2017-05-27 22:30:11 +03:00
package quic
import (
"bytes"
2017-07-28 01:11:56 +03:00
"crypto/tls"
2017-05-27 22:30:11 +03:00
"errors"
2018-03-26 07:37:41 +03:00
"fmt"
2017-05-27 22:30:11 +03:00
"net"
"sync"
"time"
2018-02-17 08:29:53 +03:00
"github.com/lucas-clemente/quic-go/internal/crypto"
"github.com/lucas-clemente/quic-go/internal/handshake"
"github.com/lucas-clemente/quic-go/internal/protocol"
2017-07-28 01:11:56 +03:00
"github.com/lucas-clemente/quic-go/internal/utils"
2018-02-17 08:29:53 +03:00
"github.com/lucas-clemente/quic-go/internal/wire"
2017-05-27 22:30:11 +03:00
"github.com/lucas-clemente/quic-go/qerr"
)
// packetHandler handles packets
type packetHandler interface {
Session
2018-02-17 08:29:53 +03:00
getCryptoStream ( ) cryptoStreamI
handshakeStatus ( ) <- chan error
2017-05-27 22:30:11 +03:00
handlePacket ( * receivedPacket )
2018-02-17 08:29:53 +03:00
GetVersion ( ) protocol . VersionNumber
2017-05-27 22:30:11 +03:00
run ( ) error
2017-07-28 01:11:56 +03:00
closeRemote ( error )
2017-05-27 22:30:11 +03:00
}
// A Listener of QUIC
type server struct {
2017-07-28 01:11:56 +03:00
tlsConf * tls . Config
config * Config
2017-05-27 22:30:11 +03:00
conn net . PacketConn
2018-02-17 08:29:53 +03:00
supportsTLS bool
serverTLS * serverTLS
2017-05-27 22:30:11 +03:00
certChain crypto . CertChain
scfg * handshake . ServerConfig
2018-02-17 08:29:53 +03:00
sessionsMutex sync . RWMutex
sessions map [ protocol . ConnectionID ] packetHandler
closed bool
2017-05-27 22:30:11 +03:00
serverError error
sessionQueue chan Session
errorChan chan struct { }
2018-02-17 08:29:53 +03:00
// set as members, so they can be set in the tests
newSession func ( conn connection , v protocol . VersionNumber , connectionID protocol . ConnectionID , sCfg * handshake . ServerConfig , tlsConf * tls . Config , config * Config ) ( packetHandler , error )
deleteClosedSessionsAfter time . Duration
2017-05-27 22:30:11 +03:00
}
var _ Listener = & server { }
// ListenAddr creates a QUIC server listening on a given address.
// The listener is not active until Serve() is called.
2017-07-28 01:11:56 +03:00
// The tls.Config must not be nil, the quic.Config may be nil.
func ListenAddr ( addr string , tlsConf * tls . Config , config * Config ) ( Listener , error ) {
2017-05-27 22:30:11 +03:00
udpAddr , err := net . ResolveUDPAddr ( "udp" , addr )
if err != nil {
return nil , err
}
conn , err := net . ListenUDP ( "udp" , udpAddr )
if err != nil {
return nil , err
}
2017-07-28 01:11:56 +03:00
return Listen ( conn , tlsConf , config )
2017-05-27 22:30:11 +03:00
}
// Listen listens for QUIC connections on a given net.PacketConn.
// The listener is not active until Serve() is called.
2017-07-28 01:11:56 +03:00
// The tls.Config must not be nil, the quic.Config may be nil.
func Listen ( conn net . PacketConn , tlsConf * tls . Config , config * Config ) ( Listener , error ) {
certChain := crypto . NewCertChain ( tlsConf )
2017-05-27 22:30:11 +03:00
kex , err := crypto . NewCurve25519KEX ( )
if err != nil {
return nil , err
}
scfg , err := handshake . NewServerConfig ( kex , certChain )
if err != nil {
return nil , err
}
2018-02-17 08:29:53 +03:00
config = populateServerConfig ( config )
var supportsTLS bool
for _ , v := range config . Versions {
2018-03-26 07:37:41 +03:00
if ! protocol . IsValidVersion ( v ) {
return nil , fmt . Errorf ( "%s is not a valid QUIC version" , v )
}
// check if any of the supported versions supports TLS
2018-02-17 08:29:53 +03:00
if v . UsesTLS ( ) {
supportsTLS = true
break
}
}
2017-05-27 22:30:11 +03:00
s := & server {
conn : conn ,
2017-07-28 01:11:56 +03:00
tlsConf : tlsConf ,
2018-02-17 08:29:53 +03:00
config : config ,
2017-05-27 22:30:11 +03:00
certChain : certChain ,
scfg : scfg ,
sessions : map [ protocol . ConnectionID ] packetHandler { } ,
newSession : newSession ,
deleteClosedSessionsAfter : protocol . ClosedSessionDeleteTimeout ,
sessionQueue : make ( chan Session , 5 ) ,
errorChan : make ( chan struct { } ) ,
2018-02-17 08:29:53 +03:00
supportsTLS : supportsTLS ,
}
if supportsTLS {
if err := s . setupTLS ( ) ; err != nil {
return nil , err
}
2017-05-27 22:30:11 +03:00
}
go s . serve ( )
2018-02-17 08:29:53 +03:00
utils . Debugf ( "Listening for %s connections on %s" , conn . LocalAddr ( ) . Network ( ) , conn . LocalAddr ( ) . String ( ) )
2017-05-27 22:30:11 +03:00
return s , nil
}
2018-02-17 08:29:53 +03:00
func ( s * server ) setupTLS ( ) error {
cookieHandler , err := handshake . NewCookieHandler ( s . config . AcceptCookie )
if err != nil {
return err
}
serverTLS , sessionChan , err := newServerTLS ( s . conn , s . config , cookieHandler , s . tlsConf )
if err != nil {
return err
}
s . serverTLS = serverTLS
// handle TLS connection establishment statelessly
go func ( ) {
for {
select {
case <- s . errorChan :
return
case tlsSession := <- sessionChan :
connID := tlsSession . connID
sess := tlsSession . sess
2018-03-26 07:37:41 +03:00
s . sessionsMutex . Lock ( )
2018-02-17 08:29:53 +03:00
if _ , ok := s . sessions [ connID ] ; ok { // drop this session if it already exists
2018-03-26 07:37:41 +03:00
s . sessionsMutex . Unlock ( )
continue
2018-02-17 08:29:53 +03:00
}
s . sessions [ connID ] = sess
s . sessionsMutex . Unlock ( )
s . runHandshakeAndSession ( sess , connID )
}
}
} ( )
return nil
}
var defaultAcceptCookie = func ( clientAddr net . Addr , cookie * Cookie ) bool {
if cookie == nil {
2017-05-27 22:30:11 +03:00
return false
}
2018-02-17 08:29:53 +03:00
if time . Now ( ) . After ( cookie . SentTime . Add ( protocol . CookieExpiryTime ) ) {
2017-05-27 22:30:11 +03:00
return false
}
var sourceAddr string
if udpAddr , ok := clientAddr . ( * net . UDPAddr ) ; ok {
sourceAddr = udpAddr . IP . String ( )
} else {
sourceAddr = clientAddr . String ( )
}
2018-02-17 08:29:53 +03:00
return sourceAddr == cookie . RemoteAddr
2017-05-27 22:30:11 +03:00
}
2017-07-28 01:11:56 +03:00
// populateServerConfig populates fields in the quic.Config with their default values, if none are set
// it may be called with nil
2017-05-27 22:30:11 +03:00
func populateServerConfig ( config * Config ) * Config {
2017-07-28 01:11:56 +03:00
if config == nil {
config = & Config { }
}
2017-05-27 22:30:11 +03:00
versions := config . Versions
if len ( versions ) == 0 {
versions = protocol . SupportedVersions
}
2017-07-28 01:11:56 +03:00
2018-02-17 08:29:53 +03:00
vsa := defaultAcceptCookie
if config . AcceptCookie != nil {
vsa = config . AcceptCookie
2017-05-27 22:30:11 +03:00
}
2017-07-28 01:11:56 +03:00
handshakeTimeout := protocol . DefaultHandshakeTimeout
if config . HandshakeTimeout != 0 {
handshakeTimeout = config . HandshakeTimeout
}
2018-02-17 08:29:53 +03:00
idleTimeout := protocol . DefaultIdleTimeout
if config . IdleTimeout != 0 {
idleTimeout = config . IdleTimeout
}
2017-07-28 01:11:56 +03:00
maxReceiveStreamFlowControlWindow := config . MaxReceiveStreamFlowControlWindow
if maxReceiveStreamFlowControlWindow == 0 {
maxReceiveStreamFlowControlWindow = protocol . DefaultMaxReceiveStreamFlowControlWindowServer
}
maxReceiveConnectionFlowControlWindow := config . MaxReceiveConnectionFlowControlWindow
if maxReceiveConnectionFlowControlWindow == 0 {
maxReceiveConnectionFlowControlWindow = protocol . DefaultMaxReceiveConnectionFlowControlWindowServer
}
2018-03-26 07:37:41 +03:00
maxIncomingStreams := config . MaxIncomingStreams
if maxIncomingStreams == 0 {
maxIncomingStreams = protocol . DefaultMaxIncomingStreams
} else if maxIncomingStreams < 0 {
maxIncomingStreams = 0
}
maxIncomingUniStreams := config . MaxIncomingUniStreams
if maxIncomingUniStreams == 0 {
maxIncomingUniStreams = protocol . DefaultMaxIncomingUniStreams
} else if maxIncomingUniStreams < 0 {
maxIncomingUniStreams = 0
}
2017-07-28 01:11:56 +03:00
2017-05-27 22:30:11 +03:00
return & Config {
2017-07-28 01:11:56 +03:00
Versions : versions ,
HandshakeTimeout : handshakeTimeout ,
2018-02-17 08:29:53 +03:00
IdleTimeout : idleTimeout ,
AcceptCookie : vsa ,
KeepAlive : config . KeepAlive ,
2017-07-28 01:11:56 +03:00
MaxReceiveStreamFlowControlWindow : maxReceiveStreamFlowControlWindow ,
MaxReceiveConnectionFlowControlWindow : maxReceiveConnectionFlowControlWindow ,
2018-03-26 07:37:41 +03:00
MaxIncomingStreams : maxIncomingStreams ,
MaxIncomingUniStreams : maxIncomingUniStreams ,
2017-05-27 22:30:11 +03:00
}
}
// serve listens on an existing PacketConn
func ( s * server ) serve ( ) {
for {
2018-03-26 07:37:41 +03:00
data := * getPacketBuffer ( )
2017-05-27 22:30:11 +03:00
data = data [ : protocol . MaxReceivePacketSize ]
// The packet size should not exceed protocol.MaxReceivePacketSize bytes
// If it does, we only read a truncated packet, which will then end up undecryptable
n , remoteAddr , err := s . conn . ReadFrom ( data )
if err != nil {
s . serverError = err
close ( s . errorChan )
_ = s . Close ( )
return
}
data = data [ : n ]
if err := s . handlePacket ( s . conn , remoteAddr , data ) ; err != nil {
utils . Errorf ( "error handling packet: %s" , err . Error ( ) )
}
}
}
// Accept returns newly openend sessions
func ( s * server ) Accept ( ) ( Session , error ) {
var sess Session
select {
case sess = <- s . sessionQueue :
return sess , nil
case <- s . errorChan :
return nil , s . serverError
}
}
// Close the server
func ( s * server ) Close ( ) error {
s . sessionsMutex . Lock ( )
2018-02-17 08:29:53 +03:00
if s . closed {
s . sessionsMutex . Unlock ( )
return nil
}
s . closed = true
var wg sync . WaitGroup
2017-05-27 22:30:11 +03:00
for _ , session := range s . sessions {
if session != nil {
2018-02-17 08:29:53 +03:00
wg . Add ( 1 )
go func ( sess packetHandler ) {
// session.Close() blocks until the CONNECTION_CLOSE has been sent and the run-loop has stopped
_ = sess . Close ( nil )
wg . Done ( )
} ( session )
2017-05-27 22:30:11 +03:00
}
}
s . sessionsMutex . Unlock ( )
2018-02-17 08:29:53 +03:00
wg . Wait ( )
2017-05-27 22:30:11 +03:00
2018-02-17 08:29:53 +03:00
err := s . conn . Close ( )
<- s . errorChan // wait for serve() to return
return err
2017-05-27 22:30:11 +03:00
}
// Addr returns the server's network address
func ( s * server ) Addr ( ) net . Addr {
return s . conn . LocalAddr ( )
}
func ( s * server ) handlePacket ( pconn net . PacketConn , remoteAddr net . Addr , packet [ ] byte ) error {
rcvTime := time . Now ( )
r := bytes . NewReader ( packet )
2018-02-17 08:29:53 +03:00
hdr , err := wire . ParseHeaderSentByClient ( r )
2017-05-27 22:30:11 +03:00
if err != nil {
return qerr . Error ( qerr . InvalidPacketHeader , err . Error ( ) )
}
hdr . Raw = packet [ : len ( packet ) - r . Len ( ) ]
2018-02-17 08:29:53 +03:00
packetData := packet [ len ( packet ) - r . Len ( ) : ]
connID := hdr . ConnectionID
if hdr . Type == protocol . PacketTypeInitial {
if s . supportsTLS {
go s . serverTLS . HandleInitial ( remoteAddr , hdr , packetData )
}
return nil
}
2017-05-27 22:30:11 +03:00
s . sessionsMutex . RLock ( )
2018-02-17 08:29:53 +03:00
session , sessionKnown := s . sessions [ connID ]
2017-05-27 22:30:11 +03:00
s . sessionsMutex . RUnlock ( )
2018-02-17 08:29:53 +03:00
if sessionKnown && session == nil {
// Late packet for closed session
return nil
}
2017-05-27 22:30:11 +03:00
// ignore all Public Reset packets
if hdr . ResetFlag {
2018-02-17 08:29:53 +03:00
if sessionKnown {
var pr * wire . PublicReset
pr , err = wire . ParsePublicReset ( r )
2017-05-27 22:30:11 +03:00
if err != nil {
2018-03-26 07:37:41 +03:00
utils . Infof ( "Received a Public Reset for connection %x. An error occurred parsing the packet." , hdr . ConnectionID )
2017-05-27 22:30:11 +03:00
} else {
2018-02-17 08:29:53 +03:00
utils . Infof ( "Received a Public Reset for connection %x, rejected packet number: 0x%x." , hdr . ConnectionID , pr . RejectedPacketNumber )
2017-05-27 22:30:11 +03:00
}
} else {
utils . Infof ( "Received Public Reset for unknown connection %x." , hdr . ConnectionID )
}
return nil
}
2018-02-17 08:29:53 +03:00
// If we don't have a session for this connection, and this packet cannot open a new connection, send a Public Reset
// This should only happen after a server restart, when we still receive packets for connections that we lost the state for.
// TODO(#943): implement sending of IETF draft style stateless resets
if ! sessionKnown && ( ! hdr . VersionFlag && hdr . Type != protocol . PacketTypeInitial ) {
_ , err = pconn . WriteTo ( wire . WritePublicReset ( connID , 0 , 0 ) , remoteAddr )
return err
}
2017-05-27 22:30:11 +03:00
// a session is only created once the client sent a supported version
// if we receive a packet for a connection that already has session, it's probably an old packet that was sent by the client before the version was negotiated
// it is safe to drop it
2018-02-17 08:29:53 +03:00
if sessionKnown && hdr . VersionFlag && ! protocol . IsSupportedVersion ( s . config . Versions , hdr . Version ) {
2017-05-27 22:30:11 +03:00
return nil
}
2018-02-17 08:29:53 +03:00
// send a Version Negotiation Packet if the client is speaking a different protocol version
// since the client send a Public Header (only gQUIC has a Version Flag), we need to send a gQUIC Version Negotiation Packet
if hdr . VersionFlag && ! protocol . IsSupportedVersion ( s . config . Versions , hdr . Version ) {
2017-05-27 22:30:11 +03:00
// drop packets that are too small to be valid first packets
2018-02-17 08:29:53 +03:00
if len ( packet ) < protocol . MinClientHelloSize + len ( hdr . Raw ) {
2017-05-27 22:30:11 +03:00
return errors . New ( "dropping small packet with unknown version" )
}
2018-02-17 08:29:53 +03:00
utils . Infof ( "Client offered version %s, sending Version Negotiation Packet" , hdr . Version )
_ , err := pconn . WriteTo ( wire . ComposeGQUICVersionNegotiation ( hdr . ConnectionID , s . config . Versions ) , remoteAddr )
2017-05-27 22:30:11 +03:00
return err
}
2018-02-17 08:29:53 +03:00
// This is (potentially) a Client Hello.
// Make sure it has the minimum required size before spending any more ressources on it.
if ! sessionKnown && len ( packet ) < protocol . MinClientHelloSize + len ( hdr . Raw ) {
return errors . New ( "dropping small packet for unknown connection" )
}
if ! sessionKnown {
version := hdr . Version
2017-05-27 22:30:11 +03:00
if ! protocol . IsSupportedVersion ( s . config . Versions , version ) {
return errors . New ( "Server BUG: negotiated version not supported" )
}
2018-02-17 08:29:53 +03:00
utils . Infof ( "Serving new connection: %x, version %s from %v" , hdr . ConnectionID , version , remoteAddr )
session , err = s . newSession (
2017-05-27 22:30:11 +03:00
& conn { pconn : pconn , currentAddr : remoteAddr } ,
version ,
hdr . ConnectionID ,
s . scfg ,
2017-07-28 01:11:56 +03:00
s . tlsConf ,
2017-05-27 22:30:11 +03:00
s . config ,
)
if err != nil {
return err
}
s . sessionsMutex . Lock ( )
2018-02-17 08:29:53 +03:00
s . sessions [ connID ] = session
2017-05-27 22:30:11 +03:00
s . sessionsMutex . Unlock ( )
2018-02-17 08:29:53 +03:00
s . runHandshakeAndSession ( session , connID )
2017-05-27 22:30:11 +03:00
}
session . handlePacket ( & receivedPacket {
2018-02-17 08:29:53 +03:00
remoteAddr : remoteAddr ,
header : hdr ,
data : packetData ,
rcvTime : rcvTime ,
2017-05-27 22:30:11 +03:00
} )
return nil
}
2018-02-17 08:29:53 +03:00
func ( s * server ) runHandshakeAndSession ( session packetHandler , connID protocol . ConnectionID ) {
go func ( ) {
_ = session . run ( )
// session.run() returns as soon as the session is closed
s . removeConnection ( connID )
} ( )
go func ( ) {
if err := <- session . handshakeStatus ( ) ; err != nil {
return
}
s . sessionQueue <- session
} ( )
}
2017-05-27 22:30:11 +03:00
func ( s * server ) removeConnection ( id protocol . ConnectionID ) {
s . sessionsMutex . Lock ( )
s . sessions [ id ] = nil
s . sessionsMutex . Unlock ( )
time . AfterFunc ( s . deleteClosedSessionsAfter , func ( ) {
s . sessionsMutex . Lock ( )
delete ( s . sessions , id )
s . sessionsMutex . Unlock ( )
} )
}