Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_transport.c @ 8100:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 30 Sep 2020 20:54:46 +0300 |
parents | d0d3fc0697a0 |
children | a6784cf32c13 |
comparison
equal
deleted
inserted
replaced
8099:b4ef79ef1c23 | 8100:b31c02454539 |
---|---|
772 p = ngx_quic_copy_bytes(p, end, f->u.ncid.len, f->u.ncid.cid); | 772 p = ngx_quic_copy_bytes(p, end, f->u.ncid.len, f->u.ncid.cid); |
773 if (p == NULL) { | 773 if (p == NULL) { |
774 goto error; | 774 goto error; |
775 } | 775 } |
776 | 776 |
777 p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SRT_LEN, f->u.ncid.srt); | 777 p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SR_TOKEN_LEN, f->u.ncid.srt); |
778 if (p == NULL) { | 778 if (p == NULL) { |
779 goto error; | 779 goto error; |
780 } | 780 } |
781 | 781 |
782 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 782 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1551 | 1551 |
1552 switch (id) { | 1552 switch (id) { |
1553 case NGX_QUIC_TP_ORIGINAL_DCID: | 1553 case NGX_QUIC_TP_ORIGINAL_DCID: |
1554 case NGX_QUIC_TP_PREFERRED_ADDRESS: | 1554 case NGX_QUIC_TP_PREFERRED_ADDRESS: |
1555 case NGX_QUIC_TP_RETRY_SCID: | 1555 case NGX_QUIC_TP_RETRY_SCID: |
1556 case NGX_QUIC_TP_STATELESS_RESET_TOKEN: | 1556 case NGX_QUIC_TP_SR_TOKEN: |
1557 ngx_log_error(NGX_LOG_INFO, log, 0, | 1557 ngx_log_error(NGX_LOG_INFO, log, 0, |
1558 "quic client sent forbidden transport param" | 1558 "quic client sent forbidden transport param" |
1559 " id 0x%xL", id); | 1559 " id 0x%xL", id); |
1560 return NGX_ERROR; | 1560 return NGX_ERROR; |
1561 } | 1561 } |
1808 if (tp->original_dcid.len) { | 1808 if (tp->original_dcid.len) { |
1809 len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); | 1809 len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); |
1810 } | 1810 } |
1811 #endif | 1811 #endif |
1812 | 1812 |
1813 if (tp->sr_enabled) { | |
1814 len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN); | |
1815 len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN); | |
1816 len += NGX_QUIC_SR_TOKEN_LEN; | |
1817 } | |
1818 | |
1813 if (pos == NULL) { | 1819 if (pos == NULL) { |
1814 return len; | 1820 return len; |
1815 } | 1821 } |
1816 | 1822 |
1817 ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA, | 1823 ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA, |
1849 if (tp->original_dcid.len) { | 1855 if (tp->original_dcid.len) { |
1850 ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); | 1856 ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); |
1851 } | 1857 } |
1852 #endif | 1858 #endif |
1853 | 1859 |
1860 if (tp->sr_enabled) { | |
1861 ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN); | |
1862 ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN); | |
1863 p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN); | |
1864 } | |
1865 | |
1854 return p - pos; | 1866 return p - pos; |
1855 } | 1867 } |
1856 | 1868 |
1857 | 1869 |
1858 static size_t | 1870 static size_t |