Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8321:e45719a9b148 quic
Discarding Handshake packets if no Handshake keys yet.
Found with a previously received Initial packet with ACK only, which
instantiates a new connection but do not produce the handshake keys.
This can be triggered by a fairly well behaving client, if the server
stands behind a load balancer that stripped Initial packets exchange.
Found by F5 test suite.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 06 Apr 2020 14:54:10 +0300 |
| parents | 6e1213ef469a |
| children | d9bc33166361 |
comparison
equal
deleted
inserted
replaced
| 8320:6e1213ef469a | 8321:e45719a9b148 |
|---|---|
| 868 | 868 |
| 869 c->log->action = "processing handshake quic packet"; | 869 c->log->action = "processing handshake quic packet"; |
| 870 | 870 |
| 871 qc = c->quic; | 871 qc = c->quic; |
| 872 | 872 |
| 873 keys = &c->quic->keys[ssl_encryption_handshake]; | |
| 874 | |
| 875 if (keys->client.key.len == 0) { | |
| 876 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 877 "no read keys yet, packet ignored"); | |
| 878 return NGX_DECLINED; | |
| 879 } | |
| 880 | |
| 873 /* extract cleartext data into pkt */ | 881 /* extract cleartext data into pkt */ |
| 874 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 882 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
| 875 return NGX_ERROR; | 883 return NGX_ERROR; |
| 876 } | 884 } |
| 877 | 885 |
| 902 } | 910 } |
| 903 | 911 |
| 904 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { | 912 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
| 905 return NGX_ERROR; | 913 return NGX_ERROR; |
| 906 } | 914 } |
| 907 | |
| 908 keys = &c->quic->keys[ssl_encryption_handshake]; | |
| 909 | 915 |
| 910 pkt->secret = &keys->client; | 916 pkt->secret = &keys->client; |
| 911 pkt->level = ssl_encryption_handshake; | 917 pkt->level = ssl_encryption_handshake; |
| 912 pkt->plaintext = buf; | 918 pkt->plaintext = buf; |
| 913 | 919 |