Mercurial > hg > nginx
annotate src/event/ngx_event_quic.c @ 8306:058a5af7ddfc quic
Refactored QUIC secrets storage.
The quic->keys[4] array now contains secrets related to the corresponding
encryption level. All protection-level functions get proper keys and do
not need to switch manually between levels.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 01 Apr 2020 14:25:25 +0300 |
| parents | e35f824f644d |
| children | dc7ac778aafe |
| rev | line source |
|---|---|
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
2 /* |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
4 */ |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
5 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
6 |
| 8171 | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
9 #include <ngx_event.h> |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
10 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
11 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
12 typedef enum { |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
13 NGX_QUIC_ST_INITIAL, /* connection just created */ |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
14 NGX_QUIC_ST_HANDSHAKE, /* handshake started */ |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
15 NGX_QUIC_ST_EARLY_DATA, /* handshake in progress */ |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
16 NGX_QUIC_ST_APPLICATION /* handshake complete */ |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
17 } ngx_quic_state_t; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
18 |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
19 |
| 8225 | 20 typedef struct { |
| 21 ngx_rbtree_t tree; | |
| 22 ngx_rbtree_node_t sentinel; | |
| 23 ngx_connection_handler_pt handler; | |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
24 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
25 ngx_uint_t id_counter; |
| 8225 | 26 } ngx_quic_streams_t; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
27 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
28 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
29 struct ngx_quic_connection_s { |
| 8225 | 30 ngx_str_t scid; |
| 31 ngx_str_t dcid; | |
| 32 ngx_str_t token; | |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
33 |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
34 ngx_uint_t client_tp_done; |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
35 ngx_quic_tp_t tp; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
36 ngx_quic_tp_t ctp; |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
37 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
38 ngx_quic_state_t state; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
39 |
| 8225 | 40 /* current packet numbers for each namespace */ |
| 41 ngx_uint_t initial_pn; | |
| 42 ngx_uint_t handshake_pn; | |
| 43 ngx_uint_t appdata_pn; | |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
44 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
45 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
46 uint64_t crypto_offset[NGX_QUIC_ENCRYPTION_LAST]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
47 |
| 8225 | 48 ngx_ssl_t *ssl; |
| 49 ngx_quic_frame_t *frames; | |
| 8286 | 50 ngx_quic_frame_t *free_frames; |
| 51 | |
| 52 #if (NGX_DEBUG) | |
| 53 ngx_uint_t nframes; | |
| 54 #endif | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
55 |
| 8225 | 56 ngx_quic_streams_t streams; |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
57 ngx_uint_t max_data; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
58 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
59 unsigned send_timer_set:1; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
60 unsigned closing:1; |
| 8225 | 61 }; |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
62 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
63 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
64 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
65 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
66 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
67 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
68 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
69 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
70 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
71 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
72 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
73 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
74 const uint8_t *write_secret, size_t secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
75 #endif |
| 8225 | 76 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
77 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
78 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
79 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
80 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
81 enum ssl_encryption_level_t level, uint8_t alert); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
82 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
83 |
| 8225 | 84 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
85 ngx_quic_tp_t *tp, ngx_quic_header_t *pkt, |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
86 ngx_connection_handler_pt handler); |
| 8225 | 87 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
88 static void ngx_quic_input_handler(ngx_event_t *rev); |
| 8225 | 89 static void ngx_quic_close_connection(ngx_connection_t *c); |
| 90 | |
| 91 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b); | |
| 92 static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c, | |
| 93 ngx_quic_header_t *pkt); | |
| 94 static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c, | |
| 95 ngx_quic_header_t *pkt); | |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
96 static ngx_int_t ngx_quic_early_input(ngx_connection_t *c, |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
97 ngx_quic_header_t *pkt); |
| 8225 | 98 static ngx_int_t ngx_quic_app_input(ngx_connection_t *c, |
| 99 ngx_quic_header_t *pkt); | |
| 100 static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c, | |
| 101 ngx_quic_header_t *pkt); | |
| 102 | |
| 103 static ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c, | |
| 104 ngx_quic_header_t *pkt, ngx_quic_ack_frame_t *f); | |
| 105 static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c, | |
| 106 ngx_quic_header_t *pkt, ngx_quic_crypto_frame_t *frame); | |
| 107 static ngx_int_t ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
| 108 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *frame); | |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
109 static ngx_int_t ngx_quic_handle_streams_blocked_frame(ngx_connection_t *c, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
110 ngx_quic_header_t *pkt, ngx_quic_streams_blocked_frame_t *f); |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
111 static ngx_int_t ngx_quic_handle_stream_data_blocked_frame(ngx_connection_t *c, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
112 ngx_quic_header_t *pkt, ngx_quic_stream_data_blocked_frame_t *f); |
| 8225 | 113 |
| 114 static void ngx_quic_queue_frame(ngx_quic_connection_t *qc, | |
| 115 ngx_quic_frame_t *frame); | |
| 116 | |
| 117 static ngx_int_t ngx_quic_output(ngx_connection_t *c); | |
| 118 ngx_int_t ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
| 119 ngx_quic_frame_t *end, size_t total); | |
| 120 | |
| 121 static void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
| 122 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
123 static ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree, |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
124 uint64_t id); |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
125 static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c, |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
126 uint64_t id, size_t rcvbuf_size); |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
127 static ssize_t ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, |
|
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
128 size_t size); |
|
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
129 static ssize_t ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, |
|
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
130 size_t size); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
131 static void ngx_quic_stream_cleanup_handler(void *data); |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
132 static ngx_chain_t *ngx_quic_stream_send_chain(ngx_connection_t *c, |
|
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
133 ngx_chain_t *in, off_t limit); |
| 8286 | 134 static ngx_quic_frame_t *ngx_quic_alloc_frame(ngx_connection_t *c, size_t size); |
| 135 static void ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame); | |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
136 |
| 8225 | 137 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
138 static SSL_QUIC_METHOD quic_method = { |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
139 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
140 ngx_quic_set_read_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
141 ngx_quic_set_write_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
142 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
143 ngx_quic_set_encryption_secrets, |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
144 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
145 ngx_quic_add_handshake_data, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
146 ngx_quic_flush_flight, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
147 ngx_quic_send_alert, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
148 }; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
149 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
150 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
151 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
152 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
153 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
154 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
155 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
156 const uint8_t *rsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
157 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
158 ngx_connection_t *c; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
159 ngx_quic_secrets_t *keys; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
160 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
162 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
163 ngx_quic_hexdump(c->log, "level:%d read secret", |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
164 rsecret, secret_len, level); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
165 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
166 keys = &c->quic->keys[level]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
167 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
168 if (level == ssl_encryption_early_data) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
169 c->quic->state = NGX_QUIC_ST_EARLY_DATA; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
170 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
171 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
172 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
173 rsecret, secret_len, |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
174 &keys->client); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
175 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
176 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
177 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
178 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
179 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
180 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
181 const uint8_t *wsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
182 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
183 ngx_connection_t *c; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
184 ngx_quic_secrets_t *keys; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
185 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
186 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
187 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
188 ngx_quic_hexdump(c->log, "level:%d write secret", |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
189 wsecret, secret_len, level); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
190 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
191 keys = &c->quic->keys[level]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
192 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
193 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
194 wsecret, secret_len, |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
195 &keys->server); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
196 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
197 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
198 #else |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
199 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
200 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
201 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
202 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
203 const uint8_t *wsecret, size_t secret_len) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
204 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
205 ngx_int_t rc; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
206 ngx_connection_t *c; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
207 ngx_quic_secrets_t *keys; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
208 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
209 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
210 |
|
8222
bec4cd55361e
Fixed a typo with OpenSSL.
Vladimir Homutov <vl@nginx.com>
parents:
8221
diff
changeset
|
211 ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
212 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
213 keys = &c->quic->secrets[level]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
214 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
215 rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
216 rsecret, secret_len, |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
217 &keys->client); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
218 if (rc != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
219 return rc; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
220 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
221 |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
222 if (level == ssl_encryption_early_data) { |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
223 c->quic->state = NGX_QUIC_ST_EARLY_DATA; |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
224 return 1; |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
225 } |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
226 |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
227 ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level); |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
228 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
229 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
230 wsecret, secret_len, |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
231 &keys->server); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
232 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
233 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
234 #endif |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
235 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
236 |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
237 static int |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
238 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
239 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
240 { |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
241 u_char *p, *end; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
242 size_t client_params_len; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
243 const uint8_t *client_params; |
| 8225 | 244 ngx_quic_frame_t *frame; |
| 245 ngx_connection_t *c; | |
| 246 ngx_quic_connection_t *qc; | |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
247 |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
248 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
249 qc = c->quic; |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
250 |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
251 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
252 "ngx_quic_add_handshake_data"); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
253 |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
254 /* XXX: obtain client parameters after the handshake? */ |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
255 if (!qc->client_tp_done) { |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
256 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
257 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
258 &client_params_len); |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
259 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
260 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
261 "SSL_get_peer_quic_transport_params(): params_len %ui", |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
262 client_params_len); |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
263 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
264 if (client_params_len != 0) { |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
265 p = (u_char *) client_params; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
266 end = p + client_params_len; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
267 |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
268 if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log) |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
269 != NGX_OK) |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
270 { |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
271 return NGX_ERROR; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
272 } |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
273 |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
274 if (qc->ctp.max_idle_timeout > 0 |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
275 && qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout) |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
276 { |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
277 qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
278 } |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
279 |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
280 qc->client_tp_done = 1; |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
281 } |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
282 } |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
283 |
| 8286 | 284 frame = ngx_quic_alloc_frame(c, len); |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
285 if (frame == NULL) { |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
286 return 0; |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
287 } |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
288 |
| 8286 | 289 ngx_memcpy(frame->data, data, len); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
290 |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
291 frame->level = level; |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
292 frame->type = NGX_QUIC_FT_CRYPTO; |
|
8259
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8258
diff
changeset
|
293 frame->u.crypto.offset += qc->crypto_offset[level]; |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
294 frame->u.crypto.len = len; |
| 8286 | 295 frame->u.crypto.data = frame->data; |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
296 |
|
8259
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8258
diff
changeset
|
297 qc->crypto_offset[level] += len; |
|
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8258
diff
changeset
|
298 |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
299 ngx_sprintf(frame->info, "crypto, generated by SSL len=%ui level=%d", len, level); |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
300 |
|
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
301 ngx_quic_queue_frame(qc, frame); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
302 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
303 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
304 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
305 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
306 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
307 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
308 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
309 { |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
310 ngx_connection_t *c; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
311 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
312 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
313 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
314 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_quic_flush_flight()"); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
315 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
316 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
317 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
318 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
319 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
320 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
321 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
322 uint8_t alert) |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
323 { |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
324 ngx_connection_t *c; |
|
8235
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
325 ngx_quic_frame_t *frame; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
326 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
327 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
328 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
329 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
330 "ngx_quic_send_alert(), lvl=%d, alert=%d", |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
331 (int) level, (int) alert); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
332 |
| 8286 | 333 frame = ngx_quic_alloc_frame(c, 0); |
|
8235
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
334 if (frame == NULL) { |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
335 return 0; |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
336 } |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
337 |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
338 frame->level = level; |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
339 frame->type = NGX_QUIC_FT_CONNECTION_CLOSE; |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
340 frame->u.close.error_code = 0x100 + alert; |
|
8305
e35f824f644d
Added missing debug description.
Vladimir Homutov <vl@nginx.com>
parents:
8304
diff
changeset
|
341 ngx_sprintf(frame->info, "cc from send_alert level=%d", frame->level); |
|
8235
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
342 |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
343 ngx_quic_queue_frame(c->quic, frame); |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
344 |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
345 if (ngx_quic_output(c) != NGX_OK) { |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
346 return 0; |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
347 } |
|
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8234
diff
changeset
|
348 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
349 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
350 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
351 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
352 |
| 8225 | 353 void |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
354 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
355 ngx_connection_handler_pt handler) |
| 8225 | 356 { |
| 357 ngx_buf_t *b; | |
| 358 ngx_quic_header_t pkt; | |
| 359 | |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
360 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run"); |
| 8225 | 361 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
362 c->log->action = "QUIC initialization"; |
| 8225 | 363 |
| 364 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | |
| 365 | |
| 366 b = c->buffer; | |
| 367 | |
| 368 pkt.log = c->log; | |
| 369 pkt.raw = b; | |
| 370 pkt.data = b->start; | |
| 371 pkt.len = b->last - b->start; | |
| 372 | |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
373 if (ngx_quic_new_connection(c, ssl, tp, &pkt, handler) != NGX_OK) { |
| 8225 | 374 ngx_quic_close_connection(c); |
| 375 return; | |
| 376 } | |
| 377 | |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
378 ngx_add_timer(c->read, c->quic->tp.max_idle_timeout); |
| 8225 | 379 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
380 c->read->handler = ngx_quic_input_handler; |
| 8225 | 381 |
| 382 return; | |
| 383 } | |
| 384 | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
385 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
386 static ngx_int_t |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
387 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
388 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
389 { |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
390 ngx_quic_tp_t *ctp; |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
391 ngx_quic_secrets_t *keys; |
| 8225 | 392 ngx_quic_connection_t *qc; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
393 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
394 |
| 8225 | 395 if (ngx_buf_size(pkt->raw) < 1200) { |
| 396 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); | |
| 397 return NGX_ERROR; | |
| 398 } | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
399 |
| 8225 | 400 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
401 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
402 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
403 |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
404 if (!ngx_quic_pkt_in(pkt->flags)) { |
| 8225 | 405 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 406 "invalid initial packet: 0x%xi", pkt->flags); | |
| 407 return NGX_ERROR; | |
| 408 } | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
409 |
| 8225 | 410 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
| 411 return NGX_ERROR; | |
| 412 } | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
413 |
| 8275 | 414 c->log->action = "creating new quic connection"; |
| 415 | |
| 8225 | 416 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
| 417 if (qc == NULL) { | |
| 418 return NGX_ERROR; | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
419 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
420 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
421 qc->state = NGX_QUIC_ST_INITIAL; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
422 |
| 8225 | 423 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
| 424 ngx_quic_rbtree_insert_stream); | |
| 425 | |
| 426 c->quic = qc; | |
| 427 qc->ssl = ssl; | |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
428 qc->tp = *tp; |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
429 qc->streams.handler = handler; |
| 8225 | 430 |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
431 ctp = &qc->ctp; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
432 ctp->max_packet_size = NGX_QUIC_DEFAULT_MAX_PACKET_SIZE; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
433 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
434 ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
435 |
| 8225 | 436 qc->dcid.len = pkt->dcid.len; |
| 437 qc->dcid.data = ngx_pnalloc(c->pool, pkt->dcid.len); | |
| 438 if (qc->dcid.data == NULL) { | |
| 439 return NGX_ERROR; | |
| 440 } | |
| 441 ngx_memcpy(qc->dcid.data, pkt->dcid.data, qc->dcid.len); | |
| 442 | |
| 443 qc->scid.len = pkt->scid.len; | |
| 444 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); | |
| 445 if (qc->scid.data == NULL) { | |
| 446 return NGX_ERROR; | |
| 447 } | |
| 448 ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len); | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
449 |
| 8225 | 450 qc->token.len = pkt->token.len; |
| 451 qc->token.data = ngx_pnalloc(c->pool, qc->token.len); | |
| 452 if (qc->token.data == NULL) { | |
| 453 return NGX_ERROR; | |
| 454 } | |
| 455 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); | |
| 456 | |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
457 keys = &c->quic->keys[ssl_encryption_initial]; |
| 8225 | 458 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
459 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
460 &qc->dcid) |
| 8225 | 461 != NGX_OK) |
| 462 { | |
| 463 return NGX_ERROR; | |
| 464 } | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
465 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
466 pkt->secret = &keys->client; |
| 8225 | 467 pkt->level = ssl_encryption_initial; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
468 pkt->plaintext = buf; |
| 8225 | 469 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
470 if (ngx_quic_decrypt(pkt, NULL) != NGX_OK) { |
| 8225 | 471 return NGX_ERROR; |
| 472 } | |
| 473 | |
| 474 if (ngx_quic_init_connection(c) != NGX_OK) { | |
| 475 return NGX_ERROR; | |
| 476 } | |
| 477 | |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
478 if (ngx_quic_payload_handler(c, pkt) != NGX_OK) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
479 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
480 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
481 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
482 /* pos is at header end, adjust by actual packet length */ |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
483 pkt->raw->pos += pkt->len; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
484 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
485 return ngx_quic_input(c, pkt->raw); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
486 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
487 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
488 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
489 static ngx_int_t |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
490 ngx_quic_init_connection(ngx_connection_t *c) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
491 { |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
492 int n, sslerr; |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
493 u_char *p; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
494 ssize_t len; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
495 ngx_ssl_conn_t *ssl_conn; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
496 ngx_quic_connection_t *qc; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
497 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
498 qc = c->quic; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
499 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
500 if (ngx_ssl_create_connection(qc->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
501 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
502 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
503 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
504 ssl_conn = c->ssl->connection; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
505 |
|
8232
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
506 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
507 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
508 "SSL_set_quic_method() failed"); |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
509 return NGX_ERROR; |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
510 } |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
511 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
512 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
513 if (SSL_CTX_get_max_early_data(qc->ssl->ctx)) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
514 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
515 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
516 #endif |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
517 |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
518 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp); |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
519 /* always succeeds */ |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
520 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
521 p = ngx_pnalloc(c->pool, len); |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
522 if (p == NULL) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
523 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
524 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
525 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
526 len = ngx_quic_create_transport_params(p, p + len, &qc->tp); |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
527 if (len < 0) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
528 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
529 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
530 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
531 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
532 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
533 "SSL_set_quic_transport_params() failed"); |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
534 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
535 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
536 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
537 qc->state = NGX_QUIC_ST_HANDSHAKE; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
538 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
539 n = SSL_do_handshake(ssl_conn); |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
540 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
541 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
542 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
543 if (n == -1) { |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
544 sslerr = SSL_get_error(ssl_conn, n); |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
545 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
546 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
547 sslerr); |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
548 |
|
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
549 if (sslerr != SSL_ERROR_WANT_READ) { |
|
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
550 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
551 return NGX_ERROR; |
|
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
552 } |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
553 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
554 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
555 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
556 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
557 (int) SSL_quic_read_level(ssl_conn), |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
558 (int) SSL_quic_write_level(ssl_conn)); |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
559 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
560 return NGX_OK; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
561 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
562 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
563 |
| 8225 | 564 static void |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
565 ngx_quic_input_handler(ngx_event_t *rev) |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
566 { |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
567 ssize_t n; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
568 ngx_buf_t b; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
569 ngx_connection_t *c; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
570 ngx_quic_connection_t *qc; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
571 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
572 |
| 8225 | 573 b.start = buf; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
574 b.end = buf + sizeof(buf); |
| 8225 | 575 b.pos = b.last = b.start; |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
576 |
| 8225 | 577 c = rev->data; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
578 qc = c->quic; |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
579 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
580 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler"); |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
581 |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
582 if (qc->closing) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
583 ngx_quic_close_connection(c); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
584 return; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
585 } |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
586 |
| 8225 | 587 if (rev->timedout) { |
| 588 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
| 589 ngx_quic_close_connection(c); | |
| 590 return; | |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
591 } |
|
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
592 |
| 8225 | 593 if (c->close) { |
| 594 ngx_quic_close_connection(c); | |
| 595 return; | |
| 596 } | |
|
8220
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8218
diff
changeset
|
597 |
| 8225 | 598 n = c->recv(c, b.start, b.end - b.start); |
| 8215 | 599 |
| 8225 | 600 if (n == NGX_AGAIN) { |
| 601 return; | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
602 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
603 |
| 8225 | 604 if (n == NGX_ERROR) { |
| 605 c->read->eof = 1; | |
| 606 ngx_quic_close_connection(c); | |
| 607 return; | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
608 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
609 |
| 8225 | 610 b.last += n; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
611 |
| 8225 | 612 if (ngx_quic_input(c, &b) != NGX_OK) { |
| 613 ngx_quic_close_connection(c); | |
| 614 return; | |
| 615 } | |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
616 |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
617 qc->send_timer_set = 0; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
618 ngx_add_timer(rev, qc->tp.max_idle_timeout); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
619 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
620 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
621 |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
622 static void |
| 8225 | 623 ngx_quic_close_connection(ngx_connection_t *c) |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
624 { |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
625 #if (NGX_DEBUG) |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
626 ngx_uint_t ns; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
627 #endif |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
628 ngx_pool_t *pool; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
629 ngx_event_t *rev; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
630 ngx_rbtree_t *tree; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
631 ngx_rbtree_node_t *node; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
632 ngx_quic_stream_t *qs; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
633 ngx_quic_connection_t *qc; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
634 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
635 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "close quic connection"); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
636 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
637 qc = c->quic; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
638 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
639 if (qc) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
640 tree = &qc->streams.tree; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
641 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
642 if (tree->root != tree->sentinel) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
643 if (c->read->timer_set) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
644 ngx_del_timer(c->read); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
645 } |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
646 |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
647 #if (NGX_DEBUG) |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
648 ns = 0; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
649 #endif |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
650 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
651 for (node = ngx_rbtree_min(tree->root, tree->sentinel); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
652 node; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
653 node = ngx_rbtree_next(tree, node)) |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
654 { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
655 qs = (ngx_quic_stream_t *) node; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
656 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
657 rev = qs->c->read; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
658 rev->ready = 1; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
659 rev->pending_eof = 1; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
660 |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
661 ngx_post_event(rev, &ngx_posted_events); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
662 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
663 #if (NGX_DEBUG) |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
664 ns++; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
665 #endif |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
666 } |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
667 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
668 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
669 "quic connection has %ui active streams", ns); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
670 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
671 qc->closing = 1; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
672 return; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
673 } |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
674 } |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
675 |
| 8225 | 676 if (c->ssl) { |
| 677 (void) ngx_ssl_shutdown(c); | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
678 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
679 |
| 8225 | 680 #if (NGX_STAT_STUB) |
| 681 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
| 682 #endif | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
683 |
| 8225 | 684 c->destroyed = 1; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
685 |
| 8225 | 686 pool = c->pool; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
687 |
| 8225 | 688 ngx_close_connection(c); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
689 |
| 8225 | 690 ngx_destroy_pool(pool); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
691 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
692 |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
693 |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
694 static ngx_int_t |
| 8225 | 695 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b) |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
696 { |
| 8225 | 697 u_char *p; |
| 698 ngx_int_t rc; | |
| 699 ngx_quic_header_t pkt; | |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
700 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
701 p = b->pos; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
702 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
703 while (p < b->last) { |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
704 c->log->action = "processing quic packet"; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
705 |
| 8225 | 706 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
| 707 pkt.raw = b; | |
| 708 pkt.data = p; | |
| 709 pkt.len = b->last - p; | |
| 710 pkt.log = c->log; | |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
711 pkt.flags = p[0]; |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
712 |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
713 if (pkt.flags == 0) { |
| 8225 | 714 /* XXX: no idea WTF is this, just ignore */ |
| 715 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES"); | |
| 716 break; | |
| 717 } | |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
718 |
| 8225 | 719 // TODO: check current state |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
720 if (ngx_quic_long_pkt(pkt.flags)) { |
| 8225 | 721 |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
722 if (ngx_quic_pkt_in(pkt.flags)) { |
| 8225 | 723 rc = ngx_quic_initial_input(c, &pkt); |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
724 |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
725 } else if (ngx_quic_pkt_hs(pkt.flags)) { |
| 8225 | 726 rc = ngx_quic_handshake_input(c, &pkt); |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
727 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
728 } else if (ngx_quic_pkt_zrtt(pkt.flags)) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
729 rc = ngx_quic_early_input(c, &pkt); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
730 |
| 8225 | 731 } else { |
| 732 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 733 "BUG: unknown quic state"); | |
| 734 return NGX_ERROR; | |
| 735 } | |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
736 |
| 8225 | 737 } else { |
| 738 rc = ngx_quic_app_input(c, &pkt); | |
| 739 } | |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
740 |
|
8267
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
8266
diff
changeset
|
741 if (rc != NGX_OK) { |
|
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
8266
diff
changeset
|
742 return rc; |
| 8225 | 743 } |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
744 |
| 8225 | 745 /* b->pos is at header end, adjust by actual packet length */ |
| 746 p = b->pos + pkt.len; | |
| 747 b->pos = p; /* reset b->pos to the next packet start */ | |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
748 } |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
749 |
| 8225 | 750 return NGX_OK; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
751 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
752 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
753 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
754 static ngx_int_t |
| 8223 | 755 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 756 { | |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
757 ngx_ssl_conn_t *ssl_conn; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
758 ngx_quic_secrets_t *keys; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
759 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
| 8223 | 760 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
761 c->log->action = "processing initial quic packet"; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
762 |
| 8223 | 763 ssl_conn = c->ssl->connection; |
| 764 | |
|
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8223
diff
changeset
|
765 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
| 8223 | 766 return NGX_ERROR; |
| 767 } | |
| 768 | |
|
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8223
diff
changeset
|
769 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
| 8223 | 770 return NGX_ERROR; |
| 771 } | |
| 772 | |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
773 keys = &c->quic->keys[ssl_encryption_initial]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
774 |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
775 pkt->secret = &keys->client; |
| 8223 | 776 pkt->level = ssl_encryption_initial; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
777 pkt->plaintext = buf; |
| 8223 | 778 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
779 if (ngx_quic_decrypt(pkt, ssl_conn) != NGX_OK) { |
| 8223 | 780 return NGX_ERROR; |
| 781 } | |
| 782 | |
| 783 return ngx_quic_payload_handler(c, pkt); | |
| 784 } | |
| 785 | |
| 786 | |
| 787 static ngx_int_t | |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
788 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
789 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
790 ngx_quic_secrets_t *keys; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
791 ngx_quic_connection_t *qc; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
792 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
793 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
794 c->log->action = "processing handshake quic packet"; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
795 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
796 qc = c->quic; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
797 |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
798 /* extract cleartext data into pkt */ |
|
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8223
diff
changeset
|
799 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
800 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
801 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
802 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
803 if (pkt->dcid.len != qc->dcid.len) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
804 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl"); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
805 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
806 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
807 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
808 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
809 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid"); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
810 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
811 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
812 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
813 if (pkt->scid.len != qc->scid.len) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
814 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl"); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
815 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
816 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
817 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
818 if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
819 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid"); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
820 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
821 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
822 |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
823 if (!ngx_quic_pkt_hs(pkt->flags)) { |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
824 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
825 "invalid packet type: 0x%xi", pkt->flags); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
826 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
827 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
828 |
|
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8223
diff
changeset
|
829 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
830 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
831 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
832 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
833 keys = &c->quic->keys[ssl_encryption_handshake]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
834 |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
835 pkt->secret = &keys->client; |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
836 pkt->level = ssl_encryption_handshake; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
837 pkt->plaintext = buf; |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
838 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
839 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
840 return NGX_ERROR; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
841 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
842 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
843 return ngx_quic_payload_handler(c, pkt); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
844 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
845 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
846 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
847 static ngx_int_t |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
848 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
849 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
850 ngx_quic_secrets_t *keys; |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
851 ngx_quic_connection_t *qc; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
852 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
853 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
854 c->log->action = "processing early data quic packet"; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
855 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
856 qc = c->quic; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
857 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
858 /* extract cleartext data into pkt */ |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
859 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
860 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
861 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
862 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
863 if (pkt->dcid.len != qc->dcid.len) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
864 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl"); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
865 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
866 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
867 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
868 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
869 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid"); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
870 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
871 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
872 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
873 if (pkt->scid.len != qc->scid.len) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
874 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl"); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
875 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
876 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
877 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
878 if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
879 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid"); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
880 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
881 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
882 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
883 if (!ngx_quic_pkt_zrtt(pkt->flags)) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
884 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
885 "invalid packet type: 0x%xi", pkt->flags); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
886 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
887 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
888 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
889 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
890 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
891 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
892 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
893 if (c->quic->state != NGX_QUIC_ST_EARLY_DATA) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
894 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected 0-RTT packet"); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
895 return NGX_OK; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
896 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
897 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
898 keys = &c->quic->keys[ssl_encryption_early_data]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
899 |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
900 pkt->secret = &keys->client; |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
901 pkt->level = ssl_encryption_early_data; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
902 pkt->plaintext = buf; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
903 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
904 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
905 return NGX_ERROR; |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
906 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
907 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
908 return ngx_quic_payload_handler(c, pkt); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
909 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
910 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
911 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
912 static ngx_int_t |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
913 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
914 { |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
915 ngx_quic_secrets_t *keys; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
916 ngx_quic_connection_t *qc; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
917 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
918 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
919 c->log->action = "processing application data quic packet"; |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
920 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
921 qc = c->quic; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
922 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
923 keys = &c->quic->keys[ssl_encryption_application]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
924 |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
925 if (keys->client.key.len == 0) { |
| 8223 | 926 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 927 "no read keys yet, packet ignored"); | |
| 928 return NGX_DECLINED; | |
| 929 } | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
930 |
|
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8223
diff
changeset
|
931 if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) { |
|
8185
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8184
diff
changeset
|
932 return NGX_ERROR; |
|
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8184
diff
changeset
|
933 } |
|
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8184
diff
changeset
|
934 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
935 pkt->secret = &keys->client; |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
936 pkt->level = ssl_encryption_application; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
937 pkt->plaintext = buf; |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
938 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8286
diff
changeset
|
939 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
940 return NGX_ERROR; |
|
8185
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8184
diff
changeset
|
941 } |
|
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8184
diff
changeset
|
942 |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
943 return ngx_quic_payload_handler(c, pkt); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
944 } |
| 8171 | 945 |
| 946 | |
| 8225 | 947 static ngx_int_t |
| 948 ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt) | |
| 949 { | |
| 950 u_char *end, *p; | |
| 951 ssize_t len; | |
| 952 ngx_uint_t ack_this, do_close; | |
| 953 ngx_quic_frame_t frame, *ack_frame; | |
| 954 ngx_quic_connection_t *qc; | |
| 955 | |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
956 |
| 8225 | 957 qc = c->quic; |
| 958 | |
| 959 p = pkt->payload.data; | |
| 960 end = p + pkt->payload.len; | |
| 961 | |
| 962 ack_this = 0; | |
| 963 do_close = 0; | |
| 964 | |
| 965 while (p < end) { | |
| 966 | |
| 8275 | 967 c->log->action = "parsing frames"; |
| 968 | |
|
8240
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
8239
diff
changeset
|
969 len = ngx_quic_parse_frame(pkt, p, end, &frame); |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
970 |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
971 if (len == NGX_DECLINED) { |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
972 /* TODO: handle protocol violation: |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
973 * such frame not allowed in this packet |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
974 */ |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
975 return NGX_ERROR; |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
976 } |
|
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
977 |
| 8225 | 978 if (len < 0) { |
| 979 return NGX_ERROR; | |
| 980 } | |
| 981 | |
| 8275 | 982 c->log->action = "handling frames"; |
| 983 | |
| 8225 | 984 p += len; |
| 985 | |
| 986 switch (frame.type) { | |
| 987 | |
| 988 case NGX_QUIC_FT_ACK: | |
| 989 if (ngx_quic_handle_ack_frame(c, pkt, &frame.u.ack) != NGX_OK) { | |
| 990 return NGX_ERROR; | |
| 991 } | |
| 992 | |
| 993 break; | |
| 994 | |
| 995 case NGX_QUIC_FT_CRYPTO: | |
| 996 | |
| 997 if (ngx_quic_handle_crypto_frame(c, pkt, &frame.u.crypto) | |
| 998 != NGX_OK) | |
| 999 { | |
| 1000 return NGX_ERROR; | |
| 1001 } | |
| 1002 | |
| 1003 ack_this = 1; | |
| 1004 break; | |
| 1005 | |
| 1006 case NGX_QUIC_FT_PADDING: | |
| 1007 break; | |
| 1008 | |
| 1009 case NGX_QUIC_FT_PING: | |
| 1010 ack_this = 1; | |
| 1011 break; | |
| 1012 | |
| 1013 case NGX_QUIC_FT_NEW_CONNECTION_ID: | |
| 1014 ack_this = 1; | |
| 1015 break; | |
| 1016 | |
| 1017 case NGX_QUIC_FT_CONNECTION_CLOSE: | |
|
8258
80d7144b1c38
Closing connection on NGX_QUIC_FT_CONNECTION_CLOSE.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8252
diff
changeset
|
1018 case NGX_QUIC_FT_CONNECTION_CLOSE2: |
| 8225 | 1019 |
| 1020 do_close = 1; | |
| 1021 break; | |
| 1022 | |
| 1023 case NGX_QUIC_FT_STREAM0: | |
| 1024 case NGX_QUIC_FT_STREAM1: | |
| 1025 case NGX_QUIC_FT_STREAM2: | |
| 1026 case NGX_QUIC_FT_STREAM3: | |
| 1027 case NGX_QUIC_FT_STREAM4: | |
| 1028 case NGX_QUIC_FT_STREAM5: | |
| 1029 case NGX_QUIC_FT_STREAM6: | |
| 1030 case NGX_QUIC_FT_STREAM7: | |
| 1031 | |
| 1032 if (ngx_quic_handle_stream_frame(c, pkt, &frame.u.stream) | |
| 1033 != NGX_OK) | |
| 1034 { | |
| 1035 return NGX_ERROR; | |
| 1036 } | |
| 1037 | |
| 1038 ack_this = 1; | |
| 1039 break; | |
| 1040 | |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1041 case NGX_QUIC_FT_MAX_DATA: |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1042 c->quic->max_data = frame.u.max_data.max_data; |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1043 ack_this = 1; |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1044 break; |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1045 |
|
8231
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1046 case NGX_QUIC_FT_RESET_STREAM: |
|
8240
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
8239
diff
changeset
|
1047 /* TODO: handle */ |
|
8231
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1048 break; |
|
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1049 |
|
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1050 case NGX_QUIC_FT_STOP_SENDING: |
|
8240
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
8239
diff
changeset
|
1051 /* TODO: handle; need ack ? */ |
|
8231
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1052 break; |
|
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
8229
diff
changeset
|
1053 |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1054 case NGX_QUIC_FT_STREAMS_BLOCKED: |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1055 case NGX_QUIC_FT_STREAMS_BLOCKED2: |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1056 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1057 if (ngx_quic_handle_streams_blocked_frame(c, pkt, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1058 &frame.u.streams_blocked) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1059 != NGX_OK) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1060 { |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1061 return NGX_ERROR; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1062 } |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1063 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1064 ack_this = 1; |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1065 break; |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1066 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1067 case NGX_QUIC_FT_STREAM_DATA_BLOCKED: |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1068 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1069 if (ngx_quic_handle_stream_data_blocked_frame(c, pkt, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1070 &frame.u.stream_data_blocked) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1071 != NGX_OK) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1072 { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1073 return NGX_ERROR; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1074 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1075 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1076 ack_this = 1; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1077 break; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1078 |
| 8225 | 1079 default: |
| 1080 return NGX_ERROR; | |
| 1081 } | |
| 1082 } | |
| 1083 | |
| 1084 if (p != end) { | |
| 1085 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 1086 "trailing garbage in payload: %ui bytes", end - p); | |
| 1087 return NGX_ERROR; | |
| 1088 } | |
| 1089 | |
| 1090 if (do_close) { | |
|
8267
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
8266
diff
changeset
|
1091 return NGX_DONE; |
| 8225 | 1092 } |
| 1093 | |
| 1094 if (ack_this == 0) { | |
| 1095 /* do not ack packets with ACKs and PADDING */ | |
| 1096 return NGX_OK; | |
| 1097 } | |
| 1098 | |
| 8275 | 1099 c->log->action = "generating acknowledgment"; |
| 1100 | |
| 8225 | 1101 // packet processed, ACK it now if required |
| 1102 // TODO: if (ack_required) ... - currently just ack each packet | |
| 1103 | |
| 8286 | 1104 ack_frame = ngx_quic_alloc_frame(c, 0); |
| 8225 | 1105 if (ack_frame == NULL) { |
| 1106 return NGX_ERROR; | |
| 1107 } | |
| 1108 | |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1109 ack_frame->level = pkt->level; |
| 8225 | 1110 ack_frame->type = NGX_QUIC_FT_ACK; |
| 1111 ack_frame->u.ack.pn = pkt->pn; | |
| 1112 | |
| 1113 ngx_sprintf(ack_frame->info, "ACK for PN=%d from frame handler level=%d", pkt->pn, pkt->level); | |
| 1114 ngx_quic_queue_frame(qc, ack_frame); | |
| 1115 | |
| 1116 return ngx_quic_output(c); | |
| 1117 } | |
| 1118 | |
| 1119 | |
| 1120 static ngx_int_t | |
| 1121 ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
| 1122 ngx_quic_ack_frame_t *f) | |
| 1123 { | |
| 1124 /* TODO: handle ACK here */ | |
| 1125 return NGX_OK; | |
| 1126 } | |
| 1127 | |
| 1128 | |
| 1129 static ngx_int_t | |
| 1130 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
| 1131 ngx_quic_crypto_frame_t *f) | |
| 1132 { | |
|
8273
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1133 int sslerr; |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1134 ssize_t n; |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1135 ngx_ssl_conn_t *ssl_conn; |
| 8225 | 1136 |
| 1137 if (f->offset != 0x0) { | |
| 1138 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 1139 "crypto frame with non-zero offset"); | |
| 1140 // TODO: add support for crypto frames spanning packets | |
| 1141 return NGX_ERROR; | |
| 1142 } | |
| 1143 | |
| 1144 ssl_conn = c->ssl->connection; | |
| 1145 | |
| 1146 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 1147 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
| 1148 (int) SSL_quic_read_level(ssl_conn), | |
| 1149 (int) SSL_quic_write_level(ssl_conn)); | |
| 1150 | |
| 1151 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), | |
| 1152 f->data, f->len)) | |
| 1153 { | |
| 1154 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
| 1155 "SSL_provide_quic_data() failed"); | |
| 1156 return NGX_ERROR; | |
| 1157 } | |
| 1158 | |
| 1159 n = SSL_do_handshake(ssl_conn); | |
| 1160 | |
| 1161 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
| 1162 | |
| 1163 if (n == -1) { | |
| 1164 sslerr = SSL_get_error(ssl_conn, n); | |
| 1165 | |
| 1166 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
| 1167 sslerr); | |
| 1168 | |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
1169 if (sslerr != SSL_ERROR_WANT_READ) { |
| 8225 | 1170 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
1171 return NGX_ERROR; |
| 8225 | 1172 } |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1173 |
|
8302
76818c9cdd6f
Sending HANDSHAKE_DONE just once with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8301
diff
changeset
|
1174 } else if (n == 1 && !SSL_in_init(ssl_conn)) { |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1175 c->quic->state = NGX_QUIC_ST_APPLICATION; |
| 8225 | 1176 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1177 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8299 | 1178 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); |
| 8225 | 1179 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1180 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8299 | 1181 "handshake completed successfully"); |
|
8273
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1182 |
|
8274
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1183 #if (NGX_QUIC_DRAFT_VERSION >= 27) |
|
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1184 { |
|
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1185 ngx_quic_frame_t *frame; |
|
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1186 |
| 8286 | 1187 frame = ngx_quic_alloc_frame(c, 0); |
|
8273
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1188 if (frame == NULL) { |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1189 return NGX_ERROR; |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1190 } |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1191 |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1192 /* 12.4 Frames and frame types, figure 8 */ |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1193 frame->level = ssl_encryption_application; |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1194 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1195 ngx_sprintf(frame->info, "HANDSHAKE DONE on handshake completed"); |
|
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8272
diff
changeset
|
1196 ngx_quic_queue_frame(c->quic, frame); |
|
8274
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1197 } |
|
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
8273
diff
changeset
|
1198 #endif |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1199 } |
|
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1200 |
| 8225 | 1201 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1202 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
| 1203 (int) SSL_quic_read_level(ssl_conn), | |
| 1204 (int) SSL_quic_write_level(ssl_conn)); | |
| 1205 | |
| 1206 return NGX_OK; | |
| 1207 } | |
| 1208 | |
| 1209 | |
| 1210 static ngx_int_t | |
| 1211 ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
| 1212 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *f) | |
| 1213 { | |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1214 size_t n; |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1215 ngx_buf_t *b; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1216 ngx_event_t *rev; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1217 ngx_quic_stream_t *sn; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1218 ngx_quic_connection_t *qc; |
| 8225 | 1219 |
| 1220 qc = c->quic; | |
| 1221 | |
| 1222 sn = ngx_quic_find_stream(&qc->streams.tree, f->stream_id); | |
| 1223 | |
| 1224 if (sn) { | |
| 1225 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "existing stream"); | |
| 1226 b = sn->b; | |
| 1227 | |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1228 if ((size_t) ((b->pos - b->start) + (b->end - b->last)) < f->length) { |
| 8225 | 1229 ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer"); |
| 1230 return NGX_ERROR; | |
| 1231 } | |
| 1232 | |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1233 if ((size_t) (b->end - b->last) < f->length) { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1234 b->last = ngx_movemem(b->start, b->pos, b->last - b->pos); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1235 b->pos = b->start; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1236 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1237 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1238 b->last = ngx_cpymem(b->last, f->data, f->length); |
| 8225 | 1239 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1240 rev = sn->c->read; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1241 rev->ready = 1; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1242 |
|
8279
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1243 if (f->fin) { |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1244 rev->pending_eof = 1; |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1245 } |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1246 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1247 if (rev->active) { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1248 rev->handler(rev); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1249 } |
| 8225 | 1250 |
| 1251 return NGX_OK; | |
| 1252 } | |
| 1253 | |
| 1254 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "stream is new"); | |
| 1255 | |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1256 n = (f->stream_id & NGX_QUIC_STREAM_UNIDIRECTIONAL) |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1257 ? qc->tp.initial_max_stream_data_uni |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1258 : qc->tp.initial_max_stream_data_bidi_remote; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1259 |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1260 if (n < NGX_QUIC_STREAM_BUFSIZE) { |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1261 n = NGX_QUIC_STREAM_BUFSIZE; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1262 } |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1263 |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1264 if (n < f->length) { |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1265 ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer"); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1266 return NGX_ERROR; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1267 } |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1268 |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1269 sn = ngx_quic_create_stream(c, f->stream_id, n); |
| 8225 | 1270 if (sn == NULL) { |
| 1271 return NGX_ERROR; | |
| 1272 } | |
| 1273 | |
| 1274 b = sn->b; | |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1275 b->last = ngx_cpymem(b->last, f->data, f->length); |
| 8225 | 1276 |
|
8294
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1277 rev = sn->c->read; |
|
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1278 rev->ready = 1; |
|
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1279 |
|
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1280 if (f->fin) { |
|
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1281 rev->pending_eof = 1; |
|
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1282 } |
| 8225 | 1283 |
| 1284 qc->streams.handler(sn->c); | |
| 1285 | |
| 1286 return NGX_OK; | |
| 1287 } | |
| 1288 | |
| 1289 | |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1290 static ngx_int_t |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1291 ngx_quic_handle_streams_blocked_frame(ngx_connection_t *c, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1292 ngx_quic_header_t *pkt, ngx_quic_streams_blocked_frame_t *f) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1293 { |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1294 ngx_quic_frame_t *frame; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1295 |
| 8286 | 1296 frame = ngx_quic_alloc_frame(c, 0); |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1297 if (frame == NULL) { |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1298 return NGX_ERROR; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1299 } |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1300 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1301 frame->level = pkt->level; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1302 frame->type = NGX_QUIC_FT_MAX_STREAMS; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1303 frame->u.max_streams.limit = f->limit * 2; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1304 frame->u.max_streams.bidi = f->bidi; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1305 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1306 ngx_sprintf(frame->info, "MAX_STREAMS limit:%d bidi:%d level=%d", |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1307 (int) frame->u.max_streams.limit, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1308 (int) frame->u.max_streams.bidi, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1309 frame->level); |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1310 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1311 ngx_quic_queue_frame(c->quic, frame); |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1312 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1313 return NGX_OK; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1314 } |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1315 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1316 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1317 static ngx_int_t |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1318 ngx_quic_handle_stream_data_blocked_frame(ngx_connection_t *c, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1319 ngx_quic_header_t *pkt, ngx_quic_stream_data_blocked_frame_t *f) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1320 { |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1321 size_t n; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1322 ngx_buf_t *b; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1323 ngx_quic_frame_t *frame; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1324 ngx_quic_stream_t *sn; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1325 ngx_quic_connection_t *qc; |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1326 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1327 qc = c->quic; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1328 sn = ngx_quic_find_stream(&qc->streams.tree, f->id); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1329 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1330 if (sn == NULL) { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1331 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unknown stream id:%uL", f->id); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1332 return NGX_ERROR; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1333 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1334 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1335 b = sn->b; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1336 n = (b->pos - b->start) + (b->end - b->last); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1337 |
| 8286 | 1338 frame = ngx_quic_alloc_frame(c, 0); |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1339 if (frame == NULL) { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1340 return NGX_ERROR; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1341 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1342 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1343 frame->level = pkt->level; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1344 frame->type = NGX_QUIC_FT_MAX_STREAM_DATA; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1345 frame->u.max_stream_data.id = f->id; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1346 frame->u.max_stream_data.limit = n; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1347 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1348 ngx_sprintf(frame->info, "MAX_STREAM_DATA id:%d limit:%d level=%d", |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1349 (int) frame->u.max_stream_data.id, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1350 (int) frame->u.max_stream_data.limit, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1351 frame->level); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1352 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1353 ngx_quic_queue_frame(c->quic, frame); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1354 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1355 return NGX_OK; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1356 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1357 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1358 |
| 8225 | 1359 static void |
| 1360 ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame) | |
| 1361 { | |
|
8270
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
8267
diff
changeset
|
1362 ngx_quic_frame_t **f; |
| 8225 | 1363 |
|
8270
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
8267
diff
changeset
|
1364 for (f = &qc->frames; *f; f = &(*f)->next) { |
|
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
8267
diff
changeset
|
1365 if ((*f)->level > frame->level) { |
| 8225 | 1366 break; |
| 1367 } | |
| 1368 } | |
| 1369 | |
|
8270
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
8267
diff
changeset
|
1370 frame->next = *f; |
|
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
8267
diff
changeset
|
1371 *f = frame; |
| 8225 | 1372 } |
| 1373 | |
| 1374 | |
| 1375 static ngx_int_t | |
| 1376 ngx_quic_output(ngx_connection_t *c) | |
| 1377 { | |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1378 size_t len, hlen, n; |
| 8225 | 1379 ngx_uint_t lvl; |
| 8286 | 1380 ngx_quic_frame_t *f, *start, *next; |
| 8225 | 1381 ngx_quic_connection_t *qc; |
| 1382 | |
| 1383 qc = c->quic; | |
| 1384 | |
| 1385 if (qc->frames == NULL) { | |
| 1386 return NGX_OK; | |
| 1387 } | |
| 1388 | |
| 8275 | 1389 c->log->action = "sending frames"; |
| 1390 | |
| 8225 | 1391 lvl = qc->frames->level; |
| 1392 start = qc->frames; | |
| 1393 f = start; | |
| 1394 | |
| 1395 do { | |
| 1396 len = 0; | |
| 1397 | |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1398 hlen = (lvl == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1399 : NGX_QUIC_MAX_LONG_HEADER; |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1400 hlen += EVP_GCM_TLS_TAG_LEN; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1401 |
| 8225 | 1402 do { |
| 1403 /* process same-level group of frames */ | |
| 1404 | |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1405 n = ngx_quic_create_frame(NULL, NULL, f); |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1406 |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1407 if (len && hlen + len + n > qc->ctp.max_packet_size) { |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1408 break; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1409 } |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1410 |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
1411 len += n; |
| 8225 | 1412 |
| 1413 f = f->next; | |
| 1414 } while (f && f->level == lvl); | |
| 1415 | |
| 1416 | |
| 1417 if (ngx_quic_frames_send(c, start, f, len) != NGX_OK) { | |
| 1418 return NGX_ERROR; | |
| 1419 } | |
| 1420 | |
| 8286 | 1421 while (start != f) { |
| 1422 next = start->next; | |
| 1423 ngx_quic_free_frame(c, start); | |
| 1424 start = next; | |
| 1425 } | |
| 1426 | |
| 8225 | 1427 if (f == NULL) { |
| 1428 break; | |
| 1429 } | |
| 1430 | |
| 1431 lvl = f->level; // TODO: must not decrease (ever, also between calls) | |
| 1432 | |
| 1433 } while (1); | |
| 1434 | |
| 1435 qc->frames = NULL; | |
| 1436 | |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1437 if (!qc->send_timer_set) { |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1438 qc->send_timer_set = 1; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1439 ngx_add_timer(c->read, qc->tp.max_idle_timeout); |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1440 } |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1441 |
| 8225 | 1442 return NGX_OK; |
| 1443 } | |
| 1444 | |
| 1445 | |
| 1446 /* pack a group of frames [start; end) into memory p and send as single packet */ | |
| 1447 ngx_int_t | |
| 1448 ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
| 1449 ngx_quic_frame_t *end, size_t total) | |
| 1450 { | |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1451 ssize_t len; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1452 u_char *p; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1453 ngx_str_t out, res; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1454 ngx_quic_frame_t *f; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1455 ngx_quic_header_t pkt; |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1456 ngx_quic_secrets_t *keys; |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1457 ngx_quic_connection_t *qc; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1458 static ngx_str_t initial_token = ngx_null_string; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1459 static u_char src[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1460 static u_char dst[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
| 8225 | 1461 |
| 1462 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 1463 "sending frames %p...%p", start, end); | |
| 1464 | |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1465 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
| 8225 | 1466 |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1467 p = src; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1468 out.data = src; |
| 8225 | 1469 |
| 1470 for (f = start; f != end; f = f->next) { | |
| 1471 | |
| 1472 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "frame: %s", f->info); | |
| 1473 | |
| 1474 len = ngx_quic_create_frame(p, p + total, f); | |
| 1475 if (len == -1) { | |
| 1476 return NGX_ERROR; | |
| 1477 } | |
| 1478 | |
| 1479 p += len; | |
| 1480 } | |
| 1481 | |
| 1482 out.len = p - out.data; | |
| 1483 | |
|
8301
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8300
diff
changeset
|
1484 while (out.len < 4) { |
|
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8300
diff
changeset
|
1485 *p++ = NGX_QUIC_FT_PADDING; |
|
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8300
diff
changeset
|
1486 out.len++; |
|
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8300
diff
changeset
|
1487 } |
|
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8300
diff
changeset
|
1488 |
| 8225 | 1489 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1490 "packet ready: %ui bytes at level %d", | |
| 1491 out.len, start->level); | |
| 1492 | |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1493 qc = c->quic; |
| 8225 | 1494 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1495 keys = &c->quic->keys[start->level]; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1496 |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1497 pkt.secret = &keys->server; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8305
diff
changeset
|
1498 |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1499 if (start->level == ssl_encryption_initial) { |
| 8225 | 1500 pkt.number = &qc->initial_pn; |
| 1501 pkt.flags = NGX_QUIC_PKT_INITIAL; | |
| 1502 pkt.token = initial_token; | |
| 1503 | |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1504 } else if (start->level == ssl_encryption_handshake) { |
| 8225 | 1505 pkt.number = &qc->handshake_pn; |
| 1506 pkt.flags = NGX_QUIC_PKT_HANDSHAKE; | |
| 1507 | |
| 1508 } else { | |
| 1509 pkt.number = &qc->appdata_pn; | |
| 1510 } | |
| 1511 | |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1512 pkt.log = c->log; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1513 pkt.level = start->level; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1514 pkt.dcid = qc->dcid; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1515 pkt.scid = qc->scid; |
|
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1516 pkt.payload = out; |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8284
diff
changeset
|
1517 |
|
8289
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
8288
diff
changeset
|
1518 res.data = dst; |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8284
diff
changeset
|
1519 |
|
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8284
diff
changeset
|
1520 if (ngx_quic_encrypt(&pkt, c->ssl->connection, &res) != NGX_OK) { |
| 8225 | 1521 return NGX_ERROR; |
| 1522 } | |
| 1523 | |
| 1524 ngx_quic_hexdump0(c->log, "packet to send", res.data, res.len); | |
| 1525 | |
| 1526 c->send(c, res.data, res.len); // TODO: err handling | |
| 1527 | |
| 1528 (*pkt.number)++; | |
| 1529 | |
| 1530 return NGX_OK; | |
| 1531 } | |
| 1532 | |
| 1533 | |
| 1534 ngx_connection_t * | |
| 1535 ngx_quic_create_uni_stream(ngx_connection_t *c) | |
| 1536 { | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1537 ngx_uint_t id; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1538 ngx_quic_stream_t *qs, *sn; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1539 ngx_quic_connection_t *qc; |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1540 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1541 qs = c->qs; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1542 qc = qs->parent->quic; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1543 |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1544 id = (qc->streams.id_counter << 2) |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1545 | NGX_QUIC_STREAM_SERVER_INITIATED |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1546 | NGX_QUIC_STREAM_UNIDIRECTIONAL; |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1547 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1548 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1549 "creating server uni stream #%ui id %ui", |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1550 qc->streams.id_counter, id); |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1551 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1552 qc->streams.id_counter++; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1553 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1554 sn = ngx_quic_create_stream(qs->parent, id, 0); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1555 if (sn == NULL) { |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1556 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1557 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1558 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1559 return sn->c; |
| 8225 | 1560 } |
| 1561 | |
| 1562 | |
| 1563 static void | |
| 1564 ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
| 1565 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel) | |
| 1566 { | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1567 ngx_rbtree_node_t **p; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1568 ngx_quic_stream_t *qn, *qnt; |
| 8225 | 1569 |
| 1570 for ( ;; ) { | |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1571 qn = (ngx_quic_stream_t *) node; |
|
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1572 qnt = (ngx_quic_stream_t *) temp; |
| 8225 | 1573 |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1574 p = (qn->id < qnt->id) ? &temp->left : &temp->right; |
| 8225 | 1575 |
| 1576 if (*p == sentinel) { | |
| 1577 break; | |
| 1578 } | |
| 1579 | |
| 1580 temp = *p; | |
| 1581 } | |
| 1582 | |
| 1583 *p = node; | |
| 1584 node->parent = temp; | |
| 1585 node->left = sentinel; | |
| 1586 node->right = sentinel; | |
| 1587 ngx_rbt_red(node); | |
| 1588 } | |
| 1589 | |
| 1590 | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1591 static ngx_quic_stream_t * |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1592 ngx_quic_find_stream(ngx_rbtree_t *rbtree, uint64_t id) |
| 8225 | 1593 { |
| 1594 ngx_rbtree_node_t *node, *sentinel; | |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1595 ngx_quic_stream_t *qn; |
| 8225 | 1596 |
| 1597 node = rbtree->root; | |
| 1598 sentinel = rbtree->sentinel; | |
| 1599 | |
| 1600 while (node != sentinel) { | |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1601 qn = (ngx_quic_stream_t *) node; |
| 8225 | 1602 |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1603 if (id == qn->id) { |
|
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1604 return qn; |
| 8225 | 1605 } |
| 1606 | |
|
8284
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
8282
diff
changeset
|
1607 node = (id < qn->id) ? node->left : node->right; |
| 8225 | 1608 } |
| 1609 | |
| 1610 return NULL; | |
| 1611 } | |
| 1612 | |
| 1613 | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1614 static ngx_quic_stream_t * |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1615 ngx_quic_create_stream(ngx_connection_t *c, uint64_t id, size_t rcvbuf_size) |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1616 { |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1617 ngx_log_t *log; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1618 ngx_pool_t *pool; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1619 ngx_quic_stream_t *sn; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1620 ngx_pool_cleanup_t *cln; |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1621 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1622 pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, c->log); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1623 if (pool == NULL) { |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1624 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1625 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1626 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1627 sn = ngx_pcalloc(pool, sizeof(ngx_quic_stream_t)); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1628 if (sn == NULL) { |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1629 ngx_destroy_pool(pool); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1630 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1631 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1632 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1633 sn->node.key = id; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1634 sn->parent = c; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1635 sn->id = id; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1636 |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1637 sn->b = ngx_create_temp_buf(pool, rcvbuf_size); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1638 if (sn->b == NULL) { |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1639 ngx_destroy_pool(pool); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1640 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1641 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1642 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1643 log = ngx_palloc(pool, sizeof(ngx_log_t)); |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1644 if (log == NULL) { |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1645 ngx_destroy_pool(pool); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1646 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1647 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1648 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1649 *log = *c->log; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1650 pool->log = log; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1651 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1652 sn->c = ngx_get_connection(-1, log); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1653 if (sn->c == NULL) { |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1654 ngx_destroy_pool(pool); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1655 return NULL; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1656 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1657 |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1658 sn->c->qs = sn; |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1659 sn->c->pool = pool; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1660 sn->c->ssl = c->ssl; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1661 sn->c->sockaddr = c->sockaddr; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1662 sn->c->listening = c->listening; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1663 sn->c->addr_text = c->addr_text; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1664 sn->c->local_sockaddr = c->local_sockaddr; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1665 sn->c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1); |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1666 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1667 sn->c->recv = ngx_quic_stream_recv; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1668 sn->c->send = ngx_quic_stream_send; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1669 sn->c->send_chain = ngx_quic_stream_send_chain; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1670 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1671 sn->c->read->log = c->log; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1672 sn->c->write->log = c->log; |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1673 |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1674 cln = ngx_pool_cleanup_add(pool, 0); |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1675 if (cln == NULL) { |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1676 ngx_close_connection(sn->c); |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1677 ngx_destroy_pool(pool); |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1678 return NULL; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1679 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1680 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1681 cln->handler = ngx_quic_stream_cleanup_handler; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1682 cln->data = sn->c; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1683 |
|
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1684 ngx_rbtree_insert(&c->quic->streams.tree, &sn->node); |
|
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8281
diff
changeset
|
1685 |
|
8229
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1686 return sn; |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1687 } |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1688 |
|
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
8225
diff
changeset
|
1689 |
| 8225 | 1690 static ssize_t |
| 1691 ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, size_t size) | |
| 1692 { | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1693 ssize_t len; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1694 ngx_buf_t *b; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1695 ngx_event_t *rev; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1696 ngx_quic_stream_t *qs; |
| 8225 | 1697 |
| 1698 qs = c->qs; | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1699 b = qs->b; |
|
8279
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1700 rev = c->read; |
| 8225 | 1701 |
|
8279
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1702 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1703 "quic recv: eof:%d, avail:%z", |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1704 rev->pending_eof, b->last - b->pos); |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1705 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1706 if (b->pos == b->last) { |
|
8279
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1707 rev->ready = 0; |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1708 |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1709 if (rev->pending_eof) { |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1710 rev->eof = 1; |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1711 return 0; |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1712 } |
|
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1713 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1714 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic recv() not ready"); |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1715 return NGX_AGAIN; |
| 8225 | 1716 } |
| 1717 | |
| 1718 len = ngx_min(b->last - b->pos, (ssize_t) size); | |
| 1719 | |
| 1720 ngx_memcpy(buf, b->pos, len); | |
| 1721 | |
| 1722 b->pos += len; | |
| 1723 | |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1724 if (b->pos == b->last) { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1725 b->pos = b->start; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1726 b->last = b->start; |
|
8294
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
8293
diff
changeset
|
1727 rev->ready = rev->pending_eof; |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1728 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1729 |
| 8225 | 1730 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8279
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8278
diff
changeset
|
1731 "quic recv: %z of %uz", len, size); |
| 8225 | 1732 |
| 1733 return len; | |
| 1734 } | |
| 1735 | |
| 1736 | |
| 1737 static ssize_t | |
| 1738 ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, size_t size) | |
| 1739 { | |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1740 ngx_connection_t *pc; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1741 ngx_quic_frame_t *frame; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1742 ngx_quic_stream_t *qs; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1743 ngx_quic_connection_t *qc; |
| 8225 | 1744 |
| 1745 qs = c->qs; | |
| 1746 pc = qs->parent; | |
| 1747 qc = pc->quic; | |
| 1748 | |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1749 if (qc->closing) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1750 return NGX_ERROR; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1751 } |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1752 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1753 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send: %uz", size); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1754 |
| 8286 | 1755 frame = ngx_quic_alloc_frame(pc, size); |
| 8225 | 1756 if (frame == NULL) { |
| 1757 return 0; | |
| 1758 } | |
| 1759 | |
| 8286 | 1760 ngx_memcpy(frame->data, buf, size); |
| 8225 | 1761 |
| 1762 frame->level = ssl_encryption_application; | |
| 1763 frame->type = NGX_QUIC_FT_STREAM6; /* OFF=1 LEN=1 FIN=0 */ | |
| 1764 frame->u.stream.off = 1; | |
| 1765 frame->u.stream.len = 1; | |
| 1766 frame->u.stream.fin = 0; | |
| 1767 | |
| 1768 frame->u.stream.type = frame->type; | |
| 1769 frame->u.stream.stream_id = qs->id; | |
| 1770 frame->u.stream.offset = c->sent; | |
| 1771 frame->u.stream.length = size; | |
| 8286 | 1772 frame->u.stream.data = frame->data; |
| 8225 | 1773 |
| 1774 c->sent += size; | |
| 1775 | |
| 1776 ngx_sprintf(frame->info, "stream %xi len=%ui level=%d", | |
| 1777 qs->id, size, frame->level); | |
| 1778 | |
| 1779 ngx_quic_queue_frame(qc, frame); | |
| 1780 | |
|
8293
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
8290
diff
changeset
|
1781 ngx_quic_output(pc); |
|
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
8290
diff
changeset
|
1782 |
| 8225 | 1783 return size; |
| 1784 } | |
| 1785 | |
| 1786 | |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1787 static void |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1788 ngx_quic_stream_cleanup_handler(void *data) |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1789 { |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1790 ngx_connection_t *c = data; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1791 |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1792 ngx_connection_t *pc; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1793 ngx_quic_frame_t *frame; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1794 ngx_quic_stream_t *qs; |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1795 ngx_quic_connection_t *qc; |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1796 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1797 qs = c->qs; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1798 pc = qs->parent; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1799 qc = pc->quic; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1800 |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1801 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic stream cleanup"); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1802 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1803 ngx_rbtree_delete(&qc->streams.tree, &qs->node); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1804 |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1805 if (qc->closing) { |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1806 ngx_post_event(pc->read, &ngx_posted_events); |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1807 return; |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1808 } |
|
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1809 |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1810 if ((qs->id & 0x03) == NGX_QUIC_STREAM_UNIDIRECTIONAL) { |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1811 /* do not send fin for client unidirectional streams */ |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1812 return; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1813 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1814 |
|
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8279
diff
changeset
|
1815 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send fin"); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1816 |
| 8286 | 1817 frame = ngx_quic_alloc_frame(pc, 0); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1818 if (frame == NULL) { |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1819 return; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1820 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1821 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1822 frame->level = ssl_encryption_application; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1823 frame->type = NGX_QUIC_FT_STREAM7; /* OFF=1 LEN=1 FIN=1 */ |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1824 frame->u.stream.off = 1; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1825 frame->u.stream.len = 1; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1826 frame->u.stream.fin = 1; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1827 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1828 frame->u.stream.type = frame->type; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1829 frame->u.stream.stream_id = qs->id; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1830 frame->u.stream.offset = c->sent; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1831 frame->u.stream.length = 0; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1832 frame->u.stream.data = NULL; |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1833 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1834 ngx_sprintf(frame->info, "stream %xi fin=1 level=%d", qs->id, frame->level); |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1835 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1836 ngx_quic_queue_frame(qc, frame); |
|
8293
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
8290
diff
changeset
|
1837 |
|
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
8290
diff
changeset
|
1838 (void) ngx_quic_output(pc); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1839 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1840 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1841 |
| 8225 | 1842 static ngx_chain_t * |
| 1843 ngx_quic_stream_send_chain(ngx_connection_t *c, ngx_chain_t *in, | |
| 1844 off_t limit) | |
| 1845 { | |
| 1846 size_t len; | |
| 1847 ssize_t n; | |
| 1848 ngx_buf_t *b; | |
| 1849 | |
| 1850 for ( /* void */; in; in = in->next) { | |
| 1851 b = in->buf; | |
| 1852 | |
| 1853 if (!ngx_buf_in_memory(b)) { | |
| 1854 continue; | |
| 1855 } | |
| 1856 | |
| 1857 if (ngx_buf_size(b) == 0) { | |
| 1858 continue; | |
| 1859 } | |
| 1860 | |
| 1861 len = b->last - b->pos; | |
| 1862 | |
| 1863 n = ngx_quic_stream_send(c, b->pos, len); | |
| 1864 | |
| 1865 if (n == NGX_ERROR) { | |
| 1866 return NGX_CHAIN_ERROR; | |
| 1867 } | |
| 1868 | |
| 1869 if (n == NGX_AGAIN) { | |
| 1870 return in; | |
| 1871 } | |
| 1872 | |
| 1873 if (n != (ssize_t) len) { | |
| 1874 b->pos += n; | |
| 1875 return in; | |
| 1876 } | |
| 1877 } | |
| 1878 | |
| 1879 return NULL; | |
| 1880 } | |
| 8286 | 1881 |
| 1882 | |
| 1883 static ngx_quic_frame_t * | |
| 1884 ngx_quic_alloc_frame(ngx_connection_t *c, size_t size) | |
| 1885 { | |
| 1886 u_char *p; | |
| 1887 ngx_quic_frame_t *frame; | |
| 1888 ngx_quic_connection_t *qc; | |
| 1889 | |
| 1890 if (size) { | |
| 1891 p = ngx_alloc(size, c->log); | |
| 1892 if (p == NULL) { | |
| 1893 return NULL; | |
| 1894 } | |
| 1895 | |
| 1896 } else { | |
| 1897 p = NULL; | |
| 1898 } | |
| 1899 | |
| 1900 qc = c->quic; | |
| 1901 frame = qc->free_frames; | |
| 1902 | |
| 1903 if (frame) { | |
| 1904 qc->free_frames = frame->next; | |
| 1905 | |
| 1906 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 1907 "reuse quic frame n:%ui", qc->nframes); | |
| 1908 | |
| 1909 } else { | |
| 1910 frame = ngx_pcalloc(c->pool, sizeof(ngx_quic_frame_t)); | |
| 1911 if (frame == NULL) { | |
| 1912 ngx_free(p); | |
| 1913 return NULL; | |
| 1914 } | |
| 1915 | |
| 1916 #if (NGX_DEBUG) | |
| 1917 ++qc->nframes; | |
| 1918 #endif | |
| 1919 | |
| 1920 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 1921 "alloc quic frame n:%ui", qc->nframes); | |
| 1922 } | |
| 1923 | |
| 1924 ngx_memzero(frame, sizeof(ngx_quic_frame_t)); | |
| 1925 | |
| 1926 frame->data = p; | |
| 1927 | |
| 1928 return frame; | |
| 1929 } | |
| 1930 | |
| 1931 | |
| 1932 static void | |
| 1933 ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame) | |
| 1934 { | |
| 1935 ngx_quic_connection_t *qc; | |
| 1936 | |
| 1937 qc = c->quic; | |
| 1938 | |
| 1939 if (frame->data) { | |
| 1940 ngx_free(frame->data); | |
| 1941 } | |
| 1942 | |
| 1943 frame->next = qc->free_frames; | |
| 1944 qc->free_frames = frame; | |
| 1945 | |
| 1946 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 1947 "free quic frame n:%ui", qc->nframes); | |
| 1948 } |