IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: fixed PATH_RESPONSE frame expansion.

Browse Source 
The PATH_RESPONSE frame must be expanded to 1200, except the case
when anti-amplification limit is in effect, i.e. on unvalidated paths.

Previously, the anti-amplification limit was always applied.
This commit is contained in:
Vladimir Homutov 2021-11-11 15:15:07 +03:00
parent 62b2eea0fe
commit 1562200066
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/event/quic/ngx_event_quic_migration.c
View File

@ -47,12 +47,20 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
path = qsock->path; path = qsock->path;
/* /*
* An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
* to at least the smallest allowed maximum datagram size of 1200 bytes.
* ...
* An endpoint MUST NOT expand the datagram containing the PATH_RESPONSE * An endpoint MUST NOT expand the datagram containing the PATH_RESPONSE
* if the resulting data exceeds the anti-amplification limit. * if the resulting data exceeds the anti-amplification limit.
*/ */
max = path->received * 3; if (path->state != NGX_QUIC_PATH_VALIDATED) {
max = (path->sent >= max) ? 0 : max - path->sent; max = path->received * 3;
pad = ngx_min(1200, max); max = (path->sent >= max) ? 0 : max - path->sent;
pad = ngx_min(1200, max);
} else {
pad = 1200;
}
sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen); sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen);
if (sent < 0) { if (sent < 0) {