diff options
author | MathiasRaoul <mathias.raoul@gmail.com> | 2020-01-09 14:50:53 +0000 |
---|---|---|
committer | Dave Wallace <dwallacelf@gmail.com> | 2020-01-31 20:22:28 +0000 |
commit | 92de6b65be144c8108149c1a56327832edcd8ba6 (patch) | |
tree | b0122f19055098243240ce5683aab6d1a9c94f61 /src/plugins/quic/quic.h | |
parent | 776644efe78f427a75fc5e122014b44b39d470c3 (diff) |
quic: quicly crypto offloading
- Implement our own quic packet allocator to allocate more memory at the end of the
packet to store crypto offloading related data
- 1RTT packets offloading encryption/decryption using vnet crypto
- Add cli to change max packet per key
Type: feature
Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Diffstat (limited to 'src/plugins/quic/quic.h')
-rw-r--r-- | src/plugins/quic/quic.h | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h index 5921f3aad8c..98f4ce87f81 100644 --- a/src/plugins/quic/quic.h +++ b/src/plugins/quic/quic.h @@ -24,6 +24,9 @@ #include <quicly.h> +#include <vnet/crypto/crypto.h> +#include <vppinfra/lock.h> + /* QUIC log levels * 1 - errors * 2 - connection/stream events @@ -42,8 +45,11 @@ #define QUIC_SEND_PACKET_VEC_SIZE 16 #define QUIC_IV_LEN 17 +#define QUIC_MAX_COALESCED_PACKET 4 + #define QUIC_SEND_MAX_BATCH_PACKETS 16 #define QUIC_RCV_MAX_BATCH_PACKETS 16 + #define QUIC_DEFAULT_CONN_TIMEOUT (30 * 1000) /* 30 seconds */ /* Taken from quicly.c */ @@ -62,6 +68,10 @@ #define QUIC_APP_ACCEPT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x2) #define QUIC_APP_CONNECT_NOTIFY_ERROR QUICLY_ERROR_FROM_APPLICATION_ERROR_CODE(0x3) +#define QUIC_DECRYPT_PACKET_OK 0 +#define QUIC_DECRYPT_PACKET_NOTOFFLOADED 1 +#define QUIC_DECRYPT_PACKET_ERROR 2 + #if QUIC_DEBUG #define QUIC_DBG(_lvl, _fmt, _args...) \ if (_lvl <= QUIC_DEBUG) \ @@ -156,6 +166,14 @@ typedef struct quic_ctx_ u32 crypto_engine; u32 crypto_context_index; u8 flags; + + struct + { + ptls_cipher_context_t *hp_ctx; + ptls_aead_context_t *aead_ctx; + } ingress_keys; + int key_phase_ingress; + } quic_ctx_t; /* Make sure our custom fields don't overlap with the fields we use in @@ -191,6 +209,25 @@ typedef struct quic_crypto_context_data_ ptls_context_t ptls_ctx; } quic_crypto_context_data_t; +typedef struct quic_encrypt_cb_ctx_ +{ + quicly_datagram_t *packet; + struct quic_finalize_send_packet_cb_ctx_ + { + size_t payload_from; + size_t first_byte_at; + ptls_cipher_context_t *hp; + } snd_ctx[QUIC_MAX_COALESCED_PACKET]; + size_t snd_ctx_count; +} quic_encrypt_cb_ctx; + +typedef struct quic_crypto_batch_ctx_ +{ + vnet_crypto_op_t aead_crypto_tx_packets_ops[QUIC_SEND_MAX_BATCH_PACKETS], + aead_crypto_rx_packets_ops[QUIC_RCV_MAX_BATCH_PACKETS]; + size_t nb_tx_packets, nb_rx_packets; +} quic_crypto_batch_ctx_t; + typedef struct quic_worker_ctx_ { CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); @@ -199,6 +236,7 @@ typedef struct quic_worker_ctx_ quicly_cid_plaintext_t next_cid; crypto_context_t *crypto_ctx_pool; /**< per thread pool of crypto contexes */ clib_bihash_24_8_t crypto_context_hash; /**< per thread [params:crypto_ctx_index] hash */ + quic_crypto_batch_ctx_t crypto_context_batch; } quic_worker_ctx_t; typedef struct quic_rx_packet_ctx_ @@ -228,6 +266,7 @@ typedef struct quic_main_ ptls_cipher_suite_t ***quic_ciphers; /**< available ciphers by crypto engine */ uword *available_crypto_engines; /**< Bitmap for registered engines */ u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */ + u64 max_packets_per_key; /**< number of packets that can be sent without a key update */ ptls_handshake_properties_t hs_properties; quic_session_cache_t session_cache; @@ -235,6 +274,8 @@ typedef struct quic_main_ u32 udp_fifo_size; u32 udp_fifo_prealloc; u32 connection_timeout; + + clib_rwlock_t crypto_keys_quic_rw_lock; } quic_main_t; #endif /* __included_quic_h__ */ |