Allow app to accept/reject/retry before handshake begins #1752

Subsequent commits will allow the user to achieve the removed behavior manually and more flexibly. - Removes concurrent_connections from ServerConfig, as well as corresponding check in early_validate_first_packet. - Adds ConnectionError::CidsExhausted error, although it is not yet instantiated. - Renames ConnectError variant TooManyConnections to CidsExhausted. - Renames proto Endpoint internal method is_full to cids_exhausted. - Adds method open_connections to Endpoint (both proto and quinn). - Removes Endpoint method reject_new_connection from Endpoint (both proto and quinn). - Deletes obselete tests concurrent_connections_full and reject_new_connections.

This commit factors out the two fields of a quinn::Endpoint's State necessary to process a proto::Transmit into a new sub-struct, TransmitState. This is to alleviate borrowing issues, because proto::Transmit will soon be called from more call sites than previously. The bulk of this code change is just moving around existing code. Co-authored-by: Dirkjan Ochtman <dirkjan@ochtman.nl>

This commit refactors the logic for a quinn_proto::Endpoint accepting an incoming connection so that it constructs an explicit Incoming struct containing all the necessary state to accept/reject/retry the connection-creating packet. However, the external API stays the same. The bulk of this code change is just moving around existing code. Additionally, adds some gitignore lines I was using for coverage testing.

This commit removes use_retry from the server config and provides a public API for the user to manually accept/refuse/retry incoming connections before a handshake begins, and inspect properties such as an incoming connection's remote address and whether that address is validated when doing so. In quinn-proto, Incoming is made public, as well as Endpoint's accept/ refuse/retry methods which operate on it. The DatagramEvent::NewConnection event is modified to return an incoming but not yet accepted connection. In quinn, awaiting Endpoint::accept now yields a new quinn::Incoming type, rather than quinn::Connecting. The new quinn::Incoming type has all the methods its quinn_proto equivalent has, as well as an accept method to (fallibly) transition it into a Connecting, and also refuse, retry, and ignore methods. Furthermore, quinn::Incoming implements IntoFuture with the output type Result<Connection, ConnectionError>>, which is the same as the Future output type of Connecting. This lets server code which was straightforwardly awaiting the result of quinn::Endpoint::accept work with little to no modification. The test accept_after_close was removed because the functionality it was testing for no longer exists.

This commit adds a new --block option to the server example to illustate in a simplified way the general structure one would use to implement IP address blocking with the new accept/reject/retry API. For example: cargo run --example server ./ --listen 127.0.0.1:4433 --stateless-retry --block 127.0.0.1:8065 cargo run --example client https://127.0.0.1:4433/Cargo.toml --host localhost --bind 127.0.0.1:8065 One thing to note is that that example places the reject condition before the retry condition. This expends slightly less effort rejecting connections, but does create a blocked IP address oracle for an attacker who can do address spoofing.

This commit adds a new --connection-limit option to the server example to illustrate how a user could implement a limit to the number of connections open at a time with the new "incoming" API and Endpoint::open_connections method rather than with the now-removed concurrent_connections ServerConfig parameter.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow app to accept/reject/retry before handshake begins #1752

Allow app to accept/reject/retry before handshake begins #1752

Commits on Apr 2, 2024