Mercurial > hg > nginx-quic

diff src/http/v3/ngx_http_v3_module.c @ 7860:7ea34e13937f quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Address validation using Retry packets. The behaviour is toggled with the new directive "quic_retry on|off". QUIC token construction is made suitable for issuing with NEW_TOKEN.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 14 May 2020 15:47:18 +0300
parents 036164360fa9
children 125cbfa77013
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_module.c
+++ b/src/http/v3/ngx_http_v3_module.c
@@ -111,6 +111,13 @@ static ngx_command_t  ngx_http_v3_comman
       offsetof(ngx_http_v3_srv_conf_t, quic.active_connection_id_limit),
       &ngx_http_v3_active_connection_id_limit_bounds },
 
+    { ngx_string("quic_retry"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_v3_srv_conf_t, quic.retry),
+      NULL },
+
       ngx_null_command
 };
 
@@ -257,6 +264,8 @@ ngx_http_v3_create_srv_conf(ngx_conf_t *
     v3cf->quic.disable_active_migration = NGX_CONF_UNSET_UINT;
     v3cf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT;
 
+    v3cf->quic.retry = NGX_CONF_UNSET;
+
     return v3cf;
 }
 
@@ -310,6 +319,15 @@ ngx_http_v3_merge_srv_conf(ngx_conf_t *c
     ngx_conf_merge_uint_value(conf->quic.active_connection_id_limit,
                               prev->quic.active_connection_id_limit, 2);
 
+    ngx_conf_merge_value(conf->quic.retry, prev->quic.retry, 0);
+
+    if (conf->quic.retry) {
+        if (RAND_bytes(conf->quic.token_key, sizeof(conf->quic.token_key)) <= 0) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+
     return NGX_CONF_OK;
 }