[nginx] QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
|
Roman Arutyunyan
December 12, 2023 08:50AM
|
details: https://hg.nginx.org/nginx/rev/fcec773dd249
branches:
changeset: 9189:fcec773dd249
user: Roman Arutyunyan <arut@nginx.com>
date: Wed Nov 29 18:13:25 2023 +0400
description:
QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded to 1200 bytes. Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed. However RFC 9000 clearly states no partial
expansion should happen in both cases.
Section 8.2.1. Initiating Path Validation:
An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
to at least the smallest allowed maximum datagram size of 1200 bytes,
unless the anti-amplification limit for the path does not permit
sending a datagram of this size.
Section 8.2.2. Path Validation Responses:
An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
to at least the smallest allowed maximum datagram size of 1200 bytes.
...
However, an endpoint MUST NOT expand the datagram containing the
PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
diffstat:
src/event/quic/ngx_event_quic_connection.h | 3 +-
src/event/quic/ngx_event_quic_migration.c | 53 +++++++++++++++--------------
src/event/quic/ngx_event_quic_output.c | 4 +-
src/event/quic/ngx_event_quic_output.h | 2 +
4 files changed, 32 insertions(+), 30 deletions(-)
diffs (147 lines):
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_connection.h
--- a/src/event/quic/ngx_event_quic_connection.h Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_connection.h Wed Nov 29 18:13:25 2023 +0400
@@ -106,8 +106,7 @@ struct ngx_quic_path_s {
size_t max_mtu;
off_t sent;
off_t received;
- u_char challenge1[8];
- u_char challenge2[8];
+ u_char challenge[2][8];
uint64_t seqnum;
uint64_t mtu_pnum[NGX_QUIC_PATH_RETRIES];
ngx_str_t addr_text;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_migration.c Wed Nov 29 18:13:25 2023 +0400
@@ -36,6 +36,7 @@ ngx_int_t
ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f)
{
+ size_t min;
ngx_quic_frame_t frame, *fp;
ngx_quic_connection_t *qc;
@@ -57,8 +58,14 @@ ngx_quic_handle_path_challenge_frame(ngx
/*
* An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
* to at least the smallest allowed maximum datagram size of 1200 bytes.
+ * ...
+ * However, an endpoint MUST NOT expand the datagram containing the
+ * PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
*/
- if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) == NGX_ERROR) {
+
+ min = (ngx_quic_path_limit(c, pkt->path, 1200) < 1200) ? 0 : 1200;
+
+ if (ngx_quic_frame_sendto(c, &frame, min, pkt->path) == NGX_ERROR) {
return NGX_ERROR;
}
@@ -113,8 +120,8 @@ ngx_quic_handle_path_response_frame(ngx_
continue;
}
- if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
- || ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
+ if (ngx_memcmp(path->challenge[0], f->data, sizeof(f->data)) == 0
+ || ngx_memcmp(path->challenge[1], f->data, sizeof(f->data)) == 0)
{
goto valid;
}
@@ -510,11 +517,7 @@ ngx_quic_validate_path(ngx_connection_t
path->tries = 0;
- if (RAND_bytes(path->challenge1, 8) != 1) {
- return NGX_ERROR;
- }
-
- if (RAND_bytes(path->challenge2, 8) != 1) {
+ if (RAND_bytes((u_char *) path->challenge, sizeof(path->challenge)) != 1) {
return NGX_ERROR;
}
@@ -535,6 +538,8 @@ ngx_quic_validate_path(ngx_connection_t
static ngx_int_t
ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
{
+ size_t min;
+ ngx_uint_t n;
ngx_quic_frame_t frame;
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -546,26 +551,24 @@ ngx_quic_send_path_challenge(ngx_connect
frame.level = ssl_encryption_application;
frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
- ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
+ for (n = 0; n < 2; n++) {
+
+ ngx_memcpy(frame.u.path_challenge.data, path->challenge[n], 8);
- /*
- * RFC 9000, 8.2.1. Initiating Path Validation
- *
- * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
- * to at least the smallest allowed maximum datagram size of 1200 bytes,
- * unless the anti-amplification limit for the path does not permit
- * sending a datagram of this size.
- */
+ /*
+ * RFC 9000, 8.2.1. Initiating Path Validation
+ *
+ * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
+ * to at least the smallest allowed maximum datagram size of 1200 bytes,
+ * unless the anti-amplification limit for the path does not permit
+ * sending a datagram of this size.
+ */
- /* same applies to PATH_RESPONSE frames */
- if (ngx_quic_frame_sendto(c, &frame, 1200, path) == NGX_ERROR) {
- return NGX_ERROR;
- }
+ min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200;
- ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
-
- if (ngx_quic_frame_sendto(c, &frame, 1200, path) == NGX_ERROR) {
- return NGX_ERROR;
+ if (ngx_quic_frame_sendto(c, &frame, min, path) == NGX_ERROR) {
+ return NGX_ERROR;
+ }
}
return NGX_OK;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_output.c Wed Nov 29 18:13:25 2023 +0400
@@ -63,8 +63,6 @@ static ssize_t ngx_quic_send(ngx_connect
struct sockaddr *sockaddr, socklen_t socklen);
static void ngx_quic_set_packet_number(ngx_quic_header_t *pkt,
ngx_quic_send_ctx_t *ctx);
-static size_t ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path,
- size_t size);
ngx_int_t
@@ -1250,7 +1248,7 @@ ngx_quic_frame_sendto(ngx_connection_t *
}
-static size_t
+size_t
ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path, size_t size)
{
off_t max;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_output.h
--- a/src/event/quic/ngx_event_quic_output.h Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_output.h Wed Nov 29 18:13:25 2023 +0400
@@ -34,5 +34,7 @@ ngx_int_t ngx_quic_send_ack_range(ngx_co
ngx_int_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame,
size_t min, ngx_quic_path_t *path);
+size_t ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path,
+ size_t size);
#endif /* _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_ */
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
branches:
changeset: 9189:fcec773dd249
user: Roman Arutyunyan <arut@nginx.com>
date: Wed Nov 29 18:13:25 2023 +0400
description:
QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded to 1200 bytes. Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed. However RFC 9000 clearly states no partial
expansion should happen in both cases.
Section 8.2.1. Initiating Path Validation:
An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
to at least the smallest allowed maximum datagram size of 1200 bytes,
unless the anti-amplification limit for the path does not permit
sending a datagram of this size.
Section 8.2.2. Path Validation Responses:
An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
to at least the smallest allowed maximum datagram size of 1200 bytes.
...
However, an endpoint MUST NOT expand the datagram containing the
PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
diffstat:
src/event/quic/ngx_event_quic_connection.h | 3 +-
src/event/quic/ngx_event_quic_migration.c | 53 +++++++++++++++--------------
src/event/quic/ngx_event_quic_output.c | 4 +-
src/event/quic/ngx_event_quic_output.h | 2 +
4 files changed, 32 insertions(+), 30 deletions(-)
diffs (147 lines):
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_connection.h
--- a/src/event/quic/ngx_event_quic_connection.h Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_connection.h Wed Nov 29 18:13:25 2023 +0400
@@ -106,8 +106,7 @@ struct ngx_quic_path_s {
size_t max_mtu;
off_t sent;
off_t received;
- u_char challenge1[8];
- u_char challenge2[8];
+ u_char challenge[2][8];
uint64_t seqnum;
uint64_t mtu_pnum[NGX_QUIC_PATH_RETRIES];
ngx_str_t addr_text;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_migration.c Wed Nov 29 18:13:25 2023 +0400
@@ -36,6 +36,7 @@ ngx_int_t
ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f)
{
+ size_t min;
ngx_quic_frame_t frame, *fp;
ngx_quic_connection_t *qc;
@@ -57,8 +58,14 @@ ngx_quic_handle_path_challenge_frame(ngx
/*
* An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
* to at least the smallest allowed maximum datagram size of 1200 bytes.
+ * ...
+ * However, an endpoint MUST NOT expand the datagram containing the
+ * PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
*/
- if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) == NGX_ERROR) {
+
+ min = (ngx_quic_path_limit(c, pkt->path, 1200) < 1200) ? 0 : 1200;
+
+ if (ngx_quic_frame_sendto(c, &frame, min, pkt->path) == NGX_ERROR) {
return NGX_ERROR;
}
@@ -113,8 +120,8 @@ ngx_quic_handle_path_response_frame(ngx_
continue;
}
- if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
- || ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
+ if (ngx_memcmp(path->challenge[0], f->data, sizeof(f->data)) == 0
+ || ngx_memcmp(path->challenge[1], f->data, sizeof(f->data)) == 0)
{
goto valid;
}
@@ -510,11 +517,7 @@ ngx_quic_validate_path(ngx_connection_t
path->tries = 0;
- if (RAND_bytes(path->challenge1, 8) != 1) {
- return NGX_ERROR;
- }
-
- if (RAND_bytes(path->challenge2, 8) != 1) {
+ if (RAND_bytes((u_char *) path->challenge, sizeof(path->challenge)) != 1) {
return NGX_ERROR;
}
@@ -535,6 +538,8 @@ ngx_quic_validate_path(ngx_connection_t
static ngx_int_t
ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
{
+ size_t min;
+ ngx_uint_t n;
ngx_quic_frame_t frame;
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -546,26 +551,24 @@ ngx_quic_send_path_challenge(ngx_connect
frame.level = ssl_encryption_application;
frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
- ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
+ for (n = 0; n < 2; n++) {
+
+ ngx_memcpy(frame.u.path_challenge.data, path->challenge[n], 8);
- /*
- * RFC 9000, 8.2.1. Initiating Path Validation
- *
- * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
- * to at least the smallest allowed maximum datagram size of 1200 bytes,
- * unless the anti-amplification limit for the path does not permit
- * sending a datagram of this size.
- */
+ /*
+ * RFC 9000, 8.2.1. Initiating Path Validation
+ *
+ * An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
+ * to at least the smallest allowed maximum datagram size of 1200 bytes,
+ * unless the anti-amplification limit for the path does not permit
+ * sending a datagram of this size.
+ */
- /* same applies to PATH_RESPONSE frames */
- if (ngx_quic_frame_sendto(c, &frame, 1200, path) == NGX_ERROR) {
- return NGX_ERROR;
- }
+ min = (ngx_quic_path_limit(c, path, 1200) < 1200) ? 0 : 1200;
- ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
-
- if (ngx_quic_frame_sendto(c, &frame, 1200, path) == NGX_ERROR) {
- return NGX_ERROR;
+ if (ngx_quic_frame_sendto(c, &frame, min, path) == NGX_ERROR) {
+ return NGX_ERROR;
+ }
}
return NGX_OK;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_output.c Wed Nov 29 18:13:25 2023 +0400
@@ -63,8 +63,6 @@ static ssize_t ngx_quic_send(ngx_connect
struct sockaddr *sockaddr, socklen_t socklen);
static void ngx_quic_set_packet_number(ngx_quic_header_t *pkt,
ngx_quic_send_ctx_t *ctx);
-static size_t ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path,
- size_t size);
ngx_int_t
@@ -1250,7 +1248,7 @@ ngx_quic_frame_sendto(ngx_connection_t *
}
-static size_t
+size_t
ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path, size_t size)
{
off_t max;
diff -r b05c622715fa -r fcec773dd249 src/event/quic/ngx_event_quic_output.h
--- a/src/event/quic/ngx_event_quic_output.h Wed Nov 29 11:13:05 2023 +0300
+++ b/src/event/quic/ngx_event_quic_output.h Wed Nov 29 18:13:25 2023 +0400
@@ -34,5 +34,7 @@ ngx_int_t ngx_quic_send_ack_range(ngx_co
ngx_int_t ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame,
size_t min, ngx_quic_path_t *path);
+size_t ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path,
+ size_t size);
#endif /* _NGX_EVENT_QUIC_OUTPUT_H_INCLUDED_ */
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
| Subject | Author | Views | Posted |
|---|---|---|---|
|
Roman Arutyunyan | 237 | December 12, 2023 08:50AM |
Sorry, you do not have permission to post/reply in this forum.
Online Users
Guests:
156
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|