# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1589296738 -10800
# Node ID 6e100d8c138aa99ddb1f17abf1e330554b444f0f
# Parent  efe1f104caf7fe457655e6cc02f15612c3a04569
Preserve original DCID and unbreak parsing 0-RTT packets.

As per QUIC transport, the first flight of 0-RTT packets obviously uses same
Destination and Source Connection ID values as the client's first Initial.

The fix is to match 0-RTT against original DCID after it has been switched.

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -87,6 +87,7 @@ typedef struct {
 struct ngx_quic_connection_s {
     ngx_str_t                         scid;
     ngx_str_t                         dcid;
+    ngx_str_t                         odcid;
     ngx_str_t                         token;
 
     ngx_uint_t                        client_tp_done;
@@ -621,6 +622,13 @@ ngx_quic_new_connection(ngx_connection_t
     ngx_quic_hexdump(c->log, "quic server CID", qc->dcid.data, qc->dcid.len);
 #endif
 
+    qc->odcid.len = pkt->dcid.len;
+    qc->odcid.data = ngx_pnalloc(c->pool, qc->odcid.len);
+    if (qc->odcid.data == NULL) {
+        return NGX_ERROR;
+    }
+    ngx_memcpy(qc->odcid.data, pkt->dcid.data, qc->odcid.len);
+
     qc->scid.len = pkt->scid.len;
     qc->scid.data = ngx_pnalloc(c->pool, qc->scid.len);
     if (qc->scid.data == NULL) {
@@ -638,7 +646,7 @@ ngx_quic_new_connection(ngx_connection_t
     keys = &c->quic->keys[ssl_encryption_initial];
 
     if (ngx_quic_set_initial_secret(c->pool, &keys->client, &keys->server,
-                                    &pkt->dcid)
+                                    &qc->odcid)
         != NGX_OK)
     {
         return NGX_ERROR;
@@ -1232,12 +1240,16 @@ ngx_quic_early_input(ngx_connection_t *c
 static ngx_int_t
 ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt)
 {
-    if (pkt->dcid.len != qc->dcid.len) {
+    ngx_str_t  *dcid;
+
+    dcid = ngx_quic_pkt_zrtt(pkt->flags) ? &qc->odcid : &qc->dcid;
+
+    if (pkt->dcid.len != dcid->len) {
         ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcidl");
         return NGX_ERROR;
     }
 
-    if (ngx_memcmp(pkt->dcid.data, qc->dcid.data, qc->dcid.len) != 0) {
+    if (ngx_memcmp(pkt->dcid.data, dcid->data, dcid->len) != 0) {
         ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic unexpected quic dcid");
         return NGX_ERROR;
     }