nginx: src/event/ngx_event_quic.c comparison

comparison src/event/ngx_event_quic.c @ 8561:b4ef79ef1c23 quic

QUIC: refined the "c->quic->initialized" flag usage. The flag is tied to the initial secret creation. The presence of c->quic pointer is sufficient to enable execution of ngx_quic_close_quic(). The ngx_quic_new_connection() function now returns the allocated quic connection object and the c->quic pointer is set by the caller. If an early error occurs before secrets initialization (i.e. in cases of invalid retry token or nginx exiting), it is still possible to generate an error response by trying to initialize secrets directly in the ngx_quic_send_cc() function. Before the change such early errors failed to send proper connection close message and logged an error. An auxilliary ngx_quic_init_secrets() function is introduced to avoid verbose call to ngx_quic_set_initial_secret() requiring local variable.

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 30 Sep 2020 21:27:52 +0300
parents	d0d3fc0697a0
children	b31c02454539

comparison

equal deleted inserted replaced

-:d0d3fc0697a0
+:b4ef79ef1c23
 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
 enum ssl_encryption_level_t level, uint8_t alert);
-static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
+static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c,
-ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
+ngx_ssl_t *ssl, ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_negotiate_version(ngx_connection_t *c,
 ngx_quic_header_t *inpkt);
-static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid);
+static ngx_int_t ngx_quic_new_dcid(ngx_connection_t *c,
+ngx_quic_connection_t *qc, ngx_str_t *odcid);
 static ngx_int_t ngx_quic_send_retry(ngx_connection_t *c);
 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token);
 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c,
 ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c);
 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b,
 ngx_ssl_t *ssl, ngx_quic_conf_t *conf);
 static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl,
 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
+static ngx_int_t ngx_quic_init_secrets(ngx_connection_t *c);
 static void ngx_quic_discard_ctx(ngx_connection_t *c,
 enum ssl_encryption_level_t level);
 static ngx_int_t ngx_quic_check_peer(ngx_quic_connection_t *qc,
 ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c,
 ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f);
 static ngx_int_t ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
 ngx_quic_header_t *pkt, ngx_quic_new_conn_id_frame_t *f);
 static ngx_int_t ngx_quic_retire_connection_id(ngx_connection_t *c,
 enum ssl_encryption_level_t level, uint64_t seqnum);
-static ngx_quic_client_id_t *ngx_quic_alloc_connection_id(ngx_connection_t *c);
+static ngx_quic_client_id_t *ngx_quic_alloc_connection_id(ngx_connection_t *c,
+ngx_quic_connection_t *qc);
 static void ngx_quic_queue_frame(ngx_quic_connection_t *qc,
 ngx_quic_frame_t *frame);
 static ngx_int_t ngx_quic_output(ngx_connection_t *c);
 return;
 }
-static ngx_int_t
+static ngx_quic_connection_t *
 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt)
 {
 ngx_uint_t              i;
 ngx_quic_tp_t          *ctp;
 c->log->action = "creating new quic connection";
 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
 if (qc == NULL) {
-return NGX_ERROR;
+return NULL;
 }
 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel,
 ngx_quic_rbtree_insert_stream);
 qc->push.log = c->log;
 qc->push.data = c;
 qc->push.handler = ngx_quic_push_handler;
 qc->push.cancelable = 1;
-c->quic = qc;
 qc->ssl = ssl;
 qc->conf = conf;
 qc->tp = conf->tp;
 ctp = &qc->ctp;
 ngx_max(2 * qc->tp.max_udp_payload_size,
 14720));
 qc->congestion.ssthresh = NGX_MAX_SIZE_T_VALUE;
 qc->congestion.recovery_start = ngx_current_msec;
-if (ngx_quic_new_dcid(c, &pkt->dcid) != NGX_OK) {
+if (ngx_quic_new_dcid(c, qc, &pkt->dcid) != NGX_OK) {
-return NGX_ERROR;
+return NULL;
 }
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
-qc->tp.original_dcid = c->quic->odcid;
+qc->tp.original_dcid = qc->odcid;
 #endif
-qc->tp.initial_scid = c->quic->dcid;
+qc->tp.initial_scid = qc->dcid;
 qc->scid.len = pkt->scid.len;
 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len);
 if (qc->scid.data == NULL) {
-return NGX_ERROR;
+return NULL;
 }
 ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len);
-cid = ngx_quic_alloc_connection_id(c);
+cid = ngx_quic_alloc_connection_id(c, qc);
 if (cid == NULL) {
-return NGX_ERROR;
+return NULL;
 }
 cid->seqnum = 0;
 cid->len = pkt->scid.len;
 ngx_memcpy(cid->id, pkt->scid.data, pkt->scid.len);
 ngx_queue_insert_tail(&qc->client_ids, &cid->queue);
 qc->nclient_ids++;
 qc->curr_seqnum = 0;
-qc->initialized = 1;
+return qc;
-if (ngx_terminate || ngx_exiting) {
-qc->error = NGX_QUIC_ERR_CONNECTION_REFUSED;
-return NGX_ERROR;
-}
-return NGX_OK;
 }
 static ngx_int_t
 ngx_quic_negotiate_version(ngx_connection_t *c, ngx_quic_header_t *inpkt)
 return NGX_ERROR;
 }
 static ngx_int_t
-ngx_quic_new_dcid(ngx_connection_t *c, ngx_str_t *odcid)
+ngx_quic_new_dcid(ngx_connection_t *c, ngx_quic_connection_t *qc,
-{
+ngx_str_t *odcid)
-ngx_quic_connection_t  *qc;
+{
-qc = c->quic;
 qc->dcid.len = NGX_QUIC_SERVER_CID_LEN;
 qc->dcid.data = ngx_pnalloc(c->pool, NGX_QUIC_SERVER_CID_LEN);
 if (qc->dcid.data == NULL) {
 return NGX_ERROR;
 }
 ngx_pool_t  *pool;
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic ngx_quic_close_connection, rc: %i", rc);
-if (!c->quic || !c->quic->initialized) {
+if (!c->quic) {
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic close connection early error");
 } else if (ngx_quic_close_quic(c, rc) == NGX_AGAIN) {
 return;
 if (!pkt->token.len) {
 return NGX_DECLINED;
 }
-if (ngx_quic_new_dcid(c, &pkt->dcid) != NGX_OK) {
+if (ngx_quic_new_dcid(c, qc, &pkt->dcid) != NGX_OK) {
 return NGX_ERROR;
 }
 qc->tp.initial_scid = qc->dcid;
 qc->in_retry = 0;
-keys = &qc->keys[ssl_encryption_initial];
+if (ngx_quic_init_secrets(c) != NGX_OK) {
-if (ngx_quic_set_initial_secret(c->pool, &keys->client,
-&keys->server, &qc->odcid)
-!= NGX_OK)
-{
 return NGX_ERROR;
 }
 if (ngx_quic_validate_token(c, pkt) != NGX_OK) {
 return NGX_ERROR;
 "quic too short dcid in initial"
 " packet: length %i", pkt->dcid.len);
 return NGX_ERROR;
 }
-rc = ngx_quic_new_connection(c, ssl, conf, pkt);
+qc = ngx_quic_new_connection(c, ssl, conf, pkt);
-if (rc != NGX_OK) {
+if (qc == NULL) {
-return rc;
+return NGX_ERROR;
+}
+c->quic = qc;
+if (ngx_terminate || ngx_exiting) {
+qc->error = NGX_QUIC_ERR_CONNECTION_REFUSED;
+return NGX_ERROR;
 }
 if (pkt->token.len) {
 if (ngx_quic_validate_token(c, pkt) != NGX_OK) {
 return NGX_ERROR;
 } else if (conf->retry) {
 return ngx_quic_send_retry(c);
 }
-qc = c->quic;
+if (ngx_quic_init_secrets(c) != NGX_OK) {
-keys = &qc->keys[ssl_encryption_initial];
-if (ngx_quic_set_initial_secret(c->pool, &keys->client,
-&keys->server, &qc->odcid)
-!= NGX_OK)
-{
 return NGX_ERROR;
 }
 } else if (pkt->level == ssl_encryption_application) {
 return NGX_DECLINED;
 if (pkt->key_update) {
 if (ngx_quic_key_update(c, keys, next) != NGX_OK) {
 return NGX_ERROR;
 }
 }
+return NGX_OK;
+}
+static ngx_int_t
+ngx_quic_init_secrets(ngx_connection_t *c)
+{
+ngx_quic_secrets_t     *keys;
+ngx_quic_connection_t  *qc;
+qc =c->quic;
+keys = &qc->keys[ssl_encryption_initial];
+if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server,
+&qc->odcid)
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+qc->initialized = 1;
 return NGX_OK;
 }
 qc = c->quic;
 if (qc->draining) {
 return NGX_OK;
+}
+if (!qc->initialized) {
+/* try to initialize secrets to send an early error */
+if (ngx_quic_init_secrets(c) != NGX_OK) {
+return NGX_OK;
+}
 }
 if (qc->closing
 && ngx_current_msec - qc->last_cc < NGX_QUIC_CC_MIN_INTERVAL)
 {
 return NGX_ERROR;
 }
 } else {
-cid = ngx_quic_alloc_connection_id(c);
+cid = ngx_quic_alloc_connection_id(c, qc);
 if (cid == NULL) {
 return NGX_ERROR;
 }
 cid->seqnum = f->seqnum;
 return NGX_OK;
 }
 static ngx_quic_client_id_t *
-ngx_quic_alloc_connection_id(ngx_connection_t *c)
+ngx_quic_alloc_connection_id(ngx_connection_t *c, ngx_quic_connection_t *qc)
 {
-ngx_queue_t            *q;
+ngx_queue_t           *q;
-ngx_quic_client_id_t   *cid;
+ngx_quic_client_id_t  *cid;
-ngx_quic_connection_t  *qc;
-qc = c->quic;
 if (!ngx_queue_empty(&qc->free_client_ids)) {
 q = ngx_queue_head(&qc->free_client_ids);
 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);

Mercurial > hg > nginx

comparison src/event/ngx_event_quic.c @ 8561:b4ef79ef1c23 quic