]> git.kaiwu.me - nginx.git/commit
Discard short packets which could not be decrypted.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
commitfc0036bdd6a2a3bec218004e68646a4653328e92
tree8351a23dd0bcb49d1b3d688a7441a383a73d037c
parentd7baead1e82f13d26a90894dfbd0f665c45bfd46
Discard short packets which could not be decrypted.

So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.
src/event/ngx_event_quic.c
src/event/ngx_event_quic_protection.c