microsoft · nibanks · Apr 18, 2025 · Apr 17, 2025 · Apr 18, 2025 · Apr 18, 2025
@@ -479,9 +479,8 @@ PerfClientConnection::~PerfClientConnection() {
 void
 PerfClientConnection::Initialize() {
     if (Client.UseTCP) {
-        auto CredConfig = MsQuicCredentialConfig(QUIC_CREDENTIAL_FLAG_CLIENT | QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION);
         TcpConn = // TODO: replace new/delete with pool alloc/free
-            new (std::nothrow) TcpConnection(Client.Engine.get(), &CredConfig, this);
+            new (std::nothrow) TcpConnection(Client.Engine.get(), &Client.TcpConfig, this);
         if (!TcpConn->IsInitialized()) {
             Worker.ConnectionPool.Free(this);
             return;

@@ -152,6 +152,10 @@ struct PerfClient {
     PerfClientWorker Workers[PERF_MAX_THREAD_COUNT];
 
     UniquePtr<TcpEngine> Engine;
+    MsQuicCredentialConfig CredentialConfig {
+        QUIC_CREDENTIAL_FLAG_CLIENT |
+        QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION};
+    TcpConfiguration TcpConfig {&CredentialConfig};
     MsQuicRegistration Registration {
         "perf-client",
         PerfDefaultExecutionProfile,
@@ -166,9 +170,7 @@ struct PerfClient {
             .SetCongestionControlAlgorithm(PerfDefaultCongestionControl)
             .SetEcnEnabled(PerfDefaultEcnEnabled)
             .SetEncryptionOffloadAllowed(PerfDefaultQeoAllowed),
-        MsQuicCredentialConfig(
-            QUIC_CREDENTIAL_FLAG_CLIENT |
-            QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION)};
+        CredentialConfig};
     // Target parameters
     UniquePtr<char[]> Target;
     QUIC_ADDRESS_FAMILY TargetFamily {QUIC_ADDRESS_FAMILY_UNSPEC};

@@ -58,7 +58,8 @@ class PerfServer {
 public:
     PerfServer(const QUIC_CREDENTIAL_CONFIG* CredConfig) :
         Engine(TcpAcceptCallback, TcpConnectCallback, TcpReceiveCallback, TcpSendCompleteCallback, TcpDefaultExecutionProfile),
-        Server(&Engine, CredConfig, this) {
+        TcpConfig(CredConfig),
+        Server(&Engine, &TcpConfig, this) {
         CxPlatZeroMemory(&LocalAddr, sizeof(LocalAddr));
         QuicAddrSetFamily(&LocalAddr, QUIC_ADDRESS_FAMILY_UNSPEC);
         QuicAddrSetPort(&LocalAddr, PERF_DEFAULT_PORT);
@@ -189,6 +190,7 @@ class PerfServer {
     uint8_t PrintStats {FALSE};
 
     TcpEngine Engine;
+    TcpConfiguration TcpConfig;
     TcpServer Server;
 
     uint32_t DelayMicroseconds {0};

@@ -49,44 +49,45 @@ const uint8_t FixedIv[CXPLAT_MAX_IV_LENGTH] = { 0 };
 
 const QUIC_HKDF_LABELS TcpHkdfLabels = { "tcp key", "tcp iv", "tcp hp", "tcp ku" };
 
-struct LoadSecConfigHelper {
-    LoadSecConfigHelper() : SecConfig(nullptr) { CxPlatEventInitialize(&CallbackEvent, TRUE, FALSE); }
-    ~LoadSecConfigHelper() { CxPlatEventUninitialize(CallbackEvent); }
-    CXPLAT_SEC_CONFIG* Load(const QUIC_CREDENTIAL_CONFIG* CredConfig) {
-        if (QUIC_FAILED(
-            CxPlatTlsSecConfigCreate(
-                CredConfig,
-                CXPLAT_TLS_CREDENTIAL_FLAG_NONE,
-                &TcpEngine::TlsCallbacks,
-                this,
-                SecConfigCallback))) {
-            return nullptr;
-        }
-        CxPlatEventWaitForever(CallbackEvent);
-        return SecConfig;
-    }
-private:
-    static
-    _IRQL_requires_max_(PASSIVE_LEVEL)
-    _Function_class_(CXPLAT_SEC_CONFIG_CREATE_COMPLETE)
-    void
-    QUIC_API
-    SecConfigCallback(
-        _In_ const QUIC_CREDENTIAL_CONFIG* /* CredConfig */,
-        _In_opt_ void* Context,
-        _In_ QUIC_STATUS Status,
-        _In_opt_ CXPLAT_SEC_CONFIG* SecurityConfig
-        )
-    {
-        LoadSecConfigHelper* This = (LoadSecConfigHelper*)Context;
-        if (QUIC_SUCCEEDED(Status)) {
-            This->SecConfig = SecurityConfig;
-        }
-        CxPlatEventSet(This->CallbackEvent);
+TcpConfiguration::TcpConfiguration(const QUIC_CREDENTIAL_CONFIG* CredConfig) noexcept
+{
+    CxPlatEventInitialize(&CallbackEvent, TRUE, FALSE);
+    if (QUIC_FAILED(
+        CxPlatTlsSecConfigCreate(
+            CredConfig,
+            CXPLAT_TLS_CREDENTIAL_FLAG_NONE,
+            &TcpEngine::TlsCallbacks,
+            this,
+            SecConfigCallback))) {
+        CXPLAT_DBG_ASSERT(false);
     }
-    CXPLAT_EVENT CallbackEvent;
-    CXPLAT_SEC_CONFIG* SecConfig;
-};
+    CxPlatEventWaitForever(CallbackEvent);
+    CXPLAT_DBG_ASSERT(SecConfig != nullptr);
+}
+
+TcpConfiguration::~TcpConfiguration() noexcept
+{
+    if (SecConfig) {
+        CxPlatTlsSecConfigDelete(SecConfig);
+    }
+    CxPlatEventUninitialize(CallbackEvent);
+}
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+_Function_class_(CXPLAT_SEC_CONFIG_CREATE_COMPLETE)
+void TcpConfiguration::SecConfigCallback(
+    _In_ const QUIC_CREDENTIAL_CONFIG* /* CredConfig */,
+    _In_opt_ void* Context,
+    _In_ QUIC_STATUS Status,
+    _In_opt_ CXPLAT_SEC_CONFIG* SecurityConfig
+    )
+{
+    TcpConfiguration* This = (TcpConfiguration*)Context;
+    if (QUIC_SUCCEEDED(Status)) {
+        This->SecConfig = SecurityConfig;
+    }
+    CxPlatEventSet(This->CallbackEvent);
+}
 
 // ############################# ENGINE #############################
 
@@ -327,16 +328,12 @@ bool TcpWorker::QueueConnection(TcpConnection* Connection)
 
 // ############################# SERVER #############################
 
-TcpServer::TcpServer(TcpEngine* Engine, const QUIC_CREDENTIAL_CONFIG* CredConfig, void* Context) :
-    Initialized(false), Engine(Engine), SecConfig(nullptr), Listener(nullptr), Context(Context)
+TcpServer::TcpServer(TcpEngine* Engine, TcpConfiguration* Config, void* Context) :
+    Initialized(false), Engine(Engine), SecConfig(Config->SecConfig), Listener(nullptr), Context(Context)
 {
     if (!Engine->IsInitialized()) {
         return;
     }
-    LoadSecConfigHelper Helper;
-    if ((SecConfig = Helper.Load(CredConfig)) == nullptr) {
-        return;
-    }
     Initialized = true;
 }
 
@@ -384,9 +381,9 @@ TcpServer::AcceptCallback(
 
 TcpConnection::TcpConnection(
     TcpEngine* Engine,
-    const QUIC_CREDENTIAL_CONFIG* CredConfig,
+    const TcpConfiguration* Config,
     void* Context) :
-    IsServer(false), Engine(Engine), Context(Context)
+    IsServer(false), Engine(Engine), SecConfig(Config->SecConfig), Context(Context)
 {
     CxPlatRefInitialize(&Ref);
     CxPlatEventInitialize(&CloseComplete, TRUE, FALSE);
@@ -399,11 +396,6 @@ TcpConnection::TcpConnection(
     if (!Engine->IsInitialized()) {
         return;
     }
-    LoadSecConfigHelper Helper;
-    if ((SecConfig = Helper.Load(CredConfig)) == nullptr) {
-        WriteOutput("SecConfig load FAILED\n");
-        return;
-    }
     QuicAddrSetFamily(&Route.LocalAddress, QUIC_ADDRESS_FAMILY_UNSPEC);
     Initialized = true;
 }
@@ -494,9 +486,6 @@ TcpConnection::~TcpConnection()
 
         CxPlatSocketDelete(Socket);
     }
-    if (!IsServer && SecConfig) {
-        CxPlatTlsSecConfigDelete(SecConfig);
-    }
     CXPLAT_DBG_ASSERT(!QueuedOnWorker);
     Engine->RemoveConnection(this);
     CxPlatEventUninitialize(CloseComplete);
@@ -762,7 +751,7 @@ bool TcpConnection::ProcessTls(const uint8_t* Buffer, uint32_t BufferLength)
             &BufferLength,
             &TlsState);
     if (Results & CXPLAT_TLS_RESULT_ERROR) {
-        WriteOutput("CxPlatTlsProcessData FAILED\n");
+        //WriteOutput("CxPlatTlsProcessData FAILED, Alert=0x%hx\n", TlsState.AlertCode);
         return false;
     }
 

@@ -135,23 +135,31 @@ class TcpWorker {
     );
 };
 
-class TcpServer {
-    friend class TcpEngine;
-    bool Initialized;
-    TcpEngine* Engine;
-    CXPLAT_SEC_CONFIG* SecConfig;
-    CXPLAT_SOCKET* Listener;
+class TcpConfiguration {
+    CXPLAT_EVENT CallbackEvent;
     static
     _IRQL_requires_max_(PASSIVE_LEVEL)
     _Function_class_(CXPLAT_SEC_CONFIG_CREATE_COMPLETE)
     void
     QUIC_API
     SecConfigCallback(
-        _In_ const QUIC_CREDENTIAL_CONFIG* CredConfig,
+        _In_ const QUIC_CREDENTIAL_CONFIG* /* CredConfig */,
         _In_opt_ void* Context,
         _In_ QUIC_STATUS Status,
         _In_opt_ CXPLAT_SEC_CONFIG* SecurityConfig
         );
+public:
+    CXPLAT_SEC_CONFIG* SecConfig{nullptr};
+    TcpConfiguration(const QUIC_CREDENTIAL_CONFIG* CredConfig) noexcept;
+    ~TcpConfiguration() noexcept;
+};
+
+class TcpServer {
+    friend class TcpEngine;
+    bool Initialized;
+    TcpEngine* Engine;
+    CXPLAT_SEC_CONFIG* SecConfig;
+    CXPLAT_SOCKET* Listener;
     static
     _IRQL_requires_max_(DISPATCH_LEVEL)
     _Function_class_(CXPLAT_DATAPATH_ACCEPT_CALLBACK)
@@ -164,7 +172,7 @@ class TcpServer {
         );
 public:
     void* Context; // App context
-    TcpServer(TcpEngine* Engine, const QUIC_CREDENTIAL_CONFIG* CredConfig, void* Context = nullptr);
+    TcpServer(TcpEngine* Engine, TcpConfiguration* Config, void* Context = nullptr);
     ~TcpServer();
     bool IsInitialized() const { return Initialized; }
     bool Start(const QUIC_ADDR* LocalAddress);
@@ -274,7 +282,7 @@ class TcpConnection {
     void* Context{nullptr}; // App context
     TcpConnection(
         _In_ TcpEngine* Engine,
-        _In_ const QUIC_CREDENTIAL_CONFIG* CredConfig,
+        _In_ const TcpConfiguration* Config,
         _In_ void* Context = nullptr);
     bool IsInitialized() const { return Initialized; }
     void Close();

@@ -1740,7 +1740,7 @@ CxPlatSocketHandleErrors(
             SocketContext->Binding,
             errno,
             "getsockopt(SO_ERROR) failed");
-    } else {
+    } else if (ErrNum != 0) {
         QuicTraceEvent(
             DatapathErrorStatus,
             "[data][%p] ERROR, %u, %s.",
@@ -1763,11 +1763,7 @@ CxPlatSocketHandleErrors(
                         &SocketContext->Binding->RemoteAddress);
                 }
             }
-        } else if (ErrNum == ENOTSOCK ||
-                   ErrNum == EINTR ||
-                   ErrNum == ECANCELED ||
-                   ErrNum == ECONNABORTED ||
-                   ErrNum == ECONNRESET) {
+        } else {
             if (!SocketContext->Binding->DisconnectIndicated) {
                 SocketContext->Binding->DisconnectIndicated = TRUE;
                 SocketContext->Binding->Datapath->TcpHandlers.Connect(