Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7863:81f85c479d7e quic
Discard packets without fixed bit or reserved bits set.
Section 17.2 and 17.3 of QUIC transport:
Fixed bit: Packets containing a zero value for this bit are not
valid packets in this version and MUST be discarded.
Reserved bit: An endpoint MUST treat receipt of a packet that has
a non-zero value for these bits, after removing both packet and
header protection, as a connection error of type PROTOCOL_VIOLATION.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 14 May 2020 01:06:45 +0300 |
parents | fb7422074258 |
children | eebdda507ec3 |
comparison
equal
deleted
inserted
replaced
7862:fb7422074258 | 7863:81f85c479d7e |
---|---|
562 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 562 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
563 "quic UDP datagram is too small for initial packet"); | 563 "quic UDP datagram is too small for initial packet"); |
564 return NGX_ERROR; | 564 return NGX_ERROR; |
565 } | 565 } |
566 | 566 |
567 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 567 rc = ngx_quic_parse_long_header(pkt); |
568 return NGX_ERROR; | 568 if (rc != NGX_OK) { |
569 return rc; | |
569 } | 570 } |
570 | 571 |
571 if (!ngx_quic_pkt_in(pkt->flags)) { | 572 if (!ngx_quic_pkt_in(pkt->flags)) { |
572 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 573 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
573 "quic invalid initial packet: 0x%xi", pkt->flags); | 574 "quic invalid initial packet: 0x%xi", pkt->flags); |
674 pkt->plaintext = buf; | 675 pkt->plaintext = buf; |
675 | 676 |
676 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 677 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
677 | 678 |
678 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { | 679 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { |
680 qc->error = pkt->error; | |
679 return NGX_ERROR; | 681 return NGX_ERROR; |
680 } | 682 } |
681 | 683 |
682 if (ngx_quic_init_connection(c) != NGX_OK) { | 684 if (ngx_quic_init_connection(c) != NGX_OK) { |
683 return NGX_ERROR; | 685 return NGX_ERROR; |
1418 | 1420 |
1419 | 1421 |
1420 static ngx_int_t | 1422 static ngx_int_t |
1421 ngx_quic_retry_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1423 ngx_quic_retry_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1422 { | 1424 { |
1425 ngx_int_t rc; | |
1423 ngx_quic_secrets_t *keys; | 1426 ngx_quic_secrets_t *keys; |
1424 ngx_quic_send_ctx_t *ctx; | 1427 ngx_quic_send_ctx_t *ctx; |
1425 ngx_quic_connection_t *qc; | 1428 ngx_quic_connection_t *qc; |
1426 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1429 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1427 | 1430 |
1433 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1436 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1434 "quic UDP datagram is too small for initial packet"); | 1437 "quic UDP datagram is too small for initial packet"); |
1435 return NGX_OK; | 1438 return NGX_OK; |
1436 } | 1439 } |
1437 | 1440 |
1438 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 1441 rc = ngx_quic_parse_long_header(pkt); |
1439 return NGX_ERROR; | 1442 if (rc != NGX_OK) { |
1443 return rc; | |
1440 } | 1444 } |
1441 | 1445 |
1442 if (ngx_quic_pkt_zrtt(pkt->flags)) { | 1446 if (ngx_quic_pkt_zrtt(pkt->flags)) { |
1443 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1447 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1444 "quic discard inflight 0-RTT packet"); | 1448 "quic discard inflight 0-RTT packet"); |
1482 pkt->plaintext = buf; | 1486 pkt->plaintext = buf; |
1483 | 1487 |
1484 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1488 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1485 | 1489 |
1486 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { | 1490 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { |
1491 qc->error = pkt->error; | |
1487 return NGX_ERROR; | 1492 return NGX_ERROR; |
1488 } | 1493 } |
1489 | 1494 |
1490 if (ngx_quic_init_connection(c) != NGX_OK) { | 1495 if (ngx_quic_init_connection(c) != NGX_OK) { |
1491 return NGX_ERROR; | 1496 return NGX_ERROR; |
1505 | 1510 |
1506 | 1511 |
1507 static ngx_int_t | 1512 static ngx_int_t |
1508 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1513 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1509 { | 1514 { |
1515 ngx_int_t rc; | |
1510 ngx_ssl_conn_t *ssl_conn; | 1516 ngx_ssl_conn_t *ssl_conn; |
1511 ngx_quic_secrets_t *keys; | 1517 ngx_quic_secrets_t *keys; |
1512 ngx_quic_send_ctx_t *ctx; | 1518 ngx_quic_send_ctx_t *ctx; |
1513 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1519 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1514 | 1520 |
1515 c->log->action = "processing initial quic packet"; | 1521 c->log->action = "processing initial quic packet"; |
1516 | 1522 |
1517 ssl_conn = c->ssl->connection; | 1523 ssl_conn = c->ssl->connection; |
1518 | 1524 |
1519 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 1525 rc = ngx_quic_parse_long_header(pkt); |
1520 return NGX_ERROR; | 1526 if (rc != NGX_OK) { |
1527 return rc; | |
1521 } | 1528 } |
1522 | 1529 |
1523 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { | 1530 if (ngx_quic_parse_initial_header(pkt) != NGX_OK) { |
1524 return NGX_ERROR; | 1531 return NGX_ERROR; |
1525 } | 1532 } |
1531 pkt->plaintext = buf; | 1538 pkt->plaintext = buf; |
1532 | 1539 |
1533 ctx = ngx_quic_get_send_ctx(c->quic, pkt->level); | 1540 ctx = ngx_quic_get_send_ctx(c->quic, pkt->level); |
1534 | 1541 |
1535 if (ngx_quic_decrypt(pkt, ssl_conn, &ctx->largest_pn) != NGX_OK) { | 1542 if (ngx_quic_decrypt(pkt, ssl_conn, &ctx->largest_pn) != NGX_OK) { |
1543 c->quic->error = pkt->error; | |
1536 return NGX_ERROR; | 1544 return NGX_ERROR; |
1537 } | 1545 } |
1538 | 1546 |
1539 return ngx_quic_payload_handler(c, pkt); | 1547 return ngx_quic_payload_handler(c, pkt); |
1540 } | 1548 } |
1541 | 1549 |
1542 | 1550 |
1543 static ngx_int_t | 1551 static ngx_int_t |
1544 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1552 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1545 { | 1553 { |
1554 ngx_int_t rc; | |
1546 ngx_quic_secrets_t *keys; | 1555 ngx_quic_secrets_t *keys; |
1547 ngx_quic_send_ctx_t *ctx; | 1556 ngx_quic_send_ctx_t *ctx; |
1548 ngx_quic_connection_t *qc; | 1557 ngx_quic_connection_t *qc; |
1549 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1558 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1550 | 1559 |
1559 "quic no read keys yet, packet ignored"); | 1568 "quic no read keys yet, packet ignored"); |
1560 return NGX_DECLINED; | 1569 return NGX_DECLINED; |
1561 } | 1570 } |
1562 | 1571 |
1563 /* extract cleartext data into pkt */ | 1572 /* extract cleartext data into pkt */ |
1564 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 1573 rc = ngx_quic_parse_long_header(pkt); |
1565 return NGX_ERROR; | 1574 if (rc != NGX_OK) { |
1575 return rc; | |
1566 } | 1576 } |
1567 | 1577 |
1568 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { | 1578 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { |
1569 return NGX_ERROR; | 1579 return NGX_ERROR; |
1570 } | 1580 } |
1578 pkt->plaintext = buf; | 1588 pkt->plaintext = buf; |
1579 | 1589 |
1580 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1590 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1581 | 1591 |
1582 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1592 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { |
1593 qc->error = pkt->error; | |
1583 return NGX_ERROR; | 1594 return NGX_ERROR; |
1584 } | 1595 } |
1585 | 1596 |
1586 return ngx_quic_payload_handler(c, pkt); | 1597 return ngx_quic_payload_handler(c, pkt); |
1587 } | 1598 } |
1588 | 1599 |
1589 | 1600 |
1590 static ngx_int_t | 1601 static ngx_int_t |
1591 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1602 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1592 { | 1603 { |
1604 ngx_int_t rc; | |
1593 ngx_quic_secrets_t *keys; | 1605 ngx_quic_secrets_t *keys; |
1594 ngx_quic_send_ctx_t *ctx; | 1606 ngx_quic_send_ctx_t *ctx; |
1595 ngx_quic_connection_t *qc; | 1607 ngx_quic_connection_t *qc; |
1596 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1608 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1597 | 1609 |
1598 c->log->action = "processing early data quic packet"; | 1610 c->log->action = "processing early data quic packet"; |
1599 | 1611 |
1600 qc = c->quic; | 1612 qc = c->quic; |
1601 | 1613 |
1602 /* extract cleartext data into pkt */ | 1614 /* extract cleartext data into pkt */ |
1603 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 1615 rc = ngx_quic_parse_long_header(pkt); |
1604 return NGX_ERROR; | 1616 if (rc != NGX_OK) { |
1617 return rc; | |
1605 } | 1618 } |
1606 | 1619 |
1607 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { | 1620 if (ngx_quic_check_peer(qc, pkt) != NGX_OK) { |
1608 return NGX_ERROR; | 1621 return NGX_ERROR; |
1609 } | 1622 } |
1624 pkt->plaintext = buf; | 1637 pkt->plaintext = buf; |
1625 | 1638 |
1626 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1639 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1627 | 1640 |
1628 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1641 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { |
1642 qc->error = pkt->error; | |
1629 return NGX_ERROR; | 1643 return NGX_ERROR; |
1630 } | 1644 } |
1631 | 1645 |
1632 return ngx_quic_payload_handler(c, pkt); | 1646 return ngx_quic_payload_handler(c, pkt); |
1633 } | 1647 } |
1684 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1698 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1685 "quic no read keys yet, packet ignored"); | 1699 "quic no read keys yet, packet ignored"); |
1686 return NGX_DECLINED; | 1700 return NGX_DECLINED; |
1687 } | 1701 } |
1688 | 1702 |
1689 if (ngx_quic_parse_short_header(pkt, &qc->dcid) != NGX_OK) { | 1703 rc = ngx_quic_parse_short_header(pkt, &qc->dcid); |
1690 return NGX_ERROR; | 1704 if (rc != NGX_OK) { |
1705 return rc; | |
1691 } | 1706 } |
1692 | 1707 |
1693 pkt->secret = &keys->client; | 1708 pkt->secret = &keys->client; |
1694 pkt->next = &next->client; | 1709 pkt->next = &next->client; |
1695 pkt->key_phase = c->quic->key_phase; | 1710 pkt->key_phase = c->quic->key_phase; |
1697 pkt->plaintext = buf; | 1712 pkt->plaintext = buf; |
1698 | 1713 |
1699 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1714 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1700 | 1715 |
1701 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1716 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { |
1717 qc->error = pkt->error; | |
1702 return NGX_ERROR; | 1718 return NGX_ERROR; |
1703 } | 1719 } |
1704 | 1720 |
1705 /* switch keys on Key Phase change */ | 1721 /* switch keys on Key Phase change */ |
1706 | 1722 |