Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_migration.c @ 9194:a6f79f044de5
QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1:
When an endpoint is unable to expand the datagram size to 1200 bytes due
to the anti-amplification limit, the path MTU will not be validated.
To ensure that the path MTU is large enough, the endpoint MUST perform a
second path validation by sending a PATH_CHALLENGE frame in a datagram of
at least 1200 bytes.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 29 Nov 2023 10:58:21 +0400 |
| parents | efcdaa66df2e |
| children | ff452f283aa9 |
comparison
equal
deleted
inserted
replaced
| 9193:ce1ff81e9b92 | 9194:a6f79f044de5 |
|---|---|
| 167 /* address did not change */ | 167 /* address did not change */ |
| 168 rst = 0; | 168 rst = 0; |
| 169 | 169 |
| 170 path->mtu = prev->mtu; | 170 path->mtu = prev->mtu; |
| 171 path->max_mtu = prev->max_mtu; | 171 path->max_mtu = prev->max_mtu; |
| 172 path->mtu_unvalidated = 0; | |
| 172 } | 173 } |
| 173 } | 174 } |
| 174 | 175 |
| 175 if (rst) { | 176 if (rst) { |
| 176 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t)); | 177 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t)); |
| 180 14720)); | 181 14720)); |
| 181 qc->congestion.ssthresh = (size_t) -1; | 182 qc->congestion.ssthresh = (size_t) -1; |
| 182 qc->congestion.recovery_start = ngx_current_msec; | 183 qc->congestion.recovery_start = ngx_current_msec; |
| 183 } | 184 } |
| 184 | 185 |
| 186 path->validated = 1; | |
| 187 | |
| 188 if (path->mtu_unvalidated) { | |
| 189 path->mtu_unvalidated = 0; | |
| 190 return ngx_quic_validate_path(c, path); | |
| 191 } | |
| 192 | |
| 185 /* | 193 /* |
| 186 * RFC 9000, 9.3. Responding to Connection Migration | 194 * RFC 9000, 9.3. Responding to Connection Migration |
| 187 * | 195 * |
| 188 * After verifying a new client address, the server SHOULD | 196 * After verifying a new client address, the server SHOULD |
| 189 * send new address validation tokens (Section 8) to the client. | 197 * send new address validation tokens (Section 8) to the client. |
| 196 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 204 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 197 "quic path seq:%uL addr:%V successfully validated", | 205 "quic path seq:%uL addr:%V successfully validated", |
| 198 path->seqnum, &path->addr_text); | 206 path->seqnum, &path->addr_text); |
| 199 | 207 |
| 200 ngx_quic_path_dbg(c, "is validated", path); | 208 ngx_quic_path_dbg(c, "is validated", path); |
| 201 | |
| 202 path->validated = 1; | |
| 203 | 209 |
| 204 ngx_quic_discover_path_mtu(c, path); | 210 ngx_quic_discover_path_mtu(c, path); |
| 205 | 211 |
| 206 return NGX_OK; | 212 return NGX_OK; |
| 207 } | 213 } |
| 576 * to at least the smallest allowed maximum datagram size of 1200 bytes, | 582 * to at least the smallest allowed maximum datagram size of 1200 bytes, |
| 577 * unless the anti-amplification limit for the path does not permit | 583 * unless the anti-amplification limit for the path does not permit |
| 578 * sending a datagram of this size. | 584 * sending a datagram of this size. |
| 579 */ | 585 */ |
| 580 | 586 |
| 581 min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200; | 587 if (path->mtu_unvalidated |
| 588 || ngx_quic_path_limit(c, path, 1200) < 1200) | |
| 589 { | |
| 590 min = 0; | |
| 591 path->mtu_unvalidated = 1; | |
| 592 | |
| 593 } else { | |
| 594 min = 1200; | |
| 595 } | |
| 582 | 596 |
| 583 if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) { | 597 if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) { |
| 584 return NGX_ERROR; | 598 return NGX_ERROR; |
| 585 } | 599 } |
| 586 } | 600 } |