From: Amaury Denoyelle Date: Thu, 24 Nov 2022 16:12:25 +0000 (+0100) Subject: MINOR: quic: remove qc from quic_rx_packet X-Git-Tag: v2.8-dev1~199 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=518c98f15059ba27d4cf020fa313a96ddaab78f3;p=thirdparty%2Fhaproxy.git MINOR: quic: remove qc from quic_rx_packet quic_rx_packet struct had a reference to the quic_conn instance. This is useless as qc instance is always passed through function argument. In fact, pkt.qc is used only in qc_pkt_decrypt() on key update, even though qc is also passed as argument. Simplify this by removing qc field from quic_rx_packet structure definition. Also clean up qc_pkt_decrypt() documentation and interface to align it with other quic-conn related functions. This should be backported up to 2.7. --- diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h index 9730b7de2c..119adf88c8 100644 --- a/include/haproxy/quic_conn-t.h +++ b/include/haproxy/quic_conn-t.h @@ -400,7 +400,6 @@ struct quic_rx_packet { /* QUIC version used in packet. */ const struct quic_version *version; - struct quic_conn *qc; unsigned char type; /* Initial desctination connection ID. */ diff --git a/src/quic_conn.c b/src/quic_conn.c index d54c3b589b..2095263e30 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -1424,11 +1424,13 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len, goto leave; } -/* Decrypt QUIC packet with as QUIC TLS cryptographic context. - * Returns 1 if succeeded, 0 if not. +/* Decrypt packet using encryption level for connection. + * Decryption is done in place in packet buffer. + * + * Returns 1 on sucess else 0. */ -static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_enc_level *qel, - struct quic_conn *qc) +static int qc_pkt_decrypt(struct quic_conn *qc, struct quic_enc_level *qel, + struct quic_rx_packet *pkt) { int ret, kp_changed; unsigned char iv[QUIC_TLS_IV_LEN]; @@ -1454,21 +1456,21 @@ static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_enc_level *qel * secrets. */ // TODO: check if BUG_ON() more suitable - if (!pkt->qc->ku.prv_rx.pn) { + if (!qc->ku.prv_rx.pn) { TRACE_ERROR("null previous packet number", QUIC_EV_CONN_RXPKT, qc); goto leave; } - rx_ctx = pkt->qc->ku.prv_rx.ctx; - rx_iv = pkt->qc->ku.prv_rx.iv; - rx_key = pkt->qc->ku.prv_rx.key; + rx_ctx = qc->ku.prv_rx.ctx; + rx_iv = qc->ku.prv_rx.iv; + rx_key = qc->ku.prv_rx.key; } else if (pkt->pn > qel->pktns->rx.largest_pn) { /* Next key phase */ kp_changed = 1; - rx_ctx = pkt->qc->ku.nxt_rx.ctx; - rx_iv = pkt->qc->ku.nxt_rx.iv; - rx_key = pkt->qc->ku.nxt_rx.key; + rx_ctx = qc->ku.nxt_rx.ctx; + rx_iv = qc->ku.nxt_rx.iv; + rx_key = qc->ku.nxt_rx.key; } } } @@ -1488,13 +1490,13 @@ static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_enc_level *qel /* Update the keys only if the packet decryption succeeded. */ if (kp_changed) { - quic_tls_rotate_keys(pkt->qc); + quic_tls_rotate_keys(qc); /* Toggle the Key Phase bit */ tls_ctx->flags ^= QUIC_FL_TLS_KP_BIT_SET; /* Store the lowest packet number received for the current key phase */ tls_ctx->rx.pn = pkt->pn; /* Prepare the next key update */ - if (!quic_tls_key_update(pkt->qc)) { + if (!quic_tls_key_update(qc)) { TRACE_ERROR("quic_tls_key_update() failed", QUIC_EV_CONN_RXPKT, qc); goto leave; } @@ -3935,7 +3937,7 @@ int qc_treat_rx_pkts(struct quic_conn *qc, struct quic_enc_level *cur_el, pkt = eb64_entry(node, struct quic_rx_packet, pn_node); TRACE_DATA("new packet", QUIC_EV_CONN_RXPKT, qc, pkt, NULL, qc->xprt_ctx->ssl); - if (!qc_pkt_decrypt(pkt, qel, qc)) { + if (!qc_pkt_decrypt(qc, qel, pkt)) { /* Drop the packet */ TRACE_ERROR("packet decryption failed -> dropped", QUIC_EV_CONN_RXPKT, qc, pkt); @@ -6059,8 +6061,6 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt, goto err; } - pkt->qc = qc; - out: TRACE_LEAVE(QUIC_EV_CONN_LPKT, qc); return qc;