Mercurial > hg > nginx
view conf/win-utf @ 8913:40445fc7c403 quic
QUIC: fixed migration during NAT rebinding.
The RFC 9000 allows a packet from known CID arrive from unknown path:
These requirements regarding connection ID reuse apply only to the
sending of packets, as unintentional changes in path without a change
in connection ID are possible. For example, after a period of
network inactivity, NAT rebinding might cause packets to be sent on a
new path when the client resumes sending.
Before the patch, such packets were rejected with an error in the
ngx_quic_check_migration() function. Removing the check makes the
separate function excessive - remaining checks are early migration
check and "disable_active_migration" check. The latter is a transport
parameter sent to client and it should not be used by server.
The server should send "disable_active_migration" "if the endpoint does
not support active connection migration" (18.2). The support status depends
on nginx configuration: to have migration working with multiple workers,
you need bpf helper, available on recent Linux systems. The patch does
not set "disable_active_migration" automatically and leaves it for the
administrator. By default, active migration is enabled.
RFC 900 says that it is ok to migrate if the peer violates
"disable_active_migration" flag requirements:
If the peer violates this requirement,
the endpoint MUST either drop the incoming packets on that path without
generating a Stateless Reset
OR
proceed with path validation and allow the peer to migrate. Generating a
Stateless Reset or closing the connection would allow third parties in the
network to cause connections to close by spoofing or otherwise manipulating
observed traffic.
So, nginx adheres to the second option and proceeds to path validation.
Note:
The ngtcp2 may be used for testing both active migration and NAT rebinding:
ngtcp2/client --change-local-addr=200ms --delay-stream=500ms <ip> <port> <url>
ngtcp2/client --change-local-addr=200ms --delay-stream=500ms --nat-rebinding \
<ip> <port> <url>
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 29 Nov 2021 11:51:14 +0300 |
parents | 63a820b0bc6c |
children |
line wrap: on
line source
# This map is not a full windows-1251 <> utf8 map: it does not # contain Serbian and Macedonian letters. If you need a full map, # use contrib/unicode2nginx/win-utf map instead. charset_map windows-1251 utf-8 { 82 E2809A ; # single low-9 quotation mark 84 E2809E ; # double low-9 quotation mark 85 E280A6 ; # ellipsis 86 E280A0 ; # dagger 87 E280A1 ; # double dagger 88 E282AC ; # euro 89 E280B0 ; # per mille 91 E28098 ; # left single quotation mark 92 E28099 ; # right single quotation mark 93 E2809C ; # left double quotation mark 94 E2809D ; # right double quotation mark 95 E280A2 ; # bullet 96 E28093 ; # en dash 97 E28094 ; # em dash 99 E284A2 ; # trade mark sign A0 C2A0 ; # A1 D18E ; # capital Byelorussian short U A2 D19E ; # small Byelorussian short u A4 C2A4 ; # currency sign A5 D290 ; # capital Ukrainian soft G A6 C2A6 ; # borken bar A7 C2A7 ; # section sign A8 D081 ; # capital YO A9 C2A9 ; # (C) AA D084 ; # capital Ukrainian YE AB C2AB ; # left-pointing double angle quotation mark AC C2AC ; # not sign AD C2AD ; # soft hypen AE C2AE ; # (R) AF D087 ; # capital Ukrainian YI B0 C2B0 ; # ° B1 C2B1 ; # plus-minus sign B2 D086 ; # capital Ukrainian I B3 D196 ; # small Ukrainian i B4 D291 ; # small Ukrainian soft g B5 C2B5 ; # micro sign B6 C2B6 ; # pilcrow sign B7 C2B7 ; # · B8 D191 ; # small yo B9 E28496 ; # numero sign BA D194 ; # small Ukrainian ye BB C2BB ; # right-pointing double angle quotation mark BF D197 ; # small Ukrainian yi C0 D090 ; # capital A C1 D091 ; # capital B C2 D092 ; # capital V C3 D093 ; # capital G C4 D094 ; # capital D C5 D095 ; # capital YE C6 D096 ; # capital ZH C7 D097 ; # capital Z C8 D098 ; # capital I C9 D099 ; # capital J CA D09A ; # capital K CB D09B ; # capital L CC D09C ; # capital M CD D09D ; # capital N CE D09E ; # capital O CF D09F ; # capital P D0 D0A0 ; # capital R D1 D0A1 ; # capital S D2 D0A2 ; # capital T D3 D0A3 ; # capital U D4 D0A4 ; # capital F D5 D0A5 ; # capital KH D6 D0A6 ; # capital TS D7 D0A7 ; # capital CH D8 D0A8 ; # capital SH D9 D0A9 ; # capital SHCH DA D0AA ; # capital hard sign DB D0AB ; # capital Y DC D0AC ; # capital soft sign DD D0AD ; # capital E DE D0AE ; # capital YU DF D0AF ; # capital YA E0 D0B0 ; # small a E1 D0B1 ; # small b E2 D0B2 ; # small v E3 D0B3 ; # small g E4 D0B4 ; # small d E5 D0B5 ; # small ye E6 D0B6 ; # small zh E7 D0B7 ; # small z E8 D0B8 ; # small i E9 D0B9 ; # small j EA D0BA ; # small k EB D0BB ; # small l EC D0BC ; # small m ED D0BD ; # small n EE D0BE ; # small o EF D0BF ; # small p F0 D180 ; # small r F1 D181 ; # small s F2 D182 ; # small t F3 D183 ; # small u F4 D184 ; # small f F5 D185 ; # small kh F6 D186 ; # small ts F7 D187 ; # small ch F8 D188 ; # small sh F9 D189 ; # small shch FA D18A ; # small hard sign FB D18B ; # small y FC D18C ; # small soft sign FD D18D ; # small e FE D18E ; # small yu FF D18F ; # small ya }