From 57fc9c5e061a917f761297c7a16c39ec06cb2514 Mon Sep 17 00:00:00 2001 From: Charles-Henri Bruyand Date: Fri, 22 Sep 2023 14:44:15 +0200 Subject: [PATCH] doq: initialize stateless reset token --- pdns/dnsdistdist/doq.cc | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/pdns/dnsdistdist/doq.cc b/pdns/dnsdistdist/doq.cc index 6f6d0496ee..160f3e7ae8 100644 --- a/pdns/dnsdistdist/doq.cc +++ b/pdns/dnsdistdist/doq.cc @@ -261,6 +261,14 @@ static void handleResponse(DOQFrontend& df, Connection& conn, const uint64_t str } } +static void fillRandom(PacketBuffer& buffer, size_t size) +{ + buffer.reserve(size); + while (size > 0) { + buffer.insert(buffer.end(), dnsdist::getRandomValue(std::numeric_limits::max())); + --size; + } +} void DOQFrontend::setup() { auto config = QuicheConfig(quiche_config_new(QUICHE_PROTOCOL_VERSION), quiche_config_free); @@ -295,7 +303,12 @@ void DOQFrontend::setup() quiche_config_set_initial_max_stream_data_bidi_remote(config.get(), 1000000); quiche_config_set_initial_max_streams_bidi(config.get(), 100); quiche_config_set_cc_algorithm(config.get(), QUICHE_CC_RENO); - // quiche_config_log_keys(config.get()); + + { + PacketBuffer resetToken; + fillRandom(resetToken, 16); + quiche_config_set_stateless_reset_token(config.get(), reinterpret_cast(resetToken.data())); + } d_server_config = std::make_shared(std::move(config), d_internalPipeBufferSize); } @@ -303,13 +316,8 @@ void DOQFrontend::setup() static std::optional getCID() { PacketBuffer buffer; - size_t idx = 0; - buffer.resize(LOCAL_CONN_ID_LEN); - while (idx < LOCAL_CONN_ID_LEN) { - buffer.at(idx) = dnsdist::getRandomValue(std::numeric_limits::max()); - ++idx; - } + fillRandom(buffer, LOCAL_CONN_ID_LEN); return buffer; } -- 2.47.2