#define QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED (1U << 0)
#define QUIC_FL_CONN_SPIN_BIT (1U << 1) /* Spin bit set by remote peer */
#define QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS (1U << 2) /* HANDSHAKE_DONE must be sent */
-#define QUIC_FL_CONN_LISTENER (1U << 3)
+/* gap here */
#define QUIC_FL_CONN_ACCEPT_REGISTERED (1U << 4)
/* gap here */
#define QUIC_FL_CONN_IDLE_TIMER_RESTARTED_AFTER_READ (1U << 6)
_(QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED,
_(QUIC_FL_CONN_SPIN_BIT,
_(QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS,
- _(QUIC_FL_CONN_LISTENER,
_(QUIC_FL_CONN_ACCEPT_REGISTERED,
_(QUIC_FL_CONN_IDLE_TIMER_RESTARTED_AFTER_READ,
_(QUIC_FL_CONN_RETRANS_NEEDED,
_(QUIC_FL_CONN_EXP_TIMER,
_(QUIC_FL_CONN_CLOSING,
_(QUIC_FL_CONN_DRAINING,
- _(QUIC_FL_CONN_IMMEDIATE_CLOSE))))))))))))))))))))))));
+ _(QUIC_FL_CONN_IMMEDIATE_CLOSE)))))))))))))))))))))));
/* epilogue */
_(~0U);
return buf;
int quic_stateless_reset_token_cpy(unsigned char *pos, size_t len,
const unsigned char *salt, size_t saltlen);
-static inline int qc_is_listener(struct quic_conn *qc)
-{
- return qc->flags & QUIC_FL_CONN_LISTENER;
-}
-
/* Free the CIDs attached to <conn> QUIC connection. */
static inline void free_quic_conn_cids(struct quic_conn *conn)
{
/* Returns 1 if the peer has validated <qc> QUIC connection address, 0 if not. */
int quic_peer_validated_addr(struct quic_conn *qc)
{
- if (!qc_is_listener(qc))
+ if (objt_server(qc->target))
return 1;
if (qc->flags & QUIC_FL_CONN_PEER_VALIDATED_ADDR)
qel = qc->ael;
/* Only servers must send a HANDSHAKE_DONE frame. */
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
size_t new_token_frm_len;
frm = qc_frm_alloc(QUIC_FT_HANDSHAKE_DONE);
st = qc->state;
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
if (st >= QUIC_HS_ST_COMPLETE && !quic_tls_pktns_is_dcd(qc, qc->hpktns))
discard_hpktns = 1;
}
qc_set_timer(qc);
qc_el_rx_pkts_del(qc->hel);
qc_release_pktns_frms(qc, qc->hel->pktns);
- if (!qc_is_listener(qc)) {
+ if (objt_server(qc->target)) {
/* I/O callback switch */
qc->wait_event.tasklet->process = quic_conn_app_io_cb;
}
}
- if (qc_is_listener(qc) && st >= QUIC_HS_ST_COMPLETE) {
+ if (objt_listener(qc->target) && st >= QUIC_HS_ST_COMPLETE) {
/* Note: if no token for address validation was received
* for a 0RTT connection, some 0RTT packet could still be
* waiting for HP removal AFTER the successful handshake completion.
* discard Initial keys when it first sends a Handshake packet...
*/
- if (!qc_is_listener(qc) && !quic_tls_pktns_is_dcd(qc, qc->ipktns) &&
+ if (objt_server(qc->target) && !quic_tls_pktns_is_dcd(qc, qc->ipktns) &&
qc->hpktns && qc->hpktns->tx.in_flight > 0) {
/* Discard the Initial packet number space. */
TRACE_PROTO("discarding Initial pktns", QUIC_EV_CONN_PRSHPKT, qc);
}
}
}
- else if (!qc_is_listener(qc) && qc->state <= QUIC_HS_ST_COMPLETE) {
+ else if (objt_server(qc->target) && qc->state <= QUIC_HS_ST_COMPLETE) {
if (quic_tls_has_tx_sec(qc->hel))
qc->hel->pktns->tx.pto_probe = 1;
if (quic_tls_has_tx_sec(qc->iel))
if (l) {
cc_algo = l->bind_conf->quic_cc_algo;
- qc->flags = QUIC_FL_CONN_LISTENER;
+ qc->flags = 0;
/* Mark this connection as having not received any token when 0-RTT is enabled. */
if (l->bind_conf->ssl_conf.early_data && !token)
qc->flags |= QUIC_FL_CONN_NO_TOKEN_RCVD;
/* Connection released before handshake completion. */
if (unlikely(qc->state < QUIC_HS_ST_COMPLETE)) {
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
BUG_ON(__objt_listener(qc->target)->rx.quic_curr_handshake == 0);
HA_ATOMIC_DEC(&__objt_listener(qc->target)->rx.quic_curr_handshake);
}
if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE) - 1 == n &&
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE, n)) {
level = ssl_encryption_handshake;
- write = qc_is_listener(qc) ? 0 : 1;
+ write = objt_listener(qc->target) ? 0 : 1;
}
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE) - 1 == n &&
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE, n)) {
level = ssl_encryption_handshake;
- write = qc_is_listener(qc) ? 1 : 0;
+ write = objt_listener(qc->target) ? 1 : 0;
}
else if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION) - 1 == n &&
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION, n)) {
level = ssl_encryption_application;
- write = qc_is_listener(qc) ? 0 : 1;
+ write = objt_listener(qc->target) ? 0 : 1;
}
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_APPLICATION) - 1 == n &&
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_APPLICATION, n)) {
level = ssl_encryption_application;
- write = qc_is_listener(qc) ? 1 : 0;
+ write = objt_listener(qc->target) ? 1 : 0;
}
else
goto leave;
/* When building a packet from another one, the field which may increase the
* packet size is the packet number. And the maximum increase is 4 bytes.
*/
- if (!quic_peer_validated_addr(qc) && qc_is_listener(qc) &&
+ if (!quic_peer_validated_addr(qc) && objt_listener(qc->target) &&
pkt->len + 4 > quic_may_send_bytes(qc)) {
qc->flags |= QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED;
TRACE_PROTO("anti-amplification limit would be reached", QUIC_EV_CONN_SPPKTS, qc, pkt);
/* When building a packet from another one, the field which may increase the
* packet size is the packet number. And the maximum increase is 4 bytes.
*/
- if (!quic_peer_validated_addr(qc) && qc_is_listener(qc)) {
+ if (!quic_peer_validated_addr(qc) && objt_listener(qc->target)) {
size_t dglen = pkt->len + 4;
size_t may_send;
break;
case QUIC_RX_RET_FRM_DUP:
- if (qc_is_listener(qc) && qel == qc->iel &&
+ if (objt_listener(qc->target) && qel == qc->iel &&
!(qc->flags & QUIC_FL_CONN_HANDSHAKE_SPEED_UP)) {
fast_retrans = 1;
}
break;
case QUIC_FT_NEW_TOKEN:
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
TRACE_ERROR("reject NEW_TOKEN frame emitted by client",
QUIC_EV_CONN_PRSHPKT, qc);
}
break;
case QUIC_FT_HANDSHAKE_DONE:
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
TRACE_ERROR("non accepted QUIC_FT_HANDSHAKE_DONE frame",
QUIC_EV_CONN_PRSHPKT, qc);
* has successfully parse a Handshake packet. The Initial encryption must also
* be discarded.
*/
- if (pkt->type == QUIC_PACKET_TYPE_HANDSHAKE && qc_is_listener(qc)) {
+ if (pkt->type == QUIC_PACKET_TYPE_HANDSHAKE && objt_listener(qc->target)) {
if (qc->state >= QUIC_HS_ST_SERVER_INITIAL) {
if (qc->ipktns && !quic_tls_pktns_is_dcd(qc, qc->ipktns)) {
/* Discard the handshake packet number space. */
pkt->pn <= largest_pn)
return;
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
if (pkt->flags & QUIC_FL_RX_PACKET_SPIN_BIT)
qc->flags |= QUIC_FL_CONN_SPIN_BIT;
else
TRACE_ENTER(QUIC_EV_CONN_ELRMHP, qc);
/* A server must not process incoming 1-RTT packets before the handshake is complete. */
- if (el == qc->ael && qc_is_listener(qc) && qc->state < QUIC_HS_ST_COMPLETE) {
+ if (el == qc->ael && objt_listener(qc->target) && qc->state < QUIC_HS_ST_COMPLETE) {
TRACE_PROTO("RX hp not removed (handshake not completed)",
QUIC_EV_CONN_ELRMHP, qc);
goto out;
* listener and if a token was received. Note that a listener derives only RX
* secrets for this level.
*/
- if (qc_is_listener(qc) && level == ssl_encryption_early_data) {
+ if (objt_listener(qc->target) && level == ssl_encryption_early_data) {
if (qc->flags & QUIC_FL_CONN_NO_TOKEN_RCVD) {
/* Leave a chance to the address validation to be completed by the
* handshake without starting the mux: one does not want to process
}
/* Set the transport parameters in the TLS stack. */
- if (level == ssl_encryption_handshake && qc_is_listener(qc) &&
+ if (level == ssl_encryption_handshake && objt_listener(qc->target) &&
!qc_ssl_set_quic_transport_params(qc->xprt_ctx->ssl, qc, ver, 1))
goto leave;
struct quic_tls_kp *nxt_tx = &qc->ku.nxt_tx;
#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(HAVE_OPENSSL_QUIC)
- if (!qc_is_listener(qc)) {
+ if (objt_server(qc->target)) {
const unsigned char *tp;
size_t tplen;
* provided by the stack. This happens after having received the peer
* handshake level CRYPTO data which are validated by the TLS stack.
*/
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
if (__objt_listener(qc->target)->bind_conf->ssl_conf.early_data &&
(!qc->ael || !qc->ael->tls_ctx.rx.secret)) {
TRACE_PROTO("SSL handshake in progress",
#endif
/* Check the alpn could be negotiated */
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
if (!qc->app_ops) {
TRACE_ERROR("No negotiated ALPN", QUIC_EV_CONN_IO_CB, qc, &state);
quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL);
}
qc->flags |= QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS;
- if (qc_is_listener(ctx->qc)) {
+ if (objt_listener(ctx->qc->target)) {
struct listener *l = __objt_listener(qc->target);
/* I/O callback switch */
qc->wait_event.tasklet->process = quic_conn_app_io_cb;
ctx->sent_early_data = 0;
ctx->qc = qc;
- if (qc_is_listener(qc)) {
+ if (objt_listener(qc->target)) {
struct bind_conf *bc = __objt_listener(qc->target)->bind_conf;
if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl, NULL, 1) == -1)
* to stay under MTU limit.
*/
if (!dglen) {
- if (!quic_peer_validated_addr(qc) && qc_is_listener(qc))
+ if (!quic_peer_validated_addr(qc) && objt_listener(qc->target))
end = pos + QUIC_MIN(qc->path->mtu, quic_may_send_bytes(qc));
else
end = pos + qc->path->mtu;
projects / thirdparty / haproxy.git / commitdiff
