gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

limit number of tracked skipped packet numbers in SentPacketHandler

Browse Source
This commit is contained in:
Marten Seemann
2016-08-11 15:27:46 +07:00
committed by Lucas Clemente
parent 78fab5c264
commit 65838f34a8
3 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ackhandler/sent_packet_handler.go
View File

@@ -127,6 +127,10 @@ func (h *sentPacketHandler) SentPacket(packet *ackhandlerlegacy.Packet) error {
for p := h.lastSentPacketNumber + 1; p < packet.PacketNumber; p++ {
h.skippedPackets = append(h.skippedPackets, p)
if len(h.skippedPackets) > protocol.MaxTrackedSkippedPackets {
h.skippedPackets = h.skippedPackets[1:]
}
}
now := time.Now()

11
ackhandler/sent_packet_handler_test.go
View File

@@ -175,6 +175,17 @@ var _ = Describe("SentPacketHandler", func() {
Expect(handler.skippedPackets).To(HaveLen(2))
Expect(handler.skippedPackets).To(Equal([]protocol.PacketNumber{2, 3}))
})
It("limits the lengths of the skipped packet slice", func() {
for i := 0; i < protocol.MaxTrackedSkippedPackets+5; i++ {
packet := ackhandlerlegacy.Packet{PacketNumber: protocol.PacketNumber(2*i + 1), Frames: []frames.Frame{&streamFrame}, Length: 1}
err := handler.SentPacket(&packet)
Expect(err).ToNot(HaveOccurred())
}
Expect(handler.skippedPackets).To(HaveLen(protocol.MaxUndecryptablePackets))
Expect(handler.skippedPackets[0]).To(Equal(protocol.PacketNumber(10)))
Expect(handler.skippedPackets[protocol.MaxTrackedSkippedPackets-1]).To(Equal(protocol.PacketNumber(10 + 2*(protocol.MaxTrackedSkippedPackets-1))))
})
})
})

3
protocol/server_parameters.go
View File

@@ -47,6 +47,9 @@ const RetransmissionThreshold uint8 = 3
// SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
const SkipPacketAveragePeriodLength PacketNumber = 500
// MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
const MaxTrackedSkippedPackets int = 10
// STKExpiryTimeSec is the valid time of a source address token in seconds
const STKExpiryTimeSec = 24 * 60 * 60