Mercurial > hg > nginx

changeset 8610:7a9ab6f7cea3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: updated anti-amplification check for draft 32. This accounts for the following change: * Require expansion of datagrams to ensure that a path supports at least 1200 bytes: - During the handshake ack-eliciting Initial packets from the server need to be expanded
author Vladimir Homutov <vl@nginx.com>
date Mon, 26 Oct 2020 23:58:34 +0300
parents f32740ddd484
children e2086d8181fa
files src/event/ngx_event_quic.c
diffstat 1 files changed, 9 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -4340,7 +4340,7 @@ ngx_quic_output(ngx_connection_t *c)
 static ngx_int_t
 ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
 {
-    size_t                  len, hlen;
+    size_t                  len, hlen, cutoff;
     ngx_uint_t              need_ack;
     ngx_queue_t            *q, range;
     ngx_quic_frame_t       *f;
@@ -4391,7 +4391,14 @@ ngx_quic_output_frames(ngx_connection_t 
                  * send more than three times the data it receives;
                  */
 
-                if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
+                if (f->level == ssl_encryption_initial) {
+                    cutoff = (c->sent + NGX_QUIC_MIN_INITIAL_SIZE) / 3;
+
+                } else {
+                    cutoff = (c->sent + hlen + len + f->len) / 3;
+                }
+
+                if (cutoff > qc->received) {
                     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                                    "quic hit amplification limit"
                                    " received:%uz sent:%O",