]> git.kaiwu.me - nginx.git/commitdiff
QUIC: added anti-amplification limit.
authorVladimir Homutov <vl@nginx.com>
Thu, 16 Jul 2020 13:36:02 +0000 (16:36 +0300)
committerVladimir Homutov <vl@nginx.com>
Thu, 16 Jul 2020 13:36:02 +0000 (16:36 +0300)
According to quic-transport draft 29, section 21.12.1.1:

   Prior to validation, endpoints are limited in what they are able to
   send.  During the handshake, a server cannot send more than three
   times the data it receives; clients that initiate new connections or
   migrate to a new network path are limited.

src/event/ngx_event_quic.c

index 8c13c6a047e0cb04f2dba4b8ecba511ebdefd493..95f613045fbf2e1472d6cfea1f543cc7d8548490 100644 (file)
@@ -114,6 +114,7 @@ struct ngx_quic_connection_s {
 
     ngx_quic_streams_t                streams;
     ngx_quic_congestion_t             congestion;
+    size_t                            received;
 
     uint64_t                          cur_streams;
     uint64_t                          max_streams;
@@ -130,6 +131,7 @@ struct ngx_quic_connection_s {
     unsigned                          key_phase:1;
     unsigned                          in_retry:1;
     unsigned                          initialized:1;
+    unsigned                          validated:1;
 };
 
 
@@ -689,6 +691,8 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp,
      * qc->latest_rtt = 0
      */
 
+    qc->received = pkt->raw->last - pkt->raw->start;
+
     qc->pto.log = c->log;
     qc->pto.data = c;
     qc->pto.handler = ngx_quic_pto_handler;
@@ -763,6 +767,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp,
         }
 
         /* NGX_OK */
+        qc->validated = 1;
 
     } else if (tp->retry) {
         return ngx_quic_retry(c);
@@ -1240,6 +1245,7 @@ ngx_quic_input_handler(ngx_event_t *rev)
     }
 
     b.last += n;
+    qc->received += n;
 
     if (ngx_quic_input(c, &b) != NGX_OK) {
         ngx_quic_close_connection(c, NGX_ERROR);
@@ -1639,6 +1645,8 @@ ngx_quic_retry_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
+    qc->validated = 1;
+
     pkt->secret = &keys->client;
     pkt->level = ssl_encryption_initial;
     pkt->plaintext = buf;
@@ -1759,6 +1767,7 @@ ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
     ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_initial);
     ngx_quic_free_frames(c, &ctx->sent);
 
+    qc->validated = 1;
     qc->pto_count = 0;
 
     return ngx_quic_payload_handler(c, pkt);
@@ -3368,6 +3377,22 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
                 break;
             }
 
+            if (!qc->validated) {
+                /*
+                 * Prior to validation, endpoints are limited in what they
+                 * are able to send.  During the handshake, a server cannot
+                 * send more than three times the data it receives;
+                 */
+
+                if (((c->sent + len + f->len) / 3) > qc->received) {
+                    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                                   "quic hit amplification limit"
+                                   " received %uz sent %O",
+                                   qc->received, c->sent);
+                    break;
+                }
+            }
+
             q = ngx_queue_next(q);
 
             f->first = ngx_current_msec;