From: Frederic Lecaille Date: Tue, 3 Sep 2024 08:52:39 +0000 (+0200) Subject: BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. X-Git-Tag: v3.1-dev7~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=15a737eb5fc54bbc8aa5cadad054a69badde5b8e;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. qc_prep_hdshk_fast_retrans() job is to pick some packets to be retransmitted from Initial and Handshake packet number spaces. A packet may be coalesced to a first one into the same datagram. When a coalesced packet is inspected for retransmission, it is skipped if its length would make the total datagram length it is attached to exceeding the anti-amplification limit. But in this case, the first packet must be kept for the current retransmission. This is tracked by this trace statemement: TRACE_PROTO("will probe Initial packet number space", QUIC_EV_CONN_SPPKTS, qc); This was not the case because of the wrong "goto end" statement. This latter must be run only if the Initial packet number space must not be probe with the first packet found as coalesced to another one which must be skipped. This bug was revealed by AWS-LC interop runner with handshakeloss and handshakecorruption which always fail because this stack leads the server to send more Initial packets. Thank you to Ilya (@chipitsine) for this issue report in GH #2663. Must be backported as far as 2.6. --- diff --git a/src/quic_retransmit.c b/src/quic_retransmit.c index 780b159940..ad653fdd97 100644 --- a/src/quic_retransmit.c +++ b/src/quic_retransmit.c @@ -243,7 +243,8 @@ void qc_prep_hdshk_fast_retrans(struct quic_conn *qc, TRACE_PROTO("anti-amplification limit would be reached", QUIC_EV_CONN_SPPKTS, qc, pkt->next); if (qel == iqel && may_send >= QUIC_INITIAL_PACKET_MINLEN) TRACE_PROTO("will probe Initial packet number space", QUIC_EV_CONN_SPPKTS, qc); - goto end; + else + goto end; } }