mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-21 05:10:51 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: attempt decrypt before checking for stateless reset.

Browse Source 
Checking the reset after encryption avoids false positives.  More importantly,
it avoids the check entirely in the usual case where decryption succeeds.

RFC 9000, 10.3.1  Detecting a Stateless Reset

    Endpoints MAY skip this check if any packet from a datagram is
    successfully processed.
This commit is contained in:
Martin Duke 2021-10-12 11:57:50 +03:00
parent 5e37df0bf4
commit 7b12abb0a8
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/event/quic/ngx_event_quic.c
View File

@ -804,8 +804,11 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
return NGX_DECLINED;
}
} else {
}
rc = ngx_quic_process_payload(c, pkt);
if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic stateless reset packet detected");
@ -817,7 +820,7 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
}
}
return ngx_quic_process_payload(c, pkt);
return rc;
}
/* packet does not belong to a connection */