s2n-quic-platform 0.16.0

Internal crate used by s2n-quic
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

use crate::message;

/// Trait which defines slice behavior on success and cancellation
pub trait Behavior {
    /// Advances the slice by count
    fn advance<Message: message::Message>(
        &self,
        primary: &mut [Message],
        secondary: &mut [Message],
        start: usize,
        end: usize,
        overflow: usize,
    );

    /// Returns `count` number of messages to their initial state
    fn cancel<Message: message::Message>(
        &self,
        primary: &mut [Message],
        secondary: &mut [Message],
        start: usize,
        end: usize,
        overflow: usize,
    );
}

/// Behavior for the Occupied Slice
///
/// After being successfully consumed an occupied message
/// should reset its payload_len to MTU.
///
/// Cancelling is a no-op.
#[derive(Debug)]
pub struct Occupied {
    pub(crate) mtu: usize,
}

impl Behavior for Occupied {
    fn advance<Message: message::Message>(
        &self,
        primary: &mut [Message],
        secondary: &mut [Message],
        start: usize,
        end: usize,
        overflow: usize,
    ) {
        reset(&mut primary[start..end], self.mtu);
        reset(&mut primary[..overflow], self.mtu);
        reset(&mut secondary[start..end], self.mtu);
        reset(&mut secondary[..overflow], self.mtu);
    }

    /// Cancelling an occupied message doesn't mutate any state
    fn cancel<Message: message::Message>(
        &self,
        _primary: &mut [Message],
        _secondary: &mut [Message],
        _start: usize,
        _end: usize,
        _overflow: usize,
    ) {
    }
}

/// Behavior of the Free Slice
///
/// After successfully writing to free messages, the fields need
/// to be replicated to their counterparts. This is to ensure all primary and
/// secondary messages are consistent.
///
/// Cancelling a slice of free messages will reset the messages to their
/// initial state, to ensure the full MTU can still be written.
#[derive(Debug)]
pub struct Free {
    pub(crate) mtu: usize,
}

impl Free {
    /// Replicates fields from one slice of Messages to another
    fn replicate<Message: message::Message>(&self, from: &mut [Message], to: &mut [Message]) {
        for (from_msg, to_msg) in from.iter_mut().zip(to.iter_mut()) {
            to_msg.replicate_fields_from(from_msg);
        }
    }
}

impl Behavior for Free {
    /// Replicates all of the fields that were modified to their counterpart
    fn advance<Message: message::Message>(
        &self,
        primary: &mut [Message],
        secondary: &mut [Message],
        start: usize,
        end: usize,
        overflow: usize,
    ) {
        self.replicate(&mut primary[start..end], &mut secondary[start..end]);
        self.replicate(&mut secondary[..overflow], &mut primary[..overflow]);
    }

    /// Cancelling a slice of free messages should reset to their initial state
    ///
    /// # Note
    /// Reset is called, instead of wipe, to reduce computational requirements.
    /// This assumes that no sensitive data has been written to the free slice,
    /// of if it has, the caller has manually wiped it. Otherwise, this will be
    /// wiping payloads that have already been wiped.
    ///
    /// If that assumption changes, this will need to be updated.
    fn cancel<Message: message::Message>(
        &self,
        primary: &mut [Message],
        secondary: &mut [Message],
        start: usize,
        end: usize,
        overflow: usize,
    ) {
        reset(&mut primary[start..end], self.mtu);
        reset(&mut primary[..overflow], self.mtu);
        reset(&mut secondary[start..end], self.mtu);
        reset(&mut secondary[..overflow], self.mtu);
    }
}

/// Resets all of the provided messages to an initial state
#[inline]
fn reset<Message: message::Message>(messages: &mut [Message], mtu: usize) {
    for message in messages {
        unsafe {
            // Safety: the payloads should always be allocated regions of MTU
            message.reset(mtu);
        }
    }
}