aboutsummaryrefslogtreecommitdiff
path: root/src/event/quic/ngx_event_quic.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/event/quic/ngx_event_quic.c')
-rw-r--r--src/event/quic/ngx_event_quic.c66
1 files changed, 34 insertions, 32 deletions
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 96488c6a7..d47d0bc4e 100644
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -131,8 +131,8 @@ ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp)
qc = ngx_quic_get_connection(c);
- scid.data = qc->socket->cid->id;
- scid.len = qc->socket->cid->len;
+ scid.data = qc->path->cid->id;
+ scid.len = qc->path->cid->len;
if (scid.len != ctp->initial_scid.len
|| ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
@@ -373,7 +373,7 @@ ngx_quic_handle_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt)
{
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
- if (cid->seqnum == 0 || cid->refcnt == 0) {
+ if (cid->seqnum == 0 || !cid->used) {
/*
* No stateless reset token in initial connection id.
* Don't accept a token from an unused connection id.
@@ -673,10 +673,12 @@ ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
u_char *p, *start;
ngx_int_t rc;
ngx_uint_t good;
+ ngx_quic_path_t *path;
ngx_quic_header_t pkt;
ngx_quic_connection_t *qc;
good = 0;
+ path = NULL;
size = b->last - b->pos;
@@ -690,6 +692,7 @@ ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
pkt.len = b->last - p;
pkt.log = c->log;
pkt.first = (p == start) ? 1 : 0;
+ pkt.path = path;
pkt.flags = p[0];
pkt.raw->pos++;
@@ -720,6 +723,8 @@ ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
good = 1;
}
+ path = pkt.path; /* preserve packet path from 1st packet */
+
/* NGX_OK || NGX_DECLINED */
/*
@@ -825,14 +830,15 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
}
if (pkt->first) {
- if (ngx_quic_find_path(c, c->udp->dgram->sockaddr,
- c->udp->dgram->socklen)
- == NULL)
+ if (ngx_cmp_sockaddr(c->udp->dgram->sockaddr,
+ c->udp->dgram->socklen,
+ qc->path->sockaddr, qc->path->socklen, 1)
+ != NGX_OK)
{
/* packet comes from unknown path, possibly migration */
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic too early migration attempt");
- return NGX_DECLINED;
+ return NGX_DONE;
}
}
@@ -991,9 +997,12 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
pkt->decrypted = 1;
- if (pkt->first) {
- if (ngx_quic_update_paths(c, pkt) != NGX_OK) {
- return NGX_ERROR;
+ c->log->action = "handling decrypted packet";
+
+ if (pkt->path == NULL) {
+ rc = ngx_quic_set_path(c, pkt);
+ if (rc != NGX_OK) {
+ return rc;
}
}
@@ -1012,9 +1021,10 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
*/
ngx_quic_discard_ctx(c, ssl_encryption_initial);
- if (qc->socket->path->state != NGX_QUIC_PATH_VALIDATED) {
- qc->socket->path->state = NGX_QUIC_PATH_VALIDATED;
- qc->socket->path->limited = 0;
+ if (!qc->path->validated) {
+ qc->path->validated = 1;
+ qc->path->limited = 0;
+ ngx_quic_path_dbg(c, "in handshake", qc->path);
ngx_post_event(&qc->push, &ngx_posted_events);
}
}
@@ -1153,7 +1163,6 @@ ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt)
ngx_uint_t do_close, nonprobing;
ngx_chain_t chain;
ngx_quic_frame_t frame;
- ngx_quic_socket_t *qsock;
ngx_quic_connection_t *qc;
qc = ngx_quic_get_connection(c);
@@ -1335,7 +1344,8 @@ ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt)
case NGX_QUIC_FT_PATH_CHALLENGE:
- if (ngx_quic_handle_path_challenge_frame(c, &frame.u.path_challenge)
+ if (ngx_quic_handle_path_challenge_frame(c, pkt,
+ &frame.u.path_challenge)
!= NGX_OK)
{
return NGX_ERROR;
@@ -1394,26 +1404,18 @@ ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt)
ngx_quic_close_connection(c, NGX_OK);
}
- qsock = ngx_quic_get_socket(c);
+ if (pkt->path != qc->path && nonprobing) {
- if (qsock != qc->socket) {
-
- if (qsock->path != qc->socket->path && nonprobing) {
- /*
- * RFC 9000, 9.2. Initiating Connection Migration
- *
- * An endpoint can migrate a connection to a new local
- * address by sending packets containing non-probing frames
- * from that address.
- */
- if (ngx_quic_handle_migration(c, pkt) != NGX_OK) {
- return NGX_ERROR;
- }
- }
/*
- * else: packet arrived via non-default socket;
- * no reason to change active path
+ * RFC 9000, 9.2. Initiating Connection Migration
+ *
+ * An endpoint can migrate a connection to a new local
+ * address by sending packets containing non-probing frames
+ * from that address.
*/
+ if (ngx_quic_handle_migration(c, pkt) != NGX_OK) {
+ return NGX_ERROR;
+ }
}
if (ngx_quic_ack_packet(c, pkt) != NGX_OK) {