Mercurial > hg > nginx-quic
annotate src/event/ngx_event_quic.c @ 7772:058a5af7ddfc quic
Refactored QUIC secrets storage.
The quic->keys[4] array now contains secrets related to the corresponding
encryption level. All protection-level functions get proper keys and do
not need to switch manually between levels.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 01 Apr 2020 14:25:25 +0300 |
parents | e35f824f644d |
children | dc7ac778aafe |
rev | line source |
---|---|
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
1 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
2 /* |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
4 */ |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
5 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
6 |
7637 | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
9 #include <ngx_event.h> |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
10 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
11 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
12 typedef enum { |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
13 NGX_QUIC_ST_INITIAL, /* connection just created */ |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
14 NGX_QUIC_ST_HANDSHAKE, /* handshake started */ |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
15 NGX_QUIC_ST_EARLY_DATA, /* handshake in progress */ |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
16 NGX_QUIC_ST_APPLICATION /* handshake complete */ |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
17 } ngx_quic_state_t; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
18 |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
19 |
7691 | 20 typedef struct { |
21 ngx_rbtree_t tree; | |
22 ngx_rbtree_node_t sentinel; | |
23 ngx_connection_handler_pt handler; | |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
24 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
25 ngx_uint_t id_counter; |
7691 | 26 } ngx_quic_streams_t; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
27 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
28 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
29 struct ngx_quic_connection_s { |
7691 | 30 ngx_str_t scid; |
31 ngx_str_t dcid; | |
32 ngx_str_t token; | |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
33 |
7726
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
34 ngx_uint_t client_tp_done; |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
35 ngx_quic_tp_t tp; |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
36 ngx_quic_tp_t ctp; |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
37 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
38 ngx_quic_state_t state; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
39 |
7691 | 40 /* current packet numbers for each namespace */ |
41 ngx_uint_t initial_pn; | |
42 ngx_uint_t handshake_pn; | |
43 ngx_uint_t appdata_pn; | |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
44 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
45 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
46 uint64_t crypto_offset[NGX_QUIC_ENCRYPTION_LAST]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
47 |
7691 | 48 ngx_ssl_t *ssl; |
49 ngx_quic_frame_t *frames; | |
7752 | 50 ngx_quic_frame_t *free_frames; |
51 | |
52 #if (NGX_DEBUG) | |
53 ngx_uint_t nframes; | |
54 #endif | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
55 |
7691 | 56 ngx_quic_streams_t streams; |
7703
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
57 ngx_uint_t max_data; |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
58 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
59 unsigned send_timer_set:1; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
60 unsigned closing:1; |
7691 | 61 }; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
62 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
63 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
64 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
65 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
66 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
67 const uint8_t *secret, size_t secret_len); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
68 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
69 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
70 const uint8_t *secret, size_t secret_len); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
71 #else |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
72 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
73 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
74 const uint8_t *write_secret, size_t secret_len); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
75 #endif |
7691 | 76 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
77 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
78 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
79 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
80 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
81 enum ssl_encryption_level_t level, uint8_t alert); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
82 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
83 |
7691 | 84 static ngx_int_t ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
85 ngx_quic_tp_t *tp, ngx_quic_header_t *pkt, |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
86 ngx_connection_handler_pt handler); |
7691 | 87 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
88 static void ngx_quic_input_handler(ngx_event_t *rev); |
7691 | 89 static void ngx_quic_close_connection(ngx_connection_t *c); |
90 | |
91 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b); | |
92 static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c, | |
93 ngx_quic_header_t *pkt); | |
94 static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c, | |
95 ngx_quic_header_t *pkt); | |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
96 static ngx_int_t ngx_quic_early_input(ngx_connection_t *c, |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
97 ngx_quic_header_t *pkt); |
7691 | 98 static ngx_int_t ngx_quic_app_input(ngx_connection_t *c, |
99 ngx_quic_header_t *pkt); | |
100 static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c, | |
101 ngx_quic_header_t *pkt); | |
102 | |
103 static ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c, | |
104 ngx_quic_header_t *pkt, ngx_quic_ack_frame_t *f); | |
105 static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c, | |
106 ngx_quic_header_t *pkt, ngx_quic_crypto_frame_t *frame); | |
107 static ngx_int_t ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
108 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *frame); | |
7711
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
109 static ngx_int_t ngx_quic_handle_streams_blocked_frame(ngx_connection_t *c, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
110 ngx_quic_header_t *pkt, ngx_quic_streams_blocked_frame_t *f); |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
111 static ngx_int_t ngx_quic_handle_stream_data_blocked_frame(ngx_connection_t *c, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
112 ngx_quic_header_t *pkt, ngx_quic_stream_data_blocked_frame_t *f); |
7691 | 113 |
114 static void ngx_quic_queue_frame(ngx_quic_connection_t *qc, | |
115 ngx_quic_frame_t *frame); | |
116 | |
117 static ngx_int_t ngx_quic_output(ngx_connection_t *c); | |
118 ngx_int_t ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
119 ngx_quic_frame_t *end, size_t total); | |
120 | |
121 static void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
122 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
123 static ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree, |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
124 uint64_t id); |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
125 static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c, |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
126 uint64_t id, size_t rcvbuf_size); |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
127 static ssize_t ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
128 size_t size); |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
129 static ssize_t ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
130 size_t size); |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
131 static void ngx_quic_stream_cleanup_handler(void *data); |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
132 static ngx_chain_t *ngx_quic_stream_send_chain(ngx_connection_t *c, |
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
133 ngx_chain_t *in, off_t limit); |
7752 | 134 static ngx_quic_frame_t *ngx_quic_alloc_frame(ngx_connection_t *c, size_t size); |
135 static void ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame); | |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
136 |
7691 | 137 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
138 static SSL_QUIC_METHOD quic_method = { |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
139 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
140 ngx_quic_set_read_secret, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
141 ngx_quic_set_write_secret, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
142 #else |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
143 ngx_quic_set_encryption_secrets, |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
144 #endif |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
145 ngx_quic_add_handshake_data, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
146 ngx_quic_flush_flight, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
147 ngx_quic_send_alert, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
148 }; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
149 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
150 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
151 #if BORINGSSL_API_VERSION >= 10 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
152 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
153 static int |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
154 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
155 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
156 const uint8_t *rsecret, size_t secret_len) |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
157 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
158 ngx_connection_t *c; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
159 ngx_quic_secrets_t *keys; |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
160 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
162 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
163 ngx_quic_hexdump(c->log, "level:%d read secret", |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
164 rsecret, secret_len, level); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
165 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
166 keys = &c->quic->keys[level]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
167 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
168 if (level == ssl_encryption_early_data) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
169 c->quic->state = NGX_QUIC_ST_EARLY_DATA; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
170 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
171 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
172 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
173 rsecret, secret_len, |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
174 &keys->client); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
175 } |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
176 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
177 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
178 static int |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
179 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
180 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
181 const uint8_t *wsecret, size_t secret_len) |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
182 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
183 ngx_connection_t *c; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
184 ngx_quic_secrets_t *keys; |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
185 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
186 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
187 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
188 ngx_quic_hexdump(c->log, "level:%d write secret", |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
189 wsecret, secret_len, level); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
190 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
191 keys = &c->quic->keys[level]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
192 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
193 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
194 wsecret, secret_len, |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
195 &keys->server); |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
196 } |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
197 |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
198 #else |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
199 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
200 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
201 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
202 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
203 const uint8_t *wsecret, size_t secret_len) |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
204 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
205 ngx_int_t rc; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
206 ngx_connection_t *c; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
207 ngx_quic_secrets_t *keys; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
208 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
209 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
210 |
7688
bec4cd55361e
Fixed a typo with OpenSSL.
Vladimir Homutov <vl@nginx.com>
parents:
7687
diff
changeset
|
211 ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
212 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
213 keys = &c->quic->secrets[level]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
214 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
215 rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
216 rsecret, secret_len, |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
217 &keys->client); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
218 if (rc != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
219 return rc; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
220 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
221 |
7769
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
222 if (level == ssl_encryption_early_data) { |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
223 c->quic->state = NGX_QUIC_ST_EARLY_DATA; |
7769
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
224 return 1; |
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
225 } |
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
226 |
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
227 ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level); |
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7768
diff
changeset
|
228 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
229 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
230 wsecret, secret_len, |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
231 &keys->server); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
232 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
233 |
7670
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
234 #endif |
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7669
diff
changeset
|
235 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
236 |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
237 static int |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
238 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
239 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
240 { |
7726
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
241 u_char *p, *end; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
242 size_t client_params_len; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
243 const uint8_t *client_params; |
7691 | 244 ngx_quic_frame_t *frame; |
245 ngx_connection_t *c; | |
246 ngx_quic_connection_t *qc; | |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
247 |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
248 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
249 qc = c->quic; |
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
250 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
251 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
252 "ngx_quic_add_handshake_data"); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
253 |
7726
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
254 /* XXX: obtain client parameters after the handshake? */ |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
255 if (!qc->client_tp_done) { |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
256 |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
257 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
258 &client_params_len); |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
259 |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
260 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
261 "SSL_get_peer_quic_transport_params(): params_len %ui", |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
262 client_params_len); |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
263 |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
264 if (client_params_len != 0) { |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
265 p = (u_char *) client_params; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
266 end = p + client_params_len; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
267 |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
268 if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log) |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
269 != NGX_OK) |
7726
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
270 { |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
271 return NGX_ERROR; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
272 } |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
273 |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
274 if (qc->ctp.max_idle_timeout > 0 |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
275 && qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout) |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
276 { |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
277 qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
278 } |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
279 |
7726
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
280 qc->client_tp_done = 1; |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
281 } |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
282 } |
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7725
diff
changeset
|
283 |
7752 | 284 frame = ngx_quic_alloc_frame(c, len); |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
285 if (frame == NULL) { |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
286 return 0; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
287 } |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
288 |
7752 | 289 ngx_memcpy(frame->data, data, len); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
290 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
291 frame->level = level; |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
292 frame->type = NGX_QUIC_FT_CRYPTO; |
7725
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7724
diff
changeset
|
293 frame->u.crypto.offset += qc->crypto_offset[level]; |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
294 frame->u.crypto.len = len; |
7752 | 295 frame->u.crypto.data = frame->data; |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
296 |
7725
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7724
diff
changeset
|
297 qc->crypto_offset[level] += len; |
9e9eab876964
Fixed CRYPTO offset generation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7724
diff
changeset
|
298 |
7652
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
299 ngx_sprintf(frame->info, "crypto, generated by SSL len=%ui level=%d", len, level); |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
300 |
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
7651
diff
changeset
|
301 ngx_quic_queue_frame(qc, frame); |
7650
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
7649
diff
changeset
|
302 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
303 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
304 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
305 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
306 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
307 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
308 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
309 { |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
310 ngx_connection_t *c; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
311 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
312 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
313 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
314 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_quic_flush_flight()"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
315 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
316 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
317 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
318 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
319 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
320 static int |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
321 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
322 uint8_t alert) |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
323 { |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
324 ngx_connection_t *c; |
7701
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
325 ngx_quic_frame_t *frame; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
326 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
327 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
328 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
329 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
330 "ngx_quic_send_alert(), lvl=%d, alert=%d", |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
331 (int) level, (int) alert); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
332 |
7752 | 333 frame = ngx_quic_alloc_frame(c, 0); |
7701
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
334 if (frame == NULL) { |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
335 return 0; |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
336 } |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
337 |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
338 frame->level = level; |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
339 frame->type = NGX_QUIC_FT_CONNECTION_CLOSE; |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
340 frame->u.close.error_code = 0x100 + alert; |
7771
e35f824f644d
Added missing debug description.
Vladimir Homutov <vl@nginx.com>
parents:
7770
diff
changeset
|
341 ngx_sprintf(frame->info, "cc from send_alert level=%d", frame->level); |
7701
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
342 |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
343 ngx_quic_queue_frame(c->quic, frame); |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
344 |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
345 if (ngx_quic_output(c) != NGX_OK) { |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
346 return 0; |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
347 } |
552d6868091b
Implemented send_alert callback, CONNECTION_CLOSE writer.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7700
diff
changeset
|
348 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
349 return 1; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
350 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
351 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
352 |
7691 | 353 void |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
354 ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
355 ngx_connection_handler_pt handler) |
7691 | 356 { |
357 ngx_buf_t *b; | |
358 ngx_quic_header_t pkt; | |
359 | |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
360 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run"); |
7691 | 361 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
362 c->log->action = "QUIC initialization"; |
7691 | 363 |
364 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | |
365 | |
366 b = c->buffer; | |
367 | |
368 pkt.log = c->log; | |
369 pkt.raw = b; | |
370 pkt.data = b->start; | |
371 pkt.len = b->last - b->start; | |
372 | |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
373 if (ngx_quic_new_connection(c, ssl, tp, &pkt, handler) != NGX_OK) { |
7691 | 374 ngx_quic_close_connection(c); |
375 return; | |
376 } | |
377 | |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
378 ngx_add_timer(c->read, c->quic->tp.max_idle_timeout); |
7691 | 379 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
380 c->read->handler = ngx_quic_input_handler; |
7691 | 381 |
382 return; | |
383 } | |
384 | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
385 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
386 static ngx_int_t |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
387 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
388 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
389 { |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
390 ngx_quic_tp_t *ctp; |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
391 ngx_quic_secrets_t *keys; |
7691 | 392 ngx_quic_connection_t *qc; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
393 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
394 |
7691 | 395 if (ngx_buf_size(pkt->raw) < 1200) { |
396 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); | |
397 return NGX_ERROR; | |
398 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
399 |
7691 | 400 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
401 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
402 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
403 |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
404 if (!ngx_quic_pkt_in(pkt->flags)) { |
7691 | 405 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
406 "invalid initial packet: 0x%xi", pkt->flags); | |
407 return NGX_ERROR; | |
408 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
409 |
7691 | 410 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
411 return NGX_ERROR; | |
412 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
413 |
7741 | 414 c->log->action = "creating new quic connection"; |
415 | |
7691 | 416 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
417 if (qc == NULL) { | |
418 return NGX_ERROR; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
419 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
420 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
421 qc->state = NGX_QUIC_ST_INITIAL; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
422 |
7691 | 423 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
424 ngx_quic_rbtree_insert_stream); | |
425 | |
426 c->quic = qc; | |
427 qc->ssl = ssl; | |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
428 qc->tp = *tp; |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
429 qc->streams.handler = handler; |
7691 | 430 |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
431 ctp = &qc->ctp; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
432 ctp->max_packet_size = NGX_QUIC_DEFAULT_MAX_PACKET_SIZE; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
433 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
434 ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
435 |
7691 | 436 qc->dcid.len = pkt->dcid.len; |
437 qc->dcid.data = ngx_pnalloc(c->pool, pkt->dcid.len); | |
438 if (qc->dcid.data == NULL) { | |
439 return NGX_ERROR; | |
440 } | |
441 ngx_memcpy(qc->dcid.data, pkt->dcid.data, qc->dcid.len); | |
442 | |
443 qc->scid.len = pkt->scid.len; | |
444 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); | |
445 if (qc->scid.data == NULL) { | |
446 return NGX_ERROR; | |
447 } | |
448 ngx_memcpy(qc->scid.data, pkt->scid.data, qc->scid.len); | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
449 |
7691 | 450 qc->token.len = pkt->token.len; |
451 qc->token.data = ngx_pnalloc(c->pool, qc->token.len); | |
452 if (qc->token.data == NULL) { | |
453 return NGX_ERROR; | |
454 } | |
455 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); | |
456 | |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
457 keys = &c->quic->keys[ssl_encryption_initial]; |
7691 | 458 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
459 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
460 &qc->dcid) |
7691 | 461 != NGX_OK) |
462 { | |
463 return NGX_ERROR; | |
464 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
465 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
466 pkt->secret = &keys->client; |
7691 | 467 pkt->level = ssl_encryption_initial; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
468 pkt->plaintext = buf; |
7691 | 469 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
470 if (ngx_quic_decrypt(pkt, NULL) != NGX_OK) { |
7691 | 471 return NGX_ERROR; |
472 } | |
473 | |
474 if (ngx_quic_init_connection(c) != NGX_OK) { | |
475 return NGX_ERROR; | |
476 } | |
477 | |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
478 if (ngx_quic_payload_handler(c, pkt) != NGX_OK) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
479 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
480 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
481 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
482 /* pos is at header end, adjust by actual packet length */ |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
483 pkt->raw->pos += pkt->len; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
484 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
485 return ngx_quic_input(c, pkt->raw); |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
486 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
487 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
488 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
489 static ngx_int_t |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7686
diff
changeset
|
490 ngx_quic_init_connection(ngx_connection_t *c) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
491 { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
492 int n, sslerr; |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
493 u_char *p; |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
494 ssize_t len; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
495 ngx_ssl_conn_t *ssl_conn; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
496 ngx_quic_connection_t *qc; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
497 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
498 qc = c->quic; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
499 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
500 if (ngx_ssl_create_connection(qc->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
501 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
502 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
503 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
504 ssl_conn = c->ssl->connection; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
505 |
7698
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
506 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
507 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
508 "SSL_set_quic_method() failed"); |
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
509 return NGX_ERROR; |
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
510 } |
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
7697
diff
changeset
|
511 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
512 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
513 if (SSL_CTX_get_max_early_data(qc->ssl->ctx)) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
514 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
515 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
516 #endif |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
517 |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
518 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp); |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
519 /* always succeeds */ |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
520 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
521 p = ngx_pnalloc(c->pool, len); |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
522 if (p == NULL) { |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
523 return NGX_ERROR; |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
524 } |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
525 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
526 len = ngx_quic_create_transport_params(p, p + len, &qc->tp); |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
527 if (len < 0) { |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
528 return NGX_ERROR; |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
529 } |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
530 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7712
diff
changeset
|
531 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
532 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
533 "SSL_set_quic_transport_params() failed"); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
534 return NGX_ERROR; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
535 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
536 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
537 qc->state = NGX_QUIC_ST_HANDSHAKE; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
538 |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
539 n = SSL_do_handshake(ssl_conn); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
540 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
541 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
542 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
543 if (n == -1) { |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
544 sslerr = SSL_get_error(ssl_conn, n); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
545 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
546 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
547 sslerr); |
7766
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
548 |
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
549 if (sslerr != SSL_ERROR_WANT_READ) { |
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
550 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
551 return NGX_ERROR; |
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
552 } |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
553 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
554 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
555 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
556 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
557 (int) SSL_quic_read_level(ssl_conn), |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
558 (int) SSL_quic_write_level(ssl_conn)); |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
559 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
560 return NGX_OK; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
561 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
562 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
563 |
7691 | 564 static void |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
565 ngx_quic_input_handler(ngx_event_t *rev) |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
566 { |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
567 ssize_t n; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
568 ngx_buf_t b; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
569 ngx_connection_t *c; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
570 ngx_quic_connection_t *qc; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
571 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
572 |
7691 | 573 b.start = buf; |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
574 b.end = buf + sizeof(buf); |
7691 | 575 b.pos = b.last = b.start; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
576 |
7691 | 577 c = rev->data; |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
578 qc = c->quic; |
7677
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
7675
diff
changeset
|
579 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
580 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler"); |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
581 |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
582 if (qc->closing) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
583 ngx_quic_close_connection(c); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
584 return; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
585 } |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
586 |
7691 | 587 if (rev->timedout) { |
588 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
589 ngx_quic_close_connection(c); | |
590 return; | |
7678
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
591 } |
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
7677
diff
changeset
|
592 |
7691 | 593 if (c->close) { |
594 ngx_quic_close_connection(c); | |
595 return; | |
596 } | |
7686
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
7684
diff
changeset
|
597 |
7691 | 598 n = c->recv(c, b.start, b.end - b.start); |
7681 | 599 |
7691 | 600 if (n == NGX_AGAIN) { |
601 return; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
602 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
603 |
7691 | 604 if (n == NGX_ERROR) { |
605 c->read->eof = 1; | |
606 ngx_quic_close_connection(c); | |
607 return; | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
608 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
609 |
7691 | 610 b.last += n; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
611 |
7691 | 612 if (ngx_quic_input(c, &b) != NGX_OK) { |
613 ngx_quic_close_connection(c); | |
614 return; | |
615 } | |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
616 |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
617 qc->send_timer_set = 0; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
618 ngx_add_timer(rev, qc->tp.max_idle_timeout); |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
619 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
620 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
621 |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
622 static void |
7691 | 623 ngx_quic_close_connection(ngx_connection_t *c) |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
624 { |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
625 #if (NGX_DEBUG) |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
626 ngx_uint_t ns; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
627 #endif |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
628 ngx_pool_t *pool; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
629 ngx_event_t *rev; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
630 ngx_rbtree_t *tree; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
631 ngx_rbtree_node_t *node; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
632 ngx_quic_stream_t *qs; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
633 ngx_quic_connection_t *qc; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
634 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
635 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "close quic connection"); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
636 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
637 qc = c->quic; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
638 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
639 if (qc) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
640 tree = &qc->streams.tree; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
641 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
642 if (tree->root != tree->sentinel) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
643 if (c->read->timer_set) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
644 ngx_del_timer(c->read); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
645 } |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
646 |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
647 #if (NGX_DEBUG) |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
648 ns = 0; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
649 #endif |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
650 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
651 for (node = ngx_rbtree_min(tree->root, tree->sentinel); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
652 node; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
653 node = ngx_rbtree_next(tree, node)) |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
654 { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
655 qs = (ngx_quic_stream_t *) node; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
656 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
657 rev = qs->c->read; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
658 rev->ready = 1; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
659 rev->pending_eof = 1; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
660 |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
661 ngx_post_event(rev, &ngx_posted_events); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
662 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
663 #if (NGX_DEBUG) |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
664 ns++; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
665 #endif |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
666 } |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
667 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
668 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
669 "quic connection has %ui active streams", ns); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
670 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
671 qc->closing = 1; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
672 return; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
673 } |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
674 } |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
675 |
7691 | 676 if (c->ssl) { |
677 (void) ngx_ssl_shutdown(c); | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
678 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
679 |
7691 | 680 #if (NGX_STAT_STUB) |
681 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
682 #endif | |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
683 |
7691 | 684 c->destroyed = 1; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
685 |
7691 | 686 pool = c->pool; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
687 |
7691 | 688 ngx_close_connection(c); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
689 |
7691 | 690 ngx_destroy_pool(pool); |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
691 } |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
692 |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
693 |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
694 static ngx_int_t |
7691 | 695 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b) |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
696 { |
7691 | 697 u_char *p; |
698 ngx_int_t rc; | |
699 ngx_quic_header_t pkt; | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
700 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
701 p = b->pos; |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7673
diff
changeset
|
702 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
703 while (p < b->last) { |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
704 c->log->action = "processing quic packet"; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
705 |
7691 | 706 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
707 pkt.raw = b; | |
708 pkt.data = p; | |
709 pkt.len = b->last - p; | |
710 pkt.log = c->log; | |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
711 pkt.flags = p[0]; |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
712 |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
713 if (pkt.flags == 0) { |
7691 | 714 /* XXX: no idea WTF is this, just ignore */ |
715 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES"); | |
716 break; | |
717 } | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
718 |
7691 | 719 // TODO: check current state |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
720 if (ngx_quic_long_pkt(pkt.flags)) { |
7691 | 721 |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
722 if (ngx_quic_pkt_in(pkt.flags)) { |
7691 | 723 rc = ngx_quic_initial_input(c, &pkt); |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
724 |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
725 } else if (ngx_quic_pkt_hs(pkt.flags)) { |
7691 | 726 rc = ngx_quic_handshake_input(c, &pkt); |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
727 |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
728 } else if (ngx_quic_pkt_zrtt(pkt.flags)) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
729 rc = ngx_quic_early_input(c, &pkt); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
730 |
7691 | 731 } else { |
732 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
733 "BUG: unknown quic state"); | |
734 return NGX_ERROR; | |
735 } | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
736 |
7691 | 737 } else { |
738 rc = ngx_quic_app_input(c, &pkt); | |
739 } | |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
740 |
7733
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
7732
diff
changeset
|
741 if (rc != NGX_OK) { |
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
7732
diff
changeset
|
742 return rc; |
7691 | 743 } |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
744 |
7691 | 745 /* b->pos is at header end, adjust by actual packet length */ |
746 p = b->pos + pkt.len; | |
747 b->pos = p; /* reset b->pos to the next packet start */ | |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
748 } |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
749 |
7691 | 750 return NGX_OK; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
751 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
752 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
753 |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
754 static ngx_int_t |
7689 | 755 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
756 { | |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
757 ngx_ssl_conn_t *ssl_conn; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
758 ngx_quic_secrets_t *keys; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
759 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7689 | 760 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
761 c->log->action = "processing initial quic packet"; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
762 |
7689 | 763 ssl_conn = c->ssl->connection; |
764 | |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
765 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7689 | 766 return NGX_ERROR; |
767 } | |
768 | |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
769 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
7689 | 770 return NGX_ERROR; |
771 } | |
772 | |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
773 keys = &c->quic->keys[ssl_encryption_initial]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
774 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
775 pkt->secret = &keys->client; |
7689 | 776 pkt->level = ssl_encryption_initial; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
777 pkt->plaintext = buf; |
7689 | 778 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
779 if (ngx_quic_decrypt(pkt, ssl_conn) != NGX_OK) { |
7689 | 780 return NGX_ERROR; |
781 } | |
782 | |
783 return ngx_quic_payload_handler(c, pkt); | |
784 } | |
785 | |
786 | |
787 static ngx_int_t | |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
788 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
789 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
790 ngx_quic_secrets_t *keys; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
791 ngx_quic_connection_t *qc; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
792 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
793 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
794 c->log->action = "processing handshake quic packet"; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
795 |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
796 qc = c->quic; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
797 |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
798 /* extract cleartext data into pkt */ |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
799 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
800 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
801 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
802 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
803 if (pkt->dcid.len != qc->dcid.len) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
804 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
805 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
806 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
807 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
808 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
809 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
810 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
811 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
812 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
813 if (pkt->scid.len != qc->scid.len) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
814 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
815 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
816 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
817 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
818 if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
819 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid"); |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
820 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
821 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
822 |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
823 if (!ngx_quic_pkt_hs(pkt->flags)) { |
7659
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
7658
diff
changeset
|
824 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
825 "invalid packet type: 0x%xi", pkt->flags); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
826 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
827 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
828 |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
829 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
830 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
831 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
832 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
833 keys = &c->quic->keys[ssl_encryption_handshake]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
834 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
835 pkt->secret = &keys->client; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
836 pkt->level = ssl_encryption_handshake; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
837 pkt->plaintext = buf; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
838 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
839 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
840 return NGX_ERROR; |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
841 } |
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
842 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
843 return ngx_quic_payload_handler(c, pkt); |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
844 } |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
845 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
846 |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
847 static ngx_int_t |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
848 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
849 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
850 ngx_quic_secrets_t *keys; |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
851 ngx_quic_connection_t *qc; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
852 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
853 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
854 c->log->action = "processing early data quic packet"; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
855 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
856 qc = c->quic; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
857 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
858 /* extract cleartext data into pkt */ |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
859 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
860 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
861 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
862 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
863 if (pkt->dcid.len != qc->dcid.len) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
864 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcidl"); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
865 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
866 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
867 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
868 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
869 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic dcid"); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
870 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
871 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
872 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
873 if (pkt->scid.len != qc->scid.len) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
874 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scidl"); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
875 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
876 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
877 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
878 if (ngx_memcmp(pkt->scid.data, qc->scid.data, qc->scid.len) != 0) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
879 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected quic scid"); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
880 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
881 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
882 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
883 if (!ngx_quic_pkt_zrtt(pkt->flags)) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
884 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
885 "invalid packet type: 0x%xi", pkt->flags); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
886 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
887 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
888 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
889 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
890 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
891 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
892 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
893 if (c->quic->state != NGX_QUIC_ST_EARLY_DATA) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
894 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unexpected 0-RTT packet"); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
895 return NGX_OK; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
896 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
897 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
898 keys = &c->quic->keys[ssl_encryption_early_data]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
899 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
900 pkt->secret = &keys->client; |
7770
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
901 pkt->level = ssl_encryption_early_data; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
902 pkt->plaintext = buf; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
903 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
904 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
905 return NGX_ERROR; |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
906 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
907 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
908 return ngx_quic_payload_handler(c, pkt); |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
909 } |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
910 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
911 |
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7769
diff
changeset
|
912 static ngx_int_t |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
913 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
914 { |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
915 ngx_quic_secrets_t *keys; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
916 ngx_quic_connection_t *qc; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
917 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
918 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
919 c->log->action = "processing application data quic packet"; |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
920 |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
921 qc = c->quic; |
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
922 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
923 keys = &c->quic->keys[ssl_encryption_application]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
924 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
925 if (keys->client.key.len == 0) { |
7689 | 926 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
927 "no read keys yet, packet ignored"); | |
928 return NGX_DECLINED; | |
929 } | |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
930 |
7690
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
7689
diff
changeset
|
931 if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) { |
7651
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
932 return NGX_ERROR; |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
933 } |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
934 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
935 pkt->secret = &keys->client; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
936 pkt->level = ssl_encryption_application; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
937 pkt->plaintext = buf; |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
938 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7752
diff
changeset
|
939 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { |
7665
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
7664
diff
changeset
|
940 return NGX_ERROR; |
7651
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
941 } |
6a76d9657772
QUIC handshake final bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7650
diff
changeset
|
942 |
7672
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
7671
diff
changeset
|
943 return ngx_quic_payload_handler(c, pkt); |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7646
diff
changeset
|
944 } |
7637 | 945 |
946 | |
7691 | 947 static ngx_int_t |
948 ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt) | |
949 { | |
950 u_char *end, *p; | |
951 ssize_t len; | |
952 ngx_uint_t ack_this, do_close; | |
953 ngx_quic_frame_t frame, *ack_frame; | |
954 ngx_quic_connection_t *qc; | |
955 | |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
956 |
7691 | 957 qc = c->quic; |
958 | |
959 p = pkt->payload.data; | |
960 end = p + pkt->payload.len; | |
961 | |
962 ack_this = 0; | |
963 do_close = 0; | |
964 | |
965 while (p < end) { | |
966 | |
7741 | 967 c->log->action = "parsing frames"; |
968 | |
7706
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
7705
diff
changeset
|
969 len = ngx_quic_parse_frame(pkt, p, end, &frame); |
7717
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
970 |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
971 if (len == NGX_DECLINED) { |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
972 /* TODO: handle protocol violation: |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
973 * such frame not allowed in this packet |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
974 */ |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
975 return NGX_ERROR; |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
976 } |
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
7713
diff
changeset
|
977 |
7691 | 978 if (len < 0) { |
979 return NGX_ERROR; | |
980 } | |
981 | |
7741 | 982 c->log->action = "handling frames"; |
983 | |
7691 | 984 p += len; |
985 | |
986 switch (frame.type) { | |
987 | |
988 case NGX_QUIC_FT_ACK: | |
989 if (ngx_quic_handle_ack_frame(c, pkt, &frame.u.ack) != NGX_OK) { | |
990 return NGX_ERROR; | |
991 } | |
992 | |
993 break; | |
994 | |
995 case NGX_QUIC_FT_CRYPTO: | |
996 | |
997 if (ngx_quic_handle_crypto_frame(c, pkt, &frame.u.crypto) | |
998 != NGX_OK) | |
999 { | |
1000 return NGX_ERROR; | |
1001 } | |
1002 | |
1003 ack_this = 1; | |
1004 break; | |
1005 | |
1006 case NGX_QUIC_FT_PADDING: | |
1007 break; | |
1008 | |
1009 case NGX_QUIC_FT_PING: | |
1010 ack_this = 1; | |
1011 break; | |
1012 | |
1013 case NGX_QUIC_FT_NEW_CONNECTION_ID: | |
1014 ack_this = 1; | |
1015 break; | |
1016 | |
1017 case NGX_QUIC_FT_CONNECTION_CLOSE: | |
7724
80d7144b1c38
Closing connection on NGX_QUIC_FT_CONNECTION_CLOSE.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7718
diff
changeset
|
1018 case NGX_QUIC_FT_CONNECTION_CLOSE2: |
7691 | 1019 |
1020 do_close = 1; | |
1021 break; | |
1022 | |
1023 case NGX_QUIC_FT_STREAM0: | |
1024 case NGX_QUIC_FT_STREAM1: | |
1025 case NGX_QUIC_FT_STREAM2: | |
1026 case NGX_QUIC_FT_STREAM3: | |
1027 case NGX_QUIC_FT_STREAM4: | |
1028 case NGX_QUIC_FT_STREAM5: | |
1029 case NGX_QUIC_FT_STREAM6: | |
1030 case NGX_QUIC_FT_STREAM7: | |
1031 | |
1032 if (ngx_quic_handle_stream_frame(c, pkt, &frame.u.stream) | |
1033 != NGX_OK) | |
1034 { | |
1035 return NGX_ERROR; | |
1036 } | |
1037 | |
1038 ack_this = 1; | |
1039 break; | |
1040 | |
7703
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1041 case NGX_QUIC_FT_MAX_DATA: |
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1042 c->quic->max_data = frame.u.max_data.max_data; |
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1043 ack_this = 1; |
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1044 break; |
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7702
diff
changeset
|
1045 |
7697
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1046 case NGX_QUIC_FT_RESET_STREAM: |
7706
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
7705
diff
changeset
|
1047 /* TODO: handle */ |
7697
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1048 break; |
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1049 |
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1050 case NGX_QUIC_FT_STOP_SENDING: |
7706
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
7705
diff
changeset
|
1051 /* TODO: handle; need ack ? */ |
7697
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1052 break; |
78540e2160d0
Added parsing of RESET_STREAM and STOP_SENDING frames
Vladimir Homutov <vl@nginx.com>
parents:
7695
diff
changeset
|
1053 |
7702
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1054 case NGX_QUIC_FT_STREAMS_BLOCKED: |
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1055 case NGX_QUIC_FT_STREAMS_BLOCKED2: |
7711
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1056 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1057 if (ngx_quic_handle_streams_blocked_frame(c, pkt, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1058 &frame.u.streams_blocked) |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1059 != NGX_OK) |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1060 { |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1061 return NGX_ERROR; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1062 } |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1063 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1064 ack_this = 1; |
7702
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1065 break; |
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
7701
diff
changeset
|
1066 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1067 case NGX_QUIC_FT_STREAM_DATA_BLOCKED: |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1068 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1069 if (ngx_quic_handle_stream_data_blocked_frame(c, pkt, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1070 &frame.u.stream_data_blocked) |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1071 != NGX_OK) |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1072 { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1073 return NGX_ERROR; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1074 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1075 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1076 ack_this = 1; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1077 break; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1078 |
7691 | 1079 default: |
1080 return NGX_ERROR; | |
1081 } | |
1082 } | |
1083 | |
1084 if (p != end) { | |
1085 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1086 "trailing garbage in payload: %ui bytes", end - p); | |
1087 return NGX_ERROR; | |
1088 } | |
1089 | |
1090 if (do_close) { | |
7733
a8349cc72c64
Avoid using QUIC connection after CONNECTION_CLOSE.
Roman Arutyunyan <arut@nginx.com>
parents:
7732
diff
changeset
|
1091 return NGX_DONE; |
7691 | 1092 } |
1093 | |
1094 if (ack_this == 0) { | |
1095 /* do not ack packets with ACKs and PADDING */ | |
1096 return NGX_OK; | |
1097 } | |
1098 | |
7741 | 1099 c->log->action = "generating acknowledgment"; |
1100 | |
7691 | 1101 // packet processed, ACK it now if required |
1102 // TODO: if (ack_required) ... - currently just ack each packet | |
1103 | |
7752 | 1104 ack_frame = ngx_quic_alloc_frame(c, 0); |
7691 | 1105 if (ack_frame == NULL) { |
1106 return NGX_ERROR; | |
1107 } | |
1108 | |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1109 ack_frame->level = pkt->level; |
7691 | 1110 ack_frame->type = NGX_QUIC_FT_ACK; |
1111 ack_frame->u.ack.pn = pkt->pn; | |
1112 | |
1113 ngx_sprintf(ack_frame->info, "ACK for PN=%d from frame handler level=%d", pkt->pn, pkt->level); | |
1114 ngx_quic_queue_frame(qc, ack_frame); | |
1115 | |
1116 return ngx_quic_output(c); | |
1117 } | |
1118 | |
1119 | |
1120 static ngx_int_t | |
1121 ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
1122 ngx_quic_ack_frame_t *f) | |
1123 { | |
1124 /* TODO: handle ACK here */ | |
1125 return NGX_OK; | |
1126 } | |
1127 | |
1128 | |
1129 static ngx_int_t | |
1130 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, | |
1131 ngx_quic_crypto_frame_t *f) | |
1132 { | |
7739
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1133 int sslerr; |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1134 ssize_t n; |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1135 ngx_ssl_conn_t *ssl_conn; |
7691 | 1136 |
1137 if (f->offset != 0x0) { | |
1138 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1139 "crypto frame with non-zero offset"); | |
1140 // TODO: add support for crypto frames spanning packets | |
1141 return NGX_ERROR; | |
1142 } | |
1143 | |
1144 ssl_conn = c->ssl->connection; | |
1145 | |
1146 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1147 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
1148 (int) SSL_quic_read_level(ssl_conn), | |
1149 (int) SSL_quic_write_level(ssl_conn)); | |
1150 | |
1151 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), | |
1152 f->data, f->len)) | |
1153 { | |
1154 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
1155 "SSL_provide_quic_data() failed"); | |
1156 return NGX_ERROR; | |
1157 } | |
1158 | |
1159 n = SSL_do_handshake(ssl_conn); | |
1160 | |
1161 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
1162 | |
1163 if (n == -1) { | |
1164 sslerr = SSL_get_error(ssl_conn, n); | |
1165 | |
1166 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
1167 sslerr); | |
1168 | |
7766
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
1169 if (sslerr != SSL_ERROR_WANT_READ) { |
7691 | 1170 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
7766
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7765
diff
changeset
|
1171 return NGX_ERROR; |
7691 | 1172 } |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1173 |
7768
76818c9cdd6f
Sending HANDSHAKE_DONE just once with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7767
diff
changeset
|
1174 } else if (n == 1 && !SSL_in_init(ssl_conn)) { |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1175 c->quic->state = NGX_QUIC_ST_APPLICATION; |
7691 | 1176 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1177 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7765 | 1178 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); |
7691 | 1179 |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1180 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7765 | 1181 "handshake completed successfully"); |
7739
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1182 |
7740
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1183 #if (NGX_QUIC_DRAFT_VERSION >= 27) |
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1184 { |
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1185 ngx_quic_frame_t *frame; |
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1186 |
7752 | 1187 frame = ngx_quic_alloc_frame(c, 0); |
7739
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1188 if (frame == NULL) { |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1189 return NGX_ERROR; |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1190 } |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1191 |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1192 /* 12.4 Frames and frame types, figure 8 */ |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1193 frame->level = ssl_encryption_application; |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1194 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1195 ngx_sprintf(frame->info, "HANDSHAKE DONE on handshake completed"); |
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
7738
diff
changeset
|
1196 ngx_quic_queue_frame(c->quic, frame); |
7740
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1197 } |
ee53bfd8f9ed
Added QUIC version check for sending HANDSHAKE_DONE frame.
Vladimir Homutov <vl@nginx.com>
parents:
7739
diff
changeset
|
1198 #endif |
7729
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1199 } |
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
7726
diff
changeset
|
1200 |
7691 | 1201 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1202 "SSL_quic_read_level: %d, SSL_quic_write_level: %d", | |
1203 (int) SSL_quic_read_level(ssl_conn), | |
1204 (int) SSL_quic_write_level(ssl_conn)); | |
1205 | |
1206 return NGX_OK; | |
1207 } | |
1208 | |
1209 | |
1210 static ngx_int_t | |
1211 ngx_quic_handle_stream_frame(ngx_connection_t *c, | |
1212 ngx_quic_header_t *pkt, ngx_quic_stream_frame_t *f) | |
1213 { | |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1214 size_t n; |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1215 ngx_buf_t *b; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1216 ngx_event_t *rev; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1217 ngx_quic_stream_t *sn; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1218 ngx_quic_connection_t *qc; |
7691 | 1219 |
1220 qc = c->quic; | |
1221 | |
1222 sn = ngx_quic_find_stream(&qc->streams.tree, f->stream_id); | |
1223 | |
1224 if (sn) { | |
1225 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "existing stream"); | |
1226 b = sn->b; | |
1227 | |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1228 if ((size_t) ((b->pos - b->start) + (b->end - b->last)) < f->length) { |
7691 | 1229 ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer"); |
1230 return NGX_ERROR; | |
1231 } | |
1232 | |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1233 if ((size_t) (b->end - b->last) < f->length) { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1234 b->last = ngx_movemem(b->start, b->pos, b->last - b->pos); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1235 b->pos = b->start; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1236 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1237 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1238 b->last = ngx_cpymem(b->last, f->data, f->length); |
7691 | 1239 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1240 rev = sn->c->read; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1241 rev->ready = 1; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1242 |
7745
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1243 if (f->fin) { |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1244 rev->pending_eof = 1; |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1245 } |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1246 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1247 if (rev->active) { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1248 rev->handler(rev); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1249 } |
7691 | 1250 |
1251 return NGX_OK; | |
1252 } | |
1253 | |
1254 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "stream is new"); | |
1255 | |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1256 n = (f->stream_id & NGX_QUIC_STREAM_UNIDIRECTIONAL) |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1257 ? qc->tp.initial_max_stream_data_uni |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1258 : qc->tp.initial_max_stream_data_bidi_remote; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1259 |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1260 if (n < NGX_QUIC_STREAM_BUFSIZE) { |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1261 n = NGX_QUIC_STREAM_BUFSIZE; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1262 } |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1263 |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1264 if (n < f->length) { |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1265 ngx_log_error(NGX_LOG_INFO, c->log, 0, "no space in stream buffer"); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1266 return NGX_ERROR; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1267 } |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1268 |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1269 sn = ngx_quic_create_stream(c, f->stream_id, n); |
7691 | 1270 if (sn == NULL) { |
1271 return NGX_ERROR; | |
1272 } | |
1273 | |
1274 b = sn->b; | |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1275 b->last = ngx_cpymem(b->last, f->data, f->length); |
7691 | 1276 |
7760
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1277 rev = sn->c->read; |
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1278 rev->ready = 1; |
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1279 |
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1280 if (f->fin) { |
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1281 rev->pending_eof = 1; |
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1282 } |
7691 | 1283 |
1284 qc->streams.handler(sn->c); | |
1285 | |
1286 return NGX_OK; | |
1287 } | |
1288 | |
1289 | |
7711
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1290 static ngx_int_t |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1291 ngx_quic_handle_streams_blocked_frame(ngx_connection_t *c, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1292 ngx_quic_header_t *pkt, ngx_quic_streams_blocked_frame_t *f) |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1293 { |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1294 ngx_quic_frame_t *frame; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1295 |
7752 | 1296 frame = ngx_quic_alloc_frame(c, 0); |
7711
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1297 if (frame == NULL) { |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1298 return NGX_ERROR; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1299 } |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1300 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1301 frame->level = pkt->level; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1302 frame->type = NGX_QUIC_FT_MAX_STREAMS; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1303 frame->u.max_streams.limit = f->limit * 2; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1304 frame->u.max_streams.bidi = f->bidi; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1305 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1306 ngx_sprintf(frame->info, "MAX_STREAMS limit:%d bidi:%d level=%d", |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1307 (int) frame->u.max_streams.limit, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1308 (int) frame->u.max_streams.bidi, |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1309 frame->level); |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1310 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1311 ngx_quic_queue_frame(c->quic, frame); |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1312 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1313 return NGX_OK; |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1314 } |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1315 |
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
7707
diff
changeset
|
1316 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1317 static ngx_int_t |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1318 ngx_quic_handle_stream_data_blocked_frame(ngx_connection_t *c, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1319 ngx_quic_header_t *pkt, ngx_quic_stream_data_blocked_frame_t *f) |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1320 { |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1321 size_t n; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1322 ngx_buf_t *b; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1323 ngx_quic_frame_t *frame; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1324 ngx_quic_stream_t *sn; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1325 ngx_quic_connection_t *qc; |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1326 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1327 qc = c->quic; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1328 sn = ngx_quic_find_stream(&qc->streams.tree, f->id); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1329 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1330 if (sn == NULL) { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1331 ngx_log_error(NGX_LOG_INFO, c->log, 0, "unknown stream id:%uL", f->id); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1332 return NGX_ERROR; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1333 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1334 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1335 b = sn->b; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1336 n = (b->pos - b->start) + (b->end - b->last); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1337 |
7752 | 1338 frame = ngx_quic_alloc_frame(c, 0); |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1339 if (frame == NULL) { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1340 return NGX_ERROR; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1341 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1342 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1343 frame->level = pkt->level; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1344 frame->type = NGX_QUIC_FT_MAX_STREAM_DATA; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1345 frame->u.max_stream_data.id = f->id; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1346 frame->u.max_stream_data.limit = n; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1347 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1348 ngx_sprintf(frame->info, "MAX_STREAM_DATA id:%d limit:%d level=%d", |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1349 (int) frame->u.max_stream_data.id, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1350 (int) frame->u.max_stream_data.limit, |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1351 frame->level); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1352 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1353 ngx_quic_queue_frame(c->quic, frame); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1354 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1355 return NGX_OK; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1356 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1357 |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1358 |
7691 | 1359 static void |
1360 ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame) | |
1361 { | |
7736
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
7733
diff
changeset
|
1362 ngx_quic_frame_t **f; |
7691 | 1363 |
7736
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
7733
diff
changeset
|
1364 for (f = &qc->frames; *f; f = &(*f)->next) { |
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
7733
diff
changeset
|
1365 if ((*f)->level > frame->level) { |
7691 | 1366 break; |
1367 } | |
1368 } | |
1369 | |
7736
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
7733
diff
changeset
|
1370 frame->next = *f; |
c87a13514abc
Allow ngx_queue_frame() to insert frame in the front.
Roman Arutyunyan <arut@nginx.com>
parents:
7733
diff
changeset
|
1371 *f = frame; |
7691 | 1372 } |
1373 | |
1374 | |
1375 static ngx_int_t | |
1376 ngx_quic_output(ngx_connection_t *c) | |
1377 { | |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1378 size_t len, hlen, n; |
7691 | 1379 ngx_uint_t lvl; |
7752 | 1380 ngx_quic_frame_t *f, *start, *next; |
7691 | 1381 ngx_quic_connection_t *qc; |
1382 | |
1383 qc = c->quic; | |
1384 | |
1385 if (qc->frames == NULL) { | |
1386 return NGX_OK; | |
1387 } | |
1388 | |
7741 | 1389 c->log->action = "sending frames"; |
1390 | |
7691 | 1391 lvl = qc->frames->level; |
1392 start = qc->frames; | |
1393 f = start; | |
1394 | |
1395 do { | |
1396 len = 0; | |
1397 | |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1398 hlen = (lvl == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1399 : NGX_QUIC_MAX_LONG_HEADER; |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1400 hlen += EVP_GCM_TLS_TAG_LEN; |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1401 |
7691 | 1402 do { |
1403 /* process same-level group of frames */ | |
1404 | |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1405 n = ngx_quic_create_frame(NULL, NULL, f); |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1406 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1407 if (len && hlen + len + n > qc->ctp.max_packet_size) { |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1408 break; |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1409 } |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1410 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
1411 len += n; |
7691 | 1412 |
1413 f = f->next; | |
1414 } while (f && f->level == lvl); | |
1415 | |
1416 | |
1417 if (ngx_quic_frames_send(c, start, f, len) != NGX_OK) { | |
1418 return NGX_ERROR; | |
1419 } | |
1420 | |
7752 | 1421 while (start != f) { |
1422 next = start->next; | |
1423 ngx_quic_free_frame(c, start); | |
1424 start = next; | |
1425 } | |
1426 | |
7691 | 1427 if (f == NULL) { |
1428 break; | |
1429 } | |
1430 | |
1431 lvl = f->level; // TODO: must not decrease (ever, also between calls) | |
1432 | |
1433 } while (1); | |
1434 | |
1435 qc->frames = NULL; | |
1436 | |
7737
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
1437 if (!qc->send_timer_set) { |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
1438 qc->send_timer_set = 1; |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
1439 ngx_add_timer(c->read, qc->tp.max_idle_timeout); |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
1440 } |
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7736
diff
changeset
|
1441 |
7691 | 1442 return NGX_OK; |
1443 } | |
1444 | |
1445 | |
1446 /* pack a group of frames [start; end) into memory p and send as single packet */ | |
1447 ngx_int_t | |
1448 ngx_quic_frames_send(ngx_connection_t *c, ngx_quic_frame_t *start, | |
1449 ngx_quic_frame_t *end, size_t total) | |
1450 { | |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1451 ssize_t len; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1452 u_char *p; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1453 ngx_str_t out, res; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1454 ngx_quic_frame_t *f; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1455 ngx_quic_header_t pkt; |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1456 ngx_quic_secrets_t *keys; |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1457 ngx_quic_connection_t *qc; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1458 static ngx_str_t initial_token = ngx_null_string; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1459 static u_char src[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1460 static u_char dst[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
7691 | 1461 |
1462 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1463 "sending frames %p...%p", start, end); | |
1464 | |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1465 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
7691 | 1466 |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1467 p = src; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1468 out.data = src; |
7691 | 1469 |
1470 for (f = start; f != end; f = f->next) { | |
1471 | |
1472 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "frame: %s", f->info); | |
1473 | |
1474 len = ngx_quic_create_frame(p, p + total, f); | |
1475 if (len == -1) { | |
1476 return NGX_ERROR; | |
1477 } | |
1478 | |
1479 p += len; | |
1480 } | |
1481 | |
1482 out.len = p - out.data; | |
1483 | |
7767
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7766
diff
changeset
|
1484 while (out.len < 4) { |
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7766
diff
changeset
|
1485 *p++ = NGX_QUIC_FT_PADDING; |
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7766
diff
changeset
|
1486 out.len++; |
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7766
diff
changeset
|
1487 } |
c9fbe9508e1f
QUIC packet padding to fulfil header protection sample demands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7766
diff
changeset
|
1488 |
7691 | 1489 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1490 "packet ready: %ui bytes at level %d", | |
1491 out.len, start->level); | |
1492 | |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1493 qc = c->quic; |
7691 | 1494 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1495 keys = &c->quic->keys[start->level]; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1496 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1497 pkt.secret = &keys->server; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7771
diff
changeset
|
1498 |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1499 if (start->level == ssl_encryption_initial) { |
7691 | 1500 pkt.number = &qc->initial_pn; |
1501 pkt.flags = NGX_QUIC_PKT_INITIAL; | |
1502 pkt.token = initial_token; | |
1503 | |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1504 } else if (start->level == ssl_encryption_handshake) { |
7691 | 1505 pkt.number = &qc->handshake_pn; |
1506 pkt.flags = NGX_QUIC_PKT_HANDSHAKE; | |
1507 | |
1508 } else { | |
1509 pkt.number = &qc->appdata_pn; | |
1510 } | |
1511 | |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1512 pkt.log = c->log; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1513 pkt.level = start->level; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1514 pkt.dcid = qc->dcid; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1515 pkt.scid = qc->scid; |
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1516 pkt.payload = out; |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7750
diff
changeset
|
1517 |
7755
949b95e4d504
Merged ngx_quic_send_packet() into ngx_quic_send_frames().
Vladimir Homutov <vl@nginx.com>
parents:
7754
diff
changeset
|
1518 res.data = dst; |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7750
diff
changeset
|
1519 |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7750
diff
changeset
|
1520 if (ngx_quic_encrypt(&pkt, c->ssl->connection, &res) != NGX_OK) { |
7691 | 1521 return NGX_ERROR; |
1522 } | |
1523 | |
1524 ngx_quic_hexdump0(c->log, "packet to send", res.data, res.len); | |
1525 | |
1526 c->send(c, res.data, res.len); // TODO: err handling | |
1527 | |
1528 (*pkt.number)++; | |
1529 | |
1530 return NGX_OK; | |
1531 } | |
1532 | |
1533 | |
1534 ngx_connection_t * | |
1535 ngx_quic_create_uni_stream(ngx_connection_t *c) | |
1536 { | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1537 ngx_uint_t id; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1538 ngx_quic_stream_t *qs, *sn; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1539 ngx_quic_connection_t *qc; |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1540 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1541 qs = c->qs; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1542 qc = qs->parent->quic; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1543 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1544 id = (qc->streams.id_counter << 2) |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1545 | NGX_QUIC_STREAM_SERVER_INITIATED |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1546 | NGX_QUIC_STREAM_UNIDIRECTIONAL; |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1547 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1548 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1549 "creating server uni stream #%ui id %ui", |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1550 qc->streams.id_counter, id); |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1551 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1552 qc->streams.id_counter++; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1553 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1554 sn = ngx_quic_create_stream(qs->parent, id, 0); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1555 if (sn == NULL) { |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1556 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1557 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1558 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1559 return sn->c; |
7691 | 1560 } |
1561 | |
1562 | |
1563 static void | |
1564 ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp, | |
1565 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel) | |
1566 { | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1567 ngx_rbtree_node_t **p; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1568 ngx_quic_stream_t *qn, *qnt; |
7691 | 1569 |
1570 for ( ;; ) { | |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1571 qn = (ngx_quic_stream_t *) node; |
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1572 qnt = (ngx_quic_stream_t *) temp; |
7691 | 1573 |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1574 p = (qn->id < qnt->id) ? &temp->left : &temp->right; |
7691 | 1575 |
1576 if (*p == sentinel) { | |
1577 break; | |
1578 } | |
1579 | |
1580 temp = *p; | |
1581 } | |
1582 | |
1583 *p = node; | |
1584 node->parent = temp; | |
1585 node->left = sentinel; | |
1586 node->right = sentinel; | |
1587 ngx_rbt_red(node); | |
1588 } | |
1589 | |
1590 | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1591 static ngx_quic_stream_t * |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1592 ngx_quic_find_stream(ngx_rbtree_t *rbtree, uint64_t id) |
7691 | 1593 { |
1594 ngx_rbtree_node_t *node, *sentinel; | |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1595 ngx_quic_stream_t *qn; |
7691 | 1596 |
1597 node = rbtree->root; | |
1598 sentinel = rbtree->sentinel; | |
1599 | |
1600 while (node != sentinel) { | |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1601 qn = (ngx_quic_stream_t *) node; |
7691 | 1602 |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1603 if (id == qn->id) { |
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1604 return qn; |
7691 | 1605 } |
1606 | |
7750
2935a11c55b6
Fixed QUIC stream insert and find.
Roman Arutyunyan <arut@nginx.com>
parents:
7748
diff
changeset
|
1607 node = (id < qn->id) ? node->left : node->right; |
7691 | 1608 } |
1609 | |
1610 return NULL; | |
1611 } | |
1612 | |
1613 | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1614 static ngx_quic_stream_t * |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1615 ngx_quic_create_stream(ngx_connection_t *c, uint64_t id, size_t rcvbuf_size) |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1616 { |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1617 ngx_log_t *log; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1618 ngx_pool_t *pool; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1619 ngx_quic_stream_t *sn; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1620 ngx_pool_cleanup_t *cln; |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1621 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1622 pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, c->log); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1623 if (pool == NULL) { |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1624 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1625 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1626 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1627 sn = ngx_pcalloc(pool, sizeof(ngx_quic_stream_t)); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1628 if (sn == NULL) { |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1629 ngx_destroy_pool(pool); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1630 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1631 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1632 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1633 sn->node.key = id; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1634 sn->parent = c; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1635 sn->id = id; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1636 |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1637 sn->b = ngx_create_temp_buf(pool, rcvbuf_size); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1638 if (sn->b == NULL) { |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1639 ngx_destroy_pool(pool); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1640 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1641 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1642 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1643 log = ngx_palloc(pool, sizeof(ngx_log_t)); |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1644 if (log == NULL) { |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1645 ngx_destroy_pool(pool); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1646 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1647 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1648 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1649 *log = *c->log; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1650 pool->log = log; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1651 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1652 sn->c = ngx_get_connection(-1, log); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1653 if (sn->c == NULL) { |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1654 ngx_destroy_pool(pool); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1655 return NULL; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1656 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1657 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1658 sn->c->qs = sn; |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1659 sn->c->pool = pool; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1660 sn->c->ssl = c->ssl; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1661 sn->c->sockaddr = c->sockaddr; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1662 sn->c->listening = c->listening; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1663 sn->c->addr_text = c->addr_text; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1664 sn->c->local_sockaddr = c->local_sockaddr; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1665 sn->c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1); |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1666 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1667 sn->c->recv = ngx_quic_stream_recv; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1668 sn->c->send = ngx_quic_stream_send; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1669 sn->c->send_chain = ngx_quic_stream_send_chain; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1670 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1671 sn->c->read->log = c->log; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1672 sn->c->write->log = c->log; |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1673 |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1674 cln = ngx_pool_cleanup_add(pool, 0); |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1675 if (cln == NULL) { |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1676 ngx_close_connection(sn->c); |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1677 ngx_destroy_pool(pool); |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1678 return NULL; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1679 } |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1680 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1681 cln->handler = ngx_quic_stream_cleanup_handler; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1682 cln->data = sn->c; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1683 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1684 ngx_rbtree_insert(&c->quic->streams.tree, &sn->node); |
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7747
diff
changeset
|
1685 |
7695
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1686 return sn; |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1687 } |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1688 |
cfc429911c0d
Implemented creation of server unidirectional streams.
Vladimir Homutov <vl@nginx.com>
parents:
7691
diff
changeset
|
1689 |
7691 | 1690 static ssize_t |
1691 ngx_quic_stream_recv(ngx_connection_t *c, u_char *buf, size_t size) | |
1692 { | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1693 ssize_t len; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1694 ngx_buf_t *b; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1695 ngx_event_t *rev; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1696 ngx_quic_stream_t *qs; |
7691 | 1697 |
1698 qs = c->qs; | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1699 b = qs->b; |
7745
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1700 rev = c->read; |
7691 | 1701 |
7745
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1702 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1703 "quic recv: eof:%d, avail:%z", |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1704 rev->pending_eof, b->last - b->pos); |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1705 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1706 if (b->pos == b->last) { |
7745
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1707 rev->ready = 0; |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1708 |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1709 if (rev->pending_eof) { |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1710 rev->eof = 1; |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1711 return 0; |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1712 } |
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1713 |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1714 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic recv() not ready"); |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1715 return NGX_AGAIN; |
7691 | 1716 } |
1717 | |
1718 len = ngx_min(b->last - b->pos, (ssize_t) size); | |
1719 | |
1720 ngx_memcpy(buf, b->pos, len); | |
1721 | |
1722 b->pos += len; | |
1723 | |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1724 if (b->pos == b->last) { |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1725 b->pos = b->start; |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1726 b->last = b->start; |
7760
32db41d603cd
Fixed handling QUIC stream eof.
Roman Arutyunyan <arut@nginx.com>
parents:
7759
diff
changeset
|
1727 rev->ready = rev->pending_eof; |
7732
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1728 } |
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7731
diff
changeset
|
1729 |
7691 | 1730 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7745
5f223cdad40e
Implemented eof in QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
7744
diff
changeset
|
1731 "quic recv: %z of %uz", len, size); |
7691 | 1732 |
1733 return len; | |
1734 } | |
1735 | |
1736 | |
1737 static ssize_t | |
1738 ngx_quic_stream_send(ngx_connection_t *c, u_char *buf, size_t size) | |
1739 { | |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1740 ngx_connection_t *pc; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1741 ngx_quic_frame_t *frame; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1742 ngx_quic_stream_t *qs; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1743 ngx_quic_connection_t *qc; |
7691 | 1744 |
1745 qs = c->qs; | |
1746 pc = qs->parent; | |
1747 qc = pc->quic; | |
1748 | |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1749 if (qc->closing) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1750 return NGX_ERROR; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1751 } |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1752 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1753 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send: %uz", size); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1754 |
7752 | 1755 frame = ngx_quic_alloc_frame(pc, size); |
7691 | 1756 if (frame == NULL) { |
1757 return 0; | |
1758 } | |
1759 | |
7752 | 1760 ngx_memcpy(frame->data, buf, size); |
7691 | 1761 |
1762 frame->level = ssl_encryption_application; | |
1763 frame->type = NGX_QUIC_FT_STREAM6; /* OFF=1 LEN=1 FIN=0 */ | |
1764 frame->u.stream.off = 1; | |
1765 frame->u.stream.len = 1; | |
1766 frame->u.stream.fin = 0; | |
1767 | |
1768 frame->u.stream.type = frame->type; | |
1769 frame->u.stream.stream_id = qs->id; | |
1770 frame->u.stream.offset = c->sent; | |
1771 frame->u.stream.length = size; | |
7752 | 1772 frame->u.stream.data = frame->data; |
7691 | 1773 |
1774 c->sent += size; | |
1775 | |
1776 ngx_sprintf(frame->info, "stream %xi len=%ui level=%d", | |
1777 qs->id, size, frame->level); | |
1778 | |
1779 ngx_quic_queue_frame(qc, frame); | |
1780 | |
7759
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
7756
diff
changeset
|
1781 ngx_quic_output(pc); |
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
7756
diff
changeset
|
1782 |
7691 | 1783 return size; |
1784 } | |
1785 | |
1786 | |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1787 static void |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1788 ngx_quic_stream_cleanup_handler(void *data) |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1789 { |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1790 ngx_connection_t *c = data; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1791 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1792 ngx_connection_t *pc; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1793 ngx_quic_frame_t *frame; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1794 ngx_quic_stream_t *qs; |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1795 ngx_quic_connection_t *qc; |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1796 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1797 qs = c->qs; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1798 pc = qs->parent; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1799 qc = pc->quic; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1800 |
7747
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1801 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic stream cleanup"); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1802 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1803 ngx_rbtree_delete(&qc->streams.tree, &qs->node); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1804 |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1805 if (qc->closing) { |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1806 ngx_post_event(pc->read, &ngx_posted_events); |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1807 return; |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1808 } |
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
1809 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1810 if ((qs->id & 0x03) == NGX_QUIC_STREAM_UNIDIRECTIONAL) { |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1811 /* do not send fin for client unidirectional streams */ |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1812 return; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1813 } |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1814 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7745
diff
changeset
|
1815 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic send fin"); |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1816 |
7752 | 1817 frame = ngx_quic_alloc_frame(pc, 0); |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1818 if (frame == NULL) { |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1819 return; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1820 } |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1821 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1822 frame->level = ssl_encryption_application; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1823 frame->type = NGX_QUIC_FT_STREAM7; /* OFF=1 LEN=1 FIN=1 */ |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1824 frame->u.stream.off = 1; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1825 frame->u.stream.len = 1; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1826 frame->u.stream.fin = 1; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1827 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1828 frame->u.stream.type = frame->type; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1829 frame->u.stream.stream_id = qs->id; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1830 frame->u.stream.offset = c->sent; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1831 frame->u.stream.length = 0; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1832 frame->u.stream.data = NULL; |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1833 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1834 ngx_sprintf(frame->info, "stream %xi fin=1 level=%d", qs->id, frame->level); |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1835 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1836 ngx_quic_queue_frame(qc, frame); |
7759
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
7756
diff
changeset
|
1837 |
1ec905f4d851
Push QUIC stream frames in send() and cleanup handler.
Roman Arutyunyan <arut@nginx.com>
parents:
7756
diff
changeset
|
1838 (void) ngx_quic_output(pc); |
7705
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1839 } |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1840 |
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
7703
diff
changeset
|
1841 |
7691 | 1842 static ngx_chain_t * |
1843 ngx_quic_stream_send_chain(ngx_connection_t *c, ngx_chain_t *in, | |
1844 off_t limit) | |
1845 { | |
1846 size_t len; | |
1847 ssize_t n; | |
1848 ngx_buf_t *b; | |
1849 | |
1850 for ( /* void */; in; in = in->next) { | |
1851 b = in->buf; | |
1852 | |
1853 if (!ngx_buf_in_memory(b)) { | |
1854 continue; | |
1855 } | |
1856 | |
1857 if (ngx_buf_size(b) == 0) { | |
1858 continue; | |
1859 } | |
1860 | |
1861 len = b->last - b->pos; | |
1862 | |
1863 n = ngx_quic_stream_send(c, b->pos, len); | |
1864 | |
1865 if (n == NGX_ERROR) { | |
1866 return NGX_CHAIN_ERROR; | |
1867 } | |
1868 | |
1869 if (n == NGX_AGAIN) { | |
1870 return in; | |
1871 } | |
1872 | |
1873 if (n != (ssize_t) len) { | |
1874 b->pos += n; | |
1875 return in; | |
1876 } | |
1877 } | |
1878 | |
1879 return NULL; | |
1880 } | |
7752 | 1881 |
1882 | |
1883 static ngx_quic_frame_t * | |
1884 ngx_quic_alloc_frame(ngx_connection_t *c, size_t size) | |
1885 { | |
1886 u_char *p; | |
1887 ngx_quic_frame_t *frame; | |
1888 ngx_quic_connection_t *qc; | |
1889 | |
1890 if (size) { | |
1891 p = ngx_alloc(size, c->log); | |
1892 if (p == NULL) { | |
1893 return NULL; | |
1894 } | |
1895 | |
1896 } else { | |
1897 p = NULL; | |
1898 } | |
1899 | |
1900 qc = c->quic; | |
1901 frame = qc->free_frames; | |
1902 | |
1903 if (frame) { | |
1904 qc->free_frames = frame->next; | |
1905 | |
1906 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1907 "reuse quic frame n:%ui", qc->nframes); | |
1908 | |
1909 } else { | |
1910 frame = ngx_pcalloc(c->pool, sizeof(ngx_quic_frame_t)); | |
1911 if (frame == NULL) { | |
1912 ngx_free(p); | |
1913 return NULL; | |
1914 } | |
1915 | |
1916 #if (NGX_DEBUG) | |
1917 ++qc->nframes; | |
1918 #endif | |
1919 | |
1920 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1921 "alloc quic frame n:%ui", qc->nframes); | |
1922 } | |
1923 | |
1924 ngx_memzero(frame, sizeof(ngx_quic_frame_t)); | |
1925 | |
1926 frame->data = p; | |
1927 | |
1928 return frame; | |
1929 } | |
1930 | |
1931 | |
1932 static void | |
1933 ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame) | |
1934 { | |
1935 ngx_quic_connection_t *qc; | |
1936 | |
1937 qc = c->quic; | |
1938 | |
1939 if (frame->data) { | |
1940 ngx_free(frame->data); | |
1941 } | |
1942 | |
1943 frame->next = qc->free_frames; | |
1944 qc->free_frames = frame; | |
1945 | |
1946 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
1947 "free quic frame n:%ui", qc->nframes); | |
1948 } |