1/* Copyright (c) 2017 - 2022 LiteSpeed Technologies Inc.  See LICENSE. */
2/*
3 * lsquic_pr_queue.c -- packet request queue.
4 */
5
6#include <assert.h>
7#include <errno.h>
8#include <inttypes.h>
9#include <stdlib.h>
10#include <string.h>
11#include <sys/queue.h>
12
13#ifndef WIN32
14#include <netinet/in.h>
15#include <sys/socket.h>
16#endif
17
18#include <openssl/aead.h>
19#include <openssl/rand.h>
20
21#include "lsquic.h"
22#include "lsquic_types.h"
23#include "lsquic_int_types.h"
24#include "lsquic_packet_common.h"
25#include "lsquic_packet_gquic.h"
26#include "lsquic_packet_out.h"
27#include "lsquic_packet_in.h"
28#include "lsquic_hash.h"
29#include "lsquic_conn.h"
30#include "lsquic_parse.h"
31#include "lsquic_malo.h"
32#include "lsquic_pr_queue.h"
33#include "lsquic_parse_common.h"
34#include "lsquic_tokgen.h"
35#include "lsquic_version.h"
36#include "lsquic_mm.h"
37#include "lsquic_engine_public.h"
38#include "lsquic_sizes.h"
39#include "lsquic_handshake.h"
40#include "lsquic_xxhash.h"
41#include "lsquic_crand.h"
42
43#define LSQUIC_LOGGER_MODULE LSQLM_PRQ
44#include "lsquic_logger.h"
45
46#define MAX(a, b) ((a) > (b) ? (a) : (b))
47#define MIN(a, b) ((a) < (b) ? (a) : (b))
48
49
50static const struct conn_iface evanescent_conn_iface;
51
52
53struct packet_req
54{
55    struct lsquic_hash_elem     pr_hash_el;
56    lsquic_cid_t                pr_scid;
57    lsquic_cid_t                pr_dcid;
58    enum packet_req_type        pr_type;
59    enum pr_flags {
60        PR_GQUIC    = 1 << 0,
61    }                           pr_flags;
62    enum lsquic_version         pr_version;
63    unsigned                    pr_rst_sz;
64    struct network_path         pr_path;
65};
66
67
68struct evanescent_conn
69{
70    struct lsquic_conn          evc_conn;
71    struct packet_req          *evc_req;
72    struct pr_queue            *evc_queue;
73    struct lsquic_packet_out    evc_packet_out;
74    struct conn_cid_elem        evc_cces[1];
75    enum {
76        EVC_DROP    = 1 << 0,
77    }                           evc_flags;
78    unsigned char               evc_buf[0];
79};
80
81
82/* [draft-ietf-quic-transport-22], Section 17.2.1 */
83#define IQUIC_VERNEG_SIZE (1 /* Type */ + 4 /* Version (zero tag) */ \
84                + 1 /* DCIL */ + MAX_CID_LEN + 1 /* SCIL */ + MAX_CID_LEN + \
85                4 * N_LSQVER)
86
87
88struct pr_queue
89{
90    TAILQ_HEAD(, lsquic_conn)   prq_free_conns,
91                                prq_returned_conns;
92    struct malo                *prq_reqs_pool;
93    const struct lsquic_engine_public
94                               *prq_enpub;
95    struct lsquic_hash         *prq_reqs_hash;
96    unsigned                    prq_max_reqs;
97    unsigned                    prq_nreqs;
98    unsigned                    prq_max_conns;
99    unsigned                    prq_nconns;
100    unsigned                    prq_verneg_g_sz;  /* Size of prq_verneg_g_buf */
101    unsigned                    prq_pubres_g_sz;  /* Size of prq_pubres_g_buf */
102
103    /* GQUIC version negotiation and stateless reset packets are generated
104     * once, when the Packet Request Queue is created.  For each request,
105     * these buffers are simply copied and the connection ID is replaced.
106     *
107     * Since IETF QUIC uses variable-length connections IDs, we have to
108     * generate packets every time.
109     */
110    unsigned char               prq_pubres_g_buf[GQUIC_RESET_SZ];
111    unsigned char               prq_verneg_g_buf[1 + GQUIC_CID_LEN
112                                                                + N_LSQVER * 4];
113};
114
115
116static int
117comp_reqs (const void *s1, const void *s2, size_t n)
118{
119    const struct packet_req *a, *b;
120
121    a = s1;
122    b = s2;
123    if (a->pr_type == b->pr_type && LSQUIC_CIDS_EQ(&a->pr_dcid, &b->pr_dcid))
124        return 0;
125    else
126        return -1;
127}
128
129
130static unsigned
131hash_req (const void *p, size_t len, unsigned seed)
132{
133    const struct packet_req *req;
134
135    req = p;
136    return XXH32(req->pr_dcid.idbuf, req->pr_dcid.len, seed);
137}
138
139
140struct pr_queue *
141lsquic_prq_create (unsigned max_elems, unsigned max_conns,
142                        const struct lsquic_engine_public *enpub)
143{
144    const struct parse_funcs *pf;
145    struct pr_queue *prq;
146    struct malo *malo;
147    struct lsquic_hash *hash;
148    unsigned verneg_g_sz;
149    ssize_t prst_g_sz;
150    int len;
151
152    malo = lsquic_malo_create(sizeof(struct packet_req));
153    if (!malo)
154    {
155        LSQ_WARN("malo_create failed: %s", strerror(errno));
156        goto err0;
157    }
158
159
160    hash = lsquic_hash_create_ext(comp_reqs, hash_req);
161    if (!hash)
162    {
163        LSQ_WARN("cannot create hash");
164        goto err1;
165    }
166
167    prq = malloc(sizeof(*prq));
168    if (!prq)
169    {
170        LSQ_WARN("malloc failed: %s", strerror(errno));
171        goto err2;
172    }
173
174    const lsquic_cid_t cid = { .len = 8, };
175    pf = select_pf_by_ver(LSQVER_043);
176    len = lsquic_gquic_gen_ver_nego_pkt(prq->prq_verneg_g_buf,
177                    sizeof(prq->prq_verneg_g_buf), &cid,
178                    enpub->enp_settings.es_versions);
179    assert(len > 0);
180    if (len <= 0)
181    {
182        LSQ_ERROR("cannot generate version negotiation packet");
183        goto err3;
184    }
185    verneg_g_sz = (unsigned) len;
186
187    prst_g_sz = pf->pf_generate_simple_prst(0 /* This is just placeholder */,
188                                prq->prq_pubres_g_buf, sizeof(prq->prq_pubres_g_buf));
189    if (prst_g_sz < 0)
190    {
191        LSQ_ERROR("cannot generate public reset packet");
192        goto err3;
193    }
194
195    TAILQ_INIT(&prq->prq_free_conns);
196    TAILQ_INIT(&prq->prq_returned_conns);
197    prq->prq_reqs_hash = hash;
198    prq->prq_reqs_pool = malo;
199    prq->prq_max_reqs = max_elems;
200    prq->prq_nreqs = 0;
201    prq->prq_max_conns = max_conns;
202    prq->prq_nconns = 0;
203    prq->prq_verneg_g_sz = verneg_g_sz;
204    prq->prq_pubres_g_sz = (unsigned) prst_g_sz;
205    prq->prq_enpub       = enpub;
206
207    LSQ_INFO("initialized queue of size %d", max_elems);
208
209    return prq;
210
211  err3:
212    free(prq);
213  err2:
214    lsquic_hash_destroy(hash);
215  err1:
216    lsquic_malo_destroy(malo);
217  err0:
218    return NULL;
219}
220
221
222void
223lsquic_prq_destroy (struct pr_queue *prq)
224{
225    struct lsquic_conn *conn;
226
227    LSQ_INFO("destroy");
228    while ((conn = TAILQ_FIRST(&prq->prq_free_conns)))
229    {
230        TAILQ_REMOVE(&prq->prq_free_conns, conn, cn_next_pr);
231        free(conn);
232    }
233    lsquic_hash_destroy(prq->prq_reqs_hash);
234    lsquic_malo_destroy(prq->prq_reqs_pool);
235    free(prq);
236}
237
238
239static struct packet_req *
240get_req (struct pr_queue *prq)
241{
242    struct packet_req *req;
243    if (prq->prq_nreqs < prq->prq_max_reqs)
244    {
245        req = lsquic_malo_get(prq->prq_reqs_pool);
246        if (req)
247            ++prq->prq_nreqs;
248        else
249            LSQ_WARN("malo_get failed: %s", strerror(errno));
250        return req;
251    }
252    else
253        return NULL;
254}
255
256
257static void
258put_req (struct pr_queue *prq, struct packet_req *req)
259{
260    lsquic_malo_put(req);
261    --prq->prq_nreqs;
262}
263
264
265static int
266lsquic_prq_new_req_ext (struct pr_queue *prq, enum packet_req_type type,
267    unsigned flags, enum lsquic_version version, unsigned short data_sz,
268    const lsquic_cid_t *dcid, const lsquic_cid_t *scid, void *peer_ctx,
269    const struct sockaddr *local_addr, const struct sockaddr *peer_addr)
270{
271    struct packet_req *req;
272    unsigned max, size, rand;
273
274    if (type == PACKET_REQ_PUBRES && !(flags & PR_GQUIC))
275    {
276        if (data_sz <= IQUIC_MIN_SRST_SIZE)
277        {
278            LSQ_DEBUGC("not scheduling public reset: incoming packet for CID "
279                "%"CID_FMT" too small: %hu bytes", CID_BITS(dcid), data_sz);
280            return -1;
281        }
282        /* Use a random stateless reset size */
283        max = MIN(IQUIC_MAX_SRST_SIZE, data_sz - 1u);
284        if (max > IQUIC_MIN_SRST_SIZE)
285        {
286            rand = lsquic_crand_get_byte(prq->prq_enpub->enp_crand);
287            size = IQUIC_MIN_SRST_SIZE + rand % (max - IQUIC_MIN_SRST_SIZE);
288        }
289        else
290            size = IQUIC_MIN_SRST_SIZE;
291        LSQ_DEBUGC("selected %u-byte reset size for CID %"CID_FMT
292            " (range is [%u, %u])", size, CID_BITS(dcid),
293            IQUIC_MIN_SRST_SIZE, max);
294    }
295    else
296        size = 0;
297
298    req = get_req(prq);
299    if (!req)
300    {
301        LSQ_DEBUG("out of reqs: cannot allocated another one");
302        return -1;
303    }
304
305    req->pr_type     = type;
306    req->pr_dcid     = *dcid;
307    if (lsquic_hash_find(prq->prq_reqs_hash, req, sizeof(*req)))
308    {
309        LSQ_DEBUG("request for this DCID and type already exists");
310        put_req(prq, req);
311        return -1;
312    }
313
314    req->pr_hash_el.qhe_flags = 0;
315    if (!lsquic_hash_insert(prq->prq_reqs_hash, req, sizeof(*req),
316                                                    req, &req->pr_hash_el))
317    {
318        LSQ_DEBUG("could not insert req into hash");
319        put_req(prq, req);
320        return -1;
321    }
322
323    req->pr_flags    = flags;
324    req->pr_rst_sz   = size;
325    req->pr_version  = version;
326    req->pr_scid     = *scid;
327    req->pr_path.np_peer_ctx = peer_ctx;
328    memcpy(req->pr_path.np_local_addr, local_addr,
329                                            sizeof(req->pr_path.np_local_addr));
330    memcpy(NP_PEER_SA(&req->pr_path), peer_addr,
331                                            sizeof(req->pr_path.np_peer_addr));
332
333    LSQ_DEBUGC("scheduled %s packet for connection %"CID_FMT,
334                            lsquic_preqt2str[type], CID_BITS(&req->pr_dcid));
335    return 0;
336}
337
338
339int
340lsquic_prq_new_req (struct pr_queue *prq, enum packet_req_type type,
341         const struct lsquic_packet_in *packet_in, void *peer_ctx,
342         const struct sockaddr *local_addr, const struct sockaddr *peer_addr)
343{
344    lsquic_ver_tag_t ver_tag;
345    enum lsquic_version version;
346    enum pr_flags flags;
347    lsquic_cid_t scid;
348
349    if (packet_in->pi_flags & PI_GQUIC)
350        flags = PR_GQUIC;
351    else
352        flags = 0;
353
354    if (packet_in->pi_quic_ver)
355    {
356        memcpy(&ver_tag, packet_in->pi_data + packet_in->pi_quic_ver,
357                                                            sizeof(ver_tag));
358        version = lsquic_tag2ver(ver_tag);
359    }
360    else /* Got to set it to something sensible... */
361        version = LSQVER_ID27;
362
363    lsquic_scid_from_packet_in(packet_in, &scid);
364    return lsquic_prq_new_req_ext(prq, type, flags, version,
365                packet_in->pi_data_sz, &packet_in->pi_dcid, &scid,
366                peer_ctx, local_addr, peer_addr);
367}
368
369
370static size_t
371max_bufsz (const struct pr_queue *prq)
372{
373    return  MAX(MAX(MAX(IQUIC_VERNEG_SIZE,
374                        IQUIC_MIN_SRST_SIZE),
375                        sizeof(prq->prq_verneg_g_buf)),
376                        sizeof(prq->prq_pubres_g_buf));
377}
378
379
380static struct evanescent_conn *
381get_evconn (struct pr_queue *prq)
382{
383    struct evanescent_conn *evconn;
384    struct lsquic_conn *lconn;
385    struct lsquic_packet_out *packet_out;
386    size_t bufsz;
387
388    if (prq->prq_nconns >= prq->prq_max_conns)
389    {   /* This deserves a warning */
390        LSQ_WARN("tried to get connection past limit of %u", prq->prq_max_conns);
391        return NULL;
392    }
393
394    lconn = TAILQ_FIRST(&prq->prq_free_conns);
395    if (lconn)
396    {
397        TAILQ_REMOVE(&prq->prq_free_conns, lconn, cn_next_pr);
398        evconn = (struct evanescent_conn *) lconn;
399        evconn->evc_flags = 0;
400        return evconn;
401    }
402
403    bufsz = max_bufsz(prq);
404    evconn = calloc(1, sizeof(*evconn) + bufsz);
405    if (!evconn)
406    {
407        LSQ_WARN("calloc failed: %s", strerror(errno));
408        return NULL;
409    }
410
411    /* These values stay the same between connection usages: */
412    evconn->evc_queue = prq;
413    lconn = &evconn->evc_conn;
414    lconn->cn_cces = evconn->evc_cces;
415    lconn->cn_cces_mask = 1;
416    lconn->cn_n_cces = sizeof(evconn->evc_cces) / sizeof(evconn->evc_cces[0]);
417    lconn->cn_if = &evanescent_conn_iface;
418    lconn->cn_flags = LSCONN_EVANESCENT;
419    packet_out = &evconn->evc_packet_out;
420    packet_out->po_flags = PO_NOENCRYPT;
421    packet_out->po_data = evconn->evc_buf;
422
423    return evconn;
424}
425
426
427struct lsquic_conn *
428lsquic_prq_next_conn (struct pr_queue *prq)
429{
430    struct evanescent_conn *evconn;
431    struct lsquic_conn *lconn;
432    struct lsquic_hash_elem *el;
433    struct packet_req *req;
434    struct lsquic_packet_out *packet_out;
435    int (*gen_verneg) (unsigned char *, size_t, const lsquic_cid_t *,
436                                    const lsquic_cid_t *, unsigned, uint8_t);
437    int len;
438
439    lconn = TAILQ_FIRST(&prq->prq_returned_conns);
440    if (lconn)
441    {
442        TAILQ_REMOVE(&prq->prq_returned_conns, lconn, cn_next_pr);
443        return lconn;
444    }
445
446    el = lsquic_hash_first(prq->prq_reqs_hash);
447    if (!el)           /* Nothing is queued */
448        return NULL;
449
450    evconn = get_evconn(prq);
451    if (!evconn)         /* Reached limit or malloc failed */
452        return NULL;
453
454    req = lsquic_hashelem_getdata(el);
455    packet_out = &evconn->evc_packet_out;
456    switch ((req->pr_type << 29) | req->pr_flags)
457    {
458    case (PACKET_REQ_VERNEG << 29) | PR_GQUIC:
459        packet_out->po_data_sz = prq->prq_verneg_g_sz;
460        packet_out->po_flags |= PO_VERNEG;
461        memcpy(packet_out->po_data, prq->prq_verneg_g_buf,
462                                                    prq->prq_verneg_g_sz);
463        memcpy(packet_out->po_data + 1, req->pr_dcid.idbuf, GQUIC_CID_LEN);
464        break;
465    case (PACKET_REQ_PUBRES << 29) | PR_GQUIC:
466        packet_out->po_flags &= ~PO_VERNEG;
467        packet_out->po_data_sz = prq->prq_pubres_g_sz;
468        memcpy(packet_out->po_data, prq->prq_pubres_g_buf,
469                                                    prq->prq_pubres_g_sz);
470        memcpy(packet_out->po_data + 1, req->pr_dcid.idbuf, GQUIC_CID_LEN);
471        break;
472    case (PACKET_REQ_VERNEG << 29) | 0:
473        packet_out->po_flags |= PO_VERNEG;
474        if (req->pr_version == LSQVER_046)
475            gen_verneg = lsquic_Q046_gen_ver_nego_pkt;
476        else
477            gen_verneg = lsquic_ietf_v1_gen_ver_nego_pkt;
478        len = gen_verneg(packet_out->po_data, max_bufsz(prq),
479                    /* Flip SCID/DCID here: */ &req->pr_dcid, &req->pr_scid,
480                    prq->prq_enpub->enp_settings.es_versions,
481                    lsquic_crand_get_byte(prq->prq_enpub->enp_crand));
482        if (len > 0)
483            packet_out->po_data_sz = len;
484        else
485            packet_out->po_data_sz = 0;
486        break;
487    default:
488        packet_out->po_flags &= ~PO_VERNEG;
489        packet_out->po_data_sz = req->pr_rst_sz;
490        RAND_bytes(packet_out->po_data, req->pr_rst_sz - IQUIC_SRESET_TOKEN_SZ);
491        packet_out->po_data[0] &= ~0x80;
492        packet_out->po_data[0] |=  0x40;
493        lsquic_tg_generate_sreset(prq->prq_enpub->enp_tokgen, &req->pr_dcid,
494            packet_out->po_data + req->pr_rst_sz - IQUIC_SRESET_TOKEN_SZ);
495        break;
496    }
497
498    lsquic_hash_erase(prq->prq_reqs_hash, el);
499    evconn->evc_req = req;
500
501    lconn= &evconn->evc_conn;
502    evconn->evc_cces[0].cce_cid = req->pr_dcid;
503    packet_out->po_path = &req->pr_path;
504
505    ++prq->prq_nconns;
506    return lconn;
507}
508
509
510int
511lsquic_prq_have_pending (const struct pr_queue *prq)
512{
513    return lsquic_hash_count(prq->prq_reqs_hash) > 0;
514}
515
516
517static struct lsquic_packet_out *
518evanescent_conn_ci_next_packet_to_send (struct lsquic_conn *lconn,
519                                        const struct to_coal *to_coal_UNUSED)
520{
521    struct evanescent_conn *const evconn = (struct evanescent_conn *) lconn;
522    assert(!to_coal_UNUSED);
523    return &evconn->evc_packet_out;
524}
525
526
527static void
528prq_free_conn (struct pr_queue *prq, struct lsquic_conn *lconn)
529{
530    struct evanescent_conn *const evconn = (struct evanescent_conn *) lconn;
531
532    TAILQ_INSERT_HEAD(&prq->prq_free_conns, lconn, cn_next_pr);
533    put_req(prq, evconn->evc_req);
534    --prq->prq_nconns;
535}
536
537
538static void
539evanescent_conn_ci_packet_sent (struct lsquic_conn *lconn,
540                            struct lsquic_packet_out *packet_out)
541{
542    struct evanescent_conn *const evconn = (struct evanescent_conn *) lconn;
543    struct pr_queue *const prq = evconn->evc_queue;
544
545    assert(packet_out == &evconn->evc_packet_out);
546    assert(prq->prq_nconns > 0);
547
548    LSQ_DEBUGC("sent %s packet for connection %"CID_FMT"; free resources",
549        lsquic_preqt2str[ evconn->evc_req->pr_type ],
550        CID_BITS(&evconn->evc_req->pr_dcid));
551    prq_free_conn(prq, lconn);
552}
553
554
555static void
556evanescent_conn_ci_packet_not_sent (struct lsquic_conn *lconn,
557                                struct lsquic_packet_out *packet_out)
558{
559    struct evanescent_conn *const evconn = (struct evanescent_conn *) lconn;
560    struct pr_queue *const prq = evconn->evc_queue;
561
562    assert(packet_out == &evconn->evc_packet_out);
563    assert(prq->prq_nconns > 0);
564
565    if (evconn->evc_flags & EVC_DROP)
566    {
567        LSQ_DEBUGC("packet not sent; drop connection %"CID_FMT,
568                                        CID_BITS(&evconn->evc_req->pr_dcid));
569        prq_free_conn(prq, lconn);
570    }
571    else
572    {
573        LSQ_DEBUG("packet not sent; put connection onto used list");
574        TAILQ_INSERT_HEAD(&prq->prq_returned_conns, lconn, cn_next_pr);
575    }
576}
577
578
579static enum tick_st
580evanescent_conn_ci_tick (struct lsquic_conn *lconn, lsquic_time_t now)
581{
582    assert(0);
583    return TICK_CLOSE;
584}
585
586
587static void
588evanescent_conn_ci_destroy (struct lsquic_conn *lconn)
589{
590    assert(0);
591}
592
593
594static struct lsquic_engine *
595evanescent_conn_ci_get_engine (struct lsquic_conn *lconn)
596{
597    assert(0);
598    return NULL;
599}
600
601
602static void
603evanescent_conn_ci_hsk_done (struct lsquic_conn *lconn,
604                                                enum lsquic_hsk_status status)
605{
606    assert(0);
607}
608
609
610static void
611evanescent_conn_ci_packet_in (struct lsquic_conn *lconn,
612                          struct lsquic_packet_in *packet_in)
613{
614    assert(0);
615}
616
617
618static void
619evanescent_conn_ci_client_call_on_new (struct lsquic_conn *lconn)
620{
621    assert(0);
622}
623
624
625static struct network_path *
626evanescent_conn_ci_get_path (struct lsquic_conn *lconn,
627                                                    const struct sockaddr *sa)
628{
629    struct evanescent_conn *const evconn = (struct evanescent_conn *) lconn;
630
631    return &evconn->evc_req->pr_path;
632}
633
634
635static unsigned char
636evanescent_conn_ci_record_addrs (struct lsquic_conn *lconn, void *peer_ctx,
637            const struct sockaddr *local_sa, const struct sockaddr *peer_sa)
638{
639    assert(0);
640    return 0;
641}
642
643
644static const struct conn_iface evanescent_conn_iface = {
645    .ci_client_call_on_new   =  evanescent_conn_ci_client_call_on_new,
646    .ci_destroy              =  evanescent_conn_ci_destroy,
647    .ci_get_engine           =  evanescent_conn_ci_get_engine,
648    .ci_get_path             =  evanescent_conn_ci_get_path,
649    .ci_hsk_done             =  evanescent_conn_ci_hsk_done,
650    .ci_next_packet_to_send  =  evanescent_conn_ci_next_packet_to_send,
651    .ci_packet_in            =  evanescent_conn_ci_packet_in,
652    .ci_packet_not_sent      =  evanescent_conn_ci_packet_not_sent,
653    .ci_packet_sent          =  evanescent_conn_ci_packet_sent,
654    .ci_record_addrs         =  evanescent_conn_ci_record_addrs,
655    .ci_tick                 =  evanescent_conn_ci_tick,
656};
657
658
659const char *const lsquic_preqt2str[] =
660{
661    [PACKET_REQ_VERNEG] = "version negotiation",
662    [PACKET_REQ_PUBRES] = "stateless reset",
663};
664
665
666void
667lsquic_prq_drop (struct lsquic_conn *lconn)
668{
669    struct evanescent_conn *const evconn = (void *) lconn;
670
671    evconn->evc_flags |= EVC_DROP;
672    LSQ_DEBUGC("mark for connection %"CID_FMT" for dropping",
673                                        CID_BITS(&evconn->evc_req->pr_dcid));
674}
675