[trafficserver] branch quic-latest updated: Append PADDING frame randomly

maskit Sun, 10 Sep 2017 19:09:41 -0700

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git



The following commit(s) were added to refs/heads/quic-latest by this push:
     new d62137c  Append PADDING frame randomly
d62137c is described below

commit d62137c4ba9b715484dd7c0284440b9510e30474
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Mon Sep 11 11:06:58 2017 +0900

    Append PADDING frame randomly
    
    Minimum QUIC packet size applies only Cilent Initial Packet
---
 iocore/net/P_QUICNetVConnection.h |  1 +
 iocore/net/QUICNetVConnection.cc  | 21 ++++++++++++---------
 iocore/net/quic/QUICConnection.h  | 17 +++++++++++++++--
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/iocore/net/P_QUICNetVConnection.h 
b/iocore/net/P_QUICNetVConnection.h
index 1216f43..61d16e2 100644
--- a/iocore/net/P_QUICNetVConnection.h
+++ b/iocore/net/P_QUICNetVConnection.h
@@ -191,6 +191,7 @@ public:
   QUICError handle_frame(std::shared_ptr<const QUICFrame> frame) override;
 
 private:
+  std::random_device _rnd;
   QUICConnectionId _quic_connection_id;
   QUICPacketNumber _largest_received_packet_number = 0;
   UDPConnection *_udp_con                          = nullptr;
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index fce4ad8..c9654a3 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -46,10 +46,10 @@
 #define DebugQUICCon(fmt, ...) \
   Debug("quic_net", "[%" PRIx64 "] " fmt, 
static_cast<uint64_t>(this->_quic_connection_id), ##__VA_ARGS__)
 
-static constexpr uint32_t MINIMUM_MTU               = 1280;
-static constexpr uint32_t MAX_PACKET_OVERHEAD       = 25; // Max long header 
len(17) + FNV-1a hash len(8)
-static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15;
-static constexpr char STATELESS_RETRY_TOKEN_KEY[]   = 
"stateless_token_retry_key";
+static constexpr uint32_t MAX_PACKET_OVERHEAD                = 25; // Max long 
header len(17) + FNV-1a hash len(8)
+static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD          = 15;
+static constexpr uint32_t MINIMUM_INITIAL_CLIENT_PACKET_SIZE = 1200;
+static constexpr char STATELESS_RETRY_TOKEN_KEY[]            = 
"stateless_token_retry_key";
 
 ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator");
 
@@ -170,10 +170,13 @@ QUICNetVConnection::direction()
 uint32_t
 QUICNetVConnection::minimum_quic_packet_size()
 {
-  if (this->options.ip_family == PF_INET6) {
-    return MINIMUM_MTU - 48;
+  if (netvc_context == NET_VCONNECTION_OUT) {
+    // FIXME Only the first packet need to be 1200 bytes at least
+    return MINIMUM_INITIAL_CLIENT_PACKET_SIZE;
   } else {
-    return MINIMUM_MTU - 28;
+    // FIXME This size should be configurable and should have some randomness
+    // This is just for providing protection against packet analysis for 
protected packets
+    return 32 + (this->_rnd() & 0x3f); // 32 to 96
   }
 }
 
@@ -533,8 +536,8 @@ QUICNetVConnection::largest_acked_packet_number()
 QUICError
 
QUICNetVConnection::_state_handshake_process_initial_client_packet(std::unique_ptr<QUICPacket,
 QUICPacketDeleterFunc> packet)
 {
-  if (packet->size() < this->minimum_quic_packet_size()) {
-    DebugQUICCon("%" PRId32 ", %" PRId32, packet->size(), 
this->minimum_quic_packet_size());
+  if (packet->size() < MINIMUM_INITIAL_CLIENT_PACKET_SIZE) {
+    DebugQUICCon("Packet size is smaller than the minimum initial client 
packet size");
     return QUICError(QUICErrorClass::QUIC_TRANSPORT, 
QUICErrorCode::QUIC_INTERNAL_ERROR);
   }
 
diff --git a/iocore/net/quic/QUICConnection.h b/iocore/net/quic/QUICConnection.h
index 8113ade..69dfea6 100644
--- a/iocore/net/quic/QUICConnection.h
+++ b/iocore/net/quic/QUICConnection.h
@@ -34,8 +34,21 @@ class SSLNextProtocolSet;
 class QUICConnection : public QUICPacketTransmitter, public 
QUICFrameTransmitter, public QUICFrameHandler
 {
 public:
-  virtual uint32_t maximum_quic_packet_size()               = 0;
-  virtual uint32_t minimum_quic_packet_size()               = 0;
+  /*
+   * Retruns the maximum packet size at the time called
+   *
+   * The size depends on PMTU.
+   */
+  virtual uint32_t maximum_quic_packet_size() = 0;
+
+  /*
+   * Returns the mimimum packet size at the time called
+   *
+   * If the connection is an outgoing connection and you have not sent Client 
Initial packet,
+   * this return the minimum size for it, which is 1200.
+   */
+  virtual uint32_t minimum_quic_packet_size() = 0;
+
   virtual uint32_t pmtu()                                   = 0;
   virtual NetVConnectionContext_t direction()               = 0;
   virtual SSLNextProtocolSet *next_protocol_set()           = 0;

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

[trafficserver] branch quic-latest updated: Append PADDING frame randomly

Reply via email to