QUIC: use last client dcid to receive initial packets.

Previously, original dcid was used to receive initial client packets in case
server initial response was lost.  However, last dcid should be used instead.
These two are the same unless retry is used.  In case of retry, client resends
initial packet with a new dcid, that is different from the original dcid.  If
server response is lost, the client resends this packet again with the same
dcid.  This is shown in RFC 9000, 7.3. Authenticating Connection IDs, Figure 8.

The issue manifested itself with creating multiple server sessions in response
to each post-retry client initial packet, if server response is lost.
This commit is contained in:
Roman Arutyunyan 2023-08-30 11:09:21 +04:00
parent 24f3cb795e
commit 1bc204a3a5
2 changed files with 3 additions and 3 deletions

View File

@ -1110,7 +1110,7 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
}
if (level == ssl_encryption_initial) {
/* close temporary listener with odcid */
/* close temporary listener with initial dcid */
qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
if (qsock) {
ngx_quic_close_socket(c, qsock);

View File

@ -93,8 +93,8 @@ ngx_quic_open_sockets(ngx_connection_t *c, ngx_quic_connection_t *qc,
tmp->sid.seqnum = NGX_QUIC_UNSET_PN; /* temporary socket */
ngx_memcpy(tmp->sid.id, pkt->odcid.data, pkt->odcid.len);
tmp->sid.len = pkt->odcid.len;
ngx_memcpy(tmp->sid.id, pkt->dcid.data, pkt->dcid.len);
tmp->sid.len = pkt->dcid.len;
if (ngx_quic_listen(c, qc, tmp) != NGX_OK) {
goto failed;