Mercurial > hg > nginx-quic
view src/event/quic/ngx_event_quic_migration.h @ 8640:c4f249d485e3 quic
QUIC: attempt decrypt before checking for stateless reset.
Checking the reset after encryption avoids false positives. More importantly,
it avoids the check entirely in the usual case where decryption succeeds.
RFC 9000, 10.3.1 Detecting a Stateless Reset
Endpoints MAY skip this check if any packet from a datagram is
successfully processed.
author | Martin Duke <m.duke@f5.com> |
---|---|
date | Tue, 12 Oct 2021 11:57:50 +0300 |
parents | 5186ee5a94b9 |
children | 40445fc7c403 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ #define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_QUIC_PATH_RETRIES 3 #define NGX_QUIC_PATH_NEW 0 #define NGX_QUIC_PATH_VALIDATING 1 #define NGX_QUIC_PATH_VALIDATED 2 #define NGX_QUIC_PATH_VALID_TIME 600 /* seconds */ #define ngx_quic_path_state_str(p) \ ((p)->state == NGX_QUIC_PATH_NEW) ? "new" : \ (((p)->state == NGX_QUIC_PATH_VALIDATED) ? "validated" : "validating") ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c, ngx_quic_path_challenge_frame_t *f); ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c, ngx_quic_path_challenge_frame_t *f); ngx_quic_path_t *ngx_quic_add_path(ngx_connection_t *c, struct sockaddr *sockaddr, socklen_t socklen); ngx_int_t ngx_quic_check_migration(ngx_connection_t *c, ngx_quic_header_t *pkt); ngx_int_t ngx_quic_update_paths(ngx_connection_t *c, ngx_quic_header_t *pkt); ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt); void ngx_quic_path_validation_handler(ngx_event_t *ev); #endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */