Mercurial > hg > nginx

diff src/event/quic/ngx_event_quic_migration.c @ 9194:a6f79f044de5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: path revalidation after expansion failure. As per RFC 9000, Section 8.2.1: When an endpoint is unable to expand the datagram size to 1200 bytes due to the anti-amplification limit, the path MTU will not be validated. To ensure that the path MTU is large enough, the endpoint MUST perform a second path validation by sending a PATH_CHALLENGE frame in a datagram of at least 1200 bytes.
author Roman Arutyunyan <arut@nginx.com>
date Wed, 29 Nov 2023 10:58:21 +0400
parents efcdaa66df2e
children ff452f283aa9
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -169,6 +169,7 @@ valid:
 
             path->mtu = prev->mtu;
             path->max_mtu = prev->max_mtu;
+            path->mtu_unvalidated = 0;
         }
     }
 
@@ -182,6 +183,13 @@ valid:
         qc->congestion.recovery_start = ngx_current_msec;
     }
 
+    path->validated = 1;
+
+    if (path->mtu_unvalidated) {
+        path->mtu_unvalidated = 0;
+        return ngx_quic_validate_path(c, path);
+    }
+
     /*
      * RFC 9000, 9.3.  Responding to Connection Migration
      *
@@ -199,8 +207,6 @@ valid:
 
     ngx_quic_path_dbg(c, "is validated", path);
 
-    path->validated = 1;
-
     ngx_quic_discover_path_mtu(c, path);
 
     return NGX_OK;
@@ -578,7 +584,15 @@ ngx_quic_send_path_challenge(ngx_connect
          * sending a datagram of this size.
          */
 
-        min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200;
+        if (path->mtu_unvalidated
+            || ngx_quic_path_limit(c, path, 1200) < 1200)
+        {
+            min = 0;
+            path->mtu_unvalidated = 1;
+
+        } else {
+            min = 1200;
+        }
 
         if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) {
             return NGX_ERROR;