quiche/
lib.rs

1// Copyright (C) 2018-2019, Cloudflare, Inc.
2// All rights reserved.
3//
4// Redistribution and use in source and binary forms, with or without
5// modification, are permitted provided that the following conditions are
6// met:
7//
8//     * Redistributions of source code must retain the above copyright notice,
9//       this list of conditions and the following disclaimer.
10//
11//     * Redistributions in binary form must reproduce the above copyright
12//       notice, this list of conditions and the following disclaimer in the
13//       documentation and/or other materials provided with the distribution.
14//
15// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
16// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
17// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
19// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20// EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
22// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
24// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
27//! 🥧 Savoury implementation of the QUIC transport protocol and HTTP/3.
28//!
29//! [quiche] is an implementation of the QUIC transport protocol and HTTP/3 as
30//! specified by the [IETF]. It provides a low level API for processing QUIC
31//! packets and handling connection state. The application is responsible for
32//! providing I/O (e.g. sockets handling) as well as an event loop with support
33//! for timers.
34//!
35//! [quiche]: https://github.com/cloudflare/quiche/
36//! [ietf]: https://quicwg.org/
37//!
38//! ## Configuring connections
39//!
40//! The first step in establishing a QUIC connection using quiche is creating a
41//! [`Config`] object:
42//!
43//! ```
44//! let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
45//! config.set_application_protos(&[b"example-proto"]);
46//!
47//! // Additional configuration specific to application and use case...
48//! # Ok::<(), quiche::Error>(())
49//! ```
50//!
51//! The [`Config`] object controls important aspects of the QUIC connection such
52//! as QUIC version, ALPN IDs, flow control, congestion control, idle timeout
53//! and other properties or features.
54//!
55//! QUIC is a general-purpose transport protocol and there are several
56//! configuration properties where there is no reasonable default value. For
57//! example, the permitted number of concurrent streams of any particular type
58//! is dependent on the application running over QUIC, and other use-case
59//! specific concerns.
60//!
61//! quiche defaults several properties to zero, applications most likely need
62//! to set these to something else to satisfy their needs using the following:
63//!
64//! - [`set_initial_max_streams_bidi()`]
65//! - [`set_initial_max_streams_uni()`]
66//! - [`set_initial_max_data()`]
67//! - [`set_initial_max_stream_data_bidi_local()`]
68//! - [`set_initial_max_stream_data_bidi_remote()`]
69//! - [`set_initial_max_stream_data_uni()`]
70//!
71//! [`Config`] also holds TLS configuration. This can be changed by mutators on
72//! the an existing object, or by constructing a TLS context manually and
73//! creating a configuration using [`with_boring_ssl_ctx_builder()`].
74//!
75//! A configuration object can be shared among multiple connections.
76//!
77//! ### Connection setup
78//!
79//! On the client-side the [`connect()`] utility function can be used to create
80//! a new connection, while [`accept()`] is for servers:
81//!
82//! ```
83//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
84//! # let server_name = "quic.tech";
85//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
86//! # let peer = "127.0.0.1:1234".parse().unwrap();
87//! # let local = "127.0.0.1:4321".parse().unwrap();
88//! // Client connection.
89//! let conn =
90//!     quiche::connect(Some(&server_name), &scid, local, peer, &mut config)?;
91//!
92//! // Server connection.
93//! # let peer = "127.0.0.1:1234".parse().unwrap();
94//! # let local = "127.0.0.1:4321".parse().unwrap();
95//! let conn = quiche::accept(&scid, None, local, peer, &mut config)?;
96//! # Ok::<(), quiche::Error>(())
97//! ```
98//!
99//! In both cases, the application is responsible for generating a new source
100//! connection ID that will be used to identify the new connection.
101//!
102//! The application also need to pass the address of the remote peer of the
103//! connection: in the case of a client that would be the address of the server
104//! it is trying to connect to, and for a server that is the address of the
105//! client that initiated the connection.
106//!
107//! ## Handling incoming packets
108//!
109//! Using the connection's [`recv()`] method the application can process
110//! incoming packets that belong to that connection from the network:
111//!
112//! ```no_run
113//! # let mut buf = [0; 512];
114//! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
115//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
116//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
117//! # let peer = "127.0.0.1:1234".parse().unwrap();
118//! # let local = "127.0.0.1:4321".parse().unwrap();
119//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
120//! let to = socket.local_addr().unwrap();
121//!
122//! loop {
123//!     let (read, from) = socket.recv_from(&mut buf).unwrap();
124//!
125//!     let recv_info = quiche::RecvInfo { from, to };
126//!
127//!     let read = match conn.recv(&mut buf[..read], recv_info) {
128//!         Ok(v) => v,
129//!
130//!         Err(quiche::Error::Done) => {
131//!             // Done reading.
132//!             break;
133//!         },
134//!
135//!         Err(e) => {
136//!             // An error occurred, handle it.
137//!             break;
138//!         },
139//!     };
140//! }
141//! # Ok::<(), quiche::Error>(())
142//! ```
143//!
144//! The application has to pass a [`RecvInfo`] structure in order to provide
145//! additional information about the received packet (such as the address it
146//! was received from).
147//!
148//! ## Generating outgoing packets
149//!
150//! Outgoing packet are generated using the connection's [`send()`] method
151//! instead:
152//!
153//! ```no_run
154//! # let mut out = [0; 512];
155//! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
156//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
157//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
158//! # let peer = "127.0.0.1:1234".parse().unwrap();
159//! # let local = "127.0.0.1:4321".parse().unwrap();
160//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
161//! loop {
162//!     let (write, send_info) = match conn.send(&mut out) {
163//!         Ok(v) => v,
164//!
165//!         Err(quiche::Error::Done) => {
166//!             // Done writing.
167//!             break;
168//!         },
169//!
170//!         Err(e) => {
171//!             // An error occurred, handle it.
172//!             break;
173//!         },
174//!     };
175//!
176//!     socket.send_to(&out[..write], &send_info.to).unwrap();
177//! }
178//! # Ok::<(), quiche::Error>(())
179//! ```
180//!
181//! The application will be provided with a [`SendInfo`] structure providing
182//! additional information about the newly created packet (such as the address
183//! the packet should be sent to).
184//!
185//! When packets are sent, the application is responsible for maintaining a
186//! timer to react to time-based connection events. The timer expiration can be
187//! obtained using the connection's [`timeout()`] method.
188//!
189//! ```
190//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
191//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
192//! # let peer = "127.0.0.1:1234".parse().unwrap();
193//! # let local = "127.0.0.1:4321".parse().unwrap();
194//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
195//! let timeout = conn.timeout();
196//! # Ok::<(), quiche::Error>(())
197//! ```
198//!
199//! The application is responsible for providing a timer implementation, which
200//! can be specific to the operating system or networking framework used. When
201//! a timer expires, the connection's [`on_timeout()`] method should be called,
202//! after which additional packets might need to be sent on the network:
203//!
204//! ```no_run
205//! # let mut out = [0; 512];
206//! # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
207//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
208//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
209//! # let peer = "127.0.0.1:1234".parse().unwrap();
210//! # let local = "127.0.0.1:4321".parse().unwrap();
211//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
212//! // Timeout expired, handle it.
213//! conn.on_timeout();
214//!
215//! // Send more packets as needed after timeout.
216//! loop {
217//!     let (write, send_info) = match conn.send(&mut out) {
218//!         Ok(v) => v,
219//!
220//!         Err(quiche::Error::Done) => {
221//!             // Done writing.
222//!             break;
223//!         },
224//!
225//!         Err(e) => {
226//!             // An error occurred, handle it.
227//!             break;
228//!         },
229//!     };
230//!
231//!     socket.send_to(&out[..write], &send_info.to).unwrap();
232//! }
233//! # Ok::<(), quiche::Error>(())
234//! ```
235//!
236//! ### Pacing
237//!
238//! It is recommended that applications [pace] sending of outgoing packets to
239//! avoid creating packet bursts that could cause short-term congestion and
240//! losses in the network.
241//!
242//! quiche exposes pacing hints for outgoing packets through the [`at`] field
243//! of the [`SendInfo`] structure that is returned by the [`send()`] method.
244//! This field represents the time when a specific packet should be sent into
245//! the network.
246//!
247//! Applications can use these hints by artificially delaying the sending of
248//! packets through platform-specific mechanisms (such as the [`SO_TXTIME`]
249//! socket option on Linux), or custom methods (for example by using user-space
250//! timers).
251//!
252//! [pace]: https://datatracker.ietf.org/doc/html/rfc9002#section-7.7
253//! [`SO_TXTIME`]: https://man7.org/linux/man-pages/man8/tc-etf.8.html
254//!
255//! ## Sending and receiving stream data
256//!
257//! After some back and forth, the connection will complete its handshake and
258//! will be ready for sending or receiving application data.
259//!
260//! Data can be sent on a stream by using the [`stream_send()`] method:
261//!
262//! ```no_run
263//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
264//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
265//! # let peer = "127.0.0.1:1234".parse().unwrap();
266//! # let local = "127.0.0.1:4321".parse().unwrap();
267//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
268//! if conn.is_established() {
269//!     // Handshake completed, send some data on stream 0.
270//!     conn.stream_send(0, b"hello", true)?;
271//! }
272//! # Ok::<(), quiche::Error>(())
273//! ```
274//!
275//! The application can check whether there are any readable streams by using
276//! the connection's [`readable()`] method, which returns an iterator over all
277//! the streams that have outstanding data to read.
278//!
279//! The [`stream_recv()`] method can then be used to retrieve the application
280//! data from the readable stream:
281//!
282//! ```no_run
283//! # let mut buf = [0; 512];
284//! # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
285//! # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
286//! # let peer = "127.0.0.1:1234".parse().unwrap();
287//! # let local = "127.0.0.1:4321".parse().unwrap();
288//! # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
289//! if conn.is_established() {
290//!     // Iterate over readable streams.
291//!     for stream_id in conn.readable() {
292//!         // Stream is readable, read until there's no more data.
293//!         while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
294//!             println!("Got {} bytes on stream {}", read, stream_id);
295//!         }
296//!     }
297//! }
298//! # Ok::<(), quiche::Error>(())
299//! ```
300//!
301//! ## HTTP/3
302//!
303//! The quiche [HTTP/3 module] provides a high level API for sending and
304//! receiving HTTP requests and responses on top of the QUIC transport protocol.
305//!
306//! [`Config`]: https://docs.quic.tech/quiche/struct.Config.html
307//! [`set_initial_max_streams_bidi()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_streams_bidi
308//! [`set_initial_max_streams_uni()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_streams_uni
309//! [`set_initial_max_data()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_data
310//! [`set_initial_max_stream_data_bidi_local()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_stream_data_bidi_local
311//! [`set_initial_max_stream_data_bidi_remote()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_stream_data_bidi_remote
312//! [`set_initial_max_stream_data_uni()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_stream_data_uni
313//! [`with_boring_ssl_ctx_builder()`]: https://docs.quic.tech/quiche/struct.Config.html#method.with_boring_ssl_ctx_builder
314//! [`connect()`]: fn.connect.html
315//! [`accept()`]: fn.accept.html
316//! [`recv()`]: struct.Connection.html#method.recv
317//! [`RecvInfo`]: struct.RecvInfo.html
318//! [`send()`]: struct.Connection.html#method.send
319//! [`SendInfo`]: struct.SendInfo.html
320//! [`at`]: struct.SendInfo.html#structfield.at
321//! [`timeout()`]: struct.Connection.html#method.timeout
322//! [`on_timeout()`]: struct.Connection.html#method.on_timeout
323//! [`stream_send()`]: struct.Connection.html#method.stream_send
324//! [`readable()`]: struct.Connection.html#method.readable
325//! [`stream_recv()`]: struct.Connection.html#method.stream_recv
326//! [HTTP/3 module]: h3/index.html
327//!
328//! ## Congestion Control
329//!
330//! The quiche library provides a high-level API for configuring which
331//! congestion control algorithm to use throughout the QUIC connection.
332//!
333//! When a QUIC connection is created, the application can optionally choose
334//! which CC algorithm to use. See [`CongestionControlAlgorithm`] for currently
335//! available congestion control algorithms.
336//!
337//! For example:
338//!
339//! ```
340//! let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
341//! config.set_cc_algorithm(quiche::CongestionControlAlgorithm::Reno);
342//! ```
343//!
344//! Alternatively, you can configure the congestion control algorithm to use
345//! by its name.
346//!
347//! ```
348//! let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
349//! config.set_cc_algorithm_name("reno").unwrap();
350//! ```
351//!
352//! Note that the CC algorithm should be configured before calling [`connect()`]
353//! or [`accept()`]. Otherwise the connection will use a default CC algorithm.
354//!
355//! [`CongestionControlAlgorithm`]: enum.CongestionControlAlgorithm.html
356//!
357//! ## Feature flags
358//!
359//! quiche defines a number of [feature flags] to reduce the amount of compiled
360//! code and dependencies:
361//!
362//! * `boringssl-vendored` (default): Build the vendored BoringSSL library.
363//!
364//! * `boringssl-boring-crate`: Use the BoringSSL library provided by the
365//!   [boring] crate. It takes precedence over `boringssl-vendored` if both
366//!   features are enabled.
367//!
368//! * `pkg-config-meta`: Generate pkg-config metadata file for libquiche.
369//!
370//! * `ffi`: Build and expose the FFI API.
371//!
372//! * `qlog`: Enable support for the [qlog] logging format.
373//!
374//! [feature flags]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-features-section
375//! [boring]: https://crates.io/crates/boring
376//! [qlog]: https://datatracker.ietf.org/doc/html/draft-ietf-quic-qlog-main-schema
377
378#![allow(clippy::upper_case_acronyms)]
379#![warn(missing_docs)]
380#![cfg_attr(docsrs, feature(doc_cfg))]
381
382#[macro_use]
383extern crate log;
384
385use octets::BufferTooShortError;
386#[cfg(feature = "qlog")]
387use qlog::events::connectivity::ConnectivityEventType;
388#[cfg(feature = "qlog")]
389use qlog::events::connectivity::TransportOwner;
390#[cfg(feature = "qlog")]
391use qlog::events::quic::RecoveryEventType;
392#[cfg(feature = "qlog")]
393use qlog::events::quic::TransportEventType;
394#[cfg(feature = "qlog")]
395use qlog::events::DataRecipient;
396#[cfg(feature = "qlog")]
397use qlog::events::Event;
398#[cfg(feature = "qlog")]
399use qlog::events::EventData;
400#[cfg(feature = "qlog")]
401use qlog::events::EventImportance;
402#[cfg(feature = "qlog")]
403use qlog::events::EventType;
404#[cfg(feature = "qlog")]
405use qlog::events::RawInfo;
406use stream::StreamPriorityKey;
407
408use std::cmp;
409use std::convert::TryInto;
410use std::time;
411
412use std::sync::Arc;
413
414use std::net::SocketAddr;
415
416use std::str::FromStr;
417
418use std::collections::HashSet;
419use std::collections::VecDeque;
420use std::time::Duration;
421
422use range_buf::DefaultBufFactory;
423use smallvec::SmallVec;
424
425use crate::recovery::ReleaseDecision;
426
427/// The current QUIC wire version.
428pub const PROTOCOL_VERSION: u32 = PROTOCOL_VERSION_V1;
429
430/// Supported QUIC versions.
431const PROTOCOL_VERSION_V1: u32 = 0x0000_0001;
432
433/// The maximum length of a connection ID.
434pub const MAX_CONN_ID_LEN: usize = crate::packet::MAX_CID_LEN as usize;
435
436/// The minimum length of Initial packets sent by a client.
437pub const MIN_CLIENT_INITIAL_LEN: usize = 1200;
438
439#[cfg(not(feature = "fuzzing"))]
440const PAYLOAD_MIN_LEN: usize = 4;
441
442#[cfg(feature = "fuzzing")]
443// Due to the fact that in fuzzing mode we use a zero-length AEAD tag (which
444// would normally be 16 bytes), we need to adjust the minimum payload size to
445// account for that.
446const PAYLOAD_MIN_LEN: usize = 20;
447
448// PATH_CHALLENGE (9 bytes) + AEAD tag (16 bytes).
449const MIN_PROBING_SIZE: usize = 25;
450
451const MAX_AMPLIFICATION_FACTOR: usize = 3;
452
453// The maximum number of tracked packet number ranges that need to be acked.
454//
455// This represents more or less how many ack blocks can fit in a typical packet.
456const MAX_ACK_RANGES: usize = 68;
457
458// The highest possible stream ID allowed.
459const MAX_STREAM_ID: u64 = 1 << 60;
460
461// The default max_datagram_size used in congestion control.
462const MAX_SEND_UDP_PAYLOAD_SIZE: usize = 1200;
463
464// The default length of DATAGRAM queues.
465const DEFAULT_MAX_DGRAM_QUEUE_LEN: usize = 0;
466
467// The default length of PATH_CHALLENGE receive queue.
468const DEFAULT_MAX_PATH_CHALLENGE_RX_QUEUE_LEN: usize = 3;
469
470// The DATAGRAM standard recommends either none or 65536 as maximum DATAGRAM
471// frames size. We enforce the recommendation for forward compatibility.
472const MAX_DGRAM_FRAME_SIZE: u64 = 65536;
473
474// The length of the payload length field.
475const PAYLOAD_LENGTH_LEN: usize = 2;
476
477// The number of undecryptable that can be buffered.
478const MAX_UNDECRYPTABLE_PACKETS: usize = 10;
479
480const RESERVED_VERSION_MASK: u32 = 0xfafafafa;
481
482// The default size of the receiver connection flow control window.
483const DEFAULT_CONNECTION_WINDOW: u64 = 48 * 1024;
484
485// The maximum size of the receiver connection flow control window.
486const MAX_CONNECTION_WINDOW: u64 = 24 * 1024 * 1024;
487
488// How much larger the connection flow control window need to be larger than
489// the stream flow control window.
490const CONNECTION_WINDOW_FACTOR: f64 = 1.5;
491
492// How many probing packet timeouts do we tolerate before considering the path
493// validation as failed.
494const MAX_PROBING_TIMEOUTS: usize = 3;
495
496// The default initial congestion window size in terms of packet count.
497const DEFAULT_INITIAL_CONGESTION_WINDOW_PACKETS: usize = 10;
498
499// The maximum data offset that can be stored in a crypto stream.
500const MAX_CRYPTO_STREAM_OFFSET: u64 = 1 << 16;
501
502/// A specialized [`Result`] type for quiche operations.
503///
504/// This type is used throughout quiche's public API for any operation that
505/// can produce an error.
506///
507/// [`Result`]: https://doc.rust-lang.org/std/result/enum.Result.html
508pub type Result<T> = std::result::Result<T, Error>;
509
510/// A QUIC error.
511#[derive(Clone, Copy, Debug, PartialEq, Eq)]
512pub enum Error {
513    /// There is no more work to do.
514    Done,
515
516    /// The provided buffer is too short.
517    BufferTooShort,
518
519    /// The provided packet cannot be parsed because its version is unknown.
520    UnknownVersion,
521
522    /// The provided packet cannot be parsed because it contains an invalid
523    /// frame.
524    InvalidFrame,
525
526    /// The provided packet cannot be parsed.
527    InvalidPacket,
528
529    /// The operation cannot be completed because the connection is in an
530    /// invalid state.
531    InvalidState,
532
533    /// The operation cannot be completed because the stream is in an
534    /// invalid state.
535    ///
536    /// The stream ID is provided as associated data.
537    InvalidStreamState(u64),
538
539    /// The peer's transport params cannot be parsed.
540    InvalidTransportParam,
541
542    /// A cryptographic operation failed.
543    CryptoFail,
544
545    /// The TLS handshake failed.
546    TlsFail,
547
548    /// The peer violated the local flow control limits.
549    FlowControl,
550
551    /// The peer violated the local stream limits.
552    StreamLimit,
553
554    /// The specified stream was stopped by the peer.
555    ///
556    /// The error code sent as part of the `STOP_SENDING` frame is provided as
557    /// associated data.
558    StreamStopped(u64),
559
560    /// The specified stream was reset by the peer.
561    ///
562    /// The error code sent as part of the `RESET_STREAM` frame is provided as
563    /// associated data.
564    StreamReset(u64),
565
566    /// The received data exceeds the stream's final size.
567    FinalSize,
568
569    /// Error in congestion control.
570    CongestionControl,
571
572    /// Too many identifiers were provided.
573    IdLimit,
574
575    /// Not enough available identifiers.
576    OutOfIdentifiers,
577
578    /// Error in key update.
579    KeyUpdate,
580
581    /// The peer sent more data in CRYPTO frames than we can buffer.
582    CryptoBufferExceeded,
583}
584
585/// QUIC error codes sent on the wire.
586///
587/// As defined in [RFC9000](https://www.rfc-editor.org/rfc/rfc9000.html#name-error-codes).
588#[derive(Copy, Clone, Debug, Eq, PartialEq)]
589pub enum WireErrorCode {
590    /// An endpoint uses this with CONNECTION_CLOSE to signal that the
591    /// connection is being closed abruptly in the absence of any error.
592    NoError              = 0x0,
593    /// The endpoint encountered an internal error and cannot continue with the
594    /// connection.
595    InternalError        = 0x1,
596    /// The server refused to accept a new connection.
597    ConnectionRefused    = 0x2,
598    /// An endpoint received more data than it permitted in its advertised data
599    /// limits; see Section 4.
600    FlowControlError     = 0x3,
601    /// An endpoint received a frame for a stream identifier that exceeded its
602    /// advertised stream limit for the corresponding stream type.
603    StreamLimitError     = 0x4,
604    /// An endpoint received a frame for a stream that was not in a state that
605    /// permitted that frame.
606    StreamStateError     = 0x5,
607    /// (1) An endpoint received a STREAM frame containing data that exceeded
608    /// the previously established final size, (2) an endpoint received a
609    /// STREAM frame or a RESET_STREAM frame containing a final size that
610    /// was lower than the size of stream data that was already received, or
611    /// (3) an endpoint received a STREAM frame or a RESET_STREAM frame
612    /// containing a different final size to the one already established.
613    FinalSizeError       = 0x6,
614    /// An endpoint received a frame that was badly formatted -- for instance, a
615    /// frame of an unknown type or an ACK frame that has more
616    /// acknowledgment ranges than the remainder of the packet could carry.
617    FrameEncodingError   = 0x7,
618    /// An endpoint received transport parameters that were badly formatted,
619    /// included an invalid value, omitted a mandatory transport parameter,
620    /// included a forbidden transport parameter, or were otherwise in
621    /// error.
622    TransportParameterError = 0x8,
623    /// An endpoint received transport parameters that were badly formatted,
624    /// included an invalid value, omitted a mandatory transport parameter,
625    /// included a forbidden transport parameter, or were otherwise in
626    /// error.
627    ConnectionIdLimitError = 0x9,
628    /// An endpoint detected an error with protocol compliance that was not
629    /// covered by more specific error codes.
630    ProtocolViolation    = 0xa,
631    /// A server received a client Initial that contained an invalid Token
632    /// field.
633    InvalidToken         = 0xb,
634    /// The application or application protocol caused the connection to be
635    /// closed.
636    ApplicationError     = 0xc,
637    /// An endpoint has received more data in CRYPTO frames than it can buffer.
638    CryptoBufferExceeded = 0xd,
639    /// An endpoint detected errors in performing key updates.
640    KeyUpdateError       = 0xe,
641    /// An endpoint has reached the confidentiality or integrity limit for the
642    /// AEAD algorithm used by the given connection.
643    AeadLimitReached     = 0xf,
644    /// An endpoint has determined that the network path is incapable of
645    /// supporting QUIC. An endpoint is unlikely to receive a
646    /// CONNECTION_CLOSE frame carrying this code except when the path does
647    /// not support a large enough MTU.
648    NoViablePath         = 0x10,
649}
650
651impl Error {
652    fn to_wire(self) -> u64 {
653        match self {
654            Error::Done => WireErrorCode::NoError as u64,
655            Error::InvalidFrame => WireErrorCode::FrameEncodingError as u64,
656            Error::InvalidStreamState(..) =>
657                WireErrorCode::StreamStateError as u64,
658            Error::InvalidTransportParam =>
659                WireErrorCode::TransportParameterError as u64,
660            Error::FlowControl => WireErrorCode::FlowControlError as u64,
661            Error::StreamLimit => WireErrorCode::StreamLimitError as u64,
662            Error::IdLimit => WireErrorCode::ConnectionIdLimitError as u64,
663            Error::FinalSize => WireErrorCode::FinalSizeError as u64,
664            Error::CryptoBufferExceeded =>
665                WireErrorCode::CryptoBufferExceeded as u64,
666            Error::KeyUpdate => WireErrorCode::KeyUpdateError as u64,
667            _ => WireErrorCode::ProtocolViolation as u64,
668        }
669    }
670
671    #[cfg(feature = "ffi")]
672    fn to_c(self) -> libc::ssize_t {
673        match self {
674            Error::Done => -1,
675            Error::BufferTooShort => -2,
676            Error::UnknownVersion => -3,
677            Error::InvalidFrame => -4,
678            Error::InvalidPacket => -5,
679            Error::InvalidState => -6,
680            Error::InvalidStreamState(_) => -7,
681            Error::InvalidTransportParam => -8,
682            Error::CryptoFail => -9,
683            Error::TlsFail => -10,
684            Error::FlowControl => -11,
685            Error::StreamLimit => -12,
686            Error::FinalSize => -13,
687            Error::CongestionControl => -14,
688            Error::StreamStopped { .. } => -15,
689            Error::StreamReset { .. } => -16,
690            Error::IdLimit => -17,
691            Error::OutOfIdentifiers => -18,
692            Error::KeyUpdate => -19,
693            Error::CryptoBufferExceeded => -20,
694        }
695    }
696}
697
698impl std::fmt::Display for Error {
699    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
700        write!(f, "{self:?}")
701    }
702}
703
704impl std::error::Error for Error {
705    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
706        None
707    }
708}
709
710impl std::convert::From<octets::BufferTooShortError> for Error {
711    fn from(_err: octets::BufferTooShortError) -> Self {
712        Error::BufferTooShort
713    }
714}
715
716/// Ancillary information about incoming packets.
717#[derive(Clone, Copy, Debug, PartialEq, Eq)]
718pub struct RecvInfo {
719    /// The remote address the packet was received from.
720    pub from: SocketAddr,
721
722    /// The local address the packet was received on.
723    pub to: SocketAddr,
724}
725
726/// Ancillary information about outgoing packets.
727#[derive(Clone, Copy, Debug, PartialEq, Eq)]
728pub struct SendInfo {
729    /// The local address the packet should be sent from.
730    pub from: SocketAddr,
731
732    /// The remote address the packet should be sent to.
733    pub to: SocketAddr,
734
735    /// The time to send the packet out.
736    ///
737    /// See [Pacing] for more details.
738    ///
739    /// [Pacing]: index.html#pacing
740    pub at: time::Instant,
741}
742
743/// Represents information carried by `CONNECTION_CLOSE` frames.
744#[derive(Clone, Debug, PartialEq, Eq)]
745pub struct ConnectionError {
746    /// Whether the error came from the application or the transport layer.
747    pub is_app: bool,
748
749    /// The error code carried by the `CONNECTION_CLOSE` frame.
750    pub error_code: u64,
751
752    /// The reason carried by the `CONNECTION_CLOSE` frame.
753    pub reason: Vec<u8>,
754}
755
756/// The side of the stream to be shut down.
757///
758/// This should be used when calling [`stream_shutdown()`].
759///
760/// [`stream_shutdown()`]: struct.Connection.html#method.stream_shutdown
761#[repr(C)]
762#[derive(PartialEq, Eq)]
763pub enum Shutdown {
764    /// Stop receiving stream data.
765    Read  = 0,
766
767    /// Stop sending stream data.
768    Write = 1,
769}
770
771/// Qlog logging level.
772#[repr(C)]
773#[cfg(feature = "qlog")]
774#[cfg_attr(docsrs, doc(cfg(feature = "qlog")))]
775pub enum QlogLevel {
776    /// Logs any events of Core importance.
777    Core  = 0,
778
779    /// Logs any events of Core and Base importance.
780    Base  = 1,
781
782    /// Logs any events of Core, Base and Extra importance
783    Extra = 2,
784}
785
786/// Stores configuration shared between multiple connections.
787pub struct Config {
788    local_transport_params: TransportParams,
789
790    version: u32,
791
792    tls_ctx: tls::Context,
793
794    application_protos: Vec<Vec<u8>>,
795
796    grease: bool,
797
798    cc_algorithm: CongestionControlAlgorithm,
799    custom_bbr_params: Option<BbrParams>,
800    initial_congestion_window_packets: usize,
801
802    pmtud: bool,
803
804    hystart: bool,
805
806    pacing: bool,
807    /// Send rate limit in Mbps
808    max_pacing_rate: Option<u64>,
809
810    dgram_recv_max_queue_len: usize,
811    dgram_send_max_queue_len: usize,
812
813    path_challenge_recv_max_queue_len: usize,
814
815    max_send_udp_payload_size: usize,
816
817    max_connection_window: u64,
818    max_stream_window: u64,
819
820    max_amplification_factor: usize,
821
822    disable_dcid_reuse: bool,
823
824    track_unknown_transport_params: Option<usize>,
825}
826
827// See https://quicwg.org/base-drafts/rfc9000.html#section-15
828fn is_reserved_version(version: u32) -> bool {
829    version & RESERVED_VERSION_MASK == version
830}
831
832impl Config {
833    /// Creates a config object with the given version.
834    ///
835    /// ## Examples:
836    ///
837    /// ```
838    /// let config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
839    /// # Ok::<(), quiche::Error>(())
840    /// ```
841    pub fn new(version: u32) -> Result<Config> {
842        Self::with_tls_ctx(version, tls::Context::new()?)
843    }
844
845    /// Creates a config object with the given version and
846    /// [`SslContextBuilder`].
847    ///
848    /// This is useful for applications that wish to manually configure
849    /// [`SslContextBuilder`].
850    ///
851    /// [`SslContextBuilder`]: https://docs.rs/boring/latest/boring/ssl/struct.SslContextBuilder.html
852    #[cfg(feature = "boringssl-boring-crate")]
853    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
854    pub fn with_boring_ssl_ctx_builder(
855        version: u32, tls_ctx_builder: boring::ssl::SslContextBuilder,
856    ) -> Result<Config> {
857        Self::with_tls_ctx(version, tls::Context::from_boring(tls_ctx_builder))
858    }
859
860    fn with_tls_ctx(version: u32, tls_ctx: tls::Context) -> Result<Config> {
861        if !is_reserved_version(version) && !version_is_supported(version) {
862            return Err(Error::UnknownVersion);
863        }
864
865        Ok(Config {
866            local_transport_params: TransportParams::default(),
867            version,
868            tls_ctx,
869            application_protos: Vec::new(),
870            grease: true,
871            cc_algorithm: CongestionControlAlgorithm::CUBIC,
872            custom_bbr_params: None,
873            initial_congestion_window_packets:
874                DEFAULT_INITIAL_CONGESTION_WINDOW_PACKETS,
875            pmtud: false,
876            hystart: true,
877            pacing: true,
878            max_pacing_rate: None,
879
880            dgram_recv_max_queue_len: DEFAULT_MAX_DGRAM_QUEUE_LEN,
881            dgram_send_max_queue_len: DEFAULT_MAX_DGRAM_QUEUE_LEN,
882
883            path_challenge_recv_max_queue_len:
884                DEFAULT_MAX_PATH_CHALLENGE_RX_QUEUE_LEN,
885
886            max_send_udp_payload_size: MAX_SEND_UDP_PAYLOAD_SIZE,
887
888            max_connection_window: MAX_CONNECTION_WINDOW,
889            max_stream_window: stream::MAX_STREAM_WINDOW,
890
891            max_amplification_factor: MAX_AMPLIFICATION_FACTOR,
892
893            disable_dcid_reuse: false,
894
895            track_unknown_transport_params: None,
896        })
897    }
898
899    /// Configures the given certificate chain.
900    ///
901    /// The content of `file` is parsed as a PEM-encoded leaf certificate,
902    /// followed by optional intermediate certificates.
903    ///
904    /// ## Examples:
905    ///
906    /// ```no_run
907    /// # let mut config = quiche::Config::new(0xbabababa)?;
908    /// config.load_cert_chain_from_pem_file("/path/to/cert.pem")?;
909    /// # Ok::<(), quiche::Error>(())
910    /// ```
911    pub fn load_cert_chain_from_pem_file(&mut self, file: &str) -> Result<()> {
912        self.tls_ctx.use_certificate_chain_file(file)
913    }
914
915    /// Configures the given private key.
916    ///
917    /// The content of `file` is parsed as a PEM-encoded private key.
918    ///
919    /// ## Examples:
920    ///
921    /// ```no_run
922    /// # let mut config = quiche::Config::new(0xbabababa)?;
923    /// config.load_priv_key_from_pem_file("/path/to/key.pem")?;
924    /// # Ok::<(), quiche::Error>(())
925    /// ```
926    pub fn load_priv_key_from_pem_file(&mut self, file: &str) -> Result<()> {
927        self.tls_ctx.use_privkey_file(file)
928    }
929
930    /// Specifies a file where trusted CA certificates are stored for the
931    /// purposes of certificate verification.
932    ///
933    /// The content of `file` is parsed as a PEM-encoded certificate chain.
934    ///
935    /// ## Examples:
936    ///
937    /// ```no_run
938    /// # let mut config = quiche::Config::new(0xbabababa)?;
939    /// config.load_verify_locations_from_file("/path/to/cert.pem")?;
940    /// # Ok::<(), quiche::Error>(())
941    /// ```
942    pub fn load_verify_locations_from_file(&mut self, file: &str) -> Result<()> {
943        self.tls_ctx.load_verify_locations_from_file(file)
944    }
945
946    /// Specifies a directory where trusted CA certificates are stored for the
947    /// purposes of certificate verification.
948    ///
949    /// The content of `dir` a set of PEM-encoded certificate chains.
950    ///
951    /// ## Examples:
952    ///
953    /// ```no_run
954    /// # let mut config = quiche::Config::new(0xbabababa)?;
955    /// config.load_verify_locations_from_directory("/path/to/certs")?;
956    /// # Ok::<(), quiche::Error>(())
957    /// ```
958    pub fn load_verify_locations_from_directory(
959        &mut self, dir: &str,
960    ) -> Result<()> {
961        self.tls_ctx.load_verify_locations_from_directory(dir)
962    }
963
964    /// Configures whether to verify the peer's certificate.
965    ///
966    /// This should usually be `true` for client-side connections and `false`
967    /// for server-side ones.
968    ///
969    /// Note that by default, no verification is performed.
970    ///
971    /// Also note that on the server-side, enabling verification of the peer
972    /// will trigger a certificate request and make authentication errors
973    /// fatal, but will still allow anonymous clients (i.e. clients that
974    /// don't present a certificate at all). Servers can check whether a
975    /// client presented a certificate by calling [`peer_cert()`] if they
976    /// need to.
977    ///
978    /// [`peer_cert()`]: struct.Connection.html#method.peer_cert
979    pub fn verify_peer(&mut self, verify: bool) {
980        self.tls_ctx.set_verify(verify);
981    }
982
983    /// Configures whether to do path MTU discovery.
984    ///
985    /// The default value is `false`.
986    pub fn discover_pmtu(&mut self, discover: bool) {
987        self.pmtud = discover;
988    }
989
990    /// Configures whether to send GREASE values.
991    ///
992    /// The default value is `true`.
993    pub fn grease(&mut self, grease: bool) {
994        self.grease = grease;
995    }
996
997    /// Enables logging of secrets.
998    ///
999    /// When logging is enabled, the [`set_keylog()`] method must be called on
1000    /// the connection for its cryptographic secrets to be logged in the
1001    /// [keylog] format to the specified writer.
1002    ///
1003    /// [`set_keylog()`]: struct.Connection.html#method.set_keylog
1004    /// [keylog]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
1005    pub fn log_keys(&mut self) {
1006        self.tls_ctx.enable_keylog();
1007    }
1008
1009    /// Configures the session ticket key material.
1010    ///
1011    /// On the server this key will be used to encrypt and decrypt session
1012    /// tickets, used to perform session resumption without server-side state.
1013    ///
1014    /// By default a key is generated internally, and rotated regularly, so
1015    /// applications don't need to call this unless they need to use a
1016    /// specific key (e.g. in order to support resumption across multiple
1017    /// servers), in which case the application is also responsible for
1018    /// rotating the key to provide forward secrecy.
1019    pub fn set_ticket_key(&mut self, key: &[u8]) -> Result<()> {
1020        self.tls_ctx.set_ticket_key(key)
1021    }
1022
1023    /// Enables sending or receiving early data.
1024    pub fn enable_early_data(&mut self) {
1025        self.tls_ctx.set_early_data_enabled(true);
1026    }
1027
1028    /// Configures the list of supported application protocols.
1029    ///
1030    /// On the client this configures the list of protocols to send to the
1031    /// server as part of the ALPN extension.
1032    ///
1033    /// On the server this configures the list of supported protocols to match
1034    /// against the client-supplied list.
1035    ///
1036    /// Applications must set a value, but no default is provided.
1037    ///
1038    /// ## Examples:
1039    ///
1040    /// ```
1041    /// # let mut config = quiche::Config::new(0xbabababa)?;
1042    /// config.set_application_protos(&[b"http/1.1", b"http/0.9"]);
1043    /// # Ok::<(), quiche::Error>(())
1044    /// ```
1045    pub fn set_application_protos(
1046        &mut self, protos_list: &[&[u8]],
1047    ) -> Result<()> {
1048        self.application_protos =
1049            protos_list.iter().map(|s| s.to_vec()).collect();
1050
1051        self.tls_ctx.set_alpn(protos_list)
1052    }
1053
1054    /// Configures the list of supported application protocols using wire
1055    /// format.
1056    ///
1057    /// The list of protocols `protos` must be a series of non-empty, 8-bit
1058    /// length-prefixed strings.
1059    ///
1060    /// See [`set_application_protos`](Self::set_application_protos) for more
1061    /// background about application protocols.
1062    ///
1063    /// ## Examples:
1064    ///
1065    /// ```
1066    /// # let mut config = quiche::Config::new(0xbabababa)?;
1067    /// config.set_application_protos_wire_format(b"\x08http/1.1\x08http/0.9")?;
1068    /// # Ok::<(), quiche::Error>(())
1069    /// ```
1070    pub fn set_application_protos_wire_format(
1071        &mut self, protos: &[u8],
1072    ) -> Result<()> {
1073        let mut b = octets::Octets::with_slice(protos);
1074
1075        let mut protos_list = Vec::new();
1076
1077        while let Ok(proto) = b.get_bytes_with_u8_length() {
1078            protos_list.push(proto.buf());
1079        }
1080
1081        self.set_application_protos(&protos_list)
1082    }
1083
1084    /// Sets the anti-amplification limit factor.
1085    ///
1086    /// The default value is `3`.
1087    pub fn set_max_amplification_factor(&mut self, v: usize) {
1088        self.max_amplification_factor = v;
1089    }
1090
1091    /// Sets the `max_idle_timeout` transport parameter, in milliseconds.
1092    ///
1093    /// The default value is infinite, that is, no timeout is used.
1094    pub fn set_max_idle_timeout(&mut self, v: u64) {
1095        self.local_transport_params.max_idle_timeout = v;
1096    }
1097
1098    /// Sets the `max_udp_payload_size transport` parameter.
1099    ///
1100    /// The default value is `65527`.
1101    pub fn set_max_recv_udp_payload_size(&mut self, v: usize) {
1102        self.local_transport_params.max_udp_payload_size = v as u64;
1103    }
1104
1105    /// Sets the maximum outgoing UDP payload size.
1106    ///
1107    /// The default and minimum value is `1200`.
1108    pub fn set_max_send_udp_payload_size(&mut self, v: usize) {
1109        self.max_send_udp_payload_size = cmp::max(v, MAX_SEND_UDP_PAYLOAD_SIZE);
1110    }
1111
1112    /// Sets the `initial_max_data` transport parameter.
1113    ///
1114    /// When set to a non-zero value quiche will only allow at most `v` bytes of
1115    /// incoming stream data to be buffered for the whole connection (that is,
1116    /// data that is not yet read by the application) and will allow more data
1117    /// to be received as the buffer is consumed by the application.
1118    ///
1119    /// When set to zero, either explicitly or via the default, quiche will not
1120    /// give any flow control to the peer, preventing it from sending any stream
1121    /// data.
1122    ///
1123    /// The default value is `0`.
1124    pub fn set_initial_max_data(&mut self, v: u64) {
1125        self.local_transport_params.initial_max_data = v;
1126    }
1127
1128    /// Sets the `initial_max_stream_data_bidi_local` transport parameter.
1129    ///
1130    /// When set to a non-zero value quiche will only allow at most `v` bytes
1131    /// of incoming stream data to be buffered for each locally-initiated
1132    /// bidirectional stream (that is, data that is not yet read by the
1133    /// application) and will allow more data to be received as the buffer is
1134    /// consumed by the application.
1135    ///
1136    /// When set to zero, either explicitly or via the default, quiche will not
1137    /// give any flow control to the peer, preventing it from sending any stream
1138    /// data.
1139    ///
1140    /// The default value is `0`.
1141    pub fn set_initial_max_stream_data_bidi_local(&mut self, v: u64) {
1142        self.local_transport_params
1143            .initial_max_stream_data_bidi_local = v;
1144    }
1145
1146    /// Sets the `initial_max_stream_data_bidi_remote` transport parameter.
1147    ///
1148    /// When set to a non-zero value quiche will only allow at most `v` bytes
1149    /// of incoming stream data to be buffered for each remotely-initiated
1150    /// bidirectional stream (that is, data that is not yet read by the
1151    /// application) and will allow more data to be received as the buffer is
1152    /// consumed by the application.
1153    ///
1154    /// When set to zero, either explicitly or via the default, quiche will not
1155    /// give any flow control to the peer, preventing it from sending any stream
1156    /// data.
1157    ///
1158    /// The default value is `0`.
1159    pub fn set_initial_max_stream_data_bidi_remote(&mut self, v: u64) {
1160        self.local_transport_params
1161            .initial_max_stream_data_bidi_remote = v;
1162    }
1163
1164    /// Sets the `initial_max_stream_data_uni` transport parameter.
1165    ///
1166    /// When set to a non-zero value quiche will only allow at most `v` bytes
1167    /// of incoming stream data to be buffered for each unidirectional stream
1168    /// (that is, data that is not yet read by the application) and will allow
1169    /// more data to be received as the buffer is consumed by the application.
1170    ///
1171    /// When set to zero, either explicitly or via the default, quiche will not
1172    /// give any flow control to the peer, preventing it from sending any stream
1173    /// data.
1174    ///
1175    /// The default value is `0`.
1176    pub fn set_initial_max_stream_data_uni(&mut self, v: u64) {
1177        self.local_transport_params.initial_max_stream_data_uni = v;
1178    }
1179
1180    /// Sets the `initial_max_streams_bidi` transport parameter.
1181    ///
1182    /// When set to a non-zero value quiche will only allow `v` number of
1183    /// concurrent remotely-initiated bidirectional streams to be open at any
1184    /// given time and will increase the limit automatically as streams are
1185    /// completed.
1186    ///
1187    /// When set to zero, either explicitly or via the default, quiche will not
1188    /// not allow the peer to open any bidirectional streams.
1189    ///
1190    /// A bidirectional stream is considered completed when all incoming data
1191    /// has been read by the application (up to the `fin` offset) or the
1192    /// stream's read direction has been shutdown, and all outgoing data has
1193    /// been acked by the peer (up to the `fin` offset) or the stream's write
1194    /// direction has been shutdown.
1195    ///
1196    /// The default value is `0`.
1197    pub fn set_initial_max_streams_bidi(&mut self, v: u64) {
1198        self.local_transport_params.initial_max_streams_bidi = v;
1199    }
1200
1201    /// Sets the `initial_max_streams_uni` transport parameter.
1202    ///
1203    /// When set to a non-zero value quiche will only allow `v` number of
1204    /// concurrent remotely-initiated unidirectional streams to be open at any
1205    /// given time and will increase the limit automatically as streams are
1206    /// completed.
1207    ///
1208    /// When set to zero, either explicitly or via the default, quiche will not
1209    /// not allow the peer to open any unidirectional streams.
1210    ///
1211    /// A unidirectional stream is considered completed when all incoming data
1212    /// has been read by the application (up to the `fin` offset) or the
1213    /// stream's read direction has been shutdown.
1214    ///
1215    /// The default value is `0`.
1216    pub fn set_initial_max_streams_uni(&mut self, v: u64) {
1217        self.local_transport_params.initial_max_streams_uni = v;
1218    }
1219
1220    /// Sets the `ack_delay_exponent` transport parameter.
1221    ///
1222    /// The default value is `3`.
1223    pub fn set_ack_delay_exponent(&mut self, v: u64) {
1224        self.local_transport_params.ack_delay_exponent = v;
1225    }
1226
1227    /// Sets the `max_ack_delay` transport parameter.
1228    ///
1229    /// The default value is `25`.
1230    pub fn set_max_ack_delay(&mut self, v: u64) {
1231        self.local_transport_params.max_ack_delay = v;
1232    }
1233
1234    /// Sets the `active_connection_id_limit` transport parameter.
1235    ///
1236    /// The default value is `2`. Lower values will be ignored.
1237    pub fn set_active_connection_id_limit(&mut self, v: u64) {
1238        if v >= 2 {
1239            self.local_transport_params.active_conn_id_limit = v;
1240        }
1241    }
1242
1243    /// Sets the `disable_active_migration` transport parameter.
1244    ///
1245    /// The default value is `false`.
1246    pub fn set_disable_active_migration(&mut self, v: bool) {
1247        self.local_transport_params.disable_active_migration = v;
1248    }
1249
1250    /// Sets the congestion control algorithm used.
1251    ///
1252    /// The default value is `CongestionControlAlgorithm::CUBIC`.
1253    pub fn set_cc_algorithm(&mut self, algo: CongestionControlAlgorithm) {
1254        self.cc_algorithm = algo;
1255    }
1256
1257    /// Sets custom BBR settings.
1258    ///
1259    /// This API is experimental and will be removed in the future.
1260    ///
1261    /// Currently this only applies if cc_algorithm is
1262    /// `CongestionControlAlgorithm::Bbr2Gcongestion` is set.
1263    ///
1264    /// The default value is `None`.
1265    #[cfg(feature = "internal")]
1266    #[doc(hidden)]
1267    pub fn set_custom_bbr_params(&mut self, custom_bbr_settings: BbrParams) {
1268        self.custom_bbr_params = Some(custom_bbr_settings);
1269    }
1270
1271    /// Sets the congestion control algorithm used by string.
1272    ///
1273    /// The default value is `cubic`. On error `Error::CongestionControl`
1274    /// will be returned.
1275    ///
1276    /// ## Examples:
1277    ///
1278    /// ```
1279    /// # let mut config = quiche::Config::new(0xbabababa)?;
1280    /// config.set_cc_algorithm_name("reno");
1281    /// # Ok::<(), quiche::Error>(())
1282    /// ```
1283    pub fn set_cc_algorithm_name(&mut self, name: &str) -> Result<()> {
1284        self.cc_algorithm = CongestionControlAlgorithm::from_str(name)?;
1285
1286        Ok(())
1287    }
1288
1289    /// Sets initial congestion window size in terms of packet count.
1290    ///
1291    /// The default value is 10.
1292    pub fn set_initial_congestion_window_packets(&mut self, packets: usize) {
1293        self.initial_congestion_window_packets = packets;
1294    }
1295
1296    /// Configures whether to enable HyStart++.
1297    ///
1298    /// The default value is `true`.
1299    pub fn enable_hystart(&mut self, v: bool) {
1300        self.hystart = v;
1301    }
1302
1303    /// Configures whether to enable pacing.
1304    ///
1305    /// The default value is `true`.
1306    pub fn enable_pacing(&mut self, v: bool) {
1307        self.pacing = v;
1308    }
1309
1310    /// Sets the max value for pacing rate.
1311    ///
1312    /// By default pacing rate is not limited.
1313    pub fn set_max_pacing_rate(&mut self, v: u64) {
1314        self.max_pacing_rate = Some(v);
1315    }
1316
1317    /// Configures whether to enable receiving DATAGRAM frames.
1318    ///
1319    /// When enabled, the `max_datagram_frame_size` transport parameter is set
1320    /// to 65536 as recommended by draft-ietf-quic-datagram-01.
1321    ///
1322    /// The default is `false`.
1323    pub fn enable_dgram(
1324        &mut self, enabled: bool, recv_queue_len: usize, send_queue_len: usize,
1325    ) {
1326        self.local_transport_params.max_datagram_frame_size = if enabled {
1327            Some(MAX_DGRAM_FRAME_SIZE)
1328        } else {
1329            None
1330        };
1331        self.dgram_recv_max_queue_len = recv_queue_len;
1332        self.dgram_send_max_queue_len = send_queue_len;
1333    }
1334
1335    /// Configures the max number of queued received PATH_CHALLENGE frames.
1336    ///
1337    /// When an endpoint receives a PATH_CHALLENGE frame and the queue is full,
1338    /// the frame is discarded.
1339    ///
1340    /// The default is 3.
1341    pub fn set_path_challenge_recv_max_queue_len(&mut self, queue_len: usize) {
1342        self.path_challenge_recv_max_queue_len = queue_len;
1343    }
1344
1345    /// Sets the maximum size of the connection window.
1346    ///
1347    /// The default value is MAX_CONNECTION_WINDOW (24MBytes).
1348    pub fn set_max_connection_window(&mut self, v: u64) {
1349        self.max_connection_window = v;
1350    }
1351
1352    /// Sets the maximum size of the stream window.
1353    ///
1354    /// The default value is MAX_STREAM_WINDOW (16MBytes).
1355    pub fn set_max_stream_window(&mut self, v: u64) {
1356        self.max_stream_window = v;
1357    }
1358
1359    /// Sets the initial stateless reset token.
1360    ///
1361    /// This value is only advertised by servers. Setting a stateless retry
1362    /// token as a client has no effect on the connection.
1363    ///
1364    /// The default value is `None`.
1365    pub fn set_stateless_reset_token(&mut self, v: Option<u128>) {
1366        self.local_transport_params.stateless_reset_token = v;
1367    }
1368
1369    /// Sets whether the QUIC connection should avoid reusing DCIDs over
1370    /// different paths.
1371    ///
1372    /// When set to `true`, it ensures that a destination Connection ID is never
1373    /// reused on different paths. Such behaviour may lead to connection stall
1374    /// if the peer performs a non-voluntary migration (e.g., NAT rebinding) and
1375    /// does not provide additional destination Connection IDs to handle such
1376    /// event.
1377    ///
1378    /// The default value is `false`.
1379    pub fn set_disable_dcid_reuse(&mut self, v: bool) {
1380        self.disable_dcid_reuse = v;
1381    }
1382
1383    /// Enables tracking unknown transport parameters.
1384    ///
1385    /// Specify the maximum number of bytes used to track unknown transport
1386    /// parameters. The size includes the identifier and its value. If storing a
1387    /// transport parameter would cause the limit to be exceeded, it is quietly
1388    /// dropped.
1389    ///
1390    /// The default is that the feature is disabled.
1391    pub fn enable_track_unknown_transport_parameters(&mut self, size: usize) {
1392        self.track_unknown_transport_params = Some(size);
1393    }
1394}
1395
1396/// A QUIC connection.
1397pub struct Connection<F = DefaultBufFactory>
1398where
1399    F: BufFactory,
1400{
1401    /// QUIC wire version used for the connection.
1402    version: u32,
1403
1404    /// Connection Identifiers.
1405    ids: cid::ConnectionIdentifiers,
1406
1407    /// Unique opaque ID for the connection that can be used for logging.
1408    trace_id: String,
1409
1410    /// Packet number spaces.
1411    pkt_num_spaces: [packet::PktNumSpace; packet::Epoch::count()],
1412
1413    /// Next packet number.
1414    next_pkt_num: u64,
1415
1416    /// Peer's transport parameters.
1417    peer_transport_params: TransportParams,
1418
1419    /// If tracking unknown transport parameters from a peer, how much space to
1420    /// use in bytes.
1421    peer_transport_params_track_unknown: Option<usize>,
1422
1423    /// Local transport parameters.
1424    local_transport_params: TransportParams,
1425
1426    /// TLS handshake state.
1427    handshake: tls::Handshake,
1428
1429    /// Serialized TLS session buffer.
1430    ///
1431    /// This field is populated when a new session ticket is processed on the
1432    /// client. On the server this is empty.
1433    session: Option<Vec<u8>>,
1434
1435    /// The configuration for recovery.
1436    recovery_config: recovery::RecoveryConfig,
1437
1438    /// The path manager.
1439    paths: path::PathMap,
1440
1441    /// PATH_CHALLENGE receive queue max length.
1442    path_challenge_recv_max_queue_len: usize,
1443
1444    /// Total number of received PATH_CHALLENGE frames.
1445    path_challenge_rx_count: u64,
1446
1447    /// List of supported application protocols.
1448    application_protos: Vec<Vec<u8>>,
1449
1450    /// Total number of received packets.
1451    recv_count: usize,
1452
1453    /// Total number of sent packets.
1454    sent_count: usize,
1455
1456    /// Total number of lost packets.
1457    lost_count: usize,
1458
1459    /// Total number of packets sent with data retransmitted.
1460    retrans_count: usize,
1461
1462    /// Total number of sent DATAGRAM frames.
1463    dgram_sent_count: usize,
1464
1465    /// Total number of received DATAGRAM frames.
1466    dgram_recv_count: usize,
1467
1468    /// Total number of bytes received from the peer.
1469    rx_data: u64,
1470
1471    /// Receiver flow controller.
1472    flow_control: flowcontrol::FlowControl,
1473
1474    /// Whether we send MAX_DATA frame.
1475    almost_full: bool,
1476
1477    /// Number of stream data bytes that can be buffered.
1478    tx_cap: usize,
1479
1480    // Number of bytes buffered in the send buffer.
1481    tx_buffered: usize,
1482
1483    /// Total number of bytes sent to the peer.
1484    tx_data: u64,
1485
1486    /// Peer's flow control limit for the connection.
1487    max_tx_data: u64,
1488
1489    /// Last tx_data before running a full send() loop.
1490    last_tx_data: u64,
1491
1492    /// Total number of bytes retransmitted over the connection.
1493    /// This counts only STREAM and CRYPTO data.
1494    stream_retrans_bytes: u64,
1495
1496    /// Total number of bytes sent over the connection.
1497    sent_bytes: u64,
1498
1499    /// Total number of bytes received over the connection.
1500    recv_bytes: u64,
1501
1502    /// Total number of bytes sent acked over the connection.
1503    acked_bytes: u64,
1504
1505    /// Total number of bytes sent lost over the connection.
1506    lost_bytes: u64,
1507
1508    /// Streams map, indexed by stream ID.
1509    streams: stream::StreamMap<F>,
1510
1511    /// Peer's original destination connection ID. Used by the client to
1512    /// validate the server's transport parameter.
1513    odcid: Option<ConnectionId<'static>>,
1514
1515    /// Peer's retry source connection ID. Used by the client during stateless
1516    /// retry to validate the server's transport parameter.
1517    rscid: Option<ConnectionId<'static>>,
1518
1519    /// Received address verification token.
1520    token: Option<Vec<u8>>,
1521
1522    /// Error code and reason to be sent to the peer in a CONNECTION_CLOSE
1523    /// frame.
1524    local_error: Option<ConnectionError>,
1525
1526    /// Error code and reason received from the peer in a CONNECTION_CLOSE
1527    /// frame.
1528    peer_error: Option<ConnectionError>,
1529
1530    /// The connection-level limit at which send blocking occurred.
1531    blocked_limit: Option<u64>,
1532
1533    /// Idle timeout expiration time.
1534    idle_timer: Option<time::Instant>,
1535
1536    /// Draining timeout expiration time.
1537    draining_timer: Option<time::Instant>,
1538
1539    /// List of raw packets that were received before they could be decrypted.
1540    undecryptable_pkts: VecDeque<(Vec<u8>, RecvInfo)>,
1541
1542    /// The negotiated ALPN protocol.
1543    alpn: Vec<u8>,
1544
1545    /// Whether this is a server-side connection.
1546    is_server: bool,
1547
1548    /// Whether the initial secrets have been derived.
1549    derived_initial_secrets: bool,
1550
1551    /// Whether a version negotiation packet has already been received. Only
1552    /// relevant for client connections.
1553    did_version_negotiation: bool,
1554
1555    /// Whether stateless retry has been performed.
1556    did_retry: bool,
1557
1558    /// Whether the peer already updated its connection ID.
1559    got_peer_conn_id: bool,
1560
1561    /// Whether the peer verified our initial address.
1562    peer_verified_initial_address: bool,
1563
1564    /// Whether the peer's transport parameters were parsed.
1565    parsed_peer_transport_params: bool,
1566
1567    /// Whether the connection handshake has been completed.
1568    handshake_completed: bool,
1569
1570    /// Whether the HANDSHAKE_DONE frame has been sent.
1571    handshake_done_sent: bool,
1572
1573    /// Whether the HANDSHAKE_DONE frame has been acked.
1574    handshake_done_acked: bool,
1575
1576    /// Whether the connection handshake has been confirmed.
1577    handshake_confirmed: bool,
1578
1579    /// Key phase bit used for outgoing protected packets.
1580    key_phase: bool,
1581
1582    /// Whether an ack-eliciting packet has been sent since last receiving a
1583    /// packet.
1584    ack_eliciting_sent: bool,
1585
1586    /// Whether the connection is closed.
1587    closed: bool,
1588
1589    /// Whether the connection was timed out.
1590    timed_out: bool,
1591
1592    /// Whether to send GREASE.
1593    grease: bool,
1594
1595    /// TLS keylog writer.
1596    keylog: Option<Box<dyn std::io::Write + Send + Sync>>,
1597
1598    #[cfg(feature = "qlog")]
1599    qlog: QlogInfo,
1600
1601    /// DATAGRAM queues.
1602    dgram_recv_queue: dgram::DatagramQueue,
1603    dgram_send_queue: dgram::DatagramQueue,
1604
1605    /// Whether to emit DATAGRAM frames in the next packet.
1606    emit_dgram: bool,
1607
1608    /// Whether the connection should prevent from reusing destination
1609    /// Connection IDs when the peer migrates.
1610    disable_dcid_reuse: bool,
1611
1612    /// The number of streams reset by local.
1613    reset_stream_local_count: u64,
1614
1615    /// The number of streams stopped by local.
1616    stopped_stream_local_count: u64,
1617
1618    /// The number of streams reset by remote.
1619    reset_stream_remote_count: u64,
1620
1621    /// The number of streams stopped by remote.
1622    stopped_stream_remote_count: u64,
1623
1624    /// The anti-amplification limit factor.
1625    max_amplification_factor: usize,
1626}
1627
1628/// Creates a new server-side connection.
1629///
1630/// The `scid` parameter represents the server's source connection ID, while
1631/// the optional `odcid` parameter represents the original destination ID the
1632/// client sent before a stateless retry (this is only required when using
1633/// the [`retry()`] function).
1634///
1635/// [`retry()`]: fn.retry.html
1636///
1637/// ## Examples:
1638///
1639/// ```no_run
1640/// # let mut config = quiche::Config::new(0xbabababa)?;
1641/// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1642/// # let local = "127.0.0.1:0".parse().unwrap();
1643/// # let peer = "127.0.0.1:1234".parse().unwrap();
1644/// let conn = quiche::accept(&scid, None, local, peer, &mut config)?;
1645/// # Ok::<(), quiche::Error>(())
1646/// ```
1647#[inline]
1648pub fn accept(
1649    scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
1650    peer: SocketAddr, config: &mut Config,
1651) -> Result<Connection> {
1652    let conn = Connection::new(scid, odcid, local, peer, config, true)?;
1653
1654    Ok(conn)
1655}
1656
1657/// Creates a new server-side connection, with a custom buffer generation
1658/// method.
1659///
1660/// The buffers generated can be anything that can be drereferenced as a byte
1661/// slice. See [`accept`] and [`BufFactory`] for more info.
1662#[inline]
1663pub fn accept_with_buf_factory<F: BufFactory>(
1664    scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
1665    peer: SocketAddr, config: &mut Config,
1666) -> Result<Connection<F>> {
1667    let conn = Connection::new(scid, odcid, local, peer, config, true)?;
1668
1669    Ok(conn)
1670}
1671
1672/// Creates a new client-side connection.
1673///
1674/// The `scid` parameter is used as the connection's source connection ID,
1675/// while the optional `server_name` parameter is used to verify the peer's
1676/// certificate.
1677///
1678/// ## Examples:
1679///
1680/// ```no_run
1681/// # let mut config = quiche::Config::new(0xbabababa)?;
1682/// # let server_name = "quic.tech";
1683/// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1684/// # let local = "127.0.0.1:4321".parse().unwrap();
1685/// # let peer = "127.0.0.1:1234".parse().unwrap();
1686/// let conn =
1687///     quiche::connect(Some(&server_name), &scid, local, peer, &mut config)?;
1688/// # Ok::<(), quiche::Error>(())
1689/// ```
1690#[inline]
1691pub fn connect(
1692    server_name: Option<&str>, scid: &ConnectionId, local: SocketAddr,
1693    peer: SocketAddr, config: &mut Config,
1694) -> Result<Connection> {
1695    let mut conn = Connection::new(scid, None, local, peer, config, false)?;
1696
1697    if let Some(server_name) = server_name {
1698        conn.handshake.set_host_name(server_name)?;
1699    }
1700
1701    Ok(conn)
1702}
1703
1704/// Creates a new client-side connection, with a custom buffer generation
1705/// method.
1706///
1707/// The buffers generated can be anything that can be drereferenced as a byte
1708/// slice. See [`connect`] and [`BufFactory`] for more info.
1709#[inline]
1710pub fn connect_with_buffer_factory<F: BufFactory>(
1711    server_name: Option<&str>, scid: &ConnectionId, local: SocketAddr,
1712    peer: SocketAddr, config: &mut Config,
1713) -> Result<Connection<F>> {
1714    let mut conn = Connection::new(scid, None, local, peer, config, false)?;
1715
1716    if let Some(server_name) = server_name {
1717        conn.handshake.set_host_name(server_name)?;
1718    }
1719
1720    Ok(conn)
1721}
1722
1723/// Writes a version negotiation packet.
1724///
1725/// The `scid` and `dcid` parameters are the source connection ID and the
1726/// destination connection ID extracted from the received client's Initial
1727/// packet that advertises an unsupported version.
1728///
1729/// ## Examples:
1730///
1731/// ```no_run
1732/// # let mut buf = [0; 512];
1733/// # let mut out = [0; 512];
1734/// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
1735/// let (len, src) = socket.recv_from(&mut buf).unwrap();
1736///
1737/// let hdr =
1738///     quiche::Header::from_slice(&mut buf[..len], quiche::MAX_CONN_ID_LEN)?;
1739///
1740/// if hdr.version != quiche::PROTOCOL_VERSION {
1741///     let len = quiche::negotiate_version(&hdr.scid, &hdr.dcid, &mut out)?;
1742///     socket.send_to(&out[..len], &src).unwrap();
1743/// }
1744/// # Ok::<(), quiche::Error>(())
1745/// ```
1746#[inline]
1747pub fn negotiate_version(
1748    scid: &ConnectionId, dcid: &ConnectionId, out: &mut [u8],
1749) -> Result<usize> {
1750    packet::negotiate_version(scid, dcid, out)
1751}
1752
1753/// Writes a stateless retry packet.
1754///
1755/// The `scid` and `dcid` parameters are the source connection ID and the
1756/// destination connection ID extracted from the received client's Initial
1757/// packet, while `new_scid` is the server's new source connection ID and
1758/// `token` is the address validation token the client needs to echo back.
1759///
1760/// The application is responsible for generating the address validation
1761/// token to be sent to the client, and verifying tokens sent back by the
1762/// client. The generated token should include the `dcid` parameter, such
1763/// that it can be later extracted from the token and passed to the
1764/// [`accept()`] function as its `odcid` parameter.
1765///
1766/// [`accept()`]: fn.accept.html
1767///
1768/// ## Examples:
1769///
1770/// ```no_run
1771/// # let mut config = quiche::Config::new(0xbabababa)?;
1772/// # let mut buf = [0; 512];
1773/// # let mut out = [0; 512];
1774/// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
1775/// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
1776/// # let local = socket.local_addr().unwrap();
1777/// # fn mint_token(hdr: &quiche::Header, src: &std::net::SocketAddr) -> Vec<u8> {
1778/// #     vec![]
1779/// # }
1780/// # fn validate_token<'a>(src: &std::net::SocketAddr, token: &'a [u8]) -> Option<quiche::ConnectionId<'a>> {
1781/// #     None
1782/// # }
1783/// let (len, peer) = socket.recv_from(&mut buf).unwrap();
1784///
1785/// let hdr = quiche::Header::from_slice(&mut buf[..len], quiche::MAX_CONN_ID_LEN)?;
1786///
1787/// let token = hdr.token.as_ref().unwrap();
1788///
1789/// // No token sent by client, create a new one.
1790/// if token.is_empty() {
1791///     let new_token = mint_token(&hdr, &peer);
1792///
1793///     let len = quiche::retry(
1794///         &hdr.scid, &hdr.dcid, &scid, &new_token, hdr.version, &mut out,
1795///     )?;
1796///
1797///     socket.send_to(&out[..len], &peer).unwrap();
1798///     return Ok(());
1799/// }
1800///
1801/// // Client sent token, validate it.
1802/// let odcid = validate_token(&peer, token);
1803///
1804/// if odcid.is_none() {
1805///     // Invalid address validation token.
1806///     return Ok(());
1807/// }
1808///
1809/// let conn = quiche::accept(&scid, odcid.as_ref(), local, peer, &mut config)?;
1810/// # Ok::<(), quiche::Error>(())
1811/// ```
1812#[inline]
1813pub fn retry(
1814    scid: &ConnectionId, dcid: &ConnectionId, new_scid: &ConnectionId,
1815    token: &[u8], version: u32, out: &mut [u8],
1816) -> Result<usize> {
1817    packet::retry(scid, dcid, new_scid, token, version, out)
1818}
1819
1820/// Returns true if the given protocol version is supported.
1821#[inline]
1822pub fn version_is_supported(version: u32) -> bool {
1823    matches!(version, PROTOCOL_VERSION_V1)
1824}
1825
1826/// Pushes a frame to the output packet if there is enough space.
1827///
1828/// Returns `true` on success, `false` otherwise. In case of failure it means
1829/// there is no room to add the frame in the packet. You may retry to add the
1830/// frame later.
1831macro_rules! push_frame_to_pkt {
1832    ($out:expr, $frames:expr, $frame:expr, $left:expr) => {{
1833        if $frame.wire_len() <= $left {
1834            $left -= $frame.wire_len();
1835
1836            $frame.to_bytes(&mut $out)?;
1837
1838            $frames.push($frame);
1839
1840            true
1841        } else {
1842            false
1843        }
1844    }};
1845}
1846
1847/// Executes the provided body if the qlog feature is enabled, quiche has been
1848/// configured with a log writer, the event's importance is within the
1849/// configured level.
1850macro_rules! qlog_with_type {
1851    ($ty:expr, $qlog:expr, $qlog_streamer_ref:ident, $body:block) => {{
1852        #[cfg(feature = "qlog")]
1853        {
1854            if EventImportance::from($ty).is_contained_in(&$qlog.level) {
1855                if let Some($qlog_streamer_ref) = &mut $qlog.streamer {
1856                    $body
1857                }
1858            }
1859        }
1860    }};
1861}
1862
1863#[cfg(feature = "qlog")]
1864const QLOG_PARAMS_SET: EventType =
1865    EventType::TransportEventType(TransportEventType::ParametersSet);
1866
1867#[cfg(feature = "qlog")]
1868const QLOG_PACKET_RX: EventType =
1869    EventType::TransportEventType(TransportEventType::PacketReceived);
1870
1871#[cfg(feature = "qlog")]
1872const QLOG_PACKET_TX: EventType =
1873    EventType::TransportEventType(TransportEventType::PacketSent);
1874
1875#[cfg(feature = "qlog")]
1876const QLOG_DATA_MV: EventType =
1877    EventType::TransportEventType(TransportEventType::DataMoved);
1878
1879#[cfg(feature = "qlog")]
1880const QLOG_METRICS: EventType =
1881    EventType::RecoveryEventType(RecoveryEventType::MetricsUpdated);
1882
1883#[cfg(feature = "qlog")]
1884const QLOG_CONNECTION_CLOSED: EventType =
1885    EventType::ConnectivityEventType(ConnectivityEventType::ConnectionClosed);
1886
1887#[cfg(feature = "qlog")]
1888struct QlogInfo {
1889    streamer: Option<qlog::streamer::QlogStreamer>,
1890    logged_peer_params: bool,
1891    level: EventImportance,
1892}
1893
1894#[cfg(feature = "qlog")]
1895impl Default for QlogInfo {
1896    fn default() -> Self {
1897        QlogInfo {
1898            streamer: None,
1899            logged_peer_params: false,
1900            level: EventImportance::Base,
1901        }
1902    }
1903}
1904
1905impl<F: BufFactory> Connection<F> {
1906    fn new(
1907        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
1908        peer: SocketAddr, config: &mut Config, is_server: bool,
1909    ) -> Result<Connection<F>> {
1910        let tls = config.tls_ctx.new_handshake()?;
1911        Connection::with_tls(scid, odcid, local, peer, config, tls, is_server)
1912    }
1913
1914    fn with_tls(
1915        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
1916        peer: SocketAddr, config: &Config, tls: tls::Handshake, is_server: bool,
1917    ) -> Result<Connection<F>> {
1918        let max_rx_data = config.local_transport_params.initial_max_data;
1919
1920        let scid_as_hex: Vec<String> =
1921            scid.iter().map(|b| format!("{b:02x}")).collect();
1922
1923        let reset_token = if is_server {
1924            config.local_transport_params.stateless_reset_token
1925        } else {
1926            None
1927        };
1928
1929        let recovery_config = recovery::RecoveryConfig::from_config(config);
1930
1931        let mut path = path::Path::new(
1932            local,
1933            peer,
1934            &recovery_config,
1935            config.path_challenge_recv_max_queue_len,
1936            MIN_CLIENT_INITIAL_LEN,
1937            true,
1938        );
1939
1940        // If we did stateless retry assume the peer's address is verified.
1941        path.verified_peer_address = odcid.is_some();
1942        // Assume clients validate the server's address implicitly.
1943        path.peer_verified_local_address = is_server;
1944
1945        // Do not allocate more than the number of active CIDs.
1946        let paths = path::PathMap::new(
1947            path,
1948            config.local_transport_params.active_conn_id_limit as usize,
1949            is_server,
1950            config.pmtud,
1951            config.max_send_udp_payload_size,
1952        );
1953
1954        let active_path_id = paths.get_active_path_id()?;
1955
1956        let ids = cid::ConnectionIdentifiers::new(
1957            config.local_transport_params.active_conn_id_limit as usize,
1958            scid,
1959            active_path_id,
1960            reset_token,
1961        );
1962
1963        let mut conn = Connection {
1964            version: config.version,
1965
1966            ids,
1967
1968            trace_id: scid_as_hex.join(""),
1969
1970            pkt_num_spaces: [
1971                packet::PktNumSpace::new(),
1972                packet::PktNumSpace::new(),
1973                packet::PktNumSpace::new(),
1974            ],
1975
1976            next_pkt_num: 0,
1977
1978            peer_transport_params: TransportParams::default(),
1979
1980            peer_transport_params_track_unknown: config
1981                .track_unknown_transport_params,
1982
1983            local_transport_params: config.local_transport_params.clone(),
1984
1985            handshake: tls,
1986
1987            session: None,
1988
1989            recovery_config,
1990
1991            paths,
1992            path_challenge_recv_max_queue_len: config
1993                .path_challenge_recv_max_queue_len,
1994            path_challenge_rx_count: 0,
1995
1996            application_protos: config.application_protos.clone(),
1997
1998            recv_count: 0,
1999            sent_count: 0,
2000            lost_count: 0,
2001            retrans_count: 0,
2002            dgram_sent_count: 0,
2003            dgram_recv_count: 0,
2004            sent_bytes: 0,
2005            recv_bytes: 0,
2006            acked_bytes: 0,
2007            lost_bytes: 0,
2008
2009            rx_data: 0,
2010            flow_control: flowcontrol::FlowControl::new(
2011                max_rx_data,
2012                cmp::min(max_rx_data / 2 * 3, DEFAULT_CONNECTION_WINDOW),
2013                config.max_connection_window,
2014            ),
2015            almost_full: false,
2016
2017            tx_cap: 0,
2018
2019            tx_buffered: 0,
2020
2021            tx_data: 0,
2022            max_tx_data: 0,
2023            last_tx_data: 0,
2024
2025            stream_retrans_bytes: 0,
2026
2027            streams: stream::StreamMap::new(
2028                config.local_transport_params.initial_max_streams_bidi,
2029                config.local_transport_params.initial_max_streams_uni,
2030                config.max_stream_window,
2031            ),
2032
2033            odcid: None,
2034
2035            rscid: None,
2036
2037            token: None,
2038
2039            local_error: None,
2040
2041            peer_error: None,
2042
2043            blocked_limit: None,
2044
2045            idle_timer: None,
2046
2047            draining_timer: None,
2048
2049            undecryptable_pkts: VecDeque::new(),
2050
2051            alpn: Vec::new(),
2052
2053            is_server,
2054
2055            derived_initial_secrets: false,
2056
2057            did_version_negotiation: false,
2058
2059            did_retry: false,
2060
2061            got_peer_conn_id: false,
2062
2063            // Assume clients validate the server's address implicitly.
2064            peer_verified_initial_address: is_server,
2065
2066            parsed_peer_transport_params: false,
2067
2068            handshake_completed: false,
2069
2070            handshake_done_sent: false,
2071            handshake_done_acked: false,
2072
2073            handshake_confirmed: false,
2074
2075            key_phase: false,
2076
2077            ack_eliciting_sent: false,
2078
2079            closed: false,
2080
2081            timed_out: false,
2082
2083            grease: config.grease,
2084
2085            keylog: None,
2086
2087            #[cfg(feature = "qlog")]
2088            qlog: Default::default(),
2089
2090            dgram_recv_queue: dgram::DatagramQueue::new(
2091                config.dgram_recv_max_queue_len,
2092            ),
2093
2094            dgram_send_queue: dgram::DatagramQueue::new(
2095                config.dgram_send_max_queue_len,
2096            ),
2097
2098            emit_dgram: true,
2099
2100            disable_dcid_reuse: config.disable_dcid_reuse,
2101
2102            reset_stream_local_count: 0,
2103            stopped_stream_local_count: 0,
2104            reset_stream_remote_count: 0,
2105            stopped_stream_remote_count: 0,
2106
2107            max_amplification_factor: config.max_amplification_factor,
2108        };
2109
2110        if let Some(odcid) = odcid {
2111            conn.local_transport_params
2112                .original_destination_connection_id = Some(odcid.to_vec().into());
2113
2114            conn.local_transport_params.retry_source_connection_id =
2115                Some(conn.ids.get_scid(0)?.cid.to_vec().into());
2116
2117            conn.did_retry = true;
2118        }
2119
2120        conn.local_transport_params.initial_source_connection_id =
2121            Some(conn.ids.get_scid(0)?.cid.to_vec().into());
2122
2123        conn.handshake.init(is_server)?;
2124
2125        conn.handshake
2126            .use_legacy_codepoint(config.version != PROTOCOL_VERSION_V1);
2127
2128        conn.encode_transport_params()?;
2129
2130        // Derive initial secrets for the client. We can do this here because
2131        // we already generated the random destination connection ID.
2132        if !is_server {
2133            let mut dcid = [0; 16];
2134            rand::rand_bytes(&mut dcid[..]);
2135
2136            let (aead_open, aead_seal) = crypto::derive_initial_key_material(
2137                &dcid,
2138                conn.version,
2139                conn.is_server,
2140                false,
2141            )?;
2142
2143            let reset_token = conn.peer_transport_params.stateless_reset_token;
2144            conn.set_initial_dcid(
2145                dcid.to_vec().into(),
2146                reset_token,
2147                active_path_id,
2148            )?;
2149
2150            conn.pkt_num_spaces[packet::Epoch::Initial].crypto_open =
2151                Some(aead_open);
2152            conn.pkt_num_spaces[packet::Epoch::Initial].crypto_seal =
2153                Some(aead_seal);
2154
2155            conn.derived_initial_secrets = true;
2156        }
2157
2158        Ok(conn)
2159    }
2160
2161    /// Sets keylog output to the designated [`Writer`].
2162    ///
2163    /// This needs to be called as soon as the connection is created, to avoid
2164    /// missing some early logs.
2165    ///
2166    /// [`Writer`]: https://doc.rust-lang.org/std/io/trait.Write.html
2167    #[inline]
2168    pub fn set_keylog(&mut self, writer: Box<dyn std::io::Write + Send + Sync>) {
2169        self.keylog = Some(writer);
2170    }
2171
2172    /// Sets qlog output to the designated [`Writer`].
2173    ///
2174    /// Only events included in `QlogLevel::Base` are written. The serialization
2175    /// format is JSON-SEQ.
2176    ///
2177    /// This needs to be called as soon as the connection is created, to avoid
2178    /// missing some early logs.
2179    ///
2180    /// [`Writer`]: https://doc.rust-lang.org/std/io/trait.Write.html
2181    #[cfg(feature = "qlog")]
2182    #[cfg_attr(docsrs, doc(cfg(feature = "qlog")))]
2183    pub fn set_qlog(
2184        &mut self, writer: Box<dyn std::io::Write + Send + Sync>, title: String,
2185        description: String,
2186    ) {
2187        self.set_qlog_with_level(writer, title, description, QlogLevel::Base)
2188    }
2189
2190    /// Sets qlog output to the designated [`Writer`].
2191    ///
2192    /// Only qlog events included in the specified `QlogLevel` are written. The
2193    /// serialization format is JSON-SEQ.
2194    ///
2195    /// This needs to be called as soon as the connection is created, to avoid
2196    /// missing some early logs.
2197    ///
2198    /// [`Writer`]: https://doc.rust-lang.org/std/io/trait.Write.html
2199    #[cfg(feature = "qlog")]
2200    #[cfg_attr(docsrs, doc(cfg(feature = "qlog")))]
2201    pub fn set_qlog_with_level(
2202        &mut self, writer: Box<dyn std::io::Write + Send + Sync>, title: String,
2203        description: String, qlog_level: QlogLevel,
2204    ) {
2205        let vp = if self.is_server {
2206            qlog::VantagePointType::Server
2207        } else {
2208            qlog::VantagePointType::Client
2209        };
2210
2211        let level = match qlog_level {
2212            QlogLevel::Core => EventImportance::Core,
2213
2214            QlogLevel::Base => EventImportance::Base,
2215
2216            QlogLevel::Extra => EventImportance::Extra,
2217        };
2218
2219        self.qlog.level = level;
2220
2221        let trace = qlog::TraceSeq::new(
2222            qlog::VantagePoint {
2223                name: None,
2224                ty: vp,
2225                flow: None,
2226            },
2227            Some(title.to_string()),
2228            Some(description.to_string()),
2229            Some(qlog::Configuration {
2230                time_offset: Some(0.0),
2231                original_uris: None,
2232            }),
2233            None,
2234        );
2235
2236        let mut streamer = qlog::streamer::QlogStreamer::new(
2237            qlog::QLOG_VERSION.to_string(),
2238            Some(title),
2239            Some(description),
2240            None,
2241            time::Instant::now(),
2242            trace,
2243            self.qlog.level,
2244            writer,
2245        );
2246
2247        streamer.start_log().ok();
2248
2249        let ev_data = self
2250            .local_transport_params
2251            .to_qlog(TransportOwner::Local, self.handshake.cipher());
2252
2253        // This event occurs very early, so just mark the relative time as 0.0.
2254        streamer.add_event(Event::with_time(0.0, ev_data)).ok();
2255
2256        self.qlog.streamer = Some(streamer);
2257    }
2258
2259    /// Returns a mutable reference to the QlogStreamer, if it exists.
2260    #[cfg(feature = "qlog")]
2261    #[cfg_attr(docsrs, doc(cfg(feature = "qlog")))]
2262    pub fn qlog_streamer(&mut self) -> Option<&mut qlog::streamer::QlogStreamer> {
2263        self.qlog.streamer.as_mut()
2264    }
2265
2266    /// Configures the given session for resumption.
2267    ///
2268    /// On the client, this can be used to offer the given serialized session,
2269    /// as returned by [`session()`], for resumption.
2270    ///
2271    /// This must only be called immediately after creating a connection, that
2272    /// is, before any packet is sent or received.
2273    ///
2274    /// [`session()`]: struct.Connection.html#method.session
2275    #[inline]
2276    pub fn set_session(&mut self, session: &[u8]) -> Result<()> {
2277        let mut b = octets::Octets::with_slice(session);
2278
2279        let session_len = b.get_u64()? as usize;
2280        let session_bytes = b.get_bytes(session_len)?;
2281
2282        self.handshake.set_session(session_bytes.as_ref())?;
2283
2284        let raw_params_len = b.get_u64()? as usize;
2285        let raw_params_bytes = b.get_bytes(raw_params_len)?;
2286
2287        let peer_params = TransportParams::decode(
2288            raw_params_bytes.as_ref(),
2289            self.is_server,
2290            self.peer_transport_params_track_unknown,
2291        )?;
2292
2293        self.process_peer_transport_params(peer_params)?;
2294
2295        Ok(())
2296    }
2297
2298    /// Sets the `max_idle_timeout` transport parameter, in milliseconds.
2299    ///
2300    /// This must only be called immediately after creating a connection, that
2301    /// is, before any packet is sent or received.
2302    ///
2303    /// The default value is infinite, that is, no timeout is used unless
2304    /// already configured when creating the connection.
2305    pub fn set_max_idle_timeout(&mut self, v: u64) -> Result<()> {
2306        self.local_transport_params.max_idle_timeout = v;
2307
2308        self.encode_transport_params()
2309    }
2310
2311    /// Sets the congestion control algorithm used.
2312    ///
2313    /// This function can only be called inside one of BoringSSL's handshake
2314    /// callbacks, before any packet has been sent. Calling this function any
2315    /// other time will have no effect.
2316    ///
2317    /// See [`Config::set_cc_algorithm()`].
2318    ///
2319    /// [`Config::set_cc_algorithm()`]: struct.Config.html#method.set_cc_algorithm
2320    #[cfg(feature = "boringssl-boring-crate")]
2321    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2322    pub fn set_cc_algorithm_in_handshake(
2323        ssl: &mut boring::ssl::SslRef, algo: CongestionControlAlgorithm,
2324    ) -> Result<()> {
2325        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2326
2327        ex_data.recovery_config.cc_algorithm = algo;
2328
2329        Ok(())
2330    }
2331
2332    /// Sets custom BBR settings.
2333    ///
2334    /// This API is experimental and will be removed in the future.
2335    ///
2336    /// Currently this only applies if cc_algorithm is
2337    /// `CongestionControlAlgorithm::Bbr2Gcongestion` is set.
2338    ///
2339    /// This function can only be called inside one of BoringSSL's handshake
2340    /// callbacks, before any packet has been sent. Calling this function any
2341    /// other time will have no effect.
2342    ///
2343    /// See [`Config::set_custom_bbr_settings()`].
2344    ///
2345    /// [`Config::set_custom_bbr_settings()`]: struct.Config.html#method.set_custom_bbr_settings
2346    #[cfg(all(feature = "boringssl-boring-crate", feature = "internal"))]
2347    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2348    #[doc(hidden)]
2349    pub fn set_custom_bbr_settings_in_handshake(
2350        ssl: &mut boring::ssl::SslRef, custom_bbr_params: BbrParams,
2351    ) -> Result<()> {
2352        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2353
2354        ex_data.recovery_config.custom_bbr_params = Some(custom_bbr_params);
2355
2356        Ok(())
2357    }
2358
2359    /// Sets the congestion control algorithm used by string.
2360    ///
2361    /// This function can only be called inside one of BoringSSL's handshake
2362    /// callbacks, before any packet has been sent. Calling this function any
2363    /// other time will have no effect.
2364    ///
2365    /// See [`Config::set_cc_algorithm_name()`].
2366    ///
2367    /// [`Config::set_cc_algorithm_name()`]: struct.Config.html#method.set_cc_algorithm_name
2368    #[cfg(feature = "boringssl-boring-crate")]
2369    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2370    pub fn set_cc_algorithm_name_in_handshake(
2371        ssl: &mut boring::ssl::SslRef, name: &str,
2372    ) -> Result<()> {
2373        let cc_algo = CongestionControlAlgorithm::from_str(name)?;
2374        Self::set_cc_algorithm_in_handshake(ssl, cc_algo)
2375    }
2376
2377    /// Sets initial congestion window size in terms of packet count.
2378    ///
2379    /// This function can only be called inside one of BoringSSL's handshake
2380    /// callbacks, before any packet has been sent. Calling this function any
2381    /// other time will have no effect.
2382    ///
2383    /// See [`Config::set_initial_congestion_window_packets()`].
2384    ///
2385    /// [`Config::set_initial_congestion_window_packets()`]: struct.Config.html#method.set_initial_congestion_window_packets
2386    #[cfg(feature = "boringssl-boring-crate")]
2387    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2388    pub fn set_initial_congestion_window_packets_in_handshake(
2389        ssl: &mut boring::ssl::SslRef, packets: usize,
2390    ) -> Result<()> {
2391        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2392
2393        ex_data.recovery_config.initial_congestion_window_packets = packets;
2394
2395        Ok(())
2396    }
2397
2398    /// Configures whether to enable HyStart++.
2399    ///
2400    /// This function can only be called inside one of BoringSSL's handshake
2401    /// callbacks, before any packet has been sent. Calling this function any
2402    /// other time will have no effect.
2403    ///
2404    /// See [`Config::enable_hystart()`].
2405    ///
2406    /// [`Config::enable_hystart()`]: struct.Config.html#method.enable_hystart
2407    #[cfg(feature = "boringssl-boring-crate")]
2408    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2409    pub fn set_hystart_in_handshake(
2410        ssl: &mut boring::ssl::SslRef, v: bool,
2411    ) -> Result<()> {
2412        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2413
2414        ex_data.recovery_config.hystart = v;
2415
2416        Ok(())
2417    }
2418
2419    /// Configures whether to enable pacing.
2420    ///
2421    /// This function can only be called inside one of BoringSSL's handshake
2422    /// callbacks, before any packet has been sent. Calling this function any
2423    /// other time will have no effect.
2424    ///
2425    /// See [`Config::enable_pacing()`].
2426    ///
2427    /// [`Config::enable_pacing()`]: struct.Config.html#method.enable_pacing
2428    #[cfg(feature = "boringssl-boring-crate")]
2429    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2430    pub fn set_pacing_in_handshake(
2431        ssl: &mut boring::ssl::SslRef, v: bool,
2432    ) -> Result<()> {
2433        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2434
2435        ex_data.recovery_config.pacing = v;
2436
2437        Ok(())
2438    }
2439
2440    /// Sets the max value for pacing rate.
2441    ///
2442    /// This function can only be called inside one of BoringSSL's handshake
2443    /// callbacks, before any packet has been sent. Calling this function any
2444    /// other time will have no effect.
2445    ///
2446    /// See [`Config::set_max_pacing_rate()`].
2447    ///
2448    /// [`Config::set_max_pacing_rate()`]: struct.Config.html#method.set_max_pacing_rate
2449    #[cfg(feature = "boringssl-boring-crate")]
2450    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2451    pub fn set_max_pacing_rate_in_handshake(
2452        ssl: &mut boring::ssl::SslRef, v: Option<u64>,
2453    ) -> Result<()> {
2454        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2455
2456        ex_data.recovery_config.max_pacing_rate = v;
2457
2458        Ok(())
2459    }
2460
2461    /// Sets the maximum outgoing UDP payload size.
2462    ///
2463    /// This function can only be called inside one of BoringSSL's handshake
2464    /// callbacks, before any packet has been sent. Calling this function any
2465    /// other time will have no effect.
2466    ///
2467    /// See [`Config::set_max_send_udp_payload_size()`].
2468    ///
2469    /// [`Config::set_max_send_udp_payload_size()`]: struct.Config.html#method.set_max_send_udp_payload_size
2470    #[cfg(feature = "boringssl-boring-crate")]
2471    #[cfg_attr(docsrs, doc(cfg(feature = "boringssl-boring-crate")))]
2472    pub fn set_max_send_udp_payload_size_in_handshake(
2473        ssl: &mut boring::ssl::SslRef, v: usize,
2474    ) -> Result<()> {
2475        let ex_data = tls::ExData::from_ssl_ref(ssl).ok_or(Error::TlsFail)?;
2476
2477        ex_data.recovery_config.max_send_udp_payload_size = v;
2478
2479        Ok(())
2480    }
2481
2482    /// Processes QUIC packets received from the peer.
2483    ///
2484    /// On success the number of bytes processed from the input buffer is
2485    /// returned. On error the connection will be closed by calling [`close()`]
2486    /// with the appropriate error code.
2487    ///
2488    /// Coalesced packets will be processed as necessary.
2489    ///
2490    /// Note that the contents of the input buffer `buf` might be modified by
2491    /// this function due to, for example, in-place decryption.
2492    ///
2493    /// [`close()`]: struct.Connection.html#method.close
2494    ///
2495    /// ## Examples:
2496    ///
2497    /// ```no_run
2498    /// # let mut buf = [0; 512];
2499    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
2500    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
2501    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
2502    /// # let peer = "127.0.0.1:1234".parse().unwrap();
2503    /// # let local = socket.local_addr().unwrap();
2504    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
2505    /// loop {
2506    ///     let (read, from) = socket.recv_from(&mut buf).unwrap();
2507    ///
2508    ///     let recv_info = quiche::RecvInfo {
2509    ///         from,
2510    ///         to: local,
2511    ///     };
2512    ///
2513    ///     let read = match conn.recv(&mut buf[..read], recv_info) {
2514    ///         Ok(v) => v,
2515    ///
2516    ///         Err(e) => {
2517    ///             // An error occurred, handle it.
2518    ///             break;
2519    ///         },
2520    ///     };
2521    /// }
2522    /// # Ok::<(), quiche::Error>(())
2523    /// ```
2524    pub fn recv(&mut self, buf: &mut [u8], info: RecvInfo) -> Result<usize> {
2525        let len = buf.len();
2526
2527        if len == 0 {
2528            return Err(Error::BufferTooShort);
2529        }
2530
2531        let recv_pid = self.paths.path_id_from_addrs(&(info.to, info.from));
2532
2533        if let Some(recv_pid) = recv_pid {
2534            let recv_path = self.paths.get_mut(recv_pid)?;
2535
2536            // Keep track of how many bytes we received from the client, so we
2537            // can limit bytes sent back before address validation, to a
2538            // multiple of this. The limit needs to be increased early on, so
2539            // that if there is an error there is enough credit to send a
2540            // CONNECTION_CLOSE.
2541            //
2542            // It doesn't matter if the packets received were valid or not, we
2543            // only need to track the total amount of bytes received.
2544            //
2545            // Note that we also need to limit the number of bytes we sent on a
2546            // path if we are not the host that initiated its usage.
2547            if self.is_server && !recv_path.verified_peer_address {
2548                recv_path.max_send_bytes += len * self.max_amplification_factor;
2549            }
2550        } else if !self.is_server {
2551            // If a client receives packets from an unknown server address,
2552            // the client MUST discard these packets.
2553            trace!(
2554                "{} client received packet from unknown address {:?}, dropping",
2555                self.trace_id,
2556                info,
2557            );
2558
2559            return Ok(len);
2560        }
2561
2562        let mut done = 0;
2563        let mut left = len;
2564
2565        // Process coalesced packets.
2566        while left > 0 {
2567            let read = match self.recv_single(
2568                &mut buf[len - left..len],
2569                &info,
2570                recv_pid,
2571            ) {
2572                Ok(v) => v,
2573
2574                Err(Error::Done) => {
2575                    // If the packet can't be processed or decrypted, check if
2576                    // it's a stateless reset.
2577                    if self.is_stateless_reset(&buf[len - left..len]) {
2578                        trace!("{} packet is a stateless reset", self.trace_id);
2579
2580                        self.mark_closed();
2581                    }
2582
2583                    left
2584                },
2585
2586                Err(e) => {
2587                    // In case of error processing the incoming packet, close
2588                    // the connection.
2589                    self.close(false, e.to_wire(), b"").ok();
2590                    return Err(e);
2591                },
2592            };
2593
2594            done += read;
2595            left -= read;
2596        }
2597
2598        // Even though the packet was previously "accepted", it
2599        // should be safe to forward the error, as it also comes
2600        // from the `recv()` method.
2601        self.process_undecrypted_0rtt_packets()?;
2602
2603        Ok(done)
2604    }
2605
2606    fn process_undecrypted_0rtt_packets(&mut self) -> Result<()> {
2607        // Process previously undecryptable 0-RTT packets if the decryption key
2608        // is now available.
2609        if self.pkt_num_spaces[packet::Epoch::Application]
2610            .crypto_0rtt_open
2611            .is_some()
2612        {
2613            while let Some((mut pkt, info)) = self.undecryptable_pkts.pop_front()
2614            {
2615                if let Err(e) = self.recv(&mut pkt, info) {
2616                    self.undecryptable_pkts.clear();
2617
2618                    return Err(e);
2619                }
2620            }
2621        }
2622        Ok(())
2623    }
2624
2625    /// Returns true if a QUIC packet is a stateless reset.
2626    fn is_stateless_reset(&self, buf: &[u8]) -> bool {
2627        // If the packet is too small, then we just throw it away.
2628        let buf_len = buf.len();
2629        if buf_len < 21 {
2630            return false;
2631        }
2632
2633        // TODO: we should iterate over all active destination connection IDs
2634        // and check against their reset token.
2635        match self.peer_transport_params.stateless_reset_token {
2636            Some(token) => {
2637                let token_len = 16;
2638
2639                crypto::verify_slices_are_equal(
2640                    &token.to_be_bytes(),
2641                    &buf[buf_len - token_len..buf_len],
2642                )
2643                .is_ok()
2644            },
2645
2646            None => false,
2647        }
2648    }
2649
2650    /// Processes a single QUIC packet received from the peer.
2651    ///
2652    /// On success the number of bytes processed from the input buffer is
2653    /// returned. When the [`Done`] error is returned, processing of the
2654    /// remainder of the incoming UDP datagram should be interrupted.
2655    ///
2656    /// Note that a server might observe a new 4-tuple, preventing to
2657    /// know in advance to which path the incoming packet belongs to (`recv_pid`
2658    /// is `None`). As a client, packets from unknown 4-tuple are dropped
2659    /// beforehand (see `recv()`).
2660    ///
2661    /// On error, an error other than [`Done`] is returned.
2662    ///
2663    /// [`Done`]: enum.Error.html#variant.Done
2664    fn recv_single(
2665        &mut self, buf: &mut [u8], info: &RecvInfo, recv_pid: Option<usize>,
2666    ) -> Result<usize> {
2667        let now = time::Instant::now();
2668
2669        if buf.is_empty() {
2670            return Err(Error::Done);
2671        }
2672
2673        if self.is_closed() || self.is_draining() {
2674            return Err(Error::Done);
2675        }
2676
2677        let is_closing = self.local_error.is_some();
2678
2679        if is_closing {
2680            return Err(Error::Done);
2681        }
2682
2683        let buf_len = buf.len();
2684
2685        let mut b = octets::OctetsMut::with_slice(buf);
2686
2687        let mut hdr = Header::from_bytes(&mut b, self.source_id().len())
2688            .map_err(|e| {
2689                drop_pkt_on_err(
2690                    e,
2691                    self.recv_count,
2692                    self.is_server,
2693                    &self.trace_id,
2694                )
2695            })?;
2696
2697        if hdr.ty == packet::Type::VersionNegotiation {
2698            // Version negotiation packets can only be sent by the server.
2699            if self.is_server {
2700                return Err(Error::Done);
2701            }
2702
2703            // Ignore duplicate version negotiation.
2704            if self.did_version_negotiation {
2705                return Err(Error::Done);
2706            }
2707
2708            // Ignore version negotiation if any other packet has already been
2709            // successfully processed.
2710            if self.recv_count > 0 {
2711                return Err(Error::Done);
2712            }
2713
2714            if hdr.dcid != self.source_id() {
2715                return Err(Error::Done);
2716            }
2717
2718            if hdr.scid != self.destination_id() {
2719                return Err(Error::Done);
2720            }
2721
2722            trace!("{} rx pkt {:?}", self.trace_id, hdr);
2723
2724            let versions = hdr.versions.ok_or(Error::Done)?;
2725
2726            // Ignore version negotiation if the version already selected is
2727            // listed.
2728            if versions.contains(&self.version) {
2729                return Err(Error::Done);
2730            }
2731
2732            let supported_versions =
2733                versions.iter().filter(|&&v| version_is_supported(v));
2734
2735            let mut found_version = false;
2736
2737            for &v in supported_versions {
2738                found_version = true;
2739
2740                // The final version takes precedence over draft ones.
2741                if v == PROTOCOL_VERSION_V1 {
2742                    self.version = v;
2743                    break;
2744                }
2745
2746                self.version = cmp::max(self.version, v);
2747            }
2748
2749            if !found_version {
2750                // We don't support any of the versions offered.
2751                //
2752                // While a man-in-the-middle attacker might be able to
2753                // inject a version negotiation packet that triggers this
2754                // failure, the window of opportunity is very small and
2755                // this error is quite useful for debugging, so don't just
2756                // ignore the packet.
2757                return Err(Error::UnknownVersion);
2758            }
2759
2760            self.did_version_negotiation = true;
2761
2762            // Derive Initial secrets based on the new version.
2763            let (aead_open, aead_seal) = crypto::derive_initial_key_material(
2764                &self.destination_id(),
2765                self.version,
2766                self.is_server,
2767                true,
2768            )?;
2769
2770            // Reset connection state to force sending another Initial packet.
2771            self.drop_epoch_state(packet::Epoch::Initial, now);
2772            self.got_peer_conn_id = false;
2773            self.handshake.clear()?;
2774
2775            self.pkt_num_spaces[packet::Epoch::Initial].crypto_open =
2776                Some(aead_open);
2777            self.pkt_num_spaces[packet::Epoch::Initial].crypto_seal =
2778                Some(aead_seal);
2779
2780            self.handshake
2781                .use_legacy_codepoint(self.version != PROTOCOL_VERSION_V1);
2782
2783            // Encode transport parameters again, as the new version might be
2784            // using a different format.
2785            self.encode_transport_params()?;
2786
2787            return Err(Error::Done);
2788        }
2789
2790        if hdr.ty == packet::Type::Retry {
2791            // Retry packets can only be sent by the server.
2792            if self.is_server {
2793                return Err(Error::Done);
2794            }
2795
2796            // Ignore duplicate retry.
2797            if self.did_retry {
2798                return Err(Error::Done);
2799            }
2800
2801            // Check if Retry packet is valid.
2802            if packet::verify_retry_integrity(
2803                &b,
2804                &self.destination_id(),
2805                self.version,
2806            )
2807            .is_err()
2808            {
2809                return Err(Error::Done);
2810            }
2811
2812            trace!("{} rx pkt {:?}", self.trace_id, hdr);
2813
2814            self.token = hdr.token;
2815            self.did_retry = true;
2816
2817            // Remember peer's new connection ID.
2818            self.odcid = Some(self.destination_id().into_owned());
2819
2820            self.set_initial_dcid(
2821                hdr.scid.clone(),
2822                None,
2823                self.paths.get_active_path_id()?,
2824            )?;
2825
2826            self.rscid = Some(self.destination_id().into_owned());
2827
2828            // Derive Initial secrets using the new connection ID.
2829            let (aead_open, aead_seal) = crypto::derive_initial_key_material(
2830                &hdr.scid,
2831                self.version,
2832                self.is_server,
2833                true,
2834            )?;
2835
2836            // Reset connection state to force sending another Initial packet.
2837            self.drop_epoch_state(packet::Epoch::Initial, now);
2838            self.got_peer_conn_id = false;
2839            self.handshake.clear()?;
2840
2841            self.pkt_num_spaces[packet::Epoch::Initial].crypto_open =
2842                Some(aead_open);
2843            self.pkt_num_spaces[packet::Epoch::Initial].crypto_seal =
2844                Some(aead_seal);
2845
2846            return Err(Error::Done);
2847        }
2848
2849        if self.is_server && !self.did_version_negotiation {
2850            if !version_is_supported(hdr.version) {
2851                return Err(Error::UnknownVersion);
2852            }
2853
2854            self.version = hdr.version;
2855            self.did_version_negotiation = true;
2856
2857            self.handshake
2858                .use_legacy_codepoint(self.version != PROTOCOL_VERSION_V1);
2859
2860            // Encode transport parameters again, as the new version might be
2861            // using a different format.
2862            self.encode_transport_params()?;
2863        }
2864
2865        if hdr.ty != packet::Type::Short && hdr.version != self.version {
2866            // At this point version negotiation was already performed, so
2867            // ignore packets that don't match the connection's version.
2868            return Err(Error::Done);
2869        }
2870
2871        // Long header packets have an explicit payload length, but short
2872        // packets don't so just use the remaining capacity in the buffer.
2873        let payload_len = if hdr.ty == packet::Type::Short {
2874            b.cap()
2875        } else {
2876            b.get_varint().map_err(|e| {
2877                drop_pkt_on_err(
2878                    e.into(),
2879                    self.recv_count,
2880                    self.is_server,
2881                    &self.trace_id,
2882                )
2883            })? as usize
2884        };
2885
2886        // Make sure the buffer is same or larger than an explicit
2887        // payload length.
2888        if payload_len > b.cap() {
2889            return Err(drop_pkt_on_err(
2890                Error::InvalidPacket,
2891                self.recv_count,
2892                self.is_server,
2893                &self.trace_id,
2894            ));
2895        }
2896
2897        // Derive initial secrets on the server.
2898        if !self.derived_initial_secrets {
2899            let (aead_open, aead_seal) = crypto::derive_initial_key_material(
2900                &hdr.dcid,
2901                self.version,
2902                self.is_server,
2903                false,
2904            )?;
2905
2906            self.pkt_num_spaces[packet::Epoch::Initial].crypto_open =
2907                Some(aead_open);
2908            self.pkt_num_spaces[packet::Epoch::Initial].crypto_seal =
2909                Some(aead_seal);
2910
2911            self.derived_initial_secrets = true;
2912        }
2913
2914        // Select packet number space epoch based on the received packet's type.
2915        let epoch = hdr.ty.to_epoch()?;
2916
2917        // Select AEAD context used to open incoming packet.
2918        let aead = if hdr.ty == packet::Type::ZeroRTT {
2919            // Only use 0-RTT key if incoming packet is 0-RTT.
2920            self.pkt_num_spaces[epoch].crypto_0rtt_open.as_ref()
2921        } else {
2922            // Otherwise use the packet number space's main key.
2923            self.pkt_num_spaces[epoch].crypto_open.as_ref()
2924        };
2925
2926        // Finally, discard packet if no usable key is available.
2927        let mut aead = match aead {
2928            Some(v) => v,
2929
2930            None => {
2931                if hdr.ty == packet::Type::ZeroRTT &&
2932                    self.undecryptable_pkts.len() < MAX_UNDECRYPTABLE_PACKETS &&
2933                    !self.is_established()
2934                {
2935                    // Buffer 0-RTT packets when the required read key is not
2936                    // available yet, and process them later.
2937                    //
2938                    // TODO: in the future we might want to buffer other types
2939                    // of undecryptable packets as well.
2940                    let pkt_len = b.off() + payload_len;
2941                    let pkt = (b.buf()[..pkt_len]).to_vec();
2942
2943                    self.undecryptable_pkts.push_back((pkt, *info));
2944                    return Ok(pkt_len);
2945                }
2946
2947                let e = drop_pkt_on_err(
2948                    Error::CryptoFail,
2949                    self.recv_count,
2950                    self.is_server,
2951                    &self.trace_id,
2952                );
2953
2954                return Err(e);
2955            },
2956        };
2957
2958        let aead_tag_len = aead.alg().tag_len();
2959
2960        packet::decrypt_hdr(&mut b, &mut hdr, aead).map_err(|e| {
2961            drop_pkt_on_err(e, self.recv_count, self.is_server, &self.trace_id)
2962        })?;
2963
2964        let pn = packet::decode_pkt_num(
2965            self.pkt_num_spaces[epoch].largest_rx_pkt_num,
2966            hdr.pkt_num,
2967            hdr.pkt_num_len,
2968        );
2969
2970        let pn_len = hdr.pkt_num_len;
2971
2972        trace!(
2973            "{} rx pkt {:?} len={} pn={} {}",
2974            self.trace_id,
2975            hdr,
2976            payload_len,
2977            pn,
2978            AddrTupleFmt(info.from, info.to)
2979        );
2980
2981        #[cfg(feature = "qlog")]
2982        let mut qlog_frames = vec![];
2983
2984        // Check for key update.
2985        let mut aead_next = None;
2986
2987        if self.handshake_confirmed &&
2988            hdr.ty != Type::ZeroRTT &&
2989            hdr.key_phase != self.key_phase
2990        {
2991            // Check if this packet arrived before key update.
2992            if let Some(key_update) = self.pkt_num_spaces[epoch]
2993                .key_update
2994                .as_ref()
2995                .and_then(|key_update| {
2996                    (pn < key_update.pn_on_update).then_some(key_update)
2997                })
2998            {
2999                aead = &key_update.crypto_open;
3000            } else {
3001                trace!("{} peer-initiated key update", self.trace_id);
3002
3003                aead_next = Some((
3004                    self.pkt_num_spaces[epoch]
3005                        .crypto_open
3006                        .as_ref()
3007                        .unwrap()
3008                        .derive_next_packet_key()?,
3009                    self.pkt_num_spaces[epoch]
3010                        .crypto_seal
3011                        .as_ref()
3012                        .unwrap()
3013                        .derive_next_packet_key()?,
3014                ));
3015
3016                // `aead_next` is always `Some()` at this point, so the `unwrap()`
3017                // will never fail.
3018                aead = &aead_next.as_ref().unwrap().0;
3019            }
3020        }
3021
3022        let mut payload = packet::decrypt_pkt(
3023            &mut b,
3024            pn,
3025            pn_len,
3026            payload_len,
3027            aead,
3028        )
3029        .map_err(|e| {
3030            drop_pkt_on_err(e, self.recv_count, self.is_server, &self.trace_id)
3031        })?;
3032
3033        if self.pkt_num_spaces[epoch].recv_pkt_num.contains(pn) {
3034            trace!("{} ignored duplicate packet {}", self.trace_id, pn);
3035            return Err(Error::Done);
3036        }
3037
3038        // Packets with no frames are invalid.
3039        if payload.cap() == 0 {
3040            return Err(Error::InvalidPacket);
3041        }
3042
3043        // Now that we decrypted the packet, let's see if we can map it to an
3044        // existing path.
3045        let recv_pid = if hdr.ty == packet::Type::Short && self.got_peer_conn_id {
3046            let pkt_dcid = ConnectionId::from_ref(&hdr.dcid);
3047            self.get_or_create_recv_path_id(recv_pid, &pkt_dcid, buf_len, info)?
3048        } else {
3049            // During handshake, we are on the initial path.
3050            self.paths.get_active_path_id()?
3051        };
3052
3053        // The key update is verified once a packet is successfully decrypted
3054        // using the new keys.
3055        if let Some((open_next, seal_next)) = aead_next {
3056            if !self.pkt_num_spaces[epoch]
3057                .key_update
3058                .as_ref()
3059                .map_or(true, |prev| prev.update_acked)
3060            {
3061                // Peer has updated keys twice without awaiting confirmation.
3062                return Err(Error::KeyUpdate);
3063            }
3064
3065            trace!("{} key update verified", self.trace_id);
3066
3067            let _ = self.pkt_num_spaces[epoch].crypto_seal.replace(seal_next);
3068
3069            let open_prev = self.pkt_num_spaces[epoch]
3070                .crypto_open
3071                .replace(open_next)
3072                .unwrap();
3073
3074            let recv_path = self.paths.get_mut(recv_pid)?;
3075
3076            self.pkt_num_spaces[epoch].key_update = Some(packet::KeyUpdate {
3077                crypto_open: open_prev,
3078                pn_on_update: pn,
3079                update_acked: false,
3080                timer: now + (recv_path.recovery.pto() * 3),
3081            });
3082
3083            self.key_phase = !self.key_phase;
3084
3085            qlog_with_type!(QLOG_PACKET_RX, self.qlog, q, {
3086                let trigger = Some(
3087                    qlog::events::security::KeyUpdateOrRetiredTrigger::RemoteUpdate,
3088                );
3089
3090                let ev_data_client =
3091                    EventData::KeyUpdated(qlog::events::security::KeyUpdated {
3092                        key_type:
3093                            qlog::events::security::KeyType::Client1RttSecret,
3094                        trigger: trigger.clone(),
3095                        ..Default::default()
3096                    });
3097
3098                q.add_event_data_with_instant(ev_data_client, now).ok();
3099
3100                let ev_data_server =
3101                    EventData::KeyUpdated(qlog::events::security::KeyUpdated {
3102                        key_type:
3103                            qlog::events::security::KeyType::Server1RttSecret,
3104                        trigger,
3105                        ..Default::default()
3106                    });
3107
3108                q.add_event_data_with_instant(ev_data_server, now).ok();
3109            });
3110        }
3111
3112        if !self.is_server && !self.got_peer_conn_id {
3113            if self.odcid.is_none() {
3114                self.odcid = Some(self.destination_id().into_owned());
3115            }
3116
3117            // Replace the randomly generated destination connection ID with
3118            // the one supplied by the server.
3119            self.set_initial_dcid(
3120                hdr.scid.clone(),
3121                self.peer_transport_params.stateless_reset_token,
3122                recv_pid,
3123            )?;
3124
3125            self.got_peer_conn_id = true;
3126        }
3127
3128        if self.is_server && !self.got_peer_conn_id {
3129            self.set_initial_dcid(hdr.scid.clone(), None, recv_pid)?;
3130
3131            if !self.did_retry {
3132                self.local_transport_params
3133                    .original_destination_connection_id =
3134                    Some(hdr.dcid.to_vec().into());
3135
3136                self.encode_transport_params()?;
3137            }
3138
3139            self.got_peer_conn_id = true;
3140        }
3141
3142        // To avoid sending an ACK in response to an ACK-only packet, we need
3143        // to keep track of whether this packet contains any frame other than
3144        // ACK and PADDING.
3145        let mut ack_elicited = false;
3146
3147        // Process packet payload. If a frame cannot be processed, store the
3148        // error and stop further packet processing.
3149        let mut frame_processing_err = None;
3150
3151        // To know if the peer migrated the connection, we need to keep track
3152        // whether this is a non-probing packet.
3153        let mut probing = true;
3154
3155        // Process packet payload.
3156        while payload.cap() > 0 {
3157            let frame = frame::Frame::from_bytes(&mut payload, hdr.ty)?;
3158
3159            qlog_with_type!(QLOG_PACKET_RX, self.qlog, _q, {
3160                qlog_frames.push(frame.to_qlog());
3161            });
3162
3163            if frame.ack_eliciting() {
3164                ack_elicited = true;
3165            }
3166
3167            if !frame.probing() {
3168                probing = false;
3169            }
3170
3171            if let Err(e) = self.process_frame(frame, &hdr, recv_pid, epoch, now)
3172            {
3173                frame_processing_err = Some(e);
3174                break;
3175            }
3176        }
3177
3178        qlog_with_type!(QLOG_PACKET_RX, self.qlog, q, {
3179            let packet_size = b.len();
3180
3181            let qlog_pkt_hdr = qlog::events::quic::PacketHeader::with_type(
3182                hdr.ty.to_qlog(),
3183                Some(pn),
3184                Some(hdr.version),
3185                Some(&hdr.scid),
3186                Some(&hdr.dcid),
3187            );
3188
3189            let qlog_raw_info = RawInfo {
3190                length: Some(packet_size as u64),
3191                payload_length: Some(payload_len as u64),
3192                data: None,
3193            };
3194
3195            let ev_data =
3196                EventData::PacketReceived(qlog::events::quic::PacketReceived {
3197                    header: qlog_pkt_hdr,
3198                    frames: Some(qlog_frames),
3199                    raw: Some(qlog_raw_info),
3200                    ..Default::default()
3201                });
3202
3203            q.add_event_data_with_instant(ev_data, now).ok();
3204        });
3205
3206        qlog_with_type!(QLOG_PACKET_RX, self.qlog, q, {
3207            let recv_path = self.paths.get_mut(recv_pid)?;
3208            if let Some(ev_data) = recv_path.recovery.maybe_qlog() {
3209                q.add_event_data_with_instant(ev_data, now).ok();
3210            }
3211        });
3212
3213        if let Some(e) = frame_processing_err {
3214            // Any frame error is terminal, so now just return.
3215            return Err(e);
3216        }
3217
3218        // Only log the remote transport parameters once the connection is
3219        // established (i.e. after frames have been fully parsed) and only
3220        // once per connection.
3221        if self.is_established() {
3222            qlog_with_type!(QLOG_PARAMS_SET, self.qlog, q, {
3223                if !self.qlog.logged_peer_params {
3224                    let ev_data = self
3225                        .peer_transport_params
3226                        .to_qlog(TransportOwner::Remote, self.handshake.cipher());
3227
3228                    q.add_event_data_with_instant(ev_data, now).ok();
3229
3230                    self.qlog.logged_peer_params = true;
3231                }
3232            });
3233        }
3234
3235        // Following flag used to upgrade datagram size, if probe is successful.
3236        let mut pmtud_probe = false;
3237
3238        // Process acked frames. Note that several packets from several paths
3239        // might have been acked by the received packet.
3240        for (_, p) in self.paths.iter_mut() {
3241            for acked in p.recovery.get_acked_frames(epoch) {
3242                match acked {
3243                    frame::Frame::Ping {
3244                        mtu_probe: Some(mtu_probe),
3245                    } => {
3246                        let pmtud_next = p.pmtud.get_current();
3247                        p.pmtud.set_current(cmp::max(pmtud_next, mtu_probe));
3248
3249                        // Stop sending path MTU probes after successful probe.
3250                        p.pmtud.should_probe(false);
3251                        pmtud_probe = true;
3252
3253                        trace!(
3254                            "{} pmtud acked; pmtu size {:?}",
3255                            self.trace_id,
3256                            p.pmtud.get_current()
3257                        );
3258                    },
3259
3260                    frame::Frame::ACK { ranges, .. } => {
3261                        // Stop acknowledging packets less than or equal to the
3262                        // largest acknowledged in the sent ACK frame that, in
3263                        // turn, got acked.
3264                        if let Some(largest_acked) = ranges.last() {
3265                            self.pkt_num_spaces[epoch]
3266                                .recv_pkt_need_ack
3267                                .remove_until(largest_acked);
3268                        }
3269                    },
3270
3271                    frame::Frame::CryptoHeader { offset, length } => {
3272                        self.pkt_num_spaces[epoch]
3273                            .crypto_stream
3274                            .send
3275                            .ack_and_drop(offset, length);
3276                    },
3277
3278                    frame::Frame::StreamHeader {
3279                        stream_id,
3280                        offset,
3281                        length,
3282                        ..
3283                    } => {
3284                        let stream = match self.streams.get_mut(stream_id) {
3285                            Some(v) => v,
3286
3287                            None => continue,
3288                        };
3289
3290                        stream.send.ack_and_drop(offset, length);
3291
3292                        self.tx_buffered =
3293                            self.tx_buffered.saturating_sub(length);
3294
3295                        qlog_with_type!(QLOG_DATA_MV, self.qlog, q, {
3296                            let ev_data = EventData::DataMoved(
3297                                qlog::events::quic::DataMoved {
3298                                    stream_id: Some(stream_id),
3299                                    offset: Some(offset),
3300                                    length: Some(length as u64),
3301                                    from: Some(DataRecipient::Transport),
3302                                    to: Some(DataRecipient::Dropped),
3303                                    ..Default::default()
3304                                },
3305                            );
3306
3307                            q.add_event_data_with_instant(ev_data, now).ok();
3308                        });
3309
3310                        // Only collect the stream if it is complete and not
3311                        // readable. If it is readable, it will get collected when
3312                        // stream_recv() is used.
3313                        if stream.is_complete() && !stream.is_readable() {
3314                            let local = stream.local;
3315                            self.streams.collect(stream_id, local);
3316                        }
3317                    },
3318
3319                    frame::Frame::HandshakeDone => {
3320                        // Explicitly set this to true, so that if the frame was
3321                        // already scheduled for retransmission, it is aborted.
3322                        self.handshake_done_sent = true;
3323
3324                        self.handshake_done_acked = true;
3325                    },
3326
3327                    frame::Frame::ResetStream { stream_id, .. } => {
3328                        let stream = match self.streams.get_mut(stream_id) {
3329                            Some(v) => v,
3330
3331                            None => continue,
3332                        };
3333
3334                        // Only collect the stream if it is complete and not
3335                        // readable. If it is readable, it will get collected when
3336                        // stream_recv() is used.
3337                        if stream.is_complete() && !stream.is_readable() {
3338                            let local = stream.local;
3339                            self.streams.collect(stream_id, local);
3340                        }
3341                    },
3342
3343                    _ => (),
3344                }
3345            }
3346
3347            // Update max datagram send size with newly acked probe size.
3348            if pmtud_probe {
3349                trace!(
3350                    "{} updating pmtu {:?}",
3351                    p.pmtud.get_current(),
3352                    self.trace_id
3353                );
3354
3355                qlog_with_type!(
3356                    EventType::ConnectivityEventType(
3357                        ConnectivityEventType::MtuUpdated
3358                    ),
3359                    self.qlog,
3360                    q,
3361                    {
3362                        let pmtu_data = EventData::MtuUpdated(
3363                            qlog::events::connectivity::MtuUpdated {
3364                                old: Some(p.recovery.max_datagram_size() as u16),
3365                                new: p.pmtud.get_current() as u16,
3366                                done: Some(pmtud_probe),
3367                            },
3368                        );
3369
3370                        q.add_event_data_with_instant(pmtu_data, now).ok();
3371                    }
3372                );
3373
3374                p.recovery
3375                    .pmtud_update_max_datagram_size(p.pmtud.get_current());
3376            }
3377        }
3378
3379        // Now that we processed all the frames, if there is a path that has no
3380        // Destination CID, try to allocate one.
3381        let no_dcid = self
3382            .paths
3383            .iter_mut()
3384            .filter(|(_, p)| p.active_dcid_seq.is_none());
3385
3386        for (pid, p) in no_dcid {
3387            if self.ids.zero_length_dcid() {
3388                p.active_dcid_seq = Some(0);
3389                continue;
3390            }
3391
3392            let dcid_seq = match self.ids.lowest_available_dcid_seq() {
3393                Some(seq) => seq,
3394                None => break,
3395            };
3396
3397            self.ids.link_dcid_to_path_id(dcid_seq, pid)?;
3398
3399            p.active_dcid_seq = Some(dcid_seq);
3400        }
3401
3402        // We only record the time of arrival of the largest packet number
3403        // that still needs to be acked, to be used for ACK delay calculation.
3404        if self.pkt_num_spaces[epoch].recv_pkt_need_ack.last() < Some(pn) {
3405            self.pkt_num_spaces[epoch].largest_rx_pkt_time = now;
3406        }
3407
3408        self.pkt_num_spaces[epoch].recv_pkt_num.insert(pn);
3409
3410        self.pkt_num_spaces[epoch].recv_pkt_need_ack.push_item(pn);
3411
3412        self.pkt_num_spaces[epoch].ack_elicited =
3413            cmp::max(self.pkt_num_spaces[epoch].ack_elicited, ack_elicited);
3414
3415        self.pkt_num_spaces[epoch].largest_rx_pkt_num =
3416            cmp::max(self.pkt_num_spaces[epoch].largest_rx_pkt_num, pn);
3417
3418        if !probing {
3419            self.pkt_num_spaces[epoch].largest_rx_non_probing_pkt_num = cmp::max(
3420                self.pkt_num_spaces[epoch].largest_rx_non_probing_pkt_num,
3421                pn,
3422            );
3423
3424            // Did the peer migrated to another path?
3425            let active_path_id = self.paths.get_active_path_id()?;
3426
3427            if self.is_server &&
3428                recv_pid != active_path_id &&
3429                self.pkt_num_spaces[epoch].largest_rx_non_probing_pkt_num == pn
3430            {
3431                self.on_peer_migrated(recv_pid, self.disable_dcid_reuse, now)?;
3432            }
3433        }
3434
3435        if let Some(idle_timeout) = self.idle_timeout() {
3436            self.idle_timer = Some(now + idle_timeout);
3437        }
3438
3439        // Update send capacity.
3440        self.update_tx_cap();
3441
3442        self.recv_count += 1;
3443        self.paths.get_mut(recv_pid)?.recv_count += 1;
3444
3445        let read = b.off() + aead_tag_len;
3446
3447        self.recv_bytes += read as u64;
3448        self.paths.get_mut(recv_pid)?.recv_bytes += read as u64;
3449
3450        // An Handshake packet has been received from the client and has been
3451        // successfully processed, so we can drop the initial state and consider
3452        // the client's address to be verified.
3453        if self.is_server && hdr.ty == packet::Type::Handshake {
3454            self.drop_epoch_state(packet::Epoch::Initial, now);
3455
3456            self.paths.get_mut(recv_pid)?.verified_peer_address = true;
3457        }
3458
3459        self.ack_eliciting_sent = false;
3460
3461        Ok(read)
3462    }
3463
3464    /// Writes a single QUIC packet to be sent to the peer.
3465    ///
3466    /// On success the number of bytes written to the output buffer is
3467    /// returned, or [`Done`] if there was nothing to write.
3468    ///
3469    /// The application should call `send()` multiple times until [`Done`] is
3470    /// returned, indicating that there are no more packets to send. It is
3471    /// recommended that `send()` be called in the following cases:
3472    ///
3473    ///  * When the application receives QUIC packets from the peer (that is,
3474    ///    any time [`recv()`] is also called).
3475    ///
3476    ///  * When the connection timer expires (that is, any time [`on_timeout()`]
3477    ///    is also called).
3478    ///
3479    ///  * When the application sends data to the peer (for example, any time
3480    ///    [`stream_send()`] or [`stream_shutdown()`] are called).
3481    ///
3482    ///  * When the application receives data from the peer (for example any
3483    ///    time [`stream_recv()`] is called).
3484    ///
3485    /// Once [`is_draining()`] returns `true`, it is no longer necessary to call
3486    /// `send()` and all calls will return [`Done`].
3487    ///
3488    /// [`Done`]: enum.Error.html#variant.Done
3489    /// [`recv()`]: struct.Connection.html#method.recv
3490    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
3491    /// [`stream_send()`]: struct.Connection.html#method.stream_send
3492    /// [`stream_shutdown()`]: struct.Connection.html#method.stream_shutdown
3493    /// [`stream_recv()`]: struct.Connection.html#method.stream_recv
3494    /// [`is_draining()`]: struct.Connection.html#method.is_draining
3495    ///
3496    /// ## Examples:
3497    ///
3498    /// ```no_run
3499    /// # let mut out = [0; 512];
3500    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3501    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3502    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3503    /// # let peer = "127.0.0.1:1234".parse().unwrap();
3504    /// # let local = socket.local_addr().unwrap();
3505    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
3506    /// loop {
3507    ///     let (write, send_info) = match conn.send(&mut out) {
3508    ///         Ok(v) => v,
3509    ///
3510    ///         Err(quiche::Error::Done) => {
3511    ///             // Done writing.
3512    ///             break;
3513    ///         },
3514    ///
3515    ///         Err(e) => {
3516    ///             // An error occurred, handle it.
3517    ///             break;
3518    ///         },
3519    ///     };
3520    ///
3521    ///     socket.send_to(&out[..write], &send_info.to).unwrap();
3522    /// }
3523    /// # Ok::<(), quiche::Error>(())
3524    /// ```
3525    pub fn send(&mut self, out: &mut [u8]) -> Result<(usize, SendInfo)> {
3526        self.send_on_path(out, None, None)
3527    }
3528
3529    /// Writes a single QUIC packet to be sent to the peer from the specified
3530    /// local address `from` to the destination address `to`.
3531    ///
3532    /// The behavior of this method differs depending on the value of the `from`
3533    /// and `to` parameters:
3534    ///
3535    ///  * If both are `Some`, then the method only consider the 4-tuple
3536    ///    (`from`, `to`). Application can monitor the 4-tuple availability,
3537    ///    either by monitoring [`path_event_next()`] events or by relying on
3538    ///    the [`paths_iter()`] method. If the provided 4-tuple does not exist
3539    ///    on the connection (anymore), it returns an [`InvalidState`].
3540    ///
3541    ///  * If `from` is `Some` and `to` is `None`, then the method only
3542    ///    considers sending packets on paths having `from` as local address.
3543    ///
3544    ///  * If `to` is `Some` and `from` is `None`, then the method only
3545    ///    considers sending packets on paths having `to` as peer address.
3546    ///
3547    ///  * If both are `None`, all available paths are considered.
3548    ///
3549    /// On success the number of bytes written to the output buffer is
3550    /// returned, or [`Done`] if there was nothing to write.
3551    ///
3552    /// The application should call `send_on_path()` multiple times until
3553    /// [`Done`] is returned, indicating that there are no more packets to
3554    /// send. It is recommended that `send_on_path()` be called in the
3555    /// following cases:
3556    ///
3557    ///  * When the application receives QUIC packets from the peer (that is,
3558    ///    any time [`recv()`] is also called).
3559    ///
3560    ///  * When the connection timer expires (that is, any time [`on_timeout()`]
3561    ///    is also called).
3562    ///
3563    ///  * When the application sends data to the peer (for examples, any time
3564    ///    [`stream_send()`] or [`stream_shutdown()`] are called).
3565    ///
3566    ///  * When the application receives data from the peer (for example any
3567    ///    time [`stream_recv()`] is called).
3568    ///
3569    /// Once [`is_draining()`] returns `true`, it is no longer necessary to call
3570    /// `send_on_path()` and all calls will return [`Done`].
3571    ///
3572    /// [`Done`]: enum.Error.html#variant.Done
3573    /// [`InvalidState`]: enum.Error.html#InvalidState
3574    /// [`recv()`]: struct.Connection.html#method.recv
3575    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
3576    /// [`stream_send()`]: struct.Connection.html#method.stream_send
3577    /// [`stream_shutdown()`]: struct.Connection.html#method.stream_shutdown
3578    /// [`stream_recv()`]: struct.Connection.html#method.stream_recv
3579    /// [`path_event_next()`]: struct.Connection.html#method.path_event_next
3580    /// [`paths_iter()`]: struct.Connection.html#method.paths_iter
3581    /// [`is_draining()`]: struct.Connection.html#method.is_draining
3582    ///
3583    /// ## Examples:
3584    ///
3585    /// ```no_run
3586    /// # let mut out = [0; 512];
3587    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
3588    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
3589    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
3590    /// # let peer = "127.0.0.1:1234".parse().unwrap();
3591    /// # let local = socket.local_addr().unwrap();
3592    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
3593    /// loop {
3594    ///     let (write, send_info) = match conn.send_on_path(&mut out, Some(local), Some(peer)) {
3595    ///         Ok(v) => v,
3596    ///
3597    ///         Err(quiche::Error::Done) => {
3598    ///             // Done writing.
3599    ///             break;
3600    ///         },
3601    ///
3602    ///         Err(e) => {
3603    ///             // An error occurred, handle it.
3604    ///             break;
3605    ///         },
3606    ///     };
3607    ///
3608    ///     socket.send_to(&out[..write], &send_info.to).unwrap();
3609    /// }
3610    /// # Ok::<(), quiche::Error>(())
3611    /// ```
3612    pub fn send_on_path(
3613        &mut self, out: &mut [u8], from: Option<SocketAddr>,
3614        to: Option<SocketAddr>,
3615    ) -> Result<(usize, SendInfo)> {
3616        if out.is_empty() {
3617            return Err(Error::BufferTooShort);
3618        }
3619
3620        if self.is_closed() || self.is_draining() {
3621            return Err(Error::Done);
3622        }
3623
3624        let now = time::Instant::now();
3625
3626        if self.local_error.is_none() {
3627            self.do_handshake(now)?;
3628        }
3629
3630        // Forwarding the error value here could confuse
3631        // applications, as they may not expect getting a `recv()`
3632        // error when calling `send()`.
3633        //
3634        // We simply fall-through to sending packets, which should
3635        // take care of terminating the connection as needed.
3636        let _ = self.process_undecrypted_0rtt_packets();
3637
3638        // There's no point in trying to send a packet if the Initial secrets
3639        // have not been derived yet, so return early.
3640        if !self.derived_initial_secrets {
3641            return Err(Error::Done);
3642        }
3643
3644        let mut has_initial = false;
3645
3646        let mut done = 0;
3647
3648        // Limit output packet size to respect the sender and receiver's
3649        // maximum UDP payload size limit.
3650        let mut left = cmp::min(out.len(), self.max_send_udp_payload_size());
3651
3652        let send_pid = match (from, to) {
3653            (Some(f), Some(t)) => self
3654                .paths
3655                .path_id_from_addrs(&(f, t))
3656                .ok_or(Error::InvalidState)?,
3657
3658            _ => self.get_send_path_id(from, to)?,
3659        };
3660
3661        let send_path = self.paths.get_mut(send_pid)?;
3662
3663        // Update max datagram size to allow path MTU discovery probe to be sent.
3664        if send_path.pmtud.get_probe_status() {
3665            let size = if self.handshake_confirmed || self.handshake_done_sent {
3666                send_path.pmtud.get_probe_size()
3667            } else {
3668                send_path.pmtud.get_current()
3669            };
3670
3671            send_path.recovery.pmtud_update_max_datagram_size(size);
3672
3673            left = cmp::min(out.len(), send_path.recovery.max_datagram_size());
3674        }
3675
3676        // Limit data sent by the server based on the amount of data received
3677        // from the client before its address is validated.
3678        if !send_path.verified_peer_address && self.is_server {
3679            left = cmp::min(left, send_path.max_send_bytes);
3680        }
3681
3682        // Generate coalesced packets.
3683        while left > 0 {
3684            let (ty, written) = match self.send_single(
3685                &mut out[done..done + left],
3686                send_pid,
3687                has_initial,
3688                now,
3689            ) {
3690                Ok(v) => v,
3691
3692                Err(Error::BufferTooShort) | Err(Error::Done) => break,
3693
3694                Err(e) => return Err(e),
3695            };
3696
3697            done += written;
3698            left -= written;
3699
3700            match ty {
3701                packet::Type::Initial => has_initial = true,
3702
3703                // No more packets can be coalesced after a 1-RTT.
3704                packet::Type::Short => break,
3705
3706                _ => (),
3707            };
3708
3709            // When sending multiple PTO probes, don't coalesce them together,
3710            // so they are sent on separate UDP datagrams.
3711            if let Ok(epoch) = ty.to_epoch() {
3712                if self.paths.get_mut(send_pid)?.recovery.loss_probes(epoch) > 0 {
3713                    break;
3714                }
3715            }
3716
3717            // Don't coalesce packets that must go on different paths.
3718            if !(from.is_some() && to.is_some()) &&
3719                self.get_send_path_id(from, to)? != send_pid
3720            {
3721                break;
3722            }
3723        }
3724
3725        if done == 0 {
3726            self.last_tx_data = self.tx_data;
3727
3728            return Err(Error::Done);
3729        }
3730
3731        // Pad UDP datagram if it contains a QUIC Initial packet.
3732        #[cfg(not(feature = "fuzzing"))]
3733        if has_initial && left > 0 && done < MIN_CLIENT_INITIAL_LEN {
3734            let pad_len = cmp::min(left, MIN_CLIENT_INITIAL_LEN - done);
3735
3736            // Fill padding area with null bytes, to avoid leaking information
3737            // in case the application reuses the packet buffer.
3738            out[done..done + pad_len].fill(0);
3739
3740            done += pad_len;
3741        }
3742
3743        let send_path = self.paths.get(send_pid)?;
3744
3745        let info = SendInfo {
3746            from: send_path.local_addr(),
3747            to: send_path.peer_addr(),
3748
3749            at: send_path.recovery.get_packet_send_time(),
3750        };
3751
3752        Ok((done, info))
3753    }
3754
3755    fn send_single(
3756        &mut self, out: &mut [u8], send_pid: usize, has_initial: bool,
3757        now: time::Instant,
3758    ) -> Result<(packet::Type, usize)> {
3759        if out.is_empty() {
3760            return Err(Error::BufferTooShort);
3761        }
3762
3763        if self.is_draining() {
3764            return Err(Error::Done);
3765        }
3766
3767        let is_closing = self.local_error.is_some();
3768
3769        let out_len = out.len();
3770
3771        let mut b = octets::OctetsMut::with_slice(out);
3772
3773        let pkt_type = self.write_pkt_type(send_pid)?;
3774
3775        let max_dgram_len = if !self.dgram_send_queue.is_empty() {
3776            self.dgram_max_writable_len()
3777        } else {
3778            None
3779        };
3780
3781        let epoch = pkt_type.to_epoch()?;
3782        let pkt_space = &mut self.pkt_num_spaces[epoch];
3783
3784        // Process lost frames. There might be several paths having lost frames.
3785        for (_, p) in self.paths.iter_mut() {
3786            for lost in p.recovery.get_lost_frames(epoch) {
3787                match lost {
3788                    frame::Frame::CryptoHeader { offset, length } => {
3789                        pkt_space.crypto_stream.send.retransmit(offset, length);
3790
3791                        self.stream_retrans_bytes += length as u64;
3792                        p.stream_retrans_bytes += length as u64;
3793
3794                        self.retrans_count += 1;
3795                        p.retrans_count += 1;
3796                    },
3797
3798                    frame::Frame::StreamHeader {
3799                        stream_id,
3800                        offset,
3801                        length,
3802                        fin,
3803                    } => {
3804                        let stream = match self.streams.get_mut(stream_id) {
3805                            Some(v) => v,
3806
3807                            None => continue,
3808                        };
3809
3810                        let was_flushable = stream.is_flushable();
3811
3812                        let empty_fin = length == 0 && fin;
3813
3814                        stream.send.retransmit(offset, length);
3815
3816                        // If the stream is now flushable push it to the
3817                        // flushable queue, but only if it wasn't already
3818                        // queued.
3819                        //
3820                        // Consider the stream flushable also when we are
3821                        // sending a zero-length frame that has the fin flag
3822                        // set.
3823                        if (stream.is_flushable() || empty_fin) && !was_flushable
3824                        {
3825                            let priority_key = Arc::clone(&stream.priority_key);
3826                            self.streams.insert_flushable(&priority_key);
3827                        }
3828
3829                        self.stream_retrans_bytes += length as u64;
3830                        p.stream_retrans_bytes += length as u64;
3831
3832                        self.retrans_count += 1;
3833                        p.retrans_count += 1;
3834                    },
3835
3836                    frame::Frame::ACK { .. } => {
3837                        pkt_space.ack_elicited = true;
3838                    },
3839
3840                    frame::Frame::ResetStream {
3841                        stream_id,
3842                        error_code,
3843                        final_size,
3844                    } =>
3845                        if self.streams.get(stream_id).is_some() {
3846                            self.streams
3847                                .insert_reset(stream_id, error_code, final_size);
3848                        },
3849
3850                    // Retransmit HANDSHAKE_DONE only if it hasn't been acked at
3851                    // least once already.
3852                    frame::Frame::HandshakeDone if !self.handshake_done_acked => {
3853                        self.handshake_done_sent = false;
3854                    },
3855
3856                    frame::Frame::MaxStreamData { stream_id, .. } => {
3857                        if self.streams.get(stream_id).is_some() {
3858                            self.streams.insert_almost_full(stream_id);
3859                        }
3860                    },
3861
3862                    frame::Frame::MaxData { .. } => {
3863                        self.almost_full = true;
3864                    },
3865
3866                    frame::Frame::NewConnectionId { seq_num, .. } => {
3867                        self.ids.mark_advertise_new_scid_seq(seq_num, true);
3868                    },
3869
3870                    frame::Frame::RetireConnectionId { seq_num } => {
3871                        self.ids.mark_retire_dcid_seq(seq_num, true)?;
3872                    },
3873
3874                    frame::Frame::Ping { mtu_probe } if mtu_probe.is_some() => {
3875                        p.pmtud.pmtu_probe_lost();
3876                    },
3877
3878                    _ => (),
3879                }
3880            }
3881        }
3882
3883        let is_app_limited = self.delivery_rate_check_if_app_limited();
3884        let n_paths = self.paths.len();
3885        let path = self.paths.get_mut(send_pid)?;
3886        let flow_control = &mut self.flow_control;
3887        let pkt_space = &mut self.pkt_num_spaces[epoch];
3888
3889        let mut left = if path.pmtud.is_enabled() {
3890            // Limit output buffer size by estimated path MTU.
3891            cmp::min(path.pmtud.get_current(), b.cap())
3892        } else {
3893            b.cap()
3894        };
3895
3896        let pn = self.next_pkt_num;
3897        let largest_acked_pkt =
3898            path.recovery.get_largest_acked_on_epoch(epoch).unwrap_or(0);
3899        let pn_len = packet::pkt_num_len(pn, largest_acked_pkt);
3900
3901        // The AEAD overhead at the current encryption level.
3902        let crypto_overhead = pkt_space.crypto_overhead().ok_or(Error::Done)?;
3903
3904        let dcid_seq = path.active_dcid_seq.ok_or(Error::OutOfIdentifiers)?;
3905
3906        let dcid =
3907            ConnectionId::from_ref(self.ids.get_dcid(dcid_seq)?.cid.as_ref());
3908
3909        let scid = if let Some(scid_seq) = path.active_scid_seq {
3910            ConnectionId::from_ref(self.ids.get_scid(scid_seq)?.cid.as_ref())
3911        } else if pkt_type == packet::Type::Short {
3912            ConnectionId::default()
3913        } else {
3914            return Err(Error::InvalidState);
3915        };
3916
3917        let hdr = Header {
3918            ty: pkt_type,
3919
3920            version: self.version,
3921
3922            dcid,
3923            scid,
3924
3925            pkt_num: 0,
3926            pkt_num_len: pn_len,
3927
3928            // Only clone token for Initial packets, as other packets don't have
3929            // this field (Retry doesn't count, as it's not encoded as part of
3930            // this code path).
3931            token: if pkt_type == packet::Type::Initial {
3932                self.token.clone()
3933            } else {
3934                None
3935            },
3936
3937            versions: None,
3938            key_phase: self.key_phase,
3939        };
3940
3941        hdr.to_bytes(&mut b)?;
3942
3943        let hdr_trace = if log::max_level() == log::LevelFilter::Trace {
3944            Some(format!("{hdr:?}"))
3945        } else {
3946            None
3947        };
3948
3949        let hdr_ty = hdr.ty;
3950
3951        #[cfg(feature = "qlog")]
3952        let qlog_pkt_hdr = self.qlog.streamer.as_ref().map(|_q| {
3953            qlog::events::quic::PacketHeader::with_type(
3954                hdr.ty.to_qlog(),
3955                Some(pn),
3956                Some(hdr.version),
3957                Some(&hdr.scid),
3958                Some(&hdr.dcid),
3959            )
3960        });
3961
3962        // Calculate the space required for the packet, including the header
3963        // the payload length, the packet number and the AEAD overhead.
3964        let mut overhead = b.off() + pn_len + crypto_overhead;
3965
3966        // We assume that the payload length, which is only present in long
3967        // header packets, can always be encoded with a 2-byte varint.
3968        if pkt_type != packet::Type::Short {
3969            overhead += PAYLOAD_LENGTH_LEN;
3970        }
3971
3972        // Make sure we have enough space left for the packet overhead.
3973        match left.checked_sub(overhead) {
3974            Some(v) => left = v,
3975
3976            None => {
3977                // We can't send more because there isn't enough space available
3978                // in the output buffer.
3979                //
3980                // This usually happens when we try to send a new packet but
3981                // failed because cwnd is almost full. In such case app_limited
3982                // is set to false here to make cwnd grow when ACK is received.
3983                path.recovery.update_app_limited(false);
3984                return Err(Error::Done);
3985            },
3986        }
3987
3988        // Make sure there is enough space for the minimum payload length.
3989        if left < PAYLOAD_MIN_LEN {
3990            path.recovery.update_app_limited(false);
3991            return Err(Error::Done);
3992        }
3993
3994        let mut frames: SmallVec<[frame::Frame; 1]> = SmallVec::new();
3995
3996        let mut ack_eliciting = false;
3997        let mut in_flight = false;
3998        // Foll. flag used to upgrade datagram size, if probe successful
3999        let mut pmtud_probe = false;
4000        let mut has_data = false;
4001
4002        // Whether or not we should explicitly elicit an ACK via PING frame if we
4003        // implicitly elicit one otherwise.
4004        let ack_elicit_required = path.recovery.should_elicit_ack(epoch);
4005
4006        let header_offset = b.off();
4007
4008        // Reserve space for payload length in advance. Since we don't yet know
4009        // what the final length will be, we reserve 2 bytes in all cases.
4010        //
4011        // Only long header packets have an explicit length field.
4012        if pkt_type != packet::Type::Short {
4013            b.skip(PAYLOAD_LENGTH_LEN)?;
4014        }
4015
4016        packet::encode_pkt_num(pn, pn_len, &mut b)?;
4017
4018        let payload_offset = b.off();
4019
4020        let cwnd_available =
4021            path.recovery.cwnd_available().saturating_sub(overhead);
4022
4023        let left_before_packing_ack_frame = left;
4024
4025        // Create ACK frame.
4026        //
4027        // When we need to explicitly elicit an ACK via PING later, go ahead and
4028        // generate an ACK (if there's anything to ACK) since we're going to
4029        // send a packet with PING anyways, even if we haven't received anything
4030        // ACK eliciting.
4031        if pkt_space.recv_pkt_need_ack.len() > 0 &&
4032            (pkt_space.ack_elicited || ack_elicit_required) &&
4033            (!is_closing ||
4034                (pkt_type == Type::Handshake &&
4035                    self.local_error
4036                        .as_ref()
4037                        .is_some_and(|le| le.is_app))) &&
4038            path.active()
4039        {
4040            let ack_delay = pkt_space.largest_rx_pkt_time.elapsed();
4041
4042            let ack_delay = ack_delay.as_micros() as u64 /
4043                2_u64
4044                    .pow(self.local_transport_params.ack_delay_exponent as u32);
4045
4046            let frame = frame::Frame::ACK {
4047                ack_delay,
4048                ranges: pkt_space.recv_pkt_need_ack.clone(),
4049                ecn_counts: None, // sending ECN is not supported at this time
4050            };
4051
4052            // When a PING frame needs to be sent, avoid sending the ACK if
4053            // there is not enough cwnd available for both (note that PING
4054            // frames are always 1 byte, so we just need to check that the
4055            // ACK's length is lower than cwnd).
4056            if pkt_space.ack_elicited || frame.wire_len() < cwnd_available {
4057                // ACK-only packets are not congestion controlled so ACKs must
4058                // be bundled considering the buffer capacity only, and not the
4059                // available cwnd.
4060                if push_frame_to_pkt!(b, frames, frame, left) {
4061                    pkt_space.ack_elicited = false;
4062                }
4063            }
4064        }
4065
4066        // Limit output packet size by congestion window size.
4067        left = cmp::min(
4068            left,
4069            // Bytes consumed by ACK frames.
4070            cwnd_available.saturating_sub(left_before_packing_ack_frame - left),
4071        );
4072
4073        let mut challenge_data = None;
4074
4075        let active_path = self.paths.get_active_mut()?;
4076
4077        if pkt_type == packet::Type::Short {
4078            // Create PMTUD probe.
4079            //
4080            // In order to send a PMTUD probe the current `left` value, which was
4081            // already limited by the current PMTU measure, needs to be ignored,
4082            // but the outgoing packet still needs to be limited by
4083            // the output buffer size, as well as the congestion
4084            // window.
4085            //
4086            // In addition, the PMTUD probe is only generated when the handshake
4087            // is confirmed, to avoid interfering with the handshake
4088            // (e.g. due to the anti-amplification limits).
4089
4090            let pmtu_probe = active_path.should_send_pmtu_probe(
4091                self.handshake_confirmed,
4092                self.handshake_done_sent,
4093                out_len,
4094                is_closing,
4095                frames.is_empty(),
4096            );
4097
4098            trace!("{} pmtud probe status {} hs_con={} hs_sent={} cwnd_avail={} out_len={} left={}", self.trace_id, pmtu_probe, self.handshake_confirmed, self.handshake_done_sent,
4099                    active_path.recovery.cwnd_available(), out_len, left);
4100
4101            if pmtu_probe {
4102                trace!(
4103                    "{} sending pmtud probe pmtu_probe={} next_size={} pmtu={}",
4104                    self.trace_id,
4105                    active_path.pmtud.get_probe_size(),
4106                    active_path.pmtud.get_probe_status(),
4107                    active_path.pmtud.get_current(),
4108                );
4109
4110                left = active_path.pmtud.get_probe_size();
4111
4112                match left.checked_sub(overhead) {
4113                    Some(v) => left = v,
4114
4115                    None => {
4116                        // We can't send more because there isn't enough space
4117                        // available in the output buffer.
4118                        //
4119                        // This usually happens when we try to send a new packet
4120                        // but failed because cwnd is almost full.
4121                        //
4122                        // In such case app_limited is set to false here to make
4123                        // cwnd grow when ACK is received.
4124                        active_path.recovery.update_app_limited(false);
4125                        return Err(Error::Done);
4126                    },
4127                }
4128
4129                let frame = frame::Frame::Padding {
4130                    len: active_path.pmtud.get_probe_size() - overhead - 1,
4131                };
4132
4133                if push_frame_to_pkt!(b, frames, frame, left) {
4134                    let frame = frame::Frame::Ping {
4135                        mtu_probe: Some(active_path.pmtud.get_probe_size()),
4136                    };
4137
4138                    if push_frame_to_pkt!(b, frames, frame, left) {
4139                        ack_eliciting = true;
4140                        in_flight = true;
4141                    }
4142                }
4143
4144                pmtud_probe = true;
4145            }
4146
4147            let path = self.paths.get_mut(send_pid)?;
4148            // Create PATH_RESPONSE frame if needed.
4149            // We do not try to ensure that these are really sent.
4150            while let Some(challenge) = path.pop_received_challenge() {
4151                let frame = frame::Frame::PathResponse { data: challenge };
4152
4153                if push_frame_to_pkt!(b, frames, frame, left) {
4154                    ack_eliciting = true;
4155                    in_flight = true;
4156                } else {
4157                    // If there are other pending PATH_RESPONSE, don't lose them
4158                    // now.
4159                    break;
4160                }
4161            }
4162
4163            // Create PATH_CHALLENGE frame if needed.
4164            if path.validation_requested() {
4165                // TODO: ensure that data is unique over paths.
4166                let data = rand::rand_u64().to_be_bytes();
4167
4168                let frame = frame::Frame::PathChallenge { data };
4169
4170                if push_frame_to_pkt!(b, frames, frame, left) {
4171                    // Let's notify the path once we know the packet size.
4172                    challenge_data = Some(data);
4173
4174                    ack_eliciting = true;
4175                    in_flight = true;
4176                }
4177            }
4178
4179            if let Some(key_update) = pkt_space.key_update.as_mut() {
4180                key_update.update_acked = true;
4181            }
4182        }
4183
4184        let path = self.paths.get_mut(send_pid)?;
4185
4186        if pkt_type == packet::Type::Short && !is_closing {
4187            // Create NEW_CONNECTION_ID frames as needed.
4188            while let Some(seq_num) = self.ids.next_advertise_new_scid_seq() {
4189                let frame = self.ids.get_new_connection_id_frame_for(seq_num)?;
4190
4191                if push_frame_to_pkt!(b, frames, frame, left) {
4192                    self.ids.mark_advertise_new_scid_seq(seq_num, false);
4193
4194                    ack_eliciting = true;
4195                    in_flight = true;
4196                } else {
4197                    break;
4198                }
4199            }
4200        }
4201
4202        if pkt_type == packet::Type::Short && !is_closing && path.active() {
4203            // Create HANDSHAKE_DONE frame.
4204            // self.should_send_handshake_done() but without the need to borrow
4205            if self.handshake_completed &&
4206                !self.handshake_done_sent &&
4207                self.is_server
4208            {
4209                let frame = frame::Frame::HandshakeDone;
4210
4211                if push_frame_to_pkt!(b, frames, frame, left) {
4212                    self.handshake_done_sent = true;
4213
4214                    ack_eliciting = true;
4215                    in_flight = true;
4216                }
4217            }
4218
4219            // Create MAX_STREAMS_BIDI frame.
4220            if self.streams.should_update_max_streams_bidi() {
4221                let frame = frame::Frame::MaxStreamsBidi {
4222                    max: self.streams.max_streams_bidi_next(),
4223                };
4224
4225                if push_frame_to_pkt!(b, frames, frame, left) {
4226                    self.streams.update_max_streams_bidi();
4227
4228                    ack_eliciting = true;
4229                    in_flight = true;
4230                }
4231            }
4232
4233            // Create MAX_STREAMS_UNI frame.
4234            if self.streams.should_update_max_streams_uni() {
4235                let frame = frame::Frame::MaxStreamsUni {
4236                    max: self.streams.max_streams_uni_next(),
4237                };
4238
4239                if push_frame_to_pkt!(b, frames, frame, left) {
4240                    self.streams.update_max_streams_uni();
4241
4242                    ack_eliciting = true;
4243                    in_flight = true;
4244                }
4245            }
4246
4247            // Create DATA_BLOCKED frame.
4248            if let Some(limit) = self.blocked_limit {
4249                let frame = frame::Frame::DataBlocked { limit };
4250
4251                if push_frame_to_pkt!(b, frames, frame, left) {
4252                    self.blocked_limit = None;
4253
4254                    ack_eliciting = true;
4255                    in_flight = true;
4256                }
4257            }
4258
4259            // Create MAX_STREAM_DATA frames as needed.
4260            for stream_id in self.streams.almost_full() {
4261                let stream = match self.streams.get_mut(stream_id) {
4262                    Some(v) => v,
4263
4264                    None => {
4265                        // The stream doesn't exist anymore, so remove it from
4266                        // the almost full set.
4267                        self.streams.remove_almost_full(stream_id);
4268                        continue;
4269                    },
4270                };
4271
4272                // Autotune the stream window size.
4273                stream.recv.autotune_window(now, path.recovery.rtt());
4274
4275                let frame = frame::Frame::MaxStreamData {
4276                    stream_id,
4277                    max: stream.recv.max_data_next(),
4278                };
4279
4280                if push_frame_to_pkt!(b, frames, frame, left) {
4281                    let recv_win = stream.recv.window();
4282
4283                    stream.recv.update_max_data(now);
4284
4285                    self.streams.remove_almost_full(stream_id);
4286
4287                    ack_eliciting = true;
4288                    in_flight = true;
4289
4290                    // Make sure the connection window always has some
4291                    // room compared to the stream window.
4292                    flow_control.ensure_window_lower_bound(
4293                        (recv_win as f64 * CONNECTION_WINDOW_FACTOR) as u64,
4294                    );
4295
4296                    // Also send MAX_DATA when MAX_STREAM_DATA is sent, to avoid a
4297                    // potential race condition.
4298                    self.almost_full = true;
4299                }
4300            }
4301
4302            // Create MAX_DATA frame as needed.
4303            if self.almost_full &&
4304                flow_control.max_data() < flow_control.max_data_next()
4305            {
4306                // Autotune the connection window size.
4307                flow_control.autotune_window(now, path.recovery.rtt());
4308
4309                let frame = frame::Frame::MaxData {
4310                    max: flow_control.max_data_next(),
4311                };
4312
4313                if push_frame_to_pkt!(b, frames, frame, left) {
4314                    self.almost_full = false;
4315
4316                    // Commits the new max_rx_data limit.
4317                    flow_control.update_max_data(now);
4318
4319                    ack_eliciting = true;
4320                    in_flight = true;
4321                }
4322            }
4323
4324            // Create STOP_SENDING frames as needed.
4325            for (stream_id, error_code) in self
4326                .streams
4327                .stopped()
4328                .map(|(&k, &v)| (k, v))
4329                .collect::<Vec<(u64, u64)>>()
4330            {
4331                let frame = frame::Frame::StopSending {
4332                    stream_id,
4333                    error_code,
4334                };
4335
4336                if push_frame_to_pkt!(b, frames, frame, left) {
4337                    self.streams.remove_stopped(stream_id);
4338
4339                    ack_eliciting = true;
4340                    in_flight = true;
4341                }
4342            }
4343
4344            // Create RESET_STREAM frames as needed.
4345            for (stream_id, (error_code, final_size)) in self
4346                .streams
4347                .reset()
4348                .map(|(&k, &v)| (k, v))
4349                .collect::<Vec<(u64, (u64, u64))>>()
4350            {
4351                let frame = frame::Frame::ResetStream {
4352                    stream_id,
4353                    error_code,
4354                    final_size,
4355                };
4356
4357                if push_frame_to_pkt!(b, frames, frame, left) {
4358                    self.streams.remove_reset(stream_id);
4359
4360                    ack_eliciting = true;
4361                    in_flight = true;
4362                }
4363            }
4364
4365            // Create STREAM_DATA_BLOCKED frames as needed.
4366            for (stream_id, limit) in self
4367                .streams
4368                .blocked()
4369                .map(|(&k, &v)| (k, v))
4370                .collect::<Vec<(u64, u64)>>()
4371            {
4372                let frame = frame::Frame::StreamDataBlocked { stream_id, limit };
4373
4374                if push_frame_to_pkt!(b, frames, frame, left) {
4375                    self.streams.remove_blocked(stream_id);
4376
4377                    ack_eliciting = true;
4378                    in_flight = true;
4379                }
4380            }
4381
4382            // Create RETIRE_CONNECTION_ID frames as needed.
4383            while let Some(seq_num) = self.ids.next_retire_dcid_seq() {
4384                // The sequence number specified in a RETIRE_CONNECTION_ID frame
4385                // MUST NOT refer to the Destination Connection ID field of the
4386                // packet in which the frame is contained.
4387                let dcid_seq = path.active_dcid_seq.ok_or(Error::InvalidState)?;
4388
4389                if seq_num == dcid_seq {
4390                    continue;
4391                }
4392
4393                let frame = frame::Frame::RetireConnectionId { seq_num };
4394
4395                if push_frame_to_pkt!(b, frames, frame, left) {
4396                    self.ids.mark_retire_dcid_seq(seq_num, false)?;
4397
4398                    ack_eliciting = true;
4399                    in_flight = true;
4400                } else {
4401                    break;
4402                }
4403            }
4404        }
4405
4406        // Create CONNECTION_CLOSE frame. Try to send this only on the active
4407        // path, unless it is the last one available.
4408        if path.active() || n_paths == 1 {
4409            if let Some(conn_err) = self.local_error.as_ref() {
4410                if conn_err.is_app {
4411                    // Create ApplicationClose frame.
4412                    if pkt_type == packet::Type::Short {
4413                        let frame = frame::Frame::ApplicationClose {
4414                            error_code: conn_err.error_code,
4415                            reason: conn_err.reason.clone(),
4416                        };
4417
4418                        if push_frame_to_pkt!(b, frames, frame, left) {
4419                            let pto = path.recovery.pto();
4420                            self.draining_timer = Some(now + (pto * 3));
4421
4422                            ack_eliciting = true;
4423                            in_flight = true;
4424                        }
4425                    }
4426                } else {
4427                    // Create ConnectionClose frame.
4428                    let frame = frame::Frame::ConnectionClose {
4429                        error_code: conn_err.error_code,
4430                        frame_type: 0,
4431                        reason: conn_err.reason.clone(),
4432                    };
4433
4434                    if push_frame_to_pkt!(b, frames, frame, left) {
4435                        let pto = path.recovery.pto();
4436                        self.draining_timer = Some(now + (pto * 3));
4437
4438                        ack_eliciting = true;
4439                        in_flight = true;
4440                    }
4441                }
4442            }
4443        }
4444
4445        // Create CRYPTO frame.
4446        if pkt_space.crypto_stream.is_flushable() &&
4447            left > frame::MAX_CRYPTO_OVERHEAD &&
4448            !is_closing &&
4449            path.active()
4450        {
4451            let crypto_off = pkt_space.crypto_stream.send.off_front();
4452
4453            // Encode the frame.
4454            //
4455            // Instead of creating a `frame::Frame` object, encode the frame
4456            // directly into the packet buffer.
4457            //
4458            // First we reserve some space in the output buffer for writing the
4459            // frame header (we assume the length field is always a 2-byte
4460            // varint as we don't know the value yet).
4461            //
4462            // Then we emit the data from the crypto stream's send buffer.
4463            //
4464            // Finally we go back and encode the frame header with the now
4465            // available information.
4466            let hdr_off = b.off();
4467            let hdr_len = 1 + // frame type
4468                octets::varint_len(crypto_off) + // offset
4469                2; // length, always encode as 2-byte varint
4470
4471            if let Some(max_len) = left.checked_sub(hdr_len) {
4472                let (mut crypto_hdr, mut crypto_payload) =
4473                    b.split_at(hdr_off + hdr_len)?;
4474
4475                // Write stream data into the packet buffer.
4476                let (len, _) = pkt_space
4477                    .crypto_stream
4478                    .send
4479                    .emit(&mut crypto_payload.as_mut()[..max_len])?;
4480
4481                // Encode the frame's header.
4482                //
4483                // Due to how `OctetsMut::split_at()` works, `crypto_hdr` starts
4484                // from the initial offset of `b` (rather than the current
4485                // offset), so it needs to be advanced to the
4486                // initial frame offset.
4487                crypto_hdr.skip(hdr_off)?;
4488
4489                frame::encode_crypto_header(
4490                    crypto_off,
4491                    len as u64,
4492                    &mut crypto_hdr,
4493                )?;
4494
4495                // Advance the packet buffer's offset.
4496                b.skip(hdr_len + len)?;
4497
4498                let frame = frame::Frame::CryptoHeader {
4499                    offset: crypto_off,
4500                    length: len,
4501                };
4502
4503                if push_frame_to_pkt!(b, frames, frame, left) {
4504                    ack_eliciting = true;
4505                    in_flight = true;
4506                    has_data = true;
4507                }
4508            }
4509        }
4510
4511        // The preference of data-bearing frame to include in a packet
4512        // is managed by `self.emit_dgram`. However, whether any frames
4513        // can be sent depends on the state of their buffers. In the case
4514        // where one type is preferred but its buffer is empty, fall back
4515        // to the other type in order not to waste this function call.
4516        let mut dgram_emitted = false;
4517        let dgrams_to_emit = max_dgram_len.is_some();
4518        let stream_to_emit = self.streams.has_flushable();
4519
4520        let mut do_dgram = self.emit_dgram && dgrams_to_emit;
4521        let do_stream = !self.emit_dgram && stream_to_emit;
4522
4523        if !do_stream && dgrams_to_emit {
4524            do_dgram = true;
4525        }
4526
4527        // Create DATAGRAM frame.
4528        if (pkt_type == packet::Type::Short || pkt_type == packet::Type::ZeroRTT) &&
4529            left > frame::MAX_DGRAM_OVERHEAD &&
4530            !is_closing &&
4531            path.active() &&
4532            do_dgram
4533        {
4534            if let Some(max_dgram_payload) = max_dgram_len {
4535                while let Some(len) = self.dgram_send_queue.peek_front_len() {
4536                    let hdr_off = b.off();
4537                    let hdr_len = 1 + // frame type
4538                        2; // length, always encode as 2-byte varint
4539
4540                    if (hdr_len + len) <= left {
4541                        // Front of the queue fits this packet, send it.
4542                        match self.dgram_send_queue.pop() {
4543                            Some(data) => {
4544                                // Encode the frame.
4545                                //
4546                                // Instead of creating a `frame::Frame` object,
4547                                // encode the frame directly into the packet
4548                                // buffer.
4549                                //
4550                                // First we reserve some space in the output
4551                                // buffer for writing the frame header (we
4552                                // assume the length field is always a 2-byte
4553                                // varint as we don't know the value yet).
4554                                //
4555                                // Then we emit the data from the DATAGRAM's
4556                                // buffer.
4557                                //
4558                                // Finally we go back and encode the frame
4559                                // header with the now available information.
4560                                let (mut dgram_hdr, mut dgram_payload) =
4561                                    b.split_at(hdr_off + hdr_len)?;
4562
4563                                dgram_payload.as_mut()[..len]
4564                                    .copy_from_slice(&data);
4565
4566                                // Encode the frame's header.
4567                                //
4568                                // Due to how `OctetsMut::split_at()` works,
4569                                // `dgram_hdr` starts from the initial offset
4570                                // of `b` (rather than the current offset), so
4571                                // it needs to be advanced to the initial frame
4572                                // offset.
4573                                dgram_hdr.skip(hdr_off)?;
4574
4575                                frame::encode_dgram_header(
4576                                    len as u64,
4577                                    &mut dgram_hdr,
4578                                )?;
4579
4580                                // Advance the packet buffer's offset.
4581                                b.skip(hdr_len + len)?;
4582
4583                                let frame =
4584                                    frame::Frame::DatagramHeader { length: len };
4585
4586                                if push_frame_to_pkt!(b, frames, frame, left) {
4587                                    ack_eliciting = true;
4588                                    in_flight = true;
4589                                    dgram_emitted = true;
4590                                    let _ =
4591                                        self.dgram_sent_count.saturating_add(1);
4592                                    let _ =
4593                                        path.dgram_sent_count.saturating_add(1);
4594                                }
4595                            },
4596
4597                            None => continue,
4598                        };
4599                    } else if len > max_dgram_payload {
4600                        // This dgram frame will never fit. Let's purge it.
4601                        self.dgram_send_queue.pop();
4602                    } else {
4603                        break;
4604                    }
4605                }
4606            }
4607        }
4608
4609        // Create a single STREAM frame for the first stream that is flushable.
4610        if (pkt_type == packet::Type::Short || pkt_type == packet::Type::ZeroRTT) &&
4611            left > frame::MAX_STREAM_OVERHEAD &&
4612            !is_closing &&
4613            path.active() &&
4614            !dgram_emitted
4615        {
4616            while let Some(priority_key) = self.streams.peek_flushable() {
4617                let stream_id = priority_key.id;
4618                let stream = match self.streams.get_mut(stream_id) {
4619                    // Avoid sending frames for streams that were already stopped.
4620                    //
4621                    // This might happen if stream data was buffered but not yet
4622                    // flushed on the wire when a STOP_SENDING frame is received.
4623                    Some(v) if !v.send.is_stopped() => v,
4624                    _ => {
4625                        self.streams.remove_flushable(&priority_key);
4626                        continue;
4627                    },
4628                };
4629
4630                let stream_off = stream.send.off_front();
4631
4632                // Encode the frame.
4633                //
4634                // Instead of creating a `frame::Frame` object, encode the frame
4635                // directly into the packet buffer.
4636                //
4637                // First we reserve some space in the output buffer for writing
4638                // the frame header (we assume the length field is always a
4639                // 2-byte varint as we don't know the value yet).
4640                //
4641                // Then we emit the data from the stream's send buffer.
4642                //
4643                // Finally we go back and encode the frame header with the now
4644                // available information.
4645                let hdr_off = b.off();
4646                let hdr_len = 1 + // frame type
4647                    octets::varint_len(stream_id) + // stream_id
4648                    octets::varint_len(stream_off) + // offset
4649                    2; // length, always encode as 2-byte varint
4650
4651                let max_len = match left.checked_sub(hdr_len) {
4652                    Some(v) => v,
4653                    None => {
4654                        let priority_key = Arc::clone(&stream.priority_key);
4655                        self.streams.remove_flushable(&priority_key);
4656
4657                        continue;
4658                    },
4659                };
4660
4661                let (mut stream_hdr, mut stream_payload) =
4662                    b.split_at(hdr_off + hdr_len)?;
4663
4664                // Write stream data into the packet buffer.
4665                let (len, fin) =
4666                    stream.send.emit(&mut stream_payload.as_mut()[..max_len])?;
4667
4668                // Encode the frame's header.
4669                //
4670                // Due to how `OctetsMut::split_at()` works, `stream_hdr` starts
4671                // from the initial offset of `b` (rather than the current
4672                // offset), so it needs to be advanced to the initial frame
4673                // offset.
4674                stream_hdr.skip(hdr_off)?;
4675
4676                frame::encode_stream_header(
4677                    stream_id,
4678                    stream_off,
4679                    len as u64,
4680                    fin,
4681                    &mut stream_hdr,
4682                )?;
4683
4684                // Advance the packet buffer's offset.
4685                b.skip(hdr_len + len)?;
4686
4687                let frame = frame::Frame::StreamHeader {
4688                    stream_id,
4689                    offset: stream_off,
4690                    length: len,
4691                    fin,
4692                };
4693
4694                if push_frame_to_pkt!(b, frames, frame, left) {
4695                    ack_eliciting = true;
4696                    in_flight = true;
4697                    has_data = true;
4698                }
4699
4700                let priority_key = Arc::clone(&stream.priority_key);
4701                // If the stream is no longer flushable, remove it from the queue
4702                if !stream.is_flushable() {
4703                    self.streams.remove_flushable(&priority_key);
4704                } else if stream.incremental {
4705                    // Shuffle the incremental stream to the back of the
4706                    // queue.
4707                    self.streams.remove_flushable(&priority_key);
4708                    self.streams.insert_flushable(&priority_key);
4709                }
4710
4711                #[cfg(feature = "fuzzing")]
4712                // Coalesce STREAM frames when fuzzing.
4713                if left > frame::MAX_STREAM_OVERHEAD {
4714                    continue;
4715                }
4716
4717                break;
4718            }
4719        }
4720
4721        // Alternate trying to send DATAGRAMs next time.
4722        self.emit_dgram = !dgram_emitted;
4723
4724        // If no other ack-eliciting frame is sent, include a PING frame
4725        // - if PTO probe needed; OR
4726        // - if we've sent too many non ack-eliciting packets without having
4727        // sent an ACK eliciting one; OR
4728        // - the application requested an ack-eliciting frame be sent.
4729        if (ack_elicit_required || path.needs_ack_eliciting) &&
4730            !ack_eliciting &&
4731            left >= 1 &&
4732            !is_closing
4733        {
4734            let frame = frame::Frame::Ping { mtu_probe: None };
4735
4736            if push_frame_to_pkt!(b, frames, frame, left) {
4737                ack_eliciting = true;
4738                in_flight = true;
4739            }
4740        }
4741
4742        if ack_eliciting && !pmtud_probe {
4743            path.needs_ack_eliciting = false;
4744            path.recovery.ping_sent(epoch);
4745        }
4746
4747        if !has_data &&
4748            !dgram_emitted &&
4749            cwnd_available > frame::MAX_STREAM_OVERHEAD
4750        {
4751            path.recovery.on_app_limited();
4752        }
4753
4754        if frames.is_empty() {
4755            // When we reach this point we are not able to write more, so set
4756            // app_limited to false.
4757            path.recovery.update_app_limited(false);
4758            return Err(Error::Done);
4759        }
4760
4761        // When coalescing a 1-RTT packet, we can't add padding in the UDP
4762        // datagram, so use PADDING frames instead.
4763        //
4764        // This is only needed if
4765        // 1) an Initial packet has already been written to the UDP datagram,
4766        // as Initial always requires padding.
4767        //
4768        // 2) this is a probing packet towards an unvalidated peer address.
4769        if (has_initial || !path.validated()) &&
4770            pkt_type == packet::Type::Short &&
4771            left >= 1
4772        {
4773            let frame = frame::Frame::Padding { len: left };
4774
4775            if push_frame_to_pkt!(b, frames, frame, left) {
4776                in_flight = true;
4777            }
4778        }
4779
4780        // Pad payload so that it's always at least 4 bytes.
4781        if b.off() - payload_offset < PAYLOAD_MIN_LEN {
4782            let payload_len = b.off() - payload_offset;
4783
4784            let frame = frame::Frame::Padding {
4785                len: PAYLOAD_MIN_LEN - payload_len,
4786            };
4787
4788            #[allow(unused_assignments)]
4789            if push_frame_to_pkt!(b, frames, frame, left) {
4790                in_flight = true;
4791            }
4792        }
4793
4794        let payload_len = b.off() - payload_offset;
4795
4796        // Fill in payload length.
4797        if pkt_type != packet::Type::Short {
4798            let len = pn_len + payload_len + crypto_overhead;
4799
4800            let (_, mut payload_with_len) = b.split_at(header_offset)?;
4801            payload_with_len
4802                .put_varint_with_len(len as u64, PAYLOAD_LENGTH_LEN)?;
4803        }
4804
4805        trace!(
4806            "{} tx pkt {} len={} pn={} {}",
4807            self.trace_id,
4808            hdr_trace.unwrap_or_default(),
4809            payload_len,
4810            pn,
4811            AddrTupleFmt(path.local_addr(), path.peer_addr())
4812        );
4813
4814        #[cfg(feature = "qlog")]
4815        let mut qlog_frames: SmallVec<
4816            [qlog::events::quic::QuicFrame; 1],
4817        > = SmallVec::with_capacity(frames.len());
4818
4819        for frame in &mut frames {
4820            trace!("{} tx frm {:?}", self.trace_id, frame);
4821
4822            qlog_with_type!(QLOG_PACKET_TX, self.qlog, _q, {
4823                qlog_frames.push(frame.to_qlog());
4824            });
4825        }
4826
4827        qlog_with_type!(QLOG_PACKET_TX, self.qlog, q, {
4828            if let Some(header) = qlog_pkt_hdr {
4829                // Qlog packet raw info described at
4830                // https://datatracker.ietf.org/doc/html/draft-ietf-quic-qlog-main-schema-00#section-5.1
4831                //
4832                // `length` includes packet headers and trailers (AEAD tag).
4833                let length = payload_len + payload_offset + crypto_overhead;
4834                let qlog_raw_info = RawInfo {
4835                    length: Some(length as u64),
4836                    payload_length: Some(payload_len as u64),
4837                    data: None,
4838                };
4839
4840                let send_at_time =
4841                    now.duration_since(q.start_time()).as_secs_f32() * 1000.0;
4842
4843                let ev_data =
4844                    EventData::PacketSent(qlog::events::quic::PacketSent {
4845                        header,
4846                        frames: Some(qlog_frames),
4847                        raw: Some(qlog_raw_info),
4848                        send_at_time: Some(send_at_time),
4849                        ..Default::default()
4850                    });
4851
4852                q.add_event_data_with_instant(ev_data, now).ok();
4853            }
4854        });
4855
4856        let aead = match pkt_space.crypto_seal {
4857            Some(ref v) => v,
4858            None => return Err(Error::InvalidState),
4859        };
4860
4861        let written = packet::encrypt_pkt(
4862            &mut b,
4863            pn,
4864            pn_len,
4865            payload_len,
4866            payload_offset,
4867            None,
4868            aead,
4869        )?;
4870
4871        let sent_pkt_has_data = if path.recovery.gcongestion_enabled() {
4872            has_data || dgram_emitted
4873        } else {
4874            has_data
4875        };
4876
4877        let sent_pkt = recovery::Sent {
4878            pkt_num: pn,
4879            frames,
4880            time_sent: now,
4881            time_acked: None,
4882            time_lost: None,
4883            size: if ack_eliciting { written } else { 0 },
4884            ack_eliciting,
4885            in_flight,
4886            delivered: 0,
4887            delivered_time: now,
4888            first_sent_time: now,
4889            is_app_limited: false,
4890            tx_in_flight: 0,
4891            lost: 0,
4892            has_data: sent_pkt_has_data,
4893            pmtud: pmtud_probe,
4894        };
4895
4896        if in_flight && is_app_limited {
4897            path.recovery.delivery_rate_update_app_limited(true);
4898        }
4899
4900        self.next_pkt_num += 1;
4901
4902        let handshake_status = recovery::HandshakeStatus {
4903            has_handshake_keys: self.pkt_num_spaces[packet::Epoch::Handshake]
4904                .has_keys(),
4905            peer_verified_address: self.peer_verified_initial_address,
4906            completed: self.handshake_completed,
4907        };
4908
4909        path.recovery.on_packet_sent(
4910            sent_pkt,
4911            epoch,
4912            handshake_status,
4913            now,
4914            &self.trace_id,
4915        );
4916
4917        qlog_with_type!(QLOG_METRICS, self.qlog, q, {
4918            if let Some(ev_data) = path.recovery.maybe_qlog() {
4919                q.add_event_data_with_instant(ev_data, now).ok();
4920            }
4921        });
4922
4923        // Record sent packet size if we probe the path.
4924        if let Some(data) = challenge_data {
4925            path.add_challenge_sent(data, written, now);
4926        }
4927
4928        self.sent_count += 1;
4929        self.sent_bytes += written as u64;
4930        path.sent_count += 1;
4931        path.sent_bytes += written as u64;
4932
4933        if self.dgram_send_queue.byte_size() > path.recovery.cwnd_available() {
4934            path.recovery.update_app_limited(false);
4935        }
4936
4937        path.max_send_bytes = path.max_send_bytes.saturating_sub(written);
4938
4939        // On the client, drop initial state after sending an Handshake packet.
4940        if !self.is_server && hdr_ty == packet::Type::Handshake {
4941            self.drop_epoch_state(packet::Epoch::Initial, now);
4942        }
4943
4944        // (Re)start the idle timer if we are sending the first ack-eliciting
4945        // packet since last receiving a packet.
4946        if ack_eliciting && !self.ack_eliciting_sent {
4947            if let Some(idle_timeout) = self.idle_timeout() {
4948                self.idle_timer = Some(now + idle_timeout);
4949            }
4950        }
4951
4952        if ack_eliciting {
4953            self.ack_eliciting_sent = true;
4954        }
4955
4956        let active_path = self.paths.get_active_mut()?;
4957        if active_path.pmtud.is_enabled() {
4958            active_path
4959                .recovery
4960                .pmtud_update_max_datagram_size(active_path.pmtud.get_current());
4961        }
4962
4963        Ok((pkt_type, written))
4964    }
4965
4966    /// Returns the desired send time for the next packet.
4967    #[inline]
4968    pub fn get_next_release_time(&self) -> Option<ReleaseDecision> {
4969        Some(
4970            self.paths
4971                .get_active()
4972                .ok()?
4973                .recovery
4974                .get_next_release_time(),
4975        )
4976    }
4977
4978    /// Returns whether gcongestion is enabled.
4979    #[inline]
4980    pub fn gcongestion_enabled(&self) -> Option<bool> {
4981        Some(self.paths.get_active().ok()?.recovery.gcongestion_enabled())
4982    }
4983
4984    /// Returns the maximum pacing into the future.
4985    ///
4986    /// Equals 1/8 of the smoothed RTT, but not greater than 5ms.
4987    pub fn max_release_into_future(&self) -> time::Duration {
4988        self.paths
4989            .get_active()
4990            .map(|p| p.recovery.rtt().mul_f64(0.125))
4991            .unwrap_or(time::Duration::from_millis(1))
4992            .min(Duration::from_millis(5))
4993    }
4994
4995    /// Returns whether pacing is enabled.
4996    #[inline]
4997    pub fn pacing_enabled(&self) -> bool {
4998        self.recovery_config.pacing
4999    }
5000
5001    /// Returns the size of the send quantum, in bytes.
5002    ///
5003    /// This represents the maximum size of a packet burst as determined by the
5004    /// congestion control algorithm in use.
5005    ///
5006    /// Applications can, for example, use it in conjunction with segmentation
5007    /// offloading mechanisms as the maximum limit for outgoing aggregates of
5008    /// multiple packets.
5009    #[inline]
5010    pub fn send_quantum(&self) -> usize {
5011        match self.paths.get_active() {
5012            Ok(p) => p.recovery.send_quantum(),
5013            _ => 0,
5014        }
5015    }
5016
5017    /// Returns the size of the send quantum over the given 4-tuple, in bytes.
5018    ///
5019    /// This represents the maximum size of a packet burst as determined by the
5020    /// congestion control algorithm in use.
5021    ///
5022    /// Applications can, for example, use it in conjunction with segmentation
5023    /// offloading mechanisms as the maximum limit for outgoing aggregates of
5024    /// multiple packets.
5025    ///
5026    /// If the (`local_addr`, peer_addr`) 4-tuple relates to a non-existing
5027    /// path, this method returns 0.
5028    pub fn send_quantum_on_path(
5029        &self, local_addr: SocketAddr, peer_addr: SocketAddr,
5030    ) -> usize {
5031        self.paths
5032            .path_id_from_addrs(&(local_addr, peer_addr))
5033            .and_then(|pid| self.paths.get(pid).ok())
5034            .map(|path| path.recovery.send_quantum())
5035            .unwrap_or(0)
5036    }
5037
5038    /// Reads contiguous data from a stream into the provided slice.
5039    ///
5040    /// The slice must be sized by the caller and will be populated up to its
5041    /// capacity.
5042    ///
5043    /// On success the amount of bytes read and a flag indicating the fin state
5044    /// is returned as a tuple, or [`Done`] if there is no data to read.
5045    ///
5046    /// Reading data from a stream may trigger queueing of control messages
5047    /// (e.g. MAX_STREAM_DATA). [`send()`] should be called after reading.
5048    ///
5049    /// [`Done`]: enum.Error.html#variant.Done
5050    /// [`send()`]: struct.Connection.html#method.send
5051    ///
5052    /// ## Examples:
5053    ///
5054    /// ```no_run
5055    /// # let mut buf = [0; 512];
5056    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
5057    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
5058    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
5059    /// # let peer = "127.0.0.1:1234".parse().unwrap();
5060    /// # let local = socket.local_addr().unwrap();
5061    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
5062    /// # let stream_id = 0;
5063    /// while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
5064    ///     println!("Got {} bytes on stream {}", read, stream_id);
5065    /// }
5066    /// # Ok::<(), quiche::Error>(())
5067    /// ```
5068    pub fn stream_recv(
5069        &mut self, stream_id: u64, out: &mut [u8],
5070    ) -> Result<(usize, bool)> {
5071        // We can't read on our own unidirectional streams.
5072        if !stream::is_bidi(stream_id) &&
5073            stream::is_local(stream_id, self.is_server)
5074        {
5075            return Err(Error::InvalidStreamState(stream_id));
5076        }
5077
5078        let stream = self
5079            .streams
5080            .get_mut(stream_id)
5081            .ok_or(Error::InvalidStreamState(stream_id))?;
5082
5083        if !stream.is_readable() {
5084            return Err(Error::Done);
5085        }
5086
5087        let local = stream.local;
5088        let priority_key = Arc::clone(&stream.priority_key);
5089
5090        #[cfg(feature = "qlog")]
5091        let offset = stream.recv.off_front();
5092
5093        let (read, fin) = match stream.recv.emit(out) {
5094            Ok(v) => v,
5095
5096            Err(e) => {
5097                // Collect the stream if it is now complete. This can happen if
5098                // we got a `StreamReset` error which will now be propagated to
5099                // the application, so we don't need to keep the stream's state
5100                // anymore.
5101                if stream.is_complete() {
5102                    self.streams.collect(stream_id, local);
5103                }
5104
5105                self.streams.remove_readable(&priority_key);
5106                return Err(e);
5107            },
5108        };
5109
5110        self.flow_control.add_consumed(read as u64);
5111
5112        let readable = stream.is_readable();
5113
5114        let complete = stream.is_complete();
5115
5116        if stream.recv.almost_full() {
5117            self.streams.insert_almost_full(stream_id);
5118        }
5119
5120        if !readable {
5121            self.streams.remove_readable(&priority_key);
5122        }
5123
5124        if complete {
5125            self.streams.collect(stream_id, local);
5126        }
5127
5128        qlog_with_type!(QLOG_DATA_MV, self.qlog, q, {
5129            let ev_data = EventData::DataMoved(qlog::events::quic::DataMoved {
5130                stream_id: Some(stream_id),
5131                offset: Some(offset),
5132                length: Some(read as u64),
5133                from: Some(DataRecipient::Transport),
5134                to: Some(DataRecipient::Application),
5135                ..Default::default()
5136            });
5137
5138            let now = time::Instant::now();
5139            q.add_event_data_with_instant(ev_data, now).ok();
5140        });
5141
5142        if self.should_update_max_data() {
5143            self.almost_full = true;
5144        }
5145
5146        if priority_key.incremental && readable {
5147            // Shuffle the incremental stream to the back of the queue.
5148            self.streams.remove_readable(&priority_key);
5149            self.streams.insert_readable(&priority_key);
5150        }
5151
5152        Ok((read, fin))
5153    }
5154
5155    /// Writes data to a stream.
5156    ///
5157    /// On success the number of bytes written is returned, or [`Done`] if no
5158    /// data was written (e.g. because the stream has no capacity).
5159    ///
5160    /// Applications can provide a 0-length buffer with the fin flag set to
5161    /// true. This will lead to a 0-length FIN STREAM frame being sent at the
5162    /// latest offset. The `Ok(0)` value is only returned when the application
5163    /// provided a 0-length buffer.
5164    ///
5165    /// In addition, if the peer has signalled that it doesn't want to receive
5166    /// any more data from this stream by sending the `STOP_SENDING` frame, the
5167    /// [`StreamStopped`] error will be returned instead of any data.
5168    ///
5169    /// Note that in order to avoid buffering an infinite amount of data in the
5170    /// stream's send buffer, streams are only allowed to buffer outgoing data
5171    /// up to the amount that the peer allows it to send (that is, up to the
5172    /// stream's outgoing flow control capacity).
5173    ///
5174    /// This means that the number of written bytes returned can be lower than
5175    /// the length of the input buffer when the stream doesn't have enough
5176    /// capacity for the operation to complete. The application should retry the
5177    /// operation once the stream is reported as writable again.
5178    ///
5179    /// Applications should call this method only after the handshake is
5180    /// completed (whenever [`is_established()`] returns `true`) or during
5181    /// early data if enabled (whenever [`is_in_early_data()`] returns `true`).
5182    ///
5183    /// [`Done`]: enum.Error.html#variant.Done
5184    /// [`StreamStopped`]: enum.Error.html#variant.StreamStopped
5185    /// [`is_established()`]: struct.Connection.html#method.is_established
5186    /// [`is_in_early_data()`]: struct.Connection.html#method.is_in_early_data
5187    ///
5188    /// ## Examples:
5189    ///
5190    /// ```no_run
5191    /// # let mut buf = [0; 512];
5192    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
5193    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
5194    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
5195    /// # let peer = "127.0.0.1:1234".parse().unwrap();
5196    /// # let local = "127.0.0.1:4321".parse().unwrap();
5197    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
5198    /// # let stream_id = 0;
5199    /// conn.stream_send(stream_id, b"hello", true)?;
5200    /// # Ok::<(), quiche::Error>(())
5201    /// ```
5202    pub fn stream_send(
5203        &mut self, stream_id: u64, buf: &[u8], fin: bool,
5204    ) -> Result<usize> {
5205        self.stream_do_send(
5206            stream_id,
5207            buf,
5208            fin,
5209            |stream: &mut stream::Stream<F>,
5210             buf: &[u8],
5211             cap: usize,
5212             fin: bool| {
5213                stream.send.write(&buf[..cap], fin).map(|v| (v, v))
5214            },
5215        )
5216    }
5217
5218    /// Writes data to a stream with zero copying, instead, it appends the
5219    /// provided buffer directly to the send queue if the capacity allows
5220    /// it.
5221    ///
5222    /// When a partial write happens (including when [`Done`] is returned) the
5223    /// remaining (unwrittent) buffer will also be returned. The application
5224    /// should retry the operation once the stream is reported as writable
5225    /// again.
5226    pub fn stream_send_zc(
5227        &mut self, stream_id: u64, buf: F::Buf, len: Option<usize>, fin: bool,
5228    ) -> Result<(usize, Option<F::Buf>)>
5229    where
5230        F::Buf: BufSplit,
5231    {
5232        self.stream_do_send(
5233            stream_id,
5234            buf,
5235            fin,
5236            |stream: &mut stream::Stream<F>,
5237             buf: F::Buf,
5238             cap: usize,
5239             fin: bool| {
5240                let len = len.unwrap_or(usize::MAX).min(cap);
5241                let (sent, remaining) = stream.send.append_buf(buf, len, fin)?;
5242                Ok((sent, (sent, remaining)))
5243            },
5244        )
5245    }
5246
5247    fn stream_do_send<B, R, SND>(
5248        &mut self, stream_id: u64, buf: B, fin: bool, write_fn: SND,
5249    ) -> Result<R>
5250    where
5251        B: AsRef<[u8]>,
5252        SND: FnOnce(&mut stream::Stream<F>, B, usize, bool) -> Result<(usize, R)>,
5253    {
5254        // We can't write on the peer's unidirectional streams.
5255        if !stream::is_bidi(stream_id) &&
5256            !stream::is_local(stream_id, self.is_server)
5257        {
5258            return Err(Error::InvalidStreamState(stream_id));
5259        }
5260
5261        let len = buf.as_ref().len();
5262
5263        // Mark the connection as blocked if the connection-level flow control
5264        // limit doesn't let us buffer all the data.
5265        //
5266        // Note that this is separate from "send capacity" as that also takes
5267        // congestion control into consideration.
5268        if self.max_tx_data - self.tx_data < len as u64 {
5269            self.blocked_limit = Some(self.max_tx_data);
5270        }
5271
5272        let cap = self.tx_cap;
5273
5274        // Get existing stream or create a new one.
5275        let stream = self.get_or_create_stream(stream_id, true)?;
5276
5277        #[cfg(feature = "qlog")]
5278        let offset = stream.send.off_back();
5279
5280        let was_writable = stream.is_writable();
5281
5282        let was_flushable = stream.is_flushable();
5283
5284        let priority_key = Arc::clone(&stream.priority_key);
5285
5286        // Truncate the input buffer based on the connection's send capacity if
5287        // necessary.
5288        //
5289        // When the cap is zero, the method returns Ok(0) *only* when the passed
5290        // buffer is empty. We return Error::Done otherwise.
5291        if cap == 0 && len > 0 {
5292            if was_writable {
5293                // When `stream_writable_next()` returns a stream, the writable
5294                // mark is removed, but because the stream is blocked by the
5295                // connection-level send capacity it won't be marked as writable
5296                // again once the capacity increases.
5297                //
5298                // Since the stream is writable already, mark it here instead.
5299                self.streams.insert_writable(&priority_key);
5300            }
5301
5302            return Err(Error::Done);
5303        }
5304
5305        let (cap, fin, blocked_by_cap) = if cap < len {
5306            (cap, false, true)
5307        } else {
5308            (len, fin, false)
5309        };
5310
5311        let (sent, ret) = match write_fn(stream, buf, cap, fin) {
5312            Ok(v) => v,
5313
5314            Err(e) => {
5315                self.streams.remove_writable(&priority_key);
5316                return Err(e);
5317            },
5318        };
5319
5320        let incremental = stream.incremental;
5321        let priority_key = Arc::clone(&stream.priority_key);
5322
5323        let flushable = stream.is_flushable();
5324
5325        let writable = stream.is_writable();
5326
5327        let empty_fin = len == 0 && fin;
5328
5329        if sent < cap {
5330            let max_off = stream.send.max_off();
5331
5332            if stream.send.blocked_at() != Some(max_off) {
5333                stream.send.update_blocked_at(Some(max_off));
5334                self.streams.insert_blocked(stream_id, max_off);
5335            }
5336        } else {
5337            stream.send.update_blocked_at(None);
5338            self.streams.remove_blocked(stream_id);
5339        }
5340
5341        // If the stream is now flushable push it to the flushable queue, but
5342        // only if it wasn't already queued.
5343        //
5344        // Consider the stream flushable also when we are sending a zero-length
5345        // frame that has the fin flag set.
5346        if (flushable || empty_fin) && !was_flushable {
5347            self.streams.insert_flushable(&priority_key);
5348        }
5349
5350        if !writable {
5351            self.streams.remove_writable(&priority_key);
5352        } else if was_writable && blocked_by_cap {
5353            // When `stream_writable_next()` returns a stream, the writable
5354            // mark is removed, but because the stream is blocked by the
5355            // connection-level send capacity it won't be marked as writable
5356            // again once the capacity increases.
5357            //
5358            // Since the stream is writable already, mark it here instead.
5359            self.streams.insert_writable(&priority_key);
5360        }
5361
5362        self.tx_cap -= sent;
5363
5364        self.tx_data += sent as u64;
5365
5366        self.tx_buffered += sent;
5367
5368        qlog_with_type!(QLOG_DATA_MV, self.qlog, q, {
5369            let ev_data = EventData::DataMoved(qlog::events::quic::DataMoved {
5370                stream_id: Some(stream_id),
5371                offset: Some(offset),
5372                length: Some(sent as u64),
5373                from: Some(DataRecipient::Application),
5374                to: Some(DataRecipient::Transport),
5375                ..Default::default()
5376            });
5377
5378            let now = time::Instant::now();
5379            q.add_event_data_with_instant(ev_data, now).ok();
5380        });
5381
5382        if sent == 0 && cap > 0 {
5383            return Err(Error::Done);
5384        }
5385
5386        if incremental && writable {
5387            // Shuffle the incremental stream to the back of the queue.
5388            self.streams.remove_writable(&priority_key);
5389            self.streams.insert_writable(&priority_key);
5390        }
5391
5392        Ok(ret)
5393    }
5394
5395    /// Sets the priority for a stream.
5396    ///
5397    /// A stream's priority determines the order in which stream data is sent
5398    /// on the wire (streams with lower priority are sent first). Streams are
5399    /// created with a default priority of `127`.
5400    ///
5401    /// The target stream is created if it did not exist before calling this
5402    /// method.
5403    pub fn stream_priority(
5404        &mut self, stream_id: u64, urgency: u8, incremental: bool,
5405    ) -> Result<()> {
5406        // Get existing stream or create a new one, but if the stream
5407        // has already been closed and collected, ignore the prioritization.
5408        let stream = match self.get_or_create_stream(stream_id, true) {
5409            Ok(v) => v,
5410
5411            Err(Error::Done) => return Ok(()),
5412
5413            Err(e) => return Err(e),
5414        };
5415
5416        if stream.urgency == urgency && stream.incremental == incremental {
5417            return Ok(());
5418        }
5419
5420        stream.urgency = urgency;
5421        stream.incremental = incremental;
5422
5423        let new_priority_key = Arc::new(StreamPriorityKey {
5424            urgency: stream.urgency,
5425            incremental: stream.incremental,
5426            id: stream_id,
5427            ..Default::default()
5428        });
5429
5430        let old_priority_key =
5431            std::mem::replace(&mut stream.priority_key, new_priority_key.clone());
5432
5433        self.streams
5434            .update_priority(&old_priority_key, &new_priority_key);
5435
5436        Ok(())
5437    }
5438
5439    /// Shuts down reading or writing from/to the specified stream.
5440    ///
5441    /// When the `direction` argument is set to [`Shutdown::Read`], outstanding
5442    /// data in the stream's receive buffer is dropped, and no additional data
5443    /// is added to it. Data received after calling this method is still
5444    /// validated and acked but not stored, and [`stream_recv()`] will not
5445    /// return it to the application. In addition, a `STOP_SENDING` frame will
5446    /// be sent to the peer to signal it to stop sending data.
5447    ///
5448    /// When the `direction` argument is set to [`Shutdown::Write`], outstanding
5449    /// data in the stream's send buffer is dropped, and no additional data is
5450    /// added to it. Data passed to [`stream_send()`] after calling this method
5451    /// will be ignored. In addition, a `RESET_STREAM` frame will be sent to the
5452    /// peer to signal the reset.
5453    ///
5454    /// Locally-initiated unidirectional streams can only be closed in the
5455    /// [`Shutdown::Write`] direction. Remotely-initiated unidirectional streams
5456    /// can only be closed in the [`Shutdown::Read`] direction. Using an
5457    /// incorrect direction will return [`InvalidStreamState`].
5458    ///
5459    /// [`Shutdown::Read`]: enum.Shutdown.html#variant.Read
5460    /// [`Shutdown::Write`]: enum.Shutdown.html#variant.Write
5461    /// [`stream_recv()`]: struct.Connection.html#method.stream_recv
5462    /// [`stream_send()`]: struct.Connection.html#method.stream_send
5463    /// [`InvalidStreamState`]: enum.Error.html#variant.InvalidStreamState
5464    pub fn stream_shutdown(
5465        &mut self, stream_id: u64, direction: Shutdown, err: u64,
5466    ) -> Result<()> {
5467        // Don't try to stop a local unidirectional stream.
5468        if direction == Shutdown::Read &&
5469            stream::is_local(stream_id, self.is_server) &&
5470            !stream::is_bidi(stream_id)
5471        {
5472            return Err(Error::InvalidStreamState(stream_id));
5473        }
5474
5475        // Don't try to reset a remote unidirectional stream.
5476        if direction == Shutdown::Write &&
5477            !stream::is_local(stream_id, self.is_server) &&
5478            !stream::is_bidi(stream_id)
5479        {
5480            return Err(Error::InvalidStreamState(stream_id));
5481        }
5482
5483        // Get existing stream.
5484        let stream = self.streams.get_mut(stream_id).ok_or(Error::Done)?;
5485
5486        let priority_key = Arc::clone(&stream.priority_key);
5487
5488        match direction {
5489            Shutdown::Read => {
5490                stream.recv.shutdown()?;
5491
5492                if !stream.recv.is_fin() {
5493                    self.streams.insert_stopped(stream_id, err);
5494                }
5495
5496                // Once shutdown, the stream is guaranteed to be non-readable.
5497                self.streams.remove_readable(&priority_key);
5498
5499                self.stopped_stream_local_count =
5500                    self.stopped_stream_local_count.saturating_add(1);
5501            },
5502
5503            Shutdown::Write => {
5504                let (final_size, unsent) = stream.send.shutdown()?;
5505
5506                // Claw back some flow control allowance from data that was
5507                // buffered but not actually sent before the stream was reset.
5508                self.tx_data = self.tx_data.saturating_sub(unsent);
5509
5510                self.tx_buffered =
5511                    self.tx_buffered.saturating_sub(unsent as usize);
5512
5513                // Update send capacity.
5514                self.update_tx_cap();
5515
5516                self.streams.insert_reset(stream_id, err, final_size);
5517
5518                // Once shutdown, the stream is guaranteed to be non-writable.
5519                self.streams.remove_writable(&priority_key);
5520
5521                self.reset_stream_local_count =
5522                    self.reset_stream_local_count.saturating_add(1);
5523            },
5524        }
5525
5526        Ok(())
5527    }
5528
5529    /// Returns the stream's send capacity in bytes.
5530    ///
5531    /// If the specified stream doesn't exist (including when it has already
5532    /// been completed and closed), the [`InvalidStreamState`] error will be
5533    /// returned.
5534    ///
5535    /// In addition, if the peer has signalled that it doesn't want to receive
5536    /// any more data from this stream by sending the `STOP_SENDING` frame, the
5537    /// [`StreamStopped`] error will be returned.
5538    ///
5539    /// [`InvalidStreamState`]: enum.Error.html#variant.InvalidStreamState
5540    /// [`StreamStopped`]: enum.Error.html#variant.StreamStopped
5541    #[inline]
5542    pub fn stream_capacity(&self, stream_id: u64) -> Result<usize> {
5543        if let Some(stream) = self.streams.get(stream_id) {
5544            let cap = cmp::min(self.tx_cap, stream.send.cap()?);
5545            return Ok(cap);
5546        };
5547
5548        Err(Error::InvalidStreamState(stream_id))
5549    }
5550
5551    /// Returns the next stream that has data to read.
5552    ///
5553    /// Note that once returned by this method, a stream ID will not be returned
5554    /// again until it is "re-armed".
5555    ///
5556    /// The application will need to read all of the pending data on the stream,
5557    /// and new data has to be received before the stream is reported again.
5558    ///
5559    /// This is unlike the [`readable()`] method, that returns the same list of
5560    /// readable streams when called multiple times in succession.
5561    ///
5562    /// [`readable()`]: struct.Connection.html#method.readable
5563    pub fn stream_readable_next(&mut self) -> Option<u64> {
5564        let priority_key = self.streams.readable.front().clone_pointer()?;
5565
5566        self.streams.remove_readable(&priority_key);
5567
5568        Some(priority_key.id)
5569    }
5570
5571    /// Returns true if the stream has data that can be read.
5572    pub fn stream_readable(&self, stream_id: u64) -> bool {
5573        let stream = match self.streams.get(stream_id) {
5574            Some(v) => v,
5575
5576            None => return false,
5577        };
5578
5579        stream.is_readable()
5580    }
5581
5582    /// Returns the next stream that can be written to.
5583    ///
5584    /// Note that once returned by this method, a stream ID will not be returned
5585    /// again until it is "re-armed".
5586    ///
5587    /// This is unlike the [`writable()`] method, that returns the same list of
5588    /// writable streams when called multiple times in succession. It is not
5589    /// advised to use both `stream_writable_next()` and [`writable()`] on the
5590    /// same connection, as it may lead to unexpected results.
5591    ///
5592    /// The [`stream_writable()`] method can also be used to fine-tune when a
5593    /// stream is reported as writable again.
5594    ///
5595    /// [`stream_writable()`]: struct.Connection.html#method.stream_writable
5596    /// [`writable()`]: struct.Connection.html#method.writable
5597    pub fn stream_writable_next(&mut self) -> Option<u64> {
5598        // If there is not enough connection-level send capacity, none of the
5599        // streams are writable.
5600        if self.tx_cap == 0 {
5601            return None;
5602        }
5603
5604        let mut cursor = self.streams.writable.front();
5605
5606        while let Some(priority_key) = cursor.clone_pointer() {
5607            if let Some(stream) = self.streams.get(priority_key.id) {
5608                let cap = match stream.send.cap() {
5609                    Ok(v) => v,
5610
5611                    // Return the stream to the application immediately if it's
5612                    // stopped.
5613                    Err(_) =>
5614                        return {
5615                            self.streams.remove_writable(&priority_key);
5616
5617                            Some(priority_key.id)
5618                        },
5619                };
5620
5621                if cmp::min(self.tx_cap, cap) >= stream.send_lowat {
5622                    self.streams.remove_writable(&priority_key);
5623                    return Some(priority_key.id);
5624                }
5625            }
5626
5627            cursor.move_next();
5628        }
5629
5630        None
5631    }
5632
5633    /// Returns true if the stream has enough send capacity.
5634    ///
5635    /// When `len` more bytes can be buffered into the given stream's send
5636    /// buffer, `true` will be returned, `false` otherwise.
5637    ///
5638    /// In the latter case, if the additional data can't be buffered due to
5639    /// flow control limits, the peer will also be notified, and a "low send
5640    /// watermark" will be set for the stream, such that it is not going to be
5641    /// reported as writable again by [`stream_writable_next()`] until its send
5642    /// capacity reaches `len`.
5643    ///
5644    /// If the specified stream doesn't exist (including when it has already
5645    /// been completed and closed), the [`InvalidStreamState`] error will be
5646    /// returned.
5647    ///
5648    /// In addition, if the peer has signalled that it doesn't want to receive
5649    /// any more data from this stream by sending the `STOP_SENDING` frame, the
5650    /// [`StreamStopped`] error will be returned.
5651    ///
5652    /// [`stream_writable_next()`]: struct.Connection.html#method.stream_writable_next
5653    /// [`InvalidStreamState`]: enum.Error.html#variant.InvalidStreamState
5654    /// [`StreamStopped`]: enum.Error.html#variant.StreamStopped
5655    #[inline]
5656    pub fn stream_writable(
5657        &mut self, stream_id: u64, len: usize,
5658    ) -> Result<bool> {
5659        if self.stream_capacity(stream_id)? >= len {
5660            return Ok(true);
5661        }
5662
5663        let stream = match self.streams.get_mut(stream_id) {
5664            Some(v) => v,
5665
5666            None => return Err(Error::InvalidStreamState(stream_id)),
5667        };
5668
5669        stream.send_lowat = cmp::max(1, len);
5670
5671        let is_writable = stream.is_writable();
5672
5673        let priority_key = Arc::clone(&stream.priority_key);
5674
5675        if self.max_tx_data - self.tx_data < len as u64 {
5676            self.blocked_limit = Some(self.max_tx_data);
5677        }
5678
5679        if stream.send.cap()? < len {
5680            let max_off = stream.send.max_off();
5681            if stream.send.blocked_at() != Some(max_off) {
5682                stream.send.update_blocked_at(Some(max_off));
5683                self.streams.insert_blocked(stream_id, max_off);
5684            }
5685        } else if is_writable {
5686            // When `stream_writable_next()` returns a stream, the writable
5687            // mark is removed, but because the stream is blocked by the
5688            // connection-level send capacity it won't be marked as writable
5689            // again once the capacity increases.
5690            //
5691            // Since the stream is writable already, mark it here instead.
5692            self.streams.insert_writable(&priority_key);
5693        }
5694
5695        Ok(false)
5696    }
5697
5698    /// Returns true if all the data has been read from the specified stream.
5699    ///
5700    /// This instructs the application that all the data received from the
5701    /// peer on the stream has been read, and there won't be anymore in the
5702    /// future.
5703    ///
5704    /// Basically this returns true when the peer either set the `fin` flag
5705    /// for the stream, or sent `RESET_STREAM`.
5706    #[inline]
5707    pub fn stream_finished(&self, stream_id: u64) -> bool {
5708        let stream = match self.streams.get(stream_id) {
5709            Some(v) => v,
5710
5711            None => return true,
5712        };
5713
5714        stream.recv.is_fin()
5715    }
5716
5717    /// Returns the number of bidirectional streams that can be created
5718    /// before the peer's stream count limit is reached.
5719    ///
5720    /// This can be useful to know if it's possible to create a bidirectional
5721    /// stream without trying it first.
5722    #[inline]
5723    pub fn peer_streams_left_bidi(&self) -> u64 {
5724        self.streams.peer_streams_left_bidi()
5725    }
5726
5727    /// Returns the number of unidirectional streams that can be created
5728    /// before the peer's stream count limit is reached.
5729    ///
5730    /// This can be useful to know if it's possible to create a unidirectional
5731    /// stream without trying it first.
5732    #[inline]
5733    pub fn peer_streams_left_uni(&self) -> u64 {
5734        self.streams.peer_streams_left_uni()
5735    }
5736
5737    /// Returns an iterator over streams that have outstanding data to read.
5738    ///
5739    /// Note that the iterator will only include streams that were readable at
5740    /// the time the iterator itself was created (i.e. when `readable()` was
5741    /// called). To account for newly readable streams, the iterator needs to
5742    /// be created again.
5743    ///
5744    /// ## Examples:
5745    ///
5746    /// ```no_run
5747    /// # let mut buf = [0; 512];
5748    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
5749    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
5750    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
5751    /// # let peer = "127.0.0.1:1234".parse().unwrap();
5752    /// # let local = socket.local_addr().unwrap();
5753    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
5754    /// // Iterate over readable streams.
5755    /// for stream_id in conn.readable() {
5756    ///     // Stream is readable, read until there's no more data.
5757    ///     while let Ok((read, fin)) = conn.stream_recv(stream_id, &mut buf) {
5758    ///         println!("Got {} bytes on stream {}", read, stream_id);
5759    ///     }
5760    /// }
5761    /// # Ok::<(), quiche::Error>(())
5762    /// ```
5763    #[inline]
5764    pub fn readable(&self) -> StreamIter {
5765        self.streams.readable()
5766    }
5767
5768    /// Returns an iterator over streams that can be written in priority order.
5769    ///
5770    /// The priority order is based on RFC 9218 scheduling recommendations.
5771    /// Stream priority can be controlled using [`stream_priority()`]. In order
5772    /// to support fairness requirements, each time this method is called,
5773    /// internal state is updated. Therefore the iterator ordering can change
5774    /// between calls, even if no streams were added or removed.
5775    ///
5776    /// A "writable" stream is a stream that has enough flow control capacity to
5777    /// send data to the peer. To avoid buffering an infinite amount of data,
5778    /// streams are only allowed to buffer outgoing data up to the amount that
5779    /// the peer allows to send.
5780    ///
5781    /// Note that the iterator will only include streams that were writable at
5782    /// the time the iterator itself was created (i.e. when `writable()` was
5783    /// called). To account for newly writable streams, the iterator needs to be
5784    /// created again.
5785    ///
5786    /// ## Examples:
5787    ///
5788    /// ```no_run
5789    /// # let mut buf = [0; 512];
5790    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
5791    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
5792    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
5793    /// # let local = socket.local_addr().unwrap();
5794    /// # let peer = "127.0.0.1:1234".parse().unwrap();
5795    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
5796    /// // Iterate over writable streams.
5797    /// for stream_id in conn.writable() {
5798    ///     // Stream is writable, write some data.
5799    ///     if let Ok(written) = conn.stream_send(stream_id, &buf, false) {
5800    ///         println!("Written {} bytes on stream {}", written, stream_id);
5801    ///     }
5802    /// }
5803    /// # Ok::<(), quiche::Error>(())
5804    /// ```
5805    /// [`stream_priority()`]: struct.Connection.html#method.stream_priority
5806    #[inline]
5807    pub fn writable(&self) -> StreamIter {
5808        // If there is not enough connection-level send capacity, none of the
5809        // streams are writable, so return an empty iterator.
5810        if self.tx_cap == 0 {
5811            return StreamIter::default();
5812        }
5813
5814        self.streams.writable()
5815    }
5816
5817    /// Returns the maximum possible size of egress UDP payloads.
5818    ///
5819    /// This is the maximum size of UDP payloads that can be sent, and depends
5820    /// on both the configured maximum send payload size of the local endpoint
5821    /// (as configured with [`set_max_send_udp_payload_size()`]), as well as
5822    /// the transport parameter advertised by the remote peer.
5823    ///
5824    /// Note that this value can change during the lifetime of the connection,
5825    /// but should remain stable across consecutive calls to [`send()`].
5826    ///
5827    /// [`set_max_send_udp_payload_size()`]:
5828    ///     struct.Config.html#method.set_max_send_udp_payload_size
5829    /// [`send()`]: struct.Connection.html#method.send
5830    pub fn max_send_udp_payload_size(&self) -> usize {
5831        let max_datagram_size = self
5832            .paths
5833            .get_active()
5834            .ok()
5835            .map(|p| p.recovery.max_datagram_size());
5836
5837        if let Some(max_datagram_size) = max_datagram_size {
5838            if self.is_established() {
5839                // We cap the maximum packet size to 16KB or so, so that it can be
5840                // always encoded with a 2-byte varint.
5841                return cmp::min(16383, max_datagram_size);
5842            }
5843        }
5844
5845        // Allow for 1200 bytes (minimum QUIC packet size) during the
5846        // handshake.
5847        MIN_CLIENT_INITIAL_LEN
5848    }
5849
5850    /// Schedule an ack-eliciting packet on the active path.
5851    ///
5852    /// QUIC packets might not contain ack-eliciting frames during normal
5853    /// operating conditions. If the packet would already contain
5854    /// ack-eliciting frames, this method does not change any behavior.
5855    /// However, if the packet would not ordinarily contain ack-eliciting
5856    /// frames, this method ensures that a PING frame sent.
5857    ///
5858    /// Calling this method multiple times before [`send()`] has no effect.
5859    ///
5860    /// [`send()`]: struct.Connection.html#method.send
5861    pub fn send_ack_eliciting(&mut self) -> Result<()> {
5862        if self.is_closed() || self.is_draining() {
5863            return Ok(());
5864        }
5865        self.paths.get_active_mut()?.needs_ack_eliciting = true;
5866        Ok(())
5867    }
5868
5869    /// Schedule an ack-eliciting packet on the specified path.
5870    ///
5871    /// See [`send_ack_eliciting()`] for more detail. [`InvalidState`] is
5872    /// returned if there is no record of the path.
5873    ///
5874    /// [`send_ack_eliciting()`]: struct.Connection.html#method.send_ack_eliciting
5875    /// [`InvalidState`]: enum.Error.html#variant.InvalidState
5876    pub fn send_ack_eliciting_on_path(
5877        &mut self, local: SocketAddr, peer: SocketAddr,
5878    ) -> Result<()> {
5879        if self.is_closed() || self.is_draining() {
5880            return Ok(());
5881        }
5882        let path_id = self
5883            .paths
5884            .path_id_from_addrs(&(local, peer))
5885            .ok_or(Error::InvalidState)?;
5886        self.paths.get_mut(path_id)?.needs_ack_eliciting = true;
5887        Ok(())
5888    }
5889
5890    /// Reads the first received DATAGRAM.
5891    ///
5892    /// On success the DATAGRAM's data is returned along with its size.
5893    ///
5894    /// [`Done`] is returned if there is no data to read.
5895    ///
5896    /// [`BufferTooShort`] is returned if the provided buffer is too small for
5897    /// the DATAGRAM.
5898    ///
5899    /// [`Done`]: enum.Error.html#variant.Done
5900    /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
5901    ///
5902    /// ## Examples:
5903    ///
5904    /// ```no_run
5905    /// # let mut buf = [0; 512];
5906    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
5907    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
5908    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
5909    /// # let peer = "127.0.0.1:1234".parse().unwrap();
5910    /// # let local = socket.local_addr().unwrap();
5911    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
5912    /// let mut dgram_buf = [0; 512];
5913    /// while let Ok((len)) = conn.dgram_recv(&mut dgram_buf) {
5914    ///     println!("Got {} bytes of DATAGRAM", len);
5915    /// }
5916    /// # Ok::<(), quiche::Error>(())
5917    /// ```
5918    #[inline]
5919    pub fn dgram_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
5920        match self.dgram_recv_queue.pop() {
5921            Some(d) => {
5922                if d.len() > buf.len() {
5923                    return Err(Error::BufferTooShort);
5924                }
5925
5926                buf[..d.len()].copy_from_slice(&d);
5927                Ok(d.len())
5928            },
5929
5930            None => Err(Error::Done),
5931        }
5932    }
5933
5934    /// Reads the first received DATAGRAM.
5935    ///
5936    /// This is the same as [`dgram_recv()`] but returns the DATAGRAM as a
5937    /// `Vec<u8>` instead of copying into the provided buffer.
5938    ///
5939    /// [`dgram_recv()`]: struct.Connection.html#method.dgram_recv
5940    #[inline]
5941    pub fn dgram_recv_vec(&mut self) -> Result<Vec<u8>> {
5942        match self.dgram_recv_queue.pop() {
5943            Some(d) => Ok(d),
5944
5945            None => Err(Error::Done),
5946        }
5947    }
5948
5949    /// Reads the first received DATAGRAM without removing it from the queue.
5950    ///
5951    /// On success the DATAGRAM's data is returned along with the actual number
5952    /// of bytes peeked. The requested length cannot exceed the DATAGRAM's
5953    /// actual length.
5954    ///
5955    /// [`Done`] is returned if there is no data to read.
5956    ///
5957    /// [`BufferTooShort`] is returned if the provided buffer is smaller the
5958    /// number of bytes to peek.
5959    ///
5960    /// [`Done`]: enum.Error.html#variant.Done
5961    /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
5962    #[inline]
5963    pub fn dgram_recv_peek(&self, buf: &mut [u8], len: usize) -> Result<usize> {
5964        self.dgram_recv_queue.peek_front_bytes(buf, len)
5965    }
5966
5967    /// Returns the length of the first stored DATAGRAM.
5968    #[inline]
5969    pub fn dgram_recv_front_len(&self) -> Option<usize> {
5970        self.dgram_recv_queue.peek_front_len()
5971    }
5972
5973    /// Returns the number of items in the DATAGRAM receive queue.
5974    #[inline]
5975    pub fn dgram_recv_queue_len(&self) -> usize {
5976        self.dgram_recv_queue.len()
5977    }
5978
5979    /// Returns the total size of all items in the DATAGRAM receive queue.
5980    #[inline]
5981    pub fn dgram_recv_queue_byte_size(&self) -> usize {
5982        self.dgram_recv_queue.byte_size()
5983    }
5984
5985    /// Returns the number of items in the DATAGRAM send queue.
5986    #[inline]
5987    pub fn dgram_send_queue_len(&self) -> usize {
5988        self.dgram_send_queue.len()
5989    }
5990
5991    /// Returns the total size of all items in the DATAGRAM send queue.
5992    #[inline]
5993    pub fn dgram_send_queue_byte_size(&self) -> usize {
5994        self.dgram_send_queue.byte_size()
5995    }
5996
5997    /// Returns whether or not the DATAGRAM send queue is full.
5998    #[inline]
5999    pub fn is_dgram_send_queue_full(&self) -> bool {
6000        self.dgram_send_queue.is_full()
6001    }
6002
6003    /// Returns whether or not the DATAGRAM recv queue is full.
6004    #[inline]
6005    pub fn is_dgram_recv_queue_full(&self) -> bool {
6006        self.dgram_recv_queue.is_full()
6007    }
6008
6009    /// Sends data in a DATAGRAM frame.
6010    ///
6011    /// [`Done`] is returned if no data was written.
6012    /// [`InvalidState`] is returned if the peer does not support DATAGRAM.
6013    /// [`BufferTooShort`] is returned if the DATAGRAM frame length is larger
6014    /// than peer's supported DATAGRAM frame length. Use
6015    /// [`dgram_max_writable_len()`] to get the largest supported DATAGRAM
6016    /// frame length.
6017    ///
6018    /// Note that there is no flow control of DATAGRAM frames, so in order to
6019    /// avoid buffering an infinite amount of frames we apply an internal
6020    /// limit.
6021    ///
6022    /// [`Done`]: enum.Error.html#variant.Done
6023    /// [`InvalidState`]: enum.Error.html#variant.InvalidState
6024    /// [`BufferTooShort`]: enum.Error.html#variant.BufferTooShort
6025    /// [`dgram_max_writable_len()`]:
6026    /// struct.Connection.html#method.dgram_max_writable_len
6027    ///
6028    /// ## Examples:
6029    ///
6030    /// ```no_run
6031    /// # let mut buf = [0; 512];
6032    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
6033    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
6034    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
6035    /// # let peer = "127.0.0.1:1234".parse().unwrap();
6036    /// # let local = socket.local_addr().unwrap();
6037    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
6038    /// conn.dgram_send(b"hello")?;
6039    /// # Ok::<(), quiche::Error>(())
6040    /// ```
6041    pub fn dgram_send(&mut self, buf: &[u8]) -> Result<()> {
6042        let max_payload_len = match self.dgram_max_writable_len() {
6043            Some(v) => v,
6044
6045            None => return Err(Error::InvalidState),
6046        };
6047
6048        if buf.len() > max_payload_len {
6049            return Err(Error::BufferTooShort);
6050        }
6051
6052        self.dgram_send_queue.push(buf.to_vec())?;
6053
6054        let active_path = self.paths.get_active_mut()?;
6055
6056        if self.dgram_send_queue.byte_size() >
6057            active_path.recovery.cwnd_available()
6058        {
6059            active_path.recovery.update_app_limited(false);
6060        }
6061
6062        Ok(())
6063    }
6064
6065    /// Sends data in a DATAGRAM frame.
6066    ///
6067    /// This is the same as [`dgram_send()`] but takes a `Vec<u8>` instead of
6068    /// a slice.
6069    ///
6070    /// [`dgram_send()`]: struct.Connection.html#method.dgram_send
6071    pub fn dgram_send_vec(&mut self, buf: Vec<u8>) -> Result<()> {
6072        let max_payload_len = match self.dgram_max_writable_len() {
6073            Some(v) => v,
6074
6075            None => return Err(Error::InvalidState),
6076        };
6077
6078        if buf.len() > max_payload_len {
6079            return Err(Error::BufferTooShort);
6080        }
6081
6082        self.dgram_send_queue.push(buf)?;
6083
6084        let active_path = self.paths.get_active_mut()?;
6085
6086        if self.dgram_send_queue.byte_size() >
6087            active_path.recovery.cwnd_available()
6088        {
6089            active_path.recovery.update_app_limited(false);
6090        }
6091
6092        Ok(())
6093    }
6094
6095    /// Purges queued outgoing DATAGRAMs matching the predicate.
6096    ///
6097    /// In other words, remove all elements `e` such that `f(&e)` returns true.
6098    ///
6099    /// ## Examples:
6100    /// ```no_run
6101    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
6102    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
6103    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
6104    /// # let peer = "127.0.0.1:1234".parse().unwrap();
6105    /// # let local = socket.local_addr().unwrap();
6106    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
6107    /// conn.dgram_send(b"hello")?;
6108    /// conn.dgram_purge_outgoing(&|d: &[u8]| -> bool { d[0] == 0 });
6109    /// # Ok::<(), quiche::Error>(())
6110    /// ```
6111    #[inline]
6112    pub fn dgram_purge_outgoing<FN: Fn(&[u8]) -> bool>(&mut self, f: FN) {
6113        self.dgram_send_queue.purge(f);
6114    }
6115
6116    /// Returns the maximum DATAGRAM payload that can be sent.
6117    ///
6118    /// [`None`] is returned if the peer hasn't advertised a maximum DATAGRAM
6119    /// frame size.
6120    ///
6121    /// ## Examples:
6122    ///
6123    /// ```no_run
6124    /// # let mut buf = [0; 512];
6125    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
6126    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
6127    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
6128    /// # let peer = "127.0.0.1:1234".parse().unwrap();
6129    /// # let local = socket.local_addr().unwrap();
6130    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
6131    /// if let Some(payload_size) = conn.dgram_max_writable_len() {
6132    ///     if payload_size > 5 {
6133    ///         conn.dgram_send(b"hello")?;
6134    ///     }
6135    /// }
6136    /// # Ok::<(), quiche::Error>(())
6137    /// ```
6138    #[inline]
6139    pub fn dgram_max_writable_len(&self) -> Option<usize> {
6140        match self.peer_transport_params.max_datagram_frame_size {
6141            None => None,
6142            Some(peer_frame_len) => {
6143                let dcid = self.destination_id();
6144                // Start from the maximum packet size...
6145                let mut max_len = self.max_send_udp_payload_size();
6146                // ...subtract the Short packet header overhead...
6147                // (1 byte of pkt_len + len of dcid)
6148                max_len = max_len.saturating_sub(1 + dcid.len());
6149                // ...subtract the packet number (max len)...
6150                max_len = max_len.saturating_sub(packet::MAX_PKT_NUM_LEN);
6151                // ...subtract the crypto overhead...
6152                max_len = max_len.saturating_sub(
6153                    self.pkt_num_spaces[packet::Epoch::Application]
6154                        .crypto_overhead()?,
6155                );
6156                // ...clamp to what peer can support...
6157                max_len = cmp::min(peer_frame_len as usize, max_len);
6158                // ...subtract frame overhead, checked for underflow.
6159                // (1 byte of frame type + len of length )
6160                max_len.checked_sub(1 + frame::MAX_DGRAM_OVERHEAD)
6161            },
6162        }
6163    }
6164
6165    fn dgram_enabled(&self) -> bool {
6166        self.local_transport_params
6167            .max_datagram_frame_size
6168            .is_some()
6169    }
6170
6171    /// Returns when the next timeout event will occur.
6172    ///
6173    /// Once the timeout Instant has been reached, the [`on_timeout()`] method
6174    /// should be called. A timeout of `None` means that the timer should be
6175    /// disarmed.
6176    ///
6177    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
6178    pub fn timeout_instant(&self) -> Option<time::Instant> {
6179        if self.is_closed() {
6180            return None;
6181        }
6182
6183        if self.is_draining() {
6184            // Draining timer takes precedence over all other timers. If it is
6185            // set it means the connection is closing so there's no point in
6186            // processing the other timers.
6187            self.draining_timer
6188        } else {
6189            // Use the lowest timer value (i.e. "sooner") among idle and loss
6190            // detection timers. If they are both unset (i.e. `None`) then the
6191            // result is `None`, but if at least one of them is set then a
6192            // `Some(...)` value is returned.
6193            let path_timer = self
6194                .paths
6195                .iter()
6196                .filter_map(|(_, p)| p.recovery.loss_detection_timer())
6197                .min();
6198
6199            let key_update_timer = self.pkt_num_spaces
6200                [packet::Epoch::Application]
6201                .key_update
6202                .as_ref()
6203                .map(|key_update| key_update.timer);
6204
6205            let timers = [self.idle_timer, path_timer, key_update_timer];
6206
6207            timers.iter().filter_map(|&x| x).min()
6208        }
6209    }
6210
6211    /// Returns the amount of time until the next timeout event.
6212    ///
6213    /// Once the given duration has elapsed, the [`on_timeout()`] method should
6214    /// be called. A timeout of `None` means that the timer should be disarmed.
6215    ///
6216    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
6217    pub fn timeout(&self) -> Option<time::Duration> {
6218        self.timeout_instant().map(|timeout| {
6219            let now = time::Instant::now();
6220
6221            if timeout <= now {
6222                time::Duration::ZERO
6223            } else {
6224                timeout.duration_since(now)
6225            }
6226        })
6227    }
6228
6229    /// Processes a timeout event.
6230    ///
6231    /// If no timeout has occurred it does nothing.
6232    pub fn on_timeout(&mut self) {
6233        let now = time::Instant::now();
6234
6235        if let Some(draining_timer) = self.draining_timer {
6236            if draining_timer <= now {
6237                trace!("{} draining timeout expired", self.trace_id);
6238
6239                self.mark_closed();
6240            }
6241
6242            // Draining timer takes precedence over all other timers. If it is
6243            // set it means the connection is closing so there's no point in
6244            // processing the other timers.
6245            return;
6246        }
6247
6248        if let Some(timer) = self.idle_timer {
6249            if timer <= now {
6250                trace!("{} idle timeout expired", self.trace_id);
6251
6252                self.mark_closed();
6253                self.timed_out = true;
6254                return;
6255            }
6256        }
6257
6258        if let Some(timer) = self.pkt_num_spaces[packet::Epoch::Application]
6259            .key_update
6260            .as_ref()
6261            .map(|key_update| key_update.timer)
6262        {
6263            if timer <= now {
6264                // Discard previous key once key update timer expired.
6265                let _ = self.pkt_num_spaces[packet::Epoch::Application]
6266                    .key_update
6267                    .take();
6268            }
6269        }
6270
6271        let handshake_status = self.handshake_status();
6272
6273        for (_, p) in self.paths.iter_mut() {
6274            if let Some(timer) = p.recovery.loss_detection_timer() {
6275                if timer <= now {
6276                    trace!("{} loss detection timeout expired", self.trace_id);
6277
6278                    let (lost_packets, lost_bytes) = p.on_loss_detection_timeout(
6279                        handshake_status,
6280                        now,
6281                        self.is_server,
6282                        &self.trace_id,
6283                    );
6284
6285                    self.lost_count += lost_packets;
6286                    self.lost_bytes += lost_bytes as u64;
6287
6288                    qlog_with_type!(QLOG_METRICS, self.qlog, q, {
6289                        if let Some(ev_data) = p.recovery.maybe_qlog() {
6290                            q.add_event_data_with_instant(ev_data, now).ok();
6291                        }
6292                    });
6293                }
6294            }
6295        }
6296
6297        // Notify timeout events to the application.
6298        self.paths.notify_failed_validations();
6299
6300        // If the active path failed, try to find a new candidate.
6301        if self.paths.get_active_path_id().is_err() {
6302            match self.paths.find_candidate_path() {
6303                Some(pid) => {
6304                    if self.set_active_path(pid, now).is_err() {
6305                        // The connection cannot continue.
6306                        self.mark_closed();
6307                    }
6308                },
6309
6310                // The connection cannot continue.
6311                None => {
6312                    self.mark_closed();
6313                },
6314            }
6315        }
6316    }
6317
6318    /// Requests the stack to perform path validation of the proposed 4-tuple.
6319    ///
6320    /// Probing new paths requires spare Connection IDs at both the host and the
6321    /// peer sides. If it is not the case, it raises an [`OutOfIdentifiers`].
6322    ///
6323    /// The probing of new addresses can only be done by the client. The server
6324    /// can only probe network paths that were previously advertised by
6325    /// [`PathEvent::New`]. If the server tries to probe such an unseen network
6326    /// path, this call raises an [`InvalidState`].
6327    ///
6328    /// The caller might also want to probe an existing path. In such case, it
6329    /// triggers a PATH_CHALLENGE frame, but it does not require spare CIDs.
6330    ///
6331    /// A server always probes a new path it observes. Calling this method is
6332    /// hence not required to validate a new path. However, a server can still
6333    /// request an additional path validation of the proposed 4-tuple.
6334    ///
6335    /// Calling this method several times before calling [`send()`] or
6336    /// [`send_on_path()`] results in a single probe being generated. An
6337    /// application wanting to send multiple in-flight probes must call this
6338    /// method again after having sent packets.
6339    ///
6340    /// Returns the Destination Connection ID sequence number associated to that
6341    /// path.
6342    ///
6343    /// [`PathEvent::New`]: enum.PathEvent.html#variant.New
6344    /// [`OutOfIdentifiers`]: enum.Error.html#OutOfIdentifiers
6345    /// [`InvalidState`]: enum.Error.html#InvalidState
6346    /// [`send()`]: struct.Connection.html#method.send
6347    /// [`send_on_path()`]: struct.Connection.html#method.send_on_path
6348    pub fn probe_path(
6349        &mut self, local_addr: SocketAddr, peer_addr: SocketAddr,
6350    ) -> Result<u64> {
6351        // We may want to probe an existing path.
6352        let pid = match self.paths.path_id_from_addrs(&(local_addr, peer_addr)) {
6353            Some(pid) => pid,
6354            None => self.create_path_on_client(local_addr, peer_addr)?,
6355        };
6356
6357        let path = self.paths.get_mut(pid)?;
6358        path.request_validation();
6359
6360        path.active_dcid_seq.ok_or(Error::InvalidState)
6361    }
6362
6363    /// Migrates the connection to a new local address `local_addr`.
6364    ///
6365    /// The behavior is similar to [`migrate()`], with the nuance that the
6366    /// connection only changes the local address, but not the peer one.
6367    ///
6368    /// See [`migrate()`] for the full specification of this method.
6369    ///
6370    /// [`migrate()`]: struct.Connection.html#method.migrate
6371    pub fn migrate_source(&mut self, local_addr: SocketAddr) -> Result<u64> {
6372        let peer_addr = self.paths.get_active()?.peer_addr();
6373        self.migrate(local_addr, peer_addr)
6374    }
6375
6376    /// Migrates the connection over the given network path between `local_addr`
6377    /// and `peer_addr`.
6378    ///
6379    /// Connection migration can only be initiated by the client. Calling this
6380    /// method as a server returns [`InvalidState`].
6381    ///
6382    /// To initiate voluntary migration, there should be enough Connection IDs
6383    /// at both sides. If this requirement is not satisfied, this call returns
6384    /// [`OutOfIdentifiers`].
6385    ///
6386    /// Returns the Destination Connection ID associated to that migrated path.
6387    ///
6388    /// [`OutOfIdentifiers`]: enum.Error.html#OutOfIdentifiers
6389    /// [`InvalidState`]: enum.Error.html#InvalidState
6390    pub fn migrate(
6391        &mut self, local_addr: SocketAddr, peer_addr: SocketAddr,
6392    ) -> Result<u64> {
6393        if self.is_server {
6394            return Err(Error::InvalidState);
6395        }
6396
6397        // If the path already exists, mark it as the active one.
6398        let (pid, dcid_seq) = if let Some(pid) =
6399            self.paths.path_id_from_addrs(&(local_addr, peer_addr))
6400        {
6401            let path = self.paths.get_mut(pid)?;
6402
6403            // If it is already active, do nothing.
6404            if path.active() {
6405                return path.active_dcid_seq.ok_or(Error::OutOfIdentifiers);
6406            }
6407
6408            // Ensures that a Source Connection ID has been dedicated to this
6409            // path, or a free one is available. This is only required if the
6410            // host uses non-zero length Source Connection IDs.
6411            if !self.ids.zero_length_scid() &&
6412                path.active_scid_seq.is_none() &&
6413                self.ids.available_scids() == 0
6414            {
6415                return Err(Error::OutOfIdentifiers);
6416            }
6417
6418            // Ensures that the migrated path has a Destination Connection ID.
6419            let dcid_seq = if let Some(dcid_seq) = path.active_dcid_seq {
6420                dcid_seq
6421            } else {
6422                let dcid_seq = self
6423                    .ids
6424                    .lowest_available_dcid_seq()
6425                    .ok_or(Error::OutOfIdentifiers)?;
6426
6427                self.ids.link_dcid_to_path_id(dcid_seq, pid)?;
6428                path.active_dcid_seq = Some(dcid_seq);
6429
6430                dcid_seq
6431            };
6432
6433            (pid, dcid_seq)
6434        } else {
6435            let pid = self.create_path_on_client(local_addr, peer_addr)?;
6436
6437            let dcid_seq = self
6438                .paths
6439                .get(pid)?
6440                .active_dcid_seq
6441                .ok_or(Error::InvalidState)?;
6442
6443            (pid, dcid_seq)
6444        };
6445
6446        // Change the active path.
6447        self.set_active_path(pid, time::Instant::now())?;
6448
6449        Ok(dcid_seq)
6450    }
6451
6452    /// Provides additional source Connection IDs that the peer can use to reach
6453    /// this host.
6454    ///
6455    /// This triggers sending NEW_CONNECTION_ID frames if the provided Source
6456    /// Connection ID is not already present. In the case the caller tries to
6457    /// reuse a Connection ID with a different reset token, this raises an
6458    /// `InvalidState`.
6459    ///
6460    /// At any time, the peer cannot have more Destination Connection IDs than
6461    /// the maximum number of active Connection IDs it negotiated. In such case
6462    /// (i.e., when [`scids_left()`] returns 0), if the host agrees to
6463    /// request the removal of previous connection IDs, it sets the
6464    /// `retire_if_needed` parameter. Otherwise, an [`IdLimit`] is returned.
6465    ///
6466    /// Note that setting `retire_if_needed` does not prevent this function from
6467    /// returning an [`IdLimit`] in the case the caller wants to retire still
6468    /// unannounced Connection IDs.
6469    ///
6470    /// The caller is responsible for ensuring that the provided `scid` is not
6471    /// repeated several times over the connection. quiche ensures that as long
6472    /// as the provided Connection ID is still in use (i.e., not retired), it
6473    /// does not assign a different sequence number.
6474    ///
6475    /// Note that if the host uses zero-length Source Connection IDs, it cannot
6476    /// advertise Source Connection IDs and calling this method returns an
6477    /// [`InvalidState`].
6478    ///
6479    /// Returns the sequence number associated to the provided Connection ID.
6480    ///
6481    /// [`scids_left()`]: struct.Connection.html#method.scids_left
6482    /// [`IdLimit`]: enum.Error.html#IdLimit
6483    /// [`InvalidState`]: enum.Error.html#InvalidState
6484    pub fn new_scid(
6485        &mut self, scid: &ConnectionId, reset_token: u128, retire_if_needed: bool,
6486    ) -> Result<u64> {
6487        self.ids.new_scid(
6488            scid.to_vec().into(),
6489            Some(reset_token),
6490            true,
6491            None,
6492            retire_if_needed,
6493        )
6494    }
6495
6496    /// Returns the number of source Connection IDs that are active. This is
6497    /// only meaningful if the host uses non-zero length Source Connection IDs.
6498    pub fn active_scids(&self) -> usize {
6499        self.ids.active_source_cids()
6500    }
6501
6502    /// Returns the number of source Connection IDs that should be provided
6503    /// to the peer without exceeding the limit it advertised.
6504    ///
6505    /// This will automatically limit the number of Connection IDs to the
6506    /// minimum between the locally configured active connection ID limit,
6507    /// and the one sent by the peer.
6508    ///
6509    /// To obtain the maximum possible value allowed by the peer an application
6510    /// can instead inspect the [`peer_active_conn_id_limit`] value.
6511    ///
6512    /// [`peer_active_conn_id_limit`]: struct.Stats.html#structfield.peer_active_conn_id_limit
6513    #[inline]
6514    pub fn scids_left(&self) -> usize {
6515        let max_active_source_cids = cmp::min(
6516            self.peer_transport_params.active_conn_id_limit,
6517            self.local_transport_params.active_conn_id_limit,
6518        ) as usize;
6519
6520        max_active_source_cids - self.active_scids()
6521    }
6522
6523    /// Requests the retirement of the destination Connection ID used by the
6524    /// host to reach its peer.
6525    ///
6526    /// This triggers sending RETIRE_CONNECTION_ID frames.
6527    ///
6528    /// If the application tries to retire a non-existing Destination Connection
6529    /// ID sequence number, or if it uses zero-length Destination Connection ID,
6530    /// this method returns an [`InvalidState`].
6531    ///
6532    /// At any time, the host must have at least one Destination ID. If the
6533    /// application tries to retire the last one, or if the caller tries to
6534    /// retire the destination Connection ID used by the current active path
6535    /// while having neither spare Destination Connection IDs nor validated
6536    /// network paths, this method returns an [`OutOfIdentifiers`]. This
6537    /// behavior prevents the caller from stalling the connection due to the
6538    /// lack of validated path to send non-probing packets.
6539    ///
6540    /// [`InvalidState`]: enum.Error.html#InvalidState
6541    /// [`OutOfIdentifiers`]: enum.Error.html#OutOfIdentifiers
6542    pub fn retire_dcid(&mut self, dcid_seq: u64) -> Result<()> {
6543        if self.ids.zero_length_dcid() {
6544            return Err(Error::InvalidState);
6545        }
6546
6547        let active_path_dcid_seq = self
6548            .paths
6549            .get_active()?
6550            .active_dcid_seq
6551            .ok_or(Error::InvalidState)?;
6552
6553        let active_path_id = self.paths.get_active_path_id()?;
6554
6555        if active_path_dcid_seq == dcid_seq &&
6556            self.ids.lowest_available_dcid_seq().is_none() &&
6557            !self
6558                .paths
6559                .iter()
6560                .any(|(pid, p)| pid != active_path_id && p.usable())
6561        {
6562            return Err(Error::OutOfIdentifiers);
6563        }
6564
6565        if let Some(pid) = self.ids.retire_dcid(dcid_seq)? {
6566            // The retired Destination CID was associated to a given path. Let's
6567            // find an available DCID to associate to that path.
6568            let path = self.paths.get_mut(pid)?;
6569            let dcid_seq = self.ids.lowest_available_dcid_seq();
6570
6571            if let Some(dcid_seq) = dcid_seq {
6572                self.ids.link_dcid_to_path_id(dcid_seq, pid)?;
6573            }
6574
6575            path.active_dcid_seq = dcid_seq;
6576        }
6577
6578        Ok(())
6579    }
6580
6581    /// Processes path-specific events.
6582    ///
6583    /// On success it returns a [`PathEvent`], or `None` when there are no
6584    /// events to report. Please refer to [`PathEvent`] for the exhaustive event
6585    /// list.
6586    ///
6587    /// Note that all events are edge-triggered, meaning that once reported they
6588    /// will not be reported again by calling this method again, until the event
6589    /// is re-armed.
6590    ///
6591    /// [`PathEvent`]: enum.PathEvent.html
6592    pub fn path_event_next(&mut self) -> Option<PathEvent> {
6593        self.paths.pop_event()
6594    }
6595
6596    /// Returns the number of source Connection IDs that are retired.
6597    pub fn retired_scids(&self) -> usize {
6598        self.ids.retired_source_cids()
6599    }
6600
6601    /// Returns a source `ConnectionId` that has been retired.
6602    ///
6603    /// On success it returns a [`ConnectionId`], or `None` when there are no
6604    /// more retired connection IDs.
6605    ///
6606    /// [`ConnectionId`]: struct.ConnectionId.html
6607    pub fn retired_scid_next(&mut self) -> Option<ConnectionId<'static>> {
6608        self.ids.pop_retired_scid()
6609    }
6610
6611    /// Returns the number of spare Destination Connection IDs, i.e.,
6612    /// Destination Connection IDs that are still unused.
6613    ///
6614    /// Note that this function returns 0 if the host uses zero length
6615    /// Destination Connection IDs.
6616    pub fn available_dcids(&self) -> usize {
6617        self.ids.available_dcids()
6618    }
6619
6620    /// Returns an iterator over destination `SockAddr`s whose association
6621    /// with `from` forms a known QUIC path on which packets can be sent to.
6622    ///
6623    /// This function is typically used in combination with [`send_on_path()`].
6624    ///
6625    /// Note that the iterator includes all the possible combination of
6626    /// destination `SockAddr`s, even those whose sending is not required now.
6627    /// In other words, this is another way for the application to recall from
6628    /// past [`PathEvent::New`] events.
6629    ///
6630    /// [`PathEvent::New`]: enum.PathEvent.html#variant.New
6631    /// [`send_on_path()`]: struct.Connection.html#method.send_on_path
6632    ///
6633    /// ## Examples:
6634    ///
6635    /// ```no_run
6636    /// # let mut out = [0; 512];
6637    /// # let socket = std::net::UdpSocket::bind("127.0.0.1:0").unwrap();
6638    /// # let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?;
6639    /// # let scid = quiche::ConnectionId::from_ref(&[0xba; 16]);
6640    /// # let local = socket.local_addr().unwrap();
6641    /// # let peer = "127.0.0.1:1234".parse().unwrap();
6642    /// # let mut conn = quiche::accept(&scid, None, local, peer, &mut config)?;
6643    /// // Iterate over possible destinations for the given local `SockAddr`.
6644    /// for dest in conn.paths_iter(local) {
6645    ///     loop {
6646    ///         let (write, send_info) =
6647    ///             match conn.send_on_path(&mut out, Some(local), Some(dest)) {
6648    ///                 Ok(v) => v,
6649    ///
6650    ///                 Err(quiche::Error::Done) => {
6651    ///                     // Done writing for this destination.
6652    ///                     break;
6653    ///                 },
6654    ///
6655    ///                 Err(e) => {
6656    ///                     // An error occurred, handle it.
6657    ///                     break;
6658    ///                 },
6659    ///             };
6660    ///
6661    ///         socket.send_to(&out[..write], &send_info.to).unwrap();
6662    ///     }
6663    /// }
6664    /// # Ok::<(), quiche::Error>(())
6665    /// ```
6666    #[inline]
6667    pub fn paths_iter(&self, from: SocketAddr) -> SocketAddrIter {
6668        // Instead of trying to identify whether packets will be sent on the
6669        // given 4-tuple, simply filter paths that cannot be used.
6670        SocketAddrIter {
6671            sockaddrs: self
6672                .paths
6673                .iter()
6674                .filter(|(_, p)| p.active_dcid_seq.is_some())
6675                .filter(|(_, p)| p.usable() || p.probing_required())
6676                .filter(|(_, p)| p.local_addr() == from)
6677                .map(|(_, p)| p.peer_addr())
6678                .collect(),
6679
6680            index: 0,
6681        }
6682    }
6683
6684    /// Closes the connection with the given error and reason.
6685    ///
6686    /// The `app` parameter specifies whether an application close should be
6687    /// sent to the peer. Otherwise a normal connection close is sent.
6688    ///
6689    /// If `app` is true but the connection is not in a state that is safe to
6690    /// send an application error (not established nor in early data), in
6691    /// accordance with [RFC
6692    /// 9000](https://www.rfc-editor.org/rfc/rfc9000.html#section-10.2.3-3), the
6693    /// error code is changed to APPLICATION_ERROR and the reason phrase is
6694    /// cleared.
6695    ///
6696    /// Returns [`Done`] if the connection had already been closed.
6697    ///
6698    /// Note that the connection will not be closed immediately. An application
6699    /// should continue calling the [`recv()`], [`send()`], [`timeout()`] and
6700    /// [`on_timeout()`] methods as normal, until the [`is_closed()`] method
6701    /// returns `true`.
6702    ///
6703    /// [`Done`]: enum.Error.html#variant.Done
6704    /// [`recv()`]: struct.Connection.html#method.recv
6705    /// [`send()`]: struct.Connection.html#method.send
6706    /// [`timeout()`]: struct.Connection.html#method.timeout
6707    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
6708    /// [`is_closed()`]: struct.Connection.html#method.is_closed
6709    pub fn close(&mut self, app: bool, err: u64, reason: &[u8]) -> Result<()> {
6710        if self.is_closed() || self.is_draining() {
6711            return Err(Error::Done);
6712        }
6713
6714        if self.local_error.is_some() {
6715            return Err(Error::Done);
6716        }
6717
6718        let is_safe_to_send_app_data =
6719            self.is_established() || self.is_in_early_data();
6720
6721        if app && !is_safe_to_send_app_data {
6722            // Clear error information.
6723            self.local_error = Some(ConnectionError {
6724                is_app: false,
6725                error_code: 0x0c,
6726                reason: vec![],
6727            });
6728        } else {
6729            self.local_error = Some(ConnectionError {
6730                is_app: app,
6731                error_code: err,
6732                reason: reason.to_vec(),
6733            });
6734        }
6735
6736        // When no packet was successfully processed close connection immediately.
6737        if self.recv_count == 0 {
6738            self.mark_closed();
6739        }
6740
6741        Ok(())
6742    }
6743
6744    /// Returns a string uniquely representing the connection.
6745    ///
6746    /// This can be used for logging purposes to differentiate between multiple
6747    /// connections.
6748    #[inline]
6749    pub fn trace_id(&self) -> &str {
6750        &self.trace_id
6751    }
6752
6753    /// Returns the negotiated ALPN protocol.
6754    ///
6755    /// If no protocol has been negotiated, the returned value is empty.
6756    #[inline]
6757    pub fn application_proto(&self) -> &[u8] {
6758        self.alpn.as_ref()
6759    }
6760
6761    /// Returns the server name requested by the client.
6762    #[inline]
6763    pub fn server_name(&self) -> Option<&str> {
6764        self.handshake.server_name()
6765    }
6766
6767    /// Returns the peer's leaf certificate (if any) as a DER-encoded buffer.
6768    #[inline]
6769    pub fn peer_cert(&self) -> Option<&[u8]> {
6770        self.handshake.peer_cert()
6771    }
6772
6773    /// Returns the peer's certificate chain (if any) as a vector of DER-encoded
6774    /// buffers.
6775    ///
6776    /// The certificate at index 0 is the peer's leaf certificate, the other
6777    /// certificates (if any) are the chain certificate authorities used to
6778    /// sign the leaf certificate.
6779    #[inline]
6780    pub fn peer_cert_chain(&self) -> Option<Vec<&[u8]>> {
6781        self.handshake.peer_cert_chain()
6782    }
6783
6784    /// Returns the serialized cryptographic session for the connection.
6785    ///
6786    /// This can be used by a client to cache a connection's session, and resume
6787    /// it later using the [`set_session()`] method.
6788    ///
6789    /// [`set_session()`]: struct.Connection.html#method.set_session
6790    #[inline]
6791    pub fn session(&self) -> Option<&[u8]> {
6792        self.session.as_deref()
6793    }
6794
6795    /// Returns the source connection ID.
6796    ///
6797    /// When there are multiple IDs, and if there is an active path, the ID used
6798    /// on that path is returned. Otherwise the oldest ID is returned.
6799    ///
6800    /// Note that the value returned can change throughout the connection's
6801    /// lifetime.
6802    #[inline]
6803    pub fn source_id(&self) -> ConnectionId {
6804        if let Ok(path) = self.paths.get_active() {
6805            if let Some(active_scid_seq) = path.active_scid_seq {
6806                if let Ok(e) = self.ids.get_scid(active_scid_seq) {
6807                    return ConnectionId::from_ref(e.cid.as_ref());
6808                }
6809            }
6810        }
6811
6812        let e = self.ids.oldest_scid();
6813        ConnectionId::from_ref(e.cid.as_ref())
6814    }
6815
6816    /// Returns all active source connection IDs.
6817    ///
6818    /// An iterator is returned for all active IDs (i.e. ones that have not
6819    /// been explicitly retired yet).
6820    #[inline]
6821    pub fn source_ids(&self) -> impl Iterator<Item = &ConnectionId> {
6822        self.ids.scids_iter()
6823    }
6824
6825    /// Returns the destination connection ID.
6826    ///
6827    /// Note that the value returned can change throughout the connection's
6828    /// lifetime.
6829    #[inline]
6830    pub fn destination_id(&self) -> ConnectionId {
6831        if let Ok(path) = self.paths.get_active() {
6832            if let Some(active_dcid_seq) = path.active_dcid_seq {
6833                if let Ok(e) = self.ids.get_dcid(active_dcid_seq) {
6834                    return ConnectionId::from_ref(e.cid.as_ref());
6835                }
6836            }
6837        }
6838
6839        let e = self.ids.oldest_dcid();
6840        ConnectionId::from_ref(e.cid.as_ref())
6841    }
6842
6843    /// Returns true if the connection handshake is complete.
6844    #[inline]
6845    pub fn is_established(&self) -> bool {
6846        self.handshake_completed
6847    }
6848
6849    /// Returns true if the connection is resumed.
6850    #[inline]
6851    pub fn is_resumed(&self) -> bool {
6852        self.handshake.is_resumed()
6853    }
6854
6855    /// Returns true if the connection has a pending handshake that has
6856    /// progressed enough to send or receive early data.
6857    #[inline]
6858    pub fn is_in_early_data(&self) -> bool {
6859        self.handshake.is_in_early_data()
6860    }
6861
6862    /// Returns whether there is stream or DATAGRAM data available to read.
6863    #[inline]
6864    pub fn is_readable(&self) -> bool {
6865        self.streams.has_readable() || self.dgram_recv_front_len().is_some()
6866    }
6867
6868    /// Returns whether the network path with local address `from` and remote
6869    /// address `peer` has been validated.
6870    ///
6871    /// If the 4-tuple does not exist over the connection, returns an
6872    /// [`InvalidState`].
6873    ///
6874    /// [`InvalidState`]: enum.Error.html#variant.InvalidState
6875    pub fn is_path_validated(
6876        &self, from: SocketAddr, to: SocketAddr,
6877    ) -> Result<bool> {
6878        let pid = self
6879            .paths
6880            .path_id_from_addrs(&(from, to))
6881            .ok_or(Error::InvalidState)?;
6882
6883        Ok(self.paths.get(pid)?.validated())
6884    }
6885
6886    /// Returns true if the connection is draining.
6887    ///
6888    /// If this returns `true`, the connection object cannot yet be dropped, but
6889    /// no new application data can be sent or received. An application should
6890    /// continue calling the [`recv()`], [`timeout()`], and [`on_timeout()`]
6891    /// methods as normal, until the [`is_closed()`] method returns `true`.
6892    ///
6893    /// In contrast, once `is_draining()` returns `true`, calling [`send()`]
6894    /// is not required because no new outgoing packets will be generated.
6895    ///
6896    /// [`recv()`]: struct.Connection.html#method.recv
6897    /// [`send()`]: struct.Connection.html#method.send
6898    /// [`timeout()`]: struct.Connection.html#method.timeout
6899    /// [`on_timeout()`]: struct.Connection.html#method.on_timeout
6900    /// [`is_closed()`]: struct.Connection.html#method.is_closed
6901    #[inline]
6902    pub fn is_draining(&self) -> bool {
6903        self.draining_timer.is_some()
6904    }
6905
6906    /// Returns true if the connection is closed.
6907    ///
6908    /// If this returns true, the connection object can be dropped.
6909    #[inline]
6910    pub fn is_closed(&self) -> bool {
6911        self.closed
6912    }
6913
6914    /// Returns true if the connection was closed due to the idle timeout.
6915    #[inline]
6916    pub fn is_timed_out(&self) -> bool {
6917        self.timed_out
6918    }
6919
6920    /// Returns the error received from the peer, if any.
6921    ///
6922    /// Note that a `Some` return value does not necessarily imply
6923    /// [`is_closed()`] or any other connection state.
6924    ///
6925    /// [`is_closed()`]: struct.Connection.html#method.is_closed
6926    #[inline]
6927    pub fn peer_error(&self) -> Option<&ConnectionError> {
6928        self.peer_error.as_ref()
6929    }
6930
6931    /// Returns the error [`close()`] was called with, or internally
6932    /// created quiche errors, if any.
6933    ///
6934    /// Note that a `Some` return value does not necessarily imply
6935    /// [`is_closed()`] or any other connection state.
6936    /// `Some` also does not guarantee that the error has been sent to
6937    /// or received by the peer.
6938    ///
6939    /// [`close()`]: struct.Connection.html#method.close
6940    /// [`is_closed()`]: struct.Connection.html#method.is_closed
6941    #[inline]
6942    pub fn local_error(&self) -> Option<&ConnectionError> {
6943        self.local_error.as_ref()
6944    }
6945
6946    /// Collects and returns statistics about the connection.
6947    #[inline]
6948    pub fn stats(&self) -> Stats {
6949        Stats {
6950            recv: self.recv_count,
6951            sent: self.sent_count,
6952            lost: self.lost_count,
6953            retrans: self.retrans_count,
6954            sent_bytes: self.sent_bytes,
6955            recv_bytes: self.recv_bytes,
6956            acked_bytes: self.acked_bytes,
6957            lost_bytes: self.lost_bytes,
6958            stream_retrans_bytes: self.stream_retrans_bytes,
6959            dgram_recv: self.dgram_recv_count,
6960            dgram_sent: self.dgram_sent_count,
6961            paths_count: self.paths.len(),
6962            reset_stream_count_local: self.reset_stream_local_count,
6963            stopped_stream_count_local: self.stopped_stream_local_count,
6964            reset_stream_count_remote: self.reset_stream_remote_count,
6965            stopped_stream_count_remote: self.stopped_stream_remote_count,
6966            path_challenge_rx_count: self.path_challenge_rx_count,
6967        }
6968    }
6969
6970    /// Returns reference to peer's transport parameters. Returns `None` if we
6971    /// have not yet processed the peer's transport parameters.
6972    pub fn peer_transport_params(&self) -> Option<&TransportParams> {
6973        if !self.parsed_peer_transport_params {
6974            return None;
6975        }
6976
6977        Some(&self.peer_transport_params)
6978    }
6979
6980    /// Collects and returns statistics about each known path for the
6981    /// connection.
6982    pub fn path_stats(&self) -> impl Iterator<Item = PathStats> + '_ {
6983        self.paths.iter().map(|(_, p)| p.stats())
6984    }
6985
6986    /// Returns whether or not this is a server-side connection.
6987    pub fn is_server(&self) -> bool {
6988        self.is_server
6989    }
6990
6991    fn encode_transport_params(&mut self) -> Result<()> {
6992        let mut raw_params = [0; 128];
6993
6994        let raw_params = TransportParams::encode(
6995            &self.local_transport_params,
6996            self.is_server,
6997            &mut raw_params,
6998        )?;
6999
7000        self.handshake.set_quic_transport_params(raw_params)?;
7001
7002        Ok(())
7003    }
7004
7005    fn parse_peer_transport_params(
7006        &mut self, peer_params: TransportParams,
7007    ) -> Result<()> {
7008        // Validate initial_source_connection_id.
7009        match &peer_params.initial_source_connection_id {
7010            Some(v) if v != &self.destination_id() =>
7011                return Err(Error::InvalidTransportParam),
7012
7013            Some(_) => (),
7014
7015            // initial_source_connection_id must be sent by
7016            // both endpoints.
7017            None => return Err(Error::InvalidTransportParam),
7018        }
7019
7020        // Validate original_destination_connection_id.
7021        if let Some(odcid) = &self.odcid {
7022            match &peer_params.original_destination_connection_id {
7023                Some(v) if v != odcid =>
7024                    return Err(Error::InvalidTransportParam),
7025
7026                Some(_) => (),
7027
7028                // original_destination_connection_id must be
7029                // sent by the server.
7030                None if !self.is_server =>
7031                    return Err(Error::InvalidTransportParam),
7032
7033                None => (),
7034            }
7035        }
7036
7037        // Validate retry_source_connection_id.
7038        if let Some(rscid) = &self.rscid {
7039            match &peer_params.retry_source_connection_id {
7040                Some(v) if v != rscid =>
7041                    return Err(Error::InvalidTransportParam),
7042
7043                Some(_) => (),
7044
7045                // retry_source_connection_id must be sent by
7046                // the server.
7047                None => return Err(Error::InvalidTransportParam),
7048            }
7049        }
7050
7051        self.process_peer_transport_params(peer_params)?;
7052
7053        self.parsed_peer_transport_params = true;
7054
7055        Ok(())
7056    }
7057
7058    fn process_peer_transport_params(
7059        &mut self, peer_params: TransportParams,
7060    ) -> Result<()> {
7061        self.max_tx_data = peer_params.initial_max_data;
7062
7063        // Update send capacity.
7064        self.update_tx_cap();
7065
7066        self.streams
7067            .update_peer_max_streams_bidi(peer_params.initial_max_streams_bidi);
7068        self.streams
7069            .update_peer_max_streams_uni(peer_params.initial_max_streams_uni);
7070
7071        let max_ack_delay =
7072            time::Duration::from_millis(peer_params.max_ack_delay);
7073
7074        self.recovery_config.max_ack_delay = max_ack_delay;
7075
7076        let active_path = self.paths.get_active_mut()?;
7077
7078        active_path.recovery.update_max_ack_delay(max_ack_delay);
7079
7080        if active_path.pmtud.get_probe_status() {
7081            active_path.recovery.pmtud_update_max_datagram_size(
7082                active_path
7083                    .pmtud
7084                    .get_probe_size()
7085                    .min(peer_params.max_udp_payload_size as usize),
7086            );
7087        } else {
7088            active_path.recovery.update_max_datagram_size(
7089                peer_params.max_udp_payload_size as usize,
7090            );
7091        }
7092
7093        // Record the max_active_conn_id parameter advertised by the peer.
7094        self.ids
7095            .set_source_conn_id_limit(peer_params.active_conn_id_limit);
7096
7097        self.peer_transport_params = peer_params;
7098
7099        Ok(())
7100    }
7101
7102    /// Continues the handshake.
7103    ///
7104    /// If the connection is already established, it does nothing.
7105    fn do_handshake(&mut self, now: time::Instant) -> Result<()> {
7106        let mut ex_data = tls::ExData {
7107            application_protos: &self.application_protos,
7108
7109            pkt_num_spaces: &mut self.pkt_num_spaces,
7110
7111            session: &mut self.session,
7112
7113            local_error: &mut self.local_error,
7114
7115            keylog: self.keylog.as_mut(),
7116
7117            trace_id: &self.trace_id,
7118
7119            recovery_config: self.recovery_config,
7120
7121            is_server: self.is_server,
7122        };
7123
7124        if self.handshake_completed {
7125            return self.handshake.process_post_handshake(&mut ex_data);
7126        }
7127
7128        match self.handshake.do_handshake(&mut ex_data) {
7129            Ok(_) => (),
7130
7131            Err(Error::Done) => {
7132                // Apply in-handshake configuration from callbacks before any
7133                // packet has been sent.
7134                if self.sent_count == 0 &&
7135                    ex_data.recovery_config != self.recovery_config
7136                {
7137                    if let Ok(path) = self.paths.get_active_mut() {
7138                        self.recovery_config = ex_data.recovery_config;
7139                        path.reinit_recovery(&self.recovery_config);
7140                    }
7141                }
7142
7143                // Try to parse transport parameters as soon as the first flight
7144                // of handshake data is processed.
7145                //
7146                // This is potentially dangerous as the handshake hasn't been
7147                // completed yet, though it's required to be able to send data
7148                // in 0.5 RTT.
7149                let raw_params = self.handshake.quic_transport_params();
7150
7151                if !self.parsed_peer_transport_params && !raw_params.is_empty() {
7152                    let peer_params = TransportParams::decode(
7153                        raw_params,
7154                        self.is_server,
7155                        self.peer_transport_params_track_unknown,
7156                    )?;
7157
7158                    self.parse_peer_transport_params(peer_params)?;
7159                }
7160
7161                return Ok(());
7162            },
7163
7164            Err(e) => return Err(e),
7165        };
7166
7167        self.handshake_completed = self.handshake.is_completed();
7168
7169        self.alpn = self.handshake.alpn_protocol().to_vec();
7170
7171        let raw_params = self.handshake.quic_transport_params();
7172
7173        if !self.parsed_peer_transport_params && !raw_params.is_empty() {
7174            let peer_params = TransportParams::decode(
7175                raw_params,
7176                self.is_server,
7177                self.peer_transport_params_track_unknown,
7178            )?;
7179
7180            self.parse_peer_transport_params(peer_params)?;
7181        }
7182
7183        if self.handshake_completed {
7184            // The handshake is considered confirmed at the server when the
7185            // handshake completes, at which point we can also drop the
7186            // handshake epoch.
7187            if self.is_server {
7188                self.handshake_confirmed = true;
7189
7190                self.drop_epoch_state(packet::Epoch::Handshake, now);
7191            }
7192
7193            // Once the handshake is completed there's no point in processing
7194            // 0-RTT packets anymore, so clear the buffer now.
7195            self.undecryptable_pkts.clear();
7196
7197            trace!("{} connection established: proto={:?} cipher={:?} curve={:?} sigalg={:?} resumed={} {:?}",
7198                   &self.trace_id,
7199                   std::str::from_utf8(self.application_proto()),
7200                   self.handshake.cipher(),
7201                   self.handshake.curve(),
7202                   self.handshake.sigalg(),
7203                   self.handshake.is_resumed(),
7204                   self.peer_transport_params);
7205        }
7206
7207        Ok(())
7208    }
7209
7210    /// Selects the packet type for the next outgoing packet.
7211    fn write_pkt_type(&self, send_pid: usize) -> Result<packet::Type> {
7212        // On error send packet in the latest epoch available, but only send
7213        // 1-RTT ones when the handshake is completed.
7214        if self
7215            .local_error
7216            .as_ref()
7217            .is_some_and(|conn_err| !conn_err.is_app)
7218        {
7219            let epoch = match self.handshake.write_level() {
7220                crypto::Level::Initial => packet::Epoch::Initial,
7221                crypto::Level::ZeroRTT => unreachable!(),
7222                crypto::Level::Handshake => packet::Epoch::Handshake,
7223                crypto::Level::OneRTT => packet::Epoch::Application,
7224            };
7225
7226            if !self.handshake_confirmed {
7227                match epoch {
7228                    // Downgrade the epoch to Handshake as the handshake is not
7229                    // completed yet.
7230                    packet::Epoch::Application =>
7231                        return Ok(packet::Type::Handshake),
7232
7233                    // Downgrade the epoch to Initial as the remote peer might
7234                    // not be able to decrypt handshake packets yet.
7235                    packet::Epoch::Handshake
7236                        if self.pkt_num_spaces[packet::Epoch::Initial]
7237                            .has_keys() =>
7238                        return Ok(packet::Type::Initial),
7239
7240                    _ => (),
7241                };
7242            }
7243
7244            return Ok(packet::Type::from_epoch(epoch));
7245        }
7246
7247        for &epoch in packet::Epoch::epochs(
7248            packet::Epoch::Initial..=packet::Epoch::Application,
7249        ) {
7250            // Only send packets in a space when we have the send keys for it.
7251            if self.pkt_num_spaces[epoch].crypto_seal.is_none() {
7252                continue;
7253            }
7254
7255            // We are ready to send data for this packet number space.
7256            if self.pkt_num_spaces[epoch].ready() {
7257                return Ok(packet::Type::from_epoch(epoch));
7258            }
7259
7260            // There are lost frames in this packet number space.
7261            for (_, p) in self.paths.iter() {
7262                if p.recovery.has_lost_frames(epoch) {
7263                    return Ok(packet::Type::from_epoch(epoch));
7264                }
7265
7266                // We need to send PTO probe packets.
7267                if p.recovery.loss_probes(epoch) > 0 {
7268                    return Ok(packet::Type::from_epoch(epoch));
7269                }
7270            }
7271        }
7272
7273        // If there are flushable, almost full or blocked streams, use the
7274        // Application epoch.
7275        let send_path = self.paths.get(send_pid)?;
7276        if (self.is_established() || self.is_in_early_data()) &&
7277            (self.should_send_handshake_done() ||
7278                self.almost_full ||
7279                self.blocked_limit.is_some() ||
7280                self.dgram_send_queue.has_pending() ||
7281                self.local_error
7282                    .as_ref()
7283                    .is_some_and(|conn_err| conn_err.is_app) ||
7284                self.streams.should_update_max_streams_bidi() ||
7285                self.streams.should_update_max_streams_uni() ||
7286                self.streams.has_flushable() ||
7287                self.streams.has_almost_full() ||
7288                self.streams.has_blocked() ||
7289                self.streams.has_reset() ||
7290                self.streams.has_stopped() ||
7291                self.ids.has_new_scids() ||
7292                self.ids.has_retire_dcids() ||
7293                send_path.pmtud.get_probe_status() ||
7294                send_path.needs_ack_eliciting ||
7295                send_path.probing_required())
7296        {
7297            // Only clients can send 0-RTT packets.
7298            if !self.is_server && self.is_in_early_data() {
7299                return Ok(packet::Type::ZeroRTT);
7300            }
7301
7302            return Ok(packet::Type::Short);
7303        }
7304
7305        Err(Error::Done)
7306    }
7307
7308    /// Returns the mutable stream with the given ID if it exists, or creates
7309    /// a new one otherwise.
7310    fn get_or_create_stream(
7311        &mut self, id: u64, local: bool,
7312    ) -> Result<&mut stream::Stream<F>> {
7313        self.streams.get_or_create(
7314            id,
7315            &self.local_transport_params,
7316            &self.peer_transport_params,
7317            local,
7318            self.is_server,
7319        )
7320    }
7321
7322    /// Processes an incoming frame.
7323    fn process_frame(
7324        &mut self, frame: frame::Frame, hdr: &packet::Header,
7325        recv_path_id: usize, epoch: packet::Epoch, now: time::Instant,
7326    ) -> Result<()> {
7327        trace!("{} rx frm {:?}", self.trace_id, frame);
7328
7329        match frame {
7330            frame::Frame::Padding { .. } => (),
7331
7332            frame::Frame::Ping { .. } => (),
7333
7334            frame::Frame::ACK {
7335                ranges, ack_delay, ..
7336            } => {
7337                let ack_delay = ack_delay
7338                    .checked_mul(2_u64.pow(
7339                        self.peer_transport_params.ack_delay_exponent as u32,
7340                    ))
7341                    .ok_or(Error::InvalidFrame)?;
7342
7343                if epoch == packet::Epoch::Handshake ||
7344                    (epoch == packet::Epoch::Application &&
7345                        self.is_established())
7346                {
7347                    self.peer_verified_initial_address = true;
7348                }
7349
7350                let handshake_status = self.handshake_status();
7351
7352                let is_app_limited = self.delivery_rate_check_if_app_limited();
7353
7354                for (_, p) in self.paths.iter_mut() {
7355                    if is_app_limited {
7356                        p.recovery.delivery_rate_update_app_limited(true);
7357                    }
7358
7359                    let (lost_packets, lost_bytes, acked_bytes) =
7360                        p.recovery.on_ack_received(
7361                            &ranges,
7362                            ack_delay,
7363                            epoch,
7364                            handshake_status,
7365                            now,
7366                            &self.trace_id,
7367                        );
7368
7369                    self.lost_count += lost_packets;
7370                    self.lost_bytes += lost_bytes as u64;
7371                    self.acked_bytes += acked_bytes as u64;
7372                }
7373            },
7374
7375            frame::Frame::ResetStream {
7376                stream_id,
7377                error_code,
7378                final_size,
7379            } => {
7380                // Peer can't send on our unidirectional streams.
7381                if !stream::is_bidi(stream_id) &&
7382                    stream::is_local(stream_id, self.is_server)
7383                {
7384                    return Err(Error::InvalidStreamState(stream_id));
7385                }
7386
7387                let max_rx_data_left = self.max_rx_data() - self.rx_data;
7388
7389                // Get existing stream or create a new one, but if the stream
7390                // has already been closed and collected, ignore the frame.
7391                //
7392                // This can happen if e.g. an ACK frame is lost, and the peer
7393                // retransmits another frame before it realizes that the stream
7394                // is gone.
7395                //
7396                // Note that it makes it impossible to check if the frame is
7397                // illegal, since we have no state, but since we ignore the
7398                // frame, it should be fine.
7399                let stream = match self.get_or_create_stream(stream_id, false) {
7400                    Ok(v) => v,
7401
7402                    Err(Error::Done) => return Ok(()),
7403
7404                    Err(e) => return Err(e),
7405                };
7406
7407                let was_readable = stream.is_readable();
7408                let priority_key = Arc::clone(&stream.priority_key);
7409
7410                let max_off_delta =
7411                    stream.recv.reset(error_code, final_size)? as u64;
7412
7413                if max_off_delta > max_rx_data_left {
7414                    return Err(Error::FlowControl);
7415                }
7416
7417                if !was_readable && stream.is_readable() {
7418                    self.streams.insert_readable(&priority_key);
7419                }
7420
7421                self.rx_data += max_off_delta;
7422
7423                self.reset_stream_remote_count =
7424                    self.reset_stream_remote_count.saturating_add(1);
7425            },
7426
7427            frame::Frame::StopSending {
7428                stream_id,
7429                error_code,
7430            } => {
7431                // STOP_SENDING on a receive-only stream is a fatal error.
7432                if !stream::is_local(stream_id, self.is_server) &&
7433                    !stream::is_bidi(stream_id)
7434                {
7435                    return Err(Error::InvalidStreamState(stream_id));
7436                }
7437
7438                // Get existing stream or create a new one, but if the stream
7439                // has already been closed and collected, ignore the frame.
7440                //
7441                // This can happen if e.g. an ACK frame is lost, and the peer
7442                // retransmits another frame before it realizes that the stream
7443                // is gone.
7444                //
7445                // Note that it makes it impossible to check if the frame is
7446                // illegal, since we have no state, but since we ignore the
7447                // frame, it should be fine.
7448                let stream = match self.get_or_create_stream(stream_id, false) {
7449                    Ok(v) => v,
7450
7451                    Err(Error::Done) => return Ok(()),
7452
7453                    Err(e) => return Err(e),
7454                };
7455
7456                let was_writable = stream.is_writable();
7457
7458                let priority_key = Arc::clone(&stream.priority_key);
7459
7460                // Try stopping the stream.
7461                if let Ok((final_size, unsent)) = stream.send.stop(error_code) {
7462                    // Claw back some flow control allowance from data that was
7463                    // buffered but not actually sent before the stream was
7464                    // reset.
7465                    //
7466                    // Note that `tx_cap` will be updated later on, so no need
7467                    // to touch it here.
7468                    self.tx_data = self.tx_data.saturating_sub(unsent);
7469
7470                    self.tx_buffered =
7471                        self.tx_buffered.saturating_sub(unsent as usize);
7472
7473                    self.streams.insert_reset(stream_id, error_code, final_size);
7474
7475                    if !was_writable {
7476                        self.streams.insert_writable(&priority_key);
7477                    }
7478
7479                    self.stopped_stream_remote_count =
7480                        self.stopped_stream_remote_count.saturating_add(1);
7481                    self.reset_stream_local_count =
7482                        self.reset_stream_local_count.saturating_add(1);
7483                }
7484            },
7485
7486            frame::Frame::Crypto { data } => {
7487                if data.max_off() >= MAX_CRYPTO_STREAM_OFFSET {
7488                    return Err(Error::CryptoBufferExceeded);
7489                }
7490
7491                // Push the data to the stream so it can be re-ordered.
7492                self.pkt_num_spaces[epoch].crypto_stream.recv.write(data)?;
7493
7494                // Feed crypto data to the TLS state, if there's data
7495                // available at the expected offset.
7496                let mut crypto_buf = [0; 512];
7497
7498                let level = crypto::Level::from_epoch(epoch);
7499
7500                let stream = &mut self.pkt_num_spaces[epoch].crypto_stream;
7501
7502                while let Ok((read, _)) = stream.recv.emit(&mut crypto_buf) {
7503                    let recv_buf = &crypto_buf[..read];
7504                    self.handshake.provide_data(level, recv_buf)?;
7505                }
7506
7507                self.do_handshake(now)?;
7508            },
7509
7510            frame::Frame::CryptoHeader { .. } => unreachable!(),
7511
7512            // TODO: implement stateless retry
7513            frame::Frame::NewToken { .. } =>
7514                if self.is_server {
7515                    return Err(Error::InvalidPacket);
7516                },
7517
7518            frame::Frame::Stream { stream_id, data } => {
7519                // Peer can't send on our unidirectional streams.
7520                if !stream::is_bidi(stream_id) &&
7521                    stream::is_local(stream_id, self.is_server)
7522                {
7523                    return Err(Error::InvalidStreamState(stream_id));
7524                }
7525
7526                let max_rx_data_left = self.max_rx_data() - self.rx_data;
7527
7528                // Get existing stream or create a new one, but if the stream
7529                // has already been closed and collected, ignore the frame.
7530                //
7531                // This can happen if e.g. an ACK frame is lost, and the peer
7532                // retransmits another frame before it realizes that the stream
7533                // is gone.
7534                //
7535                // Note that it makes it impossible to check if the frame is
7536                // illegal, since we have no state, but since we ignore the
7537                // frame, it should be fine.
7538                let stream = match self.get_or_create_stream(stream_id, false) {
7539                    Ok(v) => v,
7540
7541                    Err(Error::Done) => return Ok(()),
7542
7543                    Err(e) => return Err(e),
7544                };
7545
7546                // Check for the connection-level flow control limit.
7547                let max_off_delta =
7548                    data.max_off().saturating_sub(stream.recv.max_off());
7549
7550                if max_off_delta > max_rx_data_left {
7551                    return Err(Error::FlowControl);
7552                }
7553
7554                let was_readable = stream.is_readable();
7555                let priority_key = Arc::clone(&stream.priority_key);
7556
7557                let was_draining = stream.recv.is_draining();
7558
7559                stream.recv.write(data)?;
7560
7561                if !was_readable && stream.is_readable() {
7562                    self.streams.insert_readable(&priority_key);
7563                }
7564
7565                self.rx_data += max_off_delta;
7566
7567                if was_draining {
7568                    // When a stream is in draining state it will not queue
7569                    // incoming data for the application to read, so consider
7570                    // the received data as consumed, which might trigger a flow
7571                    // control update.
7572                    self.flow_control.add_consumed(max_off_delta);
7573
7574                    if self.should_update_max_data() {
7575                        self.almost_full = true;
7576                    }
7577                }
7578            },
7579
7580            frame::Frame::StreamHeader { .. } => unreachable!(),
7581
7582            frame::Frame::MaxData { max } => {
7583                self.max_tx_data = cmp::max(self.max_tx_data, max);
7584            },
7585
7586            frame::Frame::MaxStreamData { stream_id, max } => {
7587                // Peer can't receive on its own unidirectional streams.
7588                if !stream::is_bidi(stream_id) &&
7589                    !stream::is_local(stream_id, self.is_server)
7590                {
7591                    return Err(Error::InvalidStreamState(stream_id));
7592                }
7593
7594                // Get existing stream or create a new one, but if the stream
7595                // has already been closed and collected, ignore the frame.
7596                //
7597                // This can happen if e.g. an ACK frame is lost, and the peer
7598                // retransmits another frame before it realizes that the stream
7599                // is gone.
7600                //
7601                // Note that it makes it impossible to check if the frame is
7602                // illegal, since we have no state, but since we ignore the
7603                // frame, it should be fine.
7604                let stream = match self.get_or_create_stream(stream_id, false) {
7605                    Ok(v) => v,
7606
7607                    Err(Error::Done) => return Ok(()),
7608
7609                    Err(e) => return Err(e),
7610                };
7611
7612                let was_flushable = stream.is_flushable();
7613
7614                stream.send.update_max_data(max);
7615
7616                let writable = stream.is_writable();
7617
7618                let priority_key = Arc::clone(&stream.priority_key);
7619
7620                // If the stream is now flushable push it to the flushable queue,
7621                // but only if it wasn't already queued.
7622                if stream.is_flushable() && !was_flushable {
7623                    let priority_key = Arc::clone(&stream.priority_key);
7624                    self.streams.insert_flushable(&priority_key);
7625                }
7626
7627                if writable {
7628                    self.streams.insert_writable(&priority_key);
7629                }
7630            },
7631
7632            frame::Frame::MaxStreamsBidi { max } => {
7633                if max > MAX_STREAM_ID {
7634                    return Err(Error::InvalidFrame);
7635                }
7636
7637                self.streams.update_peer_max_streams_bidi(max);
7638            },
7639
7640            frame::Frame::MaxStreamsUni { max } => {
7641                if max > MAX_STREAM_ID {
7642                    return Err(Error::InvalidFrame);
7643                }
7644
7645                self.streams.update_peer_max_streams_uni(max);
7646            },
7647
7648            frame::Frame::DataBlocked { .. } => (),
7649
7650            frame::Frame::StreamDataBlocked { .. } => (),
7651
7652            frame::Frame::StreamsBlockedBidi { limit } => {
7653                if limit > MAX_STREAM_ID {
7654                    return Err(Error::InvalidFrame);
7655                }
7656            },
7657
7658            frame::Frame::StreamsBlockedUni { limit } => {
7659                if limit > MAX_STREAM_ID {
7660                    return Err(Error::InvalidFrame);
7661                }
7662            },
7663
7664            frame::Frame::NewConnectionId {
7665                seq_num,
7666                retire_prior_to,
7667                conn_id,
7668                reset_token,
7669            } => {
7670                if self.ids.zero_length_dcid() {
7671                    return Err(Error::InvalidState);
7672                }
7673
7674                let mut retired_path_ids = SmallVec::new();
7675
7676                // Retire pending path IDs before propagating the error code to
7677                // make sure retired connection IDs are not in use anymore.
7678                let new_dcid_res = self.ids.new_dcid(
7679                    conn_id.into(),
7680                    seq_num,
7681                    u128::from_be_bytes(reset_token),
7682                    retire_prior_to,
7683                    &mut retired_path_ids,
7684                );
7685
7686                for (dcid_seq, pid) in retired_path_ids {
7687                    let path = self.paths.get_mut(pid)?;
7688
7689                    // Maybe the path already switched to another DCID.
7690                    if path.active_dcid_seq != Some(dcid_seq) {
7691                        continue;
7692                    }
7693
7694                    if let Some(new_dcid_seq) =
7695                        self.ids.lowest_available_dcid_seq()
7696                    {
7697                        path.active_dcid_seq = Some(new_dcid_seq);
7698
7699                        self.ids.link_dcid_to_path_id(new_dcid_seq, pid)?;
7700
7701                        trace!(
7702                            "{} path ID {} changed DCID: old seq num {} new seq num {}",
7703                            self.trace_id, pid, dcid_seq, new_dcid_seq,
7704                        );
7705                    } else {
7706                        // We cannot use this path anymore for now.
7707                        path.active_dcid_seq = None;
7708
7709                        trace!(
7710                            "{} path ID {} cannot be used; DCID seq num {} has been retired",
7711                            self.trace_id, pid, dcid_seq,
7712                        );
7713                    }
7714                }
7715
7716                // Propagate error (if any) now...
7717                new_dcid_res?;
7718            },
7719
7720            frame::Frame::RetireConnectionId { seq_num } => {
7721                if self.ids.zero_length_scid() {
7722                    return Err(Error::InvalidState);
7723                }
7724
7725                if let Some(pid) = self.ids.retire_scid(seq_num, &hdr.dcid)? {
7726                    let path = self.paths.get_mut(pid)?;
7727
7728                    // Maybe we already linked a new SCID to that path.
7729                    if path.active_scid_seq == Some(seq_num) {
7730                        // XXX: We do not remove unused paths now, we instead
7731                        // wait until we need to maintain more paths than the
7732                        // host is willing to.
7733                        path.active_scid_seq = None;
7734                    }
7735                }
7736            },
7737
7738            frame::Frame::PathChallenge { data } => {
7739                self.path_challenge_rx_count += 1;
7740
7741                self.paths
7742                    .get_mut(recv_path_id)?
7743                    .on_challenge_received(data);
7744            },
7745
7746            frame::Frame::PathResponse { data } => {
7747                self.paths.on_response_received(data)?;
7748            },
7749
7750            frame::Frame::ConnectionClose {
7751                error_code, reason, ..
7752            } => {
7753                self.peer_error = Some(ConnectionError {
7754                    is_app: false,
7755                    error_code,
7756                    reason,
7757                });
7758
7759                let path = self.paths.get_active()?;
7760                self.draining_timer = Some(now + (path.recovery.pto() * 3));
7761            },
7762
7763            frame::Frame::ApplicationClose { error_code, reason } => {
7764                self.peer_error = Some(ConnectionError {
7765                    is_app: true,
7766                    error_code,
7767                    reason,
7768                });
7769
7770                let path = self.paths.get_active()?;
7771                self.draining_timer = Some(now + (path.recovery.pto() * 3));
7772            },
7773
7774            frame::Frame::HandshakeDone => {
7775                if self.is_server {
7776                    return Err(Error::InvalidPacket);
7777                }
7778
7779                self.peer_verified_initial_address = true;
7780
7781                self.handshake_confirmed = true;
7782
7783                // Once the handshake is confirmed, we can drop Handshake keys.
7784                self.drop_epoch_state(packet::Epoch::Handshake, now);
7785            },
7786
7787            frame::Frame::Datagram { data } => {
7788                // Close the connection if DATAGRAMs are not enabled.
7789                // quiche always advertises support for 64K sized DATAGRAM
7790                // frames, as recommended by the standard, so we don't need a
7791                // size check.
7792                if !self.dgram_enabled() {
7793                    return Err(Error::InvalidState);
7794                }
7795
7796                // If recv queue is full, discard oldest
7797                if self.dgram_recv_queue.is_full() {
7798                    self.dgram_recv_queue.pop();
7799                }
7800
7801                self.dgram_recv_queue.push(data)?;
7802
7803                let _ = self.dgram_recv_count.saturating_add(1);
7804                let _ = self
7805                    .paths
7806                    .get_mut(recv_path_id)?
7807                    .dgram_recv_count
7808                    .saturating_add(1);
7809            },
7810
7811            frame::Frame::DatagramHeader { .. } => unreachable!(),
7812        }
7813
7814        Ok(())
7815    }
7816
7817    /// Drops the keys and recovery state for the given epoch.
7818    fn drop_epoch_state(&mut self, epoch: packet::Epoch, now: time::Instant) {
7819        if self.pkt_num_spaces[epoch].crypto_open.is_none() {
7820            return;
7821        }
7822
7823        self.pkt_num_spaces[epoch].crypto_open = None;
7824        self.pkt_num_spaces[epoch].crypto_seal = None;
7825        self.pkt_num_spaces[epoch].clear();
7826
7827        let handshake_status = self.handshake_status();
7828        for (_, p) in self.paths.iter_mut() {
7829            p.recovery
7830                .on_pkt_num_space_discarded(epoch, handshake_status, now);
7831        }
7832
7833        trace!("{} dropped epoch {} state", self.trace_id, epoch);
7834    }
7835
7836    /// Returns true if the connection-level flow control needs to be updated.
7837    ///
7838    /// This happens when the new max data limit is at least double the amount
7839    /// of data that can be received before blocking.
7840    fn should_update_max_data(&self) -> bool {
7841        self.flow_control.should_update_max_data()
7842    }
7843
7844    /// Returns the connection level flow control limit.
7845    fn max_rx_data(&self) -> u64 {
7846        self.flow_control.max_data()
7847    }
7848
7849    /// Returns true if the HANDSHAKE_DONE frame needs to be sent.
7850    fn should_send_handshake_done(&self) -> bool {
7851        self.is_established() && !self.handshake_done_sent && self.is_server
7852    }
7853
7854    /// Returns the idle timeout value.
7855    ///
7856    /// `None` is returned if both end-points disabled the idle timeout.
7857    fn idle_timeout(&self) -> Option<time::Duration> {
7858        // If the transport parameter is set to 0, then the respective endpoint
7859        // decided to disable the idle timeout. If both are disabled we should
7860        // not set any timeout.
7861        if self.local_transport_params.max_idle_timeout == 0 &&
7862            self.peer_transport_params.max_idle_timeout == 0
7863        {
7864            return None;
7865        }
7866
7867        // If the local endpoint or the peer disabled the idle timeout, use the
7868        // other peer's value, otherwise use the minimum of the two values.
7869        let idle_timeout = if self.local_transport_params.max_idle_timeout == 0 {
7870            self.peer_transport_params.max_idle_timeout
7871        } else if self.peer_transport_params.max_idle_timeout == 0 {
7872            self.local_transport_params.max_idle_timeout
7873        } else {
7874            cmp::min(
7875                self.local_transport_params.max_idle_timeout,
7876                self.peer_transport_params.max_idle_timeout,
7877            )
7878        };
7879
7880        let path_pto = match self.paths.get_active() {
7881            Ok(p) => p.recovery.pto(),
7882            Err(_) => time::Duration::ZERO,
7883        };
7884
7885        let idle_timeout = time::Duration::from_millis(idle_timeout);
7886        let idle_timeout = cmp::max(idle_timeout, 3 * path_pto);
7887
7888        Some(idle_timeout)
7889    }
7890
7891    /// Returns the connection's handshake status for use in loss recovery.
7892    fn handshake_status(&self) -> recovery::HandshakeStatus {
7893        recovery::HandshakeStatus {
7894            has_handshake_keys: self.pkt_num_spaces[packet::Epoch::Handshake]
7895                .has_keys(),
7896
7897            peer_verified_address: self.peer_verified_initial_address,
7898
7899            completed: self.is_established(),
7900        }
7901    }
7902
7903    /// Updates send capacity.
7904    fn update_tx_cap(&mut self) {
7905        let cwin_available = match self.paths.get_active() {
7906            Ok(p) => p.recovery.cwnd_available() as u64,
7907            Err(_) => 0,
7908        };
7909
7910        self.tx_cap =
7911            cmp::min(cwin_available, self.max_tx_data - self.tx_data) as usize;
7912    }
7913
7914    fn delivery_rate_check_if_app_limited(&self) -> bool {
7915        // Enter the app-limited phase of delivery rate when these conditions
7916        // are met:
7917        //
7918        // - The remaining capacity is higher than available bytes in cwnd (there
7919        //   is more room to send).
7920        // - New data since the last send() is smaller than available bytes in
7921        //   cwnd (we queued less than what we can send).
7922        // - There is room to send more data in cwnd.
7923        //
7924        // In application-limited phases the transmission rate is limited by the
7925        // application rather than the congestion control algorithm.
7926        //
7927        // Note that this is equivalent to CheckIfApplicationLimited() from the
7928        // delivery rate draft. This is also separate from `recovery.app_limited`
7929        // and only applies to delivery rate calculation.
7930        let cwin_available = self
7931            .paths
7932            .iter()
7933            .filter(|&(_, p)| p.active())
7934            .map(|(_, p)| p.recovery.cwnd_available())
7935            .sum();
7936
7937        ((self.tx_buffered + self.dgram_send_queue_byte_size()) < cwin_available) &&
7938            (self.tx_data.saturating_sub(self.last_tx_data)) <
7939                cwin_available as u64 &&
7940            cwin_available > 0
7941    }
7942
7943    fn set_initial_dcid(
7944        &mut self, cid: ConnectionId<'static>, reset_token: Option<u128>,
7945        path_id: usize,
7946    ) -> Result<()> {
7947        self.ids.set_initial_dcid(cid, reset_token, Some(path_id));
7948        self.paths.get_mut(path_id)?.active_dcid_seq = Some(0);
7949
7950        Ok(())
7951    }
7952
7953    /// Selects the path that the incoming packet belongs to, or creates a new
7954    /// one if no existing path matches.
7955    fn get_or_create_recv_path_id(
7956        &mut self, recv_pid: Option<usize>, dcid: &ConnectionId, buf_len: usize,
7957        info: &RecvInfo,
7958    ) -> Result<usize> {
7959        let ids = &mut self.ids;
7960
7961        let (in_scid_seq, mut in_scid_pid) =
7962            ids.find_scid_seq(dcid).ok_or(Error::InvalidState)?;
7963
7964        if let Some(recv_pid) = recv_pid {
7965            // If the path observes a change of SCID used, note it.
7966            let recv_path = self.paths.get_mut(recv_pid)?;
7967
7968            let cid_entry =
7969                recv_path.active_scid_seq.and_then(|v| ids.get_scid(v).ok());
7970
7971            if cid_entry.map(|e| &e.cid) != Some(dcid) {
7972                let incoming_cid_entry = ids.get_scid(in_scid_seq)?;
7973
7974                let prev_recv_pid =
7975                    incoming_cid_entry.path_id.unwrap_or(recv_pid);
7976
7977                if prev_recv_pid != recv_pid {
7978                    trace!(
7979                        "{} peer reused CID {:?} from path {} on path {}",
7980                        self.trace_id,
7981                        dcid,
7982                        prev_recv_pid,
7983                        recv_pid
7984                    );
7985
7986                    // TODO: reset congestion control.
7987                }
7988
7989                trace!(
7990                    "{} path ID {} now see SCID with seq num {}",
7991                    self.trace_id,
7992                    recv_pid,
7993                    in_scid_seq
7994                );
7995
7996                recv_path.active_scid_seq = Some(in_scid_seq);
7997                ids.link_scid_to_path_id(in_scid_seq, recv_pid)?;
7998            }
7999
8000            return Ok(recv_pid);
8001        }
8002
8003        // This is a new 4-tuple. See if the CID has not been assigned on
8004        // another path.
8005
8006        // Ignore this step if are using zero-length SCID.
8007        if ids.zero_length_scid() {
8008            in_scid_pid = None;
8009        }
8010
8011        if let Some(in_scid_pid) = in_scid_pid {
8012            // This CID has been used by another path. If we have the
8013            // room to do so, create a new `Path` structure holding this
8014            // new 4-tuple. Otherwise, drop the packet.
8015            let old_path = self.paths.get_mut(in_scid_pid)?;
8016            let old_local_addr = old_path.local_addr();
8017            let old_peer_addr = old_path.peer_addr();
8018
8019            trace!(
8020                "{} reused CID seq {} of ({},{}) (path {}) on ({},{})",
8021                self.trace_id,
8022                in_scid_seq,
8023                old_local_addr,
8024                old_peer_addr,
8025                in_scid_pid,
8026                info.to,
8027                info.from
8028            );
8029
8030            // Notify the application.
8031            self.paths
8032                .notify_event(path::PathEvent::ReusedSourceConnectionId(
8033                    in_scid_seq,
8034                    (old_local_addr, old_peer_addr),
8035                    (info.to, info.from),
8036                ));
8037        }
8038
8039        // This is a new path using an unassigned CID; create it!
8040        let mut path = path::Path::new(
8041            info.to,
8042            info.from,
8043            &self.recovery_config,
8044            self.path_challenge_recv_max_queue_len,
8045            MIN_CLIENT_INITIAL_LEN,
8046            false,
8047        );
8048
8049        path.max_send_bytes = buf_len * self.max_amplification_factor;
8050        path.active_scid_seq = Some(in_scid_seq);
8051
8052        // Automatically probes the new path.
8053        path.request_validation();
8054
8055        let pid = self.paths.insert_path(path, self.is_server)?;
8056
8057        // Do not record path reuse.
8058        if in_scid_pid.is_none() {
8059            ids.link_scid_to_path_id(in_scid_seq, pid)?;
8060        }
8061
8062        Ok(pid)
8063    }
8064
8065    /// Selects the path on which the next packet must be sent.
8066    fn get_send_path_id(
8067        &self, from: Option<SocketAddr>, to: Option<SocketAddr>,
8068    ) -> Result<usize> {
8069        // A probing packet must be sent, but only if the connection is fully
8070        // established.
8071        if self.is_established() {
8072            let mut probing = self
8073                .paths
8074                .iter()
8075                .filter(|(_, p)| from.is_none() || Some(p.local_addr()) == from)
8076                .filter(|(_, p)| to.is_none() || Some(p.peer_addr()) == to)
8077                .filter(|(_, p)| p.active_dcid_seq.is_some())
8078                .filter(|(_, p)| p.probing_required())
8079                .map(|(pid, _)| pid);
8080
8081            if let Some(pid) = probing.next() {
8082                return Ok(pid);
8083            }
8084        }
8085
8086        if let Some((pid, p)) = self.paths.get_active_with_pid() {
8087            if from.is_some() && Some(p.local_addr()) != from {
8088                return Err(Error::Done);
8089            }
8090
8091            if to.is_some() && Some(p.peer_addr()) != to {
8092                return Err(Error::Done);
8093            }
8094
8095            return Ok(pid);
8096        };
8097
8098        Err(Error::InvalidState)
8099    }
8100
8101    /// Sets the path with identifier 'path_id' to be active.
8102    fn set_active_path(
8103        &mut self, path_id: usize, now: time::Instant,
8104    ) -> Result<()> {
8105        if let Ok(old_active_path) = self.paths.get_active_mut() {
8106            for &e in packet::Epoch::epochs(
8107                packet::Epoch::Initial..=packet::Epoch::Application,
8108            ) {
8109                let (lost_packets, lost_bytes) = old_active_path
8110                    .recovery
8111                    .on_path_change(e, now, &self.trace_id);
8112
8113                self.lost_count += lost_packets;
8114                self.lost_bytes += lost_bytes as u64;
8115            }
8116        }
8117
8118        self.paths.set_active_path(path_id)
8119    }
8120
8121    /// Handles potential connection migration.
8122    fn on_peer_migrated(
8123        &mut self, new_pid: usize, disable_dcid_reuse: bool, now: time::Instant,
8124    ) -> Result<()> {
8125        let active_path_id = self.paths.get_active_path_id()?;
8126
8127        if active_path_id == new_pid {
8128            return Ok(());
8129        }
8130
8131        self.set_active_path(new_pid, now)?;
8132
8133        let no_spare_dcid =
8134            self.paths.get_mut(new_pid)?.active_dcid_seq.is_none();
8135
8136        if no_spare_dcid && !disable_dcid_reuse {
8137            self.paths.get_mut(new_pid)?.active_dcid_seq =
8138                self.paths.get_mut(active_path_id)?.active_dcid_seq;
8139        }
8140
8141        Ok(())
8142    }
8143
8144    /// Creates a new client-side path.
8145    fn create_path_on_client(
8146        &mut self, local_addr: SocketAddr, peer_addr: SocketAddr,
8147    ) -> Result<usize> {
8148        if self.is_server {
8149            return Err(Error::InvalidState);
8150        }
8151
8152        // If we use zero-length SCID and go over our local active CID limit,
8153        // the `insert_path()` call will raise an error.
8154        if !self.ids.zero_length_scid() && self.ids.available_scids() == 0 {
8155            return Err(Error::OutOfIdentifiers);
8156        }
8157
8158        // Do we have a spare DCID? If we are using zero-length DCID, just use
8159        // the default having sequence 0 (note that if we exceed our local CID
8160        // limit, the `insert_path()` call will raise an error.
8161        let dcid_seq = if self.ids.zero_length_dcid() {
8162            0
8163        } else {
8164            self.ids
8165                .lowest_available_dcid_seq()
8166                .ok_or(Error::OutOfIdentifiers)?
8167        };
8168
8169        let mut path = path::Path::new(
8170            local_addr,
8171            peer_addr,
8172            &self.recovery_config,
8173            self.path_challenge_recv_max_queue_len,
8174            MIN_CLIENT_INITIAL_LEN,
8175            false,
8176        );
8177        path.active_dcid_seq = Some(dcid_seq);
8178
8179        let pid = self
8180            .paths
8181            .insert_path(path, false)
8182            .map_err(|_| Error::OutOfIdentifiers)?;
8183        self.ids.link_dcid_to_path_id(dcid_seq, pid)?;
8184
8185        Ok(pid)
8186    }
8187
8188    // Marks the connection as closed and does any related tidyup.
8189    fn mark_closed(&mut self) {
8190        #[cfg(feature = "qlog")]
8191        {
8192            let cc = match (self.is_established(), self.timed_out, &self.peer_error, &self.local_error) {
8193                (false, _, _, _) => qlog::events::connectivity::ConnectionClosed {
8194                    owner: Some(TransportOwner::Local),
8195                    connection_code: None,
8196                    application_code: None,
8197                    internal_code: None,
8198                    reason: Some("Failed to establish connection".to_string()),
8199                    trigger: Some(qlog::events::connectivity::ConnectionClosedTrigger::HandshakeTimeout)
8200                },
8201
8202                (true, true, _, _) => qlog::events::connectivity::ConnectionClosed {
8203                    owner: Some(TransportOwner::Local),
8204                    connection_code: None,
8205                    application_code: None,
8206                    internal_code: None,
8207                    reason: Some("Idle timeout".to_string()),
8208                    trigger: Some(qlog::events::connectivity::ConnectionClosedTrigger::IdleTimeout)
8209                },
8210
8211                (true, false, Some(peer_error), None) => {
8212                    let (connection_code, application_code, trigger) = if peer_error.is_app {
8213                        (None, Some(qlog::events::ApplicationErrorCode::Value(peer_error.error_code)), None)
8214                    } else {
8215                        let trigger = if peer_error.error_code == WireErrorCode::NoError as u64 {
8216                            Some(qlog::events::connectivity::ConnectionClosedTrigger::Clean)
8217                        } else {
8218                            Some(qlog::events::connectivity::ConnectionClosedTrigger::Error)
8219                        };
8220
8221                        (Some(qlog::events::ConnectionErrorCode::Value(peer_error.error_code)), None, trigger)
8222                    };
8223
8224                    qlog::events::connectivity::ConnectionClosed {
8225                        owner: Some(TransportOwner::Remote),
8226                        connection_code,
8227                        application_code,
8228                        internal_code: None,
8229                        reason: Some(String::from_utf8_lossy(&peer_error.reason).to_string()),
8230                        trigger,
8231                    }
8232                },
8233
8234                (true, false, None, Some(local_error)) => {
8235                    let (connection_code, application_code, trigger) = if local_error.is_app {
8236                        (None, Some(qlog::events::ApplicationErrorCode::Value(local_error.error_code)), None)
8237                    } else {
8238                        let trigger = if local_error.error_code == WireErrorCode::NoError as u64 {
8239                            Some(qlog::events::connectivity::ConnectionClosedTrigger::Clean)
8240                        } else {
8241                            Some(qlog::events::connectivity::ConnectionClosedTrigger::Error)
8242                        };
8243
8244                        (Some(qlog::events::ConnectionErrorCode::Value(local_error.error_code)), None, trigger)
8245                    };
8246
8247                    qlog::events::connectivity::ConnectionClosed {
8248                        owner: Some(TransportOwner::Local),
8249                        connection_code,
8250                        application_code,
8251                        internal_code: None,
8252                        reason: Some(String::from_utf8_lossy(&local_error.reason).to_string()),
8253                        trigger,
8254                    }
8255                },
8256
8257                _ => qlog::events::connectivity::ConnectionClosed {
8258                    owner: None,
8259                    connection_code: None,
8260                    application_code: None,
8261                    internal_code: None,
8262                    reason: None,
8263                    trigger: None,
8264                },
8265            };
8266
8267            qlog_with_type!(QLOG_CONNECTION_CLOSED, self.qlog, q, {
8268                let ev_data = qlog::events::EventData::ConnectionClosed(cc);
8269
8270                q.add_event_data_now(ev_data).ok();
8271            });
8272            self.qlog.streamer = None;
8273        }
8274        self.closed = true;
8275    }
8276}
8277
8278#[cfg(feature = "boringssl-boring-crate")]
8279impl<F: BufFactory> AsMut<boring::ssl::SslRef> for Connection<F> {
8280    fn as_mut(&mut self) -> &mut boring::ssl::SslRef {
8281        self.handshake.ssl_mut()
8282    }
8283}
8284
8285/// Maps an `Error` to `Error::Done`, or itself.
8286///
8287/// When a received packet that hasn't yet been authenticated triggers a failure
8288/// it should, in most cases, be ignored, instead of raising a connection error,
8289/// to avoid potential man-in-the-middle and man-on-the-side attacks.
8290///
8291/// However, if no other packet was previously received, the connection should
8292/// indeed be closed as the received packet might just be network background
8293/// noise, and it shouldn't keep resources occupied indefinitely.
8294///
8295/// This function maps an error to `Error::Done` to ignore a packet failure
8296/// without aborting the connection, except when no other packet was previously
8297/// received, in which case the error itself is returned, but only on the
8298/// server-side as the client will already have armed the idle timer.
8299///
8300/// This must only be used for errors preceding packet authentication. Failures
8301/// happening after a packet has been authenticated should still cause the
8302/// connection to be aborted.
8303fn drop_pkt_on_err(
8304    e: Error, recv_count: usize, is_server: bool, trace_id: &str,
8305) -> Error {
8306    // On the server, if no other packet has been successfully processed, abort
8307    // the connection to avoid keeping the connection open when only junk is
8308    // received.
8309    if is_server && recv_count == 0 {
8310        return e;
8311    }
8312
8313    trace!("{} dropped invalid packet", trace_id);
8314
8315    // Ignore other invalid packets that haven't been authenticated to prevent
8316    // man-in-the-middle and man-on-the-side attacks.
8317    Error::Done
8318}
8319
8320struct AddrTupleFmt(SocketAddr, SocketAddr);
8321
8322impl std::fmt::Display for AddrTupleFmt {
8323    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
8324        let AddrTupleFmt(src, dst) = &self;
8325
8326        if src.ip().is_unspecified() || dst.ip().is_unspecified() {
8327            return Ok(());
8328        }
8329
8330        f.write_fmt(format_args!("src:{src} dst:{dst}"))
8331    }
8332}
8333
8334/// Statistics about the connection.
8335///
8336/// A connection's statistics can be collected using the [`stats()`] method.
8337///
8338/// [`stats()`]: struct.Connection.html#method.stats
8339#[derive(Clone, Default)]
8340pub struct Stats {
8341    /// The number of QUIC packets received.
8342    pub recv: usize,
8343
8344    /// The number of QUIC packets sent.
8345    pub sent: usize,
8346
8347    /// The number of QUIC packets that were lost.
8348    pub lost: usize,
8349
8350    /// The number of sent QUIC packets with retransmitted data.
8351    pub retrans: usize,
8352
8353    /// The number of sent bytes.
8354    pub sent_bytes: u64,
8355
8356    /// The number of received bytes.
8357    pub recv_bytes: u64,
8358
8359    /// The number of bytes sent acked.
8360    pub acked_bytes: u64,
8361
8362    /// The number of bytes sent lost.
8363    pub lost_bytes: u64,
8364
8365    /// The number of stream bytes retransmitted.
8366    pub stream_retrans_bytes: u64,
8367
8368    /// The number of DATAGRAM frames received.
8369    pub dgram_recv: usize,
8370
8371    /// The number of DATAGRAM frames sent.
8372    pub dgram_sent: usize,
8373
8374    /// The number of known paths for the connection.
8375    pub paths_count: usize,
8376
8377    /// The number of streams reset by local.
8378    pub reset_stream_count_local: u64,
8379
8380    /// The number of streams stopped by local.
8381    pub stopped_stream_count_local: u64,
8382
8383    /// The number of streams reset by remote.
8384    pub reset_stream_count_remote: u64,
8385
8386    /// The number of streams stopped by remote.
8387    pub stopped_stream_count_remote: u64,
8388
8389    /// The total number of PATH_CHALLENGE frames that were received.
8390    pub path_challenge_rx_count: u64,
8391}
8392
8393impl std::fmt::Debug for Stats {
8394    #[inline]
8395    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
8396        write!(
8397            f,
8398            "recv={} sent={} lost={} retrans={}",
8399            self.recv, self.sent, self.lost, self.retrans,
8400        )?;
8401
8402        write!(
8403            f,
8404            " sent_bytes={} recv_bytes={} lost_bytes={}",
8405            self.sent_bytes, self.recv_bytes, self.lost_bytes,
8406        )?;
8407
8408        Ok(())
8409    }
8410}
8411
8412/// QUIC Unknown Transport Parameter.
8413///
8414/// A QUIC transport parameter that is not specifically recognized
8415/// by this implementation.
8416#[derive(Clone, Debug, PartialEq)]
8417pub struct UnknownTransportParameter<T> {
8418    /// The ID of the unknown transport parameter.
8419    pub id: u64,
8420
8421    /// Original data representing the value of the unknown transport parameter.
8422    pub value: T,
8423}
8424
8425impl<T> UnknownTransportParameter<T> {
8426    /// Checks whether an unknown Transport Parameter's ID is in the reserved
8427    /// space.
8428    ///
8429    /// See Section 18.1 in [RFC9000](https://datatracker.ietf.org/doc/html/rfc9000#name-reserved-transport-paramete).
8430    pub fn is_reserved(&self) -> bool {
8431        let n = (self.id - 27) / 31;
8432        self.id == 31 * n + 27
8433    }
8434}
8435
8436#[cfg(feature = "qlog")]
8437impl From<UnknownTransportParameter<Vec<u8>>>
8438    for qlog::events::quic::UnknownTransportParameter
8439{
8440    fn from(value: UnknownTransportParameter<Vec<u8>>) -> Self {
8441        Self {
8442            id: value.id,
8443            value: qlog::HexSlice::maybe_string(Some(value.value.as_slice()))
8444                .unwrap_or_default(),
8445        }
8446    }
8447}
8448
8449impl From<UnknownTransportParameter<&[u8]>>
8450    for UnknownTransportParameter<Vec<u8>>
8451{
8452    // When an instance of an UnknownTransportParameter is actually
8453    // stored in UnknownTransportParameters, then we make a copy
8454    // of the bytes if the source is an instance of an UnknownTransportParameter
8455    // whose value is not owned.
8456    fn from(value: UnknownTransportParameter<&[u8]>) -> Self {
8457        Self {
8458            id: value.id,
8459            value: value.value.to_vec(),
8460        }
8461    }
8462}
8463
8464/// Track unknown transport parameters, up to a limit.
8465#[derive(Clone, Debug, PartialEq, Default)]
8466pub struct UnknownTransportParameters {
8467    /// The space remaining for storing unknown transport parameters.
8468    pub capacity: usize,
8469    /// The unknown transport parameters.
8470    pub parameters: Vec<UnknownTransportParameter<Vec<u8>>>,
8471}
8472
8473impl UnknownTransportParameters {
8474    /// Pushes an unknown transport parameter into storage if there is space
8475    /// remaining.
8476    pub fn push(&mut self, new: UnknownTransportParameter<&[u8]>) -> Result<()> {
8477        let new_unknown_tp_size = new.value.len() + std::mem::size_of::<u64>();
8478        if new_unknown_tp_size < self.capacity {
8479            self.capacity -= new_unknown_tp_size;
8480            self.parameters.push(new.into());
8481            Ok(())
8482        } else {
8483            Err(BufferTooShortError.into())
8484        }
8485    }
8486}
8487
8488/// An Iterator over unknown transport parameters.
8489pub struct UnknownTransportParameterIterator<'a> {
8490    index: usize,
8491    parameters: &'a Vec<UnknownTransportParameter<Vec<u8>>>,
8492}
8493
8494impl<'a> IntoIterator for &'a UnknownTransportParameters {
8495    type IntoIter = UnknownTransportParameterIterator<'a>;
8496    type Item = &'a UnknownTransportParameter<Vec<u8>>;
8497
8498    fn into_iter(self) -> Self::IntoIter {
8499        UnknownTransportParameterIterator {
8500            index: 0,
8501            parameters: &self.parameters,
8502        }
8503    }
8504}
8505
8506impl<'a> Iterator for UnknownTransportParameterIterator<'a> {
8507    type Item = &'a UnknownTransportParameter<Vec<u8>>;
8508
8509    fn next(&mut self) -> Option<Self::Item> {
8510        let result = self.parameters.get(self.index);
8511        self.index += 1;
8512        result
8513    }
8514}
8515
8516/// QUIC Transport Parameters
8517#[derive(Clone, Debug, PartialEq)]
8518pub struct TransportParams {
8519    /// Value of Destination CID field from first Initial packet sent by client
8520    pub original_destination_connection_id: Option<ConnectionId<'static>>,
8521    /// The maximum idle timeout.
8522    pub max_idle_timeout: u64,
8523    /// Token used for verifying stateless resets
8524    pub stateless_reset_token: Option<u128>,
8525    /// The maximum UDP payload size.
8526    pub max_udp_payload_size: u64,
8527    /// The initial flow control maximum data for the connection.
8528    pub initial_max_data: u64,
8529    /// The initial flow control maximum data for local bidirectional streams.
8530    pub initial_max_stream_data_bidi_local: u64,
8531    /// The initial flow control maximum data for remote bidirectional streams.
8532    pub initial_max_stream_data_bidi_remote: u64,
8533    /// The initial flow control maximum data for unidirectional streams.
8534    pub initial_max_stream_data_uni: u64,
8535    /// The initial maximum bidirectional streams.
8536    pub initial_max_streams_bidi: u64,
8537    /// The initial maximum unidirectional streams.
8538    pub initial_max_streams_uni: u64,
8539    /// The ACK delay exponent.
8540    pub ack_delay_exponent: u64,
8541    /// The max ACK delay.
8542    pub max_ack_delay: u64,
8543    /// Whether active migration is disabled.
8544    pub disable_active_migration: bool,
8545    /// The active connection ID limit.
8546    pub active_conn_id_limit: u64,
8547    /// The value that the endpoint included in the Source CID field of a Retry
8548    /// Packet.
8549    pub initial_source_connection_id: Option<ConnectionId<'static>>,
8550    /// The value that the server included in the Source CID field of a Retry
8551    /// Packet.
8552    pub retry_source_connection_id: Option<ConnectionId<'static>>,
8553    /// DATAGRAM frame extension parameter, if any.
8554    pub max_datagram_frame_size: Option<u64>,
8555    /// Unknown peer transport parameters and values, if any.
8556    pub unknown_params: Option<UnknownTransportParameters>,
8557    // pub preferred_address: ...,
8558}
8559
8560impl Default for TransportParams {
8561    fn default() -> TransportParams {
8562        TransportParams {
8563            original_destination_connection_id: None,
8564            max_idle_timeout: 0,
8565            stateless_reset_token: None,
8566            max_udp_payload_size: 65527,
8567            initial_max_data: 0,
8568            initial_max_stream_data_bidi_local: 0,
8569            initial_max_stream_data_bidi_remote: 0,
8570            initial_max_stream_data_uni: 0,
8571            initial_max_streams_bidi: 0,
8572            initial_max_streams_uni: 0,
8573            ack_delay_exponent: 3,
8574            max_ack_delay: 25,
8575            disable_active_migration: false,
8576            active_conn_id_limit: 2,
8577            initial_source_connection_id: None,
8578            retry_source_connection_id: None,
8579            max_datagram_frame_size: None,
8580            unknown_params: Default::default(),
8581        }
8582    }
8583}
8584
8585impl TransportParams {
8586    fn decode(
8587        buf: &[u8], is_server: bool, unknown_size: Option<usize>,
8588    ) -> Result<TransportParams> {
8589        let mut params = octets::Octets::with_slice(buf);
8590        let mut seen_params = HashSet::new();
8591
8592        let mut tp = TransportParams::default();
8593
8594        if let Some(unknown_transport_param_tracking_size) = unknown_size {
8595            tp.unknown_params = Some(UnknownTransportParameters {
8596                capacity: unknown_transport_param_tracking_size,
8597                parameters: vec![],
8598            });
8599        }
8600
8601        while params.cap() > 0 {
8602            let id = params.get_varint()?;
8603
8604            if seen_params.contains(&id) {
8605                return Err(Error::InvalidTransportParam);
8606            }
8607            seen_params.insert(id);
8608
8609            let mut val = params.get_bytes_with_varint_length()?;
8610
8611            match id {
8612                0x0000 => {
8613                    if is_server {
8614                        return Err(Error::InvalidTransportParam);
8615                    }
8616
8617                    tp.original_destination_connection_id =
8618                        Some(val.to_vec().into());
8619                },
8620
8621                0x0001 => {
8622                    tp.max_idle_timeout = val.get_varint()?;
8623                },
8624
8625                0x0002 => {
8626                    if is_server {
8627                        return Err(Error::InvalidTransportParam);
8628                    }
8629
8630                    tp.stateless_reset_token = Some(u128::from_be_bytes(
8631                        val.get_bytes(16)?
8632                            .to_vec()
8633                            .try_into()
8634                            .map_err(|_| Error::BufferTooShort)?,
8635                    ));
8636                },
8637
8638                0x0003 => {
8639                    tp.max_udp_payload_size = val.get_varint()?;
8640
8641                    if tp.max_udp_payload_size < 1200 {
8642                        return Err(Error::InvalidTransportParam);
8643                    }
8644                },
8645
8646                0x0004 => {
8647                    tp.initial_max_data = val.get_varint()?;
8648                },
8649
8650                0x0005 => {
8651                    tp.initial_max_stream_data_bidi_local = val.get_varint()?;
8652                },
8653
8654                0x0006 => {
8655                    tp.initial_max_stream_data_bidi_remote = val.get_varint()?;
8656                },
8657
8658                0x0007 => {
8659                    tp.initial_max_stream_data_uni = val.get_varint()?;
8660                },
8661
8662                0x0008 => {
8663                    let max = val.get_varint()?;
8664
8665                    if max > MAX_STREAM_ID {
8666                        return Err(Error::InvalidTransportParam);
8667                    }
8668
8669                    tp.initial_max_streams_bidi = max;
8670                },
8671
8672                0x0009 => {
8673                    let max = val.get_varint()?;
8674
8675                    if max > MAX_STREAM_ID {
8676                        return Err(Error::InvalidTransportParam);
8677                    }
8678
8679                    tp.initial_max_streams_uni = max;
8680                },
8681
8682                0x000a => {
8683                    let ack_delay_exponent = val.get_varint()?;
8684
8685                    if ack_delay_exponent > 20 {
8686                        return Err(Error::InvalidTransportParam);
8687                    }
8688
8689                    tp.ack_delay_exponent = ack_delay_exponent;
8690                },
8691
8692                0x000b => {
8693                    let max_ack_delay = val.get_varint()?;
8694
8695                    if max_ack_delay >= 2_u64.pow(14) {
8696                        return Err(Error::InvalidTransportParam);
8697                    }
8698
8699                    tp.max_ack_delay = max_ack_delay;
8700                },
8701
8702                0x000c => {
8703                    tp.disable_active_migration = true;
8704                },
8705
8706                0x000d => {
8707                    if is_server {
8708                        return Err(Error::InvalidTransportParam);
8709                    }
8710
8711                    // TODO: decode preferred_address
8712                },
8713
8714                0x000e => {
8715                    let limit = val.get_varint()?;
8716
8717                    if limit < 2 {
8718                        return Err(Error::InvalidTransportParam);
8719                    }
8720
8721                    tp.active_conn_id_limit = limit;
8722                },
8723
8724                0x000f => {
8725                    tp.initial_source_connection_id = Some(val.to_vec().into());
8726                },
8727
8728                0x00010 => {
8729                    if is_server {
8730                        return Err(Error::InvalidTransportParam);
8731                    }
8732
8733                    tp.retry_source_connection_id = Some(val.to_vec().into());
8734                },
8735
8736                0x0020 => {
8737                    tp.max_datagram_frame_size = Some(val.get_varint()?);
8738                },
8739
8740                // Track unknown transport parameters specially.
8741                unknown_tp_id => {
8742                    if let Some(unknown_params) = &mut tp.unknown_params {
8743                        // It is _not_ an error not to have space enough to track
8744                        // an unknown parameter.
8745                        let _ = unknown_params.push(UnknownTransportParameter {
8746                            id: unknown_tp_id,
8747                            value: val.buf(),
8748                        });
8749                    }
8750                },
8751            }
8752        }
8753
8754        Ok(tp)
8755    }
8756
8757    fn encode_param(
8758        b: &mut octets::OctetsMut, ty: u64, len: usize,
8759    ) -> Result<()> {
8760        b.put_varint(ty)?;
8761        b.put_varint(len as u64)?;
8762
8763        Ok(())
8764    }
8765
8766    fn encode<'a>(
8767        tp: &TransportParams, is_server: bool, out: &'a mut [u8],
8768    ) -> Result<&'a mut [u8]> {
8769        let mut b = octets::OctetsMut::with_slice(out);
8770
8771        if is_server {
8772            if let Some(ref odcid) = tp.original_destination_connection_id {
8773                TransportParams::encode_param(&mut b, 0x0000, odcid.len())?;
8774                b.put_bytes(odcid)?;
8775            }
8776        };
8777
8778        if tp.max_idle_timeout != 0 {
8779            TransportParams::encode_param(
8780                &mut b,
8781                0x0001,
8782                octets::varint_len(tp.max_idle_timeout),
8783            )?;
8784            b.put_varint(tp.max_idle_timeout)?;
8785        }
8786
8787        if is_server {
8788            if let Some(ref token) = tp.stateless_reset_token {
8789                TransportParams::encode_param(&mut b, 0x0002, 16)?;
8790                b.put_bytes(&token.to_be_bytes())?;
8791            }
8792        }
8793
8794        if tp.max_udp_payload_size != 0 {
8795            TransportParams::encode_param(
8796                &mut b,
8797                0x0003,
8798                octets::varint_len(tp.max_udp_payload_size),
8799            )?;
8800            b.put_varint(tp.max_udp_payload_size)?;
8801        }
8802
8803        if tp.initial_max_data != 0 {
8804            TransportParams::encode_param(
8805                &mut b,
8806                0x0004,
8807                octets::varint_len(tp.initial_max_data),
8808            )?;
8809            b.put_varint(tp.initial_max_data)?;
8810        }
8811
8812        if tp.initial_max_stream_data_bidi_local != 0 {
8813            TransportParams::encode_param(
8814                &mut b,
8815                0x0005,
8816                octets::varint_len(tp.initial_max_stream_data_bidi_local),
8817            )?;
8818            b.put_varint(tp.initial_max_stream_data_bidi_local)?;
8819        }
8820
8821        if tp.initial_max_stream_data_bidi_remote != 0 {
8822            TransportParams::encode_param(
8823                &mut b,
8824                0x0006,
8825                octets::varint_len(tp.initial_max_stream_data_bidi_remote),
8826            )?;
8827            b.put_varint(tp.initial_max_stream_data_bidi_remote)?;
8828        }
8829
8830        if tp.initial_max_stream_data_uni != 0 {
8831            TransportParams::encode_param(
8832                &mut b,
8833                0x0007,
8834                octets::varint_len(tp.initial_max_stream_data_uni),
8835            )?;
8836            b.put_varint(tp.initial_max_stream_data_uni)?;
8837        }
8838
8839        if tp.initial_max_streams_bidi != 0 {
8840            TransportParams::encode_param(
8841                &mut b,
8842                0x0008,
8843                octets::varint_len(tp.initial_max_streams_bidi),
8844            )?;
8845            b.put_varint(tp.initial_max_streams_bidi)?;
8846        }
8847
8848        if tp.initial_max_streams_uni != 0 {
8849            TransportParams::encode_param(
8850                &mut b,
8851                0x0009,
8852                octets::varint_len(tp.initial_max_streams_uni),
8853            )?;
8854            b.put_varint(tp.initial_max_streams_uni)?;
8855        }
8856
8857        if tp.ack_delay_exponent != 0 {
8858            TransportParams::encode_param(
8859                &mut b,
8860                0x000a,
8861                octets::varint_len(tp.ack_delay_exponent),
8862            )?;
8863            b.put_varint(tp.ack_delay_exponent)?;
8864        }
8865
8866        if tp.max_ack_delay != 0 {
8867            TransportParams::encode_param(
8868                &mut b,
8869                0x000b,
8870                octets::varint_len(tp.max_ack_delay),
8871            )?;
8872            b.put_varint(tp.max_ack_delay)?;
8873        }
8874
8875        if tp.disable_active_migration {
8876            TransportParams::encode_param(&mut b, 0x000c, 0)?;
8877        }
8878
8879        // TODO: encode preferred_address
8880
8881        if tp.active_conn_id_limit != 2 {
8882            TransportParams::encode_param(
8883                &mut b,
8884                0x000e,
8885                octets::varint_len(tp.active_conn_id_limit),
8886            )?;
8887            b.put_varint(tp.active_conn_id_limit)?;
8888        }
8889
8890        if let Some(scid) = &tp.initial_source_connection_id {
8891            TransportParams::encode_param(&mut b, 0x000f, scid.len())?;
8892            b.put_bytes(scid)?;
8893        }
8894
8895        if is_server {
8896            if let Some(scid) = &tp.retry_source_connection_id {
8897                TransportParams::encode_param(&mut b, 0x0010, scid.len())?;
8898                b.put_bytes(scid)?;
8899            }
8900        }
8901
8902        if let Some(max_datagram_frame_size) = tp.max_datagram_frame_size {
8903            TransportParams::encode_param(
8904                &mut b,
8905                0x0020,
8906                octets::varint_len(max_datagram_frame_size),
8907            )?;
8908            b.put_varint(max_datagram_frame_size)?;
8909        }
8910
8911        let out_len = b.off();
8912
8913        Ok(&mut out[..out_len])
8914    }
8915
8916    /// Creates a qlog event for connection transport parameters and TLS fields
8917    #[cfg(feature = "qlog")]
8918    pub fn to_qlog(
8919        &self, owner: TransportOwner, cipher: Option<crypto::Algorithm>,
8920    ) -> EventData {
8921        let original_destination_connection_id = qlog::HexSlice::maybe_string(
8922            self.original_destination_connection_id.as_ref(),
8923        );
8924
8925        let stateless_reset_token = qlog::HexSlice::maybe_string(
8926            self.stateless_reset_token.map(|s| s.to_be_bytes()).as_ref(),
8927        );
8928
8929        let tls_cipher: Option<String> = cipher.map(|f| format!("{f:?}"));
8930
8931        EventData::TransportParametersSet(
8932            qlog::events::quic::TransportParametersSet {
8933                owner: Some(owner),
8934                tls_cipher,
8935                original_destination_connection_id,
8936                stateless_reset_token,
8937                disable_active_migration: Some(self.disable_active_migration),
8938                max_idle_timeout: Some(self.max_idle_timeout),
8939                max_udp_payload_size: Some(self.max_udp_payload_size as u32),
8940                ack_delay_exponent: Some(self.ack_delay_exponent as u16),
8941                max_ack_delay: Some(self.max_ack_delay as u16),
8942                active_connection_id_limit: Some(
8943                    self.active_conn_id_limit as u32,
8944                ),
8945
8946                initial_max_data: Some(self.initial_max_data),
8947                initial_max_stream_data_bidi_local: Some(
8948                    self.initial_max_stream_data_bidi_local,
8949                ),
8950                initial_max_stream_data_bidi_remote: Some(
8951                    self.initial_max_stream_data_bidi_remote,
8952                ),
8953                initial_max_stream_data_uni: Some(
8954                    self.initial_max_stream_data_uni,
8955                ),
8956                initial_max_streams_bidi: Some(self.initial_max_streams_bidi),
8957                initial_max_streams_uni: Some(self.initial_max_streams_uni),
8958
8959                unknown_parameters: self
8960                    .unknown_params
8961                    .as_ref()
8962                    .map(|unknown_params| {
8963                        unknown_params
8964                            .into_iter()
8965                            .cloned()
8966                            .map(
8967                                Into::<
8968                                    qlog::events::quic::UnknownTransportParameter,
8969                                >::into,
8970                            )
8971                            .collect()
8972                    })
8973                    .unwrap_or_default(),
8974
8975                ..Default::default()
8976            },
8977        )
8978    }
8979}
8980
8981#[doc(hidden)]
8982pub mod testing {
8983    use super::*;
8984
8985    pub struct Pipe {
8986        pub client: Connection,
8987        pub server: Connection,
8988    }
8989
8990    impl Pipe {
8991        pub fn new(cc_algorithm_name: &str) -> Result<Pipe> {
8992            let mut config = Config::new(crate::PROTOCOL_VERSION)?;
8993            assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
8994            config.load_cert_chain_from_pem_file("examples/cert.crt")?;
8995            config.load_priv_key_from_pem_file("examples/cert.key")?;
8996            config.set_application_protos(&[b"proto1", b"proto2"])?;
8997            config.set_initial_max_data(30);
8998            config.set_initial_max_stream_data_bidi_local(15);
8999            config.set_initial_max_stream_data_bidi_remote(15);
9000            config.set_initial_max_stream_data_uni(10);
9001            config.set_initial_max_streams_bidi(3);
9002            config.set_initial_max_streams_uni(3);
9003            config.set_max_idle_timeout(180_000);
9004            config.verify_peer(false);
9005            config.set_ack_delay_exponent(8);
9006
9007            Pipe::with_config(&mut config)
9008        }
9009
9010        pub fn client_addr() -> SocketAddr {
9011            "127.0.0.1:1234".parse().unwrap()
9012        }
9013
9014        pub fn server_addr() -> SocketAddr {
9015            "127.0.0.1:4321".parse().unwrap()
9016        }
9017
9018        pub fn with_config(config: &mut Config) -> Result<Pipe> {
9019            let mut client_scid = [0; 16];
9020            rand::rand_bytes(&mut client_scid[..]);
9021            let client_scid = ConnectionId::from_ref(&client_scid);
9022            let client_addr = Pipe::client_addr();
9023
9024            let mut server_scid = [0; 16];
9025            rand::rand_bytes(&mut server_scid[..]);
9026            let server_scid = ConnectionId::from_ref(&server_scid);
9027            let server_addr = Pipe::server_addr();
9028
9029            Ok(Pipe {
9030                client: connect(
9031                    Some("quic.tech"),
9032                    &client_scid,
9033                    client_addr,
9034                    server_addr,
9035                    config,
9036                )?,
9037                server: accept(
9038                    &server_scid,
9039                    None,
9040                    server_addr,
9041                    client_addr,
9042                    config,
9043                )?,
9044            })
9045        }
9046
9047        pub fn with_config_and_scid_lengths(
9048            config: &mut Config, client_scid_len: usize, server_scid_len: usize,
9049        ) -> Result<Pipe> {
9050            let mut client_scid = vec![0; client_scid_len];
9051            rand::rand_bytes(&mut client_scid[..]);
9052            let client_scid = ConnectionId::from_ref(&client_scid);
9053            let client_addr = Pipe::client_addr();
9054
9055            let mut server_scid = vec![0; server_scid_len];
9056            rand::rand_bytes(&mut server_scid[..]);
9057            let server_scid = ConnectionId::from_ref(&server_scid);
9058            let server_addr = Pipe::server_addr();
9059
9060            Ok(Pipe {
9061                client: connect(
9062                    Some("quic.tech"),
9063                    &client_scid,
9064                    client_addr,
9065                    server_addr,
9066                    config,
9067                )?,
9068                server: accept(
9069                    &server_scid,
9070                    None,
9071                    server_addr,
9072                    client_addr,
9073                    config,
9074                )?,
9075            })
9076        }
9077
9078        pub fn with_client_config(client_config: &mut Config) -> Result<Pipe> {
9079            let mut client_scid = [0; 16];
9080            rand::rand_bytes(&mut client_scid[..]);
9081            let client_scid = ConnectionId::from_ref(&client_scid);
9082            let client_addr = Pipe::client_addr();
9083
9084            let mut server_scid = [0; 16];
9085            rand::rand_bytes(&mut server_scid[..]);
9086            let server_scid = ConnectionId::from_ref(&server_scid);
9087            let server_addr = Pipe::server_addr();
9088
9089            let mut config = Config::new(crate::PROTOCOL_VERSION)?;
9090            config.load_cert_chain_from_pem_file("examples/cert.crt")?;
9091            config.load_priv_key_from_pem_file("examples/cert.key")?;
9092            config.set_application_protos(&[b"proto1", b"proto2"])?;
9093            config.set_initial_max_data(30);
9094            config.set_initial_max_stream_data_bidi_local(15);
9095            config.set_initial_max_stream_data_bidi_remote(15);
9096            config.set_initial_max_streams_bidi(3);
9097            config.set_initial_max_streams_uni(3);
9098            config.set_ack_delay_exponent(8);
9099
9100            Ok(Pipe {
9101                client: connect(
9102                    Some("quic.tech"),
9103                    &client_scid,
9104                    client_addr,
9105                    server_addr,
9106                    client_config,
9107                )?,
9108                server: accept(
9109                    &server_scid,
9110                    None,
9111                    server_addr,
9112                    client_addr,
9113                    &mut config,
9114                )?,
9115            })
9116        }
9117
9118        pub fn with_server_config(server_config: &mut Config) -> Result<Pipe> {
9119            let mut client_scid = [0; 16];
9120            rand::rand_bytes(&mut client_scid[..]);
9121            let client_scid = ConnectionId::from_ref(&client_scid);
9122            let client_addr = Pipe::client_addr();
9123
9124            let mut server_scid = [0; 16];
9125            rand::rand_bytes(&mut server_scid[..]);
9126            let server_scid = ConnectionId::from_ref(&server_scid);
9127            let server_addr = Pipe::server_addr();
9128
9129            let mut config = Config::new(crate::PROTOCOL_VERSION)?;
9130            config.set_application_protos(&[b"proto1", b"proto2"])?;
9131            config.set_initial_max_data(30);
9132            config.set_initial_max_stream_data_bidi_local(15);
9133            config.set_initial_max_stream_data_bidi_remote(15);
9134            config.set_initial_max_streams_bidi(3);
9135            config.set_initial_max_streams_uni(3);
9136            config.set_ack_delay_exponent(8);
9137
9138            Ok(Pipe {
9139                client: connect(
9140                    Some("quic.tech"),
9141                    &client_scid,
9142                    client_addr,
9143                    server_addr,
9144                    &mut config,
9145                )?,
9146                server: accept(
9147                    &server_scid,
9148                    None,
9149                    server_addr,
9150                    client_addr,
9151                    server_config,
9152                )?,
9153            })
9154        }
9155
9156        pub fn with_client_and_server_config(
9157            client_config: &mut Config, server_config: &mut Config,
9158        ) -> Result<Pipe> {
9159            let mut client_scid = [0; 16];
9160            rand::rand_bytes(&mut client_scid[..]);
9161            let client_scid = ConnectionId::from_ref(&client_scid);
9162            let client_addr = Pipe::client_addr();
9163
9164            let mut server_scid = [0; 16];
9165            rand::rand_bytes(&mut server_scid[..]);
9166            let server_scid = ConnectionId::from_ref(&server_scid);
9167            let server_addr = Pipe::server_addr();
9168
9169            Ok(Pipe {
9170                client: connect(
9171                    Some("quic.tech"),
9172                    &client_scid,
9173                    client_addr,
9174                    server_addr,
9175                    client_config,
9176                )?,
9177                server: accept(
9178                    &server_scid,
9179                    None,
9180                    server_addr,
9181                    client_addr,
9182                    server_config,
9183                )?,
9184            })
9185        }
9186
9187        pub fn handshake(&mut self) -> Result<()> {
9188            while !self.client.is_established() || !self.server.is_established() {
9189                let flight = emit_flight(&mut self.client)?;
9190                process_flight(&mut self.server, flight)?;
9191
9192                let flight = emit_flight(&mut self.server)?;
9193                process_flight(&mut self.client, flight)?;
9194            }
9195
9196            Ok(())
9197        }
9198
9199        pub fn advance(&mut self) -> Result<()> {
9200            let mut client_done = false;
9201            let mut server_done = false;
9202
9203            while !client_done || !server_done {
9204                match emit_flight(&mut self.client) {
9205                    Ok(flight) => process_flight(&mut self.server, flight)?,
9206
9207                    Err(Error::Done) => client_done = true,
9208
9209                    Err(e) => return Err(e),
9210                };
9211
9212                match emit_flight(&mut self.server) {
9213                    Ok(flight) => process_flight(&mut self.client, flight)?,
9214
9215                    Err(Error::Done) => server_done = true,
9216
9217                    Err(e) => return Err(e),
9218                };
9219            }
9220
9221            Ok(())
9222        }
9223
9224        pub fn client_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
9225            let server_path = &self.server.paths.get_active().unwrap();
9226            let info = RecvInfo {
9227                to: server_path.peer_addr(),
9228                from: server_path.local_addr(),
9229            };
9230
9231            self.client.recv(buf, info)
9232        }
9233
9234        pub fn server_recv(&mut self, buf: &mut [u8]) -> Result<usize> {
9235            let client_path = &self.client.paths.get_active().unwrap();
9236            let info = RecvInfo {
9237                to: client_path.peer_addr(),
9238                from: client_path.local_addr(),
9239            };
9240
9241            self.server.recv(buf, info)
9242        }
9243
9244        pub fn send_pkt_to_server(
9245            &mut self, pkt_type: packet::Type, frames: &[frame::Frame],
9246            buf: &mut [u8],
9247        ) -> Result<usize> {
9248            let written = encode_pkt(&mut self.client, pkt_type, frames, buf)?;
9249            recv_send(&mut self.server, buf, written)
9250        }
9251
9252        pub fn client_update_key(&mut self) -> Result<()> {
9253            let space =
9254                &mut self.client.pkt_num_spaces[packet::Epoch::Application];
9255
9256            let open_next = space
9257                .crypto_open
9258                .as_ref()
9259                .unwrap()
9260                .derive_next_packet_key()
9261                .unwrap();
9262
9263            let seal_next = space
9264                .crypto_seal
9265                .as_ref()
9266                .unwrap()
9267                .derive_next_packet_key()?;
9268
9269            let open_prev = space.crypto_open.replace(open_next);
9270            space.crypto_seal.replace(seal_next);
9271
9272            space.key_update = Some(packet::KeyUpdate {
9273                crypto_open: open_prev.unwrap(),
9274                pn_on_update: self.client.next_pkt_num,
9275                update_acked: true,
9276                timer: time::Instant::now(),
9277            });
9278
9279            self.client.key_phase = !self.client.key_phase;
9280
9281            Ok(())
9282        }
9283    }
9284
9285    pub fn recv_send<F: BufFactory>(
9286        conn: &mut Connection<F>, buf: &mut [u8], len: usize,
9287    ) -> Result<usize> {
9288        let active_path = conn.paths.get_active()?;
9289        let info = RecvInfo {
9290            to: active_path.local_addr(),
9291            from: active_path.peer_addr(),
9292        };
9293
9294        conn.recv(&mut buf[..len], info)?;
9295
9296        let mut off = 0;
9297
9298        match conn.send(&mut buf[off..]) {
9299            Ok((write, _)) => off += write,
9300
9301            Err(Error::Done) => (),
9302
9303            Err(e) => return Err(e),
9304        }
9305
9306        Ok(off)
9307    }
9308
9309    pub fn process_flight(
9310        conn: &mut Connection, flight: Vec<(Vec<u8>, SendInfo)>,
9311    ) -> Result<()> {
9312        for (mut pkt, si) in flight {
9313            let info = RecvInfo {
9314                to: si.to,
9315                from: si.from,
9316            };
9317
9318            conn.recv(&mut pkt, info)?;
9319        }
9320
9321        Ok(())
9322    }
9323
9324    pub fn emit_flight_with_max_buffer(
9325        conn: &mut Connection, out_size: usize, from: Option<SocketAddr>,
9326        to: Option<SocketAddr>,
9327    ) -> Result<Vec<(Vec<u8>, SendInfo)>> {
9328        let mut flight = Vec::new();
9329
9330        loop {
9331            let mut out = vec![0u8; out_size];
9332
9333            let info = match conn.send_on_path(&mut out, from, to) {
9334                Ok((written, info)) => {
9335                    out.truncate(written);
9336                    info
9337                },
9338
9339                Err(Error::Done) => break,
9340
9341                Err(e) => return Err(e),
9342            };
9343
9344            flight.push((out, info));
9345        }
9346
9347        if flight.is_empty() {
9348            return Err(Error::Done);
9349        }
9350
9351        Ok(flight)
9352    }
9353
9354    pub fn emit_flight_on_path(
9355        conn: &mut Connection, from: Option<SocketAddr>, to: Option<SocketAddr>,
9356    ) -> Result<Vec<(Vec<u8>, SendInfo)>> {
9357        emit_flight_with_max_buffer(conn, 65535, from, to)
9358    }
9359
9360    pub fn emit_flight(
9361        conn: &mut Connection,
9362    ) -> Result<Vec<(Vec<u8>, SendInfo)>> {
9363        emit_flight_on_path(conn, None, None)
9364    }
9365
9366    pub fn encode_pkt(
9367        conn: &mut Connection, pkt_type: packet::Type, frames: &[frame::Frame],
9368        buf: &mut [u8],
9369    ) -> Result<usize> {
9370        let mut b = octets::OctetsMut::with_slice(buf);
9371
9372        let epoch = pkt_type.to_epoch()?;
9373
9374        let space = &mut conn.pkt_num_spaces[epoch];
9375
9376        let pn = conn.next_pkt_num;
9377        let pn_len = 4;
9378
9379        let send_path = conn.paths.get_active()?;
9380        let active_dcid_seq = send_path
9381            .active_dcid_seq
9382            .as_ref()
9383            .ok_or(Error::InvalidState)?;
9384        let active_scid_seq = send_path
9385            .active_scid_seq
9386            .as_ref()
9387            .ok_or(Error::InvalidState)?;
9388
9389        let hdr = Header {
9390            ty: pkt_type,
9391            version: conn.version,
9392            dcid: ConnectionId::from_ref(
9393                conn.ids.get_dcid(*active_dcid_seq)?.cid.as_ref(),
9394            ),
9395            scid: ConnectionId::from_ref(
9396                conn.ids.get_scid(*active_scid_seq)?.cid.as_ref(),
9397            ),
9398            pkt_num: pn,
9399            pkt_num_len: pn_len,
9400            token: conn.token.clone(),
9401            versions: None,
9402            key_phase: conn.key_phase,
9403        };
9404
9405        hdr.to_bytes(&mut b)?;
9406
9407        let payload_len = frames.iter().fold(0, |acc, x| acc + x.wire_len());
9408
9409        if pkt_type != packet::Type::Short {
9410            let len = pn_len + payload_len + space.crypto_overhead().unwrap();
9411            b.put_varint(len as u64)?;
9412        }
9413
9414        // Always encode packet number in 4 bytes, to allow encoding packets
9415        // with empty payloads.
9416        b.put_u32(pn as u32)?;
9417
9418        let payload_offset = b.off();
9419
9420        for frame in frames {
9421            frame.to_bytes(&mut b)?;
9422        }
9423
9424        let aead = match space.crypto_seal {
9425            Some(ref v) => v,
9426            None => return Err(Error::InvalidState),
9427        };
9428
9429        let written = packet::encrypt_pkt(
9430            &mut b,
9431            pn,
9432            pn_len,
9433            payload_len,
9434            payload_offset,
9435            None,
9436            aead,
9437        )?;
9438
9439        conn.next_pkt_num += 1;
9440
9441        Ok(written)
9442    }
9443
9444    pub fn decode_pkt(
9445        conn: &mut Connection, buf: &mut [u8],
9446    ) -> Result<Vec<frame::Frame>> {
9447        let mut b = octets::OctetsMut::with_slice(buf);
9448
9449        let mut hdr = Header::from_bytes(&mut b, conn.source_id().len()).unwrap();
9450
9451        let epoch = hdr.ty.to_epoch()?;
9452
9453        let aead = conn.pkt_num_spaces[epoch].crypto_open.as_ref().unwrap();
9454
9455        let payload_len = b.cap();
9456
9457        packet::decrypt_hdr(&mut b, &mut hdr, aead).unwrap();
9458
9459        let pn = packet::decode_pkt_num(
9460            conn.pkt_num_spaces[epoch].largest_rx_pkt_num,
9461            hdr.pkt_num,
9462            hdr.pkt_num_len,
9463        );
9464
9465        let mut payload =
9466            packet::decrypt_pkt(&mut b, pn, hdr.pkt_num_len, payload_len, aead)
9467                .unwrap();
9468
9469        let mut frames = Vec::new();
9470
9471        while payload.cap() > 0 {
9472            let frame = frame::Frame::from_bytes(&mut payload, hdr.ty)?;
9473            frames.push(frame);
9474        }
9475
9476        Ok(frames)
9477    }
9478
9479    pub fn create_cid_and_reset_token(
9480        cid_len: usize,
9481    ) -> (ConnectionId<'static>, u128) {
9482        let mut cid = vec![0; cid_len];
9483        rand::rand_bytes(&mut cid[..]);
9484        let cid = ConnectionId::from_ref(&cid).into_owned();
9485
9486        let mut reset_token = [0; 16];
9487        rand::rand_bytes(&mut reset_token);
9488        let reset_token = u128::from_be_bytes(reset_token);
9489
9490        (cid, reset_token)
9491    }
9492}
9493
9494#[cfg(test)]
9495mod tests {
9496    use crate::range_buf::RangeBuf;
9497    use rstest::rstest;
9498
9499    use super::*;
9500
9501    #[test]
9502    fn transport_params() {
9503        // Server encodes, client decodes.
9504        let tp = TransportParams {
9505            original_destination_connection_id: None,
9506            max_idle_timeout: 30,
9507            stateless_reset_token: Some(u128::from_be_bytes([0xba; 16])),
9508            max_udp_payload_size: 23_421,
9509            initial_max_data: 424_645_563,
9510            initial_max_stream_data_bidi_local: 154_323_123,
9511            initial_max_stream_data_bidi_remote: 6_587_456,
9512            initial_max_stream_data_uni: 2_461_234,
9513            initial_max_streams_bidi: 12_231,
9514            initial_max_streams_uni: 18_473,
9515            ack_delay_exponent: 20,
9516            max_ack_delay: 2_u64.pow(14) - 1,
9517            disable_active_migration: true,
9518            active_conn_id_limit: 8,
9519            initial_source_connection_id: Some(b"woot woot".to_vec().into()),
9520            retry_source_connection_id: Some(b"retry".to_vec().into()),
9521            max_datagram_frame_size: Some(32),
9522            unknown_params: Default::default(),
9523        };
9524
9525        let mut raw_params = [42; 256];
9526        let raw_params =
9527            TransportParams::encode(&tp, true, &mut raw_params).unwrap();
9528        assert_eq!(raw_params.len(), 94);
9529
9530        let new_tp = TransportParams::decode(raw_params, false, None).unwrap();
9531
9532        assert_eq!(new_tp, tp);
9533
9534        // Client encodes, server decodes.
9535        let tp = TransportParams {
9536            original_destination_connection_id: None,
9537            max_idle_timeout: 30,
9538            stateless_reset_token: None,
9539            max_udp_payload_size: 23_421,
9540            initial_max_data: 424_645_563,
9541            initial_max_stream_data_bidi_local: 154_323_123,
9542            initial_max_stream_data_bidi_remote: 6_587_456,
9543            initial_max_stream_data_uni: 2_461_234,
9544            initial_max_streams_bidi: 12_231,
9545            initial_max_streams_uni: 18_473,
9546            ack_delay_exponent: 20,
9547            max_ack_delay: 2_u64.pow(14) - 1,
9548            disable_active_migration: true,
9549            active_conn_id_limit: 8,
9550            initial_source_connection_id: Some(b"woot woot".to_vec().into()),
9551            retry_source_connection_id: None,
9552            max_datagram_frame_size: Some(32),
9553            unknown_params: Default::default(),
9554        };
9555
9556        let mut raw_params = [42; 256];
9557        let raw_params =
9558            TransportParams::encode(&tp, false, &mut raw_params).unwrap();
9559        assert_eq!(raw_params.len(), 69);
9560
9561        let new_tp = TransportParams::decode(raw_params, true, None).unwrap();
9562
9563        assert_eq!(new_tp, tp);
9564    }
9565
9566    #[test]
9567    fn transport_params_forbid_duplicates() {
9568        // Given an encoded param.
9569        let initial_source_connection_id = b"id";
9570        let initial_source_connection_id_raw = [
9571            15,
9572            initial_source_connection_id.len() as u8,
9573            initial_source_connection_id[0],
9574            initial_source_connection_id[1],
9575        ];
9576
9577        // No error when decoding the param.
9578        let tp = TransportParams::decode(
9579            initial_source_connection_id_raw.as_slice(),
9580            true,
9581            None,
9582        )
9583        .unwrap();
9584
9585        assert_eq!(
9586            tp.initial_source_connection_id,
9587            Some(initial_source_connection_id.to_vec().into())
9588        );
9589
9590        // Duplicate the param.
9591        let mut raw_params = Vec::new();
9592        raw_params.append(&mut initial_source_connection_id_raw.to_vec());
9593        raw_params.append(&mut initial_source_connection_id_raw.to_vec());
9594
9595        // Decoding fails.
9596        assert_eq!(
9597            TransportParams::decode(raw_params.as_slice(), true, None),
9598            Err(Error::InvalidTransportParam)
9599        );
9600    }
9601
9602    #[test]
9603    fn transport_params_unknown_zero_space() {
9604        let mut unknown_params: UnknownTransportParameters =
9605            UnknownTransportParameters {
9606                capacity: 0,
9607                parameters: vec![],
9608            };
9609        let massive_unknown_param = UnknownTransportParameter::<&[u8]> {
9610            id: 5,
9611            value: &[0xau8; 280],
9612        };
9613        assert!(unknown_params.push(massive_unknown_param).is_err());
9614        assert!(unknown_params.capacity == 0);
9615        assert!(unknown_params.parameters.is_empty());
9616    }
9617
9618    #[test]
9619    fn transport_params_unknown_max_space_respected() {
9620        let mut unknown_params: UnknownTransportParameters =
9621            UnknownTransportParameters {
9622                capacity: 256,
9623                parameters: vec![],
9624            };
9625
9626        let massive_unknown_param = UnknownTransportParameter::<&[u8]> {
9627            id: 5,
9628            value: &[0xau8; 280],
9629        };
9630        let big_unknown_param = UnknownTransportParameter::<&[u8]> {
9631            id: 5,
9632            value: &[0xau8; 232],
9633        };
9634        let little_unknown_param = UnknownTransportParameter::<&[u8]> {
9635            id: 6,
9636            value: &[0xau8; 7],
9637        };
9638
9639        assert!(unknown_params.push(massive_unknown_param).is_err());
9640        assert!(unknown_params.capacity == 256);
9641        assert!(unknown_params.parameters.is_empty());
9642
9643        unknown_params.push(big_unknown_param).unwrap();
9644        assert!(unknown_params.capacity == 16);
9645        assert!(unknown_params.parameters.len() == 1);
9646
9647        unknown_params.push(little_unknown_param.clone()).unwrap();
9648        assert!(unknown_params.capacity == 1);
9649        assert!(unknown_params.parameters.len() == 2);
9650
9651        assert!(unknown_params.push(little_unknown_param).is_err());
9652
9653        let mut unknown_params_iter = unknown_params.into_iter();
9654
9655        let unknown_params_first = unknown_params_iter
9656            .next()
9657            .expect("Should have a 0th element.");
9658        assert!(
9659            unknown_params_first.id == 5 &&
9660                unknown_params_first.value == vec![0xau8; 232]
9661        );
9662
9663        let unknown_params_second = unknown_params_iter
9664            .next()
9665            .expect("Should have a 1th element.");
9666        assert!(
9667            unknown_params_second.id == 6 &&
9668                unknown_params_second.value == vec![0xau8; 7]
9669        );
9670    }
9671
9672    #[test]
9673    fn transport_params_unknown_is_reserved() {
9674        let reserved_unknown_param = UnknownTransportParameter::<&[u8]> {
9675            id: 31 * 17 + 27,
9676            value: &[0xau8; 280],
9677        };
9678        let not_reserved_unknown_param = UnknownTransportParameter::<&[u8]> {
9679            id: 32 * 17 + 27,
9680            value: &[0xau8; 280],
9681        };
9682
9683        assert!(reserved_unknown_param.is_reserved());
9684        assert!(!not_reserved_unknown_param.is_reserved());
9685    }
9686    #[test]
9687    fn unknown_version() {
9688        let mut config = Config::new(0xbabababa).unwrap();
9689        config
9690            .set_application_protos(&[b"proto1", b"proto2"])
9691            .unwrap();
9692        config.verify_peer(false);
9693
9694        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
9695        assert_eq!(pipe.handshake(), Err(Error::UnknownVersion));
9696    }
9697
9698    #[test]
9699    fn config_version_reserved() {
9700        Config::new(0xbabababa).unwrap();
9701        Config::new(0x1a2a3a4a).unwrap();
9702    }
9703
9704    #[test]
9705    fn config_version_invalid() {
9706        assert_eq!(
9707            Config::new(0xb1bababa).err().unwrap(),
9708            Error::UnknownVersion
9709        );
9710    }
9711
9712    #[test]
9713    fn version_negotiation() {
9714        let mut buf = [0; 65535];
9715
9716        let mut config = Config::new(0xbabababa).unwrap();
9717        config
9718            .set_application_protos(&[b"proto1", b"proto2"])
9719            .unwrap();
9720        config.verify_peer(false);
9721
9722        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
9723
9724        let (mut len, _) = pipe.client.send(&mut buf).unwrap();
9725
9726        let hdr = packet::Header::from_slice(&mut buf[..len], 0).unwrap();
9727        len = crate::negotiate_version(&hdr.scid, &hdr.dcid, &mut buf).unwrap();
9728
9729        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
9730
9731        assert_eq!(pipe.handshake(), Ok(()));
9732
9733        assert_eq!(pipe.client.version, PROTOCOL_VERSION);
9734        assert_eq!(pipe.server.version, PROTOCOL_VERSION);
9735    }
9736
9737    #[test]
9738    fn verify_custom_root() {
9739        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
9740        config.verify_peer(true);
9741        config
9742            .load_verify_locations_from_file("examples/rootca.crt")
9743            .unwrap();
9744        config
9745            .set_application_protos(&[b"proto1", b"proto2"])
9746            .unwrap();
9747
9748        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
9749        assert_eq!(pipe.handshake(), Ok(()));
9750    }
9751
9752    // Disable this for openssl as it seems to fail for some reason. It could be
9753    // because of the way the get_certs API differs from bssl.
9754    #[cfg(not(feature = "openssl"))]
9755    #[test]
9756    fn verify_client_invalid() {
9757        let mut server_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9758        server_config
9759            .load_cert_chain_from_pem_file("examples/cert.crt")
9760            .unwrap();
9761        server_config
9762            .load_priv_key_from_pem_file("examples/cert.key")
9763            .unwrap();
9764        server_config
9765            .set_application_protos(&[b"proto1", b"proto2"])
9766            .unwrap();
9767        server_config.set_initial_max_data(30);
9768        server_config.set_initial_max_stream_data_bidi_local(15);
9769        server_config.set_initial_max_stream_data_bidi_remote(15);
9770        server_config.set_initial_max_streams_bidi(3);
9771
9772        // The server shouldn't be able to verify the client's certificate due
9773        // to missing CA.
9774        server_config.verify_peer(true);
9775
9776        let mut client_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9777        client_config
9778            .load_cert_chain_from_pem_file("examples/cert.crt")
9779            .unwrap();
9780        client_config
9781            .load_priv_key_from_pem_file("examples/cert.key")
9782            .unwrap();
9783        client_config
9784            .set_application_protos(&[b"proto1", b"proto2"])
9785            .unwrap();
9786        client_config.set_initial_max_data(30);
9787        client_config.set_initial_max_stream_data_bidi_local(15);
9788        client_config.set_initial_max_stream_data_bidi_remote(15);
9789        client_config.set_initial_max_streams_bidi(3);
9790
9791        // The client is able to verify the server's certificate with the
9792        // appropriate CA.
9793        client_config
9794            .load_verify_locations_from_file("examples/rootca.crt")
9795            .unwrap();
9796        client_config.verify_peer(true);
9797
9798        let mut pipe = testing::Pipe::with_client_and_server_config(
9799            &mut client_config,
9800            &mut server_config,
9801        )
9802        .unwrap();
9803        assert_eq!(pipe.handshake(), Err(Error::TlsFail));
9804
9805        // Client did send a certificate.
9806        assert!(pipe.server.peer_cert().is_some());
9807    }
9808
9809    #[test]
9810    fn verify_client_anonymous() {
9811        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
9812        config
9813            .load_cert_chain_from_pem_file("examples/cert.crt")
9814            .unwrap();
9815        config
9816            .load_priv_key_from_pem_file("examples/cert.key")
9817            .unwrap();
9818        config
9819            .set_application_protos(&[b"proto1", b"proto2"])
9820            .unwrap();
9821        config.set_initial_max_data(30);
9822        config.set_initial_max_stream_data_bidi_local(15);
9823        config.set_initial_max_stream_data_bidi_remote(15);
9824        config.set_initial_max_streams_bidi(3);
9825
9826        // Try to validate client certificate.
9827        config.verify_peer(true);
9828
9829        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
9830        assert_eq!(pipe.handshake(), Ok(()));
9831
9832        // Client didn't send a certificate.
9833        assert!(pipe.server.peer_cert().is_none());
9834    }
9835
9836    #[rstest]
9837    fn missing_initial_source_connection_id(
9838        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9839    ) {
9840        let mut buf = [0; 65535];
9841
9842        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
9843
9844        // Reset initial_source_connection_id.
9845        pipe.client
9846            .local_transport_params
9847            .initial_source_connection_id = None;
9848        assert_eq!(pipe.client.encode_transport_params(), Ok(()));
9849
9850        // Client sends initial flight.
9851        let (len, _) = pipe.client.send(&mut buf).unwrap();
9852
9853        // Server rejects transport parameters.
9854        assert_eq!(
9855            pipe.server_recv(&mut buf[..len]),
9856            Err(Error::InvalidTransportParam)
9857        );
9858    }
9859
9860    #[rstest]
9861    fn invalid_initial_source_connection_id(
9862        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9863    ) {
9864        let mut buf = [0; 65535];
9865
9866        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
9867
9868        // Scramble initial_source_connection_id.
9869        pipe.client
9870            .local_transport_params
9871            .initial_source_connection_id = Some(b"bogus value".to_vec().into());
9872        assert_eq!(pipe.client.encode_transport_params(), Ok(()));
9873
9874        // Client sends initial flight.
9875        let (len, _) = pipe.client.send(&mut buf).unwrap();
9876
9877        // Server rejects transport parameters.
9878        assert_eq!(
9879            pipe.server_recv(&mut buf[..len]),
9880            Err(Error::InvalidTransportParam)
9881        );
9882    }
9883
9884    #[rstest]
9885    fn change_idle_timeout(
9886        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9887    ) {
9888        let mut config = Config::new(0x1).unwrap();
9889        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
9890        config
9891            .set_application_protos(&[b"proto1", b"proto2"])
9892            .unwrap();
9893        config.set_max_idle_timeout(999999);
9894        config.verify_peer(false);
9895
9896        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
9897        assert_eq!(pipe.client.local_transport_params.max_idle_timeout, 999999);
9898        assert_eq!(pipe.client.peer_transport_params.max_idle_timeout, 0);
9899        assert_eq!(pipe.server.local_transport_params.max_idle_timeout, 0);
9900        assert_eq!(pipe.server.peer_transport_params.max_idle_timeout, 0);
9901
9902        pipe.client.set_max_idle_timeout(456000).unwrap();
9903        pipe.server.set_max_idle_timeout(234000).unwrap();
9904        assert_eq!(pipe.client.local_transport_params.max_idle_timeout, 456000);
9905        assert_eq!(pipe.client.peer_transport_params.max_idle_timeout, 0);
9906        assert_eq!(pipe.server.local_transport_params.max_idle_timeout, 234000);
9907        assert_eq!(pipe.server.peer_transport_params.max_idle_timeout, 0);
9908
9909        assert_eq!(pipe.handshake(), Ok(()));
9910
9911        assert_eq!(
9912            pipe.client.idle_timeout(),
9913            Some(time::Duration::from_millis(234000))
9914        );
9915        assert_eq!(
9916            pipe.server.idle_timeout(),
9917            Some(time::Duration::from_millis(234000))
9918        );
9919    }
9920
9921    #[rstest]
9922    fn handshake(
9923        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9924    ) {
9925        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
9926        assert_eq!(pipe.handshake(), Ok(()));
9927
9928        assert_eq!(
9929            pipe.client.application_proto(),
9930            pipe.server.application_proto()
9931        );
9932
9933        assert_eq!(pipe.server.server_name(), Some("quic.tech"));
9934    }
9935
9936    #[rstest]
9937    fn handshake_done(
9938        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9939    ) {
9940        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
9941
9942        // Disable session tickets on the server (SSL_OP_NO_TICKET) to avoid
9943        // triggering 1-RTT packet send with a CRYPTO frame.
9944        pipe.server.handshake.set_options(0x0000_4000);
9945
9946        assert_eq!(pipe.handshake(), Ok(()));
9947
9948        assert!(pipe.server.handshake_done_sent);
9949    }
9950
9951    #[rstest]
9952    fn handshake_confirmation(
9953        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
9954    ) {
9955        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
9956
9957        // Client sends initial flight.
9958        let flight = testing::emit_flight(&mut pipe.client).unwrap();
9959        testing::process_flight(&mut pipe.server, flight).unwrap();
9960
9961        // Server sends initial flight.
9962        let flight = testing::emit_flight(&mut pipe.server).unwrap();
9963
9964        assert!(!pipe.client.is_established());
9965        assert!(!pipe.client.handshake_confirmed);
9966
9967        assert!(!pipe.server.is_established());
9968        assert!(!pipe.server.handshake_confirmed);
9969
9970        testing::process_flight(&mut pipe.client, flight).unwrap();
9971
9972        // Client sends Handshake packet and completes handshake.
9973        let flight = testing::emit_flight(&mut pipe.client).unwrap();
9974
9975        assert!(pipe.client.is_established());
9976        assert!(!pipe.client.handshake_confirmed);
9977
9978        assert!(!pipe.server.is_established());
9979        assert!(!pipe.server.handshake_confirmed);
9980
9981        testing::process_flight(&mut pipe.server, flight).unwrap();
9982
9983        // Server completes and confirms handshake, and sends HANDSHAKE_DONE.
9984        let flight = testing::emit_flight(&mut pipe.server).unwrap();
9985
9986        assert!(pipe.client.is_established());
9987        assert!(!pipe.client.handshake_confirmed);
9988
9989        assert!(pipe.server.is_established());
9990        assert!(pipe.server.handshake_confirmed);
9991
9992        testing::process_flight(&mut pipe.client, flight).unwrap();
9993
9994        // Client acks 1-RTT packet, and confirms handshake.
9995        let flight = testing::emit_flight(&mut pipe.client).unwrap();
9996
9997        assert!(pipe.client.is_established());
9998        assert!(pipe.client.handshake_confirmed);
9999
10000        assert!(pipe.server.is_established());
10001        assert!(pipe.server.handshake_confirmed);
10002
10003        testing::process_flight(&mut pipe.server, flight).unwrap();
10004
10005        assert!(pipe.client.is_established());
10006        assert!(pipe.client.handshake_confirmed);
10007
10008        assert!(pipe.server.is_established());
10009        assert!(pipe.server.handshake_confirmed);
10010    }
10011
10012    #[rstest]
10013    fn handshake_resumption(
10014        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10015    ) {
10016        #[cfg(not(feature = "openssl"))]
10017        const SESSION_TICKET_KEY: [u8; 48] = [0xa; 48];
10018
10019        // 80-byte key(AES 256)
10020        // TODO: We can set the default? or query the ticket size by calling
10021        // the same API(SSL_CTX_set_tlsext_ticket_keys) twice to fetch the size.
10022        #[cfg(feature = "openssl")]
10023        const SESSION_TICKET_KEY: [u8; 80] = [0xa; 80];
10024
10025        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10026        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10027
10028        config
10029            .load_cert_chain_from_pem_file("examples/cert.crt")
10030            .unwrap();
10031        config
10032            .load_priv_key_from_pem_file("examples/cert.key")
10033            .unwrap();
10034        config
10035            .set_application_protos(&[b"proto1", b"proto2"])
10036            .unwrap();
10037        config.set_initial_max_data(30);
10038        config.set_initial_max_stream_data_bidi_local(15);
10039        config.set_initial_max_stream_data_bidi_remote(15);
10040        config.set_initial_max_streams_bidi(3);
10041        config.set_ticket_key(&SESSION_TICKET_KEY).unwrap();
10042
10043        // Perform initial handshake.
10044        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
10045        assert_eq!(pipe.handshake(), Ok(()));
10046
10047        assert!(pipe.client.is_established());
10048        assert!(pipe.server.is_established());
10049
10050        assert!(!pipe.client.is_resumed());
10051        assert!(!pipe.server.is_resumed());
10052
10053        // Extract session,
10054        let session = pipe.client.session().unwrap();
10055
10056        // Configure session on new connection and perform handshake.
10057        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10058        config
10059            .load_cert_chain_from_pem_file("examples/cert.crt")
10060            .unwrap();
10061        config
10062            .load_priv_key_from_pem_file("examples/cert.key")
10063            .unwrap();
10064        config
10065            .set_application_protos(&[b"proto1", b"proto2"])
10066            .unwrap();
10067        config.set_initial_max_data(30);
10068        config.set_initial_max_stream_data_bidi_local(15);
10069        config.set_initial_max_stream_data_bidi_remote(15);
10070        config.set_initial_max_streams_bidi(3);
10071        config.set_ticket_key(&SESSION_TICKET_KEY).unwrap();
10072
10073        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
10074
10075        assert_eq!(pipe.client.set_session(session), Ok(()));
10076        assert_eq!(pipe.handshake(), Ok(()));
10077
10078        assert!(pipe.client.is_established());
10079        assert!(pipe.server.is_established());
10080
10081        assert!(pipe.client.is_resumed());
10082        assert!(pipe.server.is_resumed());
10083    }
10084
10085    #[rstest]
10086    fn handshake_alpn_mismatch(
10087        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10088    ) {
10089        let mut buf = [0; 65535];
10090
10091        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
10092        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10093        config
10094            .set_application_protos(&[b"proto3\x06proto4"])
10095            .unwrap();
10096        config.verify_peer(false);
10097
10098        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
10099        assert_eq!(pipe.handshake(), Err(Error::TlsFail));
10100
10101        assert_eq!(pipe.client.application_proto(), b"");
10102        assert_eq!(pipe.server.application_proto(), b"");
10103
10104        // Server should only send one packet in response to ALPN mismatch.
10105        let (len, _) = pipe.server.send(&mut buf).unwrap();
10106        assert_eq!(len, 1200);
10107
10108        assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
10109        assert_eq!(pipe.server.sent_count, 1);
10110    }
10111
10112    #[cfg(not(feature = "openssl"))] // 0-RTT not supported when using openssl/quictls
10113    #[rstest]
10114    fn handshake_0rtt(
10115        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10116    ) {
10117        let mut buf = [0; 65535];
10118
10119        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10120        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10121        config
10122            .load_cert_chain_from_pem_file("examples/cert.crt")
10123            .unwrap();
10124        config
10125            .load_priv_key_from_pem_file("examples/cert.key")
10126            .unwrap();
10127        config
10128            .set_application_protos(&[b"proto1", b"proto2"])
10129            .unwrap();
10130        config.set_initial_max_data(30);
10131        config.set_initial_max_stream_data_bidi_local(15);
10132        config.set_initial_max_stream_data_bidi_remote(15);
10133        config.set_initial_max_streams_bidi(3);
10134        config.enable_early_data();
10135        config.verify_peer(false);
10136
10137        // Perform initial handshake.
10138        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10139        assert_eq!(pipe.handshake(), Ok(()));
10140
10141        // Extract session,
10142        let session = pipe.client.session().unwrap();
10143
10144        // Configure session on new connection.
10145        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10146        assert_eq!(pipe.client.set_session(session), Ok(()));
10147
10148        // Client sends initial flight.
10149        let (len, _) = pipe.client.send(&mut buf).unwrap();
10150        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
10151
10152        // Client sends 0-RTT packet.
10153        let pkt_type = packet::Type::ZeroRTT;
10154
10155        let frames = [frame::Frame::Stream {
10156            stream_id: 4,
10157            data: <RangeBuf>::from(b"aaaaa", 0, true),
10158        }];
10159
10160        assert_eq!(
10161            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10162            Ok(1200)
10163        );
10164
10165        assert_eq!(pipe.server.undecryptable_pkts.len(), 0);
10166
10167        // 0-RTT stream data is readable.
10168        let mut r = pipe.server.readable();
10169        assert_eq!(r.next(), Some(4));
10170        assert_eq!(r.next(), None);
10171
10172        let mut b = [0; 15];
10173        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
10174        assert_eq!(&b[..5], b"aaaaa");
10175    }
10176
10177    #[cfg(not(feature = "openssl"))] // 0-RTT not supported when using openssl/quictls
10178    #[rstest]
10179    fn handshake_0rtt_reordered(
10180        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10181    ) {
10182        let mut buf = [0; 65535];
10183
10184        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10185        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10186        config
10187            .load_cert_chain_from_pem_file("examples/cert.crt")
10188            .unwrap();
10189        config
10190            .load_priv_key_from_pem_file("examples/cert.key")
10191            .unwrap();
10192        config
10193            .set_application_protos(&[b"proto1", b"proto2"])
10194            .unwrap();
10195        config.set_initial_max_data(30);
10196        config.set_initial_max_stream_data_bidi_local(15);
10197        config.set_initial_max_stream_data_bidi_remote(15);
10198        config.set_initial_max_streams_bidi(3);
10199        config.enable_early_data();
10200        config.verify_peer(false);
10201
10202        // Perform initial handshake.
10203        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10204        assert_eq!(pipe.handshake(), Ok(()));
10205
10206        // Extract session,
10207        let session = pipe.client.session().unwrap();
10208
10209        // Configure session on new connection.
10210        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10211        assert_eq!(pipe.client.set_session(session), Ok(()));
10212
10213        // Client sends initial flight.
10214        let (len, _) = pipe.client.send(&mut buf).unwrap();
10215        let mut initial = buf[..len].to_vec();
10216
10217        // Client sends 0-RTT packet.
10218        let pkt_type = packet::Type::ZeroRTT;
10219
10220        let frames = [frame::Frame::Stream {
10221            stream_id: 4,
10222            data: <RangeBuf>::from(b"aaaaa", 0, true),
10223        }];
10224
10225        let len =
10226            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
10227                .unwrap();
10228        let mut zrtt = buf[..len].to_vec();
10229
10230        // 0-RTT packet is received before the Initial one.
10231        assert_eq!(pipe.server_recv(&mut zrtt), Ok(zrtt.len()));
10232
10233        assert_eq!(pipe.server.undecryptable_pkts.len(), 1);
10234        assert_eq!(pipe.server.undecryptable_pkts[0].0.len(), zrtt.len());
10235
10236        let mut r = pipe.server.readable();
10237        assert_eq!(r.next(), None);
10238
10239        // Initial packet is also received.
10240        assert_eq!(pipe.server_recv(&mut initial), Ok(initial.len()));
10241
10242        // 0-RTT stream data is readable.
10243        let mut r = pipe.server.readable();
10244        assert_eq!(r.next(), Some(4));
10245        assert_eq!(r.next(), None);
10246
10247        let mut b = [0; 15];
10248        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
10249        assert_eq!(&b[..5], b"aaaaa");
10250    }
10251
10252    #[cfg(not(feature = "openssl"))] // 0-RTT not supported when using openssl/quictls
10253    #[rstest]
10254    fn handshake_0rtt_truncated(
10255        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10256    ) {
10257        let mut buf = [0; 65535];
10258
10259        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10260        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10261        config
10262            .load_cert_chain_from_pem_file("examples/cert.crt")
10263            .unwrap();
10264        config
10265            .load_priv_key_from_pem_file("examples/cert.key")
10266            .unwrap();
10267        config
10268            .set_application_protos(&[b"proto1", b"proto2"])
10269            .unwrap();
10270        config.set_initial_max_data(30);
10271        config.set_initial_max_stream_data_bidi_local(15);
10272        config.set_initial_max_stream_data_bidi_remote(15);
10273        config.set_initial_max_streams_bidi(3);
10274        config.enable_early_data();
10275        config.verify_peer(false);
10276
10277        // Perform initial handshake.
10278        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10279        assert_eq!(pipe.handshake(), Ok(()));
10280
10281        // Extract session,
10282        let session = pipe.client.session().unwrap();
10283
10284        // Configure session on new connection.
10285        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10286        assert_eq!(pipe.client.set_session(session), Ok(()));
10287
10288        // Client sends initial flight.
10289        pipe.client.send(&mut buf).unwrap();
10290
10291        // Client sends 0-RTT packet.
10292        let pkt_type = packet::Type::ZeroRTT;
10293
10294        let frames = [frame::Frame::Stream {
10295            stream_id: 4,
10296            data: <RangeBuf>::from(b"aaaaa", 0, true),
10297        }];
10298
10299        let len =
10300            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
10301                .unwrap();
10302
10303        // Simulate a truncated packet by sending one byte less.
10304        let mut zrtt = buf[..len - 1].to_vec();
10305
10306        // 0-RTT packet is received before the Initial one.
10307        assert_eq!(pipe.server_recv(&mut zrtt), Err(Error::InvalidPacket));
10308
10309        assert_eq!(pipe.server.undecryptable_pkts.len(), 0);
10310
10311        assert!(pipe.server.is_closed());
10312    }
10313
10314    #[rstest]
10315    fn crypto_limit(
10316        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10317    ) {
10318        let mut buf = [0; 65535];
10319
10320        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10321        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10322        config
10323            .load_cert_chain_from_pem_file("examples/cert.crt")
10324            .unwrap();
10325        config
10326            .load_priv_key_from_pem_file("examples/cert.key")
10327            .unwrap();
10328        config
10329            .set_application_protos(&[b"proto1", b"proto2"])
10330            .unwrap();
10331        config.set_initial_max_data(30);
10332        config.set_initial_max_stream_data_bidi_local(15);
10333        config.set_initial_max_stream_data_bidi_remote(15);
10334        config.set_initial_max_streams_bidi(3);
10335        config.enable_early_data();
10336        config.verify_peer(false);
10337
10338        // Perform initial handshake.
10339        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10340        assert_eq!(pipe.handshake(), Ok(()));
10341
10342        // Client send a 1-byte frame that starts from the crypto stream offset
10343        // limit.
10344        let frames = [frame::Frame::Crypto {
10345            data: RangeBuf::from(b"a", MAX_CRYPTO_STREAM_OFFSET, false),
10346        }];
10347
10348        let pkt_type = packet::Type::Short;
10349
10350        let written =
10351            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
10352                .unwrap();
10353
10354        let active_path = pipe.server.paths.get_active().unwrap();
10355        let info = RecvInfo {
10356            to: active_path.local_addr(),
10357            from: active_path.peer_addr(),
10358        };
10359
10360        assert_eq!(
10361            pipe.server.recv(&mut buf[..written], info),
10362            Err(Error::CryptoBufferExceeded)
10363        );
10364
10365        let written = match pipe.server.send(&mut buf) {
10366            Ok((write, _)) => write,
10367
10368            Err(_) => unreachable!(),
10369        };
10370
10371        let frames =
10372            testing::decode_pkt(&mut pipe.client, &mut buf[..written]).unwrap();
10373        let mut iter = frames.iter();
10374
10375        assert_eq!(
10376            iter.next(),
10377            Some(&frame::Frame::ConnectionClose {
10378                error_code: 0x0d,
10379                frame_type: 0,
10380                reason: Vec::new(),
10381            })
10382        );
10383    }
10384
10385    #[rstest]
10386    fn limit_handshake_data(
10387        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10388    ) {
10389        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
10390        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10391        config
10392            .load_cert_chain_from_pem_file("examples/cert-big.crt")
10393            .unwrap();
10394        config
10395            .load_priv_key_from_pem_file("examples/cert.key")
10396            .unwrap();
10397        config
10398            .set_application_protos(&[b"proto1", b"proto2"])
10399            .unwrap();
10400
10401        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
10402
10403        let flight = testing::emit_flight(&mut pipe.client).unwrap();
10404        let client_sent = flight.iter().fold(0, |out, p| out + p.0.len());
10405        testing::process_flight(&mut pipe.server, flight).unwrap();
10406
10407        let flight = testing::emit_flight(&mut pipe.server).unwrap();
10408        let server_sent = flight.iter().fold(0, |out, p| out + p.0.len());
10409
10410        assert_eq!(server_sent, client_sent * MAX_AMPLIFICATION_FACTOR);
10411    }
10412
10413    #[rstest]
10414    fn custom_limit_handshake_data(
10415        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10416    ) {
10417        const CUSTOM_AMPLIFICATION_FACTOR: usize = 2;
10418
10419        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
10420        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10421        config
10422            .load_cert_chain_from_pem_file("examples/cert-big.crt")
10423            .unwrap();
10424        config
10425            .load_priv_key_from_pem_file("examples/cert.key")
10426            .unwrap();
10427        config
10428            .set_application_protos(&[b"proto1", b"proto2"])
10429            .unwrap();
10430        config.set_max_amplification_factor(CUSTOM_AMPLIFICATION_FACTOR);
10431
10432        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
10433
10434        let flight = testing::emit_flight(&mut pipe.client).unwrap();
10435        let client_sent = flight.iter().fold(0, |out, p| out + p.0.len());
10436        testing::process_flight(&mut pipe.server, flight).unwrap();
10437
10438        let flight = testing::emit_flight(&mut pipe.server).unwrap();
10439        let server_sent = flight.iter().fold(0, |out, p| out + p.0.len());
10440
10441        assert_eq!(server_sent, client_sent * CUSTOM_AMPLIFICATION_FACTOR);
10442    }
10443
10444    #[rstest]
10445    fn streamio(
10446        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10447    ) {
10448        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10449        assert_eq!(pipe.handshake(), Ok(()));
10450
10451        assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
10452        assert_eq!(pipe.advance(), Ok(()));
10453
10454        assert!(!pipe.server.stream_finished(4));
10455
10456        let mut r = pipe.server.readable();
10457        assert_eq!(r.next(), Some(4));
10458        assert_eq!(r.next(), None);
10459
10460        let mut b = [0; 15];
10461        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((12, true)));
10462        assert_eq!(&b[..12], b"hello, world");
10463
10464        assert!(pipe.server.stream_finished(4));
10465    }
10466
10467    #[cfg(not(feature = "openssl"))] // 0-RTT not supported when using openssl/quictls
10468    #[rstest]
10469    fn zero_rtt(
10470        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10471    ) {
10472        let mut buf = [0; 65535];
10473
10474        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10475        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10476        config
10477            .load_cert_chain_from_pem_file("examples/cert.crt")
10478            .unwrap();
10479        config
10480            .load_priv_key_from_pem_file("examples/cert.key")
10481            .unwrap();
10482        config
10483            .set_application_protos(&[b"proto1", b"proto2"])
10484            .unwrap();
10485        config.set_initial_max_data(30);
10486        config.set_initial_max_stream_data_bidi_local(15);
10487        config.set_initial_max_stream_data_bidi_remote(15);
10488        config.set_initial_max_streams_bidi(3);
10489        config.enable_early_data();
10490        config.verify_peer(false);
10491
10492        // Perform initial handshake.
10493        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10494        assert_eq!(pipe.handshake(), Ok(()));
10495
10496        // Extract session,
10497        let session = pipe.client.session().unwrap();
10498
10499        // Configure session on new connection.
10500        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10501        assert_eq!(pipe.client.set_session(session), Ok(()));
10502
10503        // Client sends initial flight.
10504        let (len, _) = pipe.client.send(&mut buf).unwrap();
10505        let mut initial = buf[..len].to_vec();
10506
10507        assert!(pipe.client.is_in_early_data());
10508
10509        // Client sends 0-RTT data.
10510        assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
10511
10512        let (len, _) = pipe.client.send(&mut buf).unwrap();
10513        let mut zrtt = buf[..len].to_vec();
10514
10515        // Server receives packets.
10516        assert_eq!(pipe.server_recv(&mut initial), Ok(initial.len()));
10517        assert!(pipe.server.is_in_early_data());
10518
10519        assert_eq!(pipe.server_recv(&mut zrtt), Ok(zrtt.len()));
10520
10521        // 0-RTT stream data is readable.
10522        let mut r = pipe.server.readable();
10523        assert_eq!(r.next(), Some(4));
10524        assert_eq!(r.next(), None);
10525
10526        let mut b = [0; 15];
10527        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((12, true)));
10528        assert_eq!(&b[..12], b"hello, world");
10529    }
10530
10531    #[rstest]
10532    fn stream_send_on_32bit_arch(
10533        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10534    ) {
10535        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
10536        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
10537        config
10538            .load_cert_chain_from_pem_file("examples/cert.crt")
10539            .unwrap();
10540        config
10541            .load_priv_key_from_pem_file("examples/cert.key")
10542            .unwrap();
10543        config
10544            .set_application_protos(&[b"proto1", b"proto2"])
10545            .unwrap();
10546        config.set_initial_max_data(2_u64.pow(32) + 5);
10547        config.set_initial_max_stream_data_bidi_local(15);
10548        config.set_initial_max_stream_data_bidi_remote(15);
10549        config.set_initial_max_stream_data_uni(10);
10550        config.set_initial_max_streams_bidi(3);
10551        config.set_initial_max_streams_uni(0);
10552        config.verify_peer(false);
10553
10554        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
10555        assert_eq!(pipe.handshake(), Ok(()));
10556
10557        // In 32bit arch, send_capacity() should be min(2^32+5, cwnd),
10558        // not min(5, cwnd)
10559        assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
10560
10561        assert_eq!(pipe.advance(), Ok(()));
10562
10563        assert!(!pipe.server.stream_finished(4));
10564    }
10565
10566    #[rstest]
10567    fn empty_stream_frame(
10568        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10569    ) {
10570        let mut buf = [0; 65535];
10571
10572        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10573        assert_eq!(pipe.handshake(), Ok(()));
10574
10575        let frames = [frame::Frame::Stream {
10576            stream_id: 4,
10577            data: <RangeBuf>::from(b"aaaaa", 0, false),
10578        }];
10579
10580        let pkt_type = packet::Type::Short;
10581        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
10582
10583        let mut readable = pipe.server.readable();
10584        assert_eq!(readable.next(), Some(4));
10585
10586        assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((5, false)));
10587
10588        let frames = [frame::Frame::Stream {
10589            stream_id: 4,
10590            data: <RangeBuf>::from(b"", 5, true),
10591        }];
10592
10593        let pkt_type = packet::Type::Short;
10594        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
10595
10596        let mut readable = pipe.server.readable();
10597        assert_eq!(readable.next(), Some(4));
10598
10599        assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((0, true)));
10600
10601        let frames = [frame::Frame::Stream {
10602            stream_id: 4,
10603            data: <RangeBuf>::from(b"", 15, true),
10604        }];
10605
10606        let pkt_type = packet::Type::Short;
10607        assert_eq!(
10608            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10609            Err(Error::FinalSize)
10610        );
10611    }
10612
10613    #[rstest]
10614    fn update_key_request(
10615        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10616    ) {
10617        let mut b = [0; 15];
10618
10619        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10620        assert_eq!(pipe.handshake(), Ok(()));
10621        assert_eq!(pipe.advance(), Ok(()));
10622
10623        // Client sends message with key update request.
10624        assert_eq!(pipe.client_update_key(), Ok(()));
10625        assert_eq!(pipe.client.stream_send(4, b"hello", false), Ok(5));
10626        assert_eq!(pipe.advance(), Ok(()));
10627
10628        // Ensure server updates key and it correctly decrypts the message.
10629        let mut r = pipe.server.readable();
10630        assert_eq!(r.next(), Some(4));
10631        assert_eq!(r.next(), None);
10632        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, false)));
10633        assert_eq!(&b[..5], b"hello");
10634
10635        // Ensure ACK for key update.
10636        assert!(
10637            pipe.server.pkt_num_spaces[packet::Epoch::Application]
10638                .key_update
10639                .as_ref()
10640                .unwrap()
10641                .update_acked
10642        );
10643
10644        // Server sends message with the new key.
10645        assert_eq!(pipe.server.stream_send(4, b"world", false), Ok(5));
10646        assert_eq!(pipe.advance(), Ok(()));
10647
10648        // Ensure update key is completed and client can decrypt packet.
10649        let mut r = pipe.client.readable();
10650        assert_eq!(r.next(), Some(4));
10651        assert_eq!(r.next(), None);
10652        assert_eq!(pipe.client.stream_recv(4, &mut b), Ok((5, false)));
10653        assert_eq!(&b[..5], b"world");
10654
10655        // Server keeps sending packets to ensure encryption still works.
10656        for _ in 0..10 {
10657            assert_eq!(pipe.server.stream_send(4, b"world", false), Ok(5));
10658            assert_eq!(pipe.advance(), Ok(()));
10659
10660            let mut r = pipe.client.readable();
10661            assert_eq!(r.next(), Some(4));
10662            assert_eq!(r.next(), None);
10663            assert_eq!(pipe.client.stream_recv(4, &mut b), Ok((5, false)));
10664            assert_eq!(&b[..5], b"world");
10665        }
10666    }
10667
10668    #[rstest]
10669    fn update_key_request_twice_error(
10670        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10671    ) {
10672        let mut buf = [0; 65535];
10673
10674        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10675        assert_eq!(pipe.handshake(), Ok(()));
10676        assert_eq!(pipe.advance(), Ok(()));
10677
10678        let frames = [frame::Frame::Stream {
10679            stream_id: 4,
10680            data: <RangeBuf>::from(b"hello", 0, false),
10681        }];
10682
10683        // Client sends stream frame with key update request.
10684        assert_eq!(pipe.client_update_key(), Ok(()));
10685        let written = testing::encode_pkt(
10686            &mut pipe.client,
10687            packet::Type::Short,
10688            &frames,
10689            &mut buf,
10690        )
10691        .unwrap();
10692
10693        // Server correctly decode with new key.
10694        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
10695
10696        // Client sends stream frame with another key update request before server
10697        // ACK.
10698        assert_eq!(pipe.client_update_key(), Ok(()));
10699        let written = testing::encode_pkt(
10700            &mut pipe.client,
10701            packet::Type::Short,
10702            &frames,
10703            &mut buf,
10704        )
10705        .unwrap();
10706
10707        // Check server correctly closes the connection with a key update error
10708        // for the peer.
10709        assert_eq!(pipe.server_recv(&mut buf[..written]), Err(Error::KeyUpdate));
10710    }
10711
10712    #[rstest]
10713    /// Tests that receiving a MAX_STREAM_DATA frame for a receive-only
10714    /// unidirectional stream is forbidden.
10715    fn max_stream_data_receive_uni(
10716        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10717    ) {
10718        let mut buf = [0; 65535];
10719
10720        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10721        assert_eq!(pipe.handshake(), Ok(()));
10722
10723        // Client opens unidirectional stream.
10724        assert_eq!(pipe.client.stream_send(2, b"hello", false), Ok(5));
10725        assert_eq!(pipe.advance(), Ok(()));
10726
10727        // Client sends MAX_STREAM_DATA on local unidirectional stream.
10728        let frames = [frame::Frame::MaxStreamData {
10729            stream_id: 2,
10730            max: 1024,
10731        }];
10732
10733        let pkt_type = packet::Type::Short;
10734        assert_eq!(
10735            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10736            Err(Error::InvalidStreamState(2)),
10737        );
10738    }
10739
10740    #[rstest]
10741    fn empty_payload(
10742        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10743    ) {
10744        let mut buf = [0; 65535];
10745
10746        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10747        assert_eq!(pipe.handshake(), Ok(()));
10748
10749        // Send a packet with no frames.
10750        let pkt_type = packet::Type::Short;
10751        assert_eq!(
10752            pipe.send_pkt_to_server(pkt_type, &[], &mut buf),
10753            Err(Error::InvalidPacket)
10754        );
10755    }
10756
10757    #[rstest]
10758    fn min_payload(
10759        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10760    ) {
10761        let mut buf = [0; 65535];
10762
10763        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10764
10765        // Send a non-ack-eliciting packet.
10766        let frames = [frame::Frame::Padding { len: 4 }];
10767
10768        let pkt_type = packet::Type::Initial;
10769        let written =
10770            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
10771                .unwrap();
10772        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
10773
10774        let initial_path = pipe
10775            .server
10776            .paths
10777            .get_active()
10778            .expect("initial path not found");
10779
10780        assert_eq!(initial_path.max_send_bytes, 195);
10781
10782        // Force server to send a single PING frame.
10783        pipe.server
10784            .paths
10785            .get_active_mut()
10786            .expect("no active path")
10787            .recovery
10788            .inc_loss_probes(packet::Epoch::Initial);
10789
10790        let initial_path = pipe
10791            .server
10792            .paths
10793            .get_active_mut()
10794            .expect("initial path not found");
10795
10796        // Artificially limit the amount of bytes the server can send.
10797        initial_path.max_send_bytes = 60;
10798
10799        assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
10800    }
10801
10802    #[rstest]
10803    fn flow_control_limit(
10804        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10805    ) {
10806        let mut buf = [0; 65535];
10807
10808        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10809        assert_eq!(pipe.handshake(), Ok(()));
10810
10811        let frames = [
10812            frame::Frame::Stream {
10813                stream_id: 0,
10814                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
10815            },
10816            frame::Frame::Stream {
10817                stream_id: 4,
10818                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
10819            },
10820            frame::Frame::Stream {
10821                stream_id: 8,
10822                data: <RangeBuf>::from(b"a", 0, false),
10823            },
10824        ];
10825
10826        let pkt_type = packet::Type::Short;
10827        assert_eq!(
10828            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10829            Err(Error::FlowControl),
10830        );
10831    }
10832
10833    #[rstest]
10834    fn flow_control_limit_dup(
10835        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10836    ) {
10837        let mut buf = [0; 65535];
10838
10839        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10840        assert_eq!(pipe.handshake(), Ok(()));
10841
10842        let frames = [
10843            // One byte less than stream limit.
10844            frame::Frame::Stream {
10845                stream_id: 0,
10846                data: <RangeBuf>::from(b"aaaaaaaaaaaaaa", 0, false),
10847            },
10848            // Same stream, but one byte more.
10849            frame::Frame::Stream {
10850                stream_id: 0,
10851                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
10852            },
10853            frame::Frame::Stream {
10854                stream_id: 8,
10855                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
10856            },
10857        ];
10858
10859        let pkt_type = packet::Type::Short;
10860        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
10861    }
10862
10863    #[rstest]
10864    fn flow_control_update(
10865        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10866    ) {
10867        let mut buf = [0; 65535];
10868
10869        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10870        assert_eq!(pipe.handshake(), Ok(()));
10871
10872        let frames = [
10873            frame::Frame::Stream {
10874                stream_id: 0,
10875                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
10876            },
10877            frame::Frame::Stream {
10878                stream_id: 4,
10879                data: <RangeBuf>::from(b"a", 0, false),
10880            },
10881        ];
10882
10883        let pkt_type = packet::Type::Short;
10884
10885        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
10886
10887        pipe.server.stream_recv(0, &mut buf).unwrap();
10888        pipe.server.stream_recv(4, &mut buf).unwrap();
10889
10890        let frames = [frame::Frame::Stream {
10891            stream_id: 4,
10892            data: <RangeBuf>::from(b"a", 1, false),
10893        }];
10894
10895        let len = pipe
10896            .send_pkt_to_server(pkt_type, &frames, &mut buf)
10897            .unwrap();
10898
10899        assert!(len > 0);
10900
10901        let frames =
10902            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
10903        let mut iter = frames.iter();
10904
10905        // Ignore ACK.
10906        iter.next().unwrap();
10907
10908        assert_eq!(
10909            iter.next(),
10910            Some(&frame::Frame::MaxStreamData {
10911                stream_id: 0,
10912                max: 30
10913            })
10914        );
10915        assert_eq!(iter.next(), Some(&frame::Frame::MaxData { max: 61 }));
10916    }
10917
10918    #[rstest]
10919    /// Tests that flow control is properly updated even when a stream is shut
10920    /// down.
10921    fn flow_control_drain(
10922        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10923    ) {
10924        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10925        assert_eq!(pipe.handshake(), Ok(()));
10926
10927        // Client opens a stream and sends some data.
10928        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
10929        assert_eq!(pipe.advance(), Ok(()));
10930
10931        // Server receives data, without reading it.
10932        let mut r = pipe.server.readable();
10933        assert_eq!(r.next(), Some(4));
10934        assert_eq!(r.next(), None);
10935
10936        // In the meantime, client sends more data.
10937        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
10938        assert_eq!(pipe.client.stream_send(4, b"aaaaa", true), Ok(5));
10939
10940        assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
10941        assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
10942        assert_eq!(pipe.client.stream_send(8, b"aaaaa", true), Ok(5));
10943
10944        // Server shuts down one stream.
10945        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
10946
10947        let mut r = pipe.server.readable();
10948        assert_eq!(r.next(), None);
10949
10950        // Flush connection.
10951        assert_eq!(pipe.advance(), Ok(()));
10952    }
10953
10954    #[rstest]
10955    fn stream_flow_control_limit_bidi(
10956        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10957    ) {
10958        let mut buf = [0; 65535];
10959
10960        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10961        assert_eq!(pipe.handshake(), Ok(()));
10962
10963        let frames = [frame::Frame::Stream {
10964            stream_id: 4,
10965            data: <RangeBuf>::from(b"aaaaaaaaaaaaaaaa", 0, true),
10966        }];
10967
10968        let pkt_type = packet::Type::Short;
10969        assert_eq!(
10970            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10971            Err(Error::FlowControl),
10972        );
10973    }
10974
10975    #[rstest]
10976    fn stream_flow_control_limit_uni(
10977        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10978    ) {
10979        let mut buf = [0; 65535];
10980
10981        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
10982        assert_eq!(pipe.handshake(), Ok(()));
10983
10984        let frames = [frame::Frame::Stream {
10985            stream_id: 2,
10986            data: <RangeBuf>::from(b"aaaaaaaaaaa", 0, true),
10987        }];
10988
10989        let pkt_type = packet::Type::Short;
10990        assert_eq!(
10991            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
10992            Err(Error::FlowControl),
10993        );
10994    }
10995
10996    #[rstest]
10997    fn stream_flow_control_update(
10998        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
10999    ) {
11000        let mut buf = [0; 65535];
11001
11002        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11003        assert_eq!(pipe.handshake(), Ok(()));
11004
11005        let frames = [frame::Frame::Stream {
11006            stream_id: 4,
11007            data: <RangeBuf>::from(b"aaaaaaaaa", 0, false),
11008        }];
11009
11010        let pkt_type = packet::Type::Short;
11011
11012        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11013
11014        pipe.server.stream_recv(4, &mut buf).unwrap();
11015
11016        let frames = [frame::Frame::Stream {
11017            stream_id: 4,
11018            data: <RangeBuf>::from(b"a", 9, false),
11019        }];
11020
11021        let len = pipe
11022            .send_pkt_to_server(pkt_type, &frames, &mut buf)
11023            .unwrap();
11024
11025        assert!(len > 0);
11026
11027        let frames =
11028            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
11029        let mut iter = frames.iter();
11030
11031        // Ignore ACK.
11032        iter.next().unwrap();
11033
11034        assert_eq!(
11035            iter.next(),
11036            Some(&frame::Frame::MaxStreamData {
11037                stream_id: 4,
11038                max: 24,
11039            })
11040        );
11041    }
11042
11043    #[rstest]
11044    fn stream_left_bidi(
11045        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11046    ) {
11047        let mut buf = [0; 65535];
11048
11049        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11050        assert_eq!(pipe.handshake(), Ok(()));
11051
11052        assert_eq!(3, pipe.client.peer_streams_left_bidi());
11053        assert_eq!(3, pipe.server.peer_streams_left_bidi());
11054
11055        pipe.server.stream_send(1, b"a", false).ok();
11056        assert_eq!(2, pipe.server.peer_streams_left_bidi());
11057        pipe.server.stream_send(5, b"a", false).ok();
11058        assert_eq!(1, pipe.server.peer_streams_left_bidi());
11059
11060        pipe.server.stream_send(9, b"a", false).ok();
11061        assert_eq!(0, pipe.server.peer_streams_left_bidi());
11062
11063        let frames = [frame::Frame::MaxStreamsBidi { max: MAX_STREAM_ID }];
11064
11065        let pkt_type = packet::Type::Short;
11066        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11067
11068        assert_eq!(MAX_STREAM_ID - 3, pipe.server.peer_streams_left_bidi());
11069    }
11070
11071    #[rstest]
11072    fn stream_left_uni(
11073        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11074    ) {
11075        let mut buf = [0; 65535];
11076
11077        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11078        assert_eq!(pipe.handshake(), Ok(()));
11079
11080        assert_eq!(3, pipe.client.peer_streams_left_uni());
11081        assert_eq!(3, pipe.server.peer_streams_left_uni());
11082
11083        pipe.server.stream_send(3, b"a", false).ok();
11084        assert_eq!(2, pipe.server.peer_streams_left_uni());
11085        pipe.server.stream_send(7, b"a", false).ok();
11086        assert_eq!(1, pipe.server.peer_streams_left_uni());
11087
11088        pipe.server.stream_send(11, b"a", false).ok();
11089        assert_eq!(0, pipe.server.peer_streams_left_uni());
11090
11091        let frames = [frame::Frame::MaxStreamsUni { max: MAX_STREAM_ID }];
11092
11093        let pkt_type = packet::Type::Short;
11094        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11095
11096        assert_eq!(MAX_STREAM_ID - 3, pipe.server.peer_streams_left_uni());
11097    }
11098
11099    #[rstest]
11100    fn stream_limit_bidi(
11101        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11102    ) {
11103        let mut buf = [0; 65535];
11104
11105        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11106        assert_eq!(pipe.handshake(), Ok(()));
11107
11108        let frames = [
11109            frame::Frame::Stream {
11110                stream_id: 4,
11111                data: <RangeBuf>::from(b"a", 0, false),
11112            },
11113            frame::Frame::Stream {
11114                stream_id: 8,
11115                data: <RangeBuf>::from(b"a", 0, false),
11116            },
11117            frame::Frame::Stream {
11118                stream_id: 12,
11119                data: <RangeBuf>::from(b"a", 0, false),
11120            },
11121            frame::Frame::Stream {
11122                stream_id: 16,
11123                data: <RangeBuf>::from(b"a", 0, false),
11124            },
11125            frame::Frame::Stream {
11126                stream_id: 20,
11127                data: <RangeBuf>::from(b"a", 0, false),
11128            },
11129            frame::Frame::Stream {
11130                stream_id: 24,
11131                data: <RangeBuf>::from(b"a", 0, false),
11132            },
11133            frame::Frame::Stream {
11134                stream_id: 28,
11135                data: <RangeBuf>::from(b"a", 0, false),
11136            },
11137        ];
11138
11139        let pkt_type = packet::Type::Short;
11140        assert_eq!(
11141            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11142            Err(Error::StreamLimit),
11143        );
11144    }
11145
11146    #[rstest]
11147    fn stream_limit_max_bidi(
11148        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11149    ) {
11150        let mut buf = [0; 65535];
11151
11152        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11153        assert_eq!(pipe.handshake(), Ok(()));
11154
11155        let frames = [frame::Frame::MaxStreamsBidi { max: MAX_STREAM_ID }];
11156
11157        let pkt_type = packet::Type::Short;
11158        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11159
11160        let frames = [frame::Frame::MaxStreamsBidi {
11161            max: MAX_STREAM_ID + 1,
11162        }];
11163
11164        let pkt_type = packet::Type::Short;
11165        assert_eq!(
11166            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11167            Err(Error::InvalidFrame),
11168        );
11169    }
11170
11171    #[rstest]
11172    fn stream_limit_uni(
11173        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11174    ) {
11175        let mut buf = [0; 65535];
11176
11177        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11178        assert_eq!(pipe.handshake(), Ok(()));
11179
11180        let frames = [
11181            frame::Frame::Stream {
11182                stream_id: 2,
11183                data: <RangeBuf>::from(b"a", 0, false),
11184            },
11185            frame::Frame::Stream {
11186                stream_id: 6,
11187                data: <RangeBuf>::from(b"a", 0, false),
11188            },
11189            frame::Frame::Stream {
11190                stream_id: 10,
11191                data: <RangeBuf>::from(b"a", 0, false),
11192            },
11193            frame::Frame::Stream {
11194                stream_id: 14,
11195                data: <RangeBuf>::from(b"a", 0, false),
11196            },
11197            frame::Frame::Stream {
11198                stream_id: 18,
11199                data: <RangeBuf>::from(b"a", 0, false),
11200            },
11201            frame::Frame::Stream {
11202                stream_id: 22,
11203                data: <RangeBuf>::from(b"a", 0, false),
11204            },
11205            frame::Frame::Stream {
11206                stream_id: 26,
11207                data: <RangeBuf>::from(b"a", 0, false),
11208            },
11209        ];
11210
11211        let pkt_type = packet::Type::Short;
11212        assert_eq!(
11213            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11214            Err(Error::StreamLimit),
11215        );
11216    }
11217
11218    #[rstest]
11219    fn stream_limit_max_uni(
11220        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11221    ) {
11222        let mut buf = [0; 65535];
11223
11224        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11225        assert_eq!(pipe.handshake(), Ok(()));
11226
11227        let frames = [frame::Frame::MaxStreamsUni { max: MAX_STREAM_ID }];
11228
11229        let pkt_type = packet::Type::Short;
11230        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11231
11232        let frames = [frame::Frame::MaxStreamsUni {
11233            max: MAX_STREAM_ID + 1,
11234        }];
11235
11236        let pkt_type = packet::Type::Short;
11237        assert_eq!(
11238            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11239            Err(Error::InvalidFrame),
11240        );
11241    }
11242
11243    #[rstest]
11244    fn stream_left_reset_bidi(
11245        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11246    ) {
11247        let mut buf = [0; 65535];
11248
11249        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11250        assert_eq!(pipe.handshake(), Ok(()));
11251
11252        assert_eq!(3, pipe.client.peer_streams_left_bidi());
11253        assert_eq!(3, pipe.server.peer_streams_left_bidi());
11254
11255        pipe.client.stream_send(0, b"a", false).ok();
11256        assert_eq!(2, pipe.client.peer_streams_left_bidi());
11257        pipe.client.stream_send(4, b"a", false).ok();
11258        assert_eq!(1, pipe.client.peer_streams_left_bidi());
11259        pipe.client.stream_send(8, b"a", false).ok();
11260        assert_eq!(0, pipe.client.peer_streams_left_bidi());
11261
11262        // Client resets the stream.
11263        pipe.client
11264            .stream_shutdown(0, Shutdown::Write, 1001)
11265            .unwrap();
11266        pipe.advance().unwrap();
11267
11268        assert_eq!(0, pipe.client.peer_streams_left_bidi());
11269        let mut r = pipe.server.readable();
11270        assert_eq!(Some(0), r.next());
11271        assert_eq!(Some(4), r.next());
11272        assert_eq!(Some(8), r.next());
11273        assert_eq!(None, r.next());
11274
11275        assert_eq!(
11276            pipe.server.stream_recv(0, &mut buf),
11277            Err(Error::StreamReset(1001))
11278        );
11279
11280        let mut r = pipe.server.readable();
11281        assert_eq!(Some(4), r.next());
11282        assert_eq!(Some(8), r.next());
11283        assert_eq!(None, r.next());
11284
11285        // Server resets the stream in reaction.
11286        pipe.server
11287            .stream_shutdown(0, Shutdown::Write, 1001)
11288            .unwrap();
11289        pipe.advance().unwrap();
11290
11291        assert_eq!(1, pipe.client.peer_streams_left_bidi());
11292
11293        // Repeat for the other 2 streams
11294        pipe.client
11295            .stream_shutdown(4, Shutdown::Write, 1001)
11296            .unwrap();
11297        pipe.client
11298            .stream_shutdown(8, Shutdown::Write, 1001)
11299            .unwrap();
11300        pipe.advance().unwrap();
11301
11302        let mut r = pipe.server.readable();
11303        assert_eq!(Some(4), r.next());
11304        assert_eq!(Some(8), r.next());
11305        assert_eq!(None, r.next());
11306
11307        assert_eq!(
11308            pipe.server.stream_recv(4, &mut buf),
11309            Err(Error::StreamReset(1001))
11310        );
11311
11312        assert_eq!(
11313            pipe.server.stream_recv(8, &mut buf),
11314            Err(Error::StreamReset(1001))
11315        );
11316
11317        let mut r = pipe.server.readable();
11318        assert_eq!(None, r.next());
11319
11320        pipe.server
11321            .stream_shutdown(4, Shutdown::Write, 1001)
11322            .unwrap();
11323        pipe.server
11324            .stream_shutdown(8, Shutdown::Write, 1001)
11325            .unwrap();
11326        pipe.advance().unwrap();
11327
11328        assert_eq!(3, pipe.client.peer_streams_left_bidi());
11329    }
11330
11331    #[rstest]
11332    fn stream_reset_counts(
11333        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11334    ) {
11335        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11336        assert_eq!(pipe.handshake(), Ok(()));
11337
11338        pipe.client.stream_send(0, b"a", false).ok();
11339        pipe.client.stream_send(2, b"a", false).ok();
11340        pipe.client.stream_send(4, b"a", false).ok();
11341        pipe.client.stream_send(8, b"a", false).ok();
11342        pipe.advance().unwrap();
11343
11344        let stats = pipe.client.stats();
11345        assert_eq!(stats.reset_stream_count_local, 0);
11346
11347        // Client resets the stream.
11348        pipe.client
11349            .stream_shutdown(0, Shutdown::Write, 1001)
11350            .unwrap();
11351        pipe.advance().unwrap();
11352
11353        let stats = pipe.client.stats();
11354        assert_eq!(stats.reset_stream_count_local, 1);
11355        assert_eq!(stats.reset_stream_count_remote, 0);
11356        let stats = pipe.server.stats();
11357        assert_eq!(stats.reset_stream_count_local, 0);
11358        assert_eq!(stats.reset_stream_count_remote, 1);
11359
11360        // Server resets the stream in reaction.
11361        pipe.server
11362            .stream_shutdown(0, Shutdown::Write, 1001)
11363            .unwrap();
11364        pipe.advance().unwrap();
11365
11366        let stats = pipe.client.stats();
11367        assert_eq!(stats.reset_stream_count_local, 1);
11368        assert_eq!(stats.reset_stream_count_remote, 1);
11369        let stats = pipe.server.stats();
11370        assert_eq!(stats.reset_stream_count_local, 1);
11371        assert_eq!(stats.reset_stream_count_remote, 1);
11372
11373        // Repeat for the other streams
11374        pipe.client
11375            .stream_shutdown(2, Shutdown::Write, 1001)
11376            .unwrap();
11377        pipe.client
11378            .stream_shutdown(4, Shutdown::Write, 1001)
11379            .unwrap();
11380        pipe.client
11381            .stream_shutdown(8, Shutdown::Write, 1001)
11382            .unwrap();
11383        pipe.advance().unwrap();
11384
11385        pipe.server
11386            .stream_shutdown(4, Shutdown::Write, 1001)
11387            .unwrap();
11388        pipe.server
11389            .stream_shutdown(8, Shutdown::Write, 1001)
11390            .unwrap();
11391        pipe.advance().unwrap();
11392
11393        let stats = pipe.client.stats();
11394        assert_eq!(stats.reset_stream_count_local, 4);
11395        assert_eq!(stats.reset_stream_count_remote, 3);
11396        let stats = pipe.server.stats();
11397        assert_eq!(stats.reset_stream_count_local, 3);
11398        assert_eq!(stats.reset_stream_count_remote, 4);
11399    }
11400
11401    #[rstest]
11402    fn stream_stop_counts(
11403        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11404    ) {
11405        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11406        assert_eq!(pipe.handshake(), Ok(()));
11407
11408        pipe.client.stream_send(0, b"a", false).ok();
11409        pipe.client.stream_send(2, b"a", false).ok();
11410        pipe.client.stream_send(4, b"a", false).ok();
11411        pipe.client.stream_send(8, b"a", false).ok();
11412        pipe.advance().unwrap();
11413
11414        let stats = pipe.client.stats();
11415        assert_eq!(stats.reset_stream_count_local, 0);
11416
11417        // Server stops the stream and client automatically resets.
11418        pipe.server
11419            .stream_shutdown(0, Shutdown::Read, 1001)
11420            .unwrap();
11421        pipe.advance().unwrap();
11422
11423        let stats = pipe.client.stats();
11424        assert_eq!(stats.stopped_stream_count_local, 0);
11425        assert_eq!(stats.stopped_stream_count_remote, 1);
11426        assert_eq!(stats.reset_stream_count_local, 1);
11427        assert_eq!(stats.reset_stream_count_remote, 0);
11428
11429        let stats = pipe.server.stats();
11430        assert_eq!(stats.stopped_stream_count_local, 1);
11431        assert_eq!(stats.stopped_stream_count_remote, 0);
11432        assert_eq!(stats.reset_stream_count_local, 0);
11433        assert_eq!(stats.reset_stream_count_remote, 1);
11434
11435        // Repeat for the other streams
11436        pipe.server
11437            .stream_shutdown(2, Shutdown::Read, 1001)
11438            .unwrap();
11439        pipe.server
11440            .stream_shutdown(4, Shutdown::Read, 1001)
11441            .unwrap();
11442        pipe.server
11443            .stream_shutdown(8, Shutdown::Read, 1001)
11444            .unwrap();
11445        pipe.advance().unwrap();
11446
11447        let stats = pipe.client.stats();
11448        assert_eq!(stats.stopped_stream_count_local, 0);
11449        assert_eq!(stats.stopped_stream_count_remote, 4);
11450        assert_eq!(stats.reset_stream_count_local, 4);
11451        assert_eq!(stats.reset_stream_count_remote, 0);
11452
11453        let stats = pipe.server.stats();
11454        assert_eq!(stats.stopped_stream_count_local, 4);
11455        assert_eq!(stats.stopped_stream_count_remote, 0);
11456        assert_eq!(stats.reset_stream_count_local, 0);
11457        assert_eq!(stats.reset_stream_count_remote, 4);
11458    }
11459
11460    #[rstest]
11461    fn streams_blocked_max_bidi(
11462        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11463    ) {
11464        let mut buf = [0; 65535];
11465
11466        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11467        assert_eq!(pipe.handshake(), Ok(()));
11468
11469        let frames = [frame::Frame::StreamsBlockedBidi {
11470            limit: MAX_STREAM_ID,
11471        }];
11472
11473        let pkt_type = packet::Type::Short;
11474        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11475
11476        let frames = [frame::Frame::StreamsBlockedBidi {
11477            limit: MAX_STREAM_ID + 1,
11478        }];
11479
11480        let pkt_type = packet::Type::Short;
11481        assert_eq!(
11482            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11483            Err(Error::InvalidFrame),
11484        );
11485    }
11486
11487    #[rstest]
11488    fn streams_blocked_max_uni(
11489        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11490    ) {
11491        let mut buf = [0; 65535];
11492
11493        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11494        assert_eq!(pipe.handshake(), Ok(()));
11495
11496        let frames = [frame::Frame::StreamsBlockedUni {
11497            limit: MAX_STREAM_ID,
11498        }];
11499
11500        let pkt_type = packet::Type::Short;
11501        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11502
11503        let frames = [frame::Frame::StreamsBlockedUni {
11504            limit: MAX_STREAM_ID + 1,
11505        }];
11506
11507        let pkt_type = packet::Type::Short;
11508        assert_eq!(
11509            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11510            Err(Error::InvalidFrame),
11511        );
11512    }
11513
11514    #[rstest]
11515    fn stream_data_overlap(
11516        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11517    ) {
11518        let mut buf = [0; 65535];
11519
11520        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11521        assert_eq!(pipe.handshake(), Ok(()));
11522
11523        let frames = [
11524            frame::Frame::Stream {
11525                stream_id: 0,
11526                data: <RangeBuf>::from(b"aaaaa", 0, false),
11527            },
11528            frame::Frame::Stream {
11529                stream_id: 0,
11530                data: <RangeBuf>::from(b"bbbbb", 3, false),
11531            },
11532            frame::Frame::Stream {
11533                stream_id: 0,
11534                data: <RangeBuf>::from(b"ccccc", 6, false),
11535            },
11536        ];
11537
11538        let pkt_type = packet::Type::Short;
11539        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11540
11541        let mut b = [0; 15];
11542        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((11, false)));
11543        assert_eq!(&b[..11], b"aaaaabbbccc");
11544    }
11545
11546    #[rstest]
11547    fn stream_data_overlap_with_reordering(
11548        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11549    ) {
11550        let mut buf = [0; 65535];
11551
11552        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11553        assert_eq!(pipe.handshake(), Ok(()));
11554
11555        let frames = [
11556            frame::Frame::Stream {
11557                stream_id: 0,
11558                data: <RangeBuf>::from(b"aaaaa", 0, false),
11559            },
11560            frame::Frame::Stream {
11561                stream_id: 0,
11562                data: <RangeBuf>::from(b"ccccc", 6, false),
11563            },
11564            frame::Frame::Stream {
11565                stream_id: 0,
11566                data: <RangeBuf>::from(b"bbbbb", 3, false),
11567            },
11568        ];
11569
11570        let pkt_type = packet::Type::Short;
11571        assert!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf).is_ok());
11572
11573        let mut b = [0; 15];
11574        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((11, false)));
11575        assert_eq!(&b[..11], b"aaaaabccccc");
11576    }
11577
11578    #[rstest]
11579    /// Tests that receiving a valid RESET_STREAM frame when all data has
11580    /// already been read, notifies the application.
11581    fn reset_stream_data_recvd(
11582        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11583    ) {
11584        let mut b = [0; 15];
11585        let mut buf = [0; 65535];
11586
11587        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11588        assert_eq!(pipe.handshake(), Ok(()));
11589
11590        // Client sends some data.
11591        assert_eq!(pipe.client.stream_send(0, b"hello", false), Ok(5));
11592        assert_eq!(pipe.advance(), Ok(()));
11593
11594        // Server gets data and sends data back, closing stream.
11595        let mut r = pipe.server.readable();
11596        assert_eq!(r.next(), Some(0));
11597        assert_eq!(r.next(), None);
11598
11599        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((5, false)));
11600        assert!(!pipe.server.stream_finished(0));
11601
11602        let mut r = pipe.server.readable();
11603        assert_eq!(r.next(), None);
11604
11605        assert_eq!(pipe.server.stream_send(0, b"", true), Ok(0));
11606        assert_eq!(pipe.advance(), Ok(()));
11607
11608        let mut r = pipe.client.readable();
11609        assert_eq!(r.next(), Some(0));
11610        assert_eq!(r.next(), None);
11611
11612        assert_eq!(pipe.client.stream_recv(0, &mut b), Ok((0, true)));
11613        assert!(pipe.client.stream_finished(0));
11614
11615        // Client sends RESET_STREAM, closing stream.
11616        let frames = [frame::Frame::ResetStream {
11617            stream_id: 0,
11618            error_code: 42,
11619            final_size: 5,
11620        }];
11621
11622        let pkt_type = packet::Type::Short;
11623        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
11624
11625        // Server is notified of stream readability, due to reset.
11626        let mut r = pipe.server.readable();
11627        assert_eq!(r.next(), Some(0));
11628        assert_eq!(r.next(), None);
11629
11630        assert_eq!(
11631            pipe.server.stream_recv(0, &mut b),
11632            Err(Error::StreamReset(42))
11633        );
11634
11635        assert!(pipe.server.stream_finished(0));
11636
11637        // Sending RESET_STREAM again shouldn't make stream readable again.
11638        pipe.send_pkt_to_server(pkt_type, &frames, &mut buf)
11639            .unwrap();
11640
11641        let mut r = pipe.server.readable();
11642        assert_eq!(r.next(), None);
11643    }
11644
11645    #[rstest]
11646    /// Tests that receiving a valid RESET_STREAM frame when all data has _not_
11647    /// been read, discards all buffered data and notifies the application.
11648    fn reset_stream_data_not_recvd(
11649        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11650    ) {
11651        let mut b = [0; 15];
11652        let mut buf = [0; 65535];
11653
11654        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11655        assert_eq!(pipe.handshake(), Ok(()));
11656
11657        // Client sends some data.
11658        assert_eq!(pipe.client.stream_send(0, b"h", false), Ok(1));
11659        assert_eq!(pipe.advance(), Ok(()));
11660
11661        // Server gets data and sends data back, closing stream.
11662        let mut r = pipe.server.readable();
11663        assert_eq!(r.next(), Some(0));
11664        assert_eq!(r.next(), None);
11665
11666        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((1, false)));
11667        assert!(!pipe.server.stream_finished(0));
11668
11669        let mut r = pipe.server.readable();
11670        assert_eq!(r.next(), None);
11671
11672        assert_eq!(pipe.server.stream_send(0, b"", true), Ok(0));
11673        assert_eq!(pipe.advance(), Ok(()));
11674
11675        let mut r = pipe.client.readable();
11676        assert_eq!(r.next(), Some(0));
11677        assert_eq!(r.next(), None);
11678
11679        assert_eq!(pipe.client.stream_recv(0, &mut b), Ok((0, true)));
11680        assert!(pipe.client.stream_finished(0));
11681
11682        // Client sends RESET_STREAM, closing stream.
11683        let frames = [frame::Frame::ResetStream {
11684            stream_id: 0,
11685            error_code: 42,
11686            final_size: 5,
11687        }];
11688
11689        let pkt_type = packet::Type::Short;
11690        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
11691
11692        // Server is notified of stream readability, due to reset.
11693        let mut r = pipe.server.readable();
11694        assert_eq!(r.next(), Some(0));
11695        assert_eq!(r.next(), None);
11696
11697        assert_eq!(
11698            pipe.server.stream_recv(0, &mut b),
11699            Err(Error::StreamReset(42))
11700        );
11701
11702        assert!(pipe.server.stream_finished(0));
11703
11704        // Sending RESET_STREAM again shouldn't make stream readable again.
11705        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
11706
11707        let mut r = pipe.server.readable();
11708        assert_eq!(r.next(), None);
11709    }
11710
11711    #[rstest]
11712    /// Tests that RESET_STREAM frames exceeding the connection-level flow
11713    /// control limit cause an error.
11714    fn reset_stream_flow_control(
11715        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11716    ) {
11717        let mut buf = [0; 65535];
11718
11719        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11720        assert_eq!(pipe.handshake(), Ok(()));
11721
11722        let frames = [
11723            frame::Frame::Stream {
11724                stream_id: 0,
11725                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
11726            },
11727            frame::Frame::Stream {
11728                stream_id: 4,
11729                data: <RangeBuf>::from(b"a", 0, false),
11730            },
11731            frame::Frame::ResetStream {
11732                stream_id: 4,
11733                error_code: 0,
11734                final_size: 15,
11735            },
11736            frame::Frame::Stream {
11737                stream_id: 8,
11738                data: <RangeBuf>::from(b"a", 0, false),
11739            },
11740        ];
11741
11742        let pkt_type = packet::Type::Short;
11743        assert_eq!(
11744            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11745            Err(Error::FlowControl),
11746        );
11747    }
11748
11749    #[rstest]
11750    /// Tests that RESET_STREAM frames exceeding the stream-level flow control
11751    /// limit cause an error.
11752    fn reset_stream_flow_control_stream(
11753        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11754    ) {
11755        let mut buf = [0; 65535];
11756
11757        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11758        assert_eq!(pipe.handshake(), Ok(()));
11759
11760        let frames = [
11761            frame::Frame::Stream {
11762                stream_id: 4,
11763                data: <RangeBuf>::from(b"a", 0, false),
11764            },
11765            frame::Frame::ResetStream {
11766                stream_id: 4,
11767                error_code: 0,
11768                final_size: 16, // Past stream's flow control limit.
11769            },
11770        ];
11771
11772        let pkt_type = packet::Type::Short;
11773        assert_eq!(
11774            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf),
11775            Err(Error::FlowControl),
11776        );
11777    }
11778
11779    #[rstest]
11780    fn path_challenge(
11781        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11782    ) {
11783        let mut buf = [0; 65535];
11784
11785        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11786        assert_eq!(pipe.handshake(), Ok(()));
11787
11788        let frames = [frame::Frame::PathChallenge { data: [0xba; 8] }];
11789
11790        let pkt_type = packet::Type::Short;
11791
11792        let len = pipe
11793            .send_pkt_to_server(pkt_type, &frames, &mut buf)
11794            .unwrap();
11795
11796        assert!(len > 0);
11797
11798        let frames =
11799            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
11800        let mut iter = frames.iter();
11801
11802        // Ignore ACK.
11803        iter.next().unwrap();
11804
11805        assert_eq!(
11806            iter.next(),
11807            Some(&frame::Frame::PathResponse { data: [0xba; 8] })
11808        );
11809    }
11810
11811    #[cfg(not(feature = "openssl"))] // 0-RTT not supported when using openssl/quictls
11812    #[rstest]
11813    /// Simulates reception of an early 1-RTT packet on the server, by
11814    /// delaying the client's Handshake packet that completes the handshake.
11815    fn early_1rtt_packet(
11816        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11817    ) {
11818        let mut buf = [0; 65535];
11819
11820        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11821
11822        // Client sends initial flight
11823        let flight = testing::emit_flight(&mut pipe.client).unwrap();
11824        testing::process_flight(&mut pipe.server, flight).unwrap();
11825
11826        // Server sends initial flight.
11827        let flight = testing::emit_flight(&mut pipe.server).unwrap();
11828        testing::process_flight(&mut pipe.client, flight).unwrap();
11829
11830        // Client sends Handshake packet.
11831        let flight = testing::emit_flight(&mut pipe.client).unwrap();
11832
11833        // Emulate handshake packet delay by not making server process client
11834        // packet.
11835        let delayed = flight;
11836
11837        testing::emit_flight(&mut pipe.server).ok();
11838
11839        assert!(pipe.client.is_established());
11840
11841        // Send 1-RTT packet #0.
11842        let frames = [frame::Frame::Stream {
11843            stream_id: 0,
11844            data: <RangeBuf>::from(b"hello, world", 0, true),
11845        }];
11846
11847        let pkt_type = packet::Type::Short;
11848        let written =
11849            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
11850                .unwrap();
11851
11852        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
11853
11854        // Send 1-RTT packet #1.
11855        let frames = [frame::Frame::Stream {
11856            stream_id: 4,
11857            data: <RangeBuf>::from(b"hello, world", 0, true),
11858        }];
11859
11860        let written =
11861            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
11862                .unwrap();
11863
11864        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
11865
11866        assert!(!pipe.server.is_established());
11867
11868        // Client sent 1-RTT packets 0 and 1, but server hasn't received them.
11869        //
11870        // Note that `largest_rx_pkt_num` is initialized to 0, so we need to
11871        // send another 1-RTT packet to make this check meaningful.
11872        assert_eq!(
11873            pipe.server.pkt_num_spaces[packet::Epoch::Application]
11874                .largest_rx_pkt_num,
11875            0
11876        );
11877
11878        // Process delayed packet.
11879        testing::process_flight(&mut pipe.server, delayed).unwrap();
11880
11881        assert!(pipe.server.is_established());
11882
11883        assert_eq!(
11884            pipe.server.pkt_num_spaces[packet::Epoch::Application]
11885                .largest_rx_pkt_num,
11886            0
11887        );
11888    }
11889
11890    #[rstest]
11891    fn stop_sending(
11892        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
11893    ) {
11894        let mut b = [0; 15];
11895
11896        let mut buf = [0; 65535];
11897
11898        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
11899        assert_eq!(pipe.handshake(), Ok(()));
11900
11901        // Client sends some data, and closes stream.
11902        assert_eq!(pipe.client.stream_send(0, b"hello", true), Ok(5));
11903        assert_eq!(pipe.advance(), Ok(()));
11904
11905        // Server gets data.
11906        let mut r = pipe.server.readable();
11907        assert_eq!(r.next(), Some(0));
11908        assert_eq!(r.next(), None);
11909
11910        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((5, true)));
11911        assert!(pipe.server.stream_finished(0));
11912
11913        let mut r = pipe.server.readable();
11914        assert_eq!(r.next(), None);
11915
11916        // Server sends data, until blocked.
11917        let mut r = pipe.server.writable();
11918        assert_eq!(r.next(), Some(0));
11919        assert_eq!(r.next(), None);
11920
11921        while pipe.server.stream_send(0, b"world", false) != Err(Error::Done) {
11922            assert_eq!(pipe.advance(), Ok(()));
11923        }
11924
11925        let mut r = pipe.server.writable();
11926        assert_eq!(r.next(), None);
11927
11928        // Client sends STOP_SENDING.
11929        let frames = [frame::Frame::StopSending {
11930            stream_id: 0,
11931            error_code: 42,
11932        }];
11933
11934        let pkt_type = packet::Type::Short;
11935        let len = pipe
11936            .send_pkt_to_server(pkt_type, &frames, &mut buf)
11937            .unwrap();
11938
11939        // Server sent a RESET_STREAM frame in response.
11940        let frames =
11941            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
11942
11943        let mut iter = frames.iter();
11944
11945        // Skip ACK frame.
11946        iter.next();
11947
11948        assert_eq!(
11949            iter.next(),
11950            Some(&frame::Frame::ResetStream {
11951                stream_id: 0,
11952                error_code: 42,
11953                final_size: 15,
11954            })
11955        );
11956
11957        // Stream is writable, but writing returns an error.
11958        let mut r = pipe.server.writable();
11959        assert_eq!(r.next(), Some(0));
11960        assert_eq!(r.next(), None);
11961
11962        assert_eq!(
11963            pipe.server.stream_send(0, b"world", true),
11964            Err(Error::StreamStopped(42)),
11965        );
11966
11967        assert_eq!(pipe.server.streams.len(), 1);
11968
11969        // Client acks RESET_STREAM frame.
11970        let mut ranges = ranges::RangeSet::default();
11971        ranges.insert(pipe.server.next_pkt_num - 5..pipe.server.next_pkt_num);
11972
11973        let frames = [frame::Frame::ACK {
11974            ack_delay: 15,
11975            ranges,
11976            ecn_counts: None,
11977        }];
11978
11979        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(0));
11980
11981        // Stream is collected on the server after RESET_STREAM is acked.
11982        assert_eq!(pipe.server.streams.len(), 0);
11983
11984        // Sending STOP_SENDING again shouldn't trigger RESET_STREAM again.
11985        let frames = [frame::Frame::StopSending {
11986            stream_id: 0,
11987            error_code: 42,
11988        }];
11989
11990        let len = pipe
11991            .send_pkt_to_server(pkt_type, &frames, &mut buf)
11992            .unwrap();
11993
11994        let frames =
11995            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
11996
11997        assert_eq!(frames.len(), 1);
11998
11999        match frames.first() {
12000            Some(frame::Frame::ACK { .. }) => (),
12001
12002            f => panic!("expected ACK frame, got {:?}", f),
12003        };
12004
12005        let mut r = pipe.server.writable();
12006        assert_eq!(r.next(), None);
12007    }
12008
12009    #[rstest]
12010    fn stop_sending_fin(
12011        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12012    ) {
12013        let mut b = [0; 15];
12014
12015        let mut buf = [0; 65535];
12016
12017        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12018        assert_eq!(pipe.handshake(), Ok(()));
12019
12020        // Client sends some data, and closes stream.
12021        assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
12022        assert_eq!(pipe.advance(), Ok(()));
12023
12024        // Server gets data.
12025        let mut r = pipe.server.readable();
12026        assert_eq!(r.next(), Some(4));
12027        assert_eq!(r.next(), None);
12028
12029        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
12030        assert!(pipe.server.stream_finished(4));
12031
12032        let mut r = pipe.server.readable();
12033        assert_eq!(r.next(), None);
12034
12035        // Server sends data...
12036        let mut r = pipe.server.writable();
12037        assert_eq!(r.next(), Some(4));
12038        assert_eq!(r.next(), None);
12039
12040        assert_eq!(pipe.server.stream_send(4, b"world", false), Ok(5));
12041        assert_eq!(pipe.advance(), Ok(()));
12042
12043        // ...and buffers more, and closes stream.
12044        assert_eq!(pipe.server.stream_send(4, b"world", true), Ok(5));
12045
12046        // Client sends STOP_SENDING before server flushes stream.
12047        let frames = [frame::Frame::StopSending {
12048            stream_id: 4,
12049            error_code: 42,
12050        }];
12051
12052        let pkt_type = packet::Type::Short;
12053        let len = pipe
12054            .send_pkt_to_server(pkt_type, &frames, &mut buf)
12055            .unwrap();
12056
12057        // Server sent a RESET_STREAM frame in response.
12058        let frames =
12059            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
12060
12061        let mut iter = frames.iter();
12062
12063        // Skip ACK frame.
12064        iter.next();
12065
12066        assert_eq!(
12067            iter.next(),
12068            Some(&frame::Frame::ResetStream {
12069                stream_id: 4,
12070                error_code: 42,
12071                final_size: 5,
12072            })
12073        );
12074
12075        // No more frames are sent by the server.
12076        assert_eq!(iter.next(), None);
12077    }
12078
12079    #[rstest]
12080    /// Tests that resetting a stream restores flow control for unsent data.
12081    fn stop_sending_unsent_tx_cap(
12082        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12083    ) {
12084        let mut buf = [0; 65535];
12085
12086        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
12087        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
12088        config
12089            .load_cert_chain_from_pem_file("examples/cert.crt")
12090            .unwrap();
12091        config
12092            .load_priv_key_from_pem_file("examples/cert.key")
12093            .unwrap();
12094        config
12095            .set_application_protos(&[b"proto1", b"proto2"])
12096            .unwrap();
12097        config.set_initial_max_data(15);
12098        config.set_initial_max_stream_data_bidi_local(30);
12099        config.set_initial_max_stream_data_bidi_remote(30);
12100        config.set_initial_max_stream_data_uni(30);
12101        config.set_initial_max_streams_bidi(3);
12102        config.set_initial_max_streams_uni(0);
12103        config.verify_peer(false);
12104
12105        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
12106        assert_eq!(pipe.handshake(), Ok(()));
12107
12108        // Client sends some data.
12109        assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
12110        assert_eq!(pipe.advance(), Ok(()));
12111
12112        let mut r = pipe.server.readable();
12113        assert_eq!(r.next(), Some(4));
12114        assert_eq!(r.next(), None);
12115
12116        let mut b = [0; 15];
12117        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
12118
12119        // Server sends some data.
12120        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12121        assert_eq!(pipe.advance(), Ok(()));
12122
12123        // Server buffers some data, until send capacity limit reached.
12124        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12125        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12126        assert_eq!(
12127            pipe.server.stream_send(4, b"hello", false),
12128            Err(Error::Done)
12129        );
12130
12131        // Client sends STOP_SENDING.
12132        let frames = [frame::Frame::StopSending {
12133            stream_id: 4,
12134            error_code: 42,
12135        }];
12136
12137        let pkt_type = packet::Type::Short;
12138        pipe.send_pkt_to_server(pkt_type, &frames, &mut buf)
12139            .unwrap();
12140
12141        // Server can now send more data (on a different stream).
12142        assert_eq!(pipe.client.stream_send(8, b"hello", true), Ok(5));
12143        assert_eq!(pipe.advance(), Ok(()));
12144
12145        assert_eq!(pipe.server.stream_send(8, b"hello", false), Ok(5));
12146        assert_eq!(pipe.server.stream_send(8, b"hello", false), Ok(5));
12147        assert_eq!(
12148            pipe.server.stream_send(8, b"hello", false),
12149            Err(Error::Done)
12150        );
12151        assert_eq!(pipe.advance(), Ok(()));
12152    }
12153
12154    #[rstest]
12155    fn stream_shutdown_read(
12156        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12157    ) {
12158        let mut buf = [0; 65535];
12159
12160        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12161        assert_eq!(pipe.handshake(), Ok(()));
12162
12163        // Client sends some data.
12164        assert_eq!(pipe.client.stream_send(4, b"hello, world", false), Ok(12));
12165        assert_eq!(pipe.advance(), Ok(()));
12166
12167        let mut r = pipe.server.readable();
12168        assert_eq!(r.next(), Some(4));
12169        assert_eq!(r.next(), None);
12170
12171        assert_eq!(pipe.client.streams.len(), 1);
12172        assert_eq!(pipe.server.streams.len(), 1);
12173
12174        // Server shuts down stream.
12175        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
12176
12177        let mut r = pipe.server.readable();
12178        assert_eq!(r.next(), None);
12179
12180        let (len, _) = pipe.server.send(&mut buf).unwrap();
12181
12182        let mut dummy = buf[..len].to_vec();
12183
12184        let frames =
12185            testing::decode_pkt(&mut pipe.client, &mut dummy[..len]).unwrap();
12186        let mut iter = frames.iter();
12187
12188        assert_eq!(
12189            iter.next(),
12190            Some(&frame::Frame::StopSending {
12191                stream_id: 4,
12192                error_code: 42,
12193            })
12194        );
12195
12196        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
12197
12198        assert_eq!(pipe.advance(), Ok(()));
12199
12200        // Sending more data is forbidden.
12201        let mut r = pipe.client.writable();
12202        assert_eq!(r.next(), Some(4));
12203        assert_eq!(r.next(), None);
12204
12205        assert_eq!(
12206            pipe.client.stream_send(4, b"bye", false),
12207            Err(Error::StreamStopped(42))
12208        );
12209
12210        // Server sends some data, without reading the incoming data, and closes
12211        // the stream.
12212        assert_eq!(pipe.server.stream_send(4, b"hello, world", true), Ok(12));
12213        assert_eq!(pipe.advance(), Ok(()));
12214
12215        // Client reads the data.
12216        let mut r = pipe.client.readable();
12217        assert_eq!(r.next(), Some(4));
12218        assert_eq!(r.next(), None);
12219
12220        assert_eq!(pipe.client.stream_recv(4, &mut buf), Ok((12, true)));
12221
12222        // Stream is collected on both sides.
12223        assert_eq!(pipe.client.streams.len(), 0);
12224        assert_eq!(pipe.server.streams.len(), 0);
12225
12226        assert_eq!(
12227            pipe.server.stream_shutdown(4, Shutdown::Read, 0),
12228            Err(Error::Done)
12229        );
12230    }
12231
12232    #[rstest]
12233    fn stream_shutdown_read_after_fin(
12234        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12235    ) {
12236        let mut buf = [0; 65535];
12237
12238        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12239        assert_eq!(pipe.handshake(), Ok(()));
12240
12241        // Client sends some data.
12242        assert_eq!(pipe.client.stream_send(4, b"hello, world", true), Ok(12));
12243        assert_eq!(pipe.advance(), Ok(()));
12244
12245        let mut r = pipe.server.readable();
12246        assert_eq!(r.next(), Some(4));
12247        assert_eq!(r.next(), None);
12248
12249        assert_eq!(pipe.client.streams.len(), 1);
12250        assert_eq!(pipe.server.streams.len(), 1);
12251
12252        // Server shuts down stream.
12253        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 42), Ok(()));
12254
12255        let mut r = pipe.server.readable();
12256        assert_eq!(r.next(), None);
12257
12258        // Server has nothing to send.
12259        assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
12260
12261        assert_eq!(pipe.advance(), Ok(()));
12262
12263        // Server sends some data, without reading the incoming data, and closes
12264        // the stream.
12265        assert_eq!(pipe.server.stream_send(4, b"hello, world", true), Ok(12));
12266        assert_eq!(pipe.advance(), Ok(()));
12267
12268        // Client reads the data.
12269        let mut r = pipe.client.readable();
12270        assert_eq!(r.next(), Some(4));
12271        assert_eq!(r.next(), None);
12272
12273        assert_eq!(pipe.client.stream_recv(4, &mut buf), Ok((12, true)));
12274
12275        // Stream is collected on both sides.
12276        assert_eq!(pipe.client.streams.len(), 0);
12277        assert_eq!(pipe.server.streams.len(), 0);
12278
12279        assert_eq!(
12280            pipe.server.stream_shutdown(4, Shutdown::Read, 0),
12281            Err(Error::Done)
12282        );
12283    }
12284
12285    #[rstest]
12286    fn stream_shutdown_read_update_max_data(
12287        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12288    ) {
12289        let mut buf = [0; 65535];
12290
12291        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
12292        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
12293        config
12294            .load_cert_chain_from_pem_file("examples/cert.crt")
12295            .unwrap();
12296        config
12297            .load_priv_key_from_pem_file("examples/cert.key")
12298            .unwrap();
12299        config
12300            .set_application_protos(&[b"proto1", b"proto2"])
12301            .unwrap();
12302        config.set_initial_max_data(30);
12303        config.set_initial_max_stream_data_bidi_local(10000);
12304        config.set_initial_max_stream_data_bidi_remote(10000);
12305        config.set_initial_max_streams_bidi(10);
12306        config.verify_peer(false);
12307
12308        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
12309        assert_eq!(pipe.handshake(), Ok(()));
12310
12311        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
12312        assert_eq!(pipe.advance(), Ok(()));
12313
12314        assert_eq!(pipe.server.stream_recv(0, &mut buf), Ok((1, false)));
12315        assert_eq!(pipe.server.stream_shutdown(0, Shutdown::Read, 123), Ok(()));
12316
12317        assert_eq!(pipe.server.rx_data, 1);
12318        assert_eq!(pipe.client.tx_data, 1);
12319        assert_eq!(pipe.client.max_tx_data, 30);
12320
12321        assert_eq!(
12322            pipe.client
12323                .stream_send(0, &buf[..pipe.client.tx_cap], false),
12324            Ok(29)
12325        );
12326        assert_eq!(pipe.advance(), Ok(()));
12327
12328        assert!(!pipe.server.stream_readable(0)); // nothing can be consumed
12329
12330        // The client has increased its tx_data, and server has received it, so
12331        // it increases flow control accordingly.
12332        assert_eq!(pipe.client.tx_data, 30);
12333        assert_eq!(pipe.server.rx_data, 30);
12334        assert_eq!(pipe.client.tx_cap, 45);
12335    }
12336
12337    #[rstest]
12338    fn stream_shutdown_uni(
12339        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12340    ) {
12341        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12342        assert_eq!(pipe.handshake(), Ok(()));
12343
12344        // Exchange some data on uni streams.
12345        assert_eq!(pipe.client.stream_send(2, b"hello, world", false), Ok(10));
12346        assert_eq!(pipe.server.stream_send(3, b"hello, world", false), Ok(10));
12347        assert_eq!(pipe.advance(), Ok(()));
12348
12349        // Test local and remote shutdown.
12350        assert_eq!(pipe.client.stream_shutdown(2, Shutdown::Write, 42), Ok(()));
12351        assert_eq!(
12352            pipe.client.stream_shutdown(2, Shutdown::Read, 42),
12353            Err(Error::InvalidStreamState(2))
12354        );
12355
12356        assert_eq!(
12357            pipe.client.stream_shutdown(3, Shutdown::Write, 42),
12358            Err(Error::InvalidStreamState(3))
12359        );
12360        assert_eq!(pipe.client.stream_shutdown(3, Shutdown::Read, 42), Ok(()));
12361    }
12362
12363    #[rstest]
12364    fn stream_shutdown_write(
12365        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12366    ) {
12367        let mut buf = [0; 65535];
12368
12369        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12370        assert_eq!(pipe.handshake(), Ok(()));
12371
12372        // Client sends some data.
12373        assert_eq!(pipe.client.stream_send(4, b"hello, world", false), Ok(12));
12374        assert_eq!(pipe.advance(), Ok(()));
12375
12376        let mut r = pipe.server.readable();
12377        assert_eq!(r.next(), Some(4));
12378        assert_eq!(r.next(), None);
12379
12380        let mut r = pipe.server.writable();
12381        assert_eq!(r.next(), Some(4));
12382        assert_eq!(r.next(), None);
12383
12384        assert_eq!(pipe.client.streams.len(), 1);
12385        assert_eq!(pipe.server.streams.len(), 1);
12386
12387        // Server sends some data.
12388        assert_eq!(pipe.server.stream_send(4, b"goodbye, world", false), Ok(14));
12389        assert_eq!(pipe.advance(), Ok(()));
12390
12391        // Server shuts down stream.
12392        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Write, 42), Ok(()));
12393
12394        let mut r = pipe.server.writable();
12395        assert_eq!(r.next(), None);
12396
12397        let (len, _) = pipe.server.send(&mut buf).unwrap();
12398
12399        let mut dummy = buf[..len].to_vec();
12400
12401        let frames =
12402            testing::decode_pkt(&mut pipe.client, &mut dummy[..len]).unwrap();
12403        let mut iter = frames.iter();
12404
12405        assert_eq!(
12406            iter.next(),
12407            Some(&frame::Frame::ResetStream {
12408                stream_id: 4,
12409                error_code: 42,
12410                final_size: 14,
12411            })
12412        );
12413
12414        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
12415
12416        assert_eq!(pipe.advance(), Ok(()));
12417
12418        // Sending more data is forbidden.
12419        assert_eq!(
12420            pipe.server.stream_send(4, b"bye", false),
12421            Err(Error::FinalSize)
12422        );
12423
12424        // Client sends some data and closes the stream.
12425        assert_eq!(pipe.client.stream_send(4, b"bye", true), Ok(3));
12426        assert_eq!(pipe.advance(), Ok(()));
12427
12428        // Server reads the data.
12429        let mut r = pipe.server.readable();
12430        assert_eq!(r.next(), Some(4));
12431        assert_eq!(r.next(), None);
12432
12433        assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((15, true)));
12434
12435        // Client processes readable streams.
12436        let mut r = pipe.client.readable();
12437        assert_eq!(r.next(), Some(4));
12438        assert_eq!(r.next(), None);
12439
12440        assert_eq!(
12441            pipe.client.stream_recv(4, &mut buf),
12442            Err(Error::StreamReset(42))
12443        );
12444
12445        // Stream is collected on both sides.
12446        assert_eq!(pipe.client.streams.len(), 0);
12447        assert_eq!(pipe.server.streams.len(), 0);
12448
12449        assert_eq!(
12450            pipe.server.stream_shutdown(4, Shutdown::Write, 0),
12451            Err(Error::Done)
12452        );
12453    }
12454
12455    #[rstest]
12456    /// Tests that shutting down a stream restores flow control for unsent data.
12457    fn stream_shutdown_write_unsent_tx_cap(
12458        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12459    ) {
12460        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
12461        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
12462        config
12463            .load_cert_chain_from_pem_file("examples/cert.crt")
12464            .unwrap();
12465        config
12466            .load_priv_key_from_pem_file("examples/cert.key")
12467            .unwrap();
12468        config
12469            .set_application_protos(&[b"proto1", b"proto2"])
12470            .unwrap();
12471        config.set_initial_max_data(15);
12472        config.set_initial_max_stream_data_bidi_local(30);
12473        config.set_initial_max_stream_data_bidi_remote(30);
12474        config.set_initial_max_stream_data_uni(30);
12475        config.set_initial_max_streams_bidi(3);
12476        config.set_initial_max_streams_uni(0);
12477        config.verify_peer(false);
12478
12479        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
12480        assert_eq!(pipe.handshake(), Ok(()));
12481
12482        // Client sends some data.
12483        assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
12484        assert_eq!(pipe.advance(), Ok(()));
12485
12486        let mut r = pipe.server.readable();
12487        assert_eq!(r.next(), Some(4));
12488        assert_eq!(r.next(), None);
12489
12490        let mut b = [0; 15];
12491        assert_eq!(pipe.server.stream_recv(4, &mut b), Ok((5, true)));
12492
12493        // Server sends some data.
12494        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12495        assert_eq!(pipe.advance(), Ok(()));
12496
12497        // Server buffers some data, until send capacity limit reached.
12498        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12499        assert_eq!(pipe.server.stream_send(4, b"hello", false), Ok(5));
12500        assert_eq!(
12501            pipe.server.stream_send(4, b"hello", false),
12502            Err(Error::Done)
12503        );
12504
12505        // Client shouldn't update flow control.
12506        assert!(!pipe.client.should_update_max_data());
12507
12508        // Server shuts down stream.
12509        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Write, 42), Ok(()));
12510        assert_eq!(pipe.advance(), Ok(()));
12511
12512        // Server can now send more data (on a different stream).
12513        assert_eq!(pipe.client.stream_send(8, b"hello", true), Ok(5));
12514        assert_eq!(pipe.advance(), Ok(()));
12515
12516        assert_eq!(pipe.server.stream_send(8, b"hello", false), Ok(5));
12517        assert_eq!(pipe.server.stream_send(8, b"hello", false), Ok(5));
12518        assert_eq!(
12519            pipe.server.stream_send(8, b"hello", false),
12520            Err(Error::Done)
12521        );
12522        assert_eq!(pipe.advance(), Ok(()));
12523    }
12524
12525    #[rstest]
12526    /// Tests that the order of flushable streams scheduled on the wire is the
12527    /// same as the order of `stream_send()` calls done by the application.
12528    fn stream_round_robin(
12529        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12530    ) {
12531        let mut buf = [0; 65535];
12532
12533        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12534        assert_eq!(pipe.handshake(), Ok(()));
12535
12536        assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
12537        assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
12538        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
12539
12540        let (len, _) = pipe.client.send(&mut buf).unwrap();
12541
12542        let frames =
12543            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
12544
12545        let mut iter = frames.iter();
12546
12547        // Skip ACK frame.
12548        iter.next();
12549
12550        assert_eq!(
12551            iter.next(),
12552            Some(&frame::Frame::Stream {
12553                stream_id: 8,
12554                data: <RangeBuf>::from(b"aaaaa", 0, false),
12555            })
12556        );
12557
12558        let (len, _) = pipe.client.send(&mut buf).unwrap();
12559
12560        let frames =
12561            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
12562
12563        assert_eq!(
12564            frames.first(),
12565            Some(&frame::Frame::Stream {
12566                stream_id: 0,
12567                data: <RangeBuf>::from(b"aaaaa", 0, false),
12568            })
12569        );
12570
12571        let (len, _) = pipe.client.send(&mut buf).unwrap();
12572
12573        let frames =
12574            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
12575
12576        assert_eq!(
12577            frames.first(),
12578            Some(&frame::Frame::Stream {
12579                stream_id: 4,
12580                data: <RangeBuf>::from(b"aaaaa", 0, false),
12581            })
12582        );
12583    }
12584
12585    #[rstest]
12586    /// Tests the readable iterator.
12587    fn stream_readable(
12588        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12589    ) {
12590        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12591        assert_eq!(pipe.handshake(), Ok(()));
12592
12593        // No readable streams.
12594        let mut r = pipe.client.readable();
12595        assert_eq!(r.next(), None);
12596
12597        assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
12598
12599        let mut r = pipe.client.readable();
12600        assert_eq!(r.next(), None);
12601
12602        let mut r = pipe.server.readable();
12603        assert_eq!(r.next(), None);
12604
12605        assert_eq!(pipe.advance(), Ok(()));
12606
12607        // Server received stream.
12608        let mut r = pipe.server.readable();
12609        assert_eq!(r.next(), Some(0));
12610        assert_eq!(r.next(), None);
12611
12612        assert_eq!(
12613            pipe.server.stream_send(0, b"aaaaaaaaaaaaaaa", false),
12614            Ok(15)
12615        );
12616        assert_eq!(pipe.advance(), Ok(()));
12617
12618        let mut r = pipe.client.readable();
12619        assert_eq!(r.next(), Some(0));
12620        assert_eq!(r.next(), None);
12621
12622        // Client drains stream.
12623        let mut b = [0; 15];
12624        pipe.client.stream_recv(0, &mut b).unwrap();
12625        assert_eq!(pipe.advance(), Ok(()));
12626
12627        let mut r = pipe.client.readable();
12628        assert_eq!(r.next(), None);
12629
12630        // Server shuts down stream.
12631        let mut r = pipe.server.readable();
12632        assert_eq!(r.next(), Some(0));
12633        assert_eq!(r.next(), None);
12634
12635        assert_eq!(pipe.server.stream_shutdown(0, Shutdown::Read, 0), Ok(()));
12636
12637        let mut r = pipe.server.readable();
12638        assert_eq!(r.next(), None);
12639
12640        // Client creates multiple streams.
12641        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
12642        assert_eq!(pipe.advance(), Ok(()));
12643
12644        assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
12645        assert_eq!(pipe.advance(), Ok(()));
12646
12647        let mut r = pipe.server.readable();
12648        assert_eq!(r.len(), 2);
12649
12650        assert!(r.next().is_some());
12651        assert!(r.next().is_some());
12652        assert!(r.next().is_none());
12653
12654        assert_eq!(r.len(), 0);
12655    }
12656
12657    #[rstest]
12658    /// Tests the writable iterator.
12659    fn stream_writable(
12660        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12661    ) {
12662        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12663        assert_eq!(pipe.handshake(), Ok(()));
12664
12665        // No writable streams.
12666        let mut w = pipe.client.writable();
12667        assert_eq!(w.next(), None);
12668
12669        assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
12670
12671        // Client created stream.
12672        let mut w = pipe.client.writable();
12673        assert_eq!(w.next(), Some(0));
12674        assert_eq!(w.next(), None);
12675
12676        assert_eq!(pipe.advance(), Ok(()));
12677
12678        // Server created stream.
12679        let mut w = pipe.server.writable();
12680        assert_eq!(w.next(), Some(0));
12681        assert_eq!(w.next(), None);
12682
12683        assert_eq!(
12684            pipe.server.stream_send(0, b"aaaaaaaaaaaaaaa", false),
12685            Ok(15)
12686        );
12687
12688        // Server stream is full.
12689        let mut w = pipe.server.writable();
12690        assert_eq!(w.next(), None);
12691
12692        assert_eq!(pipe.advance(), Ok(()));
12693
12694        // Client drains stream.
12695        let mut b = [0; 15];
12696        pipe.client.stream_recv(0, &mut b).unwrap();
12697        assert_eq!(pipe.advance(), Ok(()));
12698
12699        // Server stream is writable again.
12700        let mut w = pipe.server.writable();
12701        assert_eq!(w.next(), Some(0));
12702        assert_eq!(w.next(), None);
12703
12704        // Server shuts down stream.
12705        assert_eq!(pipe.server.stream_shutdown(0, Shutdown::Write, 0), Ok(()));
12706
12707        let mut w = pipe.server.writable();
12708        assert_eq!(w.next(), None);
12709
12710        // Client creates multiple streams.
12711        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
12712        assert_eq!(pipe.advance(), Ok(()));
12713
12714        assert_eq!(pipe.client.stream_send(8, b"aaaaa", false), Ok(5));
12715        assert_eq!(pipe.advance(), Ok(()));
12716
12717        let mut w = pipe.server.writable();
12718        assert_eq!(w.len(), 2);
12719
12720        assert!(w.next().is_some());
12721        assert!(w.next().is_some());
12722        assert!(w.next().is_none());
12723
12724        assert_eq!(w.len(), 0);
12725
12726        // Server finishes stream.
12727        assert_eq!(pipe.server.stream_send(8, b"aaaaa", true), Ok(5));
12728
12729        let mut w = pipe.server.writable();
12730        assert_eq!(w.next(), Some(4));
12731        assert_eq!(w.next(), None);
12732    }
12733
12734    #[rstest]
12735    fn stream_writable_blocked(
12736        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12737    ) {
12738        let mut config = crate::Config::new(crate::PROTOCOL_VERSION).unwrap();
12739        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
12740        config
12741            .load_cert_chain_from_pem_file("examples/cert.crt")
12742            .unwrap();
12743        config
12744            .load_priv_key_from_pem_file("examples/cert.key")
12745            .unwrap();
12746        config.set_application_protos(&[b"h3"]).unwrap();
12747        config.set_initial_max_data(70);
12748        config.set_initial_max_stream_data_bidi_local(150000);
12749        config.set_initial_max_stream_data_bidi_remote(150000);
12750        config.set_initial_max_stream_data_uni(150000);
12751        config.set_initial_max_streams_bidi(100);
12752        config.set_initial_max_streams_uni(5);
12753        config.verify_peer(false);
12754
12755        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
12756        assert_eq!(pipe.handshake(), Ok(()));
12757
12758        // Client creates stream and sends some data.
12759        let send_buf = [0; 35];
12760        assert_eq!(pipe.client.stream_send(0, &send_buf, false), Ok(35));
12761
12762        // Stream is still writable as it still has capacity.
12763        assert_eq!(pipe.client.stream_writable_next(), Some(0));
12764        assert_eq!(pipe.client.stream_writable_next(), None);
12765
12766        // Client fills stream, which becomes unwritable due to connection
12767        // capacity.
12768        let send_buf = [0; 36];
12769        assert_eq!(pipe.client.stream_send(0, &send_buf, false), Ok(35));
12770
12771        assert_eq!(pipe.client.stream_writable_next(), None);
12772
12773        assert_eq!(pipe.client.tx_cap, 0);
12774
12775        assert_eq!(pipe.advance(), Ok(()));
12776
12777        let mut b = [0; 70];
12778        pipe.server.stream_recv(0, &mut b).unwrap();
12779
12780        assert_eq!(pipe.advance(), Ok(()));
12781
12782        // The connection capacity has increased and the stream is now writable
12783        // again.
12784        assert_ne!(pipe.client.tx_cap, 0);
12785
12786        assert_eq!(pipe.client.stream_writable_next(), Some(0));
12787        assert_eq!(pipe.client.stream_writable_next(), None);
12788    }
12789
12790    #[rstest]
12791    /// Tests that we don't exceed the per-connection flow control limit set by
12792    /// the peer.
12793    fn flow_control_limit_send(
12794        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12795    ) {
12796        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12797        assert_eq!(pipe.handshake(), Ok(()));
12798
12799        assert_eq!(
12800            pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
12801            Ok(15)
12802        );
12803        assert_eq!(pipe.advance(), Ok(()));
12804        assert_eq!(
12805            pipe.client.stream_send(4, b"aaaaaaaaaaaaaaa", false),
12806            Ok(15)
12807        );
12808        assert_eq!(pipe.advance(), Ok(()));
12809        assert_eq!(pipe.client.stream_send(8, b"a", false), Err(Error::Done));
12810        assert_eq!(pipe.advance(), Ok(()));
12811
12812        let mut r = pipe.server.readable();
12813        assert!(r.next().is_some());
12814        assert!(r.next().is_some());
12815        assert!(r.next().is_none());
12816    }
12817
12818    #[rstest]
12819    /// Tests that invalid packets received before any other valid ones cause
12820    /// the server to close the connection immediately.
12821    fn invalid_initial_server(
12822        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12823    ) {
12824        let mut buf = [0; 65535];
12825        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12826
12827        let frames = [frame::Frame::Padding { len: 10 }];
12828
12829        let written = testing::encode_pkt(
12830            &mut pipe.client,
12831            packet::Type::Initial,
12832            &frames,
12833            &mut buf,
12834        )
12835        .unwrap();
12836
12837        // Corrupt the packets's last byte to make decryption fail (the last
12838        // byte is part of the AEAD tag, so changing it means that the packet
12839        // cannot be authenticated during decryption).
12840        buf[written - 1] = !buf[written - 1];
12841
12842        assert_eq!(pipe.server.timeout(), None);
12843
12844        assert_eq!(
12845            pipe.server_recv(&mut buf[..written]),
12846            Err(Error::CryptoFail)
12847        );
12848
12849        assert!(pipe.server.is_closed());
12850    }
12851
12852    #[rstest]
12853    /// Tests that invalid Initial packets received to cause
12854    /// the client to close the connection immediately.
12855    fn invalid_initial_client(
12856        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12857    ) {
12858        let mut buf = [0; 65535];
12859        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12860
12861        // Client sends initial flight.
12862        let (len, _) = pipe.client.send(&mut buf).unwrap();
12863
12864        // Server sends initial flight.
12865        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(1200));
12866
12867        let frames = [frame::Frame::Padding { len: 10 }];
12868
12869        let written = testing::encode_pkt(
12870            &mut pipe.server,
12871            packet::Type::Initial,
12872            &frames,
12873            &mut buf,
12874        )
12875        .unwrap();
12876
12877        // Corrupt the packets's last byte to make decryption fail (the last
12878        // byte is part of the AEAD tag, so changing it means that the packet
12879        // cannot be authenticated during decryption).
12880        buf[written - 1] = !buf[written - 1];
12881
12882        // Client will ignore invalid packet.
12883        assert_eq!(pipe.client_recv(&mut buf[..written]), Ok(71));
12884
12885        // The connection should be alive...
12886        assert!(!pipe.client.is_closed());
12887
12888        // ...and the idle timeout should be armed.
12889        assert!(pipe.client.idle_timer.is_some());
12890    }
12891
12892    #[rstest]
12893    /// Tests that packets with invalid payload length received before any other
12894    /// valid packet cause the server to close the connection immediately.
12895    fn invalid_initial_payload(
12896        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12897    ) {
12898        let mut buf = [0; 65535];
12899        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12900
12901        let mut b = octets::OctetsMut::with_slice(&mut buf);
12902
12903        let epoch = packet::Type::Initial.to_epoch().unwrap();
12904
12905        let pn = 0;
12906        let pn_len = packet::pkt_num_len(pn, 0);
12907
12908        let dcid = pipe.client.destination_id();
12909        let scid = pipe.client.source_id();
12910
12911        let hdr = Header {
12912            ty: packet::Type::Initial,
12913            version: pipe.client.version,
12914            dcid: ConnectionId::from_ref(&dcid),
12915            scid: ConnectionId::from_ref(&scid),
12916            pkt_num: 0,
12917            pkt_num_len: pn_len,
12918            token: pipe.client.token.clone(),
12919            versions: None,
12920            key_phase: false,
12921        };
12922
12923        hdr.to_bytes(&mut b).unwrap();
12924
12925        // Payload length is invalid!!!
12926        let payload_len = 4096;
12927
12928        let len = pn_len + payload_len;
12929        b.put_varint(len as u64).unwrap();
12930
12931        packet::encode_pkt_num(pn, pn_len, &mut b).unwrap();
12932
12933        let payload_offset = b.off();
12934
12935        let frames = [frame::Frame::Padding { len: 10 }];
12936
12937        for frame in &frames {
12938            frame.to_bytes(&mut b).unwrap();
12939        }
12940
12941        let space = &mut pipe.client.pkt_num_spaces[epoch];
12942
12943        // Use correct payload length when encrypting the packet.
12944        let payload_len = frames.iter().fold(0, |acc, x| acc + x.wire_len());
12945
12946        let aead = space.crypto_seal.as_ref().unwrap();
12947
12948        let written = packet::encrypt_pkt(
12949            &mut b,
12950            pn,
12951            pn_len,
12952            payload_len,
12953            payload_offset,
12954            None,
12955            aead,
12956        )
12957        .unwrap();
12958
12959        assert_eq!(pipe.server.timeout(), None);
12960
12961        assert_eq!(
12962            pipe.server_recv(&mut buf[..written]),
12963            Err(Error::InvalidPacket)
12964        );
12965
12966        assert!(pipe.server.is_closed());
12967    }
12968
12969    #[rstest]
12970    /// Tests that invalid packets don't cause the connection to be closed.
12971    fn invalid_packet(
12972        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
12973    ) {
12974        let mut buf = [0; 65535];
12975
12976        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
12977        assert_eq!(pipe.handshake(), Ok(()));
12978
12979        let frames = [frame::Frame::Padding { len: 10 }];
12980
12981        let written = testing::encode_pkt(
12982            &mut pipe.client,
12983            packet::Type::Short,
12984            &frames,
12985            &mut buf,
12986        )
12987        .unwrap();
12988
12989        // Corrupt the packets's last byte to make decryption fail (the last
12990        // byte is part of the AEAD tag, so changing it means that the packet
12991        // cannot be authenticated during decryption).
12992        buf[written - 1] = !buf[written - 1];
12993
12994        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
12995
12996        // Corrupt the packets's first byte to make the header fail decoding.
12997        buf[0] = 255;
12998
12999        assert_eq!(pipe.server_recv(&mut buf[..written]), Ok(written));
13000    }
13001
13002    #[rstest]
13003    fn recv_empty_buffer(
13004        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13005    ) {
13006        let mut buf = [0; 65535];
13007
13008        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13009        assert_eq!(pipe.handshake(), Ok(()));
13010
13011        assert_eq!(pipe.server_recv(&mut buf[..0]), Err(Error::BufferTooShort));
13012    }
13013
13014    #[rstest]
13015    fn stop_sending_before_flushed_packets(
13016        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13017    ) {
13018        let mut b = [0; 15];
13019
13020        let mut buf = [0; 65535];
13021
13022        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13023        assert_eq!(pipe.handshake(), Ok(()));
13024
13025        // Client sends some data, and closes stream.
13026        assert_eq!(pipe.client.stream_send(0, b"hello", true), Ok(5));
13027        assert_eq!(pipe.advance(), Ok(()));
13028
13029        // Server gets data.
13030        let mut r = pipe.server.readable();
13031        assert_eq!(r.next(), Some(0));
13032        assert_eq!(r.next(), None);
13033
13034        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((5, true)));
13035        assert!(pipe.server.stream_finished(0));
13036
13037        let mut r = pipe.server.readable();
13038        assert_eq!(r.next(), None);
13039
13040        // Server sends data, until blocked.
13041        let mut r = pipe.server.writable();
13042        assert_eq!(r.next(), Some(0));
13043        assert_eq!(r.next(), None);
13044
13045        while pipe.server.stream_send(0, b"world", false) != Err(Error::Done) {}
13046
13047        let mut r = pipe.server.writable();
13048        assert_eq!(r.next(), None);
13049
13050        // Client sends STOP_SENDING.
13051        let frames = [frame::Frame::StopSending {
13052            stream_id: 0,
13053            error_code: 42,
13054        }];
13055
13056        let pkt_type = packet::Type::Short;
13057        let len = pipe
13058            .send_pkt_to_server(pkt_type, &frames, &mut buf)
13059            .unwrap();
13060
13061        // Server sent a RESET_STREAM frame in response.
13062        let frames =
13063            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
13064
13065        let mut iter = frames.iter();
13066
13067        // Skip ACK frame.
13068        iter.next();
13069
13070        assert_eq!(
13071            iter.next(),
13072            Some(&frame::Frame::ResetStream {
13073                stream_id: 0,
13074                error_code: 42,
13075                final_size: 0,
13076            })
13077        );
13078
13079        // Stream is writable, but writing returns an error.
13080        let mut r = pipe.server.writable();
13081        assert_eq!(r.next(), Some(0));
13082        assert_eq!(r.next(), None);
13083
13084        assert_eq!(
13085            pipe.server.stream_send(0, b"world", true),
13086            Err(Error::StreamStopped(42)),
13087        );
13088
13089        assert_eq!(pipe.server.streams.len(), 1);
13090
13091        // Client acks RESET_STREAM frame.
13092        let mut ranges = ranges::RangeSet::default();
13093        ranges.insert(0..6);
13094
13095        let frames = [frame::Frame::ACK {
13096            ack_delay: 15,
13097            ranges,
13098            ecn_counts: None,
13099        }];
13100
13101        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(0));
13102
13103        // Client has ACK'd the RESET_STREAM so the stream is collected.
13104        assert_eq!(pipe.server.streams.len(), 0);
13105    }
13106
13107    #[rstest]
13108    fn reset_before_flushed_packets(
13109        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13110    ) {
13111        let mut b = [0; 15];
13112
13113        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
13114        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13115        config
13116            .load_cert_chain_from_pem_file("examples/cert.crt")
13117            .unwrap();
13118        config
13119            .load_priv_key_from_pem_file("examples/cert.key")
13120            .unwrap();
13121        config
13122            .set_application_protos(&[b"proto1", b"proto2"])
13123            .unwrap();
13124        config.set_initial_max_data(30);
13125        config.set_initial_max_stream_data_bidi_local(5);
13126        config.set_initial_max_stream_data_bidi_remote(15);
13127        config.set_initial_max_streams_bidi(3);
13128        config.verify_peer(false);
13129
13130        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
13131        assert_eq!(pipe.handshake(), Ok(()));
13132
13133        // Client sends some data, and closes stream.
13134        assert_eq!(pipe.client.stream_send(0, b"hello", true), Ok(5));
13135        assert_eq!(pipe.advance(), Ok(()));
13136
13137        // Server gets data.
13138        let mut r = pipe.server.readable();
13139        assert_eq!(r.next(), Some(0));
13140        assert_eq!(r.next(), None);
13141
13142        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((5, true)));
13143        assert!(pipe.server.stream_finished(0));
13144
13145        let mut r = pipe.server.readable();
13146        assert_eq!(r.next(), None);
13147
13148        // Server sends data and is blocked by small stream flow control.
13149        let mut r = pipe.server.writable();
13150        assert_eq!(r.next(), Some(0));
13151        assert_eq!(r.next(), None);
13152
13153        assert_eq!(pipe.server.stream_send(0, b"helloworld", false), Ok(5));
13154        assert_eq!(pipe.advance(), Ok(()));
13155
13156        // Client reads to give flow control back.
13157        assert_eq!(pipe.client.stream_recv(0, &mut b), Ok((5, false)));
13158        assert_eq!(pipe.advance(), Ok(()));
13159
13160        // Server writes stream data and resets the stream before sending a
13161        // packet.
13162        assert_eq!(pipe.server.stream_send(0, b"world", false), Ok(5));
13163        pipe.server.stream_shutdown(0, Shutdown::Write, 42).unwrap();
13164        assert_eq!(pipe.advance(), Ok(()));
13165
13166        // Client has ACK'd the RESET_STREAM so the stream is collected.
13167        assert_eq!(pipe.server.streams.len(), 0);
13168    }
13169
13170    #[rstest]
13171    /// Tests that the MAX_STREAMS frame is sent for bidirectional streams.
13172    fn stream_limit_update_bidi(
13173        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13174    ) {
13175        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
13176        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13177        config
13178            .load_cert_chain_from_pem_file("examples/cert.crt")
13179            .unwrap();
13180        config
13181            .load_priv_key_from_pem_file("examples/cert.key")
13182            .unwrap();
13183        config
13184            .set_application_protos(&[b"proto1", b"proto2"])
13185            .unwrap();
13186        config.set_initial_max_data(30);
13187        config.set_initial_max_stream_data_bidi_local(15);
13188        config.set_initial_max_stream_data_bidi_remote(15);
13189        config.set_initial_max_stream_data_uni(10);
13190        config.set_initial_max_streams_bidi(3);
13191        config.set_initial_max_streams_uni(0);
13192        config.verify_peer(false);
13193
13194        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
13195        assert_eq!(pipe.handshake(), Ok(()));
13196
13197        // Client sends stream data.
13198        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
13199        assert_eq!(pipe.advance(), Ok(()));
13200
13201        assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
13202        assert_eq!(pipe.advance(), Ok(()));
13203
13204        assert_eq!(pipe.client.stream_send(4, b"b", true), Ok(1));
13205        assert_eq!(pipe.advance(), Ok(()));
13206
13207        assert_eq!(pipe.client.stream_send(0, b"b", true), Ok(1));
13208        assert_eq!(pipe.advance(), Ok(()));
13209
13210        // Server reads stream data.
13211        let mut b = [0; 15];
13212        pipe.server.stream_recv(0, &mut b).unwrap();
13213        pipe.server.stream_recv(4, &mut b).unwrap();
13214        assert_eq!(pipe.advance(), Ok(()));
13215
13216        // Server sends stream data, with fin.
13217        assert_eq!(pipe.server.stream_send(0, b"a", false), Ok(1));
13218        assert_eq!(pipe.advance(), Ok(()));
13219
13220        assert_eq!(pipe.server.stream_send(4, b"a", false), Ok(1));
13221        assert_eq!(pipe.advance(), Ok(()));
13222
13223        assert_eq!(pipe.server.stream_send(4, b"b", true), Ok(1));
13224        assert_eq!(pipe.advance(), Ok(()));
13225
13226        assert_eq!(pipe.server.stream_send(0, b"b", true), Ok(1));
13227
13228        // Server sends MAX_STREAMS.
13229        assert_eq!(pipe.advance(), Ok(()));
13230
13231        // Client tries to create new streams.
13232        assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
13233        assert_eq!(pipe.advance(), Ok(()));
13234
13235        assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
13236        assert_eq!(pipe.advance(), Ok(()));
13237
13238        assert_eq!(pipe.client.stream_send(16, b"a", false), Ok(1));
13239        assert_eq!(pipe.advance(), Ok(()));
13240
13241        assert_eq!(
13242            pipe.client.stream_send(20, b"a", false),
13243            Err(Error::StreamLimit)
13244        );
13245
13246        assert_eq!(pipe.server.readable().len(), 3);
13247    }
13248
13249    #[rstest]
13250    /// Tests that the MAX_STREAMS frame is sent for unidirectional streams.
13251    fn stream_limit_update_uni(
13252        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13253    ) {
13254        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
13255        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13256        config
13257            .load_cert_chain_from_pem_file("examples/cert.crt")
13258            .unwrap();
13259        config
13260            .load_priv_key_from_pem_file("examples/cert.key")
13261            .unwrap();
13262        config
13263            .set_application_protos(&[b"proto1", b"proto2"])
13264            .unwrap();
13265        config.set_initial_max_data(30);
13266        config.set_initial_max_stream_data_bidi_local(15);
13267        config.set_initial_max_stream_data_bidi_remote(15);
13268        config.set_initial_max_stream_data_uni(10);
13269        config.set_initial_max_streams_bidi(0);
13270        config.set_initial_max_streams_uni(3);
13271        config.verify_peer(false);
13272
13273        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
13274        assert_eq!(pipe.handshake(), Ok(()));
13275
13276        // Client sends stream data.
13277        assert_eq!(pipe.client.stream_send(2, b"a", false), Ok(1));
13278        assert_eq!(pipe.advance(), Ok(()));
13279
13280        assert_eq!(pipe.client.stream_send(6, b"a", false), Ok(1));
13281        assert_eq!(pipe.advance(), Ok(()));
13282
13283        assert_eq!(pipe.client.stream_send(6, b"b", true), Ok(1));
13284        assert_eq!(pipe.advance(), Ok(()));
13285
13286        assert_eq!(pipe.client.stream_send(2, b"b", true), Ok(1));
13287        assert_eq!(pipe.advance(), Ok(()));
13288
13289        // Server reads stream data.
13290        let mut b = [0; 15];
13291        pipe.server.stream_recv(2, &mut b).unwrap();
13292        pipe.server.stream_recv(6, &mut b).unwrap();
13293
13294        // Server sends MAX_STREAMS.
13295        assert_eq!(pipe.advance(), Ok(()));
13296
13297        // Client tries to create new streams.
13298        assert_eq!(pipe.client.stream_send(10, b"a", false), Ok(1));
13299        assert_eq!(pipe.advance(), Ok(()));
13300
13301        assert_eq!(pipe.client.stream_send(14, b"a", false), Ok(1));
13302        assert_eq!(pipe.advance(), Ok(()));
13303
13304        assert_eq!(pipe.client.stream_send(18, b"a", false), Ok(1));
13305        assert_eq!(pipe.advance(), Ok(()));
13306
13307        assert_eq!(
13308            pipe.client.stream_send(22, b"a", false),
13309            Err(Error::StreamLimit)
13310        );
13311
13312        assert_eq!(pipe.server.readable().len(), 3);
13313    }
13314
13315    #[rstest]
13316    /// Tests that the stream's fin flag is properly flushed even if there's no
13317    /// data in the buffer, and that the buffer becomes readable on the other
13318    /// side.
13319    fn stream_zero_length_fin(
13320        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13321    ) {
13322        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13323        assert_eq!(pipe.handshake(), Ok(()));
13324
13325        assert_eq!(
13326            pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
13327            Ok(15)
13328        );
13329        assert_eq!(pipe.advance(), Ok(()));
13330
13331        let mut r = pipe.server.readable();
13332        assert_eq!(r.next(), Some(0));
13333        assert!(r.next().is_none());
13334
13335        let mut b = [0; 15];
13336        pipe.server.stream_recv(0, &mut b).unwrap();
13337        assert_eq!(pipe.advance(), Ok(()));
13338
13339        // Client sends zero-length frame.
13340        assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
13341        assert_eq!(pipe.advance(), Ok(()));
13342
13343        // Stream should be readable on the server after receiving empty fin.
13344        let mut r = pipe.server.readable();
13345        assert_eq!(r.next(), Some(0));
13346        assert!(r.next().is_none());
13347
13348        let mut b = [0; 15];
13349        pipe.server.stream_recv(0, &mut b).unwrap();
13350        assert_eq!(pipe.advance(), Ok(()));
13351
13352        // Client sends zero-length frame (again).
13353        assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
13354        assert_eq!(pipe.advance(), Ok(()));
13355
13356        // Stream should _not_ be readable on the server after receiving empty
13357        // fin, because it was already finished.
13358        let mut r = pipe.server.readable();
13359        assert_eq!(r.next(), None);
13360    }
13361
13362    #[rstest]
13363    /// Tests that the stream's fin flag is properly flushed even if there's no
13364    /// data in the buffer, that the buffer becomes readable on the other
13365    /// side and stays readable even if the stream is fin'd locally.
13366    fn stream_zero_length_fin_deferred_collection(
13367        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13368    ) {
13369        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13370        assert_eq!(pipe.handshake(), Ok(()));
13371
13372        assert_eq!(
13373            pipe.client.stream_send(0, b"aaaaaaaaaaaaaaa", false),
13374            Ok(15)
13375        );
13376        assert_eq!(pipe.advance(), Ok(()));
13377
13378        let mut r = pipe.server.readable();
13379        assert_eq!(r.next(), Some(0));
13380        assert!(r.next().is_none());
13381
13382        let mut b = [0; 15];
13383        pipe.server.stream_recv(0, &mut b).unwrap();
13384        assert_eq!(pipe.advance(), Ok(()));
13385
13386        // Client sends zero-length frame.
13387        assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
13388        assert_eq!(pipe.advance(), Ok(()));
13389
13390        // Server sends zero-length frame.
13391        assert_eq!(pipe.server.stream_send(0, b"", true), Ok(0));
13392        assert_eq!(pipe.advance(), Ok(()));
13393
13394        // Stream should be readable on the server after receiving empty fin.
13395        let mut r = pipe.server.readable();
13396        assert_eq!(r.next(), Some(0));
13397        assert!(r.next().is_none());
13398
13399        let mut b = [0; 15];
13400        pipe.server.stream_recv(0, &mut b).unwrap();
13401        assert_eq!(pipe.advance(), Ok(()));
13402
13403        // Client sends zero-length frame (again).
13404        assert_eq!(pipe.client.stream_send(0, b"", true), Ok(0));
13405        assert_eq!(pipe.advance(), Ok(()));
13406
13407        // Stream should _not_ be readable on the server after receiving empty
13408        // fin, because it was already finished.
13409        let mut r = pipe.server.readable();
13410        assert_eq!(r.next(), None);
13411
13412        // Stream _is_readable on the client side.
13413        let mut r = pipe.client.readable();
13414        assert_eq!(r.next(), Some(0));
13415
13416        pipe.client.stream_recv(0, &mut b).unwrap();
13417        assert_eq!(pipe.advance(), Ok(()));
13418
13419        // Stream is completed and _is not_ readable.
13420        let mut r = pipe.client.readable();
13421        assert_eq!(r.next(), None);
13422    }
13423
13424    #[rstest]
13425    /// Tests that the stream gets created with stream_send() even if there's
13426    /// no data in the buffer and the fin flag is not set.
13427    fn stream_zero_length_non_fin(
13428        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13429    ) {
13430        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13431        assert_eq!(pipe.handshake(), Ok(()));
13432
13433        assert_eq!(pipe.client.stream_send(0, b"", false), Ok(0));
13434
13435        // The stream now should have been created.
13436        assert_eq!(pipe.client.streams.len(), 1);
13437        assert_eq!(pipe.advance(), Ok(()));
13438
13439        // Sending an empty non-fin should not change any stream state on the
13440        // other side.
13441        let mut r = pipe.server.readable();
13442        assert!(r.next().is_none());
13443    }
13444
13445    #[rstest]
13446    /// Tests that completed streams are garbage collected.
13447    fn collect_streams(
13448        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13449    ) {
13450        let mut buf = [0; 65535];
13451
13452        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13453        assert_eq!(pipe.handshake(), Ok(()));
13454
13455        assert_eq!(pipe.client.streams.len(), 0);
13456        assert_eq!(pipe.server.streams.len(), 0);
13457
13458        assert_eq!(pipe.client.stream_send(0, b"aaaaa", true), Ok(5));
13459        assert_eq!(pipe.advance(), Ok(()));
13460
13461        assert!(!pipe.client.stream_finished(0));
13462        assert!(!pipe.server.stream_finished(0));
13463
13464        assert_eq!(pipe.client.streams.len(), 1);
13465        assert_eq!(pipe.server.streams.len(), 1);
13466
13467        let mut b = [0; 5];
13468        pipe.server.stream_recv(0, &mut b).unwrap();
13469        assert_eq!(pipe.advance(), Ok(()));
13470
13471        assert_eq!(pipe.server.stream_send(0, b"aaaaa", true), Ok(5));
13472        assert_eq!(pipe.advance(), Ok(()));
13473
13474        assert!(!pipe.client.stream_finished(0));
13475        assert!(pipe.server.stream_finished(0));
13476
13477        assert_eq!(pipe.client.streams.len(), 1);
13478        assert_eq!(pipe.server.streams.len(), 0);
13479
13480        let mut b = [0; 5];
13481        pipe.client.stream_recv(0, &mut b).unwrap();
13482        assert_eq!(pipe.advance(), Ok(()));
13483
13484        assert_eq!(pipe.client.streams.len(), 0);
13485        assert_eq!(pipe.server.streams.len(), 0);
13486
13487        assert!(pipe.client.stream_finished(0));
13488        assert!(pipe.server.stream_finished(0));
13489
13490        assert_eq!(pipe.client.stream_send(0, b"", true), Err(Error::Done));
13491
13492        let frames = [frame::Frame::Stream {
13493            stream_id: 0,
13494            data: <RangeBuf>::from(b"aa", 0, false),
13495        }];
13496
13497        let pkt_type = packet::Type::Short;
13498        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(39));
13499    }
13500
13501    #[test]
13502    fn config_set_cc_algorithm_name() {
13503        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13504
13505        assert_eq!(config.set_cc_algorithm_name("reno"), Ok(()));
13506
13507        // Unknown name.
13508        assert_eq!(
13509            config.set_cc_algorithm_name("???"),
13510            Err(Error::CongestionControl)
13511        );
13512    }
13513
13514    #[rstest]
13515    fn peer_cert(
13516        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13517    ) {
13518        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13519        assert_eq!(pipe.handshake(), Ok(()));
13520
13521        match pipe.client.peer_cert() {
13522            Some(c) => assert_eq!(c.len(), 753),
13523
13524            None => panic!("missing server certificate"),
13525        }
13526    }
13527
13528    #[rstest]
13529    fn peer_cert_chain(
13530        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13531    ) {
13532        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13533        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13534        config
13535            .load_cert_chain_from_pem_file("examples/cert-big.crt")
13536            .unwrap();
13537        config
13538            .load_priv_key_from_pem_file("examples/cert.key")
13539            .unwrap();
13540        config
13541            .set_application_protos(&[b"proto1", b"proto2"])
13542            .unwrap();
13543
13544        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
13545        assert_eq!(pipe.handshake(), Ok(()));
13546
13547        match pipe.client.peer_cert_chain() {
13548            Some(c) => assert_eq!(c.len(), 5),
13549
13550            None => panic!("missing server certificate chain"),
13551        }
13552    }
13553
13554    #[rstest]
13555    fn retry(
13556        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13557    ) {
13558        let mut buf = [0; 65535];
13559
13560        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13561        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13562        config
13563            .load_cert_chain_from_pem_file("examples/cert.crt")
13564            .unwrap();
13565        config
13566            .load_priv_key_from_pem_file("examples/cert.key")
13567            .unwrap();
13568        config
13569            .set_application_protos(&[b"proto1", b"proto2"])
13570            .unwrap();
13571
13572        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
13573
13574        // Client sends initial flight.
13575        let (mut len, _) = pipe.client.send(&mut buf).unwrap();
13576
13577        // Server sends Retry packet.
13578        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13579
13580        let odcid = hdr.dcid.clone();
13581
13582        let mut scid = [0; MAX_CONN_ID_LEN];
13583        rand::rand_bytes(&mut scid[..]);
13584        let scid = ConnectionId::from_ref(&scid);
13585
13586        let token = b"quiche test retry token";
13587
13588        len = packet::retry(
13589            &hdr.scid,
13590            &hdr.dcid,
13591            &scid,
13592            token,
13593            hdr.version,
13594            &mut buf,
13595        )
13596        .unwrap();
13597
13598        // Client receives Retry and sends new Initial.
13599        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
13600
13601        let (len, send_info) = pipe.client.send(&mut buf).unwrap();
13602
13603        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13604        assert_eq!(&hdr.token.unwrap(), token);
13605
13606        // Server accepts connection.
13607        pipe.server = accept(
13608            &scid,
13609            Some(&odcid),
13610            testing::Pipe::server_addr(),
13611            send_info.from,
13612            &mut config,
13613        )
13614        .unwrap();
13615        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
13616
13617        assert_eq!(pipe.advance(), Ok(()));
13618
13619        assert!(pipe.client.is_established());
13620        assert!(pipe.server.is_established());
13621    }
13622
13623    #[rstest]
13624    fn retry_with_pto(
13625        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13626    ) {
13627        let mut buf = [0; 65535];
13628
13629        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13630        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13631        config
13632            .load_cert_chain_from_pem_file("examples/cert.crt")
13633            .unwrap();
13634        config
13635            .load_priv_key_from_pem_file("examples/cert.key")
13636            .unwrap();
13637        config
13638            .set_application_protos(&[b"proto1", b"proto2"])
13639            .unwrap();
13640
13641        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
13642
13643        // Client sends initial flight.
13644        let (mut len, _) = pipe.client.send(&mut buf).unwrap();
13645
13646        // Server sends Retry packet.
13647        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13648
13649        let odcid = hdr.dcid.clone();
13650
13651        let mut scid = [0; MAX_CONN_ID_LEN];
13652        rand::rand_bytes(&mut scid[..]);
13653        let scid = ConnectionId::from_ref(&scid);
13654
13655        let token = b"quiche test retry token";
13656
13657        len = packet::retry(
13658            &hdr.scid,
13659            &hdr.dcid,
13660            &scid,
13661            token,
13662            hdr.version,
13663            &mut buf,
13664        )
13665        .unwrap();
13666
13667        // Client receives Retry and sends new Initial.
13668        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
13669
13670        let (len, send_info) = pipe.client.send(&mut buf).unwrap();
13671
13672        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13673        assert_eq!(&hdr.token.unwrap(), token);
13674
13675        // Server accepts connection.
13676        pipe.server = accept(
13677            &scid,
13678            Some(&odcid),
13679            testing::Pipe::server_addr(),
13680            send_info.from,
13681            &mut config,
13682        )
13683        .unwrap();
13684        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
13685
13686        // Wait for the client's PTO so it will try to send an Initial again.
13687        let timer = pipe.client.timeout().unwrap();
13688        std::thread::sleep(timer + time::Duration::from_millis(1));
13689        pipe.client.on_timeout();
13690
13691        assert_eq!(pipe.advance(), Ok(()));
13692
13693        assert!(pipe.client.is_established());
13694        assert!(pipe.server.is_established());
13695    }
13696
13697    #[rstest]
13698    fn missing_retry_source_connection_id(
13699        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13700    ) {
13701        let mut buf = [0; 65535];
13702
13703        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13704        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13705        config
13706            .load_cert_chain_from_pem_file("examples/cert.crt")
13707            .unwrap();
13708        config
13709            .load_priv_key_from_pem_file("examples/cert.key")
13710            .unwrap();
13711        config
13712            .set_application_protos(&[b"proto1", b"proto2"])
13713            .unwrap();
13714
13715        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
13716
13717        // Client sends initial flight.
13718        let (mut len, _) = pipe.client.send(&mut buf).unwrap();
13719
13720        // Server sends Retry packet.
13721        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13722
13723        let mut scid = [0; MAX_CONN_ID_LEN];
13724        rand::rand_bytes(&mut scid[..]);
13725        let scid = ConnectionId::from_ref(&scid);
13726
13727        let token = b"quiche test retry token";
13728
13729        len = packet::retry(
13730            &hdr.scid,
13731            &hdr.dcid,
13732            &scid,
13733            token,
13734            hdr.version,
13735            &mut buf,
13736        )
13737        .unwrap();
13738
13739        // Client receives Retry and sends new Initial.
13740        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
13741
13742        let (len, _) = pipe.client.send(&mut buf).unwrap();
13743
13744        // Server accepts connection and send first flight. But original
13745        // destination connection ID is ignored.
13746        let from = "127.0.0.1:1234".parse().unwrap();
13747        pipe.server =
13748            accept(&scid, None, testing::Pipe::server_addr(), from, &mut config)
13749                .unwrap();
13750        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
13751
13752        let flight = testing::emit_flight(&mut pipe.server).unwrap();
13753
13754        assert_eq!(
13755            testing::process_flight(&mut pipe.client, flight),
13756            Err(Error::InvalidTransportParam)
13757        );
13758    }
13759
13760    #[rstest]
13761    fn invalid_retry_source_connection_id(
13762        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13763    ) {
13764        let mut buf = [0; 65535];
13765
13766        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
13767        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13768        config
13769            .load_cert_chain_from_pem_file("examples/cert.crt")
13770            .unwrap();
13771        config
13772            .load_priv_key_from_pem_file("examples/cert.key")
13773            .unwrap();
13774        config
13775            .set_application_protos(&[b"proto1", b"proto2"])
13776            .unwrap();
13777
13778        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
13779
13780        // Client sends initial flight.
13781        let (mut len, _) = pipe.client.send(&mut buf).unwrap();
13782
13783        // Server sends Retry packet.
13784        let hdr = Header::from_slice(&mut buf[..len], MAX_CONN_ID_LEN).unwrap();
13785
13786        let mut scid = [0; MAX_CONN_ID_LEN];
13787        rand::rand_bytes(&mut scid[..]);
13788        let scid = ConnectionId::from_ref(&scid);
13789
13790        let token = b"quiche test retry token";
13791
13792        len = packet::retry(
13793            &hdr.scid,
13794            &hdr.dcid,
13795            &scid,
13796            token,
13797            hdr.version,
13798            &mut buf,
13799        )
13800        .unwrap();
13801
13802        // Client receives Retry and sends new Initial.
13803        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
13804
13805        let (len, _) = pipe.client.send(&mut buf).unwrap();
13806
13807        // Server accepts connection and send first flight. But original
13808        // destination connection ID is invalid.
13809        let from = "127.0.0.1:1234".parse().unwrap();
13810        let odcid = ConnectionId::from_ref(b"bogus value");
13811        pipe.server = accept(
13812            &scid,
13813            Some(&odcid),
13814            testing::Pipe::server_addr(),
13815            from,
13816            &mut config,
13817        )
13818        .unwrap();
13819        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
13820
13821        let flight = testing::emit_flight(&mut pipe.server).unwrap();
13822
13823        assert_eq!(
13824            testing::process_flight(&mut pipe.client, flight),
13825            Err(Error::InvalidTransportParam)
13826        );
13827    }
13828
13829    #[rstest]
13830    /// Tests that a zero-length NEW_TOKEN frame is detected as an error.
13831    fn zero_length_new_token(
13832        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13833    ) {
13834        let mut buf = [0; 65535];
13835
13836        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13837        assert_eq!(pipe.handshake(), Ok(()));
13838
13839        let frames = vec![frame::Frame::NewToken { token: vec![] }];
13840
13841        let pkt_type = packet::Type::Short;
13842
13843        let written =
13844            testing::encode_pkt(&mut pipe.server, pkt_type, &frames, &mut buf)
13845                .unwrap();
13846
13847        assert_eq!(
13848            pipe.client_recv(&mut buf[..written]),
13849            Err(Error::InvalidFrame)
13850        );
13851    }
13852
13853    #[rstest]
13854    /// Tests that a NEW_TOKEN frame sent by client is detected as an error.
13855    fn client_sent_new_token(
13856        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13857    ) {
13858        let mut buf = [0; 65535];
13859
13860        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13861        assert_eq!(pipe.handshake(), Ok(()));
13862
13863        let frames = vec![frame::Frame::NewToken {
13864            token: vec![1, 2, 3],
13865        }];
13866
13867        let pkt_type = packet::Type::Short;
13868
13869        let written =
13870            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
13871                .unwrap();
13872
13873        assert_eq!(
13874            pipe.server_recv(&mut buf[..written]),
13875            Err(Error::InvalidPacket)
13876        );
13877    }
13878
13879    fn check_send(_: &mut impl Send) {}
13880
13881    #[rstest]
13882    fn config_must_be_send(
13883        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13884    ) {
13885        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
13886        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13887        check_send(&mut config);
13888    }
13889
13890    #[rstest]
13891    fn connection_must_be_send(
13892        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13893    ) {
13894        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13895        check_send(&mut pipe.client);
13896    }
13897
13898    fn check_sync(_: &mut impl Sync) {}
13899
13900    #[rstest]
13901    fn config_must_be_sync(
13902        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13903    ) {
13904        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
13905        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
13906        check_sync(&mut config);
13907    }
13908
13909    #[rstest]
13910    fn connection_must_be_sync(
13911        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13912    ) {
13913        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13914        check_sync(&mut pipe.client);
13915    }
13916
13917    #[rstest]
13918    fn data_blocked(
13919        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13920    ) {
13921        let mut buf = [0; 65535];
13922
13923        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13924        assert_eq!(pipe.handshake(), Ok(()));
13925
13926        assert_eq!(pipe.client.stream_send(0, b"aaaaaaaaaa", false), Ok(10));
13927        assert_eq!(pipe.client.blocked_limit, None);
13928        assert_eq!(pipe.advance(), Ok(()));
13929
13930        assert_eq!(pipe.client.stream_send(4, b"aaaaaaaaaa", false), Ok(10));
13931        assert_eq!(pipe.client.blocked_limit, None);
13932        assert_eq!(pipe.advance(), Ok(()));
13933
13934        assert_eq!(pipe.client.stream_send(8, b"aaaaaaaaaaa", false), Ok(10));
13935        assert_eq!(pipe.client.blocked_limit, Some(30));
13936
13937        let (len, _) = pipe.client.send(&mut buf).unwrap();
13938        assert_eq!(pipe.client.blocked_limit, None);
13939
13940        let frames =
13941            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
13942
13943        let mut iter = frames.iter();
13944
13945        assert_eq!(iter.next(), Some(&frame::Frame::DataBlocked { limit: 30 }));
13946
13947        assert_eq!(
13948            iter.next(),
13949            Some(&frame::Frame::Stream {
13950                stream_id: 8,
13951                data: <RangeBuf>::from(b"aaaaaaaaaa", 0, false),
13952            })
13953        );
13954
13955        assert_eq!(iter.next(), None);
13956    }
13957
13958    #[rstest]
13959    fn stream_data_blocked(
13960        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
13961    ) {
13962        let mut buf = [0; 65535];
13963
13964        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
13965        assert_eq!(pipe.handshake(), Ok(()));
13966
13967        assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
13968        assert_eq!(pipe.client.streams.blocked().len(), 0);
13969
13970        assert_eq!(pipe.client.stream_send(0, b"aaaaa", false), Ok(5));
13971        assert_eq!(pipe.client.streams.blocked().len(), 0);
13972
13973        assert_eq!(pipe.client.stream_send(0, b"aaaaaa", false), Ok(5));
13974        assert_eq!(pipe.client.streams.blocked().len(), 1);
13975
13976        let (len, _) = pipe.client.send(&mut buf).unwrap();
13977        assert_eq!(pipe.client.streams.blocked().len(), 0);
13978
13979        let frames =
13980            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
13981
13982        let mut iter = frames.iter();
13983
13984        // Skip ACK frame.
13985        iter.next();
13986
13987        assert_eq!(
13988            iter.next(),
13989            Some(&frame::Frame::StreamDataBlocked {
13990                stream_id: 0,
13991                limit: 15,
13992            })
13993        );
13994
13995        assert_eq!(
13996            iter.next(),
13997            Some(&frame::Frame::Stream {
13998                stream_id: 0,
13999                data: <RangeBuf>::from(b"aaaaaaaaaaaaaaa", 0, false),
14000            })
14001        );
14002
14003        assert_eq!(iter.next(), None);
14004
14005        // Send from another stream, make sure we don't send STREAM_DATA_BLOCKED
14006        // again.
14007        assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
14008
14009        let (len, _) = pipe.client.send(&mut buf).unwrap();
14010        assert_eq!(pipe.client.streams.blocked().len(), 0);
14011
14012        let frames =
14013            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
14014
14015        let mut iter = frames.iter();
14016
14017        assert_eq!(
14018            iter.next(),
14019            Some(&frame::Frame::Stream {
14020                stream_id: 4,
14021                data: <RangeBuf>::from(b"a", 0, false),
14022            })
14023        );
14024
14025        assert_eq!(iter.next(), None);
14026
14027        // Send again from blocked stream and make sure it is not marked as
14028        // blocked again.
14029        assert_eq!(
14030            pipe.client.stream_send(0, b"aaaaaa", false),
14031            Err(Error::Done)
14032        );
14033        assert_eq!(pipe.client.streams.blocked().len(), 0);
14034        assert_eq!(pipe.client.send(&mut buf), Err(Error::Done));
14035    }
14036
14037    #[rstest]
14038    fn stream_data_blocked_unblocked_flow_control(
14039        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14040    ) {
14041        let mut buf = [0; 65535];
14042        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
14043        assert_eq!(pipe.handshake(), Ok(()));
14044
14045        assert_eq!(
14046            pipe.client.stream_send(0, b"aaaaaaaaaaaaaaah", false),
14047            Ok(15)
14048        );
14049        assert_eq!(pipe.client.streams.blocked().len(), 1);
14050        assert_eq!(pipe.advance(), Ok(()));
14051        assert_eq!(pipe.client.streams.blocked().len(), 0);
14052
14053        // Send again on blocked stream. It's blocked at the same offset as
14054        // previously, so it should not be marked as blocked again.
14055        assert_eq!(pipe.client.stream_send(0, b"h", false), Err(Error::Done));
14056        assert_eq!(pipe.client.streams.blocked().len(), 0);
14057
14058        // No matter how many times we try to write stream data tried, no
14059        // packets containing STREAM_BLOCKED should be emitted.
14060        assert_eq!(pipe.client.stream_send(0, b"h", false), Err(Error::Done));
14061        assert_eq!(pipe.client.send(&mut buf), Err(Error::Done));
14062
14063        assert_eq!(pipe.client.stream_send(0, b"h", false), Err(Error::Done));
14064        assert_eq!(pipe.client.send(&mut buf), Err(Error::Done));
14065
14066        assert_eq!(pipe.client.stream_send(0, b"h", false), Err(Error::Done));
14067        assert_eq!(pipe.client.send(&mut buf), Err(Error::Done));
14068
14069        // Now read some data at the server to release flow control.
14070        let mut r = pipe.server.readable();
14071        assert_eq!(r.next(), Some(0));
14072        assert_eq!(r.next(), None);
14073
14074        let mut b = [0; 10];
14075        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((10, false)));
14076        assert_eq!(&b[..10], b"aaaaaaaaaa");
14077        assert_eq!(pipe.advance(), Ok(()));
14078
14079        assert_eq!(pipe.client.stream_send(0, b"hhhhhhhhhh!", false), Ok(10));
14080        assert_eq!(pipe.client.streams.blocked().len(), 1);
14081
14082        let (len, _) = pipe.client.send(&mut buf).unwrap();
14083        assert_eq!(pipe.client.streams.blocked().len(), 0);
14084
14085        let frames =
14086            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
14087
14088        let mut iter = frames.iter();
14089
14090        assert_eq!(
14091            iter.next(),
14092            Some(&frame::Frame::StreamDataBlocked {
14093                stream_id: 0,
14094                limit: 25,
14095            })
14096        );
14097
14098        // don't care about remaining received frames
14099
14100        assert_eq!(pipe.client.stream_send(0, b"!", false), Err(Error::Done));
14101        assert_eq!(pipe.client.streams.blocked().len(), 0);
14102        assert_eq!(pipe.client.send(&mut buf), Err(Error::Done));
14103    }
14104
14105    #[rstest]
14106    fn app_limited_true(
14107        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14108    ) {
14109        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14110        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14111        config
14112            .set_application_protos(&[b"proto1", b"proto2"])
14113            .unwrap();
14114        config.set_initial_max_data(50000);
14115        config.set_initial_max_stream_data_bidi_local(50000);
14116        config.set_initial_max_stream_data_bidi_remote(50000);
14117        config.set_max_recv_udp_payload_size(1200);
14118        config.verify_peer(false);
14119
14120        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
14121        assert_eq!(pipe.handshake(), Ok(()));
14122
14123        // Client sends stream data.
14124        assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
14125        assert_eq!(pipe.advance(), Ok(()));
14126
14127        // Server reads stream data.
14128        let mut b = [0; 15];
14129        pipe.server.stream_recv(0, &mut b).unwrap();
14130        assert_eq!(pipe.advance(), Ok(()));
14131
14132        // Server sends stream data smaller than cwnd.
14133        let send_buf = [0; 10000];
14134        assert_eq!(pipe.server.stream_send(0, &send_buf, false), Ok(10000));
14135        assert_eq!(pipe.advance(), Ok(()));
14136
14137        // app_limited should be true because we send less than cwnd.
14138        assert!(pipe
14139            .server
14140            .paths
14141            .get_active()
14142            .expect("no active")
14143            .recovery
14144            .app_limited());
14145    }
14146
14147    #[rstest]
14148    fn app_limited_false(
14149        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14150    ) {
14151        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14152        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14153        config
14154            .set_application_protos(&[b"proto1", b"proto2"])
14155            .unwrap();
14156        config.set_initial_max_data(50000);
14157        config.set_initial_max_stream_data_bidi_local(50000);
14158        config.set_initial_max_stream_data_bidi_remote(50000);
14159        config.set_max_recv_udp_payload_size(1200);
14160        config.verify_peer(false);
14161
14162        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
14163        assert_eq!(pipe.handshake(), Ok(()));
14164
14165        // Client sends stream data.
14166        assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
14167        assert_eq!(pipe.advance(), Ok(()));
14168
14169        // Server reads stream data.
14170        let mut b = [0; 15];
14171        pipe.server.stream_recv(0, &mut b).unwrap();
14172        assert_eq!(pipe.advance(), Ok(()));
14173
14174        // Server sends stream data bigger than cwnd.
14175        let send_buf1 = [0; 20000];
14176        assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
14177
14178        testing::emit_flight(&mut pipe.server).ok();
14179
14180        // We can't create a new packet header because there is no room by cwnd.
14181        // app_limited should be false because we can't send more by cwnd.
14182        assert!(!pipe
14183            .server
14184            .paths
14185            .get_active()
14186            .expect("no active")
14187            .recovery
14188            .app_limited());
14189    }
14190
14191    #[rstest]
14192    fn sends_ack_only_pkt_when_full_cwnd_and_ack_elicited(
14193        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14194    ) {
14195        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14196        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14197        config
14198            .load_cert_chain_from_pem_file("examples/cert.crt")
14199            .unwrap();
14200        config
14201            .load_priv_key_from_pem_file("examples/cert.key")
14202            .unwrap();
14203        config
14204            .set_application_protos(&[b"proto1", b"proto2"])
14205            .unwrap();
14206        config.set_initial_max_data(50000);
14207        config.set_initial_max_stream_data_bidi_local(50000);
14208        config.set_initial_max_stream_data_bidi_remote(50000);
14209        config.set_initial_max_streams_bidi(3);
14210        config.set_initial_max_streams_uni(3);
14211        config.set_max_recv_udp_payload_size(1200);
14212        config.verify_peer(false);
14213
14214        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
14215        assert_eq!(pipe.handshake(), Ok(()));
14216
14217        // Client sends stream data bigger than cwnd (it will never arrive to the
14218        // server).
14219        let send_buf1 = [0; 20000];
14220        assert_eq!(
14221            pipe.client.stream_send(0, &send_buf1, false),
14222            if cc_algorithm_name == "cubic" {
14223                Ok(12000)
14224            } else {
14225                if cfg!(feature = "openssl") {
14226                    Ok(12345)
14227                } else {
14228                    Ok(12299)
14229                }
14230            }
14231        );
14232
14233        testing::emit_flight(&mut pipe.client).ok();
14234
14235        // Server sends some stream data that will need ACKs.
14236        assert_eq!(
14237            pipe.server.stream_send(1, &send_buf1[..500], false),
14238            Ok(500)
14239        );
14240
14241        testing::process_flight(
14242            &mut pipe.client,
14243            testing::emit_flight(&mut pipe.server).unwrap(),
14244        )
14245        .unwrap();
14246
14247        let mut buf = [0; 2000];
14248
14249        let ret = pipe.client.send(&mut buf);
14250
14251        assert_eq!(pipe.client.tx_cap, 0);
14252
14253        assert!(matches!(ret, Ok((_, _))), "the client should at least send one packet to acknowledge the newly received data");
14254
14255        let (sent, _) = ret.unwrap();
14256
14257        assert_ne!(sent, 0, "the client should at least send a pure ACK packet");
14258
14259        let frames =
14260            testing::decode_pkt(&mut pipe.server, &mut buf[..sent]).unwrap();
14261        assert_eq!(1, frames.len());
14262        assert!(
14263            matches!(frames[0], frame::Frame::ACK { .. }),
14264            "the packet sent by the client must be an ACK only packet"
14265        );
14266    }
14267
14268    /// Like sends_ack_only_pkt_when_full_cwnd_and_ack_elicited, but when
14269    /// ack_eliciting is explicitly requested.
14270    #[rstest]
14271    fn sends_ack_only_pkt_when_full_cwnd_and_ack_elicited_despite_max_unacknowledging(
14272        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14273    ) {
14274        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14275        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14276        config
14277            .load_cert_chain_from_pem_file("examples/cert.crt")
14278            .unwrap();
14279        config
14280            .load_priv_key_from_pem_file("examples/cert.key")
14281            .unwrap();
14282        config
14283            .set_application_protos(&[b"proto1", b"proto2"])
14284            .unwrap();
14285        config.set_initial_max_data(50000);
14286        config.set_initial_max_stream_data_bidi_local(50000);
14287        config.set_initial_max_stream_data_bidi_remote(50000);
14288        config.set_initial_max_streams_bidi(3);
14289        config.set_initial_max_streams_uni(3);
14290        config.set_max_recv_udp_payload_size(1200);
14291        config.verify_peer(false);
14292
14293        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
14294        assert_eq!(pipe.handshake(), Ok(()));
14295
14296        // Client sends stream data bigger than cwnd (it will never arrive to the
14297        // server). This exhausts the congestion window.
14298        let send_buf1 = [0; 20000];
14299        assert_eq!(
14300            pipe.client.stream_send(0, &send_buf1, false),
14301            if cc_algorithm_name == "cubic" {
14302                Ok(12000)
14303            } else {
14304                if cfg!(feature = "openssl") {
14305                    Ok(12345)
14306                } else {
14307                    Ok(12299)
14308                }
14309            }
14310        );
14311
14312        testing::emit_flight(&mut pipe.client).ok();
14313
14314        // Client gets PING frames from server, which elicit ACK
14315        let mut buf = [0; 2000];
14316        for _ in 0..recovery::MAX_OUTSTANDING_NON_ACK_ELICITING {
14317            let written = testing::encode_pkt(
14318                &mut pipe.server,
14319                packet::Type::Short,
14320                &[frame::Frame::Ping { mtu_probe: None }],
14321                &mut buf,
14322            )
14323            .unwrap();
14324
14325            pipe.client_recv(&mut buf[..written])
14326                .expect("client recv ping");
14327
14328            // Client acknowledges despite a full congestion window
14329            let ret = pipe.client.send(&mut buf);
14330
14331            assert!(matches!(ret, Ok((_, _))), "the client should at least send one packet to acknowledge the newly received data");
14332
14333            let (sent, _) = ret.unwrap();
14334
14335            assert_ne!(
14336                sent, 0,
14337                "the client should at least send a pure ACK packet"
14338            );
14339
14340            let frames =
14341                testing::decode_pkt(&mut pipe.server, &mut buf[..sent]).unwrap();
14342
14343            assert_eq!(1, frames.len());
14344
14345            assert!(
14346                matches!(frames[0], frame::Frame::ACK { .. }),
14347                "the packet sent by the client must be an ACK only packet"
14348            );
14349        }
14350
14351        // The client shouldn't need to send any more packets after the ACK only
14352        // packet it just sent.
14353        assert_eq!(
14354            pipe.client.send(&mut buf),
14355            Err(Error::Done),
14356            "nothing for client to send after ACK-only packet"
14357        );
14358    }
14359
14360    #[rstest]
14361    fn app_limited_false_no_frame(
14362        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14363    ) {
14364        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14365        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14366        config
14367            .set_application_protos(&[b"proto1", b"proto2"])
14368            .unwrap();
14369        config.set_initial_max_data(50000);
14370        config.set_initial_max_stream_data_bidi_local(50000);
14371        config.set_initial_max_stream_data_bidi_remote(50000);
14372        config.set_max_recv_udp_payload_size(1405);
14373        config.verify_peer(false);
14374
14375        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
14376        assert_eq!(pipe.handshake(), Ok(()));
14377
14378        // Client sends stream data.
14379        assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
14380        assert_eq!(pipe.advance(), Ok(()));
14381
14382        // Server reads stream data.
14383        let mut b = [0; 15];
14384        pipe.server.stream_recv(0, &mut b).unwrap();
14385        assert_eq!(pipe.advance(), Ok(()));
14386
14387        // Server sends stream data bigger than cwnd.
14388        let send_buf1 = [0; 20000];
14389        assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
14390
14391        testing::emit_flight(&mut pipe.server).ok();
14392
14393        // We can't create a new packet header because there is no room by cwnd.
14394        // app_limited should be false because we can't send more by cwnd.
14395        assert!(!pipe
14396            .server
14397            .paths
14398            .get_active()
14399            .expect("no active")
14400            .recovery
14401            .app_limited());
14402    }
14403
14404    #[rstest]
14405    fn app_limited_false_no_header(
14406        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14407    ) {
14408        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14409        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14410        config
14411            .set_application_protos(&[b"proto1", b"proto2"])
14412            .unwrap();
14413        config.set_initial_max_data(50000);
14414        config.set_initial_max_stream_data_bidi_local(50000);
14415        config.set_initial_max_stream_data_bidi_remote(50000);
14416        config.set_max_recv_udp_payload_size(1406);
14417        config.verify_peer(false);
14418
14419        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
14420        assert_eq!(pipe.handshake(), Ok(()));
14421
14422        // Client sends stream data.
14423        assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
14424        assert_eq!(pipe.advance(), Ok(()));
14425
14426        // Server reads stream data.
14427        let mut b = [0; 15];
14428        pipe.server.stream_recv(0, &mut b).unwrap();
14429        assert_eq!(pipe.advance(), Ok(()));
14430
14431        // Server sends stream data bigger than cwnd.
14432        let send_buf1 = [0; 20000];
14433        assert_eq!(pipe.server.stream_send(0, &send_buf1, false), Ok(12000));
14434
14435        testing::emit_flight(&mut pipe.server).ok();
14436
14437        // We can't create a new frame because there is no room by cwnd.
14438        // app_limited should be false because we can't send more by cwnd.
14439        assert!(!pipe
14440            .server
14441            .paths
14442            .get_active()
14443            .expect("no active")
14444            .recovery
14445            .app_limited());
14446    }
14447
14448    #[rstest]
14449    fn app_limited_not_changed_on_no_new_frames(
14450        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14451    ) {
14452        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
14453        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14454        config
14455            .set_application_protos(&[b"proto1", b"proto2"])
14456            .unwrap();
14457        config.set_initial_max_data(50000);
14458        config.set_initial_max_stream_data_bidi_local(50000);
14459        config.set_initial_max_stream_data_bidi_remote(50000);
14460        config.set_max_recv_udp_payload_size(1200);
14461        config.verify_peer(false);
14462
14463        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
14464        assert_eq!(pipe.handshake(), Ok(()));
14465
14466        // Client sends stream data.
14467        assert_eq!(pipe.client.stream_send(0, b"a", true), Ok(1));
14468        assert_eq!(pipe.advance(), Ok(()));
14469
14470        // Server reads stream data.
14471        let mut b = [0; 15];
14472        pipe.server.stream_recv(0, &mut b).unwrap();
14473        assert_eq!(pipe.advance(), Ok(()));
14474
14475        // Client's app_limited is true because its bytes-in-flight
14476        // is much smaller than the current cwnd.
14477        assert!(pipe
14478            .client
14479            .paths
14480            .get_active()
14481            .expect("no active")
14482            .recovery
14483            .app_limited());
14484
14485        // Client has no new frames to send - returns Done.
14486        assert_eq!(testing::emit_flight(&mut pipe.client), Err(Error::Done));
14487
14488        // Client's app_limited should remain the same.
14489        assert!(pipe
14490            .client
14491            .paths
14492            .get_active()
14493            .expect("no active")
14494            .recovery
14495            .app_limited());
14496    }
14497
14498    #[rstest]
14499    fn limit_ack_ranges(
14500        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14501    ) {
14502        let mut buf = [0; 65535];
14503
14504        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
14505        assert_eq!(pipe.handshake(), Ok(()));
14506
14507        let epoch = packet::Epoch::Application;
14508
14509        assert_eq!(pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.len(), 0);
14510
14511        let frames = [
14512            frame::Frame::Ping { mtu_probe: None },
14513            frame::Frame::Padding { len: 3 },
14514        ];
14515
14516        let pkt_type = packet::Type::Short;
14517
14518        let mut last_packet_sent = 0;
14519
14520        for _ in 0..512 {
14521            let recv_count = pipe.server.recv_count;
14522
14523            last_packet_sent = pipe.client.next_pkt_num;
14524
14525            pipe.send_pkt_to_server(pkt_type, &frames, &mut buf)
14526                .unwrap();
14527
14528            assert_eq!(pipe.server.recv_count, recv_count + 1);
14529
14530            // Skip packet number.
14531            pipe.client.next_pkt_num += 1;
14532        }
14533
14534        assert_eq!(
14535            pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.len(),
14536            MAX_ACK_RANGES
14537        );
14538
14539        assert_eq!(
14540            pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.first(),
14541            Some(last_packet_sent - ((MAX_ACK_RANGES as u64) - 1) * 2)
14542        );
14543
14544        assert_eq!(
14545            pipe.server.pkt_num_spaces[epoch].recv_pkt_need_ack.last(),
14546            Some(last_packet_sent)
14547        );
14548    }
14549
14550    #[rstest]
14551    /// Tests that streams are correctly scheduled based on their priority.
14552    fn stream_priority(
14553        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14554    ) {
14555        // Limit 1-RTT packet size to avoid congestion control interference.
14556        const MAX_TEST_PACKET_SIZE: usize = 540;
14557
14558        let mut buf = [0; 65535];
14559
14560        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
14561        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14562        config
14563            .load_cert_chain_from_pem_file("examples/cert.crt")
14564            .unwrap();
14565        config
14566            .load_priv_key_from_pem_file("examples/cert.key")
14567            .unwrap();
14568        config
14569            .set_application_protos(&[b"proto1", b"proto2"])
14570            .unwrap();
14571        config.set_initial_max_data(1_000_000);
14572        config.set_initial_max_stream_data_bidi_local(1_000_000);
14573        config.set_initial_max_stream_data_bidi_remote(1_000_000);
14574        config.set_initial_max_stream_data_uni(0);
14575        config.set_initial_max_streams_bidi(100);
14576        config.set_initial_max_streams_uni(0);
14577        config.verify_peer(false);
14578
14579        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
14580        assert_eq!(pipe.handshake(), Ok(()));
14581
14582        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
14583        assert_eq!(pipe.advance(), Ok(()));
14584
14585        assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
14586        assert_eq!(pipe.advance(), Ok(()));
14587
14588        assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
14589        assert_eq!(pipe.advance(), Ok(()));
14590
14591        assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
14592        assert_eq!(pipe.advance(), Ok(()));
14593
14594        assert_eq!(pipe.client.stream_send(16, b"a", false), Ok(1));
14595        assert_eq!(pipe.advance(), Ok(()));
14596
14597        assert_eq!(pipe.client.stream_send(20, b"a", false), Ok(1));
14598        assert_eq!(pipe.advance(), Ok(()));
14599
14600        let mut b = [0; 1];
14601
14602        let out = [b'b'; 500];
14603
14604        // Server prioritizes streams as follows:
14605        //  * Stream 8 and 16 have the same priority but are non-incremental.
14606        //  * Stream 4, 12 and 20 have the same priority but 20 is non-incremental
14607        //    and 4 and 12 are incremental.
14608        //  * Stream 0 is on its own.
14609
14610        pipe.server.stream_recv(0, &mut b).unwrap();
14611        assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
14612        pipe.server.stream_send(0, &out, false).unwrap();
14613        pipe.server.stream_send(0, &out, false).unwrap();
14614        pipe.server.stream_send(0, &out, false).unwrap();
14615
14616        pipe.server.stream_recv(12, &mut b).unwrap();
14617        assert_eq!(pipe.server.stream_priority(12, 42, true), Ok(()));
14618        pipe.server.stream_send(12, &out, false).unwrap();
14619        pipe.server.stream_send(12, &out, false).unwrap();
14620        pipe.server.stream_send(12, &out, false).unwrap();
14621
14622        pipe.server.stream_recv(16, &mut b).unwrap();
14623        assert_eq!(pipe.server.stream_priority(16, 10, false), Ok(()));
14624        pipe.server.stream_send(16, &out, false).unwrap();
14625        pipe.server.stream_send(16, &out, false).unwrap();
14626        pipe.server.stream_send(16, &out, false).unwrap();
14627
14628        pipe.server.stream_recv(4, &mut b).unwrap();
14629        assert_eq!(pipe.server.stream_priority(4, 42, true), Ok(()));
14630        pipe.server.stream_send(4, &out, false).unwrap();
14631        pipe.server.stream_send(4, &out, false).unwrap();
14632        pipe.server.stream_send(4, &out, false).unwrap();
14633
14634        pipe.server.stream_recv(8, &mut b).unwrap();
14635        assert_eq!(pipe.server.stream_priority(8, 10, false), Ok(()));
14636        pipe.server.stream_send(8, &out, false).unwrap();
14637        pipe.server.stream_send(8, &out, false).unwrap();
14638        pipe.server.stream_send(8, &out, false).unwrap();
14639
14640        pipe.server.stream_recv(20, &mut b).unwrap();
14641        assert_eq!(pipe.server.stream_priority(20, 42, false), Ok(()));
14642        pipe.server.stream_send(20, &out, false).unwrap();
14643        pipe.server.stream_send(20, &out, false).unwrap();
14644        pipe.server.stream_send(20, &out, false).unwrap();
14645
14646        // First is stream 8.
14647        let mut off = 0;
14648
14649        for _ in 1..=3 {
14650            let (len, _) =
14651                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14652
14653            let frames =
14654                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14655            let stream = frames.first().unwrap();
14656
14657            assert_eq!(stream, &frame::Frame::Stream {
14658                stream_id: 8,
14659                data: <RangeBuf>::from(&out, off, false),
14660            });
14661
14662            off = match stream {
14663                frame::Frame::Stream { data, .. } => data.max_off(),
14664
14665                _ => unreachable!(),
14666            };
14667        }
14668
14669        // Then is stream 16.
14670        let mut off = 0;
14671
14672        for _ in 1..=3 {
14673            let (len, _) =
14674                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14675
14676            let frames =
14677                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14678            let stream = frames.first().unwrap();
14679
14680            assert_eq!(stream, &frame::Frame::Stream {
14681                stream_id: 16,
14682                data: <RangeBuf>::from(&out, off, false),
14683            });
14684
14685            off = match stream {
14686                frame::Frame::Stream { data, .. } => data.max_off(),
14687
14688                _ => unreachable!(),
14689            };
14690        }
14691
14692        // Then is stream 20.
14693        let mut off = 0;
14694
14695        for _ in 1..=3 {
14696            let (len, _) =
14697                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14698
14699            let frames =
14700                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14701            let stream = frames.first().unwrap();
14702
14703            assert_eq!(stream, &frame::Frame::Stream {
14704                stream_id: 20,
14705                data: <RangeBuf>::from(&out, off, false),
14706            });
14707
14708            off = match stream {
14709                frame::Frame::Stream { data, .. } => data.max_off(),
14710
14711                _ => unreachable!(),
14712            };
14713        }
14714
14715        // Then are stream 12 and 4, with the same priority, incrementally.
14716        let mut off = 0;
14717
14718        for _ in 1..=3 {
14719            let (len, _) =
14720                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14721
14722            let frames =
14723                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14724
14725            assert_eq!(
14726                frames.first(),
14727                Some(&frame::Frame::Stream {
14728                    stream_id: 12,
14729                    data: <RangeBuf>::from(&out, off, false),
14730                })
14731            );
14732
14733            let (len, _) =
14734                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14735
14736            let frames =
14737                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14738
14739            let stream = frames.first().unwrap();
14740
14741            assert_eq!(stream, &frame::Frame::Stream {
14742                stream_id: 4,
14743                data: <RangeBuf>::from(&out, off, false),
14744            });
14745
14746            off = match stream {
14747                frame::Frame::Stream { data, .. } => data.max_off(),
14748
14749                _ => unreachable!(),
14750            };
14751        }
14752
14753        // Final is stream 0.
14754        let mut off = 0;
14755
14756        for _ in 1..=3 {
14757            let (len, _) =
14758                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14759
14760            let frames =
14761                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14762            let stream = frames.first().unwrap();
14763
14764            assert_eq!(stream, &frame::Frame::Stream {
14765                stream_id: 0,
14766                data: <RangeBuf>::from(&out, off, false),
14767            });
14768
14769            off = match stream {
14770                frame::Frame::Stream { data, .. } => data.max_off(),
14771
14772                _ => unreachable!(),
14773            };
14774        }
14775
14776        assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
14777    }
14778
14779    #[rstest]
14780    /// Tests that changing a stream's priority is correctly propagated.
14781    fn stream_reprioritize(
14782        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14783    ) {
14784        let mut buf = [0; 65535];
14785
14786        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
14787        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14788        config
14789            .load_cert_chain_from_pem_file("examples/cert.crt")
14790            .unwrap();
14791        config
14792            .load_priv_key_from_pem_file("examples/cert.key")
14793            .unwrap();
14794        config
14795            .set_application_protos(&[b"proto1", b"proto2"])
14796            .unwrap();
14797        config.set_initial_max_data(30);
14798        config.set_initial_max_stream_data_bidi_local(15);
14799        config.set_initial_max_stream_data_bidi_remote(15);
14800        config.set_initial_max_stream_data_uni(0);
14801        config.set_initial_max_streams_bidi(5);
14802        config.set_initial_max_streams_uni(0);
14803        config.verify_peer(false);
14804
14805        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
14806        assert_eq!(pipe.handshake(), Ok(()));
14807
14808        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
14809        assert_eq!(pipe.advance(), Ok(()));
14810
14811        assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
14812        assert_eq!(pipe.advance(), Ok(()));
14813
14814        assert_eq!(pipe.client.stream_send(8, b"a", false), Ok(1));
14815        assert_eq!(pipe.advance(), Ok(()));
14816
14817        assert_eq!(pipe.client.stream_send(12, b"a", false), Ok(1));
14818        assert_eq!(pipe.advance(), Ok(()));
14819
14820        let mut b = [0; 1];
14821
14822        pipe.server.stream_recv(0, &mut b).unwrap();
14823        assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
14824        pipe.server.stream_send(0, b"b", false).unwrap();
14825
14826        pipe.server.stream_recv(12, &mut b).unwrap();
14827        assert_eq!(pipe.server.stream_priority(12, 42, true), Ok(()));
14828        pipe.server.stream_send(12, b"b", false).unwrap();
14829
14830        pipe.server.stream_recv(8, &mut b).unwrap();
14831        assert_eq!(pipe.server.stream_priority(8, 10, true), Ok(()));
14832        pipe.server.stream_send(8, b"b", false).unwrap();
14833
14834        pipe.server.stream_recv(4, &mut b).unwrap();
14835        assert_eq!(pipe.server.stream_priority(4, 42, true), Ok(()));
14836        pipe.server.stream_send(4, b"b", false).unwrap();
14837
14838        // Stream 0 is re-prioritized!!!
14839        assert_eq!(pipe.server.stream_priority(0, 20, true), Ok(()));
14840
14841        // First is stream 8.
14842        let (len, _) = pipe.server.send(&mut buf).unwrap();
14843
14844        let frames =
14845            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14846
14847        assert_eq!(
14848            frames.first(),
14849            Some(&frame::Frame::Stream {
14850                stream_id: 8,
14851                data: <RangeBuf>::from(b"b", 0, false),
14852            })
14853        );
14854
14855        // Then is stream 0.
14856        let (len, _) = pipe.server.send(&mut buf).unwrap();
14857
14858        let frames =
14859            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14860
14861        assert_eq!(
14862            frames.first(),
14863            Some(&frame::Frame::Stream {
14864                stream_id: 0,
14865                data: <RangeBuf>::from(b"b", 0, false),
14866            })
14867        );
14868
14869        // Then are stream 12 and 4, with the same priority.
14870        let (len, _) = pipe.server.send(&mut buf).unwrap();
14871
14872        let frames =
14873            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14874
14875        assert_eq!(
14876            frames.first(),
14877            Some(&frame::Frame::Stream {
14878                stream_id: 12,
14879                data: <RangeBuf>::from(b"b", 0, false),
14880            })
14881        );
14882
14883        let (len, _) = pipe.server.send(&mut buf).unwrap();
14884
14885        let frames =
14886            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14887
14888        assert_eq!(
14889            frames.first(),
14890            Some(&frame::Frame::Stream {
14891                stream_id: 4,
14892                data: <RangeBuf>::from(b"b", 0, false),
14893            })
14894        );
14895
14896        assert_eq!(pipe.server.send(&mut buf), Err(Error::Done));
14897    }
14898
14899    #[rstest]
14900    /// Tests that streams and datagrams are correctly scheduled.
14901    fn stream_datagram_priority(
14902        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
14903    ) {
14904        // Limit 1-RTT packet size to avoid congestion control interference.
14905        const MAX_TEST_PACKET_SIZE: usize = 540;
14906
14907        let mut buf = [0; 65535];
14908
14909        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
14910        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
14911        config
14912            .load_cert_chain_from_pem_file("examples/cert.crt")
14913            .unwrap();
14914        config
14915            .load_priv_key_from_pem_file("examples/cert.key")
14916            .unwrap();
14917        config
14918            .set_application_protos(&[b"proto1", b"proto2"])
14919            .unwrap();
14920        config.set_initial_max_data(1_000_000);
14921        config.set_initial_max_stream_data_bidi_local(1_000_000);
14922        config.set_initial_max_stream_data_bidi_remote(1_000_000);
14923        config.set_initial_max_stream_data_uni(0);
14924        config.set_initial_max_streams_bidi(100);
14925        config.set_initial_max_streams_uni(0);
14926        config.enable_dgram(true, 10, 10);
14927        config.verify_peer(false);
14928
14929        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
14930        assert_eq!(pipe.handshake(), Ok(()));
14931
14932        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
14933        assert_eq!(pipe.advance(), Ok(()));
14934
14935        assert_eq!(pipe.client.stream_send(4, b"a", false), Ok(1));
14936        assert_eq!(pipe.advance(), Ok(()));
14937
14938        let mut b = [0; 1];
14939
14940        let out = [b'b'; 500];
14941
14942        // Server prioritizes Stream 0 and 4 with the same urgency with
14943        // incremental, meaning the frames should be sent in round-robin
14944        // fashion. It also sends DATAGRAMS which are always interleaved with
14945        // STREAM frames. So we'll expect a mix of frame types regardless
14946        // of the order that the application writes things in.
14947
14948        pipe.server.stream_recv(0, &mut b).unwrap();
14949        assert_eq!(pipe.server.stream_priority(0, 255, true), Ok(()));
14950        pipe.server.stream_send(0, &out, false).unwrap();
14951        pipe.server.stream_send(0, &out, false).unwrap();
14952        pipe.server.stream_send(0, &out, false).unwrap();
14953
14954        assert_eq!(pipe.server.stream_priority(4, 255, true), Ok(()));
14955        pipe.server.stream_send(4, &out, false).unwrap();
14956        pipe.server.stream_send(4, &out, false).unwrap();
14957        pipe.server.stream_send(4, &out, false).unwrap();
14958
14959        for _ in 1..=6 {
14960            assert_eq!(pipe.server.dgram_send(&out), Ok(()));
14961        }
14962
14963        let mut off_0 = 0;
14964        let mut off_4 = 0;
14965
14966        for _ in 1..=3 {
14967            // DATAGRAM
14968            let (len, _) =
14969                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14970
14971            let frames =
14972                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14973            let mut frame_iter = frames.iter();
14974
14975            assert_eq!(frame_iter.next().unwrap(), &frame::Frame::Datagram {
14976                data: out.into()
14977            });
14978            assert_eq!(frame_iter.next(), None);
14979
14980            // STREAM 0
14981            let (len, _) =
14982                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
14983
14984            let frames =
14985                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
14986            let mut frame_iter = frames.iter();
14987            let stream = frame_iter.next().unwrap();
14988
14989            assert_eq!(stream, &frame::Frame::Stream {
14990                stream_id: 0,
14991                data: <RangeBuf>::from(&out, off_0, false),
14992            });
14993
14994            off_0 = match stream {
14995                frame::Frame::Stream { data, .. } => data.max_off(),
14996
14997                _ => unreachable!(),
14998            };
14999            assert_eq!(frame_iter.next(), None);
15000
15001            // DATAGRAM
15002            let (len, _) =
15003                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
15004
15005            let frames =
15006                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
15007            let mut frame_iter = frames.iter();
15008
15009            assert_eq!(frame_iter.next().unwrap(), &frame::Frame::Datagram {
15010                data: out.into()
15011            });
15012            assert_eq!(frame_iter.next(), None);
15013
15014            // STREAM 4
15015            let (len, _) =
15016                pipe.server.send(&mut buf[..MAX_TEST_PACKET_SIZE]).unwrap();
15017
15018            let frames =
15019                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
15020            let mut frame_iter = frames.iter();
15021            let stream = frame_iter.next().unwrap();
15022
15023            assert_eq!(stream, &frame::Frame::Stream {
15024                stream_id: 4,
15025                data: <RangeBuf>::from(&out, off_4, false),
15026            });
15027
15028            off_4 = match stream {
15029                frame::Frame::Stream { data, .. } => data.max_off(),
15030
15031                _ => unreachable!(),
15032            };
15033            assert_eq!(frame_iter.next(), None);
15034        }
15035    }
15036
15037    #[rstest]
15038    /// Tests that old data is retransmitted on PTO.
15039    fn early_retransmit(
15040        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15041    ) {
15042        let mut buf = [0; 65535];
15043
15044        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15045        assert_eq!(pipe.handshake(), Ok(()));
15046
15047        // Client sends stream data.
15048        assert_eq!(pipe.client.stream_send(0, b"a", false), Ok(1));
15049        assert_eq!(pipe.advance(), Ok(()));
15050
15051        // Client sends more stream data, but packet is lost
15052        assert_eq!(pipe.client.stream_send(4, b"b", false), Ok(1));
15053        assert!(pipe.client.send(&mut buf).is_ok());
15054
15055        // Wait until PTO expires. Since the RTT is very low, wait a bit more.
15056        let timer = pipe.client.timeout().unwrap();
15057        std::thread::sleep(timer + time::Duration::from_millis(1));
15058
15059        pipe.client.on_timeout();
15060
15061        let epoch = packet::Epoch::Application;
15062        assert_eq!(
15063            pipe.client
15064                .paths
15065                .get_active()
15066                .expect("no active")
15067                .recovery
15068                .loss_probes(epoch),
15069            1,
15070        );
15071
15072        // Client retransmits stream data in PTO probe.
15073        let (len, _) = pipe.client.send(&mut buf).unwrap();
15074        assert_eq!(
15075            pipe.client
15076                .paths
15077                .get_active()
15078                .expect("no active")
15079                .recovery
15080                .loss_probes(epoch),
15081            0,
15082        );
15083
15084        let frames =
15085            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
15086
15087        let mut iter = frames.iter();
15088
15089        // Skip ACK frame.
15090        iter.next();
15091
15092        assert_eq!(
15093            iter.next(),
15094            Some(&frame::Frame::Stream {
15095                stream_id: 4,
15096                data: <RangeBuf>::from(b"b", 0, false),
15097            })
15098        );
15099        assert_eq!(pipe.client.stats().retrans, 1);
15100    }
15101
15102    #[rstest]
15103    /// Tests that PTO probe packets are not coalesced together.
15104    fn dont_coalesce_probes(
15105        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15106    ) {
15107        let mut buf = [0; 65535];
15108
15109        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15110
15111        // Client sends Initial packet.
15112        let (len, _) = pipe.client.send(&mut buf).unwrap();
15113        assert_eq!(len, 1200);
15114
15115        // Wait for PTO to expire.
15116        let timer = pipe.client.timeout().unwrap();
15117        std::thread::sleep(timer + time::Duration::from_millis(1));
15118
15119        pipe.client.on_timeout();
15120
15121        let epoch = packet::Epoch::Initial;
15122        assert_eq!(
15123            pipe.client
15124                .paths
15125                .get_active()
15126                .expect("no active")
15127                .recovery
15128                .loss_probes(epoch),
15129            1,
15130        );
15131
15132        // Client sends PTO probe.
15133        let (len, _) = pipe.client.send(&mut buf).unwrap();
15134        assert_eq!(len, 1200);
15135        assert_eq!(
15136            pipe.client
15137                .paths
15138                .get_active()
15139                .expect("no active")
15140                .recovery
15141                .loss_probes(epoch),
15142            0,
15143        );
15144
15145        // Wait for PTO to expire.
15146        let timer = pipe.client.timeout().unwrap();
15147        std::thread::sleep(timer + time::Duration::from_millis(1));
15148
15149        pipe.client.on_timeout();
15150
15151        assert_eq!(
15152            pipe.client
15153                .paths
15154                .get_active()
15155                .expect("no active")
15156                .recovery
15157                .loss_probes(epoch),
15158            2,
15159        );
15160
15161        // Client sends first PTO probe.
15162        let (len, _) = pipe.client.send(&mut buf).unwrap();
15163        assert_eq!(len, 1200);
15164        assert_eq!(
15165            pipe.client
15166                .paths
15167                .get_active()
15168                .expect("no active")
15169                .recovery
15170                .loss_probes(epoch),
15171            1,
15172        );
15173
15174        // Client sends second PTO probe.
15175        let (len, _) = pipe.client.send(&mut buf).unwrap();
15176        assert_eq!(len, 1200);
15177        assert_eq!(
15178            pipe.client
15179                .paths
15180                .get_active()
15181                .expect("no active")
15182                .recovery
15183                .loss_probes(epoch),
15184            0,
15185        );
15186    }
15187
15188    #[rstest]
15189    fn coalesce_padding_short(
15190        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15191    ) {
15192        let mut buf = [0; 65535];
15193
15194        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15195
15196        // Client sends first flight.
15197        let (len, _) = pipe.client.send(&mut buf).unwrap();
15198        assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
15199        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15200
15201        // Server sends first flight.
15202        let (len, _) = pipe.server.send(&mut buf).unwrap();
15203        assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
15204        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
15205
15206        let (len, _) = pipe.server.send(&mut buf).unwrap();
15207        assert_eq!(pipe.client_recv(&mut buf[..len]), Ok(len));
15208
15209        // Client sends stream data.
15210        assert!(pipe.client.is_established());
15211        assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
15212
15213        // Client sends second flight.
15214        let (len, _) = pipe.client.send(&mut buf).unwrap();
15215        assert_eq!(len, MIN_CLIENT_INITIAL_LEN);
15216        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15217
15218        // None of the sent packets should have been dropped.
15219        assert_eq!(pipe.client.sent_count, pipe.server.recv_count);
15220        assert_eq!(pipe.server.sent_count, pipe.client.recv_count);
15221    }
15222
15223    #[rstest]
15224    /// Tests that client avoids handshake deadlock by arming PTO.
15225    fn handshake_anti_deadlock(
15226        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15227    ) {
15228        let mut buf = [0; 65535];
15229
15230        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
15231        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15232        config
15233            .load_cert_chain_from_pem_file("examples/cert-big.crt")
15234            .unwrap();
15235        config
15236            .load_priv_key_from_pem_file("examples/cert.key")
15237            .unwrap();
15238        config
15239            .set_application_protos(&[b"proto1", b"proto2"])
15240            .unwrap();
15241
15242        let mut pipe = testing::Pipe::with_server_config(&mut config).unwrap();
15243
15244        assert!(!pipe.client.handshake_status().has_handshake_keys);
15245        assert!(!pipe.client.handshake_status().peer_verified_address);
15246        assert!(!pipe.server.handshake_status().has_handshake_keys);
15247        assert!(pipe.server.handshake_status().peer_verified_address);
15248
15249        // Client sends padded Initial.
15250        let (len, _) = pipe.client.send(&mut buf).unwrap();
15251        assert_eq!(len, 1200);
15252
15253        // Server receives client's Initial and sends own Initial and Handshake
15254        // until it's blocked by the anti-amplification limit.
15255        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15256        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15257
15258        assert!(!pipe.client.handshake_status().has_handshake_keys);
15259        assert!(!pipe.client.handshake_status().peer_verified_address);
15260        assert!(pipe.server.handshake_status().has_handshake_keys);
15261        assert!(pipe.server.handshake_status().peer_verified_address);
15262
15263        // Client receives the server flight and sends Handshake ACK, but it is
15264        // lost.
15265        testing::process_flight(&mut pipe.client, flight).unwrap();
15266        testing::emit_flight(&mut pipe.client).unwrap();
15267
15268        assert!(pipe.client.handshake_status().has_handshake_keys);
15269        assert!(!pipe.client.handshake_status().peer_verified_address);
15270        assert!(pipe.server.handshake_status().has_handshake_keys);
15271        assert!(pipe.server.handshake_status().peer_verified_address);
15272
15273        // Make sure client's PTO timer is armed.
15274        assert!(pipe.client.timeout().is_some());
15275    }
15276
15277    #[rstest]
15278    /// Tests that packets with corrupted type (from Handshake to Initial) are
15279    /// properly ignored.
15280    fn handshake_packet_type_corruption(
15281        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15282    ) {
15283        let mut buf = [0; 65535];
15284
15285        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15286
15287        // Client sends padded Initial.
15288        let (len, _) = pipe.client.send(&mut buf).unwrap();
15289        assert_eq!(len, 1200);
15290
15291        // Server receives client's Initial and sends own Initial and Handshake.
15292        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15293
15294        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15295        testing::process_flight(&mut pipe.client, flight).unwrap();
15296
15297        // Client sends Initial packet with ACK.
15298        let active_pid =
15299            pipe.client.paths.get_active_path_id().expect("no active");
15300        let (ty, len) = pipe
15301            .client
15302            .send_single(&mut buf, active_pid, false, time::Instant::now())
15303            .unwrap();
15304        assert_eq!(ty, Type::Initial);
15305
15306        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15307
15308        // Client sends Handshake packet.
15309        let (ty, len) = pipe
15310            .client
15311            .send_single(&mut buf, active_pid, false, time::Instant::now())
15312            .unwrap();
15313        assert_eq!(ty, Type::Handshake);
15314
15315        // Packet type is corrupted to Initial.
15316        buf[0] &= !(0x20);
15317
15318        let hdr = Header::from_slice(&mut buf[..len], 0).unwrap();
15319        assert_eq!(hdr.ty, Type::Initial);
15320
15321        // Server receives corrupted packet without returning an error.
15322        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15323    }
15324
15325    #[rstest]
15326    fn dgram_send_fails_invalidstate(
15327        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15328    ) {
15329        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15330        assert_eq!(pipe.handshake(), Ok(()));
15331
15332        assert_eq!(
15333            pipe.client.dgram_send(b"hello, world"),
15334            Err(Error::InvalidState)
15335        );
15336    }
15337
15338    #[rstest]
15339    fn dgram_send_app_limited(
15340        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15341    ) {
15342        let mut buf = [0; 65535];
15343        let send_buf = [0xcf; 1000];
15344
15345        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15346        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15347        config
15348            .load_cert_chain_from_pem_file("examples/cert.crt")
15349            .unwrap();
15350        config
15351            .load_priv_key_from_pem_file("examples/cert.key")
15352            .unwrap();
15353        config
15354            .set_application_protos(&[b"proto1", b"proto2"])
15355            .unwrap();
15356        config.set_initial_max_data(30);
15357        config.set_initial_max_stream_data_bidi_local(15);
15358        config.set_initial_max_stream_data_bidi_remote(15);
15359        config.set_initial_max_stream_data_uni(10);
15360        config.set_initial_max_streams_bidi(3);
15361        config.set_initial_max_streams_uni(3);
15362        config.enable_dgram(true, 1000, 1000);
15363        config.set_max_recv_udp_payload_size(1200);
15364        config.verify_peer(false);
15365
15366        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15367        assert_eq!(pipe.handshake(), Ok(()));
15368
15369        for _ in 0..1000 {
15370            assert_eq!(pipe.client.dgram_send(&send_buf), Ok(()));
15371        }
15372
15373        assert_eq!(
15374            !pipe
15375                .client
15376                .paths
15377                .get_active()
15378                .expect("no active")
15379                .recovery
15380                .app_limited(),
15381            // bbr2_gcongestion uses different logic to set app_limited
15382            // TODO fix
15383            cc_algorithm_name != "bbr2_gcongestion"
15384        );
15385        assert_eq!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
15386
15387        let (len, _) = pipe.client.send(&mut buf).unwrap();
15388
15389        assert_ne!(pipe.client.dgram_send_queue.byte_size(), 0);
15390        assert_ne!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
15391        assert_eq!(
15392            !pipe
15393                .client
15394                .paths
15395                .get_active()
15396                .expect("no active")
15397                .recovery
15398                .app_limited(),
15399            cc_algorithm_name != "bbr2_gcongestion"
15400        );
15401
15402        assert_eq!(pipe.server_recv(&mut buf[..len]), Ok(len));
15403
15404        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15405        testing::process_flight(&mut pipe.server, flight).unwrap();
15406
15407        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15408        testing::process_flight(&mut pipe.client, flight).unwrap();
15409
15410        assert_ne!(pipe.client.dgram_send_queue.byte_size(), 0);
15411        assert_ne!(pipe.client.dgram_send_queue.byte_size(), 1_000_000);
15412
15413        assert_eq!(
15414            !pipe
15415                .client
15416                .paths
15417                .get_active()
15418                .expect("no active")
15419                .recovery
15420                .app_limited(),
15421            cc_algorithm_name != "bbr2_gcongestion"
15422        );
15423    }
15424
15425    #[rstest]
15426    fn dgram_single_datagram(
15427        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15428    ) {
15429        let mut buf = [0; 65535];
15430
15431        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15432        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15433        config
15434            .load_cert_chain_from_pem_file("examples/cert.crt")
15435            .unwrap();
15436        config
15437            .load_priv_key_from_pem_file("examples/cert.key")
15438            .unwrap();
15439        config
15440            .set_application_protos(&[b"proto1", b"proto2"])
15441            .unwrap();
15442        config.set_initial_max_data(30);
15443        config.set_initial_max_stream_data_bidi_local(15);
15444        config.set_initial_max_stream_data_bidi_remote(15);
15445        config.set_initial_max_stream_data_uni(10);
15446        config.set_initial_max_streams_bidi(3);
15447        config.set_initial_max_streams_uni(3);
15448        config.enable_dgram(true, 10, 10);
15449        config.verify_peer(false);
15450
15451        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15452        assert_eq!(pipe.handshake(), Ok(()));
15453
15454        assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
15455
15456        assert_eq!(pipe.advance(), Ok(()));
15457
15458        let result1 = pipe.server.dgram_recv(&mut buf);
15459        assert_eq!(result1, Ok(12));
15460
15461        let result2 = pipe.server.dgram_recv(&mut buf);
15462        assert_eq!(result2, Err(Error::Done));
15463    }
15464
15465    #[rstest]
15466    fn dgram_multiple_datagrams(
15467        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15468    ) {
15469        let mut buf = [0; 65535];
15470
15471        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15472        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15473        config
15474            .load_cert_chain_from_pem_file("examples/cert.crt")
15475            .unwrap();
15476        config
15477            .load_priv_key_from_pem_file("examples/cert.key")
15478            .unwrap();
15479        config
15480            .set_application_protos(&[b"proto1", b"proto2"])
15481            .unwrap();
15482        config.set_initial_max_data(30);
15483        config.set_initial_max_stream_data_bidi_local(15);
15484        config.set_initial_max_stream_data_bidi_remote(15);
15485        config.set_initial_max_stream_data_uni(10);
15486        config.set_initial_max_streams_bidi(3);
15487        config.set_initial_max_streams_uni(3);
15488        config.enable_dgram(true, 2, 3);
15489        config.verify_peer(false);
15490
15491        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15492        assert_eq!(pipe.handshake(), Ok(()));
15493
15494        assert_eq!(pipe.client.dgram_send_queue_len(), 0);
15495        assert_eq!(pipe.client.dgram_send_queue_byte_size(), 0);
15496
15497        assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
15498        assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
15499        assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Ok(()));
15500        assert!(pipe.client.is_dgram_send_queue_full());
15501
15502        assert_eq!(pipe.client.dgram_send_queue_byte_size(), 34);
15503
15504        pipe.client
15505            .dgram_purge_outgoing(|d: &[u8]| -> bool { d[0] == b'c' });
15506
15507        assert_eq!(pipe.client.dgram_send_queue_len(), 2);
15508        assert_eq!(pipe.client.dgram_send_queue_byte_size(), 23);
15509        assert!(!pipe.client.is_dgram_send_queue_full());
15510
15511        // Before packets exchanged, no dgrams on server receive side.
15512        assert_eq!(pipe.server.dgram_recv_queue_len(), 0);
15513
15514        assert_eq!(pipe.advance(), Ok(()));
15515
15516        // After packets exchanged, no dgrams on client send side.
15517        assert_eq!(pipe.client.dgram_send_queue_len(), 0);
15518        assert_eq!(pipe.client.dgram_send_queue_byte_size(), 0);
15519
15520        assert_eq!(pipe.server.dgram_recv_queue_len(), 2);
15521        assert_eq!(pipe.server.dgram_recv_queue_byte_size(), 23);
15522        assert!(pipe.server.is_dgram_recv_queue_full());
15523
15524        let result1 = pipe.server.dgram_recv(&mut buf);
15525        assert_eq!(result1, Ok(12));
15526        assert_eq!(buf[0], b'h');
15527        assert_eq!(buf[1], b'e');
15528        assert!(!pipe.server.is_dgram_recv_queue_full());
15529
15530        let result2 = pipe.server.dgram_recv(&mut buf);
15531        assert_eq!(result2, Ok(11));
15532        assert_eq!(buf[0], b'h');
15533        assert_eq!(buf[1], b'o');
15534
15535        let result3 = pipe.server.dgram_recv(&mut buf);
15536        assert_eq!(result3, Err(Error::Done));
15537
15538        assert_eq!(pipe.server.dgram_recv_queue_len(), 0);
15539        assert_eq!(pipe.server.dgram_recv_queue_byte_size(), 0);
15540    }
15541
15542    #[rstest]
15543    fn dgram_send_queue_overflow(
15544        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15545    ) {
15546        let mut buf = [0; 65535];
15547
15548        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15549        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15550        config
15551            .load_cert_chain_from_pem_file("examples/cert.crt")
15552            .unwrap();
15553        config
15554            .load_priv_key_from_pem_file("examples/cert.key")
15555            .unwrap();
15556        config
15557            .set_application_protos(&[b"proto1", b"proto2"])
15558            .unwrap();
15559        config.set_initial_max_data(30);
15560        config.set_initial_max_stream_data_bidi_local(15);
15561        config.set_initial_max_stream_data_bidi_remote(15);
15562        config.set_initial_max_stream_data_uni(10);
15563        config.set_initial_max_streams_bidi(3);
15564        config.set_initial_max_streams_uni(3);
15565        config.enable_dgram(true, 10, 2);
15566        config.verify_peer(false);
15567
15568        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15569        assert_eq!(pipe.handshake(), Ok(()));
15570
15571        assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
15572        assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
15573        assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Err(Error::Done));
15574
15575        assert_eq!(pipe.advance(), Ok(()));
15576
15577        let result1 = pipe.server.dgram_recv(&mut buf);
15578        assert_eq!(result1, Ok(12));
15579        assert_eq!(buf[0], b'h');
15580        assert_eq!(buf[1], b'e');
15581
15582        let result2 = pipe.server.dgram_recv(&mut buf);
15583        assert_eq!(result2, Ok(11));
15584        assert_eq!(buf[0], b'c');
15585        assert_eq!(buf[1], b'i');
15586
15587        let result3 = pipe.server.dgram_recv(&mut buf);
15588        assert_eq!(result3, Err(Error::Done));
15589    }
15590
15591    #[rstest]
15592    fn dgram_recv_queue_overflow(
15593        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15594    ) {
15595        let mut buf = [0; 65535];
15596
15597        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15598        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15599        config
15600            .load_cert_chain_from_pem_file("examples/cert.crt")
15601            .unwrap();
15602        config
15603            .load_priv_key_from_pem_file("examples/cert.key")
15604            .unwrap();
15605        config
15606            .set_application_protos(&[b"proto1", b"proto2"])
15607            .unwrap();
15608        config.set_initial_max_data(30);
15609        config.set_initial_max_stream_data_bidi_local(15);
15610        config.set_initial_max_stream_data_bidi_remote(15);
15611        config.set_initial_max_stream_data_uni(10);
15612        config.set_initial_max_streams_bidi(3);
15613        config.set_initial_max_streams_uni(3);
15614        config.enable_dgram(true, 2, 10);
15615        config.set_max_recv_udp_payload_size(1200);
15616        config.verify_peer(false);
15617
15618        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15619        assert_eq!(pipe.handshake(), Ok(()));
15620
15621        assert_eq!(pipe.client.dgram_send(b"hello, world"), Ok(()));
15622        assert_eq!(pipe.client.dgram_send(b"ciao, mondo"), Ok(()));
15623        assert_eq!(pipe.client.dgram_send(b"hola, mundo"), Ok(()));
15624
15625        assert_eq!(pipe.advance(), Ok(()));
15626
15627        let result1 = pipe.server.dgram_recv(&mut buf);
15628        assert_eq!(result1, Ok(11));
15629        assert_eq!(buf[0], b'c');
15630        assert_eq!(buf[1], b'i');
15631
15632        let result2 = pipe.server.dgram_recv(&mut buf);
15633        assert_eq!(result2, Ok(11));
15634        assert_eq!(buf[0], b'h');
15635        assert_eq!(buf[1], b'o');
15636
15637        let result3 = pipe.server.dgram_recv(&mut buf);
15638        assert_eq!(result3, Err(Error::Done));
15639    }
15640
15641    #[rstest]
15642    fn dgram_send_max_size(
15643        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15644    ) {
15645        let mut buf = [0; MAX_DGRAM_FRAME_SIZE as usize];
15646
15647        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15648        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15649        config
15650            .load_cert_chain_from_pem_file("examples/cert.crt")
15651            .unwrap();
15652        config
15653            .load_priv_key_from_pem_file("examples/cert.key")
15654            .unwrap();
15655        config
15656            .set_application_protos(&[b"proto1", b"proto2"])
15657            .unwrap();
15658        config.set_initial_max_data(30);
15659        config.set_initial_max_stream_data_bidi_local(15);
15660        config.set_initial_max_stream_data_bidi_remote(15);
15661        config.set_initial_max_stream_data_uni(10);
15662        config.set_initial_max_streams_bidi(3);
15663        config.set_initial_max_streams_uni(3);
15664        config.enable_dgram(true, 10, 10);
15665        config.set_max_recv_udp_payload_size(1452);
15666        config.verify_peer(false);
15667
15668        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15669
15670        // Before handshake (before peer settings) we don't know max dgram size
15671        assert_eq!(pipe.client.dgram_max_writable_len(), None);
15672
15673        assert_eq!(pipe.handshake(), Ok(()));
15674
15675        let max_dgram_size = pipe.client.dgram_max_writable_len().unwrap();
15676
15677        // Tests use a 16-byte connection ID, so the max datagram frame payload
15678        // size is (1200 byte-long packet - 40 bytes overhead)
15679        assert_eq!(max_dgram_size, 1160);
15680
15681        let dgram_packet: Vec<u8> = vec![42; max_dgram_size];
15682
15683        assert_eq!(pipe.client.dgram_send(&dgram_packet), Ok(()));
15684
15685        assert_eq!(pipe.advance(), Ok(()));
15686
15687        let result1 = pipe.server.dgram_recv(&mut buf);
15688        assert_eq!(result1, Ok(max_dgram_size));
15689
15690        let result2 = pipe.server.dgram_recv(&mut buf);
15691        assert_eq!(result2, Err(Error::Done));
15692    }
15693
15694    #[rstest]
15695    /// Tests is_readable check.
15696    fn is_readable(
15697        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15698    ) {
15699        let mut buf = [0; 65535];
15700
15701        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
15702        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
15703        config
15704            .load_cert_chain_from_pem_file("examples/cert.crt")
15705            .unwrap();
15706        config
15707            .load_priv_key_from_pem_file("examples/cert.key")
15708            .unwrap();
15709        config
15710            .set_application_protos(&[b"proto1", b"proto2"])
15711            .unwrap();
15712        config.set_initial_max_data(30);
15713        config.set_initial_max_stream_data_bidi_local(15);
15714        config.set_initial_max_stream_data_bidi_remote(15);
15715        config.set_initial_max_stream_data_uni(10);
15716        config.set_initial_max_streams_bidi(3);
15717        config.set_initial_max_streams_uni(3);
15718        config.enable_dgram(true, 10, 10);
15719        config.set_max_recv_udp_payload_size(1452);
15720        config.verify_peer(false);
15721
15722        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
15723        assert_eq!(pipe.handshake(), Ok(()));
15724
15725        // No readable data.
15726        assert!(!pipe.client.is_readable());
15727        assert!(!pipe.server.is_readable());
15728
15729        assert_eq!(pipe.client.stream_send(4, b"aaaaa", false), Ok(5));
15730        assert_eq!(pipe.advance(), Ok(()));
15731
15732        // Server received stream.
15733        assert!(!pipe.client.is_readable());
15734        assert!(pipe.server.is_readable());
15735
15736        assert_eq!(
15737            pipe.server.stream_send(4, b"aaaaaaaaaaaaaaa", false),
15738            Ok(15)
15739        );
15740        assert_eq!(pipe.advance(), Ok(()));
15741
15742        // Client received stream.
15743        assert!(pipe.client.is_readable());
15744        assert!(pipe.server.is_readable());
15745
15746        // Client drains stream.
15747        let mut b = [0; 15];
15748        pipe.client.stream_recv(4, &mut b).unwrap();
15749        assert_eq!(pipe.advance(), Ok(()));
15750
15751        assert!(!pipe.client.is_readable());
15752        assert!(pipe.server.is_readable());
15753
15754        // Server shuts down stream.
15755        assert_eq!(pipe.server.stream_shutdown(4, Shutdown::Read, 0), Ok(()));
15756        assert!(!pipe.server.is_readable());
15757
15758        // Server received dgram.
15759        assert_eq!(pipe.client.dgram_send(b"dddddddddddddd"), Ok(()));
15760        assert_eq!(pipe.advance(), Ok(()));
15761
15762        assert!(!pipe.client.is_readable());
15763        assert!(pipe.server.is_readable());
15764
15765        // Client received dgram.
15766        assert_eq!(pipe.server.dgram_send(b"dddddddddddddd"), Ok(()));
15767        assert_eq!(pipe.advance(), Ok(()));
15768
15769        assert!(pipe.client.is_readable());
15770        assert!(pipe.server.is_readable());
15771
15772        // Drain the dgram queues.
15773        let r = pipe.server.dgram_recv(&mut buf);
15774        assert_eq!(r, Ok(14));
15775        assert!(!pipe.server.is_readable());
15776
15777        let r = pipe.client.dgram_recv(&mut buf);
15778        assert_eq!(r, Ok(14));
15779        assert!(!pipe.client.is_readable());
15780    }
15781
15782    #[rstest]
15783    fn close(
15784        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15785    ) {
15786        let mut buf = [0; 65535];
15787
15788        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15789        assert_eq!(pipe.handshake(), Ok(()));
15790
15791        assert_eq!(pipe.client.close(false, 0x1234, b"hello?"), Ok(()));
15792
15793        assert_eq!(
15794            pipe.client.close(false, 0x4321, b"hello?"),
15795            Err(Error::Done)
15796        );
15797
15798        let (len, _) = pipe.client.send(&mut buf).unwrap();
15799
15800        let frames =
15801            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
15802
15803        assert_eq!(
15804            frames.first(),
15805            Some(&frame::Frame::ConnectionClose {
15806                error_code: 0x1234,
15807                frame_type: 0,
15808                reason: b"hello?".to_vec(),
15809            })
15810        );
15811    }
15812
15813    #[rstest]
15814    fn app_close_by_client(
15815        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15816    ) {
15817        let mut buf = [0; 65535];
15818
15819        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15820        assert_eq!(pipe.handshake(), Ok(()));
15821
15822        assert_eq!(pipe.client.close(true, 0x1234, b"hello!"), Ok(()));
15823
15824        assert_eq!(pipe.client.close(true, 0x4321, b"hello!"), Err(Error::Done));
15825
15826        let (len, _) = pipe.client.send(&mut buf).unwrap();
15827
15828        let frames =
15829            testing::decode_pkt(&mut pipe.server, &mut buf[..len]).unwrap();
15830
15831        assert_eq!(
15832            frames.first(),
15833            Some(&frame::Frame::ApplicationClose {
15834                error_code: 0x1234,
15835                reason: b"hello!".to_vec(),
15836            })
15837        );
15838    }
15839
15840    // OpenSSL does not provide a straightforward interface to deal with custom
15841    // off-load key signing.
15842    #[cfg(not(feature = "openssl"))]
15843    #[rstest]
15844    fn app_close_by_server_during_handshake_private_key_failure(
15845        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15846    ) {
15847        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15848        pipe.server.handshake.set_failing_private_key_method();
15849
15850        // Client sends initial flight.
15851        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15852        assert_eq!(
15853            testing::process_flight(&mut pipe.server, flight),
15854            Err(Error::TlsFail)
15855        );
15856
15857        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15858
15859        // Both connections are not established.
15860        assert!(!pipe.server.is_established());
15861        assert!(!pipe.client.is_established());
15862
15863        // Connection should already be closed due the failure during key signing.
15864        assert_eq!(
15865            pipe.server.close(true, 123, b"fail whale"),
15866            Err(Error::Done)
15867        );
15868
15869        testing::process_flight(&mut pipe.client, flight).unwrap();
15870
15871        // Connection should already be closed due the failure during key signing.
15872        assert_eq!(
15873            pipe.client.close(true, 123, b"fail whale"),
15874            Err(Error::Done)
15875        );
15876
15877        // Connection is not established on the server / client (and never
15878        // will be)
15879        assert!(!pipe.server.is_established());
15880        assert!(!pipe.client.is_established());
15881
15882        assert_eq!(pipe.advance(), Ok(()));
15883
15884        assert_eq!(
15885            pipe.server.local_error(),
15886            Some(&ConnectionError {
15887                is_app: false,
15888                error_code: 0x01,
15889                reason: vec![],
15890            })
15891        );
15892        assert_eq!(
15893            pipe.client.peer_error(),
15894            Some(&ConnectionError {
15895                is_app: false,
15896                error_code: 0x01,
15897                reason: vec![],
15898            })
15899        );
15900    }
15901
15902    #[rstest]
15903    fn app_close_by_server_during_handshake_not_established(
15904        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15905    ) {
15906        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15907
15908        // Client sends initial flight.
15909        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15910        testing::process_flight(&mut pipe.server, flight).unwrap();
15911
15912        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15913
15914        // Both connections are not established.
15915        assert!(!pipe.client.is_established() && !pipe.server.is_established());
15916
15917        // Server closes before connection is established.
15918        pipe.server.close(true, 123, b"fail whale").unwrap();
15919
15920        testing::process_flight(&mut pipe.client, flight).unwrap();
15921
15922        // Connection is established on the client.
15923        assert!(pipe.client.is_established());
15924
15925        // Client sends after connection is established.
15926        pipe.client.stream_send(0, b"badauthtoken", true).unwrap();
15927
15928        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15929        testing::process_flight(&mut pipe.server, flight).unwrap();
15930
15931        // Connection is not established on the server (and never will be)
15932        assert!(!pipe.server.is_established());
15933
15934        assert_eq!(pipe.advance(), Ok(()));
15935
15936        assert_eq!(
15937            pipe.server.local_error(),
15938            Some(&ConnectionError {
15939                is_app: false,
15940                error_code: 0x0c,
15941                reason: vec![],
15942            })
15943        );
15944        assert_eq!(
15945            pipe.client.peer_error(),
15946            Some(&ConnectionError {
15947                is_app: false,
15948                error_code: 0x0c,
15949                reason: vec![],
15950            })
15951        );
15952    }
15953
15954    #[rstest]
15955    fn app_close_by_server_during_handshake_established(
15956        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
15957    ) {
15958        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
15959
15960        // Client sends initial flight.
15961        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15962        testing::process_flight(&mut pipe.server, flight).unwrap();
15963
15964        let flight = testing::emit_flight(&mut pipe.server).unwrap();
15965
15966        // Both connections are not established.
15967        assert!(!pipe.client.is_established() && !pipe.server.is_established());
15968
15969        testing::process_flight(&mut pipe.client, flight).unwrap();
15970
15971        // Connection is established on the client.
15972        assert!(pipe.client.is_established());
15973
15974        // Client sends after connection is established.
15975        pipe.client.stream_send(0, b"badauthtoken", true).unwrap();
15976
15977        let flight = testing::emit_flight(&mut pipe.client).unwrap();
15978        testing::process_flight(&mut pipe.server, flight).unwrap();
15979
15980        // Connection is established on the server but the Handshake ACK has not
15981        // been sent yet.
15982        assert!(pipe.server.is_established());
15983
15984        // Server closes after connection is established.
15985        pipe.server
15986            .close(true, 123, b"Invalid authentication")
15987            .unwrap();
15988
15989        // Server sends Handshake ACK and then 1RTT CONNECTION_CLOSE.
15990        assert_eq!(pipe.advance(), Ok(()));
15991
15992        assert_eq!(
15993            pipe.server.local_error(),
15994            Some(&ConnectionError {
15995                is_app: true,
15996                error_code: 123,
15997                reason: b"Invalid authentication".to_vec()
15998            })
15999        );
16000        assert_eq!(
16001            pipe.client.peer_error(),
16002            Some(&ConnectionError {
16003                is_app: true,
16004                error_code: 123,
16005                reason: b"Invalid authentication".to_vec()
16006            })
16007        );
16008    }
16009
16010    #[rstest]
16011    fn transport_close_by_client_during_handshake_established(
16012        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16013    ) {
16014        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
16015
16016        // Client sends initial flight.
16017        let flight = testing::emit_flight(&mut pipe.client).unwrap();
16018        testing::process_flight(&mut pipe.server, flight).unwrap();
16019
16020        let flight = testing::emit_flight(&mut pipe.server).unwrap();
16021
16022        // Both connections are not established.
16023        assert!(!pipe.client.is_established() && !pipe.server.is_established());
16024
16025        testing::process_flight(&mut pipe.client, flight).unwrap();
16026
16027        // Connection is established on the client.
16028        assert!(pipe.client.is_established());
16029
16030        // Client sends after connection is established.
16031        pipe.client.close(false, 123, b"connection close").unwrap();
16032
16033        let flight = testing::emit_flight(&mut pipe.client).unwrap();
16034        testing::process_flight(&mut pipe.server, flight).unwrap();
16035
16036        assert_eq!(
16037            pipe.server.peer_error(),
16038            Some(&ConnectionError {
16039                is_app: false,
16040                error_code: 123,
16041                reason: b"connection close".to_vec()
16042            })
16043        );
16044        assert_eq!(
16045            pipe.client.local_error(),
16046            Some(&ConnectionError {
16047                is_app: false,
16048                error_code: 123,
16049                reason: b"connection close".to_vec()
16050            })
16051        );
16052    }
16053
16054    #[rstest]
16055    fn peer_error(
16056        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16057    ) {
16058        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
16059        assert_eq!(pipe.handshake(), Ok(()));
16060
16061        assert_eq!(pipe.server.close(false, 0x1234, b"hello?"), Ok(()));
16062        assert_eq!(pipe.advance(), Ok(()));
16063
16064        assert_eq!(
16065            pipe.client.peer_error(),
16066            Some(&ConnectionError {
16067                is_app: false,
16068                error_code: 0x1234u64,
16069                reason: b"hello?".to_vec()
16070            })
16071        );
16072    }
16073
16074    #[rstest]
16075    fn app_peer_error(
16076        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16077    ) {
16078        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
16079        assert_eq!(pipe.handshake(), Ok(()));
16080
16081        assert_eq!(pipe.server.close(true, 0x1234, b"hello!"), Ok(()));
16082        assert_eq!(pipe.advance(), Ok(()));
16083
16084        assert_eq!(
16085            pipe.client.peer_error(),
16086            Some(&ConnectionError {
16087                is_app: true,
16088                error_code: 0x1234u64,
16089                reason: b"hello!".to_vec()
16090            })
16091        );
16092    }
16093
16094    #[rstest]
16095    fn local_error(
16096        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16097    ) {
16098        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
16099        assert_eq!(pipe.handshake(), Ok(()));
16100
16101        assert_eq!(pipe.server.local_error(), None);
16102
16103        assert_eq!(pipe.server.close(true, 0x1234, b"hello!"), Ok(()));
16104
16105        assert_eq!(
16106            pipe.server.local_error(),
16107            Some(&ConnectionError {
16108                is_app: true,
16109                error_code: 0x1234u64,
16110                reason: b"hello!".to_vec()
16111            })
16112        );
16113    }
16114
16115    #[rstest]
16116    fn update_max_datagram_size(
16117        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16118    ) {
16119        let mut client_scid = [0; 16];
16120        rand::rand_bytes(&mut client_scid[..]);
16121        let client_scid = ConnectionId::from_ref(&client_scid);
16122        let client_addr = "127.0.0.1:1234".parse().unwrap();
16123
16124        let mut server_scid = [0; 16];
16125        rand::rand_bytes(&mut server_scid[..]);
16126        let server_scid = ConnectionId::from_ref(&server_scid);
16127        let server_addr = "127.0.0.1:4321".parse().unwrap();
16128
16129        let mut client_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16130        assert_eq!(
16131            client_config.set_cc_algorithm_name(cc_algorithm_name),
16132            Ok(())
16133        );
16134        client_config
16135            .set_application_protos(&[b"proto1", b"proto2"])
16136            .unwrap();
16137        client_config.set_max_recv_udp_payload_size(1200);
16138
16139        let mut server_config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16140        assert_eq!(
16141            server_config.set_cc_algorithm_name(cc_algorithm_name),
16142            Ok(())
16143        );
16144        server_config
16145            .load_cert_chain_from_pem_file("examples/cert.crt")
16146            .unwrap();
16147        server_config
16148            .load_priv_key_from_pem_file("examples/cert.key")
16149            .unwrap();
16150        server_config
16151            .set_application_protos(&[b"proto1", b"proto2"])
16152            .unwrap();
16153        server_config.verify_peer(false);
16154        server_config
16155            .set_application_protos(&[b"proto1", b"proto2"])
16156            .unwrap();
16157        // Larger than the client
16158        server_config.set_max_send_udp_payload_size(1500);
16159
16160        let mut pipe = testing::Pipe {
16161            client: connect(
16162                Some("quic.tech"),
16163                &client_scid,
16164                client_addr,
16165                server_addr,
16166                &mut client_config,
16167            )
16168            .unwrap(),
16169            server: accept(
16170                &server_scid,
16171                None,
16172                server_addr,
16173                client_addr,
16174                &mut server_config,
16175            )
16176            .unwrap(),
16177        };
16178
16179        // Before handshake
16180        assert_eq!(
16181            pipe.server
16182                .paths
16183                .get_active()
16184                .expect("no active")
16185                .recovery
16186                .max_datagram_size(),
16187            1500,
16188        );
16189
16190        assert_eq!(pipe.handshake(), Ok(()));
16191
16192        // After handshake, max_datagram_size should match to client's
16193        // max_recv_udp_payload_size which is smaller
16194        assert_eq!(
16195            pipe.server
16196                .paths
16197                .get_active()
16198                .expect("no active")
16199                .recovery
16200                .max_datagram_size(),
16201            1200,
16202        );
16203        assert_eq!(
16204            pipe.server
16205                .paths
16206                .get_active()
16207                .expect("no active")
16208                .recovery
16209                .cwnd(),
16210            if cc_algorithm_name == "cubic" {
16211                12000
16212            } else {
16213                if cfg!(feature = "openssl") {
16214                    13437
16215                } else {
16216                    13421
16217                }
16218            },
16219        );
16220    }
16221
16222    #[rstest]
16223    /// Tests that connection-level send capacity decreases as more stream data
16224    /// is buffered.
16225    fn send_capacity(
16226        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16227    ) {
16228        let mut buf = [0; 65535];
16229
16230        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16231        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16232        config
16233            .load_cert_chain_from_pem_file("examples/cert.crt")
16234            .unwrap();
16235        config
16236            .load_priv_key_from_pem_file("examples/cert.key")
16237            .unwrap();
16238        config
16239            .set_application_protos(&[b"proto1", b"proto2"])
16240            .unwrap();
16241        config.set_initial_max_data(100000);
16242        config.set_initial_max_stream_data_bidi_local(10000);
16243        config.set_initial_max_stream_data_bidi_remote(10000);
16244        config.set_initial_max_streams_bidi(10);
16245        config.verify_peer(false);
16246
16247        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16248        assert_eq!(pipe.handshake(), Ok(()));
16249
16250        assert_eq!(pipe.client.stream_send(0, b"hello!", true), Ok(6));
16251        assert_eq!(pipe.advance(), Ok(()));
16252
16253        assert_eq!(pipe.client.stream_send(4, b"hello!", true), Ok(6));
16254        assert_eq!(pipe.advance(), Ok(()));
16255
16256        assert_eq!(pipe.client.stream_send(8, b"hello!", true), Ok(6));
16257        assert_eq!(pipe.advance(), Ok(()));
16258
16259        assert_eq!(pipe.client.stream_send(12, b"hello!", true), Ok(6));
16260        assert_eq!(pipe.advance(), Ok(()));
16261
16262        let mut r = pipe.server.readable().collect::<Vec<u64>>();
16263        assert_eq!(r.len(), 4);
16264
16265        r.sort();
16266
16267        assert_eq!(r, [0, 4, 8, 12]);
16268
16269        assert_eq!(pipe.server.stream_recv(0, &mut buf), Ok((6, true)));
16270        assert_eq!(pipe.server.stream_recv(4, &mut buf), Ok((6, true)));
16271        assert_eq!(pipe.server.stream_recv(8, &mut buf), Ok((6, true)));
16272        assert_eq!(pipe.server.stream_recv(12, &mut buf), Ok((6, true)));
16273
16274        assert_eq!(
16275            pipe.server.tx_cap,
16276            if cc_algorithm_name == "cubic" {
16277                12000
16278            } else {
16279                if cfg!(feature = "openssl") {
16280                    13959
16281                } else {
16282                    13873
16283                }
16284            }
16285        );
16286
16287        assert_eq!(pipe.server.stream_send(0, &buf[..5000], false), Ok(5000));
16288        assert_eq!(pipe.server.stream_send(4, &buf[..5000], false), Ok(5000));
16289        assert_eq!(
16290            pipe.server.stream_send(8, &buf[..5000], false),
16291            if cc_algorithm_name == "cubic" {
16292                Ok(2000)
16293            } else {
16294                if cfg!(feature = "openssl") {
16295                    Ok(3959)
16296                } else {
16297                    Ok(3873)
16298                }
16299            }
16300        );
16301
16302        // No more connection send capacity.
16303        assert_eq!(
16304            pipe.server.stream_send(12, &buf[..5000], false),
16305            Err(Error::Done)
16306        );
16307        assert_eq!(pipe.server.tx_cap, 0);
16308
16309        assert_eq!(pipe.advance(), Ok(()));
16310    }
16311
16312    #[cfg(feature = "boringssl-boring-crate")]
16313    #[rstest]
16314    fn user_provided_boring_ctx(
16315        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16316    ) -> Result<()> {
16317        // Manually construct boring ssl ctx for server
16318        let mut server_tls_ctx_builder =
16319            boring::ssl::SslContextBuilder::new(boring::ssl::SslMethod::tls())
16320                .unwrap();
16321        server_tls_ctx_builder
16322            .set_certificate_chain_file("examples/cert.crt")
16323            .unwrap();
16324        server_tls_ctx_builder
16325            .set_private_key_file(
16326                "examples/cert.key",
16327                boring::ssl::SslFiletype::PEM,
16328            )
16329            .unwrap();
16330
16331        let mut server_config = Config::with_boring_ssl_ctx_builder(
16332            crate::PROTOCOL_VERSION,
16333            server_tls_ctx_builder,
16334        )?;
16335        let mut client_config = Config::new(crate::PROTOCOL_VERSION)?;
16336        assert_eq!(
16337            client_config.set_cc_algorithm_name(cc_algorithm_name),
16338            Ok(())
16339        );
16340        client_config.load_cert_chain_from_pem_file("examples/cert.crt")?;
16341        client_config.load_priv_key_from_pem_file("examples/cert.key")?;
16342
16343        for config in [&mut client_config, &mut server_config] {
16344            config.set_application_protos(&[b"proto1", b"proto2"])?;
16345            config.set_initial_max_data(30);
16346            config.set_initial_max_stream_data_bidi_local(15);
16347            config.set_initial_max_stream_data_bidi_remote(15);
16348            config.set_initial_max_stream_data_uni(10);
16349            config.set_initial_max_streams_bidi(3);
16350            config.set_initial_max_streams_uni(3);
16351            config.set_max_idle_timeout(180_000);
16352            config.verify_peer(false);
16353            config.set_ack_delay_exponent(8);
16354        }
16355
16356        let mut pipe = testing::Pipe::with_client_and_server_config(
16357            &mut client_config,
16358            &mut server_config,
16359        )?;
16360
16361        assert_eq!(pipe.handshake(), Ok(()));
16362
16363        Ok(())
16364    }
16365
16366    #[cfg(feature = "boringssl-boring-crate")]
16367    #[rstest]
16368    fn in_handshake_config(
16369        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16370    ) -> Result<()> {
16371        let mut buf = [0; 65535];
16372
16373        const CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS: usize = 30;
16374
16375        // Manually construct `SSlContextBuilder` for the server.
16376        let mut server_tls_ctx_builder =
16377            boring::ssl::SslContextBuilder::new(boring::ssl::SslMethod::tls())
16378                .unwrap();
16379        server_tls_ctx_builder
16380            .set_certificate_chain_file("examples/cert.crt")
16381            .unwrap();
16382        server_tls_ctx_builder
16383            .set_private_key_file(
16384                "examples/cert.key",
16385                boring::ssl::SslFiletype::PEM,
16386            )
16387            .unwrap();
16388        server_tls_ctx_builder.set_select_certificate_callback(|mut hello| {
16389            <Connection>::set_initial_congestion_window_packets_in_handshake(
16390                hello.ssl_mut(),
16391                CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS,
16392            )
16393            .unwrap();
16394
16395            Ok(())
16396        });
16397
16398        let mut server_config = Config::with_boring_ssl_ctx_builder(
16399            crate::PROTOCOL_VERSION,
16400            server_tls_ctx_builder,
16401        )?;
16402        assert_eq!(
16403            server_config.set_cc_algorithm_name(cc_algorithm_name),
16404            Ok(())
16405        );
16406
16407        let mut client_config = Config::new(crate::PROTOCOL_VERSION)?;
16408        client_config.load_cert_chain_from_pem_file("examples/cert.crt")?;
16409        client_config.load_priv_key_from_pem_file("examples/cert.key")?;
16410
16411        for config in [&mut client_config, &mut server_config] {
16412            config.set_application_protos(&[b"proto1", b"proto2"])?;
16413            config.set_initial_max_data(1000000);
16414            config.set_initial_max_stream_data_bidi_local(15);
16415            config.set_initial_max_stream_data_bidi_remote(15);
16416            config.set_initial_max_stream_data_uni(10);
16417            config.set_initial_max_streams_bidi(3);
16418            config.set_initial_max_streams_uni(3);
16419            config.set_max_idle_timeout(180_000);
16420            config.verify_peer(false);
16421            config.set_ack_delay_exponent(8);
16422        }
16423
16424        let mut pipe = testing::Pipe::with_client_and_server_config(
16425            &mut client_config,
16426            &mut server_config,
16427        )?;
16428
16429        // Client sends initial flight.
16430        let (len, _) = pipe.client.send(&mut buf).unwrap();
16431
16432        assert_eq!(pipe.server.tx_cap, 0);
16433
16434        // Server receives client's initial flight and updates its config.
16435        pipe.server_recv(&mut buf[..len]).unwrap();
16436
16437        assert_eq!(
16438            pipe.server.tx_cap,
16439            CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS * 1200
16440        );
16441
16442        // Server sends initial flight.
16443        let (len, _) = pipe.server.send(&mut buf).unwrap();
16444        pipe.client_recv(&mut buf[..len]).unwrap();
16445
16446        assert_eq!(pipe.handshake(), Ok(()));
16447
16448        Ok(())
16449    }
16450
16451    #[rstest]
16452    fn initial_cwnd(
16453        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16454    ) -> Result<()> {
16455        const CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS: usize = 30;
16456
16457        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
16458        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16459        config.set_initial_congestion_window_packets(
16460            CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS,
16461        );
16462        // From Pipe::new()
16463        config.load_cert_chain_from_pem_file("examples/cert.crt")?;
16464        config.load_priv_key_from_pem_file("examples/cert.key")?;
16465        config.set_application_protos(&[b"proto1", b"proto2"])?;
16466        config.set_initial_max_data(1000000);
16467        config.set_initial_max_stream_data_bidi_local(15);
16468        config.set_initial_max_stream_data_bidi_remote(15);
16469        config.set_initial_max_stream_data_uni(10);
16470        config.set_initial_max_streams_bidi(3);
16471        config.set_initial_max_streams_uni(3);
16472        config.set_max_idle_timeout(180_000);
16473        config.verify_peer(false);
16474        config.set_ack_delay_exponent(8);
16475
16476        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16477        assert_eq!(pipe.handshake(), Ok(()));
16478
16479        if cc_algorithm_name == "cubic" {
16480            assert_eq!(
16481                pipe.server.tx_cap,
16482                CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS * 1200
16483            );
16484        } else {
16485            // TODO understand where these adjustments come from and why they vary
16486            // by TLS implementation and OS target.
16487            let expected = CUSTOM_INITIAL_CONGESTION_WINDOW_PACKETS * 1200 +
16488                if cfg!(feature = "openssl") {
16489                    1463
16490                } else {
16491                    1447
16492                };
16493
16494            assert!(
16495                pipe.server.tx_cap >= expected,
16496                "{} vs {}",
16497                pipe.server.tx_cap,
16498                expected
16499            );
16500            assert!(
16501                pipe.server.tx_cap <= expected + 1,
16502                "{} vs {}",
16503                pipe.server.tx_cap,
16504                expected + 1
16505            );
16506        }
16507
16508        Ok(())
16509    }
16510
16511    #[rstest]
16512    /// Tests that resetting a stream restores flow control for unsent data.
16513    fn last_tx_data_larger_than_tx_data(
16514        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16515    ) {
16516        let mut config = Config::new(PROTOCOL_VERSION).unwrap();
16517        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16518        config
16519            .set_application_protos(&[b"proto1", b"proto2"])
16520            .unwrap();
16521        config.set_initial_max_data(12000);
16522        config.set_initial_max_stream_data_bidi_local(20000);
16523        config.set_initial_max_stream_data_bidi_remote(20000);
16524        config.set_max_recv_udp_payload_size(1200);
16525        config.verify_peer(false);
16526
16527        let mut pipe = testing::Pipe::with_client_config(&mut config).unwrap();
16528        assert_eq!(pipe.handshake(), Ok(()));
16529
16530        // Client opens stream 4 and 8.
16531        assert_eq!(pipe.client.stream_send(4, b"a", true), Ok(1));
16532        assert_eq!(pipe.client.stream_send(8, b"b", true), Ok(1));
16533        assert_eq!(pipe.advance(), Ok(()));
16534
16535        // Server reads stream data.
16536        let mut b = [0; 15];
16537        pipe.server.stream_recv(4, &mut b).unwrap();
16538
16539        // Server sends stream data close to cwnd (12000).
16540        let buf = [0; 10000];
16541        assert_eq!(pipe.server.stream_send(4, &buf, false), Ok(10000));
16542
16543        testing::emit_flight(&mut pipe.server).unwrap();
16544
16545        // Server buffers some data, until send capacity limit reached.
16546        let mut buf = [0; 1200];
16547        assert_eq!(pipe.server.stream_send(4, &buf, false), Ok(1200));
16548        assert_eq!(pipe.server.stream_send(8, &buf, false), Ok(800));
16549        assert_eq!(pipe.server.stream_send(4, &buf, false), Err(Error::Done));
16550
16551        // Wait for PTO to expire.
16552        let timer = pipe.server.timeout().unwrap();
16553        std::thread::sleep(timer + time::Duration::from_millis(1));
16554
16555        pipe.server.on_timeout();
16556
16557        // Server sends PTO probe (not limited to cwnd),
16558        // to update last_tx_data.
16559        let (len, _) = pipe.server.send(&mut buf).unwrap();
16560        assert_eq!(len, 1200);
16561
16562        // Client sends STOP_SENDING to decrease tx_data
16563        // by unsent data. It will make last_tx_data > tx_data
16564        // and trigger #1232 bug.
16565        let frames = [frame::Frame::StopSending {
16566            stream_id: 4,
16567            error_code: 42,
16568        }];
16569
16570        let pkt_type = packet::Type::Short;
16571        pipe.send_pkt_to_server(pkt_type, &frames, &mut buf)
16572            .unwrap();
16573    }
16574
16575    /// Tests that when the client provides a new ConnectionId, it eventually
16576    /// reaches the server and notifies the application.
16577    #[rstest]
16578    fn send_connection_ids(
16579        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16580    ) {
16581        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16582        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16583        config
16584            .load_cert_chain_from_pem_file("examples/cert.crt")
16585            .unwrap();
16586        config
16587            .load_priv_key_from_pem_file("examples/cert.key")
16588            .unwrap();
16589        config
16590            .set_application_protos(&[b"proto1", b"proto2"])
16591            .unwrap();
16592        config.verify_peer(false);
16593        config.set_active_connection_id_limit(3);
16594
16595        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16596        assert_eq!(pipe.handshake(), Ok(()));
16597
16598        // So far, there should not have any QUIC event.
16599        assert_eq!(pipe.client.path_event_next(), None);
16600        assert_eq!(pipe.server.path_event_next(), None);
16601        assert_eq!(pipe.client.scids_left(), 2);
16602
16603        let (scid, reset_token) = testing::create_cid_and_reset_token(16);
16604        assert_eq!(pipe.client.new_scid(&scid, reset_token, false), Ok(1));
16605
16606        // Let exchange packets over the connection.
16607        assert_eq!(pipe.advance(), Ok(()));
16608
16609        // At this point, the server should be notified that it has a new CID.
16610        assert_eq!(pipe.server.available_dcids(), 1);
16611        assert_eq!(pipe.server.path_event_next(), None);
16612        assert_eq!(pipe.client.path_event_next(), None);
16613        assert_eq!(pipe.client.scids_left(), 1);
16614
16615        // Now, a second CID can be provided.
16616        let (scid, reset_token) = testing::create_cid_and_reset_token(16);
16617        assert_eq!(pipe.client.new_scid(&scid, reset_token, false), Ok(2));
16618
16619        // Let exchange packets over the connection.
16620        assert_eq!(pipe.advance(), Ok(()));
16621
16622        // At this point, the server should be notified that it has a new CID.
16623        assert_eq!(pipe.server.available_dcids(), 2);
16624        assert_eq!(pipe.server.path_event_next(), None);
16625        assert_eq!(pipe.client.path_event_next(), None);
16626        assert_eq!(pipe.client.scids_left(), 0);
16627
16628        // If now the client tries to send another CID, it reports an error
16629        // since it exceeds the limit of active CIDs.
16630        let (scid, reset_token) = testing::create_cid_and_reset_token(16);
16631        assert_eq!(
16632            pipe.client.new_scid(&scid, reset_token, false),
16633            Err(Error::IdLimit),
16634        );
16635    }
16636
16637    #[rstest]
16638    /// Tests that NEW_CONNECTION_ID with zero-length CID are rejected.
16639    fn connection_id_zero(
16640        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16641    ) {
16642        let mut buf = [0; 65535];
16643
16644        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16645        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16646        config
16647            .load_cert_chain_from_pem_file("examples/cert.crt")
16648            .unwrap();
16649        config
16650            .load_priv_key_from_pem_file("examples/cert.key")
16651            .unwrap();
16652        config
16653            .set_application_protos(&[b"proto1", b"proto2"])
16654            .unwrap();
16655        config.verify_peer(false);
16656        config.set_active_connection_id_limit(2);
16657
16658        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16659        assert_eq!(pipe.handshake(), Ok(()));
16660
16661        let mut frames = Vec::new();
16662
16663        // Client adds a CID that is too short.
16664        let (scid, reset_token) = testing::create_cid_and_reset_token(0);
16665
16666        frames.push(frame::Frame::NewConnectionId {
16667            seq_num: 1,
16668            retire_prior_to: 0,
16669            conn_id: scid.to_vec(),
16670            reset_token: reset_token.to_be_bytes(),
16671        });
16672
16673        let pkt_type = packet::Type::Short;
16674
16675        let written =
16676            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
16677                .unwrap();
16678
16679        let active_path = pipe.server.paths.get_active().unwrap();
16680        let info = RecvInfo {
16681            to: active_path.local_addr(),
16682            from: active_path.peer_addr(),
16683        };
16684
16685        assert_eq!(
16686            pipe.server.recv(&mut buf[..written], info),
16687            Err(Error::InvalidFrame)
16688        );
16689
16690        let written = match pipe.server.send(&mut buf) {
16691            Ok((write, _)) => write,
16692
16693            Err(_) => unreachable!(),
16694        };
16695
16696        let frames =
16697            testing::decode_pkt(&mut pipe.client, &mut buf[..written]).unwrap();
16698        let mut iter = frames.iter();
16699
16700        assert_eq!(
16701            iter.next(),
16702            Some(&frame::Frame::ConnectionClose {
16703                error_code: 0x7,
16704                frame_type: 0,
16705                reason: Vec::new(),
16706            })
16707        );
16708    }
16709
16710    #[rstest]
16711    /// Tests that NEW_CONNECTION_ID with too long CID are rejected.
16712    fn connection_id_invalid_max_len(
16713        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16714    ) {
16715        let mut buf = [0; 65535];
16716
16717        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16718        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16719        config
16720            .load_cert_chain_from_pem_file("examples/cert.crt")
16721            .unwrap();
16722        config
16723            .load_priv_key_from_pem_file("examples/cert.key")
16724            .unwrap();
16725        config
16726            .set_application_protos(&[b"proto1", b"proto2"])
16727            .unwrap();
16728        config.verify_peer(false);
16729        config.set_active_connection_id_limit(2);
16730
16731        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16732        assert_eq!(pipe.handshake(), Ok(()));
16733
16734        let mut frames = Vec::new();
16735
16736        // Client adds a CID that is too long.
16737        let (scid, reset_token) =
16738            testing::create_cid_and_reset_token(MAX_CONN_ID_LEN + 1);
16739
16740        frames.push(frame::Frame::NewConnectionId {
16741            seq_num: 1,
16742            retire_prior_to: 0,
16743            conn_id: scid.to_vec(),
16744            reset_token: reset_token.to_be_bytes(),
16745        });
16746
16747        let pkt_type = packet::Type::Short;
16748
16749        let written =
16750            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
16751                .unwrap();
16752
16753        let active_path = pipe.server.paths.get_active().unwrap();
16754        let info = RecvInfo {
16755            to: active_path.local_addr(),
16756            from: active_path.peer_addr(),
16757        };
16758
16759        assert_eq!(
16760            pipe.server.recv(&mut buf[..written], info),
16761            Err(Error::InvalidFrame)
16762        );
16763
16764        let written = match pipe.server.send(&mut buf) {
16765            Ok((write, _)) => write,
16766
16767            Err(_) => unreachable!(),
16768        };
16769
16770        let frames =
16771            testing::decode_pkt(&mut pipe.client, &mut buf[..written]).unwrap();
16772        let mut iter = frames.iter();
16773
16774        assert_eq!(
16775            iter.next(),
16776            Some(&frame::Frame::ConnectionClose {
16777                error_code: 0x7,
16778                frame_type: 0,
16779                reason: Vec::new(),
16780            })
16781        );
16782    }
16783
16784    #[rstest]
16785    /// Exercises the handling of NEW_CONNECTION_ID and RETIRE_CONNECTION_ID
16786    /// frames.
16787    fn connection_id_handling(
16788        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16789    ) {
16790        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16791        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16792        config
16793            .load_cert_chain_from_pem_file("examples/cert.crt")
16794            .unwrap();
16795        config
16796            .load_priv_key_from_pem_file("examples/cert.key")
16797            .unwrap();
16798        config
16799            .set_application_protos(&[b"proto1", b"proto2"])
16800            .unwrap();
16801        config.verify_peer(false);
16802        config.set_active_connection_id_limit(2);
16803
16804        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16805        assert_eq!(pipe.handshake(), Ok(()));
16806
16807        // So far, there should not have any QUIC event.
16808        assert_eq!(pipe.client.path_event_next(), None);
16809        assert_eq!(pipe.server.path_event_next(), None);
16810        assert_eq!(pipe.client.scids_left(), 1);
16811
16812        let scid = pipe.client.source_id().into_owned();
16813
16814        let (scid_1, reset_token_1) = testing::create_cid_and_reset_token(16);
16815        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(1));
16816
16817        // Let exchange packets over the connection.
16818        assert_eq!(pipe.advance(), Ok(()));
16819
16820        // At this point, the server should be notified that it has a new CID.
16821        assert_eq!(pipe.server.available_dcids(), 1);
16822        assert_eq!(pipe.server.path_event_next(), None);
16823        assert_eq!(pipe.client.path_event_next(), None);
16824        assert_eq!(pipe.client.scids_left(), 0);
16825
16826        // Now we assume that the client wants to advertise more source
16827        // Connection IDs than the advertised limit. This is valid if it
16828        // requests its peer to retire enough Connection IDs to fit within the
16829        // limits.
16830
16831        let (scid_2, reset_token_2) = testing::create_cid_and_reset_token(16);
16832        assert_eq!(pipe.client.new_scid(&scid_2, reset_token_2, true), Ok(2));
16833
16834        // Let exchange packets over the connection.
16835        assert_eq!(pipe.advance(), Ok(()));
16836
16837        // At this point, the server still have a spare DCID.
16838        assert_eq!(pipe.server.available_dcids(), 1);
16839        assert_eq!(pipe.server.path_event_next(), None);
16840
16841        // Client should have received a retired notification.
16842        assert_eq!(pipe.client.retired_scid_next(), Some(scid));
16843        assert_eq!(pipe.client.retired_scid_next(), None);
16844
16845        assert_eq!(pipe.client.path_event_next(), None);
16846        assert_eq!(pipe.client.scids_left(), 0);
16847
16848        // The active Destination Connection ID of the server should now be the
16849        // one with sequence number 1.
16850        assert_eq!(pipe.server.destination_id(), scid_1);
16851
16852        // Now tries to experience CID retirement. If the server tries to remove
16853        // non-existing DCIDs, it fails.
16854        assert_eq!(pipe.server.retire_dcid(0), Err(Error::InvalidState));
16855        assert_eq!(pipe.server.retire_dcid(3), Err(Error::InvalidState));
16856
16857        // Now it removes DCID with sequence 1.
16858        assert_eq!(pipe.server.retire_dcid(1), Ok(()));
16859
16860        // Let exchange packets over the connection.
16861        assert_eq!(pipe.advance(), Ok(()));
16862
16863        assert_eq!(pipe.server.path_event_next(), None);
16864        assert_eq!(pipe.client.retired_scid_next(), Some(scid_1));
16865        assert_eq!(pipe.client.retired_scid_next(), None);
16866
16867        assert_eq!(pipe.server.destination_id(), scid_2);
16868        assert_eq!(pipe.server.available_dcids(), 0);
16869
16870        // Trying to remove the last DCID triggers an error.
16871        assert_eq!(pipe.server.retire_dcid(2), Err(Error::OutOfIdentifiers));
16872    }
16873
16874    #[rstest]
16875    fn lost_connection_id_frames(
16876        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16877    ) {
16878        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16879        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16880        config
16881            .load_cert_chain_from_pem_file("examples/cert.crt")
16882            .unwrap();
16883        config
16884            .load_priv_key_from_pem_file("examples/cert.key")
16885            .unwrap();
16886        config
16887            .set_application_protos(&[b"proto1", b"proto2"])
16888            .unwrap();
16889        config.verify_peer(false);
16890        config.set_active_connection_id_limit(2);
16891
16892        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16893        assert_eq!(pipe.handshake(), Ok(()));
16894
16895        let scid = pipe.client.source_id().into_owned();
16896
16897        let (scid_1, reset_token_1) = testing::create_cid_and_reset_token(16);
16898        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(1));
16899
16900        // Packets are sent, but never received.
16901        testing::emit_flight(&mut pipe.client).unwrap();
16902
16903        // Wait until timer expires. Since the RTT is very low, wait a bit more.
16904        let timer = pipe.client.timeout().unwrap();
16905        std::thread::sleep(timer + time::Duration::from_millis(1));
16906
16907        pipe.client.on_timeout();
16908
16909        // Let exchange packets over the connection.
16910        assert_eq!(pipe.advance(), Ok(()));
16911
16912        // At this point, the server should be notified that it has a new CID.
16913        assert_eq!(pipe.server.available_dcids(), 1);
16914
16915        // Now the server retires the first Destination CID.
16916        assert_eq!(pipe.server.retire_dcid(0), Ok(()));
16917
16918        // But the packet never reaches the client.
16919        testing::emit_flight(&mut pipe.server).unwrap();
16920
16921        // Wait until timer expires. Since the RTT is very low, wait a bit more.
16922        let timer = pipe.server.timeout().unwrap();
16923        std::thread::sleep(timer + time::Duration::from_millis(1));
16924
16925        pipe.server.on_timeout();
16926
16927        // Let exchange packets over the connection.
16928        assert_eq!(pipe.advance(), Ok(()));
16929
16930        assert_eq!(pipe.client.retired_scid_next(), Some(scid));
16931        assert_eq!(pipe.client.retired_scid_next(), None);
16932    }
16933
16934    #[rstest]
16935    fn sending_duplicate_scids(
16936        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16937    ) {
16938        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16939        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16940        config
16941            .load_cert_chain_from_pem_file("examples/cert.crt")
16942            .unwrap();
16943        config
16944            .load_priv_key_from_pem_file("examples/cert.key")
16945            .unwrap();
16946        config
16947            .set_application_protos(&[b"proto1", b"proto2"])
16948            .unwrap();
16949        config.verify_peer(false);
16950        config.set_active_connection_id_limit(3);
16951
16952        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
16953        assert_eq!(pipe.handshake(), Ok(()));
16954
16955        let (scid_1, reset_token_1) = testing::create_cid_and_reset_token(16);
16956        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(1));
16957        assert_eq!(pipe.advance(), Ok(()));
16958
16959        // Trying to send the same CID with a different reset token raises an
16960        // InvalidState error.
16961        let reset_token_2 = reset_token_1.wrapping_add(1);
16962        assert_eq!(
16963            pipe.client.new_scid(&scid_1, reset_token_2, false),
16964            Err(Error::InvalidState),
16965        );
16966
16967        // Retrying to send the exact same CID with the same token returns the
16968        // previously assigned CID seq, but without sending anything.
16969        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(1));
16970        assert!(!pipe.client.ids.has_new_scids());
16971
16972        // Now retire this new CID.
16973        assert_eq!(pipe.server.retire_dcid(1), Ok(()));
16974        assert_eq!(pipe.advance(), Ok(()));
16975
16976        // It is up to the application to ensure that a given SCID is not reused
16977        // later.
16978        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(2));
16979    }
16980
16981    #[rstest]
16982    /// Tests the limit to retired DCID sequence numbers.
16983    fn connection_id_retire_limit(
16984        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
16985    ) {
16986        let mut buf = [0; 65535];
16987
16988        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
16989        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
16990        config
16991            .load_cert_chain_from_pem_file("examples/cert.crt")
16992            .unwrap();
16993        config
16994            .load_priv_key_from_pem_file("examples/cert.key")
16995            .unwrap();
16996        config
16997            .set_application_protos(&[b"proto1", b"proto2"])
16998            .unwrap();
16999        config.verify_peer(false);
17000        config.set_active_connection_id_limit(2);
17001
17002        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
17003        assert_eq!(pipe.handshake(), Ok(()));
17004
17005        // So far, there should not have any QUIC event.
17006        assert_eq!(pipe.client.path_event_next(), None);
17007        assert_eq!(pipe.server.path_event_next(), None);
17008        assert_eq!(pipe.client.scids_left(), 1);
17009
17010        let (scid_1, reset_token_1) = testing::create_cid_and_reset_token(16);
17011        assert_eq!(pipe.client.new_scid(&scid_1, reset_token_1, false), Ok(1));
17012
17013        // Let exchange packets over the connection.
17014        assert_eq!(pipe.advance(), Ok(()));
17015
17016        // At this point, the server should be notified that it has a new CID.
17017        assert_eq!(pipe.server.available_dcids(), 1);
17018        assert_eq!(pipe.server.path_event_next(), None);
17019        assert_eq!(pipe.client.path_event_next(), None);
17020        assert_eq!(pipe.client.scids_left(), 0);
17021
17022        let mut frames = Vec::new();
17023
17024        // Client retires more than 3x the number of allowed active CIDs.
17025        for i in 2..=7 {
17026            let (scid, reset_token) = testing::create_cid_and_reset_token(16);
17027
17028            frames.push(frame::Frame::NewConnectionId {
17029                seq_num: i,
17030                retire_prior_to: i,
17031                conn_id: scid.to_vec(),
17032                reset_token: reset_token.to_be_bytes(),
17033            });
17034        }
17035
17036        let pkt_type = packet::Type::Short;
17037
17038        let written =
17039            testing::encode_pkt(&mut pipe.client, pkt_type, &frames, &mut buf)
17040                .unwrap();
17041
17042        let active_path = pipe.server.paths.get_active().unwrap();
17043        let info = RecvInfo {
17044            to: active_path.local_addr(),
17045            from: active_path.peer_addr(),
17046        };
17047
17048        assert_eq!(
17049            pipe.server.recv(&mut buf[..written], info),
17050            Err(Error::IdLimit)
17051        );
17052
17053        let written = match pipe.server.send(&mut buf) {
17054            Ok((write, _)) => write,
17055
17056            Err(_) => unreachable!(),
17057        };
17058
17059        let frames =
17060            testing::decode_pkt(&mut pipe.client, &mut buf[..written]).unwrap();
17061        let mut iter = frames.iter();
17062
17063        assert_eq!(
17064            iter.next(),
17065            Some(&frame::Frame::ConnectionClose {
17066                error_code: 0x9,
17067                frame_type: 0,
17068                reason: Vec::new(),
17069            })
17070        );
17071    }
17072
17073    // Utility function.
17074    fn pipe_with_exchanged_cids(
17075        config: &mut Config, client_scid_len: usize, server_scid_len: usize,
17076        additional_cids: usize,
17077    ) -> testing::Pipe {
17078        let mut pipe = testing::Pipe::with_config_and_scid_lengths(
17079            config,
17080            client_scid_len,
17081            server_scid_len,
17082        )
17083        .unwrap();
17084        assert_eq!(pipe.handshake(), Ok(()));
17085
17086        let mut c_cids = Vec::new();
17087        let mut c_reset_tokens = Vec::new();
17088        let mut s_cids = Vec::new();
17089        let mut s_reset_tokens = Vec::new();
17090
17091        for i in 0..additional_cids {
17092            if client_scid_len > 0 {
17093                let (c_cid, c_reset_token) =
17094                    testing::create_cid_and_reset_token(client_scid_len);
17095                c_cids.push(c_cid);
17096                c_reset_tokens.push(c_reset_token);
17097
17098                assert_eq!(
17099                    pipe.client.new_scid(&c_cids[i], c_reset_tokens[i], true),
17100                    Ok(i as u64 + 1)
17101                );
17102            }
17103
17104            if server_scid_len > 0 {
17105                let (s_cid, s_reset_token) =
17106                    testing::create_cid_and_reset_token(server_scid_len);
17107                s_cids.push(s_cid);
17108                s_reset_tokens.push(s_reset_token);
17109                assert_eq!(
17110                    pipe.server.new_scid(&s_cids[i], s_reset_tokens[i], true),
17111                    Ok(i as u64 + 1)
17112                );
17113            }
17114        }
17115
17116        // Let exchange packets over the connection.
17117        assert_eq!(pipe.advance(), Ok(()));
17118
17119        if client_scid_len > 0 {
17120            assert_eq!(pipe.server.available_dcids(), additional_cids);
17121        }
17122
17123        if server_scid_len > 0 {
17124            assert_eq!(pipe.client.available_dcids(), additional_cids);
17125        }
17126
17127        assert_eq!(pipe.server.path_event_next(), None);
17128        assert_eq!(pipe.client.path_event_next(), None);
17129
17130        pipe
17131    }
17132
17133    #[rstest]
17134    fn path_validation(
17135        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17136    ) {
17137        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17138        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17139        config
17140            .load_cert_chain_from_pem_file("examples/cert.crt")
17141            .unwrap();
17142        config
17143            .load_priv_key_from_pem_file("examples/cert.key")
17144            .unwrap();
17145        config
17146            .set_application_protos(&[b"proto1", b"proto2"])
17147            .unwrap();
17148        config.verify_peer(false);
17149        config.set_active_connection_id_limit(2);
17150
17151        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
17152        assert_eq!(pipe.handshake(), Ok(()));
17153
17154        let server_addr = testing::Pipe::server_addr();
17155        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17156
17157        // We cannot probe a new path if there are not enough identifiers.
17158        assert_eq!(
17159            pipe.client.probe_path(client_addr_2, server_addr),
17160            Err(Error::OutOfIdentifiers)
17161        );
17162
17163        let (c_cid, c_reset_token) = testing::create_cid_and_reset_token(16);
17164
17165        assert_eq!(pipe.client.new_scid(&c_cid, c_reset_token, true), Ok(1));
17166
17167        let (s_cid, s_reset_token) = testing::create_cid_and_reset_token(16);
17168        assert_eq!(pipe.server.new_scid(&s_cid, s_reset_token, true), Ok(1));
17169
17170        // We need to exchange the CIDs first.
17171        assert_eq!(
17172            pipe.client.probe_path(client_addr_2, server_addr),
17173            Err(Error::OutOfIdentifiers)
17174        );
17175
17176        // Let exchange packets over the connection.
17177        assert_eq!(pipe.advance(), Ok(()));
17178
17179        assert_eq!(pipe.server.available_dcids(), 1);
17180        assert_eq!(pipe.server.path_event_next(), None);
17181        assert_eq!(pipe.client.available_dcids(), 1);
17182        assert_eq!(pipe.client.path_event_next(), None);
17183
17184        // Now the path probing can work.
17185        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17186
17187        // But the server cannot probe a yet-unseen path.
17188        assert_eq!(
17189            pipe.server.probe_path(server_addr, client_addr_2),
17190            Err(Error::InvalidState),
17191        );
17192
17193        assert_eq!(pipe.advance(), Ok(()));
17194
17195        // The path should be validated at some point.
17196        assert_eq!(
17197            pipe.client.path_event_next(),
17198            Some(PathEvent::Validated(client_addr_2, server_addr)),
17199        );
17200        assert_eq!(pipe.client.path_event_next(), None);
17201
17202        // The server should be notified of this new path.
17203        assert_eq!(
17204            pipe.server.path_event_next(),
17205            Some(PathEvent::New(server_addr, client_addr_2)),
17206        );
17207        assert_eq!(
17208            pipe.server.path_event_next(),
17209            Some(PathEvent::Validated(server_addr, client_addr_2)),
17210        );
17211        assert_eq!(pipe.server.path_event_next(), None);
17212
17213        // The server can later probe the path again.
17214        assert_eq!(pipe.server.probe_path(server_addr, client_addr_2), Ok(1));
17215
17216        // This should not trigger any event at client side.
17217        assert_eq!(pipe.client.path_event_next(), None);
17218        assert_eq!(pipe.server.path_event_next(), None);
17219    }
17220
17221    #[rstest]
17222    fn losing_probing_packets(
17223        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17224    ) {
17225        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17226        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17227        config
17228            .load_cert_chain_from_pem_file("examples/cert.crt")
17229            .unwrap();
17230        config
17231            .load_priv_key_from_pem_file("examples/cert.key")
17232            .unwrap();
17233        config
17234            .set_application_protos(&[b"proto1", b"proto2"])
17235            .unwrap();
17236        config.verify_peer(false);
17237        config.set_active_connection_id_limit(2);
17238
17239        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
17240
17241        let server_addr = testing::Pipe::server_addr();
17242        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17243        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17244
17245        // The client creates the PATH CHALLENGE, but it is lost.
17246        testing::emit_flight(&mut pipe.client).unwrap();
17247
17248        // Wait until probing timer expires. Since the RTT is very low,
17249        // wait a bit more.
17250        let probed_pid = pipe
17251            .client
17252            .paths
17253            .path_id_from_addrs(&(client_addr_2, server_addr))
17254            .unwrap();
17255        let probe_instant = pipe
17256            .client
17257            .paths
17258            .get(probed_pid)
17259            .unwrap()
17260            .recovery
17261            .loss_detection_timer()
17262            .unwrap();
17263        let timer = probe_instant.duration_since(time::Instant::now());
17264        std::thread::sleep(timer + time::Duration::from_millis(1));
17265
17266        pipe.client.on_timeout();
17267
17268        assert_eq!(pipe.advance(), Ok(()));
17269
17270        // The path should be validated at some point.
17271        assert_eq!(
17272            pipe.client.path_event_next(),
17273            Some(PathEvent::Validated(client_addr_2, server_addr))
17274        );
17275        assert_eq!(pipe.client.path_event_next(), None);
17276
17277        assert_eq!(
17278            pipe.server.path_event_next(),
17279            Some(PathEvent::New(server_addr, client_addr_2))
17280        );
17281        // The path should be validated at some point.
17282        assert_eq!(
17283            pipe.server.path_event_next(),
17284            Some(PathEvent::Validated(server_addr, client_addr_2))
17285        );
17286        assert_eq!(pipe.server.path_event_next(), None);
17287    }
17288
17289    #[rstest]
17290    fn failed_path_validation(
17291        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17292    ) {
17293        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17294        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17295        config
17296            .load_cert_chain_from_pem_file("examples/cert.crt")
17297            .unwrap();
17298        config
17299            .load_priv_key_from_pem_file("examples/cert.key")
17300            .unwrap();
17301        config
17302            .set_application_protos(&[b"proto1", b"proto2"])
17303            .unwrap();
17304        config.verify_peer(false);
17305        config.set_active_connection_id_limit(2);
17306
17307        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
17308
17309        let server_addr = testing::Pipe::server_addr();
17310        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17311        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17312
17313        for _ in 0..MAX_PROBING_TIMEOUTS {
17314            // The client creates the PATH CHALLENGE, but it is always lost.
17315            testing::emit_flight(&mut pipe.client).unwrap();
17316
17317            // Wait until probing timer expires. Since the RTT is very low,
17318            // wait a bit more.
17319            let probed_pid = pipe
17320                .client
17321                .paths
17322                .path_id_from_addrs(&(client_addr_2, server_addr))
17323                .unwrap();
17324            let probe_instant = pipe
17325                .client
17326                .paths
17327                .get(probed_pid)
17328                .unwrap()
17329                .recovery
17330                .loss_detection_timer()
17331                .unwrap();
17332            let timer = probe_instant.duration_since(time::Instant::now());
17333            std::thread::sleep(timer + time::Duration::from_millis(1));
17334
17335            pipe.client.on_timeout();
17336        }
17337
17338        assert_eq!(
17339            pipe.client.path_event_next(),
17340            Some(PathEvent::FailedValidation(client_addr_2, server_addr)),
17341        );
17342    }
17343
17344    #[rstest]
17345    fn client_discard_unknown_address(
17346        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17347    ) {
17348        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17349        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17350        config
17351            .load_cert_chain_from_pem_file("examples/cert.crt")
17352            .unwrap();
17353        config
17354            .load_priv_key_from_pem_file("examples/cert.key")
17355            .unwrap();
17356        config
17357            .set_application_protos(&[b"proto1", b"proto2"])
17358            .unwrap();
17359        config.verify_peer(false);
17360        config.set_initial_max_data(30);
17361        config.set_initial_max_stream_data_uni(10);
17362        config.set_initial_max_streams_uni(3);
17363
17364        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
17365        assert_eq!(pipe.handshake(), Ok(()));
17366
17367        // Server sends stream data.
17368        assert_eq!(pipe.server.stream_send(3, b"a", true), Ok(1));
17369
17370        let mut flight =
17371            testing::emit_flight(&mut pipe.server).expect("no packet");
17372        // Let's change the address info.
17373        flight
17374            .iter_mut()
17375            .for_each(|(_, si)| si.from = "127.0.0.1:9292".parse().unwrap());
17376        assert_eq!(testing::process_flight(&mut pipe.client, flight), Ok(()));
17377        assert_eq!(pipe.client.paths.len(), 1);
17378    }
17379
17380    #[rstest]
17381    fn path_validation_limited_mtu(
17382        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17383    ) {
17384        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17385        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17386        config
17387            .load_cert_chain_from_pem_file("examples/cert.crt")
17388            .unwrap();
17389        config
17390            .load_priv_key_from_pem_file("examples/cert.key")
17391            .unwrap();
17392        config
17393            .set_application_protos(&[b"proto1", b"proto2"])
17394            .unwrap();
17395        config.verify_peer(false);
17396        config.set_active_connection_id_limit(2);
17397
17398        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
17399
17400        let server_addr = testing::Pipe::server_addr();
17401        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17402        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17403        // Limited MTU of 1199 bytes for some reason.
17404        testing::process_flight(
17405            &mut pipe.server,
17406            testing::emit_flight_with_max_buffer(
17407                &mut pipe.client,
17408                1199,
17409                None,
17410                None,
17411            )
17412            .expect("no packet"),
17413        )
17414        .expect("error when processing client packets");
17415        testing::process_flight(
17416            &mut pipe.client,
17417            testing::emit_flight(&mut pipe.server).expect("no packet"),
17418        )
17419        .expect("error when processing client packets");
17420        let probed_pid = pipe
17421            .client
17422            .paths
17423            .path_id_from_addrs(&(client_addr_2, server_addr))
17424            .unwrap();
17425        assert!(!pipe.client.paths.get(probed_pid).unwrap().validated(),);
17426        assert_eq!(pipe.client.path_event_next(), None);
17427        // Now let the client probe at its MTU.
17428        assert_eq!(pipe.advance(), Ok(()));
17429        assert!(pipe.client.paths.get(probed_pid).unwrap().validated());
17430        assert_eq!(
17431            pipe.client.path_event_next(),
17432            Some(PathEvent::Validated(client_addr_2, server_addr))
17433        );
17434    }
17435
17436    #[rstest]
17437    fn path_probing_dos(
17438        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17439    ) {
17440        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17441        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17442        config
17443            .load_cert_chain_from_pem_file("examples/cert.crt")
17444            .unwrap();
17445        config
17446            .load_priv_key_from_pem_file("examples/cert.key")
17447            .unwrap();
17448        config
17449            .set_application_protos(&[b"proto1", b"proto2"])
17450            .unwrap();
17451        config.verify_peer(false);
17452        config.set_active_connection_id_limit(2);
17453
17454        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
17455
17456        let server_addr = testing::Pipe::server_addr();
17457        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17458        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17459
17460        assert_eq!(pipe.advance(), Ok(()));
17461
17462        // The path should be validated at some point.
17463        assert_eq!(
17464            pipe.client.path_event_next(),
17465            Some(PathEvent::Validated(client_addr_2, server_addr))
17466        );
17467        assert_eq!(pipe.client.path_event_next(), None);
17468
17469        // The server should be notified of this new path.
17470        assert_eq!(
17471            pipe.server.path_event_next(),
17472            Some(PathEvent::New(server_addr, client_addr_2))
17473        );
17474        assert_eq!(
17475            pipe.server.path_event_next(),
17476            Some(PathEvent::Validated(server_addr, client_addr_2))
17477        );
17478        assert_eq!(pipe.server.path_event_next(), None);
17479
17480        assert_eq!(pipe.server.paths.len(), 2);
17481
17482        // Now forge a packet reusing the unverified path's CID over another
17483        // 4-tuple.
17484        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17485        let client_addr_3 = "127.0.0.1:9012".parse().unwrap();
17486        let mut flight =
17487            testing::emit_flight(&mut pipe.client).expect("no generated packet");
17488        flight
17489            .iter_mut()
17490            .for_each(|(_, si)| si.from = client_addr_3);
17491        testing::process_flight(&mut pipe.server, flight)
17492            .expect("failed to process");
17493        assert_eq!(pipe.server.paths.len(), 2);
17494        assert_eq!(
17495            pipe.server.path_event_next(),
17496            Some(PathEvent::ReusedSourceConnectionId(
17497                1,
17498                (server_addr, client_addr_2),
17499                (server_addr, client_addr_3)
17500            ))
17501        );
17502        assert_eq!(pipe.server.path_event_next(), None);
17503    }
17504
17505    #[rstest]
17506    fn retiring_active_path_dcid(
17507        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17508    ) {
17509        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17510        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17511        config
17512            .load_cert_chain_from_pem_file("examples/cert.crt")
17513            .unwrap();
17514        config
17515            .load_priv_key_from_pem_file("examples/cert.key")
17516            .unwrap();
17517        config
17518            .set_application_protos(&[b"proto1", b"proto2"])
17519            .unwrap();
17520        config.verify_peer(false);
17521        config.set_active_connection_id_limit(2);
17522
17523        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
17524        let server_addr = testing::Pipe::server_addr();
17525        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17526        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17527
17528        assert_eq!(pipe.client.retire_dcid(0), Err(Error::OutOfIdentifiers));
17529    }
17530
17531    #[rstest]
17532    fn send_on_path_test(
17533        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17534    ) {
17535        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17536        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17537        config
17538            .load_cert_chain_from_pem_file("examples/cert.crt")
17539            .unwrap();
17540        config
17541            .load_priv_key_from_pem_file("examples/cert.key")
17542            .unwrap();
17543        config
17544            .set_application_protos(&[b"proto1", b"proto2"])
17545            .unwrap();
17546        config.verify_peer(false);
17547        config.set_initial_max_data(100000);
17548        config.set_initial_max_stream_data_bidi_local(100000);
17549        config.set_initial_max_stream_data_bidi_remote(100000);
17550        config.set_initial_max_streams_bidi(2);
17551        config.set_active_connection_id_limit(4);
17552
17553        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 3);
17554
17555        let server_addr = testing::Pipe::server_addr();
17556        let client_addr = testing::Pipe::client_addr();
17557        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17558        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17559
17560        let mut buf = [0; 65535];
17561        // There is nothing to send on the initial path.
17562        assert_eq!(
17563            pipe.client.send_on_path(
17564                &mut buf,
17565                Some(client_addr),
17566                Some(server_addr)
17567            ),
17568            Err(Error::Done)
17569        );
17570
17571        // Client should send padded PATH_CHALLENGE.
17572        let (sent, si) = pipe
17573            .client
17574            .send_on_path(&mut buf, Some(client_addr_2), Some(server_addr))
17575            .expect("No error");
17576        assert_eq!(sent, MIN_CLIENT_INITIAL_LEN);
17577        assert_eq!(si.from, client_addr_2);
17578        assert_eq!(si.to, server_addr);
17579
17580        let ri = RecvInfo {
17581            to: si.to,
17582            from: si.from,
17583        };
17584        assert_eq!(pipe.server.recv(&mut buf[..sent], ri), Ok(sent));
17585
17586        let stats = pipe.server.stats();
17587        assert_eq!(stats.path_challenge_rx_count, 1);
17588
17589        // A non-existing 4-tuple raises an InvalidState.
17590        let client_addr_3 = "127.0.0.1:9012".parse().unwrap();
17591        let server_addr_2 = "127.0.0.1:9876".parse().unwrap();
17592        assert_eq!(
17593            pipe.client.send_on_path(
17594                &mut buf,
17595                Some(client_addr_3),
17596                Some(server_addr)
17597            ),
17598            Err(Error::InvalidState)
17599        );
17600        assert_eq!(
17601            pipe.client.send_on_path(
17602                &mut buf,
17603                Some(client_addr),
17604                Some(server_addr_2)
17605            ),
17606            Err(Error::InvalidState)
17607        );
17608
17609        // Let's introduce some additional path challenges and data exchange.
17610        assert_eq!(pipe.client.probe_path(client_addr, server_addr_2), Ok(2));
17611        assert_eq!(pipe.client.probe_path(client_addr_3, server_addr), Ok(3));
17612        // Just to fit in two packets.
17613        assert_eq!(pipe.client.stream_send(0, &buf[..1201], true), Ok(1201));
17614
17615        // PATH_CHALLENGE
17616        let (sent, si) = pipe
17617            .client
17618            .send_on_path(&mut buf, Some(client_addr), None)
17619            .expect("No error");
17620        assert_eq!(sent, MIN_CLIENT_INITIAL_LEN);
17621        assert_eq!(si.from, client_addr);
17622        assert_eq!(si.to, server_addr_2);
17623
17624        let ri = RecvInfo {
17625            to: si.to,
17626            from: si.from,
17627        };
17628        assert_eq!(pipe.server.recv(&mut buf[..sent], ri), Ok(sent));
17629
17630        let stats = pipe.server.stats();
17631        assert_eq!(stats.path_challenge_rx_count, 2);
17632
17633        // STREAM frame on active path.
17634        let (sent, si) = pipe
17635            .client
17636            .send_on_path(&mut buf, Some(client_addr), None)
17637            .expect("No error");
17638        assert_eq!(si.from, client_addr);
17639        assert_eq!(si.to, server_addr);
17640
17641        let ri = RecvInfo {
17642            to: si.to,
17643            from: si.from,
17644        };
17645        assert_eq!(pipe.server.recv(&mut buf[..sent], ri), Ok(sent));
17646
17647        let stats = pipe.server.stats();
17648        assert_eq!(stats.path_challenge_rx_count, 2);
17649
17650        // PATH_CHALLENGE
17651        let (sent, si) = pipe
17652            .client
17653            .send_on_path(&mut buf, None, Some(server_addr))
17654            .expect("No error");
17655        assert_eq!(sent, MIN_CLIENT_INITIAL_LEN);
17656        assert_eq!(si.from, client_addr_3);
17657        assert_eq!(si.to, server_addr);
17658
17659        let ri = RecvInfo {
17660            to: si.to,
17661            from: si.from,
17662        };
17663        assert_eq!(pipe.server.recv(&mut buf[..sent], ri), Ok(sent));
17664
17665        let stats = pipe.server.stats();
17666        assert_eq!(stats.path_challenge_rx_count, 3);
17667
17668        // STREAM frame on active path.
17669        let (sent, si) = pipe
17670            .client
17671            .send_on_path(&mut buf, None, Some(server_addr))
17672            .expect("No error");
17673        assert_eq!(si.from, client_addr);
17674        assert_eq!(si.to, server_addr);
17675
17676        let ri = RecvInfo {
17677            to: si.to,
17678            from: si.from,
17679        };
17680        assert_eq!(pipe.server.recv(&mut buf[..sent], ri), Ok(sent));
17681
17682        // No more data to exchange leads to Error::Done.
17683        assert_eq!(
17684            pipe.client.send_on_path(&mut buf, Some(client_addr), None),
17685            Err(Error::Done)
17686        );
17687        assert_eq!(
17688            pipe.client.send_on_path(&mut buf, None, Some(server_addr)),
17689            Err(Error::Done)
17690        );
17691
17692        assert_eq!(pipe.advance(), Ok(()));
17693
17694        let mut v1 = pipe.client.paths_iter(client_addr).collect::<Vec<_>>();
17695        let mut v2 = vec![server_addr, server_addr_2];
17696
17697        v1.sort();
17698        v2.sort();
17699
17700        assert_eq!(v1, v2);
17701
17702        let mut v1 = pipe.client.paths_iter(client_addr_2).collect::<Vec<_>>();
17703        let mut v2 = vec![server_addr];
17704
17705        v1.sort();
17706        v2.sort();
17707
17708        assert_eq!(v1, v2);
17709
17710        let mut v1 = pipe.client.paths_iter(client_addr_3).collect::<Vec<_>>();
17711        let mut v2 = vec![server_addr];
17712
17713        v1.sort();
17714        v2.sort();
17715
17716        assert_eq!(v1, v2);
17717
17718        let stats = pipe.server.stats();
17719        assert_eq!(stats.path_challenge_rx_count, 3);
17720    }
17721
17722    #[rstest]
17723    fn connection_migration(
17724        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17725    ) {
17726        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17727        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17728        config
17729            .load_cert_chain_from_pem_file("examples/cert.crt")
17730            .unwrap();
17731        config
17732            .load_priv_key_from_pem_file("examples/cert.key")
17733            .unwrap();
17734        config
17735            .set_application_protos(&[b"proto1", b"proto2"])
17736            .unwrap();
17737        config.verify_peer(false);
17738        config.set_active_connection_id_limit(3);
17739        config.set_initial_max_data(30);
17740        config.set_initial_max_stream_data_bidi_local(15);
17741        config.set_initial_max_stream_data_bidi_remote(15);
17742        config.set_initial_max_stream_data_uni(10);
17743        config.set_initial_max_streams_bidi(3);
17744
17745        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 2);
17746
17747        let server_addr = testing::Pipe::server_addr();
17748        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17749        let client_addr_3 = "127.0.0.1:9012".parse().unwrap();
17750        let client_addr_4 = "127.0.0.1:8908".parse().unwrap();
17751
17752        // Case 1: the client first probes the new address, the server too, and
17753        // then migrates.
17754        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
17755        assert_eq!(pipe.advance(), Ok(()));
17756        assert_eq!(
17757            pipe.client.path_event_next(),
17758            Some(PathEvent::Validated(client_addr_2, server_addr))
17759        );
17760        assert_eq!(pipe.client.path_event_next(), None);
17761        assert_eq!(
17762            pipe.server.path_event_next(),
17763            Some(PathEvent::New(server_addr, client_addr_2))
17764        );
17765        assert_eq!(
17766            pipe.server.path_event_next(),
17767            Some(PathEvent::Validated(server_addr, client_addr_2))
17768        );
17769        assert_eq!(
17770            pipe.client.is_path_validated(client_addr_2, server_addr),
17771            Ok(true)
17772        );
17773        assert_eq!(
17774            pipe.server.is_path_validated(server_addr, client_addr_2),
17775            Ok(true)
17776        );
17777        // The server can never initiates the connection migration.
17778        assert_eq!(
17779            pipe.server.migrate(server_addr, client_addr_2),
17780            Err(Error::InvalidState)
17781        );
17782        assert_eq!(pipe.client.migrate(client_addr_2, server_addr), Ok(1));
17783        assert_eq!(pipe.client.stream_send(0, b"data", true), Ok(4));
17784        assert_eq!(pipe.advance(), Ok(()));
17785        assert_eq!(
17786            pipe.client
17787                .paths
17788                .get_active()
17789                .expect("no active")
17790                .local_addr(),
17791            client_addr_2
17792        );
17793        assert_eq!(
17794            pipe.client
17795                .paths
17796                .get_active()
17797                .expect("no active")
17798                .peer_addr(),
17799            server_addr
17800        );
17801        assert_eq!(
17802            pipe.server.path_event_next(),
17803            Some(PathEvent::PeerMigrated(server_addr, client_addr_2))
17804        );
17805        assert_eq!(pipe.server.path_event_next(), None);
17806        assert_eq!(
17807            pipe.server
17808                .paths
17809                .get_active()
17810                .expect("no active")
17811                .local_addr(),
17812            server_addr
17813        );
17814        assert_eq!(
17815            pipe.server
17816                .paths
17817                .get_active()
17818                .expect("no active")
17819                .peer_addr(),
17820            client_addr_2
17821        );
17822
17823        // Case 2: the client migrates on a path that was not previously
17824        // validated, and has spare SCIDs/DCIDs to do so.
17825        assert_eq!(pipe.client.migrate(client_addr_3, server_addr), Ok(2));
17826        assert_eq!(pipe.client.stream_send(4, b"data", true), Ok(4));
17827        assert_eq!(pipe.advance(), Ok(()));
17828        assert_eq!(
17829            pipe.client
17830                .paths
17831                .get_active()
17832                .expect("no active")
17833                .local_addr(),
17834            client_addr_3
17835        );
17836        assert_eq!(
17837            pipe.client
17838                .paths
17839                .get_active()
17840                .expect("no active")
17841                .peer_addr(),
17842            server_addr
17843        );
17844        assert_eq!(
17845            pipe.server.path_event_next(),
17846            Some(PathEvent::New(server_addr, client_addr_3))
17847        );
17848        assert_eq!(
17849            pipe.server.path_event_next(),
17850            Some(PathEvent::Validated(server_addr, client_addr_3))
17851        );
17852        assert_eq!(
17853            pipe.server.path_event_next(),
17854            Some(PathEvent::PeerMigrated(server_addr, client_addr_3))
17855        );
17856        assert_eq!(pipe.server.path_event_next(), None);
17857        assert_eq!(
17858            pipe.server
17859                .paths
17860                .get_active()
17861                .expect("no active")
17862                .local_addr(),
17863            server_addr
17864        );
17865        assert_eq!(
17866            pipe.server
17867                .paths
17868                .get_active()
17869                .expect("no active")
17870                .peer_addr(),
17871            client_addr_3
17872        );
17873
17874        // Case 3: the client tries to migrate on the current active path.
17875        // This is not an error, but it triggers nothing.
17876        assert_eq!(pipe.client.migrate(client_addr_3, server_addr), Ok(2));
17877        assert_eq!(pipe.client.stream_send(8, b"data", true), Ok(4));
17878        assert_eq!(pipe.advance(), Ok(()));
17879        assert_eq!(pipe.client.path_event_next(), None);
17880        assert_eq!(
17881            pipe.client
17882                .paths
17883                .get_active()
17884                .expect("no active")
17885                .local_addr(),
17886            client_addr_3
17887        );
17888        assert_eq!(
17889            pipe.client
17890                .paths
17891                .get_active()
17892                .expect("no active")
17893                .peer_addr(),
17894            server_addr
17895        );
17896        assert_eq!(pipe.server.path_event_next(), None);
17897        assert_eq!(
17898            pipe.server
17899                .paths
17900                .get_active()
17901                .expect("no active")
17902                .local_addr(),
17903            server_addr
17904        );
17905        assert_eq!(
17906            pipe.server
17907                .paths
17908                .get_active()
17909                .expect("no active")
17910                .peer_addr(),
17911            client_addr_3
17912        );
17913
17914        // Case 4: the client tries to migrate on a path that was not previously
17915        // validated, and has no spare SCIDs/DCIDs. Prevent active migration.
17916        assert_eq!(
17917            pipe.client.migrate(client_addr_4, server_addr),
17918            Err(Error::OutOfIdentifiers)
17919        );
17920        assert_eq!(
17921            pipe.client
17922                .paths
17923                .get_active()
17924                .expect("no active")
17925                .local_addr(),
17926            client_addr_3
17927        );
17928        assert_eq!(
17929            pipe.client
17930                .paths
17931                .get_active()
17932                .expect("no active")
17933                .peer_addr(),
17934            server_addr
17935        );
17936    }
17937
17938    #[rstest]
17939    fn connection_migration_zero_length_cid(
17940        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
17941    ) {
17942        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
17943        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
17944        config
17945            .load_cert_chain_from_pem_file("examples/cert.crt")
17946            .unwrap();
17947        config
17948            .load_priv_key_from_pem_file("examples/cert.key")
17949            .unwrap();
17950        config
17951            .set_application_protos(&[b"proto1", b"proto2"])
17952            .unwrap();
17953        config.verify_peer(false);
17954        config.set_active_connection_id_limit(2);
17955        config.set_initial_max_data(30);
17956        config.set_initial_max_stream_data_bidi_local(15);
17957        config.set_initial_max_stream_data_bidi_remote(15);
17958        config.set_initial_max_stream_data_uni(10);
17959        config.set_initial_max_streams_bidi(3);
17960
17961        let mut pipe = pipe_with_exchanged_cids(&mut config, 0, 16, 1);
17962
17963        let server_addr = testing::Pipe::server_addr();
17964        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
17965
17966        // The client migrates on a path that was not previously
17967        // validated, and has spare SCIDs/DCIDs to do so.
17968        assert_eq!(pipe.client.migrate(client_addr_2, server_addr), Ok(1));
17969        assert_eq!(pipe.client.stream_send(4, b"data", true), Ok(4));
17970        assert_eq!(pipe.advance(), Ok(()));
17971        assert_eq!(
17972            pipe.client
17973                .paths
17974                .get_active()
17975                .expect("no active")
17976                .local_addr(),
17977            client_addr_2
17978        );
17979        assert_eq!(
17980            pipe.client
17981                .paths
17982                .get_active()
17983                .expect("no active")
17984                .peer_addr(),
17985            server_addr
17986        );
17987        assert_eq!(
17988            pipe.server.path_event_next(),
17989            Some(PathEvent::New(server_addr, client_addr_2))
17990        );
17991        assert_eq!(
17992            pipe.server.path_event_next(),
17993            Some(PathEvent::Validated(server_addr, client_addr_2))
17994        );
17995        assert_eq!(
17996            pipe.server.path_event_next(),
17997            Some(PathEvent::PeerMigrated(server_addr, client_addr_2))
17998        );
17999        assert_eq!(pipe.server.path_event_next(), None);
18000        assert_eq!(
18001            pipe.server
18002                .paths
18003                .get_active()
18004                .expect("no active")
18005                .local_addr(),
18006            server_addr
18007        );
18008        assert_eq!(
18009            pipe.server
18010                .paths
18011                .get_active()
18012                .expect("no active")
18013                .peer_addr(),
18014            client_addr_2
18015        );
18016    }
18017
18018    #[rstest]
18019    fn connection_migration_reordered_non_probing(
18020        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18021    ) {
18022        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18023        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18024        config
18025            .load_cert_chain_from_pem_file("examples/cert.crt")
18026            .unwrap();
18027        config
18028            .load_priv_key_from_pem_file("examples/cert.key")
18029            .unwrap();
18030        config
18031            .set_application_protos(&[b"proto1", b"proto2"])
18032            .unwrap();
18033        config.verify_peer(false);
18034        config.set_active_connection_id_limit(2);
18035        config.set_initial_max_data(30);
18036        config.set_initial_max_stream_data_bidi_local(15);
18037        config.set_initial_max_stream_data_bidi_remote(15);
18038        config.set_initial_max_stream_data_uni(10);
18039        config.set_initial_max_streams_bidi(3);
18040
18041        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
18042
18043        let client_addr = testing::Pipe::client_addr();
18044        let server_addr = testing::Pipe::server_addr();
18045        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
18046
18047        assert_eq!(pipe.client.probe_path(client_addr_2, server_addr), Ok(1));
18048        assert_eq!(pipe.advance(), Ok(()));
18049        assert_eq!(
18050            pipe.client.path_event_next(),
18051            Some(PathEvent::Validated(client_addr_2, server_addr))
18052        );
18053        assert_eq!(pipe.client.path_event_next(), None);
18054        assert_eq!(
18055            pipe.server.path_event_next(),
18056            Some(PathEvent::New(server_addr, client_addr_2))
18057        );
18058        assert_eq!(
18059            pipe.server.path_event_next(),
18060            Some(PathEvent::Validated(server_addr, client_addr_2))
18061        );
18062        assert_eq!(pipe.server.path_event_next(), None);
18063
18064        // A first flight sent from secondary address.
18065        assert_eq!(pipe.client.stream_send(0, b"data", true), Ok(4));
18066        let mut first = testing::emit_flight(&mut pipe.client).unwrap();
18067        first.iter_mut().for_each(|(_, si)| si.from = client_addr_2);
18068        // A second one, but sent from the original one.
18069        assert_eq!(pipe.client.stream_send(4, b"data", true), Ok(4));
18070        let second = testing::emit_flight(&mut pipe.client).unwrap();
18071        // Second flight is received before first one.
18072        assert_eq!(testing::process_flight(&mut pipe.server, second), Ok(()));
18073        assert_eq!(testing::process_flight(&mut pipe.server, first), Ok(()));
18074
18075        // Server does not perform connection migration because of packet
18076        // reordering.
18077        assert_eq!(pipe.server.path_event_next(), None);
18078        assert_eq!(
18079            pipe.server
18080                .paths
18081                .get_active()
18082                .expect("no active")
18083                .peer_addr(),
18084            client_addr
18085        );
18086    }
18087
18088    #[rstest]
18089    fn resilience_against_migration_attack(
18090        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18091    ) {
18092        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18093        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18094        config
18095            .load_cert_chain_from_pem_file("examples/cert.crt")
18096            .unwrap();
18097        config
18098            .load_priv_key_from_pem_file("examples/cert.key")
18099            .unwrap();
18100        config
18101            .set_application_protos(&[b"proto1", b"proto2"])
18102            .unwrap();
18103        config.verify_peer(false);
18104        config.set_active_connection_id_limit(3);
18105        config.set_initial_max_data(100000);
18106        config.set_initial_max_stream_data_bidi_local(100000);
18107        config.set_initial_max_stream_data_bidi_remote(100000);
18108        config.set_initial_max_streams_bidi(2);
18109
18110        let mut pipe = pipe_with_exchanged_cids(&mut config, 16, 16, 1);
18111
18112        let client_addr = testing::Pipe::client_addr();
18113        let server_addr = testing::Pipe::server_addr();
18114        let spoofed_client_addr = "127.0.0.1:6666".parse().unwrap();
18115
18116        const DATA_BYTES: usize = 24000;
18117        let buf = [42; DATA_BYTES];
18118        let mut recv_buf = [0; DATA_BYTES];
18119        let send1_bytes = pipe.server.stream_send(1, &buf, true).unwrap();
18120        assert_eq!(send1_bytes, match cc_algorithm_name {
18121            #[cfg(feature = "openssl")]
18122            "bbr2" => 14041,
18123            #[cfg(not(feature = "openssl"))]
18124            "bbr2" => 13955,
18125            #[cfg(feature = "openssl")]
18126            "bbr2_gcongestion" => 13966,
18127            #[cfg(not(feature = "openssl"))]
18128            "bbr2_gcongestion" => 13880,
18129            _ => 12000,
18130        });
18131        assert_eq!(
18132            testing::process_flight(
18133                &mut pipe.client,
18134                testing::emit_flight(&mut pipe.server).unwrap()
18135            ),
18136            Ok(())
18137        );
18138        let (rcv_data_1, _) = pipe.client.stream_recv(1, &mut recv_buf).unwrap();
18139
18140        // Fake the source address of client.
18141        let mut faked_addr_flight =
18142            testing::emit_flight(&mut pipe.client).unwrap();
18143        faked_addr_flight
18144            .iter_mut()
18145            .for_each(|(_, si)| si.from = spoofed_client_addr);
18146        assert_eq!(
18147            testing::process_flight(&mut pipe.server, faked_addr_flight),
18148            Ok(())
18149        );
18150        assert_eq!(
18151            pipe.server.stream_send(1, &buf[send1_bytes..], true),
18152            Ok(24000 - send1_bytes)
18153        );
18154        assert_eq!(
18155            pipe.server.path_event_next(),
18156            Some(PathEvent::ReusedSourceConnectionId(
18157                0,
18158                (server_addr, client_addr),
18159                (server_addr, spoofed_client_addr)
18160            ))
18161        );
18162        assert_eq!(
18163            pipe.server.path_event_next(),
18164            Some(PathEvent::New(server_addr, spoofed_client_addr))
18165        );
18166
18167        assert_eq!(
18168            pipe.server.is_path_validated(server_addr, client_addr),
18169            Ok(true)
18170        );
18171        assert_eq!(
18172            pipe.server
18173                .is_path_validated(server_addr, spoofed_client_addr),
18174            Ok(false)
18175        );
18176
18177        // The client creates the PATH CHALLENGE, but it is always lost.
18178        testing::emit_flight(&mut pipe.server).unwrap();
18179
18180        // Wait until probing timer expires. Since the RTT is very low,
18181        // wait a bit more.
18182        let probed_pid = pipe
18183            .server
18184            .paths
18185            .path_id_from_addrs(&(server_addr, spoofed_client_addr))
18186            .unwrap();
18187        let probe_instant = pipe
18188            .server
18189            .paths
18190            .get(probed_pid)
18191            .unwrap()
18192            .recovery
18193            .loss_detection_timer()
18194            .unwrap();
18195        let timer = probe_instant.duration_since(time::Instant::now());
18196        std::thread::sleep(timer + time::Duration::from_millis(1));
18197
18198        pipe.server.on_timeout();
18199
18200        // Because of the small ACK size, the server cannot send more to the
18201        // client. Fallback on the previous active path.
18202        assert_eq!(
18203            pipe.server.path_event_next(),
18204            Some(PathEvent::FailedValidation(
18205                server_addr,
18206                spoofed_client_addr
18207            ))
18208        );
18209
18210        assert_eq!(
18211            pipe.server.is_path_validated(server_addr, client_addr),
18212            Ok(true)
18213        );
18214        assert_eq!(
18215            pipe.server
18216                .is_path_validated(server_addr, spoofed_client_addr),
18217            Ok(false)
18218        );
18219
18220        let server_active_path = pipe.server.paths.get_active().unwrap();
18221        assert_eq!(server_active_path.local_addr(), server_addr);
18222        assert_eq!(server_active_path.peer_addr(), client_addr);
18223        assert_eq!(pipe.advance(), Ok(()));
18224        let (rcv_data_2, fin) =
18225            pipe.client.stream_recv(1, &mut recv_buf).unwrap();
18226        assert!(fin);
18227        assert_eq!(rcv_data_1 + rcv_data_2, DATA_BYTES);
18228    }
18229
18230    #[rstest]
18231    fn consecutive_non_ack_eliciting(
18232        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18233    ) {
18234        let mut buf = [0; 65535];
18235
18236        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
18237        assert_eq!(pipe.handshake(), Ok(()));
18238
18239        // Client sends a bunch of PING frames, causing server to ACK (ACKs aren't
18240        // ack-eliciting)
18241        let frames = [frame::Frame::Ping { mtu_probe: None }];
18242        let pkt_type = packet::Type::Short;
18243        for _ in 0..24 {
18244            let len = pipe
18245                .send_pkt_to_server(pkt_type, &frames, &mut buf)
18246                .unwrap();
18247            assert!(len > 0);
18248
18249            let frames =
18250                testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18251            assert!(
18252                frames
18253                    .iter()
18254                    .all(|frame| matches!(frame, frame::Frame::ACK { .. })),
18255                "ACK only"
18256            );
18257        }
18258
18259        // After 24 non-ack-eliciting, an ACK is explicitly elicited with a PING
18260        let len = pipe
18261            .send_pkt_to_server(pkt_type, &frames, &mut buf)
18262            .unwrap();
18263        assert!(len > 0);
18264
18265        let frames =
18266            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18267        assert!(
18268            frames
18269                .iter()
18270                .any(|frame| matches!(frame, frame::Frame::Ping {
18271                    mtu_probe: None
18272                })),
18273            "found a PING"
18274        );
18275    }
18276
18277    #[rstest]
18278    fn send_ack_eliciting_causes_ping(
18279        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18280    ) {
18281        // First establish a connection
18282        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
18283        assert_eq!(pipe.handshake(), Ok(()));
18284
18285        // Queue a PING frame
18286        pipe.server.send_ack_eliciting().unwrap();
18287
18288        // Make sure ping is sent
18289        let mut buf = [0; 1500];
18290        let (len, _) = pipe.server.send(&mut buf).unwrap();
18291
18292        let frames =
18293            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18294        let mut iter = frames.iter();
18295
18296        assert_eq!(iter.next(), Some(&frame::Frame::Ping { mtu_probe: None }));
18297    }
18298
18299    #[rstest]
18300    fn send_ack_eliciting_no_ping(
18301        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18302    ) {
18303        // First establish a connection
18304        let mut pipe = testing::Pipe::new(cc_algorithm_name).unwrap();
18305        assert_eq!(pipe.handshake(), Ok(()));
18306
18307        // Queue a PING frame
18308        pipe.server.send_ack_eliciting().unwrap();
18309
18310        // Send a stream frame, which is ACK-eliciting to make sure the ping is
18311        // not sent
18312        assert_eq!(pipe.server.stream_send(1, b"a", false), Ok(1));
18313
18314        // Make sure ping is not sent
18315        let mut buf = [0; 1500];
18316        let (len, _) = pipe.server.send(&mut buf).unwrap();
18317
18318        let frames =
18319            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18320        let mut iter = frames.iter();
18321
18322        assert!(matches!(
18323            iter.next(),
18324            Some(&frame::Frame::Stream {
18325                stream_id: 1,
18326                data: _
18327            })
18328        ));
18329        assert!(iter.next().is_none());
18330    }
18331
18332    /// Tests that streams do not keep being "writable" after being collected
18333    /// on reset.
18334    #[rstest]
18335    fn stop_sending_stream_send_after_reset_stream_ack(
18336        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18337    ) {
18338        let mut b = [0; 15];
18339
18340        let mut buf = [0; 65535];
18341
18342        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18343        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18344        config
18345            .load_cert_chain_from_pem_file("examples/cert.crt")
18346            .unwrap();
18347        config
18348            .load_priv_key_from_pem_file("examples/cert.key")
18349            .unwrap();
18350        config
18351            .set_application_protos(&[b"proto1", b"proto2"])
18352            .unwrap();
18353        config.set_initial_max_data(999999999);
18354        config.set_initial_max_stream_data_bidi_local(30);
18355        config.set_initial_max_stream_data_bidi_remote(30);
18356        config.set_initial_max_stream_data_uni(30);
18357        config.set_initial_max_streams_bidi(1000);
18358        config.set_initial_max_streams_uni(0);
18359        config.verify_peer(false);
18360
18361        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
18362        assert_eq!(pipe.handshake(), Ok(()));
18363
18364        assert_eq!(pipe.server.streams.len(), 0);
18365        assert_eq!(pipe.server.readable().len(), 0);
18366        assert_eq!(pipe.server.writable().len(), 0);
18367
18368        // Client opens a load of streams
18369        assert_eq!(pipe.client.stream_send(0, b"hello", true), Ok(5));
18370        assert_eq!(pipe.client.stream_send(4, b"hello", true), Ok(5));
18371        assert_eq!(pipe.client.stream_send(8, b"hello", true), Ok(5));
18372        assert_eq!(pipe.client.stream_send(12, b"hello", true), Ok(5));
18373        assert_eq!(pipe.client.stream_send(16, b"hello", true), Ok(5));
18374        assert_eq!(pipe.client.stream_send(20, b"hello", true), Ok(5));
18375        assert_eq!(pipe.client.stream_send(24, b"hello", true), Ok(5));
18376        assert_eq!(pipe.client.stream_send(28, b"hello", true), Ok(5));
18377        assert_eq!(pipe.client.stream_send(32, b"hello", true), Ok(5));
18378        assert_eq!(pipe.client.stream_send(36, b"hello", true), Ok(5));
18379        assert_eq!(pipe.advance(), Ok(()));
18380
18381        // Server iterators are populated
18382        let mut r = pipe.server.readable();
18383        assert_eq!(r.len(), 10);
18384        assert_eq!(r.next(), Some(0));
18385        assert_eq!(r.next(), Some(4));
18386        assert_eq!(r.next(), Some(8));
18387        assert_eq!(r.next(), Some(12));
18388        assert_eq!(r.next(), Some(16));
18389        assert_eq!(r.next(), Some(20));
18390        assert_eq!(r.next(), Some(24));
18391        assert_eq!(r.next(), Some(28));
18392        assert_eq!(r.next(), Some(32));
18393        assert_eq!(r.next(), Some(36));
18394
18395        assert_eq!(r.next(), None);
18396
18397        let mut w = pipe.server.writable();
18398        assert_eq!(w.len(), 10);
18399        assert_eq!(w.next(), Some(0));
18400        assert_eq!(w.next(), Some(4));
18401        assert_eq!(w.next(), Some(8));
18402        assert_eq!(w.next(), Some(12));
18403        assert_eq!(w.next(), Some(16));
18404        assert_eq!(w.next(), Some(20));
18405        assert_eq!(w.next(), Some(24));
18406        assert_eq!(w.next(), Some(28));
18407        assert_eq!(w.next(), Some(32));
18408        assert_eq!(w.next(), Some(36));
18409        assert_eq!(w.next(), None);
18410
18411        // Read one stream
18412        assert_eq!(pipe.server.stream_recv(0, &mut b), Ok((5, true)));
18413        assert!(pipe.server.stream_finished(0));
18414
18415        assert_eq!(pipe.server.readable().len(), 9);
18416        assert_eq!(pipe.server.writable().len(), 10);
18417
18418        assert_eq!(pipe.server.stream_writable(0, 0), Ok(true));
18419
18420        // Server sends data on stream 0, until blocked.
18421        while pipe.server.stream_send(0, b"world", false) != Err(Error::Done) {
18422            assert_eq!(pipe.advance(), Ok(()));
18423        }
18424
18425        assert_eq!(pipe.server.writable().len(), 9);
18426        assert_eq!(pipe.server.stream_writable(0, 0), Ok(true));
18427
18428        // Client sends STOP_SENDING.
18429        let frames = [frame::Frame::StopSending {
18430            stream_id: 0,
18431            error_code: 42,
18432        }];
18433
18434        let pkt_type = packet::Type::Short;
18435        let len = pipe
18436            .send_pkt_to_server(pkt_type, &frames, &mut buf)
18437            .unwrap();
18438
18439        // Server sent a RESET_STREAM frame in response.
18440        let frames =
18441            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18442
18443        let mut iter = frames.iter();
18444
18445        // Skip ACK frame.
18446        iter.next();
18447
18448        assert_eq!(
18449            iter.next(),
18450            Some(&frame::Frame::ResetStream {
18451                stream_id: 0,
18452                error_code: 42,
18453                final_size: 30,
18454            })
18455        );
18456
18457        // Stream 0 is now writable in order to make apps aware of STOP_SENDING
18458        // via returning an error.
18459        let mut w = pipe.server.writable();
18460        assert_eq!(w.len(), 10);
18461
18462        assert!(w.any(|s| s == 0));
18463        assert_eq!(
18464            pipe.server.stream_writable(0, 1),
18465            Err(Error::StreamStopped(42))
18466        );
18467
18468        assert_eq!(pipe.server.writable().len(), 10);
18469        assert_eq!(pipe.server.streams.len(), 10);
18470
18471        // Client acks RESET_STREAM frame.
18472        let mut ranges = ranges::RangeSet::default();
18473        ranges.insert(0..12);
18474
18475        let frames = [frame::Frame::ACK {
18476            ack_delay: 15,
18477            ranges,
18478            ecn_counts: None,
18479        }];
18480
18481        assert_eq!(pipe.send_pkt_to_server(pkt_type, &frames, &mut buf), Ok(0));
18482
18483        // Stream is collected on the server after RESET_STREAM is acked.
18484        assert_eq!(pipe.server.streams.len(), 9);
18485
18486        // Sending STOP_SENDING again shouldn't trigger RESET_STREAM again.
18487        let frames = [frame::Frame::StopSending {
18488            stream_id: 0,
18489            error_code: 42,
18490        }];
18491
18492        let len = pipe
18493            .send_pkt_to_server(pkt_type, &frames, &mut buf)
18494            .unwrap();
18495
18496        let frames =
18497            testing::decode_pkt(&mut pipe.client, &mut buf[..len]).unwrap();
18498
18499        assert_eq!(frames.len(), 1);
18500
18501        match frames.first() {
18502            Some(frame::Frame::ACK { .. }) => (),
18503
18504            f => panic!("expected ACK frame, got {:?}", f),
18505        };
18506
18507        assert_eq!(pipe.server.streams.len(), 9);
18508
18509        // Stream 0 has been collected and must not be writable anymore.
18510        let mut w = pipe.server.writable();
18511        assert_eq!(w.len(), 9);
18512        assert!(!w.any(|s| s == 0));
18513
18514        // If we called send before the client ACK of reset stream, it would
18515        // have failed with StreamStopped.
18516        assert_eq!(pipe.server.stream_send(0, b"world", true), Err(Error::Done),);
18517
18518        // Stream 0 is still not writable.
18519        let mut w = pipe.server.writable();
18520        assert_eq!(w.len(), 9);
18521        assert!(!w.any(|s| s == 0));
18522    }
18523
18524    #[rstest]
18525    fn challenge_no_cids(
18526        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18527    ) {
18528        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18529        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18530        config
18531            .load_cert_chain_from_pem_file("examples/cert.crt")
18532            .unwrap();
18533        config
18534            .load_priv_key_from_pem_file("examples/cert.key")
18535            .unwrap();
18536        config
18537            .set_application_protos(&[b"proto1", b"proto2"])
18538            .unwrap();
18539        config.verify_peer(false);
18540        config.set_active_connection_id_limit(4);
18541        config.set_initial_max_data(30);
18542        config.set_initial_max_stream_data_bidi_local(15);
18543        config.set_initial_max_stream_data_bidi_remote(15);
18544        config.set_initial_max_stream_data_uni(10);
18545        config.set_initial_max_streams_bidi(3);
18546
18547        let mut pipe =
18548            testing::Pipe::with_config_and_scid_lengths(&mut config, 16, 16)
18549                .unwrap();
18550        assert_eq!(pipe.handshake(), Ok(()));
18551
18552        // Server send CIDs to client
18553        let mut server_cids = Vec::new();
18554        for _ in 0..2 {
18555            let (cid, reset_token) = testing::create_cid_and_reset_token(16);
18556            pipe.server
18557                .new_scid(&cid, reset_token, true)
18558                .expect("server issue cid");
18559            server_cids.push(cid);
18560        }
18561        assert_eq!(pipe.advance(), Ok(()));
18562
18563        let server_addr = testing::Pipe::server_addr();
18564        let client_addr_2 = "127.0.0.1:5678".parse().unwrap();
18565
18566        // Client probes path before sending CIDs (simulating race condition)
18567        let frames = [frame::Frame::PathChallenge {
18568            data: [0, 1, 2, 3, 4, 5, 6, 7],
18569        }];
18570        let mut pkt_buf = [0u8; 1500];
18571        let mut b = octets::OctetsMut::with_slice(&mut pkt_buf);
18572        let epoch = packet::Type::Short.to_epoch().unwrap();
18573        let space = &mut pipe.client.pkt_num_spaces[epoch];
18574        let pn = pipe.client.next_pkt_num;
18575        let pn_len = 4;
18576
18577        let hdr = Header {
18578            ty: packet::Type::Short,
18579            version: pipe.client.version,
18580            dcid: server_cids[0].clone(),
18581            scid: ConnectionId::from_ref(&[5, 4, 3, 2, 1]),
18582            pkt_num: 0,
18583            pkt_num_len: pn_len,
18584            token: pipe.client.token.clone(),
18585            versions: None,
18586            key_phase: pipe.client.key_phase,
18587        };
18588        hdr.to_bytes(&mut b).expect("encode header");
18589        let payload_len = frames.iter().fold(0, |acc, x| acc + x.wire_len());
18590        b.put_u32(pn as u32).expect("put pn");
18591
18592        let payload_offset = b.off();
18593
18594        for frame in frames {
18595            frame.to_bytes(&mut b).expect("encode frames");
18596        }
18597
18598        let aead = space.crypto_seal.as_ref().expect("crypto seal");
18599
18600        let written = packet::encrypt_pkt(
18601            &mut b,
18602            pn,
18603            pn_len,
18604            payload_len,
18605            payload_offset,
18606            None,
18607            aead,
18608        )
18609        .expect("packet encrypt");
18610        pipe.client.next_pkt_num += 1;
18611
18612        pipe.server
18613            .recv(&mut pkt_buf[..written], RecvInfo {
18614                to: server_addr,
18615                from: client_addr_2,
18616            })
18617            .expect("server receive path challenge");
18618
18619        // Show that the new path is not considered a destination path by quiche
18620        assert!(!pipe
18621            .server
18622            .paths_iter(server_addr)
18623            .any(|path| path == client_addr_2));
18624    }
18625
18626    #[rstest]
18627    fn successful_probe_pmtud(
18628        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18629    ) {
18630        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18631        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18632        config
18633            .load_cert_chain_from_pem_file("examples/cert.crt")
18634            .unwrap();
18635        config
18636            .load_priv_key_from_pem_file("examples/cert.key")
18637            .unwrap();
18638        config
18639            .set_application_protos(&[b"proto1", b"proto2"])
18640            .unwrap();
18641        config.verify_peer(false);
18642        config.set_initial_max_data(100000);
18643        config.set_initial_max_stream_data_bidi_local(100000);
18644        config.set_initial_max_stream_data_bidi_remote(100000);
18645        config.set_initial_max_streams_bidi(2);
18646        config.set_active_connection_id_limit(4);
18647        config.set_max_send_udp_payload_size(1350);
18648        config.set_max_recv_udp_payload_size(1350);
18649        config.discover_pmtu(true);
18650
18651        // Perform initial handshake.
18652        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
18653        assert_eq!(pipe.handshake(), Ok(()));
18654
18655        let server_addr = testing::Pipe::server_addr();
18656        let client_addr = testing::Pipe::client_addr();
18657        let pid_1 = pipe
18658            .server
18659            .paths
18660            .path_id_from_addrs(&(server_addr, client_addr))
18661            .expect("no such path");
18662
18663        // Check that PMTU params are configured correctly
18664        let pmtu_param = &mut pipe.server.paths.get_mut(pid_1).unwrap().pmtud;
18665        assert!(pmtu_param.get_probe_status());
18666        assert_eq!(pmtu_param.get_probe_size(), 1350);
18667        assert_eq!(pipe.advance(), Ok(()));
18668
18669        for (_, p) in pipe.server.paths.iter_mut() {
18670            assert_eq!(p.pmtud.get_current(), 1350);
18671            assert!(!p.pmtud.get_probe_status());
18672        }
18673    }
18674
18675    #[rstest]
18676    fn pmtud_probe_loss(
18677        #[values("cubic", "bbr2", "bbr2_gcongestion")] cc_algorithm_name: &str,
18678    ) {
18679        let mut config = Config::new(crate::PROTOCOL_VERSION).unwrap();
18680        assert_eq!(config.set_cc_algorithm_name(cc_algorithm_name), Ok(()));
18681        config
18682            .load_cert_chain_from_pem_file("examples/cert.crt")
18683            .unwrap();
18684        config
18685            .load_priv_key_from_pem_file("examples/cert.key")
18686            .unwrap();
18687        config
18688            .set_application_protos(&[b"proto1", b"proto2"])
18689            .unwrap();
18690        config.verify_peer(false);
18691        config.set_initial_max_data(100000);
18692        config.set_initial_max_stream_data_bidi_local(100000);
18693        config.set_initial_max_stream_data_bidi_remote(100000);
18694        config.set_initial_max_streams_bidi(2);
18695        config.set_active_connection_id_limit(4);
18696        config.set_max_send_udp_payload_size(1350);
18697        config.set_max_recv_udp_payload_size(1250);
18698        config.discover_pmtu(true);
18699
18700        // Perform initial handshake.
18701        let mut pipe = testing::Pipe::with_config(&mut config).unwrap();
18702        assert_eq!(pipe.handshake(), Ok(()));
18703
18704        let server_addr = testing::Pipe::server_addr();
18705        let client_addr = testing::Pipe::client_addr();
18706        let pid_1 = pipe
18707            .server
18708            .paths
18709            .path_id_from_addrs(&(server_addr, client_addr))
18710            .expect("no such path");
18711
18712        // Check that PMTU params are configured correctly
18713        let pmtu_param = &mut pipe.server.paths.get_mut(pid_1).unwrap().pmtud;
18714        assert!(pmtu_param.get_probe_status());
18715        assert_eq!(pmtu_param.get_probe_size(), 1350);
18716        std::thread::sleep(
18717            pipe.server.paths.get_mut(pid_1).unwrap().recovery.rtt() +
18718                time::Duration::from_millis(1),
18719        );
18720
18721        let active_server_path = pipe.server.paths.get_active_mut().unwrap();
18722        let pmtu_param = &mut active_server_path.pmtud;
18723
18724        // PMTU not updated since probe is not ACKed
18725        assert_eq!(pmtu_param.get_current(), 1200);
18726
18727        // Continue searching for PMTU
18728        assert!(pmtu_param.get_probe_status());
18729    }
18730}
18731
18732pub use crate::packet::ConnectionId;
18733pub use crate::packet::Header;
18734pub use crate::packet::Type;
18735
18736pub use crate::path::PathEvent;
18737pub use crate::path::PathStats;
18738pub use crate::path::SocketAddrIter;
18739
18740pub use crate::recovery::BbrBwLoReductionStrategy;
18741pub use crate::recovery::BbrParams;
18742pub use crate::recovery::CongestionControlAlgorithm;
18743use crate::recovery::RecoveryOps;
18744
18745pub use crate::stream::StreamIter;
18746
18747pub use crate::range_buf::BufFactory;
18748pub use crate::range_buf::BufSplit;
18749
18750mod cid;
18751mod crypto;
18752mod dgram;
18753#[cfg(feature = "ffi")]
18754mod ffi;
18755mod flowcontrol;
18756mod frame;
18757pub mod h3;
18758mod minmax;
18759mod packet;
18760mod path;
18761mod pmtud;
18762mod rand;
18763mod range_buf;
18764mod ranges;
18765mod recovery;
18766mod stream;
18767mod tls;