Mercurial > hg > nginx
diff src/event/ngx_event_quic_transport.c @ 8383:7ea34e13937f quic
Address validation using Retry packets.
The behaviour is toggled with the new directive "quic_retry on|off".
QUIC token construction is made suitable for issuing with NEW_TOKEN.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 14 May 2020 15:47:18 +0300 |
parents | 262396242352 |
children | 52d0c4832570 |
line wrap: on
line diff
--- a/src/event/ngx_event_quic_transport.c +++ b/src/event/ngx_event_quic_transport.c @@ -385,6 +385,35 @@ ngx_quic_create_short_header(ngx_quic_he } +size_t +ngx_quic_create_retry_itag(ngx_quic_header_t *pkt, u_char *out, + u_char **start) +{ + u_char *p; + + p = out; + + *p++ = pkt->odcid.len; + p = ngx_cpymem(p, pkt->odcid.data, pkt->odcid.len); + + *start = p; + + *p++ = 0xff; + + p = ngx_quic_write_uint32(p, NGX_QUIC_VERSION); + + *p++ = pkt->dcid.len; + p = ngx_cpymem(p, pkt->dcid.data, pkt->dcid.len); + + *p++ = pkt->scid.len; + p = ngx_cpymem(p, pkt->scid.data, pkt->scid.len); + + p = ngx_cpymem(p, pkt->token.data, pkt->token.len); + + return p - out; +} + + ngx_int_t ngx_quic_parse_short_header(ngx_quic_header_t *pkt, ngx_str_t *dcid) { @@ -1553,6 +1582,12 @@ ngx_quic_create_transport_params(u_char len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT, tp->max_idle_timeout); + if (tp->retry) { + len += ngx_quic_varint_len(NGX_QUIC_TP_ORIGINAL_CONNECTION_ID); + len += ngx_quic_varint_len(tp->original_connection_id.len); + len += tp->original_connection_id.len; + } + if (pos == NULL) { return len; } @@ -1581,6 +1616,13 @@ ngx_quic_create_transport_params(u_char ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT, tp->max_idle_timeout); + if (tp->retry) { + ngx_quic_build_int(&p, NGX_QUIC_TP_ORIGINAL_CONNECTION_ID); + ngx_quic_build_int(&p, tp->original_connection_id.len); + p = ngx_cpymem(p, tp->original_connection_id.data, + tp->original_connection_id.len); + } + return p - pos; }