This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push: new 8cc22df Fix #2494 Generate Stateless Reset Token with a configurable value 8cc22df is described below commit 8cc22df1355e37b46c6665ecd7d2970aee464215 Author: Zizhong Zhang <zizh...@linkedin.com> AuthorDate: Tue Oct 3 17:38:13 2017 -0700 Fix #2494 Generate Stateless Reset Token with a configurable value --- iocore/net/QUICNetVConnection.cc | 8 ++++++-- iocore/net/QUICPacketHandler.cc | 6 +++++- iocore/net/quic/QUICConfig.cc | 7 +++++++ iocore/net/quic/QUICConfig.h | 2 ++ 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc index aff162a..5962e96 100644 --- a/iocore/net/QUICNetVConnection.cc +++ b/iocore/net/QUICNetVConnection.cc @@ -35,6 +35,7 @@ #include "P_SSLNextProtocolSet.h" +#include "QUICConfig.h" #include "QUICDebugNames.h" #include "QUICEvents.h" #include "QUICConfig.h" @@ -92,7 +93,10 @@ void QUICNetVConnection::start(SSL_CTX *ssl_ctx) { // Version 0x00000001 uses stream 0 for cryptographic handshake with TLS 1.3, but newer version may not - this->_token.gen_token(_quic_connection_id ^ id); + { + QUICConfig::scoped_config params; + this->_token.gen_token(_quic_connection_id ^ params->server_id()); + } this->_handshake_handler = new QUICHandshake(this, ssl_ctx, this->_token); this->_application_map = new QUICApplicationMap(); @@ -689,7 +693,7 @@ QUICNetVConnection::_state_common_receive_packet() break; case QUICPacketType::CLIENT_CLEARTEXT: // FIXME Just ignore for now but it has to be acked (GitHub#2609) - break; + break; default: error = QUICErrorUPtr(new QUICConnectionError(QUICErrorClass::QUIC_TRANSPORT, QUICErrorCode::INTERNAL_ERROR)); break; diff --git a/iocore/net/QUICPacketHandler.cc b/iocore/net/QUICPacketHandler.cc index 641dba2..2c8dfb9 100644 --- a/iocore/net/QUICPacketHandler.cc +++ b/iocore/net/QUICPacketHandler.cc @@ -22,6 +22,7 @@ #include "ts/ink_config.h" #include "P_Net.h" +#include "QUICConfig.h" #include "QUICPacket.h" #include "QUICDebugNames.h" #include "QUICEvents.h" @@ -135,7 +136,10 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket *udpPacket) // Send stateless reset if the packet is not a initial packet if (!QUICTypeUtil::hasLongHeader(reinterpret_cast<const uint8_t *>(block->buf()))) { QUICStatelessToken token; - token.gen_token(cid); + { + QUICConfig::scoped_config params; + token.gen_token(cid ^ params->server_id()); + } auto packet = QUICPacketFactory::create_stateless_reset_packet(cid, token); this->send_packet(*packet, udpPacket->getConnection(), con.addr, 1200); return; diff --git a/iocore/net/quic/QUICConfig.cc b/iocore/net/quic/QUICConfig.cc index d97ef54..38b6b13 100644 --- a/iocore/net/quic/QUICConfig.cc +++ b/iocore/net/quic/QUICConfig.cc @@ -34,6 +34,7 @@ void QUICConfigParams::initialize() { REC_EstablishStaticConfigInt32U(this->_no_activity_timeout_in, "proxy.config.quic.no_activity_timeout_in"); + REC_EstablishStaticConfigInt32U(this->_server_id, "proxy.config.quic.server_id"); } uint32_t @@ -43,6 +44,12 @@ QUICConfigParams::no_activity_timeout_in() const } uint32_t +QUICConfigParams::server_id() const +{ + return this->_server_id; +} + +uint32_t QUICConfigParams::initial_max_data() const { return this->_initial_max_data; diff --git a/iocore/net/quic/QUICConfig.h b/iocore/net/quic/QUICConfig.h index b9ac7c2..05588ce 100644 --- a/iocore/net/quic/QUICConfig.h +++ b/iocore/net/quic/QUICConfig.h @@ -34,6 +34,7 @@ public: uint32_t initial_max_data() const; uint32_t initial_max_stream_data() const; uint32_t initial_max_stream_id() const; + uint32_t server_id() const; private: // FIXME Fill appropriate values @@ -41,6 +42,7 @@ private: uint32_t _initial_max_data = 100; // in units of 1024 octets uint32_t _initial_max_stream_data = 2048; uint32_t _initial_max_stream_id = 100; + uint32_t _server_id = 0; }; class QUICConfig -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].