Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.h @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 30 Sep 2020 20:54:46 +0300 |
| parents | 2d0f4aa78ed6 |
| children | 9c3be23ddbe7 |
comparison
equal
deleted
inserted
replaced
| 8561:b4ef79ef1c23 | 8562:b31c02454539 |
|---|---|
| 37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, | 37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, |
| 38 ngx_quic_secret_t *peer_secret); | 38 ngx_quic_secret_t *peer_secret); |
| 39 | 39 |
| 40 ngx_int_t ngx_quic_key_update(ngx_connection_t *c, | 40 ngx_int_t ngx_quic_key_update(ngx_connection_t *c, |
| 41 ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); | 41 ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); |
| 42 ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, | |
| 43 ngx_str_t *key, u_char *token); | |
| 42 | 44 |
| 43 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 45 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
| 44 ngx_str_t *res); | 46 ngx_str_t *res); |
| 45 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 47 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
| 46 uint64_t *largest_pn); | 48 uint64_t *largest_pn); |