Mercurial > hg > nginx
view src/event/ngx_event_quic_protection.h @ 8338:0f9e9786b90d quic
Added primitive flow control mechanisms.
+ MAX_STREAM_DATA frame is sent when recv() is performed on stream
The new value is a sum of total bytes received by stream + free
space in a buffer;
The sending of MAX_STREM_DATA frame in response to STREAM_DATA_BLOCKED
frame is adjusted to follow the same logic as above.
+ MAX_DATA frame is sent when total amount of received data is 2x
of current limit. The limit is doubled.
+ Default values of transport parameters are adjusted to more meaningful
values:
initial stream limits are set to quic buffer size instead of
unrealistically small 255.
initial max data is decreased to 16 buffer sizes, in an assumption that
this is enough for a relatively short connection, instead of randomly
chosen big number.
All this allows to initiate a stable flow of streams that does not block
on stream/connection limits (tested with FF 77.0a1 and 100K requests)
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 15 Apr 2020 18:54:03 +0300 |
parents | 29354c6fc5f2 |
children | aba84d9ab256 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) typedef struct ngx_quic_secret_s { ngx_str_t secret; ngx_str_t key; ngx_str_t iv; ngx_str_t hp; } ngx_quic_secret_t; typedef struct { ngx_quic_secret_t client; ngx_quic_secret_t server; } ngx_quic_secrets_t; ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secret_t *client, ngx_quic_secret_t *server, ngx_str_t *secret); int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, ngx_quic_secret_t *peer_secret); ngx_int_t ngx_quic_key_update(ngx_connection_t *c, ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, ngx_str_t *res); ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */