Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8381:6e100d8c138a quic
Preserve original DCID and unbreak parsing 0-RTT packets.
As per QUIC transport, the first flight of 0-RTT packets obviously uses same
Destination and Source Connection ID values as the client's first Initial.
The fix is to match 0-RTT against original DCID after it has been switched.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 12 May 2020 18:18:58 +0300 |
| parents | efe1f104caf7 |
| children | b7704303a7e5 |
comparison
equal
deleted
inserted
replaced
| 8380:efe1f104caf7 | 8381:6e100d8c138a |
|---|---|
| 85 | 85 |
| 86 | 86 |
| 87 struct ngx_quic_connection_s { | 87 struct ngx_quic_connection_s { |
| 88 ngx_str_t scid; | 88 ngx_str_t scid; |
| 89 ngx_str_t dcid; | 89 ngx_str_t dcid; |
| 90 ngx_str_t odcid; | |
| 90 ngx_str_t token; | 91 ngx_str_t token; |
| 91 | 92 |
| 92 ngx_uint_t client_tp_done; | 93 ngx_uint_t client_tp_done; |
| 93 ngx_quic_tp_t tp; | 94 ngx_quic_tp_t tp; |
| 94 ngx_quic_tp_t ctp; | 95 ngx_quic_tp_t ctp; |
| 619 | 620 |
| 620 #ifdef NGX_QUIC_DEBUG_PACKETS | 621 #ifdef NGX_QUIC_DEBUG_PACKETS |
| 621 ngx_quic_hexdump(c->log, "quic server CID", qc->dcid.data, qc->dcid.len); | 622 ngx_quic_hexdump(c->log, "quic server CID", qc->dcid.data, qc->dcid.len); |
| 622 #endif | 623 #endif |
| 623 | 624 |
| 625 qc->odcid.len = pkt->dcid.len; | |
| 626 qc->odcid.data = ngx_pnalloc(c->pool, qc->odcid.len); | |
| 627 if (qc->odcid.data == NULL) { | |
| 628 return NGX_ERROR; | |
| 629 } | |
| 630 ngx_memcpy(qc->odcid.data, pkt->dcid.data, qc->odcid.len); | |
| 631 | |
| 624 qc->scid.len = pkt->scid.len; | 632 qc->scid.len = pkt->scid.len; |
| 625 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); | 633 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); |
| 626 if (qc->scid.data == NULL) { | 634 if (qc->scid.data == NULL) { |
| 627 return NGX_ERROR; | 635 return NGX_ERROR; |
| 628 } | 636 } |
| 636 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); | 644 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); |
| 637 | 645 |
| 638 keys = &c->quic->keys[ssl_encryption_initial]; | 646 keys = &c->quic->keys[ssl_encryption_initial]; |
| 639 | 647 |
| 640 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, | 648 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, |
| 641 &pkt->dcid) | 649 &qc->odcid) |
| 642 != NGX_OK) | 650 != NGX_OK) |
| 643 { | 651 { |
| 644 return NGX_ERROR; | 652 return NGX_ERROR; |
| 645 } | 653 } |
| 646 | 654 |
| 1230 | 1238 |
| 1231 | 1239 |
| 1232 static ngx_int_t | 1240 static ngx_int_t |
| 1233 ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) | 1241 ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) |
| 1234 { | 1242 { |
| 1235 if (pkt->dcid.len != qc->dcid.len) { | 1243 ngx_str_t *dcid; |
| 1244 | |
| 1245 dcid = ngx_quic_pkt_zrtt(pkt->flags) ? &qc->odcid : &qc->dcid; | |
| 1246 | |
| 1247 if (pkt->dcid.len != dcid->len) { | |
| 1236 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl"); | 1248 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl"); |
| 1237 return NGX_ERROR; | 1249 return NGX_ERROR; |
| 1238 } | 1250 } |
| 1239 | 1251 |
| 1240 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { | 1252 if (ngx_memcmp(pkt->dcid.data, dcid->data, dcid->len) != 0) { |
| 1241 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); | 1253 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); |
| 1242 return NGX_ERROR; | 1254 return NGX_ERROR; |
| 1243 } | 1255 } |
| 1244 | 1256 |
| 1245 if (pkt->scid.len != qc->scid.len) { | 1257 if (pkt->scid.len != qc->scid.len) { |