Mercurial > hg > nginx

diff src/event/ngx_event_quic.h @ 8562:b31c02454539 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: added stateless reset support. The new "quic_stateless_reset_token_key" directive is added. It sets the endpoint key used to generate stateless reset tokens and enables feature. If the endpoint receives short-header packet that can't be matched to existing connection, a stateless reset packet is generated with a proper token. If a valid stateless reset token is found in the incoming packet, the connection is closed. Example configuration: http { quic_stateless_reset_token_key "foo"; ... }
author Vladimir Homutov <vl@nginx.com>
date Wed, 30 Sep 2020 20:54:46 +0300
parents 2727d402e5a5
children bed310672f39
line wrap: on
line diff
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -56,6 +56,8 @@
 
 #define NGX_QUIC_SERVER_CID_LEN              20
 
+#define NGX_QUIC_SR_TOKEN_LEN                16
+
 
 typedef struct {
     /* configurable */
@@ -75,9 +77,10 @@ typedef struct {
     ngx_str_t                  original_dcid;
     ngx_str_t                  initial_scid;
     ngx_str_t                  retry_scid;
+    u_char                     sr_token[NGX_QUIC_SR_TOKEN_LEN];
+    ngx_uint_t                 sr_enabled;
 
     /* TODO */
-    u_char                     stateless_reset_token[16];
     void                      *preferred_address;
 } ngx_quic_tp_t;
 
@@ -87,6 +90,7 @@ typedef struct {
     ngx_flag_t                 retry;
     ngx_flag_t                 require_alpn;
     u_char                     token_key[32]; /* AES 256 */
+    ngx_str_t                  sr_token_key; /* stateless reset token key */
 } ngx_quic_conf_t;