walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Extend QUIC server ID to 4 bytes

This commit is contained in:
Tatsuhiro Tsujikawa 2021-10-10 16:05:48 +09:00
parent a48e9d3d80
commit d7af5924ff
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/sources/nghttpx-howto.rst
View File

@ -544,10 +544,10 @@ Algorithm described in `QUIC-LB draft
<https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers>`_. <https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers>`_.
A Connection ID that nghttpx generates is always 20 bytes long. It A Connection ID that nghttpx generates is always 20 bytes long. It
uses first 2 bits as a configuration ID. The remaining bits in the uses first 2 bits as a configuration ID. The remaining bits in the
first byte are reserved and random. The next 2 bytes are server ID. first byte are reserved and random. The next 4 bytes are server ID.
The next 6 bytes are used to route UDP datagram to a correct The next 4 bytes are used to route UDP datagram to a correct
``SO_REUSEPORT`` socket. The remaining bytes are randomly generated. ``SO_REUSEPORT`` socket. The remaining bytes are randomly generated.
The server ID and the next 14 bytes are encrypted with AES-ECB. The The server ID and the next 12 bytes are encrypted with AES-ECB. The
key is derived from the keying materials stored in a file specified by key is derived from the keying materials stored in a file specified by
:option:`--frontend-quic-secret-file`. The first 2 bits of keying :option:`--frontend-quic-secret-file`. The first 2 bits of keying
material in the file is used as a configuration ID. The remaining material in the file is used as a configuration ID. The remaining

4
src/shrpx.cc
View File

@ -3395,8 +3395,8 @@ HTTP/3 and QUIC:
Specify server ID encoded in Connection ID to identify Specify server ID encoded in Connection ID to identify
this particular server instance. Connection ID is this particular server instance. Connection ID is
encrypted and this part is not visible in public. It encrypted and this part is not visible in public. It
must be 2 bytes long and must be encoded in hex string must be 4 bytes long and must be encoded in hex string
(which is 4 bytes long). If this option is omitted, a (which is 8 bytes long). If this option is omitted, a
random server ID is generated on startup and random server ID is generated on startup and
configuration reload. configuration reload.
--no-quic-bpf --no-quic-bpf

2
src/shrpx_quic.h
View File

@ -64,7 +64,7 @@ struct QUICKeyingMaterials;
struct QUICKeyingMaterial; struct QUICKeyingMaterial;
constexpr size_t SHRPX_QUIC_SCIDLEN = 20; constexpr size_t SHRPX_QUIC_SCIDLEN = 20;
constexpr size_t SHRPX_QUIC_SERVER_IDLEN = 2; constexpr size_t SHRPX_QUIC_SERVER_IDLEN = 4;
// SHRPX_QUIC_CID_PREFIXLEN includes SHRPX_QUIC_SERVER_IDLEN. // SHRPX_QUIC_CID_PREFIXLEN includes SHRPX_QUIC_SERVER_IDLEN.
constexpr size_t SHRPX_QUIC_CID_PREFIXLEN = 8; constexpr size_t SHRPX_QUIC_CID_PREFIXLEN = 8;
constexpr size_t SHRPX_QUIC_CID_PREFIX_OFFSET = 1; constexpr size_t SHRPX_QUIC_CID_PREFIX_OFFSET = 1;