QUIC: updated anti-amplification check for draft 32.

This accounts for the following change: * Require expansion of datagrams to ensure that a path supports at least 1200 bytes: - During the handshake ack-eliciting Initial packets from the server need to be expanded
2025-07-31 10:36:14 +08:00 · 2020-10-26 23:58:34 +03:00 · 2020-10-26 23:58:34 +03:00 · ddd665ca66
commit ddd665ca66
parent 7ba467944d
1 changed files with 9 additions and 2 deletions
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@ -4340,7 +4340,7 @@ ngx_quic_output(ngx_connection_t *c)
 static ngx_int_t
 ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
 {
-    size_t                  len, hlen;
+    size_t                  len, hlen, cutoff;
    ngx_uint_t              need_ack;
    ngx_queue_t            *q, range;
    ngx_quic_frame_t       *f;
@ -4391,7 +4391,14 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
                 * send more than three times the data it receives;
                 */

-                if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
+                if (f->level == ssl_encryption_initial) {
+                    cutoff = (c->sent + NGX_QUIC_MIN_INITIAL_SIZE) / 3;
+
+                } else {
+                    cutoff = (c->sent + hlen + len + f->len) / 3;
+                }
+
+                if (cutoff > qc->received) {
                    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                                   "quic hit amplification limit"
                                   " received:%uz sent:%O",