From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Mon, 20 Feb 2023 13:39:41 +0000 (+0100)
Subject: BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)
X-Git-Tag: v2.8-dev5~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69e7118fe9acdad2163da0498a2173f623b74df2;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)

Before building a packet into a datagram, ensure there is sufficient space for at
least 1200 bytes. Also pad datagrams with only one ack-eliciting Initial packet
inside.

Must be backported to 2.7 and 2.6.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index ad41c87cf9..dbcd4db763 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -3320,6 +3320,27 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf,
 			}
 		}
 
+		/* RFC 9000 14.1 Initial datagram size
+		 * a server MUST expand the payload of all UDP datagrams carrying ack-eliciting
+		 * Initial packets to at least the smallest allowed maximum datagram size of
+		 * 1200 bytes.
+		 *
+		 * Ensure that no ack-eliciting packets are sent into too small datagrams
+		 */
+		if (pkt_type == QUIC_PACKET_TYPE_INITIAL && !LIST_ISEMPTY(tel_frms)) {
+			if (end - pos < QUIC_INITIAL_PACKET_MINLEN) {
+				TRACE_PROTO("No more enough room to build an Initial packets",
+				            QUIC_EV_CONN_PHPKTS, qc);
+				goto out;
+			}
+
+			/* Pad this Initial packet if there is no ack-eliciting frames to send from
+			 * the next packet number space.
+			 */
+			if (LIST_ISEMPTY(next_tel_frms))
+				padding = 1;
+		}
+
 		if (qc->negotiated_version) {
 			ver = qc->negotiated_version;
 			if (qel == &qc->els[QUIC_TLS_ENC_LEVEL_INITIAL])