Secure tunnel with Multiplexing #78
Conversation
…connection complete
| struct aws_byte_buf payload; | ||
| enum aws_secure_tunnel_protocol_buffer_wire_type { | ||
| AWS_SECURE_TUNNEL_PBWT_VARINT = 0, /* int32, int64, uint32, uint64, sint32, sint64, bool, enum */ | ||
| AWS_SECURE_TUNNEL_PBWT_64_BIT = 1, /* fixed64, sfixed64, double */ |
There was a problem hiding this comment.
If these are all floating point, I'd make that part of the name
There was a problem hiding this comment.
The way protocol buffers work, type 1 and type 5 refer to the size of what comes next and we handle casting those bits as one of the types in the comment. They're not always doubles/floats and can also be ints and uints. I think we should leave them as is but don't feel strongly about it and am open to naming them something else if you do.
FWIW, we also don't use either in our encoding/decoding for secure tunnel.
There was a problem hiding this comment.
I feel like our implementation should not care about protocol buffers in any way. It's... frustrating that someone is defining an abstract network wire protocol in terms of a specific technology.
| AWS_SECURE_TUNNEL_PBWT_LENGTH_DELIMINTED = 2, /* string, bytes, embedded messages, packed repeated fields */ | ||
| AWS_SECURE_TUNNEL_PBWT_START_GROUP = 3, /* groups (deprecated) */ | ||
| AWS_SECURE_TUNNEL_PBWT_END_GROUP = 4, /* groups (deprecated) */ | ||
| AWS_SECURE_TUNNEL_PBWT_32_BIT = 5, /* fixed32, sfixed32, float */ |
There was a problem hiding this comment.
If these are all floating point, I'd make that part of the name
source/secure_tunneling_operations.c
Outdated
| stream_id = secure_tunnel->config->service_id_3_stream_id; | ||
| } else { | ||
| /* service_id doesn't match any existing service id*/ | ||
| AWS_LOGF_DEBUG( |
There was a problem hiding this comment.
Should this be a fatal protocol error?
There was a problem hiding this comment.
Tricky. It's possible the user uses a service id that isn't one the current secure tunnel supports. The protocol/specs for secure tunnel doesn't explicitly say anything about what to do in this scenario so I'm just letting it slide with a debug message. I could maybe swap it to a Warn level message instead of Debug.
| * Check the outbound stream start service id (or lack of one for V1) and set the secure tunnel and stream start | ||
| * message's stream id to the next value. | ||
| */ | ||
| static int s_aws_secure_tunnel_operation_message_set_next_stream_id( |
There was a problem hiding this comment.
Comments above apply to this function too.
Also, I just don't understand the semantics of this function. It takes a service id (as specified in a message) and then uses a different, larger stream id (written back into that message) than what is assigned to that service id. Larger context of why this is happening would be helpful.
There was a problem hiding this comment.
The Destination device connects, receives service ids (multiplexing) from the service, and each of the (up to 3) service id's stream ids are set to 0 (unused).
When a Source device connects on the other end of the tunnel, it starts a stream by sending a service id along with whatever number they want as the stream id.
When the function above (s_aws_secure_tunnel_operation_message_set_stream_id) receives a stream start message, it checks against the service ids, and sets that service id's stream id to the received one from the stream start.
This function here (s_aws_secure_tunnel_operation_message_set_next_stream_id ) is only called from Source mode sending a Stream Start message and it gets the next stream id to use and sets a its own stream id to the same one so it can send messages and receive messages on the right stream id.
| AWS_IOTDEVICE_API | ||
| const struct aws_secure_tunnel_options *aws_secure_tunnel_options_storage_get( | ||
| const struct aws_secure_tunnel_options_storage *storage); | ||
| int aws_secure_tunnel_stream_start( |
There was a problem hiding this comment.
Can this be replaced by a start followed by a send_message?
Can these functions marked don't-use be moved to a private header? Private header APIs are accessible from tests.
There was a problem hiding this comment.
Stream Start is a specific operation that's processed differently than a message. It obtains the stream id differently and I'm assuming this will need to be expanded further for V3.
I thought about moving them to a private header but we still need to support this in a way that prevents breaking existing use in CPP because it was exposed. This one feels like a gray area in terms of how we want to handle it but for now, I'll leave it here since it needs to be accessible by the CPP client.
| case AWS_STOT_STREAM_START: | ||
| if ((*current_operation->vtable->aws_secure_tunnel_operation_set_next_stream_id_fn)( | ||
| current_operation, secure_tunnel)) { | ||
| error_code = aws_last_error(); |
There was a problem hiding this comment.
Same here, it's hard to conceive of a sane protocol that continues under invariant breakage (or what should be an invariant)
|
|
||
| if ((*current_operation->vtable->aws_secure_tunnel_operation_assign_stream_id_fn)( | ||
| current_operation, secure_tunnel)) { | ||
| error_code = aws_last_error(); |
There was a problem hiding this comment.
Same here, it's hard to conceive of a sane protocol that continues under invariant breakage (or what should be an invariant)
| break; | ||
| } | ||
|
|
||
| s_complete_operation(secure_tunnel, current_operation, AWS_OP_SUCCESS, NULL); |
There was a problem hiding this comment.
This seems weird. We're guaranteed to fully flush an application data message?
Actually I think I understand now. In mqtt5 we're using raw channel messages of a fixed size. Here we're sending var-length websocket frames and the websocket impl is responsible for breaking up into channel messages.
Secure Tunnel full refactor and Multiplexing integration
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.