Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_connection.h @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 13 Dec 2021 17:27:29 +0300 |
| parents | 1d7bf9778328 |
| children | fb41e37ddeb0 |
comparison
equal
deleted
inserted
replaced
| 8938:23880e4ad3e2 | 8939:ddd5e5c0f87d |
|---|---|
| 84 ngx_queue_t queue; | 84 ngx_queue_t queue; |
| 85 struct sockaddr *sockaddr; | 85 struct sockaddr *sockaddr; |
| 86 socklen_t socklen; | 86 socklen_t socklen; |
| 87 ngx_uint_t state; | 87 ngx_uint_t state; |
| 88 ngx_msec_t expires; | 88 ngx_msec_t expires; |
| 89 ngx_msec_t last_seen; | |
| 89 ngx_uint_t tries; | 90 ngx_uint_t tries; |
| 90 off_t sent; | 91 off_t sent; |
| 91 off_t received; | 92 off_t received; |
| 92 u_char challenge1[8]; | 93 u_char challenge1[8]; |
| 93 u_char challenge2[8]; | 94 u_char challenge2[8]; |
| 94 ngx_uint_t refcnt; | 95 ngx_uint_t refcnt; |
| 95 uint64_t seqnum; | 96 uint64_t seqnum; |
| 96 time_t validated_at; | |
| 97 ngx_str_t addr_text; | 97 ngx_str_t addr_text; |
| 98 u_char text[NGX_SOCKADDR_STRLEN]; | 98 u_char text[NGX_SOCKADDR_STRLEN]; |
| 99 }; | 99 }; |
| 100 | 100 |
| 101 | 101 |