Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_migration.c @ 9154:f6b6f3dd7ca0
QUIC: ignore path validation socket error (ticket #2532).
Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure. Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.
When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.
When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing). This address may
as well be unavailable and should not trigger QUIC connection closure.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Thu, 31 Aug 2023 10:54:07 +0400 |
| parents | 58afcd72446f |
| children | fcec773dd249 |
comparison
equal
deleted
inserted
replaced
| 9153:8f7e6d8c061e | 9154:f6b6f3dd7ca0 |
|---|---|
| 516 | 516 |
| 517 if (RAND_bytes(path->challenge2, 8) != 1) { | 517 if (RAND_bytes(path->challenge2, 8) != 1) { |
| 518 return NGX_ERROR; | 518 return NGX_ERROR; |
| 519 } | 519 } |
| 520 | 520 |
| 521 if (ngx_quic_send_path_challenge(c, path) != NGX_OK) { | 521 (void) ngx_quic_send_path_challenge(c, path); |
| 522 return NGX_ERROR; | |
| 523 } | |
| 524 | 522 |
| 525 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application); | 523 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application); |
| 526 pto = ngx_max(ngx_quic_pto(c, ctx), 1000); | 524 pto = ngx_max(ngx_quic_pto(c, ctx), 1000); |
| 527 | 525 |
| 528 path->expires = ngx_current_msec + pto; | 526 path->expires = ngx_current_msec + pto; |