Commit Graph

6998 Commits

Author SHA1 Message Date
Roman Arutyunyan
3b2eabde0b HTTP/3: fixed overflow in prefixed integer parser.
Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result.  Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.
2020-07-03 16:41:31 +03:00
Sergey Kandaurov
0ebcffcf14 HTTP/3: fixed prefix in decoding Section Acknowledgement. 2020-07-02 17:35:57 +03:00
Roman Arutyunyan
d839fee75f HTTP/3: set r->headers_in.chunked flag after parsing headers.
Previously it was set when creating the request object.  The side-effect was
trying to discard the request body in case of header parse error.
2020-06-30 15:32:09 +03:00
Roman Arutyunyan
707117276e HTTP/3: close QUIC connection with HTTP/QPACK errors when needed.
Previously errors led only to closing streams.

To simplify closing QUIC connection from a QUIC stream context, new macro
ngx_http_v3_finalize_connection() is introduced.  It calls
ngx_quic_finalize_connection() for the parent connection.
2020-07-02 16:47:51 +03:00
Roman Arutyunyan
fd35d92232 HTTP/3: error code definitions for HTTP/3 and QPACK. 2020-06-30 12:30:57 +03:00
Roman Arutyunyan
90f5c334f1 QUIC: Introduced ngx_quic_finalize_connection().
The function finalizes QUIC connection with an application protocol error
code and sends a CONNECTION_CLOSE frame with type=0x1d.

Also, renamed NGX_QUIC_FT_CONNECTION_CLOSE2 to NGX_QUIC_FT_CONNECTION_CLOSE_APP.
2020-07-02 16:33:59 +03:00
Roman Arutyunyan
86e287a2de HTTP/3: downgraded literal size error level to NGX_LOG_INFO.
Now it's similar to HTTP/2.
2020-07-02 16:33:36 +03:00
Roman Arutyunyan
a687d08062 HTTP/3: refactored dynamic table implementation.
Previously dynamic table was not functional because of zero limit on its size
set by default.  Now the following changes enable it:

- new directives to set SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS
- send settings with SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS to the client
- send Insert Count Increment to the client
- send Header Acknowledgement to the client
- evict old dynamic table entries on overflow
- decode Required Insert Count from client
- block stream if Required Insert Count is not reached
2020-07-02 15:34:05 +03:00
Roman Arutyunyan
a7ef0da3c8 HTTP/3: fixed prefixed integer encoding and decoding.
Previously bytes were ordered from MSB to LSB, but the right order is the
reverse.
2020-07-02 15:15:55 +03:00
Roman Arutyunyan
8d41d17a12 HTTP/3: http3_max_field_size directive to limit string size.
Client streams may send literal strings which are now limited in size by the
new directive.  The default value is 4096.

The directive is similar to HTTP/2 directive http2_max_field_size.
2020-06-29 15:56:14 +03:00
Roman Arutyunyan
b7662c0e80 HTTP/3: introduced ngx_http_v3_get_module_srv_conf() macro.
The macro helps to access a module's server configuration from a QUIC
stream context.
2020-06-26 11:58:00 +03:00
Roman Arutyunyan
690e1bc50c HTTP/3: fixed dropping first non-pseudo header. 2020-06-26 10:05:28 +03:00
Sergey Kandaurov
3168f58306 HTTP/3: do not emit a DATA frame header for header_only responses.
This resulted in the frame error due to the invalid DATA frame length.
2020-06-25 20:31:13 +03:00
Vladimir Homutov
9022fc686d Style. 2020-06-19 11:29:30 +03:00
Sergey Kandaurov
cbfecb46fe README: documented draft-28, draft-29 support. 2020-06-23 11:57:00 +03:00
Sergey Kandaurov
439fad4df5 Update Initial salt and Retry secret from quic-tls-29.
See sections 5.2 and 5.8 for the current values.
2020-06-23 11:57:00 +03:00
Sergey Kandaurov
3d27c55ae3 Get rid of hardcoded numbers used for quic handshake errors. 2020-06-23 11:57:00 +03:00
Sergey Kandaurov
fc0036bdd6 Discard short packets which could not be decrypted.
So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.
2020-06-23 11:57:00 +03:00
Sergey Kandaurov
d7baead1e8 Close connection with PROTOCOL_VIOLATION on decryption failure.
A previously used undefined error code is now replaced with the generic one.

Note that quic-transport prescribes keeping connection intact, discarding such
QUIC packets individually, in the sense that coalesced packets could be there.
This is selectively handled in the next change.
2020-06-23 11:57:00 +03:00
Sergey Kandaurov
82519e1af2 Define KEY_UPDATE_ERROR from quic-tls-24. 2020-06-23 11:57:00 +03:00
Sergey Kandaurov
157da97d7a Reject new QUIC connection with CONNECTION_REFUSED on shutdown. 2020-06-23 11:57:00 +03:00
Sergey Kandaurov
1cfd67c44a Close QUIC connection with NO_ERROR on c->close.
That way it makes more sense.  Previously it was closed with INTERNAL_ERROR.
2020-06-23 11:57:00 +03:00
Sergey Kandaurov
9d46500914 Do not close QUIC sockets in ngx_close_listening_sockets().
This breaks graceful shutdown of QUIC connections in terms of quic-transport.
2020-06-23 11:57:00 +03:00
Sergey Kandaurov
c31e105403 QUIC error SERVER_BUSY renamed to CONNECTION_REFUSED in draft-29. 2020-06-23 11:57:00 +03:00
Vladimir Homutov
f1fdf6901b QUIC: cleaned up quic encryption state tracking.
The patch removes remnants of the old state tracking mechanism, which did
not take into account assimetry of read/write states and was not very
useful.

The encryption state now is entirely tracked using SSL_quic_read/write_level().
2020-06-18 14:29:24 +03:00
Vladimir Homutov
28f1acdb6f QUIC: added ALPN checks.
quic-transport draft 29:

    section 7:

    *  authenticated negotiation of an application protocol (TLS uses
       ALPN [RFC7301] for this purpose)

    ...

    Endpoints MUST explicitly negotiate an application protocol.  This
    avoids situations where there is a disagreement about the protocol
    that is in use.

    section 8.1:

    When using ALPN, endpoints MUST immediately close a connection (see
    Section 10.3 of [QUIC-TRANSPORT]) with a no_application_protocol TLS
    alert (QUIC error code 0x178; see Section 4.10) if an application
    protocol is not negotiated.

Changes in ngx_quic_close_quic() function are required to avoid attempts
to generated and send packets without proper keys, what happens in case
of failed ALPN check.
2020-06-18 13:58:46 +03:00
Vladimir Homutov
a213258b5b QUIC: fixed off-by-one in frame range handler.
The ctx->pnum is incremented after the packet is sent, thus pointing to the
next packet number, which should not be used in comparison.
2020-06-18 11:16:35 +03:00
Vladimir Homutov
3b3264dc25 QUIC: further limiting maximum QUIC packet size.
quic-transport draft 29, section 14:

    QUIC depends upon a minimum IP packet size of at least 1280 bytes.
    This is the IPv6 minimum size [RFC8200] and is also supported by most
    modern IPv4 networks.  Assuming the minimum IP header size, this
    results in a QUIC maximum packet size of 1232 bytes for IPv6 and 1252
    bytes for IPv4.

Since the packet size can change during connection lifetime, the
ngx_quic_max_udp_payload() function is introduced that currently
returns minimal allowed size, depending on address family.
2020-06-16 11:54:05 +03:00
Vladimir Homutov
d6d7838c79 QUIC: raise error on missing transport parameters.
quic-tls, 8.2:

    The quic_transport_parameters extension is carried in the ClientHello
    and the EncryptedExtensions messages during the handshake.  Endpoints
    MUST send the quic_transport_parameters extension; endpoints that
    receive ClientHello or EncryptedExtensions messages without the
    quic_transport_parameters extension MUST close the connection with an
    error of type 0x16d (equivalent to a fatal TLS missing_extension
    alert, see Section 4.10).
2020-06-15 17:06:40 +03:00
Vladimir Homutov
6c2712f781 QUIC: Fixed connection cleanup.
A posted event need to be deleted during the connection close.
2020-06-15 16:59:53 +03:00
Vladimir Homutov
966a867971 Style. 2020-06-10 21:37:48 +03:00
Vladimir Homutov
64c00708fa Limited max udp payload size for outgoing packets.
This allows to avoid problems with packet fragmentation in real networks.
This is a temporary workaround.
2020-06-10 21:37:08 +03:00
Vladimir Homutov
5cef58452d Increased default initial retransmit timeout.
This is a temporary workaround, proper retransmission mechanism based on
quic-recovery rfc draft is yet to be implemented.

Currently hardcoded value is too small for real networks.  The patch
sets static PTO, considering rtt of ~333ms, what gives about 1s.
2020-06-10 21:33:20 +03:00
Vladimir Homutov
d684a69c68 Fixed usage of own/client transport parameters. 2020-06-10 21:23:10 +03:00
Sergey Kandaurov
7d8a64a862 Stream ID handling in MAX_STREAM_DATA and STREAM_DATA_BLOCKED. 2020-06-05 20:59:27 +03:00
Sergey Kandaurov
d42fadcf29 Stream ID handling in RESET_STREAM and STOP_SENDING frames. 2020-06-05 20:59:27 +03:00
Sergey Kandaurov
d423541360 Reject invalid STREAM ID with STREAM_STATE_ERROR connection error. 2020-06-05 20:59:26 +03:00
Sergey Kandaurov
facf59bd86 Introduced connection error APPLICATION_ERROR from draft-28. 2020-06-05 13:20:03 +03:00
Sergey Kandaurov
ac73dffb57 Receipt of CONNECTION_CLOSE in 0-RTT is permitted in draft-28. 2020-06-05 13:20:02 +03:00
Sergey Kandaurov
d047ecee95 Treat receipt of NEW_TOKEN as connection error PROTOCOL_VIOLATION. 2020-06-05 13:20:02 +03:00
Roman Arutyunyan
c0003539ac Decoupled validation of Host and :authority for HTTP/2 and HTTP/3.
Previously an error was triggered for HTTP/2 when host with port was passed
by client.
2020-06-02 15:59:14 +03:00
Sergey Kandaurov
0a11fdbb28 Compatibility with BoringSSL master branch.
Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
2020-06-01 19:53:13 +03:00
Sergey Kandaurov
5978225722 Fixed transport parameters on a new connection with a valid token.
Previously, the retry transport parameter was sent regardless.
2020-06-01 19:16:44 +03:00
Roman Arutyunyan
22297afd79 Require ":authority" or "Host" in HTTP/3 and HTTP/2 requests.
Also, if both are present, require that they have the same value.  These
requirements are specified in HTTP/3 draft 28.

Current implementation of HTTP/2 treats ":authority" and "Host"
interchangeably.  New checks only make sure at least one of these values is
present in the request.  A similar check existed earlier and was limited only
to HTTP/1.1 in 38c0898b6df7.
2020-05-29 12:42:23 +03:00
Vladimir Homutov
101113a98f Added propagation of the "wildcard" flag to c->listening.
The flags was originally added by 8f038068f4bc, and is propagated correctly
in the stream module.  With QUIC introduction, http module now uses datagram
sockets as well, thus the fix.
2020-05-29 13:29:24 +03:00
Sergey Kandaurov
f45ec755a5 Made NGX_QUIC_DRAFT_VERSION tunable from configure parameters.
Now it can be switched using --with-cc-opt='-DNGX_QUIC_DRAFT_VERSION=28'.
2020-05-29 15:07:46 +03:00
Sergey Kandaurov
7d41fd85b8 QUIC draft-28 transport parameters support.
Draft-27 and draft-28 support can now be enabled interchangeably,
it's based on the compile-time macro NGX_QUIC_DRAFT_VERSION.
2020-05-29 15:06:33 +03:00
Sergey Kandaurov
25f5ab5e2d Introduced macros for building length-value transport parameters. 2020-05-29 13:05:57 +03:00
Sergey Kandaurov
76bbe70406 Renamed max_packet_size to max_udp_payload_size, from draft-28.
No functional changes.
2020-05-29 12:56:08 +03:00
Sergey Kandaurov
49d7ae444f Rejected forbidden transport parameters with TRANSPORT_PARAMETER_ERROR. 2020-05-29 12:55:39 +03:00