MINOR: quic: Drop packet with type for discarded packet number space.

This patch allows the low level packet parser to drop packets with type for discarded
packet number spaces. Furthermore, this prevents it from reallocating new encryption
levels and packet number spaces already released/discarded. When a packet number space
is discarded, it MUST NOT be reallocated.

As the packet number space discarding is done asap the type of packet received is
known, some packet number space discarding check may be safely removed from qc_try_rm_hp()
and qc_qel_may_rm_hp() which are called after having parse the packet header, and
is type.

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index ac0dd7cfc6588097ed474359dd6c5772822b6cdd..2f8f51ccbc7f6f753367f02b105f04ff0e17a58c 100644 (file)
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -603,6 +603,18 @@ static inline int quic_tls_pktns_is_dcd(struct quic_conn *qc, struct quic_pktns
        return 0;
 }
 
+/* Return 1 the packet number space attached to <qc> connection with <type> associated
+ * packet type has been discarded, 0 if not.
+ */
+static inline int quic_tls_pkt_type_pktns_dcd(struct quic_conn *qc, unsigned char type)
+{
+       if ((type == QUIC_PACKET_TYPE_INITIAL && (qc->flags & QUIC_FL_CONN_IPKTNS_DCD)) ||
+           (type == QUIC_PACKET_TYPE_HANDSHAKE && (qc->flags & QUIC_FL_CONN_HPKTNS_DCD)))
+               return 1;
+
+       return 0;
+}
+
 /* Reset all members of <ctx> to default values, ->hp_key[] excepted */
 static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx)
 {

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 2a694a6995f7196eb5a9156d27751d7e687194b4..a20feeaa0bbd94c82b13546cbee6543a88f6828c 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -4542,12 +4542,6 @@ static int qc_qel_may_rm_hp(struct quic_conn *qc, struct quic_enc_level *qel)
        if (!qel)
                goto cant_rm_hp;
 
-       /* check if tls secrets are available */
-       if (quic_tls_pktns_is_dcd(qc, qel->pktns)) {
-               TRACE_PROTO("Discarded keys", QUIC_EV_CONN_TRMHP, qc);
-               goto cant_rm_hp;
-       }
-
        if (!quic_tls_has_rx_sec(qel)) {
                TRACE_PROTO("non available secrets", QUIC_EV_CONN_TRMHP, qc);
                goto cant_rm_hp;
@@ -6076,14 +6070,6 @@ static inline int qc_try_rm_hp(struct quic_conn *qc,
                TRACE_PROTO("RX hp removed", QUIC_EV_CONN_TRMHP, qc, pkt);
        }
        else {
-               if (quic_tls_pktns_is_dcd(qc, qel->pktns)) {
-                       /* If the packet number space has been discarded, this packet
-                        * will be not parsed.
-                        */
-                       TRACE_PROTO("Discarded pktns", QUIC_EV_CONN_TRMHP, qc, pkt);
-                       goto out;
-               }
-
                TRACE_PROTO("RX hp not removed", QUIC_EV_CONN_TRMHP, qc, pkt);
                LIST_APPEND(&qel->rx.pqpkts, &pkt->list);
                quic_rx_packet_refinc(pkt);
@@ -7295,6 +7281,12 @@ static void qc_rx_pkt_handle(struct quic_conn *qc, struct quic_rx_packet *pkt,
                        task_wakeup(qc->timer_task, TASK_WOKEN_MSG);
        }
 
+       /* Drop asap packet whose packet number space is discarded. */
+       if (quic_tls_pkt_type_pktns_dcd(qc, pkt->type)) {
+               TRACE_PROTO("Discarded packet number space", QUIC_EV_CONN_TRMHP, qc);
+               goto drop_silent;
+       }
+
        if (qc->flags & QUIC_FL_CONN_IMMEDIATE_CLOSE) {
                TRACE_PROTO("Connection error",
                            QUIC_EV_CONN_LPKT, qc, NULL, NULL, qv);