forked from quic-go/quic-go
Disable anti-amplification limit by address validation token (#3326)
This commit is contained in:
Benedikt Spies
@@ -6,16 +6,19 @@ import (
|
||||
"github.com/lucas-clemente/quic-go/logging"
|
||||
)
|
||||
|
||||
// NewAckHandler creates a new SentPacketHandler and a new ReceivedPacketHandler
|
||||
// NewAckHandler creates a new SentPacketHandler and a new ReceivedPacketHandler.
|
||||
// clientAddressValidated indicates whether the address was validated beforehand by an address validation token.
|
||||
// clientAddressValidated has no effect for a client.
|
||||
func NewAckHandler(
|
||||
initialPacketNumber protocol.PacketNumber,
|
||||
initialMaxDatagramSize protocol.ByteCount,
|
||||
rttStats *utils.RTTStats,
|
||||
clientAddressValidated bool,
|
||||
pers protocol.Perspective,
|
||||
tracer logging.ConnectionTracer,
|
||||
logger utils.Logger,
|
||||
version protocol.VersionNumber,
|
||||
) (SentPacketHandler, ReceivedPacketHandler) {
|
||||
sph := newSentPacketHandler(initialPacketNumber, initialMaxDatagramSize, rttStats, pers, tracer, logger)
|
||||
sph := newSentPacketHandler(initialPacketNumber, initialMaxDatagramSize, rttStats, clientAddressValidated, pers, tracer, logger)
|
||||
return sph, newReceivedPacketHandler(sph, rttStats, logger, version)
|
||||
}
|
||||
|
||||
@@ -101,10 +101,13 @@ var (
|
||||
_ sentPacketTracker = &sentPacketHandler{}
|
||||
)
|
||||
|
||||
// clientAddressValidated indicates whether the address was validated beforehand by an address validation token.
|
||||
// If the address was validated, the amplification limit doesn't apply. It has no effect for a client.
|
||||
func newSentPacketHandler(
|
||||
initialPN protocol.PacketNumber,
|
||||
initialMaxDatagramSize protocol.ByteCount,
|
||||
rttStats *utils.RTTStats,
|
||||
clientAddressValidated bool,
|
||||
pers protocol.Perspective,
|
||||
tracer logging.ConnectionTracer,
|
||||
logger utils.Logger,
|
||||
@@ -119,7 +122,7 @@ func newSentPacketHandler(
|
||||
|
||||
return &sentPacketHandler{
|
||||
peerCompletedAddressValidation: pers == protocol.PerspectiveServer,
|
||||
peerAddressValidated: pers == protocol.PerspectiveClient,
|
||||
peerAddressValidated: pers == protocol.PerspectiveClient || clientAddressValidated,
|
||||
initialPackets: newPacketNumberSpace(initialPN, false, rttStats),
|
||||
handshakePackets: newPacketNumberSpace(0, false, rttStats),
|
||||
appDataPackets: newPacketNumberSpace(0, true, rttStats),
|
||||
|
||||
@@ -29,7 +29,7 @@ var _ = Describe("SentPacketHandler", func() {
|
||||
JustBeforeEach(func() {
|
||||
lostPackets = nil
|
||||
rttStats := utils.NewRTTStats()
|
||||
handler = newSentPacketHandler(42, protocol.InitialPacketSizeIPv4, rttStats, perspective, nil, utils.DefaultLogger)
|
||||
handler = newSentPacketHandler(42, protocol.InitialPacketSizeIPv4, rttStats, false, perspective, nil, utils.DefaultLogger)
|
||||
streamFrame = wire.StreamFrame{
|
||||
StreamID: 5,
|
||||
Data: []byte{0x13, 0x37},
|
||||
@@ -944,6 +944,26 @@ var _ = Describe("SentPacketHandler", func() {
|
||||
})
|
||||
})
|
||||
|
||||
Context("amplification limit, for the server, with validated address", func() {
|
||||
JustBeforeEach(func() {
|
||||
rttStats := utils.NewRTTStats()
|
||||
handler = newSentPacketHandler(42, protocol.InitialPacketSizeIPv4, rttStats, true, perspective, nil, utils.DefaultLogger)
|
||||
})
|
||||
|
||||
It("do not limits the window", func() {
|
||||
handler.ReceivedBytes(0)
|
||||
Expect(handler.SendMode()).To(Equal(SendAny))
|
||||
handler.SentPacket(&Packet{
|
||||
PacketNumber: 1,
|
||||
Length: 900,
|
||||
EncryptionLevel: protocol.EncryptionInitial,
|
||||
Frames: []Frame{{Frame: &wire.PingFrame{}}},
|
||||
SendTime: time.Now(),
|
||||
})
|
||||
Expect(handler.SendMode()).To(Equal(SendAny))
|
||||
})
|
||||
})
|
||||
|
||||
Context("amplification limit, for the client", func() {
|
||||
BeforeEach(func() {
|
||||
perspective = protocol.PerspectiveClient
|
||||
|
||||
Reference in New Issue
Block a user