diff options
| author | Vladimir Homutov <vl@nginx.com> | 2020-05-18 13:54:53 +0300 |
|---|---|---|
| committer | Vladimir Homutov <vl@nginx.com> | 2020-05-18 13:54:53 +0300 |
| commit | 04efd355aa02e40e5ec408a34bb31bec86649849 (patch) | |
| tree | 81fdb37b5ac56d3d2b654c200d38c17999fb02e5 /src | |
| parent | 0041c3f6b72d7e31beca74b0f17d8445e8aaf9e9 (diff) | |
| download | nginx-04efd355aa02e40e5ec408a34bb31bec86649849.tar.gz nginx-04efd355aa02e40e5ec408a34bb31bec86649849.zip | |
Avoid retransmitting of packets with discarded keys.
Sections 4.10.1 and 4.10.2 of quic transport describe discarding of initial
and handshake keys. Since the keys are discarded, we no longer need
to retransmit packets and corresponding queues should be emptied.
This patch removes previously added workaround that did not require
acknowledgement for initial packets, resulting in avoiding retransmission,
which is wrong because a packet could be lost and we have to retransmit it.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_quic.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index 31a10f98f..714660dbb 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -1602,6 +1602,13 @@ ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) return NGX_ERROR; } + /* + * 4.10.1. The successful use of Handshake packets indicates + * that no more Initial packets need to be exchanged + */ + ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_initial); + ngx_quic_free_frames(c, &ctx->sent); + return ngx_quic_payload_handler(c, pkt); } @@ -2438,6 +2445,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) int sslerr; ssize_t n; ngx_ssl_conn_t *ssl_conn; + ngx_quic_send_ctx_t *ctx; ngx_quic_crypto_frame_t *f; f = &frame->u.crypto; @@ -2507,6 +2515,13 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) { return NGX_ERROR; } + + /* + * 4.10.2 An endpoint MUST discard its handshake keys + * when the TLS handshake is confirmed + */ + ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_handshake); + ngx_quic_free_frames(c, &ctx->sent); } ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, @@ -3069,14 +3084,6 @@ ngx_quic_send_frames(ngx_connection_t *c, ngx_queue_t *frames) f->last = now; } - if (start->level == ssl_encryption_initial) { - /* ack will not be sent in initial packets due to initial keys being - * discarded when handshake start. - * Thus consider initial packets as non-ack-eliciting - */ - pkt.need_ack = 0; - } - out.len = p - out.data; while (out.len < 4) { |