Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_transport.c @ 8100:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 30 Sep 2020 20:54:46 +0300 |
| parents | d0d3fc0697a0 |
| children | a6784cf32c13 |
comparison
equal
deleted
inserted
replaced
| 8099:b4ef79ef1c23 | 8100:b31c02454539 |
|---|---|
| 772 p = ngx_quic_copy_bytes(p, end, f->u.ncid.len, f->u.ncid.cid); | 772 p = ngx_quic_copy_bytes(p, end, f->u.ncid.len, f->u.ncid.cid); |
| 773 if (p == NULL) { | 773 if (p == NULL) { |
| 774 goto error; | 774 goto error; |
| 775 } | 775 } |
| 776 | 776 |
| 777 p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SRT_LEN, f->u.ncid.srt); | 777 p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SR_TOKEN_LEN, f->u.ncid.srt); |
| 778 if (p == NULL) { | 778 if (p == NULL) { |
| 779 goto error; | 779 goto error; |
| 780 } | 780 } |
| 781 | 781 |
| 782 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 782 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
| 1551 | 1551 |
| 1552 switch (id) { | 1552 switch (id) { |
| 1553 case NGX_QUIC_TP_ORIGINAL_DCID: | 1553 case NGX_QUIC_TP_ORIGINAL_DCID: |
| 1554 case NGX_QUIC_TP_PREFERRED_ADDRESS: | 1554 case NGX_QUIC_TP_PREFERRED_ADDRESS: |
| 1555 case NGX_QUIC_TP_RETRY_SCID: | 1555 case NGX_QUIC_TP_RETRY_SCID: |
| 1556 case NGX_QUIC_TP_STATELESS_RESET_TOKEN: | 1556 case NGX_QUIC_TP_SR_TOKEN: |
| 1557 ngx_log_error(NGX_LOG_INFO, log, 0, | 1557 ngx_log_error(NGX_LOG_INFO, log, 0, |
| 1558 "quic client sent forbidden transport param" | 1558 "quic client sent forbidden transport param" |
| 1559 " id 0x%xL", id); | 1559 " id 0x%xL", id); |
| 1560 return NGX_ERROR; | 1560 return NGX_ERROR; |
| 1561 } | 1561 } |
| 1808 if (tp->original_dcid.len) { | 1808 if (tp->original_dcid.len) { |
| 1809 len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); | 1809 len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); |
| 1810 } | 1810 } |
| 1811 #endif | 1811 #endif |
| 1812 | 1812 |
| 1813 if (tp->sr_enabled) { | |
| 1814 len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN); | |
| 1815 len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN); | |
| 1816 len += NGX_QUIC_SR_TOKEN_LEN; | |
| 1817 } | |
| 1818 | |
| 1813 if (pos == NULL) { | 1819 if (pos == NULL) { |
| 1814 return len; | 1820 return len; |
| 1815 } | 1821 } |
| 1816 | 1822 |
| 1817 ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA, | 1823 ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA, |
| 1849 if (tp->original_dcid.len) { | 1855 if (tp->original_dcid.len) { |
| 1850 ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); | 1856 ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); |
| 1851 } | 1857 } |
| 1852 #endif | 1858 #endif |
| 1853 | 1859 |
| 1860 if (tp->sr_enabled) { | |
| 1861 ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN); | |
| 1862 ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN); | |
| 1863 p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN); | |
| 1864 } | |
| 1865 | |
| 1854 return p - pos; | 1866 return p - pos; |
| 1855 } | 1867 } |
| 1856 | 1868 |
| 1857 | 1869 |
| 1858 static size_t | 1870 static size_t |