diff src/event/quic/ngx_event_quic_tokens.c @ 8763:4117aa7fa38e quic

QUIC: connection migration. The patch adds proper transitions between multiple networking addresses that can be used by a single quic connection. New networking paths are validated using PATH_CHALLENGE/PATH_RESPONSE frames.
author Vladimir Homutov <vl@nginx.com>
date Thu, 29 Apr 2021 15:35:02 +0300
parents b4e6b7049984
children 2029a30863e2
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_tokens.c
+++ b/src/event/quic/ngx_event_quic_tokens.c
@@ -15,8 +15,8 @@
     /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */
 
 
-static void ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port,
-    u_char buf[20]);
+static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
+    ngx_uint_t no_port, u_char buf[20]);
 
 
 ngx_int_t
@@ -46,8 +46,9 @@ ngx_quic_new_sr_token(ngx_connection_t *
 
 
 ngx_int_t
-ngx_quic_new_token(ngx_connection_t *c, u_char *key, ngx_str_t *token,
-    ngx_str_t *odcid, time_t exp, ngx_uint_t is_retry)
+ngx_quic_new_token(ngx_connection_t *c, struct sockaddr *sockaddr,
+    socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid,
+    time_t exp, ngx_uint_t is_retry)
 {
     int                len, iv_len;
     u_char            *p, *iv;
@@ -56,7 +57,7 @@ ngx_quic_new_token(ngx_connection_t *c, 
 
     u_char             in[NGX_QUIC_MAX_TOKEN_SIZE];
 
-    ngx_quic_address_hash(c, !is_retry, in);
+    ngx_quic_address_hash(sockaddr, socklen, !is_retry, in);
 
     p = in + 20;
 
@@ -125,7 +126,8 @@ ngx_quic_new_token(ngx_connection_t *c, 
 
 
 static void
-ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port, u_char buf[20])
+ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
+    ngx_uint_t no_port, u_char buf[20])
 {
     size_t                len;
     u_char               *data;
@@ -135,15 +137,15 @@ ngx_quic_address_hash(ngx_connection_t *
     struct sockaddr_in6  *sin6;
 #endif
 
-    len = (size_t) c->socklen;
-    data = (u_char *) c->sockaddr;
+    len = (size_t) socklen;
+    data = (u_char *) sockaddr;
 
     if (no_port) {
-        switch (c->sockaddr->sa_family) {
+        switch (sockaddr->sa_family) {
 
 #if (NGX_HAVE_INET6)
         case AF_INET6:
-            sin6 = (struct sockaddr_in6 *) c->sockaddr;
+            sin6 = (struct sockaddr_in6 *) sockaddr;
 
             len = sizeof(struct in6_addr);
             data = sin6->sin6_addr.s6_addr;
@@ -152,7 +154,7 @@ ngx_quic_address_hash(ngx_connection_t *
 #endif
 
         case AF_INET:
-            sin = (struct sockaddr_in *) c->sockaddr;
+            sin = (struct sockaddr_in *) sockaddr;
 
             len = sizeof(in_addr_t);
             data = (u_char *) &sin->sin_addr;
@@ -236,7 +238,7 @@ ngx_quic_validate_token(ngx_connection_t
 
     pkt->retried = (*p++ == 1);
 
-    ngx_quic_address_hash(c, !pkt->retried, addr_hash);
+    ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, addr_hash);
 
     if (ngx_memcmp(tdec, addr_hash, 20) != 0) {
         goto bad_token;