quic: add SSLKEYLOGFILE support

Author: riptl

src/app/fdctl/config/default.toml

@@ -1101,6 +1101,11 @@ dynamic_port_range = "8900-9000"
         # determines whether the feature is enabled in the validator.
         retry = true
 
+        # Log TLS encryption keys to decrypt QUIC traffic to this file
+        # path in NSS SSLKEYLOGFILE format.  An empty string (the
+        # default) disables key logging.
+        ssl_key_log_file = ""
+
     # Verify tiles perform signature verification of incoming
     # transactions, making sure that the data is well-formed, and that
     # it is signed by the appropriate private key.

src/app/fdctl/topology.c

@@ -385,6 +385,7 @@ fd_topo_initialize( config_t * config ) {
       tile->quic.idle_timeout_millis            = config->tiles.quic.idle_timeout_millis;
       tile->quic.ack_delay_millis               = config->tiles.quic.ack_delay_millis;
       tile->quic.retry                          = config->tiles.quic.retry;
+      fd_cstr_fini( fd_cstr_append_cstr_safe( fd_cstr_init( tile->quic.key_log_path ), config->tiles.quic.ssl_key_log_file, sizeof(tile->quic.key_log_path) ) );
 
     } else if( FD_UNLIKELY( !strcmp( tile->name, "bundle" ) ) ) {
       strncpy( tile->bundle.url, config->tiles.bundle.url, sizeof(tile->bundle.url) );

src/app/firedancer/config/default.toml

@@ -950,6 +950,11 @@ user = ""
         # determines whether the feature is enabled in the validator.
         retry = true
 
+        # Log TLS encryption keys to decrypt QUIC traffic to this file
+        # path in NSS SSLKEYLOGFILE format.  An empty string (the
+        # default) disables key logging.
+        ssl_key_log_file = ""
+
     # Verify tiles perform signature verification of incoming
     # transactions, making sure that the data is well-formed, and that
     # it is signed by the appropriate private key.

src/app/firedancer/topology.c

@@ -916,6 +916,7 @@ fd_topo_configure_tile( fd_topo_tile_t * tile,
       tile->quic.idle_timeout_millis            = config->tiles.quic.idle_timeout_millis;
       tile->quic.ack_delay_millis               = config->tiles.quic.ack_delay_millis;
       tile->quic.retry                          = config->tiles.quic.retry;
+      fd_cstr_fini( fd_cstr_append_cstr_safe( fd_cstr_init( tile->quic.key_log_path ), config->tiles.quic.ssl_key_log_file, sizeof(tile->quic.key_log_path) ) );
 
     } else if( FD_UNLIKELY( !strcmp( tile->name, "verify" ) ) ) {
       tile->verify.tcache_depth = config->tiles.verify.signature_cache_size;

src/app/shared/fd_config.h

@@ -346,6 +346,8 @@ struct fd_config {
       uint idle_timeout_millis;
       uint ack_delay_millis;
       int  retry;
+
+      char ssl_key_log_file[ PATH_MAX ];
     } quic;
 
     struct {

src/app/shared/fd_config_parse.c

@@ -190,6 +190,7 @@ fd_config_extract_pod( uchar *       pod,
   CFG_POP      ( uint,   tiles.quic.idle_timeout_millis                   );
   CFG_POP      ( uint,   tiles.quic.ack_delay_millis                      );
   CFG_POP      ( bool,   tiles.quic.retry                                 );
+  CFG_POP      ( cstr,   tiles.quic.ssl_key_log_file                      );
 
   CFG_POP      ( uint,   tiles.verify.signature_cache_size                );
   CFG_POP      ( uint,   tiles.verify.receive_buffer_size                 );

src/disco/quic/fd_quic_tile.c

@@ -5,15 +5,19 @@
 #include "fd_tpu.h"
 #include "../../waltz/quic/fd_quic_private.h"
 #include "generated/quic_seccomp.h"
+#include "../../util/io/fd_io.h"
 #include "../../util/net/fd_eth.h"
 
 #include <errno.h>
+#include <fcntl.h>
 #include <linux/unistd.h>
 #include <sys/random.h>
 
 #define OUT_IDX_VERIFY 0
 #define OUT_IDX_NET    1
 
+#define FD_QUIC_KEYLOG_FLUSH_INTERVAL_NS ((long)100e6)
+
 /* fd_quic_tile provides a TPU server tile.
 
    This tile handles incoming transactions that clients request to be
@@ -413,10 +417,66 @@ quic_tx_aio_send( void *                    _ctx,
   return FD_AIO_SUCCESS;
 }
 
+static void
+quic_tls_keylog( void *       _ctx,
+                 char const * line ) {
+  fd_quic_ctx_t *            ctx = _ctx;
+  fd_io_buffered_ostream_t * os  = &ctx->keylog_stream;
+
+  /* Lazily flush ostream */
+  ulong line_sz = strlen( line )+1;
+  ulong peek_sz = fd_io_buffered_ostream_peek_sz( os );
+  if( FD_UNLIKELY( peek_sz<line_sz ) ) {
+    int err = fd_io_buffered_ostream_flush( os );
+    if( FD_UNLIKELY( err ) ) {
+      FD_LOG_ERR(( "fd_io_buffered_ostream_flush(keylog) failed (%i-%s)", errno, fd_io_strerror( errno ) ));
+    }
+    peek_sz = fd_io_buffered_ostream_peek_sz( os );
+  }
+  if( FD_UNLIKELY( peek_sz<line_sz ) ) {
+    FD_LOG_ERR(( "keylog buffer too small (buf_sz=%lu, line_sz=%lu)", peek_sz, line_sz ));
+  }
+
+  /* Append line */
+  char * cur = fd_io_buffered_ostream_peek( os );
+  cur = fd_cstr_append_text( cur, line, strlen( line ) );
+  cur = fd_cstr_append_char( cur, '\n' );
+  fd_io_buffered_ostream_seek( os, line_sz );
+}
+
+static void
+during_housekeeping( fd_quic_ctx_t * ctx ) {
+  if( FD_UNLIKELY( ctx->keylog_stream.wbuf ) ) {
+    long now = fd_log_wallclock();
+    if( FD_UNLIKELY( now > ctx->keylog_next_flush ) ) {
+      int err = fd_io_buffered_ostream_flush( &ctx->keylog_stream );
+      if( FD_UNLIKELY( err ) ) {
+        FD_LOG_ERR(( "fd_io_buffered_ostream_flush(keylog) failed (%i-%s)", errno, fd_io_strerror( errno ) ));
+      }
+      ctx->keylog_next_flush = now + FD_QUIC_KEYLOG_FLUSH_INTERVAL_NS;
+    }
+  }
+}
+
 static void
 privileged_init( fd_topo_t *      topo,
                  fd_topo_tile_t * tile ) {
-  (void)topo; (void)tile;
+  fd_quic_ctx_t * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
+  if( FD_UNLIKELY( topo->objs[ tile->tile_obj_id ].footprint < scratch_footprint( tile ) ) ) {
+    FD_LOG_ERR(( "insufficient tile scratch space" ));
+  }
+  fd_memset( ctx, 0, sizeof(fd_quic_ctx_t) );
+  ctx->keylog_fd = -1;
+
+  if( 0!=strcmp( tile->quic.key_log_path, "" ) ) {
+    ctx->keylog_fd = open( tile->quic.key_log_path, O_WRONLY|O_CREAT|O_APPEND, 0644 );
+    if( FD_UNLIKELY( ctx->keylog_fd<0 ) ) {
+      FD_LOG_ERR(( "open(%s, O_WRONLY|O_CREAT|O_APPEND, 0644) failed (%i-%s)",
+                   tile->quic.key_log_path, errno, fd_io_strerror( errno ) ));
+    }
+    fd_io_buffered_ostream_init( &ctx->keylog_stream, ctx->keylog_fd, ctx->keylog_buf, sizeof(ctx->keylog_buf) );
+    FD_LOG_WARNING(( "Logging QUIC encryption keys to %s", tile->quic.key_log_path ));
+  }
 
   /* The fd_quic implementation calls fd_log_wallclock() internally
      which itself calls clock_gettime() which on most kernels is not a
@@ -444,9 +504,6 @@ static void
 unprivileged_init( fd_topo_t *      topo,
                    fd_topo_tile_t * tile ) {
   void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
-  if( FD_UNLIKELY( topo->objs[ tile->tile_obj_id ].footprint < scratch_footprint( tile ) ) ) {
-    FD_LOG_ERR(( "insufficient tile scratch space" ));
-  }
 
   if( FD_UNLIKELY( tile->in_cnt==0 ) ) {
     FD_LOG_ERR(( "quic tile has no input links" ));
@@ -472,7 +529,7 @@ unprivileged_init( fd_topo_t *      topo,
 
   FD_SCRATCH_ALLOC_INIT( l, scratch );
   fd_quic_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_quic_ctx_t ), sizeof( fd_quic_ctx_t ) );
-  fd_memset( ctx, 0, sizeof(fd_quic_ctx_t) );
+  FD_TEST( (ulong)ctx==(ulong)scratch );
 
   for( ulong i=0; i<tile->in_cnt; i++ ) {
     fd_topo_link_t * link = &topo->links[ tile->in_link_id[ i ] ];
@@ -524,6 +581,10 @@ unprivileged_init( fd_topo_t *      topo,
   quic->cb.now              = quic_now;
   quic->cb.now_ctx          = ctx;
   quic->cb.quic_ctx         = ctx;
+  if( ctx->keylog_fd>=0 ) {
+    quic->cb.tls_keylog = quic_tls_keylog;
+    ctx->keylog_next_flush = fd_log_wallclock() + FD_QUIC_KEYLOG_FLUSH_INTERVAL_NS;
+  }
 
   fd_quic_set_aio_net_tx( quic, quic_tx_aio );
   fd_quic_set_clock_tickcount( quic );
@@ -564,10 +625,8 @@ populate_allowed_seccomp( fd_topo_t const *      topo,
                           fd_topo_tile_t const * tile,
                           ulong                  out_cnt,
                           struct sock_filter *   out ) {
-  (void)topo;
-  (void)tile;
-
-  populate_sock_filter_policy_quic( out_cnt, out, (uint)fd_log_private_logfile_fd() );
+  fd_quic_ctx_t const * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
+  populate_sock_filter_policy_quic( out_cnt, out, (uint)fd_log_private_logfile_fd(), (uint)ctx->keylog_fd );
   return sock_filter_policy_quic_instr_cnt;
 }
 
@@ -576,15 +635,16 @@ populate_allowed_fds( fd_topo_t const *      topo,
                       fd_topo_tile_t const * tile,
                       ulong                  out_fds_cnt,
                       int *                  out_fds ) {
-  (void)topo;
-  (void)tile;
+  fd_quic_ctx_t * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
 
-  if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
+  if( FD_UNLIKELY( out_fds_cnt<3UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
 
   ulong out_cnt = 0UL;
   out_fds[ out_cnt++ ] = 2; /* stderr */
   if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
     out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
+  if( ctx->keylog_fd!=-1 )
+    out_fds[ out_cnt++ ] = ctx->keylog_fd;
   return out_cnt;
 }
 
@@ -594,11 +654,12 @@ populate_allowed_fds( fd_topo_t const *      topo,
 #define STEM_CALLBACK_CONTEXT_TYPE  fd_quic_ctx_t
 #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_quic_ctx_t)
 
-#define STEM_CALLBACK_METRICS_WRITE metrics_write
-#define STEM_CALLBACK_BEFORE_CREDIT before_credit
-#define STEM_CALLBACK_BEFORE_FRAG   before_frag
-#define STEM_CALLBACK_DURING_FRAG   during_frag
-#define STEM_CALLBACK_AFTER_FRAG    after_frag
+#define STEM_CALLBACK_METRICS_WRITE       metrics_write
+#define STEM_CALLBACK_BEFORE_CREDIT       before_credit
+#define STEM_CALLBACK_BEFORE_FRAG         before_frag
+#define STEM_CALLBACK_DURING_FRAG         during_frag
+#define STEM_CALLBACK_AFTER_FRAG          after_frag
+#define STEM_CALLBACK_DURING_HOUSEKEEPING during_housekeeping
 
 #include "../stem/fd_stem.c"
 

src/disco/quic/fd_quic_tile.h

@@ -6,6 +6,7 @@
 #include "../topo/fd_topo.h"
 #include "../net/fd_net_tile.h"
 #include "../../waltz/quic/fd_quic.h"
+#include "../../util/io/fd_io.h"
 
 #define FD_QUIC_TILE_IN_MAX (8UL)
 
@@ -39,6 +40,11 @@ typedef struct {
 
   fd_wksp_t * verify_out_mem;
 
+  long                     keylog_next_flush;
+  int                      keylog_fd;
+  fd_io_buffered_ostream_t keylog_stream;
+  char                     keylog_buf[ 4096 ];
+
   struct {
     ulong txns_received_udp;
     ulong txns_received_quic_fast;

src/disco/quic/generated/quic_seccomp.h

@@ -21,32 +21,36 @@
 #else
 # error "Target architecture is unsupported by seccomp."
 #endif
-static const unsigned int sock_filter_policy_quic_instr_cnt = 15;
+static const unsigned int sock_filter_policy_quic_instr_cnt = 17;
 
-static void populate_sock_filter_policy_quic( ulong out_cnt, struct sock_filter * out, unsigned int logfile_fd) {
-  FD_TEST( out_cnt >= 15 );
-  struct sock_filter filter[15] = {
+static void populate_sock_filter_policy_quic( ulong out_cnt, struct sock_filter * out, uint logfile_fd, uint keylog_fd) {
+  FD_TEST( out_cnt >= 17 );
+  struct sock_filter filter[17] = {
     /* Check: Jump to RET_KILL_PROCESS if the script's arch != the runtime arch */
     BPF_STMT( BPF_LD | BPF_W | BPF_ABS, ( offsetof( struct seccomp_data, arch ) ) ),
-    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, ARCH_NR, 0, /* RET_KILL_PROCESS */ 11 ),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, ARCH_NR, 0, /* RET_KILL_PROCESS */ 13 ),
     /* loading syscall number in accumulator */
     BPF_STMT( BPF_LD | BPF_W | BPF_ABS, ( offsetof( struct seccomp_data, nr ) ) ),
     /* allow write based on expression */
     BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_write, /* check_write */ 3, 0 ),
     /* allow fsync based on expression */
-    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_fsync, /* check_fsync */ 6, 0 ),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_fsync, /* check_fsync */ 8, 0 ),
     /* simply allow getrandom */
-    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_getrandom, /* RET_ALLOW */ 8, 0 ),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_getrandom, /* RET_ALLOW */ 10, 0 ),
     /* none of the syscalls matched */
-    { BPF_JMP | BPF_JA, 0, 0, /* RET_KILL_PROCESS */ 6 },
+    { BPF_JMP | BPF_JA, 0, 0, /* RET_KILL_PROCESS */ 8 },
 //  check_write:
     /* load syscall argument 0 in accumulator */
     BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
-    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_ALLOW */ 5, /* lbl_1 */ 0 ),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_ALLOW */ 7, /* lbl_1 */ 0 ),
 //  lbl_1:
     /* load syscall argument 0 in accumulator */
     BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
-    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_ALLOW */ 3, /* RET_KILL_PROCESS */ 2 ),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_ALLOW */ 5, /* lbl_2 */ 0 ),
+//  lbl_2:
+    /* load syscall argument 0 in accumulator */
+    BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
+    BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, keylog_fd, /* RET_ALLOW */ 3, /* RET_KILL_PROCESS */ 2 ),
 //  check_fsync:
     /* load syscall argument 0 in accumulator */
     BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),

src/disco/quic/quic.seccomppolicy

@@ -1,6 +1,6 @@
 # logfile_fd: It can be disabled by configuration, but typically tiles
 #             will open a log file on boot and write all messages there.
-unsigned int logfile_fd
+uint logfile_fd, uint keylog_fd
 
 # logging: all log messages are written to a file and/or pipe
 #
@@ -10,7 +10,8 @@ unsigned int logfile_fd
 # arg 0 is the file descriptor to write to.  The boot process ensures
 # that descriptor 2 is always STDERR.
 write: (or (eq (arg 0) 2)
-           (eq (arg 0) logfile_fd))
+           (eq (arg 0) logfile_fd)
+           (eq (arg 0) keylog_fd))
 
 # logging: 'WARNING' and above fsync the logfile to disk immediately
 #