Mercurial > hg > nginx-quic
comparison src/http/v3/ngx_http_v3_module.c @ 7860:7ea34e13937f quic
Address validation using Retry packets.
The behaviour is toggled with the new directive "quic_retry on|off".
QUIC token construction is made suitable for issuing with NEW_TOKEN.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 14 May 2020 15:47:18 +0300 |
parents | 036164360fa9 |
children | 125cbfa77013 |
comparison
equal
deleted
inserted
replaced
7859:b7704303a7e5 | 7860:7ea34e13937f |
---|---|
108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
109 ngx_conf_set_num_slot, | 109 ngx_conf_set_num_slot, |
110 NGX_HTTP_SRV_CONF_OFFSET, | 110 NGX_HTTP_SRV_CONF_OFFSET, |
111 offsetof(ngx_http_v3_srv_conf_t, quic.active_connection_id_limit), | 111 offsetof(ngx_http_v3_srv_conf_t, quic.active_connection_id_limit), |
112 &ngx_http_v3_active_connection_id_limit_bounds }, | 112 &ngx_http_v3_active_connection_id_limit_bounds }, |
113 | |
114 { ngx_string("quic_retry"), | |
115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
116 ngx_conf_set_flag_slot, | |
117 NGX_HTTP_SRV_CONF_OFFSET, | |
118 offsetof(ngx_http_v3_srv_conf_t, quic.retry), | |
119 NULL }, | |
113 | 120 |
114 ngx_null_command | 121 ngx_null_command |
115 }; | 122 }; |
116 | 123 |
117 | 124 |
255 v3cf->quic.initial_max_streams_uni = NGX_CONF_UNSET_UINT; | 262 v3cf->quic.initial_max_streams_uni = NGX_CONF_UNSET_UINT; |
256 v3cf->quic.ack_delay_exponent = NGX_CONF_UNSET_UINT; | 263 v3cf->quic.ack_delay_exponent = NGX_CONF_UNSET_UINT; |
257 v3cf->quic.disable_active_migration = NGX_CONF_UNSET_UINT; | 264 v3cf->quic.disable_active_migration = NGX_CONF_UNSET_UINT; |
258 v3cf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT; | 265 v3cf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT; |
259 | 266 |
267 v3cf->quic.retry = NGX_CONF_UNSET; | |
268 | |
260 return v3cf; | 269 return v3cf; |
261 } | 270 } |
262 | 271 |
263 | 272 |
264 static char * | 273 static char * |
307 ngx_conf_merge_uint_value(conf->quic.disable_active_migration, | 316 ngx_conf_merge_uint_value(conf->quic.disable_active_migration, |
308 prev->quic.disable_active_migration, 1); | 317 prev->quic.disable_active_migration, 1); |
309 | 318 |
310 ngx_conf_merge_uint_value(conf->quic.active_connection_id_limit, | 319 ngx_conf_merge_uint_value(conf->quic.active_connection_id_limit, |
311 prev->quic.active_connection_id_limit, 2); | 320 prev->quic.active_connection_id_limit, 2); |
321 | |
322 ngx_conf_merge_value(conf->quic.retry, prev->quic.retry, 0); | |
323 | |
324 if (conf->quic.retry) { | |
325 if (RAND_bytes(conf->quic.token_key, sizeof(conf->quic.token_key)) <= 0) { | |
326 return NGX_CONF_ERROR; | |
327 } | |
328 } | |
329 | |
312 | 330 |
313 return NGX_CONF_OK; | 331 return NGX_CONF_OK; |
314 } | 332 } |
315 | 333 |
316 | 334 |