BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO

a-denoyelle · a-denoyelle · commit ed8214e33933 · 2024-11-04T18:22:30.000+01:00
diff --git a/src/quic_rx.c b/src/quic_rx.c
@@ -617,6 +617,7 @@ static int qc_handle_strm_frm(struct quic_rx_packet *pkt,
 }
 
 /* Parse <frm> CRYPTO frame coming with <pkt> packet at <qel> <qc> connection.
+ * <iter> indicates the current iteration of packet parsing, starting at 0.
  *
  * Returns 0 on success or a negative error code. A positive value is used to
  * indicate that the current frame cannot be handled immediately, but it could
@@ -627,7 +628,8 @@ static int qc_handle_strm_frm(struct quic_rx_packet *pkt,
  */
 static int qc_handle_crypto_frm(struct quic_conn *qc,
                                 struct qf_crypto *crypto_frm, struct quic_rx_packet *pkt,
-                                struct quic_enc_level *qel, int *fast_retrans)
+                                struct quic_enc_level *qel, int *fast_retrans,
+                                int iter)
 {
 	int ret = -1;
 	enum ncb_ret ncb_ret;
@@ -649,8 +651,10 @@ static int qc_handle_crypto_frm(struct quic_conn *qc,
 			TRACE_PROTO("Already received CRYPTO data",
 						QUIC_EV_CONN_RXPKT, qc, pkt, &cfdebug);
 			if (qc_is_listener(qc) && qel == qc->iel &&
-				!(qc->flags & QUIC_FL_CONN_HANDSHAKE_SPEED_UP))
+			    !(qc->flags & QUIC_FL_CONN_HANDSHAKE_SPEED_UP) &&
+			    iter == 0) {
 				*fast_retrans = 1;
+			}
 			goto done;
 		}
 
@@ -776,6 +780,7 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 	struct quic_frame frm;
 	const unsigned char *pos, *end;
 	int fast_retrans = 0, ret = 0;
+	int iter = 0, crypto_parsing_stage = 0;
 
 	TRACE_ENTER(QUIC_EV_CONN_PRSHPKT, qc);
 	/* Skip the AAD */
@@ -796,12 +801,17 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 		goto err;
 	}
 
-	while (pos < end) {
+	while (pos < end && iter < 10) {
 		if (!qc_parse_frm(&frm, pkt, &pos, end, qc)) {
 			// trace already emitted by function above
 			goto err;
 		}
 
+		if (iter > 0 && frm.type != QUIC_FT_CRYPTO) {
+			TRACE_STATE("ignore non crypto frame on reparsing", QUIC_EV_CONN_PRSHPKT, qc);
+			continue;
+		}
+
 		switch (frm.type) {
 		case QUIC_FT_PADDING:
 			break;
@@ -849,9 +859,18 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 		}
 		case QUIC_FT_CRYPTO:
 		{
-			ret = qc_handle_crypto_frm(qc, &frm.crypto, pkt, qel, &fast_retrans);
-			if (ret != 0)
+			ret = qc_handle_crypto_frm(qc, &frm.crypto, pkt, qel, &fast_retrans, iter);
+			if (ret < 0) {
 				goto err;
+			}
+			else if (ret > 0 && crypto_parsing_stage < 1) {
+				TRACE_STATE("crypto stage set to 1", QUIC_EV_CONN_PRSHPKT, qc);
+				crypto_parsing_stage = 1;
+			}
+			else if (crypto_parsing_stage == 1) {
+				TRACE_STATE("crypto stage set to 2", QUIC_EV_CONN_PRSHPKT, qc);
+				crypto_parsing_stage = 2;
+			}
 			break;
 		}
 		case QUIC_FT_NEW_TOKEN:
@@ -998,6 +1017,14 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 			/* Unknown frame type must be rejected by qc_parse_frm(). */
 			ABORT_NOW();
 		}
+
+		BUG_ON(pos > end);
+		if (pos == end && crypto_parsing_stage == 2) {
+			TRACE_STATE("reparse packet crypto frames", QUIC_EV_CONN_PRSHPKT, qc);
+			pos = pkt->data + pkt->aad_len;
+			crypto_parsing_stage = 0;
+			++iter;
+		}
 	}
 
 	if (fast_retrans && qc->iel && qc->hel) {
