return 0;
}
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ if (qc->scid.len != qc->ctp.initial_scid.len
+ || ngx_memcmp(qc->scid.data, qc->ctp.initial_scid.data,
+ qc->scid.len) != 0)
+ {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "quic client initial_source_connection_id mismatch");
+ return 0;
+ }
+#endif
+
qc->client_tp_done = 1;
}
}
return NGX_ERROR;
}
+ qc->tp.original_dcid = c->quic->odcid;
+ qc->tp.initial_scid = c->quic->dcid;
+
qc->scid.len = pkt->scid.len;
qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len);
if (qc->scid.data == NULL) {
}
c->quic->token = token;
- c->quic->tp.original_connection_id = c->quic->odcid;
+ c->quic->tp.retry_scid = c->quic->dcid;
c->quic->in_retry = 1;
return NGX_OK;
}
qc = c->quic;
+ qc->tp.initial_scid = c->quic->dcid;
keys = &c->quic->keys[ssl_encryption_initial];
#include <ngx_core.h>
+/* Supported drafts: 27, 28 */
#define NGX_QUIC_DRAFT_VERSION 27
#define NGX_QUIC_VERSION (0xff000000 + NGX_QUIC_DRAFT_VERSION)
ngx_uint_t ack_delay_exponent;
ngx_uint_t disable_active_migration;
ngx_uint_t active_connection_id_limit;
- ngx_str_t original_connection_id;
+ ngx_str_t original_dcid;
+ ngx_str_t initial_scid;
+ ngx_str_t retry_scid;
ngx_flag_t retry;
u_char token_key[32]; /* AES 256 */
ngx_quic_tp_t *dst)
{
uint64_t varint;
+ ngx_str_t str;
+
+ varint = 0;
+ ngx_str_null(&str);
switch (id) {
}
break;
+ case NGX_QUIC_TP_INITIAL_SCID:
+
+ str.len = end - p;
+ p = ngx_quic_read_bytes(p, end, str.len, &str.data);
+ break;
+
default:
return NGX_DECLINED;
}
dst->active_connection_id_limit = varint;
break;
+ case NGX_QUIC_TP_INITIAL_SCID:
+ dst->initial_scid = str;
+ break;
+
default:
return NGX_ERROR;
}
}
switch (id) {
- case NGX_QUIC_TP_ORIGINAL_CONNECTION_ID:
+ case NGX_QUIC_TP_ORIGINAL_DCID:
case NGX_QUIC_TP_PREFERRED_ADDRESS:
+ case NGX_QUIC_TP_RETRY_SCID:
case NGX_QUIC_TP_STATELESS_RESET_TOKEN:
ngx_log_error(NGX_LOG_INFO, log, 0,
"quic client sent forbidden transport param"
"quic tp active_connection_id_limit: %ui",
tp->active_connection_id_limit);
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ ngx_quic_hexdump(log, "quic tp initial_source_connection_id:",
+ tp->initial_scid.data, tp->initial_scid.len);
+#endif
+
return NGX_OK;
}
len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
tp->max_idle_timeout);
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
+ len += ngx_quic_tp_strlen(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
+#endif
+
if (tp->retry) {
- len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_CONNECTION_ID,
- tp->original_connection_id);
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ len += ngx_quic_tp_strlen(NGX_QUIC_TP_RETRY_SCID, tp->retry_scid);
+#else
+ len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
+#endif
}
if (pos == NULL) {
ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
tp->max_idle_timeout);
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
+ ngx_quic_tp_str(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
+#endif
+
if (tp->retry) {
- ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_CONNECTION_ID,
- tp->original_connection_id);
+#if (NGX_QUIC_DRAFT_VERSION >= 28)
+ ngx_quic_tp_str(NGX_QUIC_TP_RETRY_SCID, tp->retry_scid);
+#else
+ ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
+#endif
}
return p - pos;
#define NGX_QUIC_ERR_LAST NGX_QUIC_ERR_CRYPTO_ERROR
/* Transport parameters */
-#define NGX_QUIC_TP_ORIGINAL_CONNECTION_ID 0x00
+#define NGX_QUIC_TP_ORIGINAL_DCID 0x00
#define NGX_QUIC_TP_MAX_IDLE_TIMEOUT 0x01
#define NGX_QUIC_TP_STATELESS_RESET_TOKEN 0x02
#define NGX_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03
#define NGX_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0C
#define NGX_QUIC_TP_PREFERRED_ADDRESS 0x0D
#define NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0E
+#define NGX_QUIC_TP_INITIAL_SCID 0x0F
+#define NGX_QUIC_TP_RETRY_SCID 0x10
#define NGX_QUIC_CID_LEN_MIN 8
#define NGX_QUIC_CID_LEN_MAX 20