Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic.c @ 8752:e19723c40d28 quic
QUIC: separate files for tokens related processing.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Tue, 13 Apr 2021 14:41:52 +0300 |
| parents | bc910a5ec737 |
| children | 46161c610919 |
| rev | line source |
|---|---|
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
2 /* |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
4 */ |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
5 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
6 |
| 8171 | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
9 #include <ngx_event.h> |
|
8736
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8735
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
11 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
12 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
13 /* |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
14 * 7.4. Cryptographic Message Buffering |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
15 * Implementations MUST support buffering at least 4096 bytes of data |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
16 */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
17 #define NGX_QUIC_MAX_BUFFERED 65535 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
18 |
|
8307
dc7ac778aafe
Introduced packet namespace in QUIC connection.
Vladimir Homutov <vl@nginx.com>
parents:
8306
diff
changeset
|
19 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
20 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
21 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
22 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
23 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
24 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
25 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
26 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
27 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
28 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
29 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
30 const uint8_t *write_secret, size_t secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
31 #endif |
| 8225 | 32 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
33 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
34 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
35 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
36 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
37 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
38 static ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
39 ngx_quic_tp_t *ctp); |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
40 static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c, |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
41 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
42 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
43 ngx_quic_header_t *pkt); |
| 8225 | 44 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
45 static void ngx_quic_input_handler(ngx_event_t *rev); |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
46 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
47 static ngx_int_t ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
48 static void ngx_quic_close_timer_handler(ngx_event_t *ev); |
| 8225 | 49 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
50 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
51 ngx_quic_conf_t *conf); |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
52 static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
53 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
54 static ngx_int_t ngx_quic_process_payload(ngx_connection_t *c, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
55 ngx_quic_header_t *pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
56 static void ngx_quic_discard_ctx(ngx_connection_t *c, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
57 enum ssl_encryption_level_t level); |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
58 static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc, |
| 8361 | 59 ngx_quic_header_t *pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
60 static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c, |
| 8225 | 61 ngx_quic_header_t *pkt); |
|
8751
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8750
diff
changeset
|
62 |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
63 |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
64 static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c, |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
65 ngx_quic_header_t *pkt, ngx_quic_frame_t *frame); |
|
8749
660c4a2f95f3
QUIC: separate files for frames related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
66 ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, |
|
8378
81a4f98a2556
Cleaned up reordering code.
Vladimir Homutov <vl@nginx.com>
parents:
8377
diff
changeset
|
67 ngx_quic_frame_t *frame, void *data); |
|
8750
41807e581de9
QUIC: separate files for stream related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8749
diff
changeset
|
68 |
| 8309 | 69 static void ngx_quic_push_handler(ngx_event_t *ev); |
| 8225 | 70 |
| 71 | |
| 8674 | 72 static ngx_core_module_t ngx_quic_module_ctx = { |
| 73 ngx_string("quic"), | |
| 74 NULL, | |
| 75 NULL | |
| 76 }; | |
| 77 | |
| 78 | |
| 79 ngx_module_t ngx_quic_module = { | |
| 80 NGX_MODULE_V1, | |
| 81 &ngx_quic_module_ctx, /* module context */ | |
| 82 NULL, /* module directives */ | |
| 83 NGX_CORE_MODULE, /* module type */ | |
| 84 NULL, /* init master */ | |
| 85 NULL, /* init module */ | |
| 86 NULL, /* init process */ | |
| 87 NULL, /* init thread */ | |
| 88 NULL, /* exit thread */ | |
| 89 NULL, /* exit process */ | |
| 90 NULL, /* exit master */ | |
| 91 NGX_MODULE_V1_PADDING | |
| 92 }; | |
| 93 | |
| 94 | |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
95 static SSL_QUIC_METHOD quic_method = { |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
96 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
97 ngx_quic_set_read_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
98 ngx_quic_set_write_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
99 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
100 ngx_quic_set_encryption_secrets, |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
101 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
102 ngx_quic_add_handshake_data, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
103 ngx_quic_flush_flight, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
104 ngx_quic_send_alert, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
105 }; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
106 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
107 |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
108 #if (NGX_DEBUG) |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
109 |
|
8751
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8750
diff
changeset
|
110 void |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
111 ngx_quic_connstate_dbg(ngx_connection_t *c) |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
112 { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
113 u_char *p, *last; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
114 ngx_quic_connection_t *qc; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
115 u_char buf[NGX_MAX_ERROR_STR]; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
116 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
117 p = buf; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
118 last = p + sizeof(buf); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
119 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
120 qc = ngx_quic_get_connection(c); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
121 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
122 p = ngx_slprintf(p, last, "state:"); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
123 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
124 if (qc) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
125 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
126 if (qc->error) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
127 p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
128 p = ngx_slprintf(p, last, " error:%ui", qc->error); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
129 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
130 if (qc->error_reason) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
131 p = ngx_slprintf(p, last, " \"%s\"", qc->error_reason); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
132 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
133 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
134 |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
135 p = ngx_slprintf(p, last, "%s", qc->shutdown ? " shutdown" : ""); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
136 p = ngx_slprintf(p, last, "%s", qc->closing ? " closing" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
137 p = ngx_slprintf(p, last, "%s", qc->draining ? " draining" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
138 p = ngx_slprintf(p, last, "%s", qc->key_phase ? " kp" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
139 p = ngx_slprintf(p, last, "%s", qc->validated? " valid" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
140 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
141 } else { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
142 p = ngx_slprintf(p, last, " early"); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
143 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
144 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
145 if (c->read->timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
146 p = ngx_slprintf(p, last, |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
147 qc && qc->send_timer_set ? " send:%M" : " read:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
148 c->read->timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
149 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
150 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
151 if (qc) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
152 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
153 if (qc->push.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
154 p = ngx_slprintf(p, last, " push:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
155 qc->push.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
156 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
157 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
158 if (qc->pto.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
159 p = ngx_slprintf(p, last, " pto:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
160 qc->pto.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
161 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
162 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
163 if (qc->close.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
164 p = ngx_slprintf(p, last, " close:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
165 qc->close.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
166 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
167 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
168 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
169 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
170 "quic %*s", p - buf, buf); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
171 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
172 |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
173 #endif |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
174 |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
175 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
176 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
177 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
178 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
179 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
180 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
181 const uint8_t *rsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
182 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
183 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
184 ngx_quic_connection_t *qc; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
185 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
186 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
187 qc = ngx_quic_get_connection(c); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
188 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
189 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
190 "quic ngx_quic_set_read_secret() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
191 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
192 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
193 "quic read secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
194 secret_len, rsecret); |
| 8359 | 195 #endif |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
196 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
197 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
198 cipher, rsecret, secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
199 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
200 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
201 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
202 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
203 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
204 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
205 const uint8_t *wsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
206 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
207 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
208 ngx_quic_connection_t *qc; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
209 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
210 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
211 qc = ngx_quic_get_connection(c); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
212 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
213 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
214 "quic ngx_quic_set_write_secret() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
215 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
216 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
217 "quic write secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
218 secret_len, wsecret); |
| 8359 | 219 #endif |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
220 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
221 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
222 cipher, wsecret, secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
223 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
224 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
225 #else |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
226 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
227 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
228 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
229 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
230 const uint8_t *wsecret, size_t secret_len) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
231 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
232 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
233 const SSL_CIPHER *cipher; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
234 ngx_quic_connection_t *qc; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
235 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
236 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
237 qc = ngx_quic_get_connection(c); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
238 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
239 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
240 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
241 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
242 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
243 "quic read secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
244 secret_len, rsecret); |
| 8359 | 245 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
246 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
247 cipher = SSL_get_current_cipher(ssl_conn); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
248 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
249 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
250 cipher, rsecret, secret_len) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
251 != 1) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
252 { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
253 return 0; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
254 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
255 |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
256 if (level == ssl_encryption_early_data) { |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
257 return 1; |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
258 } |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
259 |
| 8359 | 260 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
261 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
262 "quic write secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
263 secret_len, wsecret); |
| 8359 | 264 #endif |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
265 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
266 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
267 cipher, wsecret, secret_len); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
268 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
269 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
270 #endif |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
271 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
272 |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
273 static int |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
274 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
275 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
276 { |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
277 u_char *p, *end; |
|
8658
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
278 size_t client_params_len; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
279 const uint8_t *client_params; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
280 ngx_quic_tp_t ctp; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
281 ngx_quic_frame_t *frame; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
282 ngx_connection_t *c; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
283 ngx_quic_connection_t *qc; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
284 ngx_quic_frames_stream_t *fs; |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
285 |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
286 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
287 qc = ngx_quic_get_connection(c); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
288 |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
289 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 290 "quic ngx_quic_add_handshake_data"); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
291 |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
292 if (!qc->client_tp_done) { |
| 8438 | 293 /* |
| 294 * things to do once during handshake: check ALPN and transport | |
| 295 * parameters; we want to break handshake if something is wrong | |
| 296 * here; | |
| 297 */ | |
| 298 | |
| 299 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) | |
|
8482
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
300 if (qc->conf->require_alpn) { |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
301 unsigned int len; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
302 const unsigned char *data; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
303 |
|
8619
bb3f4f669417
QUIC: passing ssl_conn to SSL_get0_alpn_selected() directly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8617
diff
changeset
|
304 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
|
8482
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
305 |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
306 if (len == 0) { |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
307 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
308 qc->error_reason = "unsupported protocol in ALPN extension"; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
309 |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
310 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
311 "quic unsupported protocol in ALPN extension"); |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
312 return 0; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
313 } |
| 8438 | 314 } |
| 315 #endif | |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
316 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
317 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
318 &client_params_len); |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
319 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
320 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 321 "quic SSL_get_peer_quic_transport_params():" |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
322 " params_len:%ui", client_params_len); |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
323 |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
324 if (client_params_len == 0) { |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
325 /* quic-tls 8.2 */ |
|
8447
97adb87f149b
Get rid of hardcoded numbers used for quic handshake errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8446
diff
changeset
|
326 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
327 qc->error_reason = "missing transport parameters"; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
328 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
329 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
330 "missing transport parameters"); |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
331 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
332 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
333 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
334 p = (u_char *) client_params; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
335 end = p + client_params_len; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
336 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
337 /* defaults for parameters not sent by client */ |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
338 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
339 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
340 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
341 != NGX_OK) |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
342 { |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
343 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
344 qc->error_reason = "failed to process transport parameters"; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
345 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
346 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
347 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
348 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
349 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
350 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
351 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
352 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
353 qc->client_tp_done = 1; |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
354 } |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
355 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
356 fs = &qc->crypto[level]; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
357 |
|
8658
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
358 frame = ngx_quic_alloc_frame(c); |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
359 if (frame == NULL) { |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
360 return 0; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
361 } |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
362 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
363 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
364 if (frame->data == NGX_CHAIN_ERROR) { |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
365 return 0; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
366 } |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
367 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
368 frame->level = level; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
369 frame->type = NGX_QUIC_FT_CRYPTO; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
370 frame->u.crypto.offset = fs->sent; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
371 frame->u.crypto.length = len; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
372 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
373 fs->sent += len; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
374 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
375 ngx_quic_queue_frame(qc, frame); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
376 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
377 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
378 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
379 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
380 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
381 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
382 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
383 { |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
384 #if (NGX_DEBUG) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
385 ngx_connection_t *c; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
386 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
387 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
388 |
| 8359 | 389 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 390 "quic ngx_quic_flush_flight()"); | |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
391 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
392 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
393 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
394 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
395 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
396 static ngx_int_t |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
397 ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
398 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
399 ngx_quic_connection_t *qc; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
400 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
401 qc = ngx_quic_get_connection(c); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
402 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
403 if (qc->scid.len != ctp->initial_scid.len |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
404 || ngx_memcmp(qc->scid.data, ctp->initial_scid.data, qc->scid.len) != 0) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
405 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
406 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
407 "quic client initial_source_connection_id mismatch"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
408 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
409 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
410 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
411 if (ctp->max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
412 || ctp->max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
413 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
414 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
415 qc->error_reason = "invalid maximum packet size"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
416 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
417 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
418 "quic maximum packet size is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
419 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
420 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
421 } else if (ctp->max_udp_payload_size > ngx_quic_max_udp_payload(c)) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
422 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
423 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
424 "quic client maximum packet size truncated"); |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
425 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
426 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
427 if (ctp->active_connection_id_limit < 2) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
428 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
429 qc->error_reason = "invalid active_connection_id_limit"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
430 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
431 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
432 "quic active_connection_id_limit is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
433 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
434 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
435 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
436 if (ctp->ack_delay_exponent > 20) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
437 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
438 qc->error_reason = "invalid ack_delay_exponent"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
439 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
440 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
441 "quic ack_delay_exponent is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
442 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
443 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
444 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
445 if (ctp->max_ack_delay > 16384) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
446 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
447 qc->error_reason = "invalid max_ack_delay"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
448 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
449 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
450 "quic max_ack_delay is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
451 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
452 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
453 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
454 if (ctp->max_idle_timeout > 0 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
455 && ctp->max_idle_timeout < qc->tp.max_idle_timeout) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
456 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
457 qc->tp.max_idle_timeout = ctp->max_idle_timeout; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
458 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
459 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
460 qc->streams.server_max_streams_bidi = ctp->initial_max_streams_bidi; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
461 qc->streams.server_max_streams_uni = ctp->initial_max_streams_uni; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
462 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
463 ngx_memcpy(&qc->ctp, ctp, sizeof(ngx_quic_tp_t)); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
464 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
465 return NGX_OK; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
466 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
467 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
468 |
| 8225 | 469 void |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
470 ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf) |
| 8225 | 471 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
472 ngx_int_t rc; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
473 ngx_quic_connection_t *qc; |
| 8225 | 474 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
475 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run"); |
| 8225 | 476 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
477 rc = ngx_quic_input(c, c->buffer, conf); |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
478 if (rc != NGX_OK) { |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
479 ngx_quic_close_connection(c, rc == NGX_DECLINED ? NGX_DONE : NGX_ERROR); |
| 8225 | 480 return; |
| 481 } | |
| 482 | |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
483 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
484 |
| 8686 | 485 if (qc == NULL) { |
| 486 ngx_quic_close_connection(c, NGX_DONE); | |
| 487 return; | |
| 488 } | |
| 489 | |
| 490 ngx_add_timer(c->read, qc->tp.max_idle_timeout); | |
| 491 ngx_quic_connstate_dbg(c); | |
| 8225 | 492 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
493 c->read->handler = ngx_quic_input_handler; |
| 8225 | 494 |
| 495 return; | |
| 496 } | |
| 497 | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
498 |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
499 static ngx_quic_connection_t * |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
500 ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf, |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
501 ngx_quic_header_t *pkt) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
502 { |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
503 ngx_uint_t i; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
504 ngx_quic_tp_t *ctp; |
| 8225 | 505 ngx_quic_connection_t *qc; |
|
8387
eebdda507ec3
Added tests for connection id lengths in initial packet.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
506 |
| 8225 | 507 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
| 508 if (qc == NULL) { | |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
509 return NULL; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
510 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
511 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
512 qc->keys = ngx_quic_keys_new(c->pool); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
513 if (qc->keys == NULL) { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
514 return NULL; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
515 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
516 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
517 qc->version = pkt->version; |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
518 |
| 8225 | 519 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
| 520 ngx_quic_rbtree_insert_stream); | |
| 521 | |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
522 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
|
8331
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
8328
diff
changeset
|
523 ngx_queue_init(&qc->send_ctx[i].frames); |
|
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
8328
diff
changeset
|
524 ngx_queue_init(&qc->send_ctx[i].sent); |
|
8598
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
525 qc->send_ctx[i].largest_pn = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
526 qc->send_ctx[i].largest_ack = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
527 qc->send_ctx[i].largest_range = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
528 qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN; |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
529 } |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
530 |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
531 qc->send_ctx[0].level = ssl_encryption_initial; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
532 qc->send_ctx[1].level = ssl_encryption_handshake; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
533 qc->send_ctx[2].level = ssl_encryption_application; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
534 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
535 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) { |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
536 ngx_queue_init(&qc->crypto[i].frames); |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
537 } |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
538 |
|
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
539 ngx_queue_init(&qc->free_frames); |
|
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
540 |
|
8469
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
541 qc->avg_rtt = NGX_QUIC_INITIAL_RTT; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
542 qc->rttvar = NGX_QUIC_INITIAL_RTT / 2; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
543 qc->min_rtt = NGX_TIMER_INFINITE; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
544 |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
545 /* |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
546 * qc->latest_rtt = 0 |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
547 */ |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
548 |
|
8477
031918df51c0
QUIC: added anti-amplification limit.
Vladimir Homutov <vl@nginx.com>
parents:
8476
diff
changeset
|
549 qc->received = pkt->raw->last - pkt->raw->start; |
|
031918df51c0
QUIC: added anti-amplification limit.
Vladimir Homutov <vl@nginx.com>
parents:
8476
diff
changeset
|
550 |
| 8472 | 551 qc->pto.log = c->log; |
| 552 qc->pto.data = c; | |
| 553 qc->pto.handler = ngx_quic_pto_handler; | |
| 554 qc->pto.cancelable = 1; | |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
555 |
| 8309 | 556 qc->push.log = c->log; |
| 557 qc->push.data = c; | |
| 558 qc->push.handler = ngx_quic_push_handler; | |
| 559 qc->push.cancelable = 1; | |
| 560 | |
|
8481
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8480
diff
changeset
|
561 qc->conf = conf; |
|
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8480
diff
changeset
|
562 qc->tp = conf->tp; |
| 8225 | 563 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
564 if (qc->tp.disable_active_migration) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
565 qc->sockaddr = ngx_palloc(c->pool, c->socklen); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
566 if (qc->sockaddr == NULL) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
567 return NULL; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
568 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
569 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
570 ngx_memcpy(qc->sockaddr, c->sockaddr, c->socklen); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
571 qc->socklen = c->socklen; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
572 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
573 |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
574 ctp = &qc->ctp; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
575 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
576 /* defaults to be used before actual client parameters are received */ |
|
8436
9fe7875ce4bb
QUIC: further limiting maximum QUIC packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8435
diff
changeset
|
577 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
578 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
579 ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
580 ctp->active_connection_id_limit = 2; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
581 |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
582 qc->streams.recv_max_data = qc->tp.initial_max_data; |
|
8338
0f9e9786b90d
Added primitive flow control mechanisms.
Vladimir Homutov <vl@nginx.com>
parents:
8337
diff
changeset
|
583 |
|
8496
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
584 qc->streams.client_max_streams_uni = qc->tp.initial_max_streams_uni; |
|
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
585 qc->streams.client_max_streams_bidi = qc->tp.initial_max_streams_bidi; |
|
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
586 |
|
8415
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
587 qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size, |
|
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
588 ngx_max(2 * qc->tp.max_udp_payload_size, |
|
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
589 14720)); |
|
8623
8550b91e8e35
QUIC: added proper logging of special values.
Vladimir Homutov <vl@nginx.com>
parents:
8622
diff
changeset
|
590 qc->congestion.ssthresh = (size_t) -1; |
|
8364
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8363
diff
changeset
|
591 qc->congestion.recovery_start = ngx_current_msec; |
|
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8363
diff
changeset
|
592 |
|
8746
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
593 if (pkt->validated && pkt->retried) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
594 qc->tp.retry_scid.len = pkt->dcid.len; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
595 qc->tp.retry_scid.data = ngx_pstrdup(c->pool, &pkt->dcid); |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
596 if (qc->tp.retry_scid.data == NULL) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
597 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
598 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
599 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
600 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
601 if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid, |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
602 qc->version) |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
603 != NGX_OK) |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
604 { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
605 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
606 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
607 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
608 qc->validated = pkt->validated; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
609 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
610 if (ngx_quic_setup_connection_ids(c, qc, pkt) != NGX_OK) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
611 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
612 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
613 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
614 return qc; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
615 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
616 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
617 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
618 static ngx_int_t |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
619 ngx_quic_process_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
620 { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
621 u_char *tail, ch; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
622 ngx_uint_t i; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
623 ngx_queue_t *q; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
624 ngx_quic_client_id_t *cid; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
625 ngx_quic_connection_t *qc; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
626 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
627 qc = ngx_quic_get_connection(c); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
628 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
629 /* A stateless reset uses an entire UDP datagram */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
630 if (pkt->raw->start != pkt->data) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
631 return NGX_DECLINED; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
632 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
633 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
634 tail = pkt->raw->last - NGX_QUIC_SR_TOKEN_LEN; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
635 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
636 for (q = ngx_queue_head(&qc->client_ids); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
637 q != ngx_queue_sentinel(&qc->client_ids); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
638 q = ngx_queue_next(q)) |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
639 { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
640 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
641 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
642 if (cid->seqnum == 0) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
643 /* no stateless reset token in initial connection id */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
644 continue; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
645 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
646 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
647 /* constant time comparison */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
648 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
649 for (ch = 0, i = 0; i < NGX_QUIC_SR_TOKEN_LEN; i++) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
650 ch |= tail[i] ^ cid->sr_token[i]; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
651 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
652 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
653 if (ch == 0) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
654 return NGX_OK; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
655 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
656 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
657 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
658 return NGX_DECLINED; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
659 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
660 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
661 |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
662 static ngx_int_t |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
663 ngx_quic_init_connection(ngx_connection_t *c) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
664 { |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
665 u_char *p; |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
666 size_t clen; |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
667 ssize_t len; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
668 ngx_ssl_conn_t *ssl_conn; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
669 ngx_quic_connection_t *qc; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
670 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
671 qc = ngx_quic_get_connection(c); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
672 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
673 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
674 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
675 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
676 |
|
8655
f596a4e5794b
QUIC: disabling bidirectional SSL shutdown earlier.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8652
diff
changeset
|
677 c->ssl->no_wait_shutdown = 1; |
|
f596a4e5794b
QUIC: disabling bidirectional SSL shutdown earlier.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8652
diff
changeset
|
678 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
679 ssl_conn = c->ssl->connection; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
680 |
|
8232
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
681 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
682 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 8361 | 683 "quic SSL_set_quic_method() failed"); |
|
8232
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
684 return NGX_ERROR; |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
685 } |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
686 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
687 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
|
8564
b52b2a33b0e5
QUIC: fixed build with OpenSSL after bed310672f39.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8563
diff
changeset
|
688 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
689 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
690 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
691 #endif |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
692 |
|
8717
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
693 #if BORINGSSL_API_VERSION >= 13 |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
694 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
695 #endif |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
696 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
697 if (ngx_quic_new_sr_token(c, &qc->dcid, qc->conf->sr_token_key, |
|
8634
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
698 qc->tp.sr_token) |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
699 != NGX_OK) |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
700 { |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
701 return NGX_ERROR; |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
702 } |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
703 |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
704 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
705 "quic stateless reset token %*xs", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
706 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
707 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
708 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
709 /* always succeeds */ |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
710 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
711 p = ngx_pnalloc(c->pool, len); |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
712 if (p == NULL) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
713 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
714 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
715 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
716 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
717 if (len < 0) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
718 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
719 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
720 |
| 8359 | 721 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
722 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
723 "quic transport parameters len:%uz %*xs", len, len, p); |
| 8359 | 724 #endif |
| 725 | |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
726 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
727 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 8361 | 728 "quic SSL_set_quic_transport_params() failed"); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
729 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
730 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
731 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
732 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
733 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
734 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
735 "quic SSL_set_quic_early_data_context() failed"); |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
736 return NGX_ERROR; |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
737 } |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
738 #endif |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
739 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
740 return NGX_OK; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
741 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
742 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
743 |
| 8225 | 744 static void |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
745 ngx_quic_input_handler(ngx_event_t *rev) |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
746 { |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
747 ngx_int_t rc; |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
748 ngx_buf_t *b; |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
749 ngx_connection_t *c; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
750 ngx_quic_connection_t *qc; |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
751 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
752 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler"); |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
753 |
| 8225 | 754 c = rev->data; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
755 qc = ngx_quic_get_connection(c); |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
756 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
757 c->log->action = "handling quic input"; |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
758 |
| 8225 | 759 if (rev->timedout) { |
| 8361 | 760 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, |
| 761 "quic client timed out"); | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
762 ngx_quic_close_connection(c, NGX_DONE); |
| 8225 | 763 return; |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
764 } |
|
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
765 |
| 8225 | 766 if (c->close) { |
|
8442
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8439
diff
changeset
|
767 qc->error_reason = "graceful shutdown"; |
|
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8439
diff
changeset
|
768 ngx_quic_close_connection(c, NGX_OK); |
| 8225 | 769 return; |
| 770 } | |
|
8220
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8218
diff
changeset
|
771 |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
772 if (!rev->ready) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
773 if (qc->closing) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
774 ngx_quic_close_connection(c, NGX_OK); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
775 } |
| 8225 | 776 return; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
777 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
778 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
779 if (qc->tp.disable_active_migration) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
780 if (c->socklen != qc->socklen |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
781 || ngx_memcmp(c->sockaddr, qc->sockaddr, c->socklen) != 0) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
782 { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
783 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
784 "quic dropping packet from new address"); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
785 return; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
786 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
787 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
788 |
|
8734
c61fcdc1b8e3
UDP: extended datagram context.
Vladimir Homutov <vl@nginx.com>
parents:
8730
diff
changeset
|
789 b = c->udp->dgram->buffer; |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
790 |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
791 qc->received += (b->last - b->pos); |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
792 |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
793 rc = ngx_quic_input(c, b, NULL); |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
794 |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
795 if (rc == NGX_ERROR) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
796 ngx_quic_close_connection(c, NGX_ERROR); |
| 8225 | 797 return; |
| 798 } | |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
799 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
800 if (rc == NGX_DECLINED) { |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
801 return; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
802 } |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
803 |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
804 /* rc == NGX_OK */ |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
805 |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
806 qc->send_timer_set = 0; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
807 ngx_add_timer(rev, qc->tp.max_idle_timeout); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
808 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
809 ngx_quic_connstate_dbg(c); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
810 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
811 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
812 |
|
8736
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8735
diff
changeset
|
813 void |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
814 ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc) |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
815 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
816 ngx_pool_t *pool; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
817 ngx_quic_connection_t *qc; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
818 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
819 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
820 "quic ngx_quic_close_connection rc:%i", rc); |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
821 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
822 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
823 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
824 if (qc == NULL) { |
| 8686 | 825 if (rc == NGX_ERROR) { |
| 826 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
827 "quic close connection early error"); |
| 8686 | 828 } |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
829 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
830 } else if (ngx_quic_close_quic(c, rc) == NGX_AGAIN) { |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
831 return; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
832 } |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
833 |
| 8225 | 834 if (c->ssl) { |
| 835 (void) ngx_ssl_shutdown(c); | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
836 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
837 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
838 if (c->read->timer_set) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
839 ngx_del_timer(c->read); |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
840 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
841 |
| 8225 | 842 #if (NGX_STAT_STUB) |
| 843 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
| 844 #endif | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
845 |
| 8225 | 846 c->destroyed = 1; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
847 |
| 8225 | 848 pool = c->pool; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
849 |
| 8225 | 850 ngx_close_connection(c); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
851 |
| 8225 | 852 ngx_destroy_pool(pool); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
853 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
854 |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
855 |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
856 static ngx_int_t |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
857 ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc) |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
858 { |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
859 ngx_uint_t i; |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
860 ngx_queue_t *q; |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
861 ngx_quic_send_ctx_t *ctx; |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
862 ngx_quic_server_id_t *sid; |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
863 ngx_quic_connection_t *qc; |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
864 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
865 qc = ngx_quic_get_connection(c); |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
866 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
867 if (!qc->closing) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
868 |
|
8398
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
869 /* drop packets from retransmit queues, no ack is expected */ |
|
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
870 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
|
8652
e9bd4305e68b
QUIC: fixed send contexts cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8651
diff
changeset
|
871 ngx_quic_free_frames(c, &qc->send_ctx[i].sent); |
|
8398
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
872 } |
|
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
873 |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
874 if (rc == NGX_DONE) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
875 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
876 /* |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
877 * 10.2. Idle Timeout |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
878 * |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
879 * If the idle timeout is enabled by either peer, a connection is |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
880 * silently closed and its state is discarded when it remains idle |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
881 */ |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
882 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
883 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
884 "quic closing %s connection", |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
885 qc->draining ? "drained" : "idle"); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
886 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
887 } else { |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
888 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
889 /* |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
890 * 10.3. Immediate Close |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
891 * |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
892 * An endpoint sends a CONNECTION_CLOSE frame (Section 19.19) |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
893 * to terminate the connection immediately. |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
894 */ |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
895 |
|
8475
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
896 qc->error_level = c->ssl ? SSL_quic_read_level(c->ssl->connection) |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
897 : ssl_encryption_initial; |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
898 |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
899 if (rc == NGX_OK) { |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
900 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
901 "quic immediate close drain:%d", |
|
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
902 qc->draining); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
903 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
904 qc->close.log = c->log; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
905 qc->close.data = c; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
906 qc->close.handler = ngx_quic_close_timer_handler; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
907 qc->close.cancelable = 1; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
908 |
|
8475
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
909 ctx = ngx_quic_get_send_ctx(qc, qc->error_level); |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
910 |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
911 ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx)); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
912 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
913 qc->error = NGX_QUIC_ERR_NO_ERROR; |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
914 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
915 } else { |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
916 if (qc->error == 0 && !qc->error_app) { |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
917 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
918 } |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
919 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
920 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
921 "quic immediate close due to %s error: %ui %s", |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
922 qc->error_app ? "app " : "", qc->error, |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
923 qc->error_reason ? qc->error_reason : ""); |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
924 } |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
925 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
926 (void) ngx_quic_send_cc(c); |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
927 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
928 if (qc->error_level == ssl_encryption_handshake) { |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
929 /* for clients that might not have handshake keys */ |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
930 qc->error_level = ssl_encryption_initial; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
931 (void) ngx_quic_send_cc(c); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
932 } |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
933 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
934 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
935 qc->closing = 1; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
936 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
937 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
938 if (rc == NGX_ERROR && qc->close.timer_set) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
939 /* do not wait for timer in case of fatal error */ |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
940 ngx_del_timer(&qc->close); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
941 } |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
942 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
943 if (ngx_quic_close_streams(c, qc) == NGX_AGAIN) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
944 return NGX_AGAIN; |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
945 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
946 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
947 if (qc->push.timer_set) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
948 ngx_del_timer(&qc->push); |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
949 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
950 |
| 8472 | 951 if (qc->pto.timer_set) { |
| 952 ngx_del_timer(&qc->pto); | |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
953 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
954 |
|
8434
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
955 if (qc->push.posted) { |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
956 ngx_delete_posted_event(&qc->push); |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
957 } |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
958 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
959 while (!ngx_queue_empty(&qc->server_ids)) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
960 q = ngx_queue_head(&qc->server_ids); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
961 sid = ngx_queue_data(q, ngx_quic_server_id_t, queue); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
962 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
963 ngx_queue_remove(q); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
964 ngx_rbtree_delete(&c->listening->rbtree, &sid->udp.node); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
965 qc->nserver_ids--; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
966 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
967 |
|
8553
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
968 if (qc->close.timer_set) { |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
969 return NGX_AGAIN; |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
970 } |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
971 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
972 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
973 "quic part of connection is terminated"); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
974 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
975 /* may be tested from SSL callback during SSL shutdown */ |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
976 c->udp = NULL; |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
977 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
978 return NGX_OK; |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
979 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
980 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
981 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
982 void |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
983 ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
984 const char *reason) |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
985 { |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
986 ngx_quic_connection_t *qc; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
987 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
988 qc = ngx_quic_get_connection(c); |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
989 qc->error = err; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
990 qc->error_reason = reason; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
991 qc->error_app = 1; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
992 qc->error_ftype = 0; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
993 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
994 ngx_quic_close_connection(c, NGX_ERROR); |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
995 } |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
996 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
997 |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
998 void |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
999 ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err, |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1000 const char *reason) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1001 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1002 ngx_quic_connection_t *qc; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1003 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1004 qc = ngx_quic_get_connection(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1005 qc->shutdown = 1; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1006 qc->shutdown_code = err; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1007 qc->shutdown_reason = reason; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1008 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1009 ngx_quic_shutdown_quic(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1010 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1011 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1012 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1013 static void |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1014 ngx_quic_close_timer_handler(ngx_event_t *ev) |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1015 { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1016 ngx_connection_t *c; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1017 |
| 8359 | 1018 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic close timer"); |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1019 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1020 c = ev->data; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1021 ngx_quic_close_connection(c, NGX_DONE); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1022 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1023 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1024 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1025 static ngx_int_t |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1026 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf) |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1027 { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1028 u_char *p; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1029 ngx_int_t rc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1030 ngx_uint_t good; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1031 ngx_quic_header_t pkt; |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1032 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1033 good = 0; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1034 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1035 p = b->pos; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1036 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1037 while (p < b->last) { |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1038 |
| 8225 | 1039 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
| 1040 pkt.raw = b; | |
| 1041 pkt.data = p; | |
| 1042 pkt.len = b->last - p; | |
| 1043 pkt.log = c->log; | |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
1044 pkt.flags = p[0]; |
|
8559
a89a58c642ef
QUIC: simplified packet header parsing.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1045 pkt.raw->pos++; |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1046 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1047 rc = ngx_quic_process_packet(c, conf, &pkt); |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1048 |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1049 #if (NGX_DEBUG) |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1050 if (pkt.parsed) { |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1051 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1052 "quic packet %s done decr:%d pn:%L perr:%ui rc:%i", |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1053 ngx_quic_level_name(pkt.level), pkt.decrypted, |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1054 pkt.pn, pkt.error, rc); |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1055 } else { |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1056 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1057 "quic packet done parse failed rc:%i", rc); |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1058 } |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1059 #endif |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1060 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1061 if (rc == NGX_ERROR) { |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1062 return NGX_ERROR; |
| 8225 | 1063 } |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
1064 |
| 8686 | 1065 if (rc == NGX_DONE) { |
| 1066 /* stop further processing */ | |
| 1067 return NGX_DECLINED; | |
| 1068 } | |
| 1069 | |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1070 if (rc == NGX_OK) { |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1071 good = 1; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1072 } |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1073 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1074 /* NGX_OK || NGX_DECLINED */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1075 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1076 /* |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1077 * we get NGX_DECLINED when there are no keys [yet] available |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1078 * to decrypt packet. |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1079 * Instead of queueing it, we ignore it and rely on the sender's |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1080 * retransmission: |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1081 * |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1082 * 12.2. Coalescing Packets: |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1083 * |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1084 * For example, if decryption fails (because the keys are |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1085 * not available or any other reason), the receiver MAY either |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1086 * discard or buffer the packet for later processing and MUST |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1087 * attempt to process the remaining packets. |
|
8535
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1088 * |
|
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1089 * We also skip packets that don't match connection state |
|
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1090 * or cannot be parsed properly. |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1091 */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1092 |
| 8225 | 1093 /* b->pos is at header end, adjust by actual packet length */ |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8557
diff
changeset
|
1094 b->pos = pkt.data + pkt.len; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1095 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1096 /* firefox workaround: skip zero padding at the end of quic packet */ |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1097 while (b->pos < b->last && *(b->pos) == 0) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1098 b->pos++; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1099 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1100 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1101 p = b->pos; |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1102 } |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1103 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1104 return good ? NGX_OK : NGX_DECLINED; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1105 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1106 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1107 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1108 static ngx_int_t |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1109 ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf, |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1110 ngx_quic_header_t *pkt) |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1111 { |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1112 ngx_int_t rc; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1113 ngx_quic_connection_t *qc; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1114 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1115 c->log->action = "parsing quic packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1116 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1117 rc = ngx_quic_parse_packet(pkt); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1118 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1119 if (rc == NGX_DECLINED || rc == NGX_ERROR) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1120 return rc; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1121 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1122 |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1123 pkt->parsed = 1; |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1124 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1125 c->log->action = "processing quic packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1126 |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1127 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1128 "quic packet rx dcid len:%uz %xV", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1129 pkt->dcid.len, &pkt->dcid); |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1130 |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1131 #if (NGX_DEBUG) |
|
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1132 if (pkt->level != ssl_encryption_application) { |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1133 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1134 "quic packet rx scid len:%uz %xV", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1135 pkt->scid.len, &pkt->scid); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1136 } |
|
8641
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1137 |
|
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1138 if (pkt->level == ssl_encryption_initial) { |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1139 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1140 "quic address validation token len:%uz %xV", |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1141 pkt->token.len, &pkt->token); |
|
8641
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1142 } |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1143 #endif |
|
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1144 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1145 qc = ngx_quic_get_connection(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1146 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1147 if (qc) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1148 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1149 if (rc == NGX_ABORT) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1150 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1151 "quic unsupported version: 0x%xD", pkt->version); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1152 return NGX_DECLINED; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1153 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1154 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1155 if (pkt->level != ssl_encryption_application) { |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1156 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1157 if (pkt->version != qc->version) { |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1158 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1159 "quic version mismatch: 0x%xD", pkt->version); |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1160 return NGX_DECLINED; |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1161 } |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1162 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1163 if (ngx_quic_check_csid(qc, pkt) != NGX_OK) { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1164 return NGX_DECLINED; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
1165 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
1166 |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1167 } else { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1168 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1169 if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1170 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1171 "quic stateless reset packet detected"); |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1172 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1173 qc->draining = 1; |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1174 ngx_quic_close_connection(c, NGX_OK); |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1175 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1176 return NGX_OK; |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1177 } |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1178 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1179 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1180 return ngx_quic_process_payload(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1181 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1182 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1183 /* packet does not belong to a connection */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1184 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1185 if (rc == NGX_ABORT) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1186 return ngx_quic_negotiate_version(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1187 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1188 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1189 if (pkt->level == ssl_encryption_application) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1190 return ngx_quic_send_stateless_reset(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1191 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1192 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1193 if (pkt->level != ssl_encryption_initial) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1194 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1195 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1196 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1197 c->log->action = "processing initial packet"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1198 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1199 if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1200 /* 7.2. Negotiating Connection IDs */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1201 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1202 "quic too short dcid in initial" |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1203 " packet: len:%i", pkt->dcid.len); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1204 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1205 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1206 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1207 /* process retry and initialize connection IDs */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1208 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1209 if (pkt->token.len) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1210 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1211 rc = ngx_quic_validate_token(c, conf->av_token_key, pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1212 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1213 if (rc == NGX_ERROR) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1214 /* internal error */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1215 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1216 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1217 } else if (rc == NGX_ABORT) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1218 /* token cannot be decrypted */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1219 return ngx_quic_send_early_cc(c, pkt, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1220 NGX_QUIC_ERR_INVALID_TOKEN, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1221 "cannot decrypt token"); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1222 } else if (rc == NGX_DECLINED) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1223 /* token is invalid */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1224 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1225 if (pkt->retried) { |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1226 /* invalid address validation token */ |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1227 return ngx_quic_send_early_cc(c, pkt, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1228 NGX_QUIC_ERR_INVALID_TOKEN, |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1229 "invalid address validation token"); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1230 } else if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1231 /* invalid NEW_TOKEN */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1232 return ngx_quic_send_retry(c, conf, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1233 } |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1234 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1235 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1236 /* NGX_OK */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1237 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1238 } else if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1239 return ngx_quic_send_retry(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1240 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1241 } else { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1242 pkt->odcid = pkt->dcid; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1243 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1244 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1245 if (ngx_terminate || ngx_exiting) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1246 if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1247 return ngx_quic_send_retry(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1248 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1249 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1250 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1251 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1252 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1253 c->log->action = "creating quic connection"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1254 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1255 qc = ngx_quic_new_connection(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1256 if (qc == NULL) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1257 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1258 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1259 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1260 return ngx_quic_process_payload(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1261 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1262 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1263 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1264 static ngx_int_t |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1265 ngx_quic_process_payload(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1266 { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1267 ngx_int_t rc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1268 ngx_quic_send_ctx_t *ctx; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1269 ngx_quic_connection_t *qc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1270 static u_char buf[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE]; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1271 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1272 qc = ngx_quic_get_connection(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1273 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1274 qc->error = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1275 qc->error_reason = 0; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1276 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1277 c->log->action = "decrypting packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1278 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1279 if (!ngx_quic_keys_available(qc->keys, pkt->level)) { |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1280 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1281 "quic no level %d keys yet, ignoring packet", pkt->level); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1282 return NGX_DECLINED; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1283 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1284 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1285 pkt->keys = qc->keys; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1286 pkt->key_phase = qc->key_phase; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1287 pkt->plaintext = buf; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1288 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1289 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1290 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1291 rc = ngx_quic_decrypt(pkt, &ctx->largest_pn); |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1292 if (rc != NGX_OK) { |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1293 qc->error = pkt->error; |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1294 qc->error_reason = "failed to decrypt packet"; |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1295 return rc; |
| 8223 | 1296 } |
| 1297 | |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1298 pkt->decrypted = 1; |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1299 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1300 if (c->ssl == NULL) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1301 if (ngx_quic_init_connection(c) != NGX_OK) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1302 return NGX_ERROR; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1303 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1304 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1305 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1306 if (pkt->level == ssl_encryption_handshake) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1307 /* |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1308 * 4.10.1. The successful use of Handshake packets indicates |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1309 * that no more Initial packets need to be exchanged |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1310 */ |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1311 ngx_quic_discard_ctx(c, ssl_encryption_initial); |
|
8611
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1312 |
|
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1313 if (qc->validated == 0) { |
|
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1314 qc->validated = 1; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1315 ngx_post_event(&qc->push, &ngx_posted_events); |
|
8611
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1316 } |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1317 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1318 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1319 if (qc->closing) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1320 /* |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1321 * 10.1 Closing and Draining Connection States |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1322 * ... delayed or reordered packets are properly discarded. |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1323 * |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1324 * An endpoint retains only enough information to generate |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1325 * a packet containing a CONNECTION_CLOSE frame and to identify |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1326 * packets as belonging to the connection. |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1327 */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1328 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1329 qc->error_level = pkt->level; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1330 qc->error = NGX_QUIC_ERR_NO_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1331 qc->error_reason = "connection is closing, packet discarded"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1332 qc->error_ftype = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1333 qc->error_app = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1334 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1335 return ngx_quic_send_cc(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1336 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1337 |
|
8603
c5ea341f705a
QUIC: optimized acknowledgement generation.
Vladimir Homutov <vl@nginx.com>
parents:
8602
diff
changeset
|
1338 pkt->received = ngx_current_msec; |
|
8574
1d4417e4f2d0
QUIC: fixed measuring ACK Delay against 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8573
diff
changeset
|
1339 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1340 c->log->action = "handling payload"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1341 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1342 if (pkt->level != ssl_encryption_application) { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1343 return ngx_quic_handle_frames(c, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1344 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1345 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1346 if (!pkt->key_update) { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1347 return ngx_quic_handle_frames(c, pkt); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1348 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1349 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1350 /* switch keys and generate next on Key Phase change */ |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1351 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1352 qc->key_phase ^= 1; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1353 ngx_quic_keys_switch(c, qc->keys); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1354 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1355 rc = ngx_quic_handle_frames(c, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1356 if (rc != NGX_OK) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1357 return rc; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1358 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1359 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1360 return ngx_quic_keys_update(c, qc->keys); |
| 8223 | 1361 } |
| 1362 | |
| 1363 | |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1364 static void |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1365 ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1366 { |
|
8507
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1367 ngx_queue_t *q; |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1368 ngx_quic_frame_t *f; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8338
diff
changeset
|
1369 ngx_quic_send_ctx_t *ctx; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1370 ngx_quic_connection_t *qc; |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1371 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1372 qc = ngx_quic_get_connection(c); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1373 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1374 if (!ngx_quic_keys_available(qc->keys, level)) { |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1375 return; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1376 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1377 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1378 ngx_quic_keys_discard(qc->keys, level); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1379 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1380 qc->pto_count = 0; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1381 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1382 ctx = ngx_quic_get_send_ctx(qc, level); |
|
8507
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1383 |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1384 while (!ngx_queue_empty(&ctx->sent)) { |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1385 q = ngx_queue_head(&ctx->sent); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1386 ngx_queue_remove(q); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1387 |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1388 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1389 ngx_quic_congestion_ack(c, f); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1390 ngx_quic_free_frame(c, f); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1391 } |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1392 |
|
8612
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1393 while (!ngx_queue_empty(&ctx->frames)) { |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1394 q = ngx_queue_head(&ctx->frames); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1395 ngx_queue_remove(q); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1396 |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1397 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1398 ngx_quic_congestion_ack(c, f); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1399 ngx_quic_free_frame(c, f); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1400 } |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1401 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1402 if (level == ssl_encryption_initial) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1403 ngx_quic_clear_temp_server_ids(c); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1404 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1405 |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1406 ctx->send_ack = 0; |
|
8697
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8696
diff
changeset
|
1407 |
|
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8696
diff
changeset
|
1408 ngx_quic_set_lost_timer(c); |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1409 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1410 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1411 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1412 static ngx_int_t |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1413 ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) |
| 8361 | 1414 { |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1415 ngx_queue_t *q; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1416 ngx_quic_client_id_t *cid; |
|
8381
6e100d8c138a
Preserve original DCID and unbreak parsing 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8380
diff
changeset
|
1417 |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1418 for (q = ngx_queue_head(&qc->client_ids); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1419 q != ngx_queue_sentinel(&qc->client_ids); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1420 q = ngx_queue_next(q)) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1421 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1422 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1423 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1424 if (pkt->scid.len == cid->len |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1425 && ngx_memcmp(pkt->scid.data, cid->id, cid->len) == 0) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1426 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1427 return NGX_OK; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1428 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1429 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1430 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1431 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic scid"); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1432 return NGX_ERROR; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1433 } |
| 8171 | 1434 |
| 1435 | |
| 8225 | 1436 static ngx_int_t |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1437 ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 8225 | 1438 { |
| 1439 u_char *end, *p; | |
| 1440 ssize_t len; | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1441 ngx_buf_t buf; |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1442 ngx_uint_t do_close; |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1443 ngx_chain_t chain; |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1444 ngx_quic_frame_t frame; |
| 8225 | 1445 ngx_quic_connection_t *qc; |
| 1446 | |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1447 qc = ngx_quic_get_connection(c); |
| 8225 | 1448 |
| 1449 p = pkt->payload.data; | |
| 1450 end = p + pkt->payload.len; | |
| 1451 | |
| 1452 do_close = 0; | |
| 1453 | |
| 1454 while (p < end) { | |
| 1455 | |
| 8275 | 1456 c->log->action = "parsing frames"; |
| 1457 | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1458 ngx_memzero(&buf, sizeof(ngx_buf_t)); |
|
8659
d9f673d18e9b
QUIC: set the temporary flag for input frame buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8658
diff
changeset
|
1459 buf.temporary = 1; |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1460 |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1461 chain.buf = &buf; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1462 chain.next = NULL; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1463 frame.data = &chain; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1464 |
|
8240
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
8239
diff
changeset
|
1465 len = ngx_quic_parse_frame(pkt, p, end, &frame); |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
1466 |
| 8225 | 1467 if (len < 0) { |
|
8385
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1468 qc->error = pkt->error; |
| 8225 | 1469 return NGX_ERROR; |
| 1470 } | |
| 1471 | |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
1472 ngx_quic_log_frame(c->log, &frame, 0); |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
1473 |
| 8275 | 1474 c->log->action = "handling frames"; |
| 1475 | |
| 8225 | 1476 p += len; |
| 1477 | |
| 1478 switch (frame.type) { | |
| 1479 | |
| 1480 case NGX_QUIC_FT_ACK: | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1481 if (ngx_quic_handle_ack_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1482 return NGX_ERROR; |
| 1483 } | |
| 1484 | |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1485 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1486 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1487 case NGX_QUIC_FT_PADDING: |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1488 /* no action required */ |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1489 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1490 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1491 case NGX_QUIC_FT_CONNECTION_CLOSE: |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1492 case NGX_QUIC_FT_CONNECTION_CLOSE_APP: |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1493 do_close = 1; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1494 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1495 } |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1496 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1497 /* got there with ack-eliciting packet */ |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1498 pkt->need_ack = 1; |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1499 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1500 switch (frame.type) { |
| 8225 | 1501 |
| 1502 case NGX_QUIC_FT_CRYPTO: | |
| 1503 | |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1504 if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1505 return NGX_ERROR; |
| 1506 } | |
| 1507 | |
| 1508 break; | |
| 1509 | |
| 1510 case NGX_QUIC_FT_PING: | |
| 1511 break; | |
| 1512 | |
| 1513 case NGX_QUIC_FT_STREAM0: | |
| 1514 case NGX_QUIC_FT_STREAM1: | |
| 1515 case NGX_QUIC_FT_STREAM2: | |
| 1516 case NGX_QUIC_FT_STREAM3: | |
| 1517 case NGX_QUIC_FT_STREAM4: | |
| 1518 case NGX_QUIC_FT_STREAM5: | |
| 1519 case NGX_QUIC_FT_STREAM6: | |
| 1520 case NGX_QUIC_FT_STREAM7: | |
| 1521 | |
|
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8333
diff
changeset
|
1522 if (ngx_quic_handle_stream_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1523 return NGX_ERROR; |
| 1524 } | |
| 1525 | |
| 1526 break; | |
| 1527 | |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1528 case NGX_QUIC_FT_MAX_DATA: |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1529 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1530 if (ngx_quic_handle_max_data_frame(c, &frame.u.max_data) != NGX_OK) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1531 { |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1532 return NGX_ERROR; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1533 } |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1534 |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1535 break; |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1536 |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1537 case NGX_QUIC_FT_STREAMS_BLOCKED: |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1538 case NGX_QUIC_FT_STREAMS_BLOCKED2: |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1539 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1540 if (ngx_quic_handle_streams_blocked_frame(c, pkt, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1541 &frame.u.streams_blocked) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1542 != NGX_OK) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1543 { |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1544 return NGX_ERROR; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1545 } |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1546 |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1547 break; |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1548 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1549 case NGX_QUIC_FT_STREAM_DATA_BLOCKED: |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1550 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1551 if (ngx_quic_handle_stream_data_blocked_frame(c, pkt, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1552 &frame.u.stream_data_blocked) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1553 != NGX_OK) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1554 { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1555 return NGX_ERROR; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1556 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1557 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1558 break; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1559 |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1560 case NGX_QUIC_FT_MAX_STREAM_DATA: |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1561 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1562 if (ngx_quic_handle_max_stream_data_frame(c, pkt, |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1563 &frame.u.max_stream_data) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1564 != NGX_OK) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1565 { |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1566 return NGX_ERROR; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1567 } |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1568 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1569 break; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1570 |
|
8428
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1571 case NGX_QUIC_FT_RESET_STREAM: |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1572 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1573 if (ngx_quic_handle_reset_stream_frame(c, pkt, |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1574 &frame.u.reset_stream) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1575 != NGX_OK) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1576 { |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1577 return NGX_ERROR; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1578 } |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1579 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1580 break; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1581 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1582 case NGX_QUIC_FT_STOP_SENDING: |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1583 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1584 if (ngx_quic_handle_stop_sending_frame(c, pkt, |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1585 &frame.u.stop_sending) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1586 != NGX_OK) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1587 { |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1588 return NGX_ERROR; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1589 } |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1590 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1591 break; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1592 |
|
8495
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1593 case NGX_QUIC_FT_MAX_STREAMS: |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1594 case NGX_QUIC_FT_MAX_STREAMS2: |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1595 |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1596 if (ngx_quic_handle_max_streams_frame(c, pkt, &frame.u.max_streams) |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1597 != NGX_OK) |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1598 { |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1599 return NGX_ERROR; |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1600 } |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1601 |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1602 break; |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1603 |
|
8531
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1604 case NGX_QUIC_FT_PATH_CHALLENGE: |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1605 |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1606 if (ngx_quic_handle_path_challenge_frame(c, pkt, |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1607 &frame.u.path_challenge) |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1608 != NGX_OK) |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1609 { |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1610 return NGX_ERROR; |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1611 } |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1612 |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1613 break; |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1614 |
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1615 case NGX_QUIC_FT_PATH_RESPONSE: |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1616 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1617 if (ngx_quic_handle_path_response_frame(c, pkt, |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1618 &frame.u.path_response) |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1619 != NGX_OK) |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1620 { |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1621 return NGX_ERROR; |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1622 } |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1623 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1624 break; |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1625 |
|
8325
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
1626 case NGX_QUIC_FT_NEW_CONNECTION_ID: |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1627 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1628 if (ngx_quic_handle_new_connection_id_frame(c, pkt, &frame.u.ncid) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1629 != NGX_OK) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1630 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1631 return NGX_ERROR; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1632 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1633 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1634 break; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1635 |
|
8325
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
1636 case NGX_QUIC_FT_RETIRE_CONNECTION_ID: |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1637 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1638 if (ngx_quic_handle_retire_connection_id_frame(c, pkt, |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1639 &frame.u.retire_cid) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1640 != NGX_OK) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1641 { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1642 return NGX_ERROR; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1643 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1644 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1645 break; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1646 |
| 8225 | 1647 default: |
|
8346
4e4485793418
Added MAX_STREAM_DATA stub handler.
Vladimir Homutov <vl@nginx.com>
parents:
8345
diff
changeset
|
1648 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 1649 "quic missing frame handler"); |
| 8225 | 1650 return NGX_ERROR; |
| 1651 } | |
| 1652 } | |
| 1653 | |
| 1654 if (p != end) { | |
| 1655 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
1656 "quic trailing garbage in payload:%ui bytes", end - p); |
|
8385
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1657 |
|
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1658 qc->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR; |
| 8225 | 1659 return NGX_ERROR; |
| 1660 } | |
| 1661 | |
| 1662 if (do_close) { | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1663 qc->draining = 1; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1664 ngx_quic_close_connection(c, NGX_OK); |
| 8225 | 1665 } |
| 1666 | |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1667 if (ngx_quic_ack_packet(c, pkt) != NGX_OK) { |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1668 return NGX_ERROR; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1669 } |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1670 |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1671 return NGX_OK; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1672 } |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1673 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1674 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1675 static ngx_int_t |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1676 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1677 ngx_quic_frame_t *frame) |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1678 { |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1679 uint64_t last; |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1680 ngx_int_t rc; |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1681 ngx_quic_send_ctx_t *ctx; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1682 ngx_quic_connection_t *qc; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1683 ngx_quic_crypto_frame_t *f; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1684 ngx_quic_frames_stream_t *fs; |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1685 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1686 qc = ngx_quic_get_connection(c); |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1687 fs = &qc->crypto[pkt->level]; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1688 f = &frame->u.crypto; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1689 |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1690 /* no overflow since both values are 62-bit */ |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1691 last = f->offset + f->length; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1692 |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1693 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1694 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1695 return NGX_ERROR; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1696 } |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1697 |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1698 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input, |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1699 NULL); |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1700 if (rc != NGX_DECLINED) { |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1701 return rc; |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1702 } |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1703 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1704 /* speeding up handshake completion */ |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1705 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1706 if (pkt->level == ssl_encryption_initial) { |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1707 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1708 |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1709 if (!ngx_queue_empty(&ctx->sent)) { |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1710 ngx_quic_resend_frames(c, ctx); |
|
8660
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1711 |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1712 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1713 while (!ngx_queue_empty(&ctx->sent)) { |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1714 ngx_quic_resend_frames(c, ctx); |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1715 } |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1716 } |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1717 } |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1718 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1719 return NGX_OK; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1720 } |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1721 |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1722 |
|
8749
660c4a2f95f3
QUIC: separate files for frames related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
1723 ngx_int_t |
|
8378
81a4f98a2556
Cleaned up reordering code.
Vladimir Homutov <vl@nginx.com>
parents:
8377
diff
changeset
|
1724 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1725 { |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1726 int n, sslerr; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1727 ngx_buf_t *b; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1728 ngx_chain_t *cl; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1729 ngx_ssl_conn_t *ssl_conn; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1730 ngx_quic_connection_t *qc; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1731 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1732 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1733 |
| 8225 | 1734 ssl_conn = c->ssl->connection; |
| 1735 | |
| 1736 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
1737 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
| 8225 | 1738 (int) SSL_quic_read_level(ssl_conn), |
| 1739 (int) SSL_quic_write_level(ssl_conn)); | |
| 1740 | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1741 for (cl = frame->data; cl; cl = cl->next) { |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1742 b = cl->buf; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1743 |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1744 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1745 b->pos, b->last - b->pos)) |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1746 { |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1747 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1748 "SSL_provide_quic_data() failed"); |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1749 return NGX_ERROR; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1750 } |
| 8225 | 1751 } |
| 1752 | |
| 1753 n = SSL_do_handshake(ssl_conn); | |
| 1754 | |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1755 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1756 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1757 (int) SSL_quic_read_level(ssl_conn), |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1758 (int) SSL_quic_write_level(ssl_conn)); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1759 |
| 8225 | 1760 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
| 1761 | |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1762 if (n <= 0) { |
| 8225 | 1763 sslerr = SSL_get_error(ssl_conn, n); |
| 1764 | |
| 1765 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
| 1766 sslerr); | |
| 1767 | |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
1768 if (sslerr != SSL_ERROR_WANT_READ) { |
| 8225 | 1769 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
1770 return NGX_ERROR; |
| 8225 | 1771 } |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1772 |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1773 return NGX_OK; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1774 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1775 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1776 if (SSL_in_init(ssl_conn)) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1777 return NGX_OK; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1778 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1779 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1780 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1781 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1782 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1783 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1784 "quic handshake completed successfully"); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1785 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1786 c->ssl->handshaked = 1; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1787 |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1788 frame = ngx_quic_alloc_frame(c); |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1789 if (frame == NULL) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1790 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1791 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1792 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1793 /* 12.4 Frames and frame types, figure 8 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1794 frame->level = ssl_encryption_application; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1795 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1796 ngx_quic_queue_frame(qc, frame); |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1797 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1798 if (ngx_quic_send_new_token(c) != NGX_OK) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1799 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1800 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1801 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1802 /* |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1803 * Generating next keys before a key update is received. |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1804 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1805 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1806 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1807 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1808 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1809 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1810 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1811 /* |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1812 * 4.10.2 An endpoint MUST discard its handshake keys |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1813 * when the TLS handshake is confirmed |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1814 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
1815 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
| 8225 | 1816 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1817 if (ngx_quic_issue_server_ids(c) != NGX_OK) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1818 return NGX_ERROR; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1819 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1820 |
| 8225 | 1821 return NGX_OK; |
| 1822 } | |
| 1823 | |
| 1824 | |
| 8309 | 1825 static void |
| 1826 ngx_quic_push_handler(ngx_event_t *ev) | |
| 1827 { | |
|
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8333
diff
changeset
|
1828 ngx_connection_t *c; |
| 8309 | 1829 |
| 8359 | 1830 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic push timer"); |
| 8309 | 1831 |
| 1832 c = ev->data; | |
| 1833 | |
| 1834 if (ngx_quic_output(c) != NGX_OK) { | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1835 ngx_quic_close_connection(c, NGX_ERROR); |
| 8309 | 1836 return; |
| 1837 } | |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1838 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1839 ngx_quic_connstate_dbg(c); |
| 8309 | 1840 } |
| 1841 | |
| 1842 | |
|
8750
41807e581de9
QUIC: separate files for stream related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8749
diff
changeset
|
1843 void |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1844 ngx_quic_shutdown_quic(ngx_connection_t *c) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1845 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1846 ngx_rbtree_t *tree; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1847 ngx_rbtree_node_t *node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1848 ngx_quic_stream_t *qs; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1849 ngx_quic_connection_t *qc; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1850 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1851 qc = ngx_quic_get_connection(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1852 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1853 if (qc->closing) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1854 return; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1855 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1856 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1857 tree = &qc->streams.tree; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1858 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1859 if (tree->root != tree->sentinel) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1860 for (node = ngx_rbtree_min(tree->root, tree->sentinel); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1861 node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1862 node = ngx_rbtree_next(tree, node)) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1863 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1864 qs = (ngx_quic_stream_t *) node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1865 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1866 if (!qs->cancelable) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1867 return; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1868 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1869 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1870 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1871 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1872 ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1873 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1874 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
1875 |
|
8626
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1876 uint32_t |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1877 ngx_quic_version(ngx_connection_t *c) |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1878 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1879 uint32_t version; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1880 ngx_quic_connection_t *qc; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1881 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1882 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1883 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1884 version = qc->version; |
|
8626
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1885 |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1886 return (version & 0xff000000) == 0xff000000 ? version & 0xff : version; |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
1887 } |