrams() {
9692 let mut buf = [0; 65535];
9693
9694 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9695 config
9696 .load_cert_chain_from_pem_file("examples/cert.crt")
9697 .unwrap();
9698 config
9699 .load_priv_key_from_pem_file("examples/cert.key")
9700 .unwrap();
9701 config
9702 .set_application_protos(b"\x06proto1\x06proto2")
9703 .unwrap();
9704 config.set_initial_max_data(30);
9705 config.set_initial_max_stream_data_bidi_local(15);
9706 config.set_initial_max_stream_data_bidi_remote(15);
9707 config.set_initial_max_stream_data_uni(10);
9708 config.set_initial_max_streams_bidi(3);
9709 config.set_initial_max_streams_uni(3);
9710 config.enable_dgram(true, 10, 10);
9711 config.verify_peer(false);
9712
9713 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9714 assert_eq!(pipe.handshake(), Ok(()));
9715
9716 assert_eq!(pipe.client.dgram_send_queue_len(), 0);
9717 assert_eq!(pipe.client.dgram_send_queue_byte_size(), 0);
9718
9719 assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
9720 assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
9721 assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Ok(()));
9722
9723 assert_eq!(pipe.client.dgram_send_queue_byte_size(), 34);
9724
9725 pipe.client
9726 .dgram_purge_outgoing(|d: &[u8]| -> bool { d[0] == b'c' });
9727
9728 assert_eq!(pipe.client.dgram_send_queue_len(), 2);
9729 assert_eq!(pipe.client.dgram_send_queue_byte_size(), 23);
9730
9731 // Before packets exchanged, no dgrams on server receive side.
9732 assert_eq!(pipe.server.dgram_recv_queue_len(), 0);
9733
9734 assert_eq!(pipe.advance(), Ok(()));
9735
9736 // After packets exchanged, no dgrams on client send side.
9737 assert_eq!(pipe.client.dgram_send_queue_len(), 0);
9738 assert_eq!(pipe.client.dgram_send_queue_byte_size(), 0);
9739
9740 assert_eq!(pipe.server.dgram_recv_queue_len(), 2);
9741 assert_eq!(pipe.server.dgram_recv_queue_byte_size(), 23);
9742
9743 let result1 = pipe.server.dgram_recv(&mut buf);
9744 assert_eq!(result1, Ok(12));
9745 assert_eq!(buf[0], b'h');
9746 assert_eq!(buf[1], b'e');
9747
9748 let result2 = pipe.server.dgram_recv(&mut buf);
9749 assert_eq!(result2, Ok(11));
9750 assert_eq!(buf[0], b'h');
9751 assert_eq!(buf[1], b'o');
9752
9753 let result3 = pipe.server.dgram_recv(&mut buf);
9754 assert_eq!(result3, Err(Error::Done));
9755
9756 assert_eq!(pipe.server.dgram_recv_queue_len(), 0);
9757 assert_eq!(pipe.server.dgram_recv_queue_byte_size(), 0);
9758 }
9759
9760 #[test]
dgram_send_queue_overflow()9761 fn dgram_send_queue_overflow() {
9762 let mut buf = [0; 65535];
9763
9764 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9765 config
9766 .load_cert_chain_from_pem_file("examples/cert.crt")
9767 .unwrap();
9768 config
9769 .load_priv_key_from_pem_file("examples/cert.key")
9770 .unwrap();
9771 config
9772 .set_application_protos(b"\x06proto1\x06proto2")
9773 .unwrap();
9774 config.set_initial_max_data(30);
9775 config.set_initial_max_stream_data_bidi_local(15);
9776 config.set_initial_max_stream_data_bidi_remote(15);
9777 config.set_initial_max_stream_data_uni(10);
9778 config.set_initial_max_streams_bidi(3);
9779 config.set_initial_max_streams_uni(3);
9780 config.enable_dgram(true, 10, 2);
9781 config.verify_peer(false);
9782
9783 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9784 assert_eq!(pipe.handshake(), Ok(()));
9785
9786 assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
9787 assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
9788 assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Err(Error::Done));
9789
9790 assert_eq!(pipe.advance(), Ok(()));
9791
9792 let result1 = pipe.server.dgram_recv(&mut buf);
9793 assert_eq!(result1, Ok(12));
9794 assert_eq!(buf[0], b'h');
9795 assert_eq!(buf[1], b'e');
9796
9797 let result2 = pipe.server.dgram_recv(&mut buf);
9798 assert_eq!(result2, Ok(11));
9799 assert_eq!(buf[0], b'c');
9800 assert_eq!(buf[1], b'i');
9801
9802 let result3 = pipe.server.dgram_recv(&mut buf);
9803 assert_eq!(result3, Err(Error::Done));
9804 }
9805
9806 #[test]
dgram_recv_queue_overflow()9807 fn dgram_recv_queue_overflow() {
9808 let mut buf = [0; 65535];
9809
9810 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9811 config
9812 .load_cert_chain_from_pem_file("examples/cert.crt")
9813 .unwrap();
9814 config
9815 .load_priv_key_from_pem_file("examples/cert.key")
9816 .unwrap();
9817 config
9818 .set_application_protos(b"\x06proto1\x06proto2")
9819 .unwrap();
9820 config.set_initial_max_data(30);
9821 config.set_initial_max_stream_data_bidi_local(15);
9822 config.set_initial_max_stream_data_bidi_remote(15);
9823 config.set_initial_max_stream_data_uni(10);
9824 config.set_initial_max_streams_bidi(3);
9825 config.set_initial_max_streams_uni(3);
9826 config.enable_dgram(true, 2, 10);
9827 config.set_max_recv_udp_payload_size(1200);
9828 config.verify_peer(false);
9829
9830 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9831 assert_eq!(pipe.handshake(), Ok(()));
9832
9833 assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
9834 assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
9835 assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Ok(()));
9836
9837 assert_eq!(pipe.advance(), Ok(()));
9838
9839 let result1 = pipe.server.dgram_recv(&mut buf);
9840 assert_eq!(result1, Ok(11));
9841 assert_eq!(buf[0], b'c');
9842 assert_eq!(buf[1], b'i');
9843
9844 let result2 = pipe.server.dgram_recv(&mut buf);
9845 assert_eq!(result2, Ok(11));
9846 assert_eq!(buf[0], b'h');
9847 assert_eq!(buf[1], b'o');
9848
9849 let result3 = pipe.server.dgram_recv(&mut buf);
9850 assert_eq!(result3, Err(Error::Done));
9851 }
9852
9853 #[test]
dgram_send_max_size()9854 fn dgram_send_max_size() {
9855 let mut buf = [0; MAX_DGRAM_FRAME_SIZE as usize];
9856
9857 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9858 config
9859 .load_cert_chain_from_pem_file("examples/cert.crt")
9860 .unwrap();
9861 config
9862 .load_priv_key_from_pem_file("examples/cert.key")
9863 .unwrap();
9864 config
9865 .set_application_protos(b"\x06proto1\x06proto2")
9866 .unwrap();
9867 config.set_initial_max_data(30);
9868 config.set_initial_max_stream_data_bidi_local(15);
9869 config.set_initial_max_stream_data_bidi_remote(15);
9870 config.set_initial_max_stream_data_uni(10);
9871 config.set_initial_max_streams_bidi(3);
9872 config.set_initial_max_streams_uni(3);
9873 config.enable_dgram(true, 10, 10);
9874 config.set_max_recv_udp_payload_size(1452);
9875 config.verify_peer(false);
9876
9877 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9878
9879 // Before handshake (before peer settings) we don't know max dgram size
9880 assert_eq!(pipe.client.dgram_max_writable_len(), None);
9881
9882 assert_eq!(pipe.handshake(), Ok(()));
9883
9884 let max_dgram_size = pipe.client.dgram_max_writable_len().unwrap();
9885
9886 // Tests use a 16-byte connection ID, so the max datagram frame payload
9887 // size is (1200 byte-long packet - 40 bytes overhead)
9888 assert_eq!(max_dgram_size, 1160);
9889
9890 let dgram_packet: Vec<u8> = vec![42; max_dgram_size];
9891
9892 assert_eq!(pipe.client.dgram_send(&dgram_packet), Ok(()));
9893
9894 assert_eq!(pipe.advance(), Ok(()));
9895
9896 let result1 = pipe.server.dgram_recv(&mut buf);
9897 assert_eq!(result1, Ok(max_dgram_size));
9898
9899 let result2 = pipe.server.dgram_recv(&mut buf);
9900 assert_eq!(result2, Err(Error::Done));
9901 }
9902
9903 #[test]
9904 /// Tests is_readable check.
is_readable()9905 fn is_readable() {
9906 let mut buf = [0; 65535];
9907
9908 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9909 config
9910 .load_cert_chain_from_pem_file("examples/cert.crt")
9911 .unwrap();
9912 config
9913 .load_priv_key_from_pem_file("examples/cert.key")
9914 .unwrap();
9915 config
9916 .set_application_protos(b"\x06proto1\x06proto2")
9917 .unwrap();
9918 config.set_initial_max_data(30);
9919 config.set_initial_max_stream_data_bidi_local(15);
9920 config.set_initial_max_stream_data_bidi_remote(15);
9921 config.set_initial_max_stream_data_uni(10);
9922 config.set_initial_max_streams_bidi(3);
9923 config.set_initial_max_streams_uni(3);
9924 config.enable_dgram(true, 10, 10);
9925 config.set_max_recv_udp_payload_size(1452);
9926 config.verify_peer(false);
9927
9928 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
9929 assert_eq!(pipe.handshake(), Ok(()));
9930
9931 // No readable data.
9932 assert_eq!(pipe.client.is_readable(), false);
9933 assert_eq!(pipe.server.is_readable(), false);
9934
9935 assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
9936 assert_eq!(pipe.advance(), Ok(()));
9937
9938 // Server received stream.
9939 assert_eq!(pipe.client.is_readable(), false);
9940 assert_eq!(pipe.server.is_readable(), true);
9941
9942 assert_eq!(
9943 pipe.server.stream_send(4, b"aaaaaaaaaaaaaaa", false),
9944 Ok(15)
9945 );
9946 assert_eq!(pipe.advance(), Ok(()));
9947
9948 // Client received stream.
9949 assert_eq!(pipe.client.is_readable(), true);
9950 assert_eq!(pipe.server.is_readable(), true);
9951
9952 // Client drains stream.
9953 let mut b = [0; 15];
9954 pipe.client.stream_recv(4, &mut b).unwrap();
9955 assert_eq!(pipe.advance(), Ok(()));
9956
9957 assert_eq!(pipe.client.is_readable(), false);
9958 assert_eq!(pipe.server.is_readable(), true);
9959
9960 // Server shuts down stream.
9961 assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 0), Ok(()));
9962 assert_eq!(pipe.server.is_readable(), false);
9963
9964 // Server received dgram.
9965 assert_eq!(pipe.client.dgram_send(b"dddddddddddddd"), Ok(()));
9966 assert_eq!(pipe.advance(), Ok(()));
9967
9968 assert_eq!(pipe.client.is_readable(), false);
9969 assert_eq!(pipe.server.is_readable(), true);
9970
9971 // Client received dgram.
9972 assert_eq!(pipe.server.dgram_send(b"dddddddddddddd"), Ok(()));
9973 assert_eq!(pipe.advance(), Ok(()));
9974
9975 assert_eq!(pipe.client.is_readable(), true);
9976 assert_eq!(pipe.server.is_readable(), true);
9977
9978 // Drain the dgram queues.
9979 let r = pipe.server.dgram_recv(&mut buf);
9980 assert_eq!(r, Ok(14));
9981 assert_eq!(pipe.server.is_readable(), false);
9982
9983 let r = pipe.client.dgram_recv(&mut buf);
9984 assert_eq!(r, Ok(14));
9985 assert_eq!(pipe.client.is_readable(), false);
9986 }
9987
9988 #[test]
close()9989 fn close() {
9990 let mut buf = [0; 65535];
9991
9992 let mut pipe = testing::Pipe::default().unwrap();
9993 assert_eq!(pipe.handshake(), Ok(()));
9994
9995 assert_eq!(pipe.client.close(false, 0x1234, b"hello?"), Ok(()));
9996
9997 assert_eq!(
9998 pipe.client.close(false, 0x4321, b"hello?"),
9999 Err(Error::Done)
10000 );
10001
10002 let (len, _) = pipe.client.send(&mut buf).unwrap();
10003
10004 let frames =
10005 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
10006
10007 assert_eq!(
10008 frames.iter().next(),
10009 Some(&frame::Frame::ConnectionClose {
10010 error_code: 0x1234,
10011 frame_type: 0,
10012 reason: b"hello?".to_vec(),
10013 })
10014 );
10015 }
10016
10017 #[test]
app_close()10018 fn app_close() {
10019 let mut buf = [0; 65535];
10020
10021 let mut pipe = testing::Pipe::default().unwrap();
10022 assert_eq!(pipe.handshake(), Ok(()));
10023
10024 assert_eq!(pipe.client.close(true, 0x1234, b"hello!"), Ok(()));
10025
10026 assert_eq!(pipe.client.close(true, 0x4321, b"hello!"), Err(Error::Done));
10027
10028 let (len, _) = pipe.client.send(&mut buf).unwrap();
10029
10030 let frames =
10031 testing::decode_pkt(&mut pipe.server, &mut buf, len).unwrap();
10032
10033 assert_eq!(
10034 frames.iter().next(),
10035 Some(&frame::Frame::ApplicationClose {
10036 error_code: 0x1234,
10037 reason: b"hello!".to_vec(),
10038 })
10039 );
10040 }
10041
10042 #[test]
peer_error()10043 fn peer_error() {
10044 let mut pipe = testing::Pipe::default().unwrap();
10045 assert_eq!(pipe.handshake(), Ok(()));
10046
10047 assert_eq!(pipe.server.close(false, 0x1234, b"hello?"), Ok(()));
10048 assert_eq!(pipe.advance(), Ok(()));
10049
10050 assert_eq!(
10051 pipe.client.peer_error(),
10052 Some(&ConnectionError {
10053 is_app: false,
10054 error_code: 0x1234u64,
10055 reason: b"hello?".to_vec()
10056 })
10057 );
10058 }
10059
10060 #[test]
app_peer_error()10061 fn app_peer_error() {
10062 let mut pipe = testing::Pipe::default().unwrap();
10063 assert_eq!(pipe.handshake(), Ok(()));
10064
10065 assert_eq!(pipe.server.close(true, 0x1234, b"hello!"), Ok(()));
10066 assert_eq!(pipe.advance(), Ok(()));
10067
10068 assert_eq!(
10069 pipe.client.peer_error(),
10070 Some(&ConnectionError {
10071 is_app: true,
10072 error_code: 0x1234u64,
10073 reason: b"hello!".to_vec()
10074 })
10075 );
10076 }
10077
10078 #[test]
update_max_datagram_size()10079 fn update_max_datagram_size() {
10080 let mut client_scid = [0; 16];
10081 rand::rand_bytes(&mut client_scid[..]);
10082 let client_scid = ConnectionId::from_ref(&client_scid);
10083 let client_addr = "127.0.0.1:1234".parse().unwrap();
10084
10085 let mut server_scid = [0; 16];
10086 rand::rand_bytes(&mut server_scid[..]);
10087 let server_scid = ConnectionId::from_ref(&server_scid);
10088 let server_addr = "127.0.0.1:4321".parse().unwrap();
10089
10090 let mut client_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10091 client_config
10092 .set_application_protos(b"\x06proto1\x06proto2")
10093 .unwrap();
10094 client_config.set_max_recv_udp_payload_size(1200);
10095
10096 let mut server_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10097 server_config
10098 .load_cert_chain_from_pem_file("examples/cert.crt")
10099 .unwrap();
10100 server_config
10101 .load_priv_key_from_pem_file("examples/cert.key")
10102 .unwrap();
10103 server_config
10104 .set_application_protos(b"\x06proto1\x06proto2")
10105 .unwrap();
10106 server_config.verify_peer(false);
10107 server_config
10108 .set_application_protos(b"\x06proto1\x06proto2")
10109 .unwrap();
10110 // Larger than the client
10111 server_config.set_max_send_udp_payload_size(1500);
10112
10113 let mut pipe = testing::Pipe {
10114 client: connect(
10115 Some("quic.tech"),
10116 &client_scid,
10117 client_addr,
10118 &mut client_config,
10119 )
10120 .unwrap(),
10121 server: accept(&server_scid, None, server_addr, &mut server_config)
10122 .unwrap(),
10123 };
10124
10125 // Before handshake
10126 assert_eq!(pipe.server.recovery.max_datagram_size(), 1500);
10127
10128 assert_eq!(pipe.handshake(), Ok(()));
10129
10130 // After handshake, max_datagram_size should match to client's
10131 // max_recv_udp_payload_size which is smaller
10132 assert_eq!(pipe.server.recovery.max_datagram_size(), 1200);
10133 assert_eq!(pipe.server.recovery.cwnd(), 12000);
10134 }
10135
10136 #[test]
10137 /// Tests that connection-level send capacity decreases as more stream data
10138 /// is buffered.
send_capacity()10139 fn send_capacity() {
10140 let mut buf = [0; 65535];
10141
10142 let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10143 config
10144 .load_cert_chain_from_pem_file("examples/cert.crt")
10145 .unwrap();
10146 config
10147 .load_priv_key_from_pem_file("examples/cert.key")
10148 .unwrap();
10149 config
10150 .set_application_protos(b"\x06proto1\x06proto2")
10151 .unwrap();
10152 config.set_initial_max_data(100000);
10153 config.set_initial_max_stream_data_bidi_local(10000);
10154 config.set_initial_max_stream_data_bidi_remote(10000);
10155 config.set_initial_max_streams_bidi(10);
10156 config.verify_peer(false);
10157
10158 let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10159 assert_eq!(pipe.handshake(), Ok(()));
10160
10161 assert_eq!(pipe.client.stream_send(0, b"hello!", true), Ok(6));
10162 assert_eq!(pipe.advance(), Ok(()));
10163
10164 assert_eq!(pipe.client.stream_send(4, b"hello!", true), Ok(6));
10165 assert_eq!(pipe.advance(), Ok(()));
10166
10167 assert_eq!(pipe.client.stream_send(8, b"hello!", true), Ok(6));
10168 assert_eq!(pipe.advance(), Ok(()));
10169
10170 assert_eq!(pipe.client.stream_send(12, b"hello!", true), Ok(6));
10171 assert_eq!(pipe.advance(), Ok(()));
10172
10173 let mut r = pipe.server.readable().collect::<Vec<u64>>();
10174 assert_eq!(r.len(), 4);
10175
10176 r.sort();
10177
10178 assert_eq!(r, [0, 4, 8, 12]);
10179
10180 assert_eq!(pipe.server.stream_recv(0, &mut buf), Ok((6, true)));
10181 assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((6, true)));
10182 assert_eq!(pipe.server.stream_recv(8, &mut buf), Ok((6, true)));
10183 assert_eq!(pipe.server.stream_recv(12, &mut buf), Ok((6, true)));
10184
10185 assert_eq!(pipe.server.tx_cap, 12000);
10186
10187 assert_eq!(pipe.server.stream_send(0, &buf[..5000], false), Ok(5000));
10188 assert_eq!(pipe.server.stream_send(4, &buf[..5000], false), Ok(5000));
10189 assert_eq!(pipe.server.stream_send(8, &buf[..5000], false), Ok(2000));
10190
10191 // No more connection send capacity.
10192 assert_eq!(pipe.server.stream_send(12, &buf[..5000], false), Ok(0));
10193 assert_eq!(pipe.server.tx_cap, 0);
10194
10195 assert_eq!(pipe.advance(), Ok(()));
10196 }
10197 }
10198
10199 pub use crate::packet::ConnectionId;
10200 pub use crate::packet::Header;
10201 pub use crate::packet::Type;
10202
10203 pub use crate::recovery::CongestionControlAlgorithm;
10204
10205 pub use crate::stream::StreamIter;
10206
10207 mod crypto;
10208 mod dgram;
10209 #[cfg(feature = "ffi")]
10210 mod ffi;
10211 mod frame;
10212 pub mod h3;
10213 mod minmax;
10214 mod octets;
10215 mod packet;
10216 mod rand;
10217 mod ranges;
10218 mod recovery;
10219 mod stream;
10220 mod tls;
10221