Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 8144:02ee77f8d53d quic
QUIC: account packet header length in amplification limit.
Header length calculation is adjusted to account real connection id lengths
instead of worst case.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 15 Oct 2020 11:37:01 +0300 |
parents | d564e8850975 |
children | 61f1c6ac8967 |
comparison
equal
deleted
inserted
replaced
8143:474706351c09 | 8144:02ee77f8d53d |
---|---|
3755 | 3755 |
3756 /* all frames in same send_ctx share same level */ | 3756 /* all frames in same send_ctx share same level */ |
3757 hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER | 3757 hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER |
3758 : NGX_QUIC_MAX_LONG_HEADER; | 3758 : NGX_QUIC_MAX_LONG_HEADER; |
3759 hlen += EVP_GCM_TLS_TAG_LEN; | 3759 hlen += EVP_GCM_TLS_TAG_LEN; |
3760 hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len; | |
3760 | 3761 |
3761 do { | 3762 do { |
3762 len = 0; | 3763 len = 0; |
3763 need_ack = 0; | 3764 need_ack = 0; |
3764 ngx_queue_init(&range); | 3765 ngx_queue_init(&range); |
3784 * Prior to validation, endpoints are limited in what they | 3785 * Prior to validation, endpoints are limited in what they |
3785 * are able to send. During the handshake, a server cannot | 3786 * are able to send. During the handshake, a server cannot |
3786 * send more than three times the data it receives; | 3787 * send more than three times the data it receives; |
3787 */ | 3788 */ |
3788 | 3789 |
3789 if (((c->sent + len + f->len) / 3) > qc->received) { | 3790 if (((c->sent + hlen + len + f->len) / 3) > qc->received) { |
3790 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 3791 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
3791 "quic hit amplification limit" | 3792 "quic hit amplification limit" |
3792 " received %uz sent %O", | 3793 " received %uz sent %O", |
3793 qc->received, c->sent); | 3794 qc->received, c->sent); |
3794 break; | 3795 break; |