Skip to content

Commit

Permalink
add an AddrVerified field to the ClientHelloInfo (#4360)
Browse files Browse the repository at this point in the history
* add an AddressVerified field to the ClientHelloInfo

* rename ClientHelloInfo.AddressVerififed to ClientHelloInfo.AddrVerififed
  • Loading branch information
marten-seemann authored Mar 11, 2024
1 parent f147639 commit ca787d6
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
10 changes: 8 additions & 2 deletions integrationtests/self/handshake_rtt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,10 @@ var _ = Describe("Handshake RTT tests", func() {
context.Background(),
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
getQuicConfig(&quic.Config{GetConfigForClient: func(info *quic.ClientHelloInfo) (*quic.Config, error) {
Expect(info.AddrVerified).To(BeTrue())
return nil, nil
}}),
)
Expect(err).ToNot(HaveOccurred())
defer conn.CloseWithError(0, "")
Expand All @@ -94,7 +97,10 @@ var _ = Describe("Handshake RTT tests", func() {
context.Background(),
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
getQuicConfig(&quic.Config{GetConfigForClient: func(info *quic.ClientHelloInfo) (*quic.Config, error) {
Expect(info.AddrVerified).To(BeFalse())
return nil, nil
}}),
)
Expect(err).ToNot(HaveOccurred())
defer conn.CloseWithError(0, "")
Expand Down
7 changes: 7 additions & 0 deletions interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,8 +333,15 @@ type Config struct {
Tracer func(context.Context, logging.Perspective, ConnectionID) *logging.ConnectionTracer
}

// ClientHelloInfo contains information about an incoming connection attempt.
type ClientHelloInfo struct {
// RemoteAddr is the remote address on the Initial packet.
// Unless AddrVerified is set, the address is not yet verified, and could be a spoofed IP address.
RemoteAddr net.Addr
// AddrVerified says if the remote address was verified using QUIC's Retry mechanism.
// Note that the Retry mechanism costs one network roundtrip,
// and is not performed unless Transport.MaxUnvalidatedHandshakes is surpassed.
AddrVerified bool
}

// ConnectionState records basic details about a QUIC connection
Expand Down
5 changes: 4 additions & 1 deletion server.go
Original file line number Diff line number Diff line change
Expand Up @@ -639,7 +639,10 @@ func (s *baseServer) handleInitialImpl(p receivedPacket, hdr *wire.Header) error
tracingID := nextConnTracingID()
config := s.config
if s.config.GetConfigForClient != nil {
conf, err := s.config.GetConfigForClient(&ClientHelloInfo{RemoteAddr: p.remoteAddr})
conf, err := s.config.GetConfigForClient(&ClientHelloInfo{
RemoteAddr: p.remoteAddr,
AddrVerified: clientAddrValidated,
})
if err != nil {
s.logger.Debugf("Rejecting new connection due to GetConfigForClient callback")
delete(s.zeroRTTQueues, hdr.DestConnectionID)
Expand Down

0 comments on commit ca787d6

Please sign in to comment.