| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
+ ngx_quic_encrypt():
- no longer accepts pool as argument
- pkt is 1st arg
- payload is passed as pkt->payload
- performs encryption to the specified static buffer
+ ngx_quic_create_long/short_packet() functions:
- single buffer for everything, allocated by caller
- buffer layout is: [ ad | payload | TAG ]
the result is in the beginning of buffer with proper length
- nonce is calculated on stack
- log is passed explicitly, pkt is 1st arg
- no more allocations inside
+ ngx_quic_create_long_header():
- args changed: no need to pass str_t
+ added ngx_quic_create_short_header()
|
|
|
|
|
|
|
|
Additionally, streams are now removed from the tree in cleanup handler.
|
|
Now ngx_quic_stream_t is directly inserted into the tree.
|
|
|
|
Should be done after memzero.
|
|
So we can easily tune how soon client would decide to close a connection.
|
|
Now they inherit c->ssl always enabled from the main connection,
which makes r->main_filter_need_in_memory set for them.
|
|
+ Client-related errors (i.e. parsing) are done at INFO level
+ c->log->action is updated through the process of receiving, parsing.
handling packet/payload and generating frames/output.
|
|
|
|
This makes it possible to switch to draft 27 by default.
|
|
For ngx_http_process_request() part to work, this required to set both
r->http_connection->ssl and c->ssl on a QUIC stream. To avoid damaging
global SSL object, ngx_ssl_shutdown() is managed to ignore QUIC streams.
|
|
|
|
Previously a frame could only be inserted after the first element of the list.
|
|
This is required by Chrome.
|
|
This fixes Chrome CONNECTION_ID_LIMIT_ERROR with the reason:
"Underflow with first ack block length 2 largest acked is 1".
|
|
|
|
|
|
Additionally, receive larger packets than 512 bytes.
|
|
|
|
+ ngx_quic_init_ssl_methods() is no longer there, we setup methods on SSL
connection directly.
+ the handshake_handler is actually a generic quic input handler
+ updated c->log->action and debug to reflect changes and be more informative
+ c->quic is always set in ngx_quic_input()
+ the quic connection state is set by the results of SSL_do_handshake();
|
|
|
|
This makes it easier to understand what client wants.
|
|
note:
+ parameters are available in SSL connection since they are obtained by ssl
stack
quote:
During connection establishment, both endpoints make authenticated
declarations of their transport parameters. These declarations are
made unilaterally by each endpoint.
and really, we send our parameters before we read client's.
no handling of incoming parameters is made by this patch.
|
|
|
|
|
|
|
|
|
|
It writes 16-bit prefix as designed, but length calculation assumed varint.
|
|
|
|
|
|
|
|
+ cleanup in macros for packet types
+ some style fixes in quic_transport.h (case, indentation)
|
|
The "frame_type" field is not passed in case of 0x1d frame.
|
|
The difference is that error code refers to application namespace, i.e.
quic error names cannot be used to convert it to string.
|
|
The value is literal "quic" for requests passed over HTTP/3, and empty string
otherwise.
|
|
- integer parameters can be configured using the following directives:
quic_max_idle_timeout
quic_max_ack_delay
quic_max_packet_size
quic_initial_max_data
quic_initial_max_stream_data_bidi_local
quic_initial_max_stream_data_bidi_remote
quic_initial_max_stream_data_uni
quic_initial_max_streams_bidi
quic_initial_max_streams_uni
quic_ack_delay_exponent
quic_active_migration
quic_active_connection_id_limit
- only following parameters are actually sent:
active_connection_id_limit
initial_max_streams_uni
initial_max_streams_bidi
initial_max_stream_data_bidi_local
initial_max_stream_data_bidi_remote
initial_max_stream_data_uni
(other parameters are to be added into ngx_quic_create_transport_params()
function as needed, should be easy now)
- draft 24 and draft 27 are now supported
(at compile-time using quic_version macro)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The ngx_quic_parse_frame() functions now has new 'pkt' argument: the packet
header of a currently processed frame. This allows to log errors/debug
closer to reasons and perform additional checks regarding possible frame
types. The handler only performs processing of good frames.
A number of functions like read_uint32(), parse_int[_multi] probably should
be implemented as a macro, but currently it is better to have them as
functions for simpler debugging.
|
|
|
|
|
|
|
