summaryrefslogtreecommitdiffstats
path: root/src/plugins/quic/quic.h
diff options
context:
space:
mode:
authorMathiasRaoul <mathias.raoul@gmail.com>2020-01-09 14:50:53 +0000
committerDave Wallace <dwallacelf@gmail.com>2020-01-31 20:22:28 +0000
commit92de6b65be144c8108149c1a56327832edcd8ba6 (patch)
treeb0122f19055098243240ce5683aab6d1a9c94f61 /src/plugins/quic/quic.h
parent776644efe78f427a75fc5e122014b44b39d470c3 (diff)
quic: quicly crypto offloading
- Implement our own quic packet allocator to allocate more memory at the end of the packet to store crypto offloading related data - 1RTT packets offloading encryption/decryption using vnet crypto - Add cli to change max packet per key Type: feature Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Diffstat (limited to 'src/plugins/quic/quic.h')
-rw-r--r--src/plugins/quic/quic.h41
1 files changed, 41 insertions, 0 deletions
diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h
index 5921f3aad8c..98f4ce87f81 100644
--- a/src/plugins/quic/quic.h
+++ b/src/plugins/quic/quic.h
@@ -24,6 +24,9 @@
#include <quicly.h>
+#include <vnet/crypto/crypto.h>
+#include <vppinfra/lock.h>
+
/* QUIC log levels
* 1 - errors
* 2 - connection/stream events
@@ -42,8 +45,11 @@
#define QUIC_SEND_PACKET_VEC_SIZE 16
#define QUIC_IV_LEN 17
+#define QUIC_MAX_COALESCED_PACKET 4
+
#define QUIC_SEND_MAX_BATCH_PACKETS 16
#define QUIC_RCV_MAX_BATCH_PACKETS 16
+
#define QUIC_DEFAULT_CONN_TIMEOUT (30 * 1000) /* 30 seconds */
/* Taken from quicly.c */
@@ -62,6 +68,10 @@
#define QUIC_APP_ACCEPT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x2)
#define QUIC_APP_CONNECT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x3)
+#define QUIC_DECRYPT_PACKET_OK 0
+#define QUIC_DECRYPT_PACKET_NOTOFFLOADED 1
+#define QUIC_DECRYPT_PACKET_ERROR 2
+
#if QUIC_DEBUG
#define QUIC_DBG(_lvl, _fmt, _args...) \
if (_lvl <= QUIC_DEBUG) \
@@ -156,6 +166,14 @@ typedef struct quic_ctx_
u32 crypto_engine;
u32 crypto_context_index;
u8 flags;
+
+ struct
+ {
+ ptls_cipher_context_t *hp_ctx;
+ ptls_aead_context_t *aead_ctx;
+ } ingress_keys;
+ int key_phase_ingress;
+
} quic_ctx_t;
/* Make sure our custom fields don't overlap with the fields we use in
@@ -191,6 +209,25 @@ typedef struct quic_crypto_context_data_
ptls_context_t ptls_ctx;
} quic_crypto_context_data_t;
+typedef struct quic_encrypt_cb_ctx_
+{
+ quicly_datagram_t *packet;
+ struct quic_finalize_send_packet_cb_ctx_
+ {
+ size_t payload_from;
+ size_t first_byte_at;
+ ptls_cipher_context_t *hp;
+ } snd_ctx[QUIC_MAX_COALESCED_PACKET];
+ size_t snd_ctx_count;
+} quic_encrypt_cb_ctx;
+
+typedef struct quic_crypto_batch_ctx_
+{
+ vnet_crypto_op_t aead_crypto_tx_packets_ops[QUIC_SEND_MAX_BATCH_PACKETS],
+ aead_crypto_rx_packets_ops[QUIC_RCV_MAX_BATCH_PACKETS];
+ size_t nb_tx_packets, nb_rx_packets;
+} quic_crypto_batch_ctx_t;
+
typedef struct quic_worker_ctx_
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
@@ -199,6 +236,7 @@ typedef struct quic_worker_ctx_
quicly_cid_plaintext_t next_cid;
crypto_context_t *crypto_ctx_pool; /**< per thread pool of crypto contexes */
clib_bihash_24_8_t crypto_context_hash; /**< per thread [params:crypto_ctx_index] hash */
+ quic_crypto_batch_ctx_t crypto_context_batch;
} quic_worker_ctx_t;
typedef struct quic_rx_packet_ctx_
@@ -228,6 +266,7 @@ typedef struct quic_main_
ptls_cipher_suite_t ***quic_ciphers; /**< available ciphers by crypto engine */
uword *available_crypto_engines; /**< Bitmap for registered engines */
u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */
+ u64 max_packets_per_key; /**< number of packets that can be sent without a key update */
ptls_handshake_properties_t hs_properties;
quic_session_cache_t session_cache;
@@ -235,6 +274,8 @@ typedef struct quic_main_
u32 udp_fifo_size;
u32 udp_fifo_prealloc;
u32 connection_timeout;
+
+ clib_rwlock_t crypto_keys_quic_rw_lock;
} quic_main_t;
#endif /* __included_quic_h__ */