From: Amaury Denoyelle Date: Fri, 28 Jan 2022 15:02:13 +0000 (+0100) Subject: MINOR: quic: refactor quic CID association with threads X-Git-Tag: v2.6-dev1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0442efd214c649a637755889c5a785ceab6d4211;p=thirdparty%2Fhaproxy.git MINOR: quic: refactor quic CID association with threads Do not use an extra DCID parameter on new_quic_cid to be able to associated a new generated CID to a thread ID. Simply do the computation inside the function. The API is cleaner this way. This also has the effects to improve the apparent randomness of CIDs. With the previous version the first byte of all CIDs are identical for a connection which could lead to privacy issue. This version may not be totally perfect on this aspect but it improves the situation. --- diff --git a/include/haproxy/xprt_quic.h b/include/haproxy/xprt_quic.h index d8f23bd1ff..4107fbe838 100644 --- a/include/haproxy/xprt_quic.h +++ b/include/haproxy/xprt_quic.h @@ -132,12 +132,6 @@ static inline void quic_cid_dump(struct buffer *buf, chunk_appendf(buf, ")"); } -/* Simply compute a thread ID from a CID */ -static inline unsigned long quic_get_cid_tid(const unsigned char *cid) -{ - return *cid % global.nbthread; -} - /* Free the CIDs attached to QUIC connection. This must be called under * the CID lock. */ @@ -177,13 +171,32 @@ static inline void quic_connection_id_to_frm_cpy(struct quic_frame *dst, to->stateless_reset_token = src->stateless_reset_token; } +/* Retrieve the associated thread ID for . */ +static inline unsigned long quic_get_cid_tid(const unsigned char *cid) +{ + return *cid % global.nbthread; +} + +/* Modify to have a CID linked to the thread ID . This is + * based on quic_get_cid_tid. + */ +static inline void quic_pin_cid_to_tid(unsigned char *cid, int target_tid) +{ + cid[0] = cid[0] - (cid[0] % global.nbthread) + target_tid; +} + /* Allocate a new CID with as sequence number and attach it to * ebtree. + * + * The CID is randomly generated in part with the result altered to be + * associated with the current thread ID. This means this function must only + * be called by the quic_conn thread. + * * Returns the new CID if succeeded, NULL if not. */ static inline struct quic_connection_id *new_quic_cid(struct eb_root *root, struct quic_conn *qc, - int seq_num, unsigned char *dcid) + int seq_num) { struct quic_connection_id *cid; @@ -199,8 +212,7 @@ static inline struct quic_connection_id *new_quic_cid(struct eb_root *root, goto err; } - /* Set the same first octet from */ - cid->cid.data[0] = *dcid; + quic_pin_cid_to_tid(cid->cid.data, tid); cid->qc = qc; diff --git a/src/xprt_quic.c b/src/xprt_quic.c index caea3e67c7..a1fa7dbdec 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -2806,7 +2806,7 @@ static int quic_build_post_handshake_frames(struct quic_conn *qc) if (!frm) goto err; - cid = new_quic_cid(&qc->cids, qc, i, qc->scid.data); + cid = new_quic_cid(&qc->cids, qc, i); if (!cid) goto err; @@ -3605,7 +3605,7 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4, /* Initialize the output buffer */ qc->obuf.pos = qc->obuf.data; - icid = new_quic_cid(&qc->cids, qc, 0, dcid); + icid = new_quic_cid(&qc->cids, qc, 0); if (!icid) { TRACE_PROTO("Could not allocate a new connection ID", QUIC_EV_CONN_INIT, qc); goto err;