Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_connection.h @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 13 Dec 2021 17:27:29 +0300 |
parents | 1d7bf9778328 |
children | fb41e37ddeb0 |
comparison
equal
deleted
inserted
replaced
8938:23880e4ad3e2 | 8939:ddd5e5c0f87d |
---|---|
84 ngx_queue_t queue; | 84 ngx_queue_t queue; |
85 struct sockaddr *sockaddr; | 85 struct sockaddr *sockaddr; |
86 socklen_t socklen; | 86 socklen_t socklen; |
87 ngx_uint_t state; | 87 ngx_uint_t state; |
88 ngx_msec_t expires; | 88 ngx_msec_t expires; |
89 ngx_msec_t last_seen; | |
89 ngx_uint_t tries; | 90 ngx_uint_t tries; |
90 off_t sent; | 91 off_t sent; |
91 off_t received; | 92 off_t received; |
92 u_char challenge1[8]; | 93 u_char challenge1[8]; |
93 u_char challenge2[8]; | 94 u_char challenge2[8]; |
94 ngx_uint_t refcnt; | 95 ngx_uint_t refcnt; |
95 uint64_t seqnum; | 96 uint64_t seqnum; |
96 time_t validated_at; | |
97 ngx_str_t addr_text; | 97 ngx_str_t addr_text; |
98 u_char text[NGX_SOCKADDR_STRLEN]; | 98 u_char text[NGX_SOCKADDR_STRLEN]; |
99 }; | 99 }; |
100 | 100 |
101 | 101 |