git: 19ca0e1ac0f4 - main - www/nginx-devel: update HTTPv3/QUIC patch
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 31 Mar 2023 04:13:13 UTC
The branch main has been updated by osa:
URL: https://cgit.FreeBSD.org/ports/commit/?id=19ca0e1ac0f410a8bba180192f47794dd4f3532b
commit 19ca0e1ac0f410a8bba180192f47794dd4f3532b
Author: Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2023-03-31 04:09:52 +0000
Commit: Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2023-03-31 04:09:52 +0000
www/nginx-devel: update HTTPv3/QUIC patch
Bump PORTREVISION.
PR: 270523
---
www/nginx-devel/Makefile | 1 +
www/nginx-devel/files/extra-patch-httpv3 | 1964 ++++++++++++++++++++++--------
2 files changed, 1468 insertions(+), 497 deletions(-)
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index d3fd629b1cc3..dfaa815a9e60 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,5 +1,6 @@
PORTNAME?= nginx
PORTVERSION= 1.23.4
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= https://nginx.org/download/ \
LOCAL/osa
diff --git a/www/nginx-devel/files/extra-patch-httpv3 b/www/nginx-devel/files/extra-patch-httpv3
index 60e9f2e85e04..ea266e8b4764 100644
--- a/www/nginx-devel/files/extra-patch-httpv3
+++ b/www/nginx-devel/files/extra-patch-httpv3
@@ -1,17 +1,18 @@
-diff -r ff3afd1ce6a6 README
+diff -r ac779115ed6e README
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/README Tue Jan 31 11:41:14 2023 -0500
-@@ -0,0 +1,250 @@
++++ b/README Fri Mar 31 00:04:13 2023 -0400
+@@ -0,0 +1,389 @@
+Experimental QUIC support for nginx
+-----------------------------------
+
+1. Introduction
-+2. Installing
++2. Building from sources
+3. Configuration
-+4. Clients
-+5. Troubleshooting
-+6. Contributing
-+7. Links
++4. Directives
++5. Clients
++6. Troubleshooting
++7. Contributing
++8. Links
+
+1. Introduction
+
@@ -55,14 +56,28 @@ diff -r ff3afd1ce6a6 README
+ + Lost packets are detected and retransmitted properly
+ + Clients may migrate to new address
+
-+2. Installing
++2. Building from sources
+
-+ A library that provides QUIC support is required to build nginx, there
++ The build is configured using the configure command.
++ Refer to http://nginx.org/en/docs/configure.html for details.
++
++ When configuring nginx, it's possible to enable QUIC and HTTP/3
++ using the following new configuration options:
++
++ --with-http_v3_module - enable QUIC and HTTP/3
++ --with-stream_quic_module - enable QUIC in Stream
++
++ A library that provides QUIC support is recommended to build nginx, there
+ are several of those available on the market:
+ + BoringSSL [4]
+ + LibreSSL [5]
+ + QuicTLS [6]
+
++ Alternatively, nginx can be configured with OpenSSL compatibility
++ layer, which emulates BoringSSL QUIC API for OpenSSL. This mode is
++ enabled by default if native QUIC support is not detected.
++ 0-RTT is not supported in OpenSSL compatibility mode.
++
+ Clone the NGINX QUIC repository
+
+ $ hg clone -b quic https://hg.nginx.org/nginx-quic
@@ -89,21 +104,15 @@ diff -r ff3afd1ce6a6 README
+ --with-cc-opt="-I../libressl/build/include" \
+ --with-ld-opt="-L../libressl/build/lib"
+
-+ When configuring nginx, it's possible to enable QUIC and HTTP/3
-+ using the following new configuration options:
-+
-+ --with-http_v3_module - enable QUIC and HTTP/3
-+ --with-stream_quic_module - enable QUIC in Stream
-+
+3. Configuration
+
-+ The HTTP "listen" directive got a new option "http3" which enables
-+ HTTP/3 over QUIC on the specified port.
++ The HTTP "listen" directive got a new option "quic" which enables
++ QUIC as client transport protocol instead of TCP.
+
+ The Stream "listen" directive got a new option "quic" which enables
+ QUIC as client transport protocol instead of TCP or plain UDP.
+
-+ Along with "http3" or "quic", it's also possible to specify "reuseport"
++ Along with "quic", it's also possible to specify "reuseport"
+ option [8] to make it work properly with multiple workers.
+
+ To enable address validation:
@@ -137,12 +146,13 @@ diff -r ff3afd1ce6a6 README
+
+ A number of directives were added that configure HTTP/3:
+
++ http3
++ http3_hq
+ http3_stream_buffer_size
+ http3_max_concurrent_pushes
+ http3_max_concurrent_streams
+ http3_push
+ http3_push_preload
-+ http3_hq (requires NGX_HTTP_V3_HQ macro)
+
+ In http, an additional variable is available: $http3.
+ The value of $http3 is "h3" for HTTP/3 connections,
@@ -164,7 +174,7 @@ diff -r ff3afd1ce6a6 README
+ server {
+ # for better compatibility it's recommended
+ # to use the same port for quic and https
-+ listen 8443 http3 reuseport;
++ listen 8443 quic reuseport;
+ listen 8443 ssl;
+
+ ssl_certificate certs/example.com.crt;
@@ -178,7 +188,136 @@ diff -r ff3afd1ce6a6 README
+ }
+ }
+
-+4. Clients
++4. Directives
++
++ Syntax: quic_bpf on | off;
++ Default: quic_bpf off;
++ Context: main
++
++ Enables routing of QUIC packets using eBPF.
++ When enabled, this allows to support QUIC connection migration.
++ The directive is only supported on Linux 5.7+.
++
++
++ Syntax: quic_retry on | off;
++ Default: quic_retry off;
++ Context: http | stream, server
++
++ Enables the QUIC Address Validation feature. This includes:
++ - sending a new token in a Retry packet or a NEW_TOKEN frame
++ - validating a token received in the Initial packet
++
++
++ Syntax: quic_gso on | off;
++ Default: quic_gso off;
++ Context: http | stream, server
++
++ Enables sending in optimized batch mode using segmentation offloading.
++ Optimized sending is only supported on Linux featuring UDP_SEGMENT.
++
++
++ Syntax: quic_mtu size;
++ Default: quic_mtu 65527;
++ Context: http | stream, server
++
++ Sets the QUIC max_udp_payload_size transport parameter value.
++ This is the maximum UDP payload that we are willing to receive.
++
++
++ Syntax: quic_host_key file;
++ Default: -
++ Context: http | stream, server
++
++ Specifies a file with the secret key used to encrypt stateless reset and
++ address validation tokens. By default, a randomly generated key is used.
++
++
++ Syntax: quic_active_connection_id_limit number;
++ Default: quic_active_connection_id_limit 2;
++ Context: http | stream, server
++
++ Sets the QUIC active_connection_id_limit transport parameter value.
++ This is the maximum number of connection IDs we are willing to store.
++
++
++ Syntax: quic_timeout time;
++ Default: quic_timeout 60s;
++ Context: stream, server
++
++ Defines a timeout used to negotiate the QUIC idle timeout.
++ In the http module, it is taken from the keepalive_timeout directive.
++
++
++ Syntax: quic_stream_buffer_size size;
++ Default: quic_stream_buffer_size 64k;
++ Context: stream, server
++
++ Syntax: http3_stream_buffer_size size;
++ Default: http3_stream_buffer_size 64k;
++ Context: http, server
++
++ Sets buffer size for reading and writing of the QUIC STREAM payload.
++ The buffer size is used to calculate initial flow control limits
++ in the following QUIC transport parameters:
++ - initial_max_data
++ - initial_max_stream_data_bidi_local
++ - initial_max_stream_data_bidi_remote
++ - initial_max_stream_data_uni
++
++
++ Syntax: http3_max_concurrent_pushes number;
++ Default: http3_max_concurrent_pushes 10;
++ Context: http, server
++
++ Limits the maximum number of concurrent push requests in a connection.
++
++
++ Syntax: http3_max_concurrent_streams number;
++ Default: http3_max_concurrent_streams 128;
++ Context: http, server
++
++ Sets the maximum number of concurrent HTTP/3 streams in a connection.
++
++
++ Syntax: http3_push uri | off;
++ Default: http3_push off;
++ Context: http, server, location
++
++ Pre-emptively sends (pushes) a request to the specified uri along with
++ the response to the original request. Only relative URIs with absolute
++ path will be processed, for example:
++
++ http3_push /static/css/main.css;
++
++ The uri value can contain variables.
++
++ Several http3_push directives can be specified on the same configuration
++ level. The off parameter cancels the effect of the http3_push directives
++ inherited from the previous configuration level.
++
++
++ Syntax: http3_push_preload on | off;
++ Default: http3_push_preload off;
++ Context: http, server, location
++
++ Enables automatic conversion of preload links specified in the “Link”
++ response header fields into push requests.
++
++
++ Syntax: http3 on | off;
++ Default: http3 on;
++ Context: http, server
++
++ Enables HTTP/3 protocol negotiation.
++
++
++ Syntax: http3_hq on | off;
++ Default: http3_hq off;
++ Context: http, server
++
++ Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
++
++5. Clients
+
+ * Browsers
+
@@ -205,7 +344,7 @@ diff -r ff3afd1ce6a6 README
+ "nghttp3/ngtcp2 client" "quic"
+
+
-+5. Troubleshooting
++6. Troubleshooting
+
+ Here are some tips that may help to identify problems:
+
@@ -235,16 +374,16 @@ diff -r ff3afd1ce6a6 README
+ #define NGX_QUIC_DEBUG_ALLOC
+ #define NGX_QUIC_DEBUG_CRYPTO
+
-+6. Contributing
++7. Contributing
+
+ Please refer to
+ http://nginx.org/en/docs/contributing_changes.html
+
-+7. Links
++8. Links
+
+ [1] https://datatracker.ietf.org/doc/html/rfc9000
+ [2] https://datatracker.ietf.org/doc/html/rfc9114
-+ [3] https://mailman.nginx.org/mailman3/lists/nginx-devel.nginx.org/
++ [3] https://mailman.nginx.org/mailman/listinfo/nginx-devel
+ [4] https://boringssl.googlesource.com/boringssl/
+ [5] https://www.libressl.org/
+ [6] https://github.com/quictls/openssl
@@ -252,10 +391,10 @@ diff -r ff3afd1ce6a6 README
+ [8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
+ [9] https://nginx.org/en/docs/debugging_log.html
+ [10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf
-diff -r ff3afd1ce6a6 auto/lib/openssl/conf
---- a/auto/lib/openssl/conf Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/lib/openssl/conf Tue Jan 31 11:41:14 2023 -0500
-@@ -5,12 +5,16 @@
+diff -r ac779115ed6e auto/lib/openssl/conf
+--- a/auto/lib/openssl/conf Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/lib/openssl/conf Fri Mar 31 00:04:13 2023 -0400
+@@ -5,12 +5,17 @@
if [ $OPENSSL != NONE ]; then
@@ -264,6 +403,7 @@ diff -r ff3afd1ce6a6 auto/lib/openssl/conf
+
+ if [ $USE_OPENSSL_QUIC = YES ]; then
+ have=NGX_QUIC . auto/have
++ have=NGX_QUIC_OPENSSL_COMPAT . auto/have
+ fi
+
case "$CC" in
@@ -275,7 +415,7 @@ diff -r ff3afd1ce6a6 auto/lib/openssl/conf
CFLAGS="$CFLAGS -DNO_SYS_TYPES_H"
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
-@@ -33,9 +37,6 @@ if [ $OPENSSL != NONE ]; then
+@@ -33,9 +38,6 @@ if [ $OPENSSL != NONE ]; then
;;
*)
@@ -285,23 +425,28 @@ diff -r ff3afd1ce6a6 auto/lib/openssl/conf
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
-@@ -139,4 +140,28 @@ END
- exit 1
- fi
-
-+ if [ $USE_OPENSSL_QUIC = YES ]; then
+@@ -123,6 +125,35 @@ else
+ CORE_INCS="$CORE_INCS $ngx_feature_path"
+ CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
+ OPENSSL=YES
++
++ if [ $USE_OPENSSL_QUIC = YES ]; then
+
-+ ngx_feature="OpenSSL QUIC support"
-+ ngx_feature_name="NGX_QUIC"
-+ ngx_feature_run=no
-+ ngx_feature_incs="#include <openssl/ssl.h>"
-+ ngx_feature_path=
-+ ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD"
-+ ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
-+ . auto/feature
++ ngx_feature="OpenSSL QUIC support"
++ ngx_feature_name="NGX_QUIC"
++ ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
++ . auto/feature
+
-+ if [ $ngx_found = no ]; then
++ if [ $ngx_found = no ]; then
++ have=NGX_QUIC_OPENSSL_COMPAT . auto/have
+
++ ngx_feature="OpenSSL QUIC compatibility"
++ ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
++ NULL, NULL, NULL, NULL, NULL)"
++ . auto/feature
++ fi
++
++ if [ $ngx_found = no ]; then
+cat << END
+
+$0: error: certain modules require OpenSSL QUIC support.
@@ -310,13 +455,15 @@ diff -r ff3afd1ce6a6 auto/lib/openssl/conf
+statically from the source with nginx by using --with-openssl=<path> option.
+
+END
-+ exit 1
-+ fi
-+ fi
- fi
-diff -r ff3afd1ce6a6 auto/make
---- a/auto/make Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/make Tue Jan 31 11:41:14 2023 -0500
++ exit 1
++ fi
++ fi
+ fi
+ fi
+
+diff -r ac779115ed6e auto/make
+--- a/auto/make Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/make Fri Mar 31 00:04:13 2023 -0400
@@ -6,9 +6,10 @@
echo "creating $NGX_MAKEFILE"
@@ -330,9 +477,9 @@ diff -r ff3afd1ce6a6 auto/make
$NGX_OBJS/src/mail \
$NGX_OBJS/src/stream \
$NGX_OBJS/src/misc
-diff -r ff3afd1ce6a6 auto/modules
---- a/auto/modules Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/modules Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e auto/modules
+--- a/auto/modules Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/modules Fri Mar 31 00:04:13 2023 -0400
@@ -102,7 +102,7 @@ if [ $HTTP = YES ]; then
fi
@@ -431,7 +578,7 @@ diff -r ff3afd1ce6a6 auto/modules
if [ $STREAM_SSL = YES ]; then
USE_OPENSSL=YES
have=NGX_STREAM_SSL . auto/have
-@@ -1272,6 +1326,61 @@ if [ $USE_OPENSSL = YES ]; then
+@@ -1272,6 +1326,63 @@ if [ $USE_OPENSSL = YES ]; then
fi
@@ -451,7 +598,8 @@ diff -r ff3afd1ce6a6 auto/modules
+ src/event/quic/ngx_event_quic_tokens.h \
+ src/event/quic/ngx_event_quic_ack.h \
+ src/event/quic/ngx_event_quic_output.h \
-+ src/event/quic/ngx_event_quic_socket.h"
++ src/event/quic/ngx_event_quic_socket.h \
++ src/event/quic/ngx_event_quic_openssl_compat.h"
+ ngx_module_srcs="src/event/quic/ngx_event_quic.c \
+ src/event/quic/ngx_event_quic_udp.c \
+ src/event/quic/ngx_event_quic_transport.c \
@@ -464,7 +612,8 @@ diff -r ff3afd1ce6a6 auto/modules
+ src/event/quic/ngx_event_quic_tokens.c \
+ src/event/quic/ngx_event_quic_ack.c \
+ src/event/quic/ngx_event_quic_output.c \
-+ src/event/quic/ngx_event_quic_socket.c"
++ src/event/quic/ngx_event_quic_socket.c \
++ src/event/quic/ngx_event_quic_openssl_compat.c"
+
+ ngx_module_libs=
+ ngx_module_link=YES
@@ -493,9 +642,9 @@ diff -r ff3afd1ce6a6 auto/modules
if [ $USE_PCRE = YES ]; then
ngx_module_type=CORE
ngx_module_name=ngx_regex_module
-diff -r ff3afd1ce6a6 auto/options
---- a/auto/options Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/options Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e auto/options
+--- a/auto/options Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/options Fri Mar 31 00:04:13 2023 -0400
@@ -45,6 +45,8 @@ USE_THREADS=NO
NGX_FILE_AIO=NO
@@ -583,9 +732,9 @@ diff -r ff3afd1ce6a6 auto/options
--with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
-diff -r ff3afd1ce6a6 auto/os/linux
---- a/auto/os/linux Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/os/linux Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e auto/os/linux
+--- a/auto/os/linux Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/os/linux Fri Mar 31 00:04:13 2023 -0400
@@ -232,6 +232,50 @@ ngx_feature_test="struct crypt_data cd;
ngx_include="sys/vfs.h"; . auto/include
@@ -637,9 +786,9 @@ diff -r ff3afd1ce6a6 auto/os/linux
# UDP segmentation offloading
ngx_feature="UDP_SEGMENT"
-diff -r ff3afd1ce6a6 auto/sources
---- a/auto/sources Tue Dec 13 18:53:53 2022 +0300
-+++ b/auto/sources Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e auto/sources
+--- a/auto/sources Tue Mar 28 18:01:53 2023 +0300
++++ b/auto/sources Fri Mar 31 00:04:13 2023 -0400
@@ -83,7 +83,7 @@ CORE_SRCS="src/core/nginx.c \
EVENT_MODULES="ngx_events_module ngx_event_core_module"
@@ -649,9 +798,9 @@ diff -r ff3afd1ce6a6 auto/sources
EVENT_DEPS="src/event/ngx_event.h \
src/event/ngx_event_timer.h \
-diff -r ff3afd1ce6a6 src/core/nginx.c
---- a/src/core/nginx.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/core/nginx.c Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/core/nginx.c
+--- a/src/core/nginx.c Tue Mar 28 18:01:53 2023 +0300
++++ b/src/core/nginx.c Fri Mar 31 00:04:13 2023 -0400
@@ -680,6 +680,9 @@ ngx_exec_new_binary(ngx_cycle_t *cycle,
ls = cycle->listening.elts;
@@ -662,9 +811,9 @@ diff -r ff3afd1ce6a6 src/core/nginx.c
p = ngx_sprintf(p, "%ud;", ls[i].fd);
}
-diff -r ff3afd1ce6a6 src/core/ngx_bpf.c
+diff -r ac779115ed6e src/core/ngx_bpf.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/core/ngx_bpf.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/core/ngx_bpf.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,143 @@
+
+/*
@@ -809,9 +958,9 @@ diff -r ff3afd1ce6a6 src/core/ngx_bpf.c
+
+ return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
+}
-diff -r ff3afd1ce6a6 src/core/ngx_bpf.h
+diff -r ac779115ed6e src/core/ngx_bpf.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/core/ngx_bpf.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/core/ngx_bpf.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,43 @@
+
+/*
@@ -856,23 +1005,9 @@ diff -r ff3afd1ce6a6 src/core/ngx_bpf.h
+int ngx_bpf_map_lookup(int fd, const void *key, void *value);
+
+#endif /* _NGX_BPF_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/core/ngx_conf_file.c
---- a/src/core/ngx_conf_file.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/core/ngx_conf_file.c Tue Jan 31 11:41:14 2023 -0500
-@@ -544,8 +544,8 @@ ngx_conf_read_token(ngx_conf_t *cf)
- }
-
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-- "unexpected end of file, "
-- "expecting \";\" or \"}\"");
-+ "unexpected end of file, "
-+ "expecting \";\" or \"}\"");
- return NGX_ERROR;
- }
-
-diff -r ff3afd1ce6a6 src/core/ngx_connection.c
---- a/src/core/ngx_connection.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/core/ngx_connection.c Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/core/ngx_connection.c
+--- a/src/core/ngx_connection.c Tue Mar 28 18:01:53 2023 +0300
++++ b/src/core/ngx_connection.c Fri Mar 31 00:04:13 2023 -0400
@@ -72,10 +72,6 @@ ngx_create_listening(ngx_conf_t *cf, str
ngx_memcpy(ls->addr_text.data, text, len);
@@ -884,15 +1019,6 @@ diff -r ff3afd1ce6a6 src/core/ngx_connection.c
ls->fd = (ngx_socket_t) -1;
ls->type = SOCK_STREAM;
-@@ -660,7 +656,7 @@ ngx_open_listening_sockets(ngx_cycle_t *
- /*
- * on OpenVZ after suspend/resume EADDRINUSE
- * may be returned by listen() instead of bind(), see
-- * https://bugzilla.openvz.org/show_bug.cgi?id=2470
-+ * https://bugs.openvz.org/browse/OVZ-5587
- */
-
- if (err != NGX_EADDRINUSE || !ngx_test_config) {
@@ -1037,6 +1033,12 @@ ngx_close_listening_sockets(ngx_cycle_t
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
@@ -906,9 +1032,9 @@ diff -r ff3afd1ce6a6 src/core/ngx_connection.c
c = ls[i].connection;
if (c) {
-diff -r ff3afd1ce6a6 src/core/ngx_connection.h
---- a/src/core/ngx_connection.h Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/core/ngx_connection.h Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/core/ngx_connection.h
+--- a/src/core/ngx_connection.h Tue Mar 28 18:01:53 2023 +0300
++++ b/src/core/ngx_connection.h Fri Mar 31 00:04:13 2023 -0400
@@ -73,6 +73,7 @@ struct ngx_listening_s {
unsigned reuseport:1;
unsigned add_reuseport:1;
@@ -928,9 +1054,9 @@ diff -r ff3afd1ce6a6 src/core/ngx_connection.h
#if (NGX_SSL || NGX_COMPAT)
ngx_ssl_connection_t *ssl;
#endif
-diff -r ff3afd1ce6a6 src/core/ngx_core.h
---- a/src/core/ngx_core.h Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/core/ngx_core.h Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/core/ngx_core.h
+--- a/src/core/ngx_core.h Tue Mar 28 18:01:53 2023 +0300
++++ b/src/core/ngx_core.h Fri Mar 31 00:04:13 2023 -0400
@@ -27,6 +27,7 @@ typedef struct ngx_connection_s ngx
typedef struct ngx_thread_task_s ngx_thread_task_t;
typedef struct ngx_ssl_s ngx_ssl_t;
@@ -959,9 +1085,9 @@ diff -r ff3afd1ce6a6 src/core/ngx_core.h
#define LF (u_char) '\n'
-diff -r ff3afd1ce6a6 src/event/ngx_event.c
---- a/src/event/ngx_event.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/event/ngx_event.c Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/event/ngx_event.c
+--- a/src/event/ngx_event.c Tue Mar 28 18:01:53 2023 +0300
++++ b/src/event/ngx_event.c Fri Mar 31 00:04:13 2023 -0400
@@ -267,6 +267,18 @@ ngx_process_events_and_timers(ngx_cycle_
ngx_int_t
ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags)
@@ -1018,10 +1144,29 @@ diff -r ff3afd1ce6a6 src/event/ngx_event.c
#if (NGX_HAVE_REUSEPORT)
-diff -r ff3afd1ce6a6 src/event/ngx_event_openssl.c
---- a/src/event/ngx_event_openssl.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/event/ngx_event_openssl.c Tue Jan 31 11:41:14 2023 -0500
-@@ -3202,6 +3202,13 @@ ngx_ssl_shutdown(ngx_connection_t *c)
+diff -r ac779115ed6e src/event/ngx_event_openssl.c
+--- a/src/event/ngx_event_openssl.c Tue Mar 28 18:01:53 2023 +0300
++++ b/src/event/ngx_event_openssl.c Fri Mar 31 00:04:13 2023 -0400
+@@ -33,9 +33,6 @@ static int ngx_ssl_new_client_session(ng
+ #ifdef SSL_READ_EARLY_DATA_SUCCESS
+ static ngx_int_t ngx_ssl_try_early_data(ngx_connection_t *c);
+ #endif
+-#if (NGX_DEBUG)
+-static void ngx_ssl_handshake_log(ngx_connection_t *c);
+-#endif
+ static void ngx_ssl_handshake_handler(ngx_event_t *ev);
+ #ifdef SSL_READ_EARLY_DATA_SUCCESS
+ static ssize_t ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf,
+@@ -2052,7 +2049,7 @@ ngx_ssl_try_early_data(ngx_connection_t
+
+ #if (NGX_DEBUG)
+
+-static void
++void
+ ngx_ssl_handshake_log(ngx_connection_t *c)
+ {
+ char buf[129], *s, *d;
+@@ -3202,6 +3199,13 @@ ngx_ssl_shutdown(ngx_connection_t *c)
ngx_err_t err;
ngx_uint_t tries;
@@ -1035,9 +1180,9 @@ diff -r ff3afd1ce6a6 src/event/ngx_event_openssl.c
rc = NGX_OK;
ngx_ssl_ocsp_cleanup(c);
-diff -r ff3afd1ce6a6 src/event/ngx_event_openssl.h
---- a/src/event/ngx_event_openssl.h Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/event/ngx_event_openssl.h Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/event/ngx_event_openssl.h
+--- a/src/event/ngx_event_openssl.h Tue Mar 28 18:01:53 2023 +0300
++++ b/src/event/ngx_event_openssl.h Fri Mar 31 00:04:13 2023 -0400
@@ -24,6 +24,14 @@
#include <openssl/engine.h>
#endif
@@ -1053,9 +1198,19 @@ diff -r ff3afd1ce6a6 src/event/ngx_event_openssl.h
#include <openssl/hmac.h>
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
-diff -r ff3afd1ce6a6 src/event/ngx_event_udp.c
---- a/src/event/ngx_event_udp.c Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/event/ngx_event_udp.c Tue Jan 31 11:41:14 2023 -0500
+@@ -302,6 +310,9 @@ ngx_int_t ngx_ssl_get_client_v_remain(ng
+
+
+ ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
++#if (NGX_DEBUG)
++void ngx_ssl_handshake_log(ngx_connection_t *c);
++#endif
+ ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
+ ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
+ ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit);
+diff -r ac779115ed6e src/event/ngx_event_udp.c
+--- a/src/event/ngx_event_udp.c Tue Mar 28 18:01:53 2023 +0300
++++ b/src/event/ngx_event_udp.c Fri Mar 31 00:04:13 2023 -0400
@@ -12,13 +12,6 @@
#if !(NGX_WIN32)
@@ -1070,18 +1225,9 @@ diff -r ff3afd1ce6a6 src/event/ngx_event_udp.c
static void ngx_close_accepted_udp_connection(ngx_connection_t *c);
static ssize_t ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf,
size_t size);
-@@ -88,7 +81,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
- msg.msg_controllen = sizeof(msg_control);
-
- ngx_memzero(&msg_control, sizeof(msg_control));
-- }
-+ }
- #endif
-
- n = recvmsg(lc->fd, &msg, 0);
-diff -r ff3afd1ce6a6 src/event/ngx_event_udp.h
---- a/src/event/ngx_event_udp.h Tue Dec 13 18:53:53 2022 +0300
-+++ b/src/event/ngx_event_udp.h Tue Jan 31 11:41:14 2023 -0500
+diff -r ac779115ed6e src/event/ngx_event_udp.h
+--- a/src/event/ngx_event_udp.h Tue Mar 28 18:01:53 2023 +0300
++++ b/src/event/ngx_event_udp.h Fri Mar 31 00:04:13 2023 -0400
@@ -23,6 +23,13 @@
#endif
@@ -1096,9 +1242,9 @@ diff -r ff3afd1ce6a6 src/event/ngx_event_udp.h
#if (NGX_HAVE_ADDRINFO_CMSG)
typedef union {
-diff -r ff3afd1ce6a6 src/event/quic/bpf/bpfgen.sh
+diff -r ac779115ed6e src/event/quic/bpf/bpfgen.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/bpf/bpfgen.sh Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/bpf/bpfgen.sh Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,113 @@
+#!/bin/bash
+
@@ -1213,9 +1359,9 @@ diff -r ff3afd1ce6a6 src/event/quic/bpf/bpfgen.sh
+process_section
+generate_tail
+
-diff -r ff3afd1ce6a6 src/event/quic/bpf/makefile
+diff -r ac779115ed6e src/event/quic/bpf/makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/bpf/makefile Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/bpf/makefile Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,30 @@
+CFLAGS=-O2 -Wall
+
@@ -1247,9 +1393,9 @@ diff -r ff3afd1ce6a6 src/event/quic/bpf/makefile
+ llvm-objdump -S -no-show-raw-insn $<
+
+.DELETE_ON_ERROR:
-diff -r ff3afd1ce6a6 src/event/quic/bpf/ngx_quic_reuseport_helper.c
+diff -r ac779115ed6e src/event/quic/bpf/ngx_quic_reuseport_helper.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/bpf/ngx_quic_reuseport_helper.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/bpf/ngx_quic_reuseport_helper.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,140 @@
+#include <errno.h>
+#include <linux/string.h>
@@ -1391,9 +1537,9 @@ diff -r ff3afd1ce6a6 src/event/quic/bpf/ngx_quic_reuseport_helper.c
+ */
+ return SK_PASS;
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,1444 @@
+
+/*
@@ -2839,9 +2985,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic.c
+ ngx_quic_finalize_connection(c, qc->shutdown_code, qc->shutdown_reason);
+ }
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,131 @@
+
+/*
@@ -2974,9 +3120,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic.h
+ ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len);
+
+#endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_ack.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_ack.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_ack.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_ack.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,1194 @@
+
+/*
@@ -4172,9 +4318,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_ack.c
+
+ return NGX_OK;
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_ack.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_ack.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_ack.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_ack.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,30 @@
+
+/*
@@ -4206,9 +4352,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_ack.h
+ ngx_quic_send_ctx_t *ctx);
+
+#endif /* _NGX_EVENT_QUIC_ACK_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_bpf.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_bpf.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_bpf.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_bpf.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,657 @@
+
+/*
@@ -4867,9 +5013,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_bpf.c
+
+ return NGX_OK;
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_bpf_code.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_bpf_code.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_bpf_code.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_bpf_code.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,88 @@
+/* AUTO-GENERATED, DO NOT EDIT. */
+
@@ -4959,10 +5105,10 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_bpf_code.c
+ .license = "BSD",
+ .type = BPF_PROG_TYPE_SK_REUSEPORT,
+};
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connection.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_connection.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_connection.h Tue Jan 31 11:41:14 2023 -0500
-@@ -0,0 +1,276 @@
++++ b/src/event/quic/ngx_event_quic_connection.h Fri Mar 31 00:04:13 2023 -0400
+@@ -0,0 +1,283 @@
+/*
+ * Copyright (C) Nginx, Inc.
+ */
@@ -4990,6 +5136,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connection.h
+typedef struct ngx_quic_path_s ngx_quic_path_t;
+typedef struct ngx_quic_keys_s ngx_quic_keys_t;
+
++#if (NGX_QUIC_OPENSSL_COMPAT)
++#include <ngx_event_quic_openssl_compat.h>
++#endif
+#include <ngx_event_quic_transport.h>
+#include <ngx_event_quic_protection.h>
+#include <ngx_event_quic_frames.h>
@@ -5201,6 +5350,10 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connection.h
+ ngx_uint_t nshadowbufs;
+#endif
+
++#if (NGX_QUIC_OPENSSL_COMPAT)
++ ngx_quic_compat_t *compat;
++#endif
++
+ ngx_quic_streams_t streams;
+ ngx_quic_congestion_t congestion;
+
@@ -5239,9 +5392,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connection.h
+#endif
+
+#endif /* _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connid.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_connid.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_connid.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_connid.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,502 @@
+
+/*
@@ -5745,9 +5898,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connid.c
+
+ return NGX_OK;
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connid.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_connid.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_connid.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_connid.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,29 @@
+
+/*
@@ -5778,9 +5931,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_connid.h
+ ngx_quic_client_id_t *cid);
+
+#endif /* _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_frames.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_frames.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_frames.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_frames.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,891 @@
+
+/*
@@ -6673,9 +6826,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_frames.c
+}
+
+#endif
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_frames.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_frames.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_frames.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_frames.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,45 @@
+
+/*
@@ -6722,9 +6875,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_frames.h
+#endif
+
+#endif /* _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_ */
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_migration.c
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_migration.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_migration.c Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_migration.c Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,671 @@
+
+/*
@@ -7397,9 +7550,9 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_migration.c
+ ngx_add_timer(&qc->path_validation, next);
+ }
+}
-diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_migration.h
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_migration.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/ngx_event_quic_migration.h Tue Jan 31 11:41:14 2023 -0500
++++ b/src/event/quic/ngx_event_quic_migration.h Fri Mar 31 00:04:13 2023 -0400
@@ -0,0 +1,42 @@
+
+/*
@@ -7440,12 +7593,726 @@ diff -r ff3afd1ce6a6 src/event/quic/ngx_event_quic_migration.h
+ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c,
+ ngx_quic_header_t *pkt);
+
-+void ngx_quic_path_validation_handler(ngx_event_t *ev);
++void ngx_quic_path_validation_handler(ngx_event_t *ev);
++
++#endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */
+diff -r ac779115ed6e src/event/quic/ngx_event_quic_openssl_compat.c
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ b/src/event/quic/ngx_event_quic_openssl_compat.c Fri Mar 31 00:04:13 2023 -0400
+@@ -0,0 +1,646 @@
++
++/*
++ * Copyright (C) Nginx, Inc.
++ */
++
++
++#include <ngx_config.h>
++#include <ngx_core.h>
++#include <ngx_event.h>
++#include <ngx_event_quic_connection.h>
++
++
++#if (NGX_QUIC_OPENSSL_COMPAT)
++
++#define NGX_QUIC_COMPAT_RECORD_SIZE 1024
++
++#define NGX_QUIC_COMPAT_SSL_TP_EXT 0x39
++
++#define NGX_QUIC_COMPAT_CLIENT_HANDSHAKE "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
++#define NGX_QUIC_COMPAT_SERVER_HANDSHAKE "SERVER_HANDSHAKE_TRAFFIC_SECRET"
++#define NGX_QUIC_COMPAT_CLIENT_APPLICATION "CLIENT_TRAFFIC_SECRET_0"
++#define NGX_QUIC_COMPAT_SERVER_APPLICATION "SERVER_TRAFFIC_SECRET_0"
++
++
++typedef struct {
++ ngx_quic_secret_t secret;
++ ngx_uint_t cipher;
++} ngx_quic_compat_keys_t;
++
++
++typedef struct {
++ ngx_log_t *log;
++
++ u_char type;
++ ngx_str_t payload;
++ uint64_t number;
++ ngx_quic_compat_keys_t *keys;
++
++ enum ssl_encryption_level_t level;
++} ngx_quic_compat_record_t;
++
++
++struct ngx_quic_compat_s {
++ const SSL_QUIC_METHOD *method;
++
++ enum ssl_encryption_level_t write_level;
++ enum ssl_encryption_level_t read_level;
++
++ uint64_t read_record;
++ ngx_quic_compat_keys_t keys;
++
++ ngx_str_t tp;
++ ngx_str_t ctp;
++};
++
++
++static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line);
++static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
++ ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level,
++ const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
++static int ngx_quic_compat_add_transport_params_callback(SSL *ssl,
*** 2329 LINES SKIPPED ***