# include <future>
#endif // NOTHREADS
+#ifdef HAVE_LIBBPF
+# include <bpf/libbpf.h>
+#endif // HAVE_LIBBPF
+
#include <openssl/ssl.h>
#include <ev.h>
std::shared_ptr<DownstreamConfig> downstreamconf;
};
+#ifdef ENABLE_HTTP3
+# ifdef HAVE_LIBBPF
+struct BPFRef {
+ bpf_object *obj;
+ int reuseport_array;
+ int cid_prefix_map;
+};
+# endif // HAVE_LIBBPF
+
+// QUIC IPC message type.
+enum class QUICIPCType {
+ NONE,
+ // Send forwarded QUIC UDP datagram and its metadata.
+ DGRAM_FORWARD,
+};
+
+// WorkerProcesses which are in graceful shutdown period.
+struct QUICLingeringWorkerProcess {
+ QUICLingeringWorkerProcess(
+ std::vector<std::array<uint8_t, SHRPX_QUIC_CID_PREFIXLEN>> cid_prefixes,
+ int quic_ipc_fd)
+ : cid_prefixes{std::move(cid_prefixes)}, quic_ipc_fd{quic_ipc_fd} {}
+
+ std::vector<std::array<uint8_t, SHRPX_QUIC_CID_PREFIXLEN>> cid_prefixes;
+ // Socket to send QUIC IPC message to this worker process.
+ int quic_ipc_fd;
+};
+#endif // ENABLE_HTTP3
+
class ConnectionHandler {
public:
ConnectionHandler(struct ev_loop *loop, std::mt19937 &gen);
SSL_CTX *get_ssl_ctx(size_t idx) const;
const std::vector<SSL_CTX *> &get_indexed_ssl_ctx(size_t idx) const;
+#ifdef ENABLE_HTTP3
+ const std::vector<SSL_CTX *> &get_quic_indexed_ssl_ctx(size_t idx) const;
+
+ int forward_quic_packet(const UpstreamAddr *faddr, const Address &remote_addr,
+ const Address &local_addr, const uint8_t *cid_prefix,
+ const uint8_t *data, size_t datalen);
+
+ void set_quic_keying_materials(std::shared_ptr<QUICKeyingMaterials> qkms);
+ const std::shared_ptr<QUICKeyingMaterials> &get_quic_keying_materials() const;
+
+ void set_cid_prefixes(
+ const std::vector<std::array<uint8_t, SHRPX_QUIC_CID_PREFIXLEN>>
+ &cid_prefixes);
+
+ void set_quic_lingering_worker_processes(
+ const std::vector<QUICLingeringWorkerProcess> &quic_lwps);
+
+ // Return matching QUICLingeringWorkerProcess which has a CID prefix
+ // such that |dcid| starts with it. If no such
+ // QUICLingeringWorkerProcess, it returns nullptr.
+ QUICLingeringWorkerProcess *
+ match_quic_lingering_worker_process_cid_prefix(const uint8_t *dcid,
+ size_t dcidlen);
+
+ int forward_quic_packet_to_lingering_worker_process(
+ QUICLingeringWorkerProcess *quic_lwp, const Address &remote_addr,
+ const Address &local_addr, const uint8_t *data, size_t datalen);
+
+ void set_quic_ipc_fd(int fd);
+
+ int quic_ipc_read();
+
+# ifdef HAVE_LIBBPF
+ std::vector<BPFRef> &get_quic_bpf_refs();
+ void unload_bpf_objects();
+# endif // HAVE_LIBBPF
+#endif // ENABLE_HTTP3
#ifdef HAVE_NEVERBLEED
void set_neverbleed(neverbleed_t *nb);
// selection among them are performed by hostname presented by SNI,
// and signature algorithm presented by client.
std::vector<std::vector<SSL_CTX *>> indexed_ssl_ctx_;
+#ifdef ENABLE_HTTP3
+ std::vector<std::array<uint8_t, SHRPX_QUIC_CID_PREFIXLEN>> cid_prefixes_;
+ std::vector<std::array<uint8_t, SHRPX_QUIC_CID_PREFIXLEN>>
+ lingering_cid_prefixes_;
+ int quic_ipc_fd_;
+ std::vector<QUICLingeringWorkerProcess> quic_lingering_worker_processes_;
+# ifdef HAVE_LIBBPF
+ std::vector<BPFRef> quic_bpf_refs_;
+# endif // HAVE_LIBBPF
+ std::shared_ptr<QUICKeyingMaterials> quic_keying_materials_;
+ std::vector<SSL_CTX *> quic_all_ssl_ctx_;
+ std::vector<std::vector<SSL_CTX *>> quic_indexed_ssl_ctx_;
+#endif // ENABLE_HTTP3
OCSPUpdateContext ocsp_;
std::mt19937 &gen_;
// ev_loop for each worker
// Otherwise, nullptr and workers_ has instances of Worker instead.
std::unique_ptr<Worker> single_worker_;
std::unique_ptr<tls::CertLookupTree> cert_tree_;
+#ifdef ENABLE_HTTP3
+ std::unique_ptr<tls::CertLookupTree> quic_cert_tree_;
+#endif // ENABLE_HTTP3
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
// Current TLS session ticket keys. Note that TLS connection does
// not refer to this field directly. They use TicketKeys object in
projects / platform / upstream / nghttp2.git / blobdiff