Mercurial > hg > nginx
diff src/event/quic/ngx_event_quic_connection.h @ 8939:ddd5e5c0f87d quic
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 13 Dec 2021 17:27:29 +0300 |
parents | 1d7bf9778328 |
children | fb41e37ddeb0 |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_connection.h +++ b/src/event/quic/ngx_event_quic_connection.h @@ -86,6 +86,7 @@ struct ngx_quic_path_s { socklen_t socklen; ngx_uint_t state; ngx_msec_t expires; + ngx_msec_t last_seen; ngx_uint_t tries; off_t sent; off_t received; @@ -93,7 +94,6 @@ struct ngx_quic_path_s { u_char challenge2[8]; ngx_uint_t refcnt; uint64_t seqnum; - time_t validated_at; ngx_str_t addr_text; u_char text[NGX_SOCKADDR_STRLEN]; };