Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_quic_module.c @ 8100:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 30 Sep 2020 20:54:46 +0300 |
parents | 893b3313f53c |
children | bed310672f39 |
comparison
equal
deleted
inserted
replaced
8099:b4ef79ef1c23 | 8100:b31c02454539 |
---|---|
121 { ngx_string("quic_retry"), | 121 { ngx_string("quic_retry"), |
122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
123 ngx_conf_set_flag_slot, | 123 ngx_conf_set_flag_slot, |
124 NGX_HTTP_SRV_CONF_OFFSET, | 124 NGX_HTTP_SRV_CONF_OFFSET, |
125 offsetof(ngx_quic_conf_t, retry), | 125 offsetof(ngx_quic_conf_t, retry), |
126 NULL }, | |
127 | |
128 { ngx_string("quic_stateless_reset_token_key"), | |
129 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
130 ngx_conf_set_str_slot, | |
131 NGX_HTTP_SRV_CONF_OFFSET, | |
132 offsetof(ngx_quic_conf_t, sr_token_key), | |
126 NULL }, | 133 NULL }, |
127 | 134 |
128 ngx_null_command | 135 ngx_null_command |
129 }; | 136 }; |
130 | 137 |
221 * set by ngx_pcalloc(): | 228 * set by ngx_pcalloc(): |
222 * | 229 * |
223 * conf->tp.original_dcid = { 0, NULL }; | 230 * conf->tp.original_dcid = { 0, NULL }; |
224 * conf->tp.initial_scid = { 0, NULL }; | 231 * conf->tp.initial_scid = { 0, NULL }; |
225 * conf->tp.retry_scid = { 0, NULL }; | 232 * conf->tp.retry_scid = { 0, NULL }; |
226 * conf->tp.stateless_reset_token = { 0 } | 233 * conf->tp.sr_token = { 0 } |
234 * conf->tp.sr_enabled = 0 | |
227 * conf->tp.preferred_address = NULL | 235 * conf->tp.preferred_address = NULL |
236 * conf->sr_token_key = { 0, NULL } | |
228 */ | 237 */ |
229 | 238 |
230 conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; | 239 conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; |
231 conf->tp.max_ack_delay = NGX_CONF_UNSET_MSEC; | 240 conf->tp.max_ack_delay = NGX_CONF_UNSET_MSEC; |
232 conf->tp.max_udp_payload_size = NGX_CONF_UNSET_SIZE; | 241 conf->tp.max_udp_payload_size = NGX_CONF_UNSET_SIZE; |
302 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { | 311 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { |
303 return NGX_CONF_ERROR; | 312 return NGX_CONF_ERROR; |
304 } | 313 } |
305 } | 314 } |
306 | 315 |
316 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); | |
317 | |
307 return NGX_CONF_OK; | 318 return NGX_CONF_OK; |
308 } | 319 } |
309 | 320 |
310 | 321 |
311 static char * | 322 static char * |