New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Symmetric connection IDs #1151
Merged
Merged
Symmetric connection IDs #1151
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
8ecd955
wip
martinthomson d55ddf8
Symmetric connection IDs
martinthomson d925ba0
Address review comments, closes #1052
martinthomson d8a59b3
Review-based tweakin'
martinthomson b6db6fa
Closes #1146 too
martinthomson 5343125
Closes #821 too
martinthomson acf8bfe
Let's not flip around too often unnecessarily
martinthomson febac4d
Fix length labels
martinthomson 436786f
-n
martinthomson 2764c5c
Reducing minimum connection ID length to 4 octets
martinthomson 7bfa8ab
Sums iz haard
martinthomson d7a18a0
Moar bad numerz
martinthomson dc887e8
My sed-fu is lacking
martinthomson c6c06e5
For @siyengar/@ianswett regarding connection ID construction
martinthomson 3ea70b9
Some review-related changes and polish
martinthomson 4e837b2
Fixups
martinthomson 0d51024
Small tweaks regarding the change to dcid
martinthomson 9d1512f
Jana's improvements
martinthomson File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think an algorithm based on packet number might be more robust than specifying the first packet of each type? Largest packet number wins?
Also, I would say the server MUST set it's value based on an Initial packet. Given there was no connection before, I wouldn't call it a change of connection ID.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1. I can't reason about packet type changes easily, but largest packet number seems robust.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a discussion on list about version negotiation attacks by man-on-the-side. One proposed solution was to queue some packets and wait for the best outcome. I'm not so sure what is best, but it overlaps with the considerations in the above text and comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Largest packet number fails for the simple reason that it might allow for multiple changes. Lowest packet number works better. And that's all I'm looking for. Latching is what we are looking for, not a continuous sequence of changes.
Also, I added a note to ignore packets with different Source Connection ID values. That deals neatly with the problem where two server instances both attempt to start a connection with you as a result of you sending multiple Initial packets.