From 894679804bc6b4d118ea8bec4ae79c919ef4b9c0 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 9 May 2023 19:42:40 +0400
Subject: QUIC: lower bound path validation PTO.

According to RFC 9000, 8.2.4. Failed Path Validation,
the following value is recommended as a validation timeout:

  A value of three times the larger of the current PTO
  or the PTO for the new path (using kInitialRtt, as
  defined in [QUIC-RECOVERY]) is RECOMMENDED.

The change adds PTO of the new path to the equation as the lower bound.
---
 src/event/quic/ngx_event_quic_migration.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c
index 4b337ee6c..735245cbf 100644
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -511,7 +511,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
     }
 
     ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
-    pto = ngx_quic_pto(c, ctx);
+    pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
 
     path->expires = ngx_current_msec + pto;
 
@@ -605,7 +605,7 @@ ngx_quic_path_validation_handler(ngx_event_t *ev)
         }
 
         if (++path->tries < NGX_QUIC_PATH_RETRIES) {
-            pto = ngx_quic_pto(c, ctx) << path->tries;
+            pto = ngx_max(ngx_quic_pto(c, ctx), 1000) << path->tries;
 
             path->expires = ngx_current_msec + pto;
 
-- 
cgit