Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8445:3de1b7399650 quic
Close connection with PROTOCOL_VIOLATION on decryption failure.
A previously used undefined error code is now replaced with the generic one.
Note that quic-transport prescribes keeping connection intact, discarding such
QUIC packets individually, in the sense that coalesced packets could be there.
This is selectively handled in the next change.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 23 Jun 2020 11:57:00 +0300 |
| parents | 125cbfa77013 |
| children | df29219988bc |
comparison
equal
deleted
inserted
replaced
| 8444:769d8bdeffb0 | 8445:3de1b7399650 |
|---|---|
| 1048 /* header protection */ | 1048 /* header protection */ |
| 1049 | 1049 |
| 1050 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 1050 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
| 1051 != NGX_OK) | 1051 != NGX_OK) |
| 1052 { | 1052 { |
| 1053 pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR; | 1053 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
| 1054 return NGX_ERROR; | 1054 return NGX_ERROR; |
| 1055 } | 1055 } |
| 1056 | 1056 |
| 1057 if (ngx_quic_long_pkt(pkt->flags)) { | 1057 if (ngx_quic_long_pkt(pkt->flags)) { |
| 1058 clearflags = pkt->flags ^ (mask[0] & 0x0f); | 1058 clearflags = pkt->flags ^ (mask[0] & 0x0f); |
| 1128 ngx_quic_hexdump(pkt->log, "quic packet payload", | 1128 ngx_quic_hexdump(pkt->log, "quic packet payload", |
| 1129 pkt->payload.data, pkt->payload.len); | 1129 pkt->payload.data, pkt->payload.len); |
| 1130 #endif | 1130 #endif |
| 1131 | 1131 |
| 1132 if (rc != NGX_OK) { | 1132 if (rc != NGX_OK) { |
| 1133 pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR; | 1133 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
| 1134 return rc; | 1134 return rc; |
| 1135 } | 1135 } |
| 1136 | 1136 |
| 1137 if (badflags) { | 1137 if (badflags) { |
| 1138 /* | 1138 /* |