1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836 |
- /***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
- #include "curl_setup.h"
- #if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
- #error #include <ngtcp2/ngtcp2.h>
- #error #include <nghttp3/nghttp3.h>
- #ifdef USE_OPENSSL
- #include <openssl/err.h>
- #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
- #error #include <ngtcp2/ngtcp2_crypto_boringssl.h>
- #else
- #error #include <ngtcp2/ngtcp2_crypto_quictls.h>
- #endif
- #include "vtls/openssl.h"
- #elif defined(USE_GNUTLS)
- #error #include <ngtcp2/ngtcp2_crypto_gnutls.h>
- #include "vtls/gtls.h"
- #elif defined(USE_WOLFSSL)
- #error #include <ngtcp2/ngtcp2_crypto_wolfssl.h>
- #include "vtls/wolfssl.h"
- #endif
- #include "urldata.h"
- #include "sendf.h"
- #include "strdup.h"
- #include "rand.h"
- #include "multiif.h"
- #include "strcase.h"
- #include "cfilters.h"
- #include "cf-socket.h"
- #include "connect.h"
- #include "progress.h"
- #include "strerror.h"
- #include "dynbuf.h"
- #include "http1.h"
- #include "select.h"
- #include "inet_pton.h"
- #include "vquic.h"
- #include "vquic_int.h"
- #include "vtls/keylog.h"
- #include "vtls/vtls.h"
- #include "curl_ngtcp2.h"
- #include "warnless.h"
- /* The last 3 #include files should be in this order */
- #include "curl_printf.h"
- #include "curl_memory.h"
- #include "memdebug.h"
- #define H3_ALPN_H3_29 "\x5h3-29"
- #define H3_ALPN_H3 "\x2h3"
- #define QUIC_MAX_STREAMS (256*1024)
- #define QUIC_MAX_DATA (1*1024*1024)
- #define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS)
- /* A stream window is the maximum amount we need to buffer for
- * each active transfer. We use HTTP/3 flow control and only ACK
- * when we take things out of the buffer.
- * Chunk size is large enough to take a full DATA frame */
- #define H3_STREAM_WINDOW_SIZE (128 * 1024)
- #define H3_STREAM_CHUNK_SIZE (16 * 1024)
- /* The pool keeps spares around and half of a full stream windows
- * seems good. More does not seem to improve performance.
- * The benefit of the pool is that stream buffer to not keep
- * spares. So memory consumption goes down when streams run empty,
- * have a large upload done, etc. */
- #define H3_STREAM_POOL_SPARES \
- (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2
- /* Receive and Send max number of chunks just follows from the
- * chunk size and window size */
- #define H3_STREAM_RECV_CHUNKS \
- (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
- #define H3_STREAM_SEND_CHUNKS \
- (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
- #ifdef USE_OPENSSL
- #define QUIC_CIPHERS \
- "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \
- "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
- #define QUIC_GROUPS "P-256:X25519:P-384:P-521"
- #elif defined(USE_GNUTLS)
- #define QUIC_PRIORITY \
- "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
- "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
- "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
- "%DISABLE_TLS13_COMPAT_MODE"
- #elif defined(USE_WOLFSSL)
- #define QUIC_CIPHERS \
- "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \
- "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
- #define QUIC_GROUPS "P-256:P-384:P-521"
- #endif
- /*
- * Store ngtcp2 version info in this buffer.
- */
- void Curl_ngtcp2_ver(char *p, size_t len)
- {
- const ngtcp2_info *ng2 = ngtcp2_version(0);
- const nghttp3_info *ht3 = nghttp3_version(0);
- (void)msnprintf(p, len, "ngtcp2/%s nghttp3/%s",
- ng2->version_str, ht3->version_str);
- }
- struct cf_ngtcp2_ctx {
- struct cf_quic_ctx q;
- struct ssl_peer peer;
- ngtcp2_path connected_path;
- ngtcp2_conn *qconn;
- ngtcp2_cid dcid;
- ngtcp2_cid scid;
- uint32_t version;
- ngtcp2_settings settings;
- ngtcp2_transport_params transport_params;
- ngtcp2_ccerr last_error;
- ngtcp2_crypto_conn_ref conn_ref;
- #ifdef USE_OPENSSL
- SSL_CTX *sslctx;
- SSL *ssl;
- #elif defined(USE_GNUTLS)
- struct gtls_instance *gtls;
- #elif defined(USE_WOLFSSL)
- WOLFSSL_CTX *sslctx;
- WOLFSSL *ssl;
- #endif
- struct cf_call_data call_data;
- nghttp3_conn *h3conn;
- nghttp3_settings h3settings;
- struct curltime started_at; /* time the current attempt started */
- struct curltime handshake_at; /* time connect handshake finished */
- struct curltime first_byte_at; /* when first byte was recvd */
- struct curltime reconnect_at; /* time the next attempt should start */
- struct bufc_pool stream_bufcp; /* chunk pool for streams */
- size_t max_stream_window; /* max flow window for one stream */
- uint64_t max_idle_ms; /* max idle time for QUIC connection */
- int qlogfd;
- BIT(got_first_byte); /* if first byte was received */
- #ifdef USE_OPENSSL
- BIT(x509_store_setup); /* if x509 store has been set up */
- #endif
- };
- /* How to access `call_data` from a cf_ngtcp2 filter */
- #undef CF_CTX_CALL_DATA
- #define CF_CTX_CALL_DATA(cf) \
- ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
- /**
- * All about the H3 internals of a stream
- */
- struct h3_stream_ctx {
- int64_t id; /* HTTP/3 protocol identifier */
- struct bufq sendbuf; /* h3 request body */
- struct bufq recvbuf; /* h3 response body */
- struct h1_req_parser h1; /* h1 request parsing */
- size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
- size_t upload_blocked_len; /* the amount written last and EGAINed */
- size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
- uint64_t error3; /* HTTP/3 stream error code */
- curl_off_t upload_left; /* number of request bytes left to upload */
- int status_code; /* HTTP status code */
- bool resp_hds_complete; /* we have a complete, final response */
- bool closed; /* TRUE on stream close */
- bool reset; /* TRUE on stream reset */
- bool send_closed; /* stream is local closed */
- BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
- };
- #define H3_STREAM_CTX(d) ((struct h3_stream_ctx *)(((d) && (d)->req.p.http)? \
- ((struct HTTP *)(d)->req.p.http)->h3_ctx \
- : NULL))
- #define H3_STREAM_LCTX(d) ((struct HTTP *)(d)->req.p.http)->h3_ctx
- #define H3_STREAM_ID(d) (H3_STREAM_CTX(d)? \
- H3_STREAM_CTX(d)->id : -2)
- static CURLcode h3_data_setup(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- if(!data || !data->req.p.http) {
- failf(data, "initialization failure, transfer not http initialized");
- return CURLE_FAILED_INIT;
- }
- if(stream)
- return CURLE_OK;
- stream = calloc(1, sizeof(*stream));
- if(!stream)
- return CURLE_OUT_OF_MEMORY;
- stream->id = -1;
- /* on send, we control how much we put into the buffer */
- Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp,
- H3_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE);
- stream->sendbuf_len_in_flight = 0;
- /* on recv, we need a flexible buffer limit since we also write
- * headers to it that are not counted against the nghttp3 flow limits. */
- Curl_bufq_initp(&stream->recvbuf, &ctx->stream_bufcp,
- H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT);
- stream->recv_buf_nonflow = 0;
- Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
- H3_STREAM_LCTX(data) = stream;
- return CURLE_OK;
- }
- static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- (void)cf;
- if(stream) {
- CURL_TRC_CF(data, cf, "[%"PRId64"] easy handle is done", stream->id);
- if(ctx->h3conn && !stream->closed) {
- nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream->id);
- nghttp3_conn_close_stream(ctx->h3conn, stream->id,
- NGHTTP3_H3_REQUEST_CANCELLED);
- nghttp3_conn_set_stream_user_data(ctx->h3conn, stream->id, NULL);
- ngtcp2_conn_set_stream_user_data(ctx->qconn, stream->id, NULL);
- stream->closed = TRUE;
- }
- Curl_bufq_free(&stream->sendbuf);
- Curl_bufq_free(&stream->recvbuf);
- Curl_h1_req_parse_free(&stream->h1);
- free(stream);
- H3_STREAM_LCTX(data) = NULL;
- }
- }
- static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- int64_t stream_id)
- {
- struct Curl_easy *sdata;
- (void)cf;
- if(H3_STREAM_ID(data) == stream_id) {
- return data;
- }
- else {
- DEBUGASSERT(data->multi);
- for(sdata = data->multi->easyp; sdata; sdata = sdata->next) {
- if((sdata->conn == data->conn) && H3_STREAM_ID(sdata) == stream_id) {
- return sdata;
- }
- }
- }
- return NULL;
- }
- static void h3_drain_stream(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- unsigned char bits;
- (void)cf;
- bits = CURL_CSELECT_IN;
- if(stream && stream->upload_left && !stream->send_closed)
- bits |= CURL_CSELECT_OUT;
- if(data->state.dselect_bits != bits) {
- data->state.dselect_bits = bits;
- Curl_expire(data, 0, EXPIRE_RUN_NOW);
- }
- }
- /* ngtcp2 default congestion controller does not perform pacing. Limit
- the maximum packet burst to MAX_PKT_BURST packets. */
- #define MAX_PKT_BURST 10
- struct pkt_io_ctx {
- struct Curl_cfilter *cf;
- struct Curl_easy *data;
- ngtcp2_tstamp ts;
- size_t pkt_count;
- ngtcp2_path_storage ps;
- };
- static void pktx_update_time(struct pkt_io_ctx *pktx,
- struct Curl_cfilter *cf)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- vquic_ctx_update_time(&ctx->q);
- pktx->ts = ctx->q.last_op.tv_sec * NGTCP2_SECONDS +
- ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS;
- }
- static void pktx_init(struct pkt_io_ctx *pktx,
- struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- pktx->cf = cf;
- pktx->data = data;
- pktx->pkt_count = 0;
- ngtcp2_path_storage_zero(&pktx->ps);
- pktx_update_time(pktx, cf);
- }
- static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx);
- static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx);
- static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id,
- uint64_t datalen, void *user_data,
- void *stream_user_data);
- static ngtcp2_conn *get_conn(ngtcp2_crypto_conn_ref *conn_ref)
- {
- struct Curl_cfilter *cf = conn_ref->user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- return ctx->qconn;
- }
- #ifdef DEBUG_NGTCP2
- static void quic_printf(void *user_data, const char *fmt, ...)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- (void)ctx; /* TODO: need an easy handle to infof() message */
- va_list ap;
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
- fprintf(stderr, "\n");
- }
- #endif
- static void qlog_callback(void *user_data, uint32_t flags,
- const void *data, size_t datalen)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- (void)flags;
- if(ctx->qlogfd != -1) {
- ssize_t rc = write(ctx->qlogfd, data, datalen);
- if(rc == -1) {
- /* on write error, stop further write attempts */
- close(ctx->qlogfd);
- ctx->qlogfd = -1;
- }
- }
- }
- static void quic_settings(struct cf_ngtcp2_ctx *ctx,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx)
- {
- ngtcp2_settings *s = &ctx->settings;
- ngtcp2_transport_params *t = &ctx->transport_params;
- ngtcp2_settings_default(s);
- ngtcp2_transport_params_default(t);
- #ifdef DEBUG_NGTCP2
- s->log_printf = quic_printf;
- #else
- s->log_printf = NULL;
- #endif
- (void)data;
- s->initial_ts = pktx->ts;
- s->handshake_timeout = QUIC_HANDSHAKE_TIMEOUT;
- s->max_window = 100 * ctx->max_stream_window;
- s->max_stream_window = ctx->max_stream_window;
- t->initial_max_data = 10 * ctx->max_stream_window;
- t->initial_max_stream_data_bidi_local = ctx->max_stream_window;
- t->initial_max_stream_data_bidi_remote = ctx->max_stream_window;
- t->initial_max_stream_data_uni = ctx->max_stream_window;
- t->initial_max_streams_bidi = QUIC_MAX_STREAMS;
- t->initial_max_streams_uni = QUIC_MAX_STREAMS;
- t->max_idle_timeout = (ctx->max_idle_ms * NGTCP2_MILLISECONDS);
- if(ctx->qlogfd != -1) {
- s->qlog_write = qlog_callback;
- }
- }
- #ifdef USE_OPENSSL
- static void keylog_callback(const SSL *ssl, const char *line)
- {
- (void)ssl;
- Curl_tls_keylog_write_line(line);
- }
- #elif defined(USE_GNUTLS)
- static int keylog_callback(gnutls_session_t session, const char *label,
- const gnutls_datum_t *secret)
- {
- gnutls_datum_t crandom;
- gnutls_datum_t srandom;
- gnutls_session_get_random(session, &crandom, &srandom);
- if(crandom.size != 32) {
- return -1;
- }
- Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size);
- return 0;
- }
- #elif defined(USE_WOLFSSL)
- #if defined(HAVE_SECRET_CALLBACK)
- static void keylog_callback(const WOLFSSL *ssl, const char *line)
- {
- (void)ssl;
- Curl_tls_keylog_write_line(line);
- }
- #endif
- #endif
- static int init_ngh3_conn(struct Curl_cfilter *cf);
- #ifdef USE_OPENSSL
- static CURLcode quic_ssl_ctx(SSL_CTX **pssl_ctx,
- struct Curl_cfilter *cf, struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct ssl_primary_config *conn_config;
- CURLcode result = CURLE_FAILED_INIT;
- SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
- if(!ssl_ctx) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- conn_config = Curl_ssl_cf_get_primary_config(cf);
- if(!conn_config) {
- result = CURLE_FAILED_INIT;
- goto out;
- }
- #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
- if(ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx) != 0) {
- failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed");
- goto out;
- }
- #else
- if(ngtcp2_crypto_quictls_configure_client_context(ssl_ctx) != 0) {
- failf(data, "ngtcp2_crypto_quictls_configure_client_context failed");
- goto out;
- }
- #endif
- SSL_CTX_set_default_verify_paths(ssl_ctx);
- {
- const char *curves = conn_config->curves ?
- conn_config->curves : QUIC_GROUPS;
- if(!SSL_CTX_set1_curves_list(ssl_ctx, curves)) {
- failf(data, "failed setting curves list for QUIC: '%s'", curves);
- return CURLE_SSL_CIPHER;
- }
- }
- #ifndef OPENSSL_IS_BORINGSSL
- {
- const char *ciphers13 = conn_config->cipher_list13 ?
- conn_config->cipher_list13 : QUIC_CIPHERS;
- if(SSL_CTX_set_ciphersuites(ssl_ctx, ciphers13) != 1) {
- failf(data, "failed setting QUIC cipher suite: %s", ciphers13);
- return CURLE_SSL_CIPHER;
- }
- infof(data, "QUIC cipher selection: %s", ciphers13);
- }
- #endif
- /* Open the file if a TLS or QUIC backend has not done this before. */
- Curl_tls_keylog_open();
- if(Curl_tls_keylog_enabled()) {
- SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
- }
- /* OpenSSL always tries to verify the peer, this only says whether it should
- * fail to connect if the verification fails, or if it should continue
- * anyway. In the latter case the result of the verification is checked with
- * SSL_get_verify_result() below. */
- SSL_CTX_set_verify(ssl_ctx, conn_config->verifypeer ?
- SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
- /* give application a chance to interfere with SSL set up. */
- if(data->set.ssl.fsslctx) {
- /* When a user callback is installed to modify the SSL_CTX,
- * we need to do the full initialization before calling it.
- * See: #11800 */
- if(!ctx->x509_store_setup) {
- result = Curl_ssl_setup_x509_store(cf, data, ssl_ctx);
- if(result)
- goto out;
- ctx->x509_store_setup = TRUE;
- }
- Curl_set_in_callback(data, true);
- result = (*data->set.ssl.fsslctx)(data, ssl_ctx,
- data->set.ssl.fsslctxp);
- Curl_set_in_callback(data, false);
- if(result) {
- failf(data, "error signaled by ssl ctx callback");
- goto out;
- }
- }
- result = CURLE_OK;
- out:
- *pssl_ctx = result? NULL : ssl_ctx;
- if(result && ssl_ctx)
- SSL_CTX_free(ssl_ctx);
- return result;
- }
- static CURLcode quic_set_client_cert(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- SSL_CTX *ssl_ctx = ctx->sslctx;
- const struct ssl_config_data *ssl_config;
- ssl_config = Curl_ssl_cf_get_config(cf, data);
- DEBUGASSERT(ssl_config);
- if(ssl_config->primary.clientcert || ssl_config->primary.cert_blob
- || ssl_config->cert_type) {
- return Curl_ossl_set_client_cert(
- data, ssl_ctx, ssl_config->primary.clientcert,
- ssl_config->primary.cert_blob, ssl_config->cert_type,
- ssl_config->key, ssl_config->key_blob,
- ssl_config->key_type, ssl_config->key_passwd);
- }
- return CURLE_OK;
- }
- /** SSL callbacks ***/
- static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- const uint8_t *alpn = NULL;
- size_t alpnlen = 0;
- DEBUGASSERT(!ctx->ssl);
- ctx->ssl = SSL_new(ctx->sslctx);
- SSL_set_app_data(ctx->ssl, &ctx->conn_ref);
- SSL_set_connect_state(ctx->ssl);
- SSL_set_quic_use_legacy_codepoint(ctx->ssl, 0);
- alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
- alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
- if(alpn)
- SSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen);
- /* set SNI */
- if(ctx->peer.sni) {
- if(!SSL_set_tlsext_host_name(ctx->ssl, ctx->peer.sni)) {
- failf(data, "Failed set SNI");
- SSL_free(ctx->ssl);
- ctx->ssl = NULL;
- return CURLE_QUIC_CONNECT_ERROR;
- }
- }
- return CURLE_OK;
- }
- #elif defined(USE_GNUTLS)
- static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct ssl_primary_config *conn_config;
- CURLcode result;
- gnutls_datum_t alpn[2];
- /* this will need some attention when HTTPS proxy over QUIC get fixed */
- long * const pverifyresult = &data->set.ssl.certverifyresult;
- int rc;
- conn_config = Curl_ssl_cf_get_primary_config(cf);
- if(!conn_config)
- return CURLE_FAILED_INIT;
- DEBUGASSERT(ctx->gtls == NULL);
- ctx->gtls = calloc(1, sizeof(*(ctx->gtls)));
- if(!ctx->gtls)
- return CURLE_OUT_OF_MEMORY;
- result = gtls_client_init(data, conn_config, &data->set.ssl,
- &ctx->peer, ctx->gtls, pverifyresult);
- if(result)
- return result;
- gnutls_session_set_ptr(ctx->gtls->session, &ctx->conn_ref);
- if(ngtcp2_crypto_gnutls_configure_client_session(ctx->gtls->session) != 0) {
- CURL_TRC_CF(data, cf,
- "ngtcp2_crypto_gnutls_configure_client_session failed\n");
- return CURLE_QUIC_CONNECT_ERROR;
- }
- rc = gnutls_priority_set_direct(ctx->gtls->session, QUIC_PRIORITY, NULL);
- if(rc < 0) {
- CURL_TRC_CF(data, cf, "gnutls_priority_set_direct failed: %s\n",
- gnutls_strerror(rc));
- return CURLE_QUIC_CONNECT_ERROR;
- }
- /* Open the file if a TLS or QUIC backend has not done this before. */
- Curl_tls_keylog_open();
- if(Curl_tls_keylog_enabled()) {
- gnutls_session_set_keylog_function(ctx->gtls->session, keylog_callback);
- }
- /* strip the first byte (the length) from NGHTTP3_ALPN_H3 */
- alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1;
- alpn[0].size = sizeof(H3_ALPN_H3_29) - 2;
- alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1;
- alpn[1].size = sizeof(H3_ALPN_H3) - 2;
- gnutls_alpn_set_protocols(ctx->gtls->session,
- alpn, 2, GNUTLS_ALPN_MANDATORY);
- return CURLE_OK;
- }
- #elif defined(USE_WOLFSSL)
- static CURLcode quic_ssl_ctx(WOLFSSL_CTX **pssl_ctx,
- struct Curl_cfilter *cf, struct Curl_easy *data)
- {
- CURLcode result = CURLE_FAILED_INIT;
- struct ssl_primary_config *conn_config;
- WOLFSSL_CTX *ssl_ctx = NULL;
- conn_config = Curl_ssl_cf_get_primary_config(cf);
- if(!conn_config) {
- result = CURLE_FAILED_INIT;
- goto out;
- }
- ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- if(!ssl_ctx) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- if(ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) {
- failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed");
- result = CURLE_FAILED_INIT;
- goto out;
- }
- wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
- if(wolfSSL_CTX_set_cipher_list(ssl_ctx, conn_config->cipher_list13 ?
- conn_config->cipher_list13 :
- QUIC_CIPHERS) != 1) {
- char error_buffer[256];
- ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
- failf(data, "wolfSSL failed to set ciphers: %s", error_buffer);
- goto out;
- }
- if(wolfSSL_CTX_set1_groups_list(ssl_ctx, conn_config->curves ?
- conn_config->curves :
- (char *)QUIC_GROUPS) != 1) {
- failf(data, "wolfSSL failed to set curves");
- goto out;
- }
- /* Open the file if a TLS or QUIC backend has not done this before. */
- Curl_tls_keylog_open();
- if(Curl_tls_keylog_enabled()) {
- #if defined(HAVE_SECRET_CALLBACK)
- wolfSSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
- #else
- failf(data, "wolfSSL was built without keylog callback");
- goto out;
- #endif
- }
- if(conn_config->verifypeer) {
- const char * const ssl_cafile = conn_config->CAfile;
- const char * const ssl_capath = conn_config->CApath;
- wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
- if(ssl_cafile || ssl_capath) {
- /* tell wolfSSL where to find CA certificates that are used to verify
- the server's certificate. */
- int rc =
- wolfSSL_CTX_load_verify_locations_ex(ssl_ctx, ssl_cafile, ssl_capath,
- WOLFSSL_LOAD_FLAG_IGNORE_ERR);
- if(SSL_SUCCESS != rc) {
- /* Fail if we insist on successfully verifying the server. */
- failf(data, "error setting certificate verify locations:"
- " CAfile: %s CApath: %s",
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
- goto out;
- }
- infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
- infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
- }
- #ifdef CURL_CA_FALLBACK
- else {
- /* verifying the peer without any CA certificates won't work so
- use wolfssl's built-in default as fallback */
- wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
- }
- #endif
- }
- else {
- wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
- }
- /* give application a chance to interfere with SSL set up. */
- if(data->set.ssl.fsslctx) {
- Curl_set_in_callback(data, true);
- result = (*data->set.ssl.fsslctx)(data, ssl_ctx,
- data->set.ssl.fsslctxp);
- Curl_set_in_callback(data, false);
- if(result) {
- failf(data, "error signaled by ssl ctx callback");
- goto out;
- }
- }
- result = CURLE_OK;
- out:
- *pssl_ctx = result? NULL : ssl_ctx;
- if(result && ssl_ctx)
- SSL_CTX_free(ssl_ctx);
- return result;
- }
- /** SSL callbacks ***/
- static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- const uint8_t *alpn = NULL;
- size_t alpnlen = 0;
- /* this will need some attention when HTTPS proxy over QUIC get fixed */
- const char * const hostname = cf->conn->host.name;
- (void)data;
- DEBUGASSERT(!ctx->ssl);
- ctx->ssl = wolfSSL_new(ctx->sslctx);
- wolfSSL_set_app_data(ctx->ssl, &ctx->conn_ref);
- wolfSSL_set_connect_state(ctx->ssl);
- wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0);
- alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
- alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
- if(alpn)
- wolfSSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen);
- /* set SNI */
- wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME,
- hostname, (unsigned short)strlen(hostname));
- return CURLE_OK;
- }
- #endif /* defined(USE_WOLFSSL) */
- static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
- {
- (void)user_data;
- (void)tconn;
- return 0;
- }
- static void report_consumed_data(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- size_t consumed)
- {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- if(!stream)
- return;
- /* the HTTP/1.1 response headers are written to the buffer, but
- * consuming those does not count against flow control. */
- if(stream->recv_buf_nonflow) {
- if(consumed >= stream->recv_buf_nonflow) {
- consumed -= stream->recv_buf_nonflow;
- stream->recv_buf_nonflow = 0;
- }
- else {
- stream->recv_buf_nonflow -= consumed;
- consumed = 0;
- }
- }
- if(consumed > 0) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
- stream->id, consumed);
- ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream->id,
- consumed);
- ngtcp2_conn_extend_max_offset(ctx->qconn, consumed);
- }
- }
- static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags,
- int64_t stream_id, uint64_t offset,
- const uint8_t *buf, size_t buflen,
- void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- nghttp3_ssize nconsumed;
- int fin = (flags & NGTCP2_STREAM_DATA_FLAG_FIN) ? 1 : 0;
- struct Curl_easy *data = stream_user_data;
- (void)offset;
- (void)data;
- nconsumed =
- nghttp3_conn_read_stream(ctx->h3conn, stream_id, buf, buflen, fin);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read_stream(len=%zu) -> %zd",
- stream_id, buflen, nconsumed);
- if(nconsumed < 0) {
- if(!data) {
- struct Curl_easy *cdata = CF_DATA_CURRENT(cf);
- CURL_TRC_CF(cdata, cf, "[%" PRId64 "] nghttp3 error on stream not "
- "used by us, ignored", stream_id);
- return 0;
- }
- ngtcp2_ccerr_set_application_error(
- &ctx->last_error,
- nghttp3_err_infer_quic_app_error_code((int)nconsumed), NULL, 0);
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- /* number of bytes inside buflen which consists of framing overhead
- * including QPACK HEADERS. In other words, it does not consume payload of
- * DATA frame. */
- ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, nconsumed);
- ngtcp2_conn_extend_max_offset(tconn, nconsumed);
- return 0;
- }
- static int
- cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
- uint64_t offset, uint64_t datalen, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- int rv;
- (void)stream_id;
- (void)tconn;
- (void)offset;
- (void)datalen;
- (void)stream_user_data;
- rv = nghttp3_conn_add_ack_offset(ctx->h3conn, stream_id, datalen);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags,
- int64_t stream3_id, uint64_t app_error_code,
- void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- int rv;
- (void)tconn;
- (void)data;
- /* stream is closed... */
- if(!(flags & NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET)) {
- app_error_code = NGHTTP3_H3_NO_ERROR;
- }
- rv = nghttp3_conn_close_stream(ctx->h3conn, stream3_id,
- app_error_code);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] quic close(err=%"
- PRIu64 ") -> %d", stream3_id, app_error_code, rv);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- ngtcp2_ccerr_set_application_error(
- &ctx->last_error, nghttp3_err_infer_quic_app_error_code(rv), NULL, 0);
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static int cb_stream_reset(ngtcp2_conn *tconn, int64_t stream_id,
- uint64_t final_size, uint64_t app_error_code,
- void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct Curl_easy *data = stream_user_data;
- int rv;
- (void)tconn;
- (void)final_size;
- (void)app_error_code;
- (void)data;
- rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] reset -> %d", stream_id, rv);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static int cb_stream_stop_sending(ngtcp2_conn *tconn, int64_t stream_id,
- uint64_t app_error_code, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- int rv;
- (void)tconn;
- (void)app_error_code;
- (void)stream_user_data;
- rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static int cb_extend_max_local_streams_bidi(ngtcp2_conn *tconn,
- uint64_t max_streams,
- void *user_data)
- {
- (void)tconn;
- (void)max_streams;
- (void)user_data;
- return 0;
- }
- static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id,
- uint64_t max_data, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct Curl_easy *data = CF_DATA_CURRENT(cf);
- struct Curl_easy *s_data;
- struct h3_stream_ctx *stream;
- int rv;
- (void)tconn;
- (void)max_data;
- (void)stream_user_data;
- rv = nghttp3_conn_unblock_stream(ctx->h3conn, stream_id);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- s_data = get_stream_easy(cf, data, stream_id);
- stream = H3_STREAM_CTX(s_data);
- if(stream && stream->quic_flow_blocked) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] unblock quic flow", stream_id);
- stream->quic_flow_blocked = FALSE;
- h3_drain_stream(cf, data);
- }
- return 0;
- }
- static void cb_rand(uint8_t *dest, size_t destlen,
- const ngtcp2_rand_ctx *rand_ctx)
- {
- CURLcode result;
- (void)rand_ctx;
- result = Curl_rand(NULL, dest, destlen);
- if(result) {
- /* cb_rand is only used for non-cryptographic context. If Curl_rand
- failed, just fill 0 and call it *random*. */
- memset(dest, 0, destlen);
- }
- }
- static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid,
- uint8_t *token, size_t cidlen,
- void *user_data)
- {
- CURLcode result;
- (void)tconn;
- (void)user_data;
- result = Curl_rand(NULL, cid->data, cidlen);
- if(result)
- return NGTCP2_ERR_CALLBACK_FAILURE;
- cid->datalen = cidlen;
- result = Curl_rand(NULL, token, NGTCP2_STATELESS_RESET_TOKENLEN);
- if(result)
- return NGTCP2_ERR_CALLBACK_FAILURE;
- return 0;
- }
- static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_encryption_level level,
- void *user_data)
- {
- struct Curl_cfilter *cf = user_data;
- (void)tconn;
- if(level != NGTCP2_ENCRYPTION_LEVEL_1RTT) {
- return 0;
- }
- if(init_ngh3_conn(cf) != CURLE_OK) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static ngtcp2_callbacks ng_callbacks = {
- ngtcp2_crypto_client_initial_cb,
- NULL, /* recv_client_initial */
- ngtcp2_crypto_recv_crypto_data_cb,
- cb_handshake_completed,
- NULL, /* recv_version_negotiation */
- ngtcp2_crypto_encrypt_cb,
- ngtcp2_crypto_decrypt_cb,
- ngtcp2_crypto_hp_mask_cb,
- cb_recv_stream_data,
- cb_acked_stream_data_offset,
- NULL, /* stream_open */
- cb_stream_close,
- NULL, /* recv_stateless_reset */
- ngtcp2_crypto_recv_retry_cb,
- cb_extend_max_local_streams_bidi,
- NULL, /* extend_max_local_streams_uni */
- cb_rand,
- cb_get_new_connection_id,
- NULL, /* remove_connection_id */
- ngtcp2_crypto_update_key_cb, /* update_key */
- NULL, /* path_validation */
- NULL, /* select_preferred_addr */
- cb_stream_reset,
- NULL, /* extend_max_remote_streams_bidi */
- NULL, /* extend_max_remote_streams_uni */
- cb_extend_max_stream_data,
- NULL, /* dcid_status */
- NULL, /* handshake_confirmed */
- NULL, /* recv_new_token */
- ngtcp2_crypto_delete_crypto_aead_ctx_cb,
- ngtcp2_crypto_delete_crypto_cipher_ctx_cb,
- NULL, /* recv_datagram */
- NULL, /* ack_datagram */
- NULL, /* lost_datagram */
- ngtcp2_crypto_get_path_challenge_data_cb,
- cb_stream_stop_sending,
- NULL, /* version_negotiation */
- cb_recv_rx_key,
- NULL, /* recv_tx_key */
- NULL, /* early_data_rejected */
- };
- /**
- * Connection maintenance like timeouts on packet ACKs etc. are done by us, not
- * the OS like for TCP. POLL events on the socket therefore are not
- * sufficient.
- * ngtcp2 tells us when it wants to be invoked again. We handle that via
- * the `Curl_expire()` mechanisms.
- */
- static CURLcode check_and_set_expiry(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct pkt_io_ctx local_pktx;
- ngtcp2_tstamp expiry;
- if(!pktx) {
- pktx_init(&local_pktx, cf, data);
- pktx = &local_pktx;
- }
- else {
- pktx_update_time(pktx, cf);
- }
- expiry = ngtcp2_conn_get_expiry(ctx->qconn);
- if(expiry != UINT64_MAX) {
- if(expiry <= pktx->ts) {
- CURLcode result;
- int rv = ngtcp2_conn_handle_expiry(ctx->qconn, pktx->ts);
- if(rv) {
- failf(data, "ngtcp2_conn_handle_expiry returned error: %s",
- ngtcp2_strerror(rv));
- ngtcp2_ccerr_set_liberr(&ctx->last_error, rv, NULL, 0);
- return CURLE_SEND_ERROR;
- }
- result = cf_progress_ingress(cf, data, pktx);
- if(result)
- return result;
- result = cf_progress_egress(cf, data, pktx);
- if(result)
- return result;
- /* ask again, things might have changed */
- expiry = ngtcp2_conn_get_expiry(ctx->qconn);
- }
- if(expiry > pktx->ts) {
- ngtcp2_duration timeout = expiry - pktx->ts;
- if(timeout % NGTCP2_MILLISECONDS) {
- timeout += NGTCP2_MILLISECONDS;
- }
- Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC);
- }
- }
- return CURLE_OK;
- }
- static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct easy_pollset *ps)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- bool want_recv = CURL_WANT_RECV(data);
- bool want_send = CURL_WANT_SEND(data);
- if(ctx->qconn && (want_recv || want_send)) {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- struct cf_call_data save;
- bool c_exhaust, s_exhaust;
- CF_DATA_SAVE(save, cf, data);
- c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
- !ngtcp2_conn_get_max_data_left(ctx->qconn));
- s_exhaust = want_send && stream && stream->id >= 0 &&
- stream->quic_flow_blocked;
- want_recv = (want_recv || c_exhaust || s_exhaust);
- want_send = (!s_exhaust && want_send) ||
- !Curl_bufq_is_empty(&ctx->q.sendbuf);
- Curl_pollset_set(data, ps, ctx->q.sockfd, want_recv, want_send);
- CF_DATA_RESTORE(cf, save);
- }
- }
- static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
- uint64_t app_error_code, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- (void)conn;
- (void)stream_id;
- /* we might be called by nghttp3 after we already cleaned up */
- if(!stream)
- return 0;
- stream->closed = TRUE;
- stream->error3 = app_error_code;
- if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
- stream->reset = TRUE;
- stream->send_closed = TRUE;
- CURL_TRC_CF(data, cf, "[%" PRId64 "] RESET: error %" PRId64,
- stream->id, stream->error3);
- }
- else {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] CLOSED", stream->id);
- }
- h3_drain_stream(cf, data);
- return 0;
- }
- /*
- * write_resp_raw() copies response data in raw format to the `data`'s
- * receive buffer. If not enough space is available, it appends to the
- * `data`'s overflow buffer.
- */
- static CURLcode write_resp_raw(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const void *mem, size_t memlen,
- bool flow)
- {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result = CURLE_OK;
- ssize_t nwritten;
- (void)cf;
- if(!stream) {
- return CURLE_RECV_ERROR;
- }
- nwritten = Curl_bufq_write(&stream->recvbuf, mem, memlen, &result);
- if(nwritten < 0) {
- return result;
- }
- if(!flow)
- stream->recv_buf_nonflow += (size_t)nwritten;
- if((size_t)nwritten < memlen) {
- /* This MUST not happen. Our recbuf is dimensioned to hold the
- * full max_stream_window and then some for this very reason. */
- DEBUGASSERT(0);
- return CURLE_RECV_ERROR;
- }
- return result;
- }
- static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
- const uint8_t *buf, size_t buflen,
- void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result;
- (void)conn;
- (void)stream3_id;
- if(!stream)
- return NGHTTP3_ERR_CALLBACK_FAILURE;
- result = write_resp_raw(cf, data, buf, buflen, TRUE);
- if(result) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
- stream->id, buflen, result);
- return NGHTTP3_ERR_CALLBACK_FAILURE;
- }
- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu", stream->id, buflen);
- h3_drain_stream(cf, data);
- return 0;
- }
- static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream3_id,
- size_t consumed, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- (void)conn;
- (void)stream_user_data;
- /* nghttp3 has consumed bytes on the QUIC stream and we need to
- * tell the QUIC connection to increase its flow control */
- ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream3_id, consumed);
- ngtcp2_conn_extend_max_offset(ctx->qconn, consumed);
- return 0;
- }
- static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
- int fin, void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result = CURLE_OK;
- (void)conn;
- (void)stream_id;
- (void)fin;
- (void)cf;
- if(!stream)
- return 0;
- /* add a CRLF only if we've received some headers */
- result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
- if(result) {
- return -1;
- }
- CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
- stream_id, stream->status_code);
- if(stream->status_code / 100 != 1) {
- stream->resp_hds_complete = TRUE;
- }
- h3_drain_stream(cf, data);
- return 0;
- }
- static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
- int32_t token, nghttp3_rcbuf *name,
- nghttp3_rcbuf *value, uint8_t flags,
- void *user_data, void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
- nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result = CURLE_OK;
- (void)conn;
- (void)stream_id;
- (void)token;
- (void)flags;
- (void)cf;
- /* we might have cleaned up this transfer already */
- if(!stream)
- return 0;
- if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
- char line[14]; /* status line is always 13 characters long */
- size_t ncopy;
- result = Curl_http_decode_status(&stream->status_code,
- (const char *)h3val.base, h3val.len);
- if(result)
- return -1;
- ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
- stream->status_code);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
- result = write_resp_raw(cf, data, line, ncopy, FALSE);
- if(result) {
- return -1;
- }
- }
- else {
- /* store as an HTTP1-style header */
- CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
- stream_id, (int)h3name.len, h3name.base,
- (int)h3val.len, h3val.base);
- result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE);
- if(result) {
- return -1;
- }
- result = write_resp_raw(cf, data, ": ", 2, FALSE);
- if(result) {
- return -1;
- }
- result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE);
- if(result) {
- return -1;
- }
- result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
- if(result) {
- return -1;
- }
- }
- return 0;
- }
- static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id,
- uint64_t app_error_code, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- int rv;
- (void)conn;
- (void)stream_user_data;
- rv = ngtcp2_conn_shutdown_stream_read(ctx->qconn, 0, stream_id,
- app_error_code);
- if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id,
- uint64_t app_error_code, void *user_data,
- void *stream_user_data) {
- struct Curl_cfilter *cf = user_data;
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct Curl_easy *data = stream_user_data;
- int rv;
- (void)conn;
- (void)data;
- rv = ngtcp2_conn_shutdown_stream_write(ctx->qconn, 0, stream_id,
- app_error_code);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] reset -> %d", stream_id, rv);
- if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- return 0;
- }
- static nghttp3_callbacks ngh3_callbacks = {
- cb_h3_acked_req_body, /* acked_stream_data */
- cb_h3_stream_close,
- cb_h3_recv_data,
- cb_h3_deferred_consume,
- NULL, /* begin_headers */
- cb_h3_recv_header,
- cb_h3_end_headers,
- NULL, /* begin_trailers */
- cb_h3_recv_header,
- NULL, /* end_trailers */
- cb_h3_stop_sending,
- NULL, /* end_stream */
- cb_h3_reset_stream,
- NULL, /* shutdown */
- NULL /* recv_settings */
- };
- static int init_ngh3_conn(struct Curl_cfilter *cf)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- CURLcode result;
- int rc;
- int64_t ctrl_stream_id, qpack_enc_stream_id, qpack_dec_stream_id;
- if(ngtcp2_conn_get_streams_uni_left(ctx->qconn) < 3) {
- return CURLE_QUIC_CONNECT_ERROR;
- }
- nghttp3_settings_default(&ctx->h3settings);
- rc = nghttp3_conn_client_new(&ctx->h3conn,
- &ngh3_callbacks,
- &ctx->h3settings,
- nghttp3_mem_default(),
- cf);
- if(rc) {
- result = CURLE_OUT_OF_MEMORY;
- goto fail;
- }
- rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &ctrl_stream_id, NULL);
- if(rc) {
- result = CURLE_QUIC_CONNECT_ERROR;
- goto fail;
- }
- rc = nghttp3_conn_bind_control_stream(ctx->h3conn, ctrl_stream_id);
- if(rc) {
- result = CURLE_QUIC_CONNECT_ERROR;
- goto fail;
- }
- rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &qpack_enc_stream_id, NULL);
- if(rc) {
- result = CURLE_QUIC_CONNECT_ERROR;
- goto fail;
- }
- rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &qpack_dec_stream_id, NULL);
- if(rc) {
- result = CURLE_QUIC_CONNECT_ERROR;
- goto fail;
- }
- rc = nghttp3_conn_bind_qpack_streams(ctx->h3conn, qpack_enc_stream_id,
- qpack_dec_stream_id);
- if(rc) {
- result = CURLE_QUIC_CONNECT_ERROR;
- goto fail;
- }
- return CURLE_OK;
- fail:
- return result;
- }
- static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct h3_stream_ctx *stream,
- CURLcode *err)
- {
- ssize_t nread = -1;
- (void)cf;
- if(stream->reset) {
- failf(data,
- "HTTP/3 stream %" PRId64 " reset by server", stream->id);
- *err = stream->resp_hds_complete? CURLE_PARTIAL_FILE : CURLE_HTTP3;
- goto out;
- }
- else if(!stream->resp_hds_complete) {
- failf(data,
- "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting"
- " all response header fields, treated as error",
- stream->id);
- *err = CURLE_HTTP3;
- goto out;
- }
- *err = CURLE_OK;
- nread = 0;
- out:
- return nread;
- }
- /* incoming data frames on the h3 stream */
- static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
- char *buf, size_t len, CURLcode *err)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- ssize_t nread = -1;
- struct cf_call_data save;
- struct pkt_io_ctx pktx;
- (void)ctx;
- CF_DATA_SAVE(save, cf, data);
- DEBUGASSERT(cf->connected);
- DEBUGASSERT(ctx);
- DEBUGASSERT(ctx->qconn);
- DEBUGASSERT(ctx->h3conn);
- *err = CURLE_OK;
- pktx_init(&pktx, cf, data);
- if(!stream) {
- *err = CURLE_RECV_ERROR;
- goto out;
- }
- if(!Curl_bufq_is_empty(&stream->recvbuf)) {
- nread = Curl_bufq_read(&stream->recvbuf,
- (unsigned char *)buf, len, err);
- if(nread < 0) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read recvbuf(len=%zu) "
- "-> %zd, %d", stream->id, len, nread, *err);
- goto out;
- }
- report_consumed_data(cf, data, nread);
- }
- if(cf_progress_ingress(cf, data, &pktx)) {
- *err = CURLE_RECV_ERROR;
- nread = -1;
- goto out;
- }
- /* recvbuf had nothing before, maybe after progressing ingress? */
- if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) {
- nread = Curl_bufq_read(&stream->recvbuf,
- (unsigned char *)buf, len, err);
- if(nread < 0) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read recvbuf(len=%zu) "
- "-> %zd, %d", stream->id, len, nread, *err);
- goto out;
- }
- report_consumed_data(cf, data, nread);
- }
- if(nread > 0) {
- h3_drain_stream(cf, data);
- }
- else {
- if(stream->closed) {
- nread = recv_closed_stream(cf, data, stream, err);
- goto out;
- }
- *err = CURLE_AGAIN;
- nread = -1;
- }
- out:
- if(cf_progress_egress(cf, data, &pktx)) {
- *err = CURLE_SEND_ERROR;
- nread = -1;
- }
- else {
- CURLcode result2 = check_and_set_expiry(cf, data, &pktx);
- if(result2) {
- *err = result2;
- nread = -1;
- }
- }
- CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_recv(len=%zu) -> %zd, %d",
- stream? stream->id : -1, len, nread, *err);
- CF_DATA_RESTORE(cf, save);
- return nread;
- }
- static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id,
- uint64_t datalen, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- size_t skiplen;
- (void)cf;
- if(!stream)
- return 0;
- /* The server acknowledged `datalen` of bytes from our request body.
- * This is a delta. We have kept this data in `sendbuf` for
- * re-transmissions and can free it now. */
- if(datalen >= (uint64_t)stream->sendbuf_len_in_flight)
- skiplen = stream->sendbuf_len_in_flight;
- else
- skiplen = (size_t)datalen;
- Curl_bufq_skip(&stream->sendbuf, skiplen);
- stream->sendbuf_len_in_flight -= skiplen;
- /* Everything ACKed, we resume upload processing */
- if(!stream->sendbuf_len_in_flight) {
- int rv = nghttp3_conn_resume_stream(conn, stream_id);
- if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
- return NGTCP2_ERR_CALLBACK_FAILURE;
- }
- }
- return 0;
- }
- static nghttp3_ssize
- cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
- nghttp3_vec *vec, size_t veccnt,
- uint32_t *pflags, void *user_data,
- void *stream_user_data)
- {
- struct Curl_cfilter *cf = user_data;
- struct Curl_easy *data = stream_user_data;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- ssize_t nwritten = 0;
- size_t nvecs = 0;
- (void)cf;
- (void)conn;
- (void)stream_id;
- (void)user_data;
- (void)veccnt;
- if(!stream)
- return NGHTTP3_ERR_CALLBACK_FAILURE;
- /* nghttp3 keeps references to the sendbuf data until it is ACKed
- * by the server (see `cb_h3_acked_req_body()` for updates).
- * `sendbuf_len_in_flight` is the amount of bytes in `sendbuf`
- * that we have already passed to nghttp3, but which have not been
- * ACKed yet.
- * Any amount beyond `sendbuf_len_in_flight` we need still to pass
- * to nghttp3. Do that now, if we can. */
- if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
- nvecs = 0;
- while(nvecs < veccnt &&
- Curl_bufq_peek_at(&stream->sendbuf,
- stream->sendbuf_len_in_flight,
- (const unsigned char **)&vec[nvecs].base,
- &vec[nvecs].len)) {
- stream->sendbuf_len_in_flight += vec[nvecs].len;
- nwritten += vec[nvecs].len;
- ++nvecs;
- }
- DEBUGASSERT(nvecs > 0); /* we SHOULD have been be able to peek */
- }
- if(nwritten > 0 && stream->upload_left != -1)
- stream->upload_left -= nwritten;
- /* When we stopped sending and everything in `sendbuf` is "in flight",
- * we are at the end of the request body. */
- if(stream->upload_left == 0) {
- *pflags = NGHTTP3_DATA_FLAG_EOF;
- stream->send_closed = TRUE;
- }
- else if(!nwritten) {
- /* Not EOF, and nothing to give, we signal WOULDBLOCK. */
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN",
- stream->id);
- return NGHTTP3_ERR_WOULDBLOCK;
- }
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> "
- "%d vecs%s with %zu (buffered=%zu, left=%"
- CURL_FORMAT_CURL_OFF_T ")",
- stream->id, (int)nvecs,
- *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"",
- nwritten, Curl_bufq_len(&stream->sendbuf),
- stream->upload_left);
- return (nghttp3_ssize)nvecs;
- }
- /* Index where :authority header field will appear in request header
- field list. */
- #define AUTHORITY_DST_IDX 3
- static ssize_t h3_stream_open(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const void *buf, size_t len,
- CURLcode *err)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct h3_stream_ctx *stream = NULL;
- struct dynhds h2_headers;
- size_t nheader;
- nghttp3_nv *nva = NULL;
- int rc = 0;
- unsigned int i;
- ssize_t nwritten = -1;
- nghttp3_data_reader reader;
- nghttp3_data_reader *preader = NULL;
- Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
- *err = h3_data_setup(cf, data);
- if(*err)
- goto out;
- stream = H3_STREAM_CTX(data);
- DEBUGASSERT(stream);
- if(!stream) {
- *err = CURLE_FAILED_INIT;
- goto out;
- }
- nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err);
- if(nwritten < 0)
- goto out;
- if(!stream->h1.done) {
- /* need more data */
- goto out;
- }
- DEBUGASSERT(stream->h1.req);
- *err = Curl_http_req_to_h2(&h2_headers, stream->h1.req, data);
- if(*err) {
- nwritten = -1;
- goto out;
- }
- /* no longer needed */
- Curl_h1_req_parse_free(&stream->h1);
- nheader = Curl_dynhds_count(&h2_headers);
- nva = malloc(sizeof(nghttp3_nv) * nheader);
- if(!nva) {
- *err = CURLE_OUT_OF_MEMORY;
- nwritten = -1;
- goto out;
- }
- for(i = 0; i < nheader; ++i) {
- struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i);
- nva[i].name = (unsigned char *)e->name;
- nva[i].namelen = e->namelen;
- nva[i].value = (unsigned char *)e->value;
- nva[i].valuelen = e->valuelen;
- nva[i].flags = NGHTTP3_NV_FLAG_NONE;
- }
- rc = ngtcp2_conn_open_bidi_stream(ctx->qconn, &stream->id, data);
- if(rc) {
- failf(data, "can get bidi streams");
- *err = CURLE_SEND_ERROR;
- goto out;
- }
- switch(data->state.httpreq) {
- case HTTPREQ_POST:
- case HTTPREQ_POST_FORM:
- case HTTPREQ_POST_MIME:
- case HTTPREQ_PUT:
- /* known request body size or -1 */
- if(data->state.infilesize != -1)
- stream->upload_left = data->state.infilesize;
- else
- /* data sending without specifying the data amount up front */
- stream->upload_left = -1; /* unknown */
- break;
- default:
- /* there is not request body */
- stream->upload_left = 0; /* no request body */
- break;
- }
- stream->send_closed = (stream->upload_left == 0);
- if(!stream->send_closed) {
- reader.read_data = cb_h3_read_req_body;
- preader = &reader;
- }
- rc = nghttp3_conn_submit_request(ctx->h3conn, stream->id,
- nva, nheader, preader, data);
- if(rc) {
- switch(rc) {
- case NGHTTP3_ERR_CONN_CLOSING:
- CURL_TRC_CF(data, cf, "h3sid[%"PRId64"] failed to send, "
- "connection is closing", stream->id);
- break;
- default:
- CURL_TRC_CF(data, cf, "h3sid[%"PRId64"] failed to send -> %d (%s)",
- stream->id, rc, ngtcp2_strerror(rc));
- break;
- }
- *err = CURLE_SEND_ERROR;
- nwritten = -1;
- goto out;
- }
- if(Curl_trc_is_verbose(data)) {
- infof(data, "[HTTP/3] [%" PRId64 "] OPENED stream for %s",
- stream->id, data->state.url);
- for(i = 0; i < nheader; ++i) {
- infof(data, "[HTTP/3] [%" PRId64 "] [%.*s: %.*s]", stream->id,
- (int)nva[i].namelen, nva[i].name,
- (int)nva[i].valuelen, nva[i].value);
- }
- }
- out:
- free(nva);
- Curl_dynhds_free(&h2_headers);
- return nwritten;
- }
- static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
- const void *buf, size_t len, CURLcode *err)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- ssize_t sent = 0;
- struct cf_call_data save;
- struct pkt_io_ctx pktx;
- CURLcode result;
- CF_DATA_SAVE(save, cf, data);
- DEBUGASSERT(cf->connected);
- DEBUGASSERT(ctx->qconn);
- DEBUGASSERT(ctx->h3conn);
- pktx_init(&pktx, cf, data);
- *err = CURLE_OK;
- result = cf_progress_ingress(cf, data, &pktx);
- if(result) {
- *err = result;
- sent = -1;
- }
- if(!stream || stream->id < 0) {
- sent = h3_stream_open(cf, data, buf, len, err);
- if(sent < 0) {
- CURL_TRC_CF(data, cf, "failed to open stream -> %d", *err);
- goto out;
- }
- stream = H3_STREAM_CTX(data);
- }
- else if(stream->upload_blocked_len) {
- /* the data in `buf` has already been submitted or added to the
- * buffers, but have been EAGAINed on the last invocation. */
- DEBUGASSERT(len >= stream->upload_blocked_len);
- if(len < stream->upload_blocked_len) {
- /* Did we get called again with a smaller `len`? This should not
- * happen. We are not prepared to handle that. */
- failf(data, "HTTP/3 send again with decreased length");
- *err = CURLE_HTTP3;
- sent = -1;
- goto out;
- }
- sent = (ssize_t)stream->upload_blocked_len;
- stream->upload_blocked_len = 0;
- }
- else if(stream->closed) {
- if(stream->resp_hds_complete) {
- /* Server decided to close the stream after having sent us a final
- * response. This is valid if it is not interested in the request
- * body. This happens on 30x or 40x responses.
- * We silently discard the data sent, since this is not a transport
- * error situation. */
- CURL_TRC_CF(data, cf, "[%" PRId64 "] discarding data"
- "on closed stream with response", stream->id);
- *err = CURLE_OK;
- sent = (ssize_t)len;
- goto out;
- }
- *err = CURLE_HTTP3;
- sent = -1;
- goto out;
- }
- else {
- sent = Curl_bufq_write(&stream->sendbuf, buf, len, err);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send, add to "
- "sendbuf(len=%zu) -> %zd, %d",
- stream->id, len, sent, *err);
- if(sent < 0) {
- goto out;
- }
- (void)nghttp3_conn_resume_stream(ctx->h3conn, stream->id);
- }
- result = cf_progress_egress(cf, data, &pktx);
- if(result) {
- *err = result;
- sent = -1;
- }
- if(stream && sent > 0 && stream->sendbuf_len_in_flight) {
- /* We have unacknowledged DATA and cannot report success to our
- * caller. Instead we EAGAIN and remember how much we have already
- * "written" into our various internal connection buffers. */
- stream->upload_blocked_len = sent;
- CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send(len=%zu), "
- "%zu bytes in flight -> EGAIN", stream->id, len,
- stream->sendbuf_len_in_flight);
- *err = CURLE_AGAIN;
- sent = -1;
- }
- out:
- result = check_and_set_expiry(cf, data, &pktx);
- if(result) {
- *err = result;
- sent = -1;
- }
- CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send(len=%zu) -> %zd, %d",
- stream? stream->id : -1, len, sent, *err);
- CF_DATA_RESTORE(cf, save);
- return sent;
- }
- static CURLcode qng_verify_peer(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct ssl_primary_config *conn_config;
- CURLcode result = CURLE_OK;
- conn_config = Curl_ssl_cf_get_primary_config(cf);
- if(!conn_config)
- return CURLE_FAILED_INIT;
- cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
- cf->conn->httpversion = 30;
- cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX;
- if(conn_config->verifyhost) {
- #ifdef USE_OPENSSL
- X509 *server_cert;
- server_cert = SSL_get1_peer_certificate(ctx->ssl);
- if(!server_cert) {
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- result = Curl_ossl_verifyhost(data, cf->conn, &ctx->peer, server_cert);
- X509_free(server_cert);
- if(result)
- return result;
- #elif defined(USE_GNUTLS)
- result = Curl_gtls_verifyserver(data, ctx->gtls->session,
- conn_config, &data->set.ssl, &ctx->peer,
- data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
- if(result)
- return result;
- #elif defined(USE_WOLFSSL)
- if(!ctx->peer.sni ||
- wolfSSL_check_domain_name(ctx->ssl, ctx->peer.sni) == SSL_FAILURE)
- return CURLE_PEER_FAILED_VERIFICATION;
- #endif
- infof(data, "Verified certificate just fine");
- }
- else
- infof(data, "Skipped certificate verification");
- #ifdef USE_OPENSSL
- if(data->set.ssl.certinfo)
- /* asked to gather certificate info */
- (void)Curl_ossl_certchain(data, ctx->ssl);
- #endif
- return result;
- }
- static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen,
- struct sockaddr_storage *remote_addr,
- socklen_t remote_addrlen, int ecn,
- void *userp)
- {
- struct pkt_io_ctx *pktx = userp;
- struct cf_ngtcp2_ctx *ctx = pktx->cf->ctx;
- ngtcp2_pkt_info pi;
- ngtcp2_path path;
- int rv;
- ++pktx->pkt_count;
- ngtcp2_addr_init(&path.local, (struct sockaddr *)&ctx->q.local_addr,
- ctx->q.local_addrlen);
- ngtcp2_addr_init(&path.remote, (struct sockaddr *)remote_addr,
- remote_addrlen);
- pi.ecn = (uint8_t)ecn;
- rv = ngtcp2_conn_read_pkt(ctx->qconn, &path, &pi, pkt, pktlen, pktx->ts);
- if(rv) {
- CURL_TRC_CF(pktx->data, pktx->cf, "ingress, read_pkt -> %s (%d)",
- ngtcp2_strerror(rv), rv);
- if(!ctx->last_error.error_code) {
- if(rv == NGTCP2_ERR_CRYPTO) {
- ngtcp2_ccerr_set_tls_alert(&ctx->last_error,
- ngtcp2_conn_get_tls_alert(ctx->qconn),
- NULL, 0);
- }
- else {
- ngtcp2_ccerr_set_liberr(&ctx->last_error, rv, NULL, 0);
- }
- }
- if(rv == NGTCP2_ERR_CRYPTO)
- /* this is a "TLS problem", but a failed certificate verification
- is a common reason for this */
- return CURLE_PEER_FAILED_VERIFICATION;
- return CURLE_RECV_ERROR;
- }
- return CURLE_OK;
- }
- static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct pkt_io_ctx local_pktx;
- size_t pkts_chunk = 128, i;
- size_t pkts_max = 10 * pkts_chunk;
- CURLcode result = CURLE_OK;
- if(!pktx) {
- pktx_init(&local_pktx, cf, data);
- pktx = &local_pktx;
- }
- else {
- pktx_update_time(pktx, cf);
- }
- #ifdef USE_OPENSSL
- if(!ctx->x509_store_setup) {
- result = Curl_ssl_setup_x509_store(cf, data, ctx->sslctx);
- if(result)
- return result;
- ctx->x509_store_setup = TRUE;
- }
- #endif
- for(i = 0; i < pkts_max; i += pkts_chunk) {
- pktx->pkt_count = 0;
- result = vquic_recv_packets(cf, data, &ctx->q, pkts_chunk,
- recv_pkt, pktx);
- if(result) /* error */
- break;
- if(pktx->pkt_count < pkts_chunk) /* got less than we could */
- break;
- /* give egress a chance before we receive more */
- result = cf_progress_egress(cf, data, pktx);
- if(result) /* error */
- break;
- }
- return result;
- }
- /**
- * Read a network packet to send from ngtcp2 into `buf`.
- * Return number of bytes written or -1 with *err set.
- */
- static ssize_t read_pkt_to_send(void *userp,
- unsigned char *buf, size_t buflen,
- CURLcode *err)
- {
- struct pkt_io_ctx *x = userp;
- struct cf_ngtcp2_ctx *ctx = x->cf->ctx;
- nghttp3_vec vec[16];
- nghttp3_ssize veccnt;
- ngtcp2_ssize ndatalen;
- uint32_t flags;
- int64_t stream_id;
- int fin;
- ssize_t nwritten, n;
- veccnt = 0;
- stream_id = -1;
- fin = 0;
- /* ngtcp2 may want to put several frames from different streams into
- * this packet. `NGTCP2_WRITE_STREAM_FLAG_MORE` tells it to do so.
- * When `NGTCP2_ERR_WRITE_MORE` is returned, we *need* to make
- * another iteration.
- * When ngtcp2 is happy (because it has no other frame that would fit
- * or it has nothing more to send), it returns the total length
- * of the assembled packet. This may be 0 if there was nothing to send. */
- nwritten = 0;
- *err = CURLE_OK;
- for(;;) {
- if(ctx->h3conn && ngtcp2_conn_get_max_data_left(ctx->qconn)) {
- veccnt = nghttp3_conn_writev_stream(ctx->h3conn, &stream_id, &fin, vec,
- sizeof(vec) / sizeof(vec[0]));
- if(veccnt < 0) {
- failf(x->data, "nghttp3_conn_writev_stream returned error: %s",
- nghttp3_strerror((int)veccnt));
- ngtcp2_ccerr_set_application_error(
- &ctx->last_error,
- nghttp3_err_infer_quic_app_error_code((int)veccnt), NULL, 0);
- *err = CURLE_SEND_ERROR;
- return -1;
- }
- }
- flags = NGTCP2_WRITE_STREAM_FLAG_MORE |
- (fin ? NGTCP2_WRITE_STREAM_FLAG_FIN : 0);
- n = ngtcp2_conn_writev_stream(ctx->qconn, &x->ps.path,
- NULL, buf, buflen,
- &ndatalen, flags, stream_id,
- (const ngtcp2_vec *)vec, veccnt, x->ts);
- if(n == 0) {
- /* nothing to send */
- *err = CURLE_AGAIN;
- nwritten = -1;
- goto out;
- }
- else if(n < 0) {
- switch(n) {
- case NGTCP2_ERR_STREAM_DATA_BLOCKED: {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(x->data);
- DEBUGASSERT(ndatalen == -1);
- nghttp3_conn_block_stream(ctx->h3conn, stream_id);
- CURL_TRC_CF(x->data, x->cf, "[%" PRId64 "] block quic flow",
- stream_id);
- DEBUGASSERT(stream);
- if(stream)
- stream->quic_flow_blocked = TRUE;
- n = 0;
- break;
- }
- case NGTCP2_ERR_STREAM_SHUT_WR:
- DEBUGASSERT(ndatalen == -1);
- nghttp3_conn_shutdown_stream_write(ctx->h3conn, stream_id);
- n = 0;
- break;
- case NGTCP2_ERR_WRITE_MORE:
- /* ngtcp2 wants to send more. update the flow of the stream whose data
- * is in the buffer and continue */
- DEBUGASSERT(ndatalen >= 0);
- n = 0;
- break;
- default:
- DEBUGASSERT(ndatalen == -1);
- failf(x->data, "ngtcp2_conn_writev_stream returned error: %s",
- ngtcp2_strerror((int)n));
- ngtcp2_ccerr_set_liberr(&ctx->last_error, (int)n, NULL, 0);
- *err = CURLE_SEND_ERROR;
- nwritten = -1;
- goto out;
- }
- }
- if(ndatalen >= 0) {
- /* we add the amount of data bytes to the flow windows */
- int rv = nghttp3_conn_add_write_offset(ctx->h3conn, stream_id, ndatalen);
- if(rv) {
- failf(x->data, "nghttp3_conn_add_write_offset returned error: %s\n",
- nghttp3_strerror(rv));
- return CURLE_SEND_ERROR;
- }
- }
- if(n > 0) {
- /* packet assembled, leave */
- nwritten = n;
- goto out;
- }
- }
- out:
- return nwritten;
- }
- static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- ssize_t nread;
- size_t max_payload_size, path_max_payload_size, max_pktcnt;
- size_t pktcnt = 0;
- size_t gsolen = 0; /* this disables gso until we have a clue */
- CURLcode curlcode;
- struct pkt_io_ctx local_pktx;
- if(!pktx) {
- pktx_init(&local_pktx, cf, data);
- pktx = &local_pktx;
- }
- else {
- pktx_update_time(pktx, cf);
- ngtcp2_path_storage_zero(&pktx->ps);
- }
- curlcode = vquic_flush(cf, data, &ctx->q);
- if(curlcode) {
- if(curlcode == CURLE_AGAIN) {
- Curl_expire(data, 1, EXPIRE_QUIC);
- return CURLE_OK;
- }
- return curlcode;
- }
- /* In UDP, there is a maximum theoretical packet paload length and
- * a minimum payload length that is "guarantueed" to work.
- * To detect if this minimum payload can be increased, ngtcp2 sends
- * now and then a packet payload larger than the minimum. It that
- * is ACKed by the peer, both parties know that it works and
- * the subsequent packets can use a larger one.
- * This is called PMTUD (Path Maximum Transmission Unit Discovery).
- * Since a PMTUD might be rejected right on send, we do not want it
- * be followed by other packets of lesser size. Because those would
- * also fail then. So, if we detect a PMTUD while buffering, we flush.
- */
- max_payload_size = ngtcp2_conn_get_max_tx_udp_payload_size(ctx->qconn);
- path_max_payload_size =
- ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
- /* maximum number of packets buffered before we flush to the socket */
- max_pktcnt = CURLMIN(MAX_PKT_BURST,
- ctx->q.sendbuf.chunk_size / max_payload_size);
- for(;;) {
- /* add the next packet to send, if any, to our buffer */
- nread = Curl_bufq_sipn(&ctx->q.sendbuf, max_payload_size,
- read_pkt_to_send, pktx, &curlcode);
- if(nread < 0) {
- if(curlcode != CURLE_AGAIN)
- return curlcode;
- /* Nothing more to add, flush and leave */
- curlcode = vquic_send(cf, data, &ctx->q, gsolen);
- if(curlcode) {
- if(curlcode == CURLE_AGAIN) {
- Curl_expire(data, 1, EXPIRE_QUIC);
- return CURLE_OK;
- }
- return curlcode;
- }
- goto out;
- }
- DEBUGASSERT(nread > 0);
- if(pktcnt == 0) {
- /* first packet in buffer. This is either of a known, "good"
- * payload size or it is a PMTUD. We'll see. */
- gsolen = (size_t)nread;
- }
- else if((size_t)nread > gsolen ||
- (gsolen > path_max_payload_size && (size_t)nread != gsolen)) {
- /* The just added packet is a PMTUD *or* the one(s) before the
- * just added were PMTUD and the last one is smaller.
- * Flush the buffer before the last add. */
- curlcode = vquic_send_tail_split(cf, data, &ctx->q,
- gsolen, nread, nread);
- if(curlcode) {
- if(curlcode == CURLE_AGAIN) {
- Curl_expire(data, 1, EXPIRE_QUIC);
- return CURLE_OK;
- }
- return curlcode;
- }
- pktcnt = 0;
- continue;
- }
- if(++pktcnt >= max_pktcnt || (size_t)nread < gsolen) {
- /* Reached MAX_PKT_BURST *or*
- * the capacity of our buffer *or*
- * last add was shorter than the previous ones, flush */
- curlcode = vquic_send(cf, data, &ctx->q, gsolen);
- if(curlcode) {
- if(curlcode == CURLE_AGAIN) {
- Curl_expire(data, 1, EXPIRE_QUIC);
- return CURLE_OK;
- }
- return curlcode;
- }
- /* pktbuf has been completely sent */
- pktcnt = 0;
- }
- }
- out:
- return CURLE_OK;
- }
- /*
- * Called from transfer.c:data_pending to know if we should keep looping
- * to receive more data from the connection.
- */
- static bool cf_ngtcp2_data_pending(struct Curl_cfilter *cf,
- const struct Curl_easy *data)
- {
- const struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- (void)cf;
- return stream && !Curl_bufq_is_empty(&stream->recvbuf);
- }
- static CURLcode h3_data_pause(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool pause)
- {
- /* TODO: there seems right now no API in ngtcp2 to shrink/enlarge
- * the streams windows. As we do in HTTP/2. */
- if(!pause) {
- h3_drain_stream(cf, data);
- Curl_expire(data, 0, EXPIRE_RUN_NOW);
- }
- return CURLE_OK;
- }
- static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- int event, int arg1, void *arg2)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- CURLcode result = CURLE_OK;
- struct cf_call_data save;
- CF_DATA_SAVE(save, cf, data);
- (void)arg1;
- (void)arg2;
- switch(event) {
- case CF_CTRL_DATA_SETUP:
- break;
- case CF_CTRL_DATA_PAUSE:
- result = h3_data_pause(cf, data, (arg1 != 0));
- break;
- case CF_CTRL_DATA_DETACH:
- h3_data_done(cf, data);
- break;
- case CF_CTRL_DATA_DONE:
- h3_data_done(cf, data);
- break;
- case CF_CTRL_DATA_DONE_SEND: {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- if(stream && !stream->send_closed) {
- stream->send_closed = TRUE;
- stream->upload_left = Curl_bufq_len(&stream->sendbuf);
- (void)nghttp3_conn_resume_stream(ctx->h3conn, stream->id);
- }
- break;
- }
- case CF_CTRL_DATA_IDLE: {
- struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURL_TRC_CF(data, cf, "data idle");
- if(stream && !stream->closed) {
- result = check_and_set_expiry(cf, data, NULL);
- if(result)
- CURL_TRC_CF(data, cf, "data idle, check_and_set_expiry -> %d", result);
- }
- break;
- }
- default:
- break;
- }
- CF_DATA_RESTORE(cf, save);
- return result;
- }
- static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx)
- {
- struct cf_call_data save = ctx->call_data;
- if(ctx->qlogfd != -1) {
- close(ctx->qlogfd);
- }
- #ifdef USE_OPENSSL
- if(ctx->ssl)
- SSL_free(ctx->ssl);
- if(ctx->sslctx)
- SSL_CTX_free(ctx->sslctx);
- #elif defined(USE_GNUTLS)
- if(ctx->gtls) {
- if(ctx->gtls->cred)
- gnutls_certificate_free_credentials(ctx->gtls->cred);
- if(ctx->gtls->session)
- gnutls_deinit(ctx->gtls->session);
- free(ctx->gtls);
- }
- #elif defined(USE_WOLFSSL)
- if(ctx->ssl)
- wolfSSL_free(ctx->ssl);
- if(ctx->sslctx)
- wolfSSL_CTX_free(ctx->sslctx);
- #endif
- vquic_ctx_free(&ctx->q);
- if(ctx->h3conn)
- nghttp3_conn_del(ctx->h3conn);
- if(ctx->qconn)
- ngtcp2_conn_del(ctx->qconn);
- Curl_bufcp_free(&ctx->stream_bufcp);
- Curl_ssl_peer_cleanup(&ctx->peer);
- memset(ctx, 0, sizeof(*ctx));
- ctx->qlogfd = -1;
- ctx->call_data = save;
- }
- static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct cf_call_data save;
- CF_DATA_SAVE(save, cf, data);
- if(ctx && ctx->qconn) {
- char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE];
- struct pkt_io_ctx pktx;
- ngtcp2_ssize rc;
- CURL_TRC_CF(data, cf, "close");
- pktx_init(&pktx, cf, data);
- rc = ngtcp2_conn_write_connection_close(ctx->qconn, NULL, /* path */
- NULL, /* pkt_info */
- (uint8_t *)buffer, sizeof(buffer),
- &ctx->last_error, pktx.ts);
- if(rc > 0) {
- while((send(ctx->q.sockfd, buffer, (SEND_TYPE_ARG3)rc, 0) == -1) &&
- SOCKERRNO == EINTR);
- }
- cf_ngtcp2_ctx_clear(ctx);
- }
- cf->connected = FALSE;
- CF_DATA_RESTORE(cf, save);
- }
- static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct cf_call_data save;
- CF_DATA_SAVE(save, cf, data);
- CURL_TRC_CF(data, cf, "destroy");
- if(ctx) {
- cf_ngtcp2_ctx_clear(ctx);
- free(ctx);
- }
- cf->ctx = NULL;
- /* No CF_DATA_RESTORE(cf, save) possible */
- (void)save;
- }
- /*
- * Might be called twice for happy eyeballs.
- */
- static CURLcode cf_connect_start(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct pkt_io_ctx *pktx)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- int rc;
- int rv;
- CURLcode result;
- const struct Curl_sockaddr_ex *sockaddr = NULL;
- int qfd;
- ctx->version = NGTCP2_PROTO_VER_MAX;
- ctx->max_stream_window = H3_STREAM_WINDOW_SIZE;
- ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS;
- Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE,
- H3_STREAM_POOL_SPARES);
- result = Curl_ssl_peer_init(&ctx->peer, cf);
- if(result)
- return result;
- #ifdef USE_OPENSSL
- result = quic_ssl_ctx(&ctx->sslctx, cf, data);
- if(result)
- return result;
- result = quic_set_client_cert(cf, data);
- if(result)
- return result;
- #elif defined(USE_WOLFSSL)
- result = quic_ssl_ctx(&ctx->sslctx, cf, data);
- if(result)
- return result;
- #endif
- result = quic_init_ssl(cf, data);
- if(result)
- return result;
- ctx->dcid.datalen = NGTCP2_MAX_CIDLEN;
- result = Curl_rand(data, ctx->dcid.data, NGTCP2_MAX_CIDLEN);
- if(result)
- return result;
- ctx->scid.datalen = NGTCP2_MAX_CIDLEN;
- result = Curl_rand(data, ctx->scid.data, NGTCP2_MAX_CIDLEN);
- if(result)
- return result;
- (void)Curl_qlogdir(data, ctx->scid.data, NGTCP2_MAX_CIDLEN, &qfd);
- ctx->qlogfd = qfd; /* -1 if failure above */
- quic_settings(ctx, data, pktx);
- result = vquic_ctx_init(&ctx->q);
- if(result)
- return result;
- Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd,
- &sockaddr, NULL, NULL, NULL, NULL);
- if(!sockaddr)
- return CURLE_QUIC_CONNECT_ERROR;
- ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
- rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
- &ctx->q.local_addrlen);
- if(rv == -1)
- return CURLE_QUIC_CONNECT_ERROR;
- ngtcp2_addr_init(&ctx->connected_path.local,
- (struct sockaddr *)&ctx->q.local_addr,
- ctx->q.local_addrlen);
- ngtcp2_addr_init(&ctx->connected_path.remote,
- &sockaddr->sa_addr, sockaddr->addrlen);
- rc = ngtcp2_conn_client_new(&ctx->qconn, &ctx->dcid, &ctx->scid,
- &ctx->connected_path,
- NGTCP2_PROTO_VER_V1, &ng_callbacks,
- &ctx->settings, &ctx->transport_params,
- NULL, cf);
- if(rc)
- return CURLE_QUIC_CONNECT_ERROR;
- #ifdef USE_GNUTLS
- ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->gtls->session);
- #else
- ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->ssl);
- #endif
- ngtcp2_ccerr_default(&ctx->last_error);
- ctx->conn_ref.get_conn = get_conn;
- ctx->conn_ref.user_data = cf;
- return CURLE_OK;
- }
- static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool blocking, bool *done)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- CURLcode result = CURLE_OK;
- struct cf_call_data save;
- struct curltime now;
- struct pkt_io_ctx pktx;
- if(cf->connected) {
- *done = TRUE;
- return CURLE_OK;
- }
- /* Connect the UDP filter first */
- if(!cf->next->connected) {
- result = Curl_conn_cf_connect(cf->next, data, blocking, done);
- if(result || !*done)
- return result;
- }
- *done = FALSE;
- now = Curl_now();
- pktx_init(&pktx, cf, data);
- CF_DATA_SAVE(save, cf, data);
- if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) {
- /* Not time yet to attempt the next connect */
- CURL_TRC_CF(data, cf, "waiting for reconnect time");
- goto out;
- }
- if(!ctx->qconn) {
- ctx->started_at = now;
- result = cf_connect_start(cf, data, &pktx);
- if(result)
- goto out;
- result = cf_progress_egress(cf, data, &pktx);
- /* we do not expect to be able to recv anything yet */
- goto out;
- }
- result = cf_progress_ingress(cf, data, &pktx);
- if(result)
- goto out;
- result = cf_progress_egress(cf, data, &pktx);
- if(result)
- goto out;
- if(ngtcp2_conn_get_handshake_completed(ctx->qconn)) {
- ctx->handshake_at = now;
- CURL_TRC_CF(data, cf, "handshake complete after %dms",
- (int)Curl_timediff(now, ctx->started_at));
- result = qng_verify_peer(cf, data);
- if(!result) {
- CURL_TRC_CF(data, cf, "peer verified");
- cf->connected = TRUE;
- cf->conn->alpn = CURL_HTTP_VERSION_3;
- *done = TRUE;
- connkeep(cf->conn, "HTTP/3 default");
- }
- }
- out:
- if(result == CURLE_RECV_ERROR && ctx->qconn &&
- ngtcp2_conn_in_draining_period(ctx->qconn)) {
- /* When a QUIC server instance is shutting down, it may send us a
- * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
- * state. The CONNECT may work in the near future again. Indicate
- * that as a "weird" reply. */
- result = CURLE_WEIRD_SERVER_REPLY;
- }
- #ifndef CURL_DISABLE_VERBOSE_STRINGS
- if(result) {
- const char *r_ip = NULL;
- int r_port = 0;
- Curl_cf_socket_peek(cf->next, data, NULL, NULL,
- &r_ip, &r_port, NULL, NULL);
- infof(data, "QUIC connect to %s port %u failed: %s",
- r_ip, r_port, curl_easy_strerror(result));
- }
- #endif
- if(!result && ctx->qconn) {
- result = check_and_set_expiry(cf, data, &pktx);
- }
- if(result || *done)
- CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);
- CF_DATA_RESTORE(cf, save);
- return result;
- }
- static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- int query, int *pres1, void *pres2)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- struct cf_call_data save;
- switch(query) {
- case CF_QUERY_MAX_CONCURRENT: {
- const ngtcp2_transport_params *rp;
- DEBUGASSERT(pres1);
- CF_DATA_SAVE(save, cf, data);
- rp = ngtcp2_conn_get_remote_transport_params(ctx->qconn);
- if(rp)
- *pres1 = (rp->initial_max_streams_bidi > INT_MAX)?
- INT_MAX : (int)rp->initial_max_streams_bidi;
- else /* not arrived yet? */
- *pres1 = Curl_multi_max_concurrent_streams(data->multi);
- CURL_TRC_CF(data, cf, "query max_conncurrent -> %d", *pres1);
- CF_DATA_RESTORE(cf, save);
- return CURLE_OK;
- }
- case CF_QUERY_CONNECT_REPLY_MS:
- if(ctx->got_first_byte) {
- timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
- *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX;
- }
- else
- *pres1 = -1;
- return CURLE_OK;
- case CF_QUERY_TIMER_CONNECT: {
- struct curltime *when = pres2;
- if(ctx->got_first_byte)
- *when = ctx->first_byte_at;
- return CURLE_OK;
- }
- case CF_QUERY_TIMER_APPCONNECT: {
- struct curltime *when = pres2;
- if(cf->connected)
- *when = ctx->handshake_at;
- return CURLE_OK;
- }
- default:
- break;
- }
- return cf->next?
- cf->next->cft->query(cf->next, data, query, pres1, pres2) :
- CURLE_UNKNOWN_OPTION;
- }
- static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool *input_pending)
- {
- struct cf_ngtcp2_ctx *ctx = cf->ctx;
- bool alive = FALSE;
- const ngtcp2_transport_params *rp;
- struct cf_call_data save;
- CF_DATA_SAVE(save, cf, data);
- *input_pending = FALSE;
- if(!ctx->qconn)
- goto out;
- /* Both sides of the QUIC connection announce they max idle times in
- * the transport parameters. Look at the minimum of both and if
- * we exceed this, regard the connection as dead. The other side
- * may have completely purged it and will no longer respond
- * to any packets from us. */
- rp = ngtcp2_conn_get_remote_transport_params(ctx->qconn);
- if(rp) {
- timediff_t idletime;
- uint64_t idle_ms = ctx->max_idle_ms;
- if(rp->max_idle_timeout &&
- (rp->max_idle_timeout / NGTCP2_MILLISECONDS) < idle_ms)
- idle_ms = (rp->max_idle_timeout / NGTCP2_MILLISECONDS);
- idletime = Curl_timediff(Curl_now(), ctx->q.last_io);
- if(idletime > 0 && (uint64_t)idletime > idle_ms)
- goto out;
- }
- if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
- goto out;
- alive = TRUE;
- if(*input_pending) {
- CURLcode result;
- /* This happens before we've sent off a request and the connection is
- not in use by any other transfer, there shouldn't be any data here,
- only "protocol frames" */
- *input_pending = FALSE;
- result = cf_progress_ingress(cf, data, NULL);
- CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result);
- alive = result? FALSE : TRUE;
- }
- out:
- CF_DATA_RESTORE(cf, save);
- return alive;
- }
- struct Curl_cftype Curl_cft_http3 = {
- "HTTP/3",
- CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
- 0,
- cf_ngtcp2_destroy,
- cf_ngtcp2_connect,
- cf_ngtcp2_close,
- Curl_cf_def_get_host,
- cf_ngtcp2_adjust_pollset,
- cf_ngtcp2_data_pending,
- cf_ngtcp2_send,
- cf_ngtcp2_recv,
- cf_ngtcp2_data_event,
- cf_ngtcp2_conn_is_alive,
- Curl_cf_def_conn_keep_alive,
- cf_ngtcp2_query,
- };
- CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf,
- struct Curl_easy *data,
- struct connectdata *conn,
- const struct Curl_addrinfo *ai)
- {
- struct cf_ngtcp2_ctx *ctx = NULL;
- struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
- CURLcode result;
- (void)data;
- ctx = calloc(1, sizeof(*ctx));
- if(!ctx) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- ctx->qlogfd = -1;
- cf_ngtcp2_ctx_clear(ctx);
- result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
- if(result)
- goto out;
- result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
- if(result)
- goto out;
- cf->conn = conn;
- udp_cf->conn = cf->conn;
- udp_cf->sockindex = cf->sockindex;
- cf->next = udp_cf;
- out:
- *pcf = (!result)? cf : NULL;
- if(result) {
- if(udp_cf)
- Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE);
- Curl_safefree(cf);
- Curl_safefree(ctx);
- }
- return result;
- }
- bool Curl_conn_is_ngtcp2(const struct Curl_easy *data,
- const struct connectdata *conn,
- int sockindex)
- {
- struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
- (void)data;
- for(; cf; cf = cf->next) {
- if(cf->cft == &Curl_cft_http3)
- return TRUE;
- if(cf->cft->flags & CF_TYPE_IP_CONNECT)
- return FALSE;
- }
- return FALSE;
- }
- #endif
|