Mercurial > hg > nginx-quic
comparison src/http/v3/ngx_http_v3_module.c @ 7860:7ea34e13937f quic
Address validation using Retry packets.
The behaviour is toggled with the new directive "quic_retry on|off".
QUIC token construction is made suitable for issuing with NEW_TOKEN.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 14 May 2020 15:47:18 +0300 |
| parents | 036164360fa9 |
| children | 125cbfa77013 |
comparison
equal
deleted
inserted
replaced
| 7859:b7704303a7e5 | 7860:7ea34e13937f |
|---|---|
| 108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 109 ngx_conf_set_num_slot, | 109 ngx_conf_set_num_slot, |
| 110 NGX_HTTP_SRV_CONF_OFFSET, | 110 NGX_HTTP_SRV_CONF_OFFSET, |
| 111 offsetof(ngx_http_v3_srv_conf_t, quic.active_connection_id_limit), | 111 offsetof(ngx_http_v3_srv_conf_t, quic.active_connection_id_limit), |
| 112 &ngx_http_v3_active_connection_id_limit_bounds }, | 112 &ngx_http_v3_active_connection_id_limit_bounds }, |
| 113 | |
| 114 { ngx_string("quic_retry"), | |
| 115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 116 ngx_conf_set_flag_slot, | |
| 117 NGX_HTTP_SRV_CONF_OFFSET, | |
| 118 offsetof(ngx_http_v3_srv_conf_t, quic.retry), | |
| 119 NULL }, | |
| 113 | 120 |
| 114 ngx_null_command | 121 ngx_null_command |
| 115 }; | 122 }; |
| 116 | 123 |
| 117 | 124 |
| 255 v3cf->quic.initial_max_streams_uni = NGX_CONF_UNSET_UINT; | 262 v3cf->quic.initial_max_streams_uni = NGX_CONF_UNSET_UINT; |
| 256 v3cf->quic.ack_delay_exponent = NGX_CONF_UNSET_UINT; | 263 v3cf->quic.ack_delay_exponent = NGX_CONF_UNSET_UINT; |
| 257 v3cf->quic.disable_active_migration = NGX_CONF_UNSET_UINT; | 264 v3cf->quic.disable_active_migration = NGX_CONF_UNSET_UINT; |
| 258 v3cf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT; | 265 v3cf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT; |
| 259 | 266 |
| 267 v3cf->quic.retry = NGX_CONF_UNSET; | |
| 268 | |
| 260 return v3cf; | 269 return v3cf; |
| 261 } | 270 } |
| 262 | 271 |
| 263 | 272 |
| 264 static char * | 273 static char * |
| 307 ngx_conf_merge_uint_value(conf->quic.disable_active_migration, | 316 ngx_conf_merge_uint_value(conf->quic.disable_active_migration, |
| 308 prev->quic.disable_active_migration, 1); | 317 prev->quic.disable_active_migration, 1); |
| 309 | 318 |
| 310 ngx_conf_merge_uint_value(conf->quic.active_connection_id_limit, | 319 ngx_conf_merge_uint_value(conf->quic.active_connection_id_limit, |
| 311 prev->quic.active_connection_id_limit, 2); | 320 prev->quic.active_connection_id_limit, 2); |
| 321 | |
| 322 ngx_conf_merge_value(conf->quic.retry, prev->quic.retry, 0); | |
| 323 | |
| 324 if (conf->quic.retry) { | |
| 325 if (RAND_bytes(conf->quic.token_key, sizeof(conf->quic.token_key)) <= 0) { | |
| 326 return NGX_CONF_ERROR; | |
| 327 } | |
| 328 } | |
| 329 | |
| 312 | 330 |
| 313 return NGX_CONF_OK; | 331 return NGX_CONF_OK; |
| 314 } | 332 } |
| 315 | 333 |
| 316 | 334 |