Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic.h @ 8640:c4f249d485e3 quic
QUIC: attempt decrypt before checking for stateless reset.
Checking the reset after encryption avoids false positives. More importantly,
it avoids the check entirely in the usual case where decryption succeeds.
RFC 9000, 10.3.1 Detecting a Stateless Reset
Endpoints MAY skip this check if any packet from a datagram is
successfully processed.
author | Martin Duke <m.duke@f5.com> |
---|---|
date | Tue, 12 Oct 2021 11:57:50 +0300 |
parents | 9ae239d2547d |
children | b4c7853b0488 |
rev | line source |
---|---|
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 /* |
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7647
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 */ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_H_INCLUDED_ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_H_INCLUDED_ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
7824
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
7822
diff
changeset
|
11 #include <ngx_config.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
7822
diff
changeset
|
12 #include <ngx_core.h> |
7636
53a5cdbe500c
QUIC add_handshake_data callback, varint routines.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7635
diff
changeset
|
13 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7681
diff
changeset
|
14 |
7910
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7860
diff
changeset
|
15 #define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527 |
7927
391d06a51bc0
Limited max udp payload size for outgoing packets.
Vladimir Homutov <vl@nginx.com>
parents:
7913
diff
changeset
|
16 |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
17 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
18 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
19 #define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32 |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
20 #define NGX_QUIC_SR_KEY_LEN 32 |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
21 #define NGX_QUIC_AV_KEY_LEN 32 |
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
22 |
8407 | 23 #define NGX_QUIC_SR_TOKEN_LEN 16 |
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7829
diff
changeset
|
24 |
7822
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
7811
diff
changeset
|
25 #define NGX_QUIC_MIN_INITIAL_SIZE 1200 |
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
7811
diff
changeset
|
26 |
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
27 #define NGX_QUIC_STREAM_SERVER_INITIATED 0x01 |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
28 #define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02 |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
29 |
7841
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7837
diff
changeset
|
30 #define NGX_QUIC_STREAM_BUFSIZE 65536 |
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
31 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7681
diff
changeset
|
32 |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
33 typedef struct { |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
34 /* configurable */ |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
35 ngx_msec_t max_idle_timeout; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
36 ngx_msec_t max_ack_delay; |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
37 |
7910
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7860
diff
changeset
|
38 size_t max_udp_payload_size; |
7829
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
39 size_t initial_max_data; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
40 size_t initial_max_stream_data_bidi_local; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
41 size_t initial_max_stream_data_bidi_remote; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
42 size_t initial_max_stream_data_uni; |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
43 ngx_uint_t initial_max_streams_bidi; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
44 ngx_uint_t initial_max_streams_uni; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
45 ngx_uint_t ack_delay_exponent; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
46 ngx_uint_t active_connection_id_limit; |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
47 ngx_flag_t disable_active_migration; |
7912
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
48 ngx_str_t original_dcid; |
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
49 ngx_str_t initial_scid; |
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
50 ngx_str_t retry_scid; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8095
diff
changeset
|
51 u_char sr_token[NGX_QUIC_SR_TOKEN_LEN]; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7848
diff
changeset
|
52 |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
53 /* TODO */ |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
54 void *preferred_address; |
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
55 } ngx_quic_tp_t; |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
56 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
57 |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
58 typedef struct { |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
59 ngx_ssl_t *ssl; |
7999
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
60 ngx_quic_tp_t tp; |
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
61 ngx_flag_t retry; |
8540
8ab0d609af09
QUIC: the "quic_gso" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8492
diff
changeset
|
62 ngx_flag_t gso_enabled; |
8000
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
7999
diff
changeset
|
63 ngx_flag_t require_alpn; |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
64 ngx_str_t host_key; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
65 u_char av_token_key[NGX_QUIC_AV_KEY_LEN]; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
66 u_char sr_token_key[NGX_QUIC_SR_KEY_LEN]; |
7999
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
67 } ngx_quic_conf_t; |
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
68 |
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
69 |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
70 struct ngx_quic_stream_s { |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
71 ngx_rbtree_node_t node; |
8552
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8540
diff
changeset
|
72 ngx_queue_t queue; |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
73 ngx_connection_t *parent; |
8420
baf9551b4a5b
QUIC: renamed stream field from c to connection.
Roman Arutyunyan <arut@nginx.com>
parents:
8415
diff
changeset
|
74 ngx_connection_t *connection; |
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
75 uint64_t id; |
7841
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7837
diff
changeset
|
76 uint64_t acked; |
7842
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
77 uint64_t send_max_data; |
8439
f52a2b77d406
QUIC: generic buffering for stream input.
Roman Arutyunyan <arut@nginx.com>
parents:
8420
diff
changeset
|
78 uint64_t recv_max_data; |
8442
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8439
diff
changeset
|
79 uint64_t recv_offset; |
8492
af33d1ef1c3c
QUIC: stream flow control refactored.
Roman Arutyunyan <arut@nginx.com>
parents:
8489
diff
changeset
|
80 uint64_t recv_window; |
8443
60c6e8d8d3ae
QUIC: make sure stream data size is lower than final size.
Roman Arutyunyan <arut@nginx.com>
parents:
8442
diff
changeset
|
81 uint64_t recv_last; |
8442
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8439
diff
changeset
|
82 uint64_t final_size; |
8439
f52a2b77d406
QUIC: generic buffering for stream input.
Roman Arutyunyan <arut@nginx.com>
parents:
8420
diff
changeset
|
83 ngx_chain_t *in; |
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
84 ngx_uint_t cancelable; /* unsigned cancelable:1; */ |
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
85 }; |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
86 |
7634 | 87 |
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
88 void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf); |
8013
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8001
diff
changeset
|
89 ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi); |
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7933
diff
changeset
|
90 void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, |
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7933
diff
changeset
|
91 const char *reason); |
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
92 void ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err, |
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
93 const char *reason); |
8296
d710c457171c
QUIC: added ability to reset a stream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8287
diff
changeset
|
94 ngx_int_t ngx_quic_reset_stream(ngx_connection_t *c, ngx_uint_t err); |
8196
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
95 uint32_t ngx_quic_version(ngx_connection_t *c); |
8617
9ae239d2547d
QUIC: separate event handling functions.
Roman Arutyunyan <arut@nginx.com>
parents:
8552
diff
changeset
|
96 ngx_int_t ngx_quic_handle_read_event(ngx_event_t *rev, ngx_uint_t flags); |
9ae239d2547d
QUIC: separate event handling functions.
Roman Arutyunyan <arut@nginx.com>
parents:
8552
diff
changeset
|
97 ngx_int_t ngx_quic_handle_write_event(ngx_event_t *wev, size_t lowat); |
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
98 ngx_int_t ngx_quic_get_packet_dcid(ngx_log_t *log, u_char *data, size_t len, |
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
99 ngx_str_t *dcid); |
8415
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8414
diff
changeset
|
100 ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label, |
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8414
diff
changeset
|
101 ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len); |
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ |