From b61447d436bc0d774c0fb85de82a887a3ac13ccc Mon Sep 17 00:00:00 2001 From: Vladimir Homutov Date: Thu, 9 Dec 2021 12:40:14 +0300 Subject: [PATCH] QUIC: refactored ngx_quic_frame_sendto() function. The function now takes path as an argument to deal with associated restrictions and update sent counter. --- src/event/quic/ngx_event_quic_migration.c | 39 ++--------------------- src/event/quic/ngx_event_quic_output.c | 31 ++++++++++++++---- src/event/quic/ngx_event_quic_output.h | 4 +-- 3 files changed, 29 insertions(+), 45 deletions(-) diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c index c3758ad4f..55997cbd3 100644 --- a/src/event/quic/ngx_event_quic_migration.c +++ b/src/event/quic/ngx_event_quic_migration.c @@ -24,8 +24,6 @@ ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c, ngx_quic_path_challenge_frame_t *f) { - off_t max, pad; - ssize_t sent; ngx_quic_path_t *path; ngx_quic_frame_t frame, *fp; ngx_quic_socket_t *qsock; @@ -49,26 +47,11 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c, /* * An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame * to at least the smallest allowed maximum datagram size of 1200 bytes. - * ... - * An endpoint MUST NOT expand the datagram containing the PATH_RESPONSE - * if the resulting data exceeds the anti-amplification limit. */ - if (path->state != NGX_QUIC_PATH_VALIDATED) { - max = path->received * 3; - max = (path->sent >= max) ? 0 : max - path->sent; - pad = ngx_min(1200, max); - - } else { - pad = 1200; - } - - sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen); - if (sent < 0) { + if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) { return NGX_ERROR; } - path->sent += sent; - if (qsock == qc->socket) { /* * RFC 9000, 9.3.3. Off-Path Packet Forwarding @@ -535,8 +518,6 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_socket_t *qsock) static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path) { - off_t max, pad; - ssize_t sent; ngx_quic_frame_t frame; ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, @@ -558,30 +539,16 @@ ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path) */ /* same applies to PATH_RESPONSE frames */ - - max = path->received * 3; - max = (path->sent >= max) ? 0 : max - path->sent; - pad = ngx_min(1200, max); - - sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen); - if (sent < 0) { + if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) { return NGX_ERROR; } - path->sent += sent; - ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8); - max = (path->sent >= max) ? 0 : max - path->sent; - pad = ngx_min(1200, max); - - sent = ngx_quic_frame_sendto(c, &frame, pad, path->sockaddr, path->socklen); - if (sent < 0) { + if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) { return NGX_ERROR; } - path->sent += sent; - return NGX_OK; } diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c index 4d97626a9..3d75e9c39 100644 --- a/src/event/quic/ngx_event_quic_output.c +++ b/src/event/quic/ngx_event_quic_output.c @@ -1208,12 +1208,13 @@ ngx_quic_send_ack_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx, } -ssize_t +ngx_int_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, - size_t min, struct sockaddr *sockaddr, socklen_t socklen) + size_t min, ngx_quic_path_t *path) { + off_t max; size_t min_payload, pad; - ssize_t len; + ssize_t len, sent; ngx_str_t res; ngx_quic_header_t pkt; ngx_quic_send_ctx_t *ctx; @@ -1227,6 +1228,15 @@ ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, ngx_quic_init_packet(c, ctx, qc->socket, &pkt); + /* account for anti-amplification limit: expand to allowed size */ + if (path->state != NGX_QUIC_PATH_VALIDATED) { + max = path->received * 3; + max = (path->sent >= max) ? 0 : max - path->sent; + if ((off_t) min > max) { + min = max; + } + } + min_payload = min ? ngx_quic_payload_size(&pkt, min) : 0; pad = 4 - pkt.num_len; @@ -1234,14 +1244,14 @@ ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, len = ngx_quic_create_frame(NULL, frame); if (len > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) { - return -1; + return NGX_ERROR; } ngx_quic_log_frame(c->log, frame, 1); len = ngx_quic_create_frame(src, frame); if (len == -1) { - return -1; + return NGX_ERROR; } if (len < (ssize_t) min_payload) { @@ -1255,10 +1265,17 @@ ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, res.data = dst; if (ngx_quic_encrypt(&pkt, &res) != NGX_OK) { - return -1; + return NGX_ERROR; } ctx->pnum++; - return ngx_quic_send(c, res.data, res.len, sockaddr, socklen); + sent = ngx_quic_send(c, res.data, res.len, path->sockaddr, path->socklen); + if (sent < 0) { + return NGX_ERROR; + } + + path->sent += sent; + + return NGX_OK; } diff --git a/src/event/quic/ngx_event_quic_output.h b/src/event/quic/ngx_event_quic_output.h index 66b7d12ff..c19f14bf1 100644 --- a/src/event/quic/ngx_event_quic_output.h +++ b/src/event/quic/ngx_event_quic_output.h @@ -34,7 +34,7 @@ ngx_int_t ngx_quic_send_ack(ngx_connection_t *c, ngx_int_t ngx_quic_send_ack_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx, uint64_t smallest, uint64_t largest); -ssize_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, - size_t min, struct sockaddr *sockaddr, socklen_t socklen); +ngx_int_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame, + size_t min, ngx_quic_path_t *path); #endif /* _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_ */