From 5c4c6c181ebab0852e761952e4b447e09a8e771e Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 21 Aug 2023 10:50:52 +0200
Subject: [PATCH] The first byte of QUIC packets is in the [64,127] range.

---
 src/main.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 45a1ca7..6775536 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -214,7 +214,12 @@ async fn handle_client_query(
                         .await
                     }
                     Ok(None) => return Ok(()),
-                    Err(_) => bail!("Unencrypted query or QUIC protocol"),
+                    Err(_) => {
+                        if !packet.is_empty() && (64..=127).contains(&packet[0]) {
+                            bail!("Likely a QUIC packet") // RFC 9443
+                        }
+                        bail!("Unencrypted query or different protocol")
+                    }
                 };
             }
         };