Mercurial > hg > nginx-quic
view src/event/quic/ngx_event_quic_openssl_compat.h @ 9087:3bb003fcd682 quic
QUIC: keep stream sockaddr and addr_text constant.
HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
constant client address, particularly because they are cacheable.
However, QUIC client may migrate to a new address. While there's no perfect
way to handle this, the proposed solution is to copy client address to QUIC
stream at stream creation.
The change also fixes truncated $remote_addr if migration happened while the
stream was active. The reason is addr_text string was copied to stream by
value.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Thu, 11 May 2023 19:40:11 +0400 |
parents | 7da4791e0264 |
children |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ #define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ #ifdef TLSEXT_TYPE_quic_transport_parameters #undef NGX_QUIC_OPENSSL_COMPAT #else #include <ngx_config.h> #include <ngx_core.h> typedef struct ngx_quic_compat_s ngx_quic_compat_t; enum ssl_encryption_level_t { ssl_encryption_initial = 0, ssl_encryption_early_data, ssl_encryption_handshake, ssl_encryption_application }; typedef struct ssl_quic_method_st { int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *rsecret, size_t secret_len); int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *wsecret, size_t secret_len); int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len); int (*flush_flight)(SSL *ssl); int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); } SSL_QUIC_METHOD; ngx_int_t ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx); int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len); enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len); void SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, size_t *out_params_len); #endif /* TLSEXT_TYPE_quic_transport_parameters */ #endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */