Mercurial > hg > nginx

diff src/event/ngx_event_quic.c @ 8624:340cd26158fb quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: preparatory changes for multiple QUIC versions support. A negotiated version is decoupled from NGX_QUIC_VERSION and, if supported, now stored in c->quic->version after packets processing. It is then used to create long header packets. Otherwise, the list of supported versions (which may be many now) is sent in the Version Negotiation packet. All packets in the connection are expected to have the same version. Incoming packets with mismatched version are now rejected.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 10 Nov 2020 00:20:44 +0300
parents 8550b91e8e35
children 4416b7ab0a27
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -115,6 +115,7 @@ typedef struct {
 
 
 struct ngx_quic_connection_s {
+    uint32_t                          version;
     ngx_str_t                         scid;  /* initial client ID */
     ngx_str_t                         dcid;  /* server (our own) ID */
     ngx_str_t                         odcid; /* original server ID */
@@ -958,6 +959,8 @@ ngx_quic_new_connection(ngx_connection_t
         return NULL;
     }
 
+    qc->version = pkt->version;
+
     ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel,
                     ngx_quic_rbtree_insert_stream);
 
@@ -1224,6 +1227,7 @@ ngx_quic_send_retry(ngx_connection_t *c)
 
     ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
     pkt.flags = NGX_QUIC_PKT_FIXED_BIT | NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_RETRY;
+    pkt.version = c->quic->version;
     pkt.log = c->log;
     pkt.odcid = c->quic->odcid;
     pkt.dcid = c->quic->scid;
@@ -2020,6 +2024,14 @@ ngx_quic_process_packet(ngx_connection_t
             return NGX_DECLINED;
         }
 
+        if (pkt->level != ssl_encryption_application) {
+            if (pkt->version != qc->version) {
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "quic version mismatch: 0x%xD", pkt->version);
+                return NGX_DECLINED;
+            }
+        }
+
         if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
 
             if (pkt->level == ssl_encryption_application) {
@@ -4549,6 +4561,7 @@ ngx_quic_send_frames(ngx_connection_t *c
 
     ngx_quic_set_packet_number(&pkt, ctx);
 
+    pkt.version = qc->version;
     pkt.log = c->log;
     pkt.level = start->level;
     pkt.dcid = qc->scid;