[PATCH 2 of 3] QUIC: relocated early streams initialization

Sergey Kandaurov pluknet at nginx.com
Mon Jun 6 10:43:40 UTC 2022 

> 
> On 2 Jun 2022, at 17:52, Roman Arutyunyan <arut at nginx.com> wrote:
> 
> # HG changeset patch
> # User Roman Arutyunyan <arut at nginx.com>
> # Date 1654177819 -14400
> #      Thu Jun 02 17:50:19 2022 +0400
> # Branch quic
> # Node ID d3857a6df35c7a1d063e1a5776b6392afde16db2
> # Parent  617ec472690620cc75c473f97555138a4bc7d38b
> QUIC: relocated early streams initialization.
> 
> Previously, early streams initialization took place right after receiving early
> data keys.  Now it's done after successful decryption of the first early data
> packet.
> 
> The changes allows to perform operations in the streams initializer function,
> which require client transport parameters.  An example of such operation is
> creating a server stream.
> 
> diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
> --- a/src/event/quic/ngx_event_quic.c
> +++ b/src/event/quic/ngx_event_quic.c
> @@ -1032,6 +1032,12 @@ ngx_quic_handle_payload(ngx_connection_t
>        return ngx_quic_send_cc(c);
>    }
> 
> +    if (pkt->level == ssl_encryption_early_data) {
> +        if (ngx_quic_init_streams(c) != NGX_OK) {
> +            return NGX_ERROR;
> +        }
> +    }
> +
>    pkt->received = ngx_current_msec;
> 
>    c->log->action = "handling payload";
> diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
> --- a/src/event/quic/ngx_event_quic_ssl.c
> +++ b/src/event/quic/ngx_event_quic_ssl.c
> @@ -80,12 +80,6 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t 
>        return 0;
>    }
> 
> -    if (level == ssl_encryption_early_data) {
> -        if (ngx_quic_init_streams(c) != NGX_OK) {
> -            return 0;
> -        }
> -    }
> -
>    return 1;
> }
> 
> @@ -150,14 +144,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
>        return 0;
>    }
> 
> -    if (level == ssl_encryption_early_data) {
> -        if (ngx_quic_init_streams(c) != NGX_OK) {
> -            return 0;
> -        }
> -
> -        return 1;
> -    }
> -

As discussed in private, it still needs surrounding condition.
Otherwise, seems to be good.

> #ifdef NGX_QUIC_DEBUG_CRYPTO
>    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
>                   "quic write secret len:%uz %*xs", secret_len,
> 

-- 
Sergey Kandaurov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220606/437e5030/attachment.htm>

More information about the nginx-devel mailing list