nginx: src/event/quic/ngx_event_quic

comparison src/event/quic/ngx_event_quic_connid.c @ 8920:9680f0badc95 quic

QUIC: fixed using of retired connection id (ticket #2289). RFC 9000 19.16 The sequence number specified in a RETIRE_CONNECTION_ID frame MUST NOT refer to the Destination Connection ID field of the packet in which the frame is contained. Before the patch, the RETIRE_CONNECTION_ID frame was sent before switching to the new client id. If retired client id was currently in use, this lead to violation of the spec.

author	Vladimir Homutov <vl@nginx.com>
date	Thu, 02 Dec 2021 14:09:52 +0300
parents	b09f055daa4e
children	32daba3aabb2

comparison

equal deleted inserted replaced

-:a6a328ebd362
+:9680f0badc95
 ngx_int_t
 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
 ngx_quic_new_conn_id_frame_t *f)
 {
+uint64_t                seq;
 ngx_str_t               id;
 ngx_queue_t            *q;
 ngx_quic_client_id_t   *cid, *item;
 ngx_quic_connection_t  *qc;
 if (cid->seqnum >= f->retire) {
 continue;
 }
 /* this connection id must be retired */
+seq = cid->seqnum;
-if (ngx_quic_send_retire_connection_id(c, cid->seqnum) != NGX_OK) {
-return NGX_ERROR;
-}
 if (cid->refcnt) {
 /* we are going to retire client id which is in use */
 if (ngx_quic_replace_retired_client_id(c, cid) != NGX_OK) {
 return NGX_ERROR;
 }
 } else {
 ngx_quic_unref_client_id(c, cid);
+}
+if (ngx_quic_send_retire_connection_id(c, seq) != NGX_OK) {
+return NGX_ERROR;
 }
 }
 done:

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_connid.c @ 8920:9680f0badc95 quic