nginx: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_migration.c @ 8971:1e2f4e9c8195 quic

QUIC: reworked migration handling. The quic connection now holds active, backup and probe paths instead of sockets. The number of migration paths is now limited and cannot be inflated by a bad client or an attacker. The client id is now associated with path rather than socket. This allows to simplify processing of output and connection ids handling. New migration abandons any previously started migrations. This allows to free consumed client ids and request new for use in future migrations and make progress in case when connection id limit is hit during migration. A path now can be revalidated without losing its state. The patch also fixes various issues with NAT rebinding case handling: - paths are now validated (previously, there was no validation and paths were left in limited state) - attempt to reuse id on different path is now again verified (this was broken in 40445fc7c403) - former path is now validated in case of apparent migration

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 19 Jan 2022 22:39:24 +0300
parents	b7284807b4fa
children	077a1e403446

rev	line source
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10 #include <ngx_event_quic_connection.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	13 static void ngx_quic_set_connection_path(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	14 ngx_quic_path_t *path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	15 static ngx_int_t ngx_quic_validate_path(ngx_connection_t *c,
8944 b7284807b4fa QUIC: refactored ngx_quic_validate_path(). Vladimir Homutov <vl@nginx.com> parents: 8943 diff changeset	16 ngx_quic_path_t *path);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	17 static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	18 ngx_quic_path_t *path);
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	19 static ngx_quic_path_t ngx_quic_get_path(ngx_connection_t c, ngx_uint_t tag);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	20
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	21
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 ngx_int_t
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	24 ngx_quic_header_t pkt, ngx_quic_path_challenge_frame_t f)
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	26 ngx_quic_frame_t frame, *fp;
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27 ngx_quic_connection_t *qc;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 qc = ngx_quic_get_connection(c);
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
8933 02a9ad88e2df QUIC: added missing frame initialization. Vladimir Homutov <vl@nginx.com> parents: 8932 diff changeset	31 ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
02a9ad88e2df QUIC: added missing frame initialization. Vladimir Homutov <vl@nginx.com> parents: 8932 diff changeset	32
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	33 frame.level = ssl_encryption_application;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	34 frame.type = NGX_QUIC_FT_PATH_RESPONSE;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	35 frame.u.path_response = *f;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	36
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	37 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	38 * RFC 9000, 8.2.2. Path Validation Responses
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	39 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	40 * A PATH_RESPONSE frame MUST be sent on the network path where the
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	41 * PATH_CHALLENGE frame was received.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	42 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	43
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	44 /*
8901 a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	45 * An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	46 * to at least the smallest allowed maximum datagram size of 1200 bytes.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	47 */
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	48 if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) != NGX_OK) {
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49 return NGX_ERROR;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	50 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	51
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	52 if (pkt->path == qc->path) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	53 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	54 * RFC 9000, 9.3.3. Off-Path Packet Forwarding
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	55 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	56 * An endpoint that receives a PATH_CHALLENGE on an active path SHOULD
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	57 * send a non-probing packet in response.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	58 */
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	60 fp = ngx_quic_alloc_frame(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	61 if (fp == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	62 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	63 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	64
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	65 fp->level = ssl_encryption_application;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	66 fp->type = NGX_QUIC_FT_PING;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	67
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	68 ngx_quic_queue_frame(qc, fp);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	69 }
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 return NGX_OK;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	72 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	73
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	74
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 ngx_int_t
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 ngx_quic_handle_path_response_frame(ngx_connection_t *c,
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	77 ngx_quic_path_challenge_frame_t *f)
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78 {
8943 118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	79 ngx_uint_t rst;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	80 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	81 ngx_quic_path_t path, prev;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	82 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	83
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	84 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	85
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	86 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	87 * RFC 9000, 8.2.3. Successful Path Validation
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	88 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	89 * A PATH_RESPONSE frame received on any network path validates the path
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	90 * on which the PATH_CHALLENGE was sent.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	91 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	92
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	93 for (q = ngx_queue_head(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	94 q != ngx_queue_sentinel(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	95 q = ngx_queue_next(q))
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	96 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	97 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	98
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	99 if (!path->validating) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	100 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	101 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	102
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	103 if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	104 \|\| ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	105 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	106 goto valid;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	107 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	108 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	109
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	110 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	111 "quic stale PATH_RESPONSE ignored");
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	112
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	113 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	114
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	115 valid:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	116
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	117 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	118 * RFC 9000, 9.4. Loss Detection and Congestion Control
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	119 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	120 * On confirming a peer's ownership of its new address,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	121 * an endpoint MUST immediately reset the congestion controller
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	122 * and round-trip time estimator for the new path to initial values
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	123 * unless the only change in the peer's address is its port number.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	124 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	125
8943 118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	126 rst = 1;
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	127
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	128 prev = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	129
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	130 if (prev != NULL) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	131
8943 118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	132 if (ngx_cmp_sockaddr(prev->sockaddr, prev->socklen,
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	133 path->sockaddr, path->socklen, 0)
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	134 == NGX_OK)
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	135 {
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	136 /* address did not change */
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	137 rst = 0;
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	138 }
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	139 }
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	140
118a34e32121 QUIC: added missing check for backup path existence. Vladimir Homutov <vl@nginx.com> parents: 8940 diff changeset	141 if (rst) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	142 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	143
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	144 qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	145 ngx_max(2 * qc->tp.max_udp_payload_size,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	146 14720));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	147 qc->congestion.ssthresh = (size_t) -1;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	148 qc->congestion.recovery_start = ngx_current_msec;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	149 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	150
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	151 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	152 * RFC 9000, 9.3. Responding to Connection Migration
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	153 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	154 * After verifying a new client address, the server SHOULD
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	155 * send new address validation tokens (Section 8) to the client.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	156 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	157
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	158 if (ngx_quic_send_new_token(c, path) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	159 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	160 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	161
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	162 ngx_log_error(NGX_LOG_INFO, c->log, 0,
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	163 "quic path #%uL addr:%V successfully validated",
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	164 path->seqnum, &path->addr_text);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	165
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	166 ngx_quic_path_dbg(c, "is validated", path);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	167
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	168 path->validated = 1;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	169 path->validating = 0;
8940 fb41e37ddeb0 QUIC: decoupled path state and limitation status. Vladimir Homutov <vl@nginx.com> parents: 8939 diff changeset	170 path->limited = 0;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	171
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	172 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	173 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	174
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	175
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	176 ngx_quic_path_t *
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	177 ngx_quic_new_path(ngx_connection_t *c,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	178 struct sockaddr sockaddr, socklen_t socklen, ngx_quic_client_id_t cid)
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	179 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	180 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	181 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	182 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	183
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	184 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	185
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	186 if (!ngx_queue_empty(&qc->free_paths)) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	187
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	188 q = ngx_queue_head(&qc->free_paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	189 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	190
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	191 ngx_queue_remove(&path->queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	192
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	193 ngx_memzero(path, sizeof(ngx_quic_path_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	194
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	195 } else {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	196
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	197 path = ngx_pcalloc(c->pool, sizeof(ngx_quic_path_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	198 if (path == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	199 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	200 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	201 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	202
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	203 ngx_queue_insert_tail(&qc->paths, &path->queue);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	204
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	205 path->cid = cid;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	206 cid->used = 1;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	207
8940 fb41e37ddeb0 QUIC: decoupled path state and limitation status. Vladimir Homutov <vl@nginx.com> parents: 8939 diff changeset	208 path->limited = 1;
fb41e37ddeb0 QUIC: decoupled path state and limitation status. Vladimir Homutov <vl@nginx.com> parents: 8939 diff changeset	209
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	210 path->seqnum = qc->path_seqnum++;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	211
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	212 path->sockaddr = &path->sa.sockaddr;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	213 path->socklen = socklen;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	214 ngx_memcpy(path->sockaddr, sockaddr, socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	215
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	216 path->addr_text.data = path->text;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	217 path->addr_text.len = ngx_sock_ntop(sockaddr, socklen, path->text,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	218 NGX_SOCKADDR_STRLEN, 1);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	219
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	220 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	221 "quic path #%uL created addr:%V",
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	222 path->seqnum, &path->addr_text);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	223 return path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	224 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	225
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	226
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	227 static ngx_quic_path_t *
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	228 ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag)
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	229 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	230 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	231 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	232 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	233
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	234 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	235
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	236 for (q = ngx_queue_head(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	237 q != ngx_queue_sentinel(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	238 q = ngx_queue_next(q))
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	239 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	240 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	241
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	242 if (path->tag == tag) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	243 return path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	244 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	245 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	246
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	247 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	248 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	249
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	250
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	251 ngx_int_t
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	252 ngx_quic_set_path(ngx_connection_t c, ngx_quic_header_t pkt)
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	253 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	254 off_t len;
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	255 ngx_queue_t *q;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	256 ngx_quic_path_t path, probe;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	257 ngx_quic_socket_t *qsock;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	258 ngx_quic_client_id_t *cid;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	259 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	260
8939 ddd5e5c0f87d QUIC: improved path validation. Vladimir Homutov <vl@nginx.com> parents: 8933 diff changeset	261 qc = ngx_quic_get_connection(c);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	262 qsock = ngx_quic_get_socket(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	263
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	264 len = pkt->raw->last - pkt->raw->start;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	265
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	266 if (c->udp->dgram == NULL) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	267 /* first ever packet in connection, path already exists */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	268 path = qc->path;
8913 40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	269 goto update;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	270 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	271
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	272 probe = NULL;
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	273
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	274 for (q = ngx_queue_head(&qc->paths);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	275 q != ngx_queue_sentinel(&qc->paths);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	276 q = ngx_queue_next(q))
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	277 {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	278 path = ngx_queue_data(q, ngx_quic_path_t, queue);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	279
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	280 if (ngx_cmp_sockaddr(c->udp->dgram->sockaddr, c->udp->dgram->socklen,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	281 path->sockaddr, path->socklen, 1)
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	282 == NGX_OK)
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	283 {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	284 goto update;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	285 }
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	286
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	287 if (path->tag == NGX_QUIC_PATH_PROBE) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	288 probe = path;
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	289 }
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	290 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	291
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	292 /* packet from new path, drop current probe, if any */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	293
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	294 if (probe && ngx_quic_free_path(c, probe) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	295 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	296 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	297
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	298 /* new path requires new client id */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	299 cid = ngx_quic_next_client_id(c);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	300 if (cid == NULL) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	301 ngx_log_error(NGX_LOG_ERR, c->log, 0,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	302 "quic no available client ids for new path");
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	303 /* stop processing of this datagram */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	304 return NGX_DONE;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	305 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	306
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	307 path = ngx_quic_new_path(c, c->udp->dgram->sockaddr,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	308 c->udp->dgram->socklen, cid);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	309 if (path == NULL) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	310 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	311 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	312
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	313 path->tag = NGX_QUIC_PATH_PROBE;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	314
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	315 /*
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	316 * client arrived using new path and previously seen DCID,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	317 * this indicates NAT rebinding (or bad client)
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	318 */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	319 if (qsock->used) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	320 pkt->rebound = 1;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	321 }
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	322
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	323 update:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	324
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	325 qsock->used = 1;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	326 pkt->path = path;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	327
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	328 /* TODO: this may be too late in some cases;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	329 * for example, if error happens during decrypt(), we cannot
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	330 * send CC, if error happens in 1st packet, due to amplification
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	331 * limit, because path->received = 0
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	332 *
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	333 * should we account garbage as received or only decrypting packets?
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	334 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	335 path->received += len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	336
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	337 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	338 "quic packet len:%O via sock#%uL path#%uL",
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	339 len, qsock->sid.seqnum, path->seqnum);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	340 ngx_quic_path_dbg(c, "status", path);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	341
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	342 return NGX_OK;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	343 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	344
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	345
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	346 ngx_int_t
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	347 ngx_quic_free_path(ngx_connection_t c, ngx_quic_path_t path)
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	348 {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	349 ngx_quic_connection_t *qc;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	350
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	351 qc = ngx_quic_get_connection(c);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	352
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	353 ngx_queue_remove(&path->queue);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	354 ngx_queue_insert_head(&qc->free_paths, &path->queue);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	355
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	356 /*
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	357 * invalidate CID that is no longer usable for any other path;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	358 * this also requests new CIDs from client
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	359 */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	360 if (path->cid) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	361 if (ngx_quic_free_client_id(c, path->cid) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	362 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	363 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	364 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	365
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	366 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	367 "quic path #%uL addr:%V retired",
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	368 path->seqnum, &path->addr_text);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	369
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	370 return NGX_OK;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	373
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	374 static void
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	375 ngx_quic_set_connection_path(ngx_connection_t c, ngx_quic_path_t path)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	376 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	377 size_t len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	378
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	379 ngx_memcpy(c->sockaddr, path->sockaddr, path->socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	380 c->socklen = path->socklen;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	381
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	382 if (c->addr_text.data) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	383 len = ngx_min(c->addr_text.len, path->addr_text.len);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	384
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	385 ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	386 c->addr_text.len = len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	387 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	388
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	389 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	390 "quic send path set to #%uL addr:%V",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	391 path->seqnum, &path->addr_text);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	392 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	393
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	394
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	395 ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	396 ngx_quic_handle_migration(ngx_connection_t c, ngx_quic_header_t pkt)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	397 {
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	398 ngx_quic_path_t next, bkp;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	399 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	400 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	401
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	402 /* got non-probing packet via non-active path */
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	403
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	404 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	405
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	406 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	407
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	408 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	409 * RFC 9000, 9.3. Responding to Connection Migration
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	410 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	411 * An endpoint only changes the address to which it sends packets in
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	412 * response to the highest-numbered non-probing packet.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	413 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	414 if (pkt->pn != ctx->largest_pn) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	415 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	416 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	417
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	418 next = pkt->path;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	419
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	420 /*
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	421 * RFC 9000, 9.3.3:
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	422 *
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	423 * In response to an apparent migration, endpoints MUST validate the
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	424 * previously active path using a PATH_CHALLENGE frame.
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	425 */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	426 if (pkt->rebound) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	427
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	428 /* NAT rebinding: client uses new path with old SID */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	429 if (ngx_quic_validate_path(c, qc->path) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	430 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	431 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	432 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	433
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	434 if (qc->path->validated) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	435
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	436 if (next->tag != NGX_QUIC_PATH_BACKUP) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	437 /* can delete backup path, if any */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	438 bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	439
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	440 if (bkp && ngx_quic_free_path(c, bkp) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	441 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	442 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	443 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	444
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	445 qc->path->tag = NGX_QUIC_PATH_BACKUP;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	446 ngx_quic_path_dbg(c, "is now backup", qc->path);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	447
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	448 } else {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	449 if (ngx_quic_free_path(c, qc->path) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	450 return NGX_ERROR;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	451 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	452 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	453
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	454 /* switch active path to migrated */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	455 qc->path = next;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	456 qc->path->tag = NGX_QUIC_PATH_ACTIVE;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	457
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	458 ngx_quic_set_connection_path(c, next);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	459
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	460 if (!next->validated && !next->validating) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	461 if (ngx_quic_validate_path(c, next) != NGX_OK) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	462 return NGX_ERROR;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	463 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	464 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	465
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	466 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	467 "quic migrated to path#%uL addr:%V",
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	468 qc->path->seqnum, &qc->path->addr_text);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	469
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	470 ngx_quic_path_dbg(c, "is now active", qc->path);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	471
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	472 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	473 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	474
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	475
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	476 static ngx_int_t
8944 b7284807b4fa QUIC: refactored ngx_quic_validate_path(). Vladimir Homutov <vl@nginx.com> parents: 8943 diff changeset	477 ngx_quic_validate_path(ngx_connection_t c, ngx_quic_path_t path)
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	478 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	479 ngx_msec_t pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	480 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	481 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	482
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	483 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	484
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	485 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	486 "quic initiated validation of path #%uL", path->seqnum);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	487
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	488 path->validating = 1;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	489
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	490 if (RAND_bytes(path->challenge1, 8) != 1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	491 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	492 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	493
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	494 if (RAND_bytes(path->challenge2, 8) != 1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	495 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	496 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	497
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	498 if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	499 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	500 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	501
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	502 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	503 pto = ngx_quic_pto(c, ctx);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	504
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	505 path->expires = ngx_current_msec + pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	506 path->tries = NGX_QUIC_PATH_RETRIES;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	507
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	508 if (!qc->path_validation.timer_set) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	509 ngx_add_timer(&qc->path_validation, pto);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	510 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	511
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	512 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	513 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	514
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	515
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	516 static ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	517 ngx_quic_send_path_challenge(ngx_connection_t c, ngx_quic_path_t path)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	518 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	519 ngx_quic_frame_t frame;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	520
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	521 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	522 "quic path #%uL send path_challenge tries:%ui",
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	523 path->seqnum, path->tries);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	524
8933 02a9ad88e2df QUIC: added missing frame initialization. Vladimir Homutov <vl@nginx.com> parents: 8932 diff changeset	525 ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
02a9ad88e2df QUIC: added missing frame initialization. Vladimir Homutov <vl@nginx.com> parents: 8932 diff changeset	526
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	527 frame.level = ssl_encryption_application;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	528 frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	529
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	530 ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	531
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	532 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	533 * RFC 9000, 8.2.1. Initiating Path Validation
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	534 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	535 * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	536 * to at least the smallest allowed maximum datagram size of 1200 bytes,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	537 * unless the anti-amplification limit for the path does not permit
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	538 * sending a datagram of this size.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	539 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	540
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	541 /* same applies to PATH_RESPONSE frames */
8932 501f28679d56 QUIC: refactored ngx_quic_frame_sendto() function. Vladimir Homutov <vl@nginx.com> parents: 8917 diff changeset	542 if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	543 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	544 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	545
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	546 ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	547
8932 501f28679d56 QUIC: refactored ngx_quic_frame_sendto() function. Vladimir Homutov <vl@nginx.com> parents: 8917 diff changeset	548 if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	549 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	550 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	551
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	552 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	553 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	554
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	555
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	556 void
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	557 ngx_quic_path_validation_handler(ngx_event_t *ev)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	558 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	559 ngx_msec_t now;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	560 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	561 ngx_msec_int_t left, next, pto;
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	562 ngx_quic_path_t path, bkp;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	563 ngx_connection_t *c;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	564 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	565 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	566
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	567 c = ev->data;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	568 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	569
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	570 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	571 pto = ngx_quic_pto(c, ctx);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	572
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	573 next = -1;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	574 now = ngx_current_msec;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	575
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	576 q = ngx_queue_head(&qc->paths);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	577
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	578 while (q != ngx_queue_sentinel(&qc->paths)) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	579
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	580 path = ngx_queue_data(q, ngx_quic_path_t, queue);
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	581 q = ngx_queue_next(q);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	582
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	583 if (!path->validating) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	584 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	585 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	586
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	587 left = path->expires - now;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	588
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	589 if (left > 0) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	590
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	591 if (next == -1 \|\| left < next) {
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	592 next = left;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	593 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	594
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	595 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	596 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	597
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	598 if (--path->tries) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	599 path->expires = ngx_current_msec + pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	600
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	601 if (next == -1 \|\| pto < next) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	602 next = pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	603 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	604
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	605 /* retransmit */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	606 (void) ngx_quic_send_path_challenge(c, path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	607
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	608 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	609 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	610
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	611 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	612 "quic path #%uL validation failed", path->seqnum);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	613
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	614 /* found expired path */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	615
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	616 path->validated = 0;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	617 path->validating = 0;
8940 fb41e37ddeb0 QUIC: decoupled path state and limitation status. Vladimir Homutov <vl@nginx.com> parents: 8939 diff changeset	618 path->limited = 1;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	619
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	620
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	621 /* RFC 9000, 9.3.2. On-Path Address Spoofing
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	622 *
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	623 * To protect the connection from failing due to such a spurious
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	624 * migration, an endpoint MUST revert to using the last validated
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	625 * peer address when validation of a new peer address fails.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	626 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	627
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	628 if (qc->path == path) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	629 /* active path validation failed */
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	630
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	631 bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	632
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	633 if (bkp == NULL) {
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	634 qc->error = NGX_QUIC_ERR_NO_VIABLE_PATH;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	635 qc->error_reason = "no viable path";
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	636 ngx_quic_close_connection(c, NGX_ERROR);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	637 return;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	638 }
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	639
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	640 qc->path = bkp;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	641 qc->path->tag = NGX_QUIC_PATH_ACTIVE;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	642
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	643 ngx_quic_set_connection_path(c, qc->path);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	644
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	645 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	646 "quic path #%uL addr:%V is restored from backup",
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	647 qc->path->seqnum, &qc->path->addr_text);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	648
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	649 ngx_quic_path_dbg(c, "is active", qc->path);
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	650 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	651
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8944 diff changeset	652 if (ngx_quic_free_path(c, path) != NGX_OK) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	653 ngx_quic_close_connection(c, NGX_ERROR);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	654 return;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	655 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	656 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	657
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	658 if (next != -1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	659 ngx_add_timer(&qc->path_validation, next);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	660 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	661 }

Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_migration.c @ 8971:1e2f4e9c8195 quic