This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push: new d62137c Append PADDING frame randomly d62137c is described below commit d62137c4ba9b715484dd7c0284440b9510e30474 Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Mon Sep 11 11:06:58 2017 +0900 Append PADDING frame randomly Minimum QUIC packet size applies only Cilent Initial Packet --- iocore/net/P_QUICNetVConnection.h | 1 + iocore/net/QUICNetVConnection.cc | 21 ++++++++++++--------- iocore/net/quic/QUICConnection.h | 17 +++++++++++++++-- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/iocore/net/P_QUICNetVConnection.h b/iocore/net/P_QUICNetVConnection.h index 1216f43..61d16e2 100644 --- a/iocore/net/P_QUICNetVConnection.h +++ b/iocore/net/P_QUICNetVConnection.h @@ -191,6 +191,7 @@ public: QUICError handle_frame(std::shared_ptr<const QUICFrame> frame) override; private: + std::random_device _rnd; QUICConnectionId _quic_connection_id; QUICPacketNumber _largest_received_packet_number = 0; UDPConnection *_udp_con = nullptr; diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc index fce4ad8..c9654a3 100644 --- a/iocore/net/QUICNetVConnection.cc +++ b/iocore/net/QUICNetVConnection.cc @@ -46,10 +46,10 @@ #define DebugQUICCon(fmt, ...) \ Debug("quic_net", "[%" PRIx64 "] " fmt, static_cast<uint64_t>(this->_quic_connection_id), ##__VA_ARGS__) -static constexpr uint32_t MINIMUM_MTU = 1280; -static constexpr uint32_t MAX_PACKET_OVERHEAD = 25; // Max long header len(17) + FNV-1a hash len(8) -static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15; -static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key"; +static constexpr uint32_t MAX_PACKET_OVERHEAD = 25; // Max long header len(17) + FNV-1a hash len(8) +static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15; +static constexpr uint32_t MINIMUM_INITIAL_CLIENT_PACKET_SIZE = 1200; +static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key"; ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator"); @@ -170,10 +170,13 @@ QUICNetVConnection::direction() uint32_t QUICNetVConnection::minimum_quic_packet_size() { - if (this->options.ip_family == PF_INET6) { - return MINIMUM_MTU - 48; + if (netvc_context == NET_VCONNECTION_OUT) { + // FIXME Only the first packet need to be 1200 bytes at least + return MINIMUM_INITIAL_CLIENT_PACKET_SIZE; } else { - return MINIMUM_MTU - 28; + // FIXME This size should be configurable and should have some randomness + // This is just for providing protection against packet analysis for protected packets + return 32 + (this->_rnd() & 0x3f); // 32 to 96 } } @@ -533,8 +536,8 @@ QUICNetVConnection::largest_acked_packet_number() QUICError QUICNetVConnection::_state_handshake_process_initial_client_packet(std::unique_ptr<QUICPacket, QUICPacketDeleterFunc> packet) { - if (packet->size() < this->minimum_quic_packet_size()) { - DebugQUICCon("%" PRId32 ", %" PRId32, packet->size(), this->minimum_quic_packet_size()); + if (packet->size() < MINIMUM_INITIAL_CLIENT_PACKET_SIZE) { + DebugQUICCon("Packet size is smaller than the minimum initial client packet size"); return QUICError(QUICErrorClass::QUIC_TRANSPORT, QUICErrorCode::QUIC_INTERNAL_ERROR); } diff --git a/iocore/net/quic/QUICConnection.h b/iocore/net/quic/QUICConnection.h index 8113ade..69dfea6 100644 --- a/iocore/net/quic/QUICConnection.h +++ b/iocore/net/quic/QUICConnection.h @@ -34,8 +34,21 @@ class SSLNextProtocolSet; class QUICConnection : public QUICPacketTransmitter, public QUICFrameTransmitter, public QUICFrameHandler { public: - virtual uint32_t maximum_quic_packet_size() = 0; - virtual uint32_t minimum_quic_packet_size() = 0; + /* + * Retruns the maximum packet size at the time called + * + * The size depends on PMTU. + */ + virtual uint32_t maximum_quic_packet_size() = 0; + + /* + * Returns the mimimum packet size at the time called + * + * If the connection is an outgoing connection and you have not sent Client Initial packet, + * this return the minimum size for it, which is 1200. + */ + virtual uint32_t minimum_quic_packet_size() = 0; + virtual uint32_t pmtu() = 0; virtual NetVConnectionContext_t direction() = 0; virtual SSLNextProtocolSet *next_protocol_set() = 0; -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].