From: Frederic Lecaille Date: Thu, 17 Oct 2024 05:59:59 +0000 (+0200) Subject: MINOR: quic: send new tokens (NEW_TOKEN) even for 1RTT sessions X-Git-Tag: v3.1-dev11~113 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c7f14a38f528c03a4c29589273a19f983c6e91e4;p=thirdparty%2Fhaproxy.git MINOR: quic: send new tokens (NEW_TOKEN) even for 1RTT sessions Tokens are sent when opening a connection, just after the handshake, to be possibly reused by the peer for the next connection. They are used to validate the peer address during the 0RTT connection openings. But there is no reason to reserve this feature to 0RTT connections. This patch modifies quic_build_post_handshake_frames() to do so. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 5adf528b5c..ea9e16315a 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -473,6 +473,8 @@ int quic_build_post_handshake_frames(struct quic_conn *qc) qel = qc->ael; /* Only servers must send a HANDSHAKE_DONE frame. */ if (qc_is_listener(qc)) { + size_t new_token_frm_len; + frm = qc_frm_alloc(QUIC_FT_HANDSHAKE_DONE); if (!frm) { TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); @@ -481,29 +483,23 @@ int quic_build_post_handshake_frames(struct quic_conn *qc) LIST_APPEND(&frm_list, &frm->list); -#ifdef HAVE_SSL_0RTT_QUIC - if (qc->li->bind_conf->ssl_conf.early_data) { - size_t new_token_frm_len; - - frm = qc_frm_alloc(QUIC_FT_NEW_TOKEN); - if (!frm) { - TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); - goto err; - } - - new_token_frm_len = - quic_generate_token(frm->new_token.data, - sizeof(frm->new_token.data), &qc->peer_addr); - if (!new_token_frm_len) { - TRACE_ERROR("token generation failed", QUIC_EV_CONN_IO_CB, qc); - goto err; - } + frm = qc_frm_alloc(QUIC_FT_NEW_TOKEN); + if (!frm) { + TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); + goto err; + } - BUG_ON(new_token_frm_len != sizeof(frm->new_token.data)); - frm->new_token.len = new_token_frm_len; - LIST_APPEND(&frm_list, &frm->list); + new_token_frm_len = + quic_generate_token(frm->new_token.data, + sizeof(frm->new_token.data), &qc->peer_addr); + if (!new_token_frm_len) { + TRACE_ERROR("token generation failed", QUIC_EV_CONN_IO_CB, qc); + goto err; } -#endif + + BUG_ON(new_token_frm_len != sizeof(frm->new_token.data)); + frm->new_token.len = new_token_frm_len; + LIST_APPEND(&frm_list, &frm->list); } /* Initialize connection IDs minus one: there is