send a Public Reset when receiving a CHLO with the FHL2 tag

Fixes #411. Chrome sends the FHL2 when it wants to perform a head-of-line blocking experiment, introduced in QUIC version 36 (see https://codereview.chromium.org/2115033002). We don’t support this experiment. By sending a Public Reset when receiving this tag we force Chrome to use the TCP fallback.
2017-03-20 12:35:34 +07:00
parent 9a1e86cf5e
commit 6d5c9776e9
5 changed files with 33 additions and 1 deletions
--- a/handshake/crypto_setup_server.go
+++ b/handshake/crypto_setup_server.go
@@ -47,6 +47,11 @@ type cryptoSetupServer struct {

 var _ CryptoSetup = &cryptoSetupServer{}

+// ErrHOLExperiment is returned when the client sends the FHL2 tag in the CHLO
+// this is an expiremnt implemented by Chrome in QUIC 36, which we don't support
+// TODO: remove this when dropping support for QUIC 36
+var ErrHOLExperiment = qerr.Error(qerr.InvalidCryptoMessageParameter, "HOL experiment. Unsupported")
+
 // NewCryptoSetup creates a new CryptoSetup instance for a server
 func NewCryptoSetup(
 	connID protocol.ConnectionID,
@@ -95,6 +100,10 @@ func (h *cryptoSetupServer) HandleCryptoStream() error {
 }

 func (h *cryptoSetupServer) handleMessage(chloData []byte, cryptoData map[Tag][]byte) (bool, error) {
+	if _, isHOLExperiment := cryptoData[TagFHL2]; isHOLExperiment {
+		return false, ErrHOLExperiment
+	}
+
 	sniSlice, ok := cryptoData[TagSNI]
 	if !ok {
 		return false, qerr.Error(qerr.CryptoMessageParameterNotFound, "SNI required")