]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 901de11)
BUG/MINOR: quic-be: missing Initial packet number space discarding
authorFrederic Lecaille <flecaille@haproxy.com>
Thu, 21 Aug 2025 06:27:44 +0000 (08:27 +0200)
committerFrederic Lecaille <flecaille@haproxy.com>
Thu, 21 Aug 2025 12:24:31 +0000 (14:24 +0200)
A QUIC client must discard the Initial packet number space as soon as it first
sends a Handshake packet.

This patch implements this packet number space which was missing.

src/quic_tx.c patch | blob | blame | history

diff --git a/src/quic_tx.c b/src/quic_tx.c
index 160341695e377d00b325591430b1486c1ea4bf1c..bbeefe1cd7c3a9e793a7500f0ee202001713c282 100644 (file)
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@@ -443,6 +443,24 @@ static int qc_send_ppkts(struct buffer *buf, struct ssl_sock_ctx *ctx)
                        if (pkt->in_flight_len)
                                qc_set_timer(qc);
                        TRACE_PROTO("TX pkt", QUIC_EV_CONN_SPPKTS, qc, pkt);
+                       if (pkt->type == QUIC_PACKET_TYPE_HANDSHAKE && qc_is_back(qc) &&
+                           qc->ipktns && !quic_tls_pktns_is_dcd(qc, qc->ipktns)) {
+                               /* RFC 9000
+                                * 4.9.1. Discarding Initial Keys
+                                * The successful use of Handshake packets indicates that no more
+                                * Initial packets need to be exchanged, as these keys can only
+                                * be produced after receiving all CRYPTO frames from Initial packets.
+                                * Thus, a client MUST discard Initial keys when it first sends a
+                                * Handshake packet...
+                                *
+                                * Discard the Initial packet number space.
+                                */
+                               TRACE_PROTO("discarding Initial pktns", QUIC_EV_CONN_PRSHPKT, qc);
+                               quic_pktns_discard(qc->ipktns, qc, 0);
+                               qc_set_timer(qc);
+                               qc_el_rx_pkts_del(qc->iel);
+                               qc_release_pktns_frms(qc, qc->ipktns);
+                       }
                        next_pkt = pkt->next;
                        quic_tx_packet_refinc(pkt);
                        eb64_insert(&pkt->pktns->tx.pkts, &pkt->pn_node);
Mirror of https://github.com/haproxy/haproxy.git