]> git.kaiwu.me - nginx.git/commitdiff
QUIC: account packet header length in amplification limit.
authorVladimir Homutov <vl@nginx.com>
Thu, 15 Oct 2020 08:37:01 +0000 (11:37 +0300)
committerVladimir Homutov <vl@nginx.com>
Thu, 15 Oct 2020 08:37:01 +0000 (11:37 +0300)
Header length calculation is adjusted to account real connection id lengths
instead of worst case.

src/event/ngx_event_quic.c
src/event/ngx_event_quic.h

index 2e6d4b570f511015dfdf8c8b7f4ca74e8f64af85..ed865c327fbfacccbea79521cdb214b623de2254 100644 (file)
@@ -3757,6 +3757,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
     hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER
                                                     : NGX_QUIC_MAX_LONG_HEADER;
     hlen += EVP_GCM_TLS_TAG_LEN;
+    hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len;
 
     do {
         len = 0;
@@ -3786,7 +3787,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
                  * send more than three times the data it receives;
                  */
 
-                if (((c->sent + len + f->len) / 3) > qc->received) {
+                if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
                     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                                    "quic hit amplification limit"
                                    " received %uz sent %O",
index 7ff12f6d5159015718d340dc8fca375eb4adfb80..cb9fbb35c5568ea98fc82952821198f9b29b9778 100644 (file)
@@ -54,7 +54,8 @@
 
 #define NGX_QUIC_STREAM_BUFSIZE              65536
 
-#define NGX_QUIC_SERVER_CID_LEN              20
+#define NGX_QUIC_MAX_CID_LEN                 20
+#define NGX_QUIC_SERVER_CID_LEN              NGX_QUIC_MAX_CID_LEN
 
 #define NGX_QUIC_SR_TOKEN_LEN                16