drop short header packets for unknown sessions

packet_handler_map.go

@@ -185,7 +185,8 @@ func (h *packetHandlerMap) handlePacket(addr net.Addr, data []byte) error {
 		handlePacket = handler.handlePacket
 	} else { // no session found
 		// this might be a stateless reset
-		if !iHdr.IsLongHeader && len(data) >= protocol.MinStatelessResetSize {
+		if !iHdr.IsLongHeader {
+			if len(data) >= protocol.MinStatelessResetSize {
 				var token [16]byte
 				copy(token[:], data[len(data)-16:])
 				if sess, ok := h.resetTokens[token]; ok {
@@ -194,6 +195,9 @@ func (h *packetHandlerMap) handlePacket(addr net.Addr, data []byte) error {
 					return nil
 				}
 			}
+			// TODO(#943): send a stateless reset
+			return fmt.Errorf("received a short header packet with an unexpected connection ID %s", iHdr.DestConnectionID)
+		}
 		if server == nil { // no server set
 			h.mutex.RUnlock()
 			return fmt.Errorf("received a packet with an unexpected connection ID %s", iHdr.DestConnectionID)

packet_handler_map_test.go

@@ -227,7 +227,7 @@ var _ = Describe("Packet Handler Map", func() {
 			Expect(handler.handlePacket(nil, getPacket(connID))).To(MatchError("received a packet with an unexpected connection ID 0xdeadbeef42"))
 			packet := append([]byte{0x40, 0xde, 0xca, 0xfb, 0xad, 0x99} /* short header packet */, make([]byte, 50)...)
 			packet = append(packet, token[:]...)
-			Expect(handler.handlePacket(nil, packet)).To(MatchError("received a packet with an unexpected connection ID 0xdecafbad99"))
+			Expect(handler.handlePacket(nil, packet)).To(MatchError("received a short header packet with an unexpected connection ID 0xdecafbad99"))
 			Expect(handler.resetTokens).To(BeEmpty())
 		})
 	})

server.go

@@ -308,12 +308,10 @@ func (s *server) handlePacket(p *receivedPacket) {
 func (s *server) handlePacketImpl(p *receivedPacket) error {
 	hdr := p.header
 
-	if hdr.IsLongHeader {
 	// send a Version Negotiation Packet if the client is speaking a different protocol version
 	if !protocol.IsSupportedVersion(s.config.Versions, hdr.Version) {
 		return s.sendVersionNegotiationPacket(p)
 	}
-	}
 	if hdr.Type == protocol.PacketTypeInitial {
 		go s.handleInitial(p)
 	}

server_test.go

@@ -129,26 +129,32 @@ var _ = Describe("Server", func() {
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize-100),
 			})
-			Expect(conn.dataWritten.Len()).To(BeZero())
+			Consistently(conn.dataWritten.Len).Should(BeZero())
 		})
 
 		It("drops packets with a too short connection ID", func() {
 			hdr := &wire.Header{
+				IsLongHeader:     true,
+				Type:             protocol.PacketTypeInitial,
 				SrcConnectionID:  protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8},
 				DestConnectionID: protocol.ConnectionID{1, 2, 3, 4},
+				Version:          serv.config.Versions[0],
 				PacketNumberLen:  protocol.PacketNumberLen1,
 			}
 			serv.handlePacket(&receivedPacket{
 				header: hdr,
 				data:   bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})
-			Expect(conn.dataWritten.Len()).To(BeZero())
+			Consistently(conn.dataWritten.Len).Should(BeZero())
 		})
 
 		It("drops non-Initial packets", func() {
 			serv.logger.SetLogLevel(utils.LogLevelDebug)
 			serv.handlePacket(&receivedPacket{
-				header: &wire.Header{Type: protocol.PacketTypeHandshake},
+				header: &wire.Header{
+					Type:    protocol.PacketTypeHandshake,
+					Version: serv.config.Versions[0],
+				},
 				data: []byte("invalid"),
 			})
 		})
@@ -172,6 +178,7 @@ var _ = Describe("Server", func() {
 				header: &wire.Header{
 					Type:    protocol.PacketTypeInitial,
 					Token:   token,
+					Version: serv.config.Versions[0],
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})
@@ -195,6 +202,7 @@ var _ = Describe("Server", func() {
 				header: &wire.Header{
 					Type:    protocol.PacketTypeInitial,
 					Token:   []byte("foobar"),
+					Version: serv.config.Versions[0],
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})