Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic_connid.c @ 8640:c4f249d485e3 quic
QUIC: attempt decrypt before checking for stateless reset.
Checking the reset after encryption avoids false positives. More importantly,
it avoids the check entirely in the usual case where decryption succeeds.
RFC 9000, 10.3.1 Detecting a Stateless Reset
Endpoints MAY skip this check if any packet from a datagram is
successfully processed.
author | Martin Duke <m.duke@f5.com> |
---|---|
date | Tue, 12 Oct 2021 11:57:50 +0300 |
parents | 4715f3e669f1 |
children | e2ec952dc295 |
rev | line source |
---|---|
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 #define NGX_QUIC_MAX_SERVER_IDS 8 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 static ngx_int_t ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 #endif |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
18 static ngx_int_t ngx_quic_send_retire_connection_id(ngx_connection_t *c, |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
19 uint64_t seqnum); |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
20 |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 static ngx_quic_client_id_t *ngx_quic_alloc_client_id(ngx_connection_t *c, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 ngx_quic_connection_t *qc); |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
23 static ngx_int_t ngx_quic_replace_retired_client_id(ngx_connection_t *c, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
24 ngx_quic_client_id_t *retired_cid); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
25 static ngx_int_t ngx_quic_send_server_id(ngx_connection_t *c, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
26 ngx_quic_server_id_t *sid); |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 ngx_quic_create_server_id(ngx_connection_t *c, u_char *id) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 if (ngx_quic_bpf_attach_id(c, id) != NGX_OK) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 "quic bpf failed to generate socket key"); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 /* ignore error, things still may work */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 #endif |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 static ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 int fd; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 uint64_t cookie; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 socklen_t optlen; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 fd = c->listening->fd; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 optlen = sizeof(cookie); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 ngx_log_error(NGX_LOG_ERR, c->log, ngx_socket_errno, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 "quic getsockopt(SO_COOKIE) failed"); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 ngx_quic_dcid_encode_key(id, cookie); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 #endif |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c, |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
78 ngx_quic_new_conn_id_frame_t *f) |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 { |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
80 ngx_str_t id; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 ngx_queue_t *q; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ngx_quic_client_id_t *cid, *item; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 ngx_quic_connection_t *qc; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 qc = ngx_quic_get_connection(c); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 if (f->seqnum < qc->max_retired_seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
89 * RFC 9000, 19.15. NEW_CONNECTION_ID Frame |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
90 * |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 * An endpoint that receives a NEW_CONNECTION_ID frame with |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 * a sequence number smaller than the Retire Prior To field |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 * of a previously received NEW_CONNECTION_ID frame MUST send |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 * a corresponding RETIRE_CONNECTION_ID frame that retires |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
95 * the newly received connection ID, unless it has already |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 * done so for that sequence number. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
99 if (ngx_quic_send_retire_connection_id(c, f->seqnum) != NGX_OK) { |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 goto retire; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 cid = NULL; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 for (q = ngx_queue_head(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 q != ngx_queue_sentinel(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 q = ngx_queue_next(q)) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 item = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 if (item->seqnum == f->seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 cid = item; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 break; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 if (cid) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
122 * Transmission errors, timeouts, and retransmissions might cause the |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
123 * same NEW_CONNECTION_ID frame to be received multiple times. |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 if (cid->len != f->len |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 || ngx_strncmp(cid->id, f->cid, f->len) != 0 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 || ngx_strncmp(cid->sr_token, f->srt, NGX_QUIC_SR_TOKEN_LEN) != 0) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
131 * ..if a sequence number is used for different connection IDs, |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 * the endpoint MAY treat that receipt as a connection error |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 * of type PROTOCOL_VIOLATION. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 qc->error_reason = "seqnum refers to different connection id/token"; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 } else { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
142 id.data = f->cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
143 id.len = f->len; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
145 if (ngx_quic_create_client_id(c, &id, f->seqnum, f->srt) == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
146 return NGX_ERROR; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 retire: |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 if (qc->max_retired_seqnum && f->retire <= qc->max_retired_seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 /* |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 * Once a sender indicates a Retire Prior To value, smaller values sent |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 * in subsequent NEW_CONNECTION_ID frames have no effect. A receiver |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 * MUST ignore any Retire Prior To fields that do not increase the |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 * largest received Retire Prior To value. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 goto done; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 qc->max_retired_seqnum = f->retire; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 q = ngx_queue_head(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 while (q != ngx_queue_sentinel(&qc->client_ids)) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 q = ngx_queue_next(q); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 if (cid->seqnum >= f->retire) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 continue; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 /* this connection id must be retired */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
177 if (ngx_quic_send_retire_connection_id(c, cid->seqnum) != NGX_OK) { |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
181 if (cid->refcnt) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
182 /* we are going to retire client id which is in use */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
183 if (ngx_quic_replace_retired_client_id(c, cid) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
184 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
185 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
186 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
187 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
188 ngx_quic_unref_client_id(c, cid); |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 done: |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 if (qc->nclient_ids > qc->tp.active_connection_id_limit) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
195 * RFC 9000, 5.1.1. Issuing Connection IDs |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8438
diff
changeset
|
196 * |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 * After processing a NEW_CONNECTION_ID frame and |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 * adding and retiring active connection IDs, if the number of active |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 * connection IDs exceeds the value advertised in its |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 * active_connection_id_limit transport parameter, an endpoint MUST |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 * close the connection with an error of type CONNECTION_ID_LIMIT_ERROR. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 qc->error_reason = "too many connection ids received"; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 static ngx_int_t |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
213 ngx_quic_send_retire_connection_id(ngx_connection_t *c, uint64_t seqnum) |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 ngx_quic_frame_t *frame; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 ngx_quic_connection_t *qc; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 qc = ngx_quic_get_connection(c); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 frame = ngx_quic_alloc_frame(c); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 if (frame == NULL) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
225 frame->level = ssl_encryption_application; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 frame->u.retire_cid.sequence_number = seqnum; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 ngx_quic_queue_frame(qc, frame); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
231 /* we are no longer going to use this client id */ |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 static ngx_quic_client_id_t * |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 ngx_quic_alloc_client_id(ngx_connection_t *c, ngx_quic_connection_t *qc) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 ngx_queue_t *q; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 ngx_quic_client_id_t *cid; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 if (!ngx_queue_empty(&qc->free_client_ids)) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 q = ngx_queue_head(&qc->free_client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 ngx_queue_remove(&cid->queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 ngx_memzero(cid, sizeof(ngx_quic_client_id_t)); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 } else { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 cid = ngx_pcalloc(c->pool, sizeof(ngx_quic_client_id_t)); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 if (cid == NULL) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 return NULL; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 return cid; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
264 ngx_quic_client_id_t * |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
265 ngx_quic_create_client_id(ngx_connection_t *c, ngx_str_t *id, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
266 uint64_t seqnum, u_char *token) |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 { |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
268 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
269 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
270 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
271 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
272 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
273 cid = ngx_quic_alloc_client_id(c, qc); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
274 if (cid == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
275 return NULL; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
276 } |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
278 cid->seqnum = seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
279 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
280 cid->len = id->len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
281 ngx_memcpy(cid->id, id->data, id->len); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
282 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
283 if (token) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
284 ngx_memcpy(cid->sr_token, token, NGX_QUIC_SR_TOKEN_LEN); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
285 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
286 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
287 ngx_queue_insert_tail(&qc->client_ids, &cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
288 qc->nclient_ids++; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
290 if (seqnum > qc->client_seqnum) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
291 qc->client_seqnum = seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
292 } |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
294 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
295 "quic cid #%uL received id:%uz:%xV:%*xs", |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
296 cid->seqnum, id->len, id, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
297 (size_t) NGX_QUIC_SR_TOKEN_LEN, cid->sr_token); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
298 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
299 return cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
300 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
301 |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
303 ngx_quic_client_id_t * |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
304 ngx_quic_next_client_id(ngx_connection_t *c) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
305 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
306 ngx_queue_t *q; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
307 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
308 ngx_quic_connection_t *qc; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
310 qc = ngx_quic_get_connection(c); |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
312 for (q = ngx_queue_head(&qc->client_ids); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
313 q != ngx_queue_sentinel(&qc->client_ids); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
314 q = ngx_queue_next(q)) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
315 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
316 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
317 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
318 if (cid->refcnt == 0) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
319 return cid; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
323 return NULL; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
324 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
325 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
326 |
8437
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
327 ngx_quic_client_id_t * |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
328 ngx_quic_used_client_id(ngx_connection_t *c, ngx_quic_path_t *path) |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
329 { |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
330 ngx_queue_t *q; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
331 ngx_quic_socket_t *qsock; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
332 ngx_quic_connection_t *qc; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
333 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
334 qc = ngx_quic_get_connection(c); |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
335 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
336 /* best guess: cid used by active path is good for us */ |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
337 if (qc->socket->path == path) { |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
338 return qc->socket->cid; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
339 } |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
340 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
341 for (q = ngx_queue_head(&qc->sockets); |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
342 q != ngx_queue_sentinel(&qc->sockets); |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
343 q = ngx_queue_next(q)) |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
344 { |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
345 qsock = ngx_queue_data(q, ngx_quic_socket_t, queue); |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
346 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
347 if (qsock->path && qsock->path == path) { |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
348 return qsock->cid; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
349 } |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
350 } |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
351 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
352 return NULL; |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
353 } |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
354 |
d5f93733c17d
QUIC: relaxed client id requirements.
Vladimir Homutov <vl@nginx.com>
parents:
8423
diff
changeset
|
355 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
356 ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
357 ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c, |
8438
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8437
diff
changeset
|
358 ngx_quic_retire_cid_frame_t *f) |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
359 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
360 ngx_quic_path_t *path; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
361 ngx_quic_socket_t *qsock, **tmp; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
362 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
363 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
364 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
365 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
366 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
367 qsock = ngx_quic_find_socket(c, f->sequence_number); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
368 if (qsock == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
369 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
370 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
371 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
372 if (qsock->sid.seqnum == qc->socket->sid.seqnum) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
373 tmp = &qc->socket; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
374 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
375 } else if (qc->backup && qsock->sid.seqnum == qc->backup->sid.seqnum) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
376 tmp = &qc->backup; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
377 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
378 } else { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
379 tmp = NULL; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
380 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
381 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
382 if (ngx_quic_create_sockets(c) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
383 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
384 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
385 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
386 if (tmp) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
387 /* replace socket in use (active or backup) */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
388 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
389 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
390 "quic %s socket #%uL:%uL:%uL retired", |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
391 (*tmp) == qc->socket ? "active" : "backup", |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
392 (*tmp)->sid.seqnum, (*tmp)->cid->seqnum, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
393 (*tmp)->path->seqnum); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
394 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
395 qsock = ngx_quic_get_unconnected_socket(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
396 if (qsock == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
397 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
398 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
399 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
400 path = (*tmp)->path; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
401 cid = (*tmp)->cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
402 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
403 ngx_quic_connect(c, qsock, path, cid); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
404 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
405 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
406 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
407 "quic %s socket is now #%uL:%uL:%uL (%s)", |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
408 (*tmp) == qc->socket ? "active" : "backup", |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
409 qsock->sid.seqnum, qsock->cid->seqnum, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
410 qsock->path->seqnum, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
411 ngx_quic_path_state_str(qsock->path)); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
412 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
413 ngx_quic_close_socket(c, *tmp); /* no longer used */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
414 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
415 *tmp = qsock; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
416 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
417 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
418 return NGX_OK; |
8408
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 } |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
420 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
421 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
422 ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
423 ngx_quic_create_sockets(ngx_connection_t *c) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
424 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
425 ngx_uint_t n; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
426 ngx_quic_socket_t *qsock; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
427 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
428 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
429 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
430 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
431 n = ngx_min(NGX_QUIC_MAX_SERVER_IDS, qc->ctp.active_connection_id_limit); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
432 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
433 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
434 "quic create sockets has:%ui max:%ui", qc->nsockets, n); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
435 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
436 while (qc->nsockets < n) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
437 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
438 qsock = ngx_quic_alloc_socket(c, qc); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
439 if (qsock == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
440 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
441 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
442 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
443 if (ngx_quic_listen(c, qc, qsock) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
444 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
445 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
446 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
447 if (ngx_quic_send_server_id(c, &qsock->sid) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
448 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
449 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
450 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
451 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
452 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
453 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
454 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
455 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
456 static ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
457 ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
458 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
459 ngx_str_t dcid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
460 ngx_quic_frame_t *frame; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
461 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
462 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
463 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
464 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
465 dcid.len = sid->len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
466 dcid.data = sid->id; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
467 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
468 frame = ngx_quic_alloc_frame(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
469 if (frame == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
470 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
471 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
472 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
473 frame->level = ssl_encryption_application; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
474 frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
475 frame->u.ncid.seqnum = sid->seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
476 frame->u.ncid.retire = 0; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
477 frame->u.ncid.len = NGX_QUIC_SERVER_CID_LEN; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
478 ngx_memcpy(frame->u.ncid.cid, sid->id, NGX_QUIC_SERVER_CID_LEN); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
479 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
480 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
481 frame->u.ncid.srt) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
482 != NGX_OK) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
483 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
484 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
485 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
486 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
487 ngx_quic_queue_frame(qc, frame); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
488 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
489 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
490 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
491 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
492 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
493 static ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
494 ngx_quic_replace_retired_client_id(ngx_connection_t *c, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
495 ngx_quic_client_id_t *retired_cid) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
496 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
497 ngx_queue_t *q; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
498 ngx_quic_socket_t *qsock; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
499 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
500 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
501 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
502 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
503 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
504 for (q = ngx_queue_head(&qc->sockets); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
505 q != ngx_queue_sentinel(&qc->sockets); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
506 q = ngx_queue_next(q)) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
507 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
508 qsock = ngx_queue_data(q, ngx_quic_socket_t, queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
509 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
510 if (qsock->cid == retired_cid) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
511 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
512 cid = ngx_quic_next_client_id(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
513 if (cid == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
514 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
515 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
516 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
517 qsock->cid = cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
518 cid->refcnt++; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
519 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
520 ngx_quic_unref_client_id(c, retired_cid); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
521 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
522 if (retired_cid->refcnt == 0) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
523 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
524 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
525 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
526 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
527 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
528 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
529 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
530 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
531 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
532 void |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
533 ngx_quic_unref_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
534 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
535 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
536 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
537 cid->refcnt--; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
538 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
539 if (cid->refcnt) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
540 return; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
541 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
542 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
543 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
544 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
545 ngx_queue_remove(&cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
546 ngx_queue_insert_head(&qc->free_client_ids, &cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
547 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
548 qc->nclient_ids--; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8408
diff
changeset
|
549 } |