Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic.c @ 8541:7f29db5294bd quic
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
OpenSSL is known to provide read keys for an encryption level before the
level is active in TLS, following the old BoringSSL API. In BoringSSL,
it was then fixed to defer releasing read keys until QUIC may use them.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 22 Jul 2021 15:00:37 +0300 |
parents | f8ad3dd142ad |
children | 4009f120cad4 |
rev | line source |
---|---|
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
2 /* |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
4 */ |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
5 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
6 |
7637 | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
9 #include <ngx_event.h> |
8386
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8385
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
11 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
12 |
8099
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8098
diff
changeset
|
13 static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c, |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
14 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
15 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
16 ngx_quic_header_t *pkt); |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
17 static void ngx_quic_input_handler(ngx_event_t *rev); |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
18 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
19 static ngx_int_t ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
20 static void ngx_quic_close_timer_handler(ngx_event_t *ev); |
7691 | 21 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
22 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
23 ngx_quic_conf_t *conf); |
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
24 static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
25 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
26 static ngx_int_t ngx_quic_process_payload(ngx_connection_t *c, |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
27 ngx_quic_header_t *pkt); |
8281
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
28 static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc, |
7838 | 29 ngx_quic_header_t *pkt); |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
30 static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c, |
7691 | 31 ngx_quic_header_t *pkt); |
8411
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8410
diff
changeset
|
32 |
7775 | 33 static void ngx_quic_push_handler(ngx_event_t *ev); |
7691 | 34 |
35 | |
8267 | 36 static ngx_core_module_t ngx_quic_module_ctx = { |
37 ngx_string("quic"), | |
38 NULL, | |
39 NULL | |
40 }; | |
41 | |
42 | |
43 ngx_module_t ngx_quic_module = { | |
44 NGX_MODULE_V1, | |
45 &ngx_quic_module_ctx, /* module context */ | |
46 NULL, /* module directives */ | |
47 NGX_CORE_MODULE, /* module type */ | |
48 NULL, /* init master */ | |
49 NULL, /* init module */ | |
50 NULL, /* init process */ | |
51 NULL, /* init thread */ | |
52 NULL, /* exit thread */ | |
53 NULL, /* exit process */ | |
54 NULL, /* exit master */ | |
55 NGX_MODULE_V1_PADDING | |
56 }; | |
57 | |
58 | |
8163
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
59 #if (NGX_DEBUG) |
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
60 |
8411
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8410
diff
changeset
|
61 void |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
62 ngx_quic_connstate_dbg(ngx_connection_t *c) |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
63 { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
64 u_char *p, *last; |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
65 ngx_quic_connection_t *qc; |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
66 u_char buf[NGX_MAX_ERROR_STR]; |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
67 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
68 p = buf; |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
69 last = p + sizeof(buf); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
70 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
71 qc = ngx_quic_get_connection(c); |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
72 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
73 p = ngx_slprintf(p, last, "state:"); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
74 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
75 if (qc) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
76 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
77 if (qc->error) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
78 p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : ""); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
79 p = ngx_slprintf(p, last, " error:%ui", qc->error); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
80 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
81 if (qc->error_reason) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
82 p = ngx_slprintf(p, last, " \"%s\"", qc->error_reason); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
83 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
84 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
85 |
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
86 p = ngx_slprintf(p, last, "%s", qc->shutdown ? " shutdown" : ""); |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
87 p = ngx_slprintf(p, last, "%s", qc->closing ? " closing" : ""); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
88 p = ngx_slprintf(p, last, "%s", qc->draining ? " draining" : ""); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
89 p = ngx_slprintf(p, last, "%s", qc->key_phase ? " kp" : ""); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
90 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
91 } else { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
92 p = ngx_slprintf(p, last, " early"); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
93 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
94 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
95 if (c->read->timer_set) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
96 p = ngx_slprintf(p, last, |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
97 qc && qc->send_timer_set ? " send:%M" : " read:%M", |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
98 c->read->timer.key - ngx_current_msec); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
99 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
100 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
101 if (qc) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
102 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
103 if (qc->push.timer_set) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
104 p = ngx_slprintf(p, last, " push:%M", |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
105 qc->push.timer.key - ngx_current_msec); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
106 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
107 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
108 if (qc->pto.timer_set) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
109 p = ngx_slprintf(p, last, " pto:%M", |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
110 qc->pto.timer.key - ngx_current_msec); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
111 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
112 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
113 if (qc->close.timer_set) { |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
114 p = ngx_slprintf(p, last, " close:%M", |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
115 qc->close.timer.key - ngx_current_msec); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
116 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
117 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
118 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
120 "quic %*s", p - buf, buf); |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
121 } |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
122 |
8163
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
123 #endif |
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
124 |
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
125 |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
8412
diff
changeset
|
126 ngx_int_t |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
127 ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp) |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
128 { |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
129 ngx_str_t scid; |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
130 ngx_quic_connection_t *qc; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
131 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
132 qc = ngx_quic_get_connection(c); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
133 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
134 scid.data = qc->socket->cid->id; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
135 scid.len = qc->socket->cid->len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
136 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
137 if (scid.len != ctp->initial_scid.len |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
138 || ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0) |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
139 { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
140 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
141 "quic client initial_source_connection_id mismatch"); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
142 return NGX_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
143 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
144 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
145 if (ctp->max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
146 || ctp->max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
147 { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
148 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
149 qc->error_reason = "invalid maximum packet size"; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
150 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
151 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
152 "quic maximum packet size is invalid"); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
153 return NGX_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
154 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
155 } else if (ctp->max_udp_payload_size > ngx_quic_max_udp_payload(c)) { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
156 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
157 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8294
diff
changeset
|
158 "quic client maximum packet size truncated"); |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
159 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
160 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
161 if (ctp->active_connection_id_limit < 2) { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
162 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
163 qc->error_reason = "invalid active_connection_id_limit"; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
164 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
165 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
166 "quic active_connection_id_limit is invalid"); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
167 return NGX_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
168 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
169 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
170 if (ctp->ack_delay_exponent > 20) { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
171 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
172 qc->error_reason = "invalid ack_delay_exponent"; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
173 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
174 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
175 "quic ack_delay_exponent is invalid"); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
176 return NGX_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
177 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
178 |
8507
f8ad3dd142ad
QUIC: consider max_ack_delay=16384 invalid.
Roman Arutyunyan <arut@nginx.com>
parents:
8498
diff
changeset
|
179 if (ctp->max_ack_delay >= 16384) { |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
180 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
181 qc->error_reason = "invalid max_ack_delay"; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
182 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
183 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
184 "quic max_ack_delay is invalid"); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
185 return NGX_ERROR; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
186 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
187 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
188 if (ctp->max_idle_timeout > 0 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
189 && ctp->max_idle_timeout < qc->tp.max_idle_timeout) |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
190 { |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
191 qc->tp.max_idle_timeout = ctp->max_idle_timeout; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
192 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
193 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
194 qc->streams.server_max_streams_bidi = ctp->initial_max_streams_bidi; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
195 qc->streams.server_max_streams_uni = ctp->initial_max_streams_uni; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
196 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
197 ngx_memcpy(&qc->ctp, ctp, sizeof(ngx_quic_tp_t)); |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
198 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
199 return NGX_OK; |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
200 } |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
201 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
202 |
7691 | 203 void |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
204 ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf) |
7691 | 205 { |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
206 ngx_int_t rc; |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
207 ngx_quic_connection_t *qc; |
7691 | 208 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
209 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run"); |
7691 | 210 |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
211 rc = ngx_quic_input(c, c->buffer, conf); |
8074
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
212 if (rc != NGX_OK) { |
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
213 ngx_quic_close_connection(c, rc == NGX_DECLINED ? NGX_DONE : NGX_ERROR); |
7691 | 214 return; |
215 } | |
216 | |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
217 qc = ngx_quic_get_connection(c); |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
218 |
8279 | 219 if (qc == NULL) { |
220 ngx_quic_close_connection(c, NGX_DONE); | |
221 return; | |
222 } | |
223 | |
224 ngx_add_timer(c->read, qc->tp.max_idle_timeout); | |
225 ngx_quic_connstate_dbg(c); | |
7691 | 226 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
227 c->read->handler = ngx_quic_input_handler; |
7691 | 228 |
229 return; | |
230 } | |
231 | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
232 |
8099
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8098
diff
changeset
|
233 static ngx_quic_connection_t * |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
234 ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf, |
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
235 ngx_quic_header_t *pkt) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
236 { |
7774
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
7773
diff
changeset
|
237 ngx_uint_t i; |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
238 ngx_quic_tp_t *ctp; |
7691 | 239 ngx_quic_connection_t *qc; |
7864
eebdda507ec3
Added tests for connection id lengths in initial packet.
Vladimir Homutov <vl@nginx.com>
parents:
7863
diff
changeset
|
240 |
7691 | 241 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
242 if (qc == NULL) { | |
8099
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8098
diff
changeset
|
243 return NULL; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
244 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
245 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
246 qc->keys = ngx_quic_keys_new(c->pool); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
247 if (qc->keys == NULL) { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
248 return NULL; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
249 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
250 |
8194
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
251 qc->version = pkt->version; |
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
252 |
7691 | 253 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
254 ngx_quic_rbtree_insert_stream); | |
255 | |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
256 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
7808
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
7794
diff
changeset
|
257 ngx_queue_init(&qc->send_ctx[i].frames); |
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
7794
diff
changeset
|
258 ngx_queue_init(&qc->send_ctx[i].sent); |
8157
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8156
diff
changeset
|
259 qc->send_ctx[i].largest_pn = NGX_QUIC_UNSET_PN; |
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8156
diff
changeset
|
260 qc->send_ctx[i].largest_ack = NGX_QUIC_UNSET_PN; |
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8156
diff
changeset
|
261 qc->send_ctx[i].largest_range = NGX_QUIC_UNSET_PN; |
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8156
diff
changeset
|
262 qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN; |
8155
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
263 } |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
264 |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
265 qc->send_ctx[0].level = ssl_encryption_initial; |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
266 qc->send_ctx[1].level = ssl_encryption_handshake; |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
267 qc->send_ctx[2].level = ssl_encryption_application; |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
268 |
7774
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
7773
diff
changeset
|
269 ngx_queue_init(&qc->free_frames); |
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
7773
diff
changeset
|
270 |
7987
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
271 qc->avg_rtt = NGX_QUIC_INITIAL_RTT; |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
272 qc->rttvar = NGX_QUIC_INITIAL_RTT / 2; |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
273 qc->min_rtt = NGX_TIMER_INFINITE; |
8493
004172345bdc
QUIC: persistent congestion calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8492
diff
changeset
|
274 qc->first_rtt = NGX_TIMER_INFINITE; |
7987
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
275 |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
276 /* |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
277 * qc->latest_rtt = 0 |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
278 */ |
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
7953
diff
changeset
|
279 |
7990 | 280 qc->pto.log = c->log; |
281 qc->pto.data = c; | |
282 qc->pto.handler = ngx_quic_pto_handler; | |
283 qc->pto.cancelable = 1; | |
7774
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
7773
diff
changeset
|
284 |
7775 | 285 qc->push.log = c->log; |
286 qc->push.data = c; | |
287 qc->push.handler = ngx_quic_push_handler; | |
288 qc->push.cancelable = 1; | |
289 | |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
290 qc->path_validation.log = c->log; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
291 qc->path_validation.data = c; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
292 qc->path_validation.handler = ngx_quic_path_validation_handler; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
293 qc->path_validation.cancelable = 1; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
294 |
7999
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
295 qc->conf = conf; |
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
296 qc->tp = conf->tp; |
7691 | 297 |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
298 ctp = &qc->ctp; |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
299 |
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
300 /* defaults to be used before actual client parameters are received */ |
7931
9fe7875ce4bb
QUIC: further limiting maximum QUIC packet size.
Vladimir Homutov <vl@nginx.com>
parents:
7930
diff
changeset
|
301 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
302 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
303 ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY; |
8294
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8291
diff
changeset
|
304 ctp->active_connection_id_limit = 2; |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
305 |
7842
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
306 qc->streams.recv_max_data = qc->tp.initial_max_data; |
8492
af33d1ef1c3c
QUIC: stream flow control refactored.
Roman Arutyunyan <arut@nginx.com>
parents:
8442
diff
changeset
|
307 qc->streams.recv_window = qc->streams.recv_max_data; |
7815
0f9e9786b90d
Added primitive flow control mechanisms.
Vladimir Homutov <vl@nginx.com>
parents:
7814
diff
changeset
|
308 |
8014
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8013
diff
changeset
|
309 qc->streams.client_max_streams_uni = qc->tp.initial_max_streams_uni; |
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8013
diff
changeset
|
310 qc->streams.client_max_streams_bidi = qc->tp.initial_max_streams_bidi; |
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8013
diff
changeset
|
311 |
7910
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7908
diff
changeset
|
312 qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size, |
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7908
diff
changeset
|
313 ngx_max(2 * qc->tp.max_udp_payload_size, |
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7908
diff
changeset
|
314 14720)); |
8193
8550b91e8e35
QUIC: added proper logging of special values.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
315 qc->congestion.ssthresh = (size_t) -1; |
7841
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7840
diff
changeset
|
316 qc->congestion.recovery_start = ngx_current_msec; |
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7840
diff
changeset
|
317 |
8406
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
318 if (pkt->validated && pkt->retried) { |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
319 qc->tp.retry_scid.len = pkt->dcid.len; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
320 qc->tp.retry_scid.data = ngx_pstrdup(c->pool, &pkt->dcid); |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
321 if (qc->tp.retry_scid.data == NULL) { |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
322 return NULL; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
323 } |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
324 } |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
325 |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
326 if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid, |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
327 qc->version) |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
328 != NGX_OK) |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
329 { |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
330 return NULL; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
331 } |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
332 |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
333 qc->validated = pkt->validated; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
334 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
335 if (ngx_quic_open_sockets(c, qc, pkt) != NGX_OK) { |
8406
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
336 return NULL; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
337 } |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
338 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
339 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
340 "quic connection created"); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
341 |
8406
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
342 return qc; |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
343 } |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
344 |
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8405
diff
changeset
|
345 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
346 static ngx_int_t |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
347 ngx_quic_process_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt) |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
348 { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
349 u_char *tail, ch; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
350 ngx_uint_t i; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
351 ngx_queue_t *q; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
352 ngx_quic_client_id_t *cid; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
353 ngx_quic_connection_t *qc; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
354 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
355 qc = ngx_quic_get_connection(c); |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
356 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
357 /* A stateless reset uses an entire UDP datagram */ |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
358 if (pkt->raw->start != pkt->data) { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
359 return NGX_DECLINED; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
360 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
361 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
362 tail = pkt->raw->last - NGX_QUIC_SR_TOKEN_LEN; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
363 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
364 for (q = ngx_queue_head(&qc->client_ids); |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
365 q != ngx_queue_sentinel(&qc->client_ids); |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
366 q = ngx_queue_next(q)) |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
367 { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
368 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
369 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
370 if (cid->seqnum == 0) { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
371 /* no stateless reset token in initial connection id */ |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
372 continue; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
373 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
374 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
375 /* constant time comparison */ |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
376 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
377 for (ch = 0, i = 0; i < NGX_QUIC_SR_TOKEN_LEN; i++) { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
378 ch |= tail[i] ^ cid->sr_token[i]; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
379 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
380 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
381 if (ch == 0) { |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
382 return NGX_OK; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
383 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
384 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
385 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
386 return NGX_DECLINED; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
387 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
388 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
389 |
7691 | 390 static void |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
391 ngx_quic_input_handler(ngx_event_t *rev) |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
392 { |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
393 ngx_int_t rc; |
8380
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8359
diff
changeset
|
394 ngx_buf_t *b; |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
395 ngx_connection_t *c; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
396 ngx_quic_connection_t *qc; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
397 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
398 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler"); |
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
399 |
7691 | 400 c = rev->data; |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
401 qc = ngx_quic_get_connection(c); |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
402 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
403 c->log->action = "handling quic input"; |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
404 |
7691 | 405 if (rev->timedout) { |
7838 | 406 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, |
407 "quic client timed out"); | |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
408 ngx_quic_close_connection(c, NGX_DONE); |
7691 | 409 return; |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
410 } |
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
411 |
7691 | 412 if (c->close) { |
7937
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7934
diff
changeset
|
413 qc->error_reason = "graceful shutdown"; |
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7934
diff
changeset
|
414 ngx_quic_close_connection(c, NGX_OK); |
7691 | 415 return; |
416 } | |
7686
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7684
diff
changeset
|
417 |
8380
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8359
diff
changeset
|
418 if (!rev->ready) { |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
419 if (qc->closing) { |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
420 ngx_quic_close_connection(c, NGX_OK); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
421 } |
7691 | 422 return; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
423 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
424 |
8384
c61fcdc1b8e3
UDP: extended datagram context.
Vladimir Homutov <vl@nginx.com>
parents:
8380
diff
changeset
|
425 b = c->udp->dgram->buffer; |
8380
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8359
diff
changeset
|
426 |
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8359
diff
changeset
|
427 rc = ngx_quic_input(c, b, NULL); |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
428 |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
429 if (rc == NGX_ERROR) { |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
430 ngx_quic_close_connection(c, NGX_ERROR); |
7691 | 431 return; |
432 } | |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
433 |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
434 if (rc == NGX_DECLINED) { |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
435 return; |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
436 } |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
437 |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
438 /* rc == NGX_OK */ |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
439 |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
440 qc->send_timer_set = 0; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
441 ngx_add_timer(rev, qc->tp.max_idle_timeout); |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
442 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
443 ngx_quic_connstate_dbg(c); |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
444 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
445 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
446 |
8386
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8385
diff
changeset
|
447 void |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
448 ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc) |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
449 { |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
450 ngx_pool_t *pool; |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
451 ngx_quic_connection_t *qc; |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
452 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
453 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8164
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8163
diff
changeset
|
454 "quic ngx_quic_close_connection rc:%i", rc); |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
455 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
456 qc = ngx_quic_get_connection(c); |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
457 |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
458 if (qc == NULL) { |
8279 | 459 if (rc == NGX_ERROR) { |
460 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8294
diff
changeset
|
461 "quic close connection early error"); |
8279 | 462 } |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
463 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
464 } else if (ngx_quic_close_quic(c, rc) == NGX_AGAIN) { |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
465 return; |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
466 } |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
467 |
7691 | 468 if (c->ssl) { |
469 (void) ngx_ssl_shutdown(c); | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
470 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
471 |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
472 if (c->read->timer_set) { |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
473 ngx_del_timer(c->read); |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
474 } |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
475 |
7691 | 476 #if (NGX_STAT_STUB) |
477 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
478 #endif | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
479 |
7691 | 480 c->destroyed = 1; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
481 |
7691 | 482 pool = c->pool; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
483 |
7691 | 484 ngx_close_connection(c); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
485 |
7691 | 486 ngx_destroy_pool(pool); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
487 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
488 |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
489 |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
490 static ngx_int_t |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
491 ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc) |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
492 { |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
493 ngx_uint_t i; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
494 ngx_quic_send_ctx_t *ctx; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
495 ngx_quic_connection_t *qc; |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
496 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
497 qc = ngx_quic_get_connection(c); |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
498 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
499 if (!qc->closing) { |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
500 |
7875
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
7874
diff
changeset
|
501 /* drop packets from retransmit queues, no ack is expected */ |
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
7874
diff
changeset
|
502 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
8236
e9bd4305e68b
QUIC: fixed send contexts cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
503 ngx_quic_free_frames(c, &qc->send_ctx[i].sent); |
7875
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
7874
diff
changeset
|
504 } |
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
7874
diff
changeset
|
505 |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
506 if (rc == NGX_DONE) { |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
507 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
508 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
509 * RFC 9000, 10.1. Idle Timeout |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
510 * |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
511 * If a max_idle_timeout is specified by either endpoint in its |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
512 * transport parameters (Section 18.2), the connection is silently |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
513 * closed and its state is discarded when it remains idle |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
514 */ |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
515 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
516 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
517 "quic closing %s connection", |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
518 qc->draining ? "drained" : "idle"); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
519 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
520 } else { |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
521 |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
522 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
523 * RFC 9000, 10.2. Immediate Close |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
524 * |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
525 * An endpoint sends a CONNECTION_CLOSE frame (Section 19.19) |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
526 * to terminate the connection immediately. |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
527 */ |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
528 |
7993
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
529 qc->error_level = c->ssl ? SSL_quic_read_level(c->ssl->connection) |
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
530 : ssl_encryption_initial; |
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
531 |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
532 if (rc == NGX_OK) { |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8294
diff
changeset
|
533 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8294
diff
changeset
|
534 "quic immediate close drain:%d", |
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8294
diff
changeset
|
535 qc->draining); |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
536 |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
537 qc->close.log = c->log; |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
538 qc->close.data = c; |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
539 qc->close.handler = ngx_quic_close_timer_handler; |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
540 qc->close.cancelable = 1; |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
541 |
7993
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
542 ctx = ngx_quic_get_send_ctx(qc, qc->error_level); |
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
543 |
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
7992
diff
changeset
|
544 ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx)); |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
545 |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
546 qc->error = NGX_QUIC_ERR_NO_ERROR; |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
547 |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
548 } else { |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
549 if (qc->error == 0 && !qc->error_app) { |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
550 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
551 } |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
552 |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
553 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8164
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8163
diff
changeset
|
554 "quic immediate close due to %s error: %ui %s", |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
555 qc->error_app ? "app " : "", qc->error, |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
556 qc->error_reason ? qc->error_reason : ""); |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
557 } |
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
558 |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
559 (void) ngx_quic_send_cc(c); |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
560 |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
561 if (qc->error_level == ssl_encryption_handshake) { |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
562 /* for clients that might not have handshake keys */ |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
563 qc->error_level = ssl_encryption_initial; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
564 (void) ngx_quic_send_cc(c); |
7877
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7876
diff
changeset
|
565 } |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
566 } |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
567 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
568 qc->closing = 1; |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
569 } |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
570 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
571 if (rc == NGX_ERROR && qc->close.timer_set) { |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
572 /* do not wait for timer in case of fatal error */ |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
573 ngx_del_timer(&qc->close); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
574 } |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
575 |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
576 if (ngx_quic_close_streams(c, qc) == NGX_AGAIN) { |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
577 return NGX_AGAIN; |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
578 } |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
579 |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
580 if (qc->push.timer_set) { |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
581 ngx_del_timer(&qc->push); |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
582 } |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
583 |
7990 | 584 if (qc->pto.timer_set) { |
585 ngx_del_timer(&qc->pto); | |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
586 } |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
587 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
588 if (qc->path_validation.timer_set) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
589 ngx_del_timer(&qc->path_validation); |
7929
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7928
diff
changeset
|
590 } |
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7928
diff
changeset
|
591 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
592 if (qc->push.posted) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
593 ngx_delete_posted_event(&qc->push); |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
594 } |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
595 |
8091
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8084
diff
changeset
|
596 if (qc->close.timer_set) { |
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8084
diff
changeset
|
597 return NGX_AGAIN; |
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8084
diff
changeset
|
598 } |
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8084
diff
changeset
|
599 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
600 ngx_quic_close_sockets(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
601 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
602 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
603 "quic part of connection is terminated"); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
604 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
605 /* may be tested from SSL callback during SSL shutdown */ |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
606 c->udp = NULL; |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
607 |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
608 return NGX_OK; |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
609 } |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
610 |
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
611 |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
612 void |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
613 ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
614 const char *reason) |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
615 { |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
616 ngx_quic_connection_t *qc; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
617 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
618 qc = ngx_quic_get_connection(c); |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
619 qc->error = err; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
620 qc->error_reason = reason; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
621 qc->error_app = 1; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
622 qc->error_ftype = 0; |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
623 |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
624 ngx_quic_close_connection(c, NGX_ERROR); |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
625 } |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
626 |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
627 |
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
628 void |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
629 ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err, |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
630 const char *reason) |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
631 { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
632 ngx_quic_connection_t *qc; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
633 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
634 qc = ngx_quic_get_connection(c); |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
635 qc->shutdown = 1; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
636 qc->shutdown_code = err; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
637 qc->shutdown_reason = reason; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
638 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
639 ngx_quic_shutdown_quic(c); |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
640 } |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
641 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
642 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
643 static void |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
644 ngx_quic_close_timer_handler(ngx_event_t *ev) |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
645 { |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
646 ngx_connection_t *c; |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
647 |
7836 | 648 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic close timer"); |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
649 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
650 c = ev->data; |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
651 ngx_quic_close_connection(c, NGX_DONE); |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
652 } |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
653 |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
654 |
7831
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
7827
diff
changeset
|
655 static ngx_int_t |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
656 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf) |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
657 { |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
658 u_char *p; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
659 ngx_int_t rc; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
660 ngx_uint_t good; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
661 ngx_quic_header_t pkt; |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
662 |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
663 good = 0; |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
664 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
665 p = b->pos; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
666 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
667 while (p < b->last) { |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
668 |
7691 | 669 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
670 pkt.raw = b; | |
671 pkt.data = p; | |
672 pkt.len = b->last - p; | |
673 pkt.log = c->log; | |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
674 pkt.flags = p[0]; |
8097
a89a58c642ef
QUIC: simplified packet header parsing.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
675 pkt.raw->pos++; |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
676 |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
677 rc = ngx_quic_process_packet(c, conf, &pkt); |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
678 |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
679 #if (NGX_DEBUG) |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
680 if (pkt.parsed) { |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
681 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8168
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8167
diff
changeset
|
682 "quic packet %s done decr:%d pn:%L perr:%ui rc:%i", |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
683 ngx_quic_level_name(pkt.level), pkt.decrypted, |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
684 pkt.pn, pkt.error, rc); |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
685 } else { |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
686 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8168
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8167
diff
changeset
|
687 "quic packet done parse failed rc:%i", rc); |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
688 } |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
689 #endif |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
690 |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
691 if (rc == NGX_ERROR) { |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
692 return NGX_ERROR; |
7691 | 693 } |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
694 |
8279 | 695 if (rc == NGX_DONE) { |
696 /* stop further processing */ | |
697 return NGX_DECLINED; | |
698 } | |
699 | |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
700 if (rc == NGX_OK) { |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
701 good = 1; |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
702 } |
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
703 |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
704 /* NGX_OK || NGX_DECLINED */ |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
705 |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
706 /* |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
707 * we get NGX_DECLINED when there are no keys [yet] available |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
708 * to decrypt packet. |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
709 * Instead of queueing it, we ignore it and rely on the sender's |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
710 * retransmission: |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
711 * |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
712 * RFC 9000, 12.2. Coalescing Packets |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
713 * |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
714 * For example, if decryption fails (because the keys are |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
715 * not available or for any other reason), the receiver MAY either |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
716 * discard or buffer the packet for later processing and MUST |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
717 * attempt to process the remaining packets. |
8073
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8071
diff
changeset
|
718 * |
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8071
diff
changeset
|
719 * We also skip packets that don't match connection state |
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8071
diff
changeset
|
720 * or cannot be parsed properly. |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
721 */ |
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
722 |
7691 | 723 /* b->pos is at header end, adjust by actual packet length */ |
8096
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8095
diff
changeset
|
724 b->pos = pkt.data + pkt.len; |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
725 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
726 /* firefox workaround: skip zero padding at the end of quic packet */ |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
727 while (b->pos < b->last && *(b->pos) == 0) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
728 b->pos++; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
729 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
730 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
731 p = b->pos; |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
732 } |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
733 |
8083
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8079
diff
changeset
|
734 return good ? NGX_OK : NGX_DECLINED; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
735 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
736 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
737 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
738 static ngx_int_t |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
739 ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf, |
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
740 ngx_quic_header_t *pkt) |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
741 { |
8074
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
742 ngx_int_t rc; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
743 ngx_quic_connection_t *qc; |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
744 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
745 c->log->action = "parsing quic packet"; |
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
746 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
747 rc = ngx_quic_parse_packet(pkt); |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
748 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
749 if (rc == NGX_DECLINED || rc == NGX_ERROR) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
750 return rc; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
751 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
752 |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
753 pkt->parsed = 1; |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
754 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
755 c->log->action = "processing quic packet"; |
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
756 |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
757 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
758 "quic packet rx dcid len:%uz %xV", |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
759 pkt->dcid.len, &pkt->dcid); |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
760 |
8137
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8136
diff
changeset
|
761 #if (NGX_DEBUG) |
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8136
diff
changeset
|
762 if (pkt->level != ssl_encryption_application) { |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
763 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
764 "quic packet rx scid len:%uz %xV", |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
765 pkt->scid.len, &pkt->scid); |
8137
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8136
diff
changeset
|
766 } |
8211
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8209
diff
changeset
|
767 |
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8209
diff
changeset
|
768 if (pkt->level == ssl_encryption_initial) { |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
769 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
770 "quic address validation token len:%uz %xV", |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8212
diff
changeset
|
771 pkt->token.len, &pkt->token); |
8211
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8209
diff
changeset
|
772 } |
8137
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8136
diff
changeset
|
773 #endif |
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8136
diff
changeset
|
774 |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
775 qc = ngx_quic_get_connection(c); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
776 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
777 if (qc) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
778 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
779 if (rc == NGX_ABORT) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
780 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
781 "quic unsupported version: 0x%xD", pkt->version); |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
782 return NGX_DECLINED; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
783 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
784 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
785 rc = ngx_quic_check_migration(c, pkt); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
786 if (rc != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
787 return rc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
788 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
789 |
8194
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
790 if (pkt->level != ssl_encryption_application) { |
8281
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
791 |
8194
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
792 if (pkt->version != qc->version) { |
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
793 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
794 "quic version mismatch: 0x%xD", pkt->version); |
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
795 return NGX_DECLINED; |
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8193
diff
changeset
|
796 } |
8281
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
797 |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
798 if (ngx_quic_check_csid(qc, pkt) != NGX_OK) { |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
799 return NGX_DECLINED; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
800 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8099
diff
changeset
|
801 |
8281
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
802 } else { |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
803 |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
804 if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) { |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
805 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
806 "quic stateless reset packet detected"); |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
807 |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
808 qc->draining = 1; |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
809 ngx_quic_close_connection(c, NGX_OK); |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
810 |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
811 return NGX_OK; |
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
812 } |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
813 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
814 |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
815 return ngx_quic_process_payload(c, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
816 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
817 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
818 /* packet does not belong to a connection */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
819 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
820 if (rc == NGX_ABORT) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
821 return ngx_quic_negotiate_version(c, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
822 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
823 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
824 if (pkt->level == ssl_encryption_application) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
825 return ngx_quic_send_stateless_reset(c, conf, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
826 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
827 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
828 if (pkt->level != ssl_encryption_initial) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
829 return NGX_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
830 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
831 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
832 c->log->action = "processing initial packet"; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
833 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
834 if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) { |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
835 /* RFC 9000, 7.2. Negotiating Connection IDs */ |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
836 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
837 "quic too short dcid in initial" |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
838 " packet: len:%i", pkt->dcid.len); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
839 return NGX_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
840 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
841 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
842 /* process retry and initialize connection IDs */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
843 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
844 if (pkt->token.len) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
845 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
846 rc = ngx_quic_validate_token(c, conf->av_token_key, pkt); |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
847 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
848 if (rc == NGX_ERROR) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
849 /* internal error */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
850 return NGX_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
851 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
852 } else if (rc == NGX_ABORT) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
853 /* token cannot be decrypted */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
854 return ngx_quic_send_early_cc(c, pkt, |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
855 NGX_QUIC_ERR_INVALID_TOKEN, |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
856 "cannot decrypt token"); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
857 } else if (rc == NGX_DECLINED) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
858 /* token is invalid */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
859 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
860 if (pkt->retried) { |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
861 /* invalid address validation token */ |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
862 return ngx_quic_send_early_cc(c, pkt, |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
863 NGX_QUIC_ERR_INVALID_TOKEN, |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
864 "invalid address validation token"); |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
865 } else if (conf->retry) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
866 /* invalid NEW_TOKEN */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
867 return ngx_quic_send_retry(c, conf, pkt); |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
868 } |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
869 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
870 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
871 /* NGX_OK */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
872 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
873 } else if (conf->retry) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
874 return ngx_quic_send_retry(c, conf, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
875 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
876 } else { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
877 pkt->odcid = pkt->dcid; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
878 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
879 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
880 if (ngx_terminate || ngx_exiting) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
881 if (conf->retry) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
882 return ngx_quic_send_retry(c, conf, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
883 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
884 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
885 return NGX_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
886 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
887 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
888 c->log->action = "creating quic connection"; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
889 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
890 qc = ngx_quic_new_connection(c, conf, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
891 if (qc == NULL) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
892 return NGX_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
893 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
894 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
895 return ngx_quic_process_payload(c, pkt); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
896 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
897 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
898 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
899 static ngx_int_t |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
900 ngx_quic_process_payload(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
901 { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
902 ngx_int_t rc; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
903 ngx_quic_send_ctx_t *ctx; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
904 ngx_quic_connection_t *qc; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
905 static u_char buf[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE]; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
906 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
907 qc = ngx_quic_get_connection(c); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
908 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
909 qc->error = 0; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
910 qc->error_reason = 0; |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
911 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
912 c->log->action = "decrypting packet"; |
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
913 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
914 if (!ngx_quic_keys_available(qc->keys, pkt->level)) { |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
915 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
8494
80d396fd8ee8
QUIC: improved errors readability.
Vladimir Homutov <vl@nginx.com>
parents:
8493
diff
changeset
|
916 "quic no %s keys, ignoring packet", |
80d396fd8ee8
QUIC: improved errors readability.
Vladimir Homutov <vl@nginx.com>
parents:
8493
diff
changeset
|
917 ngx_quic_level_name(pkt->level)); |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
918 return NGX_DECLINED; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
919 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
920 |
8541
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
921 #if !defined (OPENSSL_IS_BORINGSSL) |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
922 /* OpenSSL provides read keys for an application level before it's ready */ |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
923 |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
924 if (pkt->level == ssl_encryption_application |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
925 && SSL_quic_read_level(c->ssl->connection) |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
926 < ssl_encryption_application) |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
927 { |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
928 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
929 "quic no %s keys ready, ignoring packet", |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
930 ngx_quic_level_name(pkt->level)); |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
931 return NGX_DECLINED; |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
932 } |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
933 #endif |
7f29db5294bd
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8507
diff
changeset
|
934 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
935 pkt->keys = qc->keys; |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
936 pkt->key_phase = qc->key_phase; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
937 pkt->plaintext = buf; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
938 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
939 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7859
diff
changeset
|
940 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
941 rc = ngx_quic_decrypt(pkt, &ctx->largest_pn); |
8074
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
942 if (rc != NGX_OK) { |
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
943 qc->error = pkt->error; |
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
944 qc->error_reason = "failed to decrypt packet"; |
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8073
diff
changeset
|
945 return rc; |
7689 | 946 } |
947 | |
8139
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
948 pkt->decrypted = 1; |
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8138
diff
changeset
|
949 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
950 if (ngx_quic_update_paths(c, pkt) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
951 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
952 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
953 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
954 if (c->ssl == NULL) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
955 if (ngx_quic_init_connection(c) != NGX_OK) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
956 return NGX_ERROR; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
957 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
958 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
959 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
960 if (pkt->level == ssl_encryption_handshake) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
961 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
962 * RFC 9001, 4.9.1. Discarding Initial Keys |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
963 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
964 * The successful use of Handshake packets indicates |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
965 * that no more Initial packets need to be exchanged |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
966 */ |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
967 ngx_quic_discard_ctx(c, ssl_encryption_initial); |
8170
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8169
diff
changeset
|
968 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
969 if (qc->socket->path->state != NGX_QUIC_PATH_VALIDATED) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
970 qc->socket->path->state = NGX_QUIC_PATH_VALIDATED; |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
971 ngx_post_event(&qc->push, &ngx_posted_events); |
8170
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8169
diff
changeset
|
972 } |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
973 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
974 |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
975 if (qc->closing) { |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
976 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
977 * RFC 9000, 10.2. Immediate Close |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
978 * |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
979 * ... delayed or reordered packets are properly discarded. |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
980 * |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
981 * In the closing state, an endpoint retains only enough information |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
982 * to generate a packet containing a CONNECTION_CLOSE frame and to |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
983 * identify packets as belonging to the connection. |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
984 */ |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
985 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
986 qc->error_level = pkt->level; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
987 qc->error = NGX_QUIC_ERR_NO_ERROR; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
988 qc->error_reason = "connection is closing, packet discarded"; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
989 qc->error_ftype = 0; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
990 qc->error_app = 0; |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
991 |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
992 return ngx_quic_send_cc(c); |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
993 } |
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
994 |
8162
c5ea341f705a
QUIC: optimized acknowledgement generation.
Vladimir Homutov <vl@nginx.com>
parents:
8161
diff
changeset
|
995 pkt->received = ngx_current_msec; |
8133
1d4417e4f2d0
QUIC: fixed measuring ACK Delay against 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8132
diff
changeset
|
996 |
8135
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
997 c->log->action = "handling payload"; |
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8134
diff
changeset
|
998 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
999 if (pkt->level != ssl_encryption_application) { |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1000 return ngx_quic_handle_frames(c, pkt); |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1001 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1002 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1003 if (!pkt->key_update) { |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1004 return ngx_quic_handle_frames(c, pkt); |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1005 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1006 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1007 /* switch keys and generate next on Key Phase change */ |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1008 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1009 qc->key_phase ^= 1; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1010 ngx_quic_keys_switch(c, qc->keys); |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1011 |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1012 rc = ngx_quic_handle_frames(c, pkt); |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1013 if (rc != NGX_OK) { |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1014 return rc; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1015 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1016 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1017 return ngx_quic_keys_update(c, qc->keys); |
7689 | 1018 } |
1019 | |
1020 | |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
8412
diff
changeset
|
1021 void |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1022 ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level) |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1023 { |
8025
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1024 ngx_queue_t *q; |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1025 ngx_quic_frame_t *f; |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1026 ngx_quic_socket_t *qsock; |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7815
diff
changeset
|
1027 ngx_quic_send_ctx_t *ctx; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1028 ngx_quic_connection_t *qc; |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1029 |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1030 qc = ngx_quic_get_connection(c); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1031 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1032 if (!ngx_quic_keys_available(qc->keys, level)) { |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1033 return; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1034 } |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1035 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1036 ngx_quic_keys_discard(qc->keys, level); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8190
diff
changeset
|
1037 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1038 qc->pto_count = 0; |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1039 |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1040 ctx = ngx_quic_get_send_ctx(qc, level); |
8025
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1041 |
8442
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8438
diff
changeset
|
1042 ngx_quic_free_bufs(c, ctx->crypto); |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8438
diff
changeset
|
1043 |
8025
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1044 while (!ngx_queue_empty(&ctx->sent)) { |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1045 q = ngx_queue_head(&ctx->sent); |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1046 ngx_queue_remove(q); |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1047 |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1048 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1049 ngx_quic_congestion_ack(c, f); |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1050 ngx_quic_free_frame(c, f); |
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8024
diff
changeset
|
1051 } |
8155
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1052 |
8171
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1053 while (!ngx_queue_empty(&ctx->frames)) { |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1054 q = ngx_queue_head(&ctx->frames); |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1055 ngx_queue_remove(q); |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1056 |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1057 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1058 ngx_quic_congestion_ack(c, f); |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1059 ngx_quic_free_frame(c, f); |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1060 } |
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8170
diff
changeset
|
1061 |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1062 if (level == ssl_encryption_initial) { |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1063 /* close temporary listener with odcid */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1064 qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1065 if (qsock) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1066 ngx_quic_close_socket(c, qsock); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1067 } |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1068 } |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1069 |
8155
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1070 ctx->send_ack = 0; |
8290
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8289
diff
changeset
|
1071 |
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8289
diff
changeset
|
1072 ngx_quic_set_lost_timer(c); |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
1073 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
1074 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
1075 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
1076 static ngx_int_t |
8281
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1077 ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) |
7838 | 1078 { |
8076
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1079 ngx_queue_t *q; |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1080 ngx_quic_client_id_t *cid; |
7858
6e100d8c138a
Preserve original DCID and unbreak parsing 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7857
diff
changeset
|
1081 |
8076
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1082 for (q = ngx_queue_head(&qc->client_ids); |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1083 q != ngx_queue_sentinel(&qc->client_ids); |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1084 q = ngx_queue_next(q)) |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1085 { |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1086 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1087 |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1088 if (pkt->scid.len == cid->len |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1089 && ngx_memcmp(pkt->scid.data, cid->id, cid->len) == 0) |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1090 { |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1091 return NGX_OK; |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1092 } |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1093 } |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1094 |
8098
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1095 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic scid"); |
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8097
diff
changeset
|
1096 return NGX_ERROR; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1097 } |
7637 | 1098 |
1099 | |
7691 | 1100 static ngx_int_t |
8280
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1101 ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt) |
7691 | 1102 { |
1103 u_char *end, *p; | |
1104 ssize_t len; | |
8241
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1105 ngx_buf_t buf; |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1106 ngx_uint_t do_close, nonprobing; |
8241
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1107 ngx_chain_t chain; |
7844
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1108 ngx_quic_frame_t frame; |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1109 ngx_quic_socket_t *qsock; |
7691 | 1110 ngx_quic_connection_t *qc; |
1111 | |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1112 qc = ngx_quic_get_connection(c); |
7691 | 1113 |
1114 p = pkt->payload.data; | |
1115 end = p + pkt->payload.len; | |
1116 | |
1117 do_close = 0; | |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1118 nonprobing = 0; |
7691 | 1119 |
1120 while (p < end) { | |
1121 | |
7741 | 1122 c->log->action = "parsing frames"; |
1123 | |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1124 ngx_memzero(&frame, sizeof(ngx_quic_frame_t)); |
8241
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1125 ngx_memzero(&buf, sizeof(ngx_buf_t)); |
8243
d9f673d18e9b
QUIC: set the temporary flag for input frame buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8242
diff
changeset
|
1126 buf.temporary = 1; |
8241
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1127 |
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1128 chain.buf = &buf; |
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1129 chain.next = NULL; |
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1130 frame.data = &chain; |
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1131 |
7706
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
7705
diff
changeset
|
1132 len = ngx_quic_parse_frame(pkt, p, end, &frame); |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
1133 |
7691 | 1134 if (len < 0) { |
7862
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
7861
diff
changeset
|
1135 qc->error = pkt->error; |
7691 | 1136 return NGX_ERROR; |
1137 } | |
1138 | |
8163
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
1139 ngx_quic_log_frame(c->log, &frame, 0); |
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8162
diff
changeset
|
1140 |
7741 | 1141 c->log->action = "handling frames"; |
1142 | |
7691 | 1143 p += len; |
1144 | |
1145 switch (frame.type) { | |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1146 /* probing frames */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1147 case NGX_QUIC_FT_PADDING: |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1148 case NGX_QUIC_FT_PATH_CHALLENGE: |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1149 case NGX_QUIC_FT_PATH_RESPONSE: |
8436
901126931bd5
QUIC: consider NEW_CONNECTION_ID a probing frame.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
1150 case NGX_QUIC_FT_NEW_CONNECTION_ID: |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1151 break; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1152 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1153 /* non-probing frames */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1154 default: |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1155 nonprobing = 1; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1156 break; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1157 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1158 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1159 switch (frame.type) { |
7691 | 1160 |
1161 case NGX_QUIC_FT_ACK: | |
8241
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8240
diff
changeset
|
1162 if (ngx_quic_handle_ack_frame(c, pkt, &frame) != NGX_OK) { |
7691 | 1163 return NGX_ERROR; |
1164 } | |
1165 | |
7844
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1166 continue; |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1167 |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1168 case NGX_QUIC_FT_PADDING: |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1169 /* no action required */ |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1170 continue; |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1171 |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1172 case NGX_QUIC_FT_CONNECTION_CLOSE: |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7945
diff
changeset
|
1173 case NGX_QUIC_FT_CONNECTION_CLOSE_APP: |
7844
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1174 do_close = 1; |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1175 continue; |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1176 } |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1177 |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1178 /* got there with ack-eliciting packet */ |
8155
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1179 pkt->need_ack = 1; |
7844
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1180 |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1181 switch (frame.type) { |
7691 | 1182 |
1183 case NGX_QUIC_FT_CRYPTO: | |
1184 | |
7810
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
7809
diff
changeset
|
1185 if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) { |
7691 | 1186 return NGX_ERROR; |
1187 } | |
1188 | |
1189 break; | |
1190 | |
1191 case NGX_QUIC_FT_PING: | |
1192 break; | |
1193 | |
1194 case NGX_QUIC_FT_STREAM0: | |
1195 case NGX_QUIC_FT_STREAM1: | |
1196 case NGX_QUIC_FT_STREAM2: | |
1197 case NGX_QUIC_FT_STREAM3: | |
1198 case NGX_QUIC_FT_STREAM4: | |
1199 case NGX_QUIC_FT_STREAM5: | |
1200 case NGX_QUIC_FT_STREAM6: | |
1201 case NGX_QUIC_FT_STREAM7: | |
1202 | |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7810
diff
changeset
|
1203 if (ngx_quic_handle_stream_frame(c, pkt, &frame) != NGX_OK) { |
7691 | 1204 return NGX_ERROR; |
1205 } | |
1206 | |
1207 break; | |
1208 | |
7703
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1209 case NGX_QUIC_FT_MAX_DATA: |
7842
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1210 |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1211 if (ngx_quic_handle_max_data_frame(c, &frame.u.max_data) != NGX_OK) |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1212 { |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1213 return NGX_ERROR; |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1214 } |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1215 |
7703
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1216 break; |
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1217 |
7702
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1218 case NGX_QUIC_FT_STREAMS_BLOCKED: |
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1219 case NGX_QUIC_FT_STREAMS_BLOCKED2: |
7711
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1220 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1221 if (ngx_quic_handle_streams_blocked_frame(c, pkt, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1222 &frame.u.streams_blocked) |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1223 != NGX_OK) |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1224 { |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1225 return NGX_ERROR; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1226 } |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1227 |
7702
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1228 break; |
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1229 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1230 case NGX_QUIC_FT_STREAM_DATA_BLOCKED: |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1231 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1232 if (ngx_quic_handle_stream_data_blocked_frame(c, pkt, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1233 &frame.u.stream_data_blocked) |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1234 != NGX_OK) |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1235 { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1236 return NGX_ERROR; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1237 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1238 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1239 break; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1240 |
7842
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1241 case NGX_QUIC_FT_MAX_STREAM_DATA: |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1242 |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1243 if (ngx_quic_handle_max_stream_data_frame(c, pkt, |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1244 &frame.u.max_stream_data) |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1245 != NGX_OK) |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1246 { |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1247 return NGX_ERROR; |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1248 } |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1249 |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1250 break; |
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
1251 |
7923
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1252 case NGX_QUIC_FT_RESET_STREAM: |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1253 |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1254 if (ngx_quic_handle_reset_stream_frame(c, pkt, |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1255 &frame.u.reset_stream) |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1256 != NGX_OK) |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1257 { |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1258 return NGX_ERROR; |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1259 } |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1260 |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1261 break; |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1262 |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1263 case NGX_QUIC_FT_STOP_SENDING: |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1264 |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1265 if (ngx_quic_handle_stop_sending_frame(c, pkt, |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1266 &frame.u.stop_sending) |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1267 != NGX_OK) |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1268 { |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1269 return NGX_ERROR; |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1270 } |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1271 |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1272 break; |
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7922
diff
changeset
|
1273 |
8013
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1274 case NGX_QUIC_FT_MAX_STREAMS: |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1275 case NGX_QUIC_FT_MAX_STREAMS2: |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1276 |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1277 if (ngx_quic_handle_max_streams_frame(c, pkt, &frame.u.max_streams) |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1278 != NGX_OK) |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1279 { |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1280 return NGX_ERROR; |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1281 } |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1282 |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1283 break; |
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8004
diff
changeset
|
1284 |
8069
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1285 case NGX_QUIC_FT_PATH_CHALLENGE: |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1286 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8436
diff
changeset
|
1287 if (ngx_quic_handle_path_challenge_frame(c, &frame.u.path_challenge) |
8069
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1288 != NGX_OK) |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1289 { |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1290 return NGX_ERROR; |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1291 } |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1292 |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1293 break; |
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8068
diff
changeset
|
1294 |
8387
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1295 case NGX_QUIC_FT_PATH_RESPONSE: |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1296 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8436
diff
changeset
|
1297 if (ngx_quic_handle_path_response_frame(c, &frame.u.path_response) |
8387
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1298 != NGX_OK) |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1299 { |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1300 return NGX_ERROR; |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1301 } |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1302 |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1303 break; |
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
1304 |
7791
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
7788
diff
changeset
|
1305 case NGX_QUIC_FT_NEW_CONNECTION_ID: |
8076
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1306 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8436
diff
changeset
|
1307 if (ngx_quic_handle_new_connection_id_frame(c, &frame.u.ncid) |
8076
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1308 != NGX_OK) |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1309 { |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1310 return NGX_ERROR; |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1311 } |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1312 |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1313 break; |
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8074
diff
changeset
|
1314 |
7791
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
7788
diff
changeset
|
1315 case NGX_QUIC_FT_RETIRE_CONNECTION_ID: |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1316 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8436
diff
changeset
|
1317 if (ngx_quic_handle_retire_connection_id_frame(c, |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1318 &frame.u.retire_cid) |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1319 != NGX_OK) |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1320 { |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1321 return NGX_ERROR; |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1322 } |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1323 |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1324 break; |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8197
diff
changeset
|
1325 |
7691 | 1326 default: |
7823
4e4485793418
Added MAX_STREAM_DATA stub handler.
Vladimir Homutov <vl@nginx.com>
parents:
7822
diff
changeset
|
1327 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7836 | 1328 "quic missing frame handler"); |
7691 | 1329 return NGX_ERROR; |
1330 } | |
1331 } | |
1332 | |
1333 if (p != end) { | |
1334 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
8164
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8163
diff
changeset
|
1335 "quic trailing garbage in payload:%ui bytes", end - p); |
7862
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
7861
diff
changeset
|
1336 |
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
7861
diff
changeset
|
1337 qc->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR; |
7691 | 1338 return NGX_ERROR; |
1339 } | |
1340 | |
1341 if (do_close) { | |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
1342 qc->draining = 1; |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
1343 ngx_quic_close_connection(c, NGX_OK); |
7691 | 1344 } |
1345 | |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1346 qsock = ngx_quic_get_socket(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1347 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1348 if (qsock != qc->socket) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1349 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1350 if (qsock->path != qc->socket->path && nonprobing) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1351 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
1352 * RFC 9000, 9.2. Initiating Connection Migration |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8494
diff
changeset
|
1353 * |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1354 * An endpoint can migrate a connection to a new local |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1355 * address by sending packets containing non-probing frames |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1356 * from that address. |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1357 */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1358 if (ngx_quic_handle_migration(c, pkt) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1359 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1360 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1361 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1362 /* |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1363 * else: packet arrived via non-default socket; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1364 * no reason to change active path |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1365 */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1366 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
1367 |
8155
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1368 if (ngx_quic_ack_packet(c, pkt) != NGX_OK) { |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1369 return NGX_ERROR; |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1370 } |
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8154
diff
changeset
|
1371 |
7844
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1372 return NGX_OK; |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1373 } |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1374 |
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7842
diff
changeset
|
1375 |
7775 | 1376 static void |
1377 ngx_quic_push_handler(ngx_event_t *ev) | |
1378 { | |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7810
diff
changeset
|
1379 ngx_connection_t *c; |
7775 | 1380 |
7836 | 1381 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic push timer"); |
7775 | 1382 |
1383 c = ev->data; | |
1384 | |
1385 if (ngx_quic_output(c) != NGX_OK) { | |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7831
diff
changeset
|
1386 ngx_quic_close_connection(c, NGX_ERROR); |
7775 | 1387 return; |
1388 } | |
8166
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
1389 |
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8165
diff
changeset
|
1390 ngx_quic_connstate_dbg(c); |
7775 | 1391 } |
1392 | |
1393 | |
8410
41807e581de9
QUIC: separate files for stream related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8409
diff
changeset
|
1394 void |
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1395 ngx_quic_shutdown_quic(ngx_connection_t *c) |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1396 { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1397 ngx_rbtree_t *tree; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1398 ngx_rbtree_node_t *node; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1399 ngx_quic_stream_t *qs; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1400 ngx_quic_connection_t *qc; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1401 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1402 qc = ngx_quic_get_connection(c); |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1403 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1404 if (qc->closing) { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1405 return; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1406 } |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1407 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1408 tree = &qc->streams.tree; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1409 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1410 if (tree->root != tree->sentinel) { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1411 for (node = ngx_rbtree_min(tree->root, tree->sentinel); |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1412 node; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1413 node = ngx_rbtree_next(tree, node)) |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1414 { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1415 qs = (ngx_quic_stream_t *) node; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1416 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1417 if (!qs->cancelable) { |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1418 return; |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1419 } |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1420 } |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1421 } |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1422 |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8352
diff
changeset
|
1423 ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason); |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1424 } |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1425 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1426 |
8196
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1427 uint32_t |
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1428 ngx_quic_version(ngx_connection_t *c) |
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1429 { |
8199
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1430 uint32_t version; |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1431 ngx_quic_connection_t *qc; |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1432 |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1433 qc = ngx_quic_get_connection(c); |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1434 |
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8198
diff
changeset
|
1435 version = qc->version; |
8196
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1436 |
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1437 return (version & 0xff000000) == 0xff000000 ? version & 0xff : version; |
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
1438 } |