git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 1 Feb 2024 08:32:16 +0000 (09:32 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 1 Feb 2024 08:32:16 +0000 (09:32 +0100)
commit	fc16a83b85cccb630f392cb2dc79fdfd23310c7a
tree	195a650e1d14d6350ec7ebf446bb72be7ddbfbdf	tree \| snapshot
parent	c92a16a8dd1dd20a6e5eb657ce0e021673d7ede2	commit \| diff

dnsdist: Better handling of short, non-initial QUIC headers

After a QUIC connection has been negotiated, we mostly get short QUIC
headers that do not contain the QUIC version. This is fine as long as
we still know about the connection, which might not be the case if it
has been idle for longer that our timer and thus we forgot about its
connection ID. What happens then is that we will mistakenly think that
the remote peer is trying to establish a new QUIC connection with a
version set to 0, which we don't support, and therefore start the
version negotiation process. What we should instead do is notice that
the packet is not a 'Initial' one and discard it, as we cannot open
a new connection from a short header anyway. Note that the peer knows
about our idle timer so in theory it should not try to reuse such a
connection, but it does happen from time to time.

pdns/dnsdistdist/doh3.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/doq-common.hh		diff \| blob \| blame \| history
pdns/dnsdistdist/doq.cc		diff \| blob \| blame \| history