Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7870:e169cce912c7 quic
Avoid retransmitting of packets with discarded keys.
Sections 4.10.1 and 4.10.2 of quic transport describe discarding of initial
and handshake keys. Since the keys are discarded, we no longer need
to retransmit packets and corresponding queues should be emptied.
This patch removes previously added workaround that did not require
acknowledgement for initial packets, resulting in avoiding retransmission,
which is wrong because a packet could be lost and we have to retransmit it.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 18 May 2020 13:54:53 +0300 |
parents | 5ffb21c5c93d |
children | df18ae7161b8 |
comparison
equal
deleted
inserted
replaced
7869:5ffb21c5c93d | 7870:e169cce912c7 |
---|---|
1600 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1600 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { |
1601 qc->error = pkt->error; | 1601 qc->error = pkt->error; |
1602 return NGX_ERROR; | 1602 return NGX_ERROR; |
1603 } | 1603 } |
1604 | 1604 |
1605 /* | |
1606 * 4.10.1. The successful use of Handshake packets indicates | |
1607 * that no more Initial packets need to be exchanged | |
1608 */ | |
1609 ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_initial); | |
1610 ngx_quic_free_frames(c, &ctx->sent); | |
1611 | |
1605 return ngx_quic_payload_handler(c, pkt); | 1612 return ngx_quic_payload_handler(c, pkt); |
1606 } | 1613 } |
1607 | 1614 |
1608 | 1615 |
1609 static ngx_int_t | 1616 static ngx_int_t |
2436 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) | 2443 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
2437 { | 2444 { |
2438 int sslerr; | 2445 int sslerr; |
2439 ssize_t n; | 2446 ssize_t n; |
2440 ngx_ssl_conn_t *ssl_conn; | 2447 ngx_ssl_conn_t *ssl_conn; |
2448 ngx_quic_send_ctx_t *ctx; | |
2441 ngx_quic_crypto_frame_t *f; | 2449 ngx_quic_crypto_frame_t *f; |
2442 | 2450 |
2443 f = &frame->u.crypto; | 2451 f = &frame->u.crypto; |
2444 | 2452 |
2445 ssl_conn = c->ssl->connection; | 2453 ssl_conn = c->ssl->connection; |
2505 &c->quic->next_key) | 2513 &c->quic->next_key) |
2506 != NGX_OK) | 2514 != NGX_OK) |
2507 { | 2515 { |
2508 return NGX_ERROR; | 2516 return NGX_ERROR; |
2509 } | 2517 } |
2518 | |
2519 /* | |
2520 * 4.10.2 An endpoint MUST discard its handshake keys | |
2521 * when the TLS handshake is confirmed | |
2522 */ | |
2523 ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_handshake); | |
2524 ngx_quic_free_frames(c, &ctx->sent); | |
2510 } | 2525 } |
2511 | 2526 |
2512 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2527 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2513 "quic SSL_quic_read_level: %d, SSL_quic_write_level: %d", | 2528 "quic SSL_quic_read_level: %d, SSL_quic_write_level: %d", |
2514 (int) SSL_quic_read_level(ssl_conn), | 2529 (int) SSL_quic_read_level(ssl_conn), |
3067 p += len; | 3082 p += len; |
3068 f->pnum = ctx->pnum; | 3083 f->pnum = ctx->pnum; |
3069 f->last = now; | 3084 f->last = now; |
3070 } | 3085 } |
3071 | 3086 |
3072 if (start->level == ssl_encryption_initial) { | |
3073 /* ack will not be sent in initial packets due to initial keys being | |
3074 * discarded when handshake start. | |
3075 * Thus consider initial packets as non-ack-eliciting | |
3076 */ | |
3077 pkt.need_ack = 0; | |
3078 } | |
3079 | |
3080 out.len = p - out.data; | 3087 out.len = p - out.data; |
3081 | 3088 |
3082 while (out.len < 4) { | 3089 while (out.len < 4) { |
3083 *p++ = NGX_QUIC_FT_PADDING; | 3090 *p++ = NGX_QUIC_FT_PADDING; |
3084 out.len++; | 3091 out.len++; |