]> git.kaiwu.me - nginx.git/commitdiff
QUIC: fixed stateless reset recognition and send.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 1 Feb 2021 11:46:36 +0000 (14:46 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Mon, 1 Feb 2021 11:46:36 +0000 (14:46 +0300)
Previously, if an unexpected packet was received on an existing QUIC
connection, stateless reset token was neither recognized nor sent.

src/event/quic/ngx_event_quic.c

index 742950b6c5cf253421e3a0a60ad5142b8abd67d8..6a156bb71cd1b613e9fc99d23483c6c2d33d8658 100644 (file)
@@ -261,7 +261,7 @@ static ngx_int_t ngx_quic_send_early_cc(ngx_connection_t *c,
     ngx_quic_header_t *inpkt, ngx_uint_t err, const char *reason);
 static void ngx_quic_discard_ctx(ngx_connection_t *c,
     enum ssl_encryption_level_t level);
-static ngx_int_t ngx_quic_check_peer(ngx_quic_connection_t *qc,
+static ngx_int_t ngx_quic_check_csid(ngx_quic_connection_t *qc,
     ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_handle_frames(ngx_connection_t *c,
     ngx_quic_header_t *pkt);
@@ -2250,30 +2250,28 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
         }
 
         if (pkt->level != ssl_encryption_application) {
+
             if (pkt->version != qc->version) {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "quic version mismatch: 0x%xD", pkt->version);
                 return NGX_DECLINED;
             }
-        }
 
-        if (ngx_quic_check_peer(qc, pkt) != NGX_OK) {
+            if (ngx_quic_check_csid(qc, pkt) != NGX_OK) {
+                return NGX_DECLINED;
+            }
 
-            if (pkt->level == ssl_encryption_application) {
-                if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) {
-                    ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                                  "quic stateless reset packet detected");
+        } else {
 
-                    qc->draining = 1;
-                    ngx_quic_close_connection(c, NGX_OK);
+            if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) {
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "quic stateless reset packet detected");
 
-                    return NGX_OK;
-                }
+                qc->draining = 1;
+                ngx_quic_close_connection(c, NGX_OK);
 
-                return ngx_quic_send_stateless_reset(c, qc->conf, pkt);
+                return NGX_OK;
             }
-
-            return NGX_DECLINED;
         }
 
         return ngx_quic_process_payload(c, pkt);
@@ -2583,15 +2581,11 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
 
 
 static ngx_int_t
-ngx_quic_check_peer(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt)
+ngx_quic_check_csid(ngx_quic_connection_t *qc, ngx_quic_header_t *pkt)
 {
     ngx_queue_t           *q;
     ngx_quic_client_id_t  *cid;
 
-    if (pkt->level == ssl_encryption_application) {
-        return NGX_OK;
-    }
-
     for (q = ngx_queue_head(&qc->client_ids);
          q != ngx_queue_sentinel(&qc->client_ids);
          q = ngx_queue_next(q))