Mercurial > hg > nginx
diff src/event/ngx_event_quic_transport.c @ 8562:b31c02454539 quic
QUIC: added stateless reset support.
The new "quic_stateless_reset_token_key" directive is added. It sets the
endpoint key used to generate stateless reset tokens and enables feature.
If the endpoint receives short-header packet that can't be matched to
existing connection, a stateless reset packet is generated with
a proper token.
If a valid stateless reset token is found in the incoming packet,
the connection is closed.
Example configuration:
http {
quic_stateless_reset_token_key "foo";
...
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 30 Sep 2020 20:54:46 +0300 |
parents | d0d3fc0697a0 |
children | a6784cf32c13 |
line wrap: on
line diff
--- a/src/event/ngx_event_quic_transport.c +++ b/src/event/ngx_event_quic_transport.c @@ -774,7 +774,7 @@ ngx_quic_parse_frame(ngx_quic_header_t * goto error; } - p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SRT_LEN, f->u.ncid.srt); + p = ngx_quic_copy_bytes(p, end, NGX_QUIC_SR_TOKEN_LEN, f->u.ncid.srt); if (p == NULL) { goto error; } @@ -1553,7 +1553,7 @@ ngx_quic_parse_transport_params(u_char * case NGX_QUIC_TP_ORIGINAL_DCID: case NGX_QUIC_TP_PREFERRED_ADDRESS: case NGX_QUIC_TP_RETRY_SCID: - case NGX_QUIC_TP_STATELESS_RESET_TOKEN: + case NGX_QUIC_TP_SR_TOKEN: ngx_log_error(NGX_LOG_INFO, log, 0, "quic client sent forbidden transport param" " id 0x%xL", id); @@ -1810,6 +1810,12 @@ ngx_quic_create_transport_params(u_char } #endif + if (tp->sr_enabled) { + len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN); + len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN); + len += NGX_QUIC_SR_TOKEN_LEN; + } + if (pos == NULL) { return len; } @@ -1851,6 +1857,12 @@ ngx_quic_create_transport_params(u_char } #endif + if (tp->sr_enabled) { + ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN); + ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN); + p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN); + } + return p - pos; }