Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7999:0d2b2664b41c quic
QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.
Also, introduced ngx_http_quic_module and moved QUIC settings there
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 21 Jul 2020 23:09:22 +0300 |
parents | f537f99b86ee |
children | 893b3313f53c |
comparison
equal
deleted
inserted
replaced
7998:f537f99b86ee | 7999:0d2b2664b41c |
---|---|
90 | 90 |
91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; | 91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; |
92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; | 92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; |
93 ngx_quic_secrets_t next_key; | 93 ngx_quic_secrets_t next_key; |
94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; | 94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; |
95 | |
96 ngx_quic_conf_t *conf; | |
95 | 97 |
96 ngx_ssl_t *ssl; | 98 ngx_ssl_t *ssl; |
97 | 99 |
98 ngx_event_t push; | 100 ngx_event_t push; |
99 ngx_event_t pto; | 101 ngx_event_t pto; |
158 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, | 160 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
159 enum ssl_encryption_level_t level, uint8_t alert); | 161 enum ssl_encryption_level_t level, uint8_t alert); |
160 | 162 |
161 | 163 |
162 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, | 164 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
163 ngx_quic_tp_t *tp, ngx_quic_header_t *pkt, | 165 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt, |
164 ngx_connection_handler_pt handler); | 166 ngx_connection_handler_pt handler); |
165 static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid); | 167 static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid); |
166 static ngx_int_t ngx_quic_retry(ngx_connection_t *c); | 168 static ngx_int_t ngx_quic_retry(ngx_connection_t *c); |
167 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); | 169 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); |
168 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, | 170 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, |
583 return 1; | 585 return 1; |
584 } | 586 } |
585 | 587 |
586 | 588 |
587 void | 589 void |
588 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, | 590 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf, |
589 ngx_connection_handler_pt handler) | 591 ngx_connection_handler_pt handler) |
590 { | 592 { |
591 ngx_buf_t *b; | 593 ngx_buf_t *b; |
592 ngx_quic_header_t pkt; | 594 ngx_quic_header_t pkt; |
593 | 595 |
602 pkt.log = c->log; | 604 pkt.log = c->log; |
603 pkt.raw = b; | 605 pkt.raw = b; |
604 pkt.data = b->start; | 606 pkt.data = b->start; |
605 pkt.len = b->last - b->start; | 607 pkt.len = b->last - b->start; |
606 | 608 |
607 if (ngx_quic_new_connection(c, ssl, tp, &pkt, handler) != NGX_OK) { | 609 if (ngx_quic_new_connection(c, ssl, conf, &pkt, handler) != NGX_OK) { |
608 ngx_quic_close_connection(c, NGX_ERROR); | 610 ngx_quic_close_connection(c, NGX_ERROR); |
609 return; | 611 return; |
610 } | 612 } |
611 | 613 |
612 ngx_add_timer(c->read, c->quic->in_retry ? NGX_QUIC_RETRY_TIMEOUT | 614 ngx_add_timer(c->read, c->quic->in_retry ? NGX_QUIC_RETRY_TIMEOUT |
617 return; | 619 return; |
618 } | 620 } |
619 | 621 |
620 | 622 |
621 static ngx_int_t | 623 static ngx_int_t |
622 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, | 624 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
623 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) | 625 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt, |
626 ngx_connection_handler_pt handler) | |
624 { | 627 { |
625 ngx_int_t rc; | 628 ngx_int_t rc; |
626 ngx_uint_t i; | 629 ngx_uint_t i; |
627 ngx_quic_tp_t *ctp; | 630 ngx_quic_tp_t *ctp; |
628 ngx_quic_secrets_t *keys; | 631 ngx_quic_secrets_t *keys; |
701 qc->push.handler = ngx_quic_push_handler; | 704 qc->push.handler = ngx_quic_push_handler; |
702 qc->push.cancelable = 1; | 705 qc->push.cancelable = 1; |
703 | 706 |
704 c->quic = qc; | 707 c->quic = qc; |
705 qc->ssl = ssl; | 708 qc->ssl = ssl; |
706 qc->tp = *tp; | 709 qc->conf = conf; |
710 qc->tp = conf->tp; | |
707 qc->streams.handler = handler; | 711 qc->streams.handler = handler; |
708 | 712 |
709 ctp = &qc->ctp; | 713 ctp = &qc->ctp; |
710 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); | 714 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
711 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; | 715 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
765 } | 769 } |
766 | 770 |
767 /* NGX_OK */ | 771 /* NGX_OK */ |
768 qc->validated = 1; | 772 qc->validated = 1; |
769 | 773 |
770 } else if (tp->retry) { | 774 } else if (conf->retry) { |
771 return ngx_quic_retry(c); | 775 return ngx_quic_retry(c); |
772 } | 776 } |
773 | 777 |
774 pkt->secret = &keys->client; | 778 pkt->secret = &keys->client; |
775 pkt->level = ssl_encryption_initial; | 779 pkt->level = ssl_encryption_initial; |
947 ctx = EVP_CIPHER_CTX_new(); | 951 ctx = EVP_CIPHER_CTX_new(); |
948 if (ctx == NULL) { | 952 if (ctx == NULL) { |
949 return NGX_ERROR; | 953 return NGX_ERROR; |
950 } | 954 } |
951 | 955 |
952 key = c->quic->tp.token_key; | 956 key = c->quic->conf->token_key; |
953 iv = token->data; | 957 iv = token->data; |
954 | 958 |
955 if (RAND_bytes(iv, iv_len) <= 0 | 959 if (RAND_bytes(iv, iv_len) <= 0 |
956 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) | 960 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) |
957 { | 961 { |
1021 } | 1025 } |
1022 | 1026 |
1023 /* NEW_TOKEN in a previous connection */ | 1027 /* NEW_TOKEN in a previous connection */ |
1024 | 1028 |
1025 cipher = EVP_aes_256_cbc(); | 1029 cipher = EVP_aes_256_cbc(); |
1026 key = c->quic->tp.token_key; | 1030 key = c->quic->conf->token_key; |
1027 iv = pkt->token.data; | 1031 iv = pkt->token.data; |
1028 iv_len = EVP_CIPHER_iv_length(cipher); | 1032 iv_len = EVP_CIPHER_iv_length(cipher); |
1029 | 1033 |
1030 /* sanity checks */ | 1034 /* sanity checks */ |
1031 | 1035 |
2235 ngx_quic_send_new_token(ngx_connection_t *c) | 2239 ngx_quic_send_new_token(ngx_connection_t *c) |
2236 { | 2240 { |
2237 ngx_str_t token; | 2241 ngx_str_t token; |
2238 ngx_quic_frame_t *frame; | 2242 ngx_quic_frame_t *frame; |
2239 | 2243 |
2240 if (!c->quic->tp.retry) { | 2244 if (!c->quic->conf->retry) { |
2241 return NGX_OK; | 2245 return NGX_OK; |
2242 } | 2246 } |
2243 | 2247 |
2244 if (ngx_quic_new_token(c, &token) != NGX_OK) { | 2248 if (ngx_quic_new_token(c, &token) != NGX_OK) { |
2245 return NGX_ERROR; | 2249 return NGX_ERROR; |