# HG changeset patch # User Roman Arutyunyan # Date 1693464847 -14400 # Node ID f6b6f3dd7ca0653fc5ffe4f32dc806460eb6c64e # Parent 8f7e6d8c061e1f4b7656141d2fac85ce6846ac23 QUIC: ignore path validation socket error (ticket #2532). Previously, a socket error on a path being validated resulted in validation error and subsequent QUIC connection closure. Now the error is ignored and path validation proceeds as usual, with several retries and a timeout. When validating the old path after an apparent migration, that path may already be unavailable and sendmsg() may return an error, which should not result in QUIC connection close. When validating the new path, it's possible that the new client address is spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing). This address may as well be unavailable and should not trigger QUIC connection closure. diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c --- a/src/event/quic/ngx_event_quic_migration.c +++ b/src/event/quic/ngx_event_quic_migration.c @@ -518,9 +518,7 @@ ngx_quic_validate_path(ngx_connection_t return NGX_ERROR; } - if (ngx_quic_send_path_challenge(c, path) != NGX_OK) { - return NGX_ERROR; - } + (void) ngx_quic_send_path_challenge(c, path); ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application); pto = ngx_max(ngx_quic_pto(c, ctx), 1000);