QUIC: additional limit for probing packets. RFC 9000, 9.3. Responding to Connection Migration: An endpoint only changes the address to which it sends packets in response to the highest-numbered non-probing packet. The patch extends this requirement to probing packets. Although it may seem excessive, it helps with mitigation of reply attacks (when an off-path attacker has copied packet with PATH_CHALLENGE and uses different addresses to exhaust available connection ids).

# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


ngx_include="unistd.h";      . auto/include
ngx_include="inttypes.h";    . auto/include
ngx_include="limits.h";      . auto/include
ngx_include="sys/filio.h";   . auto/include
ngx_include="sys/param.h";   . auto/include
ngx_include="sys/mount.h";   . auto/include
ngx_include="sys/statvfs.h"; . auto/include
ngx_include="crypt.h";       . auto/include