Mercurial > hg > nginx
comparison src/event/ngx_event_quic.h @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 30 Sep 2020 20:54:46 +0300 |
| parents | 2727d402e5a5 |
| children | bed310672f39 |
comparison
equal
deleted
inserted
replaced
| 8561:b4ef79ef1c23 | 8562:b31c02454539 |
|---|---|
| 54 | 54 |
| 55 #define NGX_QUIC_STREAM_BUFSIZE 65536 | 55 #define NGX_QUIC_STREAM_BUFSIZE 65536 |
| 56 | 56 |
| 57 #define NGX_QUIC_SERVER_CID_LEN 20 | 57 #define NGX_QUIC_SERVER_CID_LEN 20 |
| 58 | 58 |
| 59 #define NGX_QUIC_SR_TOKEN_LEN 16 | |
| 60 | |
| 59 | 61 |
| 60 typedef struct { | 62 typedef struct { |
| 61 /* configurable */ | 63 /* configurable */ |
| 62 ngx_msec_t max_idle_timeout; | 64 ngx_msec_t max_idle_timeout; |
| 63 ngx_msec_t max_ack_delay; | 65 ngx_msec_t max_ack_delay; |
| 73 ngx_uint_t disable_active_migration; | 75 ngx_uint_t disable_active_migration; |
| 74 ngx_uint_t active_connection_id_limit; | 76 ngx_uint_t active_connection_id_limit; |
| 75 ngx_str_t original_dcid; | 77 ngx_str_t original_dcid; |
| 76 ngx_str_t initial_scid; | 78 ngx_str_t initial_scid; |
| 77 ngx_str_t retry_scid; | 79 ngx_str_t retry_scid; |
| 80 u_char sr_token[NGX_QUIC_SR_TOKEN_LEN]; | |
| 81 ngx_uint_t sr_enabled; | |
| 78 | 82 |
| 79 /* TODO */ | 83 /* TODO */ |
| 80 u_char stateless_reset_token[16]; | |
| 81 void *preferred_address; | 84 void *preferred_address; |
| 82 } ngx_quic_tp_t; | 85 } ngx_quic_tp_t; |
| 83 | 86 |
| 84 | 87 |
| 85 typedef struct { | 88 typedef struct { |
| 86 ngx_quic_tp_t tp; | 89 ngx_quic_tp_t tp; |
| 87 ngx_flag_t retry; | 90 ngx_flag_t retry; |
| 88 ngx_flag_t require_alpn; | 91 ngx_flag_t require_alpn; |
| 89 u_char token_key[32]; /* AES 256 */ | 92 u_char token_key[32]; /* AES 256 */ |
| 93 ngx_str_t sr_token_key; /* stateless reset token key */ | |
| 90 } ngx_quic_conf_t; | 94 } ngx_quic_conf_t; |
| 91 | 95 |
| 92 | 96 |
| 93 typedef struct { | 97 typedef struct { |
| 94 uint64_t sent; | 98 uint64_t sent; |