Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic.c @ 8751:bc910a5ec737 quic
QUIC: separate files for output and ack related processing.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Tue, 13 Apr 2021 14:41:20 +0300 |
| parents | 41807e581de9 |
| children | e19723c40d28 |
| rev | line source |
|---|---|
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
2 /* |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
4 */ |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
5 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
6 |
| 8171 | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
9 #include <ngx_event.h> |
| 8747 | 10 #include <ngx_sha1.h> |
|
8736
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8735
diff
changeset
|
11 #include <ngx_event_quic_connection.h> |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
12 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
13 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
14 /* |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
15 * 7.4. Cryptographic Message Buffering |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
16 * Implementations MUST support buffering at least 4096 bytes of data |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
17 */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
18 #define NGX_QUIC_MAX_BUFFERED 65535 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
19 |
|
8307
dc7ac778aafe
Introduced packet namespace in QUIC connection.
Vladimir Homutov <vl@nginx.com>
parents:
8306
diff
changeset
|
20 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
21 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
24 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
27 const uint8_t *secret, size_t secret_len); |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
28 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
29 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
30 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
31 const uint8_t *write_secret, size_t secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
32 #endif |
| 8225 | 33 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
34 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
35 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
36 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
37 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
38 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
39 static ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
40 ngx_quic_tp_t *ctp); |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
41 static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c, |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
42 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
43 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
44 ngx_quic_header_t *pkt); |
| 8686 | 45 static void ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port, |
| 46 u_char buf[20]); | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
47 static ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, |
| 8686 | 48 u_char *key, ngx_quic_header_t *pkt); |
| 8225 | 49 static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c); |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
50 static void ngx_quic_input_handler(ngx_event_t *rev); |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
51 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
52 static ngx_int_t ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
53 static void ngx_quic_close_timer_handler(ngx_event_t *ev); |
| 8225 | 54 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
55 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
56 ngx_quic_conf_t *conf); |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
57 static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
58 ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
59 static ngx_int_t ngx_quic_process_payload(ngx_connection_t *c, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
60 ngx_quic_header_t *pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
61 static void ngx_quic_discard_ctx(ngx_connection_t *c, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
62 enum ssl_encryption_level_t level); |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
63 static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc, |
| 8361 | 64 ngx_quic_header_t *pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
65 static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c, |
| 8225 | 66 ngx_quic_header_t *pkt); |
|
8751
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8750
diff
changeset
|
67 |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
68 |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
69 static ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c, |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
70 ngx_quic_header_t *pkt, ngx_quic_frame_t *frame); |
|
8749
660c4a2f95f3
QUIC: separate files for frames related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
71 ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, |
|
8378
81a4f98a2556
Cleaned up reordering code.
Vladimir Homutov <vl@nginx.com>
parents:
8377
diff
changeset
|
72 ngx_quic_frame_t *frame, void *data); |
|
8750
41807e581de9
QUIC: separate files for stream related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8749
diff
changeset
|
73 |
| 8309 | 74 static void ngx_quic_push_handler(ngx_event_t *ev); |
| 8225 | 75 |
| 76 | |
| 8674 | 77 static ngx_core_module_t ngx_quic_module_ctx = { |
| 78 ngx_string("quic"), | |
| 79 NULL, | |
| 80 NULL | |
| 81 }; | |
| 82 | |
| 83 | |
| 84 ngx_module_t ngx_quic_module = { | |
| 85 NGX_MODULE_V1, | |
| 86 &ngx_quic_module_ctx, /* module context */ | |
| 87 NULL, /* module directives */ | |
| 88 NGX_CORE_MODULE, /* module type */ | |
| 89 NULL, /* init master */ | |
| 90 NULL, /* init module */ | |
| 91 NULL, /* init process */ | |
| 92 NULL, /* init thread */ | |
| 93 NULL, /* exit thread */ | |
| 94 NULL, /* exit process */ | |
| 95 NULL, /* exit master */ | |
| 96 NGX_MODULE_V1_PADDING | |
| 97 }; | |
| 98 | |
| 99 | |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
100 static SSL_QUIC_METHOD quic_method = { |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
101 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
102 ngx_quic_set_read_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
103 ngx_quic_set_write_secret, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
104 #else |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
105 ngx_quic_set_encryption_secrets, |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
106 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
107 ngx_quic_add_handshake_data, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
108 ngx_quic_flush_flight, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
109 ngx_quic_send_alert, |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
110 }; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
111 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
112 |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
113 #if (NGX_DEBUG) |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
114 |
|
8751
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8750
diff
changeset
|
115 void |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
116 ngx_quic_connstate_dbg(ngx_connection_t *c) |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
117 { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
118 u_char *p, *last; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
119 ngx_quic_connection_t *qc; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
120 u_char buf[NGX_MAX_ERROR_STR]; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
121 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
122 p = buf; |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
123 last = p + sizeof(buf); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
124 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
125 qc = ngx_quic_get_connection(c); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
126 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
127 p = ngx_slprintf(p, last, "state:"); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
128 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
129 if (qc) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
130 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
131 if (qc->error) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
132 p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
133 p = ngx_slprintf(p, last, " error:%ui", qc->error); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
134 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
135 if (qc->error_reason) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
136 p = ngx_slprintf(p, last, " \"%s\"", qc->error_reason); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
137 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
138 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
139 |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
140 p = ngx_slprintf(p, last, "%s", qc->shutdown ? " shutdown" : ""); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
141 p = ngx_slprintf(p, last, "%s", qc->closing ? " closing" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
142 p = ngx_slprintf(p, last, "%s", qc->draining ? " draining" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
143 p = ngx_slprintf(p, last, "%s", qc->key_phase ? " kp" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
144 p = ngx_slprintf(p, last, "%s", qc->validated? " valid" : ""); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
145 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
146 } else { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
147 p = ngx_slprintf(p, last, " early"); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
148 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
149 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
150 if (c->read->timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
151 p = ngx_slprintf(p, last, |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
152 qc && qc->send_timer_set ? " send:%M" : " read:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
153 c->read->timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
154 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
155 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
156 if (qc) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
157 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
158 if (qc->push.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
159 p = ngx_slprintf(p, last, " push:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
160 qc->push.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
161 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
162 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
163 if (qc->pto.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
164 p = ngx_slprintf(p, last, " pto:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
165 qc->pto.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
166 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
167 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
168 if (qc->close.timer_set) { |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
169 p = ngx_slprintf(p, last, " close:%M", |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
170 qc->close.timer.key - ngx_current_msec); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
171 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
172 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
173 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
174 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
175 "quic %*s", p - buf, buf); |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
176 } |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
177 |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
178 #endif |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
179 |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
180 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
181 #if BORINGSSL_API_VERSION >= 10 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
182 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
183 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
184 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
185 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
186 const uint8_t *rsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
187 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
188 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
189 ngx_quic_connection_t *qc; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
190 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
191 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
192 qc = ngx_quic_get_connection(c); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
193 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
194 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
195 "quic ngx_quic_set_read_secret() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
196 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
197 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
198 "quic read secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
199 secret_len, rsecret); |
| 8359 | 200 #endif |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
201 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
202 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
203 cipher, rsecret, secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
204 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
205 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
206 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
207 static int |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
208 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
209 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
210 const uint8_t *wsecret, size_t secret_len) |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
211 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
212 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
213 ngx_quic_connection_t *qc; |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
214 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
215 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
216 qc = ngx_quic_get_connection(c); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
217 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
218 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
219 "quic ngx_quic_set_write_secret() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
220 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
221 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
222 "quic write secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
223 secret_len, wsecret); |
| 8359 | 224 #endif |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
225 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
226 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
227 cipher, wsecret, secret_len); |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
228 } |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
229 |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
230 #else |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
231 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
232 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
233 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
234 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
235 const uint8_t *wsecret, size_t secret_len) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
236 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
237 ngx_connection_t *c; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
238 const SSL_CIPHER *cipher; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
239 ngx_quic_connection_t *qc; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
240 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
241 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
242 qc = ngx_quic_get_connection(c); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
243 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
244 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
245 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
246 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
247 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
248 "quic read secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
249 secret_len, rsecret); |
| 8359 | 250 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
251 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
252 cipher = SSL_get_current_cipher(ssl_conn); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
253 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
254 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
255 cipher, rsecret, secret_len) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
256 != 1) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
257 { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
258 return 0; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
259 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
260 |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
261 if (level == ssl_encryption_early_data) { |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
262 return 1; |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
263 } |
|
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
264 |
| 8359 | 265 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
266 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
267 "quic write secret len:%uz %*xs", secret_len, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
268 secret_len, wsecret); |
| 8359 | 269 #endif |
|
8303
2ac03e80d013
TLS Early Data key derivation support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8302
diff
changeset
|
270 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
271 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
272 cipher, wsecret, secret_len); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
273 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
274 |
|
8204
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
275 #endif |
|
9e0c30e1f7fb
Compatibility with BoringSSL revised QUIC encryption secret APIs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8203
diff
changeset
|
276 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
277 |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
278 static int |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
279 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
280 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
281 { |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
282 u_char *p, *end; |
|
8658
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
283 size_t client_params_len; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
284 const uint8_t *client_params; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
285 ngx_quic_tp_t ctp; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
286 ngx_quic_frame_t *frame; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
287 ngx_connection_t *c; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
288 ngx_quic_connection_t *qc; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
289 ngx_quic_frames_stream_t *fs; |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
290 |
|
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
291 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
292 qc = ngx_quic_get_connection(c); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
293 |
|
8186
0a2683df5f11
Implemented improved version of quic_output().
Vladimir Homutov <vl@nginx.com>
parents:
8185
diff
changeset
|
294 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 295 "quic ngx_quic_add_handshake_data"); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
296 |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
297 if (!qc->client_tp_done) { |
| 8438 | 298 /* |
| 299 * things to do once during handshake: check ALPN and transport | |
| 300 * parameters; we want to break handshake if something is wrong | |
| 301 * here; | |
| 302 */ | |
| 303 | |
| 304 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) | |
|
8482
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
305 if (qc->conf->require_alpn) { |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
306 unsigned int len; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
307 const unsigned char *data; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
308 |
|
8619
bb3f4f669417
QUIC: passing ssl_conn to SSL_get0_alpn_selected() directly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8617
diff
changeset
|
309 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
|
8482
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
310 |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
311 if (len == 0) { |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
312 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
313 qc->error_reason = "unsupported protocol in ALPN extension"; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
314 |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
315 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
316 "quic unsupported protocol in ALPN extension"); |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
317 return 0; |
|
893b3313f53c
QUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan <arut@nginx.com>
parents:
8481
diff
changeset
|
318 } |
| 8438 | 319 } |
| 320 #endif | |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
321 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
322 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
323 &client_params_len); |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
324 |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
325 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 326 "quic SSL_get_peer_quic_transport_params():" |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
327 " params_len:%ui", client_params_len); |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
328 |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
329 if (client_params_len == 0) { |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
330 /* quic-tls 8.2 */ |
|
8447
97adb87f149b
Get rid of hardcoded numbers used for quic handshake errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8446
diff
changeset
|
331 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
332 qc->error_reason = "missing transport parameters"; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
333 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
334 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
335 "missing transport parameters"); |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
336 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
337 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
338 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
339 p = (u_char *) client_params; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
340 end = p + client_params_len; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
341 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
342 /* defaults for parameters not sent by client */ |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
343 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
344 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
345 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
346 != NGX_OK) |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
347 { |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
348 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
349 qc->error_reason = "failed to process transport parameters"; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
350 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
351 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
352 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
353 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
354 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
|
8435
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
355 return 0; |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
356 } |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
357 |
|
5bc9229ec4cf
QUIC: raise error on missing transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8434
diff
changeset
|
358 qc->client_tp_done = 1; |
|
8260
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
359 } |
|
f388c0ad3477
Added processing of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8259
diff
changeset
|
360 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
361 fs = &qc->crypto[level]; |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
362 |
|
8658
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
363 frame = ngx_quic_alloc_frame(c); |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
364 if (frame == NULL) { |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
365 return 0; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
366 } |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
367 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
368 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
369 if (frame->data == NGX_CHAIN_ERROR) { |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
370 return 0; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
371 } |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
372 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
373 frame->level = level; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
374 frame->type = NGX_QUIC_FT_CRYPTO; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
375 frame->u.crypto.offset = fs->sent; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
376 frame->u.crypto.length = len; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
377 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
378 fs->sent += len; |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
379 |
|
0af4ec6d1f92
QUIC: coalesce output packets into a single UDP datagram.
Roman Arutyunyan <arut@nginx.com>
parents:
8657
diff
changeset
|
380 ngx_quic_queue_frame(qc, frame); |
|
8184
ec1f84996990
Split frame and packet generation into separate steps.
Vladimir Homutov <vl@nginx.com>
parents:
8183
diff
changeset
|
381 |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
382 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
383 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
384 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
385 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
386 static int |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
387 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
388 { |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
389 #if (NGX_DEBUG) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
390 ngx_connection_t *c; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
391 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
392 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
393 |
| 8359 | 394 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 395 "quic ngx_quic_flush_flight()"); | |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
396 #endif |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
397 return 1; |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
398 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
399 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
400 |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
401 static ngx_int_t |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
402 ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
403 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
404 ngx_quic_connection_t *qc; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
405 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
406 qc = ngx_quic_get_connection(c); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
407 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
408 if (qc->scid.len != ctp->initial_scid.len |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
409 || ngx_memcmp(qc->scid.data, ctp->initial_scid.data, qc->scid.len) != 0) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
410 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
411 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
412 "quic client initial_source_connection_id mismatch"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
413 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
414 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
415 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
416 if (ctp->max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
417 || ctp->max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
418 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
419 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
420 qc->error_reason = "invalid maximum packet size"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
421 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
422 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
423 "quic maximum packet size is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
424 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
425 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
426 } else if (ctp->max_udp_payload_size > ngx_quic_max_udp_payload(c)) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
427 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
428 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
429 "quic client maximum packet size truncated"); |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
430 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
431 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
432 if (ctp->active_connection_id_limit < 2) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
433 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
434 qc->error_reason = "invalid active_connection_id_limit"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
435 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
436 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
437 "quic active_connection_id_limit is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
438 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
439 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
440 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
441 if (ctp->ack_delay_exponent > 20) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
442 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
443 qc->error_reason = "invalid ack_delay_exponent"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
444 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
445 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
446 "quic ack_delay_exponent is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
447 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
448 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
449 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
450 if (ctp->max_ack_delay > 16384) { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
451 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
452 qc->error_reason = "invalid max_ack_delay"; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
453 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
454 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
455 "quic max_ack_delay is invalid"); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
456 return NGX_ERROR; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
457 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
458 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
459 if (ctp->max_idle_timeout > 0 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
460 && ctp->max_idle_timeout < qc->tp.max_idle_timeout) |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
461 { |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
462 qc->tp.max_idle_timeout = ctp->max_idle_timeout; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
463 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
464 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
465 qc->streams.server_max_streams_bidi = ctp->initial_max_streams_bidi; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
466 qc->streams.server_max_streams_uni = ctp->initial_max_streams_uni; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
467 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
468 ngx_memcpy(&qc->ctp, ctp, sizeof(ngx_quic_tp_t)); |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
469 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
470 return NGX_OK; |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
471 } |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
472 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
473 |
| 8225 | 474 void |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
475 ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf) |
| 8225 | 476 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
477 ngx_int_t rc; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
478 ngx_quic_connection_t *qc; |
| 8225 | 479 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
480 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run"); |
| 8225 | 481 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
482 rc = ngx_quic_input(c, c->buffer, conf); |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
483 if (rc != NGX_OK) { |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
484 ngx_quic_close_connection(c, rc == NGX_DECLINED ? NGX_DONE : NGX_ERROR); |
| 8225 | 485 return; |
| 486 } | |
| 487 | |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
488 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
489 |
| 8686 | 490 if (qc == NULL) { |
| 491 ngx_quic_close_connection(c, NGX_DONE); | |
| 492 return; | |
| 493 } | |
| 494 | |
| 495 ngx_add_timer(c->read, qc->tp.max_idle_timeout); | |
| 496 ngx_quic_connstate_dbg(c); | |
| 8225 | 497 |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
498 c->read->handler = ngx_quic_input_handler; |
| 8225 | 499 |
| 500 return; | |
| 501 } | |
| 502 | |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
503 |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
504 static ngx_quic_connection_t * |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
505 ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf, |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
506 ngx_quic_header_t *pkt) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
507 { |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
508 ngx_uint_t i; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
509 ngx_quic_tp_t *ctp; |
| 8225 | 510 ngx_quic_connection_t *qc; |
|
8387
eebdda507ec3
Added tests for connection id lengths in initial packet.
Vladimir Homutov <vl@nginx.com>
parents:
8386
diff
changeset
|
511 |
| 8225 | 512 qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); |
| 513 if (qc == NULL) { | |
|
8561
b4ef79ef1c23
QUIC: refined the "c->quic->initialized" flag usage.
Vladimir Homutov <vl@nginx.com>
parents:
8560
diff
changeset
|
514 return NULL; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
515 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
516 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
517 qc->keys = ngx_quic_keys_new(c->pool); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
518 if (qc->keys == NULL) { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
519 return NULL; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
520 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
521 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
522 qc->version = pkt->version; |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
523 |
| 8225 | 524 ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel, |
| 525 ngx_quic_rbtree_insert_stream); | |
| 526 | |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
527 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
|
8331
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
8328
diff
changeset
|
528 ngx_queue_init(&qc->send_ctx[i].frames); |
|
bda817d16cc2
Rename types and variables used for packet number space.
Vladimir Homutov <vl@nginx.com>
parents:
8328
diff
changeset
|
529 ngx_queue_init(&qc->send_ctx[i].sent); |
|
8598
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
530 qc->send_ctx[i].largest_pn = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
531 qc->send_ctx[i].largest_ack = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
532 qc->send_ctx[i].largest_range = NGX_QUIC_UNSET_PN; |
|
85a550047eb5
QUIC: added macro for unset packet number.
Vladimir Homutov <vl@nginx.com>
parents:
8597
diff
changeset
|
533 qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN; |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
534 } |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
535 |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
536 qc->send_ctx[0].level = ssl_encryption_initial; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
537 qc->send_ctx[1].level = ssl_encryption_handshake; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
538 qc->send_ctx[2].level = ssl_encryption_application; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
539 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
540 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) { |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
541 ngx_queue_init(&qc->crypto[i].frames); |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
542 } |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
543 |
|
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
544 ngx_queue_init(&qc->free_frames); |
|
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
545 |
|
8469
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
546 qc->avg_rtt = NGX_QUIC_INITIAL_RTT; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
547 qc->rttvar = NGX_QUIC_INITIAL_RTT / 2; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
548 qc->min_rtt = NGX_TIMER_INFINITE; |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
549 |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
550 /* |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
551 * qc->latest_rtt = 0 |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
552 */ |
|
3b107aadc9f6
QUIC: added rtt estimation.
Vladimir Homutov <vl@nginx.com>
parents:
8458
diff
changeset
|
553 |
|
8477
031918df51c0
QUIC: added anti-amplification limit.
Vladimir Homutov <vl@nginx.com>
parents:
8476
diff
changeset
|
554 qc->received = pkt->raw->last - pkt->raw->start; |
|
031918df51c0
QUIC: added anti-amplification limit.
Vladimir Homutov <vl@nginx.com>
parents:
8476
diff
changeset
|
555 |
| 8472 | 556 qc->pto.log = c->log; |
| 557 qc->pto.data = c; | |
| 558 qc->pto.handler = ngx_quic_pto_handler; | |
| 559 qc->pto.cancelable = 1; | |
|
8308
e10b4c61420f
Implemented retransmission and retransmit queue.
Vladimir Homutov <vl@nginx.com>
parents:
8307
diff
changeset
|
560 |
| 8309 | 561 qc->push.log = c->log; |
| 562 qc->push.data = c; | |
| 563 qc->push.handler = ngx_quic_push_handler; | |
| 564 qc->push.cancelable = 1; | |
| 565 | |
|
8481
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8480
diff
changeset
|
566 qc->conf = conf; |
|
0d2b2664b41c
QUIC: added "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8480
diff
changeset
|
567 qc->tp = conf->tp; |
| 8225 | 568 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
569 if (qc->tp.disable_active_migration) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
570 qc->sockaddr = ngx_palloc(c->pool, c->socklen); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
571 if (qc->sockaddr == NULL) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
572 return NULL; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
573 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
574 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
575 ngx_memcpy(qc->sockaddr, c->sockaddr, c->socklen); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
576 qc->socklen = c->socklen; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
577 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
578 |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
579 ctp = &qc->ctp; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
580 |
|
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
581 /* defaults to be used before actual client parameters are received */ |
|
8436
9fe7875ce4bb
QUIC: further limiting maximum QUIC packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8435
diff
changeset
|
582 ctp->max_udp_payload_size = ngx_quic_max_udp_payload(c); |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
583 ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT; |
|
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
584 ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY; |
|
8701
ba9e34c03968
QUIC: added check of client transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8698
diff
changeset
|
585 ctp->active_connection_id_limit = 2; |
|
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
586 |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
587 qc->streams.recv_max_data = qc->tp.initial_max_data; |
|
8338
0f9e9786b90d
Added primitive flow control mechanisms.
Vladimir Homutov <vl@nginx.com>
parents:
8337
diff
changeset
|
588 |
|
8496
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
589 qc->streams.client_max_streams_uni = qc->tp.initial_max_streams_uni; |
|
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
590 qc->streams.client_max_streams_bidi = qc->tp.initial_max_streams_bidi; |
|
c5324bb3a704
QUIC: limited the number of client-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8495
diff
changeset
|
591 |
|
8415
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
592 qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size, |
|
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
593 ngx_max(2 * qc->tp.max_udp_payload_size, |
|
125cbfa77013
Renamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8413
diff
changeset
|
594 14720)); |
|
8623
8550b91e8e35
QUIC: added proper logging of special values.
Vladimir Homutov <vl@nginx.com>
parents:
8622
diff
changeset
|
595 qc->congestion.ssthresh = (size_t) -1; |
|
8364
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8363
diff
changeset
|
596 qc->congestion.recovery_start = ngx_current_msec; |
|
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8363
diff
changeset
|
597 |
|
8746
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
598 if (pkt->validated && pkt->retried) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
599 qc->tp.retry_scid.len = pkt->dcid.len; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
600 qc->tp.retry_scid.data = ngx_pstrdup(c->pool, &pkt->dcid); |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
601 if (qc->tp.retry_scid.data == NULL) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
602 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
603 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
604 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
605 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
606 if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid, |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
607 qc->version) |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
608 != NGX_OK) |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
609 { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
610 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
611 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
612 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
613 qc->validated = pkt->validated; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
614 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
615 if (ngx_quic_setup_connection_ids(c, qc, pkt) != NGX_OK) { |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
616 return NULL; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
617 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
618 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
619 return qc; |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
620 } |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
621 |
|
0c628de2e2b7
QUIC: separate function for connection ids initialization.
Vladimir Homutov <vl@nginx.com>
parents:
8745
diff
changeset
|
622 |
|
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
623 ngx_int_t |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
624 ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
625 u_char *token) |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
626 { |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
627 ngx_str_t tmp; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
628 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
629 tmp.data = secret; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
630 tmp.len = NGX_QUIC_SR_KEY_LEN; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
631 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
632 if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
633 NGX_QUIC_SR_TOKEN_LEN) |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
634 != NGX_OK) |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
635 { |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
636 return NGX_ERROR; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
637 } |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
638 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
639 #if (NGX_DEBUG) |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
640 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
641 "quic stateless reset token %*xs", |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
642 (size_t) NGX_QUIC_SR_TOKEN_LEN, token); |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
643 #endif |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
644 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
645 return NGX_OK; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
646 } |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
647 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
648 |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
649 static ngx_int_t |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
650 ngx_quic_process_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
651 { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
652 u_char *tail, ch; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
653 ngx_uint_t i; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
654 ngx_queue_t *q; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
655 ngx_quic_client_id_t *cid; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
656 ngx_quic_connection_t *qc; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
657 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
658 qc = ngx_quic_get_connection(c); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
659 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
660 /* A stateless reset uses an entire UDP datagram */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
661 if (pkt->raw->start != pkt->data) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
662 return NGX_DECLINED; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
663 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
664 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
665 tail = pkt->raw->last - NGX_QUIC_SR_TOKEN_LEN; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
666 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
667 for (q = ngx_queue_head(&qc->client_ids); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
668 q != ngx_queue_sentinel(&qc->client_ids); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
669 q = ngx_queue_next(q)) |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
670 { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
671 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
672 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
673 if (cid->seqnum == 0) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
674 /* no stateless reset token in initial connection id */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
675 continue; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
676 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
677 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
678 /* constant time comparison */ |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
679 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
680 for (ch = 0, i = 0; i < NGX_QUIC_SR_TOKEN_LEN; i++) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
681 ch |= tail[i] ^ cid->sr_token[i]; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
682 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
683 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
684 if (ch == 0) { |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
685 return NGX_OK; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
686 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
687 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
688 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
689 return NGX_DECLINED; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
690 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
691 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
692 |
|
8751
bc910a5ec737
QUIC: separate files for output and ack related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8750
diff
changeset
|
693 ngx_int_t |
| 8686 | 694 ngx_quic_new_token(ngx_connection_t *c, u_char *key, ngx_str_t *token, |
| 695 ngx_str_t *odcid, time_t exp, ngx_uint_t is_retry) | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
696 { |
| 8686 | 697 int len, iv_len; |
| 698 u_char *p, *iv; | |
| 699 EVP_CIPHER_CTX *ctx; | |
| 700 const EVP_CIPHER *cipher; | |
| 701 | |
| 702 u_char in[NGX_QUIC_MAX_TOKEN_SIZE]; | |
| 703 | |
| 704 ngx_quic_address_hash(c, !is_retry, in); | |
| 705 | |
| 706 p = in + 20; | |
| 707 | |
| 708 p = ngx_cpymem(p, &exp, sizeof(time_t)); | |
| 709 | |
| 710 *p++ = is_retry ? 1 : 0; | |
| 711 | |
| 712 if (odcid) { | |
| 713 *p++ = odcid->len; | |
| 714 p = ngx_cpymem(p, odcid->data, odcid->len); | |
| 715 | |
| 716 } else { | |
| 717 *p++ = 0; | |
| 718 } | |
| 719 | |
| 720 len = p - in; | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
721 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
722 cipher = EVP_aes_256_cbc(); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
723 iv_len = EVP_CIPHER_iv_length(cipher); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
724 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
725 token->len = iv_len + len + EVP_CIPHER_block_size(cipher); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
726 token->data = ngx_pnalloc(c->pool, token->len); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
727 if (token->data == NULL) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
728 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
729 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
730 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
731 ctx = EVP_CIPHER_CTX_new(); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
732 if (ctx == NULL) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
733 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
734 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
735 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
736 iv = token->data; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
737 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
738 if (RAND_bytes(iv, iv_len) <= 0 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
739 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
740 { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
741 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
742 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
743 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
744 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
745 token->len = iv_len; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
746 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
747 if (EVP_EncryptUpdate(ctx, token->data + token->len, &len, in, len) != 1) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
748 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
749 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
750 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
751 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
752 token->len += len; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
753 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
754 if (EVP_EncryptFinal_ex(ctx, token->data + token->len, &len) <= 0) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
755 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
756 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
757 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
758 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
759 token->len += len; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
760 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
761 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
762 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
763 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
764 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
765 "quic new token len:%uz %xV", token->len, token); |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
766 #endif |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
767 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
768 return NGX_OK; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
769 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
770 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
771 |
| 8686 | 772 static void |
| 773 ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port, u_char buf[20]) | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
774 { |
| 8686 | 775 size_t len; |
| 776 u_char *data; | |
| 777 ngx_sha1_t sha1; | |
| 778 struct sockaddr_in *sin; | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
779 #if (NGX_HAVE_INET6) |
| 8686 | 780 struct sockaddr_in6 *sin6; |
| 781 #endif | |
| 782 | |
| 783 len = (size_t) c->socklen; | |
| 784 data = (u_char *) c->sockaddr; | |
| 785 | |
| 786 if (no_port) { | |
| 787 switch (c->sockaddr->sa_family) { | |
| 788 | |
| 789 #if (NGX_HAVE_INET6) | |
| 790 case AF_INET6: | |
| 791 sin6 = (struct sockaddr_in6 *) c->sockaddr; | |
| 792 | |
| 793 len = sizeof(struct in6_addr); | |
| 794 data = sin6->sin6_addr.s6_addr; | |
| 795 | |
| 796 break; | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
797 #endif |
| 8686 | 798 |
| 799 case AF_INET: | |
| 800 sin = (struct sockaddr_in *) c->sockaddr; | |
| 801 | |
| 802 len = sizeof(in_addr_t); | |
| 803 data = (u_char *) &sin->sin_addr; | |
| 804 | |
| 805 break; | |
| 806 } | |
| 807 } | |
| 808 | |
| 809 ngx_sha1_init(&sha1); | |
| 810 ngx_sha1_update(&sha1, data, len); | |
| 811 ngx_sha1_final(buf, &sha1); | |
| 812 } | |
| 813 | |
| 814 | |
| 815 static ngx_int_t | |
| 816 ngx_quic_validate_token(ngx_connection_t *c, u_char *key, | |
| 817 ngx_quic_header_t *pkt) | |
| 818 { | |
| 819 int len, tlen, iv_len; | |
| 820 u_char *iv, *p; | |
| 821 time_t now, exp; | |
| 822 size_t total; | |
| 823 ngx_str_t odcid; | |
| 824 EVP_CIPHER_CTX *ctx; | |
| 825 const EVP_CIPHER *cipher; | |
| 826 | |
| 827 u_char addr_hash[20]; | |
| 828 u_char tdec[NGX_QUIC_MAX_TOKEN_SIZE]; | |
| 829 | |
| 830 /* Retry token or NEW_TOKEN in a previous connection */ | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
831 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
832 cipher = EVP_aes_256_cbc(); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
833 iv = pkt->token.data; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
834 iv_len = EVP_CIPHER_iv_length(cipher); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
835 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
836 /* sanity checks */ |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
837 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
838 if (pkt->token.len < (size_t) iv_len + EVP_CIPHER_block_size(cipher)) { |
| 8686 | 839 goto garbage; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
840 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
841 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
842 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) { |
| 8686 | 843 goto garbage; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
844 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
845 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
846 ctx = EVP_CIPHER_CTX_new(); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
847 if (ctx == NULL) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
848 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
849 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
850 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
851 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
852 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
853 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
854 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
855 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
856 p = pkt->token.data + iv_len; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
857 len = pkt->token.len - iv_len; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
858 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
859 if (EVP_DecryptUpdate(ctx, tdec, &len, p, len) != 1) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
860 EVP_CIPHER_CTX_free(ctx); |
| 8686 | 861 goto garbage; |
| 862 } | |
| 863 total = len; | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
864 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
865 if (EVP_DecryptFinal_ex(ctx, tdec + len, &tlen) <= 0) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
866 EVP_CIPHER_CTX_free(ctx); |
| 8686 | 867 goto garbage; |
| 868 } | |
| 869 total += tlen; | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
870 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
871 EVP_CIPHER_CTX_free(ctx); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
872 |
| 8686 | 873 if (total < (20 + sizeof(time_t) + 2)) { |
| 874 goto garbage; | |
| 875 } | |
| 876 | |
| 877 p = tdec + 20; | |
| 878 | |
| 879 ngx_memcpy(&exp, p, sizeof(time_t)); | |
| 880 p += sizeof(time_t); | |
| 881 | |
| 882 pkt->retried = (*p++ == 1); | |
| 883 | |
| 884 ngx_quic_address_hash(c, !pkt->retried, addr_hash); | |
| 885 | |
| 886 if (ngx_memcmp(tdec, addr_hash, 20) != 0) { | |
|
8399
ffd362e87eb2
Added more context to CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8398
diff
changeset
|
887 goto bad_token; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
888 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
889 |
| 8686 | 890 odcid.len = *p++; |
| 891 if (odcid.len) { | |
| 892 if (odcid.len > NGX_QUIC_MAX_CID_LEN) { | |
| 893 goto bad_token; | |
| 894 } | |
| 895 | |
| 896 if ((size_t)(tdec + total - p) < odcid.len) { | |
| 897 goto bad_token; | |
| 898 } | |
| 899 | |
| 900 odcid.data = p; | |
| 901 p += odcid.len; | |
| 902 } | |
| 903 | |
| 904 now = ngx_time(); | |
| 905 | |
| 906 if (now > exp) { | |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
907 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic expired token"); |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
908 return NGX_DECLINED; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
909 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
910 |
| 8686 | 911 if (odcid.len) { |
| 912 pkt->odcid.len = odcid.len; | |
| 913 pkt->odcid.data = ngx_pstrdup(c->pool, &odcid); | |
| 914 if (pkt->odcid.data == NULL) { | |
| 915 return NGX_ERROR; | |
| 916 } | |
| 917 | |
| 918 } else { | |
| 919 pkt->odcid = pkt->dcid; | |
| 920 } | |
| 921 | |
| 922 pkt->validated = 1; | |
| 923 | |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
924 return NGX_OK; |
|
8399
ffd362e87eb2
Added more context to CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8398
diff
changeset
|
925 |
| 8686 | 926 garbage: |
| 927 | |
| 928 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic garbage token"); | |
| 929 | |
| 930 return NGX_ABORT; | |
| 931 | |
|
8399
ffd362e87eb2
Added more context to CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8398
diff
changeset
|
932 bad_token: |
|
ffd362e87eb2
Added more context to CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8398
diff
changeset
|
933 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
934 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic invalid token"); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
935 |
|
8622
183275308d9a
QUIC: fixed address validation issues in a new connection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8621
diff
changeset
|
936 return NGX_DECLINED; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
937 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
938 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
939 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
940 static ngx_int_t |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8220
diff
changeset
|
941 ngx_quic_init_connection(ngx_connection_t *c) |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
942 { |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
943 u_char *p; |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
944 size_t clen; |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
945 ssize_t len; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
946 ngx_ssl_conn_t *ssl_conn; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
947 ngx_quic_connection_t *qc; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
948 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
949 qc = ngx_quic_get_connection(c); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
950 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
951 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
952 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
953 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
954 |
|
8655
f596a4e5794b
QUIC: disabling bidirectional SSL shutdown earlier.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8652
diff
changeset
|
955 c->ssl->no_wait_shutdown = 1; |
|
f596a4e5794b
QUIC: disabling bidirectional SSL shutdown earlier.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8652
diff
changeset
|
956 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
957 ssl_conn = c->ssl->connection; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
958 |
|
8232
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
959 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
960 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 8361 | 961 "quic SSL_set_quic_method() failed"); |
|
8232
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
962 return NGX_ERROR; |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
963 } |
|
253cf267f95a
Moved setting QUIC methods to runtime.
Roman Arutyunyan <arut@nginx.com>
parents:
8231
diff
changeset
|
964 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
965 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
|
8564
b52b2a33b0e5
QUIC: fixed build with OpenSSL after bed310672f39.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8563
diff
changeset
|
966 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
967 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
968 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
969 #endif |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
970 |
|
8717
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
971 #if BORINGSSL_API_VERSION >= 13 |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
972 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
973 #endif |
|
0a0b1de9ccab
QUIC: fixed expected TLS codepoint with final draft and BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8710
diff
changeset
|
974 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
975 if (ngx_quic_new_sr_token(c, &qc->dcid, qc->conf->sr_token_key, |
|
8634
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
976 qc->tp.sr_token) |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
977 != NGX_OK) |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
978 { |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
979 return NGX_ERROR; |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
980 } |
|
831d1960826f
QUIC: generate default stateless reset token key.
Roman Arutyunyan <arut@nginx.com>
parents:
8631
diff
changeset
|
981 |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
982 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
983 "quic stateless reset token %*xs", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
984 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
985 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
986 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
987 /* always succeeds */ |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
988 |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
989 p = ngx_pnalloc(c->pool, len); |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
990 if (p == NULL) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
991 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
992 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
993 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
994 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
995 if (len < 0) { |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
996 return NGX_ERROR; |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
997 } |
|
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
998 |
| 8359 | 999 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1000 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1001 "quic transport parameters len:%uz %*xs", len, len, p); |
| 8359 | 1002 #endif |
| 1003 | |
|
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8246
diff
changeset
|
1004 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1005 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 8361 | 1006 "quic SSL_set_quic_transport_params() failed"); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1007 return NGX_ERROR; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1008 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1009 |
|
8422
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1010 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1011 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1012 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1013 "quic SSL_set_quic_early_data_context() failed"); |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1014 return NGX_ERROR; |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1015 } |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1016 #endif |
|
90b02ff6b003
Compatibility with BoringSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8421
diff
changeset
|
1017 |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1018 return NGX_OK; |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1019 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1020 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1021 |
| 8225 | 1022 static void |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1023 ngx_quic_input_handler(ngx_event_t *rev) |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
1024 { |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1025 ngx_int_t rc; |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1026 ngx_buf_t *b; |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1027 ngx_connection_t *c; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1028 ngx_quic_connection_t *qc; |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
1029 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1030 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler"); |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1031 |
| 8225 | 1032 c = rev->data; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1033 qc = ngx_quic_get_connection(c); |
|
8211
6bc18966b8c1
Stream "connection" read/write methods.
Vladimir Homutov <vl@nginx.com>
parents:
8209
diff
changeset
|
1034 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1035 c->log->action = "handling quic input"; |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
1036 |
| 8225 | 1037 if (rev->timedout) { |
| 8361 | 1038 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, |
| 1039 "quic client timed out"); | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1040 ngx_quic_close_connection(c, NGX_DONE); |
| 8225 | 1041 return; |
|
8212
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
1042 } |
|
e3c0b19a3a8a
Implemented ngx_quic_stream_send_chain() method.
Roman Arutyunyan <arut@nginx.com>
parents:
8211
diff
changeset
|
1043 |
| 8225 | 1044 if (c->close) { |
|
8442
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8439
diff
changeset
|
1045 qc->error_reason = "graceful shutdown"; |
|
b9bce2c4fe33
Close QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8439
diff
changeset
|
1046 ngx_quic_close_connection(c, NGX_OK); |
| 8225 | 1047 return; |
| 1048 } | |
|
8220
7ada2feeac18
Added processing of CONNECTION CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8218
diff
changeset
|
1049 |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1050 if (!rev->ready) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1051 if (qc->closing) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1052 ngx_quic_close_connection(c, NGX_OK); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1053 } |
| 8225 | 1054 return; |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1055 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1056 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1057 if (qc->tp.disable_active_migration) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1058 if (c->socklen != qc->socklen |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1059 || ngx_memcmp(c->sockaddr, qc->sockaddr, c->socklen) != 0) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1060 { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1061 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1062 "quic dropping packet from new address"); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1063 return; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1064 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1065 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1066 |
|
8734
c61fcdc1b8e3
UDP: extended datagram context.
Vladimir Homutov <vl@nginx.com>
parents:
8730
diff
changeset
|
1067 b = c->udp->dgram->buffer; |
|
8730
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1068 |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1069 qc->received += (b->last - b->pos); |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1070 |
|
90ae21799f67
QUIC: do not copy input data.
Roman Arutyunyan <arut@nginx.com>
parents:
8724
diff
changeset
|
1071 rc = ngx_quic_input(c, b, NULL); |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1072 |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1073 if (rc == NGX_ERROR) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1074 ngx_quic_close_connection(c, NGX_ERROR); |
| 8225 | 1075 return; |
| 1076 } | |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1077 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1078 if (rc == NGX_DECLINED) { |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1079 return; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1080 } |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1081 |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1082 /* rc == NGX_OK */ |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1083 |
|
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1084 qc->send_timer_set = 0; |
|
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8270
diff
changeset
|
1085 ngx_add_timer(rev, qc->tp.max_idle_timeout); |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1086 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1087 ngx_quic_connstate_dbg(c); |
|
8199
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1088 } |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1089 |
|
1297dc83a6b9
Generic payload handler for quic packets.
Vladimir Homutov <vl@nginx.com>
parents:
8198
diff
changeset
|
1090 |
|
8736
714e9af983de
QUIC: separate header for ngx_quic_connection_t.
Vladimir Homutov <vl@nginx.com>
parents:
8735
diff
changeset
|
1091 void |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1092 ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc) |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1093 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1094 ngx_pool_t *pool; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1095 ngx_quic_connection_t *qc; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1096 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1097 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
1098 "quic ngx_quic_close_connection rc:%i", rc); |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1099 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1100 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1101 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1102 if (qc == NULL) { |
| 8686 | 1103 if (rc == NGX_ERROR) { |
| 1104 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
1105 "quic close connection early error"); |
| 8686 | 1106 } |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1107 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1108 } else if (ngx_quic_close_quic(c, rc) == NGX_AGAIN) { |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1109 return; |
|
8281
618a65de08b3
When closing a QUIC connection, wait for all streams to finish.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
1110 } |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1111 |
| 8225 | 1112 if (c->ssl) { |
| 1113 (void) ngx_ssl_shutdown(c); | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1114 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1115 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1116 if (c->read->timer_set) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1117 ngx_del_timer(c->read); |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1118 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1119 |
| 8225 | 1120 #if (NGX_STAT_STUB) |
| 1121 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
| 1122 #endif | |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1123 |
| 8225 | 1124 c->destroyed = 1; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1125 |
| 8225 | 1126 pool = c->pool; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1127 |
| 8225 | 1128 ngx_close_connection(c); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1129 |
| 8225 | 1130 ngx_destroy_pool(pool); |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1131 } |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1132 |
|
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1133 |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1134 static ngx_int_t |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1135 ngx_quic_close_quic(ngx_connection_t *c, ngx_int_t rc) |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1136 { |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1137 ngx_uint_t i; |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1138 ngx_queue_t *q; |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1139 ngx_quic_send_ctx_t *ctx; |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1140 ngx_quic_server_id_t *sid; |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1141 ngx_quic_connection_t *qc; |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1142 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1143 qc = ngx_quic_get_connection(c); |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1144 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1145 if (!qc->closing) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1146 |
|
8398
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
1147 /* drop packets from retransmit queues, no ack is expected */ |
|
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
1148 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
|
8652
e9bd4305e68b
QUIC: fixed send contexts cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8651
diff
changeset
|
1149 ngx_quic_free_frames(c, &qc->send_ctx[i].sent); |
|
8398
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
1150 } |
|
8bec0ac23cf9
Fixed retransmission of frames after closing connection.
Vladimir Homutov <vl@nginx.com>
parents:
8397
diff
changeset
|
1151 |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1152 if (rc == NGX_DONE) { |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1153 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1154 /* |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1155 * 10.2. Idle Timeout |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1156 * |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1157 * If the idle timeout is enabled by either peer, a connection is |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1158 * silently closed and its state is discarded when it remains idle |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1159 */ |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1160 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1161 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1162 "quic closing %s connection", |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1163 qc->draining ? "drained" : "idle"); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1164 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1165 } else { |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1166 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1167 /* |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1168 * 10.3. Immediate Close |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1169 * |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1170 * An endpoint sends a CONNECTION_CLOSE frame (Section 19.19) |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1171 * to terminate the connection immediately. |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1172 */ |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1173 |
|
8475
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1174 qc->error_level = c->ssl ? SSL_quic_read_level(c->ssl->connection) |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1175 : ssl_encryption_initial; |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1176 |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1177 if (rc == NGX_OK) { |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
1178 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
1179 "quic immediate close drain:%d", |
|
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8701
diff
changeset
|
1180 qc->draining); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1181 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1182 qc->close.log = c->log; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1183 qc->close.data = c; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1184 qc->close.handler = ngx_quic_close_timer_handler; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1185 qc->close.cancelable = 1; |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1186 |
|
8475
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1187 ctx = ngx_quic_get_send_ctx(qc, qc->error_level); |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1188 |
|
b276833111cf
QUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8474
diff
changeset
|
1189 ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx)); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1190 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1191 qc->error = NGX_QUIC_ERR_NO_ERROR; |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1192 |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1193 } else { |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1194 if (qc->error == 0 && !qc->error_app) { |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1195 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1196 } |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1197 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1198 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
1199 "quic immediate close due to %s error: %ui %s", |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1200 qc->error_app ? "app " : "", qc->error, |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1201 qc->error_reason ? qc->error_reason : ""); |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1202 } |
|
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1203 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1204 (void) ngx_quic_send_cc(c); |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1205 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1206 if (qc->error_level == ssl_encryption_handshake) { |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1207 /* for clients that might not have handshake keys */ |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1208 qc->error_level = ssl_encryption_initial; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1209 (void) ngx_quic_send_cc(c); |
|
8400
d96ddef458cd
Added sending of extra CONNECTION_CLOSE frames.
Vladimir Homutov <vl@nginx.com>
parents:
8399
diff
changeset
|
1210 } |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1211 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1212 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1213 qc->closing = 1; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1214 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1215 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1216 if (rc == NGX_ERROR && qc->close.timer_set) { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1217 /* do not wait for timer in case of fatal error */ |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1218 ngx_del_timer(&qc->close); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1219 } |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1220 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1221 if (ngx_quic_close_streams(c, qc) == NGX_AGAIN) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1222 return NGX_AGAIN; |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1223 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1224 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1225 if (qc->push.timer_set) { |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1226 ngx_del_timer(&qc->push); |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1227 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1228 |
| 8472 | 1229 if (qc->pto.timer_set) { |
| 1230 ngx_del_timer(&qc->pto); | |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1231 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1232 |
|
8434
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
1233 if (qc->push.posted) { |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
1234 ngx_delete_posted_event(&qc->push); |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
1235 } |
|
ea4899591798
QUIC: Fixed connection cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8433
diff
changeset
|
1236 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1237 while (!ngx_queue_empty(&qc->server_ids)) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1238 q = ngx_queue_head(&qc->server_ids); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1239 sid = ngx_queue_data(q, ngx_quic_server_id_t, queue); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1240 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1241 ngx_queue_remove(q); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1242 ngx_rbtree_delete(&c->listening->rbtree, &sid->udp.node); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1243 qc->nserver_ids--; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1244 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1245 |
|
8553
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
1246 if (qc->close.timer_set) { |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
1247 return NGX_AGAIN; |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
1248 } |
|
dbcb9d0a3df1
QUIC: prevented posted push event while in the draining state.
Vladimir Homutov <vl@nginx.com>
parents:
8546
diff
changeset
|
1249 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1250 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1251 "quic part of connection is terminated"); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1252 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1253 /* may be tested from SSL callback during SSL shutdown */ |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1254 c->udp = NULL; |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1255 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1256 return NGX_OK; |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1257 } |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1258 |
|
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1259 |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1260 void |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1261 ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1262 const char *reason) |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1263 { |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1264 ngx_quic_connection_t *qc; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1265 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1266 qc = ngx_quic_get_connection(c); |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1267 qc->error = err; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1268 qc->error_reason = reason; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1269 qc->error_app = 1; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1270 qc->error_ftype = 0; |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1271 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1272 ngx_quic_close_connection(c, NGX_ERROR); |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1273 } |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1274 |
|
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1275 |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1276 void |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1277 ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err, |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1278 const char *reason) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1279 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1280 ngx_quic_connection_t *qc; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1281 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1282 qc = ngx_quic_get_connection(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1283 qc->shutdown = 1; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1284 qc->shutdown_code = err; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1285 qc->shutdown_reason = reason; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1286 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1287 ngx_quic_shutdown_quic(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1288 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1289 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
1290 |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1291 static void |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1292 ngx_quic_close_timer_handler(ngx_event_t *ev) |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1293 { |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1294 ngx_connection_t *c; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1295 |
| 8359 | 1296 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic close timer"); |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1297 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1298 c = ev->data; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1299 ngx_quic_close_connection(c, NGX_DONE); |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1300 } |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1301 |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1302 |
|
8354
d11bc25fc4c3
Refactored ngx_quic_close_connection().
Vladimir Homutov <vl@nginx.com>
parents:
8350
diff
changeset
|
1303 static ngx_int_t |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1304 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf) |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1305 { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1306 u_char *p; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1307 ngx_int_t rc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1308 ngx_uint_t good; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1309 ngx_quic_header_t pkt; |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1310 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1311 good = 0; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1312 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1313 p = b->pos; |
|
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8207
diff
changeset
|
1314 |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1315 while (p < b->last) { |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1316 |
| 8225 | 1317 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
| 1318 pkt.raw = b; | |
| 1319 pkt.data = p; | |
| 1320 pkt.len = b->last - p; | |
| 1321 pkt.log = c->log; | |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
1322 pkt.flags = p[0]; |
|
8559
a89a58c642ef
QUIC: simplified packet header parsing.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1323 pkt.raw->pos++; |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1324 |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1325 rc = ngx_quic_process_packet(c, conf, &pkt); |
|
8193
4355efde26d8
Added functions to decrypt long packets.
Vladimir Homutov <vl@nginx.com>
parents:
8192
diff
changeset
|
1326 |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1327 #if (NGX_DEBUG) |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1328 if (pkt.parsed) { |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1329 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1330 "quic packet %s done decr:%d pn:%L perr:%ui rc:%i", |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1331 ngx_quic_level_name(pkt.level), pkt.decrypted, |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
1332 pkt.pn, pkt.error, rc); |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1333 } else { |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1334 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1335 "quic packet done parse failed rc:%i", rc); |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1336 } |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1337 #endif |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1338 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1339 if (rc == NGX_ERROR) { |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1340 return NGX_ERROR; |
| 8225 | 1341 } |
|
8206
8d6ac639feac
Added support of multiple QUIC packets in single datagram.
Vladimir Homutov <vl@nginx.com>
parents:
8205
diff
changeset
|
1342 |
| 8686 | 1343 if (rc == NGX_DONE) { |
| 1344 /* stop further processing */ | |
| 1345 return NGX_DECLINED; | |
| 1346 } | |
| 1347 | |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1348 if (rc == NGX_OK) { |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1349 good = 1; |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1350 } |
|
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1351 |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1352 /* NGX_OK || NGX_DECLINED */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1353 |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1354 /* |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1355 * we get NGX_DECLINED when there are no keys [yet] available |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1356 * to decrypt packet. |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1357 * Instead of queueing it, we ignore it and rely on the sender's |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1358 * retransmission: |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1359 * |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1360 * 12.2. Coalescing Packets: |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1361 * |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1362 * For example, if decryption fails (because the keys are |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1363 * not available or any other reason), the receiver MAY either |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1364 * discard or buffer the packet for later processing and MUST |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1365 * attempt to process the remaining packets. |
|
8535
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1366 * |
|
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1367 * We also skip packets that don't match connection state |
|
eb5aa85294e9
QUIC: discard unrecognized long packes.
Vladimir Homutov <vl@nginx.com>
parents:
8533
diff
changeset
|
1368 * or cannot be parsed properly. |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1369 */ |
|
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1370 |
| 8225 | 1371 /* b->pos is at header end, adjust by actual packet length */ |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8557
diff
changeset
|
1372 b->pos = pkt.data + pkt.len; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1373 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1374 /* firefox workaround: skip zero padding at the end of quic packet */ |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1375 while (b->pos < b->last && *(b->pos) == 0) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1376 b->pos++; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1377 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1378 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1379 p = b->pos; |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1380 } |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1381 |
|
8545
702f1d2581a4
QUIC: eliminated idle timeout restart for dropped packets.
Roman Arutyunyan <arut@nginx.com>
parents:
8541
diff
changeset
|
1382 return good ? NGX_OK : NGX_DECLINED; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1383 } |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1384 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1385 |
|
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1386 static ngx_int_t |
|
8563
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1387 ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf, |
|
bed310672f39
QUIC: moved ssl configuration pointer to quic configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8562
diff
changeset
|
1388 ngx_quic_header_t *pkt) |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1389 { |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1390 ngx_int_t rc; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1391 ngx_quic_connection_t *qc; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1392 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1393 c->log->action = "parsing quic packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1394 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1395 rc = ngx_quic_parse_packet(pkt); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1396 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1397 if (rc == NGX_DECLINED || rc == NGX_ERROR) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1398 return rc; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1399 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1400 |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1401 pkt->parsed = 1; |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1402 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1403 c->log->action = "processing quic packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1404 |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1405 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1406 "quic packet rx dcid len:%uz %xV", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1407 pkt->dcid.len, &pkt->dcid); |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1408 |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1409 #if (NGX_DEBUG) |
|
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1410 if (pkt->level != ssl_encryption_application) { |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1411 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1412 "quic packet rx scid len:%uz %xV", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1413 pkt->scid.len, &pkt->scid); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1414 } |
|
8641
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1415 |
|
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1416 if (pkt->level == ssl_encryption_initial) { |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1417 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1418 "quic address validation token len:%uz %xV", |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8642
diff
changeset
|
1419 pkt->token.len, &pkt->token); |
|
8641
fe53def49945
QUIC: refactored long header parsing.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8639
diff
changeset
|
1420 } |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1421 #endif |
|
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8577
diff
changeset
|
1422 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1423 qc = ngx_quic_get_connection(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1424 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1425 if (qc) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1426 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1427 if (rc == NGX_ABORT) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1428 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1429 "quic unsupported version: 0x%xD", pkt->version); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1430 return NGX_DECLINED; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1431 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1432 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1433 if (pkt->level != ssl_encryption_application) { |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1434 |
|
8624
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1435 if (pkt->version != qc->version) { |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1436 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1437 "quic version mismatch: 0x%xD", pkt->version); |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1438 return NGX_DECLINED; |
|
340cd26158fb
QUIC: preparatory changes for multiple QUIC versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8623
diff
changeset
|
1439 } |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1440 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1441 if (ngx_quic_check_csid(qc, pkt) != NGX_OK) { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1442 return NGX_DECLINED; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
1443 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8561
diff
changeset
|
1444 |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1445 } else { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1446 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1447 if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) { |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1448 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1449 "quic stateless reset packet detected"); |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1450 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1451 qc->draining = 1; |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1452 ngx_quic_close_connection(c, NGX_OK); |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1453 |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1454 return NGX_OK; |
|
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1455 } |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1456 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1457 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1458 return ngx_quic_process_payload(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1459 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1460 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1461 /* packet does not belong to a connection */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1462 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1463 if (rc == NGX_ABORT) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1464 return ngx_quic_negotiate_version(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1465 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1466 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1467 if (pkt->level == ssl_encryption_application) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1468 return ngx_quic_send_stateless_reset(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1469 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1470 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1471 if (pkt->level != ssl_encryption_initial) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1472 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1473 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1474 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1475 c->log->action = "processing initial packet"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1476 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1477 if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1478 /* 7.2. Negotiating Connection IDs */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1479 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1480 "quic too short dcid in initial" |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1481 " packet: len:%i", pkt->dcid.len); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1482 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1483 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1484 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1485 /* process retry and initialize connection IDs */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1486 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1487 if (pkt->token.len) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1488 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1489 rc = ngx_quic_validate_token(c, conf->av_token_key, pkt); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1490 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1491 if (rc == NGX_ERROR) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1492 /* internal error */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1493 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1494 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1495 } else if (rc == NGX_ABORT) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1496 /* token cannot be decrypted */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1497 return ngx_quic_send_early_cc(c, pkt, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1498 NGX_QUIC_ERR_INVALID_TOKEN, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1499 "cannot decrypt token"); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1500 } else if (rc == NGX_DECLINED) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1501 /* token is invalid */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1502 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1503 if (pkt->retried) { |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1504 /* invalid address validation token */ |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1505 return ngx_quic_send_early_cc(c, pkt, |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1506 NGX_QUIC_ERR_INVALID_TOKEN, |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8693
diff
changeset
|
1507 "invalid address validation token"); |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1508 } else if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1509 /* invalid NEW_TOKEN */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1510 return ngx_quic_send_retry(c, conf, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1511 } |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1512 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1513 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1514 /* NGX_OK */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1515 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1516 } else if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1517 return ngx_quic_send_retry(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1518 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1519 } else { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1520 pkt->odcid = pkt->dcid; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1521 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1522 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1523 if (ngx_terminate || ngx_exiting) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1524 if (conf->retry) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1525 return ngx_quic_send_retry(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1526 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1527 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1528 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1529 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1530 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1531 c->log->action = "creating quic connection"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1532 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1533 qc = ngx_quic_new_connection(c, conf, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1534 if (qc == NULL) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1535 return NGX_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1536 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1537 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1538 return ngx_quic_process_payload(c, pkt); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1539 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1540 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1541 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1542 static ngx_int_t |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1543 ngx_quic_process_payload(ngx_connection_t *c, ngx_quic_header_t *pkt) |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1544 { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1545 ngx_int_t rc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1546 ngx_quic_send_ctx_t *ctx; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1547 ngx_quic_connection_t *qc; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1548 static u_char buf[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE]; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1549 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1550 qc = ngx_quic_get_connection(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1551 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1552 qc->error = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1553 qc->error_reason = 0; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1554 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1555 c->log->action = "decrypting packet"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1556 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1557 if (!ngx_quic_keys_available(qc->keys, pkt->level)) { |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1558 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1559 "quic no level %d keys yet, ignoring packet", pkt->level); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1560 return NGX_DECLINED; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1561 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1562 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1563 pkt->keys = qc->keys; |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1564 pkt->key_phase = qc->key_phase; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1565 pkt->plaintext = buf; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1566 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1567 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8382
diff
changeset
|
1568 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1569 rc = ngx_quic_decrypt(pkt, &ctx->largest_pn); |
|
8536
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1570 if (rc != NGX_OK) { |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1571 qc->error = pkt->error; |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1572 qc->error_reason = "failed to decrypt packet"; |
|
c6b963de0c00
QUIC: pass return code from ngx_quic_decrypt() to the caller.
Vladimir Homutov <vl@nginx.com>
parents:
8535
diff
changeset
|
1573 return rc; |
| 8223 | 1574 } |
| 1575 | |
|
8580
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1576 pkt->decrypted = 1; |
|
07971f870879
QUIC: added debug message with final packet processing status.
Vladimir Homutov <vl@nginx.com>
parents:
8579
diff
changeset
|
1577 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1578 if (c->ssl == NULL) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1579 if (ngx_quic_init_connection(c) != NGX_OK) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1580 return NGX_ERROR; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1581 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1582 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1583 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1584 if (pkt->level == ssl_encryption_handshake) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1585 /* |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1586 * 4.10.1. The successful use of Handshake packets indicates |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1587 * that no more Initial packets need to be exchanged |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1588 */ |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1589 ngx_quic_discard_ctx(c, ssl_encryption_initial); |
|
8611
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1590 |
|
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1591 if (qc->validated == 0) { |
|
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1592 qc->validated = 1; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1593 ngx_post_event(&qc->push, &ngx_posted_events); |
|
8611
e2086d8181fa
QUIC: added push event afer the address was validated.
Vladimir Homutov <vl@nginx.com>
parents:
8610
diff
changeset
|
1594 } |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1595 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1596 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1597 if (qc->closing) { |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1598 /* |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1599 * 10.1 Closing and Draining Connection States |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1600 * ... delayed or reordered packets are properly discarded. |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1601 * |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1602 * An endpoint retains only enough information to generate |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1603 * a packet containing a CONNECTION_CLOSE frame and to identify |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1604 * packets as belonging to the connection. |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1605 */ |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1606 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1607 qc->error_level = pkt->level; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1608 qc->error = NGX_QUIC_ERR_NO_ERROR; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1609 qc->error_reason = "connection is closing, packet discarded"; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1610 qc->error_ftype = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1611 qc->error_app = 0; |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1612 |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1613 return ngx_quic_send_cc(c); |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1614 } |
|
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1615 |
|
8603
c5ea341f705a
QUIC: optimized acknowledgement generation.
Vladimir Homutov <vl@nginx.com>
parents:
8602
diff
changeset
|
1616 pkt->received = ngx_current_msec; |
|
8574
1d4417e4f2d0
QUIC: fixed measuring ACK Delay against 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8573
diff
changeset
|
1617 |
|
8576
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1618 c->log->action = "handling payload"; |
|
eacca87c476e
QUIC: updated c->log->action strings to reflect proper state.
Vladimir Homutov <vl@nginx.com>
parents:
8575
diff
changeset
|
1619 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1620 if (pkt->level != ssl_encryption_application) { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1621 return ngx_quic_handle_frames(c, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1622 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1623 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1624 if (!pkt->key_update) { |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1625 return ngx_quic_handle_frames(c, pkt); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1626 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1627 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1628 /* switch keys and generate next on Key Phase change */ |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1629 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1630 qc->key_phase ^= 1; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1631 ngx_quic_keys_switch(c, qc->keys); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1632 |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1633 rc = ngx_quic_handle_frames(c, pkt); |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1634 if (rc != NGX_OK) { |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1635 return rc; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1636 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1637 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1638 return ngx_quic_keys_update(c, qc->keys); |
| 8223 | 1639 } |
| 1640 | |
| 1641 | |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1642 static void |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1643 ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level) |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1644 { |
|
8507
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1645 ngx_queue_t *q; |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1646 ngx_quic_frame_t *f; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8338
diff
changeset
|
1647 ngx_quic_send_ctx_t *ctx; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1648 ngx_quic_connection_t *qc; |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
1649 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1650 qc = ngx_quic_get_connection(c); |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1651 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1652 if (!ngx_quic_keys_available(qc->keys, level)) { |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1653 return; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1654 } |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1655 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1656 ngx_quic_keys_discard(qc->keys, level); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8620
diff
changeset
|
1657 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1658 qc->pto_count = 0; |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1659 |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1660 ctx = ngx_quic_get_send_ctx(qc, level); |
|
8507
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1661 |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1662 while (!ngx_queue_empty(&ctx->sent)) { |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1663 q = ngx_queue_head(&ctx->sent); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1664 ngx_queue_remove(q); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1665 |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1666 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1667 ngx_quic_congestion_ack(c, f); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1668 ngx_quic_free_frame(c, f); |
|
7f9938cbcd12
QUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8506
diff
changeset
|
1669 } |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1670 |
|
8612
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1671 while (!ngx_queue_empty(&ctx->frames)) { |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1672 q = ngx_queue_head(&ctx->frames); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1673 ngx_queue_remove(q); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1674 |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1675 f = ngx_queue_data(q, ngx_quic_frame_t, queue); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1676 ngx_quic_congestion_ack(c, f); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1677 ngx_quic_free_frame(c, f); |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1678 } |
|
b1676cd64dc9
QUIC: cleanup send context properly.
Vladimir Homutov <vl@nginx.com>
parents:
8611
diff
changeset
|
1679 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1680 if (level == ssl_encryption_initial) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1681 ngx_quic_clear_temp_server_ids(c); |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1682 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1683 |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1684 ctx->send_ack = 0; |
|
8697
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8696
diff
changeset
|
1685 |
|
faa3201ff351
QUIC: improved setting the lost timer.
Roman Arutyunyan <arut@nginx.com>
parents:
8696
diff
changeset
|
1686 ngx_quic_set_lost_timer(c); |
|
8304
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1687 } |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1688 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1689 |
|
90f94413177e
TLS Early Data support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8303
diff
changeset
|
1690 static ngx_int_t |
|
8688
a346905c359f
QUIC: fixed stateless reset recognition and send.
Roman Arutyunyan <arut@nginx.com>
parents:
8687
diff
changeset
|
1691 ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) |
| 8361 | 1692 { |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1693 ngx_queue_t *q; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1694 ngx_quic_client_id_t *cid; |
|
8381
6e100d8c138a
Preserve original DCID and unbreak parsing 0-RTT packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8380
diff
changeset
|
1695 |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1696 for (q = ngx_queue_head(&qc->client_ids); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1697 q != ngx_queue_sentinel(&qc->client_ids); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1698 q = ngx_queue_next(q)) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1699 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1700 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1701 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1702 if (pkt->scid.len == cid->len |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1703 && ngx_memcmp(pkt->scid.data, cid->id, cid->len) == 0) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1704 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1705 return NGX_OK; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1706 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1707 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1708 |
|
8560
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1709 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic scid"); |
|
d0d3fc0697a0
QUIC: packet processing refactoring.
Vladimir Homutov <vl@nginx.com>
parents:
8559
diff
changeset
|
1710 return NGX_ERROR; |
|
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8180
diff
changeset
|
1711 } |
| 8171 | 1712 |
| 1713 | |
| 8225 | 1714 static ngx_int_t |
|
8687
1c6343bd7933
QUIC: refactored packet processing.
Roman Arutyunyan <arut@nginx.com>
parents:
8686
diff
changeset
|
1715 ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 8225 | 1716 { |
| 1717 u_char *end, *p; | |
| 1718 ssize_t len; | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1719 ngx_buf_t buf; |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1720 ngx_uint_t do_close; |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1721 ngx_chain_t chain; |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1722 ngx_quic_frame_t frame; |
| 8225 | 1723 ngx_quic_connection_t *qc; |
| 1724 | |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1725 qc = ngx_quic_get_connection(c); |
| 8225 | 1726 |
| 1727 p = pkt->payload.data; | |
| 1728 end = p + pkt->payload.len; | |
| 1729 | |
| 1730 do_close = 0; | |
| 1731 | |
| 1732 while (p < end) { | |
| 1733 | |
| 8275 | 1734 c->log->action = "parsing frames"; |
| 1735 | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1736 ngx_memzero(&buf, sizeof(ngx_buf_t)); |
|
8659
d9f673d18e9b
QUIC: set the temporary flag for input frame buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8658
diff
changeset
|
1737 buf.temporary = 1; |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1738 |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1739 chain.buf = &buf; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1740 chain.next = NULL; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1741 frame.data = &chain; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1742 |
|
8240
1f002206a59b
Added boundaries checks into frame parser.
Vladimir Homutov <vl@nginx.com>
parents:
8239
diff
changeset
|
1743 len = ngx_quic_parse_frame(pkt, p, end, &frame); |
|
8251
c217a907ce42
Added checks for permitted frame types.
Vladimir Homutov <vl@nginx.com>
parents:
8247
diff
changeset
|
1744 |
| 8225 | 1745 if (len < 0) { |
|
8385
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1746 qc->error = pkt->error; |
| 8225 | 1747 return NGX_ERROR; |
| 1748 } | |
| 1749 | |
|
8604
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
1750 ngx_quic_log_frame(c->log, &frame, 0); |
|
b3d9e57d0f62
QUIC: single function for frame debug logging.
Vladimir Homutov <vl@nginx.com>
parents:
8603
diff
changeset
|
1751 |
| 8275 | 1752 c->log->action = "handling frames"; |
| 1753 | |
| 8225 | 1754 p += len; |
| 1755 | |
| 1756 switch (frame.type) { | |
| 1757 | |
| 1758 case NGX_QUIC_FT_ACK: | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
1759 if (ngx_quic_handle_ack_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1760 return NGX_ERROR; |
| 1761 } | |
| 1762 | |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1763 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1764 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1765 case NGX_QUIC_FT_PADDING: |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1766 /* no action required */ |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1767 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1768 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1769 case NGX_QUIC_FT_CONNECTION_CLOSE: |
|
8458
e0f92f68e018
QUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan <arut@nginx.com>
parents:
8450
diff
changeset
|
1770 case NGX_QUIC_FT_CONNECTION_CLOSE_APP: |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1771 do_close = 1; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1772 continue; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1773 } |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1774 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1775 /* got there with ack-eliciting packet */ |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1776 pkt->need_ack = 1; |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1777 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1778 switch (frame.type) { |
| 8225 | 1779 |
| 1780 case NGX_QUIC_FT_CRYPTO: | |
| 1781 | |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
1782 if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1783 return NGX_ERROR; |
| 1784 } | |
| 1785 | |
| 1786 break; | |
| 1787 | |
| 1788 case NGX_QUIC_FT_PING: | |
| 1789 break; | |
| 1790 | |
| 1791 case NGX_QUIC_FT_STREAM0: | |
| 1792 case NGX_QUIC_FT_STREAM1: | |
| 1793 case NGX_QUIC_FT_STREAM2: | |
| 1794 case NGX_QUIC_FT_STREAM3: | |
| 1795 case NGX_QUIC_FT_STREAM4: | |
| 1796 case NGX_QUIC_FT_STREAM5: | |
| 1797 case NGX_QUIC_FT_STREAM6: | |
| 1798 case NGX_QUIC_FT_STREAM7: | |
| 1799 | |
|
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8333
diff
changeset
|
1800 if (ngx_quic_handle_stream_frame(c, pkt, &frame) != NGX_OK) { |
| 8225 | 1801 return NGX_ERROR; |
| 1802 } | |
| 1803 | |
| 1804 break; | |
| 1805 | |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1806 case NGX_QUIC_FT_MAX_DATA: |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1807 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1808 if (ngx_quic_handle_max_data_frame(c, &frame.u.max_data) != NGX_OK) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1809 { |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1810 return NGX_ERROR; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1811 } |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1812 |
|
8237
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1813 break; |
|
ff540f13d95d
MAX_DATA frame parser/handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8236
diff
changeset
|
1814 |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1815 case NGX_QUIC_FT_STREAMS_BLOCKED: |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1816 case NGX_QUIC_FT_STREAMS_BLOCKED2: |
|
8245
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1817 |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1818 if (ngx_quic_handle_streams_blocked_frame(c, pkt, |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1819 &frame.u.streams_blocked) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1820 != NGX_OK) |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1821 { |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1822 return NGX_ERROR; |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1823 } |
|
a14afe21e692
Double MAX_STREAMS on STREAMS_BLOCKED.
Roman Arutyunyan <arut@nginx.com>
parents:
8241
diff
changeset
|
1824 |
|
8236
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1825 break; |
|
d3b26c3bea22
Added parsing of STREAMS BLOCKED frames.
Vladimir Homutov <vl@nginx.com>
parents:
8235
diff
changeset
|
1826 |
|
8266
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1827 case NGX_QUIC_FT_STREAM_DATA_BLOCKED: |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1828 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1829 if (ngx_quic_handle_stream_data_blocked_frame(c, pkt, |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1830 &frame.u.stream_data_blocked) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1831 != NGX_OK) |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1832 { |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1833 return NGX_ERROR; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1834 } |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1835 |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1836 break; |
|
f92e583fc256
Better flow control and buffering for QUIC streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
1837 |
|
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1838 case NGX_QUIC_FT_MAX_STREAM_DATA: |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1839 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1840 if (ngx_quic_handle_max_stream_data_frame(c, pkt, |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1841 &frame.u.max_stream_data) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1842 != NGX_OK) |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1843 { |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1844 return NGX_ERROR; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1845 } |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1846 |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1847 break; |
|
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
1848 |
|
8428
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1849 case NGX_QUIC_FT_RESET_STREAM: |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1850 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1851 if (ngx_quic_handle_reset_stream_frame(c, pkt, |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1852 &frame.u.reset_stream) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1853 != NGX_OK) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1854 { |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1855 return NGX_ERROR; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1856 } |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1857 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1858 break; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1859 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1860 case NGX_QUIC_FT_STOP_SENDING: |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1861 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1862 if (ngx_quic_handle_stop_sending_frame(c, pkt, |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1863 &frame.u.stop_sending) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1864 != NGX_OK) |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1865 { |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1866 return NGX_ERROR; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1867 } |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1868 |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1869 break; |
|
953cf44708b0
Stream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8427
diff
changeset
|
1870 |
|
8495
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1871 case NGX_QUIC_FT_MAX_STREAMS: |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1872 case NGX_QUIC_FT_MAX_STREAMS2: |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1873 |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1874 if (ngx_quic_handle_max_streams_frame(c, pkt, &frame.u.max_streams) |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1875 != NGX_OK) |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1876 { |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1877 return NGX_ERROR; |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1878 } |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1879 |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1880 break; |
|
455a8536eaa7
QUIC: limited the number of server-initiated streams.
Roman Arutyunyan <arut@nginx.com>
parents:
8486
diff
changeset
|
1881 |
|
8531
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1882 case NGX_QUIC_FT_PATH_CHALLENGE: |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1883 |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1884 if (ngx_quic_handle_path_challenge_frame(c, pkt, |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1885 &frame.u.path_challenge) |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1886 != NGX_OK) |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1887 { |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1888 return NGX_ERROR; |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1889 } |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1890 |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1891 break; |
|
4ff2a0b747d1
QUIC: handle PATH_CHALLENGE frame.
Roman Arutyunyan <arut@nginx.com>
parents:
8530
diff
changeset
|
1892 |
|
8737
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1893 case NGX_QUIC_FT_PATH_RESPONSE: |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1894 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1895 if (ngx_quic_handle_path_response_frame(c, pkt, |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1896 &frame.u.path_response) |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1897 != NGX_OK) |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1898 { |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1899 return NGX_ERROR; |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1900 } |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1901 |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1902 break; |
|
76f476ce4d31
QUIC: distinct files for connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8736
diff
changeset
|
1903 |
|
8325
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
1904 case NGX_QUIC_FT_NEW_CONNECTION_ID: |
|
8538
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1905 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1906 if (ngx_quic_handle_new_connection_id_frame(c, pkt, &frame.u.ncid) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1907 != NGX_OK) |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1908 { |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1909 return NGX_ERROR; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1910 } |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1911 |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1912 break; |
|
3afaaaa930ab
QUIC: added support for multiple connection IDs.
Vladimir Homutov <vl@nginx.com>
parents:
8536
diff
changeset
|
1913 |
|
8325
9b9d592c0da3
Ignore non-yet-implemented frames.
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
1914 case NGX_QUIC_FT_RETIRE_CONNECTION_ID: |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1915 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1916 if (ngx_quic_handle_retire_connection_id_frame(c, pkt, |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1917 &frame.u.retire_cid) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1918 != NGX_OK) |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1919 { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1920 return NGX_ERROR; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1921 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1922 |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1923 break; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
1924 |
| 8225 | 1925 default: |
|
8346
4e4485793418
Added MAX_STREAM_DATA stub handler.
Vladimir Homutov <vl@nginx.com>
parents:
8345
diff
changeset
|
1926 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 8359 | 1927 "quic missing frame handler"); |
| 8225 | 1928 return NGX_ERROR; |
| 1929 } | |
| 1930 } | |
| 1931 | |
| 1932 if (p != end) { | |
| 1933 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
1934 "quic trailing garbage in payload:%ui bytes", end - p); |
|
8385
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1935 |
|
fb7422074258
Added generation of CC frames with error on connection termination.
Vladimir Homutov <vl@nginx.com>
parents:
8384
diff
changeset
|
1936 qc->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR; |
| 8225 | 1937 return NGX_ERROR; |
| 1938 } | |
| 1939 | |
| 1940 if (do_close) { | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1941 qc->draining = 1; |
|
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
1942 ngx_quic_close_connection(c, NGX_OK); |
| 8225 | 1943 } |
| 1944 | |
|
8596
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1945 if (ngx_quic_ack_packet(c, pkt) != NGX_OK) { |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1946 return NGX_ERROR; |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1947 } |
|
38c7dd720774
QUIC: added ACK frame range support.
Vladimir Homutov <vl@nginx.com>
parents:
8595
diff
changeset
|
1948 |
|
8367
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1949 return NGX_OK; |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1950 } |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1951 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1952 |
|
c10e7d48aa85
Factored out sending ACK from payload handler.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8365
diff
changeset
|
1953 static ngx_int_t |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1954 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1955 ngx_quic_frame_t *frame) |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1956 { |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1957 uint64_t last; |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1958 ngx_int_t rc; |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1959 ngx_quic_send_ctx_t *ctx; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1960 ngx_quic_connection_t *qc; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1961 ngx_quic_crypto_frame_t *f; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1962 ngx_quic_frames_stream_t *fs; |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1963 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1964 qc = ngx_quic_get_connection(c); |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1965 fs = &qc->crypto[pkt->level]; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1966 f = &frame->u.crypto; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1967 |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1968 /* no overflow since both values are 62-bit */ |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1969 last = f->offset + f->length; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1970 |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1971 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
1972 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
|
8530
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1973 return NGX_ERROR; |
|
f882b1784f30
QUIC: enforce flow control on incoming STREAM and CRYPTO frames.
Roman Arutyunyan <arut@nginx.com>
parents:
8528
diff
changeset
|
1974 } |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1975 |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1976 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input, |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1977 NULL); |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1978 if (rc != NGX_DECLINED) { |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1979 return rc; |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1980 } |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1981 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1982 /* speeding up handshake completion */ |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1983 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1984 if (pkt->level == ssl_encryption_initial) { |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1985 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1986 |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1987 if (!ngx_queue_empty(&ctx->sent)) { |
|
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1988 ngx_quic_resend_frames(c, ctx); |
|
8660
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1989 |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1990 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1991 while (!ngx_queue_empty(&ctx->sent)) { |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1992 ngx_quic_resend_frames(c, ctx); |
|
6201cef77b1d
QUIC: resend handshake packets along with initial.
Roman Arutyunyan <arut@nginx.com>
parents:
8659
diff
changeset
|
1993 } |
|
8573
6226f834b420
QUIC: do not resend empty queue when speeding up handshake.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8572
diff
changeset
|
1994 } |
|
8566
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1995 } |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1996 |
|
9588a2782c62
QUIC: speeding up handshake completion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8565
diff
changeset
|
1997 return NGX_OK; |
|
8335
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1998 } |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
1999 |
|
76839f55bc48
Sorted functions and functions declarations.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
2000 |
|
8749
660c4a2f95f3
QUIC: separate files for frames related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
2001 ngx_int_t |
|
8378
81a4f98a2556
Cleaned up reordering code.
Vladimir Homutov <vl@nginx.com>
parents:
8377
diff
changeset
|
2002 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
2003 { |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2004 int n, sslerr; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2005 ngx_buf_t *b; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2006 ngx_chain_t *cl; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2007 ngx_ssl_conn_t *ssl_conn; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2008 ngx_quic_connection_t *qc; |
|
8333
167d32476737
Crypto buffer frames reordering.
Vladimir Homutov <vl@nginx.com>
parents:
8332
diff
changeset
|
2009 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2010 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2011 |
| 8225 | 2012 ssl_conn = c->ssl->connection; |
| 2013 | |
| 2014 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
|
8605
eed49b83e18f
QUIC: revised value separators in debug and error messages.
Vladimir Homutov <vl@nginx.com>
parents:
8604
diff
changeset
|
2015 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
| 8225 | 2016 (int) SSL_quic_read_level(ssl_conn), |
| 2017 (int) SSL_quic_write_level(ssl_conn)); | |
| 2018 | |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2019 for (cl = frame->data; cl; cl = cl->next) { |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2020 b = cl->buf; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2021 |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2022 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2023 b->pos, b->last - b->pos)) |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2024 { |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2025 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2026 "SSL_provide_quic_data() failed"); |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2027 return NGX_ERROR; |
|
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2028 } |
| 8225 | 2029 } |
| 2030 | |
| 2031 n = SSL_do_handshake(ssl_conn); | |
| 2032 | |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2033 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2034 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2035 (int) SSL_quic_read_level(ssl_conn), |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2036 (int) SSL_quic_write_level(ssl_conn)); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2037 |
| 8225 | 2038 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
| 2039 | |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2040 if (n <= 0) { |
| 8225 | 2041 sslerr = SSL_get_error(ssl_conn, n); |
| 2042 | |
| 2043 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
| 2044 sslerr); | |
| 2045 | |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
2046 if (sslerr != SSL_ERROR_WANT_READ) { |
| 8225 | 2047 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
8300
23a2b5e7acc8
Improved SSL_do_handshake() error handling in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8299
diff
changeset
|
2048 return NGX_ERROR; |
| 8225 | 2049 } |
|
8263
1295b293d09a
Connection states code cleanup.
Vladimir Homutov <vl@nginx.com>
parents:
8260
diff
changeset
|
2050 |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2051 return NGX_OK; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2052 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2053 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2054 if (SSL_in_init(ssl_conn)) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2055 return NGX_OK; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2056 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2057 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2058 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2059 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2060 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2061 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2062 "quic handshake completed successfully"); |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2063 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2064 c->ssl->handshaked = 1; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2065 |
|
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8656
diff
changeset
|
2066 frame = ngx_quic_alloc_frame(c); |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2067 if (frame == NULL) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2068 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2069 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2070 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2071 /* 12.4 Frames and frame types, figure 8 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2072 frame->level = ssl_encryption_application; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2073 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2074 ngx_quic_queue_frame(qc, frame); |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2075 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2076 if (ngx_quic_send_new_token(c) != NGX_OK) { |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2077 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2078 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2079 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2080 /* |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2081 * Generating next keys before a key update is received. |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2082 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2083 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2084 |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2085 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
|
8620
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2086 return NGX_ERROR; |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2087 } |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2088 |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2089 /* |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2090 * 4.10.2 An endpoint MUST discard its handshake keys |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2091 * when the TLS handshake is confirmed |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2092 */ |
|
d10118e38943
QUIC: refactored SSL_do_handshake() handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8619
diff
changeset
|
2093 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
| 8225 | 2094 |
|
8628
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
2095 if (ngx_quic_issue_server_ids(c) != NGX_OK) { |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
2096 return NGX_ERROR; |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
2097 } |
|
45db1b5c1706
QUIC: connection multiplexing per port.
Roman Arutyunyan <arut@nginx.com>
parents:
8627
diff
changeset
|
2098 |
| 8225 | 2099 return NGX_OK; |
| 2100 } | |
| 2101 | |
| 2102 | |
| 8309 | 2103 static void |
| 2104 ngx_quic_push_handler(ngx_event_t *ev) | |
| 2105 { | |
|
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8333
diff
changeset
|
2106 ngx_connection_t *c; |
| 8309 | 2107 |
| 8359 | 2108 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic push timer"); |
| 8309 | 2109 |
| 2110 c = ev->data; | |
| 2111 | |
| 2112 if (ngx_quic_output(c) != NGX_OK) { | |
|
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8354
diff
changeset
|
2113 ngx_quic_close_connection(c, NGX_ERROR); |
| 8309 | 2114 return; |
| 2115 } | |
|
8607
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
2116 |
|
21b7dac9de3b
QUIC: added connection state debug to event handlers.
Vladimir Homutov <vl@nginx.com>
parents:
8606
diff
changeset
|
2117 ngx_quic_connstate_dbg(c); |
| 8309 | 2118 } |
| 2119 | |
| 2120 | |
|
8750
41807e581de9
QUIC: separate files for stream related processing.
Vladimir Homutov <vl@nginx.com>
parents:
8749
diff
changeset
|
2121 void |
|
8724
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2122 ngx_quic_shutdown_quic(ngx_connection_t *c) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2123 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2124 ngx_rbtree_t *tree; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2125 ngx_rbtree_node_t *node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2126 ngx_quic_stream_t *qs; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2127 ngx_quic_connection_t *qc; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2128 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2129 qc = ngx_quic_get_connection(c); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2130 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2131 if (qc->closing) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2132 return; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2133 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2134 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2135 tree = &qc->streams.tree; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2136 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2137 if (tree->root != tree->sentinel) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2138 for (node = ngx_rbtree_min(tree->root, tree->sentinel); |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2139 node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2140 node = ngx_rbtree_next(tree, node)) |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2141 { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2142 qs = (ngx_quic_stream_t *) node; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2143 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2144 if (!qs->cancelable) { |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2145 return; |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2146 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2147 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2148 } |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2149 |
|
fc64ab301bad
QUIC: connection shutdown.
Roman Arutyunyan <arut@nginx.com>
parents:
8717
diff
changeset
|
2150 ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason); |
|
8239
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
2151 } |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
2152 |
|
5ad7bffd3850
Send a FIN frame when QUIC stream is closed.
Roman Arutyunyan <arut@nginx.com>
parents:
8237
diff
changeset
|
2153 |
|
8626
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2154 uint32_t |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2155 ngx_quic_version(ngx_connection_t *c) |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2156 { |
|
8629
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2157 uint32_t version; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2158 ngx_quic_connection_t *qc; |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2159 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2160 qc = ngx_quic_get_connection(c); |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2161 |
|
feec2cc762f6
QUIC: got rid of the c->quic field.
Roman Arutyunyan <arut@nginx.com>
parents:
8628
diff
changeset
|
2162 version = qc->version; |
|
8626
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2163 |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2164 return (version & 0xff000000) == 0xff000000 ? version & 0xff : version; |
|
e0947c952d43
QUIC: multiple versions support in ALPN.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8625
diff
changeset
|
2165 } |