mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-08-06 06:46:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: reverted previous 3 commits.

Browse Source 
Changes were intended for the test repository.
This commit is contained in:
Vladimir Homutov 2020-10-19 10:32:53 +03:00
parent 2d65615b42
commit 743cc99781
8 changed files with 30 additions and 436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/event/ngx_event_openssl.c
View File

@ -255,50 +255,6 @@ ngx_ssl_init(ngx_log_t *log)
}
void
ngx_ssl_keylogger(const ngx_ssl_conn_t *ssl_conn, const char *line)
{
u_char *p;
size_t len;
ssize_t n;
ngx_connection_t *c;
ngx_ssl_connection_t *sc;
if (line == NULL) {
return;
}
len = ngx_strlen(line);
if (len == 0) {
return;
}
c = ngx_ssl_get_connection(ssl_conn);
sc = c->ssl;
p = ngx_alloc(len + 1, c->log);
if (p == NULL) {
return;
}
ngx_memcpy(p, line, len);
p[len] = '\n';
n = ngx_write_fd(sc->keylog->fd, p, len + 1);
if (n == -1) {
ngx_log_error(NGX_LOG_ALERT, c->log, ngx_errno,
ngx_write_fd_n " to \"%s\" failed",
sc->keylog->name.data);
} else if ((size_t) n != len + 1) {
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
ngx_write_fd_n " to \"%s\" was incomplete: %z of %uz",
sc->keylog->name.data, n, len + 1);
}
}
ngx_int_t
ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
{
@ -1560,8 +1516,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
return NGX_ERROR;
}
sc->keylog = ssl->keylog;
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
sc->buffer_size = ssl->buffer_size;

3
src/event/ngx_event_openssl.h
View File

@ -78,7 +78,6 @@ struct ngx_ssl_s {
SSL_CTX *ctx;
ngx_log_t *log;
size_t buffer_size;
ngx_open_file_t *keylog;
};
@ -101,7 +100,6 @@ struct ngx_ssl_connection_s {
ngx_ssl_ocsp_t *ocsp;
u_char early_buf;
ngx_open_file_t *keylog;
unsigned handshaked:1;
unsigned renegotiation:1;
@ -298,7 +296,6 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
char *fmt, ...);
void ngx_ssl_cleanup_ctx(void *data);
void ngx_ssl_keylogger(const ngx_ssl_conn_t *ssl, const char *line);
extern int ngx_ssl_connection_index;

356
src/event/ngx_event_quic.c
View File

@ -93,21 +93,12 @@ typedef struct {
ngx_quic_secret_t client_secret;
ngx_quic_secret_t server_secret;
enum ssl_encryption_level_t level;
uint64_t pnum; /* to be sent */
uint64_t largest_ack; /* received from peer */
uint64_t largest_pn; /* received from peer */
ngx_queue_t frames;
ngx_queue_t sent;
uint64_t largest_range;
uint64_t first_range;
ngx_uint_t nranges;
ngx_quic_ack_range_t ranges[NGX_QUIC_MAX_RANGES];
struct timeval ack_received;
ngx_uint_t send_ack; /* unsigned send_ack:1 */
} ngx_quic_send_ctx_t;
@ -239,14 +230,7 @@ static ngx_int_t ngx_quic_check_peer(ngx_quic_connection_t *qc,
ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c,
ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_ack_packet(ngx_connection_t *c,
ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_send_ack_range(ngx_connection_t *c,
ngx_quic_send_ctx_t *ctx, uint64_t smallest, uint64_t largest);
static void ngx_quic_drop_ack_ranges(ngx_connection_t *c,
ngx_quic_send_ctx_t *ctx, uint64_t pn);
static ngx_int_t ngx_quic_send_ack(ngx_connection_t *c,
ngx_quic_send_ctx_t *ctx);
static ngx_int_t ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_ack_delay(ngx_connection_t *c,
struct timeval *received, enum ssl_encryption_level_t level);
static ngx_int_t ngx_quic_send_cc(ngx_connection_t *c);
@ -701,13 +685,8 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
ngx_queue_init(&qc->send_ctx[i].sent);
qc->send_ctx[i].largest_pn = (uint64_t) -1;
qc->send_ctx[i].largest_ack = (uint64_t) -1;
qc->send_ctx[i].largest_range = (uint64_t) -1;
}
qc->send_ctx[0].level = ssl_encryption_initial;
qc->send_ctx[1].level = ssl_encryption_handshake;
qc->send_ctx[2].level = ssl_encryption_application;
for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) {
ngx_queue_init(&qc->crypto[i].frames);
}
@ -1995,8 +1974,6 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
ngx_quic_congestion_ack(c, f);
ngx_quic_free_frame(c, f);
}
ctx->send_ack = 0;
}
@ -2132,7 +2109,7 @@ ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt)
/* got there with ack-eliciting packet */
if (!ack_sent) {
if (ngx_quic_ack_packet(c, pkt) != NGX_OK) {
if (ngx_quic_send_ack(c, pkt) != NGX_OK) {
return NGX_ERROR;
}
@ -2297,298 +2274,31 @@ ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt)
static ngx_int_t
ngx_quic_ack_packet(ngx_connection_t *c, ngx_quic_header_t *pkt)
{
uint64_t base, largest, smallest, gs, ge, gap, range, pn;
ngx_uint_t i, j, nr;
ngx_quic_send_ctx_t *ctx;
ngx_quic_ack_range_t *r;
c->log->action = "preparing ack";
ctx = ngx_quic_get_send_ctx(c->quic, pkt->level);
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ngx_quic_ack_packet pn %uL largest %uL nranges %ui",
pkt->pn, ctx->largest_range, ctx->nranges);
if (!ctx->send_ack) {
ngx_post_event(&c->quic->push, &ngx_posted_events);
}
ctx->send_ack = 1;
base = ctx->largest_range;
pn = pkt->pn;
if (base == (uint64_t) -1) {
ctx->largest_range = pn;
ctx->ack_received = pkt->received;
return NGX_OK;
}
if (base == pn) {
return NGX_OK;
}
largest = base;
smallest = largest - ctx->first_range;
if (pn > base) {
ctx->largest_range = pn;
ctx->ack_received = pkt->received;
if (pn - base == 1) {
ctx->first_range++;
return NGX_OK;
} else {
/* new gap in front of current largest */
gap = pn - base - 2;
range = ctx->first_range;
ctx->first_range = 0;
i = 0;
goto insert;
}
}
/* pn < base, perform lookup in existing ranges */
if (pn >= smallest && pn <= largest) {
return NGX_OK;
}
#if (NGX_SUPPRESS_WARN)
r = NULL;
#endif
for (i = 0; i < ctx->nranges; i++) {
r = &ctx->ranges[i];
ge = smallest - 1;
gs = ge - r->gap;
if (pn >= gs && pn <= ge) {
if (gs == ge) {
/* gap size is exactly one packet, now filled */
/* data moves to previous range, current is removed */
if (i == 0) {
ctx->first_range += r->range + 2;
} else {
ctx->ranges[i - 1].range += r->range + 2;
}
nr = ctx->nranges - i - 1;
if (nr) {
ngx_memmove(&ctx->ranges[i], &ctx->ranges[i + 1],
sizeof(ngx_quic_ack_range_t) * nr);
}
ctx->nranges--;
} else if (pn == gs) {
/* current gap shrinks from tail (current range grows) */
r->gap--;
r->range++;
} else if (pn == ge) {
/* current gap shrinks from head (previous range grows) */
r->gap--;
if (i == 0) {
ctx->first_range++;
} else {
ctx->ranges[i - 1].range++;
}
} else {
/* current gap is split into two parts */
r->gap = pn - gs - 1;
gap = ge - pn - 1;
range = 0;
goto insert;
}
return NGX_OK;
}
largest = smallest - r->gap - 2;
smallest = largest - r->range;
if (pn >= smallest && pn <= largest) {
/* this packet number is already known */
return NGX_OK;
}
}
if (pn == smallest - 1) {
/* extend first or last range */
if (i == 0) {
ctx->first_range++;
} else {
r->range++;
}
return NGX_OK;
}
/* nothing found, add new range at the tail */
if (ctx->nranges == NGX_QUIC_MAX_RANGES) {
/* packet is too old to keep it */
return ngx_quic_send_ack_range(c, ctx, pn, pn);
}
gap = smallest - 2 - pn;
range = 0;
insert:
nr = ctx->nranges - i;
if (ctx->nranges == NGX_QUIC_MAX_RANGES) {
/* last range is dropped and reused for newer data */
for (j = i; j < ctx->nranges; j++) {
largest = smallest - ctx->ranges[j].gap - 2;
smallest = largest - ctx->ranges[j].range;
}
if (ngx_quic_send_ack_range(c, ctx, smallest, largest) != NGX_OK) {
return NGX_ERROR;
}
nr--;
} else {
ctx->nranges++;
}
ngx_memmove(&ctx->ranges[i + 1], &ctx->ranges[i],
sizeof(ngx_quic_ack_range_t) * nr);
ctx->ranges[i].gap = gap;
ctx->ranges[i].range = range;
return NGX_OK;
}
static ngx_int_t
ngx_quic_send_ack_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
uint64_t smallest, uint64_t largest)
ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_header_t *pkt)
{
ngx_quic_frame_t *frame;
c->log->action = "generating acknowledgment";
/* every ACK-eliciting packet is acknowledged, TODO ACK Ranges */
frame = ngx_quic_alloc_frame(c, 0);
if (frame == NULL) {
return NGX_ERROR;
}
frame->level = ctx->level;
frame->level = (pkt->level == ssl_encryption_early_data)
? ssl_encryption_application
: pkt->level;
frame->type = NGX_QUIC_FT_ACK;
frame->u.ack.largest = largest;
frame->u.ack.delay = 0;
frame->u.ack.range_count = 0;
frame->u.ack.first_range = largest - smallest;
ngx_sprintf(frame->info, "ACK for PN=%uL..%uL 0 ranges level=%d",
largest, smallest, frame->level);
return NGX_OK;
}
static void
ngx_quic_drop_ack_ranges(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
uint64_t pn)
{
uint64_t base;
ngx_uint_t i, smallest, largest;
ngx_quic_ack_range_t *r;
base = ctx->largest_range;
if (base == (uint64_t) -1) {
return;
}
largest = base;
smallest = largest - ctx->first_range;
if (pn >= largest) {
ctx->largest_range = (uint64_t) - 1;
ctx->first_range = 0;
ctx->nranges = 0;
return;
}
if (pn >= smallest) {
ctx->first_range = largest - pn - 1;
ctx->nranges = 0;
return;
}
for (i = 0; i < ctx->nranges; i++) {
r = &ctx->ranges[i];
largest = smallest - r->gap - 2;
smallest = largest - r->range;
if (pn >= largest) {
ctx->nranges = i;
return;
}
if (pn >= smallest) {
r->range = largest - pn - 1;
ctx->nranges = i + 1;
return;
}
}
}
static ngx_int_t
ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
{
size_t ranges_len;
ngx_quic_frame_t *frame;
ranges_len = sizeof(ngx_quic_ack_range_t) * ctx->nranges;
frame = ngx_quic_alloc_frame(c, ranges_len);
if (frame == NULL) {
return NGX_ERROR;
}
ngx_memcpy(frame->data, ctx->ranges, ranges_len);
frame->level = ctx->level;
frame->type = NGX_QUIC_FT_ACK;
frame->u.ack.largest = ctx->largest_range;
frame->u.ack.delay = ngx_quic_ack_delay(c, &ctx->ack_received, ctx->level);
frame->u.ack.range_count = ctx->nranges;
frame->u.ack.first_range = ctx->first_range;
frame->u.ack.ranges_start = frame->data;
frame->u.ack.ranges_end = frame->data + ranges_len;
ngx_sprintf(frame->info, "ACK for PN=%uL %ui ranges level=%d",
ctx->largest_range, ctx->nranges, frame->level);
frame->u.ack.largest = pkt->pn;
frame->u.ack.delay = ngx_quic_ack_delay(c, &pkt->received, frame->level);
ngx_sprintf(frame->info, "ACK for PN=%uL from frame handler level=%d",
pkt->pn, frame->level);
ngx_quic_queue_frame(c->quic, frame);
ctx->send_ack = 0;
return NGX_OK;
}
@ -2828,22 +2538,7 @@ ngx_quic_handle_ack_frame_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
if (f->pnum >= min && f->pnum <= max) {
ngx_quic_congestion_ack(c, f);
switch (f->type) {
case NGX_QUIC_FT_ACK:
ngx_quic_drop_ack_ranges(c, ctx, f->u.ack.largest);
break;
case NGX_QUIC_FT_STREAM0:
case NGX_QUIC_FT_STREAM1:
case NGX_QUIC_FT_STREAM2:
case NGX_QUIC_FT_STREAM3:
case NGX_QUIC_FT_STREAM4:
case NGX_QUIC_FT_STREAM5:
case NGX_QUIC_FT_STREAM6:
case NGX_QUIC_FT_STREAM7:
ngx_quic_handle_stream_ack(c, f);
break;
}
ngx_quic_handle_stream_ack(c, f);
if (f->pnum > found_num || !found) {
*send_time = f->last;
@ -2965,6 +2660,10 @@ ngx_quic_handle_stream_ack(ngx_connection_t *c, ngx_quic_frame_t *f)
ngx_quic_stream_t *sn;
ngx_quic_connection_t *qc;
if (f->type < NGX_QUIC_FT_STREAM0 || f->type > NGX_QUIC_FT_STREAM7) {
return;
}
qc = c->quic;
sn = ngx_quic_find_stream(&qc->streams.tree, f->u.stream.stream_id);
@ -4013,7 +3712,6 @@ static ngx_int_t
ngx_quic_output(ngx_connection_t *c)
{
ngx_uint_t i;
ngx_quic_send_ctx_t *ctx;
ngx_quic_connection_t *qc;
c->log->action = "sending frames";
@ -4021,16 +3719,7 @@ ngx_quic_output(ngx_connection_t *c)
qc = c->quic;
for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
ctx = &qc->send_ctx[i];
if (ctx->send_ack) {
if (ngx_quic_send_ack(c, ctx) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_quic_output_frames(c, ctx) != NGX_OK) {
if (ngx_quic_output_frames(c, &qc->send_ctx[i]) != NGX_OK) {
return NGX_ERROR;
}
}
@ -4068,7 +3757,6 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER
: NGX_QUIC_MAX_LONG_HEADER;
hlen += EVP_GCM_TLS_TAG_LEN;
hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len;
do {
len = 0;
@ -4098,7 +3786,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
* send more than three times the data it receives;
*/
if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
if (((c->sent + len + f->len) / 3) > qc->received) {
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic hit amplification limit"
" received %uz sent %O",

3
src/event/ngx_event_quic.h
View File

@ -54,8 +54,7 @@
#define NGX_QUIC_STREAM_BUFSIZE 65536
#define NGX_QUIC_MAX_CID_LEN 20
#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
#define NGX_QUIC_SERVER_CID_LEN 20
#define NGX_QUIC_SR_TOKEN_LEN 16

22
src/event/ngx_event_quic_transport.c
View File

@ -1259,25 +1259,18 @@ ngx_quic_create_frame(u_char *p, ngx_quic_frame_t *f)
static size_t
ngx_quic_create_ack(u_char *p, ngx_quic_ack_frame_t *ack)
{
size_t len;
u_char *start;
ngx_uint_t i;
ngx_quic_ack_range_t *ranges;
size_t len;
u_char *start;
ranges = (ngx_quic_ack_range_t *) ack->ranges_start;
/* minimal ACK packet */
if (p == NULL) {
len = ngx_quic_varint_len(NGX_QUIC_FT_ACK);
len += ngx_quic_varint_len(ack->largest);
len += ngx_quic_varint_len(ack->delay);
len += ngx_quic_varint_len(ack->range_count);
len += ngx_quic_varint_len(0);
len += ngx_quic_varint_len(ack->first_range);
for (i = 0; i < ack->range_count; i++) {
len += ngx_quic_varint_len(ranges[i].gap);
len += ngx_quic_varint_len(ranges[i].range);
}
return len;
}
@ -1286,14 +1279,9 @@ ngx_quic_create_ack(u_char *p, ngx_quic_ack_frame_t *ack)
ngx_quic_build_int(&p, NGX_QUIC_FT_ACK);
ngx_quic_build_int(&p, ack->largest);
ngx_quic_build_int(&p, ack->delay);
ngx_quic_build_int(&p, ack->range_count);
ngx_quic_build_int(&p, 0);
ngx_quic_build_int(&p, ack->first_range);
for (i = 0; i < ack->range_count; i++) {
ngx_quic_build_int(&p, ranges[i].gap);
ngx_quic_build_int(&p, ranges[i].range);
}
return p - start;
}

13
src/event/ngx_event_quic_transport.h
View File

@ -120,15 +120,6 @@
#define NGX_QUIC_CID_LEN_MIN 8
#define NGX_QUIC_CID_LEN_MAX 20
#define NGX_QUIC_MAX_RANGES 10
typedef struct {
uint64_t gap;
uint64_t range;
} ngx_quic_ack_range_t;
typedef struct {
uint64_t largest;
uint64_t delay;
@ -137,8 +128,8 @@ typedef struct {
uint64_t ect0;
uint64_t ect1;
uint64_t ce;
u_char *ranges_start;
u_char *ranges_end;
u_char *ranges_start;
u_char *ranges_end;
} ngx_quic_ack_frame_t;

21
src/http/modules/ngx_http_ssl_module.c
View File

@ -119,13 +119,6 @@ static ngx_command_t ngx_http_ssl_commands[] = {
0,
NULL },
{ ngx_string("ssl_keys_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, keys_file),
NULL },
{ ngx_string("ssl_dhparam"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
@ -612,7 +605,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->trusted_certificate = { 0, NULL };
* sscf->crl = { 0, NULL };
* sscf->ciphers = { 0, NULL };
* sscf->keys_file = { 0, NULL };
* sscf->shm_zone = NULL;
* sscf->ocsp_responder = { 0, NULL };
* sscf->stapling_file = { 0, NULL };
@ -684,8 +676,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
ngx_conf_merge_str_value(conf->keys_file, prev->keys_file, "");
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
@ -922,17 +912,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
if (conf->keys_file.len) {
conf->ssl.keylog = ngx_conf_open_file(cf->cycle, &conf->keys_file);
if (conf->ssl.keylog == NULL) {
return NGX_CONF_ERROR;
}
SSL_CTX_set_keylog_callback(conf->ssl.ctx, ngx_ssl_keylogger);
}
if (conf->stapling) {
if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,

2
src/http/modules/ngx_http_ssl_module.h
View File

@ -36,8 +36,6 @@ typedef struct {
ngx_array_t *certificates;
ngx_array_t *certificate_keys;
ngx_str_t keys_file;
ngx_array_t *certificate_values;
ngx_array_t *certificate_key_values;