Skip to content

Commit

Permalink
Merge pull request #374 from h2o/kazuho/cli-address-compare
Browse files Browse the repository at this point in the history 
[cli] allocate enough space to hold source address of an incoming packet
  • Loading branch information
@kazuho
kazuho authored Jul 22, 2020
2 parents 9b166b2 + 35e8f35 commit 1ec0a66
Showing 1 changed file with 16 additions and 15 deletions.
31 changes: 16 additions & 15 deletions src/cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -731,11 +731,11 @@ static int run_server(int fd, struct sockaddr *sa, socklen_t salen)
while (1) {
uint8_t buf[ctx.transport_params.max_udp_payload_size];
struct msghdr mess;
struct sockaddr sa;
quicly_address_t remote;
struct iovec vec;
memset(&mess, 0, sizeof(mess));
mess.msg_name = &sa;
mess.msg_namelen = sizeof(sa);
mess.msg_name = &remote.sa;
mess.msg_namelen = sizeof(remote);
vec.iov_base = buf;
vec.iov_len = sizeof(buf);
mess.msg_iov = &vec;
Expand All @@ -755,10 +755,10 @@ static int run_server(int fd, struct sockaddr *sa, socklen_t salen)
if (QUICLY_PACKET_IS_LONG_HEADER(packet.octets.base[0])) {
if (packet.version != QUICLY_PROTOCOL_VERSION) {
uint8_t payload[ctx.transport_params.max_udp_payload_size];
size_t payload_len = quicly_send_version_negotiation(&ctx, &sa, packet.cid.src, NULL,
size_t payload_len = quicly_send_version_negotiation(&ctx, &remote.sa, packet.cid.src, NULL,
packet.cid.dest.encrypted, payload);
assert(payload_len != SIZE_MAX);
send_one_packet(fd, &sa, payload, payload_len);
send_one_packet(fd, &remote.sa, payload, payload_len);
break;
}
/* there is no way to send response to these v1 packets */
Expand All @@ -769,32 +769,33 @@ static int run_server(int fd, struct sockaddr *sa, socklen_t salen)
quicly_conn_t *conn = NULL;
size_t i;
for (i = 0; i != num_conns; ++i) {
if (quicly_is_destination(conns[i], NULL, &sa, &packet)) {
if (quicly_is_destination(conns[i], NULL, &remote.sa, &packet)) {
conn = conns[i];
break;
}
}
if (conn != NULL) {
/* existing connection */
quicly_receive(conn, NULL, &sa, &packet);
quicly_receive(conn, NULL, &remote.sa, &packet);
} else if (QUICLY_PACKET_IS_INITIAL(packet.octets.base[0])) {
/* long header packet; potentially a new connection */
quicly_address_token_plaintext_t *token = NULL, token_buf;
if (packet.token.len != 0) {
const char *err_desc = NULL;
int ret = quicly_decrypt_address_token(address_token_aead.dec, &token_buf, packet.token.base,
packet.token.len, 0, &err_desc);
if (ret == 0 && validate_token(&sa, packet.cid.src, packet.cid.dest.encrypted, &token_buf, &err_desc)) {
if (ret == 0 &&
validate_token(&remote.sa, packet.cid.src, packet.cid.dest.encrypted, &token_buf, &err_desc)) {
token = &token_buf;
} else if (enforce_retry && (ret == QUICLY_TRANSPORT_ERROR_INVALID_TOKEN ||
(ret == 0 && token_buf.type == QUICLY_ADDRESS_TOKEN_TYPE_RETRY))) {
/* Token that looks like retry was unusable, and we require retry. There's no chance of the
* handshake succeeding. Therefore, send close without aquiring state. */
uint8_t payload[ctx.transport_params.max_udp_payload_size];
size_t payload_len = quicly_send_close_invalid_token(&ctx, &sa, packet.cid.src, NULL,
size_t payload_len = quicly_send_close_invalid_token(&ctx, &remote.sa, packet.cid.src, NULL,
packet.cid.dest.encrypted, err_desc, payload);
assert(payload_len != SIZE_MAX);
send_one_packet(fd, &sa, payload, payload_len);
send_one_packet(fd, &remote.sa, payload, payload_len);
}
}
if (enforce_retry && token == NULL && packet.cid.dest.encrypted.len >= 8) {
Expand All @@ -804,16 +805,16 @@ static int run_server(int fd, struct sockaddr *sa, socklen_t salen)
uint8_t new_server_cid[8], payload[ctx.transport_params.max_udp_payload_size];
memcpy(new_server_cid, packet.cid.dest.encrypted.base, sizeof(new_server_cid));
new_server_cid[0] ^= 0xff;
size_t payload_len = quicly_send_retry(&ctx, address_token_aead.enc, &sa, packet.cid.src, NULL,
size_t payload_len = quicly_send_retry(&ctx, address_token_aead.enc, &remote.sa, packet.cid.src, NULL,
ptls_iovec_init(new_server_cid, sizeof(new_server_cid)),
packet.cid.dest.encrypted, ptls_iovec_init(NULL, 0),
ptls_iovec_init(NULL, 0), NULL, payload);
assert(payload_len != SIZE_MAX);
send_one_packet(fd, &sa, payload, payload_len);
send_one_packet(fd, &remote.sa, payload, payload_len);
break;
} else {
/* new connection */
int ret = quicly_accept(&conn, &ctx, NULL, &sa, &packet, token, &next_cid, NULL);
int ret = quicly_accept(&conn, &ctx, NULL, &remote.sa, &packet, token, &next_cid, NULL);
if (ret == 0) {
assert(conn != NULL);
++next_cid.master_id;
Expand All @@ -831,9 +832,9 @@ static int run_server(int fd, struct sockaddr *sa, socklen_t salen)
if (packet.cid.dest.plaintext.node_id == 0 && packet.cid.dest.plaintext.thread_id == 0) {
uint8_t payload[ctx.transport_params.max_udp_payload_size];
size_t payload_len =
quicly_send_stateless_reset(&ctx, &sa, NULL, packet.cid.dest.encrypted.base, payload);
quicly_send_stateless_reset(&ctx, &remote.sa, NULL, packet.cid.dest.encrypted.base, payload);
assert(payload_len != SIZE_MAX);
send_one_packet(fd, &sa, payload, payload_len);
send_one_packet(fd, &remote.sa, payload, payload_len);
}
}
}
Expand Down

0 comments on commit 1ec0a66

Please sign in to comment.