# HG changeset patch # User Roman Arutyunyan # Date 1693379361 -14400 # Node ID 8f7e6d8c061e1f4b7656141d2fac85ce6846ac23 # Parent 2880f60a80c3e2706151dc7b48dc1267e39c47a9 QUIC: use last client dcid to receive initial packets. Previously, original dcid was used to receive initial client packets in case server initial response was lost. However, last dcid should be used instead. These two are the same unless retry is used. In case of retry, client resends initial packet with a new dcid, that is different from the original dcid. If server response is lost, the client resends this packet again with the same dcid. This is shown in RFC 9000, 7.3. Authenticating Connection IDs, Figure 8. The issue manifested itself with creating multiple server sessions in response to each post-retry client initial packet, if server response is lost. diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -1110,7 +1110,7 @@ ngx_quic_discard_ctx(ngx_connection_t *c } if (level == ssl_encryption_initial) { - /* close temporary listener with odcid */ + /* close temporary listener with initial dcid */ qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN); if (qsock) { ngx_quic_close_socket(c, qsock); diff --git a/src/event/quic/ngx_event_quic_socket.c b/src/event/quic/ngx_event_quic_socket.c --- a/src/event/quic/ngx_event_quic_socket.c +++ b/src/event/quic/ngx_event_quic_socket.c @@ -93,8 +93,8 @@ ngx_quic_open_sockets(ngx_connection_t * tmp->sid.seqnum = NGX_QUIC_UNSET_PN; /* temporary socket */ - ngx_memcpy(tmp->sid.id, pkt->odcid.data, pkt->odcid.len); - tmp->sid.len = pkt->odcid.len; + ngx_memcpy(tmp->sid.id, pkt->dcid.data, pkt->dcid.len); + tmp->sid.len = pkt->dcid.len; if (ngx_quic_listen(c, qc, tmp) != NGX_OK) { goto failed;