334 lines
8.2 KiB
C++
334 lines
8.2 KiB
C++
/*
|
|
* nghttp2 - HTTP/2 C Library
|
|
*
|
|
* Copyright (c) 2015 Tatsuhiro Tsujikawa
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
* a copy of this software and associated documentation files (the
|
|
* "Software"), to deal in the Software without restriction, including
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be
|
|
* included in all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
*/
|
|
#include "shrpx_connection.h"
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif // HAVE_UNISTD_H
|
|
|
|
#include <limits>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include "memchunk.h"
|
|
|
|
using namespace nghttp2;
|
|
|
|
namespace shrpx {
|
|
Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl,
|
|
ev_tstamp write_timeout, ev_tstamp read_timeout,
|
|
size_t write_rate, size_t write_burst, size_t read_rate,
|
|
size_t read_burst, IOCb writecb, IOCb readcb,
|
|
TimerCb timeoutcb, void *data)
|
|
: tls{ssl}, wlimit(loop, &wev, write_rate, write_burst),
|
|
rlimit(loop, &rev, read_rate, read_burst, ssl), writecb(writecb),
|
|
readcb(readcb), timeoutcb(timeoutcb), loop(loop), data(data), fd(fd) {
|
|
|
|
ev_io_init(&wev, writecb, fd, EV_WRITE);
|
|
ev_io_init(&rev, readcb, fd, EV_READ);
|
|
|
|
wev.data = this;
|
|
rev.data = this;
|
|
|
|
ev_timer_init(&wt, timeoutcb, 0., write_timeout);
|
|
ev_timer_init(&rt, timeoutcb, 0., read_timeout);
|
|
|
|
wt.data = this;
|
|
rt.data = this;
|
|
|
|
// set 0. to double field explicitly just in case
|
|
tls.last_write_time = 0.;
|
|
}
|
|
|
|
Connection::~Connection() { disconnect(); }
|
|
|
|
void Connection::disconnect() {
|
|
ev_timer_stop(loop, &rt);
|
|
ev_timer_stop(loop, &wt);
|
|
|
|
rlimit.stopw();
|
|
wlimit.stopw();
|
|
|
|
if (tls.ssl) {
|
|
SSL_set_app_data(tls.ssl, nullptr);
|
|
SSL_set_shutdown(tls.ssl, SSL_RECEIVED_SHUTDOWN);
|
|
ERR_clear_error();
|
|
SSL_shutdown(tls.ssl);
|
|
SSL_free(tls.ssl);
|
|
tls.ssl = nullptr;
|
|
}
|
|
|
|
if (fd != -1) {
|
|
shutdown(fd, SHUT_WR);
|
|
close(fd);
|
|
fd = -1;
|
|
}
|
|
}
|
|
|
|
int Connection::tls_handshake() {
|
|
auto rv = SSL_do_handshake(tls.ssl);
|
|
|
|
if (rv == 0) {
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
|
|
if (rv < 0) {
|
|
auto err = SSL_get_error(tls.ssl, rv);
|
|
switch (err) {
|
|
case SSL_ERROR_WANT_READ:
|
|
wlimit.stopw();
|
|
ev_timer_stop(loop, &wt);
|
|
return SHRPX_ERR_INPROGRESS;
|
|
case SSL_ERROR_WANT_WRITE:
|
|
wlimit.startw();
|
|
ev_timer_again(loop, &wt);
|
|
return SHRPX_ERR_INPROGRESS;
|
|
default:
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
}
|
|
|
|
wlimit.stopw();
|
|
ev_timer_stop(loop, &wt);
|
|
|
|
tls.initial_handshake_done = true;
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
LOG(INFO) << "SSL/TLS handshake completed";
|
|
if (SSL_session_reused(tls.ssl)) {
|
|
LOG(INFO) << "SSL/TLS session reused";
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
namespace {
|
|
const size_t SHRPX_SMALL_WRITE_LIMIT = 1300;
|
|
const size_t SHRPX_WARMUP_THRESHOLD = 1 << 20;
|
|
} // namespace
|
|
|
|
size_t Connection::get_tls_write_limit() {
|
|
auto t = ev_now(loop);
|
|
|
|
if (t - tls.last_write_time > 1.) {
|
|
// Time out, use small record size
|
|
tls.warmup_writelen = 0;
|
|
return SHRPX_SMALL_WRITE_LIMIT;
|
|
}
|
|
|
|
if (tls.warmup_writelen >= SHRPX_WARMUP_THRESHOLD) {
|
|
return std::numeric_limits<ssize_t>::max();
|
|
}
|
|
|
|
return SHRPX_SMALL_WRITE_LIMIT;
|
|
}
|
|
|
|
void Connection::update_tls_warmup_writelen(size_t n) {
|
|
if (tls.warmup_writelen < SHRPX_WARMUP_THRESHOLD) {
|
|
tls.warmup_writelen += n;
|
|
}
|
|
}
|
|
|
|
ssize_t Connection::write_tls(const void *data, size_t len) {
|
|
// SSL_write requires the same arguments (buf pointer and its
|
|
// length) on SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
|
|
// get_write_limit() may return smaller length than previously
|
|
// passed to SSL_write, which violates OpenSSL assumption. To avoid
|
|
// this, we keep last legnth passed to SSL_write to
|
|
// tls.last_writelen if SSL_write indicated I/O blocking.
|
|
if (tls.last_writelen == 0) {
|
|
len = std::min(len, wlimit.avail());
|
|
len = std::min(len, get_tls_write_limit());
|
|
if (len == 0) {
|
|
return 0;
|
|
}
|
|
} else {
|
|
len = tls.last_writelen;
|
|
tls.last_writelen = 0;
|
|
}
|
|
|
|
auto rv = SSL_write(tls.ssl, data, len);
|
|
|
|
if (rv == 0) {
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
|
|
tls.last_write_time = ev_now(loop);
|
|
|
|
if (rv < 0) {
|
|
auto err = SSL_get_error(tls.ssl, rv);
|
|
switch (err) {
|
|
case SSL_ERROR_WANT_READ:
|
|
if (LOG_ENABLED(INFO)) {
|
|
LOG(INFO) << "Close connection due to TLS renegotiation";
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
case SSL_ERROR_WANT_WRITE:
|
|
tls.last_writelen = len;
|
|
wlimit.startw();
|
|
ev_timer_again(loop, &wt);
|
|
return 0;
|
|
default:
|
|
if (LOG_ENABLED(INFO)) {
|
|
LOG(INFO) << "SSL_write: SSL_get_error returned " << err;
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
}
|
|
|
|
wlimit.drain(rv);
|
|
|
|
update_tls_warmup_writelen(rv);
|
|
|
|
return rv;
|
|
}
|
|
|
|
ssize_t Connection::read_tls(void *data, size_t len) {
|
|
// SSL_read requires the same arguments (buf pointer and its
|
|
// length) on SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
|
|
// rlimit_.avail() or rlimit_.avail() may return different length
|
|
// than the length previously passed to SSL_read, which violates
|
|
// OpenSSL assumption. To avoid this, we keep last legnth passed
|
|
// to SSL_read to tls_last_readlen_ if SSL_read indicated I/O
|
|
// blocking.
|
|
if (tls.last_readlen == 0) {
|
|
len = std::min(len, rlimit.avail());
|
|
if (len == 0) {
|
|
return 0;
|
|
}
|
|
} else {
|
|
len = tls.last_readlen;
|
|
tls.last_readlen = 0;
|
|
}
|
|
|
|
auto rv = SSL_read(tls.ssl, data, len);
|
|
|
|
if (rv <= 0) {
|
|
auto err = SSL_get_error(tls.ssl, rv);
|
|
switch (err) {
|
|
case SSL_ERROR_WANT_READ:
|
|
tls.last_readlen = len;
|
|
return 0;
|
|
case SSL_ERROR_WANT_WRITE:
|
|
if (LOG_ENABLED(INFO)) {
|
|
LOG(INFO) << "Close connection due to TLS renegotiation";
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
return SHRPX_ERR_EOF;
|
|
default:
|
|
if (LOG_ENABLED(INFO)) {
|
|
LOG(INFO) << "SSL_read: SSL_get_error returned " << err;
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
}
|
|
|
|
rlimit.drain(rv);
|
|
|
|
return rv;
|
|
}
|
|
|
|
ssize_t Connection::write_clear(const void *data, size_t len) {
|
|
len = std::min(len, wlimit.avail());
|
|
if (len == 0) {
|
|
return 0;
|
|
}
|
|
|
|
ssize_t nwrite;
|
|
while ((nwrite = write(fd, data, len)) == -1 && errno == EINTR)
|
|
;
|
|
if (nwrite == -1) {
|
|
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
|
wlimit.startw();
|
|
ev_timer_again(loop, &wt);
|
|
return 0;
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
|
|
wlimit.drain(nwrite);
|
|
|
|
return nwrite;
|
|
}
|
|
|
|
ssize_t Connection::writev_clear(struct iovec *iov, int iovcnt) {
|
|
iovcnt = limit_iovec(iov, iovcnt, wlimit.avail());
|
|
if (iovcnt == 0) {
|
|
return 0;
|
|
}
|
|
|
|
ssize_t nwrite;
|
|
while ((nwrite = writev(fd, iov, iovcnt)) == -1 && errno == EINTR)
|
|
;
|
|
if (nwrite == -1) {
|
|
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
|
wlimit.startw();
|
|
ev_timer_again(loop, &wt);
|
|
return 0;
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
|
|
wlimit.drain(nwrite);
|
|
|
|
return nwrite;
|
|
}
|
|
|
|
ssize_t Connection::read_clear(void *data, size_t len) {
|
|
len = std::min(len, rlimit.avail());
|
|
if (len == 0) {
|
|
return 0;
|
|
}
|
|
|
|
ssize_t nread;
|
|
while ((nread = read(fd, data, len)) == -1 && errno == EINTR)
|
|
;
|
|
if (nread == -1) {
|
|
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
|
return 0;
|
|
}
|
|
return SHRPX_ERR_NETWORK;
|
|
}
|
|
|
|
if (nread == 0) {
|
|
return SHRPX_ERR_EOF;
|
|
}
|
|
|
|
rlimit.drain(nread);
|
|
|
|
return nread;
|
|
}
|
|
|
|
void Connection::handle_tls_pending_read() {
|
|
if (!ev_is_active(&rev)) {
|
|
return;
|
|
}
|
|
rlimit.handle_tls_pending_read();
|
|
}
|
|
|
|
} // namespace shrpx
|