Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_tokens.c @ 8946:56dec0d4e5b1 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: avoid excessive buffer allocations in stream output. Previously, when a few bytes were send to a QUIC stream by the application, a 4K buffer was allocated for these bytes. Then a STREAM frame was created and that entire buffer was used as data for that frame. The frame with the buffer were in use up until the frame was acked by client. Meanwhile, when more bytes were send to the stream, more buffers were allocated and assigned as data to newer STREAM frames. In this scenario most buffer memory is unused. Now the unused part of the stream output buffer is available for further stream output while earlier parts of the buffer are waiting to be acked. This is achieved by splitting the output buffer.
author Roman Arutyunyan <arut@nginx.com>
date Fri, 24 Dec 2021 18:13:51 +0300
parents 8f0f6407ae23
children a2fbae359828
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2 /*
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 * Copyright (C) Nginx, Inc.
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7 #include <ngx_config.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8 #include <ngx_core.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9 #include <ngx_event.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
10 #include <ngx_sha1.h>
8755
b4e6b7049984 QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8752
diff changeset
11 #include <ngx_event_quic_connection.h>
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
12
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
13
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
14 #define NGX_QUIC_MAX_TOKEN_SIZE 64
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
16
8801
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
17 /* RFC 3602, 2.1 and 2.4 for AES-CBC block size and IV length */
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
18 #define NGX_QUIC_AES_256_CBC_IV_LEN 16
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
19 #define NGX_QUIC_AES_256_CBC_BLOCK_SIZE 16
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
20
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
21
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
22 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
23 ngx_uint_t no_port, u_char buf[20]);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
24
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
25
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
26 ngx_int_t
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
27 ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
28 u_char *token)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
29 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
30 ngx_str_t tmp;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
31
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
32 tmp.data = secret;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
33 tmp.len = NGX_QUIC_SR_KEY_LEN;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
34
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
35 if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
36 NGX_QUIC_SR_TOKEN_LEN)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
37 != NGX_OK)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
38 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
39 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
40 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
41
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
42 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
43 "quic stateless reset token %*xs",
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
44 (size_t) NGX_QUIC_SR_TOKEN_LEN, token);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
45
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
46 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
47 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
48
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
49
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
50 ngx_int_t
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
51 ngx_quic_new_token(ngx_connection_t *c, struct sockaddr *sockaddr,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
52 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
53 time_t exp, ngx_uint_t is_retry)
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
54 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
55 int len, iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
56 u_char *p, *iv;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
57 EVP_CIPHER_CTX *ctx;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
58 const EVP_CIPHER *cipher;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
59
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
60 u_char in[NGX_QUIC_MAX_TOKEN_SIZE];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
61
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
62 ngx_quic_address_hash(sockaddr, socklen, !is_retry, in);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
63
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
64 p = in + 20;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
65
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
66 p = ngx_cpymem(p, &exp, sizeof(time_t));
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
67
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
68 *p++ = is_retry ? 1 : 0;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
69
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
70 if (odcid) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
71 *p++ = odcid->len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
72 p = ngx_cpymem(p, odcid->data, odcid->len);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
73
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74 } else {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
75 *p++ = 0;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
76 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
77
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
78 len = p - in;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
79
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
80 cipher = EVP_aes_256_cbc();
8801
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
81 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
82
8801
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
83 token->len = iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
84 token->data = ngx_pnalloc(c->pool, token->len);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
85 if (token->data == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
86 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
87 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
88
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
89 ctx = EVP_CIPHER_CTX_new();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
90 if (ctx == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
91 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
92 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
93
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
94 iv = token->data;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
95
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
96 if (RAND_bytes(iv, iv_len) <= 0
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
97 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
98 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
99 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
100 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
101 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
102
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
103 token->len = iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
104
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
105 if (EVP_EncryptUpdate(ctx, token->data + token->len, &len, in, len) != 1) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
106 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
107 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
108 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
109
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
110 token->len += len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
111
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
112 if (EVP_EncryptFinal_ex(ctx, token->data + token->len, &len) <= 0) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
113 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
114 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
115 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
116
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
117 token->len += len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
118
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
119 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
120
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
121 #ifdef NGX_QUIC_DEBUG_PACKETS
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
122 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
123 "quic new token len:%uz %xV", token->len, token);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
124 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
125
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
126 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
127 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
128
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
129
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
130 static void
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
131 ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
132 ngx_uint_t no_port, u_char buf[20])
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
133 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
134 size_t len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
135 u_char *data;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
136 ngx_sha1_t sha1;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
137 struct sockaddr_in *sin;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
138 #if (NGX_HAVE_INET6)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
139 struct sockaddr_in6 *sin6;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
140 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
141
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
142 len = (size_t) socklen;
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
143 data = (u_char *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
144
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
145 if (no_port) {
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
146 switch (sockaddr->sa_family) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
147
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
148 #if (NGX_HAVE_INET6)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
149 case AF_INET6:
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
150 sin6 = (struct sockaddr_in6 *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
151
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
152 len = sizeof(struct in6_addr);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
153 data = sin6->sin6_addr.s6_addr;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
154
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
155 break;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
156 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
157
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
158 case AF_INET:
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
159 sin = (struct sockaddr_in *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
160
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
161 len = sizeof(in_addr_t);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
162 data = (u_char *) &sin->sin_addr;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
163
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
164 break;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
165 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
166 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
167
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
168 ngx_sha1_init(&sha1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
169 ngx_sha1_update(&sha1, data, len);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
170 ngx_sha1_final(buf, &sha1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
171 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
172
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
173
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
174 ngx_int_t
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
175 ngx_quic_validate_token(ngx_connection_t *c, u_char *key,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
176 ngx_quic_header_t *pkt)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
177 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
178 int len, tlen, iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
179 u_char *iv, *p;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
180 time_t now, exp;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
181 size_t total;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
182 ngx_str_t odcid;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
183 EVP_CIPHER_CTX *ctx;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
184 const EVP_CIPHER *cipher;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
185
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
186 u_char addr_hash[20];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
187 u_char tdec[NGX_QUIC_MAX_TOKEN_SIZE];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
188
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
189 /* Retry token or NEW_TOKEN in a previous connection */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
190
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
191 cipher = EVP_aes_256_cbc();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
192 iv = pkt->token.data;
8801
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
193 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
194
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
195 /* sanity checks */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
196
8801
2029a30863e2 QUIC: using compile time block/iv length for tokens.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8763
diff changeset
197 if (pkt->token.len < (size_t) iv_len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
198 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
199 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
200
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
201 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
202 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
203 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
204
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
205 ctx = EVP_CIPHER_CTX_new();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
206 if (ctx == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
207 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
208 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
209
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
210 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
211 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
212 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
213 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
214
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
215 p = pkt->token.data + iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
216 len = pkt->token.len - iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
217
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
218 if (EVP_DecryptUpdate(ctx, tdec, &len, p, len) != 1) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
219 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
220 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
221 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
222 total = len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
223
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
224 if (EVP_DecryptFinal_ex(ctx, tdec + len, &tlen) <= 0) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
225 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
226 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
227 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
228 total += tlen;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
229
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
230 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
231
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
232 if (total < (20 + sizeof(time_t) + 2)) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
233 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
234 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
235
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
236 p = tdec + 20;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
237
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
238 ngx_memcpy(&exp, p, sizeof(time_t));
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
239 p += sizeof(time_t);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
240
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
241 pkt->retried = (*p++ == 1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
242
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
243 ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, addr_hash);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
244
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
245 if (ngx_memcmp(tdec, addr_hash, 20) != 0) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
246 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
247 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
248
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
249 odcid.len = *p++;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
250 if (odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
251 if (odcid.len > NGX_QUIC_MAX_CID_LEN) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
252 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
253 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
254
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
255 if ((size_t)(tdec + total - p) < odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
256 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
257 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
258
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
259 odcid.data = p;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
260 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
261
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
262 now = ngx_time();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
263
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
264 if (now > exp) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
265 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic expired token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
266 return NGX_DECLINED;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
267 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
268
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
269 if (odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
270 pkt->odcid.len = odcid.len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
271 pkt->odcid.data = ngx_pstrdup(c->pool, &odcid);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
272 if (pkt->odcid.data == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
273 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
274 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
275
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
276 } else {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
277 pkt->odcid = pkt->dcid;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
278 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
279
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
280 pkt->validated = 1;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
281
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
282 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
283
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
284 garbage:
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
285
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
286 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic garbage token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
287
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
288 return NGX_ABORT;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
289
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
290 bad_token:
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
291
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
292 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic invalid token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
293
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
294 return NGX_DECLINED;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
295 }