Merge pull request #1710 from nghttp2/quic-error-handling

Quic error handling
This commit is contained in:
Tatsuhiro Tsujikawa 2022-05-15 12:45:35 +09:00 committed by GitHub
commit a144dc0e59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 23 deletions

View File

@ -342,6 +342,7 @@ struct Client {
ev_timer pkt_timer; ev_timer pkt_timer;
ngtcp2_conn *conn; ngtcp2_conn *conn;
ngtcp2_connection_close_error last_error; ngtcp2_connection_close_error last_error;
uint8_t tls_alert;
bool close_requested; bool close_requested;
FILE *qlog_file; FILE *qlog_file;
@ -500,8 +501,8 @@ struct Client {
size_t secretlen); size_t secretlen);
void quic_set_tls_alert(uint8_t alert); void quic_set_tls_alert(uint8_t alert);
void quic_write_client_handshake(ngtcp2_crypto_level level, int quic_write_client_handshake(ngtcp2_crypto_level level,
const uint8_t *data, size_t datalen); const uint8_t *data, size_t datalen);
int quic_pkt_timeout(); int quic_pkt_timeout();
void quic_restart_pkt_timer(); void quic_restart_pkt_timer();
void quic_write_qlog(const void *data, size_t datalen); void quic_write_qlog(const void *data, size_t datalen);

View File

@ -267,8 +267,11 @@ namespace {
int add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level, int add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
const uint8_t *data, size_t len) { const uint8_t *data, size_t len) {
auto c = static_cast<Client *>(SSL_get_app_data(ssl)); auto c = static_cast<Client *>(SSL_get_app_data(ssl));
c->quic_write_client_handshake( if (c->quic_write_client_handshake(
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level), data, len); ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level), data,
len) != 0) {
return 0;
}
return 1; return 1;
} }
} // namespace } // namespace
@ -332,8 +335,11 @@ namespace {
int add_handshake_data(SSL *ssl, ssl_encryption_level_t ssl_level, int add_handshake_data(SSL *ssl, ssl_encryption_level_t ssl_level,
const uint8_t *data, size_t len) { const uint8_t *data, size_t len) {
auto c = static_cast<Client *>(SSL_get_app_data(ssl)); auto c = static_cast<Client *>(SSL_get_app_data(ssl));
c->quic_write_client_handshake( if (c->quic_write_client_handshake(
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level), data, len); ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level), data,
len) != 0) {
return 0;
}
return 1; return 1;
} }
} // namespace } // namespace
@ -574,16 +580,22 @@ int Client::quic_on_tx_secret(ngtcp2_crypto_level level, const uint8_t *secret,
return 0; return 0;
} }
void Client::quic_set_tls_alert(uint8_t alert) { void Client::quic_set_tls_alert(uint8_t alert) { quic.tls_alert = alert; }
ngtcp2_connection_close_error_set_transport_error_tls_alert(
&quic.last_error, alert, nullptr, 0); int Client::quic_write_client_handshake(ngtcp2_crypto_level level,
} const uint8_t *data, size_t datalen) {
int rv;
void Client::quic_write_client_handshake(ngtcp2_crypto_level level,
const uint8_t *data, size_t datalen) {
assert(level < 2); assert(level < 2);
ngtcp2_conn_submit_crypto_data(quic.conn, level, data, datalen); rv = ngtcp2_conn_submit_crypto_data(quic.conn, level, data, datalen);
if (rv != 0) {
std::cerr << "ngtcp2_conn_submit_crypto_data: " << ngtcp2_strerror(rv)
<< std::endl;
return -1;
}
return 0;
} }
void quic_pkt_timeout_cb(struct ev_loop *loop, ev_timer *w, int revents) { void quic_pkt_timeout_cb(struct ev_loop *loop, ev_timer *w, int revents) {
@ -656,8 +668,13 @@ int Client::read_quic() {
std::cerr << "ngtcp2_conn_read_pkt: " << ngtcp2_strerror(rv) << std::endl; std::cerr << "ngtcp2_conn_read_pkt: " << ngtcp2_strerror(rv) << std::endl;
if (!quic.last_error.error_code) { if (!quic.last_error.error_code) {
ngtcp2_connection_close_error_set_transport_error_liberr( if (rv == NGTCP2_ERR_CRYPTO) {
&quic.last_error, rv, nullptr, 0); ngtcp2_connection_close_error_set_transport_error_tls_alert(
&quic.last_error, quic.tls_alert, nullptr, 0);
} else {
ngtcp2_connection_close_error_set_transport_error_liberr(
&quic.last_error, rv, nullptr, 0);
}
} }
return -1; return -1;

View File

@ -1786,14 +1786,11 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr,
return -1; return -1;
} }
case NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM: case NGTCP2_ERR_CRYPTO:
case NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM: if (!last_error_.error_code) {
case NGTCP2_ERR_TRANSPORT_PARAM: ngtcp2_connection_close_error_set_transport_error_tls_alert(
// If rv indicates transport_parameters related error, we should &last_error_, tls_alert_, nullptr, 0);
// send TRANSPORT_PARAMETER_ERROR even if last_error_.code is }
// already set. This is because OpenSSL might set Alert.
ngtcp2_connection_close_error_set_transport_error_liberr(&last_error_, rv,
nullptr, 0);
break; break;
case NGTCP2_ERR_DROP_CONN: case NGTCP2_ERR_DROP_CONN:
return -1; return -1;