Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_migration.c @ 9190:3a67dd34b6cc
QUIC: fixed anti-amplification with explicit send.
Previously, when using ngx_quic_frame_sendto() to explicitly send a packet with
a single frame, anti-amplification limit was not properly enforced. Even when
there was no quota left for the packet, it was sent anyway, but with no padding.
Now the packet is not sent at all.
This function is called to send PATH_CHALLENGE/PATH_RESPONSE, PMTUD and probe
packets. For all these cases packet send is retried later in case the send was
not successful.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 22 Nov 2023 14:52:21 +0400 |
parents | fcec773dd249 |
children | 618132842e7c |
comparison
equal
deleted
inserted
replaced
9189:fcec773dd249 | 9190:3a67dd34b6cc |
---|---|
870 | 870 |
871 | 871 |
872 static ngx_int_t | 872 static ngx_int_t |
873 ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path) | 873 ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path) |
874 { | 874 { |
875 size_t mtu; | |
875 ngx_int_t rc; | 876 ngx_int_t rc; |
876 ngx_uint_t log_error; | 877 ngx_uint_t log_error; |
877 ngx_quic_frame_t frame; | 878 ngx_quic_frame_t frame; |
878 ngx_quic_send_ctx_t *ctx; | 879 ngx_quic_send_ctx_t *ctx; |
879 ngx_quic_connection_t *qc; | 880 ngx_quic_connection_t *qc; |
893 path->seqnum, path->mtud, ctx->pnum, path->tries); | 894 path->seqnum, path->mtud, ctx->pnum, path->tries); |
894 | 895 |
895 log_error = c->log_error; | 896 log_error = c->log_error; |
896 c->log_error = NGX_ERROR_IGNORE_EMSGSIZE; | 897 c->log_error = NGX_ERROR_IGNORE_EMSGSIZE; |
897 | 898 |
899 mtu = path->mtu; | |
900 path->mtu = path->mtud; | |
901 | |
898 rc = ngx_quic_frame_sendto(c, &frame, path->mtud, path); | 902 rc = ngx_quic_frame_sendto(c, &frame, path->mtud, path); |
903 | |
904 path->mtu = mtu; | |
899 c->log_error = log_error; | 905 c->log_error = log_error; |
900 | 906 |
901 if (rc == NGX_ERROR) { | 907 if (rc == NGX_ERROR) { |
902 if (c->write->error) { | 908 if (c->write->error) { |
903 c->write->error = 0; | 909 c->write->error = 0; |