From ce76b326725ab01dd278d5f6291228219fc77683 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Tue, 29 Oct 2024 09:49:26 +0000 Subject: [PATCH 1/2] Make TLS link listener accept connections concurrently --- Cargo.lock | 160 ++++++++++++++++++- Cargo.toml | 1 + io/zenoh-links/zenoh-link-tls/Cargo.toml | 1 + io/zenoh-links/zenoh-link-tls/src/unicast.rs | 39 +---- 4 files changed, 167 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 94542bf638..7b3d2d6b46 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -520,6 +520,33 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +[[package]] +name = "aws-lc-rs" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd82dba44d209fddb11c190e0a94b78651f95299598e472215667417a03ff1d" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df7a4168111d7eb622a31b214057b8509c0a7e1794f44c546d742330dc793972" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + [[package]] name = "backtrace" version = "0.3.74" @@ -580,6 +607,29 @@ dependencies = [ "serde", ] +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools 0.10.5", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.77", + "which 4.4.2", +] + [[package]] name = "bit-set" version = "0.5.3" @@ -715,6 +765,8 @@ version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45bcde016d64c21da4be18b655631e5ab6d3107607e71a73a9f53eb48aae23fb" dependencies = [ + "jobserver", + "libc", "shlex", ] @@ -724,6 +776,15 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "0.1.10" @@ -809,6 +870,17 @@ dependencies = [ "inout", ] +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + [[package]] name = "clap" version = "4.5.17" @@ -849,6 +921,15 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" +[[package]] +name = "cmake" +version = "0.1.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb1e43aa7fd152b1f968787f7dbcdeb306d1867ff373c69955211876c053f91a" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -1206,6 +1287,12 @@ dependencies = [ "syn 2.0.77", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "dyn-clone" version = "1.0.17" @@ -1402,6 +1489,12 @@ dependencies = [ "num", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futures" version = "0.3.30" @@ -1589,6 +1682,12 @@ dependencies = [ "syn 2.0.77", ] +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + [[package]] name = "gloo-timers" version = "0.3.0" @@ -1995,6 +2094,15 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" +[[package]] +name = "jobserver" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +dependencies = [ + "libc", +] + [[package]] name = "js-sys" version = "0.3.70" @@ -2079,6 +2187,12 @@ dependencies = [ "spin", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "leb128" version = "0.2.5" @@ -2286,6 +2400,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + [[package]] name = "multimap" version = "0.10.0" @@ -3105,7 +3225,7 @@ dependencies = [ "pin-project-lite 0.2.14", "quinn-proto", "quinn-udp", - "rustc-hash", + "rustc-hash 2.0.0", "rustls", "socket2 0.5.7", "thiserror", @@ -3122,7 +3242,7 @@ dependencies = [ "bytes", "rand 0.8.5", "ring", - "rustc-hash", + "rustc-hash 2.0.0", "rustls", "rustls-platform-verifier", "slab", @@ -3425,6 +3545,12 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustc-hash" version = "2.0.0" @@ -3491,6 +3617,7 @@ version = "0.23.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring", @@ -3562,6 +3689,7 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -4414,6 +4542,19 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls-listener" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83a296135fdab7b3a1f708c338c50bab570bcd77d44080cde9341df45c0c6d73" +dependencies = [ + "futures-util", + "pin-project-lite 0.2.14", + "thiserror", + "tokio", + "tokio-rustls", +] + [[package]] name = "token-cell" version = "1.5.0" @@ -5100,6 +5241,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix 0.38.37", +] + [[package]] name = "which" version = "6.0.3" @@ -5571,7 +5724,7 @@ dependencies = [ "rand 0.8.5", "serde_json", "tokio", - "which", + "which 6.0.3", "zenoh", "zenoh-ext", ] @@ -5732,6 +5885,7 @@ dependencies = [ "rustls-webpki", "secrecy", "socket2 0.5.7", + "tls-listener", "tokio", "tokio-rustls", "tokio-util", diff --git a/Cargo.toml b/Cargo.toml index eef6f1ef44..75ae4521f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -190,6 +190,7 @@ x509-parser = "0.16.0" z-serial = "0.2.3" either = "1.13.0" prost = "0.13.2" +tls-listener = { version = "0.10.1", features = ["rustls"] } zenoh-ext = { version = "1.0.0-dev", path = "zenoh-ext" } zenoh-shm = { version = "1.0.0-dev", path = "commons/zenoh-shm" } zenoh-result = { version = "1.0.0-dev", path = "commons/zenoh-result", default-features = false } diff --git a/io/zenoh-links/zenoh-link-tls/Cargo.toml b/io/zenoh-links/zenoh-link-tls/Cargo.toml index 5bd45a4463..5fc8d3ad69 100644 --- a/io/zenoh-links/zenoh-link-tls/Cargo.toml +++ b/io/zenoh-links/zenoh-link-tls/Cargo.toml @@ -39,6 +39,7 @@ tokio-util = { workspace = true, features = ["rt"] } tracing = { workspace = true } x509-parser = { workspace = true } webpki-roots = { workspace = true } +tls-listener = { workspace = true } zenoh-config = { workspace = true } zenoh-core = { workspace = true } zenoh-link-commons = { workspace = true, features = ["tls"] } diff --git a/io/zenoh-links/zenoh-link-tls/src/unicast.rs b/io/zenoh-links/zenoh-link-tls/src/unicast.rs index 60eb47b323..3654e7800f 100644 --- a/io/zenoh-links/zenoh-link-tls/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-tls/src/unicast.rs @@ -417,26 +417,25 @@ async fn accept_task( manager: NewLinkChannelSender, tls_handshake_timeout: Duration, ) -> ZResult<()> { - async fn accept(socket: &TcpListener) -> ZResult<(TcpStream, SocketAddr)> { - let res = socket.accept().await.map_err(|e| zerror!(e))?; - Ok(res) - } - let src_addr = socket.local_addr().map_err(|e| { let e = zerror!("Can not accept TLS connections: {}", e); tracing::warn!("{}", e); e })?; + let mut listener = tls_listener::builder(acceptor) + .handshake_timeout(tls_handshake_timeout) + .listen(socket); + tracing::trace!("Ready to accept TLS connections on: {:?}", src_addr); loop { tokio::select! { _ = token.cancelled() => break, - res = accept(&socket) => { + res = listener.accept() => { match res { - Ok((tcp_stream, dst_addr)) => { - // Get the right source address in case an unsepecified IP (i.e. 0.0.0.0 or [::]) is used + Ok((tls_stream, dst_addr)) => { + let (tcp_stream, tls_conn) = tls_stream.get_ref(); let src_addr = match tcp_stream.local_addr() { Ok(sa) => sa, Err(e) => { @@ -444,34 +443,12 @@ async fn accept_task( continue; } }; - - // Accept the TLS connection - let tls_stream = match tokio::time::timeout( - tls_handshake_timeout, - acceptor.accept(tcp_stream), - ) - .await - { - Ok(Ok(stream)) => TlsStream::Server(stream), - Err(e) => { - tracing::warn!("TLS handshake timed out: {e}"); - continue; - } - Ok(Err(e)) => { - let e = format!("Can not accept TLS connection: {e}"); - tracing::warn!("{}", e); - continue; - } - }; - - // Get TLS auth identifier - let (_, tls_conn) = tls_stream.get_ref(); let auth_identifier = get_client_cert_common_name(tls_conn)?; tracing::debug!("Accepted TLS connection on {:?}: {:?}", src_addr, dst_addr); // Create the new link object let link = Arc::new(LinkUnicastTls::new( - tls_stream, + tokio_rustls::TlsStream::Server(tls_stream), src_addr, dst_addr, auth_identifier.into(), From 5a29c0fe776f2d5b5eb90e5a1836fd88f74b6428 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Thu, 31 Oct 2024 08:03:25 +0000 Subject: [PATCH 2/2] Use `tls-listener@0.10.2` --- Cargo.lock | 150 ++--------------------------------------------------- Cargo.toml | 2 +- 2 files changed, 6 insertions(+), 146 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7b3d2d6b46..3fec7718ce 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -520,33 +520,6 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" -[[package]] -name = "aws-lc-rs" -version = "1.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdd82dba44d209fddb11c190e0a94b78651f95299598e472215667417a03ff1d" -dependencies = [ - "aws-lc-sys", - "mirai-annotations", - "paste", - "zeroize", -] - -[[package]] -name = "aws-lc-sys" -version = "0.22.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df7a4168111d7eb622a31b214057b8509c0a7e1794f44c546d742330dc793972" -dependencies = [ - "bindgen", - "cc", - "cmake", - "dunce", - "fs_extra", - "libc", - "paste", -] - [[package]] name = "backtrace" version = "0.3.74" @@ -607,29 +580,6 @@ dependencies = [ "serde", ] -[[package]] -name = "bindgen" -version = "0.69.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" -dependencies = [ - "bitflags 2.6.0", - "cexpr", - "clang-sys", - "itertools 0.10.5", - "lazy_static", - "lazycell", - "log", - "prettyplease", - "proc-macro2", - "quote", - "regex", - "rustc-hash 1.1.0", - "shlex", - "syn 2.0.77", - "which 4.4.2", -] - [[package]] name = "bit-set" version = "0.5.3" @@ -765,8 +715,6 @@ version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45bcde016d64c21da4be18b655631e5ab6d3107607e71a73a9f53eb48aae23fb" dependencies = [ - "jobserver", - "libc", "shlex", ] @@ -776,15 +724,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] - [[package]] name = "cfg-if" version = "0.1.10" @@ -870,17 +809,6 @@ dependencies = [ "inout", ] -[[package]] -name = "clang-sys" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" -dependencies = [ - "glob", - "libc", - "libloading", -] - [[package]] name = "clap" version = "4.5.17" @@ -921,15 +849,6 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" -[[package]] -name = "cmake" -version = "0.1.51" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb1e43aa7fd152b1f968787f7dbcdeb306d1867ff373c69955211876c053f91a" -dependencies = [ - "cc", -] - [[package]] name = "cobs" version = "0.2.3" @@ -1287,12 +1206,6 @@ dependencies = [ "syn 2.0.77", ] -[[package]] -name = "dunce" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" - [[package]] name = "dyn-clone" version = "1.0.17" @@ -1489,12 +1402,6 @@ dependencies = [ "num", ] -[[package]] -name = "fs_extra" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" - [[package]] name = "futures" version = "0.3.30" @@ -1682,12 +1589,6 @@ dependencies = [ "syn 2.0.77", ] -[[package]] -name = "glob" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" - [[package]] name = "gloo-timers" version = "0.3.0" @@ -2094,15 +1995,6 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" -[[package]] -name = "jobserver" -version = "0.1.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" -dependencies = [ - "libc", -] - [[package]] name = "js-sys" version = "0.3.70" @@ -2187,12 +2079,6 @@ dependencies = [ "spin", ] -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" - [[package]] name = "leb128" version = "0.2.5" @@ -2400,12 +2286,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "mirai-annotations" -version = "1.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" - [[package]] name = "multimap" version = "0.10.0" @@ -3225,7 +3105,7 @@ dependencies = [ "pin-project-lite 0.2.14", "quinn-proto", "quinn-udp", - "rustc-hash 2.0.0", + "rustc-hash", "rustls", "socket2 0.5.7", "thiserror", @@ -3242,7 +3122,7 @@ dependencies = [ "bytes", "rand 0.8.5", "ring", - "rustc-hash 2.0.0", + "rustc-hash", "rustls", "rustls-platform-verifier", "slab", @@ -3545,12 +3425,6 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" -[[package]] -name = "rustc-hash" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" - [[package]] name = "rustc-hash" version = "2.0.0" @@ -3617,7 +3491,6 @@ version = "0.23.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8" dependencies = [ - "aws-lc-rs", "log", "once_cell", "ring", @@ -3689,7 +3562,6 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -4544,9 +4416,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tls-listener" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83a296135fdab7b3a1f708c338c50bab570bcd77d44080cde9341df45c0c6d73" +checksum = "0f1d8809f604e448c7bc53a5a0e4c2a0a20ba44cb1fb407314c8eeccb92127f9" dependencies = [ "futures-util", "pin-project-lite 0.2.14", @@ -5241,18 +5113,6 @@ dependencies = [ "rustls-pki-types", ] -[[package]] -name = "which" -version = "4.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" -dependencies = [ - "either", - "home", - "once_cell", - "rustix 0.38.37", -] - [[package]] name = "which" version = "6.0.3" @@ -5724,7 +5584,7 @@ dependencies = [ "rand 0.8.5", "serde_json", "tokio", - "which 6.0.3", + "which", "zenoh", "zenoh-ext", ] diff --git a/Cargo.toml b/Cargo.toml index 75ae4521f7..721d1bced1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -190,7 +190,7 @@ x509-parser = "0.16.0" z-serial = "0.2.3" either = "1.13.0" prost = "0.13.2" -tls-listener = { version = "0.10.1", features = ["rustls"] } +tls-listener = { version = "0.10.2", features = ["rustls-ring"] } zenoh-ext = { version = "1.0.0-dev", path = "zenoh-ext" } zenoh-shm = { version = "1.0.0-dev", path = "commons/zenoh-shm" } zenoh-result = { version = "1.0.0-dev", path = "commons/zenoh-result", default-features = false }