Mercurial > hg > nginx
changeset 8585:02ee77f8d53d quic
QUIC: account packet header length in amplification limit.
Header length calculation is adjusted to account real connection id lengths
instead of worst case.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 15 Oct 2020 11:37:01 +0300 |
parents | 474706351c09 |
children | 7621ffaa79b3 |
files | src/event/ngx_event_quic.c src/event/ngx_event_quic.h |
diffstat | 2 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c Mon Oct 12 14:00:00 2020 +0100 +++ b/src/event/ngx_event_quic.c Thu Oct 15 11:37:01 2020 +0300 @@ -3757,6 +3757,7 @@ hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER : NGX_QUIC_MAX_LONG_HEADER; hlen += EVP_GCM_TLS_TAG_LEN; + hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len; do { len = 0; @@ -3786,7 +3787,7 @@ * send more than three times the data it receives; */ - if (((c->sent + len + f->len) / 3) > qc->received) { + if (((c->sent + hlen + len + f->len) / 3) > qc->received) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic hit amplification limit" " received %uz sent %O",
--- a/src/event/ngx_event_quic.h Mon Oct 12 14:00:00 2020 +0100 +++ b/src/event/ngx_event_quic.h Thu Oct 15 11:37:01 2020 +0300 @@ -54,7 +54,8 @@ #define NGX_QUIC_STREAM_BUFSIZE 65536 -#define NGX_QUIC_SERVER_CID_LEN 20 +#define NGX_QUIC_MAX_CID_LEN 20 +#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN #define NGX_QUIC_SR_TOKEN_LEN 16