Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7999:0d2b2664b41c quic
QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.
Also, introduced ngx_http_quic_module and moved QUIC settings there
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Tue, 21 Jul 2020 23:09:22 +0300 |
| parents | f537f99b86ee |
| children | 893b3313f53c |
comparison
equal
deleted
inserted
replaced
| 7998:f537f99b86ee | 7999:0d2b2664b41c |
|---|---|
| 90 | 90 |
| 91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; | 91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; |
| 92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; | 92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; |
| 93 ngx_quic_secrets_t next_key; | 93 ngx_quic_secrets_t next_key; |
| 94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; | 94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; |
| 95 | |
| 96 ngx_quic_conf_t *conf; | |
| 95 | 97 |
| 96 ngx_ssl_t *ssl; | 98 ngx_ssl_t *ssl; |
| 97 | 99 |
| 98 ngx_event_t push; | 100 ngx_event_t push; |
| 99 ngx_event_t pto; | 101 ngx_event_t pto; |
| 158 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, | 160 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
| 159 enum ssl_encryption_level_t level, uint8_t alert); | 161 enum ssl_encryption_level_t level, uint8_t alert); |
| 160 | 162 |
| 161 | 163 |
| 162 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, | 164 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
| 163 ngx_quic_tp_t *tp, ngx_quic_header_t *pkt, | 165 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt, |
| 164 ngx_connection_handler_pt handler); | 166 ngx_connection_handler_pt handler); |
| 165 static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid); | 167 static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid); |
| 166 static ngx_int_t ngx_quic_retry(ngx_connection_t *c); | 168 static ngx_int_t ngx_quic_retry(ngx_connection_t *c); |
| 167 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); | 169 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); |
| 168 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, | 170 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, |
| 583 return 1; | 585 return 1; |
| 584 } | 586 } |
| 585 | 587 |
| 586 | 588 |
| 587 void | 589 void |
| 588 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, | 590 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf, |
| 589 ngx_connection_handler_pt handler) | 591 ngx_connection_handler_pt handler) |
| 590 { | 592 { |
| 591 ngx_buf_t *b; | 593 ngx_buf_t *b; |
| 592 ngx_quic_header_t pkt; | 594 ngx_quic_header_t pkt; |
| 593 | 595 |
| 602 pkt.log = c->log; | 604 pkt.log = c->log; |
| 603 pkt.raw = b; | 605 pkt.raw = b; |
| 604 pkt.data = b->start; | 606 pkt.data = b->start; |
| 605 pkt.len = b->last - b->start; | 607 pkt.len = b->last - b->start; |
| 606 | 608 |
| 607 if (ngx_quic_new_connection(c, ssl, tp, &pkt, handler) != NGX_OK) { | 609 if (ngx_quic_new_connection(c, ssl, conf, &pkt, handler) != NGX_OK) { |
| 608 ngx_quic_close_connection(c, NGX_ERROR); | 610 ngx_quic_close_connection(c, NGX_ERROR); |
| 609 return; | 611 return; |
| 610 } | 612 } |
| 611 | 613 |
| 612 ngx_add_timer(c->read, c->quic->in_retry ? NGX_QUIC_RETRY_TIMEOUT | 614 ngx_add_timer(c->read, c->quic->in_retry ? NGX_QUIC_RETRY_TIMEOUT |
| 617 return; | 619 return; |
| 618 } | 620 } |
| 619 | 621 |
| 620 | 622 |
| 621 static ngx_int_t | 623 static ngx_int_t |
| 622 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, | 624 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
| 623 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) | 625 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt, |
| 626 ngx_connection_handler_pt handler) | |
| 624 { | 627 { |
| 625 ngx_int_t rc; | 628 ngx_int_t rc; |
| 626 ngx_uint_t i; | 629 ngx_uint_t i; |
| 627 ngx_quic_tp_t *ctp; | 630 ngx_quic_tp_t *ctp; |
| 628 ngx_quic_secrets_t *keys; | 631 ngx_quic_secrets_t *keys; |
| 701 qc->push.handler = ngx_quic_push_handler; | 704 qc->push.handler = ngx_quic_push_handler; |
| 702 qc->push.cancelable = 1; | 705 qc->push.cancelable = 1; |
| 703 | 706 |
| 704 c->quic = qc; | 707 c->quic = qc; |
| 705 qc->ssl = ssl; | 708 qc->ssl = ssl; |
| 706 qc->tp = *tp; | 709 qc->conf = conf; |
| 710 qc->tp = conf->tp; | |
| 707 qc->streams.handler = handler; | 711 qc->streams.handler = handler; |
| 708 | 712 |
| 709 ctp = &qc->ctp; | 713 ctp = &qc->ctp; |
| 710 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); | 714 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
| 711 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; | 715 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
| 765 } | 769 } |
| 766 | 770 |
| 767 /* NGX_OK */ | 771 /* NGX_OK */ |
| 768 qc->validated = 1; | 772 qc->validated = 1; |
| 769 | 773 |
| 770 } else if (tp->retry) { | 774 } else if (conf->retry) { |
| 771 return ngx_quic_retry(c); | 775 return ngx_quic_retry(c); |
| 772 } | 776 } |
| 773 | 777 |
| 774 pkt->secret = &keys->client; | 778 pkt->secret = &keys->client; |
| 775 pkt->level = ssl_encryption_initial; | 779 pkt->level = ssl_encryption_initial; |
| 947 ctx = EVP_CIPHER_CTX_new(); | 951 ctx = EVP_CIPHER_CTX_new(); |
| 948 if (ctx == NULL) { | 952 if (ctx == NULL) { |
| 949 return NGX_ERROR; | 953 return NGX_ERROR; |
| 950 } | 954 } |
| 951 | 955 |
| 952 key = c->quic->tp.token_key; | 956 key = c->quic->conf->token_key; |
| 953 iv = token->data; | 957 iv = token->data; |
| 954 | 958 |
| 955 if (RAND_bytes(iv, iv_len) <= 0 | 959 if (RAND_bytes(iv, iv_len) <= 0 |
| 956 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) | 960 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) |
| 957 { | 961 { |
| 1021 } | 1025 } |
| 1022 | 1026 |
| 1023 /* NEW_TOKEN in a previous connection */ | 1027 /* NEW_TOKEN in a previous connection */ |
| 1024 | 1028 |
| 1025 cipher = EVP_aes_256_cbc(); | 1029 cipher = EVP_aes_256_cbc(); |
| 1026 key = c->quic->tp.token_key; | 1030 key = c->quic->conf->token_key; |
| 1027 iv = pkt->token.data; | 1031 iv = pkt->token.data; |
| 1028 iv_len = EVP_CIPHER_iv_length(cipher); | 1032 iv_len = EVP_CIPHER_iv_length(cipher); |
| 1029 | 1033 |
| 1030 /* sanity checks */ | 1034 /* sanity checks */ |
| 1031 | 1035 |
| 2235 ngx_quic_send_new_token(ngx_connection_t *c) | 2239 ngx_quic_send_new_token(ngx_connection_t *c) |
| 2236 { | 2240 { |
| 2237 ngx_str_t token; | 2241 ngx_str_t token; |
| 2238 ngx_quic_frame_t *frame; | 2242 ngx_quic_frame_t *frame; |
| 2239 | 2243 |
| 2240 if (!c->quic->tp.retry) { | 2244 if (!c->quic->conf->retry) { |
| 2241 return NGX_OK; | 2245 return NGX_OK; |
| 2242 } | 2246 } |
| 2243 | 2247 |
| 2244 if (ngx_quic_new_token(c, &token) != NGX_OK) { | 2248 if (ngx_quic_new_token(c, &token) != NGX_OK) { |
| 2245 return NGX_ERROR; | 2249 return NGX_ERROR; |