Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8381:6e100d8c138a quic
Preserve original DCID and unbreak parsing 0-RTT packets.
As per QUIC transport, the first flight of 0-RTT packets obviously uses same
Destination and Source Connection ID values as the client's first Initial.
The fix is to match 0-RTT against original DCID after it has been switched.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 12 May 2020 18:18:58 +0300 |
parents | efe1f104caf7 |
children | b7704303a7e5 |
comparison
equal
deleted
inserted
replaced
8380:efe1f104caf7 | 8381:6e100d8c138a |
---|---|
85 | 85 |
86 | 86 |
87 struct ngx_quic_connection_s { | 87 struct ngx_quic_connection_s { |
88 ngx_str_t scid; | 88 ngx_str_t scid; |
89 ngx_str_t dcid; | 89 ngx_str_t dcid; |
90 ngx_str_t odcid; | |
90 ngx_str_t token; | 91 ngx_str_t token; |
91 | 92 |
92 ngx_uint_t client_tp_done; | 93 ngx_uint_t client_tp_done; |
93 ngx_quic_tp_t tp; | 94 ngx_quic_tp_t tp; |
94 ngx_quic_tp_t ctp; | 95 ngx_quic_tp_t ctp; |
619 | 620 |
620 #ifdef NGX_QUIC_DEBUG_PACKETS | 621 #ifdef NGX_QUIC_DEBUG_PACKETS |
621 ngx_quic_hexdump(c->log, "quic server CID", qc->dcid.data, qc->dcid.len); | 622 ngx_quic_hexdump(c->log, "quic server CID", qc->dcid.data, qc->dcid.len); |
622 #endif | 623 #endif |
623 | 624 |
625 qc->odcid.len = pkt->dcid.len; | |
626 qc->odcid.data = ngx_pnalloc(c->pool, qc->odcid.len); | |
627 if (qc->odcid.data == NULL) { | |
628 return NGX_ERROR; | |
629 } | |
630 ngx_memcpy(qc->odcid.data, pkt->dcid.data, qc->odcid.len); | |
631 | |
624 qc->scid.len = pkt->scid.len; | 632 qc->scid.len = pkt->scid.len; |
625 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); | 633 qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len); |
626 if (qc->scid.data == NULL) { | 634 if (qc->scid.data == NULL) { |
627 return NGX_ERROR; | 635 return NGX_ERROR; |
628 } | 636 } |
636 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); | 644 ngx_memcpy(qc->token.data, pkt->token.data, qc->token.len); |
637 | 645 |
638 keys = &c->quic->keys[ssl_encryption_initial]; | 646 keys = &c->quic->keys[ssl_encryption_initial]; |
639 | 647 |
640 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, | 648 if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server, |
641 &pkt->dcid) | 649 &qc->odcid) |
642 != NGX_OK) | 650 != NGX_OK) |
643 { | 651 { |
644 return NGX_ERROR; | 652 return NGX_ERROR; |
645 } | 653 } |
646 | 654 |
1230 | 1238 |
1231 | 1239 |
1232 static ngx_int_t | 1240 static ngx_int_t |
1233 ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) | 1241 ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt) |
1234 { | 1242 { |
1235 if (pkt->dcid.len != qc->dcid.len) { | 1243 ngx_str_t *dcid; |
1244 | |
1245 dcid = ngx_quic_pkt_zrtt(pkt->flags) ? &qc->odcid : &qc->dcid; | |
1246 | |
1247 if (pkt->dcid.len != dcid->len) { | |
1236 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl"); | 1248 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl"); |
1237 return NGX_ERROR; | 1249 return NGX_ERROR; |
1238 } | 1250 } |
1239 | 1251 |
1240 if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) { | 1252 if (ngx_memcmp(pkt->dcid.data, dcid->data, dcid->len) != 0) { |
1241 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); | 1253 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid"); |
1242 return NGX_ERROR; | 1254 return NGX_ERROR; |
1243 } | 1255 } |
1244 | 1256 |
1245 if (pkt->scid.len != qc->scid.len) { | 1257 if (pkt->scid.len != qc->scid.len) { |