Path: blob/master/Utilities/cmcurl/lib/cf-https-connect.c
3153 views
/***************************************************************************1* _ _ ____ _2* Project ___| | | | _ \| |3* / __| | | | |_) | |4* | (__| |_| | _ <| |___5* \___|\___/|_| \_\_____|6*7* Copyright (C) Daniel Stenberg, <[email protected]>, et al.8*9* This software is licensed as described in the file COPYING, which10* you should have received as part of this distribution. The terms11* are also available at https://curl.se/docs/copyright.html.12*13* You may opt to use, copy, modify, merge, publish, distribute and/or sell14* copies of the Software, and permit persons to whom the Software is15* furnished to do so, under the terms of the COPYING file.16*17* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY18* KIND, either express or implied.19*20* SPDX-License-Identifier: curl21*22***************************************************************************/2324#include "curl_setup.h"2526#if !defined(CURL_DISABLE_HTTP)2728#include "urldata.h"29#include <curl/curl.h>30#include "curl_trc.h"31#include "cfilters.h"32#include "connect.h"33#include "hostip.h"34#include "multiif.h"35#include "cf-https-connect.h"36#include "http2.h"37#include "vquic/vquic.h"3839/* The last 3 #include files should be in this order */40#include "curl_printf.h"41#include "curl_memory.h"42#include "memdebug.h"4344typedef enum {45CF_HC_INIT,46CF_HC_CONNECT,47CF_HC_SUCCESS,48CF_HC_FAILURE49} cf_hc_state;5051struct cf_hc_baller {52const char *name;53struct Curl_cfilter *cf;54CURLcode result;55struct curltime started;56int reply_ms;57unsigned char transport;58enum alpnid alpn_id;59BIT(shutdown);60};6162static void cf_hc_baller_reset(struct cf_hc_baller *b,63struct Curl_easy *data)64{65if(b->cf) {66Curl_conn_cf_close(b->cf, data);67Curl_conn_cf_discard_chain(&b->cf, data);68b->cf = NULL;69}70b->result = CURLE_OK;71b->reply_ms = -1;72}7374static bool cf_hc_baller_is_active(struct cf_hc_baller *b)75{76return b->cf && !b->result;77}7879static bool cf_hc_baller_has_started(struct cf_hc_baller *b)80{81return !!b->cf;82}8384static int cf_hc_baller_reply_ms(struct cf_hc_baller *b,85struct Curl_easy *data)86{87if(b->cf && (b->reply_ms < 0))88b->cf->cft->query(b->cf, data, CF_QUERY_CONNECT_REPLY_MS,89&b->reply_ms, NULL);90return b->reply_ms;91}9293static bool cf_hc_baller_data_pending(struct cf_hc_baller *b,94const struct Curl_easy *data)95{96return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data);97}9899static bool cf_hc_baller_needs_flush(struct cf_hc_baller *b,100struct Curl_easy *data)101{102return b->cf && !b->result && Curl_conn_cf_needs_flush(b->cf, data);103}104105static CURLcode cf_hc_baller_cntrl(struct cf_hc_baller *b,106struct Curl_easy *data,107int event, int arg1, void *arg2)108{109if(b->cf && !b->result)110return Curl_conn_cf_cntrl(b->cf, data, FALSE, event, arg1, arg2);111return CURLE_OK;112}113114struct cf_hc_ctx {115cf_hc_state state;116struct curltime started; /* when connect started */117CURLcode result; /* overall result */118struct cf_hc_baller ballers[2];119size_t baller_count;120timediff_t soft_eyeballs_timeout_ms;121timediff_t hard_eyeballs_timeout_ms;122};123124static void cf_hc_baller_assign(struct cf_hc_baller *b,125enum alpnid alpn_id,126unsigned char def_transport)127{128b->alpn_id = alpn_id;129b->transport = def_transport;130switch(b->alpn_id) {131case ALPN_h3:132b->name = "h3";133b->transport = TRNSPRT_QUIC;134break;135case ALPN_h2:136b->name = "h2";137break;138case ALPN_h1:139b->name = "h1";140break;141default:142b->result = CURLE_FAILED_INIT;143break;144}145}146147static void cf_hc_baller_init(struct cf_hc_baller *b,148struct Curl_cfilter *cf,149struct Curl_easy *data,150int transport)151{152struct Curl_cfilter *save = cf->next;153154cf->next = NULL;155b->started = curlx_now();156switch(b->alpn_id) {157case ALPN_h3:158transport = TRNSPRT_QUIC;159break;160default:161break;162}163164if(!b->result)165b->result = Curl_cf_setup_insert_after(cf, data, transport,166CURL_CF_SSL_ENABLE);167b->cf = cf->next;168cf->next = save;169}170171static CURLcode cf_hc_baller_connect(struct cf_hc_baller *b,172struct Curl_cfilter *cf,173struct Curl_easy *data,174bool *done)175{176struct Curl_cfilter *save = cf->next;177178cf->next = b->cf;179b->result = Curl_conn_cf_connect(cf->next, data, done);180b->cf = cf->next; /* it might mutate */181cf->next = save;182return b->result;183}184185static void cf_hc_reset(struct Curl_cfilter *cf, struct Curl_easy *data)186{187struct cf_hc_ctx *ctx = cf->ctx;188size_t i;189190if(ctx) {191for(i = 0; i < ctx->baller_count; ++i)192cf_hc_baller_reset(&ctx->ballers[i], data);193ctx->state = CF_HC_INIT;194ctx->result = CURLE_OK;195ctx->hard_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout;196ctx->soft_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout / 4;197}198}199200static CURLcode baller_connected(struct Curl_cfilter *cf,201struct Curl_easy *data,202struct cf_hc_baller *winner)203{204struct cf_hc_ctx *ctx = cf->ctx;205CURLcode result = CURLE_OK;206int reply_ms;207size_t i;208209DEBUGASSERT(winner->cf);210for(i = 0; i < ctx->baller_count; ++i)211if(winner != &ctx->ballers[i])212cf_hc_baller_reset(&ctx->ballers[i], data);213214reply_ms = cf_hc_baller_reply_ms(winner, data);215if(reply_ms >= 0)216CURL_TRC_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms",217winner->name, (int)curlx_timediff(curlx_now(),218winner->started), reply_ms);219else220CURL_TRC_CF(data, cf, "deferred handshake %s: %dms",221winner->name, (int)curlx_timediff(curlx_now(),222winner->started));223224/* install the winning filter below this one. */225cf->next = winner->cf;226winner->cf = NULL;227228switch(cf->conn->alpn) {229case CURL_HTTP_VERSION_3:230break;231case CURL_HTTP_VERSION_2:232#ifdef USE_NGHTTP2233/* Using nghttp2, we add the filter "below" us, so when the conn234* closes, we tear it down for a fresh reconnect */235result = Curl_http2_switch_at(cf, data);236if(result) {237ctx->state = CF_HC_FAILURE;238ctx->result = result;239return result;240}241#endif242break;243default:244break;245}246ctx->state = CF_HC_SUCCESS;247cf->connected = TRUE;248return result;249}250251252static bool time_to_start_next(struct Curl_cfilter *cf,253struct Curl_easy *data,254size_t idx, struct curltime now)255{256struct cf_hc_ctx *ctx = cf->ctx;257timediff_t elapsed_ms;258size_t i;259260if(idx >= ctx->baller_count)261return FALSE;262if(cf_hc_baller_has_started(&ctx->ballers[idx]))263return FALSE;264for(i = 0; i < idx; i++) {265if(!ctx->ballers[i].result)266break;267}268if(i == idx) {269CURL_TRC_CF(data, cf, "all previous attempts failed, starting %s",270ctx->ballers[idx].name);271return TRUE;272}273elapsed_ms = curlx_timediff(now, ctx->started);274if(elapsed_ms >= ctx->hard_eyeballs_timeout_ms) {275CURL_TRC_CF(data, cf, "hard timeout of %" FMT_TIMEDIFF_T "ms reached, "276"starting %s",277ctx->hard_eyeballs_timeout_ms, ctx->ballers[idx].name);278return TRUE;279}280281if((idx > 0) && (elapsed_ms >= ctx->soft_eyeballs_timeout_ms)) {282if(cf_hc_baller_reply_ms(&ctx->ballers[idx - 1], data) < 0) {283CURL_TRC_CF(data, cf, "soft timeout of %" FMT_TIMEDIFF_T "ms reached, "284"%s has not seen any data, starting %s",285ctx->soft_eyeballs_timeout_ms,286ctx->ballers[idx - 1].name, ctx->ballers[idx].name);287return TRUE;288}289/* set the effective hard timeout again */290Curl_expire(data, ctx->hard_eyeballs_timeout_ms - elapsed_ms,291EXPIRE_ALPN_EYEBALLS);292}293return FALSE;294}295296static CURLcode cf_hc_connect(struct Curl_cfilter *cf,297struct Curl_easy *data,298bool *done)299{300struct cf_hc_ctx *ctx = cf->ctx;301struct curltime now;302CURLcode result = CURLE_OK;303size_t i, failed_ballers;304305if(cf->connected) {306*done = TRUE;307return CURLE_OK;308}309310*done = FALSE;311now = curlx_now();312switch(ctx->state) {313case CF_HC_INIT:314DEBUGASSERT(!cf->next);315for(i = 0; i < ctx->baller_count; i++)316DEBUGASSERT(!ctx->ballers[i].cf);317CURL_TRC_CF(data, cf, "connect, init");318ctx->started = now;319cf_hc_baller_init(&ctx->ballers[0], cf, data, ctx->ballers[0].transport);320if(ctx->baller_count > 1) {321Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);322CURL_TRC_CF(data, cf, "set next attempt to start in %" FMT_TIMEDIFF_T323"ms", ctx->soft_eyeballs_timeout_ms);324}325ctx->state = CF_HC_CONNECT;326FALLTHROUGH();327328case CF_HC_CONNECT:329if(cf_hc_baller_is_active(&ctx->ballers[0])) {330result = cf_hc_baller_connect(&ctx->ballers[0], cf, data, done);331if(!result && *done) {332result = baller_connected(cf, data, &ctx->ballers[0]);333goto out;334}335}336337if(time_to_start_next(cf, data, 1, now)) {338cf_hc_baller_init(&ctx->ballers[1], cf, data, ctx->ballers[1].transport);339}340341if((ctx->baller_count > 1) && cf_hc_baller_is_active(&ctx->ballers[1])) {342CURL_TRC_CF(data, cf, "connect, check %s", ctx->ballers[1].name);343result = cf_hc_baller_connect(&ctx->ballers[1], cf, data, done);344if(!result && *done) {345result = baller_connected(cf, data, &ctx->ballers[1]);346goto out;347}348}349350failed_ballers = 0;351for(i = 0; i < ctx->baller_count; i++) {352if(ctx->ballers[i].result)353++failed_ballers;354}355356if(failed_ballers == ctx->baller_count) {357/* all have failed. we give up */358CURL_TRC_CF(data, cf, "connect, all attempts failed");359for(i = 0; i < ctx->baller_count; i++) {360if(ctx->ballers[i].result) {361result = ctx->ballers[i].result;362break;363}364}365ctx->state = CF_HC_FAILURE;366goto out;367}368result = CURLE_OK;369*done = FALSE;370break;371372case CF_HC_FAILURE:373result = ctx->result;374cf->connected = FALSE;375*done = FALSE;376break;377378case CF_HC_SUCCESS:379result = CURLE_OK;380cf->connected = TRUE;381*done = TRUE;382break;383}384385out:386CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);387return result;388}389390static CURLcode cf_hc_shutdown(struct Curl_cfilter *cf,391struct Curl_easy *data, bool *done)392{393struct cf_hc_ctx *ctx = cf->ctx;394size_t i;395CURLcode result = CURLE_OK;396397DEBUGASSERT(data);398if(cf->connected) {399*done = TRUE;400return CURLE_OK;401}402403/* shutdown all ballers that have not done so already. If one fails,404* continue shutting down others until all are shutdown. */405for(i = 0; i < ctx->baller_count; i++) {406struct cf_hc_baller *b = &ctx->ballers[i];407bool bdone = FALSE;408if(!cf_hc_baller_is_active(b) || b->shutdown)409continue;410b->result = b->cf->cft->do_shutdown(b->cf, data, &bdone);411if(b->result || bdone)412b->shutdown = TRUE; /* treat a failed shutdown as done */413}414415*done = TRUE;416for(i = 0; i < ctx->baller_count; i++) {417if(!ctx->ballers[i].shutdown)418*done = FALSE;419}420if(*done) {421for(i = 0; i < ctx->baller_count; i++) {422if(ctx->ballers[i].result)423result = ctx->ballers[i].result;424}425}426CURL_TRC_CF(data, cf, "shutdown -> %d, done=%d", result, *done);427return result;428}429430static void cf_hc_adjust_pollset(struct Curl_cfilter *cf,431struct Curl_easy *data,432struct easy_pollset *ps)433{434if(!cf->connected) {435struct cf_hc_ctx *ctx = cf->ctx;436size_t i;437438for(i = 0; i < ctx->baller_count; i++) {439struct cf_hc_baller *b = &ctx->ballers[i];440if(!cf_hc_baller_is_active(b))441continue;442Curl_conn_cf_adjust_pollset(b->cf, data, ps);443}444CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);445}446}447448static bool cf_hc_data_pending(struct Curl_cfilter *cf,449const struct Curl_easy *data)450{451struct cf_hc_ctx *ctx = cf->ctx;452size_t i;453454if(cf->connected)455return cf->next->cft->has_data_pending(cf->next, data);456457for(i = 0; i < ctx->baller_count; i++)458if(cf_hc_baller_data_pending(&ctx->ballers[i], data))459return TRUE;460return FALSE;461}462463static struct curltime cf_get_max_baller_time(struct Curl_cfilter *cf,464struct Curl_easy *data,465int query)466{467struct cf_hc_ctx *ctx = cf->ctx;468struct curltime t, tmax;469size_t i;470471memset(&tmax, 0, sizeof(tmax));472for(i = 0; i < ctx->baller_count; i++) {473struct Curl_cfilter *cfb = ctx->ballers[i].cf;474memset(&t, 0, sizeof(t));475if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {476if((t.tv_sec || t.tv_usec) && curlx_timediff_us(t, tmax) > 0)477tmax = t;478}479}480return tmax;481}482483static CURLcode cf_hc_query(struct Curl_cfilter *cf,484struct Curl_easy *data,485int query, int *pres1, void *pres2)486{487struct cf_hc_ctx *ctx = cf->ctx;488size_t i;489490if(!cf->connected) {491switch(query) {492case CF_QUERY_TIMER_CONNECT: {493struct curltime *when = pres2;494*when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);495return CURLE_OK;496}497case CF_QUERY_TIMER_APPCONNECT: {498struct curltime *when = pres2;499*when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);500return CURLE_OK;501}502case CF_QUERY_NEED_FLUSH: {503for(i = 0; i < ctx->baller_count; i++)504if(cf_hc_baller_needs_flush(&ctx->ballers[i], data)) {505*pres1 = TRUE;506return CURLE_OK;507}508break;509}510default:511break;512}513}514return cf->next ?515cf->next->cft->query(cf->next, data, query, pres1, pres2) :516CURLE_UNKNOWN_OPTION;517}518519static CURLcode cf_hc_cntrl(struct Curl_cfilter *cf,520struct Curl_easy *data,521int event, int arg1, void *arg2)522{523struct cf_hc_ctx *ctx = cf->ctx;524CURLcode result = CURLE_OK;525size_t i;526527if(!cf->connected) {528for(i = 0; i < ctx->baller_count; i++) {529result = cf_hc_baller_cntrl(&ctx->ballers[i], data, event, arg1, arg2);530if(result && (result != CURLE_AGAIN))531goto out;532}533result = CURLE_OK;534}535out:536return result;537}538539static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data)540{541CURL_TRC_CF(data, cf, "close");542cf_hc_reset(cf, data);543cf->connected = FALSE;544545if(cf->next) {546cf->next->cft->do_close(cf->next, data);547Curl_conn_cf_discard_chain(&cf->next, data);548}549}550551static void cf_hc_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)552{553struct cf_hc_ctx *ctx = cf->ctx;554555(void)data;556CURL_TRC_CF(data, cf, "destroy");557cf_hc_reset(cf, data);558Curl_safefree(ctx);559}560561struct Curl_cftype Curl_cft_http_connect = {562"HTTPS-CONNECT",5630,564CURL_LOG_LVL_NONE,565cf_hc_destroy,566cf_hc_connect,567cf_hc_close,568cf_hc_shutdown,569cf_hc_adjust_pollset,570cf_hc_data_pending,571Curl_cf_def_send,572Curl_cf_def_recv,573cf_hc_cntrl,574Curl_cf_def_conn_is_alive,575Curl_cf_def_conn_keep_alive,576cf_hc_query,577};578579static CURLcode cf_hc_create(struct Curl_cfilter **pcf,580struct Curl_easy *data,581enum alpnid *alpnids, size_t alpn_count,582unsigned char def_transport)583{584struct Curl_cfilter *cf = NULL;585struct cf_hc_ctx *ctx;586CURLcode result = CURLE_OK;587size_t i;588589DEBUGASSERT(alpnids);590DEBUGASSERT(alpn_count);591DEBUGASSERT(alpn_count <= CURL_ARRAYSIZE(ctx->ballers));592if(!alpn_count || (alpn_count > CURL_ARRAYSIZE(ctx->ballers))) {593failf(data, "https-connect filter create with unsupported %zu ALPN ids",594alpn_count);595return CURLE_FAILED_INIT;596}597598ctx = calloc(1, sizeof(*ctx));599if(!ctx) {600result = CURLE_OUT_OF_MEMORY;601goto out;602}603for(i = 0; i < alpn_count; ++i)604cf_hc_baller_assign(&ctx->ballers[i], alpnids[i], def_transport);605for(; i < CURL_ARRAYSIZE(ctx->ballers); ++i)606ctx->ballers[i].alpn_id = ALPN_none;607ctx->baller_count = alpn_count;608609result = Curl_cf_create(&cf, &Curl_cft_http_connect, ctx);610if(result)611goto out;612ctx = NULL;613cf_hc_reset(cf, data);614615out:616*pcf = result ? NULL : cf;617free(ctx);618return result;619}620621static CURLcode cf_http_connect_add(struct Curl_easy *data,622struct connectdata *conn,623int sockindex,624enum alpnid *alpn_ids, size_t alpn_count,625unsigned char def_transport)626{627struct Curl_cfilter *cf;628CURLcode result = CURLE_OK;629630DEBUGASSERT(data);631result = cf_hc_create(&cf, data, alpn_ids, alpn_count, def_transport);632if(result)633goto out;634Curl_conn_cf_add(data, conn, sockindex, cf);635out:636return result;637}638639static bool cf_https_alpns_contain(enum alpnid id,640enum alpnid *list, size_t len)641{642size_t i;643for(i = 0; i < len; ++i) {644if(id == list[i])645return TRUE;646}647return FALSE;648}649650CURLcode Curl_cf_https_setup(struct Curl_easy *data,651struct connectdata *conn,652int sockindex)653{654enum alpnid alpn_ids[2];655size_t alpn_count = 0;656CURLcode result = CURLE_OK;657struct Curl_cfilter cf_fake, *cf = NULL;658659(void)sockindex;660/* we want to log for the filter before we create it, fake it. */661memset(&cf_fake, 0, sizeof(cf_fake));662cf_fake.cft = &Curl_cft_http_connect;663cf = &cf_fake;664665if(conn->bits.tls_enable_alpn) {666#ifdef USE_HTTPSRR667/* Is there an HTTPSRR use its ALPNs here.668* We are here after having selected a connection to a host+port and669* can no longer change that. Any HTTPSRR advice for other hosts and ports670* we need to ignore. */671struct Curl_dns_entry *dns = data->state.dns[sockindex];672struct Curl_https_rrinfo *rr = dns ? dns->hinfo : NULL;673if(rr && !rr->no_def_alpn && /* ALPNs are defaults */674(!rr->target || /* for same host */675!rr->target[0] ||676(rr->target[0] == '.' &&677!rr->target[1])) &&678(rr->port < 0 || /* for same port */679rr->port == conn->remote_port)) {680size_t i;681for(i = 0; i < CURL_ARRAYSIZE(rr->alpns) &&682alpn_count < CURL_ARRAYSIZE(alpn_ids); ++i) {683enum alpnid alpn = rr->alpns[i];684if(cf_https_alpns_contain(alpn, alpn_ids, alpn_count))685continue;686switch(alpn) {687case ALPN_h3:688if(Curl_conn_may_http3(data, conn, conn->transport_wanted))689break; /* not possible */690if(data->state.http_neg.allowed & CURL_HTTP_V3x) {691CURL_TRC_CF(data, cf, "adding h3 via HTTPS-RR");692alpn_ids[alpn_count++] = alpn;693}694break;695case ALPN_h2:696if(data->state.http_neg.allowed & CURL_HTTP_V2x) {697CURL_TRC_CF(data, cf, "adding h2 via HTTPS-RR");698alpn_ids[alpn_count++] = alpn;699}700break;701case ALPN_h1:702if(data->state.http_neg.allowed & CURL_HTTP_V1x) {703CURL_TRC_CF(data, cf, "adding h1 via HTTPS-RR");704alpn_ids[alpn_count++] = alpn;705}706break;707default: /* ignore */708break;709}710}711}712#endif713714if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&715(data->state.http_neg.wanted & CURL_HTTP_V3x) &&716!cf_https_alpns_contain(ALPN_h3, alpn_ids, alpn_count)) {717result = Curl_conn_may_http3(data, conn, conn->transport_wanted);718if(!result) {719CURL_TRC_CF(data, cf, "adding wanted h3");720alpn_ids[alpn_count++] = ALPN_h3;721}722else if(data->state.http_neg.wanted == CURL_HTTP_V3x)723goto out; /* only h3 allowed, not possible, error out */724}725if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&726(data->state.http_neg.wanted & CURL_HTTP_V2x) &&727!cf_https_alpns_contain(ALPN_h2, alpn_ids, alpn_count)) {728CURL_TRC_CF(data, cf, "adding wanted h2");729alpn_ids[alpn_count++] = ALPN_h2;730}731else if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&732(data->state.http_neg.wanted & CURL_HTTP_V1x) &&733!cf_https_alpns_contain(ALPN_h1, alpn_ids, alpn_count)) {734CURL_TRC_CF(data, cf, "adding wanted h1");735alpn_ids[alpn_count++] = ALPN_h1;736}737}738739/* If we identified ALPNs to use, install our filter. Otherwise,740* install nothing, so our call will use a default connect setup. */741if(alpn_count) {742result = cf_http_connect_add(data, conn, sockindex,743alpn_ids, alpn_count,744conn->transport_wanted);745}746747out:748return result;749}750751#endif /* !defined(CURL_DISABLE_HTTP) */752753754