Welcome! Log In Create A New Profile

Advanced

[nginx] QUIC: ignore version negotiation packets.

Anonymous User
December 26, 2024 10:00AM
details: https://github.com/nginx/nginx/commit/a52ba8ba0e349585e49073c168e423c12abcf597
branches: master
commit: a52ba8ba0e349585e49073c168e423c12abcf597
user: Roman Arutyunyan <arut@nginx.com>
date: Fri, 13 Dec 2024 13:25:26 +0400
description:
QUIC: ignore version negotiation packets.

Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response. This
could be used to set up an infinite traffic reflect loop with another nginx
instance.

Now version negotiation packets are ignored. As per RFC 9000, Section 6.1:

An endpoint MUST NOT send a Version Negotiation packet in response to
receiving a Version Negotiation packet.

---
src/event/quic/ngx_event_quic_transport.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
index fba098caa..bb13447b5 100644
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt)
return NGX_ERROR;
}

+ if (pkt->version == 0) {
+ /* version negotiation */
+ return NGX_ERROR;
+ }
+
if (!ngx_quic_supported_version(pkt->version)) {
return NGX_ABORT;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] QUIC: ignore version negotiation packets.

Anonymous User 189 December 26, 2024 10:00AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 122
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready