| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The vnet_crypto_key_add should only be called from the main thread.
This patch works around this limitation by allocating one key per worker
and updating it on the fly everytime we need to do a crypto operation.
This solution is far from ideal, but quicly has a strong assumption that
it can use a key immediately after determining it, so making the key
creation asynchronous is not a possibility.
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7
Type: fix
|
|
- update quic plugin with new quicly/picotls API
- remove packet allocator
- remove crypto batching
- update picotls plugin
- add cli for quicly congestion control configuration
Type: feature
Change-Id: If76ef31c43b430eea2f7674539b2112aee0f351e
Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
|
|
Properly close the stream sending side instead of resetting the entire
stream.
Change-Id: I2daca7e507daa7bf9cd6a27fa8828a9ea7d175f9
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: fix
Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
- Implement our own quic packet allocator to allocate more memory at the end of the
packet to store crypto offloading related data
- 1RTT packets offloading encryption/decryption using vnet crypto
- Add cli to change max packet per key
Type: feature
Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: feature
Make quic use the crypto contexts. This introduces a crypto context
pool backed by a hashtable giving ctx indexes by connect params
(ckpair, engine, rx & tx fifo sizes).
Applications keep the initialization vector common.
Change-Id: I22ed6711196cd70a2f2f74240f12113c7af8dfcd
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ia89427257b78f6f7ba62c9d1076bf0593ee2dca7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
There is a race condition in when receiving TX from
a client application :
As egress_emit writes as much data as possible to
the stream, if during egress_emit the app writes
to the fifo, the data will be directly passed to
quicly. Then TX callback happens and triggers
a scheduler update telling quilcy the stream has
data to send. When the next egress_emit is called
and no more data has come, we have nothing to write,
we return len = 0 to quicly which breaks an assert if
a loss happens later on.
Change-Id: I47e00a14dfc9068b5dac7b5c090a89124aea004f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: Ia9cb57b9f7c2d14a137556d6918763f1cb11850d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I5ec7079d34826edd7a3048ae1d44037386f5d3ff
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I1d90c8807e7eea4a77403bafc0628ec0d393c572
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We don't need the pool anymore as we store
the ctx index in the underlying UDP session opaque
Change-Id: Iec9be9c84a1f929d94b084176a143d304b0acb83
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
quic choice used ckpair is now the one passed to
connect or listen via mq.
The crypto engine is chosen with the value passed to
connect or listen via mq:
* If NONE(0) is provided, we default to quic_main.
default_crypto_engine (picotls at init, can be changed
via debug cli : quic set crypto api [crypto engine])
* If PICTOLS/VPP is provided, use this one
* Other values return an error
Type: feature
Change-Id: Ifab893d6d03c83f202e6c7e7a9936f546a4b1530
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I710d00e4a6c4356d0f00f7592bf14b55596ec6ae
|
|
- Fix cli / config fifo size to only accept u32
size input.
- Make cli / config fifo-size input type handling
to be the same as vpp hoststack
- Update external transfer tests to use new
syntax with different fifo sizes for
vpp_echo client/server and vpp.
Type: fix
Change-Id: Ia5ddb2b8d3d9908ab502352819eebeec8ac0971d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I4f370b09e22dbbc8920272df9a042dae04825bfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Add SESSION_F_IS_MIGRATING flag for session. It is set by the session
layer before poking the transport for migration. It's the transport
responsibility to unset the flag & act apropriatly if RX happens on
a migrating session.
Change-Id: Ie722917f1cf9344d8f041cad4ed8b064fb5853b6
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I067fc7dbcc0985277df01384d9dcdb0bdf62fba5
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: I6d6ac649094ef4bee2aed311915dd58f11972e79
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: feature
Change-Id: I25aeeed49fc569315296a73c5595c2e2e302434f
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Previously, if the first thing a server did was to open a stream and
send data, this could trigger a crash on the clilent side VPP as the
quic session wouldn't be allocated.
Change-Id: I43990ce2a71217d6719ecae4da60111d05fbcfc0
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: fix
Change-Id: I898de67c017c3a45bed123d81041b32b43f749d0
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: I031a60ac010b55110f32f0a08e19b1156aeda268
Type: refactor
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
This code should handle the 3 following cases:
- Active close
quic_proto_on_close sets state to ACTIVE_CLOSING
send packets eventually returns an error, calling
quic_connection_closed which deletes the connection
- Passive close
quic_on_closed_by_peer -> set state to PASSIVE_CLOSING
"race" between app confirmation (calling quic_proto_on_close) and
quicly signalling that it's done (triggers call to
quic_connection_closed).
If quic_connection_closed is called first, it sets the state to
PASSIVE CLOSING QUIC CLOSED, then when quic_proto_on_close is called
it frees the connection.
If quic_proto_on_close is called first, it sets the state to PASSIVE
CLOSING APP CLOSED, then when quic_connection_closed is called it frees
the connection
- Error close (reset)
quic_connection_closed is called in state READY. This means a timeout
or protocol error happened. This calls session_transport_reset_notify,
the app should confirm the deletion and quic_proto_on_close will be
called to delete the connection.
Change-Id: I3acbf9b079ed2439bdbb447197c428c78915d8c0
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
Type: refactor
Change-Id: Ie54a77252e9f58a90f9e1f9595b9ede354952f70
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: I1846cdeb35f079249f66a0351aa244c540923a43
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I4981704e3c886d90d482a1deba42633e92626743
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I97fa59a0ba0b6b7a98698926020ffffcf6ae6ba3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Add support for multiple threads
* Replace quicly buffers with fifos
* Fix cleanup of sessions
* Update quicly release version
Change-Id: I551f936bbec05a15703f043ee85c8e1ba0ab9723
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: I9dc746b8c62c3e7ee2f65e34a1a1dca243ed4bd9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
To connect a stream, apps should call connect while passing the id of the QUIC
connection in the new transport_opts field in session_endpoint_cfg_t.
Apps are notified of new streams with their accept callback, which is called
each time a peer opens a stream.
Change-Id: I0f82ec344db58008d54641553eddec2973768435
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Add dummy function to avoid session layer warning. Also, decrease
default debug level to avoid startup quic init notifications.
Change-Id: I2964fc15a8d93d78c976ed7c333e0cc5746c069e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Currently supports on single stream exposed through standard internal APIs
Based on libquicly & picotls by h2o
Change-Id: I7bc1ec0e399d1fb02bfd1da91aa7410076d08d14
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
Aloys Augustin
Mathias Raoul
Nathan Skrzypczak
Dave Wallace
Florin Coras