]> git.kaiwu.me - nginx.git/commit
QUIC: improved path validation.
authorVladimir Homutov <vl@nginx.com>
Mon, 13 Dec 2021 14:27:29 +0000 (17:27 +0300)
committerVladimir Homutov <vl@nginx.com>
Mon, 13 Dec 2021 14:27:29 +0000 (17:27 +0300)
commita31745499bcf35fac236bdc5f3d0d0a6d679b4e0
treeb9b9eaa64fccf5422a98f29d82c74db731ea85f7
parent6e7f19280423056bf06fcd5055db3fcabb842c76
QUIC: improved path validation.

Previously, path was considered valid during arbitrary selected 10m timeout
since validation.  This is quite not what RFC 9000 says; the relevant
part is:

    An endpoint MAY skip validation of a peer address if that
    address has been seen recently.

The patch considers a path to be 'recently seen' if packets were received
during idle timeout.  If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
src/event/quic/ngx_event_quic_connection.h
src/event/quic/ngx_event_quic_migration.c
src/event/quic/ngx_event_quic_migration.h
src/event/quic/ngx_event_quic_socket.c