From: Frédéric Lécaille Date: Wed, 14 Jun 2023 06:54:51 +0000 (+0200) Subject: BUG/MINOR: quic: Wrong encryption level flags checking X-Git-Tag: v2.9-dev1~61 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b1f91fde85456ba65fa95e9b2e389c6a164b4e0;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Wrong encryption level flags checking This bug arrived with this commit which was supposed to fix another one: BUG/MINOR: quic: Wrong Application encryption level selection when probing The aim of this patch was to prevent the Application encryption to be selected when probing leading to ACK only packets to be sent if the ack delay timer had fired in the meantime, leading to crashes when no 01-RTT had been sent because the ack range tree is empty in this case. This statement is not correct (qc->pktns->flags & QUIC_FL_PKTNS_PROBE_NEEDED) because qc->pktns is an array of packet number space. But it is equivalent to (qc->pktns[QUIC_TLS_PKTNS_INITIAL].flags & QUIC_FL_PKTNS_PROBE_NEEDED). That said, the patch mentionned above is not more useful since this following which disable the ack time during the handshakes: BUG/MINOR: quic: Do not use ack delay during the handshakes This commit revert the first patch mentionned above. Must be backported as far as 2.6. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index f0a0df7cc2..5653404b61 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -3720,19 +3720,9 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf, */ if ((tel == QUIC_TLS_ENC_LEVEL_INITIAL || tel == QUIC_TLS_ENC_LEVEL_HANDSHAKE) && next_tel != QUIC_TLS_ENC_LEVEL_NONE && (LIST_ISEMPTY(frms))) { - /* If QUIC_TLS_ENC_LEVEL_HANDSHAKE was already reached let's try - * QUIC_TLS_ENC_LEVEL_APP except if the connection was probing. - */ - if (tel == QUIC_TLS_ENC_LEVEL_HANDSHAKE && next_tel == tel) { - if ((qc->pktns->flags & QUIC_FL_PKTNS_PROBE_NEEDED)) { - TRACE_PROTO("skip APP enc. level", QUIC_EV_CONN_PHPKTS, qc); - qc_txb_store(buf, dglen, first_pkt); - goto out; - } - + /* If QUIC_TLS_ENC_LEVEL_HANDSHAKE was already reached let's try QUIC_TLS_ENC_LEVEL_APP */ + if (tel == QUIC_TLS_ENC_LEVEL_HANDSHAKE && next_tel == tel) next_tel = QUIC_TLS_ENC_LEVEL_APP; - } - tel = next_tel; if (tel == QUIC_TLS_ENC_LEVEL_APP) frms = &qc->els[tel].pktns->tx.frms;