QUIC: ignore version negotiation packets.

Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response.  This
could be used to set up an infinite traffic reflect loop with another nginx
instance.

Now version negotiation packets are ignored.  As per RFC 9000, Section 6.1:

  An endpoint MUST NOT send a Version Negotiation packet in response to
  receiving a Version Negotiation packet.

diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
index fba098caa95ee05bf6211053ac4f41f33b51f033..bb13447b55f1931106dcb5d150c7b6352c5ad347 100644 (file)
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
+    if (pkt->version == 0) {
+        /* version negotiation */
+        return NGX_ERROR;
+    }
+
     if (!ngx_quic_supported_version(pkt->version)) {
         return NGX_ABORT;
     }