From dd419461eff5395b369f5497fef703dc383577bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 26 Jan 2023 15:07:39 +0100 Subject: [PATCH] BUG/MINOR: quic: Possible stream truncations under heavy loss This may happen during retransmission of frames which can be splitted (CRYPTO, or STREAM frames). One may have to split a frame to be retransmitted due to the QUIC protocol properties (packet size limitation and packet field encoding sizes). The remaining part of a frame which cannot be retransmitted must be detached from the original frame it is copied from. If not, when the really sent part will be acknowledged the remaining part will be acknowledged too but not sent! Must be backported to 2.7 and 2.6. --- src/quic_conn.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/quic_conn.c b/src/quic_conn.c index 9d167cc8a..8fa28ba2f 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6730,6 +6730,9 @@ static inline int qc_build_frms(struct list *outlist, struct list *inlist, /* This frame was duplicated */ LIST_APPEND(&cf->origin->reflist, &new_cf->ref); new_cf->origin = cf->origin; + /* Detach the remaining CRYPTO frame from its original frame */ + LIST_DEL_INIT(&cf->ref); + cf->origin = NULL; } LIST_APPEND(outlist, &new_cf->list); /* Consume bytes of the current frame. */ @@ -6842,6 +6845,9 @@ static inline int qc_build_frms(struct list *outlist, struct list *inlist, /* This frame was duplicated */ LIST_APPEND(&cf->origin->reflist, &new_cf->ref); new_cf->origin = cf->origin; + /* Detach this STREAM frame from its origin */ + LIST_DEL_INIT(&cf->ref); + cf->origin = NULL; } LIST_APPEND(outlist, &new_cf->list); cf->type |= QUIC_STREAM_FRAME_TYPE_OFF_BIT;