nginx: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_migration.c @ 8913:40445fc7c403 quic

QUIC: fixed migration during NAT rebinding. The RFC 9000 allows a packet from known CID arrive from unknown path: These requirements regarding connection ID reuse apply only to the sending of packets, as unintentional changes in path without a change in connection ID are possible. For example, after a period of network inactivity, NAT rebinding might cause packets to be sent on a new path when the client resumes sending. Before the patch, such packets were rejected with an error in the ngx_quic_check_migration() function. Removing the check makes the separate function excessive - remaining checks are early migration check and "disable_active_migration" check. The latter is a transport parameter sent to client and it should not be used by server. The server should send "disable_active_migration" "if the endpoint does not support active connection migration" (18.2). The support status depends on nginx configuration: to have migration working with multiple workers, you need bpf helper, available on recent Linux systems. The patch does not set "disable_active_migration" automatically and leaves it for the administrator. By default, active migration is enabled. RFC 900 says that it is ok to migrate if the peer violates "disable_active_migration" flag requirements: If the peer violates this requirement, the endpoint MUST either drop the incoming packets on that path without generating a Stateless Reset OR proceed with path validation and allow the peer to migrate. Generating a Stateless Reset or closing the connection would allow third parties in the network to cause connections to close by spoofing or otherwise manipulating observed traffic. So, nginx adheres to the second option and proceeds to path validation. Note: The ngtcp2 may be used for testing both active migration and NAT rebinding: ngtcp2/client --change-local-addr=200ms --delay-stream=500ms <ip> <port> <url> ngtcp2/client --change-local-addr=200ms --delay-stream=500ms --nat-rebinding \ <ip> <port> <url>

author	Vladimir Homutov <vl@nginx.com>
date	Mon, 29 Nov 2021 11:51:14 +0300
parents	50d73bf20e73
children	bb1d1d9d76e2

rev	line source
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10 #include <ngx_event_quic_connection.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	13 static void ngx_quic_set_connection_path(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	14 ngx_quic_path_t *path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	15 static ngx_int_t ngx_quic_validate_path(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	16 ngx_quic_socket_t *qsock);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	17 static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	18 ngx_quic_path_t *path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	19 static ngx_int_t ngx_quic_path_restore(ngx_connection_t *c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	20 static ngx_quic_path_t ngx_quic_alloc_path(ngx_connection_t c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	21
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	22
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 ngx_int_t
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	25 ngx_quic_path_challenge_frame_t *f)
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26 {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	27 off_t max, pad;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	28 ssize_t sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	29 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	30 ngx_quic_frame_t frame, *fp;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	31 ngx_quic_socket_t *qsock;
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 ngx_quic_connection_t *qc;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34 qc = ngx_quic_get_connection(c);
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	35
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	36 frame.level = ssl_encryption_application;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	37 frame.type = NGX_QUIC_FT_PATH_RESPONSE;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	38 frame.u.path_response = *f;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	39
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	40 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	41 * RFC 9000, 8.2.2. Path Validation Responses
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	42 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	43 * A PATH_RESPONSE frame MUST be sent on the network path where the
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	44 * PATH_CHALLENGE frame was received.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	45 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	46 qsock = ngx_quic_get_socket(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	47 path = qsock->path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	48
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	49 /*
8901 a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	50 * An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	51 * to at least the smallest allowed maximum datagram size of 1200 bytes.
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	52 * ...
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	53 * An endpoint MUST NOT expand the datagram containing the PATH_RESPONSE
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	54 * if the resulting data exceeds the anti-amplification limit.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	55 */
8901 a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	56 if (path->state != NGX_QUIC_PATH_VALIDATED) {
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	57 max = path->received * 3;
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	58 max = (path->sent >= max) ? 0 : max - path->sent;
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	59 pad = ngx_min(1200, max);
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	60
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	61 } else {
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	62 pad = 1200;
a951e0809044 QUIC: fixed PATH_RESPONSE frame expansion. Vladimir Homutov <vl@nginx.com> parents: 8822 diff changeset	63 }
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	64
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	65 sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen);
8822 ad046179eb91 QUIC: handle EAGAIN properly on UDP sockets. Vladimir Homutov <vl@nginx.com> parents: 8797 diff changeset	66 if (sent < 0) {
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67 return NGX_ERROR;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	70 path->sent += sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	71
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	72 if (qsock == qc->socket) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	73 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	74 * RFC 9000, 9.3.3. Off-Path Packet Forwarding
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	75 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	76 * An endpoint that receives a PATH_CHALLENGE on an active path SHOULD
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	77 * send a non-probing packet in response.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	78 */
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	80 fp = ngx_quic_alloc_frame(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	81 if (fp == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	82 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	83 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	84
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	85 fp->level = ssl_encryption_application;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	86 fp->type = NGX_QUIC_FT_PING;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	87
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	88 ngx_quic_queue_frame(qc, fp);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	89 }
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 return NGX_OK;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95 ngx_int_t
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96 ngx_quic_handle_path_response_frame(ngx_connection_t *c,
8778 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8777 diff changeset	97 ngx_quic_path_challenge_frame_t *f)
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	99 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	100 ngx_quic_path_t path, prev;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	101 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	102
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	103 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	104
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	105 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	106 * RFC 9000, 8.2.3. Successful Path Validation
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	107 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	108 * A PATH_RESPONSE frame received on any network path validates the path
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	109 * on which the PATH_CHALLENGE was sent.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	110 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	111
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	112 for (q = ngx_queue_head(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	113 q != ngx_queue_sentinel(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	114 q = ngx_queue_next(q))
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	115 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	116 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	117
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	118 if (path->state != NGX_QUIC_PATH_VALIDATING) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	119 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	120 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	121
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	122 if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	123 \|\| ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	124 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	125 goto valid;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	126 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	127 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	128
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	129 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	130 "quic stale PATH_RESPONSE ignored");
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	131
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	132 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	133
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	134 valid:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	135
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	136 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	137 * RFC 9000, 9.4. Loss Detection and Congestion Control
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	138 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	139 * On confirming a peer's ownership of its new address,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	140 * an endpoint MUST immediately reset the congestion controller
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	141 * and round-trip time estimator for the new path to initial values
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	142 * unless the only change in the peer's address is its port number.
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	143 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	144
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	145 prev = qc->backup->path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	146
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	147 if (ngx_cmp_sockaddr(prev->sockaddr, prev->socklen,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	148 path->sockaddr, path->socklen, 0)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	149 != NGX_OK)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	150 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	151 /* address has changed */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	152 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	153
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	154 qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	155 ngx_max(2 * qc->tp.max_udp_payload_size,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	156 14720));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	157 qc->congestion.ssthresh = (size_t) -1;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	158 qc->congestion.recovery_start = ngx_current_msec;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	159 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	160
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	161 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	162 * RFC 9000, 9.3. Responding to Connection Migration
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	163 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	164 * After verifying a new client address, the server SHOULD
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	165 * send new address validation tokens (Section 8) to the client.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	166 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	167
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	168 if (ngx_quic_send_new_token(c, path) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	169 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	170 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	171
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	172 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	173 "quic path #%uL successfully validated", path->seqnum);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	174
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	175 path->state = NGX_QUIC_PATH_VALIDATED;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	176 path->validated_at = ngx_time();
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	177
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	178 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	179 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	180
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	181
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	182 static ngx_quic_path_t *
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	183 ngx_quic_alloc_path(ngx_connection_t *c)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	184 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	185 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	186 struct sockaddr *sa;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	187 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	188 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	189
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	190 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	191
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	192 if (!ngx_queue_empty(&qc->free_paths)) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	193
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	194 q = ngx_queue_head(&qc->free_paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	195 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	196
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	197 ngx_queue_remove(&path->queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	198
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	199 sa = path->sockaddr;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	200 ngx_memzero(path, sizeof(ngx_quic_path_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	201 path->sockaddr = sa;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	202
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	203 } else {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	204
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	205 path = ngx_pcalloc(c->pool, sizeof(ngx_quic_path_t));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	206 if (path == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	207 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	208 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	209
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	210 path->sockaddr = ngx_palloc(c->pool, NGX_SOCKADDRLEN);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	211 if (path->sockaddr == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	212 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	213 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	214 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	215
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	216 return path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	217 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	218
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	219
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	220 ngx_quic_path_t *
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	221 ngx_quic_add_path(ngx_connection_t c, struct sockaddr sockaddr,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	222 socklen_t socklen)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	223 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	224 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	225 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	226
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	227 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	228
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	229 path = ngx_quic_alloc_path(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	230 if (path == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	231 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	232 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	233
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	234 path->seqnum = qc->path_seqnum++;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	235
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	236 path->socklen = socklen;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	237 ngx_memcpy(path->sockaddr, sockaddr, socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	238
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	239 path->addr_text.data = path->text;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	240 path->addr_text.len = ngx_sock_ntop(sockaddr, socklen, path->text,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	241 NGX_SOCKADDR_STRLEN, 1);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	242
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	243 ngx_queue_insert_tail(&qc->paths, &path->queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	244
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	245 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	246 "quic path #%uL created src:%V",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	247 path->seqnum, &path->addr_text);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	248
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	249 return path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	250 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	251
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	252
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	253 ngx_quic_path_t *
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	254 ngx_quic_find_path(ngx_connection_t c, struct sockaddr sockaddr,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	255 socklen_t socklen)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	256 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	257 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	258 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	259 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	260
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	261 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	262
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	263 for (q = ngx_queue_head(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	264 q != ngx_queue_sentinel(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	265 q = ngx_queue_next(q))
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	266 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	267 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	268
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	269 if (ngx_cmp_sockaddr(sockaddr, socklen,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	270 path->sockaddr, path->socklen, 1)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	271 == NGX_OK)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	272 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	273 return path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	274 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	275 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	276
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	277 return NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	278 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	279
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	280
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	281 ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	282 ngx_quic_update_paths(ngx_connection_t c, ngx_quic_header_t pkt)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	283 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	284 off_t len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	285 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	286 ngx_quic_socket_t *qsock;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	287 ngx_quic_client_id_t *cid;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	288 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	289
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	290 qsock = ngx_quic_get_socket(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	291
8913 40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	292 if (c->udp->dgram == NULL && qsock->path) {
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	293 /* 1st ever packet in connection, path already exists */
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	294 path = qsock->path;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	295 goto update;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	296 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	297
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	298 path = ngx_quic_find_path(c, c->udp->dgram->sockaddr,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	299 c->udp->dgram->socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	300
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	301 if (path == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	302 path = ngx_quic_add_path(c, c->udp->dgram->sockaddr,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	303 c->udp->dgram->socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	304 if (path == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	305 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	306 }
8913 40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	307
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	308 if (qsock->path) {
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	309 /* NAT rebinding case: packet to same CID, but from new address */
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	310
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	311 ngx_quic_unref_path(c, qsock->path);
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	312
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	313 qsock->path = path;
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	314 path->refcnt++;
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	315
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	316 goto update;
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	317 }
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	318
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	319 } else if (qsock->path) {
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8912 diff changeset	320 goto update;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	321 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	322
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	323 /* prefer unused client IDs if available */
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	324 cid = ngx_quic_next_client_id(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	325 if (cid == NULL) {
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	326
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	327 /* try to reuse connection ID used on the same path */
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	328 cid = ngx_quic_used_client_id(c, path);
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	329 if (cid == NULL) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	330
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	331 qc = ngx_quic_get_connection(c);
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	332 qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR;
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	333 qc->error_reason = "no available client ids for new path";
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	334
8777 d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	335 ngx_log_error(NGX_LOG_ERR, c->log, 0,
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	336 "no available client ids for new path");
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	337
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	338 return NGX_ERROR;
d5f93733c17d QUIC: relaxed client id requirements. Vladimir Homutov <vl@nginx.com> parents: 8763 diff changeset	339 }
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	340 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	341
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	342 ngx_quic_connect(c, qsock, path, cid);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	343
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	344 update:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	345
8912 50d73bf20e73 QUIC: refactored multiple QUIC packets handling. Vladimir Homutov <vl@nginx.com> parents: 8901 diff changeset	346 len = pkt->raw->last - pkt->raw->start;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	347
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	348 /* TODO: this may be too late in some cases;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	349 * for example, if error happens during decrypt(), we cannot
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	350 * send CC, if error happens in 1st packet, due to amplification
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	351 * limit, because path->received = 0
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	352 *
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	353 * should we account garbage as received or only decrypting packets?
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	354 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	355 path->received += len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	356
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	357 ngx_log_debug6(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	358 "quic packet via #%uL:%uL:%uL"
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	359 " size:%O path recvd:%O sent:%O",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	360 qsock->sid.seqnum, qsock->cid->seqnum, path->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	361 len, path->received, path->sent);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	362
8737 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363 return NGX_OK;
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364 }
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	365
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	366
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	367 static void
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	368 ngx_quic_set_connection_path(ngx_connection_t c, ngx_quic_path_t path)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	369 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	370 size_t len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	371
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	372 ngx_memcpy(c->sockaddr, path->sockaddr, path->socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	373 c->socklen = path->socklen;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	374
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	375 if (c->addr_text.data) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	376 len = ngx_min(c->addr_text.len, path->addr_text.len);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	377
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	378 ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	379 c->addr_text.len = len;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	380 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	381
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	382 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	383 "quic send path set to #%uL addr:%V",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	384 path->seqnum, &path->addr_text);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	385 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	386
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	387
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	388 ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	389 ngx_quic_handle_migration(ngx_connection_t c, ngx_quic_header_t pkt)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	390 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	391 ngx_quic_path_t *next;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	392 ngx_quic_socket_t *qsock;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	393 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	394 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	395
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	396 /* got non-probing packet via non-active socket with different path */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	397
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	398 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	399
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	400 /* current socket, different from active */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	401 qsock = ngx_quic_get_socket(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	402
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	403 next = qsock->path; /* going to migrate to this path... */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	404
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	405 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	406 "quic migration from #%uL:%uL:%uL (%s)"
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	407 " to #%uL:%uL:%uL (%s)",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	408 qc->socket->sid.seqnum, qc->socket->cid->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	409 qc->socket->path->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	410 ngx_quic_path_state_str(qc->socket->path),
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	411 qsock->sid.seqnum, qsock->cid->seqnum, next->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	412 ngx_quic_path_state_str(next));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	413
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	414 switch (next->state) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	415 case NGX_QUIC_PATH_NEW:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	416 if (ngx_quic_validate_path(c, qsock) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	417 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	418 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	419 break;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	420
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	421 /* migration to previously known path */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	422
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	423 case NGX_QUIC_PATH_VALIDATING:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	424 /* alredy validating, nothing to do */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	425 break;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	426
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	427 case NGX_QUIC_PATH_VALIDATED:
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	428 /* if path is old enough, revalidate */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	429 if (ngx_time() - next->validated_at > NGX_QUIC_PATH_VALID_TIME) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	430
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	431 next->state = NGX_QUIC_PATH_NEW;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	432
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	433 if (ngx_quic_validate_path(c, qsock) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	434 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	435 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	436 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	437
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	438 break;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	439 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	440
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	441 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	442
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	443 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	444 * RFC 9000, 9.3. Responding to Connection Migration
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	445 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	446 * An endpoint only changes the address to which it sends packets in
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	447 * response to the highest-numbered non-probing packet.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	448 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	449 if (pkt->pn != ctx->largest_pn) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	450 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	451 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	452
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	453 /* switching connection to new path */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	454
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	455 ngx_quic_set_connection_path(c, next);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	456
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	457 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	458 * RFC 9000, 9.5. Privacy Implications of Connection Migration
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	459 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	460 * An endpoint MUST NOT reuse a connection ID when sending to
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	461 * more than one destination address.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	462 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	463
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	464 /* preserve valid path we are migrating from */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	465 if (qc->socket->path->state == NGX_QUIC_PATH_VALIDATED) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	466
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	467 if (qc->backup) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	468 ngx_quic_close_socket(c, qc->backup);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	469 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	470
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	471 qc->backup = qc->socket;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	472
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	473 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	474 "quic backup socket is now #%uL:%uL:%uL (%s)",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	475 qc->backup->sid.seqnum, qc->backup->cid->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	476 qc->backup->path->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	477 ngx_quic_path_state_str(qc->backup->path));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	478 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	479
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	480 qc->socket = qsock;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	481
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	482 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	483 "quic active socket is now #%uL:%uL:%uL (%s)",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	484 qsock->sid.seqnum, qsock->cid->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	485 qsock->path->seqnum, ngx_quic_path_state_str(qsock->path));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	486
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	487 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	488 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	489
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	490
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	491 static ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	492 ngx_quic_validate_path(ngx_connection_t c, ngx_quic_socket_t qsock)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	493 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	494 ngx_msec_t pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	495 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	496 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	497 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	498
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	499 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	500
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	501 path = qsock->path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	502
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	503 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	504 "quic initiated validation of new path #%uL",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	505 path->seqnum);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	506
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	507 path->state = NGX_QUIC_PATH_VALIDATING;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	508
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	509 if (RAND_bytes(path->challenge1, 8) != 1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	510 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	511 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	512
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	513 if (RAND_bytes(path->challenge2, 8) != 1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	514 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	515 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	516
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	517 if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	518 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	519 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	520
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	521 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	522 pto = ngx_quic_pto(c, ctx);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	523
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	524 path->expires = ngx_current_msec + pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	525 path->tries = NGX_QUIC_PATH_RETRIES;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	526
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	527 if (!qc->path_validation.timer_set) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	528 ngx_add_timer(&qc->path_validation, pto);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	529 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	530
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	531 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	532 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	533
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	534
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	535 static ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	536 ngx_quic_send_path_challenge(ngx_connection_t c, ngx_quic_path_t path)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	537 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	538 off_t max, pad;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	539 ssize_t sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	540 ngx_quic_frame_t frame;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	541
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	542 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	543 "quic path #%uL send path challenge tries:%ui",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	544 path->seqnum, path->tries);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	545
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	546 frame.level = ssl_encryption_application;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	547 frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	548
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	549 ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	550
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	551 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	552 * RFC 9000, 8.2.1. Initiating Path Validation
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	553 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	554 * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	555 * to at least the smallest allowed maximum datagram size of 1200 bytes,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	556 * unless the anti-amplification limit for the path does not permit
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	557 * sending a datagram of this size.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	558 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	559
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	560 /* same applies to PATH_RESPONSE frames */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	561
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	562 max = path->received * 3;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	563 max = (path->sent >= max) ? 0 : max - path->sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	564 pad = ngx_min(1200, max);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	565
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	566 sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen);
8822 ad046179eb91 QUIC: handle EAGAIN properly on UDP sockets. Vladimir Homutov <vl@nginx.com> parents: 8797 diff changeset	567 if (sent < 0) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	568 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	569 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	570
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	571 path->sent += sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	572
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	573 ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	574
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	575 max = (path->sent >= max) ? 0 : max - path->sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	576 pad = ngx_min(1200, max);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	577
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	578 sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen);
8822 ad046179eb91 QUIC: handle EAGAIN properly on UDP sockets. Vladimir Homutov <vl@nginx.com> parents: 8797 diff changeset	579 if (sent < 0) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	580 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	581 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	582
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	583 path->sent += sent;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	584
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	585 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	586 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	587
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	588
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	589 void
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	590 ngx_quic_path_validation_handler(ngx_event_t *ev)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	591 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	592 ngx_msec_t now;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	593 ngx_queue_t *q;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	594 ngx_msec_int_t left, next, pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	595 ngx_quic_path_t *path;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	596 ngx_connection_t *c;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	597 ngx_quic_send_ctx_t *ctx;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	598 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	599
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	600 c = ev->data;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	601 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	602
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	603 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	604 pto = ngx_quic_pto(c, ctx);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	605
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	606 next = -1;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	607 now = ngx_current_msec;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	608
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	609 for (q = ngx_queue_head(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	610 q != ngx_queue_sentinel(&qc->paths);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	611 q = ngx_queue_next(q))
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	612 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	613 path = ngx_queue_data(q, ngx_quic_path_t, queue);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	614
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	615 if (path->state != NGX_QUIC_PATH_VALIDATING) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	616 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	617 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	618
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	619 left = path->expires - now;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	620
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	621 if (left > 0) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	622
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	623 if (next == -1 \|\| left < next) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	624 next = path->expires;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	625 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	626
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	627 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	628 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	629
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	630 if (--path->tries) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	631 path->expires = ngx_current_msec + pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	632
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	633 if (next == -1 \|\| pto < next) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	634 next = pto;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	635 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	636
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	637 /* retransmit */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	638 (void) ngx_quic_send_path_challenge(c, path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	639
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	640 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	641 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	642
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	643 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	644 "quic path #%uL validation failed", path->seqnum);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	645
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	646 /* found expired path */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	647
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	648 path->state = NGX_QUIC_PATH_NEW;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	649
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	650 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	651 * RFC 9000, 9.4. Loss Detection and Congestion Control
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	652 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	653 * If the timer fires before the PATH_RESPONSE is received, the
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	654 * endpoint might send a new PATH_CHALLENGE and restart the timer for
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	655 * a longer period of time. This timer SHOULD be set as described in
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	656 * Section 6.2.1 of [QUIC-RECOVERY] and MUST NOT be more aggressive.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	657 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	658
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	659 if (qc->socket->path != path) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	660 /* the path was not actually used */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	661 continue;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	662 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	663
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	664 if (ngx_quic_path_restore(c) != NGX_OK) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	665 qc->error = NGX_QUIC_ERR_NO_VIABLE_PATH;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	666 qc->error_reason = "no viable path";
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	667 ngx_quic_close_connection(c, NGX_ERROR);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	668 return;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	669 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	670 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	671
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	672 if (next != -1) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	673 ngx_add_timer(&qc->path_validation, next);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	674 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	675 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	676
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	677
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	678 static ngx_int_t
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	679 ngx_quic_path_restore(ngx_connection_t *c)
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	680 {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	681 ngx_quic_socket_t *qsock;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	682 ngx_quic_connection_t *qc;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	683
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	684 qc = ngx_quic_get_connection(c);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	685
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	686 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	687 * RFC 9000, 9.1. Probing a New Path
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	688 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	689 * Failure to validate a path does not cause the connection to end
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	690 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	691 * RFC 9000, 9.3.2. On-Path Address Spoofing
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8778 diff changeset	692 *
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	693 * To protect the connection from failing due to such a spurious
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	694 * migration, an endpoint MUST revert to using the last validated
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	695 * peer address when validation of a new peer address fails.
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	696 */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	697
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	698 if (qc->backup == NULL) {
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	699 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	700 }
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	701
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	702 qc->socket = qc->backup;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	703 qc->backup = NULL;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	704
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	705 qsock = qc->socket;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	706
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	707 ngx_log_error(NGX_LOG_INFO, c->log, 0,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	708 "quic active socket is restored to #%uL:%uL:%uL"
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	709 " (%s), no backup",
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	710 qsock->sid.seqnum, qsock->cid->seqnum, qsock->path->seqnum,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	711 ngx_quic_path_state_str(qsock->path));
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	712
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	713 ngx_quic_set_connection_path(c, qsock->path);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	714
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	715 return NGX_OK;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8747 diff changeset	716 }

Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_migration.c @ 8913:40445fc7c403 quic