[nginx] QUIC: path revalidation after expansion failure.

[Roman Arutyunyan]

details:   https://hg.nginx.org/nginx/rev/a6f79f044de5
branches:  
changeset: 9194:a6f79f044de5
user:      Roman Arutyunyan <arut at nginx.com>
date:      Wed Nov 29 10:58:21 2023 +0400
description:
QUIC: path revalidation after expansion failure.

As per RFC 9000, Section 8.2.1:

    When an endpoint is unable to expand the datagram size to 1200 bytes due
    to the anti-amplification limit, the path MTU will not be validated.
    To ensure that the path MTU is large enough, the endpoint MUST perform a
    second path validation by sending a PATH_CHALLENGE frame in a datagram of
    at least 1200 bytes.

diffstat:

 src/event/quic/ngx_event_quic_connection.h |   3 ++-
 src/event/quic/ngx_event_quic_migration.c  |  20 +++++++++++++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diffs (64 lines):

diff -r ce1ff81e9b92 -r a6f79f044de5 src/event/quic/ngx_event_quic_connection.h
--- a/src/event/quic/ngx_event_quic_connection.h	Thu Nov 30 15:03:06 2023 +0400
+++ b/src/event/quic/ngx_event_quic_connection.h	Wed Nov 29 10:58:21 2023 +0400
@@ -111,7 +111,8 @@ struct ngx_quic_path_s {
     uint64_t                          mtu_pnum[NGX_QUIC_PATH_RETRIES];
     ngx_str_t                         addr_text;
     u_char                            text[NGX_SOCKADDR_STRLEN];
-    ngx_uint_t                        validated; /* unsigned validated:1; */
+    unsigned                          validated:1;
+    unsigned                          mtu_unvalidated:1;
 };
 
 
diff -r ce1ff81e9b92 -r a6f79f044de5 src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c	Thu Nov 30 15:03:06 2023 +0400
+++ b/src/event/quic/ngx_event_quic_migration.c	Wed Nov 29 10:58:21 2023 +0400
@@ -169,6 +169,7 @@ valid:
 
             path->mtu = prev->mtu;
             path->max_mtu = prev->max_mtu;
+            path->mtu_unvalidated = 0;
         }
     }
 
@@ -182,6 +183,13 @@ valid:
         qc->congestion.recovery_start = ngx_current_msec;
     }
 
+    path->validated = 1;
+
+    if (path->mtu_unvalidated) {
+        path->mtu_unvalidated = 0;
+        return ngx_quic_validate_path(c, path);
+    }
+
     /*
      * RFC 9000, 9.3.  Responding to Connection Migration
      *
@@ -199,8 +207,6 @@ valid:
 
     ngx_quic_path_dbg(c, "is validated", path);
 
-    path->validated = 1;
-
     ngx_quic_discover_path_mtu(c, path);
 
     return NGX_OK;
@@ -578,7 +584,15 @@ ngx_quic_send_path_challenge(ngx_connect
          * sending a datagram of this size.
          */
 
-        min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200;
+        if (path->mtu_unvalidated
+            || ngx_quic_path_limit(c, path, 1200) < 1200)
+        {
+            min = 0;
+            path->mtu_unvalidated = 1;
+
+        } else {
+            min = 1200;
+        }
 
         if (ngx_quic_frame_sendto(c, frame, min, path) == NGX_ERROR) {
             return NGX_ERROR;