uint tid; /* Attached Thread ID for the connection. */
};
-/* Flag the packet number space as having received a packet */
-#define QUIC_FL_PKTNS_PKT_RECEIVED (1UL << 0)
+/* unused: 0x01 */
/* Flag the packet number space as requiring an ACK frame to be sent. */
#define QUIC_FL_PKTNS_ACK_REQUIRED (1UL << 1)
/* Flag the packet number space as needing probing */
#define QUIC_FL_CONN_IO_TO_REQUEUE (1U << 14) /* IO handler must be requeued on new thread after connection migration */
#define QUIC_FL_CONN_IPKTNS_DCD (1U << 15) /* Initial packet number space discarded */
#define QUIC_FL_CONN_HPKTNS_DCD (1U << 16) /* Handshake packet number space discarded */
-#define QUIC_FL_CONN_PEER_VALIDATED_ADDR (1U << 17) /* Connection with peer validated address */
+#define QUIC_FL_CONN_PEER_VALIDATED_ADDR (1U << 17) /* Peer address is considered as validated for this connection. */
#define QUIC_FL_CONN_TO_KILL (1U << 24) /* Unusable connection, to be killed */
#define QUIC_FL_CONN_TX_TP_RECEIVED (1U << 25) /* Peer transport parameters have been received (used for the transmitting part) */
#define QUIC_FL_CONN_FINALIZED (1U << 26) /* QUIC connection finalized (functional, ready to send/receive) */
if (!qc_is_listener(qc))
return 1;
- if ((qc->hpktns && (qc->hpktns->flags & QUIC_FL_PKTNS_PKT_RECEIVED)) ||
- (qc->apktns && (qc->apktns->flags & QUIC_FL_PKTNS_PKT_RECEIVED)) ||
- qc->state >= QUIC_HS_ST_COMPLETE)
+ if (qc->flags & QUIC_FL_CONN_PEER_VALIDATED_ADDR)
return 1;
BUG_ON(qc->bytes.prep > 3 * qc->bytes.rx);
if (qc->fd >= 0)
fdtab[cc_qc->fd].owner = cc_qc;
cc_qc->flags = qc->flags;
- if (quic_peer_validated_addr(qc))
- cc_qc->flags |= QUIC_FL_CONN_PEER_VALIDATED_ADDR;
cc_qc->err = qc->err;
cc_qc->nb_pkt_for_cc = qc->nb_pkt_for_cc;
LIST_APPEND(&th_ctx->quic_conns, &qc->el_th_ctx);
qc->qc_epoch = HA_ATOMIC_LOAD(&qc_epoch);
+ /* If connection is instantiated due to an INITIAL packet with an
+ * already checked token, consider the peer address as validated.
+ */
+ if (token_odcid->len) {
+ TRACE_STATE("validate peer address due to initial token",
+ QUIC_EV_CONN_INIT, qc);
+ qc->flags |= QUIC_FL_CONN_PEER_VALIDATED_ADDR;
+ }
+
TRACE_LEAVE(QUIC_EV_CONN_INIT, qc);
return qc;
}
}
- /* Flag this packet number space as having received a packet. */
- qel->pktns->flags |= QUIC_FL_PKTNS_PKT_RECEIVED;
-
if (fast_retrans && qc->iel && qc->hel) {
struct quic_enc_level *iqel = qc->iel;
struct quic_enc_level *hqel = qc->hel;
else {
struct quic_arng ar = { .first = pkt->pn, .last = pkt->pn };
+ /* RFC 9000 8.1. Address Validation during Connection Establishment
+ *
+ * Connection establishment implicitly provides address validation for
+ * both endpoints. In particular, receipt of a packet protected with
+ * Handshake keys confirms that the peer successfully processed an
+ * Initial packet.
+ */
+ if (qel == qc->hel) {
+ TRACE_STATE("validate peer address on handshake packet",
+ QUIC_EV_CONN_RXPKT, qc, pkt);
+ qc->flags |= QUIC_FL_CONN_PEER_VALIDATED_ADDR;
+ }
+
/* Update the list of ranges to acknowledge. */
if (quic_update_ack_ranges_list(qc, &qel->pktns->rx.arngs, &ar)) {
if (pkt->flags & QUIC_FL_RX_PACKET_ACK_ELICITING) {