Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_connid.c @ 9154:f6b6f3dd7ca0
QUIC: ignore path validation socket error (ticket #2532).
Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure. Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.
When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.
When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing). This address may
as well be unavailable and should not trigger QUIC connection closure.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Thu, 31 Aug 2023 10:54:07 +0400 |
parents | fab36e4abf83 |
children |
rev | line source |
---|---|
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 #define NGX_QUIC_MAX_SERVER_IDS 8 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 static ngx_int_t ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 #endif |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
18 static ngx_int_t ngx_quic_retire_client_id(ngx_connection_t *c, |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
19 ngx_quic_client_id_t *cid); |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 static ngx_quic_client_id_t *ngx_quic_alloc_client_id(ngx_connection_t *c, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 ngx_quic_connection_t *qc); |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
22 static ngx_int_t ngx_quic_send_server_id(ngx_connection_t *c, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
23 ngx_quic_server_id_t *sid); |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 ngx_quic_create_server_id(ngx_connection_t *c, u_char *id) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 if (ngx_quic_bpf_attach_id(c, id) != NGX_OK) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 "quic bpf failed to generate socket key"); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 /* ignore error, things still may work */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 #endif |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 #if (NGX_QUIC_BPF) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 static ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 int fd; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 uint64_t cookie; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 socklen_t optlen; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 fd = c->listening->fd; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 optlen = sizeof(cookie); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ngx_log_error(NGX_LOG_ERR, c->log, ngx_socket_errno, |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 "quic getsockopt(SO_COOKIE) failed"); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 ngx_quic_dcid_encode_key(id, cookie); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 #endif |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 ngx_int_t |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c, |
8778
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8777
diff
changeset
|
75 ngx_quic_new_conn_id_frame_t *f) |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 { |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
77 ngx_str_t id; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 ngx_queue_t *q; |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
79 ngx_quic_frame_t *frame; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 ngx_quic_client_id_t *cid, *item; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 ngx_quic_connection_t *qc; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 qc = ngx_quic_get_connection(c); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 if (f->seqnum < qc->max_retired_seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
87 * RFC 9000, 19.15. NEW_CONNECTION_ID Frame |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
88 * |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 * An endpoint that receives a NEW_CONNECTION_ID frame with |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 * a sequence number smaller than the Retire Prior To field |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 * of a previously received NEW_CONNECTION_ID frame MUST send |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 * a corresponding RETIRE_CONNECTION_ID frame that retires |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
93 * the newly received connection ID, unless it has already |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 * done so for that sequence number. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
97 frame = ngx_quic_alloc_frame(c); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
98 if (frame == NULL) { |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
102 frame->level = ssl_encryption_application; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
103 frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
104 frame->u.retire_cid.sequence_number = f->seqnum; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
105 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
106 ngx_quic_queue_frame(qc, frame); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
107 |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 goto retire; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 cid = NULL; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 for (q = ngx_queue_head(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 q != ngx_queue_sentinel(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 q = ngx_queue_next(q)) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 item = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 if (item->seqnum == f->seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 cid = item; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 break; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 if (cid) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
127 * Transmission errors, timeouts, and retransmissions might cause the |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
128 * same NEW_CONNECTION_ID frame to be received multiple times. |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 if (cid->len != f->len |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 || ngx_strncmp(cid->id, f->cid, f->len) != 0 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 || ngx_strncmp(cid->sr_token, f->srt, NGX_QUIC_SR_TOKEN_LEN) != 0) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
136 * ..if a sequence number is used for different connection IDs, |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 * the endpoint MAY treat that receipt as a connection error |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 * of type PROTOCOL_VIOLATION. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 qc->error_reason = "seqnum refers to different connection id/token"; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 } else { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
147 id.data = f->cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
148 id.len = f->len; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
150 if (ngx_quic_create_client_id(c, &id, f->seqnum, f->srt) == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
151 return NGX_ERROR; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 retire: |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 if (qc->max_retired_seqnum && f->retire <= qc->max_retired_seqnum) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 /* |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 * Once a sender indicates a Retire Prior To value, smaller values sent |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 * in subsequent NEW_CONNECTION_ID frames have no effect. A receiver |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 * MUST ignore any Retire Prior To fields that do not increase the |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 * largest received Retire Prior To value. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 goto done; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 qc->max_retired_seqnum = f->retire; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 q = ngx_queue_head(&qc->client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 while (q != ngx_queue_sentinel(&qc->client_ids)) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 q = ngx_queue_next(q); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 if (cid->seqnum >= f->retire) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 continue; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
180 if (ngx_quic_retire_client_id(c, cid) != NGX_OK) { |
8920
9680f0badc95
QUIC: fixed using of retired connection id (ticket #2289).
Vladimir Homutov <vl@nginx.com>
parents:
8911
diff
changeset
|
181 return NGX_ERROR; |
9680f0badc95
QUIC: fixed using of retired connection id (ticket #2289).
Vladimir Homutov <vl@nginx.com>
parents:
8911
diff
changeset
|
182 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 done: |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 if (qc->nclient_ids > qc->tp.active_connection_id_limit) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
189 * RFC 9000, 5.1.1. Issuing Connection IDs |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8778
diff
changeset
|
190 * |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 * After processing a NEW_CONNECTION_ID frame and |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 * adding and retiring active connection IDs, if the number of active |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 * connection IDs exceeds the value advertised in its |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 * active_connection_id_limit transport parameter, an endpoint MUST |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 * close the connection with an error of type CONNECTION_ID_LIMIT_ERROR. |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 */ |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 qc->error_reason = "too many connection ids received"; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 return NGX_ERROR; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 static ngx_int_t |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
207 ngx_quic_retire_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid) |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 { |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
209 ngx_queue_t *q; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
210 ngx_quic_path_t *path; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
211 ngx_quic_client_id_t *new_cid; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 ngx_quic_connection_t *qc; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 qc = ngx_quic_get_connection(c); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
216 if (!cid->used) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
217 return ngx_quic_free_client_id(c, cid); |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
220 /* we are going to retire client id which is in use */ |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
221 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
222 q = ngx_queue_head(&qc->paths); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
223 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
224 while (q != ngx_queue_sentinel(&qc->paths)) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
225 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
226 path = ngx_queue_data(q, ngx_quic_path_t, queue); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
227 q = ngx_queue_next(q); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
228 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
229 if (path->cid != cid) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
230 continue; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
231 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
233 if (path == qc->path) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
234 /* this is the active path: update it with new CID */ |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
235 new_cid = ngx_quic_next_client_id(c); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
236 if (new_cid == NULL) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
237 return NGX_ERROR; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
238 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
240 qc->path->cid = new_cid; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
241 new_cid->used = 1; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
242 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
243 return ngx_quic_free_client_id(c, cid); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
244 } |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
245 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
246 return ngx_quic_free_path(c, path); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
247 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 return NGX_OK; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 static ngx_quic_client_id_t * |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 ngx_quic_alloc_client_id(ngx_connection_t *c, ngx_quic_connection_t *qc) |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 ngx_queue_t *q; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 ngx_quic_client_id_t *cid; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 if (!ngx_queue_empty(&qc->free_client_ids)) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 q = ngx_queue_head(&qc->free_client_ids); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 ngx_queue_remove(&cid->queue); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 ngx_memzero(cid, sizeof(ngx_quic_client_id_t)); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 } else { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 cid = ngx_pcalloc(c->pool, sizeof(ngx_quic_client_id_t)); |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 if (cid == NULL) { |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 return NULL; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 return cid; |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
280 ngx_quic_client_id_t * |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
281 ngx_quic_create_client_id(ngx_connection_t *c, ngx_str_t *id, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
282 uint64_t seqnum, u_char *token) |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 { |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
284 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
285 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
286 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
287 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
288 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
289 cid = ngx_quic_alloc_client_id(c, qc); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
290 if (cid == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
291 return NULL; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
292 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
294 cid->seqnum = seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
295 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
296 cid->len = id->len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
297 ngx_memcpy(cid->id, id->data, id->len); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
298 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
299 if (token) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
300 ngx_memcpy(cid->sr_token, token, NGX_QUIC_SR_TOKEN_LEN); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
301 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
302 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
303 ngx_queue_insert_tail(&qc->client_ids, &cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
304 qc->nclient_ids++; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
306 if (seqnum > qc->client_seqnum) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
307 qc->client_seqnum = seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
308 } |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8997
fab36e4abf83
QUIC: got rid of hash symbol in backup and logging.
Vladimir Homutov <vl@nginx.com>
parents:
8971
diff
changeset
|
311 "quic cid seq:%uL received id:%uz:%xV:%*xs", |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
312 cid->seqnum, id->len, id, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
313 (size_t) NGX_QUIC_SR_TOKEN_LEN, cid->sr_token); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
314 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
315 return cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
316 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
317 |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
319 ngx_quic_client_id_t * |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
320 ngx_quic_next_client_id(ngx_connection_t *c) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
321 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
322 ngx_queue_t *q; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
323 ngx_quic_client_id_t *cid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
324 ngx_quic_connection_t *qc; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
326 qc = ngx_quic_get_connection(c); |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
328 for (q = ngx_queue_head(&qc->client_ids); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
329 q != ngx_queue_sentinel(&qc->client_ids); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
330 q = ngx_queue_next(q)) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
331 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
332 cid = ngx_queue_data(q, ngx_quic_client_id_t, queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
333 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
334 if (!cid->used) { |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
335 return cid; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
336 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 } |
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
339 return NULL; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
340 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
341 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
342 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
343 ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
344 ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c, |
8778
5186ee5a94b9
QUIC: simplified sending 1-RTT only frames.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8777
diff
changeset
|
345 ngx_quic_retire_cid_frame_t *f) |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
346 { |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
347 ngx_quic_socket_t *qsock; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
348 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
349 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
350 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
351 |
8910
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
352 if (f->sequence_number >= qc->server_seqnum) { |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
353 /* |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
354 * RFC 9000, 19.16. |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
355 * |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
356 * Receipt of a RETIRE_CONNECTION_ID frame containing a sequence |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
357 * number greater than any previously sent to the peer MUST be |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
358 * treated as a connection error of type PROTOCOL_VIOLATION. |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
359 */ |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
360 qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
361 qc->error_reason = "sequence number of id to retire was never issued"; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
362 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
363 return NGX_ERROR; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
364 } |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
365 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
366 qsock = ngx_quic_get_socket(c); |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
367 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
368 if (qsock->sid.seqnum == f->sequence_number) { |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
369 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
370 /* |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
371 * RFC 9000, 19.16. |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
372 * |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
373 * The sequence number specified in a RETIRE_CONNECTION_ID frame MUST |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
374 * NOT refer to the Destination Connection ID field of the packet in |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
375 * which the frame is contained. The peer MAY treat this as a |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
376 * connection error of type PROTOCOL_VIOLATION. |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
377 */ |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
378 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
379 qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
380 qc->error_reason = "sequence number of id to retire refers DCID"; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
381 |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
382 return NGX_ERROR; |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
383 } |
f8848f5a1014
QUIC: additional checks for the RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8896
diff
changeset
|
384 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
385 qsock = ngx_quic_find_socket(c, f->sequence_number); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
386 if (qsock == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
387 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
388 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
389 |
8911
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
390 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8997
fab36e4abf83
QUIC: got rid of hash symbol in backup and logging.
Vladimir Homutov <vl@nginx.com>
parents:
8971
diff
changeset
|
391 "quic socket seq:%uL is retired", qsock->sid.seqnum); |
8911
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
392 |
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
393 ngx_quic_close_socket(c, qsock); |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
394 |
8911
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
395 /* restore socket count up to a limit after deletion */ |
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
396 if (ngx_quic_create_sockets(c) != NGX_OK) { |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
397 return NGX_ERROR; |
8911
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
398 } |
b09f055daa4e
QUIC: fixed handling of RETIRE_CONNECTION_ID frame.
Vladimir Homutov <vl@nginx.com>
parents:
8910
diff
changeset
|
399 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
400 return NGX_OK; |
8748
e0cb1e58ca13
QUIC: separate files for connection id related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 } |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
402 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
403 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
404 ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
405 ngx_quic_create_sockets(ngx_connection_t *c) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
406 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
407 ngx_uint_t n; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
408 ngx_quic_socket_t *qsock; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
409 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
410 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
411 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
412 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
413 n = ngx_min(NGX_QUIC_MAX_SERVER_IDS, qc->ctp.active_connection_id_limit); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
414 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
415 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
416 "quic create sockets has:%ui max:%ui", qc->nsockets, n); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
417 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
418 while (qc->nsockets < n) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
419 |
8955
32daba3aabb2
QUIC: got rid of ngx_quic_create_temp_socket().
Vladimir Homutov <vl@nginx.com>
parents:
8920
diff
changeset
|
420 qsock = ngx_quic_create_socket(c, qc); |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
421 if (qsock == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
422 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
423 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
424 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
425 if (ngx_quic_listen(c, qc, qsock) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
426 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
427 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
428 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
429 if (ngx_quic_send_server_id(c, &qsock->sid) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
430 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
431 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
432 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
433 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
434 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
435 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
436 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
437 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
438 static ngx_int_t |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
439 ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
440 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
441 ngx_str_t dcid; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
442 ngx_quic_frame_t *frame; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
443 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
444 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
445 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
446 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
447 dcid.len = sid->len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
448 dcid.data = sid->id; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
449 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
450 frame = ngx_quic_alloc_frame(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
451 if (frame == NULL) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
452 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
453 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
454 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
455 frame->level = ssl_encryption_application; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
456 frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
457 frame->u.ncid.seqnum = sid->seqnum; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
458 frame->u.ncid.retire = 0; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
459 frame->u.ncid.len = NGX_QUIC_SERVER_CID_LEN; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
460 ngx_memcpy(frame->u.ncid.cid, sid->id, NGX_QUIC_SERVER_CID_LEN); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
461 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
462 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
463 frame->u.ncid.srt) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
464 != NGX_OK) |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
465 { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
466 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
467 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
468 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
469 ngx_quic_queue_frame(qc, frame); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
470 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
471 return NGX_OK; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
472 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
473 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
474 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
475 ngx_int_t |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
476 ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid) |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
477 { |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
478 ngx_quic_frame_t *frame; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
479 ngx_quic_connection_t *qc; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
480 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
481 qc = ngx_quic_get_connection(c); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
482 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
483 frame = ngx_quic_alloc_frame(c); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
484 if (frame == NULL) { |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
485 return NGX_ERROR; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
486 } |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
487 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
488 frame->level = ssl_encryption_application; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
489 frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
490 frame->u.retire_cid.sequence_number = cid->seqnum; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
491 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
492 ngx_quic_queue_frame(qc, frame); |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
493 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
494 /* we are no longer going to use this client id */ |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
495 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
496 ngx_queue_remove(&cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
497 ngx_queue_insert_head(&qc->free_client_ids, &cid->queue); |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
498 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
499 qc->nclient_ids--; |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
500 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8955
diff
changeset
|
501 return NGX_OK; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8748
diff
changeset
|
502 } |