Mercurial > hg > nginx
annotate src/event/ngx_event_quic.h @ 8383:7ea34e13937f quic
Address validation using Retry packets.
The behaviour is toggled with the new directive "quic_retry on|off".
QUIC token construction is made suitable for issuing with NEW_TOKEN.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 14 May 2020 15:47:18 +0300 |
parents | 9d9531431c8c |
children | 125cbfa77013 |
rev | line source |
---|---|
8167
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 /* |
8182
b28ea685a56e
Moved all QUIC code into ngx_event_quic.c
Vladimir Homutov <vl@nginx.com>
parents:
8181
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
8167
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 */ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_H_INCLUDED_ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_H_INCLUDED_ |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8345
diff
changeset
|
11 #include <ngx_config.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8345
diff
changeset
|
12 #include <ngx_core.h> |
8170
53a5cdbe500c
QUIC add_handshake_data callback, varint routines.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8169
diff
changeset
|
13 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
14 |
8273
cb75f194f1f0
Implemented sending HANDSHAKE_DONE frame after handshake.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
15 #define NGX_QUIC_DRAFT_VERSION 27 |
8269
c9c3a73df6e8
Support for HTTP/3 ALPN.
Roman Arutyunyan <arut@nginx.com>
parents:
8265
diff
changeset
|
16 #define NGX_QUIC_VERSION (0xff000000 + NGX_QUIC_DRAFT_VERSION) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
17 |
8345
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
18 #define NGX_QUIC_MAX_SHORT_HEADER 25 /* 1 flags + 20 dcid + 4 pn */ |
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
19 #define NGX_QUIC_MAX_LONG_HEADER 56 |
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
20 /* 1 flags + 4 version + 2 x (1 + 20) s/dcid + 4 pn + 4 len + token len */ |
8265
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
21 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
22 #define NGX_QUIC_DEFAULT_MAX_PACKET_SIZE 65527 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
23 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
24 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 |
d45325e90221
Limit output QUIC packets with client max_packet_size.
Roman Arutyunyan <arut@nginx.com>
parents:
8263
diff
changeset
|
25 |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
26 #define NGX_QUIC_RETRY_TIMEOUT 3000 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
27 #define NGX_QUIC_RETRY_LIFETIME 30000 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
28 #define NGX_QUIC_RETRY_BUFFER_SIZE 128 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
29 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(44) */ |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
30 #define NGX_QUIC_MAX_TOKEN_SIZE 32 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
31 /* sizeof(struct in6_addr) + sizeof(ngx_msec_t) up to AES-256 block size */ |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
32 |
8355
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8352
diff
changeset
|
33 #define NGX_QUIC_HARDCODED_PTO 1000 /* 1s, TODO: collect */ |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8352
diff
changeset
|
34 #define NGX_QUIC_CC_MIN_INTERVAL 1000 /* 1s */ |
ad3a6f069498
Added proper handling of connection close phases.
Vladimir Homutov <vl@nginx.com>
parents:
8352
diff
changeset
|
35 |
8345
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
36 #define NGX_QUIC_MIN_INITIAL_SIZE 1200 |
6481427ca3fc
Respecting maximum packet size.
Vladimir Homutov <vl@nginx.com>
parents:
8334
diff
changeset
|
37 |
8280
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8273
diff
changeset
|
38 #define NGX_QUIC_STREAM_SERVER_INITIATED 0x01 |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8273
diff
changeset
|
39 #define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02 |
b364af7f9f3f
Removed ngx_quic_stream_node_t.
Roman Arutyunyan <arut@nginx.com>
parents:
8273
diff
changeset
|
40 |
8364
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8360
diff
changeset
|
41 #define NGX_QUIC_STREAM_BUFSIZE 65536 |
8282
4cf00c14f11a
Safe QUIC stream creation.
Roman Arutyunyan <arut@nginx.com>
parents:
8280
diff
changeset
|
42 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
43 |
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
44 typedef struct { |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
45 /* configurable */ |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
46 ngx_msec_t max_idle_timeout; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
47 ngx_msec_t max_ack_delay; |
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
48 |
8352
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8347
diff
changeset
|
49 size_t max_packet_size; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8347
diff
changeset
|
50 size_t initial_max_data; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8347
diff
changeset
|
51 size_t initial_max_stream_data_bidi_local; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8347
diff
changeset
|
52 size_t initial_max_stream_data_bidi_remote; |
d73516830236
HTTP/3: bytes holding directives changed to ngx_conf_set_size_slot.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8347
diff
changeset
|
53 size_t initial_max_stream_data_uni; |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
54 ngx_uint_t initial_max_streams_bidi; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
55 ngx_uint_t initial_max_streams_uni; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
56 ngx_uint_t ack_delay_exponent; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
57 ngx_uint_t disable_active_migration; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
58 ngx_uint_t active_connection_id_limit; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
59 ngx_str_t original_connection_id; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
60 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
61 ngx_flag_t retry; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8371
diff
changeset
|
62 u_char token_key[32]; /* AES 256 */ |
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
63 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
64 /* TODO */ |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
65 u_char stateless_reset_token[16]; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
66 void *preferred_address; |
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
67 } ngx_quic_tp_t; |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
68 |
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
69 |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
70 typedef struct { |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
71 uint64_t sent; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
72 uint64_t received; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
73 ngx_queue_t frames; /* reorder queue */ |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
74 size_t total; /* size of buffered data */ |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
75 } ngx_quic_frames_stream_t; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
76 |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
77 |
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8182
diff
changeset
|
78 struct ngx_quic_stream_s { |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
79 ngx_rbtree_node_t node; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
80 ngx_connection_t *parent; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
81 ngx_connection_t *c; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
82 uint64_t id; |
8364
eee307399229
QUIC basic congestion control.
Roman Arutyunyan <arut@nginx.com>
parents:
8360
diff
changeset
|
83 uint64_t acked; |
8365
fab75acb1f72
Respect MAX_DATA and MAX_STREAM_DATA from QUIC client.
Roman Arutyunyan <arut@nginx.com>
parents:
8364
diff
changeset
|
84 uint64_t send_max_data; |
8334
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
85 ngx_buf_t *b; |
72d20158c814
Added reordering support for STREAM frames.
Vladimir Homutov <vl@nginx.com>
parents:
8282
diff
changeset
|
86 ngx_quic_frames_stream_t fs; |
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8182
diff
changeset
|
87 }; |
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8182
diff
changeset
|
88 |
8168 | 89 |
8247
e9891e8ee975
Configurable transport parameters.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
90 void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
8271
8e54a17dabee
Respect QUIC max_idle_timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
8269
diff
changeset
|
91 ngx_connection_handler_pt handler); |
8208
4ae9ac69ab93
HTTP/QUIC interface reworked.
Vladimir Homutov <vl@nginx.com>
parents:
8182
diff
changeset
|
92 ngx_connection_t *ngx_quic_create_uni_stream(ngx_connection_t *c); |
8167
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
94 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
95 /********************************* DEBUG *************************************/ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
96 |
8371
9d9531431c8c
Removed outdated/incorrect comments and fixed style.
Vladimir Homutov <vl@nginx.com>
parents:
8365
diff
changeset
|
97 /* #define NGX_QUIC_DEBUG_PACKETS */ /* dump packet contents */ |
9d9531431c8c
Removed outdated/incorrect comments and fixed style.
Vladimir Homutov <vl@nginx.com>
parents:
8365
diff
changeset
|
98 /* #define NGX_QUIC_DEBUG_FRAMES */ /* dump frames contents */ |
9d9531431c8c
Removed outdated/incorrect comments and fixed style.
Vladimir Homutov <vl@nginx.com>
parents:
8365
diff
changeset
|
99 /* #define NGX_QUIC_DEBUG_FRAMES_ALLOC */ /* log frames alloc/reuse/free */ |
9d9531431c8c
Removed outdated/incorrect comments and fixed style.
Vladimir Homutov <vl@nginx.com>
parents:
8365
diff
changeset
|
100 /* #define NGX_QUIC_DEBUG_CRYPTO */ |
8359 | 101 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
102 #if (NGX_DEBUG) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
103 |
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
104 #define ngx_quic_hexdump(log, label, data, len) \ |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
105 do { \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
106 ngx_int_t m; \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
107 u_char buf[2048]; \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
108 \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
109 if (log->log_level & NGX_LOG_DEBUG_EVENT) { \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
110 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 1024)) - buf; \ |
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
111 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0, \ |
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
112 label " len:%uz data:%*s%s", \ |
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
113 len, m, buf, len < 2048 ? "" : "..."); \ |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
114 } \ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
115 } while (0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
116 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
117 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
118 |
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
119 #define ngx_quic_hexdump(log, fmt, data, len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
120 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
121 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
8215
diff
changeset
|
122 |
8167
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ |