From 9040fd25e75838d71b62b422d451d8a00d921823 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 1 Jun 2017 19:30:38 +0200 Subject: [PATCH] add a quic.Config option to set the handshake timeout --- Changelog.md | 1 + client.go | 6 ++++++ client_test.go | 17 +++++++++++++++-- interface.go | 4 ++++ protocol/server_parameters.go | 4 ++-- server.go | 13 ++++++++++--- server_test.go | 9 ++++++--- session.go | 4 ++-- session_test.go | 2 +- 9 files changed, 47 insertions(+), 13 deletions(-) diff --git a/Changelog.md b/Changelog.md index f8deecb2..e795f6f3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -5,4 +5,5 @@ - Add a `quic.Config` option for QUIC versions - Add a `quic.Config` option to request truncation of the connection ID from a server - Add a `quic.Config` option to configure the source address validation +- Add a `quic.Config` option to configure the handshake timeout - Various bugfixes diff --git a/client.go b/client.go index 2c765b29..f9dddcd3 100644 --- a/client.go +++ b/client.go @@ -118,9 +118,15 @@ func populateClientConfig(config *Config) *Config { versions = protocol.SupportedVersions } + handshakeTimeout := protocol.DefaultHandshakeTimeout + if config.HandshakeTimeout != 0 { + handshakeTimeout = config.HandshakeTimeout + } + return &Config{ TLSConfig: config.TLSConfig, Versions: versions, + HandshakeTimeout: handshakeTimeout, RequestConnectionIDTruncation: config.RequestConnectionIDTruncation, } } diff --git a/client_test.go b/client_test.go index ffba513b..3aab7488 100644 --- a/client_test.go +++ b/client_test.go @@ -4,6 +4,7 @@ import ( "bytes" "errors" "net" + "time" "github.com/lucas-clemente/quic-go/protocol" "github.com/lucas-clemente/quic-go/qerr" @@ -153,9 +154,21 @@ var _ = Describe("Client", func() { close(done) }) - It("uses all supported versions, if none are specified in the quic.Config", func() { + It("setups with the right values", func() { + config := &Config{ + HandshakeTimeout: 1337 * time.Minute, + RequestConnectionIDTruncation: true, + } + c := populateClientConfig(config) + Expect(c.HandshakeTimeout).To(Equal(1337 * time.Minute)) + Expect(c.RequestConnectionIDTruncation).To(BeTrue()) + }) + + It("fills in default values if options are not set in the Config", func() { c := populateClientConfig(&Config{}) Expect(c.Versions).To(Equal(protocol.SupportedVersions)) + Expect(c.HandshakeTimeout).To(Equal(protocol.DefaultHandshakeTimeout)) + Expect(c.RequestConnectionIDTruncation).To(BeFalse()) }) It("errors when receiving an invalid first packet from the server", func(done Done) { @@ -310,7 +323,7 @@ var _ = Describe("Client", func() { Expect(cconn.(*conn).pconn).To(Equal(packetConn)) Expect(hostname).To(Equal("quic.clemente.io")) Expect(version).To(Equal(cl.version)) - Expect(conf).To(Equal(config)) + Expect(conf.Versions).To(Equal(config.Versions)) close(done) }) diff --git a/interface.go b/interface.go index 90e8c728..30bc9b6c 100644 --- a/interface.go +++ b/interface.go @@ -71,6 +71,10 @@ type Config struct { // This saves 8 bytes in the Public Header in every packet. However, if the IP address of the server changes, the connection cannot be migrated. // Currently only valid for the client. RequestConnectionIDTruncation bool + // HandshakeTimeout is the maximum duration that the cryptographic handshake may take. + // If the timeout is exceeded, the connection is closed. + // If this value is zero, the timeout is set to 10 seconds. + HandshakeTimeout time.Duration // AcceptSTK determines if an STK is accepted. // It is called with stk = nil if the client didn't send an STK. // If not set, it verifies that the address matches, and that the STK was issued within the last 24 hours diff --git a/protocol/server_parameters.go b/protocol/server_parameters.go index 116d27e0..832d3879 100644 --- a/protocol/server_parameters.go +++ b/protocol/server_parameters.go @@ -128,8 +128,8 @@ const MaxIdleTimeoutServer = 1 * time.Minute // MaxIdleTimeoutClient is the idle timeout that the client suggests to the server const MaxIdleTimeoutClient = 2 * time.Minute -// MaxTimeForCryptoHandshake is the default timeout for a connection until the crypto handshake succeeds. -const MaxTimeForCryptoHandshake = 10 * time.Second +// DefaultHandshakeTimeout is the default timeout for a connection until the crypto handshake succeeds. +const DefaultHandshakeTimeout = 10 * time.Second // ClosedSessionDeleteTimeout the server ignores packets arriving on a connection that is already closed // after this time all information about the old connection will be deleted diff --git a/server.go b/server.go index 2f831bbf..fe5817a5 100644 --- a/server.go +++ b/server.go @@ -106,15 +106,22 @@ func populateServerConfig(config *Config) *Config { if len(versions) == 0 { versions = protocol.SupportedVersions } + vsa := defaultAcceptSTK if config.AcceptSTK != nil { vsa = config.AcceptSTK } + handshakeTimeout := protocol.DefaultHandshakeTimeout + if config.HandshakeTimeout != 0 { + handshakeTimeout = config.HandshakeTimeout + } + return &Config{ - TLSConfig: config.TLSConfig, - Versions: versions, - AcceptSTK: vsa, + TLSConfig: config.TLSConfig, + Versions: versions, + HandshakeTimeout: handshakeTimeout, + AcceptSTK: vsa, } } diff --git a/server_test.go b/server_test.go index 6bf99e37..35df8d31 100644 --- a/server_test.go +++ b/server_test.go @@ -345,9 +345,10 @@ var _ = Describe("Server", func() { supportedVersions := []protocol.VersionNumber{1, 3, 5} acceptSTK := func(_ net.Addr, _ *STK) bool { return true } config := Config{ - TLSConfig: &tls.Config{}, - Versions: supportedVersions, - AcceptSTK: acceptSTK, + TLSConfig: &tls.Config{}, + Versions: supportedVersions, + AcceptSTK: acceptSTK, + HandshakeTimeout: 1337 * time.Hour, } ln, err := Listen(conn, &config) Expect(err).ToNot(HaveOccurred()) @@ -356,6 +357,7 @@ var _ = Describe("Server", func() { Expect(server.sessions).ToNot(BeNil()) Expect(server.scfg).ToNot(BeNil()) Expect(server.config.Versions).To(Equal(supportedVersions)) + Expect(server.config.HandshakeTimeout).To(Equal(1337 * time.Hour)) Expect(reflect.ValueOf(server.config.AcceptSTK)).To(Equal(reflect.ValueOf(acceptSTK))) }) @@ -365,6 +367,7 @@ var _ = Describe("Server", func() { Expect(err).ToNot(HaveOccurred()) server := ln.(*server) Expect(server.config.Versions).To(Equal(protocol.SupportedVersions)) + Expect(server.config.HandshakeTimeout).To(Equal(protocol.DefaultHandshakeTimeout)) Expect(reflect.ValueOf(server.config.AcceptSTK)).To(Equal(reflect.ValueOf(defaultAcceptSTK))) }) diff --git a/session.go b/session.go index 3e20c5f2..01b0860c 100644 --- a/session.go +++ b/session.go @@ -327,7 +327,7 @@ runLoop: if now.Sub(s.lastNetworkActivityTime) >= s.idleTimeout() { s.close(qerr.Error(qerr.NetworkIdleTimeout, "No recent network activity.")) } - if !s.handshakeComplete && now.Sub(s.sessionCreationTime) >= protocol.MaxTimeForCryptoHandshake { + if !s.handshakeComplete && now.Sub(s.sessionCreationTime) >= s.config.HandshakeTimeout { s.close(qerr.Error(qerr.NetworkIdleTimeout, "Crypto handshake did not complete in time.")) } s.garbageCollectStreams() @@ -354,7 +354,7 @@ func (s *session) maybeResetTimer() { nextDeadline = utils.MinTime(nextDeadline, lossTime) } if !s.handshakeComplete { - handshakeDeadline := s.sessionCreationTime.Add(protocol.MaxTimeForCryptoHandshake) + handshakeDeadline := s.sessionCreationTime.Add(s.config.HandshakeTimeout) nextDeadline = utils.MinTime(nextDeadline, handshakeDeadline) } if !s.receivedTooManyUndecrytablePacketsTime.IsZero() { diff --git a/session_test.go b/session_test.go index 95bb1cda..8f523a42 100644 --- a/session_test.go +++ b/session_test.go @@ -1403,7 +1403,7 @@ var _ = Describe("Session", func() { }) It("times out due to non-completed crypto handshake", func(done Done) { - sess.sessionCreationTime = time.Now().Add(-time.Hour) + sess.sessionCreationTime = time.Now().Add(-protocol.DefaultHandshakeTimeout).Add(-time.Second) sess.run() // Would normally not return Expect(mconn.written[0]).To(ContainSubstring("Crypto handshake did not complete in time.")) Expect(sess.runClosed).To(BeClosed())