[PATCH 2 of 2] QUIC: init_streams() callback
Roman Arutyunyan
arut at nginx.com
Thu Jun 2 13:45:09 UTC 2022
On Tue, May 31, 2022 at 01:53:08AM +0400, Sergey Kandaurov wrote:
>
> > On 18 May 2022, at 10:57, Roman Arutyunyan <arut at nginx.com> wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan <arut at nginx.com>
> > # Date 1652856132 -14400
> > # Wed May 18 10:42:12 2022 +0400
> > # Branch quic
> > # Node ID a0f2d69f1fe43dfc718262235bf04d7b05f1fd68
> > # Parent 67ae4b649f2e38a44b245b7a842cf396c8250f02
> > QUIC: init_streams() callback.
> >
> > It's called after handshake completion to initialize application-level data
> > prior to creating streams.
>
> See below for 0-RTT case.
>
> >
> > HTTP/3 callback implementation switches main QUIC connection to idle and
> > reusable modes and sets keepalive timer.
> >
> > diff --git a/src/event/quic/ngx_event_quic.h b/src/event/quic/ngx_event_quic.h
> > --- a/src/event/quic/ngx_event_quic.h
> > +++ b/src/event/quic/ngx_event_quic.h
> > @@ -28,6 +28,9 @@
> > #define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02
> >
> >
> > +typedef ngx_int_t (*ngx_quic_init_streams_pt)(ngx_connection_t *c);
> > +
> > +
> > typedef enum {
> > NGX_QUIC_STREAM_SEND_READY = 0,
> > NGX_QUIC_STREAM_SEND_SEND,
> > @@ -74,6 +77,8 @@ typedef struct {
> > ngx_int_t stream_reject_code_uni;
> > ngx_int_t stream_reject_code_bidi;
> >
> > + ngx_quic_init_streams_pt init_streams;
> > +
> > u_char av_token_key[NGX_QUIC_AV_KEY_LEN];
> > u_char sr_token_key[NGX_QUIC_SR_KEY_LEN];
> > } ngx_quic_conf_t;
> > diff --git a/src/event/quic/ngx_event_quic_streams.c b/src/event/quic/ngx_event_quic_streams.c
> > --- a/src/event/quic/ngx_event_quic_streams.c
> > +++ b/src/event/quic/ngx_event_quic_streams.c
> > @@ -21,6 +21,7 @@ static ngx_quic_stream_t *ngx_quic_get_s
> > static ngx_int_t ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id);
> > static void ngx_quic_init_stream_handler(ngx_event_t *ev);
> > static void ngx_quic_init_streams_handler(ngx_connection_t *c);
> > +static ngx_int_t ngx_quic_do_init_streams(ngx_connection_t *c);
> > static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c,
> > uint64_t id);
> > static void ngx_quic_empty_handler(ngx_event_t *ev);
> > @@ -571,15 +572,22 @@ ngx_quic_init_streams(ngx_connection_t *
> > return NGX_OK;
> > }
> >
> > - ngx_quic_init_streams_handler(c);
> > -
> > - return NGX_OK;
> > + return ngx_quic_do_init_streams(c);
> > }
> >
> >
> > static void
> > ngx_quic_init_streams_handler(ngx_connection_t *c)
> > {
> > + if (ngx_quic_do_init_streams(c) != NGX_OK) {
> > + ngx_quic_close_connection(c, NGX_ERROR);
> > + }
> > +}
> > +
> > +
> > +static ngx_int_t
> > +ngx_quic_do_init_streams(ngx_connection_t *c)
> > +{
> > ngx_queue_t *q;
> > ngx_quic_stream_t *qs;
> > ngx_quic_connection_t *qc;
> > @@ -588,6 +596,12 @@ ngx_quic_init_streams_handler(ngx_connec
> >
> > qc = ngx_quic_get_connection(c);
> >
> > + if (qc->conf->init_streams) {
> > + if (qc->conf->init_streams(c) != NGX_OK) {
> > + return NGX_ERROR;
> > + }
> > + }
> > +
> > for (q = ngx_queue_head(&qc->streams.uninitialized);
> > q != ngx_queue_sentinel(&qc->streams.uninitialized);
> > q = ngx_queue_next(q))
> > @@ -597,6 +611,8 @@ ngx_quic_init_streams_handler(ngx_connec
> > }
> >
> > qc->streams.initialized = 1;
> > +
> > + return NGX_OK;
> > }
> >
> >
> > diff --git a/src/http/v3/ngx_http_v3.c b/src/http/v3/ngx_http_v3.c
> > --- a/src/http/v3/ngx_http_v3.c
> > +++ b/src/http/v3/ngx_http_v3.c
> > @@ -17,21 +17,15 @@ static void ngx_http_v3_cleanup_session(
> > ngx_int_t
> > ngx_http_v3_init_session(ngx_connection_t *c)
> > {
> > - ngx_connection_t *pc;
> > ngx_pool_cleanup_t *cln;
> > ngx_http_connection_t *hc;
> > ngx_http_v3_session_t *h3c;
> >
> > - pc = c->quic->parent;
> > - hc = pc->data;
> > -
> > - if (hc->v3_session) {
> > - return NGX_OK;
> > - }
> > + hc = c->data;
> >
> > ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 init session");
> >
> > - h3c = ngx_pcalloc(pc->pool, sizeof(ngx_http_v3_session_t));
> > + h3c = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_session_t));
> > if (h3c == NULL) {
> > goto failed;
> > }
> > @@ -42,16 +36,16 @@ ngx_http_v3_init_session(ngx_connection_
> > ngx_queue_init(&h3c->blocked);
> > ngx_queue_init(&h3c->pushing);
> >
> > - h3c->keepalive.log = pc->log;
> > - h3c->keepalive.data = pc;
> > + h3c->keepalive.log = c->log;
> > + h3c->keepalive.data = c;
> > h3c->keepalive.handler = ngx_http_v3_keepalive_handler;
> > h3c->keepalive.cancelable = 1;
> >
> > - h3c->table.send_insert_count.log = pc->log;
> > - h3c->table.send_insert_count.data = pc;
> > + h3c->table.send_insert_count.log = c->log;
> > + h3c->table.send_insert_count.data = c;
> > h3c->table.send_insert_count.handler = ngx_http_v3_inc_insert_count_handler;
> >
> > - cln = ngx_pool_cleanup_add(pc->pool, 0);
> > + cln = ngx_pool_cleanup_add(c->pool, 0);
> > if (cln == NULL) {
> > goto failed;
> > }
> > diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h
> > --- a/src/http/v3/ngx_http_v3.h
> > +++ b/src/http/v3/ngx_http_v3.h
> > @@ -153,6 +153,7 @@ struct ngx_http_v3_session_s {
> >
> > void ngx_http_v3_init(ngx_connection_t *c);
> > void ngx_http_v3_reset_connection(ngx_connection_t *c);
> > +ngx_int_t ngx_http_v3_init_streams(ngx_connection_t *c);
> > ngx_int_t ngx_http_v3_init_session(ngx_connection_t *c);
> > ngx_int_t ngx_http_v3_check_flood(ngx_connection_t *c);
> >
> > diff --git a/src/http/v3/ngx_http_v3_module.c b/src/http/v3/ngx_http_v3_module.c
> > --- a/src/http/v3/ngx_http_v3_module.c
> > +++ b/src/http/v3/ngx_http_v3_module.c
> > @@ -249,6 +249,8 @@ ngx_http_v3_create_srv_conf(ngx_conf_t *
> > h3scf->quic.stream_reject_code_bidi = NGX_HTTP_V3_ERR_REQUEST_REJECTED;
> > h3scf->quic.active_connection_id_limit = NGX_CONF_UNSET_UINT;
> >
> > + h3scf->quic.init_streams = ngx_http_v3_init_streams;
> > +
> > return h3scf;
> > }
> >
> > diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
> > --- a/src/http/v3/ngx_http_v3_request.c
> > +++ b/src/http/v3/ngx_http_v3_request.c
> > @@ -93,11 +93,6 @@ ngx_http_v3_init(ngx_connection_t *c)
> > }
> > #endif
> >
> > - if (ngx_http_v3_init_session(c) != NGX_OK) {
> > - ngx_http_close_connection(c);
> > - return;
> > - }
> > -
> > if (c->quic->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) {
> > ngx_http_v3_init_uni_stream(c);
> >
> > @@ -107,6 +102,43 @@ ngx_http_v3_init(ngx_connection_t *c)
> > }
> >
> >
> > +ngx_int_t
> > +ngx_http_v3_init_streams(ngx_connection_t *c)
> > +{
> > + ngx_http_v3_session_t *h3c;
> > + ngx_http_connection_t *hc;
> > + ngx_http_v3_srv_conf_t *h3scf;
> > + ngx_http_core_loc_conf_t *clcf;
> > +
> > + if (ngx_terminate || ngx_exiting) {
> > + return NGX_ERROR;
> > + }
> > +
> > + hc = c->data;
> > +
> > + h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module);
> > +
> > +#if (NGX_HTTP_V3_HQ)
> > + if (h3scf->hq) {
> > + return NGX_OK;
> > + }
> > +#endif
>
> Clang complains about unused variables:
>
> diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
> --- a/src/http/v3/ngx_http_v3_request.c
> +++ b/src/http/v3/ngx_http_v3_request.c
> @@ -106,22 +106,26 @@ ngx_int_t
> ngx_http_v3_init_streams(ngx_connection_t *c)
> {
> ngx_http_v3_session_t *h3c;
> +#if (NGX_HTTP_V3_HQ)
> ngx_http_connection_t *hc;
> ngx_http_v3_srv_conf_t *h3scf;
> +#endif
> ngx_http_core_loc_conf_t *clcf;
>
> if (ngx_terminate || ngx_exiting) {
> return NGX_ERROR;
> }
>
> +#if (NGX_HTTP_V3_HQ)
> +
> hc = c->data;
>
> h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module);
>
> -#if (NGX_HTTP_V3_HQ)
> if (h3scf->hq) {
> return NGX_OK;
> }
> +
> #endif
Thanks, fixed.
> if (ngx_http_v3_init_session(c) != NGX_OK) {
>
> > +
> > + if (ngx_http_v3_init_session(c) != NGX_OK) {
> > + return NGX_ERROR;
> > + }
>
> If 0-RTT data is accepted, ngx_http_v3_init_session() is called too early,
> before SSL_do_handshake() is used to apply client transport parameters.
> In particular that means inability to open a server unidirectional stream.
Discussed this. The issue manifests itself with QuicTLS because of callback
order. With BoringSSL is ok.
I suggest another patch that relocates ngx_quic_init_streams() call from
where we receive early keys to where we successfully decrypt the first
early data packet. This relocation should fix the issue for all libraries.
> > +
> > + c->idle = 1;
> > + ngx_reusable_connection(c, 1);
> > +
> > + h3c = ngx_http_v3_get_session(c);
> > + clcf = ngx_http_v3_get_module_loc_conf(c, ngx_http_core_module);
> > + ngx_add_timer(&h3c->keepalive, clcf->keepalive_timeout);
> > +
> > + return NGX_OK;
> > +}
> > +
> > +
> > #if (NGX_HTTP_V3_HQ)
> >
> > static void
> >
>
> --
> Sergey Kandaurov
>
> _______________________________________________
> nginx-devel mailing list -- nginx-devel at nginx.org
> To unsubscribe send an email to nginx-devel-leave at nginx.org
More information about the nginx-devel
mailing list