Compare commits
30 Commits
quic
...
stable-1.2
Author | SHA1 | Date |
---|---|---|
Maxim Dounin | c04971f65c | |
Maxim Dounin | 11a9f6c929 | |
Maxim Dounin | bede588761 | |
Maxim Dounin | 19a9a22ffc | |
Maxim Dounin | 4bdba693ef | |
Maxim Dounin | 9c57f54d54 | |
Sergey Kandaurov | aa59acf058 | |
Sergey Kandaurov | 2b5c9bf17e | |
Sergey Kandaurov | c44c7169b0 | |
Sergey Kandaurov | b150852b65 | |
Sergey Kandaurov | 092dbcea1a | |
Sergey Kandaurov | 6ae41a4c76 | |
Sergey Kandaurov | ebadd603ee | |
Maxim Dounin | fbd0eb08b0 | |
Sergey Kandaurov | 95d439345b | |
Maxim Dounin | b53023e0e5 | |
Maxim Dounin | 2b215d01f2 | |
Maxim Dounin | 88c3088474 | |
Maxim Dounin | acc9ee614f | |
Maxim Dounin | dbbb8fda3f | |
Maxim Dounin | cda4356a47 | |
Maxim Dounin | c76b6027aa | |
Maxim Dounin | c7b4ba76f6 | |
Maxim Dounin | f9c3f85f7b | |
Maxim Dounin | dc8f286940 | |
Maxim Dounin | aeb088ebab | |
Maxim Dounin | 597d509a1c | |
Maxim Dounin | e95a38cf48 | |
Maxim Dounin | 646752ddd9 | |
Maxim Dounin | f471ce1ff5 |
389
README
389
README
|
@ -1,389 +0,0 @@
|
|||
Experimental QUIC support for nginx
|
||||
-----------------------------------
|
||||
|
||||
1. Introduction
|
||||
2. Building from sources
|
||||
3. Configuration
|
||||
4. Directives
|
||||
5. Clients
|
||||
6. Troubleshooting
|
||||
7. Contributing
|
||||
8. Links
|
||||
|
||||
1. Introduction
|
||||
|
||||
This is an experimental QUIC [1] / HTTP/3 [2] support for nginx.
|
||||
|
||||
The code is developed in a separate "quic" branch available
|
||||
at https://hg.nginx.org/nginx-quic. Currently it is based
|
||||
on nginx mainline 1.23.x. We merge new nginx releases into
|
||||
this branch regularly.
|
||||
|
||||
The project code base is under the same BSD license as nginx.
|
||||
|
||||
The code is currently at a beta level of quality, however
|
||||
there are several production deployments with it.
|
||||
|
||||
NGINX Development Team is working on improving HTTP/3 support to
|
||||
integrate it into the main NGINX codebase. Thus, expect further
|
||||
updates of this code, including features, changes in behaviour,
|
||||
bug fixes, and refactoring. NGINX Development team will be
|
||||
grateful for any feedback and code submissions.
|
||||
|
||||
Please contact NGINX Development Team via nginx-devel mailing list [3].
|
||||
|
||||
What works now:
|
||||
|
||||
IETF QUIC version 1 is supported. Internet drafts are no longer supported.
|
||||
|
||||
nginx should be able to respond to HTTP/3 requests over QUIC and
|
||||
it should be possible to upload and download big files without errors.
|
||||
|
||||
+ The handshake completes successfully
|
||||
+ One endpoint can update keys and its peer responds correctly
|
||||
+ 0-RTT data is being received and acted on
|
||||
+ Connection is established using TLS Resume Ticket
|
||||
+ A handshake that includes a Retry packet completes successfully
|
||||
+ Stream data is being exchanged and ACK'ed
|
||||
+ An H3 transaction succeeded
|
||||
+ One or both endpoints insert entries into dynamic table and
|
||||
subsequently reference them from header blocks
|
||||
+ Version Negotiation packet is sent to client with unknown version
|
||||
+ Lost packets are detected and retransmitted properly
|
||||
+ Clients may migrate to new address
|
||||
|
||||
2. Building from sources
|
||||
|
||||
The build is configured using the configure command.
|
||||
Refer to http://nginx.org/en/docs/configure.html for details.
|
||||
|
||||
When configuring nginx, it's possible to enable QUIC and HTTP/3
|
||||
using the following new configuration options:
|
||||
|
||||
--with-http_v3_module - enable QUIC and HTTP/3
|
||||
--with-stream_quic_module - enable QUIC in Stream
|
||||
|
||||
A library that provides QUIC support is recommended to build nginx, there
|
||||
are several of those available on the market:
|
||||
+ BoringSSL [4]
|
||||
+ LibreSSL [5]
|
||||
+ QuicTLS [6]
|
||||
|
||||
Alternatively, nginx can be configured with OpenSSL compatibility
|
||||
layer, which emulates BoringSSL QUIC API for OpenSSL. This mode is
|
||||
enabled by default if native QUIC support is not detected.
|
||||
0-RTT is not supported in OpenSSL compatibility mode.
|
||||
|
||||
Clone the NGINX QUIC repository
|
||||
|
||||
$ hg clone -b quic https://hg.nginx.org/nginx-quic
|
||||
$ cd nginx-quic
|
||||
|
||||
Use the following command to configure nginx with BoringSSL [4]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../boringssl/include" \
|
||||
--with-ld-opt="-L../boringssl/build/ssl \
|
||||
-L../boringssl/build/crypto"
|
||||
$ make
|
||||
|
||||
Alternatively, nginx can be configured with QuicTLS [6]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../quictls/build/include" \
|
||||
--with-ld-opt="-L../quictls/build/lib"
|
||||
|
||||
Alternatively, nginx can be configured with a modern version
|
||||
of LibreSSL [7]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../libressl/build/include" \
|
||||
--with-ld-opt="-L../libressl/build/lib"
|
||||
|
||||
3. Configuration
|
||||
|
||||
The HTTP "listen" directive got a new option "quic" which enables
|
||||
QUIC as client transport protocol instead of TCP.
|
||||
|
||||
The Stream "listen" directive got a new option "quic" which enables
|
||||
QUIC as client transport protocol instead of TCP or plain UDP.
|
||||
|
||||
Along with "quic", it's also possible to specify "reuseport"
|
||||
option [8] to make it work properly with multiple workers.
|
||||
|
||||
To enable address validation:
|
||||
|
||||
quic_retry on;
|
||||
|
||||
To enable 0-RTT:
|
||||
|
||||
ssl_early_data on;
|
||||
|
||||
Make sure that TLS 1.3 is configured which is required for QUIC:
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
To enable GSO (Generic Segmentation Offloading):
|
||||
|
||||
quic_gso on;
|
||||
|
||||
To limit maximum UDP payload size on receive path:
|
||||
|
||||
quic_mtu <size>;
|
||||
|
||||
To set host key for various tokens:
|
||||
|
||||
quic_host_key <filename>;
|
||||
|
||||
|
||||
By default, GSO Linux-specific optimization [10] is disabled.
|
||||
Enable it in case a corresponding network interface is configured to
|
||||
support GSO.
|
||||
|
||||
A number of directives were added that configure HTTP/3:
|
||||
|
||||
http3
|
||||
http3_hq
|
||||
http3_stream_buffer_size
|
||||
http3_max_concurrent_pushes
|
||||
http3_max_concurrent_streams
|
||||
http3_push
|
||||
http3_push_preload
|
||||
|
||||
In http, an additional variable is available: $http3.
|
||||
The value of $http3 is "h3" for HTTP/3 connections,
|
||||
"hq" for hq connections, or an empty string otherwise.
|
||||
|
||||
In stream, an additional variable is available: $quic.
|
||||
The value of $quic is "quic" if QUIC connection is used,
|
||||
or an empty string otherwise.
|
||||
|
||||
Example configuration:
|
||||
|
||||
http {
|
||||
log_format quic '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" "$http3"';
|
||||
|
||||
access_log logs/access.log quic;
|
||||
|
||||
server {
|
||||
# for better compatibility it's recommended
|
||||
# to use the same port for quic and https
|
||||
listen 8443 quic reuseport;
|
||||
listen 8443 ssl;
|
||||
|
||||
ssl_certificate certs/example.com.crt;
|
||||
ssl_certificate_key certs/example.com.key;
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
location / {
|
||||
# required for browsers to direct them into quic port
|
||||
add_header Alt-Svc 'h3=":8443"; ma=86400';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
4. Directives
|
||||
|
||||
Syntax: quic_bpf on | off;
|
||||
Default: quic_bpf off;
|
||||
Context: main
|
||||
|
||||
Enables routing of QUIC packets using eBPF.
|
||||
When enabled, this allows to support QUIC connection migration.
|
||||
The directive is only supported on Linux 5.7+.
|
||||
|
||||
|
||||
Syntax: quic_retry on | off;
|
||||
Default: quic_retry off;
|
||||
Context: http | stream, server
|
||||
|
||||
Enables the QUIC Address Validation feature. This includes:
|
||||
- sending a new token in a Retry packet or a NEW_TOKEN frame
|
||||
- validating a token received in the Initial packet
|
||||
|
||||
|
||||
Syntax: quic_gso on | off;
|
||||
Default: quic_gso off;
|
||||
Context: http | stream, server
|
||||
|
||||
Enables sending in optimized batch mode using segmentation offloading.
|
||||
Optimized sending is only supported on Linux featuring UDP_SEGMENT.
|
||||
|
||||
|
||||
Syntax: quic_mtu size;
|
||||
Default: quic_mtu 65527;
|
||||
Context: http | stream, server
|
||||
|
||||
Sets the QUIC max_udp_payload_size transport parameter value.
|
||||
This is the maximum UDP payload that we are willing to receive.
|
||||
|
||||
|
||||
Syntax: quic_host_key file;
|
||||
Default: -
|
||||
Context: http | stream, server
|
||||
|
||||
Specifies a file with the secret key used to encrypt stateless reset and
|
||||
address validation tokens. By default, a randomly generated key is used.
|
||||
|
||||
|
||||
Syntax: quic_active_connection_id_limit number;
|
||||
Default: quic_active_connection_id_limit 2;
|
||||
Context: http | stream, server
|
||||
|
||||
Sets the QUIC active_connection_id_limit transport parameter value.
|
||||
This is the maximum number of connection IDs we are willing to store.
|
||||
|
||||
|
||||
Syntax: quic_timeout time;
|
||||
Default: quic_timeout 60s;
|
||||
Context: stream, server
|
||||
|
||||
Defines a timeout used to negotiate the QUIC idle timeout.
|
||||
In the http module, it is taken from the keepalive_timeout directive.
|
||||
|
||||
|
||||
Syntax: quic_stream_buffer_size size;
|
||||
Default: quic_stream_buffer_size 64k;
|
||||
Context: stream, server
|
||||
|
||||
Syntax: http3_stream_buffer_size size;
|
||||
Default: http3_stream_buffer_size 64k;
|
||||
Context: http, server
|
||||
|
||||
Sets buffer size for reading and writing of the QUIC STREAM payload.
|
||||
The buffer size is used to calculate initial flow control limits
|
||||
in the following QUIC transport parameters:
|
||||
- initial_max_data
|
||||
- initial_max_stream_data_bidi_local
|
||||
- initial_max_stream_data_bidi_remote
|
||||
- initial_max_stream_data_uni
|
||||
|
||||
|
||||
Syntax: http3_max_concurrent_pushes number;
|
||||
Default: http3_max_concurrent_pushes 10;
|
||||
Context: http, server
|
||||
|
||||
Limits the maximum number of concurrent push requests in a connection.
|
||||
|
||||
|
||||
Syntax: http3_max_concurrent_streams number;
|
||||
Default: http3_max_concurrent_streams 128;
|
||||
Context: http, server
|
||||
|
||||
Sets the maximum number of concurrent HTTP/3 streams in a connection.
|
||||
|
||||
|
||||
Syntax: http3_push uri | off;
|
||||
Default: http3_push off;
|
||||
Context: http, server, location
|
||||
|
||||
Pre-emptively sends (pushes) a request to the specified uri along with
|
||||
the response to the original request. Only relative URIs with absolute
|
||||
path will be processed, for example:
|
||||
|
||||
http3_push /static/css/main.css;
|
||||
|
||||
The uri value can contain variables.
|
||||
|
||||
Several http3_push directives can be specified on the same configuration
|
||||
level. The off parameter cancels the effect of the http3_push directives
|
||||
inherited from the previous configuration level.
|
||||
|
||||
|
||||
Syntax: http3_push_preload on | off;
|
||||
Default: http3_push_preload off;
|
||||
Context: http, server, location
|
||||
|
||||
Enables automatic conversion of preload links specified in the “Link”
|
||||
response header fields into push requests.
|
||||
|
||||
|
||||
Syntax: http3 on | off;
|
||||
Default: http3 on;
|
||||
Context: http, server
|
||||
|
||||
Enables HTTP/3 protocol negotiation.
|
||||
|
||||
|
||||
Syntax: http3_hq on | off;
|
||||
Default: http3_hq off;
|
||||
Context: http, server
|
||||
|
||||
Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
|
||||
|
||||
5. Clients
|
||||
|
||||
* Browsers
|
||||
|
||||
Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1)
|
||||
|
||||
Beware of strange issues: sometimes browser may decide to ignore QUIC
|
||||
Cache clearing/restart might help. Always check access.log and
|
||||
error.log to make sure the browser is using HTTP/3 and not TCP https.
|
||||
|
||||
* Console clients
|
||||
|
||||
Known to work: ngtcp2, firefox's neqo and chromium's console clients:
|
||||
|
||||
$ examples/client 127.0.0.1 8443 https://example.com:8443/index.html
|
||||
|
||||
$ ./neqo-client https://127.0.0.1:8443/
|
||||
|
||||
$ chromium-build/out/my_build/quic_client http://example.com:8443
|
||||
|
||||
|
||||
In case everyhing is right, the access log should show something like:
|
||||
|
||||
127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-"
|
||||
"nghttp3/ngtcp2 client" "quic"
|
||||
|
||||
|
||||
6. Troubleshooting
|
||||
|
||||
Here are some tips that may help to identify problems:
|
||||
|
||||
+ Ensure nginx is built with proper SSL library that supports QUIC
|
||||
|
||||
+ Ensure nginx is using the proper SSL library in runtime
|
||||
(`nginx -V` shows what it's using)
|
||||
|
||||
+ Ensure a client is actually sending requests over QUIC
|
||||
(see "Clients" section about browsers and cache)
|
||||
|
||||
We recommend to start with simple console client like ngtcp2
|
||||
to ensure the server is configured properly before trying
|
||||
with real browsers that may be very picky with certificates,
|
||||
for example.
|
||||
|
||||
+ Build nginx with debug support [9] and check the debug log.
|
||||
It should contain all details about connection and why it
|
||||
failed. All related messages contain "quic " prefix and can
|
||||
be easily filtered out.
|
||||
|
||||
+ For a deeper investigation, please enable additional debugging
|
||||
in src/event/quic/ngx_event_quic_connection.h:
|
||||
|
||||
#define NGX_QUIC_DEBUG_PACKETS
|
||||
#define NGX_QUIC_DEBUG_FRAMES
|
||||
#define NGX_QUIC_DEBUG_ALLOC
|
||||
#define NGX_QUIC_DEBUG_CRYPTO
|
||||
|
||||
7. Contributing
|
||||
|
||||
Please refer to
|
||||
http://nginx.org/en/docs/contributing_changes.html
|
||||
|
||||
8. Links
|
||||
|
||||
[1] https://datatracker.ietf.org/doc/html/rfc9000
|
||||
[2] https://datatracker.ietf.org/doc/html/rfc9114
|
||||
[3] https://mailman.nginx.org/mailman/listinfo/nginx-devel
|
||||
[4] https://boringssl.googlesource.com/boringssl/
|
||||
[5] https://www.libressl.org/
|
||||
[6] https://github.com/quictls/openssl
|
||||
[7] https://github.com/libressl-portable/portable/releases/tag/v3.6.0
|
||||
[8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
|
||||
[9] https://nginx.org/en/docs/debugging_log.html
|
||||
[10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf
|
|
@ -117,7 +117,7 @@ else
|
|||
. auto/cc/acc
|
||||
;;
|
||||
|
||||
msvc)
|
||||
msvc*)
|
||||
# MSVC++ 6.0 SP2, MSVC++ Toolkit 2003
|
||||
|
||||
. auto/cc/msvc
|
||||
|
|
19
auto/cc/msvc
19
auto/cc/msvc
|
@ -11,8 +11,8 @@
|
|||
# MSVC 2015 (14.0) cl 19.00
|
||||
|
||||
|
||||
NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'C/C++.* [0-9][0-9]*\.[0-9]' 2>&1 \
|
||||
| sed -e 's/^.* \([0-9][0-9]*\.[0-9].*\)/\1/'`
|
||||
NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'Compiler Version' 2>&1 \
|
||||
| sed -e 's/^.* Version \(.*\)/\1/'`
|
||||
|
||||
echo " + cl version: $NGX_MSVC_VER"
|
||||
|
||||
|
@ -22,21 +22,6 @@ have=NGX_COMPILER value="\"cl $NGX_MSVC_VER\"" . auto/define
|
|||
ngx_msvc_ver=`echo $NGX_MSVC_VER | sed -e 's/^\([0-9]*\).*/\1/'`
|
||||
|
||||
|
||||
# detect x64 builds
|
||||
|
||||
case "$NGX_MSVC_VER" in
|
||||
|
||||
*x64)
|
||||
NGX_MACHINE=amd64
|
||||
;;
|
||||
|
||||
*)
|
||||
NGX_MACHINE=i386
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
|
||||
# optimizations
|
||||
|
||||
# maximize speed, equivalent to -Og -Oi -Ot -Oy -Ob2 -Gs -GF -Gy
|
||||
|
|
|
@ -44,7 +44,6 @@ if test -z "$NGX_PLATFORM"; then
|
|||
else
|
||||
echo "building for $NGX_PLATFORM"
|
||||
NGX_SYSTEM=$NGX_PLATFORM
|
||||
NGX_MACHINE=i386
|
||||
fi
|
||||
|
||||
. auto/cc/conf
|
||||
|
|
|
@ -5,17 +5,12 @@
|
|||
|
||||
if [ $OPENSSL != NONE ]; then
|
||||
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
have=NGX_QUIC . auto/have
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
fi
|
||||
|
||||
case "$CC" in
|
||||
|
||||
cl | bcc32)
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
CFLAGS="$CFLAGS -DNO_SYS_TYPES_H"
|
||||
|
||||
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
|
||||
|
@ -38,6 +33,9 @@ if [ $OPENSSL != NONE ]; then
|
|||
;;
|
||||
|
||||
*)
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
|
||||
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
|
||||
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
|
||||
|
@ -125,35 +123,6 @@ else
|
|||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
OPENSSL=YES
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
|
||||
ngx_feature="OpenSSL QUIC support"
|
||||
ngx_feature_name="NGX_QUIC"
|
||||
ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
|
||||
ngx_feature="OpenSSL QUIC compatibility"
|
||||
ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
|
||||
NULL, NULL, NULL, NULL, NULL)"
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
cat << END
|
||||
|
||||
$0: error: certain modules require OpenSSL QUIC support.
|
||||
You can either do not enable the modules, or install the OpenSSL library with
|
||||
QUIC support into the system, or build the OpenSSL library with QUIC support
|
||||
statically from the source with nginx by using --with-openssl=<path> option.
|
||||
|
||||
END
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
@ -7,24 +7,11 @@ case "$CC" in
|
|||
|
||||
cl)
|
||||
|
||||
case "$NGX_MACHINE" in
|
||||
|
||||
amd64)
|
||||
OPENSSL_TARGET=VC-WIN64A
|
||||
;;
|
||||
|
||||
*)
|
||||
OPENSSL_TARGET=VC-WIN32
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$OPENSSL/openssl/include/openssl/ssl.h: $NGX_MAKEFILE
|
||||
\$(MAKE) -f auto/lib/openssl/makefile.msvc \
|
||||
OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT" \
|
||||
OPENSSL_TARGET="$OPENSSL_TARGET"
|
||||
OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT"
|
||||
|
||||
END
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
all:
|
||||
cd $(OPENSSL)
|
||||
|
||||
perl Configure $(OPENSSL_TARGET) no-shared no-threads \
|
||||
perl Configure VC-WIN32 no-shared \
|
||||
--prefix="%cd%/openssl" \
|
||||
--openssldir="%cd%/openssl/ssl" \
|
||||
$(OPENSSL_OPT)
|
||||
|
|
|
@ -4,62 +4,87 @@
|
|||
|
||||
|
||||
if [ $PCRE != NONE ]; then
|
||||
CORE_INCS="$CORE_INCS $PCRE"
|
||||
|
||||
if [ -f $PCRE/src/pcre2.h.generic ]; then
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
PCRE_LIBRARY=PCRE2
|
||||
|
||||
have=NGX_PCRE . auto/have
|
||||
have=NGX_PCRE2 . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
have=PCRE2_STATIC . auto/have
|
||||
fi
|
||||
|
||||
CORE_INCS="$CORE_INCS $PCRE/src/"
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/src/pcre2.h"
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
msvc)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/src/pcre2-8.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/src/pcre2-8.lib"
|
||||
;;
|
||||
|
||||
*)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre2-8.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre2-8.a"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
else
|
||||
|
||||
PCRE_LIBRARY=PCRE
|
||||
|
||||
have=NGX_PCRE . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
msvc | owc | bcc)
|
||||
have=NGX_PCRE . auto/have
|
||||
have=PCRE_STATIC . auto/have
|
||||
fi
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib"
|
||||
;;
|
||||
|
||||
CORE_INCS="$CORE_INCS $PCRE"
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
icc)
|
||||
have=NGX_PCRE . auto/have
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
|
||||
msvc | owc | bcc)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib"
|
||||
;;
|
||||
echo $ngx_n "checking for PCRE library ...$ngx_c"
|
||||
|
||||
*)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a"
|
||||
;;
|
||||
if [ -f $PCRE/pcre.h ]; then
|
||||
ngx_pcre_ver=`grep PCRE_MAJOR $PCRE/pcre.h \
|
||||
| sed -e 's/^.*PCRE_MAJOR.* \(.*\)$/\1/'`
|
||||
|
||||
else if [ -f $PCRE/configure.in ]; then
|
||||
ngx_pcre_ver=`grep PCRE_MAJOR= $PCRE/configure.in \
|
||||
| sed -e 's/^.*=\(.*\)$/\1/'`
|
||||
|
||||
else
|
||||
ngx_pcre_ver=`grep pcre_major, $PCRE/configure.ac \
|
||||
| sed -e 's/^.*pcre_major,.*\[\(.*\)\].*$/\1/'`
|
||||
fi
|
||||
fi
|
||||
|
||||
echo " $ngx_pcre_ver major version found"
|
||||
|
||||
# to allow -ipo optimization we link with the *.o but not library
|
||||
|
||||
case "$ngx_pcre_ver" in
|
||||
4|5)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.o"
|
||||
;;
|
||||
|
||||
6)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o"
|
||||
;;
|
||||
|
||||
*)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_newline.o"
|
||||
;;
|
||||
|
||||
esac
|
||||
;;
|
||||
|
||||
*)
|
||||
have=NGX_PCRE . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
have=PCRE_STATIC . auto/have
|
||||
fi
|
||||
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ $PCRE_JIT = YES ]; then
|
||||
have=NGX_HAVE_PCRE_JIT . auto/have
|
||||
|
@ -69,48 +94,8 @@ if [ $PCRE != NONE ]; then
|
|||
else
|
||||
|
||||
if [ "$NGX_PLATFORM" != win32 ]; then
|
||||
|
||||
PCRE=NO
|
||||
fi
|
||||
|
||||
if [ $PCRE = NO -a $PCRE2 != DISABLED ]; then
|
||||
|
||||
ngx_feature="PCRE2 library"
|
||||
ngx_feature_name="NGX_PCRE2"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#define PCRE2_CODE_UNIT_WIDTH 8
|
||||
#include <pcre2.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs="-lpcre2-8"
|
||||
ngx_feature_test="pcre2_code *re;
|
||||
re = pcre2_compile(NULL, 0, 0, NULL, NULL, NULL);
|
||||
if (re == NULL) return 1"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
# pcre2-config
|
||||
|
||||
ngx_pcre2_prefix=`pcre2-config --prefix 2>/dev/null`
|
||||
|
||||
if [ -n "$ngx_pcre2_prefix" ]; then
|
||||
ngx_feature="PCRE2 library in $ngx_pcre2_prefix"
|
||||
ngx_feature_path=`pcre2-config --cflags \
|
||||
| sed -n -e 's/.*-I *\([^ ][^ ]*\).*/\1/p'`
|
||||
ngx_feature_libs=`pcre2-config --libs8`
|
||||
. auto/feature
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
have=NGX_PCRE . auto/have
|
||||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
PCRE=YES
|
||||
PCRE_LIBRARY=PCRE2
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $PCRE = NO ]; then
|
||||
|
||||
ngx_feature="PCRE library"
|
||||
ngx_feature_name="NGX_PCRE"
|
||||
|
@ -186,7 +171,6 @@ else
|
|||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
PCRE=YES
|
||||
PCRE_LIBRARY=PCRE
|
||||
fi
|
||||
|
||||
if [ $PCRE = YES ]; then
|
||||
|
|
|
@ -3,138 +3,36 @@
|
|||
# Copyright (C) Nginx, Inc.
|
||||
|
||||
|
||||
if [ $PCRE_LIBRARY = PCRE2 ]; then
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
# PCRE2
|
||||
msvc)
|
||||
ngx_makefile=makefile.msvc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC"
|
||||
ngx_pcre="PCRE=\"$PCRE\""
|
||||
;;
|
||||
|
||||
if [ $NGX_CC_NAME = msvc ]; then
|
||||
owc)
|
||||
ngx_makefile=makefile.owc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
# With PCRE2, it is not possible to compile all sources.
|
||||
# Since list of source files changes between versions, we
|
||||
# test files which might not be present.
|
||||
bcc)
|
||||
ngx_makefile=makefile.bcc
|
||||
ngx_opt="-DCPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo \-DPCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
ngx_pcre_srcs="pcre2_auto_possess.c \
|
||||
pcre2_chartables.c \
|
||||
pcre2_compile.c \
|
||||
pcre2_config.c \
|
||||
pcre2_context.c \
|
||||
pcre2_dfa_match.c \
|
||||
pcre2_error.c \
|
||||
pcre2_jit_compile.c \
|
||||
pcre2_maketables.c \
|
||||
pcre2_match.c \
|
||||
pcre2_match_data.c \
|
||||
pcre2_newline.c \
|
||||
pcre2_ord2utf.c \
|
||||
pcre2_pattern_info.c \
|
||||
pcre2_string_utils.c \
|
||||
pcre2_study.c \
|
||||
pcre2_substitute.c \
|
||||
pcre2_substring.c \
|
||||
pcre2_tables.c \
|
||||
pcre2_ucd.c \
|
||||
pcre2_valid_utf.c \
|
||||
pcre2_xclass.c"
|
||||
*)
|
||||
ngx_makefile=
|
||||
;;
|
||||
|
||||
ngx_pcre_test="pcre2_convert.c \
|
||||
pcre2_extuni.c \
|
||||
pcre2_find_bracket.c \
|
||||
pcre2_script_run.c \
|
||||
pcre2_serialize.c"
|
||||
|
||||
for ngx_src in $ngx_pcre_test
|
||||
do
|
||||
if [ -f $PCRE/src/$ngx_src ]; then
|
||||
ngx_pcre_srcs="$ngx_pcre_srcs $ngx_src"
|
||||
fi
|
||||
done
|
||||
|
||||
ngx_pcre_objs=`echo $ngx_pcre_srcs \
|
||||
| sed -e "s#\([^ ]*\.\)c#\1$ngx_objext#g"`
|
||||
|
||||
ngx_pcre_srcs=`echo $ngx_pcre_srcs \
|
||||
| sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"`
|
||||
ngx_pcre_objs=`echo $ngx_pcre_objs \
|
||||
| sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"`
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
PCRE_CFLAGS = -O2 -Ob1 -Oi -Gs $LIBC $CPU_OPT
|
||||
PCRE_FLAGS = -DHAVE_CONFIG_H -DPCRE2_STATIC -DPCRE2_CODE_UNIT_WIDTH=8 \\
|
||||
-DHAVE_MEMMOVE
|
||||
|
||||
PCRE_SRCS = $ngx_pcre_srcs
|
||||
PCRE_OBJS = $ngx_pcre_objs
|
||||
|
||||
$PCRE/src/pcre2.h:
|
||||
cd $PCRE/src \\
|
||||
&& copy /y config.h.generic config.h \\
|
||||
&& copy /y pcre2.h.generic pcre2.h \\
|
||||
&& copy /y pcre2_chartables.c.dist pcre2_chartables.c
|
||||
|
||||
$PCRE/src/pcre2-8.lib: $PCRE/src/pcre2.h $NGX_MAKEFILE
|
||||
cd $PCRE/src \\
|
||||
&& cl -nologo -c \$(PCRE_CFLAGS) -I . \$(PCRE_FLAGS) \$(PCRE_SRCS) \\
|
||||
&& link -lib -out:pcre2-8.lib -verbose:lib \$(PCRE_OBJS)
|
||||
|
||||
END
|
||||
|
||||
else
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$PCRE/src/pcre2.h: $PCRE/Makefile
|
||||
|
||||
$PCRE/Makefile: $NGX_MAKEFILE
|
||||
cd $PCRE \\
|
||||
&& if [ -f Makefile ]; then \$(MAKE) distclean; fi \\
|
||||
&& CC="\$(CC)" CFLAGS="$PCRE_OPT" \\
|
||||
./configure --disable-shared $PCRE_CONF_OPT
|
||||
|
||||
$PCRE/.libs/libpcre2-8.a: $PCRE/Makefile
|
||||
cd $PCRE \\
|
||||
&& \$(MAKE) libpcre2-8.la
|
||||
|
||||
END
|
||||
|
||||
fi
|
||||
esac
|
||||
|
||||
|
||||
else
|
||||
if [ -n "$ngx_makefile" ]; then
|
||||
|
||||
# PCRE
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
msvc)
|
||||
ngx_makefile=makefile.msvc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC"
|
||||
ngx_pcre="PCRE=\"$PCRE\""
|
||||
;;
|
||||
|
||||
owc)
|
||||
ngx_makefile=makefile.owc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
bcc)
|
||||
ngx_makefile=makefile.bcc
|
||||
ngx_opt="-DCPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo \-DPCRE=\"$PCRE\" \
|
||||
| sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
*)
|
||||
ngx_makefile=
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
|
||||
if [ -n "$ngx_makefile" ]; then
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
`echo "$PCRE/pcre.lib: $PCRE/pcre.h $NGX_MAKEFILE" \
|
||||
| sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
|
@ -145,9 +43,9 @@ else
|
|||
|
||||
END
|
||||
|
||||
else
|
||||
else
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$PCRE/pcre.h: $PCRE/Makefile
|
||||
|
||||
|
@ -163,6 +61,4 @@ $PCRE/.libs/libpcre.a: $PCRE/Makefile
|
|||
|
||||
END
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
|
|
|
@ -6,10 +6,9 @@
|
|||
echo "creating $NGX_MAKEFILE"
|
||||
|
||||
mkdir -p $NGX_OBJS/src/core $NGX_OBJS/src/event $NGX_OBJS/src/event/modules \
|
||||
$NGX_OBJS/src/event/quic \
|
||||
$NGX_OBJS/src/os/unix $NGX_OBJS/src/os/win32 \
|
||||
$NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/v3 \
|
||||
$NGX_OBJS/src/http/modules $NGX_OBJS/src/http/modules/perl \
|
||||
$NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/modules \
|
||||
$NGX_OBJS/src/http/modules/perl \
|
||||
$NGX_OBJS/src/mail \
|
||||
$NGX_OBJS/src/stream \
|
||||
$NGX_OBJS/src/misc
|
||||
|
|
118
auto/modules
118
auto/modules
|
@ -102,11 +102,6 @@ if [ $HTTP = YES ]; then
|
|||
fi
|
||||
|
||||
|
||||
if [ $HTTP_V2 = YES -o $HTTP_V3 = YES ]; then
|
||||
HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS"
|
||||
fi
|
||||
|
||||
|
||||
# the module order is important
|
||||
# ngx_http_static_module
|
||||
# ngx_http_gzip_static_module
|
||||
|
@ -124,7 +119,6 @@ if [ $HTTP = YES ]; then
|
|||
# ngx_http_header_filter
|
||||
# ngx_http_chunked_filter
|
||||
# ngx_http_v2_filter
|
||||
# ngx_http_v3_filter
|
||||
# ngx_http_range_header_filter
|
||||
# ngx_http_gzip_filter
|
||||
# ngx_http_postpone_filter
|
||||
|
@ -157,7 +151,6 @@ if [ $HTTP = YES ]; then
|
|||
ngx_http_header_filter_module \
|
||||
ngx_http_chunked_filter_module \
|
||||
ngx_http_v2_filter_module \
|
||||
ngx_http_v3_filter_module \
|
||||
ngx_http_range_header_filter_module \
|
||||
ngx_http_gzip_filter_module \
|
||||
ngx_http_postpone_filter_module \
|
||||
|
@ -219,17 +212,6 @@ if [ $HTTP = YES ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $HTTP_V3 = YES ]; then
|
||||
ngx_module_name=ngx_http_v3_filter_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs=src/http/v3/ngx_http_v3_filter_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V3
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if :; then
|
||||
ngx_module_name=ngx_http_range_header_filter_module
|
||||
ngx_module_incs=
|
||||
|
@ -432,6 +414,8 @@ if [ $HTTP = YES ]; then
|
|||
ngx_module_srcs="src/http/v2/ngx_http_v2.c \
|
||||
src/http/v2/ngx_http_v2_table.c \
|
||||
src/http/v2/ngx_http_v2_encode.c \
|
||||
src/http/v2/ngx_http_v2_huff_decode.c \
|
||||
src/http/v2/ngx_http_v2_huff_encode.c \
|
||||
src/http/v2/ngx_http_v2_module.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V2
|
||||
|
@ -439,33 +423,6 @@ if [ $HTTP = YES ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $HTTP_V3 = YES ]; then
|
||||
USE_OPENSSL_QUIC=YES
|
||||
HTTP_SSL=YES
|
||||
|
||||
have=NGX_HTTP_V3 . auto/have
|
||||
have=NGX_HTTP_HEADERS . auto/have
|
||||
|
||||
ngx_module_name=ngx_http_v3_module
|
||||
ngx_module_incs=src/http/v3
|
||||
ngx_module_deps="src/http/v3/ngx_http_v3.h \
|
||||
src/http/v3/ngx_http_v3_encode.h \
|
||||
src/http/v3/ngx_http_v3_parse.h \
|
||||
src/http/v3/ngx_http_v3_table.h \
|
||||
src/http/v3/ngx_http_v3_uni.h"
|
||||
ngx_module_srcs="src/http/v3/ngx_http_v3.c \
|
||||
src/http/v3/ngx_http_v3_encode.c \
|
||||
src/http/v3/ngx_http_v3_parse.c \
|
||||
src/http/v3/ngx_http_v3_table.c \
|
||||
src/http/v3/ngx_http_v3_uni.c \
|
||||
src/http/v3/ngx_http_v3_request.c \
|
||||
src/http/v3/ngx_http_v3_module.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V3
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if :; then
|
||||
ngx_module_name=ngx_http_static_module
|
||||
ngx_module_incs=
|
||||
|
@ -1075,20 +1032,6 @@ if [ $STREAM != NO ]; then
|
|||
|
||||
ngx_module_incs=
|
||||
|
||||
if [ $STREAM_QUIC = YES ]; then
|
||||
USE_OPENSSL_QUIC=YES
|
||||
have=NGX_STREAM_QUIC . auto/have
|
||||
STREAM_SSL=YES
|
||||
|
||||
ngx_module_name=ngx_stream_quic_module
|
||||
ngx_module_deps=src/stream/ngx_stream_quic_module.h
|
||||
ngx_module_srcs=src/stream/ngx_stream_quic_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$STREAM_QUIC
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $STREAM_SSL = YES ]; then
|
||||
USE_OPENSSL=YES
|
||||
have=NGX_STREAM_SSL . auto/have
|
||||
|
@ -1326,63 +1269,6 @@ if [ $USE_OPENSSL = YES ]; then
|
|||
fi
|
||||
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_quic_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps="src/event/quic/ngx_event_quic.h \
|
||||
src/event/quic/ngx_event_quic_transport.h \
|
||||
src/event/quic/ngx_event_quic_protection.h \
|
||||
src/event/quic/ngx_event_quic_connection.h \
|
||||
src/event/quic/ngx_event_quic_frames.h \
|
||||
src/event/quic/ngx_event_quic_connid.h \
|
||||
src/event/quic/ngx_event_quic_migration.h \
|
||||
src/event/quic/ngx_event_quic_streams.h \
|
||||
src/event/quic/ngx_event_quic_ssl.h \
|
||||
src/event/quic/ngx_event_quic_tokens.h \
|
||||
src/event/quic/ngx_event_quic_ack.h \
|
||||
src/event/quic/ngx_event_quic_output.h \
|
||||
src/event/quic/ngx_event_quic_socket.h \
|
||||
src/event/quic/ngx_event_quic_openssl_compat.h"
|
||||
ngx_module_srcs="src/event/quic/ngx_event_quic.c \
|
||||
src/event/quic/ngx_event_quic_udp.c \
|
||||
src/event/quic/ngx_event_quic_transport.c \
|
||||
src/event/quic/ngx_event_quic_protection.c \
|
||||
src/event/quic/ngx_event_quic_frames.c \
|
||||
src/event/quic/ngx_event_quic_connid.c \
|
||||
src/event/quic/ngx_event_quic_migration.c \
|
||||
src/event/quic/ngx_event_quic_streams.c \
|
||||
src/event/quic/ngx_event_quic_ssl.c \
|
||||
src/event/quic/ngx_event_quic_tokens.c \
|
||||
src/event/quic/ngx_event_quic_ack.c \
|
||||
src/event/quic/ngx_event_quic_output.c \
|
||||
src/event/quic/ngx_event_quic_socket.c \
|
||||
src/event/quic/ngx_event_quic_openssl_compat.c"
|
||||
|
||||
ngx_module_libs=
|
||||
ngx_module_link=YES
|
||||
ngx_module_order=
|
||||
|
||||
. auto/module
|
||||
|
||||
if [ $QUIC_BPF = YES -a $SO_COOKIE_FOUND = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_quic_bpf_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs="src/event/quic/ngx_event_quic_bpf.c \
|
||||
src/event/quic/ngx_event_quic_bpf_code.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=YES
|
||||
ngx_module_order=
|
||||
|
||||
. auto/module
|
||||
|
||||
have=NGX_QUIC_BPF . auto/have
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ $USE_PCRE = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_regex_module
|
||||
|
|
18
auto/options
18
auto/options
|
@ -45,8 +45,6 @@ USE_THREADS=NO
|
|||
|
||||
NGX_FILE_AIO=NO
|
||||
|
||||
QUIC_BPF=NO
|
||||
|
||||
HTTP=YES
|
||||
|
||||
NGX_HTTP_LOG_PATH=
|
||||
|
@ -61,7 +59,6 @@ HTTP_CHARSET=YES
|
|||
HTTP_GZIP=YES
|
||||
HTTP_SSL=NO
|
||||
HTTP_V2=NO
|
||||
HTTP_V3=NO
|
||||
HTTP_SSI=YES
|
||||
HTTP_REALIP=NO
|
||||
HTTP_XSLT=NO
|
||||
|
@ -119,7 +116,6 @@ MAIL_SMTP=YES
|
|||
|
||||
STREAM=NO
|
||||
STREAM_SSL=NO
|
||||
STREAM_QUIC=NO
|
||||
STREAM_REALIP=NO
|
||||
STREAM_LIMIT_CONN=YES
|
||||
STREAM_ACCESS=YES
|
||||
|
@ -150,10 +146,8 @@ PCRE=NONE
|
|||
PCRE_OPT=
|
||||
PCRE_CONF_OPT=
|
||||
PCRE_JIT=NO
|
||||
PCRE2=YES
|
||||
|
||||
USE_OPENSSL=NO
|
||||
USE_OPENSSL_QUIC=NO
|
||||
OPENSSL=NONE
|
||||
|
||||
USE_ZLIB=NO
|
||||
|
@ -171,8 +165,6 @@ USE_GEOIP=NO
|
|||
NGX_GOOGLE_PERFTOOLS=NO
|
||||
NGX_CPP_TEST=NO
|
||||
|
||||
SO_COOKIE_FOUND=NO
|
||||
|
||||
NGX_LIBATOMIC=NO
|
||||
|
||||
NGX_CPU_CACHE_LINE=
|
||||
|
@ -218,8 +210,6 @@ do
|
|||
|
||||
--with-file-aio) NGX_FILE_AIO=YES ;;
|
||||
|
||||
--without-quic_bpf_module) QUIC_BPF=NONE ;;
|
||||
|
||||
--with-ipv6)
|
||||
NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
|
||||
$0: warning: the \"--with-ipv6\" option is deprecated"
|
||||
|
@ -237,7 +227,6 @@ $0: warning: the \"--with-ipv6\" option is deprecated"
|
|||
|
||||
--with-http_ssl_module) HTTP_SSL=YES ;;
|
||||
--with-http_v2_module) HTTP_V2=YES ;;
|
||||
--with-http_v3_module) HTTP_V3=YES ;;
|
||||
--with-http_realip_module) HTTP_REALIP=YES ;;
|
||||
--with-http_addition_module) HTTP_ADDITION=YES ;;
|
||||
--with-http_xslt_module) HTTP_XSLT=YES ;;
|
||||
|
@ -324,7 +313,6 @@ use the \"--with-mail_ssl_module\" option instead"
|
|||
--with-stream) STREAM=YES ;;
|
||||
--with-stream=dynamic) STREAM=DYNAMIC ;;
|
||||
--with-stream_ssl_module) STREAM_SSL=YES ;;
|
||||
--with-stream_quic_module) STREAM_QUIC=YES ;;
|
||||
--with-stream_realip_module) STREAM_REALIP=YES ;;
|
||||
--with-stream_geoip_module) STREAM_GEOIP=YES ;;
|
||||
--with-stream_geoip_module=dynamic)
|
||||
|
@ -369,7 +357,6 @@ use the \"--with-mail_ssl_module\" option instead"
|
|||
--with-pcre=*) PCRE="$value" ;;
|
||||
--with-pcre-opt=*) PCRE_OPT="$value" ;;
|
||||
--with-pcre-jit) PCRE_JIT=YES ;;
|
||||
--without-pcre2) PCRE2=DISABLED ;;
|
||||
|
||||
--with-openssl=*) OPENSSL="$value" ;;
|
||||
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
|
||||
|
@ -454,11 +441,8 @@ cat << END
|
|||
|
||||
--with-file-aio enable file AIO support
|
||||
|
||||
--without-quic_bpf_module disable ngx_quic_bpf_module
|
||||
|
||||
--with-http_ssl_module enable ngx_http_ssl_module
|
||||
--with-http_v2_module enable ngx_http_v2_module
|
||||
--with-http_v3_module enable ngx_http_v3_module
|
||||
--with-http_realip_module enable ngx_http_realip_module
|
||||
--with-http_addition_module enable ngx_http_addition_module
|
||||
--with-http_xslt_module enable ngx_http_xslt_module
|
||||
|
@ -547,7 +531,6 @@ cat << END
|
|||
--with-stream enable TCP/UDP proxy module
|
||||
--with-stream=dynamic enable dynamic TCP/UDP proxy module
|
||||
--with-stream_ssl_module enable ngx_stream_ssl_module
|
||||
--with-stream_quic_module enable ngx_stream_quic_module
|
||||
--with-stream_realip_module enable ngx_stream_realip_module
|
||||
--with-stream_geoip_module enable ngx_stream_geoip_module
|
||||
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
|
||||
|
@ -590,7 +573,6 @@ cat << END
|
|||
--with-pcre=DIR set path to PCRE library sources
|
||||
--with-pcre-opt=OPTIONS set additional build options for PCRE
|
||||
--with-pcre-jit build PCRE with JIT compilation support
|
||||
--without-pcre2 do not use PCRE2 library
|
||||
|
||||
--with-zlib=DIR set path to zlib library sources
|
||||
--with-zlib-opt=OPTIONS set additional build options for zlib
|
||||
|
|
|
@ -110,7 +110,7 @@ case "$NGX_MACHINE" in
|
|||
NGX_MACH_CACHE_LINE=64
|
||||
;;
|
||||
|
||||
aarch64 | arm64)
|
||||
aarch64 )
|
||||
have=NGX_ALIGNMENT value=16 . auto/define
|
||||
NGX_MACH_CACHE_LINE=64
|
||||
;;
|
||||
|
|
|
@ -44,10 +44,12 @@ if [ $osreldate -gt 300007 ]; then
|
|||
CORE_SRCS="$CORE_SRCS $FREEBSD_SENDFILE_SRCS"
|
||||
fi
|
||||
|
||||
if [ $osreldate -gt 1100093 ]; then
|
||||
echo " + sendfile()'s SF_NODISKIO found"
|
||||
if [ $NGX_FILE_AIO = YES ]; then
|
||||
if [ $osreldate -gt 502103 ]; then
|
||||
echo " + sendfile()'s SF_NODISKIO found"
|
||||
|
||||
have=NGX_HAVE_SENDFILE_NODISKIO . auto/have
|
||||
have=NGX_HAVE_AIO_SENDFILE . auto/have
|
||||
fi
|
||||
fi
|
||||
|
||||
# POSIX semaphores
|
||||
|
|
|
@ -232,63 +232,4 @@ ngx_feature_test="struct crypt_data cd;
|
|||
ngx_include="sys/vfs.h"; . auto/include
|
||||
|
||||
|
||||
# BPF sockhash
|
||||
|
||||
ngx_feature="BPF sockhash"
|
||||
ngx_feature_name="NGX_HAVE_BPF"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <linux/bpf.h>
|
||||
#include <sys/syscall.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="union bpf_attr attr = { 0 };
|
||||
|
||||
attr.map_flags = 0;
|
||||
attr.map_type = BPF_MAP_TYPE_SOCKHASH;
|
||||
|
||||
syscall(__NR_bpf, 0, &attr, 0);"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
CORE_SRCS="$CORE_SRCS src/core/ngx_bpf.c"
|
||||
CORE_DEPS="$CORE_DEPS src/core/ngx_bpf.h"
|
||||
|
||||
if [ $QUIC_BPF != NONE ]; then
|
||||
QUIC_BPF=YES
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
ngx_feature="SO_COOKIE"
|
||||
ngx_feature_name="NGX_HAVE_SO_COOKIE"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
$NGX_INCLUDE_INTTYPES_H"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="socklen_t optlen = sizeof(uint64_t);
|
||||
uint64_t cookie;
|
||||
getsockopt(0, SOL_SOCKET, SO_COOKIE, &cookie, &optlen)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
SO_COOKIE_FOUND=YES
|
||||
fi
|
||||
|
||||
|
||||
# UDP segmentation offloading
|
||||
|
||||
ngx_feature="UDP_SEGMENT"
|
||||
ngx_feature_name="NGX_HAVE_UDP_SEGMENT"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
#include <netinet/udp.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="socklen_t optlen = sizeof(int);
|
||||
int val;
|
||||
getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)"
|
||||
. auto/feature
|
||||
|
||||
|
||||
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
||||
|
|
|
@ -83,14 +83,13 @@ CORE_SRCS="src/core/nginx.c \
|
|||
|
||||
EVENT_MODULES="ngx_events_module ngx_event_core_module"
|
||||
|
||||
EVENT_INCS="src/event src/event/modules src/event/quic"
|
||||
EVENT_INCS="src/event src/event/modules"
|
||||
|
||||
EVENT_DEPS="src/event/ngx_event.h \
|
||||
src/event/ngx_event_timer.h \
|
||||
src/event/ngx_event_posted.h \
|
||||
src/event/ngx_event_connect.h \
|
||||
src/event/ngx_event_pipe.h \
|
||||
src/event/ngx_event_udp.h"
|
||||
src/event/ngx_event_pipe.h"
|
||||
|
||||
EVENT_SRCS="src/event/ngx_event.c \
|
||||
src/event/ngx_event_timer.c \
|
||||
|
@ -256,6 +255,3 @@ NGX_WIN32_RC="src/os/win32/nginx.rc"
|
|||
|
||||
|
||||
HTTP_FILE_CACHE_SRCS=src/http/ngx_http_file_cache.c
|
||||
|
||||
HTTP_HUFF_SRCS="src/http/ngx_http_huff_decode.c
|
||||
src/http/ngx_http_huff_encode.c"
|
||||
|
|
|
@ -16,9 +16,9 @@ if [ $USE_PCRE = DISABLED ]; then
|
|||
|
||||
else
|
||||
case $PCRE in
|
||||
YES) echo " + using system $PCRE_LIBRARY library" ;;
|
||||
YES) echo " + using system PCRE library" ;;
|
||||
NONE) echo " + PCRE library is not used" ;;
|
||||
*) echo " + using $PCRE_LIBRARY library: $PCRE" ;;
|
||||
*) echo " + using PCRE library: $PCRE" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@ types {
|
|||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/avif avif;
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
|
@ -52,7 +51,6 @@ types {
|
|||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/wasm wasm;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -3,9 +3,11 @@
|
|||
<head>
|
||||
<title>Error</title>
|
||||
<style>
|
||||
html { color-scheme: light dark; }
|
||||
body { width: 35em; margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif; }
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
@ -3,9 +3,11 @@
|
|||
<head>
|
||||
<title>Welcome to nginx!</title>
|
||||
<style>
|
||||
html { color-scheme: light dark; }
|
||||
body { width: 35em; margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif; }
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2002-2021 Igor Sysoev
|
||||
* Copyright (C) 2011-2022 Nginx, Inc.
|
||||
* Copyright (C) 2011-2021 Nginx, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -6,15 +6,21 @@ TEMP = tmp
|
|||
|
||||
CC = cl
|
||||
OBJS = objs.msvc8
|
||||
OPENSSL = openssl-1.1.1t
|
||||
ZLIB = zlib-1.2.13
|
||||
PCRE = pcre2-10.39
|
||||
OPENSSL = openssl-1.1.1l
|
||||
ZLIB = zlib-1.2.11
|
||||
PCRE = pcre-8.44
|
||||
|
||||
|
||||
release: export
|
||||
|
||||
mv $(TEMP)/$(NGINX)/auto/configure $(TEMP)/$(NGINX)
|
||||
|
||||
# delete incomplete sources
|
||||
rm $(TEMP)/$(NGINX)/src/event/ngx_event_acceptex.c
|
||||
rm $(TEMP)/$(NGINX)/src/event/ngx_event_connectex.c
|
||||
rm $(TEMP)/$(NGINX)/src/event/modules/ngx_iocp_module.*
|
||||
rm -r $(TEMP)/$(NGINX)/src/os/win32
|
||||
|
||||
mv $(TEMP)/$(NGINX)/docs/text/LICENSE $(TEMP)/$(NGINX)
|
||||
mv $(TEMP)/$(NGINX)/docs/text/README $(TEMP)/$(NGINX)
|
||||
mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX)
|
||||
|
|
|
@ -680,9 +680,6 @@ ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv)
|
|||
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
if (ls[i].ignore) {
|
||||
continue;
|
||||
}
|
||||
p = ngx_sprintf(p, "%ud;", ls[i].fd);
|
||||
}
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1023004
|
||||
#define NGINX_VERSION "1.23.4"
|
||||
#define nginx_version 1020002
|
||||
#define NGINX_VERSION "1.20.2"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#ifdef NGX_BUILD
|
||||
|
|
|
@ -1,143 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#define NGX_BPF_LOGBUF_SIZE (16 * 1024)
|
||||
|
||||
|
||||
static ngx_inline int
|
||||
ngx_bpf(enum bpf_cmd cmd, union bpf_attr *attr, unsigned int size)
|
||||
{
|
||||
return syscall(__NR_bpf, cmd, attr, size);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol, int fd)
|
||||
{
|
||||
ngx_uint_t i;
|
||||
ngx_bpf_reloc_t *rl;
|
||||
|
||||
rl = program->relocs;
|
||||
|
||||
for (i = 0; i < program->nrelocs; i++) {
|
||||
if (ngx_strcmp(rl[i].name, symbol) == 0) {
|
||||
program->ins[rl[i].offset].src_reg = 1;
|
||||
program->ins[rl[i].offset].imm = fd;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program)
|
||||
{
|
||||
int fd;
|
||||
union bpf_attr attr;
|
||||
#if (NGX_DEBUG)
|
||||
char buf[NGX_BPF_LOGBUF_SIZE];
|
||||
#endif
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.license = (uintptr_t) program->license;
|
||||
attr.prog_type = program->type;
|
||||
attr.insns = (uintptr_t) program->ins;
|
||||
attr.insn_cnt = program->nins;
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
/* for verifier errors */
|
||||
attr.log_buf = (uintptr_t) buf;
|
||||
attr.log_size = NGX_BPF_LOGBUF_SIZE;
|
||||
attr.log_level = 1;
|
||||
#endif
|
||||
|
||||
fd = ngx_bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
|
||||
if (fd < 0) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
|
||||
"failed to load BPF program");
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
|
||||
"bpf verifier: %s", buf);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size,
|
||||
int value_size, int max_entries, uint32_t map_flags)
|
||||
{
|
||||
int fd;
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_type = type;
|
||||
attr.key_size = key_size;
|
||||
attr.value_size = value_size;
|
||||
attr.max_entries = max_entries;
|
||||
attr.map_flags = map_flags;
|
||||
|
||||
fd = ngx_bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
|
||||
if (fd < 0) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
|
||||
"failed to create BPF map");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_update(int fd, const void *key, const void *value, uint64_t flags)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
attr.value = (uintptr_t) value;
|
||||
attr.flags = flags;
|
||||
|
||||
return ngx_bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr));
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_delete(int fd, const void *key)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
|
||||
return ngx_bpf(BPF_MAP_DELETE_ELEM, &attr, sizeof(attr));
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_lookup(int fd, const void *key, void *value)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
attr.value = (uintptr_t) value;
|
||||
|
||||
return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
|
||||
}
|
|
@ -1,43 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_BPF_H_INCLUDED_
|
||||
#define _NGX_BPF_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#include <linux/bpf.h>
|
||||
|
||||
|
||||
typedef struct {
|
||||
char *name;
|
||||
int offset;
|
||||
} ngx_bpf_reloc_t;
|
||||
|
||||
typedef struct {
|
||||
char *license;
|
||||
enum bpf_prog_type type;
|
||||
struct bpf_insn *ins;
|
||||
size_t nins;
|
||||
ngx_bpf_reloc_t *relocs;
|
||||
size_t nrelocs;
|
||||
} ngx_bpf_program_t;
|
||||
|
||||
|
||||
void ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol,
|
||||
int fd);
|
||||
int ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program);
|
||||
|
||||
int ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size,
|
||||
int value_size, int max_entries, uint32_t map_flags);
|
||||
int ngx_bpf_map_update(int fd, const void *key, const void *value,
|
||||
uint64_t flags);
|
||||
int ngx_bpf_map_delete(int fd, const void *key);
|
||||
int ngx_bpf_map_lookup(int fd, const void *key, void *value);
|
||||
|
||||
#endif /* _NGX_BPF_H_INCLUDED_ */
|
|
@ -90,6 +90,9 @@ struct ngx_output_chain_ctx_s {
|
|||
|
||||
#if (NGX_HAVE_FILE_AIO || NGX_COMPAT)
|
||||
ngx_output_chain_aio_pt aio_handler;
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
ssize_t (*aio_preload)(ngx_buf_t *file);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if (NGX_THREADS || NGX_COMPAT)
|
||||
|
|
|
@ -544,8 +544,8 @@ ngx_conf_read_token(ngx_conf_t *cf)
|
|||
}
|
||||
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"unexpected end of file, "
|
||||
"expecting \";\" or \"}\"");
|
||||
"unexpected end of file, "
|
||||
"expecting \";\" or \"}\"");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
|
|
|
@ -72,6 +72,10 @@ ngx_create_listening(ngx_conf_t *cf, struct sockaddr *sockaddr,
|
|||
|
||||
ngx_memcpy(ls->addr_text.data, text, len);
|
||||
|
||||
#if !(NGX_WIN32)
|
||||
ngx_rbtree_init(&ls->rbtree, &ls->sentinel, ngx_udp_rbtree_insert_value);
|
||||
#endif
|
||||
|
||||
ls->fd = (ngx_socket_t) -1;
|
||||
ls->type = SOCK_STREAM;
|
||||
|
||||
|
@ -491,24 +495,21 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ls[i].type != SOCK_DGRAM || !ngx_test_config) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
||||
(const void *) &reuseaddr, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"setsockopt(SO_REUSEADDR) %V failed",
|
||||
&ls[i].addr_text);
|
||||
|
||||
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
||||
(const void *) &reuseaddr, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
if (ngx_close_socket(s) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"setsockopt(SO_REUSEADDR) %V failed",
|
||||
ngx_close_socket_n " %V failed",
|
||||
&ls[i].addr_text);
|
||||
|
||||
if (ngx_close_socket(s) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
ngx_close_socket_n " %V failed",
|
||||
&ls[i].addr_text);
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
@ -656,7 +657,7 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
|
|||
/*
|
||||
* on OpenVZ after suspend/resume EADDRINUSE
|
||||
* may be returned by listen() instead of bind(), see
|
||||
* https://bugs.openvz.org/browse/OVZ-5587
|
||||
* https://bugzilla.openvz.org/show_bug.cgi?id=2470
|
||||
*/
|
||||
|
||||
if (err != NGX_EADDRINUSE || !ngx_test_config) {
|
||||
|
@ -1033,12 +1034,6 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
|
|||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
#if (NGX_QUIC)
|
||||
if (ls[i].quic) {
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
c = ls[i].connection;
|
||||
|
||||
if (c) {
|
||||
|
|
|
@ -73,7 +73,6 @@ struct ngx_listening_s {
|
|||
unsigned reuseport:1;
|
||||
unsigned add_reuseport:1;
|
||||
unsigned keepalive:2;
|
||||
unsigned quic:1;
|
||||
|
||||
unsigned deferred_accept:1;
|
||||
unsigned delete_deferred:1;
|
||||
|
@ -148,10 +147,6 @@ struct ngx_connection_s {
|
|||
|
||||
ngx_proxy_protocol_t *proxy_protocol;
|
||||
|
||||
#if (NGX_QUIC || NGX_COMPAT)
|
||||
ngx_quic_stream_t *quic;
|
||||
#endif
|
||||
|
||||
#if (NGX_SSL || NGX_COMPAT)
|
||||
ngx_ssl_connection_t *ssl;
|
||||
#endif
|
||||
|
@ -177,7 +172,6 @@ struct ngx_connection_s {
|
|||
unsigned timedout:1;
|
||||
unsigned error:1;
|
||||
unsigned destroyed:1;
|
||||
unsigned pipeline:1;
|
||||
|
||||
unsigned idle:1;
|
||||
unsigned reusable:1;
|
||||
|
@ -190,9 +184,8 @@ struct ngx_connection_s {
|
|||
unsigned tcp_nopush:2; /* ngx_connection_tcp_nopush_e */
|
||||
|
||||
unsigned need_last_buf:1;
|
||||
unsigned need_flush_buf:1;
|
||||
|
||||
#if (NGX_HAVE_SENDFILE_NODISKIO || NGX_COMPAT)
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
unsigned busy_count:2;
|
||||
#endif
|
||||
|
||||
|
|
|
@ -27,7 +27,6 @@ typedef struct ngx_connection_s ngx_connection_t;
|
|||
typedef struct ngx_thread_task_s ngx_thread_task_t;
|
||||
typedef struct ngx_ssl_s ngx_ssl_t;
|
||||
typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
|
||||
typedef struct ngx_quic_stream_s ngx_quic_stream_t;
|
||||
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
|
||||
typedef struct ngx_udp_connection_s ngx_udp_connection_t;
|
||||
|
||||
|
@ -83,9 +82,6 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
|
|||
#include <ngx_resolver.h>
|
||||
#if (NGX_OPENSSL)
|
||||
#include <ngx_event_openssl.h>
|
||||
#if (NGX_QUIC)
|
||||
#include <ngx_event_quic.h>
|
||||
#endif
|
||||
#endif
|
||||
#include <ngx_process_cycle.h>
|
||||
#include <ngx_conf_file.h>
|
||||
|
@ -95,9 +91,6 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
|
|||
#include <ngx_connection.h>
|
||||
#include <ngx_syslog.h>
|
||||
#include <ngx_proxy_protocol.h>
|
||||
#if (NGX_HAVE_BPF)
|
||||
#include <ngx_bpf.h>
|
||||
#endif
|
||||
|
||||
|
||||
#define LF (u_char) '\n'
|
||||
|
|
|
@ -274,10 +274,6 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
|
|||
}
|
||||
|
||||
for (n = 0; n < nelts; n++) {
|
||||
if (names[n].key.data == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (hinit->bucket_size < NGX_HASH_ELT_SIZE(&names[n]) + sizeof(void *))
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, hinit->pool->log, 0,
|
||||
|
|
|
@ -89,15 +89,12 @@ typedef struct {
|
|||
} ngx_hash_keys_arrays_t;
|
||||
|
||||
|
||||
typedef struct ngx_table_elt_s ngx_table_elt_t;
|
||||
|
||||
struct ngx_table_elt_s {
|
||||
typedef struct {
|
||||
ngx_uint_t hash;
|
||||
ngx_str_t key;
|
||||
ngx_str_t value;
|
||||
u_char *lowcase_key;
|
||||
ngx_table_elt_t *next;
|
||||
};
|
||||
} ngx_table_elt_t;
|
||||
|
||||
|
||||
void *ngx_hash_find(ngx_hash_t *hash, ngx_uint_t key, u_char *name, size_t len);
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
#define NGX_MODULE_SIGNATURE_3 "0"
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_SENDFILE_NODISKIO || NGX_COMPAT)
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
#define NGX_MODULE_SIGNATURE_4 "1"
|
||||
#else
|
||||
#define NGX_MODULE_SIGNATURE_4 "0"
|
||||
|
|
|
@ -29,6 +29,10 @@
|
|||
|
||||
static ngx_inline ngx_int_t
|
||||
ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf);
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
static ngx_int_t ngx_output_chain_aio_setup(ngx_output_chain_ctx_t *ctx,
|
||||
ngx_file_t *file);
|
||||
#endif
|
||||
static ngx_int_t ngx_output_chain_add_copy(ngx_pool_t *pool,
|
||||
ngx_chain_t **chain, ngx_chain_t *in);
|
||||
static ngx_int_t ngx_output_chain_align_file_buf(ngx_output_chain_ctx_t *ctx,
|
||||
|
@ -256,6 +260,10 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
}
|
||||
#endif
|
||||
|
||||
if (buf->in_file && buf->file->directio) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
sendfile = ctx->sendfile;
|
||||
|
||||
#if (NGX_SENDFILE_LIMIT)
|
||||
|
@ -264,19 +272,6 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
sendfile = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if !(NGX_HAVE_SENDFILE_NODISKIO)
|
||||
|
||||
/*
|
||||
* With DIRECTIO, disable sendfile() unless sendfile(SF_NOCACHE)
|
||||
* is available.
|
||||
*/
|
||||
|
||||
if (buf->in_file && buf->file->directio) {
|
||||
sendfile = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (!sendfile) {
|
||||
|
@ -288,6 +283,12 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
buf->in_file = 0;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
if (ctx->aio_preload && buf->in_file) {
|
||||
(void) ngx_output_chain_aio_setup(ctx, buf->file);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ctx->need_in_memory && !ngx_buf_in_memory(buf)) {
|
||||
return 0;
|
||||
}
|
||||
|
@ -300,6 +301,28 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
|
||||
static ngx_int_t
|
||||
ngx_output_chain_aio_setup(ngx_output_chain_ctx_t *ctx, ngx_file_t *file)
|
||||
{
|
||||
ngx_event_aio_t *aio;
|
||||
|
||||
if (file->aio == NULL && ngx_file_aio_init(file, ctx->pool) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
aio = file->aio;
|
||||
|
||||
aio->data = ctx->filter_ctx;
|
||||
aio->preload_handler = ctx->aio_preload;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_output_chain_add_copy(ngx_pool_t *pool, ngx_chain_t **chain,
|
||||
ngx_chain_t *in)
|
||||
|
@ -780,10 +803,6 @@ ngx_chain_writer(void *data, ngx_chain_t *in)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (chain && c->write->ready) {
|
||||
ngx_post_event(c->write, &ngx_posted_next_events);
|
||||
}
|
||||
|
||||
for (cl = ctx->out; cl && cl != chain; /* void */) {
|
||||
ln = cl;
|
||||
cl = cl->next;
|
||||
|
|
|
@ -13,15 +13,7 @@
|
|||
#define NGX_PROXY_PROTOCOL_AF_INET6 2
|
||||
|
||||
|
||||
#define ngx_proxy_protocol_parse_uint16(p) \
|
||||
( ((uint16_t) (p)[0] << 8) \
|
||||
+ ( (p)[1]) )
|
||||
|
||||
#define ngx_proxy_protocol_parse_uint32(p) \
|
||||
( ((uint32_t) (p)[0] << 24) \
|
||||
+ ( (p)[1] << 16) \
|
||||
+ ( (p)[2] << 8) \
|
||||
+ ( (p)[3]) )
|
||||
#define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1])
|
||||
|
||||
|
||||
typedef struct {
|
||||
|
@ -48,52 +40,12 @@ typedef struct {
|
|||
} ngx_proxy_protocol_inet6_addrs_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char type;
|
||||
u_char len[2];
|
||||
} ngx_proxy_protocol_tlv_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char client;
|
||||
u_char verify[4];
|
||||
} ngx_proxy_protocol_tlv_ssl_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t name;
|
||||
ngx_uint_t type;
|
||||
} ngx_proxy_protocol_tlv_entry_t;
|
||||
|
||||
|
||||
static u_char *ngx_proxy_protocol_read_addr(ngx_connection_t *c, u_char *p,
|
||||
u_char *last, ngx_str_t *addr);
|
||||
static u_char *ngx_proxy_protocol_read_port(u_char *p, u_char *last,
|
||||
in_port_t *port, u_char sep);
|
||||
static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
static ngx_int_t ngx_proxy_protocol_lookup_tlv(ngx_connection_t *c,
|
||||
ngx_str_t *tlvs, ngx_uint_t type, ngx_str_t *value);
|
||||
|
||||
|
||||
static ngx_proxy_protocol_tlv_entry_t ngx_proxy_protocol_tlv_entries[] = {
|
||||
{ ngx_string("alpn"), 0x01 },
|
||||
{ ngx_string("authority"), 0x02 },
|
||||
{ ngx_string("unique_id"), 0x05 },
|
||||
{ ngx_string("ssl"), 0x20 },
|
||||
{ ngx_string("netns"), 0x30 },
|
||||
{ ngx_null_string, 0x00 }
|
||||
};
|
||||
|
||||
|
||||
static ngx_proxy_protocol_tlv_entry_t ngx_proxy_protocol_tlv_ssl_entries[] = {
|
||||
{ ngx_string("version"), 0x21 },
|
||||
{ ngx_string("cn"), 0x22 },
|
||||
{ ngx_string("cipher"), 0x23 },
|
||||
{ ngx_string("sig_alg"), 0x24 },
|
||||
{ ngx_string("key_alg"), 0x25 },
|
||||
{ ngx_null_string, 0x00 }
|
||||
};
|
||||
|
||||
|
||||
u_char *
|
||||
|
@ -109,7 +61,7 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
len = last - buf;
|
||||
|
||||
if (len >= sizeof(ngx_proxy_protocol_header_t)
|
||||
&& ngx_memcmp(p, signature, sizeof(signature) - 1) == 0)
|
||||
&& memcmp(p, signature, sizeof(signature) - 1) == 0)
|
||||
{
|
||||
return ngx_proxy_protocol_v2_read(c, buf, last);
|
||||
}
|
||||
|
@ -187,14 +139,8 @@ skip:
|
|||
|
||||
invalid:
|
||||
|
||||
for (p = buf; p < last; p++) {
|
||||
if (*p == CR || *p == LF) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"broken header: \"%*s\"", (size_t) (p - buf), buf);
|
||||
"broken header: \"%*s\"", (size_t) (last - buf), buf);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
@ -281,9 +227,7 @@ ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
{
|
||||
ngx_uint_t port, lport;
|
||||
|
||||
if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) {
|
||||
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"too small buffer for PROXY protocol");
|
||||
if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -396,11 +340,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
|
||||
src_sockaddr.sockaddr_in.sin_family = AF_INET;
|
||||
src_sockaddr.sockaddr_in.sin_port = 0;
|
||||
ngx_memcpy(&src_sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
|
||||
memcpy(&src_sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
|
||||
|
||||
dst_sockaddr.sockaddr_in.sin_family = AF_INET;
|
||||
dst_sockaddr.sockaddr_in.sin_port = 0;
|
||||
ngx_memcpy(&dst_sockaddr.sockaddr_in.sin_addr, in->dst_addr, 4);
|
||||
memcpy(&dst_sockaddr.sockaddr_in.sin_addr, in->dst_addr, 4);
|
||||
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
|
||||
pp->dst_port = ngx_proxy_protocol_parse_uint16(in->dst_port);
|
||||
|
@ -423,11 +367,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
|
||||
src_sockaddr.sockaddr_in6.sin6_family = AF_INET6;
|
||||
src_sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
ngx_memcpy(&src_sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
|
||||
memcpy(&src_sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
|
||||
|
||||
dst_sockaddr.sockaddr_in6.sin6_family = AF_INET6;
|
||||
dst_sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
ngx_memcpy(&dst_sockaddr.sockaddr_in6.sin6_addr, in6->dst_addr, 16);
|
||||
memcpy(&dst_sockaddr.sockaddr_in6.sin6_addr, in6->dst_addr, 16);
|
||||
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
|
||||
pp->dst_port = ngx_proxy_protocol_parse_uint16(in6->dst_port);
|
||||
|
@ -468,147 +412,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
&pp->src_addr, pp->src_port, &pp->dst_addr, pp->dst_port);
|
||||
|
||||
if (buf < end) {
|
||||
pp->tlvs.data = ngx_pnalloc(c->pool, end - buf);
|
||||
if (pp->tlvs.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memcpy(pp->tlvs.data, buf, end - buf);
|
||||
pp->tlvs.len = end - buf;
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 %z bytes of tlv ignored", end - buf);
|
||||
}
|
||||
|
||||
c->proxy_protocol = pp;
|
||||
|
||||
return end;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_proxy_protocol_get_tlv(ngx_connection_t *c, ngx_str_t *name,
|
||||
ngx_str_t *value)
|
||||
{
|
||||
u_char *p;
|
||||
size_t n;
|
||||
uint32_t verify;
|
||||
ngx_str_t ssl, *tlvs;
|
||||
ngx_int_t rc, type;
|
||||
ngx_proxy_protocol_tlv_ssl_t *tlv_ssl;
|
||||
ngx_proxy_protocol_tlv_entry_t *te;
|
||||
|
||||
if (c->proxy_protocol == NULL) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 get tlv \"%V\"", name);
|
||||
|
||||
te = ngx_proxy_protocol_tlv_entries;
|
||||
tlvs = &c->proxy_protocol->tlvs;
|
||||
|
||||
p = name->data;
|
||||
n = name->len;
|
||||
|
||||
if (n >= 4 && p[0] == 's' && p[1] == 's' && p[2] == 'l' && p[3] == '_') {
|
||||
|
||||
rc = ngx_proxy_protocol_lookup_tlv(c, tlvs, 0x20, &ssl);
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
if (ssl.len < sizeof(ngx_proxy_protocol_tlv_ssl_t)) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p += 4;
|
||||
n -= 4;
|
||||
|
||||
if (n == 6 && ngx_strncmp(p, "verify", 6) == 0) {
|
||||
|
||||
tlv_ssl = (ngx_proxy_protocol_tlv_ssl_t *) ssl.data;
|
||||
verify = ngx_proxy_protocol_parse_uint32(tlv_ssl->verify);
|
||||
|
||||
value->data = ngx_pnalloc(c->pool, NGX_INT32_LEN);
|
||||
if (value->data == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
value->len = ngx_sprintf(value->data, "%uD", verify)
|
||||
- value->data;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ssl.data += sizeof(ngx_proxy_protocol_tlv_ssl_t);
|
||||
ssl.len -= sizeof(ngx_proxy_protocol_tlv_ssl_t);
|
||||
|
||||
te = ngx_proxy_protocol_tlv_ssl_entries;
|
||||
tlvs = &ssl;
|
||||
}
|
||||
|
||||
if (n >= 2 && p[0] == '0' && p[1] == 'x') {
|
||||
|
||||
type = ngx_hextoi(p + 2, n - 2);
|
||||
if (type == NGX_ERROR) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"invalid PROXY protocol TLV \"%V\"", name);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return ngx_proxy_protocol_lookup_tlv(c, tlvs, type, value);
|
||||
}
|
||||
|
||||
for ( /* void */ ; te->type; te++) {
|
||||
if (te->name.len == n && ngx_strncmp(te->name.data, p, n) == 0) {
|
||||
return ngx_proxy_protocol_lookup_tlv(c, tlvs, te->type, value);
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"unknown PROXY protocol TLV \"%V\"", name);
|
||||
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_proxy_protocol_lookup_tlv(ngx_connection_t *c, ngx_str_t *tlvs,
|
||||
ngx_uint_t type, ngx_str_t *value)
|
||||
{
|
||||
u_char *p;
|
||||
size_t n, len;
|
||||
ngx_proxy_protocol_tlv_t *tlv;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 lookup tlv:%02xi", type);
|
||||
|
||||
p = tlvs->data;
|
||||
n = tlvs->len;
|
||||
|
||||
while (n) {
|
||||
if (n < sizeof(ngx_proxy_protocol_tlv_t)) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "broken PROXY protocol TLV");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tlv = (ngx_proxy_protocol_tlv_t *) p;
|
||||
len = ngx_proxy_protocol_parse_uint16(tlv->len);
|
||||
|
||||
p += sizeof(ngx_proxy_protocol_tlv_t);
|
||||
n -= sizeof(ngx_proxy_protocol_tlv_t);
|
||||
|
||||
if (n < len) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "broken PROXY protocol TLV");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (tlv->type == type) {
|
||||
value->data = p;
|
||||
value->len = len;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
p += len;
|
||||
n -= len;
|
||||
}
|
||||
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
|
|
@ -13,8 +13,7 @@
|
|||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_PROXY_PROTOCOL_V1_MAX_HEADER 107
|
||||
#define NGX_PROXY_PROTOCOL_MAX_HEADER 4096
|
||||
#define NGX_PROXY_PROTOCOL_MAX_HEADER 107
|
||||
|
||||
|
||||
struct ngx_proxy_protocol_s {
|
||||
|
@ -22,7 +21,6 @@ struct ngx_proxy_protocol_s {
|
|||
ngx_str_t dst_addr;
|
||||
in_port_t src_port;
|
||||
in_port_t dst_port;
|
||||
ngx_str_t tlvs;
|
||||
};
|
||||
|
||||
|
||||
|
@ -30,8 +28,6 @@ u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
|
|||
u_char *last);
|
||||
u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
ngx_int_t ngx_proxy_protocol_get_tlv(ngx_connection_t *c, ngx_str_t *name,
|
||||
ngx_str_t *value);
|
||||
|
||||
|
||||
#endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */
|
||||
|
|
|
@ -47,9 +47,6 @@ struct ngx_rbtree_s {
|
|||
(tree)->sentinel = s; \
|
||||
(tree)->insert = i
|
||||
|
||||
#define ngx_rbtree_data(node, type, link) \
|
||||
(type *) ((u_char *) (node) - offsetof(type, link))
|
||||
|
||||
|
||||
void ngx_rbtree_insert(ngx_rbtree_t *tree, ngx_rbtree_node_t *node);
|
||||
void ngx_rbtree_delete(ngx_rbtree_t *tree, ngx_rbtree_node_t *node);
|
||||
|
|
|
@ -10,22 +10,15 @@
|
|||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t pcre_jit;
|
||||
ngx_list_t *studies;
|
||||
ngx_flag_t pcre_jit;
|
||||
} ngx_regex_conf_t;
|
||||
|
||||
|
||||
static ngx_inline void ngx_regex_malloc_init(ngx_pool_t *pool);
|
||||
static ngx_inline void ngx_regex_malloc_done(void);
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
static void * ngx_libc_cdecl ngx_regex_malloc(size_t size, void *data);
|
||||
static void ngx_libc_cdecl ngx_regex_free(void *p, void *data);
|
||||
#else
|
||||
static void * ngx_libc_cdecl ngx_regex_malloc(size_t size);
|
||||
static void ngx_libc_cdecl ngx_regex_free(void *p);
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
static void ngx_pcre_free_studies(void *data);
|
||||
#endif
|
||||
static void ngx_regex_cleanup(void *data);
|
||||
|
||||
static ngx_int_t ngx_regex_module_init(ngx_cycle_t *cycle);
|
||||
|
||||
|
@ -72,197 +65,32 @@ ngx_module_t ngx_regex_module = {
|
|||
};
|
||||
|
||||
|
||||
static ngx_pool_t *ngx_regex_pool;
|
||||
static ngx_list_t *ngx_regex_studies;
|
||||
static ngx_uint_t ngx_regex_direct_alloc;
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
static pcre2_compile_context *ngx_regex_compile_context;
|
||||
static pcre2_match_data *ngx_regex_match_data;
|
||||
static ngx_uint_t ngx_regex_match_data_size;
|
||||
#endif
|
||||
static ngx_pool_t *ngx_pcre_pool;
|
||||
static ngx_list_t *ngx_pcre_studies;
|
||||
|
||||
|
||||
void
|
||||
ngx_regex_init(void)
|
||||
{
|
||||
#if !(NGX_PCRE2)
|
||||
pcre_malloc = ngx_regex_malloc;
|
||||
pcre_free = ngx_regex_free;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_regex_malloc_init(ngx_pool_t *pool)
|
||||
{
|
||||
ngx_regex_pool = pool;
|
||||
ngx_regex_direct_alloc = (pool == NULL) ? 1 : 0;
|
||||
ngx_pcre_pool = pool;
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_regex_malloc_done(void)
|
||||
{
|
||||
ngx_regex_pool = NULL;
|
||||
ngx_regex_direct_alloc = 0;
|
||||
ngx_pcre_pool = NULL;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_compile(ngx_regex_compile_t *rc)
|
||||
{
|
||||
int n, errcode;
|
||||
char *p;
|
||||
u_char errstr[128];
|
||||
size_t erroff;
|
||||
uint32_t options;
|
||||
pcre2_code *re;
|
||||
ngx_regex_elt_t *elt;
|
||||
pcre2_general_context *gctx;
|
||||
pcre2_compile_context *cctx;
|
||||
|
||||
if (ngx_regex_compile_context == NULL) {
|
||||
/*
|
||||
* Allocate a compile context if not yet allocated. This uses
|
||||
* direct allocations from heap, so the result can be cached
|
||||
* even at runtime.
|
||||
*/
|
||||
|
||||
ngx_regex_malloc_init(NULL);
|
||||
|
||||
gctx = pcre2_general_context_create(ngx_regex_malloc, ngx_regex_free,
|
||||
NULL);
|
||||
if (gctx == NULL) {
|
||||
ngx_regex_malloc_done();
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
cctx = pcre2_compile_context_create(gctx);
|
||||
if (cctx == NULL) {
|
||||
pcre2_general_context_free(gctx);
|
||||
ngx_regex_malloc_done();
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
ngx_regex_compile_context = cctx;
|
||||
|
||||
pcre2_general_context_free(gctx);
|
||||
ngx_regex_malloc_done();
|
||||
}
|
||||
|
||||
options = 0;
|
||||
|
||||
if (rc->options & NGX_REGEX_CASELESS) {
|
||||
options |= PCRE2_CASELESS;
|
||||
}
|
||||
|
||||
if (rc->options & NGX_REGEX_MULTILINE) {
|
||||
options |= PCRE2_MULTILINE;
|
||||
}
|
||||
|
||||
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: invalid options",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_regex_malloc_init(rc->pool);
|
||||
|
||||
re = pcre2_compile(rc->pattern.data, rc->pattern.len, options,
|
||||
&errcode, &erroff, ngx_regex_compile_context);
|
||||
|
||||
/* ensure that there is no current pool */
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
if (re == NULL) {
|
||||
pcre2_get_error_message(errcode, errstr, 128);
|
||||
|
||||
if ((size_t) erroff == rc->pattern.len) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre2_compile() failed: %s in \"%V\"",
|
||||
errstr, &rc->pattern)
|
||||
- rc->err.data;
|
||||
|
||||
} else {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre2_compile() failed: %s in \"%V\" at \"%s\"",
|
||||
errstr, &rc->pattern, rc->pattern.data + erroff)
|
||||
- rc->err.data;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
rc->regex = re;
|
||||
|
||||
/* do not study at runtime */
|
||||
|
||||
if (ngx_regex_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_regex_studies);
|
||||
if (elt == NULL) {
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
elt->regex = rc->regex;
|
||||
elt->name = rc->pattern.data;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_CAPTURECOUNT, &rc->captures);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_CAPTURECOUNT) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (rc->captures == 0) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMECOUNT, &rc->named_captures);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMECOUNT) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (rc->named_captures == 0) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMEENTRYSIZE, &rc->name_size);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMEENTRYSIZE) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMETABLE, &rc->names);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMETABLE) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
failed:
|
||||
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, p, &rc->pattern, n)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
|
||||
nomem:
|
||||
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: no memory",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_compile(ngx_regex_compile_t *rc)
|
||||
{
|
||||
|
@ -270,30 +98,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
char *p;
|
||||
pcre *re;
|
||||
const char *errstr;
|
||||
ngx_uint_t options;
|
||||
ngx_regex_elt_t *elt;
|
||||
|
||||
options = 0;
|
||||
|
||||
if (rc->options & NGX_REGEX_CASELESS) {
|
||||
options |= PCRE_CASELESS;
|
||||
}
|
||||
|
||||
if (rc->options & NGX_REGEX_MULTILINE) {
|
||||
options |= PCRE_MULTILINE;
|
||||
}
|
||||
|
||||
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: invalid options",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_regex_malloc_init(rc->pool);
|
||||
|
||||
re = pcre_compile((const char *) rc->pattern.data, (int) options,
|
||||
re = pcre_compile((const char *) rc->pattern.data, (int) rc->options,
|
||||
&errstr, &erroff, NULL);
|
||||
|
||||
/* ensure that there is no current pool */
|
||||
|
@ -304,13 +113,13 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre_compile() failed: %s in \"%V\"",
|
||||
errstr, &rc->pattern)
|
||||
- rc->err.data;
|
||||
- rc->err.data;
|
||||
|
||||
} else {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre_compile() failed: %s in \"%V\" at \"%s\"",
|
||||
errstr, &rc->pattern, rc->pattern.data + erroff)
|
||||
- rc->err.data;
|
||||
- rc->err.data;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
|
@ -325,8 +134,8 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
|
||||
/* do not study at runtime */
|
||||
|
||||
if (ngx_regex_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_regex_studies);
|
||||
if (ngx_pcre_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_pcre_studies);
|
||||
if (elt == NULL) {
|
||||
goto nomem;
|
||||
}
|
||||
|
@ -384,83 +193,6 @@ nomem:
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures, ngx_uint_t size)
|
||||
{
|
||||
size_t *ov;
|
||||
ngx_int_t rc;
|
||||
ngx_uint_t n, i;
|
||||
|
||||
/*
|
||||
* The pcre2_match() function might allocate memory for backtracking
|
||||
* frames, typical allocations are from 40k and above. So the allocator
|
||||
* is configured to do direct allocations from heap during matching.
|
||||
*/
|
||||
|
||||
ngx_regex_malloc_init(NULL);
|
||||
|
||||
if (ngx_regex_match_data == NULL
|
||||
|| size > ngx_regex_match_data_size)
|
||||
{
|
||||
/*
|
||||
* Allocate a match data if not yet allocated or smaller than
|
||||
* needed.
|
||||
*/
|
||||
|
||||
if (ngx_regex_match_data) {
|
||||
pcre2_match_data_free(ngx_regex_match_data);
|
||||
}
|
||||
|
||||
ngx_regex_match_data_size = size;
|
||||
ngx_regex_match_data = pcre2_match_data_create(size / 3, NULL);
|
||||
|
||||
if (ngx_regex_match_data == NULL) {
|
||||
rc = PCRE2_ERROR_NOMEMORY;
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
||||
rc = pcre2_match(re, s->data, s->len, 0, 0, ngx_regex_match_data, NULL);
|
||||
|
||||
if (rc < 0) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
n = pcre2_get_ovector_count(ngx_regex_match_data);
|
||||
ov = pcre2_get_ovector_pointer(ngx_regex_match_data);
|
||||
|
||||
if (n > size / 3) {
|
||||
n = size / 3;
|
||||
}
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
captures[i * 2] = ov[i * 2];
|
||||
captures[i * 2 + 1] = ov[i * 2 + 1];
|
||||
}
|
||||
|
||||
failed:
|
||||
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures, ngx_uint_t size)
|
||||
{
|
||||
return pcre_exec(re->code, re->extra, (const char *) s->data, s->len,
|
||||
0, 0, captures, size);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log)
|
||||
|
@ -495,40 +227,14 @@ ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
static void * ngx_libc_cdecl
|
||||
ngx_regex_malloc(size_t size, void *data)
|
||||
{
|
||||
if (ngx_regex_pool) {
|
||||
return ngx_palloc(ngx_regex_pool, size);
|
||||
}
|
||||
|
||||
if (ngx_regex_direct_alloc) {
|
||||
return ngx_alloc(size, ngx_cycle->log);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static void ngx_libc_cdecl
|
||||
ngx_regex_free(void *p, void *data)
|
||||
{
|
||||
if (ngx_regex_direct_alloc) {
|
||||
ngx_free(p);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
static void * ngx_libc_cdecl
|
||||
ngx_regex_malloc(size_t size)
|
||||
{
|
||||
if (ngx_regex_pool) {
|
||||
return ngx_palloc(ngx_regex_pool, size);
|
||||
ngx_pool_t *pool;
|
||||
pool = ngx_pcre_pool;
|
||||
|
||||
if (pool) {
|
||||
return ngx_palloc(pool, size);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
|
@ -541,20 +247,19 @@ ngx_regex_free(void *p)
|
|||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
|
||||
static void
|
||||
ngx_regex_cleanup(void *data)
|
||||
ngx_pcre_free_studies(void *data)
|
||||
{
|
||||
#if (NGX_PCRE2 || NGX_HAVE_PCRE_JIT)
|
||||
ngx_regex_conf_t *rcf = data;
|
||||
ngx_list_t *studies = data;
|
||||
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
|
||||
part = &rcf->studies->part;
|
||||
part = &studies->part;
|
||||
elts = part->elts;
|
||||
|
||||
for (i = 0; /* void */ ; i++) {
|
||||
|
@ -569,83 +274,56 @@ ngx_regex_cleanup(void *data)
|
|||
i = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* The PCRE JIT compiler uses mmap for its executable codes, so we
|
||||
* have to explicitly call the pcre_free_study() function to free
|
||||
* this memory. In PCRE2, we call the pcre2_code_free() function
|
||||
* for the same reason.
|
||||
*/
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
pcre2_code_free(elts[i].regex);
|
||||
#else
|
||||
if (elts[i].regex->extra != NULL) {
|
||||
pcre_free_study(elts[i].regex->extra);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* On configuration parsing errors ngx_regex_module_init() will not
|
||||
* be called. Make sure ngx_regex_studies is properly cleared anyway.
|
||||
*/
|
||||
|
||||
ngx_regex_studies = NULL;
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
/*
|
||||
* Free compile context and match data. If needed at runtime by
|
||||
* the new cycle, these will be re-allocated.
|
||||
*/
|
||||
|
||||
if (ngx_regex_compile_context) {
|
||||
pcre2_compile_context_free(ngx_regex_compile_context);
|
||||
ngx_regex_compile_context = NULL;
|
||||
}
|
||||
|
||||
if (ngx_regex_match_data) {
|
||||
pcre2_match_data_free(ngx_regex_match_data);
|
||||
ngx_regex_match_data = NULL;
|
||||
ngx_regex_match_data_size = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_regex_module_init(ngx_cycle_t *cycle)
|
||||
{
|
||||
int opt;
|
||||
#if !(NGX_PCRE2)
|
||||
const char *errstr;
|
||||
#endif
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
ngx_regex_conf_t *rcf;
|
||||
int opt;
|
||||
const char *errstr;
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
|
||||
opt = 0;
|
||||
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
{
|
||||
ngx_regex_conf_t *rcf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
rcf = (ngx_regex_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_regex_module);
|
||||
|
||||
#if (NGX_PCRE2 || NGX_HAVE_PCRE_JIT)
|
||||
|
||||
if (rcf->pcre_jit) {
|
||||
#if (NGX_PCRE2)
|
||||
opt = 1;
|
||||
#else
|
||||
opt = PCRE_STUDY_JIT_COMPILE;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* The PCRE JIT compiler uses mmap for its executable codes, so we
|
||||
* have to explicitly call the pcre_free_study() function to free
|
||||
* this memory.
|
||||
*/
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
cln->handler = ngx_pcre_free_studies;
|
||||
cln->data = ngx_pcre_studies;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
ngx_regex_malloc_init(cycle->pool);
|
||||
|
||||
part = &rcf->studies->part;
|
||||
part = &ngx_pcre_studies->part;
|
||||
elts = part->elts;
|
||||
|
||||
for (i = 0; /* void */ ; i++) {
|
||||
|
@ -660,23 +338,6 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
i = 0;
|
||||
}
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
if (opt) {
|
||||
int n;
|
||||
|
||||
n = pcre2_jit_compile(elts[i].regex, PCRE2_JIT_COMPLETE);
|
||||
|
||||
if (n != 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, cycle->log, 0,
|
||||
"pcre2_jit_compile() failed: %d in \"%s\", "
|
||||
"ignored",
|
||||
n, elts[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
elts[i].regex->extra = pcre_study(elts[i].regex->code, opt, &errstr);
|
||||
|
||||
if (errstr != NULL) {
|
||||
|
@ -699,16 +360,12 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
elts[i].name);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
ngx_regex_studies = NULL;
|
||||
#if (NGX_PCRE2)
|
||||
ngx_regex_compile_context = NULL;
|
||||
#endif
|
||||
ngx_pcre_studies = NULL;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
@ -717,8 +374,7 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
static void *
|
||||
ngx_regex_create_conf(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_regex_conf_t *rcf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_regex_conf_t *rcf;
|
||||
|
||||
rcf = ngx_pcalloc(cycle->pool, sizeof(ngx_regex_conf_t));
|
||||
if (rcf == NULL) {
|
||||
|
@ -727,21 +383,11 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
|
|||
|
||||
rcf->pcre_jit = NGX_CONF_UNSET;
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
ngx_pcre_studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||||
if (ngx_pcre_studies == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cln->handler = ngx_regex_cleanup;
|
||||
cln->data = rcf;
|
||||
|
||||
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||||
if (rcf->studies == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_regex_studies = rcf->studies;
|
||||
|
||||
return rcf;
|
||||
}
|
||||
|
||||
|
@ -766,21 +412,7 @@ ngx_regex_pcre_jit(ngx_conf_t *cf, void *post, void *data)
|
|||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
{
|
||||
int r;
|
||||
uint32_t jit;
|
||||
|
||||
jit = 0;
|
||||
r = pcre2_config(PCRE2_CONFIG_JIT, &jit);
|
||||
|
||||
if (r != 0 || jit != 1) {
|
||||
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
||||
"PCRE2 library does not support JIT");
|
||||
*fp = 0;
|
||||
}
|
||||
}
|
||||
#elif (NGX_HAVE_PCRE_JIT)
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
{
|
||||
int jit, r;
|
||||
|
||||
|
|
|
@ -12,38 +12,24 @@
|
|||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
#define PCRE2_CODE_UNIT_WIDTH 8
|
||||
#include <pcre2.h>
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE2_ERROR_NOMATCH /* -1 */
|
||||
|
||||
typedef pcre2_code ngx_regex_t;
|
||||
|
||||
#else
|
||||
|
||||
#include <pcre.h>
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE_ERROR_NOMATCH /* -1 */
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE_ERROR_NOMATCH /* -1 */
|
||||
|
||||
#define NGX_REGEX_CASELESS PCRE_CASELESS
|
||||
|
||||
|
||||
typedef struct {
|
||||
pcre *code;
|
||||
pcre_extra *extra;
|
||||
} ngx_regex_t;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_REGEX_CASELESS 0x00000001
|
||||
#define NGX_REGEX_MULTILINE 0x00000002
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t pattern;
|
||||
ngx_pool_t *pool;
|
||||
ngx_uint_t options;
|
||||
ngx_int_t options;
|
||||
|
||||
ngx_regex_t *regex;
|
||||
int captures;
|
||||
|
@ -63,14 +49,10 @@ typedef struct {
|
|||
void ngx_regex_init(void);
|
||||
ngx_int_t ngx_regex_compile(ngx_regex_compile_t *rc);
|
||||
|
||||
ngx_int_t ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures,
|
||||
ngx_uint_t size);
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
#define ngx_regex_exec_n "pcre2_match()"
|
||||
#else
|
||||
#define ngx_regex_exec_n "pcre_exec()"
|
||||
#endif
|
||||
#define ngx_regex_exec(re, s, captures, size) \
|
||||
pcre_exec(re->code, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \
|
||||
captures, size)
|
||||
#define ngx_regex_exec_n "pcre_exec()"
|
||||
|
||||
ngx_int_t ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log);
|
||||
|
||||
|
|
|
@ -51,7 +51,9 @@ typedef struct {
|
|||
} ngx_resolver_an_t;
|
||||
|
||||
|
||||
#define ngx_resolver_node(n) ngx_rbtree_data(n, ngx_resolver_node_t, node)
|
||||
#define ngx_resolver_node(n) \
|
||||
(ngx_resolver_node_t *) \
|
||||
((u_char *) (n) - offsetof(ngx_resolver_node_t, node))
|
||||
|
||||
|
||||
static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec);
|
||||
|
@ -157,8 +159,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
cln->handler = ngx_resolver_cleanup;
|
||||
cln->data = r;
|
||||
|
||||
r->ipv4 = 1;
|
||||
|
||||
ngx_rbtree_init(&r->name_rbtree, &r->name_sentinel,
|
||||
ngx_resolver_rbtree_insert_value);
|
||||
|
||||
|
@ -227,23 +227,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
r->ipv4 = 1;
|
||||
|
||||
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
|
||||
r->ipv4 = 0;
|
||||
|
||||
} else {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"invalid parameter: %V", &names[i]);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
|
@ -292,14 +275,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv4 + r->ipv6 == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"ipv4\" and \"ipv6\" cannot both be \"off\"");
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (n && r->connections.nelts == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
|
||||
return NULL;
|
||||
|
@ -863,7 +838,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
|
|||
r->last_connection = 0;
|
||||
}
|
||||
|
||||
rn->naddrs = r->ipv4 ? (u_short) -1 : 0;
|
||||
rn->naddrs = (u_short) -1;
|
||||
rn->tcp = 0;
|
||||
#if (NGX_HAVE_INET6)
|
||||
rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0;
|
||||
|
@ -1290,7 +1265,7 @@ ngx_resolver_send_query(ngx_resolver_t *r, ngx_resolver_node_t *rn)
|
|||
rec->log.action = "resolving";
|
||||
}
|
||||
|
||||
if (rn->query && rn->naddrs == (u_short) -1) {
|
||||
if (rn->naddrs == (u_short) -1) {
|
||||
rc = rn->tcp ? ngx_resolver_send_tcp_query(r, rec, rn->query, rn->qlen)
|
||||
: ngx_resolver_send_udp_query(r, rec, rn->query, rn->qlen);
|
||||
|
||||
|
@ -1416,7 +1391,6 @@ ngx_resolver_send_tcp_query(ngx_resolver_t *r, ngx_resolver_connection_t *rec,
|
|||
|
||||
rec->tcp->data = rec;
|
||||
rec->tcp->write->handler = ngx_resolver_tcp_write;
|
||||
rec->tcp->write->cancelable = 1;
|
||||
rec->tcp->read->handler = ngx_resolver_tcp_read;
|
||||
rec->tcp->read->resolver = 1;
|
||||
|
||||
|
@ -1792,13 +1766,10 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
q = ngx_queue_next(q))
|
||||
{
|
||||
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (rn->query) {
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
}
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
|
@ -3675,7 +3646,7 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6));
|
||||
p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
|
||||
#else
|
||||
p = ngx_resolver_alloc(r, len);
|
||||
#endif
|
||||
|
@ -3688,21 +3659,19 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv6) {
|
||||
rn->query6 = r->ipv4 ? (p + len) : p;
|
||||
rn->query6 = p + len;
|
||||
}
|
||||
#endif
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
if (r->ipv4) {
|
||||
ident = ngx_random();
|
||||
ident = ngx_random();
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
}
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
|
||||
/* recursion query */
|
||||
query->flags_hi = 1; query->flags_lo = 0;
|
||||
|
@ -3763,9 +3732,7 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
p = rn->query6;
|
||||
|
||||
if (r->ipv4) {
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
}
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
|
|
|
@ -175,10 +175,8 @@ struct ngx_resolver_s {
|
|||
ngx_queue_t srv_expire_queue;
|
||||
ngx_queue_t addr_expire_queue;
|
||||
|
||||
unsigned ipv4:1;
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
unsigned ipv6:1;
|
||||
ngx_uint_t ipv6; /* unsigned ipv6:1; */
|
||||
ngx_rbtree_t addr6_rbtree;
|
||||
ngx_rbtree_node_t addr6_sentinel;
|
||||
ngx_queue_t addr6_resend_queue;
|
||||
|
|
|
@ -89,10 +89,22 @@ ngx_rwlock_rlock(ngx_atomic_t *lock)
|
|||
void
|
||||
ngx_rwlock_unlock(ngx_atomic_t *lock)
|
||||
{
|
||||
if (*lock == NGX_RWLOCK_WLOCK) {
|
||||
ngx_atomic_uint_t readers;
|
||||
|
||||
readers = *lock;
|
||||
|
||||
if (readers == NGX_RWLOCK_WLOCK) {
|
||||
(void) ngx_atomic_cmp_set(lock, NGX_RWLOCK_WLOCK, 0);
|
||||
} else {
|
||||
(void) ngx_atomic_fetch_add(lock, -1);
|
||||
return;
|
||||
}
|
||||
|
||||
for ( ;; ) {
|
||||
|
||||
if (ngx_atomic_cmp_set(lock, readers, readers - 1)) {
|
||||
return;
|
||||
}
|
||||
|
||||
readers = *lock;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1364,12 +1364,7 @@ ngx_utf8_decode(u_char **p, size_t n)
|
|||
|
||||
u = **p;
|
||||
|
||||
if (u >= 0xf8) {
|
||||
|
||||
(*p)++;
|
||||
return 0xffffffff;
|
||||
|
||||
} else if (u >= 0xf0) {
|
||||
if (u >= 0xf0) {
|
||||
|
||||
u &= 0x07;
|
||||
valid = 0xffff;
|
||||
|
@ -1498,32 +1493,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
uint32_t *escape;
|
||||
static u_char hex[] = "0123456789ABCDEF";
|
||||
|
||||
/*
|
||||
* Per RFC 3986 only the following chars are allowed in URIs unescaped:
|
||||
*
|
||||
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
|
||||
* gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
|
||||
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
|
||||
* / "*" / "+" / "," / ";" / "="
|
||||
*
|
||||
* And "%" can appear as a part of escaping itself. The following
|
||||
* characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
|
||||
* " ", """, "<", ">", "\", "^", "`", "{", "|", "}".
|
||||
*/
|
||||
|
||||
/* " ", "#", "%", "?", not allowed */
|
||||
/* " ", "#", "%", "?", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t uri[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0xd000002d, /* 1101 0000 0000 0000 0000 0000 0010 1101 */
|
||||
0x80000029, /* 1000 0000 0000 0000 0000 0000 0010 1001 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1531,19 +1513,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", "#", "%", "&", "+", ";", "?", not allowed */
|
||||
/* " ", "#", "%", "&", "+", "?", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t args[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0xd800086d, /* 1101 1000 0000 0000 0000 1000 0110 1101 */
|
||||
0x88000869, /* 1000 1000 0000 0000 0000 1000 0110 1001 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1571,19 +1553,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", "#", """, "%", "'", not allowed */
|
||||
/* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t html[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x500000ad, /* 0101 0000 0000 0000 0000 0000 1010 1101 */
|
||||
0x000000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1591,19 +1573,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", """, "'", not allowed */
|
||||
/* " ", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t refresh[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x50000085, /* 0101 0000 0000 0000 0000 0000 1000 0101 */
|
||||
0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xd8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
|
|
@ -140,12 +140,12 @@ ngx_copy(u_char *dst, u_char *src, size_t len)
|
|||
#endif
|
||||
|
||||
|
||||
#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n)
|
||||
#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n))
|
||||
#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n)
|
||||
#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n))
|
||||
|
||||
|
||||
/* msvc and icc7 compile memcmp() to the inline loop */
|
||||
#define ngx_memcmp(s1, s2, n) memcmp(s1, s2, n)
|
||||
#define ngx_memcmp(s1, s2, n) memcmp((const char *) s1, (const char *) s2, n)
|
||||
|
||||
|
||||
u_char *ngx_cpystrn(u_char *dst, u_char *src, size_t n);
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
static char *ngx_syslog_parse_args(ngx_conf_t *cf, ngx_syslog_peer_t *peer);
|
||||
static ngx_int_t ngx_syslog_init_peer(ngx_syslog_peer_t *peer);
|
||||
static void ngx_syslog_cleanup(void *data);
|
||||
static u_char *ngx_syslog_log_error(ngx_log_t *log, u_char *buf, size_t len);
|
||||
|
||||
|
||||
static char *facilities[] = {
|
||||
|
@ -67,9 +66,6 @@ ngx_syslog_process_conf(ngx_conf_t *cf, ngx_syslog_peer_t *peer)
|
|||
ngx_str_set(&peer->tag, "nginx");
|
||||
}
|
||||
|
||||
peer->hostname = &cf->cycle->hostname;
|
||||
peer->logp = &cf->cycle->new_log;
|
||||
|
||||
peer->conn.fd = (ngx_socket_t) -1;
|
||||
|
||||
peer->conn.read = &ngx_syslog_dummy_event;
|
||||
|
@ -247,7 +243,7 @@ ngx_syslog_add_header(ngx_syslog_peer_t *peer, u_char *buf)
|
|||
}
|
||||
|
||||
return ngx_sprintf(buf, "<%ui>%V %V %V: ", pri, &ngx_cached_syslog_time,
|
||||
peer->hostname, &peer->tag);
|
||||
&ngx_cycle->hostname, &peer->tag);
|
||||
}
|
||||
|
||||
|
||||
|
@ -290,19 +286,15 @@ ngx_syslog_send(ngx_syslog_peer_t *peer, u_char *buf, size_t len)
|
|||
{
|
||||
ssize_t n;
|
||||
|
||||
if (peer->log.handler == NULL) {
|
||||
peer->log = *peer->logp;
|
||||
peer->log.handler = ngx_syslog_log_error;
|
||||
peer->log.data = peer;
|
||||
peer->log.action = "logging to syslog";
|
||||
}
|
||||
|
||||
if (peer->conn.fd == (ngx_socket_t) -1) {
|
||||
if (ngx_syslog_init_peer(peer) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* log syslog socket events with valid log */
|
||||
peer->conn.log = ngx_cycle->log;
|
||||
|
||||
if (ngx_send) {
|
||||
n = ngx_send(&peer->conn, buf, len);
|
||||
|
||||
|
@ -314,7 +306,7 @@ ngx_syslog_send(ngx_syslog_peer_t *peer, u_char *buf, size_t len)
|
|||
if (n == NGX_ERROR) {
|
||||
|
||||
if (ngx_close_socket(peer->conn.fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
|
||||
|
@ -332,25 +324,24 @@ ngx_syslog_init_peer(ngx_syslog_peer_t *peer)
|
|||
|
||||
fd = ngx_socket(peer->server.sockaddr->sa_family, SOCK_DGRAM, 0);
|
||||
if (fd == (ngx_socket_t) -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_socket_n " failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_nonblocking(fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_nonblocking_n " failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (connect(fd, peer->server.sockaddr, peer->server.socklen) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
"connect() failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
peer->conn.fd = fd;
|
||||
peer->conn.log = &peer->log;
|
||||
|
||||
/* UDP sockets are always ready to write */
|
||||
peer->conn.write->ready = 1;
|
||||
|
@ -360,7 +351,7 @@ ngx_syslog_init_peer(ngx_syslog_peer_t *peer)
|
|||
failed:
|
||||
|
||||
if (ngx_close_socket(fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
|
||||
|
@ -381,30 +372,7 @@ ngx_syslog_cleanup(void *data)
|
|||
}
|
||||
|
||||
if (ngx_close_socket(peer->conn.fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static u_char *
|
||||
ngx_syslog_log_error(ngx_log_t *log, u_char *buf, size_t len)
|
||||
{
|
||||
u_char *p;
|
||||
ngx_syslog_peer_t *peer;
|
||||
|
||||
p = buf;
|
||||
|
||||
if (log->action) {
|
||||
p = ngx_snprintf(buf, len, " while %s", log->action);
|
||||
len -= p - buf;
|
||||
}
|
||||
|
||||
peer = log->data;
|
||||
|
||||
if (peer) {
|
||||
p = ngx_snprintf(p, len, ", server: %V", &peer->server.name);
|
||||
}
|
||||
|
||||
return p;
|
||||
}
|
||||
|
|
|
@ -9,20 +9,14 @@
|
|||
|
||||
|
||||
typedef struct {
|
||||
ngx_uint_t facility;
|
||||
ngx_uint_t severity;
|
||||
ngx_str_t tag;
|
||||
ngx_uint_t facility;
|
||||
ngx_uint_t severity;
|
||||
ngx_str_t tag;
|
||||
|
||||
ngx_str_t *hostname;
|
||||
|
||||
ngx_addr_t server;
|
||||
ngx_connection_t conn;
|
||||
|
||||
ngx_log_t log;
|
||||
ngx_log_t *logp;
|
||||
|
||||
unsigned busy:1;
|
||||
unsigned nohostname:1;
|
||||
ngx_addr_t server;
|
||||
ngx_connection_t conn;
|
||||
unsigned busy:1;
|
||||
unsigned nohostname:1;
|
||||
} ngx_syslog_peer_t;
|
||||
|
||||
|
||||
|
|
|
@ -200,6 +200,10 @@ ngx_monotonic_time(time_t sec, ngx_uint_t msec)
|
|||
|
||||
#if defined(CLOCK_MONOTONIC_FAST)
|
||||
clock_gettime(CLOCK_MONOTONIC_FAST, &ts);
|
||||
|
||||
#elif defined(CLOCK_MONOTONIC_COARSE)
|
||||
clock_gettime(CLOCK_MONOTONIC_COARSE, &ts);
|
||||
|
||||
#else
|
||||
clock_gettime(CLOCK_MONOTONIC, &ts);
|
||||
#endif
|
||||
|
|
|
@ -231,8 +231,9 @@ ngx_iocp_del_connection(ngx_connection_t *c, ngx_uint_t flags)
|
|||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
||||
static
|
||||
ngx_int_t ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
||||
ngx_uint_t flags)
|
||||
{
|
||||
int rc;
|
||||
u_int key;
|
||||
|
@ -355,7 +356,7 @@ ngx_iocp_create_conf(ngx_cycle_t *cycle)
|
|||
|
||||
cf = ngx_palloc(cycle->pool, sizeof(ngx_iocp_conf_t));
|
||||
if (cf == NULL) {
|
||||
return NULL;
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
cf->threads = NGX_CONF_UNSET;
|
||||
|
|
|
@ -55,7 +55,6 @@ ngx_uint_t ngx_accept_events;
|
|||
ngx_uint_t ngx_accept_mutex_held;
|
||||
ngx_msec_t ngx_accept_mutex_delay;
|
||||
ngx_int_t ngx_accept_disabled;
|
||||
ngx_uint_t ngx_use_exclusive_accept;
|
||||
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
|
@ -267,18 +266,6 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
|
|||
ngx_int_t
|
||||
ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags)
|
||||
{
|
||||
#if (NGX_QUIC)
|
||||
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = rev->data;
|
||||
|
||||
if (c->quic) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (ngx_event_flags & NGX_USE_CLEAR_EVENT) {
|
||||
|
||||
/* kqueue, epoll */
|
||||
|
@ -349,15 +336,9 @@ ngx_handle_write_event(ngx_event_t *wev, size_t lowat)
|
|||
{
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = wev->data;
|
||||
|
||||
#if (NGX_QUIC)
|
||||
if (c->quic) {
|
||||
return NGX_OK;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (lowat) {
|
||||
c = wev->data;
|
||||
|
||||
if (ngx_send_lowat(c, lowat) == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
@ -434,7 +415,6 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
|
|||
{
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
ngx_uint_t i;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_listening_t *ls;
|
||||
#endif
|
||||
|
||||
|
@ -461,25 +441,20 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
|
|||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module);
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
if (!ngx_test_config && ccf->master) {
|
||||
if (!ls[i].reuseport || ls[i].worker != 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_clone_listening(cycle, &ls[i]) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/* cloning may change cycle->listening.elts */
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
if (!ls[i].reuseport || ls[i].worker != 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_clone_listening(cycle, &ls[i]) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/* cloning may change cycle->listening.elts */
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -666,8 +641,6 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
|
||||
#endif
|
||||
|
||||
ngx_use_exclusive_accept = 0;
|
||||
|
||||
ngx_queue_init(&ngx_posted_accept_events);
|
||||
ngx_queue_init(&ngx_posted_next_events);
|
||||
ngx_queue_init(&ngx_posted_events);
|
||||
|
@ -831,9 +804,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
rev->deferred_accept = ls[i].deferred_accept;
|
||||
#endif
|
||||
|
||||
if (!(ngx_event_flags & NGX_USE_IOCP_EVENT)
|
||||
&& cycle->old_cycle)
|
||||
{
|
||||
if (!(ngx_event_flags & NGX_USE_IOCP_EVENT)) {
|
||||
if (ls[i].previous) {
|
||||
|
||||
/*
|
||||
|
@ -891,16 +862,8 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
|
||||
#else
|
||||
|
||||
if (c->type == SOCK_STREAM) {
|
||||
rev->handler = ngx_event_accept;
|
||||
|
||||
#if (NGX_QUIC)
|
||||
} else if (ls[i].quic) {
|
||||
rev->handler = ngx_quic_recvmsg;
|
||||
#endif
|
||||
} else {
|
||||
rev->handler = ngx_event_recvmsg;
|
||||
}
|
||||
rev->handler = (c->type == SOCK_STREAM) ? ngx_event_accept
|
||||
: ngx_event_recvmsg;
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
|
@ -923,8 +886,6 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
if ((ngx_event_flags & NGX_USE_EPOLL_EVENT)
|
||||
&& ccf->worker_processes > 1)
|
||||
{
|
||||
ngx_use_exclusive_accept = 1;
|
||||
|
||||
if (ngx_add_event(rev, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
|
|
|
@ -147,6 +147,10 @@ struct ngx_event_aio_s {
|
|||
|
||||
ngx_fd_t fd;
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
ssize_t (*preload_handler)(ngx_buf_t *file);
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_EVENTFD)
|
||||
int64_t res;
|
||||
#endif
|
||||
|
@ -462,7 +466,6 @@ extern ngx_uint_t ngx_accept_events;
|
|||
extern ngx_uint_t ngx_accept_mutex_held;
|
||||
extern ngx_msec_t ngx_accept_mutex_delay;
|
||||
extern ngx_int_t ngx_accept_disabled;
|
||||
extern ngx_uint_t ngx_use_exclusive_accept;
|
||||
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
|
@ -494,6 +497,12 @@ extern ngx_module_t ngx_event_core_module;
|
|||
|
||||
|
||||
void ngx_event_accept(ngx_event_t *ev);
|
||||
#if !(NGX_WIN32)
|
||||
void ngx_event_recvmsg(ngx_event_t *ev);
|
||||
void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
#endif
|
||||
void ngx_delete_udp_connection(void *data);
|
||||
ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle);
|
||||
ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
|
||||
u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len);
|
||||
|
@ -523,7 +532,6 @@ ngx_int_t ngx_send_lowat(ngx_connection_t *c, size_t lowat);
|
|||
|
||||
#include <ngx_event_timer.h>
|
||||
#include <ngx_event_posted.h>
|
||||
#include <ngx_event_udp.h>
|
||||
|
||||
#if (NGX_WIN32)
|
||||
#include <ngx_iocp_module.h>
|
||||
|
|
|
@ -11,9 +11,6 @@
|
|||
|
||||
|
||||
static ngx_int_t ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all);
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
static void ngx_reorder_accept_events(ngx_listening_t *ls);
|
||||
#endif
|
||||
static void ngx_close_accepted_connection(ngx_connection_t *c);
|
||||
|
||||
|
||||
|
@ -317,10 +314,6 @@ ngx_event_accept(ngx_event_t *ev)
|
|||
}
|
||||
|
||||
} while (ev->available);
|
||||
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
ngx_reorder_accept_events(ls);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
@ -427,57 +420,6 @@ ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
|
||||
static void
|
||||
ngx_reorder_accept_events(ngx_listening_t *ls)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
|
||||
/*
|
||||
* Linux with EPOLLEXCLUSIVE usually notifies only the process which
|
||||
* was first to add the listening socket to the epoll instance. As
|
||||
* a result most of the connections are handled by the first worker
|
||||
* process. To fix this, we re-add the socket periodically, so other
|
||||
* workers will get a chance to accept connections.
|
||||
*/
|
||||
|
||||
if (!ngx_use_exclusive_accept) {
|
||||
return;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
if (ls->reuseport) {
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
c = ls->connection;
|
||||
|
||||
if (c->requests++ % 16 != 0
|
||||
&& ngx_accept_disabled <= 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (ngx_del_event(c->read, NGX_READ_EVENT, NGX_DISABLE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (ngx_add_event(c->read, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static void
|
||||
ngx_close_accepted_connection(ngx_connection_t *c)
|
||||
{
|
||||
|
|
|
@ -179,8 +179,6 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
|
|||
c->recv = ngx_udp_recv;
|
||||
c->send = ngx_send;
|
||||
c->send_chain = ngx_udp_send_chain;
|
||||
|
||||
c->need_flush_buf = 1;
|
||||
}
|
||||
|
||||
c->log_error = pc->log_error;
|
||||
|
|
|
@ -127,8 +127,8 @@ void ngx_iocp_wait_events(int main)
|
|||
conn[0] = NULL;
|
||||
|
||||
for ( ;; ) {
|
||||
offset = (nevents == WSA_MAXIMUM_WAIT_EVENTS + 1) ? 1 : 0;
|
||||
timeout = (nevents == 1 && !first) ? 60000 : INFINITE;
|
||||
offset = (nevents == WSA_MAXIMUM_WAIT_EVENTS + 1) ? 1: 0;
|
||||
timeout = (nevents == 1 && !first) ? 60000: INFINITE;
|
||||
|
||||
n = WSAWaitForMultipleEvents(nevents - offset, events[offset],
|
||||
0, timeout, 0);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -24,19 +24,12 @@
|
|||
#include <openssl/engine.h>
|
||||
#endif
|
||||
#include <openssl/evp.h>
|
||||
#if (NGX_QUIC)
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
#include <openssl/hkdf.h>
|
||||
#include <openssl/chacha.h>
|
||||
#else
|
||||
#include <openssl/kdf.h>
|
||||
#endif
|
||||
#endif
|
||||
#include <openssl/hmac.h>
|
||||
#ifndef OPENSSL_NO_OCSP
|
||||
#include <openssl/ocsp.h>
|
||||
#endif
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
|
@ -117,12 +110,10 @@ struct ngx_ssl_connection_s {
|
|||
unsigned handshake_rejected:1;
|
||||
unsigned renegotiation:1;
|
||||
unsigned buffer:1;
|
||||
unsigned sendfile:1;
|
||||
unsigned no_wait_shutdown:1;
|
||||
unsigned no_send_shutdown:1;
|
||||
unsigned shutdown_without_free:1;
|
||||
unsigned handshake_buffer_set:1;
|
||||
unsigned session_timeout_set:1;
|
||||
unsigned try_early_data:1;
|
||||
unsigned in_early:1;
|
||||
unsigned in_ocsp:1;
|
||||
|
@ -143,37 +134,37 @@ typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
|
|||
|
||||
struct ngx_ssl_sess_id_s {
|
||||
ngx_rbtree_node_t node;
|
||||
u_char *id;
|
||||
size_t len;
|
||||
u_char *session;
|
||||
ngx_queue_t queue;
|
||||
time_t expire;
|
||||
u_char id[32];
|
||||
#if (NGX_PTR_SIZE == 8)
|
||||
u_char *session;
|
||||
#else
|
||||
u_char session[1];
|
||||
void *stub;
|
||||
u_char sess_id[32];
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char name[16];
|
||||
u_char hmac_key[32];
|
||||
u_char aes_key[32];
|
||||
time_t expire;
|
||||
unsigned size:8;
|
||||
unsigned shared:1;
|
||||
} ngx_ssl_ticket_key_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_rbtree_t session_rbtree;
|
||||
ngx_rbtree_node_t sentinel;
|
||||
ngx_queue_t expire_queue;
|
||||
ngx_ssl_ticket_key_t ticket_keys[3];
|
||||
time_t fail_time;
|
||||
} ngx_ssl_session_cache_t;
|
||||
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
|
||||
|
||||
typedef struct {
|
||||
size_t size;
|
||||
u_char name[16];
|
||||
u_char hmac_key[32];
|
||||
u_char aes_key[32];
|
||||
} ngx_ssl_session_ticket_key_t;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_SSL_SSLv2 0x0002
|
||||
#define NGX_SSL_SSLv3 0x0004
|
||||
#define NGX_SSL_TLSv1 0x0008
|
||||
|
@ -213,12 +204,14 @@ ngx_int_t ngx_ssl_ocsp(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *responder,
|
|||
ngx_uint_t depth, ngx_shm_zone_t *shm_zone);
|
||||
ngx_int_t ngx_ssl_ocsp_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
|
||||
|
||||
ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
|
||||
void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
|
||||
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
||||
int key_length);
|
||||
#endif
|
||||
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
|
||||
ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
|
||||
ngx_array_t *passwords);
|
||||
|
@ -267,8 +260,6 @@ ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_ciphers(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_curve(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
|
@ -279,8 +270,6 @@ ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_alpn_protocol(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
|
@ -310,9 +299,6 @@ ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
|
||||
|
||||
ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_ssl_handshake_log(ngx_connection_t *c);
|
||||
#endif
|
||||
ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
|
||||
ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
|
||||
ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit);
|
||||
|
@ -328,7 +314,7 @@ void ngx_ssl_cleanup_ctx(void *data);
|
|||
extern int ngx_ssl_connection_index;
|
||||
extern int ngx_ssl_server_conf_index;
|
||||
extern int ngx_ssl_session_cache_index;
|
||||
extern int ngx_ssl_ticket_keys_index;
|
||||
extern int ngx_ssl_session_ticket_keys_index;
|
||||
extern int ngx_ssl_ocsp_index;
|
||||
extern int ngx_ssl_certificate_index;
|
||||
extern int ngx_ssl_next_certificate_index;
|
||||
|
|
|
@ -73,7 +73,7 @@ ngx_event_expire_timers(void)
|
|||
return;
|
||||
}
|
||||
|
||||
ev = ngx_rbtree_data(node, ngx_event_t, timer);
|
||||
ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"event timer del: %d: %M",
|
||||
|
@ -113,7 +113,7 @@ ngx_event_no_timers_left(void)
|
|||
node;
|
||||
node = ngx_rbtree_next(&ngx_event_timer_rbtree, node))
|
||||
{
|
||||
ev = ngx_rbtree_data(node, ngx_event_t, timer);
|
||||
ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
|
||||
|
||||
if (!ev->cancelable) {
|
||||
return NGX_AGAIN;
|
||||
|
|
|
@ -12,6 +12,13 @@
|
|||
|
||||
#if !(NGX_WIN32)
|
||||
|
||||
struct ngx_udp_connection_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_connection_t *connection;
|
||||
ngx_buf_t *buffer;
|
||||
};
|
||||
|
||||
|
||||
static void ngx_close_accepted_udp_connection(ngx_connection_t *c);
|
||||
static ssize_t ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf,
|
||||
size_t size);
|
||||
|
@ -39,8 +46,18 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
ngx_connection_t *c, *lc;
|
||||
static u_char buffer[65535];
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(ngx_addrinfo_t))];
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(struct in_addr))];
|
||||
#elif (NGX_HAVE_IP_PKTINFO)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(struct in_pktinfo))];
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
u_char msg_control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
if (ev->timedout) {
|
||||
|
@ -75,13 +92,25 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
msg.msg_iov = iov;
|
||||
msg.msg_iovlen = 1;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
if (ls->wildcard) {
|
||||
msg.msg_control = &msg_control;
|
||||
msg.msg_controllen = sizeof(msg_control);
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
ngx_memzero(&msg_control, sizeof(msg_control));
|
||||
if (ls->wildcard) {
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR || NGX_HAVE_IP_PKTINFO)
|
||||
if (ls->sockaddr->sa_family == AF_INET) {
|
||||
msg.msg_control = &msg_control;
|
||||
msg.msg_controllen = sizeof(msg_control);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
if (ls->sockaddr->sa_family == AF_INET6) {
|
||||
msg.msg_control = &msg_control6;
|
||||
msg.msg_controllen = sizeof(msg_control6);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
n = recvmsg(lc->fd, &msg, 0);
|
||||
|
@ -100,7 +129,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
return;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
|
||||
ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
|
||||
"recvmsg() truncated data");
|
||||
|
@ -130,7 +159,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
local_sockaddr = ls->sockaddr;
|
||||
local_socklen = ls->socklen;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
if (ls->wildcard) {
|
||||
struct cmsghdr *cmsg;
|
||||
|
@ -142,9 +171,59 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
cmsg != NULL;
|
||||
cmsg = CMSG_NXTHDR(&msg, cmsg))
|
||||
{
|
||||
if (ngx_get_srcaddr_cmsg(cmsg, local_sockaddr) == NGX_OK) {
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IP
|
||||
&& cmsg->cmsg_type == IP_RECVDSTADDR
|
||||
&& local_sockaddr->sa_family == AF_INET)
|
||||
{
|
||||
struct in_addr *addr;
|
||||
struct sockaddr_in *sin;
|
||||
|
||||
addr = (struct in_addr *) CMSG_DATA(cmsg);
|
||||
sin = (struct sockaddr_in *) local_sockaddr;
|
||||
sin->sin_addr = *addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#elif (NGX_HAVE_IP_PKTINFO)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IP
|
||||
&& cmsg->cmsg_type == IP_PKTINFO
|
||||
&& local_sockaddr->sa_family == AF_INET)
|
||||
{
|
||||
struct in_pktinfo *pkt;
|
||||
struct sockaddr_in *sin;
|
||||
|
||||
pkt = (struct in_pktinfo *) CMSG_DATA(cmsg);
|
||||
sin = (struct sockaddr_in *) local_sockaddr;
|
||||
sin->sin_addr = pkt->ipi_addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IPV6
|
||||
&& cmsg->cmsg_type == IPV6_PKTINFO
|
||||
&& local_sockaddr->sa_family == AF_INET6)
|
||||
{
|
||||
struct in6_pktinfo *pkt6;
|
||||
struct sockaddr_in6 *sin6;
|
||||
|
||||
pkt6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
|
||||
sin6 = (struct sockaddr_in6 *) local_sockaddr;
|
||||
sin6->sin6_addr = pkt6->ipi6_addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -239,8 +318,6 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
c->send = ngx_udp_send;
|
||||
c->send_chain = ngx_udp_send_chain;
|
||||
|
||||
c->need_flush_buf = 1;
|
||||
|
||||
c->log = log;
|
||||
c->pool->log = log;
|
||||
c->listening = ls;
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_UDP_H_INCLUDED_
|
||||
#define _NGX_EVENT_UDP_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#if !(NGX_WIN32)
|
||||
|
||||
#if ((NGX_HAVE_MSGHDR_MSG_CONTROL) \
|
||||
&& (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR \
|
||||
|| NGX_HAVE_IP_PKTINFO \
|
||||
|| (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)))
|
||||
#define NGX_HAVE_ADDRINFO_CMSG 1
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
struct ngx_udp_connection_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_connection_t *connection;
|
||||
ngx_buf_t *buffer;
|
||||
};
|
||||
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
|
||||
typedef union {
|
||||
#if (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR)
|
||||
struct in_addr addr;
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_IP_PKTINFO)
|
||||
struct in_pktinfo pkt;
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
struct in6_pktinfo pkt6;
|
||||
#endif
|
||||
} ngx_addrinfo_t;
|
||||
|
||||
size_t ngx_set_srcaddr_cmsg(struct cmsghdr *cmsg,
|
||||
struct sockaddr *local_sockaddr);
|
||||
ngx_int_t ngx_get_srcaddr_cmsg(struct cmsghdr *cmsg,
|
||||
struct sockaddr *local_sockaddr);
|
||||
|
||||
#endif
|
||||
|
||||
void ngx_event_recvmsg(ngx_event_t *ev);
|
||||
ssize_t ngx_sendmsg(ngx_connection_t *c, struct msghdr *msg, int flags);
|
||||
void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
#endif
|
||||
|
||||
void ngx_delete_udp_connection(void *data);
|
||||
|
||||
|
||||
#endif /* _NGX_EVENT_UDP_H_INCLUDED_ */
|
|
@ -1,113 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
export LANG=C
|
||||
|
||||
set -e
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: PROGNAME=foo LICENSE=bar $0 <bpf object file>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
self=$0
|
||||
filename=$1
|
||||
funcname=$PROGNAME
|
||||
|
||||
generate_head()
|
||||
{
|
||||
cat << END
|
||||
/* AUTO-GENERATED, DO NOT EDIT. */
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "ngx_bpf.h"
|
||||
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
generate_tail()
|
||||
{
|
||||
cat << END
|
||||
|
||||
ngx_bpf_program_t $PROGNAME = {
|
||||
.relocs = bpf_reloc_prog_$funcname,
|
||||
.nrelocs = sizeof(bpf_reloc_prog_$funcname)
|
||||
/ sizeof(bpf_reloc_prog_$funcname[0]),
|
||||
.ins = bpf_insn_prog_$funcname,
|
||||
.nins = sizeof(bpf_insn_prog_$funcname)
|
||||
/ sizeof(bpf_insn_prog_$funcname[0]),
|
||||
.license = "$LICENSE",
|
||||
.type = BPF_PROG_TYPE_SK_REUSEPORT,
|
||||
};
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
process_relocations()
|
||||
{
|
||||
echo "static ngx_bpf_reloc_t bpf_reloc_prog_$funcname[] = {"
|
||||
|
||||
objdump -r $filename | awk '{
|
||||
|
||||
if (enabled && $NF > 0) {
|
||||
off = strtonum(sprintf("0x%s", $1));
|
||||
name = $3;
|
||||
|
||||
printf(" { \"%s\", %d },\n", name, off/8);
|
||||
}
|
||||
|
||||
if ($1 == "OFFSET") {
|
||||
enabled=1;
|
||||
}
|
||||
}'
|
||||
echo "};"
|
||||
echo
|
||||
}
|
||||
|
||||
process_section()
|
||||
{
|
||||
echo "static struct bpf_insn bpf_insn_prog_$funcname[] = {"
|
||||
echo " /* opcode dst src offset imm */"
|
||||
|
||||
section_info=$(objdump -h $filename --section=$funcname | grep "1 $funcname")
|
||||
|
||||
# dd doesn't know hex
|
||||
length=$(printf "%d" 0x$(echo $section_info | cut -d ' ' -f3))
|
||||
offset=$(printf "%d" 0x$(echo $section_info | cut -d ' ' -f6))
|
||||
|
||||
for ins in $(dd if="$filename" bs=1 count=$length skip=$offset status=none | xxd -p -c 8)
|
||||
do
|
||||
opcode=0x${ins:0:2}
|
||||
srcdst=0x${ins:2:2}
|
||||
|
||||
# bytes are dumped in LE order
|
||||
offset=0x${ins:6:2}${ins:4:2} # short
|
||||
immedi=0x${ins:14:2}${ins:12:2}${ins:10:2}${ins:8:2} # int
|
||||
|
||||
dst="$(($srcdst & 0xF))"
|
||||
src="$(($srcdst & 0xF0))"
|
||||
src="$(($src >> 4))"
|
||||
|
||||
opcode=$(printf "0x%x" $opcode)
|
||||
dst=$(printf "BPF_REG_%d" $dst)
|
||||
src=$(printf "BPF_REG_%d" $src)
|
||||
offset=$(printf "%d" $offset)
|
||||
immedi=$(printf "0x%x" $immedi)
|
||||
|
||||
printf " { %4s, %11s, %11s, (int16_t) %6s, %10s },\n" $opcode $dst $src $offset $immedi
|
||||
done
|
||||
|
||||
cat << END
|
||||
};
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
generate_head
|
||||
process_relocations
|
||||
process_section
|
||||
generate_tail
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
CFLAGS=-O2 -Wall
|
||||
|
||||
LICENSE=BSD
|
||||
|
||||
PROGNAME=ngx_quic_reuseport_helper
|
||||
RESULT=ngx_event_quic_bpf_code
|
||||
DEST=../$(RESULT).c
|
||||
|
||||
all: $(RESULT)
|
||||
|
||||
$(RESULT): $(PROGNAME).o
|
||||
LICENSE=$(LICENSE) PROGNAME=$(PROGNAME) bash ./bpfgen.sh $< > $@
|
||||
|
||||
DEFS=-DPROGNAME=\"$(PROGNAME)\" \
|
||||
-DLICENSE_$(LICENSE) \
|
||||
-DLICENSE=\"$(LICENSE)\" \
|
||||
|
||||
$(PROGNAME).o: $(PROGNAME).c
|
||||
clang $(CFLAGS) $(DEFS) -target bpf -c $< -o $@
|
||||
|
||||
install: $(RESULT)
|
||||
cp $(RESULT) $(DEST)
|
||||
|
||||
clean:
|
||||
@rm -f $(RESULT) *.o
|
||||
|
||||
debug: $(PROGNAME).o
|
||||
llvm-objdump -S -no-show-raw-insn $<
|
||||
|
||||
.DELETE_ON_ERROR:
|
|
@ -1,140 +0,0 @@
|
|||
#include <errno.h>
|
||||
#include <linux/string.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/bpf.h>
|
||||
/*
|
||||
* the bpf_helpers.h is not included into linux-headers, only available
|
||||
* with kernel sources in "tools/lib/bpf/bpf_helpers.h" or in libbpf.
|
||||
*/
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
|
||||
#if !defined(SEC)
|
||||
#define SEC(NAME) __attribute__((section(NAME), used))
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(LICENSE_GPL)
|
||||
|
||||
/*
|
||||
* To see debug:
|
||||
*
|
||||
* echo 1 > /sys/kernel/debug/tracing/events/bpf_trace/enable
|
||||
* cat /sys/kernel/debug/tracing/trace_pipe
|
||||
* echo 0 > /sys/kernel/debug/tracing/events/bpf_trace/enable
|
||||
*/
|
||||
|
||||
#define debugmsg(fmt, ...) \
|
||||
do { \
|
||||
char __buf[] = fmt; \
|
||||
bpf_trace_printk(__buf, sizeof(__buf), ##__VA_ARGS__); \
|
||||
} while (0)
|
||||
|
||||
#else
|
||||
|
||||
#define debugmsg(fmt, ...)
|
||||
|
||||
#endif
|
||||
|
||||
char _license[] SEC("license") = LICENSE;
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define NGX_QUIC_PKT_LONG 0x80 /* header form */
|
||||
#define NGX_QUIC_SERVER_CID_LEN 20
|
||||
|
||||
|
||||
#define advance_data(nbytes) \
|
||||
offset += nbytes; \
|
||||
if (start + offset > end) { \
|
||||
debugmsg("cannot read %ld bytes at offset %ld", nbytes, offset); \
|
||||
goto failed; \
|
||||
} \
|
||||
data = start + offset - 1;
|
||||
|
||||
|
||||
#define ngx_quic_parse_uint64(p) \
|
||||
(((__u64)(p)[0] << 56) | \
|
||||
((__u64)(p)[1] << 48) | \
|
||||
((__u64)(p)[2] << 40) | \
|
||||
((__u64)(p)[3] << 32) | \
|
||||
((__u64)(p)[4] << 24) | \
|
||||
((__u64)(p)[5] << 16) | \
|
||||
((__u64)(p)[6] << 8) | \
|
||||
((__u64)(p)[7]))
|
||||
|
||||
/*
|
||||
* actual map object is created by the "bpf" system call,
|
||||
* all pointers to this variable are replaced by the bpf loader
|
||||
*/
|
||||
struct bpf_map_def SEC("maps") ngx_quic_sockmap;
|
||||
|
||||
|
||||
SEC(PROGNAME)
|
||||
int ngx_quic_select_socket_by_dcid(struct sk_reuseport_md *ctx)
|
||||
{
|
||||
int rc;
|
||||
__u64 key;
|
||||
size_t len, offset;
|
||||
unsigned char *start, *end, *data, *dcid;
|
||||
|
||||
start = ctx->data;
|
||||
end = (unsigned char *) ctx->data_end;
|
||||
offset = 0;
|
||||
|
||||
advance_data(sizeof(struct udphdr)); /* data at UDP header */
|
||||
advance_data(1); /* data at QUIC flags */
|
||||
|
||||
if (data[0] & NGX_QUIC_PKT_LONG) {
|
||||
|
||||
advance_data(4); /* data at QUIC version */
|
||||
advance_data(1); /* data at DCID len */
|
||||
|
||||
len = data[0]; /* read DCID length */
|
||||
|
||||
if (len < 8) {
|
||||
/* it's useless to search for key in such short DCID */
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
} else {
|
||||
len = NGX_QUIC_SERVER_CID_LEN;
|
||||
}
|
||||
|
||||
dcid = &data[1];
|
||||
advance_data(len); /* we expect the packet to have full DCID */
|
||||
|
||||
/* make verifier happy */
|
||||
if (dcid + sizeof(__u64) > end) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
key = ngx_quic_parse_uint64(dcid);
|
||||
|
||||
rc = bpf_sk_select_reuseport(ctx, &ngx_quic_sockmap, &key, 0);
|
||||
|
||||
switch (rc) {
|
||||
case 0:
|
||||
debugmsg("nginx quic socket selected by key 0x%llx", key);
|
||||
return SK_PASS;
|
||||
|
||||
/* kernel returns positive error numbers, errno.h defines positive */
|
||||
case -ENOENT:
|
||||
debugmsg("nginx quic default route for key 0x%llx", key);
|
||||
/* let the default reuseport logic decide which socket to choose */
|
||||
return SK_PASS;
|
||||
|
||||
default:
|
||||
debugmsg("nginx quic bpf_sk_select_reuseport err: %d key 0x%llx",
|
||||
rc, key);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
failed:
|
||||
/*
|
||||
* SK_DROP will generate ICMP, but we may want to process "invalid" packet
|
||||
* in userspace quic to investigate further and finally react properly
|
||||
* (maybe ignore, maybe send something in response or close connection)
|
||||
*/
|
||||
return SK_PASS;
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -1,131 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527
|
||||
|
||||
#define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
|
||||
#define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25
|
||||
#define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32
|
||||
#define NGX_QUIC_SR_KEY_LEN 32
|
||||
#define NGX_QUIC_AV_KEY_LEN 32
|
||||
|
||||
#define NGX_QUIC_SR_TOKEN_LEN 16
|
||||
|
||||
#define NGX_QUIC_MIN_INITIAL_SIZE 1200
|
||||
|
||||
#define NGX_QUIC_STREAM_SERVER_INITIATED 0x01
|
||||
#define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02
|
||||
|
||||
|
||||
typedef ngx_int_t (*ngx_quic_init_pt)(ngx_connection_t *c);
|
||||
typedef void (*ngx_quic_shutdown_pt)(ngx_connection_t *c);
|
||||
|
||||
|
||||
typedef enum {
|
||||
NGX_QUIC_STREAM_SEND_READY = 0,
|
||||
NGX_QUIC_STREAM_SEND_SEND,
|
||||
NGX_QUIC_STREAM_SEND_DATA_SENT,
|
||||
NGX_QUIC_STREAM_SEND_DATA_RECVD,
|
||||
NGX_QUIC_STREAM_SEND_RESET_SENT,
|
||||
NGX_QUIC_STREAM_SEND_RESET_RECVD
|
||||
} ngx_quic_stream_send_state_e;
|
||||
|
||||
|
||||
typedef enum {
|
||||
NGX_QUIC_STREAM_RECV_RECV = 0,
|
||||
NGX_QUIC_STREAM_RECV_SIZE_KNOWN,
|
||||
NGX_QUIC_STREAM_RECV_DATA_RECVD,
|
||||
NGX_QUIC_STREAM_RECV_DATA_READ,
|
||||
NGX_QUIC_STREAM_RECV_RESET_RECVD,
|
||||
NGX_QUIC_STREAM_RECV_RESET_READ
|
||||
} ngx_quic_stream_recv_state_e;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t size;
|
||||
uint64_t offset;
|
||||
uint64_t last_offset;
|
||||
ngx_chain_t *chain;
|
||||
ngx_chain_t *last_chain;
|
||||
} ngx_quic_buffer_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_ssl_t *ssl;
|
||||
|
||||
ngx_flag_t retry;
|
||||
ngx_flag_t gso_enabled;
|
||||
ngx_flag_t disable_active_migration;
|
||||
ngx_msec_t timeout;
|
||||
ngx_str_t host_key;
|
||||
size_t mtu;
|
||||
size_t stream_buffer_size;
|
||||
ngx_uint_t max_concurrent_streams_bidi;
|
||||
ngx_uint_t max_concurrent_streams_uni;
|
||||
ngx_uint_t active_connection_id_limit;
|
||||
ngx_int_t stream_close_code;
|
||||
ngx_int_t stream_reject_code_uni;
|
||||
ngx_int_t stream_reject_code_bidi;
|
||||
|
||||
ngx_quic_init_pt init;
|
||||
ngx_quic_shutdown_pt shutdown;
|
||||
|
||||
u_char av_token_key[NGX_QUIC_AV_KEY_LEN];
|
||||
u_char sr_token_key[NGX_QUIC_SR_KEY_LEN];
|
||||
} ngx_quic_conf_t;
|
||||
|
||||
|
||||
struct ngx_quic_stream_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_queue_t queue;
|
||||
ngx_connection_t *parent;
|
||||
ngx_connection_t *connection;
|
||||
uint64_t id;
|
||||
uint64_t sent;
|
||||
uint64_t acked;
|
||||
uint64_t send_max_data;
|
||||
uint64_t send_offset;
|
||||
uint64_t send_final_size;
|
||||
uint64_t recv_max_data;
|
||||
uint64_t recv_offset;
|
||||
uint64_t recv_window;
|
||||
uint64_t recv_last;
|
||||
uint64_t recv_final_size;
|
||||
ngx_quic_buffer_t send;
|
||||
ngx_quic_buffer_t recv;
|
||||
ngx_quic_stream_send_state_e send_state;
|
||||
ngx_quic_stream_recv_state_e recv_state;
|
||||
unsigned cancelable:1;
|
||||
unsigned fin_acked:1;
|
||||
};
|
||||
|
||||
|
||||
void ngx_quic_recvmsg(ngx_event_t *ev);
|
||||
void ngx_quic_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf);
|
||||
ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi);
|
||||
void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err,
|
||||
const char *reason);
|
||||
void ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err,
|
||||
const char *reason);
|
||||
ngx_int_t ngx_quic_reset_stream(ngx_connection_t *c, ngx_uint_t err);
|
||||
ngx_int_t ngx_quic_shutdown_stream(ngx_connection_t *c, int how);
|
||||
void ngx_quic_cancelable_stream(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_get_packet_dcid(ngx_log_t *log, u_char *data, size_t len,
|
||||
ngx_str_t *dcid);
|
||||
ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label,
|
||||
ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,30 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_ACK_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_ACK_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_frame_t *f);
|
||||
|
||||
void ngx_quic_congestion_ack(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *frame);
|
||||
void ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx);
|
||||
void ngx_quic_set_lost_timer(ngx_connection_t *c);
|
||||
void ngx_quic_pto_handler(ngx_event_t *ev);
|
||||
ngx_msec_t ngx_quic_pto(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx);
|
||||
|
||||
ngx_int_t ngx_quic_ack_packet(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt);
|
||||
ngx_int_t ngx_quic_generate_ack(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_ACK_H_INCLUDED_ */
|
|
@ -1,657 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_BPF_VARNAME "NGINX_BPF_MAPS"
|
||||
#define NGX_QUIC_BPF_VARSEP ';'
|
||||
#define NGX_QUIC_BPF_ADDRSEP '#'
|
||||
|
||||
|
||||
#define ngx_quic_bpf_get_conf(cycle) \
|
||||
(ngx_quic_bpf_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_quic_bpf_module)
|
||||
|
||||
#define ngx_quic_bpf_get_old_conf(cycle) \
|
||||
cycle->old_cycle->conf_ctx ? ngx_quic_bpf_get_conf(cycle->old_cycle) \
|
||||
: NULL
|
||||
|
||||
#define ngx_core_get_conf(cycle) \
|
||||
(ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module)
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_queue_t queue;
|
||||
int map_fd;
|
||||
|
||||
struct sockaddr *sockaddr;
|
||||
socklen_t socklen;
|
||||
ngx_uint_t unused; /* unsigned unused:1; */
|
||||
} ngx_quic_sock_group_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t enabled;
|
||||
ngx_uint_t map_size;
|
||||
ngx_queue_t groups; /* of ngx_quic_sock_group_t */
|
||||
} ngx_quic_bpf_conf_t;
|
||||
|
||||
|
||||
static void *ngx_quic_bpf_create_conf(ngx_cycle_t *cycle);
|
||||
static ngx_int_t ngx_quic_bpf_module_init(ngx_cycle_t *cycle);
|
||||
|
||||
static void ngx_quic_bpf_cleanup(void *data);
|
||||
static ngx_inline void ngx_quic_bpf_close(ngx_log_t *log, int fd,
|
||||
const char *name);
|
||||
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_find_group(ngx_quic_bpf_conf_t *bcf,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_alloc_group(ngx_cycle_t *cycle,
|
||||
struct sockaddr *sa, socklen_t socklen);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_create_group(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_get_group(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_int_t ngx_quic_bpf_group_add_socket(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static uint64_t ngx_quic_bpf_socket_key(ngx_fd_t fd, ngx_log_t *log);
|
||||
|
||||
static ngx_int_t ngx_quic_bpf_export_maps(ngx_cycle_t *cycle);
|
||||
static ngx_int_t ngx_quic_bpf_import_maps(ngx_cycle_t *cycle);
|
||||
|
||||
extern ngx_bpf_program_t ngx_quic_reuseport_helper;
|
||||
|
||||
|
||||
static ngx_command_t ngx_quic_bpf_commands[] = {
|
||||
|
||||
{ ngx_string("quic_bpf"),
|
||||
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_FLAG,
|
||||
ngx_conf_set_flag_slot,
|
||||
0,
|
||||
offsetof(ngx_quic_bpf_conf_t, enabled),
|
||||
NULL },
|
||||
|
||||
ngx_null_command
|
||||
};
|
||||
|
||||
|
||||
static ngx_core_module_t ngx_quic_bpf_module_ctx = {
|
||||
ngx_string("quic_bpf"),
|
||||
ngx_quic_bpf_create_conf,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
ngx_module_t ngx_quic_bpf_module = {
|
||||
NGX_MODULE_V1,
|
||||
&ngx_quic_bpf_module_ctx, /* module context */
|
||||
ngx_quic_bpf_commands, /* module directives */
|
||||
NGX_CORE_MODULE, /* module type */
|
||||
NULL, /* init master */
|
||||
ngx_quic_bpf_module_init, /* init module */
|
||||
NULL, /* init process */
|
||||
NULL, /* init thread */
|
||||
NULL, /* exit thread */
|
||||
NULL, /* exit process */
|
||||
NULL, /* exit master */
|
||||
NGX_MODULE_V1_PADDING
|
||||
};
|
||||
|
||||
|
||||
static void *
|
||||
ngx_quic_bpf_create_conf(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
|
||||
bcf = ngx_pcalloc(cycle->pool, sizeof(ngx_quic_bpf_conf_t));
|
||||
if (bcf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bcf->enabled = NGX_CONF_UNSET;
|
||||
bcf->map_size = NGX_CONF_UNSET_UINT;
|
||||
|
||||
ngx_queue_init(&bcf->groups);
|
||||
|
||||
return bcf;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_module_init(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_uint_t i;
|
||||
ngx_listening_t *ls;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
|
||||
if (ngx_test_config) {
|
||||
/*
|
||||
* during config test, SO_REUSEPORT socket option is
|
||||
* not set, thus making further processing meaningless
|
||||
*/
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ccf = ngx_core_get_conf(cycle);
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
ngx_conf_init_value(bcf->enabled, 0);
|
||||
|
||||
bcf->map_size = ccf->worker_processes * 4;
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
cln->data = bcf;
|
||||
cln->handler = ngx_quic_bpf_cleanup;
|
||||
|
||||
if (ngx_inherited && ngx_is_init_cycle(cycle->old_cycle)) {
|
||||
if (ngx_quic_bpf_import_maps(cycle) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
if (ls[i].quic && ls[i].reuseport) {
|
||||
if (ngx_quic_bpf_group_add_socket(cycle, &ls[i]) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (ngx_quic_bpf_export_maps(cycle) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
failed:
|
||||
|
||||
if (ngx_is_init_cycle(cycle->old_cycle)) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"ngx_quic_bpf_module failed to initialize, check limits");
|
||||
|
||||
/* refuse to start */
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* returning error now will lead to master process exiting immediately
|
||||
* leaving worker processes orphaned, what is really unexpected.
|
||||
* Instead, just issue a not about failed initialization and try
|
||||
* to cleanup a bit. Still program can be already loaded to kernel
|
||||
* for some reuseport groups, and there is no way to revert, so
|
||||
* behaviour may be inconsistent.
|
||||
*/
|
||||
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"ngx_quic_bpf_module failed to initialize properly, ignored."
|
||||
"please check limits and note that nginx state now "
|
||||
"can be inconsistent and restart may be required");
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_bpf_cleanup(void *data)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf = (ngx_quic_bpf_conf_t *) data;
|
||||
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
ngx_quic_bpf_close(ngx_cycle->log, grp->map_fd, "map");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_quic_bpf_close(ngx_log_t *log, int fd, const char *name)
|
||||
{
|
||||
if (close(fd) != -1) {
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_errno,
|
||||
"quic bpf close %s fd:%d failed", name, fd);
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_find_group(ngx_quic_bpf_conf_t *bcf, ngx_listening_t *ls)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
if (ngx_cmp_sockaddr(ls->sockaddr, ls->socklen,
|
||||
grp->sockaddr, grp->socklen, 1)
|
||||
== NGX_OK)
|
||||
{
|
||||
return grp;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_alloc_group(ngx_cycle_t *cycle, struct sockaddr *sa,
|
||||
socklen_t socklen)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_pcalloc(cycle->pool, sizeof(ngx_quic_sock_group_t));
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->socklen = socklen;
|
||||
grp->sockaddr = ngx_palloc(cycle->pool, socklen);
|
||||
if (grp->sockaddr == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
ngx_memcpy(grp->sockaddr, sa, socklen);
|
||||
|
||||
ngx_queue_insert_tail(&bcf->groups, &grp->queue);
|
||||
|
||||
return grp;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_create_group(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
int progfd, failed, flags, rc;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
if (!bcf->enabled) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp = ngx_quic_bpf_alloc_group(cycle, ls->sockaddr, ls->socklen);
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->map_fd = ngx_bpf_map_create(cycle->log, BPF_MAP_TYPE_SOCKHASH,
|
||||
sizeof(uint64_t), sizeof(uint64_t),
|
||||
bcf->map_size, 0);
|
||||
if (grp->map_fd == -1) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
flags = fcntl(grp->map_fd, F_GETFD);
|
||||
if (flags == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, errno,
|
||||
"quic bpf getfd failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* need to inherit map during binary upgrade after exec */
|
||||
flags &= ~FD_CLOEXEC;
|
||||
|
||||
rc = fcntl(grp->map_fd, F_SETFD, flags);
|
||||
if (rc == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, errno,
|
||||
"quic bpf setfd failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ngx_bpf_program_link(&ngx_quic_reuseport_helper,
|
||||
"ngx_quic_sockmap", grp->map_fd);
|
||||
|
||||
progfd = ngx_bpf_load_program(cycle->log, &ngx_quic_reuseport_helper);
|
||||
if (progfd < 0) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
failed = 0;
|
||||
|
||||
if (setsockopt(ls->fd, SOL_SOCKET, SO_ATTACH_REUSEPORT_EBPF,
|
||||
&progfd, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno,
|
||||
"quic bpf setsockopt(SO_ATTACH_REUSEPORT_EBPF) failed");
|
||||
failed = 1;
|
||||
}
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, progfd, "program");
|
||||
|
||||
if (failed) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap created fd:%d", grp->map_fd);
|
||||
return grp;
|
||||
|
||||
failed:
|
||||
|
||||
if (grp->map_fd != -1) {
|
||||
ngx_quic_bpf_close(cycle->log, grp->map_fd, "map");
|
||||
}
|
||||
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_get_group(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf, *old_bcf;
|
||||
ngx_quic_sock_group_t *grp, *ogrp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_quic_bpf_find_group(bcf, ls);
|
||||
if (grp) {
|
||||
return grp;
|
||||
}
|
||||
|
||||
old_bcf = ngx_quic_bpf_get_old_conf(cycle);
|
||||
|
||||
if (old_bcf == NULL) {
|
||||
return ngx_quic_bpf_create_group(cycle, ls);
|
||||
}
|
||||
|
||||
ogrp = ngx_quic_bpf_find_group(old_bcf, ls);
|
||||
if (ogrp == NULL) {
|
||||
return ngx_quic_bpf_create_group(cycle, ls);
|
||||
}
|
||||
|
||||
grp = ngx_quic_bpf_alloc_group(cycle, ls->sockaddr, ls->socklen);
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->map_fd = dup(ogrp->map_fd);
|
||||
if (grp->map_fd == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
"quic bpf failed to duplicate bpf map descriptor");
|
||||
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap fd duplicated old:%d new:%d",
|
||||
ogrp->map_fd, grp->map_fd);
|
||||
|
||||
return grp;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_group_add_socket(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
uint64_t cookie;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_quic_bpf_get_group(cycle, ls);
|
||||
|
||||
if (grp == NULL) {
|
||||
if (!bcf->enabled) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->unused = 0;
|
||||
|
||||
cookie = ngx_quic_bpf_socket_key(ls->fd, cycle->log);
|
||||
if (cookie == (uint64_t) NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* map[cookie] = socket; for use in kernel helper */
|
||||
if (ngx_bpf_map_update(grp->map_fd, &cookie, &ls->fd, BPF_ANY) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
"quic bpf failed to update socket map key=%xL", cookie);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap fd:%d add socket:%d cookie:0x%xL worker:%ui",
|
||||
grp->map_fd, ls->fd, cookie, ls->worker);
|
||||
|
||||
/* do not inherit this socket */
|
||||
ls->ignore = 1;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static uint64_t
|
||||
ngx_quic_bpf_socket_key(ngx_fd_t fd, ngx_log_t *log)
|
||||
{
|
||||
uint64_t cookie;
|
||||
socklen_t optlen;
|
||||
|
||||
optlen = sizeof(cookie);
|
||||
|
||||
if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"quic bpf getsockopt(SO_COOKIE) failed");
|
||||
|
||||
return (ngx_uint_t) NGX_ERROR;
|
||||
}
|
||||
|
||||
return cookie;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_export_maps(ngx_cycle_t *cycle)
|
||||
{
|
||||
u_char *p, *buf;
|
||||
size_t len;
|
||||
ngx_str_t *var;
|
||||
ngx_queue_t *q;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
ccf = ngx_core_get_conf(cycle);
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
len = sizeof(NGX_QUIC_BPF_VARNAME) + 1;
|
||||
|
||||
q = ngx_queue_head(&bcf->groups);
|
||||
|
||||
while (q != ngx_queue_sentinel(&bcf->groups)) {
|
||||
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (grp->unused) {
|
||||
/*
|
||||
* map was inherited, but it is not used in this configuration;
|
||||
* do not pass such map further and drop the group to prevent
|
||||
* interference with changes during reload
|
||||
*/
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, grp->map_fd, "map");
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
len += NGX_INT32_LEN + 1 + NGX_SOCKADDR_STRLEN + 1;
|
||||
}
|
||||
|
||||
len++;
|
||||
|
||||
buf = ngx_palloc(cycle->pool, len);
|
||||
if (buf == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p = ngx_cpymem(buf, NGX_QUIC_BPF_VARNAME "=",
|
||||
sizeof(NGX_QUIC_BPF_VARNAME));
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
p = ngx_sprintf(p, "%ud", grp->map_fd);
|
||||
|
||||
*p++ = NGX_QUIC_BPF_ADDRSEP;
|
||||
|
||||
p += ngx_sock_ntop(grp->sockaddr, grp->socklen, p,
|
||||
NGX_SOCKADDR_STRLEN, 1);
|
||||
|
||||
*p++ = NGX_QUIC_BPF_VARSEP;
|
||||
}
|
||||
|
||||
*p = '\0';
|
||||
|
||||
var = ngx_array_push(&ccf->env);
|
||||
if (var == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
var->data = buf;
|
||||
var->len = sizeof(NGX_QUIC_BPF_VARNAME) - 1;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_import_maps(ngx_cycle_t *cycle)
|
||||
{
|
||||
int s;
|
||||
u_char *inherited, *p, *v;
|
||||
ngx_uint_t in_fd;
|
||||
ngx_addr_t tmp;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
inherited = (u_char *) getenv(NGX_QUIC_BPF_VARNAME);
|
||||
|
||||
if (inherited == NULL) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
#if (NGX_SUPPRESS_WARN)
|
||||
s = -1;
|
||||
#endif
|
||||
|
||||
in_fd = 1;
|
||||
|
||||
for (p = inherited, v = p; *p; p++) {
|
||||
|
||||
switch (*p) {
|
||||
|
||||
case NGX_QUIC_BPF_ADDRSEP:
|
||||
|
||||
if (!in_fd) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited env");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
in_fd = 0;
|
||||
|
||||
s = ngx_atoi(v, p - v);
|
||||
if (s == NGX_ERROR) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited map fd");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
v = p + 1;
|
||||
break;
|
||||
|
||||
case NGX_QUIC_BPF_VARSEP:
|
||||
|
||||
if (in_fd) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited env");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
in_fd = 1;
|
||||
|
||||
grp = ngx_pcalloc(cycle->pool,
|
||||
sizeof(ngx_quic_sock_group_t));
|
||||
if (grp == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->map_fd = s;
|
||||
|
||||
if (ngx_parse_addr_port(cycle->pool, &tmp, v, p - v)
|
||||
!= NGX_OK)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited"
|
||||
" address '%*s'", p - v , v);
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, s, "inherited map");
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->sockaddr = tmp.sockaddr;
|
||||
grp->socklen = tmp.socklen;
|
||||
|
||||
grp->unused = 1;
|
||||
|
||||
ngx_queue_insert_tail(&bcf->groups, &grp->queue);
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap inherited with "
|
||||
"fd:%d address:%*s",
|
||||
grp->map_fd, p - v, v);
|
||||
v = p + 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,88 +0,0 @@
|
|||
/* AUTO-GENERATED, DO NOT EDIT. */
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "ngx_bpf.h"
|
||||
|
||||
|
||||
static ngx_bpf_reloc_t bpf_reloc_prog_ngx_quic_reuseport_helper[] = {
|
||||
{ "ngx_quic_sockmap", 55 },
|
||||
};
|
||||
|
||||
static struct bpf_insn bpf_insn_prog_ngx_quic_reuseport_helper[] = {
|
||||
/* opcode dst src offset imm */
|
||||
{ 0x79, BPF_REG_4, BPF_REG_1, (int16_t) 0, 0x0 },
|
||||
{ 0x79, BPF_REG_3, BPF_REG_1, (int16_t) 8, 0x0 },
|
||||
{ 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 54, 0x0 },
|
||||
{ 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 51, 0x0 },
|
||||
{ 0xb7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x14 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x71, BPF_REG_6, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x67, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0xc7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0x65, BPF_REG_6, BPF_REG_0, (int16_t) 10, 0xffffffff },
|
||||
{ 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0xd },
|
||||
{ 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 42, 0x0 },
|
||||
{ 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0xe },
|
||||
{ 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 39, 0x0 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0xe },
|
||||
{ 0x71, BPF_REG_5, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0xb7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x2d, BPF_REG_6, BPF_REG_5, (int16_t) 35, 0x0 },
|
||||
{ 0xf, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0xf, BPF_REG_4, BPF_REG_5, (int16_t) 0, 0x0 },
|
||||
{ 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 32, 0x0 },
|
||||
{ 0xbf, BPF_REG_4, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 29, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 1, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0x71, BPF_REG_3, BPF_REG_2, (int16_t) 2, 0x0 },
|
||||
{ 0x67, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0x30 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 3, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x28 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 4, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x20 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 5, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x18 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 6, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x10 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 7, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_2, BPF_REG_2, (int16_t) 8, 0x0 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x7b, BPF_REG_10, BPF_REG_3, (int16_t) 65528, 0x0 },
|
||||
{ 0xbf, BPF_REG_3, BPF_REG_10, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0xfffffff8 },
|
||||
{ 0x18, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0x0, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0xb7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0x85, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x52 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x1 },
|
||||
{ 0x95, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
};
|
||||
|
||||
|
||||
ngx_bpf_program_t ngx_quic_reuseport_helper = {
|
||||
.relocs = bpf_reloc_prog_ngx_quic_reuseport_helper,
|
||||
.nrelocs = sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper)
|
||||
/ sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper[0]),
|
||||
.ins = bpf_insn_prog_ngx_quic_reuseport_helper,
|
||||
.nins = sizeof(bpf_insn_prog_ngx_quic_reuseport_helper)
|
||||
/ sizeof(bpf_insn_prog_ngx_quic_reuseport_helper[0]),
|
||||
.license = "BSD",
|
||||
.type = BPF_PROG_TYPE_SK_REUSEPORT,
|
||||
};
|
|
@ -1,283 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
|
||||
|
||||
/* #define NGX_QUIC_DEBUG_PACKETS */ /* dump packet contents */
|
||||
/* #define NGX_QUIC_DEBUG_FRAMES */ /* dump frames contents */
|
||||
/* #define NGX_QUIC_DEBUG_ALLOC */ /* log frames and bufs alloc */
|
||||
/* #define NGX_QUIC_DEBUG_CRYPTO */
|
||||
|
||||
typedef struct ngx_quic_connection_s ngx_quic_connection_t;
|
||||
typedef struct ngx_quic_server_id_s ngx_quic_server_id_t;
|
||||
typedef struct ngx_quic_client_id_s ngx_quic_client_id_t;
|
||||
typedef struct ngx_quic_send_ctx_s ngx_quic_send_ctx_t;
|
||||
typedef struct ngx_quic_socket_s ngx_quic_socket_t;
|
||||
typedef struct ngx_quic_path_s ngx_quic_path_t;
|
||||
typedef struct ngx_quic_keys_s ngx_quic_keys_t;
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_COMPAT)
|
||||
#include <ngx_event_quic_openssl_compat.h>
|
||||
#endif
|
||||
#include <ngx_event_quic_transport.h>
|
||||
#include <ngx_event_quic_protection.h>
|
||||
#include <ngx_event_quic_frames.h>
|
||||
#include <ngx_event_quic_migration.h>
|
||||
#include <ngx_event_quic_connid.h>
|
||||
#include <ngx_event_quic_streams.h>
|
||||
#include <ngx_event_quic_ssl.h>
|
||||
#include <ngx_event_quic_tokens.h>
|
||||
#include <ngx_event_quic_ack.h>
|
||||
#include <ngx_event_quic_output.h>
|
||||
#include <ngx_event_quic_socket.h>
|
||||
|
||||
|
||||
/* RFC 9002, 6.2.2. Handshakes and New Paths: kInitialRtt */
|
||||
#define NGX_QUIC_INITIAL_RTT 333 /* ms */
|
||||
|
||||
#define NGX_QUIC_UNSET_PN (uint64_t) -1
|
||||
|
||||
#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
|
||||
|
||||
/* 0-RTT and 1-RTT data exist in the same packet number space,
|
||||
* so we have 3 packet number spaces:
|
||||
*
|
||||
* 0 - Initial
|
||||
* 1 - Handshake
|
||||
* 2 - 0-RTT and 1-RTT
|
||||
*/
|
||||
#define ngx_quic_get_send_ctx(qc, level) \
|
||||
((level) == ssl_encryption_initial) ? &((qc)->send_ctx[0]) \
|
||||
: (((level) == ssl_encryption_handshake) ? &((qc)->send_ctx[1]) \
|
||||
: &((qc)->send_ctx[2]))
|
||||
|
||||
#define ngx_quic_get_connection(c) \
|
||||
(((c)->udp) ? (((ngx_quic_socket_t *)((c)->udp))->quic) : NULL)
|
||||
|
||||
#define ngx_quic_get_socket(c) ((ngx_quic_socket_t *)((c)->udp))
|
||||
|
||||
|
||||
struct ngx_quic_client_id_s {
|
||||
ngx_queue_t queue;
|
||||
uint64_t seqnum;
|
||||
size_t len;
|
||||
u_char id[NGX_QUIC_CID_LEN_MAX];
|
||||
u_char sr_token[NGX_QUIC_SR_TOKEN_LEN];
|
||||
ngx_uint_t used; /* unsigned used:1; */
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_server_id_s {
|
||||
uint64_t seqnum;
|
||||
size_t len;
|
||||
u_char id[NGX_QUIC_CID_LEN_MAX];
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_path_s {
|
||||
ngx_queue_t queue;
|
||||
struct sockaddr *sockaddr;
|
||||
ngx_sockaddr_t sa;
|
||||
socklen_t socklen;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_msec_t expires;
|
||||
ngx_uint_t tries;
|
||||
ngx_uint_t tag;
|
||||
off_t sent;
|
||||
off_t received;
|
||||
u_char challenge1[8];
|
||||
u_char challenge2[8];
|
||||
uint64_t seqnum;
|
||||
ngx_str_t addr_text;
|
||||
u_char text[NGX_SOCKADDR_STRLEN];
|
||||
unsigned validated:1;
|
||||
unsigned validating:1;
|
||||
unsigned limited:1;
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_socket_s {
|
||||
ngx_udp_connection_t udp;
|
||||
ngx_quic_connection_t *quic;
|
||||
ngx_queue_t queue;
|
||||
ngx_quic_server_id_t sid;
|
||||
ngx_sockaddr_t sockaddr;
|
||||
socklen_t socklen;
|
||||
ngx_uint_t used; /* unsigned used:1; */
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_rbtree_t tree;
|
||||
ngx_rbtree_node_t sentinel;
|
||||
|
||||
ngx_queue_t uninitialized;
|
||||
ngx_queue_t free;
|
||||
|
||||
uint64_t sent;
|
||||
uint64_t recv_offset;
|
||||
uint64_t recv_window;
|
||||
uint64_t recv_last;
|
||||
uint64_t recv_max_data;
|
||||
uint64_t send_offset;
|
||||
uint64_t send_max_data;
|
||||
|
||||
uint64_t server_max_streams_uni;
|
||||
uint64_t server_max_streams_bidi;
|
||||
uint64_t server_streams_uni;
|
||||
uint64_t server_streams_bidi;
|
||||
|
||||
uint64_t client_max_streams_uni;
|
||||
uint64_t client_max_streams_bidi;
|
||||
uint64_t client_streams_uni;
|
||||
uint64_t client_streams_bidi;
|
||||
|
||||
ngx_uint_t initialized;
|
||||
/* unsigned initialized:1; */
|
||||
} ngx_quic_streams_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
size_t in_flight;
|
||||
size_t window;
|
||||
size_t ssthresh;
|
||||
ngx_msec_t recovery_start;
|
||||
} ngx_quic_congestion_t;
|
||||
|
||||
|
||||
/*
|
||||
* RFC 9000, 12.3. Packet Numbers
|
||||
*
|
||||
* Conceptually, a packet number space is the context in which a packet
|
||||
* can be processed and acknowledged. Initial packets can only be sent
|
||||
* with Initial packet protection keys and acknowledged in packets that
|
||||
* are also Initial packets.
|
||||
*/
|
||||
struct ngx_quic_send_ctx_s {
|
||||
enum ssl_encryption_level_t level;
|
||||
|
||||
ngx_quic_buffer_t crypto;
|
||||
uint64_t crypto_sent;
|
||||
|
||||
uint64_t pnum; /* to be sent */
|
||||
uint64_t largest_ack; /* received from peer */
|
||||
uint64_t largest_pn; /* received from peer */
|
||||
|
||||
ngx_queue_t frames; /* generated frames */
|
||||
ngx_queue_t sending; /* frames assigned to pkt */
|
||||
ngx_queue_t sent; /* frames waiting ACK */
|
||||
|
||||
uint64_t pending_ack; /* non sent ack-eliciting */
|
||||
uint64_t largest_range;
|
||||
uint64_t first_range;
|
||||
ngx_msec_t largest_received;
|
||||
ngx_msec_t ack_delay_start;
|
||||
ngx_uint_t nranges;
|
||||
ngx_quic_ack_range_t ranges[NGX_QUIC_MAX_RANGES];
|
||||
ngx_uint_t send_ack;
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_connection_s {
|
||||
uint32_t version;
|
||||
|
||||
ngx_quic_path_t *path;
|
||||
|
||||
ngx_queue_t sockets;
|
||||
ngx_queue_t paths;
|
||||
ngx_queue_t client_ids;
|
||||
ngx_queue_t free_sockets;
|
||||
ngx_queue_t free_paths;
|
||||
ngx_queue_t free_client_ids;
|
||||
|
||||
ngx_uint_t nsockets;
|
||||
ngx_uint_t nclient_ids;
|
||||
uint64_t max_retired_seqnum;
|
||||
uint64_t client_seqnum;
|
||||
uint64_t server_seqnum;
|
||||
uint64_t path_seqnum;
|
||||
|
||||
ngx_quic_tp_t tp;
|
||||
ngx_quic_tp_t ctp;
|
||||
|
||||
ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST];
|
||||
|
||||
ngx_quic_keys_t *keys;
|
||||
|
||||
ngx_quic_conf_t *conf;
|
||||
|
||||
ngx_event_t push;
|
||||
ngx_event_t pto;
|
||||
ngx_event_t close;
|
||||
ngx_event_t path_validation;
|
||||
ngx_msec_t last_cc;
|
||||
|
||||
ngx_msec_t first_rtt;
|
||||
ngx_msec_t latest_rtt;
|
||||
ngx_msec_t avg_rtt;
|
||||
ngx_msec_t min_rtt;
|
||||
ngx_msec_t rttvar;
|
||||
|
||||
ngx_uint_t pto_count;
|
||||
|
||||
ngx_queue_t free_frames;
|
||||
ngx_buf_t *free_bufs;
|
||||
ngx_buf_t *free_shadow_bufs;
|
||||
|
||||
ngx_uint_t nframes;
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_uint_t nbufs;
|
||||
ngx_uint_t nshadowbufs;
|
||||
#endif
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_COMPAT)
|
||||
ngx_quic_compat_t *compat;
|
||||
#endif
|
||||
|
||||
ngx_quic_streams_t streams;
|
||||
ngx_quic_congestion_t congestion;
|
||||
|
||||
off_t received;
|
||||
|
||||
ngx_uint_t error;
|
||||
enum ssl_encryption_level_t error_level;
|
||||
ngx_uint_t error_ftype;
|
||||
const char *error_reason;
|
||||
|
||||
ngx_uint_t shutdown_code;
|
||||
const char *shutdown_reason;
|
||||
|
||||
unsigned error_app:1;
|
||||
unsigned send_timer_set:1;
|
||||
unsigned closing:1;
|
||||
unsigned shutdown:1;
|
||||
unsigned draining:1;
|
||||
unsigned key_phase:1;
|
||||
unsigned validated:1;
|
||||
unsigned client_tp_done:1;
|
||||
};
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c,
|
||||
ngx_quic_tp_t *ctp);
|
||||
void ngx_quic_discard_ctx(ngx_connection_t *c,
|
||||
enum ssl_encryption_level_t level);
|
||||
void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc);
|
||||
void ngx_quic_shutdown_quic(ngx_connection_t *c);
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_quic_connstate_dbg(ngx_connection_t *c);
|
||||
#else
|
||||
#define ngx_quic_connstate_dbg(c)
|
||||
#endif
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_ */
|
|
@ -1,502 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
#define NGX_QUIC_MAX_SERVER_IDS 8
|
||||
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
static ngx_int_t ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id);
|
||||
#endif
|
||||
static ngx_int_t ngx_quic_retire_client_id(ngx_connection_t *c,
|
||||
ngx_quic_client_id_t *cid);
|
||||
static ngx_quic_client_id_t *ngx_quic_alloc_client_id(ngx_connection_t *c,
|
||||
ngx_quic_connection_t *qc);
|
||||
static ngx_int_t ngx_quic_send_server_id(ngx_connection_t *c,
|
||||
ngx_quic_server_id_t *sid);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_create_server_id(ngx_connection_t *c, u_char *id)
|
||||
{
|
||||
if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
if (ngx_quic_bpf_attach_id(c, id) != NGX_OK) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"quic bpf failed to generate socket key");
|
||||
/* ignore error, things still may work */
|
||||
}
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id)
|
||||
{
|
||||
int fd;
|
||||
uint64_t cookie;
|
||||
socklen_t optlen;
|
||||
|
||||
fd = c->listening->fd;
|
||||
|
||||
optlen = sizeof(cookie);
|
||||
|
||||
if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, ngx_socket_errno,
|
||||
"quic getsockopt(SO_COOKIE) failed");
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_dcid_encode_key(id, cookie);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_new_conn_id_frame_t *f)
|
||||
{
|
||||
ngx_str_t id;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_client_id_t *cid, *item;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (f->seqnum < qc->max_retired_seqnum) {
|
||||
/*
|
||||
* RFC 9000, 19.15. NEW_CONNECTION_ID Frame
|
||||
*
|
||||
* An endpoint that receives a NEW_CONNECTION_ID frame with
|
||||
* a sequence number smaller than the Retire Prior To field
|
||||
* of a previously received NEW_CONNECTION_ID frame MUST send
|
||||
* a corresponding RETIRE_CONNECTION_ID frame that retires
|
||||
* the newly received connection ID, unless it has already
|
||||
* done so for that sequence number.
|
||||
*/
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = f->seqnum;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
goto retire;
|
||||
}
|
||||
|
||||
cid = NULL;
|
||||
|
||||
for (q = ngx_queue_head(&qc->client_ids);
|
||||
q != ngx_queue_sentinel(&qc->client_ids);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
item = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
if (item->seqnum == f->seqnum) {
|
||||
cid = item;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (cid) {
|
||||
/*
|
||||
* Transmission errors, timeouts, and retransmissions might cause the
|
||||
* same NEW_CONNECTION_ID frame to be received multiple times.
|
||||
*/
|
||||
|
||||
if (cid->len != f->len
|
||||
|| ngx_strncmp(cid->id, f->cid, f->len) != 0
|
||||
|| ngx_strncmp(cid->sr_token, f->srt, NGX_QUIC_SR_TOKEN_LEN) != 0)
|
||||
{
|
||||
/*
|
||||
* ..if a sequence number is used for different connection IDs,
|
||||
* the endpoint MAY treat that receipt as a connection error
|
||||
* of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "seqnum refers to different connection id/token";
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
id.data = f->cid;
|
||||
id.len = f->len;
|
||||
|
||||
if (ngx_quic_create_client_id(c, &id, f->seqnum, f->srt) == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
retire:
|
||||
|
||||
if (qc->max_retired_seqnum && f->retire <= qc->max_retired_seqnum) {
|
||||
/*
|
||||
* Once a sender indicates a Retire Prior To value, smaller values sent
|
||||
* in subsequent NEW_CONNECTION_ID frames have no effect. A receiver
|
||||
* MUST ignore any Retire Prior To fields that do not increase the
|
||||
* largest received Retire Prior To value.
|
||||
*/
|
||||
goto done;
|
||||
}
|
||||
|
||||
qc->max_retired_seqnum = f->retire;
|
||||
|
||||
q = ngx_queue_head(&qc->client_ids);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->client_ids)) {
|
||||
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (cid->seqnum >= f->retire) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_quic_retire_client_id(c, cid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
done:
|
||||
|
||||
if (qc->nclient_ids > qc->tp.active_connection_id_limit) {
|
||||
/*
|
||||
* RFC 9000, 5.1.1. Issuing Connection IDs
|
||||
*
|
||||
* After processing a NEW_CONNECTION_ID frame and
|
||||
* adding and retiring active connection IDs, if the number of active
|
||||
* connection IDs exceeds the value advertised in its
|
||||
* active_connection_id_limit transport parameter, an endpoint MUST
|
||||
* close the connection with an error of type CONNECTION_ID_LIMIT_ERROR.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR;
|
||||
qc->error_reason = "too many connection ids received";
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_retire_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_client_id_t *new_cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!cid->used) {
|
||||
return ngx_quic_free_client_id(c, cid);
|
||||
}
|
||||
|
||||
/* we are going to retire client id which is in use */
|
||||
|
||||
q = ngx_queue_head(&qc->paths);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->paths)) {
|
||||
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (path->cid != cid) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (path == qc->path) {
|
||||
/* this is the active path: update it with new CID */
|
||||
new_cid = ngx_quic_next_client_id(c);
|
||||
if (new_cid == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qc->path->cid = new_cid;
|
||||
new_cid->used = 1;
|
||||
|
||||
return ngx_quic_free_client_id(c, cid);
|
||||
}
|
||||
|
||||
return ngx_quic_free_path(c, path);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_client_id_t *
|
||||
ngx_quic_alloc_client_id(ngx_connection_t *c, ngx_quic_connection_t *qc)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_client_id_t *cid;
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_client_ids)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_client_ids);
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
ngx_queue_remove(&cid->queue);
|
||||
|
||||
ngx_memzero(cid, sizeof(ngx_quic_client_id_t));
|
||||
|
||||
} else {
|
||||
|
||||
cid = ngx_pcalloc(c->pool, sizeof(ngx_quic_client_id_t));
|
||||
if (cid == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
return cid;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_client_id_t *
|
||||
ngx_quic_create_client_id(ngx_connection_t *c, ngx_str_t *id,
|
||||
uint64_t seqnum, u_char *token)
|
||||
{
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
cid = ngx_quic_alloc_client_id(c, qc);
|
||||
if (cid == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cid->seqnum = seqnum;
|
||||
|
||||
cid->len = id->len;
|
||||
ngx_memcpy(cid->id, id->data, id->len);
|
||||
|
||||
if (token) {
|
||||
ngx_memcpy(cid->sr_token, token, NGX_QUIC_SR_TOKEN_LEN);
|
||||
}
|
||||
|
||||
ngx_queue_insert_tail(&qc->client_ids, &cid->queue);
|
||||
qc->nclient_ids++;
|
||||
|
||||
if (seqnum > qc->client_seqnum) {
|
||||
qc->client_seqnum = seqnum;
|
||||
}
|
||||
|
||||
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic cid seq:%uL received id:%uz:%xV:%*xs",
|
||||
cid->seqnum, id->len, id,
|
||||
(size_t) NGX_QUIC_SR_TOKEN_LEN, cid->sr_token);
|
||||
|
||||
return cid;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_client_id_t *
|
||||
ngx_quic_next_client_id(ngx_connection_t *c)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
for (q = ngx_queue_head(&qc->client_ids);
|
||||
q != ngx_queue_sentinel(&qc->client_ids);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
if (!cid->used) {
|
||||
return cid;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_retire_cid_frame_t *f)
|
||||
{
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (f->sequence_number >= qc->server_seqnum) {
|
||||
/*
|
||||
* RFC 9000, 19.16.
|
||||
*
|
||||
* Receipt of a RETIRE_CONNECTION_ID frame containing a sequence
|
||||
* number greater than any previously sent to the peer MUST be
|
||||
* treated as a connection error of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "sequence number of id to retire was never issued";
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
if (qsock->sid.seqnum == f->sequence_number) {
|
||||
|
||||
/*
|
||||
* RFC 9000, 19.16.
|
||||
*
|
||||
* The sequence number specified in a RETIRE_CONNECTION_ID frame MUST
|
||||
* NOT refer to the Destination Connection ID field of the packet in
|
||||
* which the frame is contained. The peer MAY treat this as a
|
||||
* connection error of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "sequence number of id to retire refers DCID";
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qsock = ngx_quic_find_socket(c, f->sequence_number);
|
||||
if (qsock == NULL) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic socket seq:%uL is retired", qsock->sid.seqnum);
|
||||
|
||||
ngx_quic_close_socket(c, qsock);
|
||||
|
||||
/* restore socket count up to a limit after deletion */
|
||||
if (ngx_quic_create_sockets(c) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_create_sockets(ngx_connection_t *c)
|
||||
{
|
||||
ngx_uint_t n;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
n = ngx_min(NGX_QUIC_MAX_SERVER_IDS, qc->ctp.active_connection_id_limit);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic create sockets has:%ui max:%ui", qc->nsockets, n);
|
||||
|
||||
while (qc->nsockets < n) {
|
||||
|
||||
qsock = ngx_quic_create_socket(c, qc);
|
||||
if (qsock == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_listen(c, qc, qsock) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_send_server_id(c, &qsock->sid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid)
|
||||
{
|
||||
ngx_str_t dcid;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
dcid.len = sid->len;
|
||||
dcid.data = sid->id;
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID;
|
||||
frame->u.ncid.seqnum = sid->seqnum;
|
||||
frame->u.ncid.retire = 0;
|
||||
frame->u.ncid.len = NGX_QUIC_SERVER_CID_LEN;
|
||||
ngx_memcpy(frame->u.ncid.cid, sid->id, NGX_QUIC_SERVER_CID_LEN);
|
||||
|
||||
if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key,
|
||||
frame->u.ncid.srt)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = cid->seqnum;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
/* we are no longer going to use this client id */
|
||||
|
||||
ngx_queue_remove(&cid->queue);
|
||||
ngx_queue_insert_head(&qc->free_client_ids, &cid->queue);
|
||||
|
||||
qc->nclient_ids--;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_CONNID_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_CONNID_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_retire_cid_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_new_conn_id_frame_t *f);
|
||||
|
||||
ngx_int_t ngx_quic_create_sockets(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_create_server_id(ngx_connection_t *c, u_char *id);
|
||||
|
||||
ngx_quic_client_id_t *ngx_quic_create_client_id(ngx_connection_t *c,
|
||||
ngx_str_t *id, uint64_t seqnum, u_char *token);
|
||||
ngx_quic_client_id_t *ngx_quic_next_client_id(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_free_client_id(ngx_connection_t *c,
|
||||
ngx_quic_client_id_t *cid);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ */
|
|
@ -1,891 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_BUFFER_SIZE 4096
|
||||
|
||||
#define ngx_quic_buf_refs(b) (b)->shadow->num
|
||||
#define ngx_quic_buf_inc_refs(b) ngx_quic_buf_refs(b)++
|
||||
#define ngx_quic_buf_dec_refs(b) ngx_quic_buf_refs(b)--
|
||||
#define ngx_quic_buf_set_refs(b, v) ngx_quic_buf_refs(b) = v
|
||||
|
||||
|
||||
static ngx_buf_t *ngx_quic_alloc_buf(ngx_connection_t *c);
|
||||
static void ngx_quic_free_buf(ngx_connection_t *c, ngx_buf_t *b);
|
||||
static ngx_buf_t *ngx_quic_clone_buf(ngx_connection_t *c, ngx_buf_t *b);
|
||||
static ngx_int_t ngx_quic_split_chain(ngx_connection_t *c, ngx_chain_t *cl,
|
||||
off_t offset);
|
||||
|
||||
|
||||
static ngx_buf_t *
|
||||
ngx_quic_alloc_buf(ngx_connection_t *c)
|
||||
{
|
||||
u_char *p;
|
||||
ngx_buf_t *b;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
b = qc->free_bufs;
|
||||
|
||||
if (b) {
|
||||
qc->free_bufs = b->shadow;
|
||||
p = b->start;
|
||||
|
||||
} else {
|
||||
b = qc->free_shadow_bufs;
|
||||
|
||||
if (b) {
|
||||
qc->free_shadow_bufs = b->shadow;
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic use shadow buffer n:%ui %ui",
|
||||
++qc->nbufs, --qc->nshadowbufs);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
b = ngx_palloc(c->pool, sizeof(ngx_buf_t));
|
||||
if (b == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic new buffer n:%ui", ++qc->nbufs);
|
||||
#endif
|
||||
}
|
||||
|
||||
p = ngx_pnalloc(c->pool, NGX_QUIC_BUFFER_SIZE);
|
||||
if (p == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic alloc buffer %p", b);
|
||||
#endif
|
||||
|
||||
ngx_memzero(b, sizeof(ngx_buf_t));
|
||||
|
||||
b->tag = (ngx_buf_tag_t) &ngx_quic_alloc_buf;
|
||||
b->temporary = 1;
|
||||
b->shadow = b;
|
||||
|
||||
b->start = p;
|
||||
b->pos = p;
|
||||
b->last = p;
|
||||
b->end = p + NGX_QUIC_BUFFER_SIZE;
|
||||
|
||||
ngx_quic_buf_set_refs(b, 1);
|
||||
|
||||
return b;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_free_buf(ngx_connection_t *c, ngx_buf_t *b)
|
||||
{
|
||||
ngx_buf_t *shadow;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_quic_buf_dec_refs(b);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic free buffer %p r:%ui",
|
||||
b, (ngx_uint_t) ngx_quic_buf_refs(b));
|
||||
#endif
|
||||
|
||||
shadow = b->shadow;
|
||||
|
||||
if (ngx_quic_buf_refs(b) == 0) {
|
||||
shadow->shadow = qc->free_bufs;
|
||||
qc->free_bufs = shadow;
|
||||
}
|
||||
|
||||
if (b != shadow) {
|
||||
b->shadow = qc->free_shadow_bufs;
|
||||
qc->free_shadow_bufs = b;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
static ngx_buf_t *
|
||||
ngx_quic_clone_buf(ngx_connection_t *c, ngx_buf_t *b)
|
||||
{
|
||||
ngx_buf_t *nb;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
nb = qc->free_shadow_bufs;
|
||||
|
||||
if (nb) {
|
||||
qc->free_shadow_bufs = nb->shadow;
|
||||
|
||||
} else {
|
||||
nb = ngx_palloc(c->pool, sizeof(ngx_buf_t));
|
||||
if (nb == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic new shadow buffer n:%ui", ++qc->nshadowbufs);
|
||||
#endif
|
||||
}
|
||||
|
||||
*nb = *b;
|
||||
|
||||
ngx_quic_buf_inc_refs(b);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic clone buffer %p %p r:%ui",
|
||||
b, nb, (ngx_uint_t) ngx_quic_buf_refs(b));
|
||||
#endif
|
||||
|
||||
return nb;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_split_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t offset)
|
||||
{
|
||||
ngx_buf_t *b, *tb;
|
||||
ngx_chain_t *tail;
|
||||
|
||||
b = cl->buf;
|
||||
|
||||
tail = ngx_alloc_chain_link(c->pool);
|
||||
if (tail == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tb = ngx_quic_clone_buf(c, b);
|
||||
if (tb == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tail->buf = tb;
|
||||
|
||||
tb->pos += offset;
|
||||
|
||||
b->last = tb->pos;
|
||||
b->last_buf = 0;
|
||||
|
||||
tail->next = cl->next;
|
||||
cl->next = tail;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_frame_t *
|
||||
ngx_quic_alloc_frame(ngx_connection_t *c)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_frames)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_frames);
|
||||
frame = ngx_queue_data(q, ngx_quic_frame_t, queue);
|
||||
|
||||
ngx_queue_remove(&frame->queue);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic reuse frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
|
||||
} else if (qc->nframes < 10000) {
|
||||
frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t));
|
||||
if (frame == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
++qc->nframes;
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic alloc frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memzero(frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
return frame;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame)
|
||||
{
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (frame->data) {
|
||||
ngx_quic_free_chain(c, frame->data);
|
||||
}
|
||||
|
||||
ngx_queue_insert_head(&qc->free_frames, &frame->queue);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic free frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_chain(ngx_connection_t *c, ngx_chain_t *in)
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
while (in) {
|
||||
cl = in;
|
||||
in = in->next;
|
||||
|
||||
ngx_quic_free_buf(c, cl->buf);
|
||||
ngx_free_chain(c->pool, cl);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_frames(ngx_connection_t *c, ngx_queue_t *frames)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *f;
|
||||
|
||||
do {
|
||||
q = ngx_queue_head(frames);
|
||||
|
||||
if (q == ngx_queue_sentinel(frames)) {
|
||||
break;
|
||||
}
|
||||
|
||||
ngx_queue_remove(q);
|
||||
|
||||
f = ngx_queue_data(q, ngx_quic_frame_t, queue);
|
||||
|
||||
ngx_quic_free_frame(c, f);
|
||||
} while (1);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame)
|
||||
{
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, frame->level);
|
||||
|
||||
ngx_queue_insert_tail(&ctx->frames, &frame->queue);
|
||||
|
||||
frame->len = ngx_quic_create_frame(NULL, frame);
|
||||
/* always succeeds */
|
||||
|
||||
if (qc->closing) {
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_post_event(&qc->push, &ngx_posted_events);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_split_frame(ngx_connection_t *c, ngx_quic_frame_t *f, size_t len)
|
||||
{
|
||||
size_t shrink;
|
||||
ngx_quic_frame_t *nf;
|
||||
ngx_quic_buffer_t qb;
|
||||
ngx_quic_ordered_frame_t *of, *onf;
|
||||
|
||||
switch (f->type) {
|
||||
case NGX_QUIC_FT_CRYPTO:
|
||||
case NGX_QUIC_FT_STREAM:
|
||||
break;
|
||||
|
||||
default:
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if ((size_t) f->len <= len) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
shrink = f->len - len;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic split frame now:%uz need:%uz shrink:%uz",
|
||||
f->len, len, shrink);
|
||||
|
||||
of = &f->u.ord;
|
||||
|
||||
if (of->length <= shrink) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
of->length -= shrink;
|
||||
f->len = ngx_quic_create_frame(NULL, f);
|
||||
|
||||
if ((size_t) f->len > len) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "could not split QUIC frame");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_memzero(&qb, sizeof(ngx_quic_buffer_t));
|
||||
qb.chain = f->data;
|
||||
|
||||
f->data = ngx_quic_read_buffer(c, &qb, of->length);
|
||||
if (f->data == NGX_CHAIN_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
nf = ngx_quic_alloc_frame(c);
|
||||
if (nf == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
*nf = *f;
|
||||
onf = &nf->u.ord;
|
||||
onf->offset += of->length;
|
||||
onf->length = shrink;
|
||||
nf->len = ngx_quic_create_frame(NULL, nf);
|
||||
nf->data = qb.chain;
|
||||
|
||||
if (f->type == NGX_QUIC_FT_STREAM) {
|
||||
f->u.stream.fin = 0;
|
||||
}
|
||||
|
||||
ngx_queue_insert_after(&f->queue, &nf->queue);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_copy_buffer(ngx_connection_t *c, u_char *data, size_t len)
|
||||
{
|
||||
ngx_buf_t buf;
|
||||
ngx_chain_t cl, *out;
|
||||
ngx_quic_buffer_t qb;
|
||||
|
||||
ngx_memzero(&buf, sizeof(ngx_buf_t));
|
||||
|
||||
buf.pos = data;
|
||||
buf.last = buf.pos + len;
|
||||
buf.temporary = 1;
|
||||
|
||||
cl.buf = &buf;
|
||||
cl.next = NULL;
|
||||
|
||||
ngx_memzero(&qb, sizeof(ngx_quic_buffer_t));
|
||||
|
||||
if (ngx_quic_write_buffer(c, &qb, &cl, len, 0) == NGX_CHAIN_ERROR) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
out = ngx_quic_read_buffer(c, &qb, len);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_free_buffer(c, &qb);
|
||||
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_read_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb, uint64_t limit)
|
||||
{
|
||||
uint64_t n;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *out, **ll;
|
||||
|
||||
out = qb->chain;
|
||||
|
||||
for (ll = &out; *ll; ll = &(*ll)->next) {
|
||||
b = (*ll)->buf;
|
||||
|
||||
if (b->sync) {
|
||||
/* hole */
|
||||
break;
|
||||
}
|
||||
|
||||
if (limit == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (n > limit) {
|
||||
if (ngx_quic_split_chain(c, *ll, limit) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
n = limit;
|
||||
}
|
||||
|
||||
limit -= n;
|
||||
qb->offset += n;
|
||||
}
|
||||
|
||||
if (qb->offset >= qb->last_offset) {
|
||||
qb->last_chain = NULL;
|
||||
}
|
||||
|
||||
qb->chain = *ll;
|
||||
*ll = NULL;
|
||||
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_skip_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t offset)
|
||||
{
|
||||
size_t n;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl;
|
||||
|
||||
while (qb->chain) {
|
||||
if (qb->offset >= offset) {
|
||||
break;
|
||||
}
|
||||
|
||||
cl = qb->chain;
|
||||
b = cl->buf;
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (qb->offset + n > offset) {
|
||||
n = offset - qb->offset;
|
||||
b->pos += n;
|
||||
qb->offset += n;
|
||||
break;
|
||||
}
|
||||
|
||||
qb->offset += n;
|
||||
qb->chain = cl->next;
|
||||
|
||||
cl->next = NULL;
|
||||
ngx_quic_free_chain(c, cl);
|
||||
}
|
||||
|
||||
if (qb->chain == NULL) {
|
||||
qb->offset = offset;
|
||||
}
|
||||
|
||||
if (qb->offset >= qb->last_offset) {
|
||||
qb->last_chain = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_alloc_chain(ngx_connection_t *c)
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
cl = ngx_alloc_chain_link(c->pool);
|
||||
if (cl == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cl->buf = ngx_quic_alloc_buf(c);
|
||||
if (cl->buf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return cl;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_write_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
ngx_chain_t *in, uint64_t limit, uint64_t offset)
|
||||
{
|
||||
u_char *p;
|
||||
uint64_t n, base;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl, **chain;
|
||||
|
||||
if (qb->last_chain && offset >= qb->last_offset) {
|
||||
base = qb->last_offset;
|
||||
chain = &qb->last_chain;
|
||||
|
||||
} else {
|
||||
base = qb->offset;
|
||||
chain = &qb->chain;
|
||||
}
|
||||
|
||||
while (in && limit) {
|
||||
|
||||
if (offset < base) {
|
||||
n = ngx_min((uint64_t) (in->buf->last - in->buf->pos),
|
||||
ngx_min(base - offset, limit));
|
||||
|
||||
in->buf->pos += n;
|
||||
offset += n;
|
||||
limit -= n;
|
||||
|
||||
if (in->buf->pos == in->buf->last) {
|
||||
in = in->next;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
cl = *chain;
|
||||
|
||||
if (cl == NULL) {
|
||||
cl = ngx_quic_alloc_chain(c);
|
||||
if (cl == NULL) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
cl->buf->last = cl->buf->end;
|
||||
cl->buf->sync = 1; /* hole */
|
||||
cl->next = NULL;
|
||||
*chain = cl;
|
||||
}
|
||||
|
||||
b = cl->buf;
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (base + n <= offset) {
|
||||
base += n;
|
||||
chain = &cl->next;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (b->sync && offset > base) {
|
||||
if (ngx_quic_split_chain(c, cl, offset - base) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
p = b->pos + (offset - base);
|
||||
|
||||
while (in) {
|
||||
|
||||
if (!ngx_buf_in_memory(in->buf) || in->buf->pos == in->buf->last) {
|
||||
in = in->next;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (p == b->last || limit == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
n = ngx_min(b->last - p, in->buf->last - in->buf->pos);
|
||||
n = ngx_min(n, limit);
|
||||
|
||||
if (b->sync) {
|
||||
ngx_memcpy(p, in->buf->pos, n);
|
||||
qb->size += n;
|
||||
}
|
||||
|
||||
p += n;
|
||||
in->buf->pos += n;
|
||||
offset += n;
|
||||
limit -= n;
|
||||
}
|
||||
|
||||
if (b->sync && p == b->last) {
|
||||
b->sync = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (b->sync && p != b->pos) {
|
||||
if (ngx_quic_split_chain(c, cl, p - b->pos) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
b->sync = 0;
|
||||
}
|
||||
}
|
||||
|
||||
qb->last_offset = base;
|
||||
qb->last_chain = *chain;
|
||||
|
||||
return in;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb)
|
||||
{
|
||||
ngx_quic_free_chain(c, qb->chain);
|
||||
|
||||
qb->chain = NULL;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
|
||||
void
|
||||
ngx_quic_log_frame(ngx_log_t *log, ngx_quic_frame_t *f, ngx_uint_t tx)
|
||||
{
|
||||
u_char *p, *last, *pos, *end;
|
||||
ssize_t n;
|
||||
uint64_t gap, range, largest, smallest;
|
||||
ngx_uint_t i;
|
||||
u_char buf[NGX_MAX_ERROR_STR];
|
||||
|
||||
p = buf;
|
||||
last = buf + sizeof(buf);
|
||||
|
||||
switch (f->type) {
|
||||
|
||||
case NGX_QUIC_FT_CRYPTO:
|
||||
p = ngx_slprintf(p, last, "CRYPTO len:%uL off:%uL",
|
||||
f->u.crypto.length, f->u.crypto.offset);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " data:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PADDING:
|
||||
p = ngx_slprintf(p, last, "PADDING");
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_ACK:
|
||||
case NGX_QUIC_FT_ACK_ECN:
|
||||
|
||||
p = ngx_slprintf(p, last, "ACK n:%ui delay:%uL ",
|
||||
f->u.ack.range_count, f->u.ack.delay);
|
||||
|
||||
if (f->data) {
|
||||
pos = f->data->buf->pos;
|
||||
end = f->data->buf->last;
|
||||
|
||||
} else {
|
||||
pos = NULL;
|
||||
end = NULL;
|
||||
}
|
||||
|
||||
largest = f->u.ack.largest;
|
||||
smallest = f->u.ack.largest - f->u.ack.first_range;
|
||||
|
||||
if (largest == smallest) {
|
||||
p = ngx_slprintf(p, last, "%uL", largest);
|
||||
|
||||
} else {
|
||||
p = ngx_slprintf(p, last, "%uL-%uL", largest, smallest);
|
||||
}
|
||||
|
||||
for (i = 0; i < f->u.ack.range_count; i++) {
|
||||
n = ngx_quic_parse_ack_range(log, pos, end, &gap, &range);
|
||||
if (n == NGX_ERROR) {
|
||||
break;
|
||||
}
|
||||
|
||||
pos += n;
|
||||
|
||||
largest = smallest - gap - 2;
|
||||
smallest = largest - range;
|
||||
|
||||
if (largest == smallest) {
|
||||
p = ngx_slprintf(p, last, " %uL", largest);
|
||||
|
||||
} else {
|
||||
p = ngx_slprintf(p, last, " %uL-%uL", largest, smallest);
|
||||
}
|
||||
}
|
||||
|
||||
if (f->type == NGX_QUIC_FT_ACK_ECN) {
|
||||
p = ngx_slprintf(p, last, " ECN counters ect0:%uL ect1:%uL ce:%uL",
|
||||
f->u.ack.ect0, f->u.ack.ect1, f->u.ack.ce);
|
||||
}
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PING:
|
||||
p = ngx_slprintf(p, last, "PING");
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_NEW_CONNECTION_ID:
|
||||
p = ngx_slprintf(p, last,
|
||||
"NEW_CONNECTION_ID seq:%uL retire:%uL len:%ud",
|
||||
f->u.ncid.seqnum, f->u.ncid.retire, f->u.ncid.len);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_RETIRE_CONNECTION_ID:
|
||||
p = ngx_slprintf(p, last, "RETIRE_CONNECTION_ID seqnum:%uL",
|
||||
f->u.retire_cid.sequence_number);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_CONNECTION_CLOSE:
|
||||
case NGX_QUIC_FT_CONNECTION_CLOSE_APP:
|
||||
p = ngx_slprintf(p, last, "CONNECTION_CLOSE%s err:%ui",
|
||||
f->type == NGX_QUIC_FT_CONNECTION_CLOSE ? "" : "_APP",
|
||||
f->u.close.error_code);
|
||||
|
||||
if (f->u.close.reason.len) {
|
||||
p = ngx_slprintf(p, last, " %V", &f->u.close.reason);
|
||||
}
|
||||
|
||||
if (f->type == NGX_QUIC_FT_CONNECTION_CLOSE) {
|
||||
p = ngx_slprintf(p, last, " ft:%ui", f->u.close.frame_type);
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAM:
|
||||
p = ngx_slprintf(p, last, "STREAM id:0x%xL", f->u.stream.stream_id);
|
||||
|
||||
if (f->u.stream.off) {
|
||||
p = ngx_slprintf(p, last, " off:%uL", f->u.stream.offset);
|
||||
}
|
||||
|
||||
if (f->u.stream.len) {
|
||||
p = ngx_slprintf(p, last, " len:%uL", f->u.stream.length);
|
||||
}
|
||||
|
||||
if (f->u.stream.fin) {
|
||||
p = ngx_slprintf(p, last, " fin:1");
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " data:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_DATA:
|
||||
p = ngx_slprintf(p, last, "MAX_DATA max_data:%uL on recv",
|
||||
f->u.max_data.max_data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_RESET_STREAM:
|
||||
p = ngx_slprintf(p, last, "RESET_STREAM"
|
||||
" id:0x%xL error_code:0x%xL final_size:0x%xL",
|
||||
f->u.reset_stream.id, f->u.reset_stream.error_code,
|
||||
f->u.reset_stream.final_size);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STOP_SENDING:
|
||||
p = ngx_slprintf(p, last, "STOP_SENDING id:0x%xL err:0x%xL",
|
||||
f->u.stop_sending.id, f->u.stop_sending.error_code);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAMS_BLOCKED:
|
||||
case NGX_QUIC_FT_STREAMS_BLOCKED2:
|
||||
p = ngx_slprintf(p, last, "STREAMS_BLOCKED limit:%uL bidi:%ui",
|
||||
f->u.streams_blocked.limit, f->u.streams_blocked.bidi);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_STREAMS:
|
||||
case NGX_QUIC_FT_MAX_STREAMS2:
|
||||
p = ngx_slprintf(p, last, "MAX_STREAMS limit:%uL bidi:%ui",
|
||||
f->u.max_streams.limit, f->u.max_streams.bidi);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_STREAM_DATA:
|
||||
p = ngx_slprintf(p, last, "MAX_STREAM_DATA id:0x%xL limit:%uL",
|
||||
f->u.max_stream_data.id, f->u.max_stream_data.limit);
|
||||
break;
|
||||
|
||||
|
||||
case NGX_QUIC_FT_DATA_BLOCKED:
|
||||
p = ngx_slprintf(p, last, "DATA_BLOCKED limit:%uL",
|
||||
f->u.data_blocked.limit);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAM_DATA_BLOCKED:
|
||||
p = ngx_slprintf(p, last, "STREAM_DATA_BLOCKED id:0x%xL limit:%uL",
|
||||
f->u.stream_data_blocked.id,
|
||||
f->u.stream_data_blocked.limit);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PATH_CHALLENGE:
|
||||
p = ngx_slprintf(p, last, "PATH_CHALLENGE data:0x%*xs",
|
||||
sizeof(f->u.path_challenge.data),
|
||||
f->u.path_challenge.data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PATH_RESPONSE:
|
||||
p = ngx_slprintf(p, last, "PATH_RESPONSE data:0x%*xs",
|
||||
sizeof(f->u.path_challenge.data),
|
||||
f->u.path_challenge.data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_NEW_TOKEN:
|
||||
p = ngx_slprintf(p, last, "NEW_TOKEN");
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " token:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_HANDSHAKE_DONE:
|
||||
p = ngx_slprintf(p, last, "HANDSHAKE DONE");
|
||||
break;
|
||||
|
||||
default:
|
||||
p = ngx_slprintf(p, last, "unknown type 0x%xi", f->type);
|
||||
break;
|
||||
}
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0, "quic frame %s %s %*s",
|
||||
tx ? "tx" : "rx", ngx_quic_level_name(f->level),
|
||||
p - buf, buf);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -1,45 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
typedef ngx_int_t (*ngx_quic_frame_handler_pt)(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *frame, void *data);
|
||||
|
||||
|
||||
ngx_quic_frame_t *ngx_quic_alloc_frame(ngx_connection_t *c);
|
||||
void ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame);
|
||||
void ngx_quic_free_frames(ngx_connection_t *c, ngx_queue_t *frames);
|
||||
void ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame);
|
||||
ngx_int_t ngx_quic_split_frame(ngx_connection_t *c, ngx_quic_frame_t *f,
|
||||
size_t len);
|
||||
|
||||
ngx_chain_t *ngx_quic_alloc_chain(ngx_connection_t *c);
|
||||
void ngx_quic_free_chain(ngx_connection_t *c, ngx_chain_t *in);
|
||||
|
||||
ngx_chain_t *ngx_quic_copy_buffer(ngx_connection_t *c, u_char *data,
|
||||
size_t len);
|
||||
ngx_chain_t *ngx_quic_read_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t limit);
|
||||
ngx_chain_t *ngx_quic_write_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
ngx_chain_t *in, uint64_t limit, uint64_t offset);
|
||||
void ngx_quic_skip_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t offset);
|
||||
void ngx_quic_free_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb);
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_quic_log_frame(ngx_log_t *log, ngx_quic_frame_t *f, ngx_uint_t tx);
|
||||
#else
|
||||
#define ngx_quic_log_frame(log, f, tx)
|
||||
#endif
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_ */
|
|
@ -1,671 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
static void ngx_quic_set_connection_path(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_int_t ngx_quic_validate_path(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_quic_path_t *ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f)
|
||||
{
|
||||
ngx_quic_frame_t frame, *fp;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
frame.level = ssl_encryption_application;
|
||||
frame.type = NGX_QUIC_FT_PATH_RESPONSE;
|
||||
frame.u.path_response = *f;
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.2. Path Validation Responses
|
||||
*
|
||||
* A PATH_RESPONSE frame MUST be sent on the network path where the
|
||||
* PATH_CHALLENGE frame was received.
|
||||
*/
|
||||
|
||||
/*
|
||||
* An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
|
||||
* to at least the smallest allowed maximum datagram size of 1200 bytes.
|
||||
*/
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (pkt->path == qc->path) {
|
||||
/*
|
||||
* RFC 9000, 9.3.3. Off-Path Packet Forwarding
|
||||
*
|
||||
* An endpoint that receives a PATH_CHALLENGE on an active path SHOULD
|
||||
* send a non-probing packet in response.
|
||||
*/
|
||||
|
||||
fp = ngx_quic_alloc_frame(c);
|
||||
if (fp == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
fp->level = ssl_encryption_application;
|
||||
fp->type = NGX_QUIC_FT_PING;
|
||||
|
||||
ngx_quic_queue_frame(qc, fp);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_path_response_frame(ngx_connection_t *c,
|
||||
ngx_quic_path_challenge_frame_t *f)
|
||||
{
|
||||
ngx_uint_t rst;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path, *prev;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.3. Successful Path Validation
|
||||
*
|
||||
* A PATH_RESPONSE frame received on any network path validates the path
|
||||
* on which the PATH_CHALLENGE was sent.
|
||||
*/
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (!path->validating) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
|
||||
|| ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
|
||||
{
|
||||
goto valid;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic stale PATH_RESPONSE ignored");
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
valid:
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.4. Loss Detection and Congestion Control
|
||||
*
|
||||
* On confirming a peer's ownership of its new address,
|
||||
* an endpoint MUST immediately reset the congestion controller
|
||||
* and round-trip time estimator for the new path to initial values
|
||||
* unless the only change in the peer's address is its port number.
|
||||
*/
|
||||
|
||||
rst = 1;
|
||||
|
||||
prev = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (prev != NULL) {
|
||||
|
||||
if (ngx_cmp_sockaddr(prev->sockaddr, prev->socklen,
|
||||
path->sockaddr, path->socklen, 0)
|
||||
== NGX_OK)
|
||||
{
|
||||
/* address did not change */
|
||||
rst = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (rst) {
|
||||
ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
|
||||
|
||||
qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size,
|
||||
ngx_max(2 * qc->tp.max_udp_payload_size,
|
||||
14720));
|
||||
qc->congestion.ssthresh = (size_t) -1;
|
||||
qc->congestion.recovery_start = ngx_current_msec;
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3. Responding to Connection Migration
|
||||
*
|
||||
* After verifying a new client address, the server SHOULD
|
||||
* send new address validation tokens (Section 8) to the client.
|
||||
*/
|
||||
|
||||
if (ngx_quic_send_new_token(c, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic path seq:%uL addr:%V successfully validated",
|
||||
path->seqnum, &path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is validated", path);
|
||||
|
||||
path->validated = 1;
|
||||
path->validating = 0;
|
||||
path->limited = 0;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_path_t *
|
||||
ngx_quic_new_path(ngx_connection_t *c,
|
||||
struct sockaddr *sockaddr, socklen_t socklen, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_paths)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_paths);
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
ngx_queue_remove(&path->queue);
|
||||
|
||||
ngx_memzero(path, sizeof(ngx_quic_path_t));
|
||||
|
||||
} else {
|
||||
|
||||
path = ngx_pcalloc(c->pool, sizeof(ngx_quic_path_t));
|
||||
if (path == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_queue_insert_tail(&qc->paths, &path->queue);
|
||||
|
||||
path->cid = cid;
|
||||
cid->used = 1;
|
||||
|
||||
path->limited = 1;
|
||||
|
||||
path->seqnum = qc->path_seqnum++;
|
||||
|
||||
path->sockaddr = &path->sa.sockaddr;
|
||||
path->socklen = socklen;
|
||||
ngx_memcpy(path->sockaddr, sockaddr, socklen);
|
||||
|
||||
path->addr_text.data = path->text;
|
||||
path->addr_text.len = ngx_sock_ntop(sockaddr, socklen, path->text,
|
||||
NGX_SOCKADDR_STRLEN, 1);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL created addr:%V",
|
||||
path->seqnum, &path->addr_text);
|
||||
return path;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_path_t *
|
||||
ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (path->tag == tag) {
|
||||
return path;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_set_path(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
{
|
||||
off_t len;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path, *probe;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
len = pkt->raw->last - pkt->raw->start;
|
||||
|
||||
if (c->udp->buffer == NULL) {
|
||||
/* first ever packet in connection, path already exists */
|
||||
path = qc->path;
|
||||
goto update;
|
||||
}
|
||||
|
||||
probe = NULL;
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (ngx_cmp_sockaddr(&qsock->sockaddr.sockaddr, qsock->socklen,
|
||||
path->sockaddr, path->socklen, 1)
|
||||
== NGX_OK)
|
||||
{
|
||||
goto update;
|
||||
}
|
||||
|
||||
if (path->tag == NGX_QUIC_PATH_PROBE) {
|
||||
probe = path;
|
||||
}
|
||||
}
|
||||
|
||||
/* packet from new path, drop current probe, if any */
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
|
||||
/*
|
||||
* only accept highest-numbered packets to prevent connection id
|
||||
* exhaustion by excessive probing packets from unknown paths
|
||||
*/
|
||||
if (pkt->pn != ctx->largest_pn) {
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
if (probe && ngx_quic_free_path(c, probe) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* new path requires new client id */
|
||||
cid = ngx_quic_next_client_id(c);
|
||||
if (cid == NULL) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic no available client ids for new path");
|
||||
/* stop processing of this datagram */
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
path = ngx_quic_new_path(c, &qsock->sockaddr.sockaddr, qsock->socklen, cid);
|
||||
if (path == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
path->tag = NGX_QUIC_PATH_PROBE;
|
||||
|
||||
/*
|
||||
* client arrived using new path and previously seen DCID,
|
||||
* this indicates NAT rebinding (or bad client)
|
||||
*/
|
||||
if (qsock->used) {
|
||||
pkt->rebound = 1;
|
||||
}
|
||||
|
||||
update:
|
||||
|
||||
qsock->used = 1;
|
||||
pkt->path = path;
|
||||
|
||||
/* TODO: this may be too late in some cases;
|
||||
* for example, if error happens during decrypt(), we cannot
|
||||
* send CC, if error happens in 1st packet, due to amplification
|
||||
* limit, because path->received = 0
|
||||
*
|
||||
* should we account garbage as received or only decrypting packets?
|
||||
*/
|
||||
path->received += len;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic packet len:%O via sock seq:%L path seq:%uL",
|
||||
len, (int64_t) qsock->sid.seqnum, path->seqnum);
|
||||
ngx_quic_path_dbg(c, "status", path);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_free_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_queue_remove(&path->queue);
|
||||
ngx_queue_insert_head(&qc->free_paths, &path->queue);
|
||||
|
||||
/*
|
||||
* invalidate CID that is no longer usable for any other path;
|
||||
* this also requests new CIDs from client
|
||||
*/
|
||||
if (path->cid) {
|
||||
if (ngx_quic_free_client_id(c, path->cid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL addr:%V retired",
|
||||
path->seqnum, &path->addr_text);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_set_connection_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
ngx_memcpy(c->sockaddr, path->sockaddr, path->socklen);
|
||||
c->socklen = path->socklen;
|
||||
|
||||
if (c->addr_text.data) {
|
||||
len = ngx_min(c->addr_text.len, path->addr_text.len);
|
||||
|
||||
ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
|
||||
c->addr_text.len = len;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic send path set to seq:%uL addr:%V",
|
||||
path->seqnum, &path->addr_text);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
{
|
||||
ngx_quic_path_t *next, *bkp;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
/* got non-probing packet via non-active path */
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3. Responding to Connection Migration
|
||||
*
|
||||
* An endpoint only changes the address to which it sends packets in
|
||||
* response to the highest-numbered non-probing packet.
|
||||
*/
|
||||
if (pkt->pn != ctx->largest_pn) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
next = pkt->path;
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3.3:
|
||||
*
|
||||
* In response to an apparent migration, endpoints MUST validate the
|
||||
* previously active path using a PATH_CHALLENGE frame.
|
||||
*/
|
||||
if (pkt->rebound) {
|
||||
|
||||
/* NAT rebinding: client uses new path with old SID */
|
||||
if (ngx_quic_validate_path(c, qc->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (qc->path->validated) {
|
||||
|
||||
if (next->tag != NGX_QUIC_PATH_BACKUP) {
|
||||
/* can delete backup path, if any */
|
||||
bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (bkp && ngx_quic_free_path(c, bkp) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
qc->path->tag = NGX_QUIC_PATH_BACKUP;
|
||||
ngx_quic_path_dbg(c, "is now backup", qc->path);
|
||||
|
||||
} else {
|
||||
if (ngx_quic_free_path(c, qc->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* switch active path to migrated */
|
||||
qc->path = next;
|
||||
qc->path->tag = NGX_QUIC_PATH_ACTIVE;
|
||||
|
||||
ngx_quic_set_connection_path(c, next);
|
||||
|
||||
if (!next->validated && !next->validating) {
|
||||
if (ngx_quic_validate_path(c, next) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic migrated to path seq:%uL addr:%V",
|
||||
qc->path->seqnum, &qc->path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is now active", qc->path);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_msec_t pto;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic initiated validation of path seq:%uL", path->seqnum);
|
||||
|
||||
path->validating = 1;
|
||||
|
||||
if (RAND_bytes(path->challenge1, 8) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (RAND_bytes(path->challenge2, 8) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
pto = ngx_quic_pto(c, ctx);
|
||||
|
||||
path->expires = ngx_current_msec + pto;
|
||||
path->tries = NGX_QUIC_PATH_RETRIES;
|
||||
|
||||
if (!qc->path_validation.timer_set) {
|
||||
ngx_add_timer(&qc->path_validation, pto);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_quic_frame_t frame;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL send path_challenge tries:%ui",
|
||||
path->seqnum, path->tries);
|
||||
|
||||
ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
frame.level = ssl_encryption_application;
|
||||
frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
|
||||
|
||||
ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.1. Initiating Path Validation
|
||||
*
|
||||
* An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
|
||||
* to at least the smallest allowed maximum datagram size of 1200 bytes,
|
||||
* unless the anti-amplification limit for the path does not permit
|
||||
* sending a datagram of this size.
|
||||
*/
|
||||
|
||||
/* same applies to PATH_RESPONSE frames */
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
|
||||
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_path_validation_handler(ngx_event_t *ev)
|
||||
{
|
||||
ngx_msec_t now;
|
||||
ngx_queue_t *q;
|
||||
ngx_msec_int_t left, next, pto;
|
||||
ngx_quic_path_t *path, *bkp;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ev->data;
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
pto = ngx_quic_pto(c, ctx);
|
||||
|
||||
next = -1;
|
||||
now = ngx_current_msec;
|
||||
|
||||
q = ngx_queue_head(&qc->paths);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->paths)) {
|
||||
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (!path->validating) {
|
||||
continue;
|
||||
}
|
||||
|
||||
left = path->expires - now;
|
||||
|
||||
if (left > 0) {
|
||||
|
||||
if (next == -1 || left < next) {
|
||||
next = left;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (--path->tries) {
|
||||
path->expires = ngx_current_msec + pto;
|
||||
|
||||
if (next == -1 || pto < next) {
|
||||
next = pto;
|
||||
}
|
||||
|
||||
/* retransmit */
|
||||
(void) ngx_quic_send_path_challenge(c, path);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"quic path seq:%uL validation failed", path->seqnum);
|
||||
|
||||
/* found expired path */
|
||||
|
||||
path->validated = 0;
|
||||
path->validating = 0;
|
||||
path->limited = 1;
|
||||
|
||||
|
||||
/* RFC 9000, 9.3.2. On-Path Address Spoofing
|
||||
*
|
||||
* To protect the connection from failing due to such a spurious
|
||||
* migration, an endpoint MUST revert to using the last validated
|
||||
* peer address when validation of a new peer address fails.
|
||||
*/
|
||||
|
||||
if (qc->path == path) {
|
||||
/* active path validation failed */
|
||||
|
||||
bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (bkp == NULL) {
|
||||
qc->error = NGX_QUIC_ERR_NO_VIABLE_PATH;
|
||||
qc->error_reason = "no viable path";
|
||||
ngx_quic_close_connection(c, NGX_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
qc->path = bkp;
|
||||
qc->path->tag = NGX_QUIC_PATH_ACTIVE;
|
||||
|
||||
ngx_quic_set_connection_path(c, qc->path);
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic path seq:%uL addr:%V is restored from backup",
|
||||
qc->path->seqnum, &qc->path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is active", qc->path);
|
||||
}
|
||||
|
||||
if (ngx_quic_free_path(c, path) != NGX_OK) {
|
||||
ngx_quic_close_connection(c, NGX_ERROR);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (next != -1) {
|
||||
ngx_add_timer(&qc->path_validation, next);
|
||||
}
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#define NGX_QUIC_PATH_RETRIES 3
|
||||
|
||||
#define NGX_QUIC_PATH_PROBE 0
|
||||
#define NGX_QUIC_PATH_ACTIVE 1
|
||||
#define NGX_QUIC_PATH_BACKUP 2
|
||||
|
||||
#define ngx_quic_path_dbg(c, msg, path) \
|
||||
ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0, \
|
||||
"quic path seq:%uL %s sent:%O recvd:%O state:%s%s%s", \
|
||||
path->seqnum, msg, path->sent, path->received, \
|
||||
path->limited ? "L" : "", path->validated ? "V": "N", \
|
||||
path->validating ? "R": "");
|
||||
|
||||
ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c,
|
||||
ngx_quic_path_challenge_frame_t *f);
|
||||
|
||||
ngx_quic_path_t *ngx_quic_new_path(ngx_connection_t *c,
|
||||
struct sockaddr *sockaddr, socklen_t socklen, ngx_quic_client_id_t *cid);
|
||||
ngx_int_t ngx_quic_free_path(ngx_connection_t *c, ngx_quic_path_t *path);
|
||||
|
||||
ngx_int_t ngx_quic_set_path(ngx_connection_t *c, ngx_quic_header_t *pkt);
|
||||
ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt);
|
||||
|
||||
void ngx_quic_path_validation_handler(ngx_event_t *ev);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */
|
|
@ -1,646 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_COMPAT)
|
||||
|
||||
#define NGX_QUIC_COMPAT_RECORD_SIZE 1024
|
||||
|
||||
#define NGX_QUIC_COMPAT_SSL_TP_EXT 0x39
|
||||
|
||||
#define NGX_QUIC_COMPAT_CLIENT_HANDSHAKE "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
|
||||
#define NGX_QUIC_COMPAT_SERVER_HANDSHAKE "SERVER_HANDSHAKE_TRAFFIC_SECRET"
|
||||
#define NGX_QUIC_COMPAT_CLIENT_APPLICATION "CLIENT_TRAFFIC_SECRET_0"
|
||||
#define NGX_QUIC_COMPAT_SERVER_APPLICATION "SERVER_TRAFFIC_SECRET_0"
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_quic_secret_t secret;
|
||||
ngx_uint_t cipher;
|
||||
} ngx_quic_compat_keys_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_log_t *log;
|
||||
|
||||
u_char type;
|
||||
ngx_str_t payload;
|
||||
uint64_t number;
|
||||
ngx_quic_compat_keys_t *keys;
|
||||
|
||||
enum ssl_encryption_level_t level;
|
||||
} ngx_quic_compat_record_t;
|
||||
|
||||
|
||||
struct ngx_quic_compat_s {
|
||||
const SSL_QUIC_METHOD *method;
|
||||
|
||||
enum ssl_encryption_level_t write_level;
|
||||
enum ssl_encryption_level_t read_level;
|
||||
|
||||
uint64_t read_record;
|
||||
ngx_quic_compat_keys_t keys;
|
||||
|
||||
ngx_str_t tp;
|
||||
ngx_str_t ctp;
|
||||
};
|
||||
|
||||
|
||||
static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line);
|
||||
static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
|
||||
ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level,
|
||||
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
|
||||
static int ngx_quic_compat_add_transport_params_callback(SSL *ssl,
|
||||
unsigned int ext_type, unsigned int context, const unsigned char **out,
|
||||
size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg);
|
||||
static int ngx_quic_compat_parse_transport_params_callback(SSL *ssl,
|
||||
unsigned int ext_type, unsigned int context, const unsigned char *in,
|
||||
size_t inlen, X509 *x, size_t chainidx, int *al, void *parse_arg);
|
||||
static void ngx_quic_compat_message_callback(int write_p, int version,
|
||||
int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
|
||||
static size_t ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec,
|
||||
u_char *out, ngx_uint_t plain);
|
||||
static ngx_int_t ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec,
|
||||
ngx_str_t *res);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx)
|
||||
{
|
||||
SSL_CTX_set_keylog_callback(ctx, ngx_quic_compat_keylog_callback);
|
||||
|
||||
if (SSL_CTX_has_client_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT)) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (SSL_CTX_add_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT,
|
||||
SSL_EXT_CLIENT_HELLO
|
||||
|SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
|
||||
ngx_quic_compat_add_transport_params_callback,
|
||||
NULL,
|
||||
NULL,
|
||||
ngx_quic_compat_parse_transport_params_callback,
|
||||
NULL)
|
||||
== 0)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"SSL_CTX_add_custom_ext() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line)
|
||||
{
|
||||
u_char ch, *p, *start, value;
|
||||
size_t n;
|
||||
ngx_uint_t write;
|
||||
const SSL_CIPHER *cipher;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
enum ssl_encryption_level_t level;
|
||||
u_char secret[EVP_MAX_MD_SIZE];
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
if (c->type != SOCK_DGRAM) {
|
||||
return;
|
||||
}
|
||||
|
||||
p = (u_char *) line;
|
||||
|
||||
for (start = p; *p && *p != ' '; p++);
|
||||
|
||||
n = p - start;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat secret %*s", n, start);
|
||||
|
||||
if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_HANDSHAKE) - 1
|
||||
&& ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_HANDSHAKE, n) == 0)
|
||||
{
|
||||
level = ssl_encryption_handshake;
|
||||
write = 0;
|
||||
|
||||
} else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_HANDSHAKE) - 1
|
||||
&& ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_HANDSHAKE, n) == 0)
|
||||
{
|
||||
level = ssl_encryption_handshake;
|
||||
write = 1;
|
||||
|
||||
} else if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_APPLICATION) - 1
|
||||
&& ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_APPLICATION, n)
|
||||
== 0)
|
||||
{
|
||||
level = ssl_encryption_application;
|
||||
write = 0;
|
||||
|
||||
} else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_APPLICATION) - 1
|
||||
&& ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_APPLICATION, n)
|
||||
== 0)
|
||||
{
|
||||
level = ssl_encryption_application;
|
||||
write = 1;
|
||||
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
if (*p++ == '\0') {
|
||||
return;
|
||||
}
|
||||
|
||||
for ( /* void */ ; *p && *p != ' '; p++);
|
||||
|
||||
if (*p++ == '\0') {
|
||||
return;
|
||||
}
|
||||
|
||||
for (n = 0, start = p; *p; p++) {
|
||||
ch = *p;
|
||||
|
||||
if (ch >= '0' && ch <= '9') {
|
||||
value = ch - '0';
|
||||
goto next;
|
||||
}
|
||||
|
||||
ch = (u_char) (ch | 0x20);
|
||||
|
||||
if (ch >= 'a' && ch <= 'f') {
|
||||
value = ch - 'a' + 10;
|
||||
goto next;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_EMERG, c->log, 0,
|
||||
"invalid OpenSSL QUIC secret format");
|
||||
|
||||
return;
|
||||
|
||||
next:
|
||||
|
||||
if ((p - start) % 2) {
|
||||
secret[n++] += value;
|
||||
|
||||
} else {
|
||||
if (n >= EVP_MAX_MD_SIZE) {
|
||||
ngx_log_error(NGX_LOG_EMERG, c->log, 0,
|
||||
"too big OpenSSL QUIC secret");
|
||||
return;
|
||||
}
|
||||
|
||||
secret[n] = (value << 4);
|
||||
}
|
||||
}
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
cipher = SSL_get_current_cipher(ssl);
|
||||
|
||||
if (write) {
|
||||
com->method->set_write_secret((SSL *) ssl, level, cipher, secret, n);
|
||||
com->write_level = level;
|
||||
|
||||
} else {
|
||||
com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n);
|
||||
com->read_level = level;
|
||||
com->read_record = 0;
|
||||
|
||||
(void) ngx_quic_compat_set_encryption_secret(c->log, &com->keys, level,
|
||||
cipher, secret, n);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
|
||||
ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level,
|
||||
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
|
||||
{
|
||||
ngx_int_t key_len;
|
||||
ngx_str_t secret_str;
|
||||
ngx_uint_t i;
|
||||
ngx_quic_hkdf_t seq[2];
|
||||
ngx_quic_secret_t *peer_secret;
|
||||
ngx_quic_ciphers_t ciphers;
|
||||
|
||||
peer_secret = &keys->secret;
|
||||
|
||||
keys->cipher = SSL_CIPHER_get_id(cipher);
|
||||
|
||||
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
|
||||
|
||||
if (key_len == NGX_ERROR) {
|
||||
ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (sizeof(peer_secret->secret.data) < secret_len) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, 0,
|
||||
"unexpected secret len: %uz", secret_len);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
peer_secret->secret.len = secret_len;
|
||||
ngx_memcpy(peer_secret->secret.data, secret, secret_len);
|
||||
|
||||
peer_secret->key.len = key_len;
|
||||
peer_secret->iv.len = NGX_QUIC_IV_LEN;
|
||||
|
||||
secret_str.len = secret_len;
|
||||
secret_str.data = (u_char *) secret;
|
||||
|
||||
ngx_quic_hkdf_set(&seq[0], "tls13 key", &peer_secret->key, &secret_str);
|
||||
ngx_quic_hkdf_set(&seq[1], "tls13 iv", &peer_secret->iv, &secret_str);
|
||||
|
||||
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
|
||||
if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type,
|
||||
unsigned int context, const unsigned char **out, size_t *outlen, X509 *x,
|
||||
size_t chainidx, int *al, void *add_arg)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
if (c->type != SOCK_DGRAM) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat add transport params");
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
|
||||
*out = com->tp.data;
|
||||
*outlen = com->tp.len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_compat_parse_transport_params_callback(SSL *ssl, unsigned int ext_type,
|
||||
unsigned int context, const unsigned char *in, size_t inlen, X509 *x,
|
||||
size_t chainidx, int *al, void *parse_arg)
|
||||
{
|
||||
u_char *p;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
if (c->type != SOCK_DGRAM) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat parse transport params");
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
|
||||
p = ngx_pnalloc(c->pool, inlen);
|
||||
if (p == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ngx_memcpy(p, in, inlen);
|
||||
|
||||
com->ctp.data = p;
|
||||
com->ctp.len = inlen;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method)
|
||||
{
|
||||
BIO *rbio, *wbio;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat set method");
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
qc->compat = ngx_pcalloc(c->pool, sizeof(ngx_quic_compat_t));
|
||||
if (qc->compat == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
com = qc->compat;
|
||||
com->method = quic_method;
|
||||
|
||||
rbio = BIO_new(BIO_s_mem());
|
||||
if (rbio == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
wbio = BIO_new(BIO_s_null());
|
||||
if (wbio == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
SSL_set_bio(ssl, rbio, wbio);
|
||||
|
||||
SSL_set_msg_callback(ssl, ngx_quic_compat_message_callback);
|
||||
|
||||
/* early data is not supported */
|
||||
SSL_set_max_early_data(ssl, 0);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_compat_message_callback(int write_p, int version, int content_type,
|
||||
const void *buf, size_t len, SSL *ssl, void *arg)
|
||||
{
|
||||
ngx_uint_t alert;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
enum ssl_encryption_level_t level;
|
||||
|
||||
if (!write_p) {
|
||||
return;
|
||||
}
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (qc == NULL) {
|
||||
/* closing */
|
||||
return;
|
||||
}
|
||||
|
||||
com = qc->compat;
|
||||
level = com->write_level;
|
||||
|
||||
switch (content_type) {
|
||||
|
||||
case SSL3_RT_HANDSHAKE:
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat tx %s len:%uz ",
|
||||
ngx_quic_level_name(level), len);
|
||||
|
||||
(void) com->method->add_handshake_data(ssl, level, buf, len);
|
||||
|
||||
break;
|
||||
|
||||
case SSL3_RT_ALERT:
|
||||
if (len >= 2) {
|
||||
alert = ((u_char *) buf)[1];
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat %s alert:%ui len:%uz ",
|
||||
ngx_quic_level_name(level), alert, len);
|
||||
|
||||
(void) com->method->send_alert(ssl, level, alert);
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
const uint8_t *data, size_t len)
|
||||
{
|
||||
BIO *rbio;
|
||||
size_t n;
|
||||
u_char *p;
|
||||
ngx_str_t res;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
ngx_quic_compat_record_t rec;
|
||||
u_char in[NGX_QUIC_COMPAT_RECORD_SIZE + 1];
|
||||
u_char out[NGX_QUIC_COMPAT_RECORD_SIZE + 1
|
||||
+ SSL3_RT_HEADER_LENGTH
|
||||
+ EVP_GCM_TLS_TAG_LEN];
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz",
|
||||
ngx_quic_level_name(level), len);
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
rbio = SSL_get_rbio(ssl);
|
||||
|
||||
while (len) {
|
||||
ngx_memzero(&rec, sizeof(ngx_quic_compat_record_t));
|
||||
|
||||
rec.type = SSL3_RT_HANDSHAKE;
|
||||
rec.log = c->log;
|
||||
rec.number = com->read_record++;
|
||||
rec.keys = &com->keys;
|
||||
|
||||
if (level == ssl_encryption_initial) {
|
||||
n = ngx_min(len, 65535);
|
||||
|
||||
rec.payload.len = n;
|
||||
rec.payload.data = (u_char *) data;
|
||||
|
||||
ngx_quic_compat_create_header(&rec, out, 1);
|
||||
|
||||
BIO_write(rbio, out, SSL3_RT_HEADER_LENGTH);
|
||||
BIO_write(rbio, data, n);
|
||||
|
||||
#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
|
||||
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat record len:%uz %*xs%*xs",
|
||||
n + SSL3_RT_HEADER_LENGTH,
|
||||
(size_t) SSL3_RT_HEADER_LENGTH, out, n, data);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
n = ngx_min(len, NGX_QUIC_COMPAT_RECORD_SIZE);
|
||||
|
||||
p = ngx_cpymem(in, data, n);
|
||||
*p++ = SSL3_RT_HANDSHAKE;
|
||||
|
||||
rec.payload.len = p - in;
|
||||
rec.payload.data = in;
|
||||
|
||||
res.data = out;
|
||||
|
||||
if (ngx_quic_compat_create_record(&rec, &res) != NGX_OK) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat record len:%uz %xV", res.len, &res);
|
||||
#endif
|
||||
|
||||
BIO_write(rbio, res.data, res.len);
|
||||
}
|
||||
|
||||
data += n;
|
||||
len -= n;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static size_t
|
||||
ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, u_char *out,
|
||||
ngx_uint_t plain)
|
||||
{
|
||||
u_char type;
|
||||
size_t len;
|
||||
|
||||
len = rec->payload.len;
|
||||
|
||||
if (plain) {
|
||||
type = rec->type;
|
||||
|
||||
} else {
|
||||
type = SSL3_RT_APPLICATION_DATA;
|
||||
len += EVP_GCM_TLS_TAG_LEN;
|
||||
}
|
||||
|
||||
out[0] = type;
|
||||
out[1] = 0x03;
|
||||
out[2] = 0x03;
|
||||
out[3] = (len >> 8);
|
||||
out[4] = len;
|
||||
|
||||
return 5;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res)
|
||||
{
|
||||
ngx_str_t ad, out;
|
||||
ngx_quic_secret_t *secret;
|
||||
ngx_quic_ciphers_t ciphers;
|
||||
u_char nonce[NGX_QUIC_IV_LEN];
|
||||
|
||||
ad.data = res->data;
|
||||
ad.len = ngx_quic_compat_create_header(rec, ad.data, 0);
|
||||
|
||||
out.len = rec->payload.len + EVP_GCM_TLS_TAG_LEN;
|
||||
out.data = res->data + ad.len;
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, rec->log, 0,
|
||||
"quic compat ad len:%uz %xV", ad.len, &ad);
|
||||
#endif
|
||||
|
||||
if (ngx_quic_ciphers(rec->keys->cipher, &ciphers, rec->level) == NGX_ERROR)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
secret = &rec->keys->secret;
|
||||
|
||||
ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
|
||||
ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number);
|
||||
|
||||
if (ngx_quic_tls_seal(ciphers.c, secret, &out,
|
||||
nonce, &rec->payload, &ad, rec->log)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
res->len = ad.len + out.len;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
enum ssl_encryption_level_t
|
||||
SSL_quic_read_level(const SSL *ssl)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
return qc->compat->read_level;
|
||||
}
|
||||
|
||||
|
||||
enum ssl_encryption_level_t
|
||||
SSL_quic_write_level(const SSL *ssl)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
return qc->compat->write_level;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
|
||||
size_t params_len)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
|
||||
com->tp.len = params_len;
|
||||
com->tp.data = (u_char *) params;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
|
||||
size_t *out_params_len)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_compat_t *com;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
|
||||
*out_params = com->ctp.data;
|
||||
*out_params_len = com->ctp.len;
|
||||
}
|
||||
|
||||
#endif /* NGX_QUIC_OPENSSL_COMPAT */
|
|
@ -1,60 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
|
||||
|
||||
#ifdef TLSEXT_TYPE_quic_transport_parameters
|
||||
#undef NGX_QUIC_OPENSSL_COMPAT
|
||||
#else
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
typedef struct ngx_quic_compat_s ngx_quic_compat_t;
|
||||
|
||||
|
||||
enum ssl_encryption_level_t {
|
||||
ssl_encryption_initial = 0,
|
||||
ssl_encryption_early_data,
|
||||
ssl_encryption_handshake,
|
||||
ssl_encryption_application
|
||||
};
|
||||
|
||||
|
||||
typedef struct ssl_quic_method_st {
|
||||
int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
const SSL_CIPHER *cipher,
|
||||
const uint8_t *rsecret, size_t secret_len);
|
||||
int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
const SSL_CIPHER *cipher,
|
||||
const uint8_t *wsecret, size_t secret_len);
|
||||
int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
const uint8_t *data, size_t len);
|
||||
int (*flush_flight)(SSL *ssl);
|
||||
int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
uint8_t alert);
|
||||
} SSL_QUIC_METHOD;
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx);
|
||||
|
||||
int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method);
|
||||
int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
const uint8_t *data, size_t len);
|
||||
enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
|
||||
enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
|
||||
int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
|
||||
size_t params_len);
|
||||
void SSL_get_peer_quic_transport_params(const SSL *ssl,
|
||||
const uint8_t **out_params, size_t *out_params_len);
|
||||
|
||||
|
||||
#endif /* TLSEXT_TYPE_quic_transport_parameters */
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,40 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
size_t ngx_quic_max_udp_payload(ngx_connection_t *c);
|
||||
|
||||
ngx_int_t ngx_quic_output(ngx_connection_t *c);
|
||||
|
||||
ngx_int_t ngx_quic_negotiate_version(ngx_connection_t *c,
|
||||
ngx_quic_header_t *inpkt);
|
||||
|
||||
ngx_int_t ngx_quic_send_stateless_reset(ngx_connection_t *c,
|
||||
ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
|
||||
ngx_int_t ngx_quic_send_cc(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_send_early_cc(ngx_connection_t *c,
|
||||
ngx_quic_header_t *inpkt, ngx_uint_t err, const char *reason);
|
||||
|
||||
ngx_int_t ngx_quic_send_retry(ngx_connection_t *c,
|
||||
ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
|
||||
ngx_int_t ngx_quic_send_new_token(ngx_connection_t *c, ngx_quic_path_t *path);
|
||||
|
||||
ngx_int_t ngx_quic_send_ack(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx);
|
||||
ngx_int_t ngx_quic_send_ack_range(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx, uint64_t smallest, uint64_t largest);
|
||||
|
||||
ngx_int_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame,
|
||||
size_t min, ngx_quic_path_t *path);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,114 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#include <ngx_event_quic_transport.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
|
||||
|
||||
/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
|
||||
#define NGX_QUIC_IV_LEN 12
|
||||
|
||||
/* largest hash used in TLS is SHA-384 */
|
||||
#define NGX_QUIC_MAX_MD_SIZE 48
|
||||
|
||||
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
#define ngx_quic_cipher_t EVP_AEAD
|
||||
#else
|
||||
#define ngx_quic_cipher_t EVP_CIPHER
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct {
|
||||
size_t len;
|
||||
u_char data[NGX_QUIC_MAX_MD_SIZE];
|
||||
} ngx_quic_md_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
size_t len;
|
||||
u_char data[NGX_QUIC_IV_LEN];
|
||||
} ngx_quic_iv_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_quic_md_t secret;
|
||||
ngx_quic_md_t key;
|
||||
ngx_quic_iv_t iv;
|
||||
ngx_quic_md_t hp;
|
||||
} ngx_quic_secret_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_quic_secret_t client;
|
||||
ngx_quic_secret_t server;
|
||||
} ngx_quic_secrets_t;
|
||||
|
||||
|
||||
struct ngx_quic_keys_s {
|
||||
ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
|
||||
ngx_quic_secrets_t next_key;
|
||||
ngx_uint_t cipher;
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
const ngx_quic_cipher_t *c;
|
||||
const EVP_CIPHER *hp;
|
||||
const EVP_MD *d;
|
||||
} ngx_quic_ciphers_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
size_t out_len;
|
||||
u_char *out;
|
||||
|
||||
size_t prk_len;
|
||||
const uint8_t *prk;
|
||||
|
||||
size_t label_len;
|
||||
const u_char *label;
|
||||
} ngx_quic_hkdf_t;
|
||||
|
||||
#define ngx_quic_hkdf_set(seq, _label, _out, _prk) \
|
||||
(seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \
|
||||
(seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \
|
||||
(seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label);
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
|
||||
ngx_str_t *secret, ngx_log_t *log);
|
||||
ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
|
||||
ngx_uint_t is_write, ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level);
|
||||
void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level);
|
||||
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
|
||||
ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys);
|
||||
ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
|
||||
ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
|
||||
void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
|
||||
ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
|
||||
enum ssl_encryption_level_t level);
|
||||
ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
|
||||
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
|
||||
ngx_str_t *ad, ngx_log_t *log);
|
||||
ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
|
||||
ngx_log_t *log);
|
||||
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */
|
|
@ -1,237 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_open_sockets(ngx_connection_t *c, ngx_quic_connection_t *qc,
|
||||
ngx_quic_header_t *pkt)
|
||||
{
|
||||
ngx_quic_socket_t *qsock, *tmp;
|
||||
ngx_quic_client_id_t *cid;
|
||||
|
||||
/*
|
||||
* qc->path = NULL
|
||||
*
|
||||
* qc->nclient_ids = 0
|
||||
* qc->nsockets = 0
|
||||
* qc->max_retired_seqnum = 0
|
||||
* qc->client_seqnum = 0
|
||||
*/
|
||||
|
||||
ngx_queue_init(&qc->sockets);
|
||||
ngx_queue_init(&qc->free_sockets);
|
||||
|
||||
ngx_queue_init(&qc->paths);
|
||||
ngx_queue_init(&qc->free_paths);
|
||||
|
||||
ngx_queue_init(&qc->client_ids);
|
||||
ngx_queue_init(&qc->free_client_ids);
|
||||
|
||||
qc->tp.original_dcid.len = pkt->odcid.len;
|
||||
qc->tp.original_dcid.data = ngx_pstrdup(c->pool, &pkt->odcid);
|
||||
if (qc->tp.original_dcid.data == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* socket to use for further processing (id auto-generated) */
|
||||
qsock = ngx_quic_create_socket(c, qc);
|
||||
if (qsock == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* socket is listening at new server id */
|
||||
if (ngx_quic_listen(c, qc, qsock) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qsock->used = 1;
|
||||
|
||||
qc->tp.initial_scid.len = qsock->sid.len;
|
||||
qc->tp.initial_scid.data = ngx_pnalloc(c->pool, qsock->sid.len);
|
||||
if (qc->tp.initial_scid.data == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
ngx_memcpy(qc->tp.initial_scid.data, qsock->sid.id, qsock->sid.len);
|
||||
|
||||
/* for all packets except first, this is set at udp layer */
|
||||
c->udp = &qsock->udp;
|
||||
|
||||
/* ngx_quic_get_connection(c) macro is now usable */
|
||||
|
||||
/* we have a client identified by scid */
|
||||
cid = ngx_quic_create_client_id(c, &pkt->scid, 0, NULL);
|
||||
if (cid == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* path of the first packet is our initial active path */
|
||||
qc->path = ngx_quic_new_path(c, c->sockaddr, c->socklen, cid);
|
||||
if (qc->path == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
qc->path->tag = NGX_QUIC_PATH_ACTIVE;
|
||||
|
||||
if (pkt->validated) {
|
||||
qc->path->validated = 1;
|
||||
qc->path->limited = 0;
|
||||
}
|
||||
|
||||
ngx_quic_path_dbg(c, "set active", qc->path);
|
||||
|
||||
tmp = ngx_pcalloc(c->pool, sizeof(ngx_quic_socket_t));
|
||||
if (tmp == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
tmp->sid.seqnum = NGX_QUIC_UNSET_PN; /* temporary socket */
|
||||
|
||||
ngx_memcpy(tmp->sid.id, pkt->odcid.data, pkt->odcid.len);
|
||||
tmp->sid.len = pkt->odcid.len;
|
||||
|
||||
if (ngx_quic_listen(c, qc, tmp) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
failed:
|
||||
|
||||
ngx_rbtree_delete(&c->listening->rbtree, &qsock->udp.node);
|
||||
c->udp = NULL;
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_socket_t *
|
||||
ngx_quic_create_socket(ngx_connection_t *c, ngx_quic_connection_t *qc)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_socket_t *sock;
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_sockets)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_sockets);
|
||||
sock = ngx_queue_data(q, ngx_quic_socket_t, queue);
|
||||
|
||||
ngx_queue_remove(&sock->queue);
|
||||
|
||||
ngx_memzero(sock, sizeof(ngx_quic_socket_t));
|
||||
|
||||
} else {
|
||||
|
||||
sock = ngx_pcalloc(c->pool, sizeof(ngx_quic_socket_t));
|
||||
if (sock == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
sock->sid.len = NGX_QUIC_SERVER_CID_LEN;
|
||||
if (ngx_quic_create_server_id(c, sock->sid.id) != NGX_OK) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sock->sid.seqnum = qc->server_seqnum++;
|
||||
|
||||
return sock;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_close_socket(ngx_connection_t *c, ngx_quic_socket_t *qsock)
|
||||
{
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_queue_remove(&qsock->queue);
|
||||
ngx_queue_insert_head(&qc->free_sockets, &qsock->queue);
|
||||
|
||||
ngx_rbtree_delete(&c->listening->rbtree, &qsock->udp.node);
|
||||
qc->nsockets--;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic socket seq:%L closed nsock:%ui",
|
||||
(int64_t) qsock->sid.seqnum, qc->nsockets);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_listen(ngx_connection_t *c, ngx_quic_connection_t *qc,
|
||||
ngx_quic_socket_t *qsock)
|
||||
{
|
||||
ngx_str_t id;
|
||||
ngx_quic_server_id_t *sid;
|
||||
|
||||
sid = &qsock->sid;
|
||||
|
||||
id.data = sid->id;
|
||||
id.len = sid->len;
|
||||
|
||||
qsock->udp.connection = c;
|
||||
qsock->udp.node.key = ngx_crc32_long(id.data, id.len);
|
||||
|
||||
ngx_rbtree_insert(&c->listening->rbtree, &qsock->udp.node);
|
||||
|
||||
ngx_queue_insert_tail(&qc->sockets, &qsock->queue);
|
||||
|
||||
qc->nsockets++;
|
||||
qsock->quic = qc;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic socket seq:%L listening at sid:%xV nsock:%ui",
|
||||
(int64_t) sid->seqnum, &id, qc->nsockets);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_close_sockets(ngx_connection_t *c)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
while (!ngx_queue_empty(&qc->sockets)) {
|
||||
q = ngx_queue_head(&qc->sockets);
|
||||
qsock = ngx_queue_data(q, ngx_quic_socket_t, queue);
|
||||
|
||||
ngx_quic_close_socket(c, qsock);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_socket_t *
|
||||
ngx_quic_find_socket(ngx_connection_t *c, uint64_t seqnum)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
for (q = ngx_queue_head(&qc->sockets);
|
||||
q != ngx_queue_sentinel(&qc->sockets);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
qsock = ngx_queue_data(q, ngx_quic_socket_t, queue);
|
||||
|
||||
if (qsock->sid.seqnum == seqnum) {
|
||||
return qsock;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_SOCKET_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_SOCKET_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_open_sockets(ngx_connection_t *c,
|
||||
ngx_quic_connection_t *qc, ngx_quic_header_t *pkt);
|
||||
void ngx_quic_close_sockets(ngx_connection_t *c);
|
||||
|
||||
ngx_quic_socket_t *ngx_quic_create_socket(ngx_connection_t *c,
|
||||
ngx_quic_connection_t *qc);
|
||||
ngx_int_t ngx_quic_listen(ngx_connection_t *c, ngx_quic_connection_t *qc,
|
||||
ngx_quic_socket_t *qsock);
|
||||
void ngx_quic_close_socket(ngx_connection_t *c, ngx_quic_socket_t *qsock);
|
||||
|
||||
ngx_quic_socket_t *ngx_quic_find_socket(ngx_connection_t *c, uint64_t seqnum);
|
||||
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_SOCKET_H_INCLUDED_ */
|
|
@ -1,600 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
#if defined OPENSSL_IS_BORINGSSL \
|
||||
|| defined LIBRESSL_VERSION_NUMBER \
|
||||
|| NGX_QUIC_OPENSSL_COMPAT
|
||||
#define NGX_QUIC_BORINGSSL_API 1
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* RFC 9000, 7.5. Cryptographic Message Buffering
|
||||
*
|
||||
* Implementations MUST support buffering at least 4096 bytes of data
|
||||
*/
|
||||
#define NGX_QUIC_MAX_BUFFERED 65535
|
||||
|
||||
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
#else
|
||||
static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *read_secret,
|
||||
const uint8_t *write_secret, size_t secret_len);
|
||||
#endif
|
||||
|
||||
static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
|
||||
static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
|
||||
static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, uint8_t alert);
|
||||
static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data);
|
||||
|
||||
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
|
||||
static int
|
||||
ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *rsecret, size_t secret_len)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_read_secret() level:%d", level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic read secret len:%uz %*xs", secret_len,
|
||||
secret_len, rsecret);
|
||||
#endif
|
||||
|
||||
if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
|
||||
cipher, rsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *wsecret, size_t secret_len)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_write_secret() level:%d", level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic write secret len:%uz %*xs", secret_len,
|
||||
secret_len, wsecret);
|
||||
#endif
|
||||
|
||||
if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
|
||||
cipher, wsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
static int
|
||||
ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *rsecret,
|
||||
const uint8_t *wsecret, size_t secret_len)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
const SSL_CIPHER *cipher;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_encryption_secrets() level:%d", level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic read secret len:%uz %*xs", secret_len,
|
||||
secret_len, rsecret);
|
||||
#endif
|
||||
|
||||
cipher = SSL_get_current_cipher(ssl_conn);
|
||||
|
||||
if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
|
||||
cipher, rsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (level == ssl_encryption_early_data) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic write secret len:%uz %*xs", secret_len,
|
||||
secret_len, wsecret);
|
||||
#endif
|
||||
|
||||
if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
|
||||
cipher, wsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
|
||||
{
|
||||
u_char *p, *end;
|
||||
size_t client_params_len;
|
||||
ngx_chain_t *out;
|
||||
const uint8_t *client_params;
|
||||
ngx_quic_tp_t ctp;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
|
||||
unsigned int alpn_len;
|
||||
const unsigned char *alpn_data;
|
||||
#endif
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_add_handshake_data");
|
||||
|
||||
if (!qc->client_tp_done) {
|
||||
/*
|
||||
* things to do once during handshake: check ALPN and transport
|
||||
* parameters; we want to break handshake if something is wrong
|
||||
* here;
|
||||
*/
|
||||
|
||||
#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
|
||||
|
||||
SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
|
||||
|
||||
if (alpn_len == 0) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
|
||||
qc->error_reason = "unsupported protocol in ALPN extension";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic unsupported protocol in ALPN extension");
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
|
||||
&client_params_len);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic SSL_get_peer_quic_transport_params():"
|
||||
" params_len:%ui", client_params_len);
|
||||
|
||||
if (client_params_len == 0) {
|
||||
/* RFC 9001, 8.2. QUIC Transport Parameters Extension */
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
|
||||
qc->error_reason = "missing transport parameters";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"missing transport parameters");
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = (u_char *) client_params;
|
||||
end = p + client_params_len;
|
||||
|
||||
/* defaults for parameters not sent by client */
|
||||
ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));
|
||||
|
||||
if (ngx_quic_parse_transport_params(p, end, &ctp, c->log)
|
||||
!= NGX_OK)
|
||||
{
|
||||
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
|
||||
qc->error_reason = "failed to process transport parameters";
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
qc->client_tp_done = 1;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, level);
|
||||
|
||||
out = ngx_quic_copy_buffer(c, (u_char *) data, len);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
frame->data = out;
|
||||
frame->level = level;
|
||||
frame->type = NGX_QUIC_FT_CRYPTO;
|
||||
frame->u.crypto.offset = ctx->crypto_sent;
|
||||
frame->u.crypto.length = len;
|
||||
|
||||
ctx->crypto_sent += len;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
|
||||
{
|
||||
#if (NGX_DEBUG)
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_flush_flight()");
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
|
||||
uint8_t alert)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_send_alert() level:%s alert:%d",
|
||||
ngx_quic_level_name(level), (int) alert);
|
||||
|
||||
/* already closed on regular shutdown */
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
if (qc == NULL) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(alert);
|
||||
qc->error_reason = "handshake failed";
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
ngx_quic_frame_t *frame)
|
||||
{
|
||||
uint64_t last;
|
||||
ngx_chain_t *cl;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
ngx_quic_crypto_frame_t *f;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
f = &frame->u.crypto;
|
||||
|
||||
/* no overflow since both values are 62-bit */
|
||||
last = f->offset + f->length;
|
||||
|
||||
if (last > ctx->crypto.offset + NGX_QUIC_MAX_BUFFERED) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (last <= ctx->crypto.offset) {
|
||||
if (pkt->level == ssl_encryption_initial) {
|
||||
/* speeding up handshake completion */
|
||||
|
||||
if (!ngx_queue_empty(&ctx->sent)) {
|
||||
ngx_quic_resend_frames(c, ctx);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
|
||||
while (!ngx_queue_empty(&ctx->sent)) {
|
||||
ngx_quic_resend_frames(c, ctx);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (f->offset == ctx->crypto.offset) {
|
||||
if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_skip_buffer(c, &ctx->crypto, last);
|
||||
|
||||
} else {
|
||||
if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
|
||||
f->offset)
|
||||
== NGX_CHAIN_ERROR)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
|
||||
|
||||
if (cl) {
|
||||
if (ngx_quic_crypto_input(c, cl) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_free_chain(c, cl);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
|
||||
{
|
||||
int n, sslerr;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl;
|
||||
ngx_ssl_conn_t *ssl_conn;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ssl_conn = c->ssl->connection;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
|
||||
(int) SSL_quic_read_level(ssl_conn),
|
||||
(int) SSL_quic_write_level(ssl_conn));
|
||||
|
||||
for (cl = data; cl; cl = cl->next) {
|
||||
b = cl->buf;
|
||||
|
||||
if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn),
|
||||
b->pos, b->last - b->pos))
|
||||
{
|
||||
ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
|
||||
"SSL_provide_quic_data() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
n = SSL_do_handshake(ssl_conn);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
|
||||
(int) SSL_quic_read_level(ssl_conn),
|
||||
(int) SSL_quic_write_level(ssl_conn));
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
|
||||
|
||||
if (n <= 0) {
|
||||
sslerr = SSL_get_error(ssl_conn, n);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
|
||||
sslerr);
|
||||
|
||||
if (sslerr != SSL_ERROR_WANT_READ) {
|
||||
|
||||
if (c->ssl->handshake_rejected) {
|
||||
ngx_connection_error(c, 0, "handshake rejected");
|
||||
ERR_clear_error();
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (n <= 0 || SSL_in_init(ssl_conn)) {
|
||||
if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data)
|
||||
&& qc->client_tp_done)
|
||||
{
|
||||
if (ngx_quic_init_streams(c) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
ngx_ssl_handshake_log(c);
|
||||
#endif
|
||||
|
||||
c->ssl->handshaked = 1;
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
if (qc->conf->retry) {
|
||||
if (ngx_quic_send_new_token(c, qc->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 9001, 9.5. Header Protection Timing Side Channels
|
||||
*
|
||||
* Generating next keys before a key update is received.
|
||||
*/
|
||||
|
||||
if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 9001, 4.9.2. Discarding Handshake Keys
|
||||
*
|
||||
* An endpoint MUST discard its Handshake keys
|
||||
* when the TLS handshake is confirmed.
|
||||
*/
|
||||
ngx_quic_discard_ctx(c, ssl_encryption_handshake);
|
||||
|
||||
/* start accepting clients on negotiated number of server ids */
|
||||
if (ngx_quic_create_sockets(c) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_init_streams(c) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_init_connection(ngx_connection_t *c)
|
||||
{
|
||||
u_char *p;
|
||||
size_t clen;
|
||||
ssize_t len;
|
||||
ngx_str_t dcid;
|
||||
ngx_ssl_conn_t *ssl_conn;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
static SSL_QUIC_METHOD quic_method;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (ngx_ssl_create_connection(qc->conf->ssl, c, 0) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
c->ssl->no_wait_shutdown = 1;
|
||||
|
||||
ssl_conn = c->ssl->connection;
|
||||
|
||||
if (!quic_method.send_alert) {
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
quic_method.set_read_secret = ngx_quic_set_read_secret;
|
||||
quic_method.set_write_secret = ngx_quic_set_write_secret;
|
||||
#else
|
||||
quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets;
|
||||
#endif
|
||||
quic_method.add_handshake_data = ngx_quic_add_handshake_data;
|
||||
quic_method.flush_flight = ngx_quic_flush_flight;
|
||||
quic_method.send_alert = ngx_quic_send_alert;
|
||||
}
|
||||
|
||||
if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic SSL_set_quic_method() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_INFO_QUIC
|
||||
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
|
||||
SSL_set_quic_early_data_enabled(ssl_conn, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
dcid.data = qsock->sid.id;
|
||||
dcid.len = qsock->sid.len;
|
||||
|
||||
if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
|
||||
/* always succeeds */
|
||||
|
||||
p = ngx_pnalloc(c->pool, len);
|
||||
if (p == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
|
||||
if (len < 0) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_PACKETS
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic transport parameters len:%uz %*xs", len, len, p);
|
||||
#endif
|
||||
|
||||
if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic SSL_set_quic_transport_params() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic SSL_set_quic_early_data_context() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_SSL_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_SSL_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
ngx_int_t ngx_quic_init_connection(ngx_connection_t *c);
|
||||
|
||||
ngx_int_t ngx_quic_handle_crypto_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_frame_t *frame);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_SSL_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,44 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_STREAMS_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_STREAMS_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_handle_stream_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_frame_t *frame);
|
||||
void ngx_quic_handle_stream_ack(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_max_data_frame(ngx_connection_t *c,
|
||||
ngx_quic_max_data_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_streams_blocked_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_streams_blocked_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_data_blocked_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_data_blocked_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_stream_data_blocked_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_stream_data_blocked_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_max_stream_data_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_max_stream_data_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_reset_stream_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_reset_stream_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_stop_sending_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_stop_sending_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_max_streams_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_max_streams_frame_t *f);
|
||||
|
||||
ngx_int_t ngx_quic_init_streams(ngx_connection_t *c);
|
||||
void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree,
|
||||
uint64_t id);
|
||||
ngx_int_t ngx_quic_close_streams(ngx_connection_t *c,
|
||||
ngx_quic_connection_t *qc);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_STREAMS_H_INCLUDED_ */
|
|
@ -1,289 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_sha1.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
|
||||
ngx_uint_t no_port, u_char buf[20]);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret,
|
||||
u_char *token)
|
||||
{
|
||||
ngx_str_t tmp;
|
||||
|
||||
tmp.data = secret;
|
||||
tmp.len = NGX_QUIC_SR_KEY_LEN;
|
||||
|
||||
if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token,
|
||||
NGX_QUIC_SR_TOKEN_LEN)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic stateless reset token %*xs",
|
||||
(size_t) NGX_QUIC_SR_TOKEN_LEN, token);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr,
|
||||
socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid,
|
||||
time_t exp, ngx_uint_t is_retry)
|
||||
{
|
||||
int len, iv_len;
|
||||
u_char *p, *iv;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
u_char in[NGX_QUIC_MAX_TOKEN_SIZE];
|
||||
|
||||
ngx_quic_address_hash(sockaddr, socklen, !is_retry, in);
|
||||
|
||||
p = in + 20;
|
||||
|
||||
p = ngx_cpymem(p, &exp, sizeof(time_t));
|
||||
|
||||
*p++ = is_retry ? 1 : 0;
|
||||
|
||||
if (odcid) {
|
||||
*p++ = odcid->len;
|
||||
p = ngx_cpymem(p, odcid->data, odcid->len);
|
||||
|
||||
} else {
|
||||
*p++ = 0;
|
||||
}
|
||||
|
||||
len = p - in;
|
||||
|
||||
cipher = EVP_aes_256_cbc();
|
||||
iv_len = NGX_QUIC_AES_256_CBC_IV_LEN;
|
||||
|
||||
if ((size_t) (iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) > token->len)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_ALERT, log, 0, "quic token buffer is too small");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
iv = token->data;
|
||||
|
||||
if (RAND_bytes(iv, iv_len) <= 0
|
||||
|| !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
|
||||
{
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
token->len = iv_len;
|
||||
|
||||
if (EVP_EncryptUpdate(ctx, token->data + token->len, &len, in, len) != 1) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
token->len += len;
|
||||
|
||||
if (EVP_EncryptFinal_ex(ctx, token->data + token->len, &len) <= 0) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
token->len += len;
|
||||
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_PACKETS
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
|
||||
"quic new token len:%uz %xV", token->len, token);
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
|
||||
ngx_uint_t no_port, u_char buf[20])
|
||||
{
|
||||
size_t len;
|
||||
u_char *data;
|
||||
ngx_sha1_t sha1;
|
||||
struct sockaddr_in *sin;
|
||||
#if (NGX_HAVE_INET6)
|
||||
struct sockaddr_in6 *sin6;
|
||||
#endif
|
||||
|
||||
len = (size_t) socklen;
|
||||
data = (u_char *) sockaddr;
|
||||
|
||||
if (no_port) {
|
||||
switch (sockaddr->sa_family) {
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
case AF_INET6:
|
||||
sin6 = (struct sockaddr_in6 *) sockaddr;
|
||||
|
||||
len = sizeof(struct in6_addr);
|
||||
data = sin6->sin6_addr.s6_addr;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
case AF_INET:
|
||||
sin = (struct sockaddr_in *) sockaddr;
|
||||
|
||||
len = sizeof(in_addr_t);
|
||||
data = (u_char *) &sin->sin_addr;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_sha1_init(&sha1);
|
||||
ngx_sha1_update(&sha1, data, len);
|
||||
ngx_sha1_final(buf, &sha1);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_validate_token(ngx_connection_t *c, u_char *key,
|
||||
ngx_quic_header_t *pkt)
|
||||
{
|
||||
int len, tlen, iv_len;
|
||||
u_char *iv, *p;
|
||||
time_t now, exp;
|
||||
size_t total;
|
||||
ngx_str_t odcid;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
u_char addr_hash[20];
|
||||
u_char tdec[NGX_QUIC_MAX_TOKEN_SIZE];
|
||||
|
||||
#if NGX_SUPPRESS_WARN
|
||||
ngx_str_null(&odcid);
|
||||
#endif
|
||||
|
||||
/* Retry token or NEW_TOKEN in a previous connection */
|
||||
|
||||
cipher = EVP_aes_256_cbc();
|
||||
iv = pkt->token.data;
|
||||
iv_len = NGX_QUIC_AES_256_CBC_IV_LEN;
|
||||
|
||||
/* sanity checks */
|
||||
|
||||
if (pkt->token.len < (size_t) iv_len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) {
|
||||
goto garbage;
|
||||
}
|
||||
|
||||
if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) {
|
||||
goto garbage;
|
||||
}
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p = pkt->token.data + iv_len;
|
||||
len = pkt->token.len - iv_len;
|
||||
|
||||
if (EVP_DecryptUpdate(ctx, tdec, &len, p, len) != 1) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
goto garbage;
|
||||
}
|
||||
total = len;
|
||||
|
||||
if (EVP_DecryptFinal_ex(ctx, tdec + len, &tlen) <= 0) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
goto garbage;
|
||||
}
|
||||
total += tlen;
|
||||
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
|
||||
if (total < (20 + sizeof(time_t) + 2)) {
|
||||
goto garbage;
|
||||
}
|
||||
|
||||
p = tdec + 20;
|
||||
|
||||
ngx_memcpy(&exp, p, sizeof(time_t));
|
||||
p += sizeof(time_t);
|
||||
|
||||
pkt->retried = (*p++ == 1);
|
||||
|
||||
ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, addr_hash);
|
||||
|
||||
if (ngx_memcmp(tdec, addr_hash, 20) != 0) {
|
||||
goto bad_token;
|
||||
}
|
||||
|
||||
odcid.len = *p++;
|
||||
if (odcid.len) {
|
||||
if (odcid.len > NGX_QUIC_MAX_CID_LEN) {
|
||||
goto bad_token;
|
||||
}
|
||||
|
||||
if ((size_t)(tdec + total - p) < odcid.len) {
|
||||
goto bad_token;
|
||||
}
|
||||
|
||||
odcid.data = p;
|
||||
}
|
||||
|
||||
now = ngx_time();
|
||||
|
||||
if (now > exp) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic expired token");
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if (odcid.len) {
|
||||
pkt->odcid.len = odcid.len;
|
||||
pkt->odcid.data = pkt->odcid_buf;
|
||||
ngx_memcpy(pkt->odcid.data, odcid.data, odcid.len);
|
||||
|
||||
} else {
|
||||
pkt->odcid = pkt->dcid;
|
||||
}
|
||||
|
||||
pkt->validated = 1;
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
garbage:
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic garbage token");
|
||||
|
||||
return NGX_ABORT;
|
||||
|
||||
bad_token:
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic invalid token");
|
||||
|
||||
return NGX_DECLINED;
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_MAX_TOKEN_SIZE 64
|
||||
/* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */
|
||||
|
||||
/* RFC 3602, 2.1 and 2.4 for AES-CBC block size and IV length */
|
||||
#define NGX_QUIC_AES_256_CBC_IV_LEN 16
|
||||
#define NGX_QUIC_AES_256_CBC_BLOCK_SIZE 16
|
||||
|
||||
#define NGX_QUIC_TOKEN_BUF_SIZE (NGX_QUIC_AES_256_CBC_IV_LEN \
|
||||
+ NGX_QUIC_MAX_TOKEN_SIZE \
|
||||
+ NGX_QUIC_AES_256_CBC_BLOCK_SIZE)
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid,
|
||||
u_char *secret, u_char *token);
|
||||
ngx_int_t ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr,
|
||||
socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid,
|
||||
time_t expires, ngx_uint_t is_retry);
|
||||
ngx_int_t ngx_quic_validate_token(ngx_connection_t *c,
|
||||
u_char *key, ngx_quic_header_t *pkt);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,397 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_TRANSPORT_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_TRANSPORT_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
/*
|
||||
* RFC 9000, 17.2. Long Header Packets
|
||||
* 17.3. Short Header Packets
|
||||
*
|
||||
* QUIC flags in first byte
|
||||
*/
|
||||
#define NGX_QUIC_PKT_LONG 0x80 /* header form */
|
||||
#define NGX_QUIC_PKT_FIXED_BIT 0x40
|
||||
#define NGX_QUIC_PKT_TYPE 0x30 /* in long packet */
|
||||
#define NGX_QUIC_PKT_KPHASE 0x04 /* in short packet */
|
||||
|
||||
#define ngx_quic_long_pkt(flags) ((flags) & NGX_QUIC_PKT_LONG)
|
||||
#define ngx_quic_short_pkt(flags) (((flags) & NGX_QUIC_PKT_LONG) == 0)
|
||||
|
||||
/* Long packet types */
|
||||
#define NGX_QUIC_PKT_INITIAL 0x00
|
||||
#define NGX_QUIC_PKT_ZRTT 0x10
|
||||
#define NGX_QUIC_PKT_HANDSHAKE 0x20
|
||||
#define NGX_QUIC_PKT_RETRY 0x30
|
||||
|
||||
#define ngx_quic_pkt_in(flags) \
|
||||
(((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_INITIAL)
|
||||
#define ngx_quic_pkt_zrtt(flags) \
|
||||
(((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_ZRTT)
|
||||
#define ngx_quic_pkt_hs(flags) \
|
||||
(((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_HANDSHAKE)
|
||||
#define ngx_quic_pkt_retry(flags) \
|
||||
(((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_RETRY)
|
||||
|
||||
#define ngx_quic_pkt_rb_mask(flags) \
|
||||
(ngx_quic_long_pkt(flags) ? 0x0C : 0x18)
|
||||
#define ngx_quic_pkt_hp_mask(flags) \
|
||||
(ngx_quic_long_pkt(flags) ? 0x0F : 0x1F)
|
||||
|
||||
#define ngx_quic_level_name(lvl) \
|
||||
(lvl == ssl_encryption_application) ? "app" \
|
||||
: (lvl == ssl_encryption_initial) ? "init" \
|
||||
: (lvl == ssl_encryption_handshake) ? "hs" : "early"
|
||||
|
||||
#define NGX_QUIC_MAX_CID_LEN 20
|
||||
#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
|
||||
|
||||
/* 12.4. Frames and Frame Types */
|
||||
#define NGX_QUIC_FT_PADDING 0x00
|
||||
#define NGX_QUIC_FT_PING 0x01
|
||||
#define NGX_QUIC_FT_ACK 0x02
|
||||
#define NGX_QUIC_FT_ACK_ECN 0x03
|
||||
#define NGX_QUIC_FT_RESET_STREAM 0x04
|
||||
#define NGX_QUIC_FT_STOP_SENDING 0x05
|
||||
#define NGX_QUIC_FT_CRYPTO 0x06
|
||||
#define NGX_QUIC_FT_NEW_TOKEN 0x07
|
||||
#define NGX_QUIC_FT_STREAM 0x08
|
||||
#define NGX_QUIC_FT_STREAM1 0x09
|
||||
#define NGX_QUIC_FT_STREAM2 0x0A
|
||||
#define NGX_QUIC_FT_STREAM3 0x0B
|
||||
#define NGX_QUIC_FT_STREAM4 0x0C
|
||||
#define NGX_QUIC_FT_STREAM5 0x0D
|
||||
#define NGX_QUIC_FT_STREAM6 0x0E
|
||||
#define NGX_QUIC_FT_STREAM7 0x0F
|
||||
#define NGX_QUIC_FT_MAX_DATA 0x10
|
||||
#define NGX_QUIC_FT_MAX_STREAM_DATA 0x11
|
||||
#define NGX_QUIC_FT_MAX_STREAMS 0x12
|
||||
#define NGX_QUIC_FT_MAX_STREAMS2 0x13
|
||||
#define NGX_QUIC_FT_DATA_BLOCKED 0x14
|
||||
#define NGX_QUIC_FT_STREAM_DATA_BLOCKED 0x15
|
||||
#define NGX_QUIC_FT_STREAMS_BLOCKED 0x16
|
||||
#define NGX_QUIC_FT_STREAMS_BLOCKED2 0x17
|
||||
#define NGX_QUIC_FT_NEW_CONNECTION_ID 0x18
|
||||
#define NGX_QUIC_FT_RETIRE_CONNECTION_ID 0x19
|
||||
#define NGX_QUIC_FT_PATH_CHALLENGE 0x1A
|
||||
#define NGX_QUIC_FT_PATH_RESPONSE 0x1B
|
||||
#define NGX_QUIC_FT_CONNECTION_CLOSE 0x1C
|
||||
#define NGX_QUIC_FT_CONNECTION_CLOSE_APP 0x1D
|
||||
#define NGX_QUIC_FT_HANDSHAKE_DONE 0x1E
|
||||
|
||||
#define NGX_QUIC_FT_LAST NGX_QUIC_FT_HANDSHAKE_DONE
|
||||
|
||||
/* 22.5. QUIC Transport Error Codes Registry */
|
||||
#define NGX_QUIC_ERR_NO_ERROR 0x00
|
||||
#define NGX_QUIC_ERR_INTERNAL_ERROR 0x01
|
||||
#define NGX_QUIC_ERR_CONNECTION_REFUSED 0x02
|
||||
#define NGX_QUIC_ERR_FLOW_CONTROL_ERROR 0x03
|
||||
#define NGX_QUIC_ERR_STREAM_LIMIT_ERROR 0x04
|
||||
#define NGX_QUIC_ERR_STREAM_STATE_ERROR 0x05
|
||||
#define NGX_QUIC_ERR_FINAL_SIZE_ERROR 0x06
|
||||
#define NGX_QUIC_ERR_FRAME_ENCODING_ERROR 0x07
|
||||
#define NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR 0x08
|
||||
#define NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR 0x09
|
||||
#define NGX_QUIC_ERR_PROTOCOL_VIOLATION 0x0A
|
||||
#define NGX_QUIC_ERR_INVALID_TOKEN 0x0B
|
||||
#define NGX_QUIC_ERR_APPLICATION_ERROR 0x0C
|
||||
#define NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED 0x0D
|
||||
#define NGX_QUIC_ERR_KEY_UPDATE_ERROR 0x0E
|
||||
#define NGX_QUIC_ERR_AEAD_LIMIT_REACHED 0x0F
|
||||
#define NGX_QUIC_ERR_NO_VIABLE_PATH 0x10
|
||||
|
||||
#define NGX_QUIC_ERR_CRYPTO_ERROR 0x100
|
||||
|
||||
#define NGX_QUIC_ERR_CRYPTO(e) (NGX_QUIC_ERR_CRYPTO_ERROR + (e))
|
||||
|
||||
|
||||
/* 22.3. QUIC Transport Parameters Registry */
|
||||
#define NGX_QUIC_TP_ORIGINAL_DCID 0x00
|
||||
#define NGX_QUIC_TP_MAX_IDLE_TIMEOUT 0x01
|
||||
#define NGX_QUIC_TP_SR_TOKEN 0x02
|
||||
#define NGX_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_DATA 0x04
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI 0x07
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 0x08
|
||||
#define NGX_QUIC_TP_INITIAL_MAX_STREAMS_UNI 0x09
|
||||
#define NGX_QUIC_TP_ACK_DELAY_EXPONENT 0x0A
|
||||
#define NGX_QUIC_TP_MAX_ACK_DELAY 0x0B
|
||||
#define NGX_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0C
|
||||
#define NGX_QUIC_TP_PREFERRED_ADDRESS 0x0D
|
||||
#define NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0E
|
||||
#define NGX_QUIC_TP_INITIAL_SCID 0x0F
|
||||
#define NGX_QUIC_TP_RETRY_SCID 0x10
|
||||
|
||||
#define NGX_QUIC_CID_LEN_MIN 8
|
||||
#define NGX_QUIC_CID_LEN_MAX 20
|
||||
|
||||
#define NGX_QUIC_MAX_RANGES 10
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t gap;
|
||||
uint64_t range;
|
||||
} ngx_quic_ack_range_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t largest;
|
||||
uint64_t delay;
|
||||
uint64_t range_count;
|
||||
uint64_t first_range;
|
||||
uint64_t ect0;
|
||||
uint64_t ect1;
|
||||
uint64_t ce;
|
||||
uint64_t ranges_length;
|
||||
} ngx_quic_ack_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t seqnum;
|
||||
uint64_t retire;
|
||||
uint8_t len;
|
||||
u_char cid[NGX_QUIC_CID_LEN_MAX];
|
||||
u_char srt[NGX_QUIC_SR_TOKEN_LEN];
|
||||
} ngx_quic_new_conn_id_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t length;
|
||||
} ngx_quic_new_token_frame_t;
|
||||
|
||||
/*
|
||||
* common layout for CRYPTO and STREAM frames;
|
||||
* conceptually, CRYPTO frame is also a stream
|
||||
* frame lacking some properties
|
||||
*/
|
||||
typedef struct {
|
||||
uint64_t offset;
|
||||
uint64_t length;
|
||||
} ngx_quic_ordered_frame_t;
|
||||
|
||||
typedef ngx_quic_ordered_frame_t ngx_quic_crypto_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
/* initial fields same as in ngx_quic_ordered_frame_t */
|
||||
uint64_t offset;
|
||||
uint64_t length;
|
||||
|
||||
uint64_t stream_id;
|
||||
unsigned off:1;
|
||||
unsigned len:1;
|
||||
unsigned fin:1;
|
||||
} ngx_quic_stream_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t max_data;
|
||||
} ngx_quic_max_data_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t error_code;
|
||||
uint64_t frame_type;
|
||||
ngx_str_t reason;
|
||||
} ngx_quic_close_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t id;
|
||||
uint64_t error_code;
|
||||
uint64_t final_size;
|
||||
} ngx_quic_reset_stream_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t id;
|
||||
uint64_t error_code;
|
||||
} ngx_quic_stop_sending_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t limit;
|
||||
ngx_uint_t bidi; /* unsigned: bidi:1 */
|
||||
} ngx_quic_streams_blocked_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t limit;
|
||||
ngx_uint_t bidi; /* unsigned: bidi:1 */
|
||||
} ngx_quic_max_streams_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t id;
|
||||
uint64_t limit;
|
||||
} ngx_quic_max_stream_data_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t limit;
|
||||
} ngx_quic_data_blocked_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t id;
|
||||
uint64_t limit;
|
||||
} ngx_quic_stream_data_blocked_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t sequence_number;
|
||||
} ngx_quic_retire_cid_frame_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char data[8];
|
||||
} ngx_quic_path_challenge_frame_t;
|
||||
|
||||
|
||||
typedef struct ngx_quic_frame_s ngx_quic_frame_t;
|
||||
|
||||
struct ngx_quic_frame_s {
|
||||
ngx_uint_t type;
|
||||
enum ssl_encryption_level_t level;
|
||||
ngx_queue_t queue;
|
||||
uint64_t pnum;
|
||||
size_t plen;
|
||||
ngx_msec_t first;
|
||||
ngx_msec_t last;
|
||||
ssize_t len;
|
||||
unsigned need_ack:1;
|
||||
unsigned pkt_need_ack:1;
|
||||
unsigned flush:1;
|
||||
|
||||
ngx_chain_t *data;
|
||||
union {
|
||||
ngx_quic_ack_frame_t ack;
|
||||
ngx_quic_crypto_frame_t crypto;
|
||||
ngx_quic_ordered_frame_t ord;
|
||||
ngx_quic_new_conn_id_frame_t ncid;
|
||||
ngx_quic_new_token_frame_t token;
|
||||
ngx_quic_stream_frame_t stream;
|
||||
ngx_quic_max_data_frame_t max_data;
|
||||
ngx_quic_close_frame_t close;
|
||||
ngx_quic_reset_stream_frame_t reset_stream;
|
||||
ngx_quic_stop_sending_frame_t stop_sending;
|
||||
ngx_quic_streams_blocked_frame_t streams_blocked;
|
||||
ngx_quic_max_streams_frame_t max_streams;
|
||||
ngx_quic_max_stream_data_frame_t max_stream_data;
|
||||
ngx_quic_data_blocked_frame_t data_blocked;
|
||||
ngx_quic_stream_data_blocked_frame_t stream_data_blocked;
|
||||
ngx_quic_retire_cid_frame_t retire_cid;
|
||||
ngx_quic_path_challenge_frame_t path_challenge;
|
||||
ngx_quic_path_challenge_frame_t path_response;
|
||||
} u;
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_log_t *log;
|
||||
ngx_quic_path_t *path;
|
||||
|
||||
ngx_quic_keys_t *keys;
|
||||
|
||||
ngx_msec_t received;
|
||||
uint64_t number;
|
||||
uint8_t num_len;
|
||||
uint32_t trunc;
|
||||
uint8_t flags;
|
||||
uint32_t version;
|
||||
ngx_str_t token;
|
||||
enum ssl_encryption_level_t level;
|
||||
ngx_uint_t error;
|
||||
|
||||
/* filled in by parser */
|
||||
ngx_buf_t *raw; /* udp datagram */
|
||||
|
||||
u_char *data; /* quic packet */
|
||||
size_t len;
|
||||
|
||||
/* cleartext fields */
|
||||
ngx_str_t odcid; /* retry packet tag */
|
||||
u_char odcid_buf[NGX_QUIC_MAX_CID_LEN];
|
||||
ngx_str_t dcid;
|
||||
ngx_str_t scid;
|
||||
uint64_t pn;
|
||||
u_char *plaintext;
|
||||
ngx_str_t payload; /* decrypted data */
|
||||
|
||||
unsigned need_ack:1;
|
||||
unsigned key_phase:1;
|
||||
unsigned key_update:1;
|
||||
unsigned parsed:1;
|
||||
unsigned decrypted:1;
|
||||
unsigned validated:1;
|
||||
unsigned retried:1;
|
||||
unsigned first:1;
|
||||
unsigned rebound:1;
|
||||
} ngx_quic_header_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_msec_t max_idle_timeout;
|
||||
ngx_msec_t max_ack_delay;
|
||||
|
||||
size_t max_udp_payload_size;
|
||||
size_t initial_max_data;
|
||||
size_t initial_max_stream_data_bidi_local;
|
||||
size_t initial_max_stream_data_bidi_remote;
|
||||
size_t initial_max_stream_data_uni;
|
||||
ngx_uint_t initial_max_streams_bidi;
|
||||
ngx_uint_t initial_max_streams_uni;
|
||||
ngx_uint_t ack_delay_exponent;
|
||||
ngx_uint_t active_connection_id_limit;
|
||||
ngx_flag_t disable_active_migration;
|
||||
|
||||
ngx_str_t original_dcid;
|
||||
ngx_str_t initial_scid;
|
||||
ngx_str_t retry_scid;
|
||||
u_char sr_token[NGX_QUIC_SR_TOKEN_LEN];
|
||||
|
||||
/* TODO */
|
||||
void *preferred_address;
|
||||
} ngx_quic_tp_t;
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_parse_packet(ngx_quic_header_t *pkt);
|
||||
|
||||
size_t ngx_quic_create_version_negotiation(ngx_quic_header_t *pkt, u_char *out);
|
||||
|
||||
size_t ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len);
|
||||
|
||||
size_t ngx_quic_create_header(ngx_quic_header_t *pkt, u_char *out,
|
||||
u_char **pnp);
|
||||
|
||||
size_t ngx_quic_create_retry_itag(ngx_quic_header_t *pkt, u_char *out,
|
||||
u_char **start);
|
||||
|
||||
ssize_t ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end,
|
||||
ngx_quic_frame_t *frame);
|
||||
ssize_t ngx_quic_create_frame(u_char *p, ngx_quic_frame_t *f);
|
||||
|
||||
ssize_t ngx_quic_parse_ack_range(ngx_log_t *log, u_char *start,
|
||||
u_char *end, uint64_t *gap, uint64_t *range);
|
||||
size_t ngx_quic_create_ack_range(u_char *p, uint64_t gap, uint64_t range);
|
||||
|
||||
ngx_int_t ngx_quic_init_transport_params(ngx_quic_tp_t *tp,
|
||||
ngx_quic_conf_t *qcf);
|
||||
ngx_int_t ngx_quic_parse_transport_params(u_char *p, u_char *end,
|
||||
ngx_quic_tp_t *tp, ngx_log_t *log);
|
||||
ssize_t ngx_quic_create_transport_params(u_char *p, u_char *end,
|
||||
ngx_quic_tp_t *tp, size_t *clen);
|
||||
|
||||
void ngx_quic_dcid_encode_key(u_char *dcid, uint64_t key);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_TRANSPORT_H_INCLUDED_ */
|
|
@ -1,473 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Roman Arutyunyan
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
static void ngx_quic_close_accepted_connection(ngx_connection_t *c);
|
||||
static ngx_connection_t *ngx_quic_lookup_connection(ngx_listening_t *ls,
|
||||
ngx_str_t *key, struct sockaddr *local_sockaddr, socklen_t local_socklen);
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_recvmsg(ngx_event_t *ev)
|
||||
{
|
||||
ssize_t n;
|
||||
ngx_str_t key;
|
||||
ngx_buf_t buf;
|
||||
ngx_log_t *log;
|
||||
ngx_err_t err;
|
||||
socklen_t socklen, local_socklen;
|
||||
ngx_event_t *rev, *wev;
|
||||
struct iovec iov[1];
|
||||
struct msghdr msg;
|
||||
ngx_sockaddr_t sa, lsa;
|
||||
struct sockaddr *sockaddr, *local_sockaddr;
|
||||
ngx_listening_t *ls;
|
||||
ngx_event_conf_t *ecf;
|
||||
ngx_connection_t *c, *lc;
|
||||
ngx_quic_socket_t *qsock;
|
||||
static u_char buffer[65535];
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(ngx_addrinfo_t))];
|
||||
#endif
|
||||
|
||||
if (ev->timedout) {
|
||||
if (ngx_enable_accept_events((ngx_cycle_t *) ngx_cycle) != NGX_OK) {
|
||||
return;
|
||||
}
|
||||
|
||||
ev->timedout = 0;
|
||||
}
|
||||
|
||||
ecf = ngx_event_get_conf(ngx_cycle->conf_ctx, ngx_event_core_module);
|
||||
|
||||
if (!(ngx_event_flags & NGX_USE_KQUEUE_EVENT)) {
|
||||
ev->available = ecf->multi_accept;
|
||||
}
|
||||
|
||||
lc = ev->data;
|
||||
ls = lc->listening;
|
||||
ev->ready = 0;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"quic recvmsg on %V, ready: %d",
|
||||
&ls->addr_text, ev->available);
|
||||
|
||||
do {
|
||||
ngx_memzero(&msg, sizeof(struct msghdr));
|
||||
|
||||
iov[0].iov_base = (void *) buffer;
|
||||
iov[0].iov_len = sizeof(buffer);
|
||||
|
||||
msg.msg_name = &sa;
|
||||
msg.msg_namelen = sizeof(ngx_sockaddr_t);
|
||||
msg.msg_iov = iov;
|
||||
msg.msg_iovlen = 1;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
if (ls->wildcard) {
|
||||
msg.msg_control = &msg_control;
|
||||
msg.msg_controllen = sizeof(msg_control);
|
||||
|
||||
ngx_memzero(&msg_control, sizeof(msg_control));
|
||||
}
|
||||
#endif
|
||||
|
||||
n = recvmsg(lc->fd, &msg, 0);
|
||||
|
||||
if (n == -1) {
|
||||
err = ngx_socket_errno;
|
||||
|
||||
if (err == NGX_EAGAIN) {
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, err,
|
||||
"quic recvmsg() not ready");
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ALERT, ev->log, err, "quic recvmsg() failed");
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
|
||||
ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
|
||||
"quic recvmsg() truncated data");
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
sockaddr = msg.msg_name;
|
||||
socklen = msg.msg_namelen;
|
||||
|
||||
if (socklen > (socklen_t) sizeof(ngx_sockaddr_t)) {
|
||||
socklen = sizeof(ngx_sockaddr_t);
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_UNIX_DOMAIN)
|
||||
|
||||
if (sockaddr->sa_family == AF_UNIX) {
|
||||
struct sockaddr_un *saun = (struct sockaddr_un *) sockaddr;
|
||||
|
||||
if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)
|
||||
|| saun->sun_path[0] == '\0')
|
||||
{
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
|
||||
"unbound unix socket");
|
||||
goto next;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
local_sockaddr = ls->sockaddr;
|
||||
local_socklen = ls->socklen;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
|
||||
if (ls->wildcard) {
|
||||
struct cmsghdr *cmsg;
|
||||
|
||||
ngx_memcpy(&lsa, local_sockaddr, local_socklen);
|
||||
local_sockaddr = &lsa.sockaddr;
|
||||
|
||||
for (cmsg = CMSG_FIRSTHDR(&msg);
|
||||
cmsg != NULL;
|
||||
cmsg = CMSG_NXTHDR(&msg, cmsg))
|
||||
{
|
||||
if (ngx_get_srcaddr_cmsg(cmsg, local_sockaddr) == NGX_OK) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (ngx_quic_get_packet_dcid(ev->log, buffer, n, &key) != NGX_OK) {
|
||||
goto next;
|
||||
}
|
||||
|
||||
c = ngx_quic_lookup_connection(ls, &key, local_sockaddr, local_socklen);
|
||||
|
||||
if (c) {
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
||||
ngx_log_handler_pt handler;
|
||||
|
||||
handler = c->log->handler;
|
||||
c->log->handler = NULL;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic recvmsg: fd:%d n:%z", c->fd, n);
|
||||
|
||||
c->log->handler = handler;
|
||||
}
|
||||
#endif
|
||||
|
||||
ngx_memzero(&buf, sizeof(ngx_buf_t));
|
||||
|
||||
buf.pos = buffer;
|
||||
buf.last = buffer + n;
|
||||
buf.start = buf.pos;
|
||||
buf.end = buffer + sizeof(buffer);
|
||||
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
ngx_memcpy(&qsock->sockaddr.sockaddr, sockaddr, socklen);
|
||||
qsock->socklen = socklen;
|
||||
|
||||
c->udp->buffer = &buf;
|
||||
|
||||
rev = c->read;
|
||||
rev->ready = 1;
|
||||
rev->active = 0;
|
||||
|
||||
rev->handler(rev);
|
||||
|
||||
if (c->udp) {
|
||||
c->udp->buffer = NULL;
|
||||
}
|
||||
|
||||
rev->ready = 0;
|
||||
rev->active = 1;
|
||||
|
||||
goto next;
|
||||
}
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_accepted, 1);
|
||||
#endif
|
||||
|
||||
ngx_accept_disabled = ngx_cycle->connection_n / 8
|
||||
- ngx_cycle->free_connection_n;
|
||||
|
||||
c = ngx_get_connection(lc->fd, ev->log);
|
||||
if (c == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
c->shared = 1;
|
||||
c->type = SOCK_DGRAM;
|
||||
c->socklen = socklen;
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_active, 1);
|
||||
#endif
|
||||
|
||||
c->pool = ngx_create_pool(ls->pool_size, ev->log);
|
||||
if (c->pool == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
c->sockaddr = ngx_palloc(c->pool, NGX_SOCKADDRLEN);
|
||||
if (c->sockaddr == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_memcpy(c->sockaddr, sockaddr, socklen);
|
||||
|
||||
log = ngx_palloc(c->pool, sizeof(ngx_log_t));
|
||||
if (log == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
*log = ls->log;
|
||||
|
||||
c->log = log;
|
||||
c->pool->log = log;
|
||||
c->listening = ls;
|
||||
|
||||
if (local_sockaddr == &lsa.sockaddr) {
|
||||
local_sockaddr = ngx_palloc(c->pool, local_socklen);
|
||||
if (local_sockaddr == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_memcpy(local_sockaddr, &lsa, local_socklen);
|
||||
}
|
||||
|
||||
c->local_sockaddr = local_sockaddr;
|
||||
c->local_socklen = local_socklen;
|
||||
|
||||
c->buffer = ngx_create_temp_buf(c->pool, n);
|
||||
if (c->buffer == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
c->buffer->last = ngx_cpymem(c->buffer->last, buffer, n);
|
||||
|
||||
rev = c->read;
|
||||
wev = c->write;
|
||||
|
||||
rev->active = 1;
|
||||
wev->ready = 1;
|
||||
|
||||
rev->log = log;
|
||||
wev->log = log;
|
||||
|
||||
/*
|
||||
* TODO: MT: - ngx_atomic_fetch_add()
|
||||
* or protection by critical section or light mutex
|
||||
*
|
||||
* TODO: MP: - allocated in a shared memory
|
||||
* - ngx_atomic_fetch_add()
|
||||
* or protection by critical section or light mutex
|
||||
*/
|
||||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_handled, 1);
|
||||
#endif
|
||||
|
||||
if (ls->addr_ntop) {
|
||||
c->addr_text.data = ngx_pnalloc(c->pool, ls->addr_text_max_len);
|
||||
if (c->addr_text.data == NULL) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
|
||||
c->addr_text.len = ngx_sock_ntop(c->sockaddr, c->socklen,
|
||||
c->addr_text.data,
|
||||
ls->addr_text_max_len, 0);
|
||||
if (c->addr_text.len == 0) {
|
||||
ngx_quic_close_accepted_connection(c);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
{
|
||||
ngx_str_t addr;
|
||||
u_char text[NGX_SOCKADDR_STRLEN];
|
||||
|
||||
ngx_debug_accepted_connection(ecf, c);
|
||||
|
||||
if (log->log_level & NGX_LOG_DEBUG_EVENT) {
|
||||
addr.data = text;
|
||||
addr.len = ngx_sock_ntop(c->sockaddr, c->socklen, text,
|
||||
NGX_SOCKADDR_STRLEN, 1);
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0,
|
||||
"*%uA quic recvmsg: %V fd:%d n:%z",
|
||||
c->number, &addr, c->fd, n);
|
||||
}
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
log->data = NULL;
|
||||
log->handler = NULL;
|
||||
|
||||
ls->handler(c);
|
||||
|
||||
next:
|
||||
|
||||
if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
|
||||
ev->available -= n;
|
||||
}
|
||||
|
||||
} while (ev->available);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_close_accepted_connection(ngx_connection_t *c)
|
||||
{
|
||||
ngx_free_connection(c);
|
||||
|
||||
c->fd = (ngx_socket_t) -1;
|
||||
|
||||
if (c->pool) {
|
||||
ngx_destroy_pool(c->pool);
|
||||
}
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_active, -1);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
|
||||
{
|
||||
ngx_int_t rc;
|
||||
ngx_connection_t *c, *ct;
|
||||
ngx_rbtree_node_t **p;
|
||||
ngx_quic_socket_t *qsock, *qsockt;
|
||||
|
||||
for ( ;; ) {
|
||||
|
||||
if (node->key < temp->key) {
|
||||
|
||||
p = &temp->left;
|
||||
|
||||
} else if (node->key > temp->key) {
|
||||
|
||||
p = &temp->right;
|
||||
|
||||
} else { /* node->key == temp->key */
|
||||
|
||||
qsock = (ngx_quic_socket_t *) node;
|
||||
c = qsock->udp.connection;
|
||||
|
||||
qsockt = (ngx_quic_socket_t *) temp;
|
||||
ct = qsockt->udp.connection;
|
||||
|
||||
rc = ngx_memn2cmp(qsock->sid.id, qsockt->sid.id,
|
||||
qsock->sid.len, qsockt->sid.len);
|
||||
|
||||
if (rc == 0 && c->listening->wildcard) {
|
||||
rc = ngx_cmp_sockaddr(c->local_sockaddr, c->local_socklen,
|
||||
ct->local_sockaddr, ct->local_socklen, 1);
|
||||
}
|
||||
|
||||
p = (rc < 0) ? &temp->left : &temp->right;
|
||||
}
|
||||
|
||||
if (*p == sentinel) {
|
||||
break;
|
||||
}
|
||||
|
||||
temp = *p;
|
||||
}
|
||||
|
||||
*p = node;
|
||||
node->parent = temp;
|
||||
node->left = sentinel;
|
||||
node->right = sentinel;
|
||||
ngx_rbt_red(node);
|
||||
}
|
||||
|
||||
|
||||
static ngx_connection_t *
|
||||
ngx_quic_lookup_connection(ngx_listening_t *ls, ngx_str_t *key,
|
||||
struct sockaddr *local_sockaddr, socklen_t local_socklen)
|
||||
{
|
||||
uint32_t hash;
|
||||
ngx_int_t rc;
|
||||
ngx_connection_t *c;
|
||||
ngx_rbtree_node_t *node, *sentinel;
|
||||
ngx_quic_socket_t *qsock;
|
||||
|
||||
if (key->len == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
node = ls->rbtree.root;
|
||||
sentinel = ls->rbtree.sentinel;
|
||||
hash = ngx_crc32_long(key->data, key->len);
|
||||
|
||||
while (node != sentinel) {
|
||||
|
||||
if (hash < node->key) {
|
||||
node = node->left;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (hash > node->key) {
|
||||
node = node->right;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* hash == node->key */
|
||||
|
||||
qsock = (ngx_quic_socket_t *) node;
|
||||
|
||||
rc = ngx_memn2cmp(key->data, qsock->sid.id, key->len, qsock->sid.len);
|
||||
|
||||
c = qsock->udp.connection;
|
||||
|
||||
if (rc == 0 && ls->wildcard) {
|
||||
rc = ngx_cmp_sockaddr(local_sockaddr, local_socklen,
|
||||
c->local_sockaddr, c->local_socklen, 1);
|
||||
}
|
||||
|
||||
if (rc == 0) {
|
||||
c->udp = &qsock->udp;
|
||||
return c;
|
||||
}
|
||||
|
||||
node = (rc < 0) ? node->left : node->right;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
typedef struct {
|
||||
ngx_http_complex_value_t *realm;
|
||||
ngx_http_complex_value_t *user_file;
|
||||
ngx_http_complex_value_t user_file;
|
||||
} ngx_http_auth_basic_loc_conf_t;
|
||||
|
||||
|
||||
|
@ -107,7 +107,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|||
|
||||
alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_basic_module);
|
||||
|
||||
if (alcf->realm == NULL || alcf->user_file == NULL) {
|
||||
if (alcf->realm == NULL || alcf->user_file.value.data == NULL) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
|
@ -133,7 +133,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_http_complex_value(r, alcf->user_file, &user_file) != NGX_OK) {
|
||||
if (ngx_http_complex_value(r, &alcf->user_file, &user_file) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
|
@ -339,7 +339,6 @@ ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
|
|||
*p = '"';
|
||||
|
||||
r->headers_out.www_authenticate->hash = 1;
|
||||
r->headers_out.www_authenticate->next = NULL;
|
||||
ngx_str_set(&r->headers_out.www_authenticate->key, "WWW-Authenticate");
|
||||
r->headers_out.www_authenticate->value.data = basic;
|
||||
r->headers_out.www_authenticate->value.len = len;
|
||||
|
@ -358,9 +357,6 @@ ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
conf->realm = NGX_CONF_UNSET_PTR;
|
||||
conf->user_file = NGX_CONF_UNSET_PTR;
|
||||
|
||||
return conf;
|
||||
}
|
||||
|
||||
|
@ -371,8 +367,13 @@ ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
ngx_http_auth_basic_loc_conf_t *prev = parent;
|
||||
ngx_http_auth_basic_loc_conf_t *conf = child;
|
||||
|
||||
ngx_conf_merge_ptr_value(conf->realm, prev->realm, NULL);
|
||||
ngx_conf_merge_ptr_value(conf->user_file, prev->user_file, NULL);
|
||||
if (conf->realm == NULL) {
|
||||
conf->realm = prev->realm;
|
||||
}
|
||||
|
||||
if (conf->user_file.value.data == NULL) {
|
||||
conf->user_file = prev->user_file;
|
||||
}
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
@ -405,22 +406,17 @@ ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|||
ngx_str_t *value;
|
||||
ngx_http_compile_complex_value_t ccv;
|
||||
|
||||
if (alcf->user_file != NGX_CONF_UNSET_PTR) {
|
||||
if (alcf->user_file.value.data) {
|
||||
return "is duplicate";
|
||||
}
|
||||
|
||||
alcf->user_file = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t));
|
||||
if (alcf->user_file == NULL) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
value = cf->args->elts;
|
||||
|
||||
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
|
||||
|
||||
ccv.cf = cf;
|
||||
ccv.value = &value[1];
|
||||
ccv.complex_value = alcf->user_file;
|
||||
ccv.complex_value = &alcf->user_file;
|
||||
ccv.zero = 1;
|
||||
ccv.conf_prefix = 1;
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ ngx_module_t ngx_http_auth_request_module = {
|
|||
static ngx_int_t
|
||||
ngx_http_auth_request_handler(ngx_http_request_t *r)
|
||||
{
|
||||
ngx_table_elt_t *h, *ho, **ph;
|
||||
ngx_table_elt_t *h, *ho;
|
||||
ngx_http_request_t *sr;
|
||||
ngx_http_post_subrequest_t *ps;
|
||||
ngx_http_auth_request_ctx_t *ctx;
|
||||
|
@ -147,21 +147,15 @@ ngx_http_auth_request_handler(ngx_http_request_t *r)
|
|||
h = sr->upstream->headers_in.www_authenticate;
|
||||
}
|
||||
|
||||
ph = &r->headers_out.www_authenticate;
|
||||
|
||||
while (h) {
|
||||
if (h) {
|
||||
ho = ngx_list_push(&r->headers_out.headers);
|
||||
if (ho == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
*ho = *h;
|
||||
ho->next = NULL;
|
||||
|
||||
*ph = ho;
|
||||
ph = &ho->next;
|
||||
|
||||
h = h->next;
|
||||
r->headers_out.www_authenticate = ho;
|
||||
}
|
||||
|
||||
return ctx->status;
|
||||
|
|
|
@ -1072,38 +1072,14 @@ ngx_http_dav_error(ngx_log_t *log, ngx_err_t err, ngx_int_t not_found,
|
|||
static ngx_int_t
|
||||
ngx_http_dav_location(ngx_http_request_t *r)
|
||||
{
|
||||
u_char *p;
|
||||
size_t len;
|
||||
uintptr_t escape;
|
||||
|
||||
r->headers_out.location = ngx_list_push(&r->headers_out.headers);
|
||||
if (r->headers_out.location == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
r->headers_out.location->hash = 1;
|
||||
r->headers_out.location->next = NULL;
|
||||
ngx_str_set(&r->headers_out.location->key, "Location");
|
||||
|
||||
escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
|
||||
|
||||
if (escape) {
|
||||
len = r->uri.len + escape;
|
||||
|
||||
p = ngx_pnalloc(r->pool, len);
|
||||
if (p == NULL) {
|
||||
ngx_http_clear_location(r);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
r->headers_out.location->value.len = len;
|
||||
r->headers_out.location->value.data = p;
|
||||
|
||||
ngx_escape_uri(p, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
|
||||
|
||||
} else {
|
||||
r->headers_out.location->value = r->uri;
|
||||
}
|
||||
r->headers_out.location->value = r->uri;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
|
|
@ -835,14 +835,14 @@ static ngx_int_t
|
|||
ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
||||
{
|
||||
off_t file_pos;
|
||||
u_char ch, sep, *pos, *lowcase_key;
|
||||
u_char ch, *pos, *lowcase_key;
|
||||
size_t size, len, key_len, val_len, padding,
|
||||
allocated;
|
||||
ngx_uint_t i, n, next, hash, skip_empty, header_params;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl, *body;
|
||||
ngx_list_part_t *part;
|
||||
ngx_table_elt_t *header, *hn, **ignored;
|
||||
ngx_table_elt_t *header, **ignored;
|
||||
ngx_http_upstream_t *u;
|
||||
ngx_http_script_code_pt code;
|
||||
ngx_http_script_engine_t e, le;
|
||||
|
@ -900,11 +900,7 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
allocated = 0;
|
||||
lowcase_key = NULL;
|
||||
|
||||
if (ngx_http_link_multi_headers(r) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (params->number || r->headers_in.multi) {
|
||||
if (params->number) {
|
||||
n = 0;
|
||||
part = &r->headers_in.headers.part;
|
||||
|
||||
|
@ -934,12 +930,6 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
i = 0;
|
||||
}
|
||||
|
||||
for (n = 0; n < header_params; n++) {
|
||||
if (&header[i] == ignored[n]) {
|
||||
goto next_length;
|
||||
}
|
||||
}
|
||||
|
||||
if (params->number) {
|
||||
if (allocated < header[i].key.len) {
|
||||
allocated = header[i].key.len + 16;
|
||||
|
@ -969,23 +959,15 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
ignored[header_params++] = &header[i];
|
||||
continue;
|
||||
}
|
||||
|
||||
n += sizeof("HTTP_") - 1;
|
||||
|
||||
} else {
|
||||
n = sizeof("HTTP_") - 1 + header[i].key.len;
|
||||
}
|
||||
|
||||
key_len = sizeof("HTTP_") - 1 + header[i].key.len;
|
||||
|
||||
val_len = header[i].value.len;
|
||||
|
||||
for (hn = header[i].next; hn; hn = hn->next) {
|
||||
val_len += hn->value.len + 2;
|
||||
ignored[header_params++] = hn;
|
||||
}
|
||||
|
||||
len += ((key_len > 127) ? 4 : 1) + key_len
|
||||
+ ((val_len > 127) ? 4 : 1) + val_len;
|
||||
|
||||
next_length:
|
||||
|
||||
continue;
|
||||
len += ((n > 127) ? 4 : 1) + ((header[i].value.len > 127) ? 4 : 1)
|
||||
+ n + header[i].value.len;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1127,7 +1109,7 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
|
||||
for (n = 0; n < header_params; n++) {
|
||||
if (&header[i] == ignored[n]) {
|
||||
goto next_value;
|
||||
goto next;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1143,11 +1125,6 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
}
|
||||
|
||||
val_len = header[i].value.len;
|
||||
|
||||
for (hn = header[i].next; hn; hn = hn->next) {
|
||||
val_len += hn->value.len + 2;
|
||||
}
|
||||
|
||||
if (val_len > 127) {
|
||||
*b->last++ = (u_char) (((val_len >> 24) & 0x7f) | 0x80);
|
||||
*b->last++ = (u_char) ((val_len >> 16) & 0xff);
|
||||
|
@ -1173,34 +1150,13 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
|
|||
*b->last++ = ch;
|
||||
}
|
||||
|
||||
b->last = ngx_copy(b->last, header[i].value.data,
|
||||
header[i].value.len);
|
||||
|
||||
if (header[i].next) {
|
||||
|
||||
if (header[i].key.len == sizeof("Cookie") - 1
|
||||
&& ngx_strncasecmp(header[i].key.data, (u_char *) "Cookie",
|
||||
sizeof("Cookie") - 1)
|
||||
== 0)
|
||||
{
|
||||
sep = ';';
|
||||
|
||||
} else {
|
||||
sep = ',';
|
||||
}
|
||||
|
||||
for (hn = header[i].next; hn; hn = hn->next) {
|
||||
*b->last++ = sep;
|
||||
*b->last++ = ' ';
|
||||
b->last = ngx_copy(b->last, hn->value.data, hn->value.len);
|
||||
}
|
||||
}
|
||||
b->last = ngx_copy(b->last, header[i].value.data, val_len);
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
"fastcgi param: \"%*s: %*s\"",
|
||||
key_len, b->last - (key_len + val_len),
|
||||
val_len, b->last - val_len);
|
||||
next_value:
|
||||
next:
|
||||
|
||||
continue;
|
||||
}
|
||||
|
@ -2007,12 +1963,8 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
|
@ -2067,12 +2019,10 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
|
|||
break;
|
||||
}
|
||||
|
||||
/* rc == NGX_HTTP_PARSE_INVALID_HEADER */
|
||||
/* there was error while a header line parsing */
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent invalid header: \"%*s\\x%02xd...\"",
|
||||
r->header_end - r->header_name_start,
|
||||
r->header_name_start, *r->header_end);
|
||||
"upstream sent invalid header");
|
||||
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
|
|
@ -232,10 +232,9 @@ ngx_http_flv_handler(ngx_http_request_t *r)
|
|||
b->file_pos = start;
|
||||
b->file_last = of.size;
|
||||
|
||||
b->in_file = b->file_last ? 1 : 0;
|
||||
b->in_file = b->file_last ? 1: 0;
|
||||
b->last_buf = (r == r->main) ? 1 : 0;
|
||||
b->last_in_chain = 1;
|
||||
b->sync = (b->last_buf || b->in_file) ? 0 : 1;
|
||||
|
||||
b->file->fd = of.fd;
|
||||
b->file->name = path;
|
||||
|
|
|
@ -327,15 +327,15 @@ static ngx_int_t
|
|||
ngx_http_geo_addr(ngx_http_request_t *r, ngx_http_geo_ctx_t *ctx,
|
||||
ngx_addr_t *addr)
|
||||
{
|
||||
ngx_table_elt_t *xfwd;
|
||||
ngx_array_t *xfwd;
|
||||
|
||||
if (ngx_http_geo_real_addr(r, ctx, addr) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
xfwd = r->headers_in.x_forwarded_for;
|
||||
xfwd = &r->headers_in.x_forwarded_for;
|
||||
|
||||
if (xfwd != NULL && ctx->proxies != NULL) {
|
||||
if (xfwd->nelts > 0 && ctx->proxies != NULL) {
|
||||
(void) ngx_http_get_forwarded_addr(r, addr, xfwd, NULL,
|
||||
ctx->proxies, ctx->proxy_recursive);
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue