diff --git a/gennghttpxfun.py b/gennghttpxfun.py index 6f88456e..a388b119 100755 --- a/gennghttpxfun.py +++ b/gennghttpxfun.py @@ -192,7 +192,7 @@ OPTIONS = [ "frontend-quic-qlog-dir", "frontend-quic-require-token", "frontend-quic-congestion-controller", - "frontend-quic-server-id", + "quic-server-id", "frontend-quic-secret-file", "rlimit-memlock", "max-worker-processes", diff --git a/src/shrpx.cc b/src/shrpx.cc index c252f61f..14427f92 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -1450,8 +1450,7 @@ int generate_cid_prefix( cid_prefixes.resize(num_cid_prefix); for (auto &cid_prefix : cid_prefixes) { - if (create_cid_prefix(cid_prefix.data(), - quicconf.upstream.server_id.data()) != 0) { + if (create_cid_prefix(cid_prefix.data(), quicconf.server_id.data()) != 0) { return -1; } } @@ -1953,16 +1952,15 @@ void fill_default_config(Config *config) { upstreamconf.congestion_controller = NGTCP2_CC_ALGO_CUBIC; - if (RAND_bytes(upstreamconf.server_id.data(), - upstreamconf.server_id.size()) != 1) { - assert(0); - abort(); - } - upstreamconf.initial_rtt = static_cast(NGTCP2_DEFAULT_INITIAL_RTT) / NGTCP2_SECONDS; } + if (RAND_bytes(quicconf.server_id.data(), quicconf.server_id.size()) != 1) { + assert(0); + abort(); + } + auto &http3conf = config->http3; { auto &upstreamconf = http3conf.upstream; @@ -3394,7 +3392,7 @@ HTTP/3 and QUIC: option is not given or an error occurred while opening or reading a file, a keying material is generated internally on startup and reload. - --frontend-quic-server-id= + --quic-server-id= Specify server ID encoded in Connection ID to identify this particular server instance. Connection ID is encrypted and this part is not visible in public. It @@ -4217,8 +4215,7 @@ int main(int argc, char **argv) { 182}, {SHRPX_OPT_FRONTEND_QUIC_CONGESTION_CONTROLLER.c_str(), required_argument, &flag, 183}, - {SHRPX_OPT_FRONTEND_QUIC_SERVER_ID.c_str(), required_argument, &flag, - 185}, + {SHRPX_OPT_QUIC_SERVER_ID.c_str(), required_argument, &flag, 185}, {SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE.c_str(), required_argument, &flag, 186}, {SHRPX_OPT_RLIMIT_MEMLOCK.c_str(), required_argument, &flag, 187}, @@ -5105,9 +5102,8 @@ int main(int argc, char **argv) { StringRef{optarg}); break; case 185: - // --frontend-quic-server-id - cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_QUIC_SERVER_ID, - StringRef{optarg}); + // --quic-server-id + cmdcfgs.emplace_back(SHRPX_OPT_QUIC_SERVER_ID, StringRef{optarg}); break; case 186: // --frontend-quic-secret-file diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 9c5d9917..b8acbe50 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -2054,6 +2054,11 @@ int option_lookup_token(const char *name, size_t namelen) { break; case 14: switch (name[13]) { + case 'd': + if (util::strieq_l("quic-server-i", name, 13)) { + return SHRPX_OPTID_QUIC_SERVER_ID; + } + break; case 'e': if (util::strieq_l("accesslog-fil", name, 13)) { return SHRPX_OPTID_ACCESSLOG_FILE; @@ -2352,11 +2357,6 @@ int option_lookup_token(const char *name, size_t namelen) { break; case 23: switch (name[22]) { - case 'd': - if (util::strieq_l("frontend-quic-server-i", name, 22)) { - return SHRPX_OPTID_FRONTEND_QUIC_SERVER_ID; - } - break; case 'e': if (util::strieq_l("client-private-key-fil", name, 22)) { return SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE; @@ -4118,14 +4118,14 @@ int parse_config(Config *config, int optid, const StringRef &opt, #endif // ENABLE_HTTP3 return 0; - case SHRPX_OPTID_FRONTEND_QUIC_SERVER_ID: + case SHRPX_OPTID_QUIC_SERVER_ID: #ifdef ENABLE_HTTP3 - if (optarg.size() != config->quic.upstream.server_id.size() * 2 || + if (optarg.size() != config->quic.server_id.size() * 2 || !util::is_hex_string(optarg)) { LOG(ERROR) << opt << ": must be a hex-string"; return -1; } - util::decode_hex(std::begin(config->quic.upstream.server_id), optarg); + util::decode_hex(std::begin(config->quic.server_id), optarg); #endif // ENABLE_HTTP3 return 0; diff --git a/src/shrpx_config.h b/src/shrpx_config.h index 27b6a9ac..d88ac7a9 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -391,8 +391,7 @@ constexpr auto SHRPX_OPT_FRONTEND_QUIC_REQUIRE_TOKEN = StringRef::from_lit("frontend-quic-require-token"); constexpr auto SHRPX_OPT_FRONTEND_QUIC_CONGESTION_CONTROLLER = StringRef::from_lit("frontend-quic-congestion-controller"); -constexpr auto SHRPX_OPT_FRONTEND_QUIC_SERVER_ID = - StringRef::from_lit("frontend-quic-server-id"); +constexpr auto SHRPX_OPT_QUIC_SERVER_ID = StringRef::from_lit("quic-server-id"); constexpr auto SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE = StringRef::from_lit("frontend-quic-secret-file"); constexpr auto SHRPX_OPT_RLIMIT_MEMLOCK = StringRef::from_lit("rlimit-memlock"); @@ -780,7 +779,6 @@ struct QUICConfig { ngtcp2_cc_algo congestion_controller; bool early_data; bool require_token; - std::array server_id; StringRef secret_file; ev_tstamp initial_rtt; } upstream; @@ -788,6 +786,7 @@ struct QUICConfig { StringRef prog_file; bool disabled; } bpf; + std::array server_id; }; struct Http3Config { @@ -1249,7 +1248,6 @@ enum { SHRPX_OPTID_FRONTEND_QUIC_QLOG_DIR, SHRPX_OPTID_FRONTEND_QUIC_REQUIRE_TOKEN, SHRPX_OPTID_FRONTEND_QUIC_SECRET_FILE, - SHRPX_OPTID_FRONTEND_QUIC_SERVER_ID, SHRPX_OPTID_FRONTEND_READ_TIMEOUT, SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT, SHRPX_OPTID_HEADER_FIELD_BUFFER, @@ -1292,6 +1290,7 @@ enum { SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE, SHRPX_OPTID_PSK_SECRETS, SHRPX_OPTID_QUIC_BPF_PROGRAM_FILE, + SHRPX_OPTID_QUIC_SERVER_ID, SHRPX_OPTID_READ_BURST, SHRPX_OPTID_READ_RATE, SHRPX_OPTID_REDIRECT_HTTPS_PORT, diff --git a/src/shrpx_quic_connection_handler.cc b/src/shrpx_quic_connection_handler.cc index 730c649f..325e6957 100644 --- a/src/shrpx_quic_connection_handler.cc +++ b/src/shrpx_quic_connection_handler.cc @@ -456,9 +456,9 @@ int QUICConnectionHandler::send_retry( ngtcp2_cid retry_scid; - if (generate_quic_retry_connection_id( - retry_scid, SHRPX_QUIC_SCIDLEN, quicconf.upstream.server_id.data(), - qkm.id, qkm.cid_encryption_key.data()) != 0) { + if (generate_quic_retry_connection_id(retry_scid, SHRPX_QUIC_SCIDLEN, + quicconf.server_id.data(), qkm.id, + qkm.cid_encryption_key.data()) != 0) { return -1; }