Mercurial > hg > nginx
comparison src/http/modules/ngx_http_quic_module.c @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 30 Sep 2020 20:54:46 +0300 |
| parents | 893b3313f53c |
| children | bed310672f39 |
comparison
equal
deleted
inserted
replaced
| 8561:b4ef79ef1c23 | 8562:b31c02454539 |
|---|---|
| 121 { ngx_string("quic_retry"), | 121 { ngx_string("quic_retry"), |
| 122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
| 123 ngx_conf_set_flag_slot, | 123 ngx_conf_set_flag_slot, |
| 124 NGX_HTTP_SRV_CONF_OFFSET, | 124 NGX_HTTP_SRV_CONF_OFFSET, |
| 125 offsetof(ngx_quic_conf_t, retry), | 125 offsetof(ngx_quic_conf_t, retry), |
| 126 NULL }, | |
| 127 | |
| 128 { ngx_string("quic_stateless_reset_token_key"), | |
| 129 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 130 ngx_conf_set_str_slot, | |
| 131 NGX_HTTP_SRV_CONF_OFFSET, | |
| 132 offsetof(ngx_quic_conf_t, sr_token_key), | |
| 126 NULL }, | 133 NULL }, |
| 127 | 134 |
| 128 ngx_null_command | 135 ngx_null_command |
| 129 }; | 136 }; |
| 130 | 137 |
| 221 * set by ngx_pcalloc(): | 228 * set by ngx_pcalloc(): |
| 222 * | 229 * |
| 223 * conf->tp.original_dcid = { 0, NULL }; | 230 * conf->tp.original_dcid = { 0, NULL }; |
| 224 * conf->tp.initial_scid = { 0, NULL }; | 231 * conf->tp.initial_scid = { 0, NULL }; |
| 225 * conf->tp.retry_scid = { 0, NULL }; | 232 * conf->tp.retry_scid = { 0, NULL }; |
| 226 * conf->tp.stateless_reset_token = { 0 } | 233 * conf->tp.sr_token = { 0 } |
| 234 * conf->tp.sr_enabled = 0 | |
| 227 * conf->tp.preferred_address = NULL | 235 * conf->tp.preferred_address = NULL |
| 236 * conf->sr_token_key = { 0, NULL } | |
| 228 */ | 237 */ |
| 229 | 238 |
| 230 conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; | 239 conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; |
| 231 conf->tp.max_ack_delay = NGX_CONF_UNSET_MSEC; | 240 conf->tp.max_ack_delay = NGX_CONF_UNSET_MSEC; |
| 232 conf->tp.max_udp_payload_size = NGX_CONF_UNSET_SIZE; | 241 conf->tp.max_udp_payload_size = NGX_CONF_UNSET_SIZE; |
| 302 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { | 311 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { |
| 303 return NGX_CONF_ERROR; | 312 return NGX_CONF_ERROR; |
| 304 } | 313 } |
| 305 } | 314 } |
| 306 | 315 |
| 316 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); | |
| 317 | |
| 307 return NGX_CONF_OK; | 318 return NGX_CONF_OK; |
| 308 } | 319 } |
| 309 | 320 |
| 310 | 321 |
| 311 static char * | 322 static char * |