nginx.git/src/event, branch release-1.25.0 nginx QUIC: fixed OpenSSL compat layer with OpenSSL master branch. 2023-05-22T20:45:18+00:00 Sergey Kandaurov pluknet@nginx.com 2023-05-22T20:45:18+00:00 05990c6bb0c11710c10639e7332726446a643a8c The layer is enabled as a fallback if the QUIC support is configured and the BoringSSL API wasn't detected, or when using the --with-openssl option, also compatible with QuicTLS and LibreSSL. For the latter, the layer is assumed to be present if QUIC was requested, so it needs to be undefined to prevent QUIC API redefinition as appropriate. A previously used approach to test the TLSEXT_TYPE_quic_transport_parameters macro doesn't work with OpenSSL 3.2 master branch where this macro appeared with incompatible QUIC API. To fix the build there, the test is revised to pass only for QuicTLS and LibreSSL. 
The layer is enabled as a fallback if the QUIC support is configured and the
BoringSSL API wasn't detected, or when using the --with-openssl option, also
compatible with QuicTLS and LibreSSL.  For the latter, the layer is assumed
to be present if QUIC was requested, so it needs to be undefined to prevent
QUIC API redefinition as appropriate.

A previously used approach to test the TLSEXT_TYPE_quic_transport_parameters
macro doesn't work with OpenSSL 3.2 master branch where this macro appeared
with incompatible QUIC API.  To fix the build there, the test is revised to
pass only for QuicTLS and LibreSSL.
QUIC: fixed post-close use-after-free. 2023-05-22T11:59:42+00:00 Roman Arutyunyan arut@nginx.com 2023-05-22T11:59:42+00:00 5ac9da4577d59f88032fcfde31b0b6a9ea9a88bd Previously, ngx_quic_close_connection() could be called in a way that QUIC connection was accessed after the call. In most cases the connection is not closed right away, but close timeout is scheduled. However, it's not always the case. Also, if the close process started earlier for a different reason, calling ngx_quic_close_connection() may actually close the connection. The connection object should not be accessed after that. Now, when possible, return statement is added to eliminate post-close connection object access. In other places ngx_quic_close_connection() is substituted with posting close event. Also, the new way of closing connection in ngx_quic_stream_cleanup_handler() fixes another problem in this function. Previously it passed stream connection instead of QUIC connection to ngx_quic_close_connection(). This could result in incomplete connection shutdown. One consequence of that could be that QUIC streams were freed without shutting down their application contexts. This could result in another use-after-free. Found by Coverity (CID 1530402). 
Previously, ngx_quic_close_connection() could be called in a way that QUIC
connection was accessed after the call.  In most cases the connection is not
closed right away, but close timeout is scheduled.  However, it's not always
the case.  Also, if the close process started earlier for a different reason,
calling ngx_quic_close_connection() may actually close the connection.  The
connection object should not be accessed after that.

Now, when possible, return statement is added to eliminate post-close connection
object access.  In other places ngx_quic_close_connection() is substituted with
posting close event.

Also, the new way of closing connection in ngx_quic_stream_cleanup_handler()
fixes another problem in this function.  Previously it passed stream connection
instead of QUIC connection to ngx_quic_close_connection().  This could result
in incomplete connection shutdown.  One consequence of that could be that QUIC
streams were freed without shutting down their application contexts.  This could
result in another use-after-free.

Found by Coverity (CID 1530402).
QUIC: better sockaddr initialization. 2023-05-21T01:38:45+00:00 Maxim Dounin mdounin@mdounin.ru 2023-05-21T01:38:45+00:00 0400e3d5cea76e4b99cb7ff593404286c463cc82 The qsock->sockaddr field is a ngx_sockaddr_t union, and therefore can hold any sockaddr (and union members, such qsock->sockaddr.sockaddr, can be used to access appropriate variant of the sockaddr). It is better to set it via qsock->sockaddr itself though, and not qsock->sockaddr.sockaddr, so static analyzers won't complain about out-of-bounds access. Prodded by Coverity (CID 1530403). 
The qsock->sockaddr field is a ngx_sockaddr_t union, and therefore can hold
any sockaddr (and union members, such qsock->sockaddr.sockaddr, can be used
to access appropriate variant of the sockaddr).  It is better to set it via
qsock->sockaddr itself though, and not qsock->sockaddr.sockaddr, so static
analyzers won't complain about out-of-bounds access.

Prodded by Coverity (CID 1530403).
Common tree insert function for QUIC and UDP connections. 2023-05-14T08:30:11+00:00 Roman Arutyunyan arut@nginx.com 2023-05-14T08:30:11+00:00 0a3c79614521d7612b63eff4e09c25ed219fb65b Previously, ngx_udp_rbtree_insert_value() was used for plain UDP and ngx_quic_rbtree_insert_value() was used for QUIC. Because of this it was impossible to initialize connection tree in ngx_create_listening() since this function is not aware what kind of listening it creates. Now ngx_udp_rbtree_insert_value() is used for both QUIC and UDP. To make is possible, a generic key field is added to ngx_udp_connection_t. It keeps client address for UDP and connection ID for QUIC. 
Previously, ngx_udp_rbtree_insert_value() was used for plain UDP and
ngx_quic_rbtree_insert_value() was used for QUIC.  Because of this it was
impossible to initialize connection tree in ngx_create_listening() since
this function is not aware what kind of listening it creates.

Now ngx_udp_rbtree_insert_value() is used for both QUIC and UDP.  To make
is possible, a generic key field is added to ngx_udp_connection_t.  It keeps
client address for UDP and connection ID for QUIC.
QUIC: removed "quic_mtu" directive. 2023-05-11T06:37:51+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T06:37:51+00:00 6cc803e713698b4b09ab46ccd7ae986faa55c386 The directive used to set the value of the "max_udp_payload_size" transport parameter. According to RFC 9000, Section 18.2, the value specifies the size of buffer for reading incoming datagrams: This limit does act as an additional constraint on datagram size in the same way as the path MTU, but it is a property of the endpoint and not the path; see Section 14. It is expected that this is the space an endpoint dedicates to holding incoming packets. Current QUIC implementation uses the maximum possible buffer size (65527) for reading datagrams. 
The directive used to set the value of the "max_udp_payload_size" transport
parameter.  According to RFC 9000, Section 18.2, the value specifies the size
of buffer for reading incoming datagrams:

    This limit does act as an additional constraint on datagram size in
    the same way as the path MTU, but it is a property of the endpoint
    and not the path; see Section 14. It is expected that this is the
    space an endpoint dedicates to holding incoming packets.

Current QUIC implementation uses the maximum possible buffer size (65527) for
reading datagrams.
QUIC: resized input datagram buffer from 65535 to 65527. 2023-05-11T05:49:34+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T05:49:34+00:00 9ab5d15379a26b32d93c706d63fd3f9f241459e0 The value of 65527 is the maximum permitted UDP payload size. 
The value of 65527 is the maximum permitted UDP payload size.
QUIC: keep stream sockaddr and addr_text constant. 2023-05-11T15:40:11+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T15:40:11+00:00 885c4881915e28661f341b9ac3807afb84c8b779 HTTP and Stream variables $remote_addr and $binary_remote_addr rely on constant client address, particularly because they are cacheable. However, QUIC client may migrate to a new address. While there's no perfect way to handle this, the proposed solution is to copy client address to QUIC stream at stream creation. The change also fixes truncated $remote_addr if migration happened while the stream was active. The reason is addr_text string was copied to stream by value. 
HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
constant client address, particularly because they are cacheable.
However, QUIC client may migrate to a new address.  While there's no perfect
way to handle this, the proposed solution is to copy client address to QUIC
stream at stream creation.

The change also fixes truncated $remote_addr if migration happened while the
stream was active.  The reason is addr_text string was copied to stream by
value.
QUIC: set c->socklen for streams. 2023-04-27T15:49:05+00:00 Roman Arutyunyan arut@nginx.com 2023-04-27T15:49:05+00:00 a4319bc496264f94ea8a85702d9b5b8098d9d18c Previously, the value was not set and remained zero. While in nginx code the value of c->sockaddr is accessed without taking c->socklen into account, invalid c->socklen could lead to unexpected results in third-party modules. 
Previously, the value was not set and remained zero.  While in nginx code the
value of c->sockaddr is accessed without taking c->socklen into account,
invalid c->socklen could lead to unexpected results in third-party modules.
QUIC: fixed addr_text after migration (ticket #2488). 2023-04-27T15:52:40+00:00 Roman Arutyunyan arut@nginx.com 2023-04-27T15:52:40+00:00 906e3b5dca2352ba3799b41b181a3ca617dc3329 Previously, the post-migration value of addr_text could be truncated, if it was longer than the previous one. Also, the new value always included port, which should not be there. 
Previously, the post-migration value of addr_text could be truncated, if
it was longer than the previous one.  Also, the new value always included
port, which should not be there.
QUIC: reschedule path validation on path insertion/removal. 2023-05-09T15:42:40+00:00 Sergey Kandaurov pluknet@nginx.com 2023-05-09T15:42:40+00:00 12fa86dd928a22ab6f07a1e73f3af7f703507337 Two issues fixed: - new path validation could be scheduled late - a validated path could leave a spurious timer 
Two issues fixed:
- new path validation could be scheduled late
- a validated path could leave a spurious timer