Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic.c @ 8269:7df607cb2d11 quic
QUIC: ngx_quic_bpf module.
The quic kernel bpf helper inspects packet payload for DCID, extracts key
and routes the packet into socket matching the key.
Due to reuseport feature, each worker owns a personal socket, which is
identified by the same key, used to create DCID.
BPF objects are locked in RAM and are subject to RLIMIT_MEMLOCK.
The "ulimit -l" command may be used to setup proper limits, if maps
cannot be created with EPERM or updated with ETOOLONG.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 25 Dec 2020 15:01:15 +0300 |
parents | 2c7f927f7999 |
children | dffb66fb783b |
comparison
equal
deleted
inserted
replaced
8268:d3747ba486e7 | 8269:7df607cb2d11 |
---|---|
230 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, | 230 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, |
231 ngx_quic_header_t *pkt); | 231 ngx_quic_header_t *pkt); |
232 static ngx_int_t ngx_quic_negotiate_version(ngx_connection_t *c, | 232 static ngx_int_t ngx_quic_negotiate_version(ngx_connection_t *c, |
233 ngx_quic_header_t *inpkt); | 233 ngx_quic_header_t *inpkt); |
234 static ngx_int_t ngx_quic_create_server_id(ngx_connection_t *c, u_char *id); | 234 static ngx_int_t ngx_quic_create_server_id(ngx_connection_t *c, u_char *id); |
235 #if (NGX_QUIC_BPF) | |
236 static ngx_int_t ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id); | |
237 #endif | |
235 static ngx_int_t ngx_quic_send_retry(ngx_connection_t *c); | 238 static ngx_int_t ngx_quic_send_retry(ngx_connection_t *c); |
236 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); | 239 static ngx_int_t ngx_quic_new_token(ngx_connection_t *c, ngx_str_t *token); |
237 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, | 240 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, |
238 ngx_quic_header_t *pkt); | 241 ngx_quic_header_t *pkt); |
239 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); | 242 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); |
1295 { | 1298 { |
1296 if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) { | 1299 if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) { |
1297 return NGX_ERROR; | 1300 return NGX_ERROR; |
1298 } | 1301 } |
1299 | 1302 |
1303 #if (NGX_QUIC_BPF) | |
1304 if (ngx_quic_bpf_attach_id(c, id) != NGX_OK) { | |
1305 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
1306 "quic bpf failed to generate socket key"); | |
1307 /* ignore error, things still may work */ | |
1308 } | |
1309 #endif | |
1310 | |
1300 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1311 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1301 "quic create server id %*xs", | 1312 "quic create server id %*xs", |
1302 (size_t) NGX_QUIC_SERVER_CID_LEN, id); | 1313 (size_t) NGX_QUIC_SERVER_CID_LEN, id); |
1303 return NGX_OK; | 1314 return NGX_OK; |
1304 } | 1315 } |
1316 | |
1317 | |
1318 #if (NGX_QUIC_BPF) | |
1319 | |
1320 static ngx_int_t | |
1321 ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id) | |
1322 { | |
1323 int fd; | |
1324 uint64_t cookie; | |
1325 socklen_t optlen; | |
1326 | |
1327 fd = c->listening->fd; | |
1328 | |
1329 optlen = sizeof(cookie); | |
1330 | |
1331 if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) { | |
1332 ngx_log_error(NGX_LOG_ERR, c->log, ngx_socket_errno, | |
1333 "quic getsockopt(SO_COOKIE) failed"); | |
1334 | |
1335 return NGX_ERROR; | |
1336 } | |
1337 | |
1338 ngx_quic_dcid_encode_key(id, cookie); | |
1339 | |
1340 return NGX_OK; | |
1341 } | |
1342 | |
1343 #endif | |
1305 | 1344 |
1306 | 1345 |
1307 static ngx_int_t | 1346 static ngx_int_t |
1308 ngx_quic_send_retry(ngx_connection_t *c) | 1347 ngx_quic_send_retry(ngx_connection_t *c) |
1309 { | 1348 { |