From 1873503937b6815b14ee1c370136f3103e7f6b9e Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sat, 1 Jun 2019 15:45:31 +0800 Subject: [PATCH] reduce the Retry token expiry time to 10 seconds The expiry time used to be 24 hours before. The reason for this long duration was that this included tokens that were issued to be used between separate connections in gQUIC. At the moment, we are only generating tokens for Retry packets, i.e. within a single connection. They are therefore expected to be used within a single round trip. --- interface.go | 2 +- internal/protocol/params.go | 4 ++-- server.go | 2 +- server_test.go | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/interface.go b/interface.go index 2a65b0b3..d533df24 100644 --- a/interface.go +++ b/interface.go @@ -189,7 +189,7 @@ type Config struct { IdleTimeout time.Duration // AcceptToken determines if a Token is accepted. // It is called with token = nil if the client didn't send a token. - // If not set, it verifies that the address matches, and that the token was issued within the last 24 hours. + // If not set, it verifies that the address matches, and that the token was issued within the last 5 seconds. // This option is only valid for the server. AcceptToken func(clientAddr net.Addr, token *Token) bool // MaxReceiveStreamFlowControlWindow is the maximum stream-level flow control window for receiving data. diff --git a/internal/protocol/params.go b/internal/protocol/params.go index d4bf5f7e..ececd97e 100644 --- a/internal/protocol/params.go +++ b/internal/protocol/params.go @@ -57,8 +57,8 @@ const MaxTrackedSkippedPackets = 10 // If the queue is full, new connection attempts will be rejected. const MaxAcceptQueueSize = 32 -// TokenExpiryTime is the valid time of a token -const TokenExpiryTime = 24 * time.Hour +// RetryTokenValidity is the duration that a retry token is considered valid +const RetryTokenValidity = 10 * time.Second // MaxOutstandingSentPackets is maximum number of packets saved for retransmission. // When reached, it imposes a soft limit on sending new packets: diff --git a/server.go b/server.go index 1ded2fe7..a6c377e8 100644 --- a/server.go +++ b/server.go @@ -198,7 +198,7 @@ var defaultAcceptToken = func(clientAddr net.Addr, token *Token) bool { if token == nil { return false } - if time.Now().After(token.SentTime.Add(protocol.TokenExpiryTime)) { + if time.Now().After(token.SentTime.Add(protocol.RetryTokenValidity)) { return false } var sourceAddr string diff --git a/server_test.go b/server_test.go index a1a3aa20..b1099641 100644 --- a/server_test.go +++ b/server_test.go @@ -545,7 +545,7 @@ var _ = Describe("default source address verification", func() { remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)} token := &Token{ RemoteAddr: "192.168.0.1", - SentTime: time.Now().Add(-protocol.TokenExpiryTime).Add(time.Second), // will expire in 1 second + SentTime: time.Now().Add(-protocol.RetryTokenValidity).Add(time.Second), // will expire in 1 second } Expect(defaultAcceptToken(remoteAddr, token)).To(BeTrue()) }) @@ -586,7 +586,7 @@ var _ = Describe("default source address verification", func() { remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)} token := &Token{ RemoteAddr: "192.168.0.1", - SentTime: time.Now().Add(-protocol.TokenExpiryTime).Add(-time.Second), // expired 1 second ago + SentTime: time.Now().Add(-protocol.RetryTokenValidity).Add(-time.Second), // expired 1 second ago } Expect(defaultAcceptToken(remoteAddr, token)).To(BeFalse()) })