From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 31 Mar 2022 06:42:06 +0000 (+0200)
Subject: BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification
X-Git-Tag: v2.6-dev5~66
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12fd259363127e2732c03b0d9cf779871f727db0;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification

We must not re-enqueue frames if we can detect in advance they will not be
transmitted due to the anti-amplification limit.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 5917518710..e201a91596 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2297,6 +2297,15 @@ static void qc_prep_fast_retrans(struct quic_enc_level *qel,
 	if (!pkt)
 		return;
 
+	/* When building a packet from another one, the field which may increase the
+	 * packet size is the packet number. And the maximum increase is 4 bytes.
+	 */
+	if (!quic_peer_validated_addr(qc) && qc_is_listener(qc) &&
+	    pkt->len + 4 > 3 * qc->rx.bytes - qc->tx.prep_bytes) {
+		TRACE_PROTO("anti-amplification limit would be reached", QUIC_EV_CONN_PRSAFRM, qc);
+		return;
+	}
+
 	qc_requeue_nacked_pkt_tx_frms(qc, &pkt->frms, &qel->pktns->tx.frms);
 }
 
@@ -2344,6 +2353,15 @@ static void qc_prep_hdshk_fast_retrans(struct quic_conn *qc)
 	if (!pkt)
 		goto end;
 
+	/* When building a packet from another one, the field which may increase the
+	 * packet size is the packet number. And the maximum increase is 4 bytes.
+	 */
+	if (!quic_peer_validated_addr(qc) && qc_is_listener(qc) &&
+	    pkt->len + 4 > 3 * qc->rx.bytes - qc->tx.prep_bytes) {
+		TRACE_PROTO("anti-amplification limit would be reached", QUIC_EV_CONN_PRSAFRM, qc);
+		goto end;
+	}
+
 	qel->pktns->tx.pto_probe += 1;
  requeue:
 	list_for_each_entry_safe(frm, frmbak, &pkt->frms, list) {