Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8321:e45719a9b148 quic
Discarding Handshake packets if no Handshake keys yet.
Found with a previously received Initial packet with ACK only, which
instantiates a new connection but do not produce the handshake keys.
This can be triggered by a fairly well behaving client, if the server
stands behind a load balancer that stripped Initial packets exchange.
Found by F5 test suite.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 06 Apr 2020 14:54:10 +0300 |
parents | 6e1213ef469a |
children | d9bc33166361 |
comparison
equal
deleted
inserted
replaced
8320:6e1213ef469a | 8321:e45719a9b148 |
---|---|
868 | 868 |
869 c->log->action = "processing handshake quic packet"; | 869 c->log->action = "processing handshake quic packet"; |
870 | 870 |
871 qc = c->quic; | 871 qc = c->quic; |
872 | 872 |
873 keys = &c->quic->keys[ssl_encryption_handshake]; | |
874 | |
875 if (keys->client.key.len == 0) { | |
876 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
877 "no read keys yet, packet ignored"); | |
878 return NGX_DECLINED; | |
879 } | |
880 | |
873 /* extract cleartext data into pkt */ | 881 /* extract cleartext data into pkt */ |
874 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { | 882 if (ngx_quic_parse_long_header(pkt) != NGX_OK) { |
875 return NGX_ERROR; | 883 return NGX_ERROR; |
876 } | 884 } |
877 | 885 |
902 } | 910 } |
903 | 911 |
904 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { | 912 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
905 return NGX_ERROR; | 913 return NGX_ERROR; |
906 } | 914 } |
907 | |
908 keys = &c->quic->keys[ssl_encryption_handshake]; | |
909 | 915 |
910 pkt->secret = &keys->client; | 916 pkt->secret = &keys->client; |
911 pkt->level = ssl_encryption_handshake; | 917 pkt->level = ssl_encryption_handshake; |
912 pkt->plaintext = buf; | 918 pkt->plaintext = buf; |
913 | 919 |