diff options
| author | Vladimir Homutov <vl@nginx.com> | 2021-12-13 17:27:29 +0300 |
|---|---|---|
| committer | Vladimir Homutov <vl@nginx.com> | 2021-12-13 17:27:29 +0300 |
| commit | a31745499bcf35fac236bdc5f3d0d0a6d679b4e0 (patch) | |
| tree | b9b9eaa64fccf5422a98f29d82c74db731ea85f7 /src/event/quic/ngx_event_quic_socket.c | |
| parent | 6e7f19280423056bf06fcd5055db3fcabb842c76 (diff) | |
| download | nginx-a31745499bcf35fac236bdc5f3d0d0a6d679b4e0.tar.gz nginx-a31745499bcf35fac236bdc5f3d0d0a6d679b4e0.tar.bz2 | |
QUIC: improved path validation.
Previously, path was considered valid during arbitrary selected 10m timeout
since validation. This is quite not what RFC 9000 says; the relevant
part is:
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
The patch considers a path to be 'recently seen' if packets were received
during idle timeout. If a packet is received from the path that was seen
not so recently, such path is considered new, and anti-amplification
restrictions apply.
Diffstat (limited to 'src/event/quic/ngx_event_quic_socket.c')
| -rw-r--r-- | src/event/quic/ngx_event_quic_socket.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/event/quic/ngx_event_quic_socket.c b/src/event/quic/ngx_event_quic_socket.c index 4a9fb232d..2b9b0fed3 100644 --- a/src/event/quic/ngx_event_quic_socket.c +++ b/src/event/quic/ngx_event_quic_socket.c @@ -82,7 +82,6 @@ ngx_quic_open_sockets(ngx_connection_t *c, ngx_quic_connection_t *qc, if (pkt->validated) { path->state = NGX_QUIC_PATH_VALIDATED; - path->validated_at = ngx_time(); } /* now bind socket to client and path */ |