nginx-quic: src/event/ngx_event

comparison src/event/ngx_event_quic.c @ 8169:7a9ab6f7cea3 quic

QUIC: updated anti-amplification check for draft 32. This accounts for the following change: * Require expansion of datagrams to ensure that a path supports at least 1200 bytes: - During the handshake ack-eliciting Initial packets from the server need to be expanded

author	Vladimir Homutov <vl@nginx.com>
date	Mon, 26 Oct 2020 23:58:34 +0300
parents	f32740ddd484
children	e2086d8181fa

comparison

equal deleted inserted replaced

-:f32740ddd484
+:7a9ab6f7cea3
 static ngx_int_t
 ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
 {
-size_t                  len, hlen;
+size_t                  len, hlen, cutoff;
 ngx_uint_t              need_ack;
 ngx_queue_t            *q, range;
 ngx_quic_frame_t       *f;
 ngx_quic_congestion_t  *cg;
 ngx_quic_connection_t  *qc;
 * Prior to validation, endpoints are limited in what they
 * are able to send.  During the handshake, a server cannot
 * send more than three times the data it receives;
 */
-if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
+if (f->level == ssl_encryption_initial) {
+cutoff = (c->sent + NGX_QUIC_MIN_INITIAL_SIZE) / 3;
+} else {
+cutoff = (c->sent + hlen + len + f->len) / 3;
+}
+if (cutoff > qc->received) {
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "quic hit amplification limit"
 " received:%uz sent:%O",
 qc->received, c->sent);
 break;

Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 8169:7a9ab6f7cea3 quic