Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_socket.c @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 13 Dec 2021 17:27:29 +0300 |
| parents | aae8b91e0280 |
| children | fb41e37ddeb0 |
comparison
equal
deleted
inserted
replaced
| 8938:23880e4ad3e2 | 8939:ddd5e5c0f87d |
|---|---|
| 80 goto failed; | 80 goto failed; |
| 81 } | 81 } |
| 82 | 82 |
| 83 if (pkt->validated) { | 83 if (pkt->validated) { |
| 84 path->state = NGX_QUIC_PATH_VALIDATED; | 84 path->state = NGX_QUIC_PATH_VALIDATED; |
| 85 path->validated_at = ngx_time(); | |
| 86 } | 85 } |
| 87 | 86 |
| 88 /* now bind socket to client and path */ | 87 /* now bind socket to client and path */ |
| 89 ngx_quic_connect(c, qsock, path, cid); | 88 ngx_quic_connect(c, qsock, path, cid); |
| 90 | 89 |