diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2023-11-22 14:48:12 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2023-11-22 14:48:12 +0400 |
| commit | 0c0f3405544404b354780ddbeacf5d54f122bcdc (patch) | |
| tree | 81a730c0f20cca4c9578a1e20482c12c62f7bccd /src/core/ngx_file.c | |
| parent | 6c78bb9bb1ccbf91f5f059c13a82badea529012a (diff) | |
| download | nginx-0c0f3405544404b354780ddbeacf5d54f122bcdc.tar.gz nginx-0c0f3405544404b354780ddbeacf5d54f122bcdc.tar.bz2 | |
QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint SHOULD NOT send multiple PATH_CHALLENGE
frames in a single packet. The change adds a check to enforce this claim to
optimize server behavior. Previously each PATH_CHALLENGE always resulted in a
single response datagram being sent to client. The effect of this was however
limited by QUIC flood protection.
Also, PATH_CHALLENGE is explicitly disabled in Initial and Handshake levels,
see RFC 9000, Table 3. However, technically it may be sent by client in 0-RTT
over a new path without actual migration, even though the migration itself is
prohibited during handshake. This allows client to coalesce multiple 0-RTT
packets each carrying a PATH_CHALLENGE and end up with multiple PATH_CHALLENGEs
per datagram. This again leads to suboptimal behavior, see above. Since the
purpose of sending PATH_CHALLENGE frames in 0-RTT is unclear, these frames are
now only allowed in 1-RTT. For 0-RTT they are silently ignored.
Diffstat (limited to 'src/core/ngx_file.c')
0 files changed, 0 insertions, 0 deletions