From: Frédéric Lécaille Date: Thu, 29 Jun 2023 14:07:17 +0000 (+0200) Subject: MINOR: quic: Drop packet with type for discarded packet number space. X-Git-Tag: v2.9-dev1~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f3c1bef37b7c74fe786095c116adf697c0f18cf;p=thirdparty%2Fhaproxy.git MINOR: quic: Drop packet with type for discarded packet number space. This patch allows the low level packet parser to drop packets with type for discarded packet number spaces. Furthermore, this prevents it from reallocating new encryption levels and packet number spaces already released/discarded. When a packet number space is discarded, it MUST NOT be reallocated. As the packet number space discarding is done asap the type of packet received is known, some packet number space discarding check may be safely removed from qc_try_rm_hp() and qc_qel_may_rm_hp() which are called after having parse the packet header, and is type. --- diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h index ac0dd7cfc6..2f8f51ccbc 100644 --- a/include/haproxy/quic_tls.h +++ b/include/haproxy/quic_tls.h @@ -603,6 +603,18 @@ static inline int quic_tls_pktns_is_dcd(struct quic_conn *qc, struct quic_pktns return 0; } +/* Return 1 the packet number space attached to connection with associated + * packet type has been discarded, 0 if not. + */ +static inline int quic_tls_pkt_type_pktns_dcd(struct quic_conn *qc, unsigned char type) +{ + if ((type == QUIC_PACKET_TYPE_INITIAL && (qc->flags & QUIC_FL_CONN_IPKTNS_DCD)) || + (type == QUIC_PACKET_TYPE_HANDSHAKE && (qc->flags & QUIC_FL_CONN_HPKTNS_DCD))) + return 1; + + return 0; +} + /* Reset all members of to default values, ->hp_key[] excepted */ static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx) { diff --git a/src/quic_conn.c b/src/quic_conn.c index 2a694a6995..a20feeaa0b 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -4542,12 +4542,6 @@ static int qc_qel_may_rm_hp(struct quic_conn *qc, struct quic_enc_level *qel) if (!qel) goto cant_rm_hp; - /* check if tls secrets are available */ - if (quic_tls_pktns_is_dcd(qc, qel->pktns)) { - TRACE_PROTO("Discarded keys", QUIC_EV_CONN_TRMHP, qc); - goto cant_rm_hp; - } - if (!quic_tls_has_rx_sec(qel)) { TRACE_PROTO("non available secrets", QUIC_EV_CONN_TRMHP, qc); goto cant_rm_hp; @@ -6076,14 +6070,6 @@ static inline int qc_try_rm_hp(struct quic_conn *qc, TRACE_PROTO("RX hp removed", QUIC_EV_CONN_TRMHP, qc, pkt); } else { - if (quic_tls_pktns_is_dcd(qc, qel->pktns)) { - /* If the packet number space has been discarded, this packet - * will be not parsed. - */ - TRACE_PROTO("Discarded pktns", QUIC_EV_CONN_TRMHP, qc, pkt); - goto out; - } - TRACE_PROTO("RX hp not removed", QUIC_EV_CONN_TRMHP, qc, pkt); LIST_APPEND(&qel->rx.pqpkts, &pkt->list); quic_rx_packet_refinc(pkt); @@ -7295,6 +7281,12 @@ static void qc_rx_pkt_handle(struct quic_conn *qc, struct quic_rx_packet *pkt, task_wakeup(qc->timer_task, TASK_WOKEN_MSG); } + /* Drop asap packet whose packet number space is discarded. */ + if (quic_tls_pkt_type_pktns_dcd(qc, pkt->type)) { + TRACE_PROTO("Discarded packet number space", QUIC_EV_CONN_TRMHP, qc); + goto drop_silent; + } + if (qc->flags & QUIC_FL_CONN_IMMEDIATE_CLOSE) { TRACE_PROTO("Connection error", QUIC_EV_CONN_LPKT, qc, NULL, NULL, qv);