Mercurial > hg > nginx
comparison src/event/ngx_event_quic.h @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 30 Sep 2020 20:54:46 +0300 |
parents | 2727d402e5a5 |
children | bed310672f39 |
comparison
equal
deleted
inserted
replaced
8561:b4ef79ef1c23 | 8562:b31c02454539 |
---|---|
54 | 54 |
55 #define NGX_QUIC_STREAM_BUFSIZE 65536 | 55 #define NGX_QUIC_STREAM_BUFSIZE 65536 |
56 | 56 |
57 #define NGX_QUIC_SERVER_CID_LEN 20 | 57 #define NGX_QUIC_SERVER_CID_LEN 20 |
58 | 58 |
59 #define NGX_QUIC_SR_TOKEN_LEN 16 | |
60 | |
59 | 61 |
60 typedef struct { | 62 typedef struct { |
61 /* configurable */ | 63 /* configurable */ |
62 ngx_msec_t max_idle_timeout; | 64 ngx_msec_t max_idle_timeout; |
63 ngx_msec_t max_ack_delay; | 65 ngx_msec_t max_ack_delay; |
73 ngx_uint_t disable_active_migration; | 75 ngx_uint_t disable_active_migration; |
74 ngx_uint_t active_connection_id_limit; | 76 ngx_uint_t active_connection_id_limit; |
75 ngx_str_t original_dcid; | 77 ngx_str_t original_dcid; |
76 ngx_str_t initial_scid; | 78 ngx_str_t initial_scid; |
77 ngx_str_t retry_scid; | 79 ngx_str_t retry_scid; |
80 u_char sr_token[NGX_QUIC_SR_TOKEN_LEN]; | |
81 ngx_uint_t sr_enabled; | |
78 | 82 |
79 /* TODO */ | 83 /* TODO */ |
80 u_char stateless_reset_token[16]; | |
81 void *preferred_address; | 84 void *preferred_address; |
82 } ngx_quic_tp_t; | 85 } ngx_quic_tp_t; |
83 | 86 |
84 | 87 |
85 typedef struct { | 88 typedef struct { |
86 ngx_quic_tp_t tp; | 89 ngx_quic_tp_t tp; |
87 ngx_flag_t retry; | 90 ngx_flag_t retry; |
88 ngx_flag_t require_alpn; | 91 ngx_flag_t require_alpn; |
89 u_char token_key[32]; /* AES 256 */ | 92 u_char token_key[32]; /* AES 256 */ |
93 ngx_str_t sr_token_key; /* stateless reset token key */ | |
90 } ngx_quic_conf_t; | 94 } ngx_quic_conf_t; |
91 | 95 |
92 | 96 |
93 typedef struct { | 97 typedef struct { |
94 uint64_t sent; | 98 uint64_t sent; |