Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_migration.h @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 13 Dec 2021 17:27:29 +0300 |
| parents | 40445fc7c403 |
| children | 1e2f4e9c8195 |
| rev | line source |
|---|---|
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 #include <ngx_config.h> |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_core.h> |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
14 #define NGX_QUIC_PATH_RETRIES 3 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
15 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
16 #define NGX_QUIC_PATH_NEW 0 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
17 #define NGX_QUIC_PATH_VALIDATING 1 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
18 #define NGX_QUIC_PATH_VALIDATED 2 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
19 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
20 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
21 #define ngx_quic_path_state_str(p) \ |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
22 ((p)->state == NGX_QUIC_PATH_NEW) ? "new" : \ |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
23 (((p)->state == NGX_QUIC_PATH_VALIDATED) ? "validated" : "validating") |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
24 |
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c, |
|
8778
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8763
diff
changeset
|
27 ngx_quic_path_challenge_frame_t *f); |
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c, |
|
8778
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8763
diff
changeset
|
29 ngx_quic_path_challenge_frame_t *f); |
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
|
8913
40445fc7c403
QUIC: fixed migration during NAT rebinding.
Vladimir Homutov <vl@nginx.com>
parents:
8778
diff
changeset
|
31 ngx_quic_path_t *ngx_quic_find_path(ngx_connection_t *c, |
|
40445fc7c403
QUIC: fixed migration during NAT rebinding.
Vladimir Homutov <vl@nginx.com>
parents:
8778
diff
changeset
|
32 struct sockaddr *sockaddr, socklen_t socklen); |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
33 ngx_quic_path_t *ngx_quic_add_path(ngx_connection_t *c, |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
34 struct sockaddr *sockaddr, socklen_t socklen); |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
35 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
36 ngx_int_t ngx_quic_update_paths(ngx_connection_t *c, ngx_quic_header_t *pkt); |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
37 ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c, |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
38 ngx_quic_header_t *pkt); |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
39 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
40 void ngx_quic_path_validation_handler(ngx_event_t *ev); |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
41 |
| 8747 | 42 #endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */ |