mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-01-11 04:41:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,033 Commits 21 Branches 568 Tags 90 MiB
a36ebf7e95
Commit Graph

8033 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey Kandaurov
569da72e4b Fixed computing nonce again, by properly shifting packet number. 2020-04-03 13:49:40 +03:00
Vladimir Homutov
723c276a7b Fixed missing propagation of need_ack flag from frames to packet. 2020-04-03 09:53:51 +03:00
Vladimir Homutov
932bfe7b36 Fixed excessive push timer firing. 
The timer is set when an output frame is generated; there is no need to arm
it after it was fired.
 2020-04-02 14:53:01 +03:00
Sergey Kandaurov
9c8a7a52e1 Fixed computing nonce by xoring all packet number bytes. 
Previously, the stub worked only with pnl=0.
 2020-04-02 11:40:25 +03:00
Vladimir Homutov
01bddf4533 Output buffering. 
Currently, the output is called periodically, each 200 ms to invoke
ngx_quic_output() that will push all pending frames into packets.

TODO: implement flags a-là Nagle & co (NO_DELAY/NO_PUSH...)
 2020-04-01 17:09:11 +03:00
Vladimir Homutov
7b1a3df37c Implemented retransmission and retransmit queue. 
All frames collected to packet are moved into a per-namespace send queue.
QUIC connection has a timer which fires on the closest max_ack_delay time.
The frame is deleted from the queue when a corresponding packet is acknowledged.

The NGX_QUIC_MAX_RETRANSMISSION is a timeout that defines maximum length
of retransmission of a frame.
 2020-04-01 17:06:26 +03:00
Vladimir Homutov
d7eeb2e30b Introduced packet namespace in QUIC connection. 
The structure contains all data that is related to the namespace:
packet number and output queue (next patch).
 2020-04-01 14:31:08 +03:00
Vladimir Homutov
9595417396 Refactored QUIC secrets storage. 
The quic->keys[4] array now contains secrets related to the corresponding
encryption level.  All protection-level functions get proper keys and do
not need to switch manually between levels.
 2020-04-01 14:25:25 +03:00
Vladimir Homutov
c6859361e3 Added missing debug description. 2020-04-01 17:21:52 +03:00
Sergey Kandaurov
6abff71fc4 TLS Early Data support. 2020-04-01 13:27:42 +03:00
Sergey Kandaurov
140a89ce01 TLS Early Data key derivation support. 2020-04-01 13:27:42 +03:00
Sergey Kandaurov
22671b37e3 Sending HANDSHAKE_DONE just once with BoringSSL. 
If early data is accepted, SSL_do_handshake() completes as soon as ClientHello
is processed.  SSL_in_init() will report the handshake is still in progress.
 2020-04-01 13:27:42 +03:00
Sergey Kandaurov
833a28244f QUIC packet padding to fulfil header protection sample demands. 2020-04-01 13:27:42 +03:00
Sergey Kandaurov
e9d67086c7 Improved SSL_do_handshake() error handling in QUIC. 
It can either return a recoverable SSL_ERROR_WANT_READ or fatal errors.
 2020-04-01 13:27:42 +03:00
Sergey Kandaurov
86029005a5 Style. 2020-04-01 13:27:41 +03:00
Vladimir Homutov
c3b7927e24 Removed unused field from ngx_quic_header_t. 2020-03-31 13:13:12 +03:00
Sergey Kandaurov
4502e5b1e9 HTTP/3: http3 variable. 2020-03-28 18:41:31 +03:00
Sergey Kandaurov
7a0b840c51 HTTP/3: static table cleanup. 2020-03-28 18:02:20 +03:00
Roman Arutyunyan
fa1e1beadc Parsing HTTP/3 request body. 2020-03-27 19:41:06 +03:00
Roman Arutyunyan
84a7835015 Fixed handling QUIC stream eof. 
Set r->pending_eof flag for a new QUIC stream with the fin bit.  Also, keep
r->ready set when r->pending_eof is set and buffer is empty.
 2020-03-27 10:02:45 +03:00
Roman Arutyunyan
89a6a4f198 Push QUIC stream frames in send() and cleanup handler. 2020-03-27 19:08:24 +03:00
Roman Arutyunyan
80a38580bd Chunked response body in HTTP/3. 2020-03-27 19:46:54 +03:00
Roman Arutyunyan
81f7cff632 Fixed buffer overflow. 2020-03-27 15:50:42 +03:00
Sergey Kandaurov
3fbdc04072 Unbreak sending CONNECTION_CLOSE from the send_alert callback. 2020-03-27 12:52:08 +03:00
Vladimir Homutov
41a8b8d392 Merged ngx_quic_send_packet() into ngx_quic_send_frames(). 
This allows to avoid extra allocation and use two static buffers instead.
Adjusted maximum paket size calculation: need to account a tag.
 2020-03-26 18:29:38 +03:00
Vladimir Homutov
7d408f1bba Got rid of memory allocation in decryption. 
Static buffers are used instead in functions where decryption takes place.

The pkt->plaintext points to the beginning of a static buffer.
The pkt->payload.data points to decrypted data actual start.
 2020-03-26 16:54:46 +03:00
Vladimir Homutov
7c6e6426c6 Logging cleanup. 
pool->log is replaced with pkt->log or explicit argument passing where
possible.
 2020-03-26 13:54:49 +03:00
Roman Arutyunyan
d71df64e9a QUIC frames reuse. 2020-03-25 23:40:50 +03:00
Vladimir Homutov
715d8a250b Removed memory allocations from encryption code. 
+ ngx_quic_encrypt():
     - no longer accepts pool as argument
     - pkt is 1st arg
     - payload is passed as pkt->payload
     - performs encryption to the specified static buffer

 + ngx_quic_create_long/short_packet() functions:
    - single buffer for everything, allocated by caller
    - buffer layout is: [ ad | payload | TAG ]
      the result is in the beginning of buffer with proper length
    - nonce is calculated on stack
    - log is passed explicitly, pkt is 1st arg
    - no more allocations inside

 + ngx_quic_create_long_header():
    - args changed: no need to pass str_t

 + added ngx_quic_create_short_header()
 2020-03-26 12:11:50 +03:00
Roman Arutyunyan
bcd54c2643 Fixed QUIC stream insert and find. 2020-03-25 14:05:40 +03:00
Roman Arutyunyan
dbf1b41cfb Simplifed handling HTTP/3 streams. 2020-03-25 12:14:24 +03:00
Roman Arutyunyan
95f439630b Safe QUIC stream creation. 2020-03-25 12:56:21 +03:00
Roman Arutyunyan
a0a2e0de1d When closing a QUIC connection, wait for all streams to finish. 
Additionally, streams are now removed from the tree in cleanup handler.
 2020-03-24 18:05:45 +03:00
Roman Arutyunyan
f75e4e3fef Removed ngx_quic_stream_node_t. 
Now ngx_quic_stream_t is directly inserted into the tree.
 2020-03-24 16:38:03 +03:00
Roman Arutyunyan
061a42d966 Implemented eof in QUIC streams. 2020-03-24 13:49:42 +03:00
Vladimir Homutov
c5505648d7 Fixed log initialization. 
Should be done after memzero.
 2020-03-25 19:42:00 +03:00
Sergey Kandaurov
685e7d1451 Advertise our max_idle_timeout in transport parameters. 
So we can easily tune how soon client would decide to close a connection.
 2020-03-24 22:12:52 +03:00
Sergey Kandaurov
d8d42e29e7 QUIC streams don't need filter_need_in_memory after 7f0981be07c4. 
Now they inherit c->ssl always enabled from the main connection,
which makes r->main_filter_need_in_memory set for them.
 2020-03-24 19:17:57 +03:00
Vladimir Homutov
8c26e1d148 Logging cleanup. 
+ Client-related errors (i.e. parsing) are done at INFO level
 + c->log->action is updated through the process of receiving, parsing.
   handling packet/payload and generating frames/output.
 2020-03-24 17:03:39 +03:00
Vladimir Homutov
780f4f660c Added QUIC version check for sending HANDSHAKE_DONE frame. 2020-03-24 12:15:39 +03:00
Vladimir Homutov
57544f7589 Implemented sending HANDSHAKE_DONE frame after handshake. 
This makes it possible to switch to draft 27 by default.
 2020-03-24 11:59:14 +03:00
Sergey Kandaurov
f20af3dabc Fixed client certificate verification. 
For ngx_http_process_request() part to work, this required to set both
r->http_connection->ssl and c->ssl on a QUIC stream.  To avoid damaging
global SSL object, ngx_ssl_shutdown() is managed to ignore QUIC streams.
 2020-03-23 20:48:34 +03:00
Roman Arutyunyan
5ac5e51fdf Respect QUIC max_idle_timeout. 2020-03-23 21:20:20 +03:00
Roman Arutyunyan
9975b088bb Allow ngx_queue_frame() to insert frame in the front. 
Previously a frame could only be inserted after the first element of the list.
 2020-03-23 19:42:09 +03:00
Roman Arutyunyan
ede2656c60 Support for HTTP/3 ALPN. 
This is required by Chrome.
 2020-03-23 19:26:24 +03:00
Roman Arutyunyan
77a4c2d172 Put zero in 'First ACK Range' when acknowledging one packet. 
This fixes Chrome CONNECTION_ID_LIMIT_ERROR with the reason:
"Underflow with first ack block length 2 largest acked is 1".
 2020-03-23 15:32:24 +03:00
Roman Arutyunyan
f4562d7ed9 Avoid using QUIC connection after CONNECTION_CLOSE. 2020-03-23 19:19:44 +03:00
Roman Arutyunyan
3fa1dec9c7 Better flow control and buffering for QUIC streams. 2020-03-23 15:49:31 +03:00
Roman Arutyunyan
72b0a1b32a Limit output QUIC packets with client max_packet_size. 
Additionally, receive larger packets than 512 bytes.
 2020-03-23 18:47:17 +03:00
Sergey Kandaurov
280c18bdce Fixed received ACK fields order in debug logging. 2020-03-23 18:20:42 +03:00