/* * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include #include "quictestlib.h" #include "../testutil.h" #define MSG_DATA_LEN_MAX 1472 #define SAMPLING_WINDOW_PERIOD 10 /* in milliseconds */ #define MAX_PKTS_PER_WINDOW 1024 struct pkt_info_st { size_t size; OSSL_TIME timestamp; }; struct bw_limiter_st { struct pkt_info_st pinfos[MAX_PKTS_PER_WINDOW]; /* ring buffer */ size_t start, num; /* ring buffer start and number of items */ size_t size_sum; /* sum of packet sizes in window */ size_t bw; /* bandwidth in bytes/ms */ }; struct noisy_dgram_st { uint64_t this_dgram; BIO_MSG msg; uint64_t reinject_dgram; int backoff; int noise_rate; /* 1 in noise_rate packets will get noise */ struct bw_limiter_st recv_limit, send_limit; OSSL_TIME (*now_cb)(void *arg); void *now_cb_arg; }; static long noisy_dgram_ctrl(BIO *bio, int cmd, long num, void *ptr) { long ret; BIO *next = BIO_next(bio); if (next == NULL) return 0; switch (cmd) { case BIO_CTRL_DUP: ret = 0L; break; case BIO_CTRL_NOISE_BACK_OFF: { struct noisy_dgram_st *data; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; data->backoff = 1; ret = 1; break; } case BIO_CTRL_NOISE_RATE: { struct noisy_dgram_st *data; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; data->noise_rate = (int)num; ret = 1; break; } case BIO_CTRL_NOISE_RECV_BANDWIDTH: { struct noisy_dgram_st *data; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; data->recv_limit.bw = (size_t)num; ret = 1; break; } case BIO_CTRL_NOISE_SEND_BANDWIDTH: { struct noisy_dgram_st *data; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; data->send_limit.bw = (size_t)num; ret = 1; break; } case BIO_CTRL_NOISE_SET_NOW_CB: { struct noisy_dgram_st *data; struct bio_noise_now_cb_st *now_cb = ptr; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; data->now_cb = now_cb->now_cb; data->now_cb_arg = now_cb->now_cb_arg; ret = 1; break; } default: ret = BIO_ctrl(next, cmd, num, ptr); break; } return ret; } static size_t bandwidth_limit(struct bw_limiter_st *limit, OSSL_TIME now, BIO_MSG *msg, size_t num_msg) { size_t i; OSSL_TIME sampling_start = ossl_time_subtract(now, ossl_ms2time(SAMPLING_WINDOW_PERIOD)); if (limit->bw == 0) /* 0 -> no limit */ return num_msg; if (num_msg > MAX_PKTS_PER_WINDOW) num_msg = MAX_PKTS_PER_WINDOW; /* trim the start of the ring buffer */ for (i = 0; i < limit->num; i++) { size_t idx = (limit->start + i) % MAX_PKTS_PER_WINDOW; if (ossl_time_compare(limit->pinfos[idx].timestamp, sampling_start) >= 0) break; limit->size_sum -= limit->pinfos[idx].size; } limit->start = (limit->start + i) % MAX_PKTS_PER_WINDOW; limit->num -= i; for (i = 0; i < num_msg; ++i) { size_t end; size_t pktsize = msg[i].data_len; if ((limit->size_sum + pktsize) / SAMPLING_WINDOW_PERIOD > limit->bw) { /* * Throw out all the packets once reaching the limit, * although some following packets could still fit. * This is accurate enough. */ #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**BW limit applied: now: %llu orig packets %u new packets %u\n", (unsigned long long)ossl_time2ms(now), (unsigned int)num_msg, (unsigned int) i); #endif num_msg = i; break; } if (limit->num >= MAX_PKTS_PER_WINDOW) { limit->size_sum -= limit->pinfos[limit->start].size; limit->start = (limit->start + 1) % MAX_PKTS_PER_WINDOW; } else { ++limit->num; } end = (limit->start + limit->num) % MAX_PKTS_PER_WINDOW; limit->pinfos[end].size = pktsize; limit->pinfos[end].timestamp = now; limit->size_sum += pktsize; } return num_msg; } static int noisy_dgram_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, size_t num_msg, uint64_t flags, size_t *msgs_processed) { BIO *next = BIO_next(bio); struct noisy_dgram_st *data; OSSL_TIME now; if (next == NULL) return 0; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; now = data->now_cb != NULL ? data->now_cb(data->now_cb_arg) : ossl_time_now(); /* bandwidth limit can be applied on both sides */ num_msg = bandwidth_limit(&data->send_limit, now, msg, num_msg); if (num_msg == 0) { *msgs_processed = 0; ERR_raise(ERR_LIB_BIO, BIO_R_NON_FATAL); return 0; } /* * We only introduce noise when receiving messages. We just pass this on * to the underlying BIO. */ return BIO_sendmmsg(next, msg, stride, num_msg, flags, msgs_processed); } /* Default noise_rate value. With a value of 5 that is 20% packets. */ #define NOISE_RATE 5 /* * We have 3 different types of noise: drop, duplicate and delay * Each of these have equal probability. */ #define NOISE_TYPE_DROP 0 #define NOISE_TYPE_DUPLICATE 1 #define NOISE_TYPE_DELAY 2 #define NOISE_TYPE_BITFLIPS 3 #define NUM_NOISE_TYPES 4 /* * When a duplicate occurs we reinject the new datagram after up to * MAX_DGRAM_REINJECT datagrams have been sent. A reinject of 1 means that the * duplicate follows immediately after the original datagram. A reinject of 4 * means that original datagram plus 3 other datagrams are sent before the * reinjected datagram is inserted. * This also controls when a delay (not a duplicate) occurs. In that case * we add 1 to the number because there is no point in skipping the current * datagram only to immediately reinject it in the next datagram. */ #define MAX_DGRAM_REINJECT 4 static void get_noise(int noise_rate, int long_header, uint64_t *reinject, int *should_drop, uint16_t *flip, size_t *flip_offset) { uint32_t type; *flip = 0; if (test_random() % noise_rate != 0) { *reinject = 0; *should_drop = 0; return; } type = test_random() % NUM_NOISE_TYPES; /* * Of noisy datagrams, 25% drop, 25% duplicate, 25% delay, 25% flip bits * A duplicated datagram keeps the current datagram and reinjects a new * identical one after up to MAX_DGRAM_DELAY datagrams have been sent. * A delayed datagram is implemented as both a reinject and a drop, i.e. an * identical datagram is reinjected after the given number of datagrams have * been sent and the current datagram is dropped. */ *should_drop = (type == NOISE_TYPE_DROP || type == NOISE_TYPE_DELAY); /* * Where a duplicate occurs we reinject the copy of the datagram up to * MAX_DGRAM_DELAY datagrams later */ *reinject = (type == NOISE_TYPE_DUPLICATE || type == NOISE_TYPE_DELAY) ? (uint64_t)((test_random() % MAX_DGRAM_REINJECT) + 1) : 0; /* * No point in reinjecting after 1 datagram if the current datagram is also * dropped (i.e. this is a delay not a duplicate), so we reinject after an * extra datagram in that case */ *reinject += type == NOISE_TYPE_DELAY; /* flip some bits in the header */ if (type == NOISE_TYPE_BITFLIPS) { /* we flip at most 8 bits of the 16 bit value at once */ *flip = (test_random() % 255 + 1) << (test_random() % 8); /* * 25/50 bytes of guesstimated header size (it depends on CID length) * It does not matter much if it is overestimated. */ *flip_offset = test_random() % (25 * (1 + long_header)); } } static void flip_bits(unsigned char *msg, size_t msg_len, uint16_t flip, size_t flip_offset) { if (flip == 0) return; /* None of these border conditions should happen but check them anyway */ if (msg_len < 2) return; if (msg_len < flip_offset + 2) flip_offset = msg_len - 2; #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Flipping bits in a datagram at offset %u\n", (unsigned int)flip_offset); BIO_dump_fp(stdout, msg, msg_len); printf("\n"); #endif msg[flip_offset] ^= flip >> 8; msg[flip_offset + 1] ^= flip & 0xff; } static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, size_t num_msg, uint64_t flags, size_t *msgs_processed) { BIO *next = BIO_next(bio); size_t i, j, data_len = 0, msg_cnt = 0; BIO_MSG *thismsg; struct noisy_dgram_st *data; OSSL_TIME now; if (!TEST_ptr(next)) return 0; data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; /* * For simplicity we assume that all elements in the msg array have the * same data_len. They are not required to by the API, but it would be quite * strange for that not to be the case - and our code that calls * BIO_recvmmsg does do this (which is all that is important for this test * code). We test the invariant here. */ for (i = 0; i < num_msg; i++) { if (i == 0) { data_len = msg[i].data_len; if (!TEST_size_t_le(data_len, MSG_DATA_LEN_MAX)) return 0; } else if (!TEST_size_t_eq(msg[i].data_len, data_len)) { return 0; } } if (!BIO_recvmmsg(next, msg, stride, num_msg, flags, msgs_processed)) return 0; #ifdef OSSL_NOISY_DGRAM_DEBUG printf("Pre-filter datagram list:\n"); for (i = 0; i < *msgs_processed; i++) { printf("Pre-filter Datagram:\n"); BIO_dump_fp(stdout, msg[i].data, msg[i].data_len); printf("\n"); } printf("End of pre-filter datagram list\nApplying noise filters:\n"); #endif now = data->now_cb != NULL ? data->now_cb(data->now_cb_arg) : ossl_time_now(); msg_cnt = *msgs_processed; msg_cnt = bandwidth_limit(&data->recv_limit, now, msg, msg_cnt); if (msg_cnt == 0) goto end; if (data->noise_rate == 0) goto end; /* Introduce noise */ for (i = 0, thismsg = msg; i < msg_cnt; i++, thismsg++, data->this_dgram++) { uint64_t reinject; int should_drop; uint16_t flip; size_t flip_offset; /* If we have a message to reinject then insert it now */ if (data->reinject_dgram > 0 && data->reinject_dgram == data->this_dgram) { if (msg_cnt < num_msg) { /* Make space for the injected message */ for (j = msg_cnt; j > i; j--) { if (!bio_msg_copy(&msg[j], &msg[j - 1])) return 0; } if (!bio_msg_copy(thismsg, &data->msg)) return 0; msg_cnt++; data->reinject_dgram = 0; #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Injecting a datagram\n"); BIO_dump_fp(stdout, thismsg->data, thismsg->data_len); printf("\n"); #endif continue; } /* else we have no space for the injection, so just drop it */ data->reinject_dgram = 0; } get_noise(data->noise_rate, /* long header */ (((uint8_t *)thismsg->data)[0] & 0x80) != 0, &reinject, &should_drop, &flip, &flip_offset); if (data->backoff) { /* * We might be asked to back off on introducing too much noise if * there is a danger that the connection will fail. In that case * we always ensure that the next datagram does not get dropped so * that the connection always survives. After that we can resume * with normal noise */ #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Back off applied\n"); #endif should_drop = 0; flip = 0; data->backoff = 0; } flip_bits(thismsg->data, thismsg->data_len, flip, flip_offset); /* * We ignore reinjection if a message is already waiting to be * reinjected */ if (reinject > 0 && data->reinject_dgram == 0) { /* * Both duplicated and delayed datagrams get reintroduced after the * delay period. Datagrams that are delayed only (not duplicated) * will also have the current copy of the datagram dropped (i.e * should_drop below will be true). */ if (!bio_msg_copy(&data->msg, thismsg)) return 0; data->reinject_dgram = data->this_dgram + reinject; #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Scheduling a reinject after %u messages%s\n", (unsigned int)reinject, should_drop ? "" : "(duplicating)"); BIO_dump_fp(stdout, thismsg->data, thismsg->data_len); printf("\n"); #endif } if (should_drop) { #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Dropping a datagram\n"); BIO_dump_fp(stdout, thismsg->data, thismsg->data_len); printf("\n"); #endif for (j = i + 1; j < msg_cnt; j++) { if (!bio_msg_copy(&msg[j - 1], &msg[j])) return 0; } msg_cnt--; } } #ifdef OSSL_NOISY_DGRAM_DEBUG printf("End of noise filters\nPost-filter datagram list:\n"); for (i = 0; i < msg_cnt; i++) { printf("Post-filter Datagram:\n"); BIO_dump_fp(stdout, msg[i].data, msg[i].data_len); printf("\n"); } printf("End of post-filter datagram list\n"); #endif end: *msgs_processed = msg_cnt; if (msg_cnt == 0) { ERR_raise(ERR_LIB_BIO, BIO_R_NON_FATAL); return 0; } return 1; } static void data_free(struct noisy_dgram_st *data) { if (data == NULL) return; OPENSSL_free(data->msg.data); BIO_ADDR_free(data->msg.peer); BIO_ADDR_free(data->msg.local); OPENSSL_free(data); } static int noisy_dgram_new(BIO *bio) { struct noisy_dgram_st *data = OPENSSL_zalloc(sizeof(*data)); if (!TEST_ptr(data)) return 0; data->noise_rate = NOISE_RATE; data->msg.data = OPENSSL_malloc(MSG_DATA_LEN_MAX); data->msg.peer = BIO_ADDR_new(); data->msg.local = BIO_ADDR_new(); if (data->msg.data == NULL || data->msg.peer == NULL || data->msg.local == NULL) { data_free(data); return 0; } BIO_set_data(bio, data); BIO_set_init(bio, 1); return 1; } static int noisy_dgram_free(BIO *bio) { data_free(BIO_get_data(bio)); BIO_set_data(bio, NULL); BIO_set_init(bio, 0); return 1; } /* Choose a sufficiently large type likely to be unused for this custom BIO */ #define BIO_TYPE_NOISY_DGRAM_FILTER (0x80 | BIO_TYPE_FILTER) static BIO_METHOD *method_noisy_dgram = NULL; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_noisy_dgram_filter(void) { if (method_noisy_dgram == NULL) { method_noisy_dgram = BIO_meth_new(BIO_TYPE_NOISY_DGRAM_FILTER, "Noisy datagram filter"); if (method_noisy_dgram == NULL || !BIO_meth_set_ctrl(method_noisy_dgram, noisy_dgram_ctrl) || !BIO_meth_set_sendmmsg(method_noisy_dgram, noisy_dgram_sendmmsg) || !BIO_meth_set_recvmmsg(method_noisy_dgram, noisy_dgram_recvmmsg) || !BIO_meth_set_create(method_noisy_dgram, noisy_dgram_new) || !BIO_meth_set_destroy(method_noisy_dgram, noisy_dgram_free)) return NULL; } return method_noisy_dgram; } void bio_f_noisy_dgram_filter_free(void) { BIO_meth_free(method_noisy_dgram); }