Mercurial > hg > nginx-quic
view src/event/ngx_event_quic_protection.h @ 8084:eece8e35e64d quic
QUIC: allowed old DCID for initial packets until first ACK.
If a packet sent in response to an initial client packet was lost, then
successive client initial packets were dropped by nginx with the unexpected
dcid message logged. This was because the new DCID generated by the server was
not available to the client.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 09 Sep 2020 16:35:29 +0300 |
parents | 2d0f4aa78ed6 |
children | b31c02454539 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) typedef struct ngx_quic_secret_s { ngx_str_t secret; ngx_str_t key; ngx_str_t iv; ngx_str_t hp; } ngx_quic_secret_t; typedef struct { ngx_quic_secret_t client; ngx_quic_secret_t server; } ngx_quic_secrets_t; ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secret_t *client, ngx_quic_secret_t *server, ngx_str_t *secret); int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, ngx_quic_secret_t *peer_secret); ngx_int_t ngx_quic_key_update(ngx_connection_t *c, ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, ngx_str_t *res); ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, uint64_t *largest_pn); #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */