Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 8763:4117aa7fa38e quic
QUIC: connection migration.
The patch adds proper transitions between multiple networking addresses that
can be used by a single quic connection. New networking paths are validated
using PATH_CHALLENGE/PATH_RESPONSE frames.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 29 Apr 2021 15:35:02 +0300 |
parents | 46161c610919 |
children | b3f6ad181df4 |
comparison
equal
deleted
inserted
replaced
8762:12f18e0bca09 | 8763:4117aa7fa38e |
---|---|
389 /* 12.4 Frames and frame types, figure 8 */ | 389 /* 12.4 Frames and frame types, figure 8 */ |
390 frame->level = ssl_encryption_application; | 390 frame->level = ssl_encryption_application; |
391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | 391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
392 ngx_quic_queue_frame(qc, frame); | 392 ngx_quic_queue_frame(qc, frame); |
393 | 393 |
394 if (ngx_quic_send_new_token(c) != NGX_OK) { | 394 if (qc->conf->retry) { |
395 return NGX_ERROR; | 395 if (ngx_quic_send_new_token(c, qc->socket->path) != NGX_OK) { |
396 return NGX_ERROR; | |
397 } | |
396 } | 398 } |
397 | 399 |
398 /* | 400 /* |
399 * Generating next keys before a key update is received. | 401 * Generating next keys before a key update is received. |
400 * See quic-tls 9.4 Header Protection Timing Side-Channels. | 402 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
408 * 4.10.2 An endpoint MUST discard its handshake keys | 410 * 4.10.2 An endpoint MUST discard its handshake keys |
409 * when the TLS handshake is confirmed | 411 * when the TLS handshake is confirmed |
410 */ | 412 */ |
411 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | 413 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
412 | 414 |
413 if (ngx_quic_issue_server_ids(c) != NGX_OK) { | 415 /* start accepting clients on negotiated number of server ids */ |
416 if (ngx_quic_create_sockets(c) != NGX_OK) { | |
414 return NGX_ERROR; | 417 return NGX_ERROR; |
415 } | 418 } |
416 | 419 |
417 return NGX_OK; | 420 return NGX_OK; |
418 } | 421 } |
422 ngx_quic_init_connection(ngx_connection_t *c) | 425 ngx_quic_init_connection(ngx_connection_t *c) |
423 { | 426 { |
424 u_char *p; | 427 u_char *p; |
425 size_t clen; | 428 size_t clen; |
426 ssize_t len; | 429 ssize_t len; |
430 ngx_str_t dcid; | |
427 ngx_ssl_conn_t *ssl_conn; | 431 ngx_ssl_conn_t *ssl_conn; |
428 ngx_quic_connection_t *qc; | 432 ngx_quic_connection_t *qc; |
429 | 433 |
430 qc = ngx_quic_get_connection(c); | 434 qc = ngx_quic_get_connection(c); |
431 | 435 |
451 | 455 |
452 #if BORINGSSL_API_VERSION >= 13 | 456 #if BORINGSSL_API_VERSION >= 13 |
453 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); | 457 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
454 #endif | 458 #endif |
455 | 459 |
456 if (ngx_quic_new_sr_token(c, &qc->dcid, qc->conf->sr_token_key, | 460 dcid.data = qc->socket->sid.id; |
457 qc->tp.sr_token) | 461 dcid.len = qc->socket->sid.len; |
462 | |
463 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) | |
458 != NGX_OK) | 464 != NGX_OK) |
459 { | 465 { |
460 return NGX_ERROR; | 466 return NGX_ERROR; |
461 } | 467 } |
462 | 468 |