From c7f14a38f528c03a4c29589273a19f983c6e91e4 Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Thu, 17 Oct 2024 07:59:59 +0200 Subject: [PATCH] MINOR: quic: send new tokens (NEW_TOKEN) even for 1RTT sessions Tokens are sent when opening a connection, just after the handshake, to be possibly reused by the peer for the next connection. They are used to validate the peer address during the 0RTT connection openings. But there is no reason to reserve this feature to 0RTT connections. This patch modifies quic_build_post_handshake_frames() to do so. --- src/quic_conn.c | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 5adf528b5..ea9e16315 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -473,6 +473,8 @@ int quic_build_post_handshake_frames(struct quic_conn *qc) qel = qc->ael; /* Only servers must send a HANDSHAKE_DONE frame. */ if (qc_is_listener(qc)) { + size_t new_token_frm_len; + frm = qc_frm_alloc(QUIC_FT_HANDSHAKE_DONE); if (!frm) { TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); @@ -481,29 +483,23 @@ int quic_build_post_handshake_frames(struct quic_conn *qc) LIST_APPEND(&frm_list, &frm->list); -#ifdef HAVE_SSL_0RTT_QUIC - if (qc->li->bind_conf->ssl_conf.early_data) { - size_t new_token_frm_len; - - frm = qc_frm_alloc(QUIC_FT_NEW_TOKEN); - if (!frm) { - TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); - goto err; - } - - new_token_frm_len = - quic_generate_token(frm->new_token.data, - sizeof(frm->new_token.data), &qc->peer_addr); - if (!new_token_frm_len) { - TRACE_ERROR("token generation failed", QUIC_EV_CONN_IO_CB, qc); - goto err; - } - - BUG_ON(new_token_frm_len != sizeof(frm->new_token.data)); - frm->new_token.len = new_token_frm_len; - LIST_APPEND(&frm_list, &frm->list); + frm = qc_frm_alloc(QUIC_FT_NEW_TOKEN); + if (!frm) { + TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc); + goto err; } -#endif + + new_token_frm_len = + quic_generate_token(frm->new_token.data, + sizeof(frm->new_token.data), &qc->peer_addr); + if (!new_token_frm_len) { + TRACE_ERROR("token generation failed", QUIC_EV_CONN_IO_CB, qc); + goto err; + } + + BUG_ON(new_token_frm_len != sizeof(frm->new_token.data)); + frm->new_token.len = new_token_frm_len; + LIST_APPEND(&frm_list, &frm->list); } /* Initialize connection IDs minus one: there is