Mercurial > hg > nginx
diff src/event/ngx_event_quic.c @ 8240:1f002206a59b quic
Added boundaries checks into frame parser.
The ngx_quic_parse_frame() functions now has new 'pkt' argument: the packet
header of a currently processed frame. This allows to log errors/debug
closer to reasons and perform additional checks regarding possible frame
types. The handler only performs processing of good frames.
A number of functions like read_uint32(), parse_int[_multi] probably should
be implemented as a macro, but currently it is better to have them as
functions for simpler debugging.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 19 Mar 2020 17:07:12 +0300 |
| parents | 5ad7bffd3850 |
| children | db745339e54b |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -721,10 +721,8 @@ ngx_quic_payload_handler(ngx_connection_ while (p < end) { - len = ngx_quic_parse_frame(p, end, &frame); + len = ngx_quic_parse_frame(pkt, p, end, &frame); if (len < 0) { - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, - "failed to parse frame type 0x%xi", frame.type); return NGX_ERROR; } @@ -733,14 +731,6 @@ ngx_quic_payload_handler(ngx_connection_ switch (frame.type) { case NGX_QUIC_FT_ACK: - - ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, - "ACK: { largest=%ui delay=%ui first=%ui count=%ui}", - frame.u.ack.largest, - frame.u.ack.delay, - frame.u.ack.first_range, - frame.u.ack.range_count); - if (ngx_quic_handle_ack_frame(c, pkt, &frame.u.ack) != NGX_OK) { return NGX_ERROR; } @@ -749,15 +739,6 @@ ngx_quic_payload_handler(ngx_connection_ case NGX_QUIC_FT_CRYPTO: - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "quic CRYPTO frame length: %uL off:%uL pp:%p", - frame.u.crypto.len, frame.u.crypto.offset, - frame.u.crypto.data); - - ngx_quic_hexdump0(c->log, "CRYPTO frame contents", - frame.u.crypto.data, frame.u.crypto.len); - - if (ngx_quic_handle_crypto_frame(c, pkt, &frame.u.crypto) != NGX_OK) { @@ -776,20 +757,9 @@ ngx_quic_payload_handler(ngx_connection_ case NGX_QUIC_FT_NEW_CONNECTION_ID: ack_this = 1; - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "NCID: { seq=%ui retire=%ui len=%ui}", - frame.u.ncid.seqnum, - frame.u.ncid.retire, - frame.u.ncid.len); break; case NGX_QUIC_FT_CONNECTION_CLOSE: - ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, - "CONN.CLOSE: { %s (0x%xi) type=0x%xi reason='%V'}", - ngx_quic_error_text(frame.u.close.error_code), - frame.u.close.error_code, - frame.u.close.frame_type, - &frame.u.close.reason); do_close = 1; break; @@ -803,19 +773,6 @@ ngx_quic_payload_handler(ngx_connection_ case NGX_QUIC_FT_STREAM6: case NGX_QUIC_FT_STREAM7: - ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0, - "STREAM frame { 0x%xi id 0x%xi offset 0x%xi len 0x%xi bits:off=%d len=%d fin=%d }", - frame.type, - frame.u.stream.stream_id, - frame.u.stream.offset, - frame.u.stream.length, - frame.u.stream.off, - frame.u.stream.len, - frame.u.stream.fin); - - ngx_quic_hexdump0(c->log, "STREAM frame contents", - frame.u.stream.data, frame.u.stream.length); - if (ngx_quic_handle_stream_frame(c, pkt, &frame.u.stream) != NGX_OK) { @@ -826,44 +783,24 @@ ngx_quic_payload_handler(ngx_connection_ break; case NGX_QUIC_FT_MAX_DATA: - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, - "MAX_DATA frame" - " { Maximum Data %ui }", - frame.u.max_data.max_data); - c->quic->max_data = frame.u.max_data.max_data; ack_this = 1; break; case NGX_QUIC_FT_RESET_STREAM: - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "RESET STREAM frame" - " { id 0x%xi error_code 0x%xi final_size 0x%xi }", - frame.u.reset_stream.id, - frame.u.reset_stream.error_code, - frame.u.reset_stream.final_size); + /* TODO: handle */ break; case NGX_QUIC_FT_STOP_SENDING: - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, - "STOP SENDING frame" - " { id 0x%xi error_code 0x%xi}", - frame.u.stop_sending.id, - frame.u.stop_sending.error_code); + /* TODO: handle; need ack ? */ break; case NGX_QUIC_FT_STREAMS_BLOCKED: case NGX_QUIC_FT_STREAMS_BLOCKED2: - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, - "STREAMS BLOCKED frame" - " { limit %i bidi: %d }", - frame.u.streams_blocked.limit, - frame.u.streams_blocked.bidi); + /* TODO: handle; need ack ? */ break; default: - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "unsupported frame type 0x%xd in packet", frame.type); return NGX_ERROR; } }