nginx: src/event/quic/ngx_event_quic

comparison src/event/quic/ngx_event_quic_migration.c @ 8971:1e2f4e9c8195 quic

QUIC: reworked migration handling. The quic connection now holds active, backup and probe paths instead of sockets. The number of migration paths is now limited and cannot be inflated by a bad client or an attacker. The client id is now associated with path rather than socket. This allows to simplify processing of output and connection ids handling. New migration abandons any previously started migrations. This allows to free consumed client ids and request new for use in future migrations and make progress in case when connection id limit is hit during migration. A path now can be revalidated without losing its state. The patch also fixes various issues with NAT rebinding case handling: - paths are now validated (previously, there was no validation and paths were left in limited state) - attempt to reuse id on different path is now again verified (this was broken in 40445fc7c403) - former path is now validated in case of apparent migration

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 19 Jan 2022 22:39:24 +0300
parents	b7284807b4fa
children	077a1e403446

comparison

equal deleted inserted replaced

-:7106a918a277
+:1e2f4e9c8195
 ngx_quic_path_t *path);
 static ngx_int_t ngx_quic_validate_path(ngx_connection_t *c,
 ngx_quic_path_t *path);
 static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c,
 ngx_quic_path_t *path);
-static ngx_int_t ngx_quic_path_restore(ngx_connection_t *c);
+static ngx_quic_path_t *ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag);
-static ngx_quic_path_t *ngx_quic_alloc_path(ngx_connection_t *c);
 ngx_int_t
 ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
-ngx_quic_path_challenge_frame_t *f)
+ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f)
 {
-ngx_quic_path_t        *path;
 ngx_quic_frame_t        frame, *fp;
-ngx_quic_socket_t      *qsock;
 ngx_quic_connection_t  *qc;
 qc = ngx_quic_get_connection(c);
 ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
 * RFC 9000, 8.2.2.  Path Validation Responses
 *
 * A PATH_RESPONSE frame MUST be sent on the network path where the
 * PATH_CHALLENGE frame was received.
 */
-qsock = ngx_quic_get_socket(c);
-path = qsock->path;
 /*
 * An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
 * to at least the smallest allowed maximum datagram size of 1200 bytes.
 */
-if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
+if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) != NGX_OK) {
 return NGX_ERROR;
 }
-if (qsock == qc->socket) {
+if (pkt->path == qc->path) {
 /*
 * RFC 9000, 9.3.3.  Off-Path Packet Forwarding
 *
 * An endpoint that receives a PATH_CHALLENGE on an active path SHOULD
 * send a non-probing packet in response.
 q != ngx_queue_sentinel(&qc->paths);
 q = ngx_queue_next(q))
 {
 path = ngx_queue_data(q, ngx_quic_path_t, queue);
-if (path->state != NGX_QUIC_PATH_VALIDATING) {
+if (!path->validating) {
 continue;
 }
 if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
 || ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
 {
 goto valid;
 }
 }
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic stale PATH_RESPONSE ignored");
 return NGX_OK;
 valid:
 * unless the only change in the peer's address is its port number.
 */
 rst = 1;
-if (qc->backup) {
+prev = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
-prev = qc->backup->path;
+if (prev != NULL) {
 if (ngx_cmp_sockaddr(prev->sockaddr, prev->socklen,
 path->sockaddr, path->socklen, 0)
 == NGX_OK)
 {
 if (ngx_quic_send_new_token(c, path) != NGX_OK) {
 return NGX_ERROR;
 }
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"quic path #%uL successfully validated", path->seqnum);
+"quic path #%uL addr:%V successfully validated",
+path->seqnum, &path->addr_text);
-path->state = NGX_QUIC_PATH_VALIDATED;
+ngx_quic_path_dbg(c, "is validated", path);
+path->validated = 1;
+path->validating = 0;
 path->limited = 0;
 return NGX_OK;
 }
-static ngx_quic_path_t *
+ngx_quic_path_t *
-ngx_quic_alloc_path(ngx_connection_t *c)
+ngx_quic_new_path(ngx_connection_t *c,
+struct sockaddr *sockaddr, socklen_t socklen, ngx_quic_client_id_t *cid)
 {
 ngx_queue_t            *q;
-struct sockaddr        *sa;
 ngx_quic_path_t        *path;
 ngx_quic_connection_t  *qc;
 qc = ngx_quic_get_connection(c);
 q = ngx_queue_head(&qc->free_paths);
 path = ngx_queue_data(q, ngx_quic_path_t, queue);
 ngx_queue_remove(&path->queue);
-sa = path->sockaddr;
 ngx_memzero(path, sizeof(ngx_quic_path_t));
-path->sockaddr = sa;
 } else {
 path = ngx_pcalloc(c->pool, sizeof(ngx_quic_path_t));
 if (path == NULL) {
 return NULL;
 }
+}
-path->sockaddr = ngx_palloc(c->pool, NGX_SOCKADDRLEN);
-if (path->sockaddr == NULL) {
+ngx_queue_insert_tail(&qc->paths, &path->queue);
-return NULL;
-}
+path->cid = cid;
-}
+cid->used = 1;
-return path;
-}
-ngx_quic_path_t *
-ngx_quic_add_path(ngx_connection_t *c, struct sockaddr *sockaddr,
-socklen_t socklen)
-{
-ngx_quic_path_t        *path;
-ngx_quic_connection_t  *qc;
-qc = ngx_quic_get_connection(c);
-path = ngx_quic_alloc_path(c);
-if (path == NULL) {
-return NULL;
-}
-path->state = NGX_QUIC_PATH_NEW;
 path->limited = 1;
 path->seqnum = qc->path_seqnum++;
-path->last_seen = ngx_current_msec;
+path->sockaddr = &path->sa.sockaddr;
 path->socklen = socklen;
 ngx_memcpy(path->sockaddr, sockaddr, socklen);
 path->addr_text.data = path->text;
 path->addr_text.len = ngx_sock_ntop(sockaddr, socklen, path->text,
 NGX_SOCKADDR_STRLEN, 1);
-ngx_queue_insert_tail(&qc->paths, &path->queue);
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic path #%uL created src:%V",
+"quic path #%uL created addr:%V",
 path->seqnum, &path->addr_text);
 return path;
 }
-ngx_quic_path_t *
+static ngx_quic_path_t *
-ngx_quic_find_path(ngx_connection_t *c, struct sockaddr *sockaddr,
+ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag)
-socklen_t socklen)
 {
 ngx_queue_t            *q;
 ngx_quic_path_t        *path;
 ngx_quic_connection_t  *qc;
 q != ngx_queue_sentinel(&qc->paths);
 q = ngx_queue_next(q))
 {
 path = ngx_queue_data(q, ngx_quic_path_t, queue);
-if (ngx_cmp_sockaddr(sockaddr, socklen,
+if (path->tag == tag) {
-path->sockaddr, path->socklen, 1)
-== NGX_OK)
-{
 return path;
 }
 }
 return NULL;
 }
 ngx_int_t
-ngx_quic_update_paths(ngx_connection_t *c, ngx_quic_header_t *pkt)
+ngx_quic_set_path(ngx_connection_t *c, ngx_quic_header_t *pkt)
 {
 off_t                   len;
-ngx_quic_path_t        *path;
+ngx_queue_t            *q;
+ngx_quic_path_t        *path, *probe;
 ngx_quic_socket_t      *qsock;
 ngx_quic_client_id_t   *cid;
 ngx_quic_connection_t  *qc;
 qc = ngx_quic_get_connection(c);
 qsock = ngx_quic_get_socket(c);
+len = pkt->raw->last - pkt->raw->start;
 if (c->udp->dgram == NULL) {
-/* 1st ever packet in connection, path already exists */
+/* first ever packet in connection, path already exists  */
-path = qsock->path;
+path = qc->path;
 goto update;
 }
-path = ngx_quic_find_path(c, c->udp->dgram->sockaddr,
+probe = NULL;
-c->udp->dgram->socklen);
-if (path == NULL) {
-path = ngx_quic_add_path(c, c->udp->dgram->sockaddr,
-c->udp->dgram->socklen);
-if (path == NULL) {
-return NGX_ERROR;
-}
-if (qsock->path) {
-/* NAT rebinding case: packet to same CID, but from new address */
-ngx_quic_unref_path(c, qsock->path);
-qsock->path = path;
-path->refcnt++;
-goto update;
-}
-} else if (qsock->path) {
-goto update;
-}
-/* prefer unused client IDs if available */
-cid = ngx_quic_next_client_id(c);
-if (cid == NULL) {
-/* try to reuse connection ID used on the same path */
-cid = ngx_quic_used_client_id(c, path);
-if (cid == NULL) {
-qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR;
-qc->error_reason = "no available client ids for new path";
-ngx_log_error(NGX_LOG_ERR, c->log, 0,
-"no available client ids for new path");
-return NGX_ERROR;
-}
-}
-ngx_quic_connect(c, qsock, path, cid);
-update:
-if (path->state != NGX_QUIC_PATH_NEW) {
-/* force limits/revalidation for paths that were not seen recently */
-if (ngx_current_msec - path->last_seen > qc->tp.max_idle_timeout) {
-path->state = NGX_QUIC_PATH_NEW;
-path->limited = 1;
-path->sent = 0;
-path->received = 0;
-}
-}
-path->last_seen = ngx_current_msec;
-len = pkt->raw->last - pkt->raw->start;
-/* TODO: this may be too late in some cases;
-*       for example, if error happens during decrypt(), we cannot
-*       send CC, if error happens in 1st packet, due to amplification
-*       limit, because path->received = 0
-*
-*       should we account garbage as received or only decrypting packets?
-*/
-path->received += len;
-ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic packet via #%uL:%uL:%uL"
-" size:%O path recvd:%O sent:%O limited:%ui",
-qsock->sid.seqnum, qsock->cid->seqnum, path->seqnum,
-len, path->received, path->sent, path->limited);
-return NGX_OK;
-}
-static void
-ngx_quic_set_connection_path(ngx_connection_t *c, ngx_quic_path_t *path)
-{
-size_t  len;
-ngx_memcpy(c->sockaddr, path->sockaddr,  path->socklen);
-c->socklen = path->socklen;
-if (c->addr_text.data) {
-len = ngx_min(c->addr_text.len, path->addr_text.len);
-ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
-c->addr_text.len = len;
-}
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic send path set to #%uL addr:%V",
-path->seqnum, &path->addr_text);
-}
-ngx_int_t
-ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt)
-{
-ngx_quic_path_t        *next;
-ngx_quic_socket_t      *qsock;
-ngx_quic_send_ctx_t    *ctx;
-ngx_quic_connection_t  *qc;
-/* got non-probing packet via non-active socket with different path */
-qc = ngx_quic_get_connection(c);
-/* current socket, different from active */
-qsock = ngx_quic_get_socket(c);
-next = qsock->path; /* going to migrate to this path... */
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"quic migration from #%uL:%uL:%uL (%s)"
-" to #%uL:%uL:%uL (%s)",
-qc->socket->sid.seqnum, qc->socket->cid->seqnum,
-qc->socket->path->seqnum,
-ngx_quic_path_state_str(qc->socket->path),
-qsock->sid.seqnum, qsock->cid->seqnum, next->seqnum,
-ngx_quic_path_state_str(next));
-if (next->state == NGX_QUIC_PATH_NEW) {
-if (ngx_quic_validate_path(c, qsock->path) != NGX_OK) {
-return NGX_ERROR;
-}
-}
-ctx = ngx_quic_get_send_ctx(qc, pkt->level);
-/*
-* RFC 9000, 9.3.  Responding to Connection Migration
-*
-* An endpoint only changes the address to which it sends packets in
-* response to the highest-numbered non-probing packet.
-*/
-if (pkt->pn != ctx->largest_pn) {
-return NGX_OK;
-}
-/* switching connection to new path */
-ngx_quic_set_connection_path(c, next);
-/*
-* RFC 9000, 9.5.  Privacy Implications of Connection Migration
-*
-* An endpoint MUST NOT reuse a connection ID when sending to
-* more than one destination address.
-*/
-/* preserve valid path we are migrating from */
-if (qc->socket->path->state == NGX_QUIC_PATH_VALIDATED) {
-if (qc->backup) {
-ngx_quic_close_socket(c, qc->backup);
-}
-qc->backup = qc->socket;
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"quic backup socket is now #%uL:%uL:%uL (%s)",
-qc->backup->sid.seqnum, qc->backup->cid->seqnum,
-qc->backup->path->seqnum,
-ngx_quic_path_state_str(qc->backup->path));
-}
-qc->socket = qsock;
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"quic active socket is now #%uL:%uL:%uL (%s)",
-qsock->sid.seqnum, qsock->cid->seqnum,
-qsock->path->seqnum, ngx_quic_path_state_str(qsock->path));
-return NGX_OK;
-}
-static ngx_int_t
-ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
-{
-ngx_msec_t              pto;
-ngx_quic_send_ctx_t    *ctx;
-ngx_quic_connection_t  *qc;
-qc = ngx_quic_get_connection(c);
-ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic initiated validation of new path #%uL",
-path->seqnum);
-path->state = NGX_QUIC_PATH_VALIDATING;
-if (RAND_bytes(path->challenge1, 8) != 1) {
-return NGX_ERROR;
-}
-if (RAND_bytes(path->challenge2, 8) != 1) {
-return NGX_ERROR;
-}
-if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
-return NGX_ERROR;
-}
-ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
-pto = ngx_quic_pto(c, ctx);
-path->expires = ngx_current_msec + pto;
-path->tries = NGX_QUIC_PATH_RETRIES;
-if (!qc->path_validation.timer_set) {
-ngx_add_timer(&qc->path_validation, pto);
-}
-return NGX_OK;
-}
-static ngx_int_t
-ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
-{
-ngx_quic_frame_t  frame;
-ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"quic path #%uL send path challenge tries:%ui",
-path->seqnum, path->tries);
-ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
-frame.level = ssl_encryption_application;
-frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
-ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
-/*
-* RFC 9000, 8.2.1.  Initiating Path Validation
-*
-* An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
-* to at least the smallest allowed maximum datagram size of 1200 bytes,
-* unless the anti-amplification limit for the path does not permit
-* sending a datagram of this size.
-*/
-/* same applies to PATH_RESPONSE frames */
-if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
-return NGX_ERROR;
-}
-ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
-if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
-return NGX_ERROR;
-}
-return NGX_OK;
-}
-void
-ngx_quic_path_validation_handler(ngx_event_t *ev)
-{
-ngx_msec_t              now;
-ngx_queue_t            *q;
-ngx_msec_int_t          left, next, pto;
-ngx_quic_path_t        *path;
-ngx_connection_t       *c;
-ngx_quic_send_ctx_t    *ctx;
-ngx_quic_connection_t  *qc;
-c = ev->data;
-qc = ngx_quic_get_connection(c);
-ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
-pto = ngx_quic_pto(c, ctx);
-next = -1;
-now = ngx_current_msec;
 for (q = ngx_queue_head(&qc->paths);
 q != ngx_queue_sentinel(&qc->paths);
 q = ngx_queue_next(q))
 {
 path = ngx_queue_data(q, ngx_quic_path_t, queue);
-if (path->state != NGX_QUIC_PATH_VALIDATING) {
+if (ngx_cmp_sockaddr(c->udp->dgram->sockaddr, c->udp->dgram->socklen,
+path->sockaddr, path->socklen, 1)
+== NGX_OK)
+{
+goto update;
+}
+if (path->tag == NGX_QUIC_PATH_PROBE) {
+probe = path;
+}
+}
+/* packet from new path, drop current probe, if any */
+if (probe && ngx_quic_free_path(c, probe) != NGX_OK) {
+return NGX_ERROR;
+}
+/* new path requires new client id */
+cid = ngx_quic_next_client_id(c);
+if (cid == NULL) {
+ngx_log_error(NGX_LOG_ERR, c->log, 0,
+"quic no available client ids for new path");
+/* stop processing of this datagram */
+return NGX_DONE;
+}
+path = ngx_quic_new_path(c, c->udp->dgram->sockaddr,
+c->udp->dgram->socklen, cid);
+if (path == NULL) {
+return NGX_ERROR;
+}
+path->tag = NGX_QUIC_PATH_PROBE;
+/*
+* client arrived using new path and previously seen DCID,
+* this indicates NAT rebinding (or bad client)
+*/
+if (qsock->used) {
+pkt->rebound = 1;
+}
+update:
+qsock->used = 1;
+pkt->path = path;
+/* TODO: this may be too late in some cases;
+*       for example, if error happens during decrypt(), we cannot
+*       send CC, if error happens in 1st packet, due to amplification
+*       limit, because path->received = 0
+*
+*       should we account garbage as received or only decrypting packets?
+*/
+path->received += len;
+ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic packet len:%O via sock#%uL path#%uL",
+len, qsock->sid.seqnum, path->seqnum);
+ngx_quic_path_dbg(c, "status", path);
+return NGX_OK;
+}
+ngx_int_t
+ngx_quic_free_path(ngx_connection_t *c, ngx_quic_path_t *path)
+{
+ngx_quic_connection_t  *qc;
+qc = ngx_quic_get_connection(c);
+ngx_queue_remove(&path->queue);
+ngx_queue_insert_head(&qc->free_paths, &path->queue);
+/*
+* invalidate CID that is no longer usable for any other path;
+* this also requests new CIDs from client
+*/
+if (path->cid) {
+if (ngx_quic_free_client_id(c, path->cid) != NGX_OK) {
+return NGX_ERROR;
+}
+}
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic path #%uL addr:%V retired",
+path->seqnum, &path->addr_text);
+return NGX_OK;
+}
+static void
+ngx_quic_set_connection_path(ngx_connection_t *c, ngx_quic_path_t *path)
+{
+size_t  len;
+ngx_memcpy(c->sockaddr, path->sockaddr,  path->socklen);
+c->socklen = path->socklen;
+if (c->addr_text.data) {
+len = ngx_min(c->addr_text.len, path->addr_text.len);
+ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
+c->addr_text.len = len;
+}
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic send path set to #%uL addr:%V",
+path->seqnum, &path->addr_text);
+}
+ngx_int_t
+ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt)
+{
+ngx_quic_path_t        *next, *bkp;
+ngx_quic_send_ctx_t    *ctx;
+ngx_quic_connection_t  *qc;
+/* got non-probing packet via non-active path */
+qc = ngx_quic_get_connection(c);
+ctx = ngx_quic_get_send_ctx(qc, pkt->level);
+/*
+* RFC 9000, 9.3.  Responding to Connection Migration
+*
+* An endpoint only changes the address to which it sends packets in
+* response to the highest-numbered non-probing packet.
+*/
+if (pkt->pn != ctx->largest_pn) {
+return NGX_OK;
+}
+next = pkt->path;
+/*
+* RFC 9000, 9.3.3:
+*
+* In response to an apparent migration, endpoints MUST validate the
+* previously active path using a PATH_CHALLENGE frame.
+*/
+if (pkt->rebound) {
+/* NAT rebinding: client uses new path with old SID */
+if (ngx_quic_validate_path(c, qc->path) != NGX_OK) {
+return NGX_ERROR;
+}
+}
+if (qc->path->validated) {
+if (next->tag != NGX_QUIC_PATH_BACKUP) {
+/* can delete backup path, if any */
+bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
+if (bkp && ngx_quic_free_path(c, bkp) != NGX_OK) {
+return NGX_ERROR;
+}
+}
+qc->path->tag = NGX_QUIC_PATH_BACKUP;
+ngx_quic_path_dbg(c, "is now backup", qc->path);
+} else {
+if (ngx_quic_free_path(c, qc->path) != NGX_OK) {
+return NGX_ERROR;
+}
+}
+/* switch active path to migrated */
+qc->path = next;
+qc->path->tag = NGX_QUIC_PATH_ACTIVE;
+ngx_quic_set_connection_path(c, next);
+if (!next->validated && !next->validating) {
+if (ngx_quic_validate_path(c, next) != NGX_OK) {
+return NGX_ERROR;
+}
+}
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic migrated to path#%uL addr:%V",
+qc->path->seqnum, &qc->path->addr_text);
+ngx_quic_path_dbg(c, "is now active", qc->path);
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
+{
+ngx_msec_t              pto;
+ngx_quic_send_ctx_t    *ctx;
+ngx_quic_connection_t  *qc;
+qc = ngx_quic_get_connection(c);
+ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic initiated validation of path #%uL", path->seqnum);
+path->validating = 1;
+if (RAND_bytes(path->challenge1, 8) != 1) {
+return NGX_ERROR;
+}
+if (RAND_bytes(path->challenge2, 8) != 1) {
+return NGX_ERROR;
+}
+if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
+return NGX_ERROR;
+}
+ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+pto = ngx_quic_pto(c, ctx);
+path->expires = ngx_current_msec + pto;
+path->tries = NGX_QUIC_PATH_RETRIES;
+if (!qc->path_validation.timer_set) {
+ngx_add_timer(&qc->path_validation, pto);
+}
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
+{
+ngx_quic_frame_t  frame;
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+"quic path #%uL send path_challenge tries:%ui",
+path->seqnum, path->tries);
+ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
+frame.level = ssl_encryption_application;
+frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
+ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
+/*
+* RFC 9000, 8.2.1.  Initiating Path Validation
+*
+* An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
+* to at least the smallest allowed maximum datagram size of 1200 bytes,
+* unless the anti-amplification limit for the path does not permit
+* sending a datagram of this size.
+*/
+/* same applies to PATH_RESPONSE frames */
+if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
+return NGX_ERROR;
+}
+ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
+if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
+return NGX_ERROR;
+}
+return NGX_OK;
+}
+void
+ngx_quic_path_validation_handler(ngx_event_t *ev)
+{
+ngx_msec_t              now;
+ngx_queue_t            *q;
+ngx_msec_int_t          left, next, pto;
+ngx_quic_path_t        *path, *bkp;
+ngx_connection_t       *c;
+ngx_quic_send_ctx_t    *ctx;
+ngx_quic_connection_t  *qc;
+c = ev->data;
+qc = ngx_quic_get_connection(c);
+ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+pto = ngx_quic_pto(c, ctx);
+next = -1;
+now = ngx_current_msec;
+q = ngx_queue_head(&qc->paths);
+while (q != ngx_queue_sentinel(&qc->paths)) {
+path = ngx_queue_data(q, ngx_quic_path_t, queue);
+q = ngx_queue_next(q);
+if (!path->validating) {
 continue;
 }
 left = path->expires - now;
 if (left > 0) {
 if (next == -1 || left < next) {
-next = path->expires;
+next = left;
 }
 continue;
 }
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
 "quic path #%uL validation failed", path->seqnum);
 /* found expired path */
-path->state = NGX_QUIC_PATH_NEW;
+path->validated = 0;
+path->validating = 0;
 path->limited = 1;
-/*
-* RFC 9000, 9.4.  Loss Detection and Congestion Control
+/* RFC 9000, 9.3.2.  On-Path Address Spoofing
 *
-* If the timer fires before the PATH_RESPONSE is received, the
+* To protect the connection from failing due to such a spurious
-* endpoint might send a new PATH_CHALLENGE and restart the timer for
+* migration, an endpoint MUST revert to using the last validated
-* a longer period of time.  This timer SHOULD be set as described in
+* peer address when validation of a new peer address fails.
-* Section 6.2.1 of [QUIC-RECOVERY] and MUST NOT be more aggressive.
 */
-if (qc->socket->path != path) {
+if (qc->path == path) {
-/* the path was not actually used */
+/* active path validation failed */
-continue;
-}
+bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
-if (ngx_quic_path_restore(c) != NGX_OK) {
+if (bkp == NULL) {
 qc->error = NGX_QUIC_ERR_NO_VIABLE_PATH;
 qc->error_reason = "no viable path";
+ngx_quic_close_connection(c, NGX_ERROR);
+return;
+}
+qc->path = bkp;
+qc->path->tag = NGX_QUIC_PATH_ACTIVE;
+ngx_quic_set_connection_path(c, qc->path);
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"quic path #%uL addr:%V is restored from backup",
+qc->path->seqnum, &qc->path->addr_text);
+ngx_quic_path_dbg(c, "is active", qc->path);
+}
+if (ngx_quic_free_path(c, path) != NGX_OK) {
 ngx_quic_close_connection(c, NGX_ERROR);
 return;
 }
 }
 if (next != -1) {
 ngx_add_timer(&qc->path_validation, next);
 }
 }
-static ngx_int_t
-ngx_quic_path_restore(ngx_connection_t *c)
-{
-ngx_quic_socket_t      *qsock;
-ngx_quic_connection_t  *qc;
-qc = ngx_quic_get_connection(c);
-/*
-* RFC 9000, 9.1.  Probing a New Path
-*
-* Failure to validate a path does not cause the connection to end
-*
-* RFC 9000, 9.3.2.  On-Path Address Spoofing
-*
-* To protect the connection from failing due to such a spurious
-* migration, an endpoint MUST revert to using the last validated
-* peer address when validation of a new peer address fails.
-*/
-if (qc->backup == NULL) {
-return NGX_ERROR;
-}
-qc->socket = qc->backup;
-qc->backup = NULL;
-qsock = qc->socket;
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
-"quic active socket is restored to #%uL:%uL:%uL"
-" (%s), no backup",
-qsock->sid.seqnum, qsock->cid->seqnum, qsock->path->seqnum,
-ngx_quic_path_state_str(qsock->path));
-ngx_quic_set_connection_path(c, qsock->path);
-return NGX_OK;
-}

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_migration.c @ 8971:1e2f4e9c8195 quic