Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.h @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 30 Sep 2020 20:54:46 +0300 |
parents | 2d0f4aa78ed6 |
children | 9c3be23ddbe7 |
comparison
equal
deleted
inserted
replaced
8561:b4ef79ef1c23 | 8562:b31c02454539 |
---|---|
37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, | 37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, |
38 ngx_quic_secret_t *peer_secret); | 38 ngx_quic_secret_t *peer_secret); |
39 | 39 |
40 ngx_int_t ngx_quic_key_update(ngx_connection_t *c, | 40 ngx_int_t ngx_quic_key_update(ngx_connection_t *c, |
41 ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); | 41 ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); |
42 ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, | |
43 ngx_str_t *key, u_char *token); | |
42 | 44 |
43 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 45 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
44 ngx_str_t *res); | 46 ngx_str_t *res); |
45 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 47 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
46 uint64_t *largest_pn); | 48 uint64_t *largest_pn); |