nginx.git - nginx

Age	Commit message (Collapse)	Author	Files	Lines
2023-08-30	QUIC: use last client dcid to receive initial packets.	Roman Arutyunyan	1	-2/+2
	Previously, original dcid was used to receive initial client packets in case server initial response was lost. However, last dcid should be used instead. These two are the same unless retry is used. In case of retry, client resends initial packet with a new dcid, that is different from the original dcid. If server response is lost, the client resends this packet again with the same dcid. This is shown in RFC 9000, 7.3. Authenticating Connection IDs, Figure 8. The issue manifested itself with creating multiple server sessions in response to each post-retry client initial packet, if server response is lost.
2023-07-06	QUIC: removed path->limited flag.	Roman Arutyunyan	1	-1/+0
	Its value is the opposite of path->validated.
2023-05-14	Common tree insert function for QUIC and UDP connections.	Roman Arutyunyan	1	-0/+1
	Previously, ngx_udp_rbtree_insert_value() was used for plain UDP and ngx_quic_rbtree_insert_value() was used for QUIC. Because of this it was impossible to initialize connection tree in ngx_create_listening() since this function is not aware what kind of listening it creates. Now ngx_udp_rbtree_insert_value() is used for both QUIC and UDP. To make is possible, a generic key field is added to ngx_udp_connection_t. It keeps client address for UDP and connection ID for QUIC.
2022-04-20	QUIC: separate UDP framework for QUIC.	Roman Arutyunyan	1	-1/+4
	Previously, QUIC used the existing UDP framework, which was created for UDP in Stream. However the way QUIC connections are created and looked up is different from the way UDP connections in Stream are created and looked up. Now these two implementations are decoupled.
2022-02-16	QUIC: fixed indentation.	Sergey Kandaurov	1	-1/+1

2022-01-28	QUIC: got rid of hash symbol in backup and logging.	Vladimir Homutov	1	-2/+2
	Now all objectes with sequence number (i.e. sockets, connection ids and paths) are logged as "foo seq:N".
2022-01-19	QUIC: reworked migration handling.	Vladimir Homutov	1	-89/+12
	The quic connection now holds active, backup and probe paths instead of sockets. The number of migration paths is now limited and cannot be inflated by a bad client or an attacker. The client id is now associated with path rather than socket. This allows to simplify processing of output and connection ids handling. New migration abandons any previously started migrations. This allows to free consumed client ids and request new for use in future migrations and make progress in case when connection id limit is hit during migration. A path now can be revalidated without losing its state. The patch also fixes various issues with NAT rebinding case handling: - paths are now validated (previously, there was no validation and paths were left in limited state) - attempt to reuse id on different path is now again verified (this was broken in 40445fc7c403) - former path is now validated in case of apparent migration
2021-12-27	QUIC: got rid of ngx_quic_create_temp_socket().	Vladimir Homutov	1	-61/+27
	It was mostly copy of the ngx_quic_listen(). Now ngx_quic_listen() no longer generates server id and increments seqnum. Instead, the server id is generated when the socket is created. The ngx_quic_alloc_socket() function is renamed to ngx_quic_create_socket().
2021-12-13	QUIC: decoupled path state and limitation status.	Vladimir Homutov	1	-0/+1
	The path validation status and anti-amplification limit status is actually two different variables. It is possible that validating path should not be limited (for example, when re-validating former path).
2021-12-13	QUIC: improved path validation.	Vladimir Homutov	1	-1/+0
	Previously, path was considered valid during arbitrary selected 10m timeout since validation. This is quite not what RFC 9000 says; the relevant part is: An endpoint MAY skip validation of a peer address if that address has been seen recently. The patch considers a path to be 'recently seen' if packets were received during idle timeout. If a packet is received from the path that was seen not so recently, such path is considered new, and anti-amplification restrictions apply.
2021-11-18	QUIC: removed unnecessary closing of active/backup sockets.	Vladimir Homutov	1	-6/+0
	All open sockets are stored in a queue. There is no need to close some of them separately. If it happens that active and backup point to same socket, double close may happen (leading to possible segfault).
2021-11-18	QUIC: fixed handling of RETIRE_CONNECTION_ID frame.	Vladimir Homutov	1	-3/+1
	Previously, the retired socket was not closed if it didn't match active or backup. New sockets could not be created (due to count limit), since retired socket was not closed before calling ngx_quic_create_sockets(). When replacing retired socket, new socket is only requested after closing old one, to avoid hitting the limit on the number of active connection ids. Together with added restrictions, this fixes an issue when a current socket could be closed during migration, recreated and erroneously reused leading to null pointer dereference.
2021-10-26	QUIC: style.	Sergey Kandaurov	1	-3/+1

2021-04-29	QUIC: connection migration.	Vladimir Homutov	1	-0/+355
	The patch adds proper transitions between multiple networking addresses that can be used by a single quic connection. New networking paths are validated using PATH_CHALLENGE/PATH_RESPONSE frames.