9086:f68fdb017141 | 03-Apr-2023 |
Roman Arutyunyan |
QUIC: optimized sending stream response.
When a stream is created by client, it's often the case that nginx will send immediate response on that stream. An example is HTTP/3 request stream, which i
QUIC: optimized sending stream response.
When a stream is created by client, it's often the case that nginx will send immediate response on that stream. An example is HTTP/3 request stream, which in most cases quickly replies with at least HTTP headers.
QUIC stream init handlers are called from a posted event. Output QUIC frames are also sent to client from a posted event, called the push event. If the push event is posted before the stream init event, then output produced by stream may trigger sending an extra UDP datagram. To address this, push event is now re-posted when a new stream init event is posted.
An example is handling 0-RTT packets. Client typically sends an init packet coalesced with a 0-RTT packet. Previously, nginx replied with a padded CRYPTO datagram, followed by a 1-RTT stream reply datagram. Now CRYPTO and STREAM packets are coalesced in one reply datagram, which saves bandwidth.
Other examples include coalescing 1-RTT first stream response, and MAX_STREAMS/STREAM sent in response to ACK/STREAM.
show more ...
|
9085:0af598651e33 | 29-Mar-2023 |
Sergey Kandaurov |
Merged with the default branch. |
9084:efd91f6afa8d | 15-Mar-2023 |
Roman Arutyunyan |
QUIC: style. |
9083:5fd628b89bb7 | 24-Mar-2023 |
Sergey Kandaurov |
HTTP/3: fixed OpenSSL compatibility layer initialization.
SSL context is not present if the default server has neither certificates nor ssl_reject_handshake enabled. Previously, this led to null po
HTTP/3: fixed OpenSSL compatibility layer initialization.
SSL context is not present if the default server has neither certificates nor ssl_reject_handshake enabled. Previously, this led to null pointer dereference before it would be caught with configuration checks.
Additionally, non-default servers with distinct SSL contexts need to initialize compatibility layer in order to complete a QUIC handshake.
show more ...
|
9082:f4279edda9fd | 26-Jan-2023 |
Roman Arutyunyan |
HTTP/3: trigger more compatibility errors for "listen quic".
Now "ssl", "proxy_protocol" and "http2" are not allowed with "quic" in "listen" directive. Previously, only "ssl" was not allowed. |
9081:c851a2ed5ce8 | 27-Feb-2023 |
Roman Arutyunyan |
HTTP/3: "quic" parameter of "listen" directive.
Now "listen" directve has a new "quic" parameter which enables QUIC protocol for the address. Further, to enable HTTP/3, a new directive "http3" is i
HTTP/3: "quic" parameter of "listen" directive.
Now "listen" directve has a new "quic" parameter which enables QUIC protocol for the address. Further, to enable HTTP/3, a new directive "http3" is introduced. The hq-interop protocol is enabled by "http3_hq" as before. Now application protocol is chosen by ALPN.
Previously used "http3" parameter of "listen" is deprecated.
show more ...
|
9080:7da4791e0264 | 22-Feb-2023 |
Roman Arutyunyan |
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT. |
9079:639fa6723700 | 23-Feb-2023 |
Sergey Kandaurov |
QUIC: improved ssl_reject_handshake error logging.
The check follows the ngx_ssl_handshake() change in 59e1c73fe02b. |
9078:0f4f781e57c1 | 23-Feb-2023 |
Sergey Kandaurov |
QUIC: using ngx_ssl_handshake_log(). |
9077:cb7dc35ed428 | 23-Feb-2023 |
Sergey Kandaurov |
QUIC: moved "handshake failed" reason to send_alert.
A QUIC handshake failure breaks down into several cases: - a handshake error which leads to a send_alert call - an error triggered by the add_han
QUIC: moved "handshake failed" reason to send_alert.
A QUIC handshake failure breaks down into several cases: - a handshake error which leads to a send_alert call - an error triggered by the add_handshake_data callback - internal errors (allocation etc)
Previously, in the first case, only error code was set in the send_alert callback. Now the "handshake failed" reason phrase is set there as well. In the second case, both code and reason are set by add_handshake_data. In the last case, setting reason phrase is removed: returning NGX_ERROR now leads to closing the connection with just INTERNAL_ERROR.
Reported by Jiuzhou Cui.
show more ...
|
9076:5dcea9f91482 | 23-Feb-2023 |
Sergey Kandaurov |
QUIC: using NGX_QUIC_ERR_CRYPTO macro in ALPN checks.
Patch by Jiuzhou Cui. |
9075:12b756caaf16 | 13-Feb-2023 |
Sergey Kandaurov |
QUIC: fixed indentation. |
9072:def8e398d7c5 | 31-Jan-2023 |
Roman Arutyunyan |
QUIC: fixed broken token in NEW_TOKEN (ticket #2446).
Previously, since 3550b00d9dc8, the token was allocated on stack, to get rid of pool usage. Now the token is allocated by ngx_quic_copy_buffer(
QUIC: fixed broken token in NEW_TOKEN (ticket #2446).
Previously, since 3550b00d9dc8, the token was allocated on stack, to get rid of pool usage. Now the token is allocated by ngx_quic_copy_buffer() in QUIC buffers, also used for STREAM, CRYPTO and ACK frames.
show more ...
|
9071:3c98fa8fef6f | 31-Jan-2023 |
Roman Arutyunyan |
QUIC: ngx_quic_copy_buffer() function.
The function copies passed data to QUIC buffer chain and returns it. The chain can be used in ngx_quic_frame_t data field. |
9069:03897c45798e | 18-Jan-2023 |
Sergey Kandaurov |
QUIC: defer setting the active flag for client stream events.
Specifically, now it is kept unset until streams are initialized. Notably, this unbreaks OCSP with client certificates after 35e27117b59
QUIC: defer setting the active flag for client stream events.
Specifically, now it is kept unset until streams are initialized. Notably, this unbreaks OCSP with client certificates after 35e27117b593. Previously, the read event could be posted prematurely via ngx_quic_set_event() e.g., as part of handling a STREAM frame.
show more ...
|
9068:bf2267887014 | 10-Jan-2023 |
Roman Arutyunyan |
QUIC: relocated ngx_quic_init_streams() for 0-RTT.
Previously, streams were initialized in early keys handler. However, client transport parameters may not be available by then. This happens, for
QUIC: relocated ngx_quic_init_streams() for 0-RTT.
Previously, streams were initialized in early keys handler. However, client transport parameters may not be available by then. This happens, for example, when using QuicTLS. Now streams are initialized in ngx_quic_crypto_input() after calling SSL_do_handshake() for both 0-RTT and 1-RTT.
show more ...
|
9067:6bb884dc7291 | 05-Jan-2023 |
Roman Arutyunyan |
HTTP/3: insert count block timeout.
Previously, there was no timeout for a request stream blocked on insert count, which could result in infinite wait. Now client_header_timeout is set when stream
HTTP/3: insert count block timeout.
Previously, there was no timeout for a request stream blocked on insert count, which could result in infinite wait. Now client_header_timeout is set when stream is first blocked.
show more ...
|
9066:eaa8dc3788e1 | 05-Jan-2023 |
Roman Arutyunyan |
HTTP/3: trigger 400 (Bad Request) on stream error while blocked.
Previously, stream was closed with NGX_HTTP_CLOSE. However, in a similar case when recv() returns eof or error, status 400 is trigge
HTTP/3: trigger 400 (Bad Request) on stream error while blocked.
Previously, stream was closed with NGX_HTTP_CLOSE. However, in a similar case when recv() returns eof or error, status 400 is triggered.
show more ...
|
9065:2ee6f9729739 | 10-Jan-2023 |
Roman Arutyunyan |
QUIC: set stream error flag on reset.
Now, when RESET_STREAM is sent or received, or when streams are closed, stream connection error flag is set. Previously, only stream state was changed, which r
QUIC: set stream error flag on reset.
Now, when RESET_STREAM is sent or received, or when streams are closed, stream connection error flag is set. Previously, only stream state was changed, which resulted in setting the error flag only after calling recv()/send()/send_chain(). However, there are cases when none of these functions is called, but it's still important to know if the stream is being closed. For example, when an HTTP/3 request stream is blocked on insert count, receiving RESET_STREAM should trigger stream closure, which was not the case.
The change also fixes ngx_http_upstream_check_broken_connection() and ngx_http_test_reading() with QUIC streams.
show more ...
|
9064:35e27117b593 | 10-Jan-2023 |
Roman Arutyunyan |
QUIC: automatically add and never delete stream events.
Previously, stream events were added and deleted by ngx_handle_read_event() and ngx_handle_write_event() in a way similar to level-triggered e
QUIC: automatically add and never delete stream events.
Previously, stream events were added and deleted by ngx_handle_read_event() and ngx_handle_write_event() in a way similar to level-triggered events. However, QUIC stream events are effectively edge-triggered and can stay active all time. Moreover, the events are now active since the moment a stream is created.
show more ...
|
9063:e3760b9b7c8e | 10-Jan-2023 |
Sergey Kandaurov |
HTTP/3: fixed $connection_time.
Previously, start_time wasn't set for a new stream. The fix is to derive it from the parent connection. Also it's used to simplify tracking keepalive_time. |
9062:987bee4363d1 | 03-Jan-2023 |
Roman Arutyunyan |
HTTP/3: handled insertion reference to a going to be evicted entry.
As per RFC 9204, section 3.2.2, a new entry can reference an entry in the dynamic table that will be evicted when adding this new
HTTP/3: handled insertion reference to a going to be evicted entry.
As per RFC 9204, section 3.2.2, a new entry can reference an entry in the dynamic table that will be evicted when adding this new entry into the dynamic table.
Previously, such inserts resulted in use-after-free since the old entry was evicted before the insertion (ticket #2431). Now it's evicted after the insertion.
This change fixes Insert with Name Reference and Duplicate encoder instructions.
show more ...
|
9061:af5adec171b4 | 02-Jan-2023 |
Sergey Kandaurov |
Merged with the default branch. |
9060:91ad1abfb285 | 15-Dec-2022 |
Sergey Kandaurov |
Merged with the default branch. |
9059:b87a0dbc1150 | 24-Oct-2022 |
Roman Arutyunyan |
HTTP/3: implement keepalive for hq.
Previously, keepalive timer was deleted in ngx_http_v3_wait_request_handler() and set in request cleanup handler. This worked for HTTP/3 connections, but not for
HTTP/3: implement keepalive for hq.
Previously, keepalive timer was deleted in ngx_http_v3_wait_request_handler() and set in request cleanup handler. This worked for HTTP/3 connections, but not for hq connections. Now keepalive timer is deleted in ngx_http_v3_init_request_stream() and set in connection cleanup handler, which works both for HTTP/3 and hq.
show more ...
|