Perform early first-packet validation before decryption

quinn-rs · Mar 26, 2024 · 835a65f · 835a65f
1 parent 36950c6
commit 835a65f
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/quinn-proto/src/endpoint.rs b/quinn-proto/src/endpoint.rs
@@ -232,6 +232,18 @@ impl Endpoint {
                         return None;
                     }
                 };
+
+            if let Err(reason) = self.early_validate_first_packet(dst_cid) {
+                return Some(DatagramEvent::Response(self.initial_close(
+                    header.version,
+                    addresses,
+                    &crypto,
+                    &header.src_cid,
+                    reason,
+                    buf,
+                )));
+            }
+
             return match first_decode.finish(Some(&*crypto.header.remote)) {
                 Ok(packet) => {
                     self.handle_first_packet(now, addresses, ecn, packet, remaining, &crypto, buf)
@@ -437,12 +449,6 @@ impl Endpoint {
 
         let server_config = self.server_config.as_ref().unwrap().clone();
 
-        if let Err(err) = self.early_validate_first_packet(&dst_cid) {
-            return Some(DatagramEvent::Response(
-                self.initial_close(version, addresses, crypto, &src_cid, err, buf),
-            ));
-        }
-
         let (retry_src_cid, orig_dst_cid) = if server_config.use_retry {
             if token.is_empty() {
                 // First Initial