Mercurial > hg > nginx-quic

view src/event/quic/ngx_event_quic_migration.h @ 8640:c4f249d485e3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: attempt decrypt before checking for stateless reset. Checking the reset after encryption avoids false positives. More importantly, it avoids the check entirely in the usual case where decryption succeeds. RFC 9000, 10.3.1 Detecting a Stateless Reset Endpoints MAY skip this check if any packet from a datagram is successfully processed.
author Martin Duke <m.duke@f5.com>
date Tue, 12 Oct 2021 11:57:50 +0300
parents 5186ee5a94b9
children 40445fc7c403
line wrap: on
line source


/*
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_
#define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>

#define NGX_QUIC_PATH_RETRIES          3

#define NGX_QUIC_PATH_NEW              0
#define NGX_QUIC_PATH_VALIDATING       1
#define NGX_QUIC_PATH_VALIDATED        2

#define NGX_QUIC_PATH_VALID_TIME       600 /* seconds */


#define ngx_quic_path_state_str(p)                                            \
    ((p)->state == NGX_QUIC_PATH_NEW) ? "new" :                               \
        (((p)->state == NGX_QUIC_PATH_VALIDATED) ? "validated" : "validating")


ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
    ngx_quic_path_challenge_frame_t *f);
ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c,
    ngx_quic_path_challenge_frame_t *f);

ngx_quic_path_t *ngx_quic_add_path(ngx_connection_t *c,
    struct sockaddr *sockaddr, socklen_t socklen);

ngx_int_t ngx_quic_check_migration(ngx_connection_t *c,
    ngx_quic_header_t *pkt);
ngx_int_t ngx_quic_update_paths(ngx_connection_t *c, ngx_quic_header_t *pkt);
ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c,
    ngx_quic_header_t *pkt);

void ngx_quic_path_validation_handler(ngx_event_t *ev);

#endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */