Welcome! Log In Create A New Profile


[nginx] QUIC: ignore path validation socket error (ticket #2532).

Roman Arutyunyan
August 31, 2023 06:28AM
details: https://hg.nginx.org/nginx/rev/f6b6f3dd7ca0
changeset: 9154:f6b6f3dd7ca0
user: Roman Arutyunyan <arut@nginx.com>
date: Thu Aug 31 10:54:07 2023 +0400
QUIC: ignore path validation socket error (ticket #2532).

Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure. Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.

When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.

When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing). This address may
as well be unavailable and should not trigger QUIC connection closure.


src/event/quic/ngx_event_quic_migration.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)

diffs (14 lines):

diff -r 8f7e6d8c061e -r f6b6f3dd7ca0 src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c Wed Aug 30 11:09:21 2023 +0400
+++ b/src/event/quic/ngx_event_quic_migration.c Thu Aug 31 10:54:07 2023 +0400
@@ -518,9 +518,7 @@ ngx_quic_validate_path(ngx_connection_t
return NGX_ERROR;

- if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
- return NGX_ERROR;
- }
+ (void) ngx_quic_send_path_challenge(c, path);

ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
nginx-devel mailing list
Subject Author Views Posted

[nginx] QUIC: ignore path validation socket error (ticket #2532).

Roman Arutyunyan 334 August 31, 2023 06:28AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 281
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready