Mercurial > hg > nginx-quic
changeset 7689:61f9b873e2e7 quic
Firefox fixes.
+ support for more than one initial packet
+ workaround for trailing zeroes in packet
+ ignore application data packet if no keys yet (issue in draft 27/ff nightly)
+ fixed PING frame parser
+ STREAM frames need to be acknowledged
The following HTTP configuration is used for firefox (v74):
http {
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
ssl_protocols TLSv1.2 TLSv1.3;
server {
listen 127.0.0.1:10368 reuseport http3;
ssl_quic on;
server_name localhost;
location / {
return 200 "This-is-QUICK\n";
}
}
server {
listen 127.0.0.1:5555 ssl; # point the browser here
server_name localhost;
location / {
add_header Alt-Svc 'h3-24=":10368";ma=100';
return 200 "ALT-SVC";
}
}
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Tue, 17 Mar 2020 14:10:37 +0300 |
parents | bec4cd55361e |
children | ae35ccba7aa6 |
files | src/event/ngx_event_quic.c src/event/ngx_event_quic.h |
diffstat | 2 files changed, 63 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -205,6 +205,8 @@ static void ngx_quic_rbtree_insert_strea static void ngx_quic_handshake_handler(ngx_event_t *rev); static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt); +static ngx_int_t ngx_quic_initial_input(ngx_connection_t *c, + ngx_quic_header_t *pkt); static ngx_int_t ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt); @@ -389,6 +391,7 @@ static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b) { u_char *p; + ngx_int_t rc; ngx_quic_header_t pkt; if (c->quic == NULL) { @@ -405,16 +408,33 @@ ngx_quic_input(ngx_connection_t *c, ngx_ pkt.data = p; pkt.len = b->last - p; + if (p[0] == 0) { + /* XXX: no idea WTF is this, just ignore */ + ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES"); + break; + } + + // TODO: check current state if (p[0] & NGX_QUIC_PKT_LONG) { - // TODO: check current state - if (ngx_quic_handshake_input(c, &pkt) != NGX_OK) { + + if ((p[0] & 0xf0) == NGX_QUIC_PKT_INITIAL) { + rc = ngx_quic_initial_input(c, &pkt); + + } else if ((p[0] & 0xf0) == NGX_QUIC_PKT_HANDSHAKE) { + rc = ngx_quic_handshake_input(c, &pkt); + + } else { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "BUG: unknown quic state"); return NGX_ERROR; } - } else { - if (ngx_quic_app_input(c, &pkt) != NGX_OK) { - return NGX_ERROR; - } + } else { + rc = ngx_quic_app_input(c, &pkt); + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; } /* b->pos is at header end, adjust by actual packet length */ @@ -1073,7 +1093,6 @@ ngx_quic_read_frame(ngx_connection_t *c, case NGX_QUIC_FT_PING: ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "PING frame"); - p++; break; case NGX_QUIC_FT_NEW_CONNECTION_ID: @@ -1489,6 +1508,8 @@ ngx_quic_payload_handler(ngx_connection_ case NGX_QUIC_FT_STREAM6: case NGX_QUIC_FT_STREAM7: + ack_this = 1; + ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0, "STREAM frame 0x%xi id 0x%xi offset 0x%xi len 0x%xi bits:off=%d len=%d fin=%d", frame.type, @@ -1775,6 +1796,34 @@ ngx_quic_new_connection(ngx_connection_t static ngx_int_t +ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) +{ + ngx_ssl_conn_t *ssl_conn; + ngx_quic_connection_t *qc; + + qc = c->quic; + ssl_conn = c->ssl->connection; + + if (ngx_quic_process_long_header(c, pkt) != NGX_OK) { + return NGX_ERROR; + } + + if (ngx_quic_process_initial_header(c, pkt) != NGX_OK) { + return NGX_ERROR; + } + + pkt->secret = &qc->secrets.client.in; + pkt->level = ssl_encryption_initial; + + if (ngx_quic_decrypt(c->pool, ssl_conn, pkt) != NGX_OK) { + return NGX_ERROR; + } + + return ngx_quic_payload_handler(c, pkt); +} + + +static ngx_int_t ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) { ngx_ssl_conn_t *ssl_conn; @@ -1836,7 +1885,11 @@ ngx_quic_app_input(ngx_connection_t *c, qc = c->quic; - /* TODO: this is a stub, untested */ + if (qc->secrets.client.ad.key.len == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "no read keys yet, packet ignored"); + return NGX_DECLINED; + } if (ngx_quic_process_short_header(c, pkt) != NGX_OK) { return NGX_ERROR;
--- a/src/event/ngx_event_quic.h +++ b/src/event/ngx_event_quic.h @@ -11,7 +11,8 @@ #include <ngx_event_openssl.h> -#define quic_version 0xff000018 /* draft-24 */ +#define quic_version 0xff000018 /* draft-24 (ngtcp2) */ +//#define quic_version 0xff00001b /* draft-27 (FFN 76) */ /* 17.2. Long Header Packets */