Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 7863:81f85c479d7e quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Discard packets without fixed bit or reserved bits set. Section 17.2 and 17.3 of QUIC transport: Fixed bit: Packets containing a zero value for this bit are not valid packets in this version and MUST be discarded. Reserved bit: An endpoint MUST treat receipt of a packet that has a non-zero value for these bits, after removing both packet and header protection, as a connection error of type PROTOCOL_VIOLATION.
author Vladimir Homutov <vl@nginx.com>
date Thu, 14 May 2020 01:06:45 +0300
parents fb7422074258
children eebdda507ec3
comparison
equal deleted inserted replaced
7862:fb7422074258 7863:81f85c479d7e
562 ngx_log_error(NGX_LOG_INFO, c->log, 0, 562 ngx_log_error(NGX_LOG_INFO, c->log, 0,
563 "quic UDP datagram is too small for initial packet"); 563 "quic UDP datagram is too small for initial packet");
564 return NGX_ERROR; 564 return NGX_ERROR;
565 } 565 }
566 566
567 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { 567 rc = ngx_quic_parse_long_header(pkt);
568 return NGX_ERROR; 568 if (rc != NGX_OK) {
569 return rc;
569 } 570 }
570 571
571 if (!ngx_quic_pkt_in(pkt->flags)) { 572 if (!ngx_quic_pkt_in(pkt->flags)) {
572 ngx_log_error(NGX_LOG_INFO, c->log, 0, 573 ngx_log_error(NGX_LOG_INFO, c->log, 0,
573 "quic invalid initial packet: 0x%xi", pkt->flags); 574 "quic invalid initial packet: 0x%xi", pkt->flags);
674 pkt->plaintext = buf; 675 pkt->plaintext = buf;
675 676
676 ctx = ngx_quic_get_send_ctx(qc, pkt->level); 677 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
677 678
678 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { 679 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) {
680 qc->error = pkt->error;
679 return NGX_ERROR; 681 return NGX_ERROR;
680 } 682 }
681 683
682 if (ngx_quic_init_connection(c) != NGX_OK) { 684 if (ngx_quic_init_connection(c) != NGX_OK) {
683 return NGX_ERROR; 685 return NGX_ERROR;
1418 1420
1419 1421
1420 static ngx_int_t 1422 static ngx_int_t
1421 ngx_quic_retry_input(ngx_connection_t *c, ngx_quic_header_t *pkt) 1423 ngx_quic_retry_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
1422 { 1424 {
1425 ngx_int_t rc;
1423 ngx_quic_secrets_t *keys; 1426 ngx_quic_secrets_t *keys;
1424 ngx_quic_send_ctx_t *ctx; 1427 ngx_quic_send_ctx_t *ctx;
1425 ngx_quic_connection_t *qc; 1428 ngx_quic_connection_t *qc;
1426 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; 1429 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE];
1427 1430
1433 ngx_log_error(NGX_LOG_INFO, c->log, 0, 1436 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1434 "quic UDP datagram is too small for initial packet"); 1437 "quic UDP datagram is too small for initial packet");
1435 return NGX_OK; 1438 return NGX_OK;
1436 } 1439 }
1437 1440
1438 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { 1441 rc = ngx_quic_parse_long_header(pkt);
1439 return NGX_ERROR; 1442 if (rc != NGX_OK) {
1443 return rc;
1440 } 1444 }
1441 1445
1442 if (ngx_quic_pkt_zrtt(pkt->flags)) { 1446 if (ngx_quic_pkt_zrtt(pkt->flags)) {
1443 ngx_log_error(NGX_LOG_INFO, c->log, 0, 1447 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1444 "quic discard inflight 0-RTT packet"); 1448 "quic discard inflight 0-RTT packet");
1482 pkt->plaintext = buf; 1486 pkt->plaintext = buf;
1483 1487
1484 ctx = ngx_quic_get_send_ctx(qc, pkt->level); 1488 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
1485 1489
1486 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { 1490 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) {
1491 qc->error = pkt->error;
1487 return NGX_ERROR; 1492 return NGX_ERROR;
1488 } 1493 }
1489 1494
1490 if (ngx_quic_init_connection(c) != NGX_OK) { 1495 if (ngx_quic_init_connection(c) != NGX_OK) {
1491 return NGX_ERROR; 1496 return NGX_ERROR;
1505 1510
1506 1511
1507 static ngx_int_t 1512 static ngx_int_t
1508 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) 1513 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
1509 { 1514 {
1515 ngx_int_t rc;
1510 ngx_ssl_conn_t *ssl_conn; 1516 ngx_ssl_conn_t *ssl_conn;
1511 ngx_quic_secrets_t *keys; 1517 ngx_quic_secrets_t *keys;
1512 ngx_quic_send_ctx_t *ctx; 1518 ngx_quic_send_ctx_t *ctx;
1513 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; 1519 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE];
1514 1520
1515 c->log->action = "processing initial quic packet"; 1521 c->log->action = "processing initial quic packet";
1516 1522
1517 ssl_conn = c->ssl->connection; 1523 ssl_conn = c->ssl->connection;
1518 1524
1519 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { 1525 rc = ngx_quic_parse_long_header(pkt);
1520 return NGX_ERROR; 1526 if (rc != NGX_OK) {
1527 return rc;
1521 } 1528 }
1522 1529
1523 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { 1530 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) {
1524 return NGX_ERROR; 1531 return NGX_ERROR;
1525 } 1532 }
1531 pkt->plaintext = buf; 1538 pkt->plaintext = buf;
1532 1539
1533 ctx = ngx_quic_get_send_ctx(c->quic, pkt->level); 1540 ctx = ngx_quic_get_send_ctx(c->quic, pkt->level);
1534 1541
1535 if (ngx_quic_decrypt(pkt, ssl_conn, &ctx->largest_pn) != NGX_OK) { 1542 if (ngx_quic_decrypt(pkt, ssl_conn, &ctx->largest_pn) != NGX_OK) {
1543 c->quic->error = pkt->error;
1536 return NGX_ERROR; 1544 return NGX_ERROR;
1537 } 1545 }
1538 1546
1539 return ngx_quic_payload_handler(c, pkt); 1547 return ngx_quic_payload_handler(c, pkt);
1540 } 1548 }
1541 1549
1542 1550
1543 static ngx_int_t 1551 static ngx_int_t
1544 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) 1552 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
1545 { 1553 {
1554 ngx_int_t rc;
1546 ngx_quic_secrets_t *keys; 1555 ngx_quic_secrets_t *keys;
1547 ngx_quic_send_ctx_t *ctx; 1556 ngx_quic_send_ctx_t *ctx;
1548 ngx_quic_connection_t *qc; 1557 ngx_quic_connection_t *qc;
1549 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; 1558 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE];
1550 1559
1559 "quic no read keys yet, packet ignored"); 1568 "quic no read keys yet, packet ignored");
1560 return NGX_DECLINED; 1569 return NGX_DECLINED;
1561 } 1570 }
1562 1571
1563 /* extract cleartext data into pkt */ 1572 /* extract cleartext data into pkt */
1564 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { 1573 rc = ngx_quic_parse_long_header(pkt);
1565 return NGX_ERROR; 1574 if (rc != NGX_OK) {
1575 return rc;
1566 } 1576 }
1567 1577
1568 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { 1578 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
1569 return NGX_ERROR; 1579 return NGX_ERROR;
1570 } 1580 }
1578 pkt->plaintext = buf; 1588 pkt->plaintext = buf;
1579 1589
1580 ctx = ngx_quic_get_send_ctx(qc, pkt->level); 1590 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
1581 1591
1582 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { 1592 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) {
1593 qc->error = pkt->error;
1583 return NGX_ERROR; 1594 return NGX_ERROR;
1584 } 1595 }
1585 1596
1586 return ngx_quic_payload_handler(c, pkt); 1597 return ngx_quic_payload_handler(c, pkt);
1587 } 1598 }
1588 1599
1589 1600
1590 static ngx_int_t 1601 static ngx_int_t
1591 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) 1602 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
1592 { 1603 {
1604 ngx_int_t rc;
1593 ngx_quic_secrets_t *keys; 1605 ngx_quic_secrets_t *keys;
1594 ngx_quic_send_ctx_t *ctx; 1606 ngx_quic_send_ctx_t *ctx;
1595 ngx_quic_connection_t *qc; 1607 ngx_quic_connection_t *qc;
1596 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; 1608 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE];
1597 1609
1598 c->log->action = "processing early data quic packet"; 1610 c->log->action = "processing early data quic packet";
1599 1611
1600 qc = c->quic; 1612 qc = c->quic;
1601 1613
1602 /* extract cleartext data into pkt */ 1614 /* extract cleartext data into pkt */
1603 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { 1615 rc = ngx_quic_parse_long_header(pkt);
1604 return NGX_ERROR; 1616 if (rc != NGX_OK) {
1617 return rc;
1605 } 1618 }
1606 1619
1607 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { 1620 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
1608 return NGX_ERROR; 1621 return NGX_ERROR;
1609 } 1622 }
1624 pkt->plaintext = buf; 1637 pkt->plaintext = buf;
1625 1638
1626 ctx = ngx_quic_get_send_ctx(qc, pkt->level); 1639 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
1627 1640
1628 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { 1641 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) {
1642 qc->error = pkt->error;
1629 return NGX_ERROR; 1643 return NGX_ERROR;
1630 } 1644 }
1631 1645
1632 return ngx_quic_payload_handler(c, pkt); 1646 return ngx_quic_payload_handler(c, pkt);
1633 } 1647 }
1684 ngx_log_error(NGX_LOG_INFO, c->log, 0, 1698 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1685 "quic no read keys yet, packet ignored"); 1699 "quic no read keys yet, packet ignored");
1686 return NGX_DECLINED; 1700 return NGX_DECLINED;
1687 } 1701 }
1688 1702
1689 if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) { 1703 rc = ngx_quic_parse_short_header(pkt, &qc->dcid);
1690 return NGX_ERROR; 1704 if (rc != NGX_OK) {
1705 return rc;
1691 } 1706 }
1692 1707
1693 pkt->secret = &keys->client; 1708 pkt->secret = &keys->client;
1694 pkt->next = &next->client; 1709 pkt->next = &next->client;
1695 pkt->key_phase = c->quic->key_phase; 1710 pkt->key_phase = c->quic->key_phase;
1697 pkt->plaintext = buf; 1712 pkt->plaintext = buf;
1698 1713
1699 ctx = ngx_quic_get_send_ctx(qc, pkt->level); 1714 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
1700 1715
1701 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { 1716 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) {
1717 qc->error = pkt->error;
1702 return NGX_ERROR; 1718 return NGX_ERROR;
1703 } 1719 }
1704 1720
1705 /* switch keys on Key Phase change */ 1721 /* switch keys on Key Phase change */
1706 1722