mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-04 20:57:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

add a quic.Config option to verify source address tokes

Browse source
This commit is contained in:
Marten Seemann 2017-05-21 00:28:31 +08:00
parent eb72b494b2
commit 87df63dd5f
No known key found for this signature in database
GPG key ID: 3603F40B121FCDEA
9 changed files with 245 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

59
server_test.go
View file

@ -5,6 +5,7 @@ import (
"crypto/tls"
"errors"
"net"
"reflect"
"time"
"github.com/lucas-clemente/quic-go/crypto"
@ -342,17 +343,20 @@ var _ = Describe("Server", func() {
It("setups with the right values", func() {
supportedVersions := []protocol.VersionNumber{1, 3, 5}
acceptSTK := func(_ net.Addr, _ *STK) bool { return true }
config := Config{
TLSConfig: &tls.Config{},
Versions: supportedVersions,
AcceptSTK: acceptSTK,
}
ln, err := Listen(conn, &config)
server := ln.(*server)
Expect(err).ToNot(HaveOccurred())
server := ln.(*server)
Expect(server.deleteClosedSessionsAfter).To(Equal(protocol.ClosedSessionDeleteTimeout))
Expect(server.sessions).ToNot(BeNil())
Expect(server.scfg).ToNot(BeNil())
Expect(server.config.Versions).To(Equal(supportedVersions))
Expect(reflect.ValueOf(server.config.AcceptSTK)).To(Equal(reflect.ValueOf(acceptSTK)))
})
It("fills in default values if options are not set in the Config", func() {
@ -361,6 +365,7 @@ var _ = Describe("Server", func() {
Expect(err).ToNot(HaveOccurred())
server := ln.(*server)
Expect(server.config.Versions).To(Equal(protocol.SupportedVersions))
Expect(reflect.ValueOf(server.config.AcceptSTK)).To(Equal(reflect.ValueOf(defaultAcceptSTK)))
})
It("listens on a given address", func() {
@ -434,3 +439,55 @@ var _ = Describe("Server", func() {
Expect(ln.(*server).sessions).To(BeEmpty())
})
})
var _ = Describe("default source address verification", func() {
It("accepts a token", func() {
remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
stk := &STK{
remoteAddr: "192.168.0.1",
sentTime: time.Now().Add(-protocol.STKExpiryTime).Add(time.Second), // will expire in 1 second
}
Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeTrue())
})
It("requests verification if no token is provided", func() {
remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
Expect(defaultAcceptSTK(remoteAddr, nil)).To(BeFalse())
})
It("rejects a token if the address doesn't match", func() {
remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
stk := &STK{
remoteAddr: "127.0.0.1",
sentTime: time.Now(),
}
Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse())
})
It("accepts a token for a remote address is not a UDP address", func() {
remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}
stk := &STK{
remoteAddr: "192.168.0.1:1337",
sentTime: time.Now(),
}
Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeTrue())
})
It("rejects an invalid token for a remote address is not a UDP address", func() {
remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}
stk := &STK{
remoteAddr: "192.168.0.1:7331", // mismatching port
sentTime: time.Now(),
}
Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse())
})
It("rejects an expired token", func() {
remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
stk := &STK{
remoteAddr: "192.168.0.1",
sentTime: time.Now().Add(-protocol.STKExpiryTime).Add(-time.Second), // expired 1 second ago
}
Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse())
})
})