From 336b43d1038235cd29ddc55b724e5fa39d038b0d Mon Sep 17 00:00:00 2001
From: biathlon3 <ag@tempesta-tech.com>
Date: Mon, 20 May 2024 10:41:48 +0400
Subject: [PATCH] The code was changed considering the review.

---
 fw/sock_clnt.c |  1 -
 fw/tls.c       | 39 +++++++++++++++++----------------------
 2 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/fw/sock_clnt.c b/fw/sock_clnt.c
index 87edeee6f..6724f8891 100644
--- a/fw/sock_clnt.c
+++ b/fw/sock_clnt.c
@@ -435,7 +435,6 @@ tfw_sk_prepare_xmit(struct sock *sk, struct sk_buff *skb, unsigned int mss_now,
 	BUG_ON(!conn);
 
 	*nskbs = UINT_MAX;
-
 	h2_mode = TFW_CONN_PROTO(conn) == TFW_FSM_H2;
 	if (h2_mode)
 		r = tfw_h2_sk_prepare_xmit(sk, skb, mss_now, limit, nskbs);
diff --git a/fw/tls.c b/fw/tls.c
index 255e483df..109f6803a 100644
--- a/fw/tls.c
+++ b/fw/tls.c
@@ -953,10 +953,19 @@ tfw_tls_sni(TlsCtx *ctx, const unsigned char *data, size_t len)
 static inline int
 tfw_tls_over(TlsCtx *tls, int state)
 {
+	int sk_proto = ((SsProto *)tls->sk->sk_user_data)->type;
+	TfwConn *conn = (TfwConn*)tls->sk->sk_user_data;
+
 	if (state == TTLS_HS_CB_FINISHED_NEW
 	    || state == TTLS_HS_CB_FINISHED_RESUMED)
 		TFW_INC_STAT_BH(serv.tls_hs_successful);
 
+	if (TFW_FSM_TYPE(sk_proto) == TFW_FSM_H2 &&
+	    tfw_h2_context_init(tfw_h2_context(conn))) {
+		    T_ERR("cannot establish a new h2 connection\n");
+		    return T_DROP;
+	}
+
 	return frang_tls_handler(tls, state);
 }
 
@@ -975,35 +984,21 @@ tfw_tls_alpn_match(const TlsCtx *tls, const ttls_alpn_proto *alpn)
 	int sk_proto = ((SsProto *)tls->sk->sk_user_data)->type;
 	TfwConn *conn = (TfwConn*)tls->sk->sk_user_data;
 
-	if (TFW_FSM_TYPE(sk_proto) == TFW_FSM_H2
-	    && alpn->id == TTLS_ALPN_ID_HTTP2) {
-		if (tfw_h2_context_init(tfw_h2_context(conn))) {
-			T_ERR("cannot establish a new h2 connection\n");
-			return false;
-		}
+	/* Downgrade from HTTP2 to HTTP1. */
+	if (sk_proto & Conn_Negotiable && alpn->id == TTLS_ALPN_ID_HTTP1) {
+		conn->proto.type = (conn->proto.type & ~TFW_GFSM_FSM_MASK) |
+					TFW_FSM_HTTPS;
 		return true;
 	}
 
+	if (TFW_FSM_TYPE(sk_proto) == TFW_FSM_H2
+	    && alpn->id == TTLS_ALPN_ID_HTTP2)
+		return true;
+
 	if (TFW_FSM_TYPE(sk_proto) == TFW_FSM_HTTPS
 	    && alpn->id == TTLS_ALPN_ID_HTTP1)
 		return true;
 
-	if ((sk_proto & Conn_Negotiable)) {
-	    if (alpn->id == TTLS_ALPN_ID_HTTP1) {
-			conn->proto.type = (conn->proto.type &
-					    ~TFW_GFSM_FSM_MASK) |
-					   TFW_FSM_HTTPS;
-			return true;
-		}
-		if (alpn->id == TTLS_ALPN_ID_HTTP2) {
-			if (tfw_h2_context_init(tfw_h2_context(conn))) {
-				T_ERR("cannot establish a new h2 connection\n");
-				return false;
-			}
-			return true;
-		}
-	}
-
 	return false;
 }