This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push:
new a46bcab Send stateless reset packet if the client id doesn't seem
valid anymore
a46bcab is described below
commit a46bcab6c6949a7d4685f03dbff912b603574ecf
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Tue Sep 12 14:50:33 2017 +0900
Send stateless reset packet if the client id doesn't seem valid anymore
---
iocore/net/P_QUICPacketHandler.h | 1 +
iocore/net/QUICNetVConnection.cc | 3 +--
iocore/net/QUICPacketHandler.cc | 26 +++++++++++++++++++++-----
iocore/net/quic/QUICPacket.h | 4 ++--
iocore/net/quic/QUICTypes.h | 5 +++--
iocore/net/quic/test/test_QUICPacketFactory.cc | 13 +++++--------
6 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/iocore/net/P_QUICPacketHandler.h b/iocore/net/P_QUICPacketHandler.h
index c40f255..6b29b6a 100644
--- a/iocore/net/P_QUICPacketHandler.h
+++ b/iocore/net/P_QUICPacketHandler.h
@@ -40,6 +40,7 @@ public:
virtual int acceptEvent(int event, void *e) override;
void init_accept(EThread *t) override;
void send_packet(const QUICPacket &packet, QUICNetVConnection *vc);
+ void send_packet(const QUICPacket &packet, UDPConnection *udp_con,
IpEndpoint &addr, uint32_t pmtu);
private:
void _recv_packet(int event, UDPPacket *udpPacket);
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 9cb85fa..bbc5547 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -49,7 +49,6 @@
static constexpr uint32_t MAX_PACKET_OVERHEAD = 25; // Max long
header len(17) + FNV-1a hash len(8)
static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15;
static constexpr uint32_t MINIMUM_INITIAL_CLIENT_PACKET_SIZE = 1200;
-static constexpr char STATELESS_RETRY_TOKEN_KEY[] =
"stateless_token_retry_key";
ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator");
@@ -96,7 +95,7 @@ void
QUICNetVConnection::start(SSL_CTX *ssl_ctx)
{
// Version 0x00000001 uses stream 0 for cryptographic handshake with TLS
1.3, but newer version may not
- this->_token.gen_token(STATELESS_RETRY_TOKEN_KEY, _quic_connection_id ^ id);
+ this->_token.gen_token(_quic_connection_id ^ id);
this->_handshake_handler = new QUICHandshake(this, ssl_ctx, this->_token);
this->_application_map = new QUICApplicationMap();
diff --git a/iocore/net/QUICPacketHandler.cc b/iocore/net/QUICPacketHandler.cc
index 0531aeb..39df7ce 100644
--- a/iocore/net/QUICPacketHandler.cc
+++ b/iocore/net/QUICPacketHandler.cc
@@ -129,9 +129,19 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket
*udpPacket)
}
if (!vc) {
- // Unknown Connection ID
Connection con;
con.setRemote(&udpPacket->from.sa);
+
+ // Send stateless reset if the packet is not a initial packet
+ if (!QUICTypeUtil::hasLongHeader(reinterpret_cast<const uint8_t
*>(block->buf()))) {
+ QUICStatelessToken token;
+ token.gen_token(cid);
+ auto packet = QUICPacketFactory::create_stateless_reset_packet(cid,
token);
+ this->send_packet(*packet, udpPacket->getConnection(), con.addr, 1200);
+ return;
+ }
+
+ // Create a new NetVConnection
vc =
static_cast<QUICNetVConnection
*>(getNetProcessor()->allocate_vc(((UnixUDPConnection
*)udpPacket->getConnection())->ethread));
vc->init(udpPacket->getConnection(), this);
@@ -147,7 +157,6 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket
*udpPacket)
vc->options.ip_proto = NetVCOptions::USE_UDP;
vc->options.ip_family = udpPacket->from.sa.sa_family;
- // TODO: Handle Connection ID of Client Cleartext / Non-Final Server
Cleartext Packet
this->_connections.put(cid, vc);
}
@@ -168,17 +177,24 @@ QUICPacketHandler::send_packet(const QUICPacket &packet,
QUICNetVConnection *vc)
this->_connections.put(packet.connection_id(), vc);
}
+ this->send_packet(packet, vc->get_udp_con(), vc->con.addr, vc->pmtu());
+}
+
+void
+QUICPacketHandler::send_packet(const QUICPacket &packet, UDPConnection
*udp_con, IpEndpoint &addr, uint32_t pmtu)
+{
size_t udp_len;
Ptr<IOBufferBlock> udp_payload(new_IOBufferBlock());
- udp_payload->alloc(iobuffer_size_to_index(vc->pmtu()));
+ udp_payload->alloc(iobuffer_size_to_index(pmtu));
packet.store(reinterpret_cast<uint8_t *>(udp_payload->end()), &udp_len);
udp_payload->fill(udp_len);
- UDPPacket *udpPkt = new_UDPPacket(vc->con.addr, 0, udp_payload);
+ UDPPacket *udpPkt = new_UDPPacket(addr, 0, udp_payload);
// NOTE: p will be enqueued to udpOutQueue of UDPNetHandler
ip_port_text_buffer ipb;
Debug("quic_sec", "send %s packet to %s, size=%" PRId64,
QUICDebugNames::packet_type(packet.type()),
ats_ip_nptop(&udpPkt->to.sa, ipb, sizeof(ipb)),
udpPkt->getPktLength());
- vc->get_udp_con()->send(this, udpPkt);
+
+ udp_con->send(this, udpPkt);
}
diff --git a/iocore/net/quic/QUICPacket.h b/iocore/net/quic/QUICPacket.h
index e0e9c7a..56d7887 100644
--- a/iocore/net/quic/QUICPacket.h
+++ b/iocore/net/quic/QUICPacket.h
@@ -220,8 +220,8 @@ public:
QUICPacketNumber base_packet_number,
QUICVersion version, ats_unique_buf payload,
size_t len);
- std::unique_ptr<QUICPacket, QUICPacketDeleterFunc>
create_stateless_reset_packet(QUICConnectionId connection_id,
-
QUICStatelessToken stateless_reset_token);
+ static std::unique_ptr<QUICPacket, QUICPacketDeleterFunc>
create_stateless_reset_packet(QUICConnectionId connection_id,
+
QUICStatelessToken stateless_reset_token);
void set_version(QUICVersion negotiated_version);
void set_crypto_module(QUICCrypto *crypto);
diff --git a/iocore/net/quic/QUICTypes.h b/iocore/net/quic/QUICTypes.h
index 2f3fc2f..5c7a2e8 100644
--- a/iocore/net/quic/QUICTypes.h
+++ b/iocore/net/quic/QUICTypes.h
@@ -165,10 +165,11 @@ class QUICStatelessToken
{
public:
void
- gen_token(const char *key, uint64_t data)
+ gen_token(uint64_t data)
{
+ static constexpr char STATELESS_RETRY_TOKEN_KEY[] =
"stateless_token_retry_key";
MD5Context ctx;
- ctx.update(key, strlen(key));
+ ctx.update(STATELESS_RETRY_TOKEN_KEY, strlen(STATELESS_RETRY_TOKEN_KEY));
ctx.update(reinterpret_cast<void *>(&data), 8);
ctx.finalize(_md5);
}
diff --git a/iocore/net/quic/test/test_QUICPacketFactory.cc
b/iocore/net/quic/test/test_QUICPacketFactory.cc
index 88079db..02d2b64 100644
--- a/iocore/net/quic/test/test_QUICPacketFactory.cc
+++ b/iocore/net/quic/test/test_QUICPacketFactory.cc
@@ -73,15 +73,12 @@ TEST_CASE("QUICPacketFactory_Create_StatelessResetPacket",
"[quic]")
{
QUICPacketFactory factory;
QUICStatelessToken token;
- token.gen_token("test", 12345);
+ token.gen_token(12345);
uint8_t expected_output[] = {
- 0x41, // 0CK0001
- 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x02, 0x03, 0x04, // Connection ID
- 0x40, 0x01, 0x57, 0x55, 0x21,
- 0x9c, 0x24, 0x24, // Token
- 0xc7, 0x9f, 0x79, 0xa2, 0x72,
- 0xcb, 0x55, 0xe6
+ 0x41, // 0CK0001
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, // Connection ID
+ 0xa1, 0x45, 0x7b, 0x7e, 0x8f, 0x85, 0x0b, 0x14, // Token
+ 0xd2, 0x43, 0xa1, 0xaf, 0x7c, 0xe2, 0x91, 0x50,
// Random data
};
uint8_t output[1024];
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].
