Mercurial > hg > nginx-quic
view src/event/quic/ngx_event_quic_connid.h @ 8728:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 13 Dec 2021 17:27:29 +0300 |
| parents | 5186ee5a94b9 |
| children | 1e2f4e9c8195 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ #define _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> ngx_int_t ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c, ngx_quic_retire_cid_frame_t *f); ngx_int_t ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c, ngx_quic_new_conn_id_frame_t *f); ngx_int_t ngx_quic_create_sockets(ngx_connection_t *c); ngx_int_t ngx_quic_create_server_id(ngx_connection_t *c, u_char *id); ngx_quic_client_id_t *ngx_quic_create_client_id(ngx_connection_t *c, ngx_str_t *id, uint64_t seqnum, u_char *token); ngx_quic_client_id_t *ngx_quic_next_client_id(ngx_connection_t *c); ngx_quic_client_id_t *ngx_quic_used_client_id(ngx_connection_t *c, ngx_quic_path_t *path); void ngx_quic_unref_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid); #endif /* _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ */