Break linkability on client-side after planned migration

The server switches to a new CID as well, but it sends a path-challenge on the old path with the new CID. So it is still possible to trace back the connection to the old path after the client switches to a new socket.
quinn-rs · Apr 2, 2024 · c2ac17e · c2ac17e
1 parent 4822fd4
commit c2ac17e
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 1 deletion.
diff --git a/quinn-proto/src/connection/mod.rs b/quinn-proto/src/connection/mod.rs
@@ -2907,7 +2907,7 @@ impl Connection {
     }
 
     /// Switch to a previously unused remote connection ID, if possible
-    fn update_rem_cid(&mut self) {
+    pub fn update_rem_cid(&mut self) {
         let (reset_token, retired) = match self.rem_cids.next() {
             Some(x) => x,
             None => return,

diff --git a/quinn/src/connection.rs b/quinn/src/connection.rs
@@ -915,6 +915,9 @@ impl State {
     ) -> Result<(), ConnectionError> {
         loop {
             match self.conn_events.poll_recv(cx) {
+                Poll::Ready(Some(ConnectionEvent::UpdateRemoteConnectionId)) => {
+                    self.inner.update_rem_cid();
+                }
                 Poll::Ready(Some(ConnectionEvent::Ping)) => {
                     self.inner.ping();
                 }

diff --git a/quinn/src/endpoint.rs b/quinn/src/endpoint.rs
@@ -218,6 +218,7 @@ impl Endpoint {
         // Generate some activity so peers notice the rebind
         for sender in inner.connections.senders.values() {
             // Ignoring errors from dropped connections
+            let _ = sender.send(ConnectionEvent::UpdateRemoteConnectionId);
             let _ = sender.send(ConnectionEvent::Ping);
         }
 

diff --git a/quinn/src/lib.rs b/quinn/src/lib.rs
@@ -96,6 +96,7 @@ enum ConnectionEvent {
     },
     Proto(proto::ConnectionEvent),
     Ping,
+    UpdateRemoteConnectionId,
 }
 
 #[derive(Debug)]