diff src/http/modules/ngx_http_quic_module.c @ 8562:b31c02454539 quic

QUIC: added stateless reset support. The new "quic_stateless_reset_token_key" directive is added. It sets the endpoint key used to generate stateless reset tokens and enables feature. If the endpoint receives short-header packet that can't be matched to existing connection, a stateless reset packet is generated with a proper token. If a valid stateless reset token is found in the incoming packet, the connection is closed. Example configuration: http { quic_stateless_reset_token_key "foo"; ... }
author Vladimir Homutov <vl@nginx.com>
date Wed, 30 Sep 2020 20:54:46 +0300
parents 893b3313f53c
children bed310672f39
line wrap: on
line diff
--- a/src/http/modules/ngx_http_quic_module.c
+++ b/src/http/modules/ngx_http_quic_module.c
@@ -125,6 +125,13 @@ static ngx_command_t  ngx_http_quic_comm
       offsetof(ngx_quic_conf_t, retry),
       NULL },
 
+    { ngx_string("quic_stateless_reset_token_key"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_quic_conf_t, sr_token_key),
+      NULL },
+
       ngx_null_command
 };
 
@@ -223,8 +230,10 @@ ngx_http_quic_create_srv_conf(ngx_conf_t
      *     conf->tp.original_dcid = { 0, NULL };
      *     conf->tp.initial_scid = { 0, NULL };
      *     conf->tp.retry_scid = { 0, NULL };
-     *     conf->tp.stateless_reset_token = { 0 }
+     *     conf->tp.sr_token = { 0 }
+     *     conf->tp.sr_enabled = 0
      *     conf->tp.preferred_address = NULL
+     *     conf->sr_token_key = { 0, NULL }
      */
 
     conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC;
@@ -304,6 +313,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t 
         }
     }
 
+    ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
+
     return NGX_CONF_OK;
 }