One Level Up Top Level

src/event/quic/ngx_event_quic.c - nginx source code

Global variables defined

Functions defined

Source code


  2. /*
  3. * Copyright (C) Nginx, Inc.
  4. */


  7. #include <ngx_config.h>
  8. #include <ngx_core.h>
  9. #include <ngx_event.h>
  10. #include <ngx_event_quic_connection.h>


  13. static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c,
  14.     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
  15. static ngx_int_t ngx_quic_handle_stateless_reset(ngx_connection_t *c,
  16.     ngx_quic_header_t *pkt);
  17. static void ngx_quic_input_handler(ngx_event_t *rev);
  18. static void ngx_quic_close_handler(ngx_event_t *ev);

  20. static ngx_int_t ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
  21.     ngx_quic_conf_t *conf);
  22. static ngx_int_t ngx_quic_handle_packet(ngx_connection_t *c,
  23.     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
  24. static ngx_int_t ngx_quic_handle_payload(ngx_connection_t *c,
  25.     ngx_quic_header_t *pkt);
  26. static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc,
  27.     ngx_quic_header_t *pkt);
  28. static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c,
  29.     ngx_quic_header_t *pkt);

  31. static void ngx_quic_push_handler(ngx_event_t *ev);


  34. static ngx_core_module_t  ngx_quic_module_ctx = {
  35.     ngx_string("quic"),
  36.     NULL,
  37.     NULL
  38. };


  41. ngx_module_t  ngx_quic_module = {
  42.     NGX_MODULE_V1,
  43.     &ngx_quic_module_ctx,                  /* module context */
  44.     NULL,                                  /* module directives */
  45.     NGX_CORE_MODULE,                       /* module type */
  46.     NULL,                                  /* init master */
  47.     NULL,                                  /* init module */
  48.     NULL,                                  /* init process */
  49.     NULL,                                  /* init thread */
  50.     NULL,                                  /* exit thread */
  51.     NULL,                                  /* exit process */
  52.     NULL,                                  /* exit master */
  53.     NGX_MODULE_V1_PADDING
  54. };


  57. #if (NGX_DEBUG)

  59. void
  60. ngx_quic_connstate_dbg(ngx_connection_t *c)
  61. {
  62.     u_char                 *p, *last;
  63.     ngx_quic_connection_t  *qc;
  64.     u_char                  buf[NGX_MAX_ERROR_STR];

  66.     p = buf;
  67.     last = p + sizeof(buf);

  69.     qc = ngx_quic_get_connection(c);

  71.     p = ngx_slprintf(p, last, "state:");

  73.     if (qc) {

  75.         if (qc->error != (ngx_uint_t) -1) {
  76.             p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : "");
  77.             p = ngx_slprintf(p, last, " error:%ui", qc->error);

  79.             if (qc->error_reason) {
  80.                 p = ngx_slprintf(p, last, " \"%s\"", qc->error_reason);
  81.             }
  82.         }

  84.         p = ngx_slprintf(p, last, "%s", qc->shutdown ? " shutdown" : "");
  85.         p = ngx_slprintf(p, last, "%s", qc->closing ? " closing" : "");
  86.         p = ngx_slprintf(p, last, "%s", qc->draining ? " draining" : "");
  87.         p = ngx_slprintf(p, last, "%s", qc->key_phase ? " kp" : "");

  89.     } else {
  90.         p = ngx_slprintf(p, last, " early");
  91.     }

  93.     if (c->read->timer_set) {
  94.         p = ngx_slprintf(p, last,
  95.                          qc && qc->send_timer_set ? " send:%M" : " read:%M",
  96.                          c->read->timer.key - ngx_current_msec);
  97.     }

  99.     if (qc) {

  101.         if (qc->push.timer_set) {
  102.             p = ngx_slprintf(p, last, " push:%M",
  103.                              qc->push.timer.key - ngx_current_msec);
  104.         }

  106.         if (qc->pto.timer_set) {
  107.             p = ngx_slprintf(p, last, " pto:%M",
  108.                              qc->pto.timer.key - ngx_current_msec);
  109.         }

  111.         if (qc->close.timer_set) {
  112.             p = ngx_slprintf(p, last, " close:%M",
  113.                              qc->close.timer.key - ngx_current_msec);
  114.         }
  115.     }

  117.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  118.                    "quic %*s", p - buf, buf);
  119. }

  121. #endif


  124. ngx_int_t
  125. ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp)
  126. {
  127.     ngx_str_t               scid;
  128.     ngx_quic_connection_t  *qc;

  130.     qc = ngx_quic_get_connection(c);

  132.     scid.data = qc->path->cid->id;
  133.     scid.len = qc->path->cid->len;

  135.     if (scid.len != ctp->initial_scid.len
  136.         || ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
  137.     {
  138.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  139.                       "quic client initial_source_connection_id mismatch");
  140.         return NGX_ERROR;
  141.     }

  143.     if (ctp->max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE
  144.         || ctp->max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE)
  145.     {
  146.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  147.         qc->error_reason = "invalid maximum packet size";

  149.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  150.                       "quic maximum packet size is invalid");
  151.         return NGX_ERROR;
  152.     }

  154.     if (ctp->active_connection_id_limit < 2) {
  155.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  156.         qc->error_reason = "invalid active_connection_id_limit";

  158.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  159.                       "quic active_connection_id_limit is invalid");
  160.         return NGX_ERROR;
  161.     }

  163.     if (ctp->ack_delay_exponent > 20) {
  164.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  165.         qc->error_reason = "invalid ack_delay_exponent";

  167.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  168.                       "quic ack_delay_exponent is invalid");
  169.         return NGX_ERROR;
  170.     }

  172.     if (ctp->max_ack_delay >= 16384) {
  173.         qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  174.         qc->error_reason = "invalid max_ack_delay";

  176.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  177.                       "quic max_ack_delay is invalid");
  178.         return NGX_ERROR;
  179.     }

  181.     if (ctp->max_idle_timeout > 0
  182.         && ctp->max_idle_timeout < qc->tp.max_idle_timeout)
  183.     {
  184.         qc->tp.max_idle_timeout = ctp->max_idle_timeout;
  185.     }

  187.     qc->streams.server_max_streams_bidi = ctp->initial_max_streams_bidi;
  188.     qc->streams.server_max_streams_uni = ctp->initial_max_streams_uni;

  190.     ngx_memcpy(&qc->ctp, ctp, sizeof(ngx_quic_tp_t));

  192.     return NGX_OK;
  193. }


  196. void
  197. ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf)
  198. {
  199.     ngx_int_t               rc;
  200.     ngx_quic_connection_t  *qc;

  202.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic run");

  204.     rc = ngx_quic_handle_datagram(c, c->buffer, conf);
  205.     if (rc != NGX_OK) {
  206.         ngx_quic_close_connection(c, rc);
  207.         return;
  208.     }

  210.     /* quic connection is now created */
  211.     qc = ngx_quic_get_connection(c);

  213.     ngx_add_timer(c->read, qc->tp.max_idle_timeout);

  215.     if (!qc->streams.initialized) {
  216.         ngx_add_timer(&qc->close, qc->conf->handshake_timeout);
  217.     }

  219.     ngx_quic_connstate_dbg(c);

  221.     c->read->handler = ngx_quic_input_handler;

  223.     return;
  224. }


  227. static ngx_quic_connection_t *
  228. ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
  229.     ngx_quic_header_t *pkt)
  230. {
  231.     ngx_uint_t              i;
  232.     ngx_quic_tp_t          *ctp;
  233.     ngx_quic_connection_t  *qc;

  235.     qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
  236.     if (qc == NULL) {
  237.         return NULL;
  238.     }

  240.     qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
  241.     if (qc->keys == NULL) {
  242.         return NULL;
  243.     }

  245.     qc->version = pkt->version;

  247.     ngx_rbtree_init(&qc->streams.tree, &qc->streams.sentinel,
  248.                     ngx_quic_rbtree_insert_stream);

  250.     for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  251.         ngx_queue_init(&qc->send_ctx[i].frames);
  252.         ngx_queue_init(&qc->send_ctx[i].sending);
  253.         ngx_queue_init(&qc->send_ctx[i].sent);
  254.         qc->send_ctx[i].largest_pn = NGX_QUIC_UNSET_PN;
  255.         qc->send_ctx[i].largest_ack = NGX_QUIC_UNSET_PN;
  256.         qc->send_ctx[i].largest_range = NGX_QUIC_UNSET_PN;
  257.         qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN;
  258.     }

  260.     qc->send_ctx[0].level = ssl_encryption_initial;
  261.     qc->send_ctx[1].level = ssl_encryption_handshake;
  262.     qc->send_ctx[2].level = ssl_encryption_application;

  264.     ngx_queue_init(&qc->free_frames);

  266.     ngx_quic_init_rtt(qc);

  268.     qc->pto.log = c->log;
  269.     qc->pto.data = c;
  270.     qc->pto.handler = ngx_quic_pto_handler;

  272.     qc->push.log = c->log;
  273.     qc->push.data = c;
  274.     qc->push.handler = ngx_quic_push_handler;

  276.     qc->close.log = c->log;
  277.     qc->close.data = c;
  278.     qc->close.handler = ngx_quic_close_handler;

  280.     qc->path_validation.log = c->log;
  281.     qc->path_validation.data = c;
  282.     qc->path_validation.handler = ngx_quic_path_handler;

  284.     qc->key_update.log = c->log;
  285.     qc->key_update.data = c;
  286.     qc->key_update.handler = ngx_quic_keys_update;

  288.     qc->conf = conf;

  290.     if (ngx_quic_init_transport_params(&qc->tp, conf) != NGX_OK) {
  291.         return NULL;
  292.     }

  294.     ctp = &qc->ctp;

  296.     /* defaults to be used before actual client parameters are received */
  297.     ctp->max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_SIZE;
  298.     ctp->ack_delay_exponent = NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT;
  299.     ctp->max_ack_delay = NGX_QUIC_DEFAULT_MAX_ACK_DELAY;
  300.     ctp->active_connection_id_limit = 2;

  302.     ngx_queue_init(&qc->streams.uninitialized);
  303.     ngx_queue_init(&qc->streams.free);

  305.     qc->streams.recv_max_data = qc->tp.initial_max_data;
  306.     qc->streams.recv_window = qc->streams.recv_max_data;

  308.     qc->streams.client_max_streams_uni = qc->tp.initial_max_streams_uni;
  309.     qc->streams.client_max_streams_bidi = qc->tp.initial_max_streams_bidi;

  311.     qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size,
  312.                                     ngx_max(2 * qc->tp.max_udp_payload_size,
  313.                                             14720));
  314.     qc->congestion.ssthresh = (size_t) -1;
  315.     qc->congestion.recovery_start = ngx_current_msec;

  317.     if (pkt->validated && pkt->retried) {
  318.         qc->tp.retry_scid.len = pkt->dcid.len;
  319.         qc->tp.retry_scid.data = ngx_pstrdup(c->pool, &pkt->dcid);
  320.         if (qc->tp.retry_scid.data == NULL) {
  321.             return NULL;
  322.         }
  323.     }

  325.     if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log)
  326.         != NGX_OK)
  327.     {
  328.         return NULL;
  329.     }

  331.     qc->validated = pkt->validated;

  333.     if (ngx_quic_open_sockets(c, qc, pkt) != NGX_OK) {
  334.         ngx_quic_keys_cleanup(qc->keys);
  335.         return NULL;
  336.     }

  338.     c->idle = 1;
  339.     ngx_reusable_connection(c, 1);

  341.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  342.                    "quic connection created");

  344.     return qc;
  345. }


  348. static ngx_int_t
  349. ngx_quic_handle_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt)
  350. {
  351.     u_char                 *tail, ch;
  352.     ngx_uint_t              i;
  353.     ngx_queue_t            *q;
  354.     ngx_quic_client_id_t   *cid;
  355.     ngx_quic_connection_t  *qc;

  357.     qc = ngx_quic_get_connection(c);

  359.     /* A stateless reset uses an entire UDP datagram */
  360.     if (!pkt->first) {
  361.         return NGX_DECLINED;
  362.     }

  364.     tail = pkt->raw->last - NGX_QUIC_SR_TOKEN_LEN;

  366.     for (q = ngx_queue_head(&qc->client_ids);
  367.          q != ngx_queue_sentinel(&qc->client_ids);
  368.          q = ngx_queue_next(q))
  369.     {
  370.         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);

  372.         if (cid->seqnum == 0 || !cid->used) {
  373.             /*
  374.              * No stateless reset token in initial connection id.
  375.              * Don't accept a token from an unused connection id.
  376.              */
  377.             continue;
  378.         }

  380.         /* constant time comparison */

  382.         for (ch = 0, i = 0; i < NGX_QUIC_SR_TOKEN_LEN; i++) {
  383.             ch |= tail[i] ^ cid->sr_token[i];
  384.         }

  386.         if (ch == 0) {
  387.             return NGX_OK;
  388.         }
  389.     }

  391.     return NGX_DECLINED;
  392. }


  395. static void
  396. ngx_quic_input_handler(ngx_event_t *rev)
  397. {
  398.     ngx_int_t               rc;
  399.     ngx_buf_t              *b;
  400.     ngx_connection_t       *c;
  401.     ngx_quic_connection_t  *qc;

  403.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, "quic input handler");

  405.     c = rev->data;
  406.     qc = ngx_quic_get_connection(c);

  408.     c->log->action = "handling quic input";

  410.     if (rev->timedout) {
  411.         ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
  412.                       "quic client timed out");
  413.         ngx_quic_close_connection(c, NGX_DONE);
  414.         return;
  415.     }

  417.     if (c->close) {
  418.         c->close = 0;

  420.         if (!ngx_exiting || !qc->streams.initialized) {
  421.             qc->error = NGX_QUIC_ERR_NO_ERROR;
  422.             qc->error_reason = "graceful shutdown";
  423.             ngx_quic_close_connection(c, NGX_ERROR);
  424.             return;
  425.         }

  427.         if (!qc->closing && qc->conf->shutdown) {
  428.             qc->conf->shutdown(c);
  429.         }

  431.         return;
  432.     }

  434.     b = c->udp->buffer;
  435.     if (b == NULL) {
  436.         return;
  437.     }

  439.     rc = ngx_quic_handle_datagram(c, b, NULL);

  441.     if (rc == NGX_ERROR) {
  442.         ngx_quic_close_connection(c, NGX_ERROR);
  443.         return;
  444.     }

  446.     if (rc == NGX_DONE) {
  447.         return;
  448.     }

  450.     /* rc == NGX_OK */

  452.     qc->send_timer_set = 0;
  453.     ngx_add_timer(rev, qc->tp.max_idle_timeout);

  455.     ngx_quic_connstate_dbg(c);
  456. }


  459. void
  460. ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
  461. {
  462.     ngx_uint_t              i;
  463.     ngx_pool_t             *pool;
  464.     ngx_quic_send_ctx_t    *ctx;
  465.     ngx_quic_connection_t  *qc;

  467.     qc = ngx_quic_get_connection(c);

  469.     if (qc == NULL) {
  470.         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  471.                        "quic packet rejected rc:%i, cleanup connection", rc);
  472.         goto quic_done;
  473.     }

  475.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  476.                    "quic close %s rc:%i",
  477.                    qc->closing ? "resumed": "initiated", rc);

  479.     if (!qc->closing) {

  481.         /* drop packets from retransmit queues, no ack is expected */
  482.         for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  483.             ngx_quic_free_frames(c, &qc->send_ctx[i].frames);
  484.             ngx_quic_free_frames(c, &qc->send_ctx[i].sent);
  485.         }

  487.         if (qc->close.timer_set) {
  488.             ngx_del_timer(&qc->close);
  489.         }

  491.         if (rc == NGX_DONE) {

  493.             /*
  494.              * RFC 9000, 10.1.  Idle Timeout
  495.              *
  496.              *  If a max_idle_timeout is specified by either endpoint in its
  497.              *  transport parameters (Section 18.2), the connection is silently
  498.              *  closed and its state is discarded when it remains idle
  499.              */

  501.             /* this case also handles some errors from ngx_quic_run() */

  503.             ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  504.                            "quic close silent drain:%d timedout:%d",
  505.                            qc->draining, c->read->timedout);
  506.         } else {

  508.             /*
  509.              * RFC 9000, 10.2.  Immediate Close
  510.              *
  511.              *  An endpoint sends a CONNECTION_CLOSE frame (Section 19.19)
  512.              *  to terminate the connection immediately.
  513.              */

  515.             if (qc->error == (ngx_uint_t) -1) {
  516.                 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
  517.                 qc->error_app = 0;
  518.             }

  520.             ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
  521.                            "quic close immediate term:%d drain:%d "
  522.                            "%serror:%ui \"%s\"",
  523.                            rc == NGX_ERROR ? 1 : 0, qc->draining,
  524.                            qc->error_app ? "app " : "", qc->error,
  525.                            qc->error_reason ? qc->error_reason : "");

  527.             for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
  528.                 ctx = &qc->send_ctx[i];

  530.                 if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) {
  531.                     continue;
  532.                 }

  534.                 qc->error_level = ctx->level;
  535.                 (void) ngx_quic_send_cc(c);

  537.                 if (rc == NGX_OK) {
  538.                     ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx));
  539.                 }
  540.             }
  541.         }

  543.         qc->closing = 1;
  544.     }

  546.     if (rc == NGX_ERROR && qc->close.timer_set) {
  547.         /* do not wait for timer in case of fatal error */
  548.         ngx_del_timer(&qc->close);
  549.     }

  551.     if (ngx_quic_close_streams(c, qc) == NGX_AGAIN) {
  552.         return;
  553.     }

  555.     if (qc->push.timer_set) {
  556.         ngx_del_timer(&qc->push);
  557.     }

  559.     if (qc->pto.timer_set) {
  560.         ngx_del_timer(&qc->pto);
  561.     }

  563.     if (qc->path_validation.timer_set) {
  564.         ngx_del_timer(&qc->path_validation);
  565.     }

  567.     if (qc->push.posted) {
  568.         ngx_delete_posted_event(&qc->push);
  569.     }

  571.     if (qc->key_update.posted) {
  572.         ngx_delete_posted_event(&qc->key_update);
  573.     }

  575.     if (qc->close.timer_set) {
  576.         return;
  577.     }

  579.     if (qc->close.posted) {
  580.         ngx_delete_posted_event(&qc->close);
  581.     }

  583.     ngx_quic_close_sockets(c);

  585.     ngx_quic_keys_cleanup(qc->keys);

  587.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic close completed");

  589.     /* may be tested from SSL callback during SSL shutdown */
  590.     c->udp = NULL;

  592. quic_done:

  594.     if (c->ssl) {
  595.         (void) ngx_ssl_shutdown(c);
  596.     }

  598.     if (c->read->timer_set) {
  599.         ngx_del_timer(c->read);
  600.     }

  602. #if (NGX_STAT_STUB)
  603.     (void) ngx_atomic_fetch_add(ngx_stat_active, -1);
  604. #endif

  606.     c->destroyed = 1;

  608.     pool = c->pool;

  610.     ngx_close_connection(c);

  612.     ngx_destroy_pool(pool);
  613. }


  616. void
  617. ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err,
  618.     const char *reason)
  619. {
  620.     ngx_quic_connection_t  *qc;

  622.     qc = ngx_quic_get_connection(c);

  624.     if (qc->closing) {
  625.         return;
  626.     }

  628.     qc->error = err;
  629.     qc->error_reason = reason;
  630.     qc->error_app = 1;
  631.     qc->error_ftype = 0;

  633.     ngx_post_event(&qc->close, &ngx_posted_events);
  634. }


  637. void
  638. ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err,
  639.     const char *reason)
  640. {
  641.     ngx_quic_connection_t  *qc;

  643.     qc = ngx_quic_get_connection(c);
  644.     qc->shutdown = 1;
  645.     qc->shutdown_code = err;
  646.     qc->shutdown_reason = reason;

  648.     ngx_quic_shutdown_quic(c);
  649. }


  652. static void
  653. ngx_quic_close_handler(ngx_event_t *ev)
  654. {
  655.     ngx_connection_t  *c;

  657.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic close handler");

  659.     c = ev->data;

  661.     ngx_quic_close_connection(c, NGX_OK);
  662. }


  665. static ngx_int_t
  666. ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
  667.     ngx_quic_conf_t *conf)
  668. {
  669.     size_t                  size;
  670.     u_char                 *p, *start;
  671.     ngx_int_t               rc;
  672.     ngx_uint_t              good;
  673.     ngx_quic_path_t        *path;
  674.     ngx_quic_header_t       pkt;
  675.     ngx_quic_connection_t  *qc;

  677.     good = 0;
  678.     path = NULL;

  680.     size = b->last - b->pos;

  682.     p = start = b->pos;

  684.     while (p < b->last) {

  686.         ngx_memzero(&pkt, sizeof(ngx_quic_header_t));
  687.         pkt.raw = b;
  688.         pkt.data = p;
  689.         pkt.len = b->last - p;
  690.         pkt.log = c->log;
  691.         pkt.first = (p == start) ? 1 : 0;
  692.         pkt.path = path;
  693.         pkt.flags = p[0];
  694.         pkt.raw->pos++;

  696.         rc = ngx_quic_handle_packet(c, conf, &pkt);

  698. #if (NGX_DEBUG)
  699.         if (pkt.parsed) {
  700.             ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
  701.                            "quic packet done rc:%i level:%s"
  702.                            " decr:%d pn:%L perr:%ui",
  703.                            rc, ngx_quic_level_name(pkt.level),
  704.                            pkt.decrypted, pkt.pn, pkt.error);
  705.         } else {
  706.             ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  707.                            "quic packet done rc:%i parse failed", rc);
  708.         }
  709. #endif

  711.         if (rc == NGX_ERROR || rc == NGX_DONE) {
  712.             return rc;
  713.         }

  715.         if (rc == NGX_OK) {
  716.             good = 1;
  717.         }

  719.         path = pkt.path; /* preserve packet path from 1st packet */

  721.         /* NGX_OK || NGX_DECLINED */

  723.         /*
  724.          * we get NGX_DECLINED when there are no keys [yet] available
  725.          * to decrypt packet.
  726.          * Instead of queueing it, we ignore it and rely on the sender's
  727.          * retransmission:
  728.          *
  729.          * RFC 9000, 12.2.  Coalescing Packets
  730.          *
  731.          * For example, if decryption fails (because the keys are
  732.          * not available or for any other reason), the receiver MAY either
  733.          * discard or buffer the packet for later processing and MUST
  734.          * attempt to process the remaining packets.
  735.          *
  736.          * We also skip packets that don't match connection state
  737.          * or cannot be parsed properly.
  738.          */

  740.         /* b->pos is at header end, adjust by actual packet length */
  741.         b->pos = pkt.data + pkt.len;

  743.         p = b->pos;
  744.     }

  746.     if (!good) {
  747.         return NGX_DONE;
  748.     }

  750.     qc = ngx_quic_get_connection(c);

  752.     if (qc) {
  753.         qc->received += size;

  755.         if ((uint64_t) (c->sent + qc->received) / 8 >
  756.             (qc->streams.sent + qc->streams.recv_last) + 1048576)
  757.         {
  758.             ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");

  760.             qc->error = NGX_QUIC_ERR_NO_ERROR;
  761.             qc->error_reason = "QUIC flood detected";
  762.             return NGX_ERROR;
  763.         }
  764.     }

  766.     return NGX_OK;
  767. }


  770. static ngx_int_t
  771. ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
  772.     ngx_quic_header_t *pkt)
  773. {
  774.     ngx_int_t               rc;
  775.     ngx_quic_socket_t      *qsock;
  776.     ngx_quic_connection_t  *qc;

  778.     c->log->action = "parsing quic packet";

  780.     rc = ngx_quic_parse_packet(pkt);

  782.     if (rc == NGX_ERROR) {
  783.         return NGX_DECLINED;
  784.     }

  786.     pkt->parsed = 1;

  788.     c->log->action = "handling quic packet";

  790.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  791.                    "quic packet rx dcid len:%uz %xV",
  792.                    pkt->dcid.len, &pkt->dcid);

  794. #if (NGX_DEBUG)
  795.     if (pkt->level != ssl_encryption_application) {
  796.         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  797.                        "quic packet rx scid len:%uz %xV",
  798.                        pkt->scid.len, &pkt->scid);
  799.     }

  801.     if (pkt->level == ssl_encryption_initial) {
  802.         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  803.                        "quic address validation token len:%uz %xV",
  804.                        pkt->token.len, &pkt->token);
  805.     }
  806. #endif

  808.     qc = ngx_quic_get_connection(c);

  810.     if (qc) {

  812.         if (rc == NGX_ABORT) {
  813.             ngx_log_error(NGX_LOG_INFO, c->log, 0,
  814.                           "quic unsupported version: 0x%xD", pkt->version);
  815.             return NGX_DECLINED;
  816.         }

  818.         if (pkt->level != ssl_encryption_application) {

  820.             if (pkt->version != qc->version) {
  821.                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
  822.                               "quic version mismatch: 0x%xD", pkt->version);
  823.                 return NGX_DECLINED;
  824.             }

  826.             if (pkt->first) {
  827.                 qsock = ngx_quic_get_socket(c);

  829.                 if (ngx_cmp_sockaddr(&qsock->sockaddr.sockaddr, qsock->socklen,
  830.                                      qc->path->sockaddr, qc->path->socklen, 1)
  831.                     != NGX_OK)
  832.                 {
  833.                     /* packet comes from unknown path, possibly migration */
  834.                     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  835.                                    "quic too early migration attempt");
  836.                     return NGX_DONE;
  837.                 }
  838.             }

  840.             if (ngx_quic_check_csid(qc, pkt) != NGX_OK) {
  841.                 return NGX_DECLINED;
  842.             }

  844.         }

  846.         rc = ngx_quic_handle_payload(c, pkt);

  848.         if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
  849.             if (ngx_quic_handle_stateless_reset(c, pkt) == NGX_OK) {
  850.                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
  851.                               "quic stateless reset packet detected");

  853.                 qc->draining = 1;
  854.                 ngx_post_event(&qc->close, &ngx_posted_events);

  856.                 return NGX_OK;
  857.             }
  858.         }

  860.         return rc;
  861.     }

  863.     /* packet does not belong to a connection */

  865.     if (rc == NGX_ABORT) {
  866.         return ngx_quic_negotiate_version(c, pkt);
  867.     }

  869.     if (pkt->level == ssl_encryption_application) {
  870.         return ngx_quic_send_stateless_reset(c, conf, pkt);
  871.     }

  873.     if (pkt->level != ssl_encryption_initial) {
  874.         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  875.                        "quic expected initial, got handshake");
  876.         return NGX_ERROR;
  877.     }

  879.     c->log->action = "handling initial packet";

  881.     if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) {
  882.         /* RFC 9000, 7.2.  Negotiating Connection IDs */
  883.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  884.                       "quic too short dcid in initial"
  885.                       " packet: len:%i", pkt->dcid.len);
  886.         return NGX_ERROR;
  887.     }

  889.     /* process retry and initialize connection IDs */

  891.     if (pkt->token.len) {

  893.         rc = ngx_quic_validate_token(c, conf->av_token_key, pkt);

  895.         if (rc == NGX_ERROR) {
  896.             /* internal error */
  897.             return NGX_ERROR;

  899.         } else if (rc == NGX_ABORT) {
  900.             /* token cannot be decrypted */
  901.             return ngx_quic_send_early_cc(c, pkt,
  902.                                           NGX_QUIC_ERR_INVALID_TOKEN,
  903.                                           "cannot decrypt token");
  904.         } else if (rc == NGX_DECLINED) {
  905.             /* token is invalid */

  907.             if (pkt->retried) {
  908.                 /* invalid address validation token */
  909.                 return ngx_quic_send_early_cc(c, pkt,
  910.                                           NGX_QUIC_ERR_INVALID_TOKEN,
  911.                                           "invalid address validation token");
  912.             } else if (conf->retry) {
  913.                 /* invalid NEW_TOKEN */
  914.                 return ngx_quic_send_retry(c, conf, pkt);
  915.             }
  916.         }

  918.         /* NGX_OK */

  920.     } else if (conf->retry) {
  921.         return ngx_quic_send_retry(c, conf, pkt);

  923.     } else {
  924.         pkt->odcid = pkt->dcid;
  925.     }

  927.     if (ngx_terminate || ngx_exiting) {
  928.         if (conf->retry) {
  929.             return ngx_quic_send_retry(c, conf, pkt);
  930.         }

  932.         return NGX_ERROR;
  933.     }

  935.     c->log->action = "creating quic connection";

  937.     qc = ngx_quic_new_connection(c, conf, pkt);
  938.     if (qc == NULL) {
  939.         return NGX_ERROR;
  940.     }

  942.     return ngx_quic_handle_payload(c, pkt);
  943. }


  946. static ngx_int_t
  947. ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
  948. {
  949.     ngx_int_t               rc;
  950.     ngx_quic_send_ctx_t    *ctx;
  951.     ngx_quic_connection_t  *qc;
  952.     static u_char           buf[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE];

  954.     qc = ngx_quic_get_connection(c);

  956.     qc->error = (ngx_uint_t) -1;
  957.     qc->error_reason = 0;

  959.     c->log->action = "decrypting packet";

  961.     if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
  962.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  963.                       "quic no %s keys, ignoring packet",
  964.                       ngx_quic_level_name(pkt->level));
  965.         return NGX_DECLINED;
  966.     }

  968. #if !defined (OPENSSL_IS_BORINGSSL)
  969.     /* OpenSSL provides read keys for an application level before it's ready */

  971.     if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
  972.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  973.                       "quic no %s keys ready, ignoring packet",
  974.                       ngx_quic_level_name(pkt->level));
  975.         return NGX_DECLINED;
  976.     }
  977. #endif

  979.     pkt->keys = qc->keys;
  980.     pkt->key_phase = qc->key_phase;
  981.     pkt->plaintext = buf;

  983.     ctx = ngx_quic_get_send_ctx(qc, pkt->level);

  985.     rc = ngx_quic_decrypt(pkt, &ctx->largest_pn);
  986.     if (rc != NGX_OK) {
  987.         qc->error = pkt->error;
  988.         qc->error_reason = "failed to decrypt packet";
  989.         return rc;
  990.     }

  992.     pkt->decrypted = 1;

  994.     c->log->action = "handling decrypted packet";

  996.     if (pkt->path == NULL) {
  997.         rc = ngx_quic_set_path(c, pkt);
  998.         if (rc != NGX_OK) {
  999.             return rc;
  1000.         }
  1001.     }

  1003.     if (c->ssl == NULL) {
  1004.         if (ngx_quic_init_connection(c) != NGX_OK) {
  1005.             return NGX_ERROR;
  1006.         }
  1007.     }

  1009.     if (pkt->level == ssl_encryption_handshake) {
  1010.         /*
  1011.          * RFC 9001, 4.9.1.  Discarding Initial Keys
  1012.          *
  1013.          * The successful use of Handshake packets indicates
  1014.          * that no more Initial packets need to be exchanged
  1015.          */
  1016.         ngx_quic_discard_ctx(c, ssl_encryption_initial);

  1018.         if (!qc->path->validated) {
  1019.             qc->path->validated = 1;
  1020.             ngx_quic_path_dbg(c, "in handshake", qc->path);
  1021.             ngx_post_event(&qc->push, &ngx_posted_events);
  1022.         }
  1023.     }

  1025.     if (pkt->level == ssl_encryption_application) {
  1026.         /*
  1027.          * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
  1028.          *
  1029.          * After receiving a 1-RTT packet, servers MUST discard
  1030.          * 0-RTT keys within a short time
  1031.          */
  1032.         ngx_quic_discard_ctx(c, ssl_encryption_early_data);
  1033.     }

  1035.     if (qc->closing) {
  1036.         /*
  1037.          * RFC 9000, 10.2.  Immediate Close
  1038.          *
  1039.          * ... delayed or reordered packets are properly discarded.
  1040.          *
  1041.          *  In the closing state, an endpoint retains only enough information
  1042.          *  to generate a packet containing a CONNECTION_CLOSE frame and to
  1043.          *  identify packets as belonging to the connection.
  1044.          */

  1046.         qc->error_level = pkt->level;
  1047.         qc->error = NGX_QUIC_ERR_NO_ERROR;
  1048.         qc->error_reason = "connection is closing, packet discarded";
  1049.         qc->error_ftype = 0;
  1050.         qc->error_app = 0;

  1052.         return ngx_quic_send_cc(c);
  1053.     }

  1055.     pkt->received = ngx_current_msec;

  1057.     c->log->action = "handling payload";

  1059.     if (pkt->level != ssl_encryption_application) {
  1060.         return ngx_quic_handle_frames(c, pkt);
  1061.     }

  1063.     if (!pkt->key_update) {
  1064.         return ngx_quic_handle_frames(c, pkt);
  1065.     }

  1067.     /* switch keys and generate next on Key Phase change */

  1069.     qc->key_phase ^= 1;
  1070.     ngx_quic_keys_switch(c, qc->keys);

  1072.     rc = ngx_quic_handle_frames(c, pkt);
  1073.     if (rc != NGX_OK) {
  1074.         return rc;
  1075.     }

  1077.     ngx_post_event(&qc->key_update, &ngx_posted_events);

  1079.     return NGX_OK;
  1080. }


  1083. void
  1084. ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
  1085. {
  1086.     ngx_queue_t            *q;
  1087.     ngx_quic_frame_t       *f;
  1088.     ngx_quic_socket_t      *qsock;
  1089.     ngx_quic_send_ctx_t    *ctx;
  1090.     ngx_quic_connection_t  *qc;

  1092.     qc = ngx_quic_get_connection(c);

  1094.     if (!ngx_quic_keys_available(qc->keys, level, 0)
  1095.         && !ngx_quic_keys_available(qc->keys, level, 1))
  1096.     {
  1097.         return;
  1098.     }

  1100.     ngx_quic_keys_discard(qc->keys, level);

  1102.     qc->pto_count = 0;

  1104.     ctx = ngx_quic_get_send_ctx(qc, level);

  1106.     ngx_quic_free_buffer(c, &ctx->crypto);

  1108.     while (!ngx_queue_empty(&ctx->sent)) {
  1109.         q = ngx_queue_head(&ctx->sent);
  1110.         ngx_queue_remove(q);

  1112.         f = ngx_queue_data(q, ngx_quic_frame_t, queue);
  1113.         ngx_quic_congestion_ack(c, f);
  1114.         ngx_quic_free_frame(c, f);
  1115.     }

  1117.     while (!ngx_queue_empty(&ctx->frames)) {
  1118.         q = ngx_queue_head(&ctx->frames);
  1119.         ngx_queue_remove(q);

  1121.         f = ngx_queue_data(q, ngx_quic_frame_t, queue);
  1122.         ngx_quic_free_frame(c, f);
  1123.     }

  1125.     if (level == ssl_encryption_initial) {
  1126.         /* close temporary listener with initial dcid */
  1127.         qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
  1128.         if (qsock) {
  1129.             ngx_quic_close_socket(c, qsock);
  1130.         }
  1131.     }

  1133.     ctx->send_ack = 0;

  1135.     ngx_quic_set_lost_timer(c);
  1136. }


  1139. static ngx_int_t
  1140. ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt)
  1141. {
  1142.     ngx_queue_t           *q;
  1143.     ngx_quic_client_id_t  *cid;

  1145.     for (q = ngx_queue_head(&qc->client_ids);
  1146.          q != ngx_queue_sentinel(&qc->client_ids);
  1147.          q = ngx_queue_next(q))
  1148.     {
  1149.         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);

  1151.         if (pkt->scid.len == cid->len
  1152.             && ngx_memcmp(pkt->scid.data, cid->id, cid->len) == 0)
  1153.         {
  1154.             return NGX_OK;
  1155.         }
  1156.     }

  1158.     ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic scid");
  1159.     return NGX_ERROR;
  1160. }


  1163. static ngx_int_t
  1164. ngx_quic_handle_frames(ngx_connection_t *c, ngx_quic_header_t *pkt)
  1165. {
  1166.     u_char                 *end, *p;
  1167.     ssize_t                 len;
  1168.     ngx_buf_t               buf;
  1169.     ngx_uint_t              do_close, nonprobing;
  1170.     ngx_chain_t             chain;
  1171.     ngx_quic_frame_t        frame;
  1172.     ngx_quic_connection_t  *qc;

  1174.     qc = ngx_quic_get_connection(c);

  1176.     p = pkt->payload.data;
  1177.     end = p + pkt->payload.len;

  1179.     do_close = 0;
  1180.     nonprobing = 0;

  1182.     while (p < end) {

  1184.         c->log->action = "parsing frames";

  1186.         ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
  1187.         ngx_memzero(&buf, sizeof(ngx_buf_t));
  1188.         buf.temporary = 1;

  1190.         chain.buf = &buf;
  1191.         chain.next = NULL;
  1192.         frame.data = &chain;

  1194.         len = ngx_quic_parse_frame(pkt, p, end, &frame);

  1196.         if (len < 0) {
  1197.             qc->error = pkt->error;
  1198.             return NGX_ERROR;
  1199.         }

  1201.         ngx_quic_log_frame(c->log, &frame, 0);

  1203.         c->log->action = "handling frames";

  1205.         p += len;

  1207.         switch (frame.type) {
  1208.         /* probing frames */
  1209.         case NGX_QUIC_FT_PADDING:
  1210.         case NGX_QUIC_FT_PATH_CHALLENGE:
  1211.         case NGX_QUIC_FT_PATH_RESPONSE:
  1212.         case NGX_QUIC_FT_NEW_CONNECTION_ID:
  1213.             break;

  1215.         /* non-probing frames */
  1216.         default:
  1217.             nonprobing = 1;
  1218.             break;
  1219.         }

  1221.         switch (frame.type) {

  1223.         case NGX_QUIC_FT_ACK:
  1224.             if (ngx_quic_handle_ack_frame(c, pkt, &frame) != NGX_OK) {
  1225.                 return NGX_ERROR;
  1226.             }

  1228.             continue;

  1230.         case NGX_QUIC_FT_PADDING:
  1231.             /* no action required */
  1232.             continue;

  1234.         case NGX_QUIC_FT_CONNECTION_CLOSE:
  1235.         case NGX_QUIC_FT_CONNECTION_CLOSE_APP:
  1236.             do_close = 1;
  1237.             continue;
  1238.         }

  1240.         /* got there with ack-eliciting packet */
  1241.         pkt->need_ack = 1;

  1243.         switch (frame.type) {

  1245.         case NGX_QUIC_FT_CRYPTO:

  1247.             if (ngx_quic_handle_crypto_frame(c, pkt, &frame) != NGX_OK) {
  1248.                 return NGX_ERROR;
  1249.             }

  1251.             break;

  1253.         case NGX_QUIC_FT_PING:
  1254.             break;

  1256.         case NGX_QUIC_FT_STREAM:

  1258.             if (ngx_quic_handle_stream_frame(c, pkt, &frame) != NGX_OK) {
  1259.                 return NGX_ERROR;
  1260.             }

  1262.             break;

  1264.         case NGX_QUIC_FT_MAX_DATA:

  1266.             if (ngx_quic_handle_max_data_frame(c, &frame.u.max_data) != NGX_OK)
  1267.             {
  1268.                 return NGX_ERROR;
  1269.             }

  1271.             break;

  1273.         case NGX_QUIC_FT_STREAMS_BLOCKED:
  1274.         case NGX_QUIC_FT_STREAMS_BLOCKED2:

  1276.             if (ngx_quic_handle_streams_blocked_frame(c, pkt,
  1277.                                                       &frame.u.streams_blocked)
  1278.                 != NGX_OK)
  1279.             {
  1280.                 return NGX_ERROR;
  1281.             }

  1283.             break;

  1285.         case NGX_QUIC_FT_DATA_BLOCKED:

  1287.             if (ngx_quic_handle_data_blocked_frame(c, pkt,
  1288.                                                    &frame.u.data_blocked)
  1289.                 != NGX_OK)
  1290.             {
  1291.                 return NGX_ERROR;
  1292.             }

  1294.             break;

  1296.         case NGX_QUIC_FT_STREAM_DATA_BLOCKED:

  1298.             if (ngx_quic_handle_stream_data_blocked_frame(c, pkt,
  1299.                                                   &frame.u.stream_data_blocked)
  1300.                 != NGX_OK)
  1301.             {
  1302.                 return NGX_ERROR;
  1303.             }

  1305.             break;

  1307.         case NGX_QUIC_FT_MAX_STREAM_DATA:

  1309.             if (ngx_quic_handle_max_stream_data_frame(c, pkt,
  1310.                                                       &frame.u.max_stream_data)
  1311.                 != NGX_OK)
  1312.             {
  1313.                 return NGX_ERROR;
  1314.             }

  1316.             break;

  1318.         case NGX_QUIC_FT_RESET_STREAM:

  1320.             if (ngx_quic_handle_reset_stream_frame(c, pkt,
  1321.                                                    &frame.u.reset_stream)
  1322.                 != NGX_OK)
  1323.             {
  1324.                 return NGX_ERROR;
  1325.             }

  1327.             break;

  1329.         case NGX_QUIC_FT_STOP_SENDING:

  1331.             if (ngx_quic_handle_stop_sending_frame(c, pkt,
  1332.                                                    &frame.u.stop_sending)
  1333.                 != NGX_OK)
  1334.             {
  1335.                 return NGX_ERROR;
  1336.             }

  1338.             break;

  1340.         case NGX_QUIC_FT_MAX_STREAMS:
  1341.         case NGX_QUIC_FT_MAX_STREAMS2:

  1343.             if (ngx_quic_handle_max_streams_frame(c, pkt, &frame.u.max_streams)
  1344.                 != NGX_OK)
  1345.             {
  1346.                 return NGX_ERROR;
  1347.             }

  1349.             break;

  1351.         case NGX_QUIC_FT_PATH_CHALLENGE:

  1353.             if (ngx_quic_handle_path_challenge_frame(c, pkt,
  1354.                                                      &frame.u.path_challenge)
  1355.                 != NGX_OK)
  1356.             {
  1357.                 return NGX_ERROR;
  1358.             }

  1360.             break;

  1362.         case NGX_QUIC_FT_PATH_RESPONSE:

  1364.             if (ngx_quic_handle_path_response_frame(c, &frame.u.path_response)
  1365.                 != NGX_OK)
  1366.             {
  1367.                 return NGX_ERROR;
  1368.             }

  1370.             break;

  1372.         case NGX_QUIC_FT_NEW_CONNECTION_ID:

  1374.             if (ngx_quic_handle_new_connection_id_frame(c, &frame.u.ncid)
  1375.                 != NGX_OK)
  1376.             {
  1377.                 return NGX_ERROR;
  1378.             }

  1380.             break;

  1382.         case NGX_QUIC_FT_RETIRE_CONNECTION_ID:

  1384.             if (ngx_quic_handle_retire_connection_id_frame(c,
  1385.                                                            &frame.u.retire_cid)
  1386.                 != NGX_OK)
  1387.             {
  1388.                 return NGX_ERROR;
  1389.             }

  1391.             break;

  1393.         default:
  1394.             ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  1395.                            "quic missing frame handler");
  1396.             return NGX_ERROR;
  1397.         }
  1398.     }

  1400.     if (p != end) {
  1401.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  1402.                       "quic trailing garbage in payload:%ui bytes", end - p);

  1404.         qc->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR;
  1405.         return NGX_ERROR;
  1406.     }

  1408.     if (do_close) {
  1409.         qc->draining = 1;
  1410.         ngx_post_event(&qc->close, &ngx_posted_events);
  1411.     }

  1413.     if (pkt->path != qc->path && nonprobing) {

  1415.         /*
  1416.          * RFC 9000, 9.2.  Initiating Connection Migration
  1417.          *
  1418.          * An endpoint can migrate a connection to a new local
  1419.          * address by sending packets containing non-probing frames
  1420.          * from that address.
  1421.          */
  1422.         if (ngx_quic_handle_migration(c, pkt) != NGX_OK) {
  1423.             return NGX_ERROR;
  1424.         }
  1425.     }

  1427.     if (ngx_quic_ack_packet(c, pkt) != NGX_OK) {
  1428.         return NGX_ERROR;
  1429.     }

  1431.     return NGX_OK;
  1432. }


  1435. static void
  1436. ngx_quic_push_handler(ngx_event_t *ev)
  1437. {
  1438.     ngx_connection_t  *c;

  1440.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "quic push handler");

  1442.     c = ev->data;

  1444.     if (ngx_quic_output(c) != NGX_OK) {
  1445.         ngx_quic_close_connection(c, NGX_ERROR);
  1446.         return;
  1447.     }

  1449.     ngx_quic_connstate_dbg(c);
  1450. }


  1453. void
  1454. ngx_quic_shutdown_quic(ngx_connection_t *c)
  1455. {
  1456.     ngx_quic_connection_t  *qc;

  1458.     if (c->reusable) {
  1459.         qc = ngx_quic_get_connection(c);
  1460.         ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason);
  1461.     }
  1462. }

One Level Up Top Level