-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement MsQuicConfiguration cache #99371
Merged
rzikm
merged 12 commits into
dotnet:main
from
rzikm:98354-QUIC-MsQuicConfiguration-cache
Mar 21, 2024
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
8b81795
Implement MsQuicConfiguration cache
rzikm 6f94f38
Fix creds with custom cipher suites
rzikm 34c314d
Polishing
rzikm 6825c3a
Dispose discarded handle when racing to add into cache
rzikm b5689a5
Shuffle code around, add AppCtx switch for disabling
rzikm 40c4bc2
Code review feedback
rzikm 82965d2
Add comments, minor fixes
rzikm 0578632
Fix failing test on Windows
rzikm 8e26582
Code review feedback
rzikm c1ddffb
Apply suggestions from code review
rzikm ebab536
Code review changes
rzikm 3e82d24
Merge branch 'main' into 98354-QUIC-MsQuicConfiguration-cache
rzikm File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
235 changes: 235 additions & 0 deletions
235
src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicConfiguration.Cache.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,235 @@ | ||
// Licensed to the .NET Foundation under one or more agreements. | ||
// The .NET Foundation licenses this file to you under the MIT license. | ||
|
||
using System.Diagnostics; | ||
using System.Collections.Generic; | ||
using System.Collections.Concurrent; | ||
using System.Collections.ObjectModel; | ||
using System.Security.Authentication; | ||
using System.Net.Security; | ||
using System.Security.Cryptography.X509Certificates; | ||
using System.Threading; | ||
using Microsoft.Quic; | ||
|
||
namespace System.Net.Quic; | ||
|
||
internal static partial class MsQuicConfiguration | ||
{ | ||
private const int CheckExpiredModulo = 32; | ||
|
||
private const string DisableCacheEnvironmentVariable = "DOTNET_SYSTEM_NET_QUIC_DISABLE_CONFIGURATION_CACHE"; | ||
private const string DisableCacheCtxSwitch = "System.Net.Quic.DisableConfigurationCache"; | ||
|
||
internal static bool ConfigurationCacheEnabled { get; } = GetConfigurationCacheEnabled(); | ||
private static bool GetConfigurationCacheEnabled() | ||
{ | ||
// AppContext switch takes precedence | ||
if (AppContext.TryGetSwitch(DisableCacheCtxSwitch, out bool value)) | ||
{ | ||
return !value; | ||
} | ||
else | ||
{ | ||
// check environment variable | ||
return | ||
Environment.GetEnvironmentVariable(DisableCacheEnvironmentVariable) is string envVar && | ||
!(envVar == "1" || envVar.Equals("true", StringComparison.OrdinalIgnoreCase)); | ||
} | ||
} | ||
|
||
private static readonly ConcurrentDictionary<CacheKey, MsQuicConfigurationSafeHandle> s_configurationCache = new(); | ||
|
||
private readonly struct CacheKey : IEquatable<CacheKey> | ||
{ | ||
public readonly List<byte[]> CertificateThumbprints; | ||
public readonly QUIC_CREDENTIAL_FLAGS Flags; | ||
public readonly QUIC_SETTINGS Settings; | ||
public readonly List<SslApplicationProtocol> ApplicationProtocols; | ||
public readonly QUIC_ALLOWED_CIPHER_SUITE_FLAGS AllowedCipherSuites; | ||
|
||
public CacheKey(QUIC_SETTINGS settings, QUIC_CREDENTIAL_FLAGS flags, X509Certificate? certificate, ReadOnlyCollection<X509Certificate2>? intermediates, List<SslApplicationProtocol> alpnProtocols, QUIC_ALLOWED_CIPHER_SUITE_FLAGS allowedCipherSuites) | ||
{ | ||
CertificateThumbprints = certificate == null ? new List<byte[]>() : new List<byte[]> { certificate.GetCertHash() }; | ||
|
||
if (intermediates != null) | ||
{ | ||
foreach (X509Certificate2 intermediate in intermediates) | ||
{ | ||
CertificateThumbprints.Add(intermediate.GetCertHash()); | ||
} | ||
} | ||
|
||
Flags = flags; | ||
Settings = settings; | ||
// make defensive copy to prevent modification (the list comes from user code) | ||
ApplicationProtocols = new List<SslApplicationProtocol>(alpnProtocols); | ||
AllowedCipherSuites = allowedCipherSuites; | ||
} | ||
|
||
public override bool Equals(object? obj) => obj is CacheKey key && Equals(key); | ||
|
||
public bool Equals(CacheKey other) | ||
{ | ||
if (CertificateThumbprints.Count != other.CertificateThumbprints.Count) | ||
{ | ||
return false; | ||
} | ||
|
||
for (int i = 0; i < CertificateThumbprints.Count; i++) | ||
{ | ||
if (!CertificateThumbprints[i].AsSpan().SequenceEqual(other.CertificateThumbprints[i])) | ||
{ | ||
return false; | ||
} | ||
} | ||
|
||
if (ApplicationProtocols.Count != other.ApplicationProtocols.Count) | ||
{ | ||
return false; | ||
} | ||
|
||
for (int i = 0; i < ApplicationProtocols.Count; i++) | ||
{ | ||
if (ApplicationProtocols[i] != other.ApplicationProtocols[i]) | ||
{ | ||
return false; | ||
} | ||
} | ||
|
||
return | ||
Flags == other.Flags && | ||
Settings.Equals(other.Settings) && | ||
AllowedCipherSuites == other.AllowedCipherSuites; | ||
} | ||
|
||
public override int GetHashCode() | ||
{ | ||
HashCode hash = default; | ||
|
||
foreach (var thumbprint in CertificateThumbprints) | ||
{ | ||
hash.AddBytes(thumbprint); | ||
} | ||
|
||
hash.Add(Flags); | ||
hash.Add(Settings); | ||
|
||
foreach (var protocol in ApplicationProtocols) | ||
{ | ||
hash.AddBytes(protocol.Protocol.Span); | ||
} | ||
|
||
hash.Add(AllowedCipherSuites); | ||
|
||
return hash.ToHashCode(); | ||
} | ||
} | ||
|
||
private static MsQuicConfigurationSafeHandle GetCachedCredentialOrCreate(QUIC_SETTINGS settings, QUIC_CREDENTIAL_FLAGS flags, X509Certificate? certificate, ReadOnlyCollection<X509Certificate2>? intermediates, List<SslApplicationProtocol> alpnProtocols, QUIC_ALLOWED_CIPHER_SUITE_FLAGS allowedCipherSuites) | ||
{ | ||
CacheKey key = new CacheKey(settings, flags, certificate, intermediates, alpnProtocols, allowedCipherSuites); | ||
|
||
MsQuicConfigurationSafeHandle? handle; | ||
|
||
if (s_configurationCache.TryGetValue(key, out handle) && handle.TryAddRentCount()) | ||
{ | ||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"Found cached MsQuicConfiguration: {handle}."); | ||
} | ||
return handle; | ||
} | ||
|
||
// if we get here, the handle is either not in the cache, or we lost the race between | ||
// TryAddRentCount on this thread and MarkForDispose on another thread doing cache cleanup. | ||
// In either case, we need to create a new handle. | ||
|
||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"MsQuicConfiguration not found in cache, creating new."); | ||
} | ||
|
||
handle = CreateInternal(settings, flags, certificate, intermediates, alpnProtocols, allowedCipherSuites); | ||
handle.TryAddRentCount(); // we are the first renter | ||
ManickaP marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
MsQuicConfigurationSafeHandle cached; | ||
do | ||
{ | ||
cached = s_configurationCache.GetOrAdd(key, handle); | ||
} | ||
// If we get the same handle back, we successfully added it to the cache and we are done. | ||
// If we get a different handle back, we need to increase the rent count. | ||
// If we fail to add the rent count, then the existing/cached handle is in process of | ||
// being removed from the cache and we can try again, eventually either succeeding to add our | ||
// new handle or getting a fresh handle inserted by another thread meanwhile. | ||
while (cached != handle && !cached.TryAddRentCount()); | ||
|
||
if (cached != handle) | ||
{ | ||
// we lost a race with another thread to insert new handle into the cache | ||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"Discarding MsQuicConfiguration {handle} (preferring cached {cached})."); | ||
} | ||
|
||
// First dispose decrements the rent count we added before attempting the cache insertion | ||
// and second closes the handle | ||
handle.Dispose(); | ||
handle.Dispose(); | ||
Debug.Assert(handle.IsClosed); | ||
|
||
return cached; | ||
} | ||
|
||
// we added a new handle, check if we need to cleanup | ||
var count = s_configurationCache.Count; | ||
if (count % CheckExpiredModulo == 0) | ||
{ | ||
// let only one thread perform cleanup at a time | ||
lock (s_configurationCache) | ||
{ | ||
// check again, if another thread just cleaned up (and cached count went down) we are unlikely | ||
// to clean anything | ||
if (s_configurationCache.Count >= count) | ||
{ | ||
CleanupCache(); | ||
} | ||
} | ||
} | ||
|
||
return handle; | ||
} | ||
|
||
private static void CleanupCache() | ||
{ | ||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"Cleaning up MsQuicConfiguration cache, current size: {s_configurationCache.Count}."); | ||
} | ||
|
||
foreach ((CacheKey key, MsQuicConfigurationSafeHandle handle) in s_configurationCache) | ||
{ | ||
if (!handle.TryMarkForDispose()) | ||
{ | ||
// handle in use | ||
continue; | ||
} | ||
|
||
// the handle is not in use and has been marked such that no new rents can be added. | ||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"Removing cached MsQuicConfiguration {handle}."); | ||
} | ||
|
||
bool removed = s_configurationCache.TryRemove(key, out _); | ||
Debug.Assert(removed); | ||
handle.Dispose(); | ||
Debug.Assert(handle.IsClosed); | ||
} | ||
|
||
if (NetEventSource.Log.IsEnabled()) | ||
{ | ||
NetEventSource.Info(null, $"Cleaning up MsQuicConfiguration cache, new size: {s_configurationCache.Count}."); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious, why do we need an escape hatch for this one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although I have tried to stress the cache to hammer out the possible weird concurrency bugs (and did not find any in the last version), I prefer to have an option to disable it in case a customer hits an issue.