Merge pull request #1710 from nghttp2/quic-error-handling
Quic error handling
This commit is contained in:
Tatsuhiro Tsujikawa
GitHub
commit
a144dc0e59
|
|
@ -342,6 +342,7 @@ struct Client {
|
||||||
ev_timer pkt_timer;
|
ev_timer pkt_timer;
|
||||||
ngtcp2_conn *conn;
|
ngtcp2_conn *conn;
|
||||||
ngtcp2_connection_close_error last_error;
|
ngtcp2_connection_close_error last_error;
|
||||||
|
uint8_t tls_alert;
|
||||||
bool close_requested;
|
bool close_requested;
|
||||||
FILE *qlog_file;
|
FILE *qlog_file;
|
||||||
|
|
||||||
|
|
@ -500,7 +501,7 @@ struct Client {
|
||||||
size_t secretlen);
|
size_t secretlen);
|
||||||
void quic_set_tls_alert(uint8_t alert);
|
void quic_set_tls_alert(uint8_t alert);
|
||||||
|
|
||||||
void quic_write_client_handshake(ngtcp2_crypto_level level,
|
int quic_write_client_handshake(ngtcp2_crypto_level level,
|
||||||
const uint8_t *data, size_t datalen);
|
const uint8_t *data, size_t datalen);
|
||||||
int quic_pkt_timeout();
|
int quic_pkt_timeout();
|
||||||
void quic_restart_pkt_timer();
|
void quic_restart_pkt_timer();
|
||||||
|
|
|
||||||
|
|
@ -267,8 +267,11 @@ namespace {
|
||||||
int add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
|
int add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
|
||||||
const uint8_t *data, size_t len) {
|
const uint8_t *data, size_t len) {
|
||||||
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
|
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
|
||||||
c->quic_write_client_handshake(
|
if (c->quic_write_client_handshake(
|
||||||
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level), data, len);
|
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level), data,
|
||||||
|
len) != 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
@ -332,8 +335,11 @@ namespace {
|
||||||
int add_handshake_data(SSL *ssl, ssl_encryption_level_t ssl_level,
|
int add_handshake_data(SSL *ssl, ssl_encryption_level_t ssl_level,
|
||||||
const uint8_t *data, size_t len) {
|
const uint8_t *data, size_t len) {
|
||||||
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
|
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
|
||||||
c->quic_write_client_handshake(
|
if (c->quic_write_client_handshake(
|
||||||
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level), data, len);
|
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level), data,
|
||||||
|
len) != 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
@ -574,16 +580,22 @@ int Client::quic_on_tx_secret(ngtcp2_crypto_level level, const uint8_t *secret,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Client::quic_set_tls_alert(uint8_t alert) {
|
void Client::quic_set_tls_alert(uint8_t alert) { quic.tls_alert = alert; }
|
||||||
ngtcp2_connection_close_error_set_transport_error_tls_alert(
|
|
||||||
&quic.last_error, alert, nullptr, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
void Client::quic_write_client_handshake(ngtcp2_crypto_level level,
|
int Client::quic_write_client_handshake(ngtcp2_crypto_level level,
|
||||||
const uint8_t *data, size_t datalen) {
|
const uint8_t *data, size_t datalen) {
|
||||||
|
int rv;
|
||||||
|
|
||||||
assert(level < 2);
|
assert(level < 2);
|
||||||
|
|
||||||
ngtcp2_conn_submit_crypto_data(quic.conn, level, data, datalen);
|
rv = ngtcp2_conn_submit_crypto_data(quic.conn, level, data, datalen);
|
||||||
|
if (rv != 0) {
|
||||||
|
std::cerr << "ngtcp2_conn_submit_crypto_data: " << ngtcp2_strerror(rv)
|
||||||
|
<< std::endl;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void quic_pkt_timeout_cb(struct ev_loop *loop, ev_timer *w, int revents) {
|
void quic_pkt_timeout_cb(struct ev_loop *loop, ev_timer *w, int revents) {
|
||||||
|
|
@ -656,9 +668,14 @@ int Client::read_quic() {
|
||||||
std::cerr << "ngtcp2_conn_read_pkt: " << ngtcp2_strerror(rv) << std::endl;
|
std::cerr << "ngtcp2_conn_read_pkt: " << ngtcp2_strerror(rv) << std::endl;
|
||||||
|
|
||||||
if (!quic.last_error.error_code) {
|
if (!quic.last_error.error_code) {
|
||||||
|
if (rv == NGTCP2_ERR_CRYPTO) {
|
||||||
|
ngtcp2_connection_close_error_set_transport_error_tls_alert(
|
||||||
|
&quic.last_error, quic.tls_alert, nullptr, 0);
|
||||||
|
} else {
|
||||||
ngtcp2_connection_close_error_set_transport_error_liberr(
|
ngtcp2_connection_close_error_set_transport_error_liberr(
|
||||||
&quic.last_error, rv, nullptr, 0);
|
&quic.last_error, rv, nullptr, 0);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1786,14 +1786,11 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr,
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
case NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM:
|
case NGTCP2_ERR_CRYPTO:
|
||||||
case NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM:
|
if (!last_error_.error_code) {
|
||||||
case NGTCP2_ERR_TRANSPORT_PARAM:
|
ngtcp2_connection_close_error_set_transport_error_tls_alert(
|
||||||
// If rv indicates transport_parameters related error, we should
|
&last_error_, tls_alert_, nullptr, 0);
|
||||||
// send TRANSPORT_PARAMETER_ERROR even if last_error_.code is
|
}
|
||||||
// already set. This is because OpenSSL might set Alert.
|
|
||||||
ngtcp2_connection_close_error_set_transport_error_liberr(&last_error_, rv,
|
|
||||||
nullptr, 0);
|
|
||||||
break;
|
break;
|
||||||
case NGTCP2_ERR_DROP_CONN:
|
case NGTCP2_ERR_DROP_CONN:
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue