aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorVladimir Homutov <vl@nginx.com>2020-10-19 12:19:38 +0300
committerVladimir Homutov <vl@nginx.com>2020-10-19 12:19:38 +0300
commitd54fd4ed3402e9eb546e139826491af0536a57bd (patch)
tree640f4b15974df37b17b48f2f6a15e1589bbfa207 /src
parent743cc997811336b01109f83c659a67752015ffad (diff)
downloadnginx-d54fd4ed3402e9eb546e139826491af0536a57bd.tar.gz
nginx-d54fd4ed3402e9eb546e139826491af0536a57bd.zip
QUIC: account packet header length in amplification limit.
This is the restoration of 02ee77f8d53d accidentally reverted by 93be5658a250.
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_quic.c3
-rw-r--r--src/event/ngx_event_quic.h3
2 files changed, 4 insertions, 2 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 2e6d4b570..ed865c327 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -3757,6 +3757,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER
: NGX_QUIC_MAX_LONG_HEADER;
hlen += EVP_GCM_TLS_TAG_LEN;
+ hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len;
do {
len = 0;
@@ -3786,7 +3787,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
* send more than three times the data it receives;
*/
- if (((c->sent + len + f->len) / 3) > qc->received) {
+ if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic hit amplification limit"
" received %uz sent %O",
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index 7ff12f6d5..cb9fbb35c 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -54,7 +54,8 @@
#define NGX_QUIC_STREAM_BUFSIZE 65536
-#define NGX_QUIC_SERVER_CID_LEN 20
+#define NGX_QUIC_MAX_CID_LEN 20
+#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
#define NGX_QUIC_SR_TOKEN_LEN 16
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 00:40:45 +0000