ngx_quic_streams_t streams;
ngx_quic_congestion_t congestion;
+ size_t received;
uint64_t cur_streams;
uint64_t max_streams;
unsigned key_phase:1;
unsigned in_retry:1;
unsigned initialized:1;
+ unsigned validated:1;
};
* qc->latest_rtt = 0
*/
+ qc->received = pkt->raw->last - pkt->raw->start;
+
qc->pto.log = c->log;
qc->pto.data = c;
qc->pto.handler = ngx_quic_pto_handler;
}
/* NGX_OK */
+ qc->validated = 1;
} else if (tp->retry) {
return ngx_quic_retry(c);
}
b.last += n;
+ qc->received += n;
if (ngx_quic_input(c, &b) != NGX_OK) {
ngx_quic_close_connection(c, NGX_ERROR);
return NGX_ERROR;
}
+ qc->validated = 1;
+
pkt->secret = &keys->client;
pkt->level = ssl_encryption_initial;
pkt->plaintext = buf;
ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_initial);
ngx_quic_free_frames(c, &ctx->sent);
+ qc->validated = 1;
qc->pto_count = 0;
return ngx_quic_payload_handler(c, pkt);
break;
}
+ if (!qc->validated) {
+ /*
+ * Prior to validation, endpoints are limited in what they
+ * are able to send. During the handshake, a server cannot
+ * send more than three times the data it receives;
+ */
+
+ if (((c->sent + len + f->len) / 3) > qc->received) {
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic hit amplification limit"
+ " received %uz sent %O",
+ qc->received, c->sent);
+ break;
+ }
+ }
+
q = ngx_queue_next(q);
f->first = ngx_current_msec;