Mercurial > hg > nginx
changeset 8610:7a9ab6f7cea3 quic
QUIC: updated anti-amplification check for draft 32.
This accounts for the following change:
* Require expansion of datagrams to ensure that a path supports at
least 1200 bytes:
- During the handshake ack-eliciting Initial packets from the
server need to be expanded
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 26 Oct 2020 23:58:34 +0300 |
parents | f32740ddd484 |
children | e2086d8181fa |
files | src/event/ngx_event_quic.c |
diffstat | 1 files changed, 9 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -4340,7 +4340,7 @@ ngx_quic_output(ngx_connection_t *c) static ngx_int_t ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx) { - size_t len, hlen; + size_t len, hlen, cutoff; ngx_uint_t need_ack; ngx_queue_t *q, range; ngx_quic_frame_t *f; @@ -4391,7 +4391,14 @@ ngx_quic_output_frames(ngx_connection_t * send more than three times the data it receives; */ - if (((c->sent + hlen + len + f->len) / 3) > qc->received) { + if (f->level == ssl_encryption_initial) { + cutoff = (c->sent + NGX_QUIC_MIN_INITIAL_SIZE) / 3; + + } else { + cutoff = (c->sent + hlen + len + f->len) / 3; + } + + if (cutoff > qc->received) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic hit amplification limit" " received:%uz sent:%O",