IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Stream: removed QUIC support.

Browse Source
This commit is contained in:
Roman Arutyunyan 2023-05-14 12:05:35 +04:00
parent 089d1f6530
commit 779bfcff5f
12 changed files with 8 additions and 532 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README
View File

@ -58,10 +58,9 @@ Experimental QUIC support for nginx
Refer to http://nginx.org/en/docs/configure.html for details. Refer to http://nginx.org/en/docs/configure.html for details.
When configuring nginx, it's possible to enable QUIC and HTTP/3 When configuring nginx, it's possible to enable QUIC and HTTP/3
using the following new configuration options: using the following new configuration option:
--with-http_v3_module - enable QUIC and HTTP/3 --with-http_v3_module - enable QUIC and HTTP/3
--with-stream_quic_module - enable QUIC in Stream
A library that provides QUIC support is recommended to build nginx, there A library that provides QUIC support is recommended to build nginx, there
are several of those available on the market: are several of those available on the market:
@ -105,9 +104,6 @@ Experimental QUIC support for nginx
The HTTP "listen" directive got a new option "quic" which enables The HTTP "listen" directive got a new option "quic" which enables
QUIC as client transport protocol instead of TCP. QUIC as client transport protocol instead of TCP.
The Stream "listen" directive got a new option "quic" which enables
QUIC as client transport protocol instead of TCP or plain UDP.
Along with "quic", it's also possible to specify "reuseport" Along with "quic", it's also possible to specify "reuseport"
option [8] to make it work properly with multiple workers. option [8] to make it work properly with multiple workers.
@ -148,10 +144,6 @@ Experimental QUIC support for nginx
The value of $http3 is "h3" for HTTP/3 connections, The value of $http3 is "h3" for HTTP/3 connections,
"hq" for hq connections, or an empty string otherwise. "hq" for hq connections, or an empty string otherwise.
In stream, an additional variable is available: $quic.
The value of $quic is "quic" if QUIC connection is used,
or an empty string otherwise.
Example configuration: Example configuration:
http { http {
@ -190,7 +182,7 @@ Example configuration:
Syntax: quic_retry on | off; Syntax: quic_retry on | off;
Default: quic_retry off; Default: quic_retry off;
Context: http | stream, server Context: http, server
Enables the QUIC Address Validation feature. This includes: Enables the QUIC Address Validation feature. This includes:
- sending a new token in a Retry packet or a NEW_TOKEN frame - sending a new token in a Retry packet or a NEW_TOKEN frame
@ -199,7 +191,7 @@ Example configuration:
Syntax: quic_gso on | off; Syntax: quic_gso on | off;
Default: quic_gso off; Default: quic_gso off;
Context: http | stream, server Context: http, server
Enables sending in optimized batch mode using segmentation offloading. Enables sending in optimized batch mode using segmentation offloading.
Optimized sending is only supported on Linux featuring UDP_SEGMENT. Optimized sending is only supported on Linux featuring UDP_SEGMENT.
@ -207,7 +199,7 @@ Example configuration:
Syntax: quic_host_key file; Syntax: quic_host_key file;
Default: - Default: -
Context: http | stream, server Context: http, server
Specifies a file with the secret key used to encrypt stateless reset and Specifies a file with the secret key used to encrypt stateless reset and
address validation tokens. By default, a randomly generated key is used. address validation tokens. By default, a randomly generated key is used.
@ -215,24 +207,12 @@ Example configuration:
Syntax: quic_active_connection_id_limit number; Syntax: quic_active_connection_id_limit number;
Default: quic_active_connection_id_limit 2; Default: quic_active_connection_id_limit 2;
Context: http | stream, server Context: http, server
Sets the QUIC active_connection_id_limit transport parameter value. Sets the QUIC active_connection_id_limit transport parameter value.
This is the maximum number of connection IDs we are willing to store. This is the maximum number of connection IDs we are willing to store.
Syntax: quic_timeout time;
Default: quic_timeout 60s;
Context: stream, server
Defines a timeout used to negotiate the QUIC idle timeout.
In the http module, it is taken from the keepalive_timeout directive.
Syntax: quic_stream_buffer_size size;
Default: quic_stream_buffer_size 64k;
Context: stream, server
Syntax: http3_stream_buffer_size size; Syntax: http3_stream_buffer_size size;
Default: http3_stream_buffer_size 64k; Default: http3_stream_buffer_size 64k;
Context: http, server Context: http, server

14
auto/modules
View File

@ -1075,20 +1075,6 @@ if [ $STREAM != NO ]; then
ngx_module_incs= ngx_module_incs=
if [ $STREAM_QUIC = YES ]; then
USE_OPENSSL_QUIC=YES
have=NGX_STREAM_QUIC . auto/have
STREAM_SSL=YES
ngx_module_name=ngx_stream_quic_module
ngx_module_deps=src/stream/ngx_stream_quic_module.h
ngx_module_srcs=src/stream/ngx_stream_quic_module.c
ngx_module_libs=
ngx_module_link=$STREAM_QUIC
. auto/module
fi
if [ $STREAM_SSL = YES ]; then if [ $STREAM_SSL = YES ]; then
USE_OPENSSL=YES USE_OPENSSL=YES
have=NGX_STREAM_SSL . auto/have have=NGX_STREAM_SSL . auto/have

3
auto/options
View File

@ -119,7 +119,6 @@ MAIL_SMTP=YES
STREAM=NO STREAM=NO
STREAM_SSL=NO STREAM_SSL=NO
STREAM_QUIC=NO
STREAM_REALIP=NO STREAM_REALIP=NO
STREAM_LIMIT_CONN=YES STREAM_LIMIT_CONN=YES
STREAM_ACCESS=YES STREAM_ACCESS=YES
@ -324,7 +323,6 @@ use the \"--with-mail_ssl_module\" option instead"
--with-stream) STREAM=YES ;; --with-stream) STREAM=YES ;;
--with-stream=dynamic) STREAM=DYNAMIC ;; --with-stream=dynamic) STREAM=DYNAMIC ;;
--with-stream_ssl_module) STREAM_SSL=YES ;; --with-stream_ssl_module) STREAM_SSL=YES ;;
--with-stream_quic_module) STREAM_QUIC=YES ;;
--with-stream_realip_module) STREAM_REALIP=YES ;; --with-stream_realip_module) STREAM_REALIP=YES ;;
--with-stream_geoip_module) STREAM_GEOIP=YES ;; --with-stream_geoip_module) STREAM_GEOIP=YES ;;
--with-stream_geoip_module=dynamic) --with-stream_geoip_module=dynamic)
@ -547,7 +545,6 @@ cat << END
--with-stream enable TCP/UDP proxy module --with-stream enable TCP/UDP proxy module
--with-stream=dynamic enable dynamic TCP/UDP proxy module --with-stream=dynamic enable dynamic TCP/UDP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module --with-stream_ssl_module enable ngx_stream_ssl_module
--with-stream_quic_module enable ngx_stream_quic_module
--with-stream_realip_module enable ngx_stream_realip_module --with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module --with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module

23
src/stream/ngx_stream.c
View File

@ -518,22 +518,9 @@ ngx_stream_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports)
ls->reuseport = addr[i].opt.reuseport; ls->reuseport = addr[i].opt.reuseport;
#endif #endif
#if (NGX_STREAM_QUIC)
ls->quic = addr[i].opt.quic;
if (ls->quic) {
ngx_rbtree_init(&ls->rbtree, &ls->sentinel,
ngx_quic_rbtree_insert_value);
}
#endif
#if !(NGX_WIN32) #if !(NGX_WIN32)
if (!ls->quic) { ngx_rbtree_init(&ls->rbtree, &ls->sentinel,
ngx_rbtree_init(&ls->rbtree, &ls->sentinel, ngx_udp_rbtree_insert_value);
ngx_udp_rbtree_insert_value);
}
#endif #endif
stport = ngx_palloc(cf->pool, sizeof(ngx_stream_port_t)); stport = ngx_palloc(cf->pool, sizeof(ngx_stream_port_t));
@ -593,9 +580,6 @@ ngx_stream_add_addrs(ngx_conf_t *cf, ngx_stream_port_t *stport,
addrs[i].conf.ctx = addr[i].opt.ctx; addrs[i].conf.ctx = addr[i].opt.ctx;
#if (NGX_STREAM_SSL) #if (NGX_STREAM_SSL)
addrs[i].conf.ssl = addr[i].opt.ssl; addrs[i].conf.ssl = addr[i].opt.ssl;
#endif
#if (NGX_STREAM_QUIC)
addrs[i].conf.quic = addr[i].opt.quic;
#endif #endif
addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
addrs[i].conf.addr_text = addr[i].opt.addr_text; addrs[i].conf.addr_text = addr[i].opt.addr_text;
@ -631,9 +615,6 @@ ngx_stream_add_addrs6(ngx_conf_t *cf, ngx_stream_port_t *stport,
addrs6[i].conf.ctx = addr[i].opt.ctx; addrs6[i].conf.ctx = addr[i].opt.ctx;
#if (NGX_STREAM_SSL) #if (NGX_STREAM_SSL)
addrs6[i].conf.ssl = addr[i].opt.ssl; addrs6[i].conf.ssl = addr[i].opt.ssl;
#endif
#if (NGX_STREAM_QUIC)
addrs6[i].conf.quic = addr[i].opt.quic;
#endif #endif
addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
addrs6[i].conf.addr_text = addr[i].opt.addr_text; addrs6[i].conf.addr_text = addr[i].opt.addr_text;

6
src/stream/ngx_stream.h
View File

@ -16,10 +16,6 @@
#include <ngx_stream_ssl_module.h> #include <ngx_stream_ssl_module.h>
#endif #endif
#if (NGX_STREAM_QUIC)
#include <ngx_stream_quic_module.h>
#endif
typedef struct ngx_stream_session_s ngx_stream_session_t; typedef struct ngx_stream_session_s ngx_stream_session_t;
@ -55,7 +51,6 @@ typedef struct {
unsigned bind:1; unsigned bind:1;
unsigned wildcard:1; unsigned wildcard:1;
unsigned ssl:1; unsigned ssl:1;
unsigned quic:1;
#if (NGX_HAVE_INET6) #if (NGX_HAVE_INET6)
unsigned ipv6only:1; unsigned ipv6only:1;
#endif #endif
@ -81,7 +76,6 @@ typedef struct {
ngx_stream_conf_ctx_t *ctx; ngx_stream_conf_ctx_t *ctx;
ngx_str_t addr_text; ngx_str_t addr_text;
unsigned ssl:1; unsigned ssl:1;
unsigned quic:1;
unsigned proxy_protocol:1; unsigned proxy_protocol:1;
} ngx_stream_addr_conf_t; } ngx_stream_addr_conf_t;

29
src/stream/ngx_stream_core_module.c
View File

@ -760,29 +760,6 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#endif #endif
} }
if (ngx_strcmp(value[i].data, "quic") == 0) {
#if (NGX_STREAM_QUIC)
ngx_stream_ssl_conf_t *sslcf;
sslcf = ngx_stream_conf_get_module_srv_conf(cf,
ngx_stream_ssl_module);
sslcf->listen = 1;
sslcf->file = cf->conf_file->file.name.data;
sslcf->line = cf->conf_file->line;
ls->quic = 1;
ls->type = SOCK_DGRAM;
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"the \"quic\" parameter requires "
"ngx_stream_quic_module");
return NGX_CONF_ERROR;
#endif
}
if (ngx_strncmp(value[i].data, "so_keepalive=", 13) == 0) { if (ngx_strncmp(value[i].data, "so_keepalive=", 13) == 0) {
if (ngx_strcmp(&value[i].data[13], "on") == 0) { if (ngx_strcmp(&value[i].data[13], "on") == 0) {
@ -894,12 +871,6 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
} }
#endif #endif
#if (NGX_STREAM_SSL && NGX_STREAM_QUIC)
if (ls->ssl && ls->quic) {
return "\"ssl\" parameter is incompatible with \"quic\"";
}
#endif
if (ls->so_keepalive) { if (ls->so_keepalive) {
return "\"so_keepalive\" parameter is incompatible with \"udp\""; return "\"so_keepalive\" parameter is incompatible with \"udp\"";
} }

19
src/stream/ngx_stream_handler.c
View File

@ -129,10 +129,6 @@ ngx_stream_init_connection(ngx_connection_t *c)
s->ssl = addr_conf->ssl; s->ssl = addr_conf->ssl;
#endif #endif
#if (NGX_STREAM_QUIC)
s->ssl |= addr_conf->quic;
#endif
if (c->buffer) { if (c->buffer) {
s->received += c->buffer->last - c->buffer->pos; s->received += c->buffer->last - c->buffer->pos;
} }
@ -177,21 +173,6 @@ ngx_stream_init_connection(ngx_connection_t *c)
s->start_sec = tp->sec; s->start_sec = tp->sec;
s->start_msec = tp->msec; s->start_msec = tp->msec;
#if (NGX_STREAM_QUIC)
if (addr_conf->quic) {
ngx_quic_conf_t *qcf;
if (c->quic == NULL) {
qcf = ngx_stream_get_module_srv_conf(addr_conf->ctx,
ngx_stream_quic_module);
ngx_quic_run(c, qcf);
return;
}
}
#endif
rev = c->read; rev = c->read;
rev->handler = ngx_stream_session_handler; rev->handler = ngx_stream_session_handler;

15
src/stream/ngx_stream_proxy_module.c
View File

@ -1772,21 +1772,6 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
if (dst->type == SOCK_STREAM && pscf->half_close if (dst->type == SOCK_STREAM && pscf->half_close
&& src->read->eof && !u->half_closed && !dst->buffered) && src->read->eof && !u->half_closed && !dst->buffered)
{ {
#if (NGX_STREAM_QUIC)
if (dst->quic) {
if (ngx_quic_shutdown_stream(dst, NGX_WRITE_SHUTDOWN)
!= NGX_OK)
{
ngx_stream_proxy_finalize(s,
NGX_STREAM_INTERNAL_SERVER_ERROR);
return;
}
} else
#endif
if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) {
ngx_connection_error(c, ngx_socket_errno, ngx_connection_error(c, ngx_socket_errno,
ngx_shutdown_socket_n " failed"); ngx_shutdown_socket_n " failed");

343
src/stream/ngx_stream_quic_module.c
View File

@ -1,343 +0,0 @@
/*
* Copyright (C) Nginx, Inc.
* Copyright (C) Roman Arutyunyan
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_stream.h>
static ngx_int_t ngx_stream_variable_quic(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_stream_quic_add_variables(ngx_conf_t *cf);
static void *ngx_stream_quic_create_srv_conf(ngx_conf_t *cf);
static char *ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent,
void *child);
static char *ngx_stream_quic_host_key(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static ngx_command_t ngx_stream_quic_commands[] = {
{ ngx_string("quic_timeout"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_quic_conf_t, timeout),
NULL },
{ ngx_string("quic_stream_buffer_size"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_size_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_quic_conf_t, stream_buffer_size),
NULL },
{ ngx_string("quic_retry"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_quic_conf_t, retry),
NULL },
{ ngx_string("quic_gso"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_quic_conf_t, gso_enabled),
NULL },
{ ngx_string("quic_host_key"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
ngx_stream_quic_host_key,
NGX_STREAM_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("quic_active_connection_id_limit"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_quic_conf_t, active_connection_id_limit),
NULL },
ngx_null_command
};
static ngx_stream_module_t ngx_stream_quic_module_ctx = {
ngx_stream_quic_add_variables, /* preconfiguration */
NULL, /* postconfiguration */
NULL, /* create main configuration */
NULL, /* init main configuration */
ngx_stream_quic_create_srv_conf, /* create server configuration */
ngx_stream_quic_merge_srv_conf, /* merge server configuration */
};
ngx_module_t ngx_stream_quic_module = {
NGX_MODULE_V1,
&ngx_stream_quic_module_ctx, /* module context */
ngx_stream_quic_commands, /* module directives */
NGX_STREAM_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static ngx_stream_variable_t ngx_stream_quic_vars[] = {
{ ngx_string("quic"), NULL, ngx_stream_variable_quic, 0, 0, 0 },
ngx_stream_null_variable
};
static ngx_str_t ngx_stream_quic_salt = ngx_string("ngx_quic");
static ngx_int_t
ngx_stream_variable_quic(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data)
{
if (s->connection->quic) {
v->len = 4;
v->valid = 1;
v->no_cacheable = 1;
v->not_found = 0;
v->data = (u_char *) "quic";
return NGX_OK;
}
v->not_found = 1;
return NGX_OK;
}
static ngx_int_t
ngx_stream_quic_add_variables(ngx_conf_t *cf)
{
ngx_stream_variable_t *var, *v;
for (v = ngx_stream_quic_vars; v->name.len; v++) {
var = ngx_stream_add_variable(cf, &v->name, v->flags);
if (var == NULL) {
return NGX_ERROR;
}
var->get_handler = v->get_handler;
var->data = v->data;
}
return NGX_OK;
}
static void *
ngx_stream_quic_create_srv_conf(ngx_conf_t *cf)
{
ngx_quic_conf_t *conf;
conf = ngx_pcalloc(cf->pool, sizeof(ngx_quic_conf_t));
if (conf == NULL) {
return NULL;
}
/*
* set by ngx_pcalloc():
*
* conf->host_key = { 0, NULL }
* conf->stream_close_code = 0;
* conf->stream_reject_code_uni = 0;
* conf->stream_reject_code_bidi= 0;
*/
conf->timeout = NGX_CONF_UNSET_MSEC;
conf->stream_buffer_size = NGX_CONF_UNSET_SIZE;
conf->max_concurrent_streams_bidi = NGX_CONF_UNSET_UINT;
conf->max_concurrent_streams_uni = NGX_CONF_UNSET_UINT;
conf->retry = NGX_CONF_UNSET;
conf->gso_enabled = NGX_CONF_UNSET;
conf->active_connection_id_limit = NGX_CONF_UNSET_UINT;
return conf;
}
static char *
ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_quic_conf_t *prev = parent;
ngx_quic_conf_t *conf = child;
ngx_stream_ssl_conf_t *scf;
ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000);
ngx_conf_merge_size_value(conf->stream_buffer_size,
prev->stream_buffer_size,
65536);
ngx_conf_merge_uint_value(conf->max_concurrent_streams_bidi,
prev->max_concurrent_streams_bidi, 16);
ngx_conf_merge_uint_value(conf->max_concurrent_streams_uni,
prev->max_concurrent_streams_uni, 3);
ngx_conf_merge_value(conf->retry, prev->retry, 0);
ngx_conf_merge_value(conf->gso_enabled, prev->gso_enabled, 0);
ngx_conf_merge_str_value(conf->host_key, prev->host_key, "");
ngx_conf_merge_uint_value(conf->active_connection_id_limit,
conf->active_connection_id_limit,
2);
if (conf->host_key.len == 0) {
conf->host_key.len = NGX_QUIC_DEFAULT_HOST_KEY_LEN;
conf->host_key.data = ngx_palloc(cf->pool, conf->host_key.len);
if (conf->host_key.data == NULL) {
return NGX_CONF_ERROR;
}
if (RAND_bytes(conf->host_key.data, NGX_QUIC_DEFAULT_HOST_KEY_LEN)
<= 0)
{
return NGX_CONF_ERROR;
}
}
if (ngx_quic_derive_key(cf->log, "av_token_key",
&conf->host_key, &ngx_stream_quic_salt,
conf->av_token_key, NGX_QUIC_AV_KEY_LEN)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
if (ngx_quic_derive_key(cf->log, "sr_token_key",
&conf->host_key, &ngx_stream_quic_salt,
conf->sr_token_key, NGX_QUIC_SR_KEY_LEN)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module);
conf->ssl = &scf->ssl;
return NGX_CONF_OK;
}
static char *
ngx_stream_quic_host_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_quic_conf_t *qcf = conf;
u_char *buf;
size_t size;
ssize_t n;
ngx_str_t *value;
ngx_file_t file;
ngx_file_info_t fi;
if (qcf->host_key.len) {
return "is duplicate";
}
buf = NULL;
#if (NGX_SUPPRESS_WARN)
size = 0;
#endif
value = cf->args->elts;
if (ngx_conf_full_name(cf->cycle, &value[1], 1) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_memzero(&file, sizeof(ngx_file_t));
file.name = value[1];
file.log = cf->log;
file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
if (file.fd == NGX_INVALID_FILE) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
ngx_open_file_n " \"%V\" failed", &file.name);
return NGX_CONF_ERROR;
}
if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
ngx_fd_info_n " \"%V\" failed", &file.name);
goto failed;
}
size = ngx_file_size(&fi);
if (size == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"%V\" zero key size", &file.name);
goto failed;
}
buf = ngx_pnalloc(cf->pool, size);
if (buf == NULL) {
goto failed;
}
n = ngx_read_file(&file, buf, size, 0);
if (n == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
ngx_read_file_n " \"%V\" failed", &file.name);
goto failed;
}
if ((size_t) n != size) {
ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
ngx_read_file_n " \"%V\" returned only "
"%z bytes instead of %uz", &file.name, n, size);
goto failed;
}
qcf->host_key.data = buf;
qcf->host_key.len = n;
if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
ngx_close_file_n " \"%V\" failed", &file.name);
}
return NGX_CONF_OK;
failed:
if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
ngx_close_file_n " \"%V\" failed", &file.name);
}
if (buf) {
ngx_explicit_memzero(buf, size);
}
return NGX_CONF_ERROR;
}

20
src/stream/ngx_stream_quic_module.h
View File

@ -1,20 +0,0 @@
/*
* Copyright (C) Roman Arutyunyan
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_STREAM_QUIC_H_INCLUDED_
#define _NGX_STREAM_QUIC_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_stream.h>
extern ngx_module_t ngx_stream_quic_module;
#endif /* _NGX_STREAM_QUIC_H_INCLUDED_ */

31
src/stream/ngx_stream_ssl_module.c
View File

@ -9,10 +9,6 @@
#include <ngx_core.h> #include <ngx_core.h>
#include <ngx_stream.h> #include <ngx_stream.h>
#if (NGX_QUIC_OPENSSL_COMPAT)
#include <ngx_event_quic_openssl_compat.h>
#endif
typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
ngx_pool_t *pool, ngx_str_t *s); ngx_pool_t *pool, ngx_str_t *s);
@ -1199,10 +1195,7 @@ ngx_stream_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t static ngx_int_t
ngx_stream_ssl_init(ngx_conf_t *cf) ngx_stream_ssl_init(ngx_conf_t *cf)
{ {
ngx_uint_t i;
ngx_stream_listen_t *listen;
ngx_stream_handler_pt *h; ngx_stream_handler_pt *h;
ngx_stream_ssl_conf_t *scf;
ngx_stream_core_main_conf_t *cmcf; ngx_stream_core_main_conf_t *cmcf;
cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
@ -1214,29 +1207,5 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
*h = ngx_stream_ssl_handler; *h = ngx_stream_ssl_handler;
listen = cmcf->listen.elts;
for (i = 0; i < cmcf->listen.nelts; i++) {
if (!listen[i].quic) {
continue;
}
scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index];
#if (NGX_QUIC_OPENSSL_COMPAT)
if (ngx_quic_compat_init(cf, scf->ssl.ctx) != NGX_OK) {
return NGX_ERROR;
}
#endif
if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_protocols\" must enable TLSv1.3 for "
"the \"listen ... quic\" directive in %s:%ui",
scf->file, scf->line);
return NGX_ERROR;
}
}
return NGX_OK; return NGX_OK;
} }

7
src/stream/ngx_stream_write_filter_module.c
View File

@ -277,12 +277,7 @@ ngx_stream_write_filter(ngx_stream_session_t *s, ngx_chain_t *in,
*out = chain; *out = chain;
if (chain) { if (chain) {
if (c->shared if (c->shared) {
#if (NGX_STREAM_QUIC)
&& c->quic == NULL
#endif
)
{
ngx_log_error(NGX_LOG_ALERT, c->log, 0, ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"shared connection is busy"); "shared connection is busy");
return NGX_ERROR; return NGX_ERROR;