From e55e757dc20122a041492717ed23b2fb85c0772b Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Wed, 1 Mar 2023 15:15:23 -0700 Subject: [PATCH 01/10] Add interface for NetVC services --- iocore/net/I_NetVConnection.h | 30 +++++++++++++++++++++++++++++ iocore/net/SSLNetVConnection.cc | 11 ++++++++++- proxy/ProxySession.cc | 2 +- proxy/http/Http1ClientSession.cc | 4 ++-- proxy/http/HttpSM.cc | 32 ++++++++++++++++--------------- proxy/http2/Http2ClientSession.cc | 4 ++-- proxy/private/SSLProxySession.cc | 2 +- src/traffic_server/InkAPI.cc | 10 +++++----- 8 files changed, 68 insertions(+), 27 deletions(-) diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index f16b5e84d12..5e8ff24602d 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -65,6 +65,17 @@ typedef enum { class NetVConnection : public VConnection, public PluginUserArgs { public: + enum class Service : uint8_t { + TLS_ALPN, + TLS_Basic, + TLS_CertSwitch, + TLS_EarlyData, + TLS_SNI, + TLS_SessionResumption, + TLS_Tunnel, + N_MAX, + }; + /** Initiates read. Thread safe, may be called when not handling an event from the NetVConnection, or the NetVConnection creation @@ -507,6 +518,8 @@ class NetVConnection : public VConnection, public PluginUserArgs(Service::N_MAX)] = { + nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, + }; }; inline NetVConnection::NetVConnection() : VConnection(nullptr) @@ -540,3 +558,15 @@ NetVConnection::trapWriteBufferEmpty(int event) { write_buffer_empty_event = event; } + +inline void * +NetVConnection::get_service(enum NetVConnection::Service service) const +{ + return _services[static_cast(service)]; +} + +inline void +NetVConnection::_set_service(enum NetVConnection::Service service, void *instance) +{ + this->_services[static_cast(service)] = instance; +} diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index c40fad61f8a..7cbb323648d 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -860,7 +860,16 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf return num_really_written; } -SSLNetVConnection::SSLNetVConnection() {} +SSLNetVConnection::SSLNetVConnection() +{ + this->_set_service(NetVConnection::Service::TLS_ALPN, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_Basic, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_CertSwitch, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_EarlyData, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_SNI, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_SessionResumption, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_Tunnel, static_cast(this)); +} void SSLNetVConnection::do_io_close(int lerrno) diff --git a/proxy/ProxySession.cc b/proxy/ProxySession.cc index a4feee97ae7..e94ce33039c 100644 --- a/proxy/ProxySession.cc +++ b/proxy/ProxySession.cc @@ -287,7 +287,7 @@ ProxySession::get_local_addr() void ProxySession::_handle_if_ssl(NetVConnection *new_vc) { - auto tbs = dynamic_cast(new_vc); + auto tbs = static_cast(new_vc->get_service(NetVConnection::Service::TLS_Basic)); if (tbs) { _ssl = std::make_unique(); _ssl.get()->init(*new_vc); diff --git a/proxy/http/Http1ClientSession.cc b/proxy/http/Http1ClientSession.cc index 23f7696ca3e..afdbfff8967 100644 --- a/proxy/http/Http1ClientSession.cc +++ b/proxy/http/Http1ClientSession.cc @@ -141,7 +141,7 @@ Http1ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB trans.mutex = mutex; // Share this mutex with the transaction in_destroy = false; - TLSEarlyDataSupport *eds = dynamic_cast(new_vc); + TLSEarlyDataSupport *eds = static_cast(new_vc->get_service(NetVConnection::Service::TLS_EarlyData)); if (eds != nullptr) { read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, read_from_early_data); @@ -534,7 +534,7 @@ bool Http1ClientSession::allow_half_open() const { // Only allow half open connections if the not over TLS - return (_vc && dynamic_cast(_vc) == nullptr); + return (_vc && _vc->get_service(NetVConnection::Service::TLS_Basic) == nullptr); } void diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 77be42d3d55..0fd2fe6d81f 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -522,7 +522,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) mptcp_state = netvc->get_mptcp_state(); client_tcp_reused = !(ua_txn->is_first_transaction()); - if (auto tbs = dynamic_cast(netvc)) { + if (auto tbs = static_cast(netvc->get_service(NetVConnection::Service::TLS_Basic))) { client_connection_is_ssl = true; const char *protocol = tbs->get_tls_protocol_name(); client_sec_protocol = protocol ? protocol : "-"; @@ -538,11 +538,11 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) } } - if (auto as = dynamic_cast(netvc)) { + if (auto as = static_cast(netvc->get_service(NetVConnection::Service::TLS_ALPN))) { client_alpn_id = as->get_negotiated_protocol_id(); } - if (auto tsrs = dynamic_cast(netvc)) { + if (auto tsrs = static_cast(netvc->get_service(NetVConnection::Service::TLS_SessionResumption))) { client_ssl_reused = tsrs->getSSLSessionCacheHit(); } @@ -585,7 +585,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); // Prepare raw reader which will live until we are sure this is HTTP indeed - auto *tts = dynamic_cast(netvc); + auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); if (is_transparent_passthrough_allowed() || (tts && tts->is_decryption_needed())) { ua_raw_buffer_reader = ua_txn->get_remote_reader()->clone(); } @@ -649,7 +649,8 @@ HttpSM::setup_blind_tunnel_port() } TLSTunnelSupport *tts = nullptr; - if (!ua_txn->is_outbound_transparent() && (tts = dynamic_cast(netvc))) { + if (!ua_txn->is_outbound_transparent() && + (tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)))) { if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { if (tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1513,7 +1514,7 @@ plugins required to work with sni_routing. t_state.hdr_info.client_request.url_set(&u); NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = dynamic_cast(netvc); + auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); if (tts && tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1678,7 +1679,7 @@ HttpSM::handle_api_return() switch (t_state.api_next_action) { case HttpTransact::SM_ACTION_API_SM_START: { NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = dynamic_cast(netvc); + auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); bool forward_dest = tts != nullptr && tts->is_decryption_needed(); if (t_state.client_info.port_attribute == HttpProxyPort::TRANSPORT_BLIND_TUNNEL || forward_dest) { setup_blind_tunnel_port(); @@ -1821,10 +1822,10 @@ PoolableSession * HttpSM::create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffer, IOBufferReader *netvc_reader) { // Figure out what protocol was negotiated - int proto_index = SessionProtocolNameRegistry::INVALID; - auto const *sslnetvc = dynamic_cast(netvc); - if (sslnetvc) { - proto_index = sslnetvc->get_negotiated_protocol_id(); + int proto_index = SessionProtocolNameRegistry::INVALID; + auto const *alpn = static_cast(netvc->get_service(NetVConnection::Service::TLS_ALPN)); + if (alpn) { + proto_index = alpn->get_negotiated_protocol_id(); } // No ALPN occurred. Assume it was HTTP/1.x and hope for the best if (proto_index == SessionProtocolNameRegistry::INVALID) { @@ -5576,7 +5577,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) int scheme_to_use = t_state.scheme; // get initial scheme bool tls_upstream = scheme_to_use == URL_WKSIDX_HTTPS; if (ua_txn) { - auto *tts = dynamic_cast(ua_txn->get_netvc()); + auto *tts = static_cast(ua_txn->get_netvc()->get_service(NetVConnection::Service::TLS_Tunnel)); if (tts && raw) { tls_upstream = tts->is_upstream_tls(); _tunnel_type = tts->get_tunnel_type(); @@ -5584,7 +5585,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) // ALPN on TLS Partial Blind Tunnel - set negotiated ALPN id int pid = SessionProtocolNameRegistry::INVALID; if (tts->get_tunnel_type() == SNIRoutingType::PARTIAL_BLIND) { - auto *alpns = dynamic_cast(ua_txn->get_netvc()); + auto *alpns = static_cast(ua_txn->get_netvc()->get_service(NetVConnection::Service::TLS_ALPN)); ink_assert(alpns); pid = alpns->get_negotiated_protocol_id(); if (pid != SessionProtocolNameRegistry::INVALID) { @@ -6605,12 +6606,13 @@ HttpSM::attach_server_session() UnixNetVConnection *server_vc = static_cast(server_txn->get_netvc()); // set flag for server session is SSL - TLSBasicSupport *tbs = dynamic_cast(server_vc); + TLSBasicSupport *tbs = static_cast(server_vc->get_service(NetVConnection::Service::TLS_Basic)); if (tbs) { server_connection_is_ssl = true; } - if (auto tsrs = dynamic_cast(server_vc)) { + if (auto tsrs = + static_cast(server_vc->get_service(NetVConnection::Service::TLS_SessionResumption))) { server_ssl_reused = tsrs->getSSLOriginSessionCacheHit(); } diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc index 56ce64928f4..4084a5ffbc0 100644 --- a/proxy/http2/Http2ClientSession.cc +++ b/proxy/http2/Http2ClientSession.cc @@ -101,7 +101,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->connection_state.mutex = this->mutex; - TLSEarlyDataSupport *eds = dynamic_cast(new_vc); + TLSEarlyDataSupport *eds = static_cast(new_vc->get_service(NetVConnection::Service::TLS_EarlyData)); if (eds != nullptr) { this->read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, this->read_from_early_data); @@ -120,7 +120,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->write_buffer = new_MIOBuffer(buffer_block_size_index); uint32_t buffer_water_mark; - TLSSNISupport *snis = dynamic_cast(this->_vc); + TLSSNISupport *snis = static_cast(this->_vc->get_service(NetVConnection::Service::TLS_SNI)); if (snis && snis->hints_from_sni.http2_buffer_water_mark.has_value()) { buffer_water_mark = snis->hints_from_sni.http2_buffer_water_mark.value(); } else { diff --git a/proxy/private/SSLProxySession.cc b/proxy/private/SSLProxySession.cc index 32da935cf60..7a406b5d387 100644 --- a/proxy/private/SSLProxySession.cc +++ b/proxy/private/SSLProxySession.cc @@ -29,7 +29,7 @@ void SSLProxySession::init(NetVConnection const &new_vc) { - if (dynamic_cast(&new_vc) != nullptr) { + if (new_vc.get_service(NetVConnection::Service::TLS_SNI) != nullptr) { if (char const *name = new_vc.get_server_name()) { _client_sni_server_name.assign(name); } diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index a58bb29981c..82a37e7d696 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -6571,7 +6571,7 @@ const char * TSVConnSslCipherGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = dynamic_cast(vc); + TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); return tlsbs ? tlsbs->get_tls_cipher_suite() : nullptr; } @@ -6580,7 +6580,7 @@ const char * TSVConnSslProtocolGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = dynamic_cast(vc); + TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); return tlsbs ? tlsbs->get_tls_protocol_name() : nullptr; } @@ -6589,7 +6589,7 @@ const char * TSVConnSslCurveGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = dynamic_cast(vc); + TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); return tlsbs ? tlsbs->get_tls_curve() : nullptr; } @@ -9674,7 +9674,7 @@ TSVConnProtocolEnable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = dynamic_cast(net_vc); + auto alpn_vc = static_cast(net_vc->get_service(NetVConnection::Service::TLS_ALPN)); if (alpn_vc) { alpn_vc->enableProtocol(protocol_idx); retval = TS_SUCCESS; @@ -9688,7 +9688,7 @@ TSVConnProtocolDisable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = dynamic_cast(net_vc); + auto alpn_vc = static_cast(net_vc->get_service(NetVConnection::Service::TLS_ALPN)); if (alpn_vc) { alpn_vc->disableProtocol(protocol_idx); retval = TS_SUCCESS; From 1da4321fc2f549f4b5787ab8e7c18d1bec07b2d4 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 22 May 2023 18:44:05 -0600 Subject: [PATCH 02/10] Update QUICNetVC --- iocore/net/QUICNetVConnection_quiche.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/iocore/net/QUICNetVConnection_quiche.cc b/iocore/net/QUICNetVConnection_quiche.cc index 2d638f99289..b61bdc306a4 100644 --- a/iocore/net/QUICNetVConnection_quiche.cc +++ b/iocore/net/QUICNetVConnection_quiche.cc @@ -37,7 +37,14 @@ static constexpr ink_hrtime WRITE_READY_INTERVAL = HRTIME_MSECONDS(2); ClassAllocator quicNetVCAllocator("quicNetVCAllocator"); -QUICNetVConnection::QUICNetVConnection() {} +QUICNetVConnection::QUICNetVConnection() +{ + this->_set_service(NetVConnection::Service::TLS_ALPN, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_Basic, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_CertSwitch, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_SNI, static_cast(this)); + this->_set_service(NetVConnection::Service::TLS_SessionResumption, static_cast(this)); +} QUICNetVConnection::~QUICNetVConnection() {} From 72d272ad477c497648d6b27446107d5df100274e Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Wed, 24 May 2023 13:46:37 -0600 Subject: [PATCH 03/10] Rename N_MAX to N_SERVICES --- iocore/net/I_NetVConnection.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 5e8ff24602d..3952e29aecf 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -73,7 +73,7 @@ class NetVConnection : public VConnection, public PluginUserArgs(Service::N_MAX)] = { + void *_services[static_cast(Service::N_SERVICES)] = { nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, }; }; From 11ec1686ee02d51b363c8235931ff839e691d081 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Thu, 22 Jun 2023 22:04:45 -0600 Subject: [PATCH 04/10] Add helper functions --- iocore/net/ALPNSupport.cc | 8 +++++++ iocore/net/I_NetVConnection.h | 2 ++ iocore/net/TLSBasicSupport.cc | 8 +++++++ iocore/net/TLSCertSwitchSupport.cc | 8 +++++++ iocore/net/TLSEarlyDataSupport.cc | 8 +++++++ iocore/net/TLSSNISupport.cc | 8 +++++++ iocore/net/TLSSessionResumptionSupport.cc | 7 ++++++ iocore/net/TLSTunnelSupport.cc | 8 +++++++ proxy/ProxySession.cc | 2 +- proxy/http/Http1ClientSession.cc | 4 ++-- proxy/http/HttpSM.cc | 26 +++++++++++------------ proxy/http2/Http2ClientSession.cc | 4 ++-- proxy/private/SSLProxySession.cc | 2 +- src/traffic_server/InkAPI.cc | 10 ++++----- 14 files changed, 80 insertions(+), 25 deletions(-) diff --git a/iocore/net/ALPNSupport.cc b/iocore/net/ALPNSupport.cc index 1e9bc8aacbe..aedf03aed81 100644 --- a/iocore/net/ALPNSupport.cc +++ b/iocore/net/ALPNSupport.cc @@ -22,11 +22,19 @@ */ #include "P_ALPNSupport.h" +#include "I_NetVConnection.h" #include "P_SSLNextProtocolSet.h" #include "records/I_RecHttp.h" int ALPNSupport::_ex_data_index = -1; +template <> +ALPNSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_ALPN)); +} + void ALPNSupport::initialize() { diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 3952e29aecf..af14af2369d 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -570,3 +570,5 @@ NetVConnection::_set_service(enum NetVConnection::Service service, void *instanc { this->_services[static_cast(service)] = instance; } + +template T *NetConnectionService(const NetVConnection *); diff --git a/iocore/net/TLSBasicSupport.cc b/iocore/net/TLSBasicSupport.cc index 196211d70a3..fc8a7201dd2 100644 --- a/iocore/net/TLSBasicSupport.cc +++ b/iocore/net/TLSBasicSupport.cc @@ -23,10 +23,18 @@ */ #include "TLSBasicSupport.h" +#include "I_NetVConnection.h" #include "SSLStats.h" int TLSBasicSupport::_ex_data_index = -1; +template <> +TLSBasicSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); +} + void TLSBasicSupport::initialize() { diff --git a/iocore/net/TLSCertSwitchSupport.cc b/iocore/net/TLSCertSwitchSupport.cc index 4ee68605d75..7e187b220dc 100644 --- a/iocore/net/TLSCertSwitchSupport.cc +++ b/iocore/net/TLSCertSwitchSupport.cc @@ -20,10 +20,18 @@ */ #include "TLSCertSwitchSupport.h" +#include "I_NetVConnection.h" #include "P_SSLCertLookup.h" int TLSCertSwitchSupport::_ex_data_index = -1; +template <> +TLSCertSwitchSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_CertSwitch)); +} + void TLSCertSwitchSupport::initialize() { diff --git a/iocore/net/TLSEarlyDataSupport.cc b/iocore/net/TLSEarlyDataSupport.cc index 469cd0191f6..6bb9a2d8c1b 100644 --- a/iocore/net/TLSEarlyDataSupport.cc +++ b/iocore/net/TLSEarlyDataSupport.cc @@ -24,10 +24,18 @@ #include #include "TLSEarlyDataSupport.h" +#include "I_NetVConnection.h" #include "tscore/ink_assert.h" int TLSEarlyDataSupport::_ex_data_index = -1; +template <> +TLSEarlyDataSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_EarlyData)); +} + void TLSEarlyDataSupport::initialize() { diff --git a/iocore/net/TLSSNISupport.cc b/iocore/net/TLSSNISupport.cc index 88378a81418..be295266204 100644 --- a/iocore/net/TLSSNISupport.cc +++ b/iocore/net/TLSSNISupport.cc @@ -23,12 +23,20 @@ #include "P_SSLNextProtocolAccept.h" #include "SSLSNIConfig.h" #include "TLSSNISupport.h" +#include "I_NetVConnection.h" #include "tscore/ink_assert.h" #include "tscore/ink_inet.h" #include "tscore/Diags.h" int TLSSNISupport::_ex_data_index = -1; +template <> +TLSSNISupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_SNI)); +} + void TLSSNISupport::initialize() { diff --git a/iocore/net/TLSSessionResumptionSupport.cc b/iocore/net/TLSSessionResumptionSupport.cc index 9ed2a50f770..226f08f2358 100644 --- a/iocore/net/TLSSessionResumptionSupport.cc +++ b/iocore/net/TLSSessionResumptionSupport.cc @@ -49,6 +49,13 @@ char mac_param_digest[] = "sha256"; int TLSSessionResumptionSupport::_ex_data_index = -1; +template <> +TLSSessionResumptionSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_SessionResumption)); +} + static bool is_ssl_session_timed_out(SSL_SESSION *session) { diff --git a/iocore/net/TLSTunnelSupport.cc b/iocore/net/TLSTunnelSupport.cc index fd632ebc076..dfc14667b5c 100644 --- a/iocore/net/TLSTunnelSupport.cc +++ b/iocore/net/TLSTunnelSupport.cc @@ -23,6 +23,7 @@ */ #include "TLSTunnelSupport.h" +#include "I_NetVConnection.h" #include "tscore/ink_assert.h" #include "tscore/Diags.h" @@ -30,6 +31,13 @@ int TLSTunnelSupport::_ex_data_index = -1; +template <> +TLSTunnelSupport * +NetConnectionService(const NetVConnection *vc) +{ + return static_cast(vc->get_service(NetVConnection::Service::TLS_Tunnel)); +} + void TLSTunnelSupport::initialize() { diff --git a/proxy/ProxySession.cc b/proxy/ProxySession.cc index e94ce33039c..bab20064214 100644 --- a/proxy/ProxySession.cc +++ b/proxy/ProxySession.cc @@ -287,7 +287,7 @@ ProxySession::get_local_addr() void ProxySession::_handle_if_ssl(NetVConnection *new_vc) { - auto tbs = static_cast(new_vc->get_service(NetVConnection::Service::TLS_Basic)); + auto tbs = NetConnectionService(new_vc); if (tbs) { _ssl = std::make_unique(); _ssl.get()->init(*new_vc); diff --git a/proxy/http/Http1ClientSession.cc b/proxy/http/Http1ClientSession.cc index afdbfff8967..7607fe1a7fb 100644 --- a/proxy/http/Http1ClientSession.cc +++ b/proxy/http/Http1ClientSession.cc @@ -141,7 +141,7 @@ Http1ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB trans.mutex = mutex; // Share this mutex with the transaction in_destroy = false; - TLSEarlyDataSupport *eds = static_cast(new_vc->get_service(NetVConnection::Service::TLS_EarlyData)); + TLSEarlyDataSupport *eds = NetConnectionService(new_vc); if (eds != nullptr) { read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, read_from_early_data); @@ -534,7 +534,7 @@ bool Http1ClientSession::allow_half_open() const { // Only allow half open connections if the not over TLS - return (_vc && _vc->get_service(NetVConnection::Service::TLS_Basic) == nullptr); + return (_vc && NetConnectionService(_vc) == nullptr); } void diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 0fd2fe6d81f..a2fbd9ea7eb 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -522,7 +522,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) mptcp_state = netvc->get_mptcp_state(); client_tcp_reused = !(ua_txn->is_first_transaction()); - if (auto tbs = static_cast(netvc->get_service(NetVConnection::Service::TLS_Basic))) { + if (auto tbs = NetConnectionService(netvc)) { client_connection_is_ssl = true; const char *protocol = tbs->get_tls_protocol_name(); client_sec_protocol = protocol ? protocol : "-"; @@ -538,11 +538,11 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) } } - if (auto as = static_cast(netvc->get_service(NetVConnection::Service::TLS_ALPN))) { + if (auto as = NetConnectionService(netvc)) { client_alpn_id = as->get_negotiated_protocol_id(); } - if (auto tsrs = static_cast(netvc->get_service(NetVConnection::Service::TLS_SessionResumption))) { + if (auto tsrs = NetConnectionService(netvc)) { client_ssl_reused = tsrs->getSSLSessionCacheHit(); } @@ -585,7 +585,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); // Prepare raw reader which will live until we are sure this is HTTP indeed - auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); + auto *tts = NetConnectionService(netvc); if (is_transparent_passthrough_allowed() || (tts && tts->is_decryption_needed())) { ua_raw_buffer_reader = ua_txn->get_remote_reader()->clone(); } @@ -649,8 +649,7 @@ HttpSM::setup_blind_tunnel_port() } TLSTunnelSupport *tts = nullptr; - if (!ua_txn->is_outbound_transparent() && - (tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)))) { + if (!ua_txn->is_outbound_transparent() && (tts = NetConnectionService(netvc))) { if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { if (tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1514,7 +1513,7 @@ plugins required to work with sni_routing. t_state.hdr_info.client_request.url_set(&u); NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); + auto *tts = NetConnectionService(netvc); if (tts && tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1679,7 +1678,7 @@ HttpSM::handle_api_return() switch (t_state.api_next_action) { case HttpTransact::SM_ACTION_API_SM_START: { NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = static_cast(netvc->get_service(NetVConnection::Service::TLS_Tunnel)); + auto *tts = NetConnectionService(netvc); bool forward_dest = tts != nullptr && tts->is_decryption_needed(); if (t_state.client_info.port_attribute == HttpProxyPort::TRANSPORT_BLIND_TUNNEL || forward_dest) { setup_blind_tunnel_port(); @@ -1823,7 +1822,7 @@ HttpSM::create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffe { // Figure out what protocol was negotiated int proto_index = SessionProtocolNameRegistry::INVALID; - auto const *alpn = static_cast(netvc->get_service(NetVConnection::Service::TLS_ALPN)); + auto const *alpn = NetConnectionService(netvc); if (alpn) { proto_index = alpn->get_negotiated_protocol_id(); } @@ -5577,7 +5576,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) int scheme_to_use = t_state.scheme; // get initial scheme bool tls_upstream = scheme_to_use == URL_WKSIDX_HTTPS; if (ua_txn) { - auto *tts = static_cast(ua_txn->get_netvc()->get_service(NetVConnection::Service::TLS_Tunnel)); + auto *tts = NetConnectionService(ua_txn->get_netvc()); if (tts && raw) { tls_upstream = tts->is_upstream_tls(); _tunnel_type = tts->get_tunnel_type(); @@ -5585,7 +5584,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) // ALPN on TLS Partial Blind Tunnel - set negotiated ALPN id int pid = SessionProtocolNameRegistry::INVALID; if (tts->get_tunnel_type() == SNIRoutingType::PARTIAL_BLIND) { - auto *alpns = static_cast(ua_txn->get_netvc()->get_service(NetVConnection::Service::TLS_ALPN)); + auto *alpns = NetConnectionService(ua_txn->get_netvc()); ink_assert(alpns); pid = alpns->get_negotiated_protocol_id(); if (pid != SessionProtocolNameRegistry::INVALID) { @@ -6606,13 +6605,12 @@ HttpSM::attach_server_session() UnixNetVConnection *server_vc = static_cast(server_txn->get_netvc()); // set flag for server session is SSL - TLSBasicSupport *tbs = static_cast(server_vc->get_service(NetVConnection::Service::TLS_Basic)); + TLSBasicSupport *tbs = NetConnectionService(server_vc); if (tbs) { server_connection_is_ssl = true; } - if (auto tsrs = - static_cast(server_vc->get_service(NetVConnection::Service::TLS_SessionResumption))) { + if (auto tsrs = NetConnectionService(server_vc)) { server_ssl_reused = tsrs->getSSLOriginSessionCacheHit(); } diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc index 4084a5ffbc0..904ae3dc397 100644 --- a/proxy/http2/Http2ClientSession.cc +++ b/proxy/http2/Http2ClientSession.cc @@ -101,7 +101,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->connection_state.mutex = this->mutex; - TLSEarlyDataSupport *eds = static_cast(new_vc->get_service(NetVConnection::Service::TLS_EarlyData)); + TLSEarlyDataSupport *eds = NetConnectionService(new_vc); if (eds != nullptr) { this->read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, this->read_from_early_data); @@ -120,7 +120,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->write_buffer = new_MIOBuffer(buffer_block_size_index); uint32_t buffer_water_mark; - TLSSNISupport *snis = static_cast(this->_vc->get_service(NetVConnection::Service::TLS_SNI)); + TLSSNISupport *snis = NetConnectionService(this->_vc); if (snis && snis->hints_from_sni.http2_buffer_water_mark.has_value()) { buffer_water_mark = snis->hints_from_sni.http2_buffer_water_mark.value(); } else { diff --git a/proxy/private/SSLProxySession.cc b/proxy/private/SSLProxySession.cc index 7a406b5d387..67422df75ee 100644 --- a/proxy/private/SSLProxySession.cc +++ b/proxy/private/SSLProxySession.cc @@ -29,7 +29,7 @@ void SSLProxySession::init(NetVConnection const &new_vc) { - if (new_vc.get_service(NetVConnection::Service::TLS_SNI) != nullptr) { + if (NetConnectionService(&new_vc) != nullptr) { if (char const *name = new_vc.get_server_name()) { _client_sni_server_name.assign(name); } diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index 82a37e7d696..54af5f30853 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -6571,7 +6571,7 @@ const char * TSVConnSslCipherGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); + TLSBasicSupport *tlsbs = NetConnectionService(vc); return tlsbs ? tlsbs->get_tls_cipher_suite() : nullptr; } @@ -6580,7 +6580,7 @@ const char * TSVConnSslProtocolGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); + TLSBasicSupport *tlsbs = NetConnectionService(vc); return tlsbs ? tlsbs->get_tls_protocol_name() : nullptr; } @@ -6589,7 +6589,7 @@ const char * TSVConnSslCurveGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); + TLSBasicSupport *tlsbs = NetConnectionService(vc); return tlsbs ? tlsbs->get_tls_curve() : nullptr; } @@ -9674,7 +9674,7 @@ TSVConnProtocolEnable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = static_cast(net_vc->get_service(NetVConnection::Service::TLS_ALPN)); + auto alpn_vc = NetConnectionService(net_vc); if (alpn_vc) { alpn_vc->enableProtocol(protocol_idx); retval = TS_SUCCESS; @@ -9688,7 +9688,7 @@ TSVConnProtocolDisable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = static_cast(net_vc->get_service(NetVConnection::Service::TLS_ALPN)); + auto alpn_vc = NetConnectionService(net_vc); if (alpn_vc) { alpn_vc->disableProtocol(protocol_idx); retval = TS_SUCCESS; From 7d0d689003dee0362a75fa18d1907bdfe00c0bd9 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 26 Jun 2023 20:39:53 -0600 Subject: [PATCH 05/10] Make the helper function a member of NetVConnection --- iocore/net/ALPNSupport.cc | 4 +-- iocore/net/I_NetVConnection.h | 31 ++++++++++++----------- iocore/net/TLSBasicSupport.cc | 4 +-- iocore/net/TLSCertSwitchSupport.cc | 4 +-- iocore/net/TLSEarlyDataSupport.cc | 4 +-- iocore/net/TLSSNISupport.cc | 4 +-- iocore/net/TLSSessionResumptionSupport.cc | 4 +-- iocore/net/TLSTunnelSupport.cc | 4 +-- proxy/ProxySession.cc | 2 +- proxy/http/Http1ClientSession.cc | 4 +-- proxy/http/HttpSM.cc | 24 +++++++++--------- proxy/http2/Http2ClientSession.cc | 4 +-- proxy/private/SSLProxySession.cc | 2 +- src/traffic_server/InkAPI.cc | 10 ++++---- 14 files changed, 53 insertions(+), 52 deletions(-) diff --git a/iocore/net/ALPNSupport.cc b/iocore/net/ALPNSupport.cc index aedf03aed81..a87d48588cd 100644 --- a/iocore/net/ALPNSupport.cc +++ b/iocore/net/ALPNSupport.cc @@ -30,9 +30,9 @@ int ALPNSupport::_ex_data_index = -1; template <> ALPNSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_ALPN)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_ALPN)); } void diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index af14af2369d..39e95c83e98 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -65,17 +65,6 @@ typedef enum { class NetVConnection : public VConnection, public PluginUserArgs { public: - enum class Service : uint8_t { - TLS_ALPN, - TLS_Basic, - TLS_CertSwitch, - TLS_EarlyData, - TLS_SNI, - TLS_SessionResumption, - TLS_Tunnel, - N_SERVICES, - }; - /** Initiates read. Thread safe, may be called when not handling an event from the NetVConnection, or the NetVConnection creation @@ -518,9 +507,20 @@ class NetVConnection : public VConnection, public PluginUserArgs S *get_service() const; protected: + enum class Service : uint8_t { + TLS_ALPN, + TLS_Basic, + TLS_CertSwitch, + TLS_EarlyData, + TLS_SNI, + TLS_SessionResumption, + TLS_Tunnel, + N_SERVICES, + }; + IpEndpoint local_addr; IpEndpoint remote_addr; ProxyProtocol pp_info; @@ -544,6 +544,9 @@ class NetVConnection : public VConnection, public PluginUserArgs(Service::N_SERVICES)] = { nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, }; + +private: + void *_get_service(enum Service mixin_index) const; }; inline NetVConnection::NetVConnection() : VConnection(nullptr) @@ -560,7 +563,7 @@ NetVConnection::trapWriteBufferEmpty(int event) } inline void * -NetVConnection::get_service(enum NetVConnection::Service service) const +NetVConnection::_get_service(enum NetVConnection::Service service) const { return _services[static_cast(service)]; } @@ -570,5 +573,3 @@ NetVConnection::_set_service(enum NetVConnection::Service service, void *instanc { this->_services[static_cast(service)] = instance; } - -template T *NetConnectionService(const NetVConnection *); diff --git a/iocore/net/TLSBasicSupport.cc b/iocore/net/TLSBasicSupport.cc index fc8a7201dd2..357f69d3eda 100644 --- a/iocore/net/TLSBasicSupport.cc +++ b/iocore/net/TLSBasicSupport.cc @@ -30,9 +30,9 @@ int TLSBasicSupport::_ex_data_index = -1; template <> TLSBasicSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_Basic)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_Basic)); } void diff --git a/iocore/net/TLSCertSwitchSupport.cc b/iocore/net/TLSCertSwitchSupport.cc index 7e187b220dc..0356f93bae0 100644 --- a/iocore/net/TLSCertSwitchSupport.cc +++ b/iocore/net/TLSCertSwitchSupport.cc @@ -27,9 +27,9 @@ int TLSCertSwitchSupport::_ex_data_index = -1; template <> TLSCertSwitchSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_CertSwitch)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_CertSwitch)); } void diff --git a/iocore/net/TLSEarlyDataSupport.cc b/iocore/net/TLSEarlyDataSupport.cc index 6bb9a2d8c1b..bfc804441b3 100644 --- a/iocore/net/TLSEarlyDataSupport.cc +++ b/iocore/net/TLSEarlyDataSupport.cc @@ -31,9 +31,9 @@ int TLSEarlyDataSupport::_ex_data_index = -1; template <> TLSEarlyDataSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_EarlyData)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_EarlyData)); } void diff --git a/iocore/net/TLSSNISupport.cc b/iocore/net/TLSSNISupport.cc index be295266204..21a8b75f91c 100644 --- a/iocore/net/TLSSNISupport.cc +++ b/iocore/net/TLSSNISupport.cc @@ -32,9 +32,9 @@ int TLSSNISupport::_ex_data_index = -1; template <> TLSSNISupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_SNI)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_SNI)); } void diff --git a/iocore/net/TLSSessionResumptionSupport.cc b/iocore/net/TLSSessionResumptionSupport.cc index 226f08f2358..0a48ebc9922 100644 --- a/iocore/net/TLSSessionResumptionSupport.cc +++ b/iocore/net/TLSSessionResumptionSupport.cc @@ -51,9 +51,9 @@ int TLSSessionResumptionSupport::_ex_data_index = -1; template <> TLSSessionResumptionSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_SessionResumption)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_SessionResumption)); } static bool diff --git a/iocore/net/TLSTunnelSupport.cc b/iocore/net/TLSTunnelSupport.cc index dfc14667b5c..9fc785b2875 100644 --- a/iocore/net/TLSTunnelSupport.cc +++ b/iocore/net/TLSTunnelSupport.cc @@ -33,9 +33,9 @@ int TLSTunnelSupport::_ex_data_index = -1; template <> TLSTunnelSupport * -NetConnectionService(const NetVConnection *vc) +NetVConnection::get_service() const { - return static_cast(vc->get_service(NetVConnection::Service::TLS_Tunnel)); + return static_cast(this->_get_service(NetVConnection::Service::TLS_Tunnel)); } void diff --git a/proxy/ProxySession.cc b/proxy/ProxySession.cc index bab20064214..ab4211cd3c9 100644 --- a/proxy/ProxySession.cc +++ b/proxy/ProxySession.cc @@ -287,7 +287,7 @@ ProxySession::get_local_addr() void ProxySession::_handle_if_ssl(NetVConnection *new_vc) { - auto tbs = NetConnectionService(new_vc); + auto tbs = new_vc->get_service(); if (tbs) { _ssl = std::make_unique(); _ssl.get()->init(*new_vc); diff --git a/proxy/http/Http1ClientSession.cc b/proxy/http/Http1ClientSession.cc index 7607fe1a7fb..16c09b6de3f 100644 --- a/proxy/http/Http1ClientSession.cc +++ b/proxy/http/Http1ClientSession.cc @@ -141,7 +141,7 @@ Http1ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB trans.mutex = mutex; // Share this mutex with the transaction in_destroy = false; - TLSEarlyDataSupport *eds = NetConnectionService(new_vc); + TLSEarlyDataSupport *eds = new_vc->get_service(); if (eds != nullptr) { read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, read_from_early_data); @@ -534,7 +534,7 @@ bool Http1ClientSession::allow_half_open() const { // Only allow half open connections if the not over TLS - return (_vc && NetConnectionService(_vc) == nullptr); + return (_vc && _vc->get_service() == nullptr); } void diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index a2fbd9ea7eb..8cb4c2beff3 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -522,7 +522,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) mptcp_state = netvc->get_mptcp_state(); client_tcp_reused = !(ua_txn->is_first_transaction()); - if (auto tbs = NetConnectionService(netvc)) { + if (auto tbs = netvc->get_service()) { client_connection_is_ssl = true; const char *protocol = tbs->get_tls_protocol_name(); client_sec_protocol = protocol ? protocol : "-"; @@ -538,11 +538,11 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) } } - if (auto as = NetConnectionService(netvc)) { + if (auto as = netvc->get_service()) { client_alpn_id = as->get_negotiated_protocol_id(); } - if (auto tsrs = NetConnectionService(netvc)) { + if (auto tsrs = netvc->get_service()) { client_ssl_reused = tsrs->getSSLSessionCacheHit(); } @@ -585,7 +585,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); // Prepare raw reader which will live until we are sure this is HTTP indeed - auto *tts = NetConnectionService(netvc); + auto *tts = netvc->get_service(); if (is_transparent_passthrough_allowed() || (tts && tts->is_decryption_needed())) { ua_raw_buffer_reader = ua_txn->get_remote_reader()->clone(); } @@ -649,7 +649,7 @@ HttpSM::setup_blind_tunnel_port() } TLSTunnelSupport *tts = nullptr; - if (!ua_txn->is_outbound_transparent() && (tts = NetConnectionService(netvc))) { + if (!ua_txn->is_outbound_transparent() && (tts = netvc->get_service())) { if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { if (tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1513,7 +1513,7 @@ plugins required to work with sni_routing. t_state.hdr_info.client_request.url_set(&u); NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = NetConnectionService(netvc); + auto *tts = netvc->get_service(); if (tts && tts->has_tunnel_destination()) { auto tunnel_host = tts->get_tunnel_host(); @@ -1678,7 +1678,7 @@ HttpSM::handle_api_return() switch (t_state.api_next_action) { case HttpTransact::SM_ACTION_API_SM_START: { NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = NetConnectionService(netvc); + auto *tts = netvc->get_service(); bool forward_dest = tts != nullptr && tts->is_decryption_needed(); if (t_state.client_info.port_attribute == HttpProxyPort::TRANSPORT_BLIND_TUNNEL || forward_dest) { setup_blind_tunnel_port(); @@ -1822,7 +1822,7 @@ HttpSM::create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffe { // Figure out what protocol was negotiated int proto_index = SessionProtocolNameRegistry::INVALID; - auto const *alpn = NetConnectionService(netvc); + auto const *alpn = netvc->get_service(); if (alpn) { proto_index = alpn->get_negotiated_protocol_id(); } @@ -5576,7 +5576,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) int scheme_to_use = t_state.scheme; // get initial scheme bool tls_upstream = scheme_to_use == URL_WKSIDX_HTTPS; if (ua_txn) { - auto *tts = NetConnectionService(ua_txn->get_netvc()); + auto *tts = ua_txn->get_netvc()->get_service(); if (tts && raw) { tls_upstream = tts->is_upstream_tls(); _tunnel_type = tts->get_tunnel_type(); @@ -5584,7 +5584,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) // ALPN on TLS Partial Blind Tunnel - set negotiated ALPN id int pid = SessionProtocolNameRegistry::INVALID; if (tts->get_tunnel_type() == SNIRoutingType::PARTIAL_BLIND) { - auto *alpns = NetConnectionService(ua_txn->get_netvc()); + auto *alpns = ua_txn->get_netvc()->get_service(); ink_assert(alpns); pid = alpns->get_negotiated_protocol_id(); if (pid != SessionProtocolNameRegistry::INVALID) { @@ -6605,12 +6605,12 @@ HttpSM::attach_server_session() UnixNetVConnection *server_vc = static_cast(server_txn->get_netvc()); // set flag for server session is SSL - TLSBasicSupport *tbs = NetConnectionService(server_vc); + TLSBasicSupport *tbs = server_vc->get_service(); if (tbs) { server_connection_is_ssl = true; } - if (auto tsrs = NetConnectionService(server_vc)) { + if (auto tsrs = server_vc->get_service()) { server_ssl_reused = tsrs->getSSLOriginSessionCacheHit(); } diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc index 904ae3dc397..8fa0f9d78d1 100644 --- a/proxy/http2/Http2ClientSession.cc +++ b/proxy/http2/Http2ClientSession.cc @@ -101,7 +101,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->connection_state.mutex = this->mutex; - TLSEarlyDataSupport *eds = NetConnectionService(new_vc); + TLSEarlyDataSupport *eds = new_vc->get_service(); if (eds != nullptr) { this->read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, this->read_from_early_data); @@ -120,7 +120,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->write_buffer = new_MIOBuffer(buffer_block_size_index); uint32_t buffer_water_mark; - TLSSNISupport *snis = NetConnectionService(this->_vc); + TLSSNISupport *snis = this->_vc->get_service(); if (snis && snis->hints_from_sni.http2_buffer_water_mark.has_value()) { buffer_water_mark = snis->hints_from_sni.http2_buffer_water_mark.value(); } else { diff --git a/proxy/private/SSLProxySession.cc b/proxy/private/SSLProxySession.cc index 67422df75ee..1838cb839f0 100644 --- a/proxy/private/SSLProxySession.cc +++ b/proxy/private/SSLProxySession.cc @@ -29,7 +29,7 @@ void SSLProxySession::init(NetVConnection const &new_vc) { - if (NetConnectionService(&new_vc) != nullptr) { + if (new_vc.get_service() != nullptr) { if (char const *name = new_vc.get_server_name()) { _client_sni_server_name.assign(name); } diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index 54af5f30853..5e3791c51f8 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -6571,7 +6571,7 @@ const char * TSVConnSslCipherGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = NetConnectionService(vc); + TLSBasicSupport *tlsbs = vc->get_service(); return tlsbs ? tlsbs->get_tls_cipher_suite() : nullptr; } @@ -6580,7 +6580,7 @@ const char * TSVConnSslProtocolGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = NetConnectionService(vc); + TLSBasicSupport *tlsbs = vc->get_service(); return tlsbs ? tlsbs->get_tls_protocol_name() : nullptr; } @@ -6589,7 +6589,7 @@ const char * TSVConnSslCurveGet(TSVConn sslp) { NetVConnection *vc = reinterpret_cast(sslp); - TLSBasicSupport *tlsbs = NetConnectionService(vc); + TLSBasicSupport *tlsbs = vc->get_service(); return tlsbs ? tlsbs->get_tls_curve() : nullptr; } @@ -9674,7 +9674,7 @@ TSVConnProtocolEnable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = NetConnectionService(net_vc); + auto alpn_vc = net_vc->get_service(); if (alpn_vc) { alpn_vc->enableProtocol(protocol_idx); retval = TS_SUCCESS; @@ -9688,7 +9688,7 @@ TSVConnProtocolDisable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = NetConnectionService(net_vc); + auto alpn_vc = net_vc->get_service(); if (alpn_vc) { alpn_vc->disableProtocol(protocol_idx); retval = TS_SUCCESS; From 9d1aee67a1e25034550c606b396464eb3b690105 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 3 Jul 2023 18:33:23 -0600 Subject: [PATCH 06/10] Move NetVConnection::_services private member --- iocore/net/I_NetVConnection.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 39e95c83e98..ebed0492f9e 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -541,11 +541,12 @@ class NetVConnection : public VConnection, public PluginUserArgs(Service::N_SERVICES)] = { nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, }; -private: void *_get_service(enum Service mixin_index) const; }; From 5432a176ef2ff0324f275e2baf0063f00cf5d0e7 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 3 Jul 2023 18:48:06 -0600 Subject: [PATCH 07/10] Use init-statement in if statements --- proxy/http/HttpSM.cc | 37 +++++++++++++++---------------- proxy/http2/Http2ClientSession.cc | 6 ++--- src/traffic_server/InkAPI.cc | 10 ++++----- 3 files changed, 24 insertions(+), 29 deletions(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 8cb4c2beff3..ef45360bb9b 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -585,7 +585,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc) t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); // Prepare raw reader which will live until we are sure this is HTTP indeed - auto *tts = netvc->get_service(); + auto tts = netvc->get_service(); if (is_transparent_passthrough_allowed() || (tts && tts->is_decryption_needed())) { ua_raw_buffer_reader = ua_txn->get_remote_reader()->clone(); } @@ -1513,20 +1513,21 @@ plugins required to work with sni_routing. t_state.hdr_info.client_request.url_set(&u); NetVConnection *netvc = ua_txn->get_netvc(); - auto *tts = netvc->get_service(); - if (tts && tts->has_tunnel_destination()) { - auto tunnel_host = tts->get_tunnel_host(); - t_state.hdr_info.client_request.url_get()->host_set(tunnel_host.data(), tunnel_host.size()); - ushort tunnel_port = tts->get_tunnel_port(); - if (tunnel_port > 0) { - t_state.hdr_info.client_request.url_get()->port_set(tunnel_port); + if (auto tts = netvc->get_service(); tts) { + if (tts->has_tunnel_destination()) { + auto tunnel_host = tts->get_tunnel_host(); + t_state.hdr_info.client_request.url_get()->host_set(tunnel_host.data(), tunnel_host.size()); + ushort tunnel_port = tts->get_tunnel_port(); + if (tunnel_port > 0) { + t_state.hdr_info.client_request.url_get()->port_set(tunnel_port); + } else { + t_state.hdr_info.client_request.url_get()->port_set(netvc->get_local_port()); + } } else { + t_state.hdr_info.client_request.url_get()->host_set(netvc->get_server_name(), strlen(netvc->get_server_name())); t_state.hdr_info.client_request.url_get()->port_set(netvc->get_local_port()); } - } else if (tts) { - t_state.hdr_info.client_request.url_get()->host_set(netvc->get_server_name(), strlen(netvc->get_server_name())); - t_state.hdr_info.client_request.url_get()->port_set(netvc->get_local_port()); } } // FALLTHROUGH @@ -1821,9 +1822,8 @@ PoolableSession * HttpSM::create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffer, IOBufferReader *netvc_reader) { // Figure out what protocol was negotiated - int proto_index = SessionProtocolNameRegistry::INVALID; - auto const *alpn = netvc->get_service(); - if (alpn) { + int proto_index = SessionProtocolNameRegistry::INVALID; + if (auto const alpn = netvc->get_service(); alpn) { proto_index = alpn->get_negotiated_protocol_id(); } // No ALPN occurred. Assume it was HTTP/1.x and hope for the best @@ -5576,7 +5576,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) int scheme_to_use = t_state.scheme; // get initial scheme bool tls_upstream = scheme_to_use == URL_WKSIDX_HTTPS; if (ua_txn) { - auto *tts = ua_txn->get_netvc()->get_service(); + auto tts = ua_txn->get_netvc()->get_service(); if (tts && raw) { tls_upstream = tts->is_upstream_tls(); _tunnel_type = tts->get_tunnel_type(); @@ -5584,7 +5584,7 @@ HttpSM::do_http_server_open(bool raw, bool only_direct) // ALPN on TLS Partial Blind Tunnel - set negotiated ALPN id int pid = SessionProtocolNameRegistry::INVALID; if (tts->get_tunnel_type() == SNIRoutingType::PARTIAL_BLIND) { - auto *alpns = ua_txn->get_netvc()->get_service(); + auto alpns = ua_txn->get_netvc()->get_service(); ink_assert(alpns); pid = alpns->get_negotiated_protocol_id(); if (pid != SessionProtocolNameRegistry::INVALID) { @@ -6605,12 +6605,11 @@ HttpSM::attach_server_session() UnixNetVConnection *server_vc = static_cast(server_txn->get_netvc()); // set flag for server session is SSL - TLSBasicSupport *tbs = server_vc->get_service(); - if (tbs) { + if (server_vc->get_service()) { server_connection_is_ssl = true; } - if (auto tsrs = server_vc->get_service()) { + if (auto tsrs = server_vc->get_service(); tsrs) { server_ssl_reused = tsrs->getSSLOriginSessionCacheHit(); } diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc index 8fa0f9d78d1..d7a43d773b1 100644 --- a/proxy/http2/Http2ClientSession.cc +++ b/proxy/http2/Http2ClientSession.cc @@ -101,8 +101,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->connection_state.mutex = this->mutex; - TLSEarlyDataSupport *eds = new_vc->get_service(); - if (eds != nullptr) { + if (auto eds = new_vc->get_service(); eds) { this->read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, this->read_from_early_data); } @@ -120,8 +119,7 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB this->write_buffer = new_MIOBuffer(buffer_block_size_index); uint32_t buffer_water_mark; - TLSSNISupport *snis = this->_vc->get_service(); - if (snis && snis->hints_from_sni.http2_buffer_water_mark.has_value()) { + if (auto snis = this->_vc->get_service(); snis && snis->hints_from_sni.http2_buffer_water_mark.has_value()) { buffer_water_mark = snis->hints_from_sni.http2_buffer_water_mark.value(); } else { buffer_water_mark = Http2::buffer_water_mark; diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index 5e3791c51f8..3afca1e576f 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -9674,9 +9674,8 @@ TSVConnProtocolEnable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = net_vc->get_service(); - if (alpn_vc) { - alpn_vc->enableProtocol(protocol_idx); + if (auto alpn = net_vc->get_service(); alpn) { + alpn->enableProtocol(protocol_idx); retval = TS_SUCCESS; } return retval; @@ -9688,9 +9687,8 @@ TSVConnProtocolDisable(TSVConn connp, const char *protocol_name) TSReturnCode retval = TS_ERROR; int protocol_idx = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name}); auto net_vc = reinterpret_cast(connp); - auto alpn_vc = net_vc->get_service(); - if (alpn_vc) { - alpn_vc->disableProtocol(protocol_idx); + if (auto alpn = net_vc->get_service(); alpn) { + alpn->disableProtocol(protocol_idx); retval = TS_SUCCESS; } return retval; From fa45f3bee3d07ce23602935ef8eb922a3bcce20f Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 3 Jul 2023 19:03:47 -0600 Subject: [PATCH 08/10] Move template specializations into I_NetVConnection.h --- iocore/net/ALPNSupport.cc | 8 ---- iocore/net/I_NetVConnection.h | 56 +++++++++++++++++++++++ iocore/net/TLSBasicSupport.cc | 8 ---- iocore/net/TLSCertSwitchSupport.cc | 8 ---- iocore/net/TLSEarlyDataSupport.cc | 8 ---- iocore/net/TLSSNISupport.cc | 8 ---- iocore/net/TLSSessionResumptionSupport.cc | 7 --- iocore/net/TLSTunnelSupport.cc | 8 ---- 8 files changed, 56 insertions(+), 55 deletions(-) diff --git a/iocore/net/ALPNSupport.cc b/iocore/net/ALPNSupport.cc index a87d48588cd..1e9bc8aacbe 100644 --- a/iocore/net/ALPNSupport.cc +++ b/iocore/net/ALPNSupport.cc @@ -22,19 +22,11 @@ */ #include "P_ALPNSupport.h" -#include "I_NetVConnection.h" #include "P_SSLNextProtocolSet.h" #include "records/I_RecHttp.h" int ALPNSupport::_ex_data_index = -1; -template <> -ALPNSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_ALPN)); -} - void ALPNSupport::initialize() { diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index ebed0492f9e..7341cd0510a 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -574,3 +574,59 @@ NetVConnection::_set_service(enum NetVConnection::Service service, void *instanc { this->_services[static_cast(service)] = instance; } + +class ALPNSupport; +template <> +inline ALPNSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_ALPN)); +} + +class TLSBasicSupport; +template <> +inline TLSBasicSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_Basic)); +} + +class TLSEarlyDataSupport; +template <> +inline TLSEarlyDataSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_EarlyData)); +} + +class TLSCertSwitchSupport; +template <> +inline TLSCertSwitchSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_CertSwitch)); +} + +class TLSSNISupport; +template <> +inline TLSSNISupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_SNI)); +} + +class TLSSessionResumptionSupport; +template <> +inline TLSSessionResumptionSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_SessionResumption)); +} + +class TLSTunnelSupport; +template <> +inline TLSTunnelSupport * +NetVConnection::get_service() const +{ + return static_cast(this->_get_service(NetVConnection::Service::TLS_Tunnel)); +} diff --git a/iocore/net/TLSBasicSupport.cc b/iocore/net/TLSBasicSupport.cc index 357f69d3eda..196211d70a3 100644 --- a/iocore/net/TLSBasicSupport.cc +++ b/iocore/net/TLSBasicSupport.cc @@ -23,18 +23,10 @@ */ #include "TLSBasicSupport.h" -#include "I_NetVConnection.h" #include "SSLStats.h" int TLSBasicSupport::_ex_data_index = -1; -template <> -TLSBasicSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_Basic)); -} - void TLSBasicSupport::initialize() { diff --git a/iocore/net/TLSCertSwitchSupport.cc b/iocore/net/TLSCertSwitchSupport.cc index 0356f93bae0..4ee68605d75 100644 --- a/iocore/net/TLSCertSwitchSupport.cc +++ b/iocore/net/TLSCertSwitchSupport.cc @@ -20,18 +20,10 @@ */ #include "TLSCertSwitchSupport.h" -#include "I_NetVConnection.h" #include "P_SSLCertLookup.h" int TLSCertSwitchSupport::_ex_data_index = -1; -template <> -TLSCertSwitchSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_CertSwitch)); -} - void TLSCertSwitchSupport::initialize() { diff --git a/iocore/net/TLSEarlyDataSupport.cc b/iocore/net/TLSEarlyDataSupport.cc index bfc804441b3..469cd0191f6 100644 --- a/iocore/net/TLSEarlyDataSupport.cc +++ b/iocore/net/TLSEarlyDataSupport.cc @@ -24,18 +24,10 @@ #include #include "TLSEarlyDataSupport.h" -#include "I_NetVConnection.h" #include "tscore/ink_assert.h" int TLSEarlyDataSupport::_ex_data_index = -1; -template <> -TLSEarlyDataSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_EarlyData)); -} - void TLSEarlyDataSupport::initialize() { diff --git a/iocore/net/TLSSNISupport.cc b/iocore/net/TLSSNISupport.cc index 21a8b75f91c..88378a81418 100644 --- a/iocore/net/TLSSNISupport.cc +++ b/iocore/net/TLSSNISupport.cc @@ -23,20 +23,12 @@ #include "P_SSLNextProtocolAccept.h" #include "SSLSNIConfig.h" #include "TLSSNISupport.h" -#include "I_NetVConnection.h" #include "tscore/ink_assert.h" #include "tscore/ink_inet.h" #include "tscore/Diags.h" int TLSSNISupport::_ex_data_index = -1; -template <> -TLSSNISupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_SNI)); -} - void TLSSNISupport::initialize() { diff --git a/iocore/net/TLSSessionResumptionSupport.cc b/iocore/net/TLSSessionResumptionSupport.cc index 0a48ebc9922..9ed2a50f770 100644 --- a/iocore/net/TLSSessionResumptionSupport.cc +++ b/iocore/net/TLSSessionResumptionSupport.cc @@ -49,13 +49,6 @@ char mac_param_digest[] = "sha256"; int TLSSessionResumptionSupport::_ex_data_index = -1; -template <> -TLSSessionResumptionSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_SessionResumption)); -} - static bool is_ssl_session_timed_out(SSL_SESSION *session) { diff --git a/iocore/net/TLSTunnelSupport.cc b/iocore/net/TLSTunnelSupport.cc index 9fc785b2875..fd632ebc076 100644 --- a/iocore/net/TLSTunnelSupport.cc +++ b/iocore/net/TLSTunnelSupport.cc @@ -23,7 +23,6 @@ */ #include "TLSTunnelSupport.h" -#include "I_NetVConnection.h" #include "tscore/ink_assert.h" #include "tscore/Diags.h" @@ -31,13 +30,6 @@ int TLSTunnelSupport::_ex_data_index = -1; -template <> -TLSTunnelSupport * -NetVConnection::get_service() const -{ - return static_cast(this->_get_service(NetVConnection::Service::TLS_Tunnel)); -} - void TLSTunnelSupport::initialize() { From 82d1c018d0dc560d362f917adf01e1c2cbe3eab5 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 10 Jul 2023 09:44:20 -0600 Subject: [PATCH 09/10] Update proxy/http/Http1ClientSession.cc Co-authored-by: James Peach --- proxy/http/Http1ClientSession.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/proxy/http/Http1ClientSession.cc b/proxy/http/Http1ClientSession.cc index 16c09b6de3f..ff1f58bbfda 100644 --- a/proxy/http/Http1ClientSession.cc +++ b/proxy/http/Http1ClientSession.cc @@ -141,8 +141,7 @@ Http1ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB trans.mutex = mutex; // Share this mutex with the transaction in_destroy = false; - TLSEarlyDataSupport *eds = new_vc->get_service(); - if (eds != nullptr) { + if (TLSEarlyDataSupport *eds = new_vc->get_service()) { read_from_early_data = eds->get_early_data_len(); Debug("ssl_early_data", "read_from_early_data = %" PRId64, read_from_early_data); } From 7e245526c46e1afacda83d3e07831daefc5a332b Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo Date: Mon, 10 Jul 2023 10:11:02 -0600 Subject: [PATCH 10/10] Add template function for the setter --- iocore/net/I_NetVConnection.h | 45 ++++++++++++++++++++++++- iocore/net/QUICNetVConnection_quiche.cc | 10 +++--- iocore/net/SSLNetVConnection.cc | 14 ++++---- 3 files changed, 56 insertions(+), 13 deletions(-) diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 7341cd0510a..d99fbc9df59 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -540,7 +540,7 @@ class NetVConnection : public VConnection, public PluginUserArgs void _set_service(S *instance); private: void *_services[static_cast(Service::N_SERVICES)] = { @@ -548,6 +548,7 @@ class NetVConnection : public VConnection, public PluginUserArgs(this->_get_service(NetVConnection::Service::TLS_ALPN)); } +template <> +inline void +NetVConnection::_set_service(ALPNSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_ALPN, instance); +} class TLSBasicSupport; template <> @@ -590,6 +597,12 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_Basic)); } +template <> +inline void +NetVConnection::_set_service(TLSBasicSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_Basic, instance); +} class TLSEarlyDataSupport; template <> @@ -598,6 +611,12 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_EarlyData)); } +template <> +inline void +NetVConnection::_set_service(TLSEarlyDataSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_EarlyData, instance); +} class TLSCertSwitchSupport; template <> @@ -606,6 +625,12 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_CertSwitch)); } +template <> +inline void +NetVConnection::_set_service(TLSCertSwitchSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_CertSwitch, instance); +} class TLSSNISupport; template <> @@ -614,6 +639,12 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_SNI)); } +template <> +inline void +NetVConnection::_set_service(TLSSNISupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_SNI, instance); +} class TLSSessionResumptionSupport; template <> @@ -622,6 +653,12 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_SessionResumption)); } +template <> +inline void +NetVConnection::_set_service(TLSSessionResumptionSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_SessionResumption, instance); +} class TLSTunnelSupport; template <> @@ -630,3 +667,9 @@ NetVConnection::get_service() const { return static_cast(this->_get_service(NetVConnection::Service::TLS_Tunnel)); } +template <> +inline void +NetVConnection::_set_service(TLSTunnelSupport *instance) +{ + this->_set_service(NetVConnection::Service::TLS_Tunnel, instance); +} diff --git a/iocore/net/QUICNetVConnection_quiche.cc b/iocore/net/QUICNetVConnection_quiche.cc index b61bdc306a4..321e3569804 100644 --- a/iocore/net/QUICNetVConnection_quiche.cc +++ b/iocore/net/QUICNetVConnection_quiche.cc @@ -39,11 +39,11 @@ ClassAllocator quicNetVCAllocator("quicNetVCAllocator"); QUICNetVConnection::QUICNetVConnection() { - this->_set_service(NetVConnection::Service::TLS_ALPN, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_Basic, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_CertSwitch, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_SNI, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_SessionResumption, static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); } QUICNetVConnection::~QUICNetVConnection() {} diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 7cbb323648d..1bc73f296d0 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -862,13 +862,13 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf SSLNetVConnection::SSLNetVConnection() { - this->_set_service(NetVConnection::Service::TLS_ALPN, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_Basic, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_CertSwitch, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_EarlyData, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_SNI, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_SessionResumption, static_cast(this)); - this->_set_service(NetVConnection::Service::TLS_Tunnel, static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); + this->_set_service(static_cast(this)); } void