]> git.kaiwu.me - nginx.git/commitdiff
Avoid retransmitting of packets with discarded keys.
authorVladimir Homutov <vl@nginx.com>
Mon, 18 May 2020 10:54:53 +0000 (13:54 +0300)
committerVladimir Homutov <vl@nginx.com>
Mon, 18 May 2020 10:54:53 +0000 (13:54 +0300)
Sections 4.10.1 and 4.10.2 of quic transport describe discarding of initial
and handshake keys.  Since the keys are discarded, we no longer need
to retransmit packets and corresponding queues should be emptied.

This patch removes previously added workaround that did not require
acknowledgement for initial packets, resulting in avoiding retransmission,
which is wrong because a packet could be lost and we have to retransmit it.

src/event/ngx_event_quic.c

index 31a10f98fc8699754e1b3970e35f72075be7608b..714660dbbbc95819d9c40919b079e978fd036f59 100644 (file)
@@ -1602,6 +1602,13 @@ ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
+    /*
+     * 4.10.1. The successful use of Handshake packets indicates
+     * that no more Initial packets need to be exchanged
+     */
+    ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_initial);
+    ngx_quic_free_frames(c, &ctx->sent);
+
     return ngx_quic_payload_handler(c, pkt);
 }
 
@@ -2438,6 +2445,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
     int                       sslerr;
     ssize_t                   n;
     ngx_ssl_conn_t           *ssl_conn;
+    ngx_quic_send_ctx_t      *ctx;
     ngx_quic_crypto_frame_t  *f;
 
     f = &frame->u.crypto;
@@ -2507,6 +2515,13 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
         {
             return NGX_ERROR;
         }
+
+        /*
+         * 4.10.2 An endpoint MUST discard its handshake keys
+         * when the TLS handshake is confirmed
+         */
+        ctx = ngx_quic_get_send_ctx(c->quic, ssl_encryption_handshake);
+        ngx_quic_free_frames(c, &ctx->sent);
     }
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -3069,14 +3084,6 @@ ngx_quic_send_frames(ngx_connection_t *c, ngx_queue_t *frames)
         f->last = now;
     }
 
-    if (start->level == ssl_encryption_initial) {
-        /* ack will not be sent in initial packets due to initial keys being
-         * discarded when handshake start.
-         * Thus consider initial packets as non-ack-eliciting
-         */
-        pkt.need_ack = 0;
-    }
-
     out.len = p - out.data;
 
     while (out.len < 4) {