Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic.h @ 8686:dffb66fb783b quic
QUIC: stateless retry.
Previously, quic connection object was created when Retry packet was sent.
This is neither necessary nor convenient, and contradicts the idea of retry:
protecting from bad clients and saving server resources.
Now, the connection is not created, token is verified cryptographically
instead of holding it in connection.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Fri, 29 Jan 2021 15:53:47 +0300 |
| parents | 046c951e393a |
| children | cef042935003 |
comparison
equal
deleted
inserted
replaced
| 8685:dbe33ef9cd9a | 8686:dffb66fb783b |
|---|---|
| 27 | 27 |
| 28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 | 28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 |
| 29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 | 29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 |
| 30 #define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32 | 30 #define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32 |
| 31 | 31 |
| 32 #define NGX_QUIC_RETRY_TIMEOUT 3000 | 32 #define NGX_QUIC_RETRY_LIFETIME 3 /* seconds */ |
| 33 #define NGX_QUIC_RETRY_LIFETIME 30000 | 33 #define NGX_QUIC_NEW_TOKEN_LIFETIME 600 /* seconds */ |
| 34 #define NGX_QUIC_RETRY_BUFFER_SIZE 128 | 34 #define NGX_QUIC_RETRY_BUFFER_SIZE 256 |
| 35 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(44) */ | 35 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */ |
| 36 #define NGX_QUIC_MAX_TOKEN_SIZE 32 | 36 #define NGX_QUIC_MAX_TOKEN_SIZE 64 |
| 37 /* sizeof(struct in6_addr) + sizeof(ngx_msec_t) up to AES-256 block size */ | 37 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ |
| 38 | 38 |
| 39 /* quic-recovery, section 6.2.2, kInitialRtt */ | 39 /* quic-recovery, section 6.2.2, kInitialRtt */ |
| 40 #define NGX_QUIC_INITIAL_RTT 333 /* ms */ | 40 #define NGX_QUIC_INITIAL_RTT 333 /* ms */ |
| 41 | 41 |
| 42 /* quic-recovery, section 6.1.1, Packet Threshold */ | 42 /* quic-recovery, section 6.1.1, Packet Threshold */ |