Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic.h @ 8552:fe919fd63b0b quic
QUIC: client certificate validation with OCSP.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 04 Aug 2021 15:49:18 +0300 |
| parents | 8ab0d609af09 |
| children | 9ae239d2547d |
| rev | line source |
|---|---|
|
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 /* |
|
7648
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
7647
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 */ |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_H_INCLUDED_ |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_H_INCLUDED_ |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
7824
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
7822
diff
changeset
|
11 #include <ngx_config.h> |
|
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
7822
diff
changeset
|
12 #include <ngx_core.h> |
|
7636
53a5cdbe500c
QUIC add_handshake_data callback, varint routines.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7635
diff
changeset
|
13 |
|
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7681
diff
changeset
|
14 |
|
7910
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7860
diff
changeset
|
15 #define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527 |
|
7927
391d06a51bc0
Limited max udp payload size for outgoing packets.
Vladimir Homutov <vl@nginx.com>
parents:
7913
diff
changeset
|
16 |
|
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
17 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
18 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 |
|
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
19 #define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
20 #define NGX_QUIC_SR_KEY_LEN 32 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
21 #define NGX_QUIC_AV_KEY_LEN 32 |
|
7731
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
7729
diff
changeset
|
22 |
| 8407 | 23 #define NGX_QUIC_SR_TOKEN_LEN 16 |
|
7832
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
7829
diff
changeset
|
24 |
|
7822
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
7811
diff
changeset
|
25 #define NGX_QUIC_MIN_INITIAL_SIZE 1200 |
|
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
7811
diff
changeset
|
26 |
|
7746
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
27 #define NGX_QUIC_STREAM_SERVER_INITIATED 0x01 |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
28 #define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02 |
|
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
7739
diff
changeset
|
29 |
|
7841
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7837
diff
changeset
|
30 #define NGX_QUIC_STREAM_BUFSIZE 65536 |
|
7748
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
7746
diff
changeset
|
31 |
|
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
7681
diff
changeset
|
32 |
|
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
33 typedef struct { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
34 /* configurable */ |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
35 ngx_msec_t max_idle_timeout; |
|
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
36 ngx_msec_t max_ack_delay; |
|
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
37 |
|
7910
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7860
diff
changeset
|
38 size_t max_udp_payload_size; |
|
7829
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
39 size_t initial_max_data; |
|
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
40 size_t initial_max_stream_data_bidi_local; |
|
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
41 size_t initial_max_stream_data_bidi_remote; |
|
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7824
diff
changeset
|
42 size_t initial_max_stream_data_uni; |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
43 ngx_uint_t initial_max_streams_bidi; |
|
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
44 ngx_uint_t initial_max_streams_uni; |
|
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
45 ngx_uint_t ack_delay_exponent; |
|
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
46 ngx_uint_t active_connection_id_limit; |
|
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
47 ngx_flag_t disable_active_migration; |
|
7912
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
48 ngx_str_t original_dcid; |
|
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
49 ngx_str_t initial_scid; |
|
6633f17044eb
QUIC draft-28 transport parameters support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7910
diff
changeset
|
50 ngx_str_t retry_scid; |
|
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8095
diff
changeset
|
51 u_char sr_token[NGX_QUIC_SR_TOKEN_LEN]; |
|
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7848
diff
changeset
|
52 |
|
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
53 /* TODO */ |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
54 void *preferred_address; |
|
7713
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
55 } ngx_quic_tp_t; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
56 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
7690
diff
changeset
|
57 |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
58 typedef struct { |
|
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
59 ngx_ssl_t *ssl; |
|
7999
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
60 ngx_quic_tp_t tp; |
|
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
61 ngx_flag_t retry; |
|
8540
8ab0d609af09
QUIC: the "quic_gso" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8492
diff
changeset
|
62 ngx_flag_t gso_enabled; |
|
8000
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
7999
diff
changeset
|
63 ngx_flag_t require_alpn; |
|
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
64 ngx_str_t host_key; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
65 u_char av_token_key[NGX_QUIC_AV_KEY_LEN]; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8279
diff
changeset
|
66 u_char sr_token_key[NGX_QUIC_SR_KEY_LEN]; |
|
7999
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
67 } ngx_quic_conf_t; |
|
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
68 |
|
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
7998
diff
changeset
|
69 |
|
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
70 struct ngx_quic_stream_s { |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
71 ngx_rbtree_node_t node; |
|
8552
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8540
diff
changeset
|
72 ngx_queue_t queue; |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
73 ngx_connection_t *parent; |
|
8420
baf9551b4a5b
QUIC: renamed stream field from c to connection.
Roman Arutyunyan <arut@nginx.com>
parents:
8415
diff
changeset
|
74 ngx_connection_t *connection; |
|
7811
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
7748
diff
changeset
|
75 uint64_t id; |
|
7841
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
7837
diff
changeset
|
76 uint64_t acked; |
|
7842
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
7841
diff
changeset
|
77 uint64_t send_max_data; |
|
8439
f52a2b77d406
QUIC: generic buffering for stream input.
Roman Arutyunyan <arut@nginx.com>
parents:
8420
diff
changeset
|
78 uint64_t recv_max_data; |
|
8442
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8439
diff
changeset
|
79 uint64_t recv_offset; |
|
8492
af33d1ef1c3c
QUIC: stream flow control refactored.
Roman Arutyunyan <arut@nginx.com>
parents:
8489
diff
changeset
|
80 uint64_t recv_window; |
|
8443
60c6e8d8d3ae
QUIC: make sure stream data size is lower than final size.
Roman Arutyunyan <arut@nginx.com>
parents:
8442
diff
changeset
|
81 uint64_t recv_last; |
|
8442
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8439
diff
changeset
|
82 uint64_t final_size; |
|
8439
f52a2b77d406
QUIC: generic buffering for stream input.
Roman Arutyunyan <arut@nginx.com>
parents:
8420
diff
changeset
|
83 ngx_chain_t *in; |
|
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
84 ngx_uint_t cancelable; /* unsigned cancelable:1; */ |
|
7674
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
85 }; |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
7648
diff
changeset
|
86 |
| 7634 | 87 |
|
8101
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8100
diff
changeset
|
88 void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf); |
|
8013
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8001
diff
changeset
|
89 ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi); |
|
7953
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7933
diff
changeset
|
90 void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
7933
diff
changeset
|
91 const char *reason); |
|
8359
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
92 void ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err, |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8323
diff
changeset
|
93 const char *reason); |
|
8296
d710c457171c
QUIC: added ability to reset a stream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8287
diff
changeset
|
94 ngx_int_t ngx_quic_reset_stream(ngx_connection_t *c, ngx_uint_t err); |
|
8196
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8195
diff
changeset
|
95 uint32_t ngx_quic_version(ngx_connection_t *c); |
|
8198
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
96 ngx_int_t ngx_quic_get_packet_dcid(ngx_log_t *log, u_char *data, size_t len, |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8196
diff
changeset
|
97 ngx_str_t *dcid); |
|
8415
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8414
diff
changeset
|
98 ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label, |
|
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8414
diff
changeset
|
99 ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len); |
|
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ |