diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2020-09-09 16:35:29 +0300 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2020-09-09 16:35:29 +0300 |
| commit | 2e24e3811bafe5949ebe4d286f67c534c009c08a (patch) | |
| tree | bdc90dd9a93720c9c05c10cc75f812e4b5eb936e /src | |
| parent | f3bed9cd67ee6333b7d0db121f96451c0bcf4686 (diff) | |
| download | nginx-2e24e3811bafe5949ebe4d286f67c534c009c08a.tar.gz nginx-2e24e3811bafe5949ebe4d286f67c534c009c08a.zip | |
QUIC: allowed old DCID for initial packets until first ACK.
If a packet sent in response to an initial client packet was lost, then
successive client initial packets were dropped by nginx with the unexpected
dcid message logged. This was because the new DCID generated by the server was
not available to the client.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_quic.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index 336888787..9301aa9a6 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -1991,22 +1991,35 @@ ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) static ngx_int_t ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) { - ngx_str_t *dcid; ngx_queue_t *q; + ngx_quic_send_ctx_t *ctx; ngx_quic_client_id_t *cid; - dcid = ngx_quic_pkt_zrtt(pkt->flags) ? &qc->odcid : &qc->dcid; + ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial); - if (pkt->dcid.len != dcid->len) { - ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl"); - return NGX_ERROR; + if (ngx_quic_pkt_zrtt(pkt->flags) + || (ngx_quic_pkt_in(pkt->flags) && ctx->largest_ack == (uint64_t) -1)) + { + if (pkt->dcid.len == qc->odcid.len + && ngx_memcmp(pkt->dcid.data, qc->odcid.data, qc->odcid.len) == 0) + { + goto found; + } } - if (ngx_memcmp(pkt->dcid.data, dcid->data, dcid->len) != 0) { - ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); - return NGX_ERROR; + if (!ngx_quic_pkt_zrtt(pkt->flags)) { + if (pkt->dcid.len == qc->dcid.len + && ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) == 0) + { + goto found; + } } + ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); + return NGX_ERROR; + +found: + for (q = ngx_queue_head(&qc->client_ids); q != ngx_queue_sentinel(&qc->client_ids); q = ngx_queue_next(q)) |