Mercurial > hg > nginx
view src/event/quic/ngx_event_quic_migration.h @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 13 Dec 2021 17:27:29 +0300 |
parents | 40445fc7c403 |
children | 1e2f4e9c8195 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ #define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_QUIC_PATH_RETRIES 3 #define NGX_QUIC_PATH_NEW 0 #define NGX_QUIC_PATH_VALIDATING 1 #define NGX_QUIC_PATH_VALIDATED 2 #define ngx_quic_path_state_str(p) \ ((p)->state == NGX_QUIC_PATH_NEW) ? "new" : \ (((p)->state == NGX_QUIC_PATH_VALIDATED) ? "validated" : "validating") ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c, ngx_quic_path_challenge_frame_t *f); ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c, ngx_quic_path_challenge_frame_t *f); ngx_quic_path_t *ngx_quic_find_path(ngx_connection_t *c, struct sockaddr *sockaddr, socklen_t socklen); ngx_quic_path_t *ngx_quic_add_path(ngx_connection_t *c, struct sockaddr *sockaddr, socklen_t socklen); ngx_int_t ngx_quic_update_paths(ngx_connection_t *c, ngx_quic_header_t *pkt); ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt); void ngx_quic_path_validation_handler(ngx_event_t *ev); #endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */