QUIC: additional limit for probing packets.

RFC 9000, 9.3.  Responding to Connection Migration:
    An endpoint only changes the address to which it sends packets in
    response to the highest-numbered non-probing packet.

The patch extends this requirement to probing packets.  Although it may
seem excessive, it helps with mitigation of reply attacks (when an off-path
attacker has copied packet with PATH_CHALLENGE and uses different
addresses to exhaust available connection ids).

0 files changed, 0 insertions, 0 deletions