HTTP/3: added more compatibility checks for "listen ... quic".

Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive" parameters are not allowed with "quic" in the "listen" directive. Reported by Izorkin.
2024-11-21 16:28:40 +00:00 · 2024-01-30 19:19:26 +04:00 · 2024-01-30 19:19:26 +04:00 · 71a0a4acdb
commit 71a0a4acdb
parent 2a10e48620
1 changed files with 31 additions and 5 deletions
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@ -3961,7 +3961,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)

    ngx_str_t              *value, size;
    ngx_url_t               u;
-    ngx_uint_t              n, i;
+    ngx_uint_t              n, i, backlog;
    ngx_http_listen_opt_t   lsopt;

    cscf->listen = 1;
@ -4000,6 +4000,8 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
    lsopt.ipv6only = 1;
 #endif

+    backlog = 0;
+
    for (n = 2; n < cf->args->nelts; n++) {

        if (ngx_strcmp(value[n].data, "default_server") == 0
@ -4058,6 +4060,8 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
                return NGX_CONF_ERROR;
            }

+            backlog = 1;
+
            continue;
        }

@ -4305,9 +4309,29 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
        return NGX_CONF_ERROR;
    }

-#if (NGX_HTTP_V3)
-
    if (lsopt.quic) {
+#if (NGX_HAVE_TCP_FASTOPEN)
+        if (lsopt.fastopen != -1) {
+            return "\"fastopen\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
+        if (backlog) {
+            return "\"backlog\" parameter is incompatible with \"quic\"";
+        }
+
+#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
+        if (lsopt.accept_filter) {
+            return "\"accept_filter\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
+#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
+        if (lsopt.deferred_accept) {
+            return "\"deferred\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
 #if (NGX_HTTP_SSL)
        if (lsopt.ssl) {
            return "\"ssl\" parameter is incompatible with \"quic\"";
@ -4320,13 +4344,15 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
        }
 #endif

+        if (lsopt.so_keepalive) {
+            return "\"so_keepalive\" parameter is incompatible with \"quic\"";
+        }
+
        if (lsopt.proxy_protocol) {
            return "\"proxy_protocol\" parameter is incompatible with \"quic\"";
        }
    }

-#endif
-
    for (n = 0; n < u.naddrs; n++) {

        for (i = 0; i < n; i++) {