]> git.kaiwu.me - nginx.git/commitdiff
QUIC: updated anti-amplification check for draft 32.
authorVladimir Homutov <vl@nginx.com>
Mon, 26 Oct 2020 20:58:34 +0000 (23:58 +0300)
committerVladimir Homutov <vl@nginx.com>
Mon, 26 Oct 2020 20:58:34 +0000 (23:58 +0300)
This accounts for the following change:

   *  Require expansion of datagrams to ensure that a path supports at
      least 1200 bytes:

      -  During the handshake ack-eliciting Initial packets from the
         server need to be expanded

src/event/ngx_event_quic.c

index 4593833da88983f21a4bc9983a08c54e6de43ecf..2eb54c37b86579e2ba16ef2e6bb30cb53e13790e 100644 (file)
@@ -4340,7 +4340,7 @@ ngx_quic_output(ngx_connection_t *c)
 static ngx_int_t
 ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
 {
-    size_t                  len, hlen;
+    size_t                  len, hlen, cutoff;
     ngx_uint_t              need_ack;
     ngx_queue_t            *q, range;
     ngx_quic_frame_t       *f;
@@ -4391,7 +4391,14 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
                  * send more than three times the data it receives;
                  */
 
-                if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
+                if (f->level == ssl_encryption_initial) {
+                    cutoff = (c->sent + NGX_QUIC_MIN_INITIAL_SIZE) / 3;
+
+                } else {
+                    cutoff = (c->sent + hlen + len + f->len) / 3;
+                }
+
+                if (cutoff > qc->received) {
                     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                                    "quic hit amplification limit"
                                    " received:%uz sent:%O",