From f797a8a5b5a2012b0cae9745f05386b628365cb7 Mon Sep 17 00:00:00 2001 From: Vladimir Homutov Date: Wed, 30 Sep 2020 20:54:46 +0300 Subject: QUIC: added stateless reset support. The new "quic_stateless_reset_token_key" directive is added. It sets the endpoint key used to generate stateless reset tokens and enables feature. If the endpoint receives short-header packet that can't be matched to existing connection, a stateless reset packet is generated with a proper token. If a valid stateless reset token is found in the incoming packet, the connection is closed. Example configuration: http { quic_stateless_reset_token_key "foo"; ... } --- src/http/modules/ngx_http_quic_module.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/http/modules') diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c index 9888e2eae..ec70c7286 100644 --- a/src/http/modules/ngx_http_quic_module.c +++ b/src/http/modules/ngx_http_quic_module.c @@ -125,6 +125,13 @@ static ngx_command_t ngx_http_quic_commands[] = { offsetof(ngx_quic_conf_t, retry), NULL }, + { ngx_string("quic_stateless_reset_token_key"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, + ngx_conf_set_str_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_quic_conf_t, sr_token_key), + NULL }, + ngx_null_command }; @@ -223,8 +230,10 @@ ngx_http_quic_create_srv_conf(ngx_conf_t *cf) * conf->tp.original_dcid = { 0, NULL }; * conf->tp.initial_scid = { 0, NULL }; * conf->tp.retry_scid = { 0, NULL }; - * conf->tp.stateless_reset_token = { 0 } + * conf->tp.sr_token = { 0 } + * conf->tp.sr_enabled = 0 * conf->tp.preferred_address = NULL + * conf->sr_token_key = { 0, NULL } */ conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC; @@ -304,6 +313,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } } + ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); + return NGX_CONF_OK; } -- cgit