trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mas...@apache.org
Subject [trafficserver] branch quic-latest updated: Append PADDING frame randomly
Date Mon, 11 Sep 2017 02:09:12 GMT
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new d62137c  Append PADDING frame randomly
d62137c is described below

commit d62137c4ba9b715484dd7c0284440b9510e30474
Author: Masakazu Kitajo <maskit@apache.org>
AuthorDate: Mon Sep 11 11:06:58 2017 +0900

    Append PADDING frame randomly
    
    Minimum QUIC packet size applies only Cilent Initial Packet
---
 iocore/net/P_QUICNetVConnection.h |  1 +
 iocore/net/QUICNetVConnection.cc  | 21 ++++++++++++---------
 iocore/net/quic/QUICConnection.h  | 17 +++++++++++++++--
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/iocore/net/P_QUICNetVConnection.h b/iocore/net/P_QUICNetVConnection.h
index 1216f43..61d16e2 100644
--- a/iocore/net/P_QUICNetVConnection.h
+++ b/iocore/net/P_QUICNetVConnection.h
@@ -191,6 +191,7 @@ public:
   QUICError handle_frame(std::shared_ptr<const QUICFrame> frame) override;
 
 private:
+  std::random_device _rnd;
   QUICConnectionId _quic_connection_id;
   QUICPacketNumber _largest_received_packet_number = 0;
   UDPConnection *_udp_con                          = nullptr;
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index fce4ad8..c9654a3 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -46,10 +46,10 @@
 #define DebugQUICCon(fmt, ...) \
   Debug("quic_net", "[%" PRIx64 "] " fmt, static_cast<uint64_t>(this->_quic_connection_id),
##__VA_ARGS__)
 
-static constexpr uint32_t MINIMUM_MTU               = 1280;
-static constexpr uint32_t MAX_PACKET_OVERHEAD       = 25; // Max long header len(17) + FNV-1a
hash len(8)
-static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15;
-static constexpr char STATELESS_RETRY_TOKEN_KEY[]   = "stateless_token_retry_key";
+static constexpr uint32_t MAX_PACKET_OVERHEAD                = 25; // Max long header len(17)
+ FNV-1a hash len(8)
+static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD          = 15;
+static constexpr uint32_t MINIMUM_INITIAL_CLIENT_PACKET_SIZE = 1200;
+static constexpr char STATELESS_RETRY_TOKEN_KEY[]            = "stateless_token_retry_key";
 
 ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator");
 
@@ -170,10 +170,13 @@ QUICNetVConnection::direction()
 uint32_t
 QUICNetVConnection::minimum_quic_packet_size()
 {
-  if (this->options.ip_family == PF_INET6) {
-    return MINIMUM_MTU - 48;
+  if (netvc_context == NET_VCONNECTION_OUT) {
+    // FIXME Only the first packet need to be 1200 bytes at least
+    return MINIMUM_INITIAL_CLIENT_PACKET_SIZE;
   } else {
-    return MINIMUM_MTU - 28;
+    // FIXME This size should be configurable and should have some randomness
+    // This is just for providing protection against packet analysis for protected packets
+    return 32 + (this->_rnd() & 0x3f); // 32 to 96
   }
 }
 
@@ -533,8 +536,8 @@ QUICNetVConnection::largest_acked_packet_number()
 QUICError
 QUICNetVConnection::_state_handshake_process_initial_client_packet(std::unique_ptr<QUICPacket,
QUICPacketDeleterFunc> packet)
 {
-  if (packet->size() < this->minimum_quic_packet_size()) {
-    DebugQUICCon("%" PRId32 ", %" PRId32, packet->size(), this->minimum_quic_packet_size());
+  if (packet->size() < MINIMUM_INITIAL_CLIENT_PACKET_SIZE) {
+    DebugQUICCon("Packet size is smaller than the minimum initial client packet size");
     return QUICError(QUICErrorClass::QUIC_TRANSPORT, QUICErrorCode::QUIC_INTERNAL_ERROR);
   }
 
diff --git a/iocore/net/quic/QUICConnection.h b/iocore/net/quic/QUICConnection.h
index 8113ade..69dfea6 100644
--- a/iocore/net/quic/QUICConnection.h
+++ b/iocore/net/quic/QUICConnection.h
@@ -34,8 +34,21 @@ class SSLNextProtocolSet;
 class QUICConnection : public QUICPacketTransmitter, public QUICFrameTransmitter, public
QUICFrameHandler
 {
 public:
-  virtual uint32_t maximum_quic_packet_size()               = 0;
-  virtual uint32_t minimum_quic_packet_size()               = 0;
+  /*
+   * Retruns the maximum packet size at the time called
+   *
+   * The size depends on PMTU.
+   */
+  virtual uint32_t maximum_quic_packet_size() = 0;
+
+  /*
+   * Returns the mimimum packet size at the time called
+   *
+   * If the connection is an outgoing connection and you have not sent Client Initial packet,
+   * this return the minimum size for it, which is 1200.
+   */
+  virtual uint32_t minimum_quic_packet_size() = 0;
+
   virtual uint32_t pmtu()                                   = 0;
   virtual NetVConnectionContext_t direction()               = 0;
   virtual SSLNextProtocolSet *next_protocol_set()           = 0;

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Mime
View raw message