# HG changeset patch
# User Roman Arutyunyan <arut@nginx.com>
# Date 1693464847 -14400
# Thu Aug 31 10:54:07 2023 +0400
# Node ID adbd3952c349298117b99e71f4e484ff675b1ab7
# Parent e05bbba2b901a543ed6e627f91a738e06b6ed43b
QUIC: ignore path validation socket error (ticket #2532).
Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure. Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.
When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.
When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing). This address may
as well be unavailable and should not trigger QUIC connection closure.
diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -518,9 +518,7 @@ ngx_quic_validate_path(ngx_connection_t
return NGX_ERROR;
}
- if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
- return NGX_ERROR;
- }
+ (void) ngx_quic_send_path_challenge(c, path);
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel