This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push: new a46bcab Send stateless reset packet if the client id doesn't seem valid anymore a46bcab is described below commit a46bcab6c6949a7d4685f03dbff912b603574ecf Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Tue Sep 12 14:50:33 2017 +0900 Send stateless reset packet if the client id doesn't seem valid anymore --- iocore/net/P_QUICPacketHandler.h | 1 + iocore/net/QUICNetVConnection.cc | 3 +-- iocore/net/QUICPacketHandler.cc | 26 +++++++++++++++++++++----- iocore/net/quic/QUICPacket.h | 4 ++-- iocore/net/quic/QUICTypes.h | 5 +++-- iocore/net/quic/test/test_QUICPacketFactory.cc | 13 +++++-------- 6 files changed, 33 insertions(+), 19 deletions(-) diff --git a/iocore/net/P_QUICPacketHandler.h b/iocore/net/P_QUICPacketHandler.h index c40f255..6b29b6a 100644 --- a/iocore/net/P_QUICPacketHandler.h +++ b/iocore/net/P_QUICPacketHandler.h @@ -40,6 +40,7 @@ public: virtual int acceptEvent(int event, void *e) override; void init_accept(EThread *t) override; void send_packet(const QUICPacket &packet, QUICNetVConnection *vc); + void send_packet(const QUICPacket &packet, UDPConnection *udp_con, IpEndpoint &addr, uint32_t pmtu); private: void _recv_packet(int event, UDPPacket *udpPacket); diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc index 9cb85fa..bbc5547 100644 --- a/iocore/net/QUICNetVConnection.cc +++ b/iocore/net/QUICNetVConnection.cc @@ -49,7 +49,6 @@ static constexpr uint32_t MAX_PACKET_OVERHEAD = 25; // Max long header len(17) + FNV-1a hash len(8) static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15; static constexpr uint32_t MINIMUM_INITIAL_CLIENT_PACKET_SIZE = 1200; -static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key"; ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator"); @@ -96,7 +95,7 @@ void QUICNetVConnection::start(SSL_CTX *ssl_ctx) { // Version 0x00000001 uses stream 0 for cryptographic handshake with TLS 1.3, but newer version may not - this->_token.gen_token(STATELESS_RETRY_TOKEN_KEY, _quic_connection_id ^ id); + this->_token.gen_token(_quic_connection_id ^ id); this->_handshake_handler = new QUICHandshake(this, ssl_ctx, this->_token); this->_application_map = new QUICApplicationMap(); diff --git a/iocore/net/QUICPacketHandler.cc b/iocore/net/QUICPacketHandler.cc index 0531aeb..39df7ce 100644 --- a/iocore/net/QUICPacketHandler.cc +++ b/iocore/net/QUICPacketHandler.cc @@ -129,9 +129,19 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket *udpPacket) } if (!vc) { - // Unknown Connection ID Connection con; con.setRemote(&udpPacket->from.sa); + + // Send stateless reset if the packet is not a initial packet + if (!QUICTypeUtil::hasLongHeader(reinterpret_cast<const uint8_t *>(block->buf()))) { + QUICStatelessToken token; + token.gen_token(cid); + auto packet = QUICPacketFactory::create_stateless_reset_packet(cid, token); + this->send_packet(*packet, udpPacket->getConnection(), con.addr, 1200); + return; + } + + // Create a new NetVConnection vc = static_cast<QUICNetVConnection *>(getNetProcessor()->allocate_vc(((UnixUDPConnection *)udpPacket->getConnection())->ethread)); vc->init(udpPacket->getConnection(), this); @@ -147,7 +157,6 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket *udpPacket) vc->options.ip_proto = NetVCOptions::USE_UDP; vc->options.ip_family = udpPacket->from.sa.sa_family; - // TODO: Handle Connection ID of Client Cleartext / Non-Final Server Cleartext Packet this->_connections.put(cid, vc); } @@ -168,17 +177,24 @@ QUICPacketHandler::send_packet(const QUICPacket &packet, QUICNetVConnection *vc) this->_connections.put(packet.connection_id(), vc); } + this->send_packet(packet, vc->get_udp_con(), vc->con.addr, vc->pmtu()); +} + +void +QUICPacketHandler::send_packet(const QUICPacket &packet, UDPConnection *udp_con, IpEndpoint &addr, uint32_t pmtu) +{ size_t udp_len; Ptr<IOBufferBlock> udp_payload(new_IOBufferBlock()); - udp_payload->alloc(iobuffer_size_to_index(vc->pmtu())); + udp_payload->alloc(iobuffer_size_to_index(pmtu)); packet.store(reinterpret_cast<uint8_t *>(udp_payload->end()), &udp_len); udp_payload->fill(udp_len); - UDPPacket *udpPkt = new_UDPPacket(vc->con.addr, 0, udp_payload); + UDPPacket *udpPkt = new_UDPPacket(addr, 0, udp_payload); // NOTE: p will be enqueued to udpOutQueue of UDPNetHandler ip_port_text_buffer ipb; Debug("quic_sec", "send %s packet to %s, size=%" PRId64, QUICDebugNames::packet_type(packet.type()), ats_ip_nptop(&udpPkt->to.sa, ipb, sizeof(ipb)), udpPkt->getPktLength()); - vc->get_udp_con()->send(this, udpPkt); + + udp_con->send(this, udpPkt); } diff --git a/iocore/net/quic/QUICPacket.h b/iocore/net/quic/QUICPacket.h index e0e9c7a..56d7887 100644 --- a/iocore/net/quic/QUICPacket.h +++ b/iocore/net/quic/QUICPacket.h @@ -220,8 +220,8 @@ public: QUICPacketNumber base_packet_number, QUICVersion version, ats_unique_buf payload, size_t len); - std::unique_ptr<QUICPacket, QUICPacketDeleterFunc> create_stateless_reset_packet(QUICConnectionId connection_id, - QUICStatelessToken stateless_reset_token); + static std::unique_ptr<QUICPacket, QUICPacketDeleterFunc> create_stateless_reset_packet(QUICConnectionId connection_id, + QUICStatelessToken stateless_reset_token); void set_version(QUICVersion negotiated_version); void set_crypto_module(QUICCrypto *crypto); diff --git a/iocore/net/quic/QUICTypes.h b/iocore/net/quic/QUICTypes.h index 2f3fc2f..5c7a2e8 100644 --- a/iocore/net/quic/QUICTypes.h +++ b/iocore/net/quic/QUICTypes.h @@ -165,10 +165,11 @@ class QUICStatelessToken { public: void - gen_token(const char *key, uint64_t data) + gen_token(uint64_t data) { + static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key"; MD5Context ctx; - ctx.update(key, strlen(key)); + ctx.update(STATELESS_RETRY_TOKEN_KEY, strlen(STATELESS_RETRY_TOKEN_KEY)); ctx.update(reinterpret_cast<void *>(&data), 8); ctx.finalize(_md5); } diff --git a/iocore/net/quic/test/test_QUICPacketFactory.cc b/iocore/net/quic/test/test_QUICPacketFactory.cc index 88079db..02d2b64 100644 --- a/iocore/net/quic/test/test_QUICPacketFactory.cc +++ b/iocore/net/quic/test/test_QUICPacketFactory.cc @@ -73,15 +73,12 @@ TEST_CASE("QUICPacketFactory_Create_StatelessResetPacket", "[quic]") { QUICPacketFactory factory; QUICStatelessToken token; - token.gen_token("test", 12345); + token.gen_token(12345); uint8_t expected_output[] = { - 0x41, // 0CK0001 - 0x00, 0x00, 0x00, 0x00, 0x01, - 0x02, 0x03, 0x04, // Connection ID - 0x40, 0x01, 0x57, 0x55, 0x21, - 0x9c, 0x24, 0x24, // Token - 0xc7, 0x9f, 0x79, 0xa2, 0x72, - 0xcb, 0x55, 0xe6 + 0x41, // 0CK0001 + 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, // Connection ID + 0xa1, 0x45, 0x7b, 0x7e, 0x8f, 0x85, 0x0b, 0x14, // Token + 0xd2, 0x43, 0xa1, 0xaf, 0x7c, 0xe2, 0x91, 0x50, // Random data }; uint8_t output[1024]; -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].