# HG changeset patch # User Roman Arutyunyan # Date 1638604375 -10800 # Node ID be08b858086a0bac59b4303d9db2f465334a9c10 # Parent 33226ac6107670ed86063c5e10567b18a9ff3b23 HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro. Listen quic parameter is no longer supported. diff --git a/README b/README --- a/README +++ b/README @@ -89,9 +89,8 @@ 2. Installing 3. Configuration - The HTTP "listen" directive got two new options: "http3" and "quic". - The "http3" option enables HTTP/3 over QUIC on the specified port. - The "quic" option enables QUIC for older HTTP versions on this port. + The HTTP "listen" directive got a new option "http3" which enables + HTTP/3 over QUIC on the specified port. The Stream "listen" directive got a new option "quic" which enables QUIC as client transport protocol instead of TCP or plain UDP. @@ -140,6 +139,7 @@ 3. Configuration http3_max_concurrent_pushes http3_push http3_push_preload + http3_hq (requires NGX_HTTP_V3_HQ macro) An additional variable is available: $quic. The value of $quic is "quic" if QUIC connection is used, diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -417,18 +417,21 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t void *arg) { #if (NGX_HTTP_V3) - const char *fmt; + const char *fmt; #endif - unsigned int srvlen; - unsigned char *srv; + unsigned int srvlen; + unsigned char *srv; #if (NGX_DEBUG) - unsigned int i; + unsigned int i; #endif #if (NGX_HTTP_V2 || NGX_HTTP_V3) - ngx_http_connection_t *hc; + ngx_http_connection_t *hc; +#endif +#if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ) + ngx_http_v3_srv_conf_t *h3scf; #endif #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) - ngx_connection_t *c; + ngx_connection_t *c; c = ngx_ssl_get_connection(ssl_conn); #endif @@ -452,16 +455,21 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t } else #endif #if (NGX_HTTP_V3) - if (hc->addr_conf->quic) { - if (hc->addr_conf->http3) { + if (hc->addr_conf->http3) { + +#if (NGX_HTTP_V3_HQ) + h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); + + if (h3scf->hq) { + srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; + srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; + fmt = NGX_HTTP_V3_HQ_ALPN_DRAFT_FMT; + } else +#endif + { srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT; - - } else { - srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_PROTO; - srvlen = sizeof(NGX_HTTP_QUIC_ALPN_PROTO) - 1; - fmt = NGX_HTTP_QUIC_ALPN_DRAFT_FMT; } /* QUIC draft */ @@ -1317,16 +1325,13 @@ ngx_http_ssl_init(ngx_conf_t *cf) addr = port[p].addrs.elts; for (a = 0; a < port[p].addrs.nelts; a++) { - if (!addr[a].opt.ssl && !addr[a].opt.quic) { + if (!addr[a].opt.ssl && !addr[a].opt.http3) { continue; } if (addr[a].opt.http3) { name = "http3"; - } else if (addr[a].opt.quic) { - name = "quic"; - } else { name = "ssl"; } @@ -1336,7 +1341,7 @@ ngx_http_ssl_init(ngx_conf_t *cf) if (sscf->certificates) { - if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { + if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "\"ssl_protocols\" must enable TLSv1.3 for " "the \"listen ... %s\" directive in %s:%ui", diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c --- a/src/http/ngx_http.c +++ b/src/http/ngx_http.c @@ -1241,7 +1241,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n ngx_uint_t http2; #endif #if (NGX_HTTP_V3) - ngx_uint_t quic; ngx_uint_t http3; #endif @@ -1280,7 +1279,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n http2 = lsopt->http2 || addr[i].opt.http2; #endif #if (NGX_HTTP_V3) - quic = lsopt->quic || addr[i].opt.quic; http3 = lsopt->http3 || addr[i].opt.http3; #endif @@ -1320,7 +1318,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n addr[i].opt.http2 = http2; #endif #if (NGX_HTTP_V3) - addr[i].opt.quic = quic; addr[i].opt.http3 = http3; #endif @@ -1367,10 +1364,10 @@ ngx_http_add_address(ngx_conf_t *cf, ngx #if (NGX_HTTP_V3 && !defined NGX_QUIC) - if (lsopt->quic) { + if (lsopt->http3) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "nginx was built with OpenSSL that lacks QUIC " - "support, QUIC is not enabled for %V", + "support, HTTP/3 is not enabled for %V", &lsopt->addr_text); } @@ -1836,7 +1833,7 @@ ngx_http_add_listening(ngx_conf_t *cf, n ls->wildcard = addr->opt.wildcard; #if (NGX_HTTP_V3) - ls->quic = addr->opt.quic; + ls->quic = addr->opt.http3; #endif return ls; @@ -1872,7 +1869,6 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_h addrs[i].conf.http2 = addr[i].opt.http2; #endif #if (NGX_HTTP_V3) - addrs[i].conf.quic = addr[i].opt.quic; addrs[i].conf.http3 = addr[i].opt.http3; #endif addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; @@ -1941,7 +1937,6 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_ addrs6[i].conf.http2 = addr[i].opt.http2; #endif #if (NGX_HTTP_V3) - addrs6[i].conf.quic = addr[i].opt.quic; addrs6[i].conf.http3 = addr[i].opt.http3; #endif addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -4096,22 +4096,8 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx #endif } - if (ngx_strcmp(value[n].data, "quic") == 0) { -#if (NGX_HTTP_V3) - lsopt.quic = 1; - lsopt.type = SOCK_DGRAM; - continue; -#else - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "the \"quic\" parameter requires " - "ngx_http_v3_module"); - return NGX_CONF_ERROR; -#endif - } - if (ngx_strcmp(value[n].data, "http3") == 0) { #if (NGX_HTTP_V3) - lsopt.quic = 1; lsopt.http3 = 1; lsopt.type = SOCK_DGRAM; continue; @@ -4224,22 +4210,12 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx return NGX_CONF_ERROR; } -#if (NGX_HTTP_SSL) - -#if (NGX_HTTP_V3) +#if (NGX_HTTP_SSL && NGX_HTTP_V3) if (lsopt.ssl && lsopt.http3) { return "\"ssl\" parameter is incompatible with \"http3\""; } #endif -#if (NGX_HTTP_V3) - if (lsopt.ssl && lsopt.quic) { - return "\"ssl\" parameter is incompatible with \"quic\""; - } -#endif - -#endif - for (n = 0; n < u.naddrs; n++) { lsopt.sockaddr = u.addrs[n].sockaddr; lsopt.socklen = u.addrs[n].socklen; diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -74,7 +74,6 @@ typedef struct { unsigned bind:1; unsigned wildcard:1; unsigned ssl:1; - unsigned quic:1; unsigned http2:1; unsigned http3:1; #if (NGX_HAVE_INET6) diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -327,7 +327,7 @@ ngx_http_init_connection(ngx_connection_ #endif #if (NGX_HTTP_V3) - if (hc->addr_conf->quic) { + if (hc->addr_conf->http3) { ngx_http_v3_init(c); return; } diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h --- a/src/http/v3/ngx_http_v3.h +++ b/src/http/v3/ngx_http_v3.h @@ -22,8 +22,8 @@ #define NGX_HTTP_V3_ALPN_PROTO "\x02h3" #define NGX_HTTP_V3_ALPN_DRAFT_FMT "\x05h3-%02uD" -#define NGX_HTTP_QUIC_ALPN_PROTO "\x0Ahq-interop" -#define NGX_HTTP_QUIC_ALPN_DRAFT_FMT "\x05hq-%02uD" +#define NGX_HTTP_V3_HQ_ALPN_PROTO "\x0Ahq-interop" +#define NGX_HTTP_V3_HQ_ALPN_DRAFT_FMT "\x05hq-%02uD" #define NGX_HTTP_V3_VARLEN_INT_LEN 4 #define NGX_HTTP_V3_PREFIX_INT_LEN 11 @@ -102,6 +102,9 @@ typedef struct { ngx_uint_t max_blocked_streams; ngx_uint_t max_concurrent_pushes; ngx_uint_t max_uni_streams; +#if (NGX_HTTP_V3_HQ) + ngx_flag_t hq; +#endif ngx_quic_conf_t quic; } ngx_http_v3_srv_conf_t; diff --git a/src/http/v3/ngx_http_v3_module.c b/src/http/v3/ngx_http_v3_module.c --- a/src/http/v3/ngx_http_v3_module.c +++ b/src/http/v3/ngx_http_v3_module.c @@ -68,6 +68,15 @@ static ngx_command_t ngx_http_v3_comman offsetof(ngx_http_v3_srv_conf_t, max_uni_streams), NULL }, +#if (NGX_HTTP_V3_HQ) + { ngx_string("http3_hq"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_v3_srv_conf_t, hq), + NULL }, +#endif + { ngx_string("http3_push"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_http_v3_push, @@ -300,6 +309,9 @@ ngx_http_v3_create_srv_conf(ngx_conf_t * h3scf->max_blocked_streams = NGX_CONF_UNSET_UINT; h3scf->max_concurrent_pushes = NGX_CONF_UNSET_UINT; h3scf->max_uni_streams = NGX_CONF_UNSET_UINT; +#if (NGX_HTTP_V3_HQ) + h3scf->hq = NGX_CONF_UNSET; +#endif h3scf->quic.tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; h3scf->quic.tp.max_ack_delay = NGX_CONF_UNSET_MSEC; @@ -343,6 +355,10 @@ ngx_http_v3_merge_srv_conf(ngx_conf_t *c ngx_conf_merge_uint_value(conf->max_uni_streams, prev->max_uni_streams, 3); +#if (NGX_HTTP_V3_HQ) + ngx_conf_merge_value(conf->hq, prev->hq, 0); +#endif + ngx_conf_merge_msec_value(conf->quic.tp.max_idle_timeout, prev->quic.tp.max_idle_timeout, 60000); diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c --- a/src/http/v3/ngx_http_v3_request.c +++ b/src/http/v3/ngx_http_v3_request.c @@ -10,7 +10,9 @@ #include +#if (NGX_HTTP_V3_HQ) static void ngx_http_v3_init_hq_stream(ngx_connection_t *c); +#endif static void ngx_http_v3_init_request_stream(ngx_connection_t *c); static void ngx_http_v3_wait_request_handler(ngx_event_t *rev); static void ngx_http_v3_cleanup_request(void *data); @@ -64,11 +66,10 @@ ngx_http_v3_init(ngx_connection_t *c) hc->ssl = 1; - if (c->quic == NULL) { - h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); + h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); + if (c->quic == NULL) { ngx_quic_run(c, &h3scf->quic); - return; } @@ -82,10 +83,12 @@ ngx_http_v3_init(ngx_connection_t *c) ngx_set_connection_log(c, clcf->error_log); } - if (!hc->addr_conf->http3) { +#if (NGX_HTTP_V3_HQ) + if (h3scf->hq) { ngx_http_v3_init_hq_stream(c); return; } +#endif if (ngx_http_v3_init_session(c) != NGX_OK) { ngx_http_close_connection(c); @@ -101,6 +104,8 @@ ngx_http_v3_init(ngx_connection_t *c) } +#if (NGX_HTTP_V3_HQ) + static void ngx_http_v3_init_hq_stream(ngx_connection_t *c) { @@ -168,6 +173,8 @@ ngx_http_v3_init_hq_stream(ngx_connectio } } +#endif + static void ngx_http_v3_init_request_stream(ngx_connection_t *c) @@ -387,16 +394,15 @@ ngx_http_v3_wait_request_handler(ngx_eve void ngx_http_v3_reset_connection(ngx_connection_t *c) { - ngx_http_connection_t *hc; ngx_http_v3_srv_conf_t *h3scf; - hc = ngx_http_quic_get_connection(c); + h3scf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module); - if (!hc->addr_conf->http3) { +#if (NGX_HTTP_V3_HQ) + if (h3scf->hq) { return; } - - h3scf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module); +#endif if (h3scf->max_table_capacity > 0 && !c->read->eof) { (void) ngx_http_v3_send_cancel_stream(c, c->quic->id);