QUIC: ignore path validation socket error (ticket #2532).

Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure.  Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.

When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.

When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing).  This address may
as well be unavailable and should not trigger QUIC connection closure.

1 files changed, 1 insertions, 3 deletions

diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c
index 05b9a2863..bcec9af1d 100644
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -518,9 +518,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
         return NGX_ERROR;
     }
 
-    if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
-        return NGX_ERROR;
-    }
+    (void) ngx_quic_send_path_challenge(c, path);
 
     ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
     pto = ngx_max(ngx_quic_pto(c, ctx), 1000);