]> git.kaiwu.me - nginx.git/commitdiff
QUIC: ignore path validation socket error (ticket #2532).
authorRoman Arutyunyan <arut@nginx.com>
Thu, 31 Aug 2023 06:54:07 +0000 (10:54 +0400)
committerRoman Arutyunyan <arut@nginx.com>
Thu, 31 Aug 2023 06:54:07 +0000 (10:54 +0400)
Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure.  Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.

When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.

When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing).  This address may
as well be unavailable and should not trigger QUIC connection closure.

src/event/quic/ngx_event_quic_migration.c

index 05b9a2863e1054c38f3ea45579b835ab79fca668..bcec9af1d811b27e40ca9330dfd9f1288576be4b 100644 (file)
@@ -518,9 +518,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
         return NGX_ERROR;
     }
 
-    if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
-        return NGX_ERROR;
-    }
+    (void) ngx_quic_send_path_challenge(c, path);
 
     ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
     pto = ngx_max(ngx_quic_pto(c, ctx), 1000);