Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_migration.c @ 8972:077a1e403446 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: additional limit for probing packets. RFC 9000, 9.3. Responding to Connection Migration: An endpoint only changes the address to which it sends packets in response to the highest-numbered non-probing packet. The patch extends this requirement to probing packets. Although it may seem excessive, it helps with mitigation of reply attacks (when an off-path attacker has copied packet with PATH_CHALLENGE and uses different addresses to exhaust available connection ids).
author Vladimir Homutov <vl@nginx.com>
date Thu, 20 Jan 2022 22:00:25 +0300
parents 1e2f4e9c8195
children da24a78720eb
comparison
equal deleted inserted replaced
8971:1e2f4e9c8195 8972:077a1e403446
253 { 253 {
254 off_t len; 254 off_t len;
255 ngx_queue_t *q; 255 ngx_queue_t *q;
256 ngx_quic_path_t *path, *probe; 256 ngx_quic_path_t *path, *probe;
257 ngx_quic_socket_t *qsock; 257 ngx_quic_socket_t *qsock;
258 ngx_quic_send_ctx_t *ctx;
258 ngx_quic_client_id_t *cid; 259 ngx_quic_client_id_t *cid;
259 ngx_quic_connection_t *qc; 260 ngx_quic_connection_t *qc;
260 261
261 qc = ngx_quic_get_connection(c); 262 qc = ngx_quic_get_connection(c);
262 qsock = ngx_quic_get_socket(c); 263 qsock = ngx_quic_get_socket(c);
288 probe = path; 289 probe = path;
289 } 290 }
290 } 291 }
291 292
292 /* packet from new path, drop current probe, if any */ 293 /* packet from new path, drop current probe, if any */
294
295 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
296
297 /*
298 * only accept highest-numbered packets to prevent connection id
299 * exhaustion by excessive probing packets from unknown paths
300 */
301 if (pkt->pn != ctx->largest_pn) {
302 return NGX_DONE;
303 }
293 304
294 if (probe && ngx_quic_free_path(c, probe) != NGX_OK) { 305 if (probe && ngx_quic_free_path(c, probe) != NGX_OK) {
295 return NGX_ERROR; 306 return NGX_ERROR;
296 } 307 }
297 308