From 736af5698a5bb602e5dd7edf5126c584d7cca008 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 11 Dec 2020 12:12:17 +0700 Subject: [PATCH 1/3] don't preallocate a slice for undecryptable packets Under normal conditions, we don't expect to receive any undecryptable packets. We expect to receive a few when there's packet loss and / or reordering during the handshake, but even in that case the number will most likely be smaller than protocol.MaxUndecryptablePackets. --- session.go | 1 - 1 file changed, 1 deletion(-) diff --git a/session.go b/session.go index 4261d042..43bf0f43 100644 --- a/session.go +++ b/session.go @@ -493,7 +493,6 @@ func (s *session) preSetup() { s.receivedPackets = make(chan *receivedPacket, protocol.MaxSessionUnprocessedPackets) s.closeChan = make(chan closeError, 1) s.sendingScheduled = make(chan struct{}, 1) - s.undecryptablePackets = make([]*receivedPacket, 0, protocol.MaxUndecryptablePackets) s.ctx, s.ctxCancel = context.WithCancel(context.Background()) s.handshakeCtx, s.handshakeCtxCancel = context.WithCancel(context.Background()) From 02139a47433ef80171500eca80c0f87b1c8e1c46 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 11 Dec 2020 12:13:21 +0700 Subject: [PATCH 2/3] delete the slice of undecrytable packets when the handshake completes --- session.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/session.go b/session.go index 43bf0f43..809b02b7 100644 --- a/session.go +++ b/session.go @@ -675,6 +675,9 @@ func (s *session) handleHandshakeComplete() { s.handshakeComplete = true s.handshakeCompleteChan = nil // prevent this case from ever being selected again s.handshakeCtxCancel() + // Once the handshake completes, we have derived 1-RTT keys. + // There's no point in queueing undecryptable packets for later decryption any more. + s.undecryptablePackets = nil s.connIDManager.SetHandshakeComplete() s.connIDGenerator.SetHandshakeComplete() From c8626d89e569f22225d1b811a6be8a3a54b859e7 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 11 Dec 2020 12:17:04 +0700 Subject: [PATCH 3/3] assert that no undecryptable packets are queueud after the handshake --- session.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/session.go b/session.go index 809b02b7..a43a7c11 100644 --- a/session.go +++ b/session.go @@ -1674,6 +1674,9 @@ func (s *session) scheduleSending() { } func (s *session) tryQueueingUndecryptablePacket(p *receivedPacket, hdr *wire.Header) { + if s.handshakeComplete { + panic("shouldn't queue undecryptable packets after handshake completion") + } if len(s.undecryptablePackets)+1 > protocol.MaxUndecryptablePackets { if s.tracer != nil { s.tracer.DroppedPacket(logging.PacketTypeFromHeader(hdr), p.Size(), logging.PacketDropDOSPrevention)