RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-15 16:04:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: Incorrect peer address validation

Browse Source 
We must consider the peer address as validated as soon as we received an
handshake packet. An ACK frame in handshake packet was too restrictive.
Rename the concerned flag to reflect this situation.
This commit is contained in:
Frédéric Lécaille 2022-03-21 12:18:00 +01:00 committed by Amaury Denoyelle
parent 12aa26b6fd
commit 44ae75220a
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/haproxy/xprt_quic-t.h
View File

@ -387,9 +387,9 @@ struct quic_arngs {
size_t enc_sz;
};
/* Flag the packet number space as having received an ACK frame */
#define QUIC_FL_PKTNS_ACK_RECEIVED_BIT 0
#define QUIC_FL_PKTNS_ACK_RECEIVED (1UL << QUIC_FL_PKTNS_ACK_RECEIVED_BIT)
/* Flag the packet number space as having received a packet */
#define QUIC_FL_PKTNS_PKT_RECEIVED_BIT 0
#define QUIC_FL_PKTNS_PKT_RECEIVED (1UL << QUIC_FL_PKTNS_PKT_RECEIVED_BIT)
/* Flag the packet number space as requiring an ACK frame to be sent. */
#define QUIC_FL_PKTNS_ACK_REQUIRED_BIT 1

10
src/xprt_quic.c
View File

@ -597,8 +597,8 @@ static inline int quic_peer_validated_addr(struct quic_conn *qc)
hdshk_pktns = qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE].pktns;
app_pktns = qc->els[QUIC_TLS_ENC_LEVEL_APP].pktns;
if ((HA_ATOMIC_LOAD(&hdshk_pktns->flags) & QUIC_FL_PKTNS_ACK_RECEIVED) ||
(HA_ATOMIC_LOAD(&app_pktns->flags) & QUIC_FL_PKTNS_ACK_RECEIVED) ||
if ((HA_ATOMIC_LOAD(&hdshk_pktns->flags) & QUIC_FL_PKTNS_PKT_RECEIVED) ||
(HA_ATOMIC_LOAD(&app_pktns->flags) & QUIC_FL_PKTNS_PKT_RECEIVED) ||
HA_ATOMIC_LOAD(&qc->state) >= QUIC_HS_ST_COMPLETE)
return 1;
@ -1869,9 +1869,6 @@ static inline int qc_parse_ack_frm(struct quic_conn *qc,
qc, NULL, &largest, &smallest);
} while (1);
/* Flag this packet number space as having received an ACK. */
HA_ATOMIC_OR(&qel->pktns->flags, QUIC_FL_PKTNS_ACK_RECEIVED);
if (time_sent && (pkt_flags & QUIC_FL_TX_PACKET_ACK_ELICITING)) {
*rtt_sample = tick_remain(time_sent, now_ms);
HA_ATOMIC_STORE(&qel->pktns->rx.largest_acked_pn, ack->largest_ack);
@ -2469,6 +2466,9 @@ static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ct
}
}
/* Flag this packet number space as having received a packet. */
HA_ATOMIC_OR(&qel->pktns->flags, QUIC_FL_PKTNS_PKT_RECEIVED);
if (fast_retrans)
qc_prep_hdshk_fast_retrans(qc);