QUIC: added stateless reset support.

The new "quic_stateless_reset_token_key" directive is added.  It sets the
endpoint key used to generate stateless reset tokens and enables feature.

If the endpoint receives short-header packet that can't be matched to
existing  connection, a stateless reset packet is generated with
a proper token.

If a valid stateless reset token is found in the incoming packet,
the connection is closed.

Example configuration:

http {
    quic_stateless_reset_token_key  "foo";
    ...
}

1 files changed, 12 insertions, 1 deletions

diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c
index 9888e2eae..ec70c7286 100644
--- a/src/http/modules/ngx_http_quic_module.c
+++ b/src/http/modules/ngx_http_quic_module.c
@@ -125,6 +125,13 @@ static ngx_command_t  ngx_http_quic_commands[] = {
       offsetof(ngx_quic_conf_t, retry),
       NULL },
 
+    { ngx_string("quic_stateless_reset_token_key"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_quic_conf_t, sr_token_key),
+      NULL },
+
       ngx_null_command
 };
 
@@ -223,8 +230,10 @@ ngx_http_quic_create_srv_conf(ngx_conf_t *cf)
      *     conf->tp.original_dcid = { 0, NULL };
      *     conf->tp.initial_scid = { 0, NULL };
      *     conf->tp.retry_scid = { 0, NULL };
-     *     conf->tp.stateless_reset_token = { 0 }
+     *     conf->tp.sr_token = { 0 }
+     *     conf->tp.sr_enabled = 0
      *     conf->tp.preferred_address = NULL
+     *     conf->sr_token_key = { 0, NULL }
      */
 
     conf->tp.max_idle_timeout = NGX_CONF_UNSET_MSEC;
@@ -304,6 +313,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         }
     }
 
+    ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
+
     return NGX_CONF_OK;
 }