One Level Up Top Level

src/event/quic/ngx_event_quic.c - nginx

Global variables defined

Functions defined

Source code


  2. /*
  3. * Copyright (C) Nginx, Inc.
  4. */


  7. #include <ngx_config.h>
  8. #include <ngx_core.h>
  9. #include <ngx_event.h>
  10. #include <ngx_sha1.h>
  11. #include <ngx_event_quic_connection.h>


  14. static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c,
  15.     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
  16. static ngx_int_t ngx_quic_handle_stateless_reset(ngx_connection_t *c,
  17.     ngx_quic_header_t *pkt);
  18. static void ngx_quic_input_handler(ngx_event_t *rev);
  19. static void ngx_quic_close_handler(ngx_event_t *ev);

  21. static ngx_int_t ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
  22.     ngx_quic_conf_t *conf);
  23. static ngx_int_t ngx_quic_handle_packet(ngx_connection_t *c,
  24.     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
  25. static ngx_int_t ngx_quic_handle_payload(ngx_connection_t *c,
  26.     ngx_quic_header_t *pkt);
  27. static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc,
  28.     ngx_quic_header_t *pkt);
  29. static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c,
  30.     ngx_quic_header_t *pkt);

  32. static void ngx_quic_push_handler(ngx_event_t *ev);


  35. static ngx_core_module_t  ngx_quic_module_ctx = {
  36.     ngx_string("quic"),
  37.     NULL,
  38.     NULL
  39. };


  42. ngx_module_t  ngx_quic_module = {
  43.     NGX_MODULE_V1,
  44.     &ngx_quic_module_ctx,                  /* module context */
  45.     NULL,                                  /* module directives */
  46.     NGX_CORE_MODULE,                       /* module type */
  47.     NULL,                                  /* init master */
  48.     NULL,                                  /* init module */
  49.     NULL,                                  /* init process */
  50.     NULL,                                  /* init thread */
  51.     NULL,                                  /* exit thread */
  52.     NULL,                                  /* exit process */
  53.     NULL,                                  /* exit master */
  54.     NGX_MODULE_V1_PADDING
  55. };


  58. #if (NGX_DEBUG)

  60. void
  61. ngx_quic_connstate_dbg(ngx_connection_t *c)
  62. {
  63.     u_char                 *p, *last;
  64.     ngx_quic_connection_t  *qc;
  65.     u_char                  buf[NGX_MAX_ERROR_STR];

  67.     p = buf;
  68.     last = p + sizeof(buf);

  70.     qc = ngx_quic_get_connection(c);

  72.     p = ngx_slprintf(p, last, "state:");

  74.     if (qc) {

  76.         if (qc->error) {
  77.             p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : "");
  78.             p = ngx_slprintf(p, last, " error:%ui", qc->error);

  80.             if (qc->error_reason) {
  81.                 p = ngx_slprintf(p, last, " \"%s\"", qc->error_reason);
  82.             }
  83.         }

  85.         p = ngx_slprintf(p, last, "%s", qc->shutdown ? " shutdown" : "");
  86.         p = ngx_slprintf(p, last, "%s", qc->closing ? " closing" : "");
  87.         p = ngx_slprintf(p, last, "%s", qc->draining ? " draining" : "");
  88.         p = ngx_slprintf(p, last, "%s", qc->key_phase ? " kp" : "");

  90.     } else {
  91.         p = ngx_slprintf(p, last, " early");
  92.     }

  94.     if (c->read->timer_set) {
  95.         p = ngx_slprintf(p, last,
  96.                          qc && qc->send_timer_set ? " send:%M" : " read:%M",
  97.                          c->read->timer.key - ngx_current_msec);
  98.     }

  100.     if (qc) {

  102.         if (qc->push.timer_set) {
  103.             p = ngx_slprintf(p, last, " push:%M",
  104.                              qc->push.timer.key - ngx_current_msec);
  105.         }

  107.         if (qc->pto.timer_set) {
  108.             p = ngx_slprintf(p, last, " pto:%M",
  109.                              qc->pto.timer.key - ngx_current_msec);
  110.         }

  112.         if (qc->close.timer_set) {
  113.             p = ngx_slprintf(p, last, " close:%M",
  114.                              qc->close.timer.key - ngx_current_msec);
  115.         }
  116.     }

  118.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  119.                    "quic %*s", p - buf, buf);
  120. }

  122. #endif


  125. ngx_int_t
  126. ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp)
  127. {
  128.     ngx_str_t               scid;
  129.     ngx_quic_connection_t  *qc;

  131.     qc = ngx_quic_get_connection(c);

  133.     scid.data = qc->path->cid->id;
  134.     scid.len = qc->path->cid->len;

  136.     if (scid.len != ctp->initial_scid.len
  137.         || ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
  138.     {
  139.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  140.         qc->error_reason = "invalid initial_source_connection_id";

  142.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  143.                       "quic client initial_source_connection_id mismatch");
  144.         return NGX_ERROR;
  145.     }

  147.     if (ctp->max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE
  148.         || ctp->max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE)
  149.     {
  150.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  151.         qc->error_reason = "invalid maximum packet size";

  153.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  154.                       "quic maximum packet size is invalid");
  155.         return NGX_ERROR;
  156.     }

  158.     if (ctp->active_connection_id_limit < 2) {
  159.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  160.         qc->error_reason = "invalid active_connection_id_limit";

  162.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  163.                       "quic active_connection_id_limit is invalid");
  164.         return NGX_ERROR;
  165.     }

  167.     if (ctp->ack_delay_exponent > 20) {
  168.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  169.         qc->error_reason = "invalid ack_delay_exponent";

  171.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  172.                       "quic ack_delay_exponent is invalid");
  173.         return NGX_ERROR;
  174.     }

  176.     if (ctp->max_ack_delay >= 16384) {
  177.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  178.         qc->error_reason = "invalid max_ack_delay";

  180.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  181.                       "quic max_ack_delay is invalid");
  182.         return NGX_ERROR;
  183.     }

  185.     if (ctp->max_idle_timeout > 0
  186.         && ctp->max_idle_timeout < qc->tp.max_idle_timeout)
  187.     {
  188.         qc->tp.max_idle_timeout = ctp->max_idle_timeout;
  189.     }

  191.     qc->streams.server_max_streams_bidi = ctp->initial_max_streams_bidi;
  192.     qc->streams.server_max_streams_uni = ctp->initial_max_streams_uni;

  194.     ngx_memcpy(&qc->ctp, ctp, sizeof(ngx_quic_tp_t));

  196.     return NGX_OK;
  197. }


  200. void
  201. ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf)
  202. {
  203.     ngx_int_t               rc;
  204.     ngx_quic_connection_t  *qc;

  206.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run");

  208.     rc = ngx_quic_handle_datagram(c, c->buffer, conf);
  209.     if (rc != NGX_OK) {
  210.         ngx_quic_close_connection(c, rc);
  211.         return;
  212.     }

  214.     /* quic connection is now created */
  215.     qc = ngx_quic_get_connection(c);

  217.     ngx_add_timer(c->read, qc->tp.max_idle_timeout);

  219.     if (!qc->streams.initialized) {
  220.         ngx_add_timer(&qc->close, qc->conf->handshake_timeout);
  221.     }

  223.     ngx_quic_connstate_dbg(c);

  225.     c->read->handler = ngx_quic_input_handler;

  227.     return;
  228. }


  231. static ngx_quic_connection_t *
  232. ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
  233.     ngx_quic_header_t *pkt)
  234. {
  235.     ngx_uint_t              i;
  236.     ngx_quic_tp_t          *ctp;
  237.     ngx_quic_connection_t  *qc;

  239.     qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
  240.     if (qc == NULL) {
  241.         return NULL;
  242.     }

  244.     qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
  245.     if (qc->keys == NULL) {
  246.         return NULL;
  247.     }

  249.     qc->version = pkt->version;

  251.     ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel,
  252.                     ngx_quic_rbtree_insert_stream);

  254.     for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  255.         ngx_queue_init(&qc->send_ctx[i].frames);
  256.         ngx_queue_init(&qc->send_ctx[i].sending);
  257.         ngx_queue_init(&qc->send_ctx[i].sent);
  258.         qc->send_ctx[i].largest_pn = NGX_QUIC_UNSET_PN;
  259.         qc->send_ctx[i].largest_ack = NGX_QUIC_UNSET_PN;
  260.         qc->send_ctx[i].largest_range = NGX_QUIC_UNSET_PN;
  261.         qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN;
  262.     }

  264.     qc->send_ctx[0].level = NGX_QUIC_ENCRYPTION_INITIAL;
  265.     qc->send_ctx[1].level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
  266.     qc->send_ctx[2].level = NGX_QUIC_ENCRYPTION_APPLICATION;

  268.     ngx_queue_init(&qc->free_frames);

  270.     ngx_quic_init_rtt(qc);

  272.     qc->pto.log = c->log;
  273.     qc->pto.data = c;
  274.     qc->pto.handler = ngx_quic_pto_handler;

  276.     qc->push.log = c->log;
  277.     qc->push.data = c;
  278.     qc->push.handler = ngx_quic_push_handler;

  280.     qc->close.log = c->log;
  281.     qc->close.data = c;
  282.     qc->close.handler = ngx_quic_close_handler;

  284.     qc->path_validation.log = c->log;
  285.     qc->path_validation.data = c;
  286.     qc->path_validation.handler = ngx_quic_path_handler;

  288.     qc->key_update.log = c->log;
  289.     qc->key_update.data = c;
  290.     qc->key_update.handler = ngx_quic_keys_update;

  292.     qc->conf = conf;

  294.     if (ngx_quic_init_transport_params(&qc->tp, conf) != NGX_OK) {
  295.         return NULL;
  296.     }

  298.     ctp = &qc->ctp;

  300.     /* defaults to be used before actual client parameters are received */
  301.     ctp->max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_SIZE;
  302.     ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT;
  303.     ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY;
  304.     ctp->active_connection_id_limit = 2;

  306.     ngx_queue_init(&qc->streams.uninitialized);
  307.     ngx_queue_init(&qc->streams.free);

  309.     qc->streams.recv_max_data = qc->tp.initial_max_data;
  310.     qc->streams.recv_window = qc->streams.recv_max_data;

  312.     qc->streams.client_max_streams_uni = qc->tp.initial_max_streams_uni;
  313.     qc->streams.client_max_streams_bidi = qc->tp.initial_max_streams_bidi;

  315.     qc->congestion.window = ngx_min(10 * NGX_QUIC_MIN_INITIAL_SIZE,
  316.                                     ngx_max(2 * NGX_QUIC_MIN_INITIAL_SIZE,
  317.                                             14720));
  318.     qc->congestion.ssthresh = (size_t) -1;
  319.     qc->congestion.mtu = NGX_QUIC_MIN_INITIAL_SIZE;
  320.     qc->congestion.recovery_start = ngx_current_msec - 1;

  322.     qc->max_frames = (conf->max_concurrent_streams_uni
  323.                       + conf->max_concurrent_streams_bidi)
  324.                      * conf->stream_buffer_size / 2000;

  326.     if (pkt->validated && pkt->retried) {
  327.         qc->tp.retry_scid.len = pkt->dcid.len;
  328.         qc->tp.retry_scid.data = ngx_pstrdup(c->pool, &pkt->dcid);
  329.         if (qc->tp.retry_scid.data == NULL) {
  330.             return NULL;
  331.         }
  332.     }

  334.     if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log)
  335.         != NGX_OK)
  336.     {
  337.         return NULL;
  338.     }

  340.     qc->validated = pkt->validated;

  342.     if (ngx_quic_open_sockets(c, qc, pkt) != NGX_OK) {
  343.         ngx_quic_keys_cleanup(qc->keys);
  344.         return NULL;
  345.     }

  347.     c->idle = 1;
  348.     ngx_reusable_connection(c, 1);

  350.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  351.                    "quic connection created");

  353.     return qc;
  354. }


  357. static ngx_int_t
  358. ngx_quic_handle_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt)
  359. {
  360.     u_char                 *tail, ch;
  361.     ngx_uint_t              i;
  362.     ngx_queue_t            *q;
  363.     ngx_quic_client_id_t   *cid;
  364.     ngx_quic_connection_t  *qc;

  366.     qc = ngx_quic_get_connection(c);

  368.     /* A stateless reset uses an entire UDP datagram */
  369.     if (!pkt->first) {
  370.         return NGX_DECLINED;
  371.     }

  373.     tail = pkt->raw->last - NGX_QUIC_SR_TOKEN_LEN;

  375.     for (q = ngx_queue_head(&qc->client_ids);
  376.          q != ngx_queue_sentinel(&qc->client_ids);
  377.          q = ngx_queue_next(q))
  378.     {
  379.         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);

  381.         if (cid->seqnum == 0 || !cid->used) {
  382.             /*
  383.              * No stateless reset token in initial connection id.
  384.              * Don't accept a token from an unused connection id.
  385.              */
  386.             continue;
  387.         }

  389.         /* constant time comparison */

  391.         for (ch = 0, i = 0; i < NGX_QUIC_SR_TOKEN_LEN; i++) {
  392.             ch |= tail[i] ^ cid->sr_token[i];
  393.         }

  395.         if (ch == 0) {
  396.             return NGX_OK;
  397.         }
  398.     }

  400.     return NGX_DECLINED;
  401. }


  404. static void
  405. ngx_quic_input_handler(ngx_event_t *rev)
  406. {
  407.     ngx_int_t               rc;
  408.     ngx_buf_t              *b;
  409.     ngx_connection_t       *c;
  410.     ngx_quic_connection_t  *qc;

  412.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler");

  414.     c = rev->data;
  415.     qc = ngx_quic_get_connection(c);

  417.     c->log->action = "handling quic input";

  419.     if (rev->timedout) {
  420.         ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
  421.                       "quic client timed out");
  422.         ngx_quic_close_connection(c, NGX_DONE);
  423.         return;
  424.     }

  426.     if (c->close) {
  427.         c->close = 0;

  429.         if (!ngx_exiting || !qc->streams.initialized) {
  430.             qc->error = NGX_QUIC_ERR_NO_ERROR;
  431.             qc->error_reason = "graceful shutdown";
  432.             ngx_quic_close_connection(c, NGX_ERROR);
  433.             return;
  434.         }

  436.         if (!qc->closing && qc->conf->shutdown) {
  437.             qc->conf->shutdown(c);
  438.         }

  440.         return;
  441.     }

  443.     b = c->udp->buffer;
  444.     if (b == NULL) {
  445.         return;
  446.     }

  448.     rc = ngx_quic_handle_datagram(c, b, NULL);

  450.     if (rc == NGX_ERROR) {
  451.         ngx_quic_close_connection(c, NGX_ERROR);
  452.         return;
  453.     }

  455.     if (rc == NGX_DONE) {
  456.         return;
  457.     }

  459.     /* rc == NGX_OK */

  461.     qc->send_timer_set = 0;
  462.     ngx_add_timer(rev, qc->tp.max_idle_timeout);

  464.     ngx_quic_connstate_dbg(c);
  465. }


  468. void
  469. ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
  470. {
  471.     ngx_uint_t              i;
  472.     ngx_pool_t             *pool;
  473.     ngx_quic_send_ctx_t    *ctx;
  474.     ngx_quic_connection_t  *qc;

  476.     qc = ngx_quic_get_connection(c);

  478.     if (qc == NULL) {
  479.         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  480.                        "quic packet rejected rc:%i, cleanup connection", rc);
  481.         goto quic_done;
  482.     }

  484.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  485.                    "quic close %s rc:%i",
  486.                    qc->closing ? "resumed": "initiated", rc);

  488.     if (!qc->closing) {

  490.         /* drop packets from retransmit queues, no ack is expected */
  491.         for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  492.             ngx_quic_free_frames(c, &qc->send_ctx[i].frames);
  493.             ngx_quic_free_frames(c, &qc->send_ctx[i].sent);
  494.         }

  496.         if (qc->close.timer_set) {
  497.             ngx_del_timer(&qc->close);
  498.         }

  500.         if (rc == NGX_DONE) {

  502.             /*
  503.              * RFC 9000, 10.1.  Idle Timeout
  504.              *
  505.              *  If a max_idle_timeout is specified by either endpoint in its
  506.              *  transport parameters (Section 18.2), the connection is silently
  507.              *  closed and its state is discarded when it remains idle
  508.              */

  510.             /* this case also handles some errors from ngx_quic_run() */

  512.             ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  513.                            "quic close silent drain:%d timedout:%d",
  514.                            qc->draining, c->read->timedout);
  515.         } else {

  517.             /*
  518.              * RFC 9000, 10.2.  Immediate Close
  519.              *
  520.              *  An endpoint sends a CONNECTION_CLOSE frame (Section 19.19)
  521.              *  to terminate the connection immediately.
  522.              */

  524.             if (qc->error == 0 && rc == NGX_ERROR) {
  525.                 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
  526.                 qc->error_app = 0;
  527.             }

  529.             ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
  530.                            "quic close immediate term:%d drain:%d "
  531.                            "%serror:%ui \"%s\"",
  532.                            rc == NGX_ERROR ? 1 : 0, qc->draining,
  533.                            qc->error_app ? "app " : "", qc->error,
  534.                            qc->error_reason ? qc->error_reason : "");

  536.             for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  537.                 ctx = &qc->send_ctx[i];

  539.                 if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) {
  540.                     continue;
  541.                 }

  543.                 qc->error_level = ctx->level;
  544.                 (void) ngx_quic_send_cc(c);

  546.                 if (rc == NGX_OK) {
  547.                     ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx));
  548.                 }
  549.             }
  550.         }

  552.         qc->closing = 1;
  553.     }

  555.     if (rc == NGX_ERROR && qc->close.timer_set) {
  556.         /* do not wait for timer in case of fatal error */
  557.         ngx_del_timer(&qc->close);
  558.     }

  560.     if (ngx_quic_close_streams(c, qc) == NGX_AGAIN) {
  561.         return;
  562.     }

  564.     if (qc->push.timer_set) {
  565.         ngx_del_timer(&qc->push);
  566.     }

  568.     if (qc->pto.timer_set) {
  569.         ngx_del_timer(&qc->pto);
  570.     }

  572.     if (qc->path_validation.timer_set) {
  573.         ngx_del_timer(&qc->path_validation);
  574.     }

  576.     if (qc->push.posted) {
  577.         ngx_delete_posted_event(&qc->push);
  578.     }

  580.     if (qc->key_update.posted) {
  581.         ngx_delete_posted_event(&qc->key_update);
  582.     }

  584.     if (qc->close.timer_set) {
  585.         return;
  586.     }

  588.     if (qc->close.posted) {
  589.         ngx_delete_posted_event(&qc->close);
  590.     }

  592.     ngx_quic_close_sockets(c);

  594.     ngx_quic_keys_cleanup(qc->keys);

  596.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic close completed");

  598.     /* may be tested from SSL callback during SSL shutdown */
  599.     c->udp = NULL;

  601. quic_done:

  603.     if (c->ssl) {
  604.         (void) ngx_ssl_shutdown(c);
  605.     }

  607.     if (c->read->timer_set) {
  608.         ngx_del_timer(c->read);
  609.     }

  611. #if (NGX_STAT_STUB)
  612.     (void) ngx_atomic_fetch_add(ngx_stat_active, -1);
  613. #endif

  615.     c->destroyed = 1;

  617.     pool = c->pool;

  619.     ngx_close_connection(c);

  621.     ngx_destroy_pool(pool);
  622. }


  625. void
  626. ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err,
  627.     const char *reason)
  628. {
  629.     ngx_quic_connection_t  *qc;

  631.     qc = ngx_quic_get_connection(c);

  633.     if (qc->closing) {
  634.         return;
  635.     }

  637.     qc->error = err;
  638.     qc->error_reason = reason;
  639.     qc->error_app = 1;
  640.     qc->error_ftype = 0;

  642.     ngx_post_event(&qc->close, &ngx_posted_events);
  643. }


  646. void
  647. ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err,
  648.     const char *reason)
  649. {
  650.     ngx_quic_connection_t  *qc;

  652.     qc = ngx_quic_get_connection(c);
  653.     qc->shutdown = 1;
  654.     qc->shutdown_code = err;
  655.     qc->shutdown_reason = reason;

  657.     ngx_quic_shutdown_quic(c);
  658. }


  661. static void
  662. ngx_quic_close_handler(ngx_event_t *ev)
  663. {
  664.     ngx_connection_t  *c;

  666.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic close handler");

  668.     c = ev->data;

  670.     ngx_quic_close_connection(c, NGX_OK);
  671. }


  674. static ngx_int_t
  675. ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
  676.     ngx_quic_conf_t *conf)
  677. {
  678.     size_t                  size;
  679.     u_char                 *p, *start;
  680.     ngx_int_t               rc;
  681.     ngx_uint_t              good;
  682.     ngx_quic_path_t        *path;
  683.     ngx_quic_header_t       pkt;
  684.     ngx_quic_connection_t  *qc;

  686.     good = 0;
  687.     path = NULL;

  689.     size = b->last - b->pos;

  691.     p = start = b->pos;

  693.     while (p < b->last) {

  695.         ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
  696.         pkt.raw = b;
  697.         pkt.data = p;
  698.         pkt.len = b->last - p;
  699.         pkt.log = c->log;
  700.         pkt.first = (p == start) ? 1 : 0;
  701.         pkt.path = path;
  702.         pkt.flags = p[0];
  703.         pkt.raw->pos++;

  705.         rc = ngx_quic_handle_packet(c, conf, &pkt);

  707. #if (NGX_DEBUG)
  708.         if (pkt.parsed) {
  709.             ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
  710.                            "quic packet done rc:%i level:%s"
  711.                            " decr:%d pn:%L perr:%ui",
  712.                            rc, ngx_quic_level_name(pkt.level),
  713.                            pkt.decrypted, pkt.pn, pkt.error);
  714.         } else {
  715.             ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  716.                            "quic packet done rc:%i parse failed", rc);
  717.         }
  718. #endif

  720.         if (rc == NGX_ERROR || rc == NGX_DONE) {
  721.             return rc;
  722.         }

  724.         if (rc == NGX_OK) {
  725.             good = 1;
  726.         }

  728.         path = pkt.path; /* preserve packet path from 1st packet */

  730.         /* NGX_OK || NGX_DECLINED */

  732.         /*
  733.          * we get NGX_DECLINED when there are no keys [yet] available
  734.          * to decrypt packet.
  735.          * Instead of queueing it, we ignore it and rely on the sender's
  736.          * retransmission:
  737.          *
  738.          * RFC 9000, 12.2.  Coalescing Packets
  739.          *
  740.          * For example, if decryption fails (because the keys are
  741.          * not available or for any other reason), the receiver MAY either
  742.          * discard or buffer the packet for later processing and MUST
  743.          * attempt to process the remaining packets.
  744.          *
  745.          * We also skip packets that don't match connection state
  746.          * or cannot be parsed properly.
  747.          */

  749.         /* b->pos is at header end, adjust by actual packet length */
  750.         b->pos = pkt.data + pkt.len;

  752.         p = b->pos;
  753.     }

  755.     if (!good) {
  756.         return NGX_DONE;
  757.     }

  759.     qc = ngx_quic_get_connection(c);

  761.     if (qc) {
  762.         qc->received += size;

  764.         if ((uint64_t) (c->sent + qc->received) / 8 >
  765.             (qc->streams.sent + qc->streams.recv_last) + 1048576)
  766.         {
  767.             ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");

  769.             qc->error = NGX_QUIC_ERR_NO_ERROR;
  770.             qc->error_reason = "QUIC flood detected";
  771.             return NGX_ERROR;
  772.         }
  773.     }

  775.     return NGX_OK;
  776. }


  779. static ngx_int_t
  780. ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
  781.     ngx_quic_header_t *pkt)
  782. {
  783.     ngx_int_t               rc;
  784.     ngx_quic_socket_t      *qsock;
  785.     ngx_quic_connection_t  *qc;

  787.     c->log->action = "parsing quic packet";

  789.     rc = ngx_quic_parse_packet(pkt);

  791.     if (rc == NGX_ERROR) {
  792.         return NGX_DECLINED;
  793.     }

  795.     pkt->parsed = 1;

  797.     c->log->action = "handling quic packet";

  799.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  800.                    "quic packet rx dcid len:%uz %xV",
  801.                    pkt->dcid.len, &pkt->dcid);

  803. #if (NGX_DEBUG)
  804.     if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
  805.         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  806.                        "quic packet rx scid len:%uz %xV",
  807.                        pkt->scid.len, &pkt->scid);
  808.     }

  810.     if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
  811.         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  812.                        "quic address validation token len:%uz %xV",
  813.                        pkt->token.len, &pkt->token);
  814.     }
  815. #endif

  817.     qc = ngx_quic_get_connection(c);

  819.     if (qc) {

  821.         if (rc == NGX_ABORT) {
  822.             ngx_log_error(NGX_LOG_INFO, c->log, 0,
  823.                           "quic unsupported version: 0x%xD", pkt->version);
  824.             return NGX_DECLINED;
  825.         }

  827.         if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {

  829.             if (pkt->version != qc->version) {
  830.                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
  831.                               "quic version mismatch: 0x%xD", pkt->version);
  832.                 return NGX_DECLINED;
  833.             }

  835.             if (pkt->first) {
  836.                 qsock = ngx_quic_get_socket(c);

  838.                 if (ngx_cmp_sockaddr(&qsock->sockaddr.sockaddr, qsock->socklen,
  839.                                      qc->path->sockaddr, qc->path->socklen, 1)
  840.                     != NGX_OK)
  841.                 {
  842.                     /* packet comes from unknown path, possibly migration */
  843.                     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  844.                                    "quic too early migration attempt");
  845.                     return NGX_DONE;
  846.                 }
  847.             }

  849.             if (ngx_quic_check_csid(qc, pkt) != NGX_OK) {
  850.                 return NGX_DECLINED;
  851.             }

  853.         }

  855.         rc = ngx_quic_handle_payload(c, pkt);

  857.         if (rc == NGX_DECLINED
  858.             && pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION)
  859.         {
  860.             if (ngx_quic_handle_stateless_reset(c, pkt) == NGX_OK) {
  861.                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
  862.                               "quic stateless reset packet detected");

  864.                 qc->draining = 1;
  865.                 ngx_post_event(&qc->close, &ngx_posted_events);

  867.                 return NGX_OK;
  868.             }
  869.         }

  871.         return rc;
  872.     }

  874.     /* packet does not belong to a connection */

  876.     if (rc == NGX_ABORT) {
  877.         return ngx_quic_negotiate_version(c, pkt);
  878.     }

  880.     if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
  881.         return ngx_quic_send_stateless_reset(c, conf, pkt);
  882.     }

  884.     if (pkt->level != NGX_QUIC_ENCRYPTION_INITIAL) {
  885.         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  886.                        "quic expected initial, got handshake");
  887.         return NGX_ERROR;
  888.     }

  890.     c->log->action = "handling initial packet";

  892.     if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) {
  893.         /* RFC 9000, 7.2.  Negotiating Connection IDs */
  894.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  895.                       "quic too short dcid in initial"
  896.                       " packet: len:%i", pkt->dcid.len);
  897.         return NGX_ERROR;
  898.     }

  900.     /* process retry and initialize connection IDs */

  902.     if (pkt->token.len) {

  904.         rc = ngx_quic_validate_token(c, conf->av_token_key, pkt);

  906.         if (rc == NGX_ERROR) {
  907.             /* internal error */
  908.             return NGX_ERROR;

  910.         } else if (rc == NGX_ABORT) {
  911.             /* token cannot be decrypted */
  912.             return ngx_quic_send_early_cc(c, pkt,
  913.                                           NGX_QUIC_ERR_INVALID_TOKEN,
  914.                                           "cannot decrypt token");
  915.         } else if (rc == NGX_DECLINED) {
  916.             /* token is invalid */

  918.             if (pkt->retried) {
  919.                 /* invalid address validation token */
  920.                 return ngx_quic_send_early_cc(c, pkt,
  921.                                           NGX_QUIC_ERR_INVALID_TOKEN,
  922.                                           "invalid address validation token");
  923.             } else if (conf->retry) {
  924.                 /* invalid NEW_TOKEN */
  925.                 return ngx_quic_send_retry(c, conf, pkt);
  926.             }
  927.         }

  929.         /* NGX_OK */

  931.     } else if (conf->retry) {
  932.         return ngx_quic_send_retry(c, conf, pkt);

  934.     } else {
  935.         pkt->odcid = pkt->dcid;
  936.     }

  938.     if (ngx_terminate || ngx_exiting) {
  939.         if (conf->retry) {
  940.             return ngx_quic_send_retry(c, conf, pkt);
  941.         }

  943.         return NGX_ERROR;
  944.     }

  946.     c->log->action = "creating quic connection";

  948.     qc = ngx_quic_new_connection(c, conf, pkt);
  949.     if (qc == NULL) {
  950.         return NGX_ERROR;
  951.     }

  953.     return ngx_quic_handle_payload(c, pkt);
  954. }


  957. static ngx_int_t
  958. ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
  959. {
  960.     ngx_int_t               rc;
  961.     ngx_quic_send_ctx_t    *ctx;
  962.     ngx_quic_connection_t  *qc;
  963.     static u_char           buf[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE];

  965.     qc = ngx_quic_get_connection(c);

  967.     qc->error = 0;
  968.     qc->error_reason = NULL;

  970.     c->log->action = "decrypting packet";

  972.     if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
  973.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  974.                       "quic no %s keys, ignoring packet",
  975.                       ngx_quic_level_name(pkt->level));
  976.         return NGX_DECLINED;
  977.     }

  979. #if (NGX_QUIC_QUICTLS_API)
  980.     /* QuicTLS provides app read keys before completing handshake */

  982.     if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION && !c->ssl->handshaked) {
  983.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  984.                       "quic no %s keys ready, ignoring packet",
  985.                       ngx_quic_level_name(pkt->level));
  986.         return NGX_DECLINED;
  987.     }
  988. #endif

  990.     pkt->keys = qc->keys;
  991.     pkt->key_phase = qc->key_phase;
  992.     pkt->plaintext = buf;

  994.     ctx = ngx_quic_get_send_ctx(qc, pkt->level);

  996.     rc = ngx_quic_decrypt(pkt, &ctx->largest_pn);
  997.     if (rc != NGX_OK) {
  998.         qc->error = pkt->error;
  999.         qc->error_reason = "failed to decrypt packet";
  1000.         return rc;
  1001.     }

  1003.     pkt->decrypted = 1;

  1005.     c->log->action = "handling decrypted packet";

  1007.     if (pkt->path == NULL) {
  1008.         rc = ngx_quic_set_path(c, pkt);
  1009.         if (rc != NGX_OK) {
  1010.             return rc;
  1011.         }
  1012.     }

  1014.     if (c->ssl == NULL) {
  1015.         if (ngx_quic_init_connection(c) != NGX_OK) {
  1016.             return NGX_ERROR;
  1017.         }
  1018.     }

  1020.     if (pkt->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
  1021.         /*
  1022.          * RFC 9001, 4.9.1.  Discarding Initial Keys
  1023.          *
  1024.          * The successful use of Handshake packets indicates
  1025.          * that no more Initial packets need to be exchanged
  1026.          */
  1027.         ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_INITIAL);

  1029.         if (!qc->path->validated) {
  1030.             qc->path->validated = 1;
  1031.             ngx_quic_path_dbg(c, "in handshake", qc->path);
  1032.             ngx_post_event(&qc->push, &ngx_posted_events);
  1033.         }
  1034.     }

  1036.     if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
  1037.         /*
  1038.          * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
  1039.          *
  1040.          * After receiving a 1-RTT packet, servers MUST discard
  1041.          * 0-RTT keys within a short time
  1042.          */
  1043.         ngx_quic_keys_discard(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA);
  1044.     }

  1046.     if (qc->closing) {
  1047.         /*
  1048.          * RFC 9000, 10.2.  Immediate Close
  1049.          *
  1050.          * ... delayed or reordered packets are properly discarded.
  1051.          *
  1052.          *  In the closing state, an endpoint retains only enough information
  1053.          *  to generate a packet containing a CONNECTION_CLOSE frame and to
  1054.          *  identify packets as belonging to the connection.
  1055.          */

  1057.         qc->error_level = pkt->level;
  1058.         qc->error = NGX_QUIC_ERR_NO_ERROR;
  1059.         qc->error_reason = "connection is closing, packet discarded";
  1060.         qc->error_ftype = 0;
  1061.         qc->error_app = 0;

  1063.         return ngx_quic_send_cc(c);
  1064.     }

  1066.     pkt->received = ngx_current_msec;

  1068.     c->log->action = "handling payload";

  1070.     if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
  1071.         return ngx_quic_handle_frames(c, pkt);
  1072.     }

  1074.     if (!pkt->key_update) {
  1075.         return ngx_quic_handle_frames(c, pkt);
  1076.     }

  1078.     /* switch keys and generate next on Key Phase change */

  1080.     qc->key_phase ^= 1;
  1081.     ngx_quic_keys_switch(c, qc->keys);

  1083.     rc = ngx_quic_handle_frames(c, pkt);
  1084.     if (rc != NGX_OK) {
  1085.         return rc;
  1086.     }

  1088.     ngx_post_event(&qc->key_update, &ngx_posted_events);

  1090.     return NGX_OK;
  1091. }


  1094. void
  1095. ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level)
  1096. {
  1097.     ngx_queue_t            *q;
  1098.     ngx_quic_frame_t       *f;
  1099.     ngx_quic_socket_t      *qsock;
  1100.     ngx_quic_send_ctx_t    *ctx;
  1101.     ngx_quic_connection_t  *qc;

  1103.     qc = ngx_quic_get_connection(c);

  1105.     if (!ngx_quic_keys_available(qc->keys, level, 0)
  1106.         && !ngx_quic_keys_available(qc->keys, level, 1))
  1107.     {
  1108.         return;
  1109.     }

  1111.     ngx_quic_keys_discard(qc->keys, level);

  1113.     qc->pto_count = 0;

  1115.     ctx = ngx_quic_get_send_ctx(qc, level);

  1117.     ngx_quic_free_buffer(c, &ctx->crypto);

  1119.     while (!ngx_queue_empty(&ctx->sent)) {
  1120.         q = ngx_queue_head(&ctx->sent);
  1121.         ngx_queue_remove(q);

  1123.         f = ngx_queue_data(q, ngx_quic_frame_t, queue);
  1124.         ngx_quic_congestion_ack(c, f);
  1125.         ngx_quic_free_frame(c, f);
  1126.     }

  1128.     while (!ngx_queue_empty(&ctx->frames)) {
  1129.         q = ngx_queue_head(&ctx->frames);
  1130.         ngx_queue_remove(q);

  1132.         f = ngx_queue_data(q, ngx_quic_frame_t, queue);
  1133.         ngx_quic_free_frame(c, f);
  1134.     }

  1136.     if (level == NGX_QUIC_ENCRYPTION_INITIAL) {
  1137.         /* close temporary listener with initial dcid */
  1138.         qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
  1139.         if (qsock) {
  1140.             ngx_quic_close_socket(c, qsock);
  1141.         }
  1142.     }

  1144.     ctx->send_ack = 0;

  1146.     ngx_quic_set_lost_timer(c);
  1147. }


  1150. static ngx_int_t
  1151. ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt)
  1152. {
  1153.     ngx_queue_t           *q;
  1154.     ngx_quic_client_id_t  *cid;

  1156.     for (q = ngx_queue_head(&qc->client_ids);
  1157.          q != ngx_queue_sentinel(&qc->client_ids);
  1158.          q = ngx_queue_next(q))
  1159.     {
  1160.         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);

  1162.         if (pkt->scid.len == cid->len
  1163.             && ngx_memcmp(pkt->scid.data, cid->id, cid->len) == 0)
  1164.         {
  1165.             return NGX_OK;
  1166.         }
  1167.     }

  1169.     ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic scid");
  1170.     return NGX_ERROR;
  1171. }


  1174. static ngx_int_t
  1175. ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt)
  1176. {
  1177.     u_char                 *end, *p;
  1178.     ssize_t                 len;
  1179.     ngx_buf_t               buf;
  1180.     ngx_uint_t              do_close, nonprobing;
  1181.     ngx_chain_t             chain;
  1182.     ngx_quic_frame_t        frame;
  1183.     ngx_quic_connection_t  *qc;

  1185.     qc = ngx_quic_get_connection(c);

  1187.     p = pkt->payload.data;
  1188.     end = p + pkt->payload.len;

  1190.     do_close = 0;
  1191.     nonprobing = 0;

  1193.     while (p < end) {

  1195.         c->log->action = "parsing frames";

  1197.         ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
  1198.         ngx_memzero(&buf, sizeof(ngx_buf_t));
  1199.         buf.temporary = 1;

  1201.         chain.buf = &buf;
  1202.         chain.next = NULL;
  1203.         frame.data = &chain;

  1205.         len = ngx_quic_parse_frame(pkt, p, end, &frame);

  1207.         if (len < 0) {
  1208.             qc->error = pkt->error;
  1209.             return NGX_ERROR;
  1210.         }

  1212.         ngx_quic_log_frame(c->log, &frame, 0);

  1214.         c->log->action = "handling frames";

  1216.         p += len;

  1218.         switch (frame.type) {
  1219.         /* probing frames */
  1220.         case NGX_QUIC_FT_PADDING:
  1221.         case NGX_QUIC_FT_PATH_CHALLENGE:
  1222.         case NGX_QUIC_FT_PATH_RESPONSE:
  1223.         case NGX_QUIC_FT_NEW_CONNECTION_ID:
  1224.             break;

  1226.         /* non-probing frames */
  1227.         default:
  1228.             nonprobing = 1;
  1229.             break;
  1230.         }

  1232.         switch (frame.type) {

  1234.         case NGX_QUIC_FT_ACK:
  1235.             if (ngx_quic_handle_ack_frame(c, pkt, &frame) != NGX_OK) {
  1236.                 return NGX_ERROR;
  1237.             }

  1239.             continue;

  1241.         case NGX_QUIC_FT_PADDING:
  1242.             /* no action required */
  1243.             continue;

  1245.         case NGX_QUIC_FT_CONNECTION_CLOSE:
  1246.         case NGX_QUIC_FT_CONNECTION_CLOSE_APP:
  1247.             do_close = 1;
  1248.             continue;
  1249.         }

  1251.         /* got there with ack-eliciting packet */
  1252.         pkt->need_ack = 1;

  1254.         switch (frame.type) {

  1256.         case NGX_QUIC_FT_CRYPTO:

  1258.             if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) {
  1259.                 return NGX_ERROR;
  1260.             }

  1262.             break;

  1264.         case NGX_QUIC_FT_PING:
  1265.             break;

  1267.         case NGX_QUIC_FT_STREAM:

  1269.             if (ngx_quic_handle_stream_frame(c, pkt, &frame) != NGX_OK) {
  1270.                 return NGX_ERROR;
  1271.             }

  1273.             break;

  1275.         case NGX_QUIC_FT_MAX_DATA:

  1277.             if (ngx_quic_handle_max_data_frame(c, &frame.u.max_data) != NGX_OK)
  1278.             {
  1279.                 return NGX_ERROR;
  1280.             }

  1282.             break;

  1284.         case NGX_QUIC_FT_STREAMS_BLOCKED:
  1285.         case NGX_QUIC_FT_STREAMS_BLOCKED2:

  1287.             if (ngx_quic_handle_streams_blocked_frame(c, pkt,
  1288.                                                       &frame.u.streams_blocked)
  1289.                 != NGX_OK)
  1290.             {
  1291.                 return NGX_ERROR;
  1292.             }

  1294.             break;

  1296.         case NGX_QUIC_FT_DATA_BLOCKED:

  1298.             if (ngx_quic_handle_data_blocked_frame(c, pkt,
  1299.                                                    &frame.u.data_blocked)
  1300.                 != NGX_OK)
  1301.             {
  1302.                 return NGX_ERROR;
  1303.             }

  1305.             break;

  1307.         case NGX_QUIC_FT_STREAM_DATA_BLOCKED:

  1309.             if (ngx_quic_handle_stream_data_blocked_frame(c, pkt,
  1310.                                                   &frame.u.stream_data_blocked)
  1311.                 != NGX_OK)
  1312.             {
  1313.                 return NGX_ERROR;
  1314.             }

  1316.             break;

  1318.         case NGX_QUIC_FT_MAX_STREAM_DATA:

  1320.             if (ngx_quic_handle_max_stream_data_frame(c, pkt,
  1321.                                                       &frame.u.max_stream_data)
  1322.                 != NGX_OK)
  1323.             {
  1324.                 return NGX_ERROR;
  1325.             }

  1327.             break;

  1329.         case NGX_QUIC_FT_RESET_STREAM:

  1331.             if (ngx_quic_handle_reset_stream_frame(c, pkt,
  1332.                                                    &frame.u.reset_stream)
  1333.                 != NGX_OK)
  1334.             {
  1335.                 return NGX_ERROR;
  1336.             }

  1338.             break;

  1340.         case NGX_QUIC_FT_STOP_SENDING:

  1342.             if (ngx_quic_handle_stop_sending_frame(c, pkt,
  1343.                                                    &frame.u.stop_sending)
  1344.                 != NGX_OK)
  1345.             {
  1346.                 return NGX_ERROR;
  1347.             }

  1349.             break;

  1351.         case NGX_QUIC_FT_MAX_STREAMS:
  1352.         case NGX_QUIC_FT_MAX_STREAMS2:

  1354.             if (ngx_quic_handle_max_streams_frame(c, pkt, &frame.u.max_streams)
  1355.                 != NGX_OK)
  1356.             {
  1357.                 return NGX_ERROR;
  1358.             }

  1360.             break;

  1362.         case NGX_QUIC_FT_PATH_CHALLENGE:

  1364.             if (ngx_quic_handle_path_challenge_frame(c, pkt,
  1365.                                                      &frame.u.path_challenge)
  1366.                 != NGX_OK)
  1367.             {
  1368.                 return NGX_ERROR;
  1369.             }

  1371.             break;

  1373.         case NGX_QUIC_FT_PATH_RESPONSE:

  1375.             if (ngx_quic_handle_path_response_frame(c, &frame.u.path_response)
  1376.                 != NGX_OK)
  1377.             {
  1378.                 return NGX_ERROR;
  1379.             }

  1381.             break;

  1383.         case NGX_QUIC_FT_NEW_CONNECTION_ID:

  1385.             if (ngx_quic_handle_new_connection_id_frame(c, &frame.u.ncid)
  1386.                 != NGX_OK)
  1387.             {
  1388.                 return NGX_ERROR;
  1389.             }

  1391.             break;

  1393.         case NGX_QUIC_FT_RETIRE_CONNECTION_ID:

  1395.             if (ngx_quic_handle_retire_connection_id_frame(c,
  1396.                                                            &frame.u.retire_cid)
  1397.                 != NGX_OK)
  1398.             {
  1399.                 return NGX_ERROR;
  1400.             }

  1402.             break;

  1404.         default:
  1405.             ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  1406.                            "quic missing frame handler");
  1407.             return NGX_ERROR;
  1408.         }
  1409.     }

  1411.     if (p != end) {
  1412.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  1413.                       "quic trailing garbage in payload:%ui bytes", end - p);

  1415.         qc->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR;
  1416.         return NGX_ERROR;
  1417.     }

  1419.     if (do_close) {
  1420.         qc->draining = 1;
  1421.         ngx_post_event(&qc->close, &ngx_posted_events);
  1422.     }

  1424.     if (pkt->path != qc->path && nonprobing) {

  1426.         /*
  1427.          * RFC 9000, 9.2.  Initiating Connection Migration
  1428.          *
  1429.          * An endpoint can migrate a connection to a new local
  1430.          * address by sending packets containing non-probing frames
  1431.          * from that address.
  1432.          */
  1433.         if (ngx_quic_handle_migration(c, pkt) != NGX_OK) {
  1434.             return NGX_ERROR;
  1435.         }
  1436.     }

  1438.     if (ngx_quic_ack_packet(c, pkt) != NGX_OK) {
  1439.         return NGX_ERROR;
  1440.     }

  1442.     return NGX_OK;
  1443. }


  1446. static void
  1447. ngx_quic_push_handler(ngx_event_t *ev)
  1448. {
  1449.     ngx_connection_t  *c;

  1451.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic push handler");

  1453.     c = ev->data;

  1455.     if (ngx_quic_output(c) != NGX_OK) {
  1456.         ngx_quic_close_connection(c, NGX_ERROR);
  1457.         return;
  1458.     }

  1460.     ngx_quic_connstate_dbg(c);
  1461. }


  1464. void
  1465. ngx_quic_shutdown_quic(ngx_connection_t *c)
  1466. {
  1467.     ngx_quic_connection_t  *qc;

  1469.     if (c->reusable) {
  1470.         qc = ngx_quic_get_connection(c);
  1471.         ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason);
  1472.     }
  1473. }


  1476. void
  1477. ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
  1478.     ngx_uint_t no_port, u_char *salt, size_t saltlen, u_char buf[20])
  1479. {
  1480.     size_t                len;
  1481.     u_char               *data;
  1482.     ngx_sha1_t            sha1;
  1483.     struct sockaddr_in   *sin;
  1484. #if (NGX_HAVE_INET6)
  1485.     struct sockaddr_in6  *sin6;
  1486. #endif

  1488.     len = (size_t) socklen;
  1489.     data = (u_char *) sockaddr;

  1491.     if (no_port) {
  1492.         switch (sockaddr->sa_family) {

  1494. #if (NGX_HAVE_INET6)
  1495.         case AF_INET6:
  1496.             sin6 = (struct sockaddr_in6 *) sockaddr;

  1498.             len = sizeof(struct in6_addr);
  1499.             data = sin6->sin6_addr.s6_addr;

  1501.             break;
  1502. #endif

  1504.         case AF_INET:
  1505.             sin = (struct sockaddr_in *) sockaddr;

  1507.             len = sizeof(in_addr_t);
  1508.             data = (u_char *) &sin->sin_addr;

  1510.             break;
  1511.         }
  1512.     }

  1514.     ngx_sha1_init(&sha1);
  1515.     ngx_sha1_update(&sha1, data, len);

  1517.     if (salt) {
  1518.         ngx_sha1_update(&sha1, salt, saltlen);
  1519.     }

  1521.     ngx_sha1_final(buf, &sha1);
  1522. }

One Level Up Top Level