Mercurial > hg > nginx-quic
annotate src/event/ngx_event_quic.c @ 7691:714a19dba6af quic
Style and handlers.
Cleanup in ngx_event_quic.c:
+ reorderded functions, structures
+ added missing prototypes
+ added separate handlers for each frame type
+ numerous indentation/comments/TODO fixes
+ removed non-implemented qc->state and corresponding enum;
this requires deep thinking, stub was unused.
+ streams inside quic connection are now in own structure
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 18 Mar 2020 13:02:19 +0300 |
parents | ae35ccba7aa6 |
children | cfc429911c0d |
rev | line source |
---|---|
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
2 /* |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
4 */ |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
5 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
6 |
7637 | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
9 #include <ngx_event.h> |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
10 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
11 |
7691 | 12 typedef struct { |
13 ngx_rbtree_node_t node; | |
14 ngx_buf_t *b; | |
15 ngx_connection_t *c; | |
16 ngx_quic_stream_t s; | |
17 } ngx_quic_stream_node_t; | |
18 | |
19 | |
20 typedef struct { | |
21 ngx_rbtree_t tree; | |
22 ngx_rbtree_node_t sentinel; | |
23 ngx_msec_t timeout; | |
24 ngx_connection_handler_pt handler; | |
25 } ngx_quic_streams_t; | |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
26 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
27 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
28 struct ngx_quic_connection_s { |
7691 | 29 ngx_str_t scid; |
30 ngx_str_t dcid; | |
31 ngx_str_t token; | |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
32 |
7691 | 33 /* current packet numbers for each namespace */ |
34 ngx_uint_t initial_pn; | |
35 ngx_uint_t handshake_pn; | |
36 ngx_uint_t appdata_pn; | |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
37 |
7691 | 38 ngx_quic_secrets_t secrets; |
39 ngx_ssl_t *ssl; | |
40 ngx_quic_frame_t *frames; | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
41 |
7691 | 42 ngx_quic_streams_t streams; |
43 }; | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
44 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
45 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
46 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
47 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
48 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
49 const uint8_t *secret, size_t secret_len); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
50 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
51 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
52 const uint8_t *secret, size_t secret_len); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
53 #else |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
54 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
55 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
56 const uint8_t *write_secret, size_t secret_len); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
57 #endif |
7691 | 58 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
59 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
60 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
61 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
62 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
63 enum ssl_encryption_level_t level, uint8_t alert); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
64 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
65 |
7691 | 66 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
67 ngx_quic_header_t *pkt); | |
68 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); | |
69 static void ngx_quic_handshake_handler(ngx_event_t *rev); | |
70 static void ngx_quic_close_connection(ngx_connection_t *c); | |
71 | |
72 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b); | |
73 static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c, | |
74 ngx_quic_header_t *pkt); | |
75 static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c, | |
76 ngx_quic_header_t *pkt); | |
77 static ngx_int_t ngx_quic_app_input(ngx_connection_t *c, | |
78 ngx_quic_header_t *pkt); | |
79 static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c, | |
80 ngx_quic_header_t *pkt); | |
81 | |
82 static ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c, | |
83 ngx_quic_header_t *pkt, ngx_quic_ack_frame_t *f); | |
84 static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c, | |
85 ngx_quic_header_t *pkt, ngx_quic_crypto_frame_t *frame); | |
86 static ngx_int_t ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
87 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *frame); | |
88 | |
89 static void ngx_quic_queue_frame(ngx_quic_connection_t *qc, | |
90 ngx_quic_frame_t *frame); | |
91 | |
92 static ngx_int_t ngx_quic_output(ngx_connection_t *c); | |
93 ngx_int_t ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
94 ngx_quic_frame_t *end, size_t total); | |
95 static ngx_int_t ngx_quic_send_packet(ngx_connection_t *c, | |
96 ngx_quic_connection_t *qc, enum ssl_encryption_level_t level, | |
97 ngx_str_t *payload); | |
98 | |
99 | |
100 static void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
101 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | |
102 static ngx_quic_stream_node_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree, | |
103 ngx_uint_t key); | |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
104 static ssize_t ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
105 size_t size); |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
106 static ssize_t ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
107 size_t size); |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
108 static ngx_chain_t *ngx_quic_stream_send_chain(ngx_connection_t *c, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
109 ngx_chain_t *in, off_t limit); |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
110 |
7691 | 111 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
112 static SSL_QUIC_METHOD quic_method = { |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
113 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
114 ngx_quic_set_read_secret, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
115 ngx_quic_set_write_secret, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
116 #else |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
117 ngx_quic_set_encryption_secrets, |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
118 #endif |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
119 ngx_quic_add_handshake_data, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
120 ngx_quic_flush_flight, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
121 ngx_quic_send_alert, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
122 }; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
123 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
124 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
125 void |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
126 ngx_quic_init_ssl_methods(SSL_CTX* ctx) |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
127 { |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
128 SSL_CTX_set_quic_method(ctx, &quic_method); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
129 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
130 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
131 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
132 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
133 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
134 static int |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
135 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
136 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
137 const uint8_t *rsecret, size_t secret_len) |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
138 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
139 ngx_connection_t *c; |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
140 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
141 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
142 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
143 ngx_quic_hexdump(c->log, "level:%d read secret", |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
144 rsecret, secret_len, level); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
145 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
146 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
147 rsecret, secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
148 &c->quic->secrets.client); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
149 } |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
150 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
151 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
152 static int |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
153 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
154 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
155 const uint8_t *wsecret, size_t secret_len) |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
156 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
157 ngx_connection_t *c; |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
158 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
159 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
160 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
161 ngx_quic_hexdump(c->log, "level:%d write secret", |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
162 wsecret, secret_len, level); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
163 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
164 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
165 wsecret, secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
166 &c->quic->secrets.server); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
167 } |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
168 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
169 #else |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
170 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
171 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
172 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
173 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
174 const uint8_t *wsecret, size_t secret_len) |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
175 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
176 ngx_int_t rc; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
177 ngx_connection_t *c; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
178 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
179 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
180 |
7688
bec4cd55361e
Fixed a typo with OpenSSL.
Vladimir Homutov <vl@nginx.com>
parents:
7687
diff
changeset
|
181 ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
182 ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
183 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
184 rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
185 rsecret, secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
186 &c->quic->secrets.client); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
187 if (rc != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
188 return rc; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
189 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
190 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
191 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
192 wsecret, secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
193 &c->quic->secrets.server); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
194 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
195 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
196 #endif |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
197 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
198 |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
199 static int |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
200 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
201 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
202 { |
7691 | 203 u_char *p; |
204 ngx_quic_frame_t *frame; | |
205 ngx_connection_t *c; | |
206 ngx_quic_connection_t *qc; | |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
207 |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
208 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
209 qc = c->quic; |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
210 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
211 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
212 "ngx_quic_add_handshake_data"); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
213 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
214 frame = ngx_pcalloc(c->pool, sizeof(ngx_quic_frame_t)); |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
215 if (frame == NULL) { |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
216 return 0; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
217 } |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
218 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
219 p = ngx_pnalloc(c->pool, len); |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
220 if (p == NULL) { |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
221 return 0; |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
222 } |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
223 |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
224 ngx_memcpy(p, data, len); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
225 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
226 frame->level = level; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
227 frame->type = NGX_QUIC_FT_CRYPTO; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
228 frame->u.crypto.len = len; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
229 frame->u.crypto.data = p; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
230 |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
231 ngx_sprintf(frame->info, "crypto, generated by SSL len=%ui level=%d", len, level); |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
232 |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
233 ngx_quic_queue_frame(qc, frame); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
234 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
235 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
236 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
237 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
238 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
239 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
240 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
241 { |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
242 ngx_connection_t *c; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
243 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
244 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
245 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
246 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_quic_flush_flight()"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
247 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
248 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
249 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
250 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
251 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
252 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
253 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
254 uint8_t alert) |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
255 { |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
256 ngx_connection_t *c; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
257 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
258 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
259 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
260 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
261 "ngx_quic_send_alert(), lvl=%d, alert=%d", |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
262 (int) level, (int) alert); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
263 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
264 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
265 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
266 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
267 |
7691 | 268 void |
269 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout, | |
270 ngx_connection_handler_pt handler) | |
271 { | |
272 ngx_buf_t *b; | |
273 ngx_quic_header_t pkt; | |
274 | |
275 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic handshake"); | |
276 | |
277 c->log->action = "QUIC handshaking"; | |
278 | |
279 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | |
280 | |
281 b = c->buffer; | |
282 | |
283 pkt.log = c->log; | |
284 pkt.raw = b; | |
285 pkt.data = b->start; | |
286 pkt.len = b->last - b->start; | |
287 | |
288 if (ngx_quic_new_connection(c, ssl, &pkt) != NGX_OK) { | |
289 ngx_quic_close_connection(c); | |
290 return; | |
291 } | |
292 | |
293 // we don't need stream handler for initial packet processing | |
294 c->quic->streams.handler = handler; | |
295 c->quic->streams.timeout = timeout; | |
296 | |
297 ngx_add_timer(c->read, timeout); | |
298 | |
299 c->read->handler = ngx_quic_handshake_handler; | |
300 | |
301 return; | |
302 } | |
303 | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
304 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
305 static ngx_int_t |
7691 | 306 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
307 ngx_quic_header_t *pkt) | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
308 { |
7691 | 309 ngx_quic_connection_t *qc; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
310 |
7691 | 311 if (ngx_buf_size(pkt->raw) < 1200) { |
312 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); | |
313 return NGX_ERROR; | |
314 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
315 |
7691 | 316 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
317 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
318 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
319 |
7691 | 320 if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_INITIAL) { |
321 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
322 "invalid initial packet: 0x%xi", pkt->flags); | |
323 return NGX_ERROR; | |
324 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
325 |
7691 | 326 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
327 return NGX_ERROR; | |
328 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
329 |
7691 | 330 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
331 if (qc == NULL) { | |
332 return NGX_ERROR; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
333 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
334 |
7691 | 335 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
336 ngx_quic_rbtree_insert_stream); | |
337 | |
338 c->quic = qc; | |
339 qc->ssl = ssl; | |
340 | |
341 qc->dcid.len = pkt->dcid.len; | |
342 qc->dcid.data = ngx_pnalloc(c->pool, pkt->dcid.len); | |
343 if (qc->dcid.data == NULL) { | |
344 return NGX_ERROR; | |
345 } | |
346 ngx_memcpy(qc->dcid.data, pkt->dcid.data, qc->dcid.len); | |
347 | |
348 qc->scid.len = pkt->scid.len; | |
349 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); | |
350 if (qc->scid.data == NULL) { | |
351 return NGX_ERROR; | |
352 } | |
353 ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len); | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
354 |
7691 | 355 qc->token.len = pkt->token.len; |
356 qc->token.data = ngx_pnalloc(c->pool, qc->token.len); | |
357 if (qc->token.data == NULL) { | |
358 return NGX_ERROR; | |
359 } | |
360 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); | |
361 | |
362 | |
363 if (ngx_quic_set_initial_secret(c->pool, &qc->secrets, &qc->dcid) | |
364 != NGX_OK) | |
365 { | |
366 return NGX_ERROR; | |
367 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
368 |
7691 | 369 pkt->secret = &qc->secrets.client.in; |
370 pkt->level = ssl_encryption_initial; | |
371 | |
372 if (ngx_quic_decrypt(c->pool, NULL, pkt) != NGX_OK) { | |
373 return NGX_ERROR; | |
374 } | |
375 | |
376 if (ngx_quic_init_connection(c) != NGX_OK) { | |
377 return NGX_ERROR; | |
378 } | |
379 | |
380 return ngx_quic_payload_handler(c, pkt); | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
381 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
382 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
383 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
384 static ngx_int_t |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
385 ngx_quic_init_connection(ngx_connection_t *c) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
386 { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
387 int n, sslerr; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
388 ngx_ssl_conn_t *ssl_conn; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
389 ngx_quic_connection_t *qc; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
390 |
7671
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
391 static const uint8_t params[] = |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
392 "\x00\x29" /* parameters length: 41 bytes */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
393 "\x00\x0e\x00\x01\x05" /* active connection id limit: 5 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
394 "\x00\x04\x00\x04\x80\x98\x96\x80" /* initial max data = 10000000 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
395 "\x00\x09\x00\x01\x03" /* initial max streams uni: 3 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
396 "\x00\x08\x00\x01\x10" /* initial max streams bidi: 16 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
397 "\x00\x05\x00\x02\x40\xff" /* initial max stream bidi local: 255 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
398 "\x00\x06\x00\x02\x40\xff" /* initial max stream bidi remote: 255 */ |
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
399 "\x00\x07\x00\x02\x40\xff"; /* initial max stream data uni: 255 */ |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
400 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
401 qc = c->quic; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
402 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
403 if (ngx_ssl_create_connection(qc->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
404 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
405 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
406 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
407 ssl_conn = c->ssl->connection; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
408 |
7671
a5423632d67b
Added more transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7670
diff
changeset
|
409 if (SSL_set_quic_transport_params(ssl_conn, params, sizeof(params) - 1) == 0) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
410 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
411 "SSL_set_quic_transport_params() failed"); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
412 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
413 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
414 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
415 n = SSL_do_handshake(ssl_conn); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
416 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
417 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
418 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
419 if (n == -1) { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
420 sslerr = SSL_get_error(ssl_conn, n); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
421 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
422 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
423 sslerr); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
424 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
425 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
426 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
427 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
428 (int) SSL_quic_read_level(ssl_conn), |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
429 (int) SSL_quic_write_level(ssl_conn)); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
430 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
431 return NGX_OK; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
432 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
433 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
434 |
7691 | 435 static void |
436 ngx_quic_handshake_handler(ngx_event_t *rev) | |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
437 { |
7691 | 438 ssize_t n; |
439 ngx_buf_t b; | |
440 ngx_connection_t *c; | |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
441 |
7691 | 442 u_char buf[512]; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
443 |
7691 | 444 b.start = buf; |
445 b.end = buf + 512; | |
446 b.pos = b.last = b.start; | |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
447 |
7691 | 448 c = rev->data; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
449 |
7691 | 450 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic handshake handler"); |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
451 |
7691 | 452 if (rev->timedout) { |
453 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
454 ngx_quic_close_connection(c); | |
455 return; | |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
456 } |
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
457 |
7691 | 458 if (c->close) { |
459 ngx_quic_close_connection(c); | |
460 return; | |
461 } | |
7686
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7684
diff
changeset
|
462 |
7691 | 463 n = c->recv(c, b.start, b.end - b.start); |
7681 | 464 |
7691 | 465 if (n == NGX_AGAIN) { |
466 return; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
467 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
468 |
7691 | 469 if (n == NGX_ERROR) { |
470 c->read->eof = 1; | |
471 ngx_quic_close_connection(c); | |
472 return; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
473 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
474 |
7691 | 475 b.last += n; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
476 |
7691 | 477 if (ngx_quic_input(c, &b) != NGX_OK) { |
478 ngx_quic_close_connection(c); | |
479 return; | |
480 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
481 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
482 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
483 |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
484 static void |
7691 | 485 ngx_quic_close_connection(ngx_connection_t *c) |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
486 { |
7691 | 487 ngx_pool_t *pool; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
488 |
7691 | 489 /* XXX wait for all streams to close */ |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
490 |
7691 | 491 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
492 "close quic connection: %d", c->fd); | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
493 |
7691 | 494 if (c->ssl) { |
495 (void) ngx_ssl_shutdown(c); | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
496 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
497 |
7691 | 498 #if (NGX_STAT_STUB) |
499 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
500 #endif | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
501 |
7691 | 502 c->destroyed = 1; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
503 |
7691 | 504 pool = c->pool; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
505 |
7691 | 506 ngx_close_connection(c); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
507 |
7691 | 508 ngx_destroy_pool(pool); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
509 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
510 |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
511 |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
512 static ngx_int_t |
7691 | 513 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b) |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
514 { |
7691 | 515 u_char *p; |
516 ngx_int_t rc; | |
517 ngx_quic_header_t pkt; | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
518 |
7691 | 519 if (c->quic == NULL) { |
520 // XXX: possible? | |
521 ngx_log_error(NGX_LOG_INFO, c->log, 0, "BUG: no QUIC in connection"); | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
522 return NGX_ERROR; |
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
523 } |
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
524 |
7691 | 525 p = b->start; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
526 |
7691 | 527 do { |
528 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | |
529 pkt.raw = b; | |
530 pkt.data = p; | |
531 pkt.len = b->last - p; | |
532 pkt.log = c->log; | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
533 |
7691 | 534 if (p[0] == 0) { |
535 /* XXX: no idea WTF is this, just ignore */ | |
536 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES"); | |
537 break; | |
538 } | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
539 |
7691 | 540 // TODO: check current state |
541 if (p[0] & NGX_QUIC_PKT_LONG) { | |
542 | |
543 if ((p[0] & 0xf0) == NGX_QUIC_PKT_INITIAL) { | |
544 rc = ngx_quic_initial_input(c, &pkt); | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
545 |
7691 | 546 } else if ((p[0] & 0xf0) == NGX_QUIC_PKT_HANDSHAKE) { |
547 rc = ngx_quic_handshake_input(c, &pkt); | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
548 |
7691 | 549 } else { |
550 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
551 "BUG: unknown quic state"); | |
552 return NGX_ERROR; | |
553 } | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
554 |
7691 | 555 } else { |
556 rc = ngx_quic_app_input(c, &pkt); | |
557 } | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
558 |
7691 | 559 if (rc == NGX_ERROR) { |
560 return NGX_ERROR; | |
561 } | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
562 |
7691 | 563 /* b->pos is at header end, adjust by actual packet length */ |
564 p = b->pos + pkt.len; | |
565 b->pos = p; /* reset b->pos to the next packet start */ | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
566 |
7691 | 567 } while (p < b->last); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
568 |
7691 | 569 return NGX_OK; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
570 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
571 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
572 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
573 static ngx_int_t |
7689 | 574 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
575 { | |
576 ngx_ssl_conn_t *ssl_conn; | |
577 ngx_quic_connection_t *qc; | |
578 | |
579 qc = c->quic; | |
580 ssl_conn = c->ssl->connection; | |
581 | |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
582 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7689 | 583 return NGX_ERROR; |
584 } | |
585 | |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
586 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
7689 | 587 return NGX_ERROR; |
588 } | |
589 | |
590 pkt->secret = &qc->secrets.client.in; | |
591 pkt->level = ssl_encryption_initial; | |
592 | |
593 if (ngx_quic_decrypt(c->pool, ssl_conn, pkt) != NGX_OK) { | |
594 return NGX_ERROR; | |
595 } | |
596 | |
597 return ngx_quic_payload_handler(c, pkt); | |
598 } | |
599 | |
600 | |
601 static ngx_int_t | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
602 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
603 { |
7654
bf555b94e387
Using cached ssl_conn in ngx_quic_handshake_input(), NFC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7653
diff
changeset
|
604 ngx_ssl_conn_t *ssl_conn; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
605 ngx_quic_connection_t *qc; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
606 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
607 qc = c->quic; |
7654
bf555b94e387
Using cached ssl_conn in ngx_quic_handshake_input(), NFC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7653
diff
changeset
|
608 ssl_conn = c->ssl->connection; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
609 |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
610 /* extract cleartext data into pkt */ |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
611 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
612 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
613 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
614 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
615 if (pkt->dcid.len != qc->dcid.len) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
616 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
617 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
618 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
619 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
620 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
621 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
622 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
623 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
624 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
625 if (pkt->scid.len != qc->scid.len) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
626 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
627 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
628 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
629 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
630 if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
631 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
632 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
633 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
634 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
635 if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_HANDSHAKE) { |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
636 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
637 "invalid packet type: 0x%xi", pkt->flags); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
638 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
639 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
640 |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
641 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
642 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
643 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
644 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
645 pkt->secret = &qc->secrets.client.hs; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
646 pkt->level = ssl_encryption_handshake; |
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
647 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
648 if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
649 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
650 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
651 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
652 return ngx_quic_payload_handler(c, pkt); |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
653 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
654 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
655 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
656 static ngx_int_t |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
657 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
658 { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
659 ngx_quic_connection_t *qc; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
660 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
661 qc = c->quic; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
662 |
7689 | 663 if (qc->secrets.client.ad.key.len == 0) { |
664 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
665 "no read keys yet, packet ignored"); | |
666 return NGX_DECLINED; | |
667 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
668 |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
669 if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) { |
7651
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
670 return NGX_ERROR; |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
671 } |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
672 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
673 pkt->secret = &qc->secrets.client.ad; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
674 pkt->level = ssl_encryption_application; |
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
675 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
676 if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
677 return NGX_ERROR; |
7651
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
678 } |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
679 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
680 return ngx_quic_payload_handler(c, pkt); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
681 } |
7637 | 682 |
683 | |
7691 | 684 static ngx_int_t |
685 ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt) | |
686 { | |
687 u_char *end, *p; | |
688 ssize_t len; | |
689 ngx_uint_t ack_this, do_close; | |
690 ngx_quic_frame_t frame, *ack_frame; | |
691 ngx_quic_connection_t *qc; | |
692 | |
693 qc = c->quic; | |
694 | |
695 p = pkt->payload.data; | |
696 end = p + pkt->payload.len; | |
697 | |
698 ack_this = 0; | |
699 do_close = 0; | |
700 | |
701 while (p < end) { | |
702 | |
703 len = ngx_quic_parse_frame(p, end, &frame); | |
704 if (len < 0) { | |
705 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
706 "failed to parse frame type %xi", frame.type); | |
707 return NGX_ERROR; | |
708 } | |
709 | |
710 p += len; | |
711 | |
712 switch (frame.type) { | |
713 | |
714 case NGX_QUIC_FT_ACK: | |
715 | |
716 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
717 "ACK: { largest=%ui delay=%ui first=%ui count=%ui}", | |
718 frame.u.ack.largest, | |
719 frame.u.ack.delay, | |
720 frame.u.ack.first_range, | |
721 frame.u.ack.range_count); | |
722 | |
723 if (ngx_quic_handle_ack_frame(c, pkt, &frame.u.ack) != NGX_OK) { | |
724 return NGX_ERROR; | |
725 } | |
726 | |
727 break; | |
728 | |
729 case NGX_QUIC_FT_CRYPTO: | |
730 | |
731 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
732 "quic CRYPTO frame length: %uL off:%uL pp:%p", | |
733 frame.u.crypto.len, frame.u.crypto.offset, | |
734 frame.u.crypto.data); | |
735 | |
736 ngx_quic_hexdump0(c->log, "CRYPTO frame contents", | |
737 frame.u.crypto.data, frame.u.crypto.len); | |
738 | |
739 | |
740 if (ngx_quic_handle_crypto_frame(c, pkt, &frame.u.crypto) | |
741 != NGX_OK) | |
742 { | |
743 return NGX_ERROR; | |
744 } | |
745 | |
746 ack_this = 1; | |
747 break; | |
748 | |
749 case NGX_QUIC_FT_PADDING: | |
750 break; | |
751 | |
752 case NGX_QUIC_FT_PING: | |
753 ack_this = 1; | |
754 break; | |
755 | |
756 case NGX_QUIC_FT_NEW_CONNECTION_ID: | |
757 ack_this = 1; | |
758 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
759 "NCID: { seq=%ui retire=%ui len=%ui}", | |
760 frame.u.ncid.seqnum, | |
761 frame.u.ncid.retire, | |
762 frame.u.ncid.len); | |
763 break; | |
764 | |
765 case NGX_QUIC_FT_CONNECTION_CLOSE: | |
766 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
767 "CONN.CLOSE: { %s (0x%xi) type=0x%xi reason='%V'}", | |
768 ngx_quic_error_text(frame.u.close.error_code), | |
769 frame.u.close.error_code, | |
770 frame.u.close.frame_type, | |
771 &frame.u.close.reason); | |
772 | |
773 do_close = 1; | |
774 break; | |
775 | |
776 case NGX_QUIC_FT_STREAM0: | |
777 case NGX_QUIC_FT_STREAM1: | |
778 case NGX_QUIC_FT_STREAM2: | |
779 case NGX_QUIC_FT_STREAM3: | |
780 case NGX_QUIC_FT_STREAM4: | |
781 case NGX_QUIC_FT_STREAM5: | |
782 case NGX_QUIC_FT_STREAM6: | |
783 case NGX_QUIC_FT_STREAM7: | |
784 | |
785 ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
786 "STREAM frame { 0x%xi id 0x%xi offset 0x%xi len 0x%xi bits:off=%d len=%d fin=%d }", | |
787 frame.type, | |
788 frame.u.stream.stream_id, | |
789 frame.u.stream.offset, | |
790 frame.u.stream.length, | |
791 frame.u.stream.off, | |
792 frame.u.stream.len, | |
793 frame.u.stream.fin); | |
794 | |
795 ngx_quic_hexdump0(c->log, "STREAM frame contents", | |
796 frame.u.stream.data, frame.u.stream.length); | |
797 | |
798 if (ngx_quic_handle_stream_frame(c, pkt, &frame.u.stream) | |
799 != NGX_OK) | |
800 { | |
801 return NGX_ERROR; | |
802 } | |
803 | |
804 ack_this = 1; | |
805 break; | |
806 | |
807 default: | |
808 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
809 "unsupported frame type 0x%xd in packet", frame.type); | |
810 return NGX_ERROR; | |
811 } | |
812 } | |
813 | |
814 if (p != end) { | |
815 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
816 "trailing garbage in payload: %ui bytes", end - p); | |
817 return NGX_ERROR; | |
818 } | |
819 | |
820 if (do_close) { | |
821 // TODO: handle stream close | |
822 } | |
823 | |
824 if (ack_this == 0) { | |
825 /* do not ack packets with ACKs and PADDING */ | |
826 return NGX_OK; | |
827 } | |
828 | |
829 // packet processed, ACK it now if required | |
830 // TODO: if (ack_required) ... - currently just ack each packet | |
831 | |
832 ack_frame = ngx_pcalloc(c->pool, sizeof(ngx_quic_frame_t)); | |
833 if (ack_frame == NULL) { | |
834 return NGX_ERROR; | |
835 } | |
836 | |
837 ack_frame->level = pkt->level; | |
838 ack_frame->type = NGX_QUIC_FT_ACK; | |
839 ack_frame->u.ack.pn = pkt->pn; | |
840 | |
841 ngx_sprintf(ack_frame->info, "ACK for PN=%d from frame handler level=%d", pkt->pn, pkt->level); | |
842 ngx_quic_queue_frame(qc, ack_frame); | |
843 | |
844 return ngx_quic_output(c); | |
845 } | |
846 | |
847 | |
848 static ngx_int_t | |
849 ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
850 ngx_quic_ack_frame_t *f) | |
851 { | |
852 /* TODO: handle ACK here */ | |
853 return NGX_OK; | |
854 } | |
855 | |
856 | |
857 static ngx_int_t | |
858 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
859 ngx_quic_crypto_frame_t *f) | |
860 { | |
861 int sslerr; | |
862 ssize_t n; | |
863 ngx_ssl_conn_t *ssl_conn; | |
864 | |
865 if (f->offset != 0x0) { | |
866 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
867 "crypto frame with non-zero offset"); | |
868 // TODO: add support for crypto frames spanning packets | |
869 return NGX_ERROR; | |
870 } | |
871 | |
872 ssl_conn = c->ssl->connection; | |
873 | |
874 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
875 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
876 (int) SSL_quic_read_level(ssl_conn), | |
877 (int) SSL_quic_write_level(ssl_conn)); | |
878 | |
879 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), | |
880 f->data, f->len)) | |
881 { | |
882 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
883 "SSL_provide_quic_data() failed"); | |
884 return NGX_ERROR; | |
885 } | |
886 | |
887 n = SSL_do_handshake(ssl_conn); | |
888 | |
889 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
890 | |
891 if (n == -1) { | |
892 sslerr = SSL_get_error(ssl_conn, n); | |
893 | |
894 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
895 sslerr); | |
896 | |
897 if (sslerr == SSL_ERROR_SSL) { | |
898 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | |
899 } | |
900 } | |
901 | |
902 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
903 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); | |
904 | |
905 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
906 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
907 (int) SSL_quic_read_level(ssl_conn), | |
908 (int) SSL_quic_write_level(ssl_conn)); | |
909 | |
910 return NGX_OK; | |
911 } | |
912 | |
913 | |
914 static ngx_int_t | |
915 ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
916 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *f) | |
917 { | |
918 ngx_buf_t *b; | |
919 ngx_log_t *log; | |
920 ngx_pool_t *pool; | |
921 ngx_event_t *rev, *wev; | |
922 ngx_quic_connection_t *qc; | |
923 ngx_quic_stream_node_t *sn; | |
924 | |
925 qc = c->quic; | |
926 | |
927 sn = ngx_quic_find_stream(&qc->streams.tree, f->stream_id); | |
928 | |
929 if (sn) { | |
930 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "existing stream"); | |
931 b = sn->b; | |
932 | |
933 if ((size_t) (b->end - b->pos) < f->length) { | |
934 ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer"); | |
935 return NGX_ERROR; | |
936 } | |
937 | |
938 ngx_memcpy(b->pos, f->data, f->length); | |
939 b->pos += f->length; | |
940 | |
941 // TODO: notify | |
942 | |
943 return NGX_OK; | |
944 } | |
945 | |
946 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "stream is new"); | |
947 | |
948 sn = ngx_pcalloc(c->pool, sizeof(ngx_quic_stream_node_t)); | |
949 if (sn == NULL) { | |
950 return NGX_ERROR; | |
951 } | |
952 | |
953 sn->c = ngx_get_connection(-1, c->log); // TODO: free on connection termination | |
954 if (sn->c == NULL) { | |
955 return NGX_ERROR; | |
956 } | |
957 | |
958 pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, c->log); | |
959 if (pool == NULL) { | |
960 /* XXX free connection */ | |
961 return NGX_ERROR; | |
962 } | |
963 | |
964 log = ngx_palloc(pool, sizeof(ngx_log_t)); | |
965 if (log == NULL) { | |
966 /* XXX free pool and connection */ | |
967 return NGX_ERROR; | |
968 } | |
969 | |
970 *log = *c->log; | |
971 pool->log = log; | |
972 | |
973 sn->c->log = log; | |
974 sn->c->pool = pool; | |
975 | |
976 sn->c->listening = c->listening; | |
977 sn->c->sockaddr = c->sockaddr; | |
978 sn->c->local_sockaddr = c->local_sockaddr; | |
979 | |
980 rev = sn->c->read; | |
981 wev = sn->c->write; | |
982 | |
983 rev->ready = 1; | |
984 | |
985 rev->log = c->log; | |
986 wev->log = c->log; | |
987 | |
988 sn->c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1); | |
989 | |
990 sn->node.key = f->stream_id; | |
991 sn->b = ngx_create_temp_buf(pool, 16 * 1024); // XXX enough for everyone | |
992 if (sn->b == NULL) { | |
993 return NGX_ERROR; | |
994 } | |
995 b = sn->b; | |
996 | |
997 ngx_memcpy(b->start, f->data, f->length); | |
998 b->last = b->start + f->length; | |
999 | |
1000 ngx_rbtree_insert(&qc->streams.tree, &sn->node); | |
1001 | |
1002 sn->s.id = f->stream_id; | |
1003 sn->s.unidirectional = (sn->s.id & 0x02) ? 1 : 0; | |
1004 sn->s.parent = c; | |
1005 sn->c->qs = &sn->s; | |
1006 | |
1007 sn->c->recv = ngx_quic_stream_recv; | |
1008 sn->c->send = ngx_quic_stream_send; | |
1009 sn->c->send_chain = ngx_quic_stream_send_chain; | |
1010 | |
1011 qc->streams.handler(sn->c); | |
1012 | |
1013 return NGX_OK; | |
1014 } | |
1015 | |
1016 | |
1017 static void | |
1018 ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame) | |
1019 { | |
1020 ngx_quic_frame_t *f; | |
1021 | |
1022 if (qc->frames == NULL) { | |
1023 qc->frames = frame; | |
1024 return; | |
1025 } | |
1026 | |
1027 for (f = qc->frames; f->next; f = f->next) { | |
1028 if (f->next->level > frame->level) { | |
1029 break; | |
1030 } | |
1031 } | |
1032 | |
1033 frame->next = f->next; | |
1034 f->next = frame; | |
1035 } | |
1036 | |
1037 | |
1038 static ngx_int_t | |
1039 ngx_quic_output(ngx_connection_t *c) | |
1040 { | |
1041 size_t len; | |
1042 ngx_uint_t lvl; | |
1043 ngx_quic_frame_t *f, *start; | |
1044 ngx_quic_connection_t *qc; | |
1045 | |
1046 qc = c->quic; | |
1047 | |
1048 if (qc->frames == NULL) { | |
1049 return NGX_OK; | |
1050 } | |
1051 | |
1052 lvl = qc->frames->level; | |
1053 start = qc->frames; | |
1054 f = start; | |
1055 | |
1056 do { | |
1057 len = 0; | |
1058 | |
1059 do { | |
1060 /* process same-level group of frames */ | |
1061 | |
1062 len += ngx_quic_frame_len(f);// TODO: handle overflow, max size | |
1063 | |
1064 f = f->next; | |
1065 } while (f && f->level == lvl); | |
1066 | |
1067 | |
1068 if (ngx_quic_frames_send(c, start, f, len) != NGX_OK) { | |
1069 return NGX_ERROR; | |
1070 } | |
1071 | |
1072 if (f == NULL) { | |
1073 break; | |
1074 } | |
1075 | |
1076 lvl = f->level; // TODO: must not decrease (ever, also between calls) | |
1077 start = f; | |
1078 | |
1079 } while (1); | |
1080 | |
1081 qc->frames = NULL; | |
1082 | |
1083 return NGX_OK; | |
1084 } | |
1085 | |
1086 | |
1087 /* pack a group of frames [start; end) into memory p and send as single packet */ | |
1088 ngx_int_t | |
1089 ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
1090 ngx_quic_frame_t *end, size_t total) | |
1091 { | |
1092 ssize_t len; | |
1093 u_char *p; | |
1094 ngx_str_t out; | |
1095 ngx_quic_frame_t *f; | |
1096 | |
1097 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1098 "sending frames %p...%p", start, end); | |
1099 | |
1100 p = ngx_pnalloc(c->pool, total); | |
1101 if (p == NULL) { | |
1102 return NGX_ERROR; | |
1103 } | |
1104 | |
1105 out.data = p; | |
1106 | |
1107 for (f = start; f != end; f = f->next) { | |
1108 | |
1109 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "frame: %s", f->info); | |
1110 | |
1111 len = ngx_quic_create_frame(p, p + total, f); | |
1112 if (len == -1) { | |
1113 return NGX_ERROR; | |
1114 } | |
1115 | |
1116 p += len; | |
1117 } | |
1118 | |
1119 out.len = p - out.data; | |
1120 | |
1121 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1122 "packet ready: %ui bytes at level %d", | |
1123 out.len, start->level); | |
1124 | |
1125 // IOVEC/sendmsg_chain ? | |
1126 if (ngx_quic_send_packet(c, c->quic, start->level, &out) != NGX_OK) { | |
1127 return NGX_ERROR; | |
1128 } | |
1129 | |
1130 return NGX_OK; | |
1131 } | |
1132 | |
1133 | |
1134 static ngx_int_t | |
1135 ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, | |
1136 enum ssl_encryption_level_t level, ngx_str_t *payload) | |
1137 { | |
1138 ngx_str_t res; | |
1139 ngx_quic_header_t pkt; | |
1140 | |
1141 pkt.log = c->log; | |
1142 | |
1143 static ngx_str_t initial_token = ngx_null_string; | |
1144 | |
1145 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | |
1146 ngx_quic_hexdump0(c->log, "payload", payload->data, payload->len); | |
1147 | |
1148 pkt.level = level; | |
1149 pkt.dcid = qc->dcid; | |
1150 pkt.scid = qc->scid; | |
1151 | |
1152 if (level == ssl_encryption_initial) { | |
1153 pkt.number = &qc->initial_pn; | |
1154 pkt.flags = NGX_QUIC_PKT_INITIAL; | |
1155 pkt.secret = &qc->secrets.server.in; | |
1156 pkt.token = initial_token; | |
1157 | |
1158 } else if (level == ssl_encryption_handshake) { | |
1159 pkt.number = &qc->handshake_pn; | |
1160 pkt.flags = NGX_QUIC_PKT_HANDSHAKE; | |
1161 pkt.secret = &qc->secrets.server.hs; | |
1162 | |
1163 } else { | |
1164 pkt.number = &qc->appdata_pn; | |
1165 pkt.secret = &qc->secrets.server.ad; | |
1166 } | |
1167 | |
1168 if (ngx_quic_encrypt(c->pool, c->ssl->connection, &pkt, payload, &res) | |
1169 != NGX_OK) | |
1170 { | |
1171 return NGX_ERROR; | |
1172 } | |
1173 | |
1174 ngx_quic_hexdump0(c->log, "packet to send", res.data, res.len); | |
1175 | |
1176 c->send(c, res.data, res.len); // TODO: err handling | |
1177 | |
1178 (*pkt.number)++; | |
1179 | |
1180 return NGX_OK; | |
1181 } | |
1182 | |
1183 | |
1184 ngx_connection_t * | |
1185 ngx_quic_create_uni_stream(ngx_connection_t *c) | |
1186 { | |
1187 /* XXX */ | |
1188 return NULL; | |
1189 } | |
1190 | |
1191 | |
1192 static void | |
1193 ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
1194 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel) | |
1195 { | |
1196 ngx_rbtree_node_t **p; | |
1197 ngx_quic_stream_node_t *qn, *qnt; | |
1198 | |
1199 for ( ;; ) { | |
1200 | |
1201 if (node->key < temp->key) { | |
1202 | |
1203 p = &temp->left; | |
1204 | |
1205 } else if (node->key > temp->key) { | |
1206 | |
1207 p = &temp->right; | |
1208 | |
1209 } else { /* node->key == temp->key */ | |
1210 | |
1211 qn = (ngx_quic_stream_node_t *) &node->color; | |
1212 qnt = (ngx_quic_stream_node_t *) &temp->color; | |
1213 | |
1214 if (qn->c < qnt->c) { | |
1215 p = &temp->left; | |
1216 } else { | |
1217 p = &temp->right; | |
1218 } | |
1219 } | |
1220 | |
1221 if (*p == sentinel) { | |
1222 break; | |
1223 } | |
1224 | |
1225 temp = *p; | |
1226 } | |
1227 | |
1228 *p = node; | |
1229 node->parent = temp; | |
1230 node->left = sentinel; | |
1231 node->right = sentinel; | |
1232 ngx_rbt_red(node); | |
1233 } | |
1234 | |
1235 | |
1236 static ngx_quic_stream_node_t * | |
1237 ngx_quic_find_stream(ngx_rbtree_t *rbtree, ngx_uint_t key) | |
1238 { | |
1239 ngx_rbtree_node_t *node, *sentinel; | |
1240 | |
1241 node = rbtree->root; | |
1242 sentinel = rbtree->sentinel; | |
1243 | |
1244 while (node != sentinel) { | |
1245 | |
1246 if (key == node->key) { | |
1247 return (ngx_quic_stream_node_t *) node; | |
1248 } | |
1249 | |
1250 node = (key < node->key) ? node->left : node->right; | |
1251 } | |
1252 | |
1253 return NULL; | |
1254 } | |
1255 | |
1256 | |
1257 static ssize_t | |
1258 ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, size_t size) | |
1259 { | |
1260 ssize_t len; | |
1261 ngx_buf_t *b; | |
1262 ngx_quic_stream_t *qs; | |
1263 ngx_quic_connection_t *qc; | |
1264 ngx_quic_stream_node_t *sn; | |
1265 | |
1266 qs = c->qs; | |
1267 qc = qs->parent->quic; | |
1268 | |
1269 // XXX: get direct pointer from stream structure? | |
1270 sn = ngx_quic_find_stream(&qc->streams.tree, qs->id); | |
1271 | |
1272 if (sn == NULL) { | |
1273 return NGX_ERROR; | |
1274 } | |
1275 | |
1276 // XXX: how to return EOF? | |
1277 | |
1278 b = sn->b; | |
1279 | |
1280 if (b->last - b->pos == 0) { | |
1281 c->read->ready = 0; | |
1282 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1283 "quic recv() not ready"); | |
1284 return NGX_AGAIN; // ? | |
1285 } | |
1286 | |
1287 len = ngx_min(b->last - b->pos, (ssize_t) size); | |
1288 | |
1289 ngx_memcpy(buf, b->pos, len); | |
1290 | |
1291 b->pos += len; | |
1292 | |
1293 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1294 "quic recv: %z of %uz", len, size); | |
1295 | |
1296 return len; | |
1297 } | |
1298 | |
1299 | |
1300 static ssize_t | |
1301 ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, size_t size) | |
1302 { | |
1303 u_char *p; | |
1304 ngx_connection_t *pc; | |
1305 ngx_quic_frame_t *frame; | |
1306 ngx_quic_stream_t *qs; | |
1307 ngx_quic_connection_t *qc; | |
1308 ngx_quic_stream_node_t *sn; | |
1309 | |
1310 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send: %uz", size); | |
1311 | |
1312 qs = c->qs; | |
1313 pc = qs->parent; | |
1314 qc = pc->quic; | |
1315 | |
1316 // XXX: get direct pointer from stream structure? | |
1317 sn = ngx_quic_find_stream(&qc->streams.tree, qs->id); | |
1318 | |
1319 if (sn == NULL) { | |
1320 return NGX_ERROR; | |
1321 } | |
1322 | |
1323 frame = ngx_pcalloc(pc->pool, sizeof(ngx_quic_frame_t)); | |
1324 if (frame == NULL) { | |
1325 return 0; | |
1326 } | |
1327 | |
1328 p = ngx_pnalloc(pc->pool, size); | |
1329 if (p == NULL) { | |
1330 return 0; | |
1331 } | |
1332 | |
1333 ngx_memcpy(p, buf, size); | |
1334 | |
1335 frame->level = ssl_encryption_application; | |
1336 frame->type = NGX_QUIC_FT_STREAM6; /* OFF=1 LEN=1 FIN=0 */ | |
1337 frame->u.stream.off = 1; | |
1338 frame->u.stream.len = 1; | |
1339 frame->u.stream.fin = 0; | |
1340 | |
1341 frame->u.stream.type = frame->type; | |
1342 frame->u.stream.stream_id = qs->id; | |
1343 frame->u.stream.offset = c->sent; | |
1344 frame->u.stream.length = size; | |
1345 frame->u.stream.data = p; | |
1346 | |
1347 c->sent += size; | |
1348 | |
1349 ngx_sprintf(frame->info, "stream %xi len=%ui level=%d", | |
1350 qs->id, size, frame->level); | |
1351 | |
1352 ngx_quic_queue_frame(qc, frame); | |
1353 | |
1354 return size; | |
1355 } | |
1356 | |
1357 | |
1358 static ngx_chain_t * | |
1359 ngx_quic_stream_send_chain(ngx_connection_t *c, ngx_chain_t *in, | |
1360 off_t limit) | |
1361 { | |
1362 size_t len; | |
1363 ssize_t n; | |
1364 ngx_buf_t *b; | |
1365 | |
1366 for ( /* void */; in; in = in->next) { | |
1367 b = in->buf; | |
1368 | |
1369 if (!ngx_buf_in_memory(b)) { | |
1370 continue; | |
1371 } | |
1372 | |
1373 if (ngx_buf_size(b) == 0) { | |
1374 continue; | |
1375 } | |
1376 | |
1377 len = b->last - b->pos; | |
1378 | |
1379 n = ngx_quic_stream_send(c, b->pos, len); | |
1380 | |
1381 if (n == NGX_ERROR) { | |
1382 return NGX_CHAIN_ERROR; | |
1383 } | |
1384 | |
1385 if (n == NGX_AGAIN) { | |
1386 return in; | |
1387 } | |
1388 | |
1389 if (n != (ssize_t) len) { | |
1390 b->pos += n; | |
1391 return in; | |
1392 } | |
1393 } | |
1394 | |
1395 return NULL; | |
1396 } |