1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2025-01-17 23:06:30 -05:00

sync quic package. fixes #1503

This commit is contained in:
Darien Raymond 2019-01-14 20:52:10 +01:00
parent 86f8fe4eb4
commit ab0ddd4313
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
20 changed files with 304 additions and 316 deletions

View File

@ -124,20 +124,22 @@ type Session interface {
// AcceptUniStream returns the next unidirectional stream opened by the peer, blocking until one is available. // AcceptUniStream returns the next unidirectional stream opened by the peer, blocking until one is available.
AcceptUniStream() (ReceiveStream, error) AcceptUniStream() (ReceiveStream, error)
// OpenStream opens a new bidirectional QUIC stream. // OpenStream opens a new bidirectional QUIC stream.
// It returns a special error when the peer's concurrent stream limit is reached.
// There is no signaling to the peer about new streams: // There is no signaling to the peer about new streams:
// The peer can only accept the stream after data has been sent on the stream. // The peer can only accept the stream after data has been sent on the stream.
// TODO(#1152): Enable testing for the special error // If the error is non-nil, it satisfies the net.Error interface.
// When reaching the peer's stream limit, err.Temporary() will be true.
OpenStream() (Stream, error) OpenStream() (Stream, error)
// OpenStreamSync opens a new bidirectional QUIC stream. // OpenStreamSync opens a new bidirectional QUIC stream.
// It blocks until the peer's concurrent stream limit allows a new stream to be opened. // It blocks until a new stream can be opened.
// If the error is non-nil, it satisfies the net.Error interface.
OpenStreamSync() (Stream, error) OpenStreamSync() (Stream, error)
// OpenUniStream opens a new outgoing unidirectional QUIC stream. // OpenUniStream opens a new outgoing unidirectional QUIC stream.
// It returns a special error when the peer's concurrent stream limit is reached. // If the error is non-nil, it satisfies the net.Error interface.
// TODO(#1152): Enable testing for the special error // When reaching the peer's stream limit, Temporary() will be true.
OpenUniStream() (SendStream, error) OpenUniStream() (SendStream, error)
// OpenUniStreamSync opens a new outgoing unidirectional QUIC stream. // OpenUniStreamSync opens a new outgoing unidirectional QUIC stream.
// It blocks until the peer's concurrent stream limit allows a new stream to be opened. // It blocks until a new stream can be opened.
// If the error is non-nil, it satisfies the net.Error interface.
OpenUniStreamSync() (SendStream, error) OpenUniStreamSync() (SendStream, error)
// LocalAddr returns the local address. // LocalAddr returns the local address.
LocalAddr() net.Addr LocalAddr() net.Addr

View File

@ -74,7 +74,7 @@ func (h *receivedPacketHandler) ReceivedPacket(packetNumber protocol.PacketNumbe
} }
isMissing := h.isMissing(packetNumber) isMissing := h.isMissing(packetNumber)
if packetNumber > h.largestObserved { if packetNumber >= h.largestObserved {
h.largestObserved = packetNumber h.largestObserved = packetNumber
h.largestObservedReceivedTime = rcvTime h.largestObservedReceivedTime = rcvTime
} }

View File

@ -12,10 +12,8 @@ const (
SendAck SendAck
// SendRetransmission means that retransmissions should be sent // SendRetransmission means that retransmissions should be sent
SendRetransmission SendRetransmission
// SendRTO means that an RTO probe packet should be sent // SendPTO means that a probe packet should be sent
SendRTO SendPTO
// SendTLP means that a TLP probe packet should be sent
SendTLP
// SendAny means that any packet should be sent // SendAny means that any packet should be sent
SendAny SendAny
) )
@ -28,10 +26,8 @@ func (s SendMode) String() string {
return "ack" return "ack"
case SendRetransmission: case SendRetransmission:
return "retransmission" return "retransmission"
case SendRTO: case SendPTO:
return "rto" return "pto"
case SendTLP:
return "tlp"
case SendAny: case SendAny:
return "any" return "any"
default: default:

View File

@ -17,16 +17,8 @@ const (
// Maximum reordering in time space before time based loss detection considers a packet lost. // Maximum reordering in time space before time based loss detection considers a packet lost.
// In fraction of an RTT. // In fraction of an RTT.
timeReorderingFraction = 1.0 / 8 timeReorderingFraction = 1.0 / 8
// defaultRTOTimeout is the RTO time on new connections // Timer granularity. The timer will not be set to a value smaller than granularity.
defaultRTOTimeout = 500 * time.Millisecond granularity = time.Millisecond
// Minimum time in the future a tail loss probe alarm may be set for.
minTPLTimeout = 10 * time.Millisecond
// Maximum number of tail loss probes before an RTO fires.
maxTLPs = 2
// Minimum time in the future an RTO alarm may be set for.
minRTOTimeout = 200 * time.Millisecond
// maxRTOTimeout is the maximum RTO time
maxRTOTimeout = 60 * time.Second
) )
type sentPacketHandler struct { type sentPacketHandler struct {
@ -44,7 +36,6 @@ type sentPacketHandler struct {
// example: we send an ACK for packets 90-100 with packet number 20 // example: we send an ACK for packets 90-100 with packet number 20
// once we receive an ACK from the peer for packet 20, the lowestPacketNotConfirmedAcked is 101 // once we receive an ACK from the peer for packet 20, the lowestPacketNotConfirmedAcked is 101
lowestPacketNotConfirmedAcked protocol.PacketNumber lowestPacketNotConfirmedAcked protocol.PacketNumber
largestSentBeforeRTO protocol.PacketNumber
packetHistory *sentPacketHistory packetHistory *sentPacketHistory
@ -56,17 +47,13 @@ type sentPacketHandler struct {
rttStats *congestion.RTTStats rttStats *congestion.RTTStats
handshakeComplete bool handshakeComplete bool
// The number of times the crypto packets have been retransmitted without receiving an ack. // The number of times the crypto packets have been retransmitted without receiving an ack.
cryptoCount uint32 cryptoCount uint32
// The number of times a PTO has been sent without receiving an ack.
// The number of times a TLP has been sent without receiving an ack. ptoCount uint32
tlpCount uint32 // The number of PTO probe packets that should be sent.
allowTLP bool numProbesToSend int
// The number of times an RTO has been sent without receiving an ack.
rtoCount uint32
// The number of RTO probe packets that should be sent.
numRTOs int
// The time at which the next packet will be considered lost based on early transmit or exceeding the reordering window in time. // The time at which the next packet will be considered lost based on early transmit or exceeding the reordering window in time.
lossTime time.Time lossTime time.Time
@ -173,10 +160,9 @@ func (h *sentPacketHandler) sentPacketImpl(packet *Packet) bool /* isRetransmitt
packet.includedInBytesInFlight = true packet.includedInBytesInFlight = true
h.bytesInFlight += packet.Length h.bytesInFlight += packet.Length
packet.canBeRetransmitted = true packet.canBeRetransmitted = true
if h.numRTOs > 0 { if h.numProbesToSend > 0 {
h.numRTOs-- h.numProbesToSend--
} }
h.allowTLP = false
} }
h.congestion.OnPacketSent(packet.SendTime, h.bytesInFlight, packet.PacketNumber, packet.Length, isRetransmittable) h.congestion.OnPacketSent(packet.SendTime, h.bytesInFlight, packet.PacketNumber, packet.Length, isRetransmittable)
@ -210,6 +196,9 @@ func (h *sentPacketHandler) ReceivedAck(ackFrame *wire.AckFrame, withPacketNumbe
if err != nil { if err != nil {
return err return err
} }
if len(ackedPackets) == 0 {
return nil
}
priorInFlight := h.bytesInFlight priorInFlight := h.bytesInFlight
for _, p := range ackedPackets { for _, p := range ackedPackets {
@ -235,6 +224,10 @@ func (h *sentPacketHandler) ReceivedAck(ackFrame *wire.AckFrame, withPacketNumbe
if err := h.detectLostPackets(rcvTime, priorInFlight); err != nil { if err := h.detectLostPackets(rcvTime, priorInFlight); err != nil {
return err return err
} }
h.ptoCount = 0
h.cryptoCount = 0
h.updateLossDetectionAlarm() h.updateLossDetectionAlarm()
return nil return nil
} }
@ -310,15 +303,8 @@ func (h *sentPacketHandler) updateLossDetectionAlarm() {
} else if !h.lossTime.IsZero() { } else if !h.lossTime.IsZero() {
// Early retransmit timer or time loss detection. // Early retransmit timer or time loss detection.
h.alarm = h.lossTime h.alarm = h.lossTime
} else { } else { // PTO alarm
// RTO or TLP alarm h.alarm = h.lastSentRetransmittablePacketTime.Add(h.computePTOTimeout())
alarmDuration := h.computeRTOTimeout()
if h.tlpCount < maxTLPs {
tlpAlarm := h.computeTLPTimeout()
// if the RTO duration is shorter than the TLP duration, use the RTO duration
alarmDuration = utils.MinDuration(alarmDuration, tlpAlarm)
}
h.alarm = h.lastSentRetransmittablePacketTime.Add(alarmDuration)
} }
} }
@ -346,6 +332,7 @@ func (h *sentPacketHandler) detectLostPackets(now time.Time, priorInFlight proto
} }
return true, nil return true, nil
}) })
if h.logger.Debug() && len(lostPackets) > 0 { if h.logger.Debug() && len(lostPackets) > 0 {
pns := make([]protocol.PacketNumber, len(lostPackets)) pns := make([]protocol.PacketNumber, len(lostPackets))
for i, p := range lostPackets { for i, p := range lostPackets {
@ -399,21 +386,12 @@ func (h *sentPacketHandler) onVerifiedAlarm() error {
} }
// Early retransmit or time loss detection // Early retransmit or time loss detection
err = h.detectLostPackets(time.Now(), h.bytesInFlight) err = h.detectLostPackets(time.Now(), h.bytesInFlight)
} else if h.tlpCount < maxTLPs { // TLP } else { // PTO
if h.logger.Debug() { if h.logger.Debug() {
h.logger.Debugf("Loss detection alarm fired in TLP mode. TLP count: %d", h.tlpCount) h.logger.Debugf("Loss detection alarm fired in PTO mode. PTO count: %d", h.ptoCount)
} }
h.allowTLP = true h.ptoCount++
h.tlpCount++ h.numProbesToSend += 2
} else { // RTO
if h.logger.Debug() {
h.logger.Debugf("Loss detection alarm fired in RTO mode. RTO count: %d", h.rtoCount)
}
if h.rtoCount == 0 {
h.largestSentBeforeRTO = h.lastSentPacketNumber
}
h.rtoCount++
h.numRTOs += 2
} }
return err return err
} }
@ -454,15 +432,9 @@ func (h *sentPacketHandler) onPacketAcked(p *Packet, rcvTime time.Time) error {
if p.includedInBytesInFlight { if p.includedInBytesInFlight {
h.bytesInFlight -= p.Length h.bytesInFlight -= p.Length
} }
if h.rtoCount > 0 {
h.verifyRTO(p.PacketNumber)
}
if err := h.stopRetransmissionsFor(p); err != nil { if err := h.stopRetransmissionsFor(p); err != nil {
return err return err
} }
h.rtoCount = 0
h.tlpCount = 0
h.cryptoCount = 0
return h.packetHistory.Remove(p.PacketNumber) return h.packetHistory.Remove(p.PacketNumber)
} }
@ -480,18 +452,6 @@ func (h *sentPacketHandler) stopRetransmissionsFor(p *Packet) error {
return nil return nil
} }
func (h *sentPacketHandler) verifyRTO(pn protocol.PacketNumber) {
if pn <= h.largestSentBeforeRTO {
h.logger.Debugf("Spurious RTO detected. Received an ACK for %#x (largest sent before RTO: %#x)", pn, h.largestSentBeforeRTO)
// Replace SRTT with latest_rtt and increase the variance to prevent
// a spurious RTO from happening again.
h.rttStats.ExpireSmoothedMetrics()
return
}
h.logger.Debugf("RTO verified. Received an ACK for %#x (largest sent before RTO: %#x", pn, h.largestSentBeforeRTO)
h.congestion.OnRetransmissionTimeout(true)
}
func (h *sentPacketHandler) DequeuePacketForRetransmission() *Packet { func (h *sentPacketHandler) DequeuePacketForRetransmission() *Packet {
if len(h.retransmissionQueue) == 0 { if len(h.retransmissionQueue) == 0 {
return nil return nil
@ -539,11 +499,8 @@ func (h *sentPacketHandler) SendMode() SendMode {
} }
return SendNone return SendNone
} }
if h.allowTLP { if h.numProbesToSend > 0 {
return SendTLP return SendPTO
}
if h.numRTOs > 0 {
return SendRTO
} }
// Only send ACKs if we're congestion limited. // Only send ACKs if we're congestion limited.
if cwnd := h.congestion.GetCongestionWindow(); h.bytesInFlight > cwnd { if cwnd := h.congestion.GetCongestionWindow(); h.bytesInFlight > cwnd {
@ -570,9 +527,9 @@ func (h *sentPacketHandler) TimeUntilSend() time.Time {
} }
func (h *sentPacketHandler) ShouldSendNumPackets() int { func (h *sentPacketHandler) ShouldSendNumPackets() int {
if h.numRTOs > 0 { if h.numProbesToSend > 0 {
// RTO probes should not be paced, but must be sent immediately. // RTO probes should not be paced, but must be sent immediately.
return h.numRTOs return h.numProbesToSend
} }
delay := h.congestion.TimeUntilSend(h.bytesInFlight) delay := h.congestion.TimeUntilSend(h.bytesInFlight)
if delay == 0 || delay > protocol.MinPacingDelay { if delay == 0 || delay > protocol.MinPacingDelay {
@ -610,27 +567,14 @@ func (h *sentPacketHandler) queuePacketForRetransmission(p *Packet) error {
} }
func (h *sentPacketHandler) computeCryptoTimeout() time.Duration { func (h *sentPacketHandler) computeCryptoTimeout() time.Duration {
duration := utils.MaxDuration(2*h.rttStats.SmoothedOrInitialRTT(), minTPLTimeout) duration := utils.MaxDuration(2*h.rttStats.SmoothedOrInitialRTT(), granularity)
// exponential backoff // exponential backoff
// There's an implicit limit to this set by the crypto timeout. // There's an implicit limit to this set by the crypto timeout.
return duration << h.cryptoCount return duration << h.cryptoCount
} }
func (h *sentPacketHandler) computeTLPTimeout() time.Duration { func (h *sentPacketHandler) computePTOTimeout() time.Duration {
// TODO(#1236): include the max_ack_delay // TODO(#1236): include the max_ack_delay
return utils.MaxDuration(h.rttStats.SmoothedOrInitialRTT()*3/2, minTPLTimeout) duration := utils.MaxDuration(h.rttStats.SmoothedOrInitialRTT()+4*h.rttStats.MeanDeviation(), granularity)
} return duration << h.ptoCount
func (h *sentPacketHandler) computeRTOTimeout() time.Duration {
var rto time.Duration
rtt := h.rttStats.SmoothedRTT()
if rtt == 0 {
rto = defaultRTOTimeout
} else {
rto = rtt + 4*h.rttStats.MeanDeviation()
}
rto = utils.MaxDuration(rto, minRTOTimeout)
// Exponential backoff
rto <<= h.rtoCount
return utils.MinDuration(rto, maxRTOTimeout)
} }

View File

@ -8,13 +8,12 @@ import (
) )
type sealer struct { type sealer struct {
iv []byte
aead cipher.AEAD aead cipher.AEAD
pnEncrypter cipher.Block hpEncrypter cipher.Block
// use a single slice to avoid allocations // use a single slice to avoid allocations
nonceBuf []byte nonceBuf []byte
pnMask []byte hpMask []byte
// short headers protect 5 bits in the first byte, long headers only 4 // short headers protect 5 bits in the first byte, long headers only 4
is1RTT bool is1RTT bool
@ -22,41 +21,35 @@ type sealer struct {
var _ Sealer = &sealer{} var _ Sealer = &sealer{}
func newSealer(aead cipher.AEAD, iv []byte, pnEncrypter cipher.Block, is1RTT bool) Sealer { func newSealer(aead cipher.AEAD, hpEncrypter cipher.Block, is1RTT bool) Sealer {
return &sealer{ return &sealer{
iv: iv,
aead: aead, aead: aead,
nonceBuf: make([]byte, aead.NonceSize()), nonceBuf: make([]byte, aead.NonceSize()),
is1RTT: is1RTT, is1RTT: is1RTT,
pnEncrypter: pnEncrypter, hpEncrypter: hpEncrypter,
pnMask: make([]byte, pnEncrypter.BlockSize()), hpMask: make([]byte, hpEncrypter.BlockSize()),
} }
} }
func (s *sealer) Seal(dst, src []byte, pn protocol.PacketNumber, ad []byte) []byte { func (s *sealer) Seal(dst, src []byte, pn protocol.PacketNumber, ad []byte) []byte {
binary.BigEndian.PutUint64(s.nonceBuf[len(s.nonceBuf)-8:], uint64(pn)) binary.BigEndian.PutUint64(s.nonceBuf[len(s.nonceBuf)-8:], uint64(pn))
for i := 0; i < len(s.nonceBuf); i++ { // The AEAD we're using here will be the qtls.aeadAESGCM13.
s.nonceBuf[i] ^= s.iv[i] // It uses the nonce provided here and XOR it with the IV.
} return s.aead.Seal(dst, s.nonceBuf, src, ad)
sealed := s.aead.Seal(dst, s.nonceBuf, src, ad)
for i := 0; i < len(s.nonceBuf); i++ {
s.nonceBuf[i] = 0
}
return sealed
} }
func (s *sealer) EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte) { func (s *sealer) EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte) {
if len(sample) != s.pnEncrypter.BlockSize() { if len(sample) != s.hpEncrypter.BlockSize() {
panic("invalid sample size") panic("invalid sample size")
} }
s.pnEncrypter.Encrypt(s.pnMask, sample) s.hpEncrypter.Encrypt(s.hpMask, sample)
if s.is1RTT { if s.is1RTT {
*firstByte ^= s.pnMask[0] & 0x1f *firstByte ^= s.hpMask[0] & 0x1f
} else { } else {
*firstByte ^= s.pnMask[0] & 0xf *firstByte ^= s.hpMask[0] & 0xf
} }
for i := range pnBytes { for i := range pnBytes {
pnBytes[i] ^= s.pnMask[i+1] pnBytes[i] ^= s.hpMask[i+1]
} }
} }
@ -65,13 +58,12 @@ func (s *sealer) Overhead() int {
} }
type opener struct { type opener struct {
iv []byte
aead cipher.AEAD aead cipher.AEAD
pnDecrypter cipher.Block pnDecrypter cipher.Block
// use a single slice to avoid allocations // use a single slice to avoid allocations
nonceBuf []byte nonceBuf []byte
pnMask []byte hpMask []byte
// short headers protect 5 bits in the first byte, long headers only 4 // short headers protect 5 bits in the first byte, long headers only 4
is1RTT bool is1RTT bool
@ -79,40 +71,34 @@ type opener struct {
var _ Opener = &opener{} var _ Opener = &opener{}
func newOpener(aead cipher.AEAD, iv []byte, pnDecrypter cipher.Block, is1RTT bool) Opener { func newOpener(aead cipher.AEAD, pnDecrypter cipher.Block, is1RTT bool) Opener {
return &opener{ return &opener{
iv: iv,
aead: aead, aead: aead,
nonceBuf: make([]byte, aead.NonceSize()), nonceBuf: make([]byte, aead.NonceSize()),
is1RTT: is1RTT, is1RTT: is1RTT,
pnDecrypter: pnDecrypter, pnDecrypter: pnDecrypter,
pnMask: make([]byte, pnDecrypter.BlockSize()), hpMask: make([]byte, pnDecrypter.BlockSize()),
} }
} }
func (o *opener) Open(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { func (o *opener) Open(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) {
binary.BigEndian.PutUint64(o.nonceBuf[len(o.nonceBuf)-8:], uint64(pn)) binary.BigEndian.PutUint64(o.nonceBuf[len(o.nonceBuf)-8:], uint64(pn))
for i := 0; i < len(o.nonceBuf); i++ { // The AEAD we're using here will be the qtls.aeadAESGCM13.
o.nonceBuf[i] ^= o.iv[i] // It uses the nonce provided here and XOR it with the IV.
} return o.aead.Open(dst, o.nonceBuf, src, ad)
opened, err := o.aead.Open(dst, o.nonceBuf, src, ad)
for i := 0; i < len(o.nonceBuf); i++ {
o.nonceBuf[i] = 0
}
return opened, err
} }
func (o *opener) DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte) { func (o *opener) DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte) {
if len(sample) != o.pnDecrypter.BlockSize() { if len(sample) != o.pnDecrypter.BlockSize() {
panic("invalid sample size") panic("invalid sample size")
} }
o.pnDecrypter.Encrypt(o.pnMask, sample) o.pnDecrypter.Encrypt(o.hpMask, sample)
if o.is1RTT { if o.is1RTT {
*firstByte ^= o.pnMask[0] & 0x1f *firstByte ^= o.hpMask[0] & 0x1f
} else { } else {
*firstByte ^= o.pnMask[0] & 0xf *firstByte ^= o.hpMask[0] & 0xf
} }
for i := range pnBytes { for i := range pnBytes {
pnBytes[i] ^= o.pnMask[i+1] pnBytes[i] ^= o.hpMask[i+1]
} }
} }

View File

@ -181,7 +181,7 @@ func newCryptoSetup(
logger utils.Logger, logger utils.Logger,
perspective protocol.Perspective, perspective protocol.Perspective,
) (CryptoSetup, <-chan struct{} /* ClientHello written */, error) { ) (CryptoSetup, <-chan struct{} /* ClientHello written */, error) {
initialSealer, initialOpener, err := newInitialAEAD(connID, perspective) initialSealer, initialOpener, err := NewInitialAEAD(connID, perspective)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@ -410,28 +410,22 @@ func (h *cryptoSetup) ReadHandshakeMessage() ([]byte, error) {
} }
func (h *cryptoSetup) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte) { func (h *cryptoSetup) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte) {
key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "key", suite.KeyLen()) key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic key", suite.KeyLen())
iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "iv", suite.IVLen()) iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic iv", suite.IVLen())
pnKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "pn", suite.KeyLen()) hpKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic hp", suite.KeyLen())
pnDecrypter, err := aes.NewCipher(pnKey) hpDecrypter, err := aes.NewCipher(hpKey)
if err != nil { if err != nil {
panic(fmt.Sprintf("error creating new AES cipher: %s", err)) panic(fmt.Sprintf("error creating new AES cipher: %s", err))
} }
opener := newOpener(
suite.AEAD(key, iv),
iv,
pnDecrypter,
h.readEncLevel == protocol.Encryption1RTT,
)
switch h.readEncLevel { switch h.readEncLevel {
case protocol.EncryptionInitial: case protocol.EncryptionInitial:
h.readEncLevel = protocol.EncryptionHandshake h.readEncLevel = protocol.EncryptionHandshake
h.handshakeOpener = opener h.handshakeOpener = newOpener(suite.AEAD(key, iv), hpDecrypter, false)
h.logger.Debugf("Installed Handshake Read keys") h.logger.Debugf("Installed Handshake Read keys")
case protocol.EncryptionHandshake: case protocol.EncryptionHandshake:
h.readEncLevel = protocol.Encryption1RTT h.readEncLevel = protocol.Encryption1RTT
h.opener = opener h.opener = newOpener(suite.AEAD(key, iv), hpDecrypter, true)
h.logger.Debugf("Installed 1-RTT Read keys") h.logger.Debugf("Installed 1-RTT Read keys")
default: default:
panic("unexpected read encryption level") panic("unexpected read encryption level")
@ -440,28 +434,22 @@ func (h *cryptoSetup) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte)
} }
func (h *cryptoSetup) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []byte) { func (h *cryptoSetup) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []byte) {
key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "key", suite.KeyLen()) key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic key", suite.KeyLen())
iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "iv", suite.IVLen()) iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic iv", suite.IVLen())
pnKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "pn", suite.KeyLen()) hpKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic hp", suite.KeyLen())
pnEncrypter, err := aes.NewCipher(pnKey) hpEncrypter, err := aes.NewCipher(hpKey)
if err != nil { if err != nil {
panic(fmt.Sprintf("error creating new AES cipher: %s", err)) panic(fmt.Sprintf("error creating new AES cipher: %s", err))
} }
sealer := newSealer(
suite.AEAD(key, iv),
iv,
pnEncrypter,
h.writeEncLevel == protocol.Encryption1RTT,
)
switch h.writeEncLevel { switch h.writeEncLevel {
case protocol.EncryptionInitial: case protocol.EncryptionInitial:
h.writeEncLevel = protocol.EncryptionHandshake h.writeEncLevel = protocol.EncryptionHandshake
h.handshakeSealer = sealer h.handshakeSealer = newSealer(suite.AEAD(key, iv), hpEncrypter, false)
h.logger.Debugf("Installed Handshake Write keys") h.logger.Debugf("Installed Handshake Write keys")
case protocol.EncryptionHandshake: case protocol.EncryptionHandshake:
h.writeEncLevel = protocol.Encryption1RTT h.writeEncLevel = protocol.Encryption1RTT
h.sealer = sealer h.sealer = newSealer(suite.AEAD(key, iv), hpEncrypter, true)
h.logger.Debugf("Installed 1-RTT Write keys") h.logger.Debugf("Installed 1-RTT Write keys")
default: default:
panic("unexpected write encryption level") panic("unexpected write encryption level")

View File

@ -3,7 +3,6 @@ package handshake
import ( import (
"crypto" "crypto"
"crypto/aes" "crypto/aes"
"crypto/cipher"
"github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/marten-seemann/qtls" "github.com/marten-seemann/qtls"
@ -11,7 +10,8 @@ import (
var quicVersion1Salt = []byte{0xef, 0x4f, 0xb0, 0xab, 0xb4, 0x74, 0x70, 0xc4, 0x1b, 0xef, 0xcf, 0x80, 0x31, 0x33, 0x4f, 0xae, 0x48, 0x5e, 0x09, 0xa0} var quicVersion1Salt = []byte{0xef, 0x4f, 0xb0, 0xab, 0xb4, 0x74, 0x70, 0xc4, 0x1b, 0xef, 0xcf, 0x80, 0x31, 0x33, 0x4f, 0xae, 0x48, 0x5e, 0x09, 0xa0}
func newInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Sealer, Opener, error) { // NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Sealer, Opener, error) {
clientSecret, serverSecret := computeSecrets(connID) clientSecret, serverSecret := computeSecrets(connID)
var mySecret, otherSecret []byte var mySecret, otherSecret []byte
if pers == protocol.PerspectiveClient { if pers == protocol.PerspectiveClient {
@ -21,34 +21,20 @@ func newInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Se
mySecret = serverSecret mySecret = serverSecret
otherSecret = clientSecret otherSecret = clientSecret
} }
myKey, myPNKey, myIV := computeInitialKeyAndIV(mySecret) myKey, myHPKey, myIV := computeInitialKeyAndIV(mySecret)
otherKey, otherPNKey, otherIV := computeInitialKeyAndIV(otherSecret) otherKey, otherHPKey, otherIV := computeInitialKeyAndIV(otherSecret)
encrypterCipher, err := aes.NewCipher(myKey) encrypter := qtls.AEADAESGCM13(myKey, myIV)
hpEncrypter, err := aes.NewCipher(myHPKey)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
encrypter, err := cipher.NewGCM(encrypterCipher) decrypter := qtls.AEADAESGCM13(otherKey, otherIV)
hpDecrypter, err := aes.NewCipher(otherHPKey)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
pnEncrypter, err := aes.NewCipher(myPNKey) return newSealer(encrypter, hpEncrypter, false), newOpener(decrypter, hpDecrypter, false), nil
if err != nil {
return nil, nil, err
}
decrypterCipher, err := aes.NewCipher(otherKey)
if err != nil {
return nil, nil, err
}
decrypter, err := cipher.NewGCM(decrypterCipher)
if err != nil {
return nil, nil, err
}
pnDecrypter, err := aes.NewCipher(otherPNKey)
if err != nil {
return nil, nil, err
}
return newSealer(encrypter, myIV, pnEncrypter, false), newOpener(decrypter, otherIV, pnDecrypter, false), nil
} }
func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []byte) { func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []byte) {
@ -58,9 +44,9 @@ func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []
return return
} }
func computeInitialKeyAndIV(secret []byte) (key, pnKey, iv []byte) { func computeInitialKeyAndIV(secret []byte) (key, hpKey, iv []byte) {
key = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16) key = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
pnKey = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic hp", 16) hpKey = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic hp", 16)
iv = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12) iv = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
return return
} }

View File

@ -10,7 +10,7 @@ import (
"github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/utils"
) )
const quicTLSExtensionType = 0xff5 const quicTLSExtensionType = 0xffa5
type clientHelloTransportParameters struct { type clientHelloTransportParameters struct {
InitialVersion protocol.VersionNumber InitialVersion protocol.VersionNumber

View File

@ -53,6 +53,10 @@ const SkipPacketAveragePeriodLength PacketNumber = 500
// MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation // MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
const MaxTrackedSkippedPackets = 10 const MaxTrackedSkippedPackets = 10
// MaxAcceptQueueSize is the maximum number of sessions that the server queues for accepting.
// If the queue is full, new connection attempts will be rejected.
const MaxAcceptQueueSize = 32
// CookieExpiryTime is the valid time of a cookie // CookieExpiryTime is the valid time of a cookie
const CookieExpiryTime = 24 * time.Hour const CookieExpiryTime = 24 * time.Hour

View File

@ -18,7 +18,7 @@ const (
// The version numbers, making grepping easier // The version numbers, making grepping easier
const ( const (
VersionTLS VersionNumber = 101 VersionTLS VersionNumber = 0x51474fff
VersionWhatever VersionNumber = 1 // for when the version doesn't matter VersionWhatever VersionNumber = 1 // for when the version doesn't matter
VersionUnknown VersionNumber = math.MaxUint32 VersionUnknown VersionNumber = math.MaxUint32
) )

View File

@ -15,7 +15,6 @@ type ExtendedHeader struct {
Header Header
typeByte byte typeByte byte
Raw []byte
PacketNumberLen protocol.PacketNumberLen PacketNumberLen protocol.PacketNumberLen
PacketNumber protocol.PacketNumber PacketNumber protocol.PacketNumber

View File

@ -186,10 +186,6 @@ func (h *packetHandlerMap) parsePacket(
var counter int var counter int
var lastConnID protocol.ConnectionID var lastConnID protocol.ConnectionID
for len(data) > 0 { for len(data) > 0 {
if counter > 0 && h.logger.Debug() {
h.logger.Debugf("Parsed a coalesced packet. Part %d: %d bytes", counter, len(packets[counter-1].data))
}
hdr, err := wire.ParseHeader(bytes.NewReader(data), h.connIDLen) hdr, err := wire.ParseHeader(bytes.NewReader(data), h.connIDLen)
// drop the packet if we can't parse the header // drop the packet if we can't parse the header
if err != nil { if err != nil {
@ -221,6 +217,12 @@ func (h *packetHandlerMap) parsePacket(
data: data, data: data,
buffer: buffer, buffer: buffer,
}) })
// only log if this actually a coalesced packet
if h.logger.Debug() && (counter > 1 || len(rest) > 0) {
h.logger.Debugf("Parsed a coalesced packet. Part %d: %d bytes. Remaining: %d bytes.", counter, len(packets[counter-1].data), len(rest))
}
data = rest data = rest
} }
return packets, nil return packets, nil
@ -252,11 +254,11 @@ func (h *packetHandlerMap) handleParsedPackets(packets []*receivedPacket) {
// TODO(#943): send a stateless reset // TODO(#943): send a stateless reset
h.logger.Debugf("received a short header packet with an unexpected connection ID %s", p.hdr.DestConnectionID) h.logger.Debugf("received a short header packet with an unexpected connection ID %s", p.hdr.DestConnectionID)
break // a short header packet is always the last in a coalesced packet break // a short header packet is always the last in a coalesced packet
} }
if h.server != nil { // no server set if h.server == nil { // no server set
h.logger.Debugf("received a packet with an unexpected connection ID %s", p.hdr.DestConnectionID)
continue
}
h.server.handlePacket(p) h.server.handlePacket(p)
} }
h.logger.Debugf("received a packet with an unexpected connection ID %s", p.hdr.DestConnectionID)
}
} }

View File

@ -6,7 +6,6 @@ import (
"github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/handshake"
"github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/lucas-clemente/quic-go/internal/qerr"
"github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/utils"
"github.com/lucas-clemente/quic-go/internal/wire" "github.com/lucas-clemente/quic-go/internal/wire"
) )
@ -15,7 +14,7 @@ type unpackedPacket struct {
packetNumber protocol.PacketNumber // the decoded packet number packetNumber protocol.PacketNumber // the decoded packet number
hdr *wire.ExtendedHeader hdr *wire.ExtendedHeader
encryptionLevel protocol.EncryptionLevel encryptionLevel protocol.EncryptionLevel
frames []wire.Frame data []byte
} }
// The packetUnpacker unpacks QUIC packets. // The packetUnpacker unpacks QUIC packets.
@ -56,6 +55,9 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
return nil, err return nil, err
} }
hdrLen := int(hdr.ParsedLen()) hdrLen := int(hdr.ParsedLen())
if len(data) < hdrLen+4+16 {
return nil, fmt.Errorf("Packet too small. Expected at least 20 bytes after the header, got %d", len(data)-hdrLen)
}
// The packet number can be up to 4 bytes long, but we won't know the length until we decrypt it. // The packet number can be up to 4 bytes long, but we won't know the length until we decrypt it.
// 1. save a copy of the 4 bytes // 1. save a copy of the 4 bytes
origPNBytes := make([]byte, 4) origPNBytes := make([]byte, 4)
@ -66,18 +68,16 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
&data[0], &data[0],
data[hdrLen:hdrLen+4], data[hdrLen:hdrLen+4],
) )
// 3. parse the header (and learn the actual length of the packet number) // 3. parse the header (and learn the actual length of the packet number)
extHdr, err := hdr.ParseExtended(r, u.version) extHdr, err := hdr.ParseExtended(r, u.version)
if err != nil { if err != nil {
return nil, fmt.Errorf("error parsing extended header: %s", err) return nil, fmt.Errorf("error parsing extended header: %s", err)
} }
extHdr.Raw = data[:hdrLen+int(extHdr.PacketNumberLen)] extHdrLen := hdrLen + int(extHdr.PacketNumberLen)
// 4. if the packet number is shorter than 4 bytes, replace the remaining bytes with the copy we saved earlier // 4. if the packet number is shorter than 4 bytes, replace the remaining bytes with the copy we saved earlier
if extHdr.PacketNumberLen != protocol.PacketNumberLen4 { if extHdr.PacketNumberLen != protocol.PacketNumberLen4 {
copy(data[hdrLen+int(extHdr.PacketNumberLen):hdrLen+4], origPNBytes[int(extHdr.PacketNumberLen):]) copy(data[extHdrLen:hdrLen+4], origPNBytes[int(extHdr.PacketNumberLen):])
} }
data = data[hdrLen+int(extHdr.PacketNumberLen):]
pn := protocol.DecodePacketNumber( pn := protocol.DecodePacketNumber(
extHdr.PacketNumberLen, extHdr.PacketNumberLen,
@ -85,7 +85,7 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
extHdr.PacketNumber, extHdr.PacketNumber,
) )
decrypted, err := opener.Open(data[:0], data, pn, extHdr.Raw) decrypted, err := opener.Open(data[extHdrLen:extHdrLen], data[extHdrLen:], pn, data[:extHdrLen])
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -93,36 +93,10 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
// Only do this after decrypting, so we are sure the packet is not attacker-controlled // Only do this after decrypting, so we are sure the packet is not attacker-controlled
u.largestRcvdPacketNumber = utils.MaxPacketNumber(u.largestRcvdPacketNumber, pn) u.largestRcvdPacketNumber = utils.MaxPacketNumber(u.largestRcvdPacketNumber, pn)
fs, err := u.parseFrames(decrypted)
if err != nil {
return nil, err
}
return &unpackedPacket{ return &unpackedPacket{
hdr: extHdr, hdr: extHdr,
packetNumber: pn, packetNumber: pn,
encryptionLevel: encLevel, encryptionLevel: encLevel,
frames: fs, data: decrypted,
}, nil }, nil
} }
func (u *packetUnpacker) parseFrames(decrypted []byte) ([]wire.Frame, error) {
r := bytes.NewReader(decrypted)
if r.Len() == 0 {
return nil, qerr.MissingPayload
}
fs := make([]wire.Frame, 0, 2)
// Read all frames in the packet
for {
frame, err := wire.ParseNextFrame(r, u.version)
if err != nil {
return nil, err
}
if frame == nil {
break
}
fs = append(fs, frame)
}
return fs, nil
}

View File

@ -8,10 +8,12 @@ import (
"io" "io"
"net" "net"
"sync" "sync"
"sync/atomic"
"time" "time"
"github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/handshake"
"github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/lucas-clemente/quic-go/internal/qerr"
"github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/utils"
"github.com/lucas-clemente/quic-go/internal/wire" "github.com/lucas-clemente/quic-go/internal/wire"
) )
@ -89,6 +91,7 @@ type server struct {
closed bool closed bool
sessionQueue chan Session sessionQueue chan Session
sessionQueueLen int32 // to be used as an atomic
sessionRunner sessionRunner sessionRunner sessionRunner
@ -149,7 +152,7 @@ func listen(conn net.PacketConn, tlsConf *tls.Config, config *Config) (*server,
tlsConf: tlsConf, tlsConf: tlsConf,
config: config, config: config,
sessionHandler: sessionHandler, sessionHandler: sessionHandler,
sessionQueue: make(chan Session, 5), sessionQueue: make(chan Session),
errorChan: make(chan struct{}), errorChan: make(chan struct{}),
newSession: newSession, newSession: newSession,
logger: utils.DefaultLogger.WithPrefix("server"), logger: utils.DefaultLogger.WithPrefix("server"),
@ -164,7 +167,18 @@ func listen(conn net.PacketConn, tlsConf *tls.Config, config *Config) (*server,
func (s *server) setup() error { func (s *server) setup() error {
s.sessionRunner = &runner{ s.sessionRunner = &runner{
onHandshakeCompleteImpl: func(sess Session) { s.sessionQueue <- sess }, onHandshakeCompleteImpl: func(sess Session) {
go func() {
atomic.AddInt32(&s.sessionQueueLen, 1)
defer atomic.AddInt32(&s.sessionQueueLen, -1)
select {
case s.sessionQueue <- sess:
// blocks until the session is accepted
case <-sess.Context().Done():
// don't pass sessions that were already closed to Accept()
}
}()
},
retireConnectionIDImpl: s.sessionHandler.Retire, retireConnectionIDImpl: s.sessionHandler.Retire,
removeConnectionIDImpl: s.sessionHandler.Remove, removeConnectionIDImpl: s.sessionHandler.Remove,
} }
@ -333,7 +347,7 @@ func (s *server) handleInitial(p *receivedPacket) {
s.logger.Errorf("Error occurred handling initial packet: %s", err) s.logger.Errorf("Error occurred handling initial packet: %s", err)
return return
} }
if sess == nil { // a retry was done if sess == nil { // a retry was done, or the connection attempt was rejected
p.buffer.Release() p.buffer.Release()
return return
} }
@ -371,6 +385,11 @@ func (s *server) handleInitialImpl(p *receivedPacket) (quicSession, protocol.Con
return nil, nil, s.sendRetry(p.remoteAddr, hdr) return nil, nil, s.sendRetry(p.remoteAddr, hdr)
} }
if queueLen := atomic.LoadInt32(&s.sessionQueueLen); queueLen >= protocol.MaxAcceptQueueSize {
s.logger.Debugf("Rejecting new connection. Server currently busy. Accept queue length: %d (max %d)", queueLen, protocol.MaxAcceptQueueSize)
return nil, nil, s.sendServerBusy(p.remoteAddr, hdr)
}
connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength) connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -460,6 +479,54 @@ func (s *server) sendRetry(remoteAddr net.Addr, hdr *wire.Header) error {
return nil return nil
} }
func (s *server) sendServerBusy(remoteAddr net.Addr, hdr *wire.Header) error {
sealer, _, err := handshake.NewInitialAEAD(hdr.DestConnectionID, protocol.PerspectiveServer)
if err != nil {
return err
}
packetBuffer := getPacketBuffer()
defer packetBuffer.Release()
buf := bytes.NewBuffer(packetBuffer.Slice[:0])
// TODO(#1567): use the SERVER_BUSY error code
ccf := &wire.ConnectionCloseFrame{ErrorCode: qerr.PeerGoingAway}
replyHdr := &wire.ExtendedHeader{}
replyHdr.IsLongHeader = true
replyHdr.Type = protocol.PacketTypeInitial
replyHdr.Version = hdr.Version
replyHdr.SrcConnectionID = hdr.DestConnectionID
replyHdr.DestConnectionID = hdr.SrcConnectionID
replyHdr.PacketNumberLen = protocol.PacketNumberLen4
replyHdr.Length = 4 /* packet number len */ + ccf.Length(hdr.Version) + protocol.ByteCount(sealer.Overhead())
if err := replyHdr.Write(buf, hdr.Version); err != nil {
return err
}
payloadOffset := buf.Len()
if err := ccf.Write(buf, hdr.Version); err != nil {
return err
}
raw := buf.Bytes()
_ = sealer.Seal(raw[payloadOffset:payloadOffset], raw[payloadOffset:], replyHdr.PacketNumber, raw[:payloadOffset])
raw = raw[0 : buf.Len()+sealer.Overhead()]
pnOffset := payloadOffset - int(replyHdr.PacketNumberLen)
sealer.EncryptHeader(
raw[pnOffset+4:pnOffset+4+16],
&raw[0],
raw[pnOffset:payloadOffset],
)
replyHdr.Log(s.logger)
wire.LogFrame(s.logger, ccf, true)
if _, err := s.conn.WriteTo(raw, remoteAddr); err != nil {
s.logger.Debugf("Error rejecting connection: %s", err)
}
return nil
}
func (s *server) sendVersionNegotiationPacket(p *receivedPacket) { func (s *server) sendVersionNegotiationPacket(p *receivedPacket) {
defer p.buffer.Release() defer p.buffer.Release()
hdr := p.hdr hdr := p.hdr

View File

@ -1,12 +1,14 @@
package quic package quic
import ( import (
"bytes"
"context" "context"
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
"io" "io"
"net" "net"
"reflect"
"sync" "sync"
"time" "time"
@ -495,14 +497,17 @@ func (s *session) handlePacketImpl(p *receivedPacket) bool /* was the packet suc
} }
packet, err := s.unpacker.Unpack(p.hdr, p.data) packet, err := s.unpacker.Unpack(p.hdr, p.data)
// if the decryption failed, this might be a packet sent by an attacker
if err != nil { if err != nil {
if err == handshake.ErrOpenerNotYetAvailable { if err == handshake.ErrOpenerNotYetAvailable {
// Sealer for this encryption level not yet available.
// Try again later.
wasQueued = true wasQueued = true
s.tryQueueingUndecryptablePacket(p) s.tryQueueingUndecryptablePacket(p)
return false return false
} }
s.closeLocal(err) // This might be a packet injected by an attacker.
// Drop it.
s.logger.Debugf("Dropping packet that could not be unpacked. Unpack error: %s", err)
return false return false
} }
@ -519,6 +524,10 @@ func (s *session) handlePacketImpl(p *receivedPacket) bool /* was the packet suc
} }
func (s *session) handleUnpackedPacket(packet *unpackedPacket, rcvTime time.Time) error { func (s *session) handleUnpackedPacket(packet *unpackedPacket, rcvTime time.Time) error {
if len(packet.data) == 0 {
return qerr.MissingPayload
}
// The server can change the source connection ID with the first Handshake packet. // The server can change the source connection ID with the first Handshake packet.
if s.perspective == protocol.PerspectiveClient && !s.receivedFirstPacket && packet.hdr.IsLongHeader && !packet.hdr.SrcConnectionID.Equal(s.destConnID) { if s.perspective == protocol.PerspectiveClient && !s.receivedFirstPacket && packet.hdr.IsLongHeader && !packet.hdr.SrcConnectionID.Equal(s.destConnID) {
s.logger.Debugf("Received first packet. Switching destination connection ID to: %s", packet.hdr.SrcConnectionID) s.logger.Debugf("Received first packet. Switching destination connection ID to: %s", packet.hdr.SrcConnectionID)
@ -539,23 +548,34 @@ func (s *session) handleUnpackedPacket(packet *unpackedPacket, rcvTime time.Time
} }
} }
// If this is a Retry packet, there's no need to send an ACK. r := bytes.NewReader(packet.data)
// The session will be closed and recreated as soon as the crypto setup processed the HRR. var isRetransmittable bool
if packet.hdr.Type != protocol.PacketTypeRetry { for {
isRetransmittable := ackhandler.HasRetransmittableFrames(packet.frames) frame, err := wire.ParseNextFrame(r, s.version)
if err := s.receivedPacketHandler.ReceivedPacket(packet.packetNumber, rcvTime, isRetransmittable); err != nil { if err != nil {
return err
}
if frame == nil {
break
}
if ackhandler.IsFrameRetransmittable(frame) {
isRetransmittable = true
}
if err := s.handleFrame(frame, packet.packetNumber, packet.encryptionLevel); err != nil {
return err return err
} }
} }
return s.handleFrames(packet.frames, packet.packetNumber, packet.encryptionLevel) if err := s.receivedPacketHandler.ReceivedPacket(packet.packetNumber, rcvTime, isRetransmittable); err != nil {
return err
}
return nil
} }
func (s *session) handleFrames(fs []wire.Frame, pn protocol.PacketNumber, encLevel protocol.EncryptionLevel) error { func (s *session) handleFrame(f wire.Frame, pn protocol.PacketNumber, encLevel protocol.EncryptionLevel) error {
for _, ff := range fs {
var err error var err error
wire.LogFrame(s.logger, ff, false) wire.LogFrame(s.logger, f, false)
switch frame := ff.(type) { switch frame := f.(type) {
case *wire.CryptoFrame: case *wire.CryptoFrame:
err = s.handleCryptoFrame(frame, encLevel) err = s.handleCryptoFrame(frame, encLevel)
case *wire.StreamFrame: case *wire.StreamFrame:
@ -589,15 +609,10 @@ func (s *session) handleFrames(fs []wire.Frame, pn protocol.PacketNumber, encLev
// since we don't send new connection IDs, we don't expect retirements // since we don't send new connection IDs, we don't expect retirements
err = errors.New("unexpected RETIRE_CONNECTION_ID frame") err = errors.New("unexpected RETIRE_CONNECTION_ID frame")
default: default:
return errors.New("Session BUG: unexpected frame type") err = fmt.Errorf("unexpected frame type: %s", reflect.ValueOf(&frame).Elem().Type().Name())
} }
if err != nil {
return err return err
} }
}
return nil
}
// handlePacket is called by the server with a new packet // handlePacket is called by the server with a new packet
func (s *session) handlePacket(p *receivedPacket) { func (s *session) handlePacket(p *receivedPacket) {
@ -787,11 +802,7 @@ func (s *session) handleCloseError(closeErr closeError) error {
if closeErr.remote { if closeErr.remote {
return nil return nil
} }
// otherwise send a CONNECTION_CLOSE
if quicErr.ErrorCode == qerr.DecryptionFailure {
// TODO(#943): send a stateless reset
return nil
}
return s.sendConnectionClose(quicErr) return s.sendConnectionClose(quicErr)
} }
@ -830,7 +841,7 @@ sendLoop:
// There will only be a new ACK after receiving new packets. // There will only be a new ACK after receiving new packets.
// SendAck is only returned when we're congestion limited, so we don't need to set the pacingt timer. // SendAck is only returned when we're congestion limited, so we don't need to set the pacingt timer.
return s.maybeSendAckOnlyPacket() return s.maybeSendAckOnlyPacket()
case ackhandler.SendTLP, ackhandler.SendRTO: case ackhandler.SendPTO:
if err := s.sendProbePacket(); err != nil { if err := s.sendProbePacket(); err != nil {
return err return err
} }

View File

@ -1,7 +1,9 @@
package quic package quic
import ( import (
"errors"
"fmt" "fmt"
"net"
"github.com/lucas-clemente/quic-go/internal/flowcontrol" "github.com/lucas-clemente/quic-go/internal/flowcontrol"
"github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/handshake"
@ -9,6 +11,16 @@ import (
"github.com/lucas-clemente/quic-go/internal/wire" "github.com/lucas-clemente/quic-go/internal/wire"
) )
type streamOpenErr struct{ error }
var _ net.Error = &streamOpenErr{}
func (e streamOpenErr) Temporary() bool { return e.error == errTooManyOpenStreams }
func (streamOpenErr) Timeout() bool { return false }
// errTooManyOpenStreams is used internally by the outgoing streams maps.
var errTooManyOpenStreams = errors.New("too many open streams")
type streamsMap struct { type streamsMap struct {
perspective protocol.Perspective perspective protocol.Perspective

View File

@ -49,7 +49,11 @@ func (m *outgoingBidiStreamsMap) OpenStream() (streamI, error) {
m.mutex.Lock() m.mutex.Lock()
defer m.mutex.Unlock() defer m.mutex.Unlock()
return m.openStreamImpl() str, err := m.openStreamImpl()
if err != nil {
return nil, streamOpenErr{err}
}
return str, nil
} }
func (m *outgoingBidiStreamsMap) OpenStreamSync() (streamI, error) { func (m *outgoingBidiStreamsMap) OpenStreamSync() (streamI, error) {
@ -59,10 +63,10 @@ func (m *outgoingBidiStreamsMap) OpenStreamSync() (streamI, error) {
for { for {
str, err := m.openStreamImpl() str, err := m.openStreamImpl()
if err == nil { if err == nil {
return str, err return str, nil
} }
if err != nil && err != qerr.TooManyOpenStreams { if err != nil && err != errTooManyOpenStreams {
return nil, err return nil, streamOpenErr{err}
} }
m.cond.Wait() m.cond.Wait()
} }
@ -87,7 +91,7 @@ func (m *outgoingBidiStreamsMap) openStreamImpl() (streamI, error) {
} }
m.blockedSent = true m.blockedSent = true
} }
return nil, qerr.TooManyOpenStreams return nil, errTooManyOpenStreams
} }
s := m.newStream(m.nextStream) s := m.newStream(m.nextStream)
m.streams[m.nextStream] = s m.streams[m.nextStream] = s

View File

@ -47,7 +47,11 @@ func (m *outgoingItemsMap) OpenStream() (item, error) {
m.mutex.Lock() m.mutex.Lock()
defer m.mutex.Unlock() defer m.mutex.Unlock()
return m.openStreamImpl() str, err := m.openStreamImpl()
if err != nil {
return nil, streamOpenErr{err}
}
return str, nil
} }
func (m *outgoingItemsMap) OpenStreamSync() (item, error) { func (m *outgoingItemsMap) OpenStreamSync() (item, error) {
@ -57,10 +61,10 @@ func (m *outgoingItemsMap) OpenStreamSync() (item, error) {
for { for {
str, err := m.openStreamImpl() str, err := m.openStreamImpl()
if err == nil { if err == nil {
return str, err return str, nil
} }
if err != nil && err != qerr.TooManyOpenStreams { if err != nil && err != errTooManyOpenStreams {
return nil, err return nil, streamOpenErr{err}
} }
m.cond.Wait() m.cond.Wait()
} }
@ -85,7 +89,7 @@ func (m *outgoingItemsMap) openStreamImpl() (item, error) {
} }
m.blockedSent = true m.blockedSent = true
} }
return nil, qerr.TooManyOpenStreams return nil, errTooManyOpenStreams
} }
s := m.newStream(m.nextStream) s := m.newStream(m.nextStream)
m.streams[m.nextStream] = s m.streams[m.nextStream] = s

View File

@ -49,7 +49,11 @@ func (m *outgoingUniStreamsMap) OpenStream() (sendStreamI, error) {
m.mutex.Lock() m.mutex.Lock()
defer m.mutex.Unlock() defer m.mutex.Unlock()
return m.openStreamImpl() str, err := m.openStreamImpl()
if err != nil {
return nil, streamOpenErr{err}
}
return str, nil
} }
func (m *outgoingUniStreamsMap) OpenStreamSync() (sendStreamI, error) { func (m *outgoingUniStreamsMap) OpenStreamSync() (sendStreamI, error) {
@ -59,10 +63,10 @@ func (m *outgoingUniStreamsMap) OpenStreamSync() (sendStreamI, error) {
for { for {
str, err := m.openStreamImpl() str, err := m.openStreamImpl()
if err == nil { if err == nil {
return str, err return str, nil
} }
if err != nil && err != qerr.TooManyOpenStreams { if err != nil && err != errTooManyOpenStreams {
return nil, err return nil, streamOpenErr{err}
} }
m.cond.Wait() m.cond.Wait()
} }
@ -87,7 +91,7 @@ func (m *outgoingUniStreamsMap) openStreamImpl() (sendStreamI, error) {
} }
m.blockedSent = true m.blockedSent = true
} }
return nil, qerr.TooManyOpenStreams return nil, errTooManyOpenStreams
} }
s := m.newStream(m.nextStream) s := m.newStream(m.nextStream)
m.streams[m.nextStream] = s m.streams[m.nextStream] = s

View File

@ -250,6 +250,11 @@ func aeadAESGCM12(key, fixedNonce []byte) cipher.AEAD {
return ret return ret
} }
// AEADAESGCM13 creates a new AES-GCM AEAD for TLS 1.3
func AEADAESGCM13(key, fixedNonce []byte) cipher.AEAD {
return aeadAESGCM13(key, fixedNonce)
}
func aeadAESGCM13(key, fixedNonce []byte) cipher.AEAD { func aeadAESGCM13(key, fixedNonce []byte) cipher.AEAD {
aes, err := aes.NewCipher(key) aes, err := aes.NewCipher(key)
if err != nil { if err != nil {