Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_bpf_code.c @ 8913:40445fc7c403 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: fixed migration during NAT rebinding. The RFC 9000 allows a packet from known CID arrive from unknown path: These requirements regarding connection ID reuse apply only to the sending of packets, as unintentional changes in path without a change in connection ID are possible. For example, after a period of network inactivity, NAT rebinding might cause packets to be sent on a new path when the client resumes sending. Before the patch, such packets were rejected with an error in the ngx_quic_check_migration() function. Removing the check makes the separate function excessive - remaining checks are early migration check and "disable_active_migration" check. The latter is a transport parameter sent to client and it should not be used by server. The server should send "disable_active_migration" "if the endpoint does not support active connection migration" (18.2). The support status depends on nginx configuration: to have migration working with multiple workers, you need bpf helper, available on recent Linux systems. The patch does not set "disable_active_migration" automatically and leaves it for the administrator. By default, active migration is enabled. RFC 900 says that it is ok to migrate if the peer violates "disable_active_migration" flag requirements: If the peer violates this requirement, the endpoint MUST either drop the incoming packets on that path without generating a Stateless Reset OR proceed with path validation and allow the peer to migrate. Generating a Stateless Reset or closing the connection would allow third parties in the network to cause connections to close by spoofing or otherwise manipulating observed traffic. So, nginx adheres to the second option and proceeds to path validation. Note: The ngtcp2 may be used for testing both active migration and NAT rebinding: ngtcp2/client --change-local-addr=200ms --delay-stream=500ms <ip> <port> <url> ngtcp2/client --change-local-addr=200ms --delay-stream=500ms --nat-rebinding \ <ip> <port> <url>
author Vladimir Homutov <vl@nginx.com>
date Mon, 29 Nov 2021 11:51:14 +0300
parents 6d1488b62dc5
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1 /* AUTO-GENERATED, DO NOT EDIT. */
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 #include <stddef.h>
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 #include <stdint.h>
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6 #include "ngx_bpf.h"
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9 static ngx_bpf_reloc_t bpf_reloc_prog_ngx_quic_reuseport_helper[] = {
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
10 { "ngx_quic_sockmap", 55 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
11 };
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
12
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
13 static struct bpf_insn bpf_insn_prog_ngx_quic_reuseport_helper[] = {
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
14 /* opcode dst src offset imm */
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
15 { 0x79, BPF_REG_4, BPF_REG_1, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
16 { 0x79, BPF_REG_3, BPF_REG_1, (int16_t) 8, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
17 { 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
18 { 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x8 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
19 { 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 54, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
20 { 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
21 { 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x9 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
22 { 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 51, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
23 { 0xb7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x14 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
24 { 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x9 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
25 { 0x71, BPF_REG_6, BPF_REG_2, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
26 { 0x67, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
27 { 0xc7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
28 { 0x65, BPF_REG_6, BPF_REG_0, (int16_t) 10, 0xffffffff },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
29 { 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
30 { 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0xd },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
31 { 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 42, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
32 { 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
33 { 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0xe },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
34 { 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 39, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
35 { 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0xe },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
36 { 0x71, BPF_REG_5, BPF_REG_2, (int16_t) 0, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
37 { 0xb7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x8 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
38 { 0x2d, BPF_REG_6, BPF_REG_5, (int16_t) 35, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
39 { 0xf, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
40 { 0xf, BPF_REG_4, BPF_REG_5, (int16_t) 0, 0x0 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
41 { 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 32, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
42 { 0xbf, BPF_REG_4, BPF_REG_2, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
43 { 0x7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x9 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
44 { 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 29, 0x0 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
45 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 1, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
46 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x38 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
47 { 0x71, BPF_REG_3, BPF_REG_2, (int16_t) 2, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
48 { 0x67, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0x30 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
49 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
50 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 3, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
51 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x28 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
52 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
53 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 4, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
54 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x20 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
55 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
56 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 5, 0x0 },
8721
85e60c064728 QUIC: bpf code regenerated.
Vladimir Homutov <vl@nginx.com>
parents: 8676
diff changeset
57 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x18 },
8676
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
58 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
59 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 6, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
60 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x10 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
61 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
62 { 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 7, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
63 { 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x8 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
64 { 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
65 { 0x71, BPF_REG_2, BPF_REG_2, (int16_t) 8, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
66 { 0x4f, BPF_REG_3, BPF_REG_2, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
67 { 0x7b, BPF_REG_10, BPF_REG_3, (int16_t) 65528, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
68 { 0xbf, BPF_REG_3, BPF_REG_10, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
69 { 0x7, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0xfffffff8 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
70 { 0x18, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
71 { 0x0, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
72 { 0xb7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
73 { 0x85, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x52 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74 { 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x1 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
75 { 0x95, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
76 };
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
77
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
78
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
79 ngx_bpf_program_t ngx_quic_reuseport_helper = {
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
80 .relocs = bpf_reloc_prog_ngx_quic_reuseport_helper,
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
81 .nrelocs = sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper)
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
82 / sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper[0]),
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
83 .ins = bpf_insn_prog_ngx_quic_reuseport_helper,
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
84 .nins = sizeof(bpf_insn_prog_ngx_quic_reuseport_helper)
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
85 / sizeof(bpf_insn_prog_ngx_quic_reuseport_helper[0]),
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
86 .license = "BSD",
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
87 .type = BPF_PROG_TYPE_SK_REUSEPORT,
7df607cb2d11 QUIC: ngx_quic_bpf module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
88 };