Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_migration.c @ 9194:a6f79f044de5
QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1:
When an endpoint is unable to expand the datagram size to 1200 bytes due
to the anti-amplification limit, the path MTU will not be validated.
To ensure that the path MTU is large enough, the endpoint MUST perform a
second path validation by sending a PATH_CHALLENGE frame in a datagram of
at least 1200 bytes.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 29 Nov 2023 10:58:21 +0400 |
parents | efcdaa66df2e |
children | ff452f283aa9 |
comparison
equal
deleted
inserted
replaced
9193:ce1ff81e9b92 | 9194:a6f79f044de5 |
---|---|
167 /* address did not change */ | 167 /* address did not change */ |
168 rst = 0; | 168 rst = 0; |
169 | 169 |
170 path->mtu = prev->mtu; | 170 path->mtu = prev->mtu; |
171 path->max_mtu = prev->max_mtu; | 171 path->max_mtu = prev->max_mtu; |
172 path->mtu_unvalidated = 0; | |
172 } | 173 } |
173 } | 174 } |
174 | 175 |
175 if (rst) { | 176 if (rst) { |
176 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t)); | 177 ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t)); |
180 14720)); | 181 14720)); |
181 qc->congestion.ssthresh = (size_t) -1; | 182 qc->congestion.ssthresh = (size_t) -1; |
182 qc->congestion.recovery_start = ngx_current_msec; | 183 qc->congestion.recovery_start = ngx_current_msec; |
183 } | 184 } |
184 | 185 |
186 path->validated = 1; | |
187 | |
188 if (path->mtu_unvalidated) { | |
189 path->mtu_unvalidated = 0; | |
190 return ngx_quic_validate_path(c, path); | |
191 } | |
192 | |
185 /* | 193 /* |
186 * RFC 9000, 9.3. Responding to Connection Migration | 194 * RFC 9000, 9.3. Responding to Connection Migration |
187 * | 195 * |
188 * After verifying a new client address, the server SHOULD | 196 * After verifying a new client address, the server SHOULD |
189 * send new address validation tokens (Section 8) to the client. | 197 * send new address validation tokens (Section 8) to the client. |
196 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 204 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
197 "quic path seq:%uL addr:%V successfully validated", | 205 "quic path seq:%uL addr:%V successfully validated", |
198 path->seqnum, &path->addr_text); | 206 path->seqnum, &path->addr_text); |
199 | 207 |
200 ngx_quic_path_dbg(c, "is validated", path); | 208 ngx_quic_path_dbg(c, "is validated", path); |
201 | |
202 path->validated = 1; | |
203 | 209 |
204 ngx_quic_discover_path_mtu(c, path); | 210 ngx_quic_discover_path_mtu(c, path); |
205 | 211 |
206 return NGX_OK; | 212 return NGX_OK; |
207 } | 213 } |
576 * to at least the smallest allowed maximum datagram size of 1200 bytes, | 582 * to at least the smallest allowed maximum datagram size of 1200 bytes, |
577 * unless the anti-amplification limit for the path does not permit | 583 * unless the anti-amplification limit for the path does not permit |
578 * sending a datagram of this size. | 584 * sending a datagram of this size. |
579 */ | 585 */ |
580 | 586 |
581 min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200; | 587 if (path->mtu_unvalidated |
588 || ngx_quic_path_limit(c, path, 1200) < 1200) | |
589 { | |
590 min = 0; | |
591 path->mtu_unvalidated = 1; | |
592 | |
593 } else { | |
594 min = 1200; | |
595 } | |
582 | 596 |
583 if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) { | 597 if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) { |
584 return NGX_ERROR; | 598 return NGX_ERROR; |
585 } | 599 } |
586 } | 600 } |