forked from facebook/wdt
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathWdtSocket.h
263 lines (201 loc) · 8.24 KB
/
WdtSocket.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
#pragma once
#include <sys/socket.h>
#include <wdt/ErrorCodes.h>
#include <wdt/Protocol.h>
#include <wdt/util/CommonImpl.h>
#include <wdt/util/EncryptionUtils.h>
#include <memory>
namespace facebook {
namespace wdt {
using Func = std::function<void()>;
/// base socket class
/// Do not read/write more than 2Gb at a time (int sizes)
/// This is ok because you don't want internal blocks bigger than a few
/// Mbytes anyway.
class WdtSocket {
public:
WdtSocket(ThreadCtx &threadCtx, int port,
const EncryptionParams &encryptionParams, int64_t ivChangeInterval,
Func &&tagVerificationSuccessCallback);
// making the object non-copyable and non-movable
WdtSocket(const WdtSocket &stats) = delete;
WdtSocket &operator=(const WdtSocket &stats) = delete;
WdtSocket(WdtSocket &&stats) = delete;
WdtSocket &operator=(WdtSocket &&stats) = delete;
/// tries to read nbyte data and periodically checks for abort
int read(char *buf, int nbyte, bool tryFull = true);
/// tries to read nbyte data with a specific and periodically checks for abort
int readWithTimeout(char *buf, int nbyte, int timeoutMs, bool tryFull = true);
/// tries to write nbyte data and periodically checks for abort, if retry is
/// true, socket tries to write as long as it makes some progress within a
/// write timeout
int write(char *buf, int nbyte, bool retry = false);
/// writes the tag/mac (for gcm) and shuts down the write half of the
/// underlying socket
ErrorCode shutdownWrites();
/// expect logical and physical end of stream: read the tag and finialize
ErrorCode expectEndOfStream();
/**
* Normal closing of the current connection.
* may return ENCRYPTION_ERROR if the stream is corrupt (gcm mode)
*/
ErrorCode closeConnection();
/**
* Close unexpectedly (will not read/write the checksum).
* This api is to be avoided/elminated.
*/
void closeNoCheck();
/// @return current fd
int getFd() const;
void setFd(int fd);
/// @return port
int getPort() const;
void setPort(int port);
/// @return current encryption type
EncryptionType getEncryptionType() const;
/// @return possible non-retryable error
ErrorCode getNonRetryableErrCode() const;
/// @return read error code
ErrorCode getReadErrCode() const;
/// @return write error code
ErrorCode getWriteErrCode() const;
/// @return tcp receive buffer size
int getReceiveBufferSize() const;
/// @return tcp send buffer size
int getSendBufferSize() const;
/// @return number of unacked bytes in send buffer, returns -1 in case it
/// fails to get unacked bytes for this socket
int getUnackedBytes() const;
int64_t getNumRead() const {
return totalRead_;
}
int64_t getNumWritten() const {
return totalWritten_;
}
void disableIvChange() {
WLOG(INFO) << "Disabling periodic encryption iv change";
ivChangeInterval_ = 0;
}
/// sets read and write timeouts for the socket
void setSocketTimeouts();
// manipulates DSCP Bits
void setDscp(int dscp);
ThreadCtx& getThreadCtx() {
return threadCtx_;
}
void enableUnencryptedPeerSupport() {
supportUnencryptedPeer_ = true;
}
/**
* Returns ip and port for a socket address
*
* @param sa socket address
* @param salen socket address length
* @param host this is set to host name
* @param port this is set to port
*
* @return whether getnameinfo was successful or not
*/
static bool getNameInfo(const struct sockaddr *sa, socklen_t salen,
std::string &host, std::string &port);
virtual ~WdtSocket();
private:
void resetEncryptor();
void resetDecryptor();
/// computes effective timeout depending on the network timeout and abort
/// check interval
int getEffectiveTimeout(int networkTimeout);
/// @see ioWithAbortCheck
int64_t readWithAbortCheck(char *buf, int64_t nbyte, int timeoutMs,
bool tryFull);
/// @see ioWithAbortCheck
int64_t writeWithAbortCheck(const char *buf, int64_t nbyte, int timeoutMs,
bool tryFull);
/**
* Tries to read/write numBytes amount of data from fd. Also, checks for abort
* after every read/write call. Also, retries till the input timeout.
* Optionally, returns after first successful read/write call.
*
* @param readOrWrite read/write
* @param fd socket file descriptor
* @param tbuf buffer
* @param numBytes number of bytes to read/write
* @param abortChecker abort checker callback
* @param timeoutMs timeout in milliseconds
* @param tryFull if true, this function tries to read complete data.
* Otherwise, this function returns after the first
* successful read/write. This is set to false for
* receiver pipelining.
*
* @return in case of success number of bytes read/written, else
* returns -1
*/
template <typename F, typename T>
int64_t ioWithAbortCheck(F readOrWrite, T tbuf, int64_t numBytes,
int timeoutMs, bool tryFull);
// computes next tag offset
int computeNextTagOffset(int64_t totalProcessed, int64_t tagInterval);
// reads from socket and decrypts. Does not understand tag verification
int readAndDecrypt(char *buf, int nbyte, int timeoutMs, bool tryFull);
// reads from socket, decrypts and verifies tag. If the read contains a tag,
// first, we read till the tag and decrypt. Then, the tag(plain-text) is read
// and verified. After that remaining bytes are read.
// This method expects one tag contained in the read. So, nbyte must be
// less than readTagInterval_
int readAndDecryptWithTag(char *buf, int nbyte, int timeoutMs, bool tryFull);
// reads encryption tag. Returns empty string in case of failure.
std::string readEncryptionTag();
// checks whether decryption iv has changed or not. If yes, it reads the new
// iv
bool checkAndChangeDecryptionIv(const std::string &tag);
// reads from socket. Does not understand encryption
int readInternal(char *buf, int nbyte, int timeoutMs, bool tryFull);
// encrypts and writes. Does not understand encryption tag
int encryptAndWrite(char *buf, int nbyte, int timeoutMs, bool retry);
// encrypts, writes and also adds tag if necessary.
// This method expects one tag contained in the write. So, nbyte must be less
// than writeTagInterval_
int encryptAndWriteWithTag(char *buf, int nbyte, int timeoutMs, bool retry);
// writes encryption tag. Returns status
bool writeEncryptionTag();
// checks whether encryption iv needs to change, and if yes, changes it. This
// also sends the new iv
bool checkAndChangeEncryptionIv();
// writes to socket. Does not understand encryption
int writeInternal(const char *buf, int nbyte, int timeoutMs, bool retry);
void readEncryptionSettingsOnce(int timeoutMs);
void writeEncryptionSettingsOnce();
/// If doTagIOs is false will not try to read/write the final encryption tag
virtual ErrorCode closeConnectionInternal(bool doTagIOs);
ErrorCode finalizeWrites(bool doTagIOs);
ErrorCode finalizeReads(bool doTagIOs);
int port_{-1};
int fd_{-1};
ThreadCtx &threadCtx_;
EncryptionParams encryptionParams_;
int64_t ivChangeInterval_{0};
Func tagVerificationSuccessCallback_{nullptr};
bool encryptionSettingsWritten_{false};
bool encryptionSettingsRead_{false};
std::unique_ptr<AESEncryptor> encryptor_;
std::unique_ptr<AESDecryptor> decryptor_;
/// buffer used to encrypt/decrypt
char buf_[Protocol::kEncryptionCmdLen];
int32_t readTagInterval_{0};
int32_t writeTagInterval_{0};
int64_t totalRead_{0};
int64_t totalWritten_{0};
/// If this is true, then if we get a cmd other than encryption cmd from the
/// peer, we expect the other side to not be encryption aware. We turn off
/// encryption in that case
bool supportUnencryptedPeer_{false};
// need two error codes because a socket does bi-directional communication
ErrorCode readErrorCode_{OK};
ErrorCode writeErrorCode_{OK};
/// Have we already completed encryption and wrote the tag
bool writesFinalized_{false};
/// Have we already read the tag and completed decryption
bool readsFinalized_{false};
};
}
}