QUIC: improved path validation.

Previously, path was considered valid during arbitrary selected 10m timeout
since validation.  This is quite not what RFC 9000 says; the relevant
part is:

    An endpoint MAY skip validation of a peer address if that
    address has been seen recently.

The patch considers a path to be 'recently seen' if packets were received
during idle timeout.  If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.

1 files changed, 1 insertions, 1 deletions

diff --git a/src/event/quic/ngx_event_quic_connection.h b/src/event/quic/ngx_event_quic_connection.h
index ee80342fa..7b6afb123 100644
--- a/src/event/quic/ngx_event_quic_connection.h
+++ b/src/event/quic/ngx_event_quic_connection.h
@@ -86,6 +86,7 @@ struct ngx_quic_path_s {
     socklen_t                         socklen;
     ngx_uint_t                        state;
     ngx_msec_t                        expires;
+    ngx_msec_t                        last_seen;
     ngx_uint_t                        tries;
     off_t                             sent;
     off_t                             received;
@@ -93,7 +94,6 @@ struct ngx_quic_path_s {
     u_char                            challenge2[8];
     ngx_uint_t                        refcnt;
     uint64_t                          seqnum;
-    time_t                            validated_at;
     ngx_str_t                         addr_text;
     u_char                            text[NGX_SOCKADDR_STRLEN];
 };