nginx-quic: src/event/ngx_event

comparison src/event/ngx_event_quic.c @ 8060:fc89d02bdca2 quic

QUIC: added version negotiation support. If a client attemtps to start a new connection with unsupported version, a version negotiation packet is sent that contains a list of supported versions (currently this is a single version, selected at compile time).

author	Vladimir Homutov <vl@nginx.com>
date	Thu, 20 Aug 2020 17:11:04 +0300
parents	de7d6d943f68
children	0609ea17ca23

comparison

equal deleted inserted replaced

-:a748095bf94e
+:fc89d02bdca2
 enum ssl_encryption_level_t level, uint8_t alert);
 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_negotiate_version(ngx_connection_t *c,
+ngx_quic_header_t *inpkt);
 static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid);
 static ngx_int_t ngx_quic_retry(ngx_connection_t *c);
 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token);
 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c,
 ngx_quic_header_t *pkt);
 rc = ngx_quic_parse_long_header(pkt);
 if (rc != NGX_OK) {
 return rc;
 }
+if (pkt->version != NGX_QUIC_VERSION) {
+return ngx_quic_negotiate_version(c, pkt);
+}
 if (!ngx_quic_pkt_in(pkt->flags)) {
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
 "quic invalid initial packet: 0x%xd", pkt->flags);
 return NGX_ERROR;
 }
 pkt->raw->pos += pkt->len;
 (void) ngx_quic_skip_zero_padding(pkt->raw);
 return ngx_quic_input(c, pkt->raw);
+}
+static ngx_int_t
+ngx_quic_negotiate_version(ngx_connection_t *c, ngx_quic_header_t *inpkt)
+{
+size_t             len;
+ngx_quic_header_t  pkt;
+/* buffer size is calculated assuming a single supported version */
+static u_char      buf[NGX_QUIC_MAX_LONG_HEADER + sizeof(uint32_t)];
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"sending version negotiation packet");
+pkt.log = c->log;
+pkt.flags = NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_FIXED_BIT;
+pkt.dcid = inpkt->scid;
+pkt.scid = inpkt->dcid;
+len = ngx_quic_create_version_negotiation(&pkt, buf);
+#ifdef NGX_QUIC_DEBUG_PACKETS
+ngx_quic_hexdump(c->log, "quic vnego packet to send", buf, len);
+#endif
+(void) c->send(c, buf, len);
+return NGX_ERROR;
 }
 static ngx_int_t
 ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid)
 rc = ngx_quic_parse_long_header(pkt);
 if (rc != NGX_OK) {
 return rc;
 }
+if (pkt->version != NGX_QUIC_VERSION) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic unsupported version: 0x%xD", pkt->version);
+return NGX_ERROR;
+}
 if (ngx_quic_pkt_zrtt(pkt->flags)) {
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
 "quic discard inflight 0-RTT packet");
 return NGX_OK;
 }
 ssl_conn = c->ssl->connection;
 rc = ngx_quic_parse_long_header(pkt);
 if (rc != NGX_OK) {
 return rc;
+}
+if (pkt->version != NGX_QUIC_VERSION) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic unsupported version: 0x%xD", pkt->version);
+return NGX_ERROR;
 }
 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
 return NGX_ERROR;
 }
 rc = ngx_quic_parse_long_header(pkt);
 if (rc != NGX_OK) {
 return rc;
 }
+if (pkt->version != NGX_QUIC_VERSION) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic unsupported version: 0x%xD", pkt->version);
+return NGX_ERROR;
+}
 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
 return NGX_ERROR;
 }
 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) {
 /* extract cleartext data into pkt */
 rc = ngx_quic_parse_long_header(pkt);
 if (rc != NGX_OK) {
 return rc;
+}
+if (pkt->version != NGX_QUIC_VERSION) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic unsupported version: 0x%xD", pkt->version);
+return NGX_ERROR;
 }
 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
 return NGX_ERROR;
 }

Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 8060:fc89d02bdca2 quic