From a4aac3901318dac95a394632d4886a55a5ff2bf7 Mon Sep 17 00:00:00 2001 From: wangfuyu Date: Tue, 20 Sep 2022 22:29:10 +0800 Subject: [PATCH 1/3] m) Fix: ietf connection maybe abort if ack for hsk lost (#422) 1) After handshake done, handshake packets should not be sent or received. 2) IFC_ACK_QUED_HSK will be cancelled from conn->ifc_flags after handshake done, but it maybe set again if ACKs for handshake lost(Function: should_generate_ack). Co-authored-by: ivanfywang --- src/liblsquic/lsquic_full_conn_ietf.c | 2 +- src/liblsquic/lsquic_send_ctl.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/liblsquic/lsquic_full_conn_ietf.c b/src/liblsquic/lsquic_full_conn_ietf.c index c8c9575..e409d48 100644 --- a/src/liblsquic/lsquic_full_conn_ietf.c +++ b/src/liblsquic/lsquic_full_conn_ietf.c @@ -1886,7 +1886,7 @@ generate_ack_frame_for_pns (struct ietf_full_conn *conn, &conn->ifc_rechist[pns], now, &has_missing, &packet_out->po_ack2ed, ecn_counts); if (w < 0) { - ABORT_ERROR("generating ACK frame failed: %d", errno); + ABORT_ERROR("%s generating ACK frame failed: %d", lsquic_pns2str[pns], errno); return -1; } CONN_STATS(out.acks, 1); diff --git a/src/liblsquic/lsquic_send_ctl.c b/src/liblsquic/lsquic_send_ctl.c index 70a291e..7d2861d 100644 --- a/src/liblsquic/lsquic_send_ctl.c +++ b/src/liblsquic/lsquic_send_ctl.c @@ -3424,6 +3424,8 @@ lsquic_send_ctl_empty_pns (struct lsquic_send_ctl *ctl, enum packnum_space pns) lsquic_alarmset_unset(ctl->sc_alset, AL_RETX_INIT + pns); + ctl->sc_flags &= ~(SC_LOST_ACK_INIT << pns); + LSQ_DEBUG("emptied %s, destroyed %u packet%.*s", lsquic_pns2str[pns], count, count != 1, "s"); } From d5602cd335d40c345d4b674183f4bedb3138f03d Mon Sep 17 00:00:00 2001 From: M-BELLAHCENE <34917424+M-BELLAHCENE@users.noreply.github.com> Date: Tue, 20 Sep 2022 16:36:21 +0200 Subject: [PATCH 2/3] LSQUIC_TESTS=OFF, LSQUIC_BIN=OFF : Remove getopt.h error : Build will succeed. (#420) * link fix when using lsquic in a cpp project * Update CMakeLists.txt Co-authored-by: MBellahcene --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index db5c8a2..fa9daa2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -232,7 +232,7 @@ IF(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "Darwin") ENDIF() IF (CMAKE_SYSTEM_NAME STREQUAL Windows) - FIND_PATH(GETOPT_INCLUDE_DIR NAMES getopt.h) + FIND_PATH(GETOPT_INCLUDE_DIR NAMES getopt.h AND LSQUIC_TESTS AND LSQUIC_BIN) IF (GETOPT_INCLUDE_DIR) INCLUDE_DIRECTORIES(${GETOPT_INCLUDE_DIR}) ELSE() From a5b89b62b554a06728837daec41a554f5cf235e3 Mon Sep 17 00:00:00 2001 From: Pluto Date: Wed, 21 Sep 2022 01:44:39 +0800 Subject: [PATCH 3/3] [fix] assertion failure if poison packet was acked (#416) Description: - Error may occur while processing ack frame, e.g. poison packet was acked by hostile attack. and then conn is supposed to be aborted, shortly but not immediately; - if ack frame processing failed while calling lsquic_engine_packet_in, and IFC_HAVE_SAVED_ACK had been set, then saved ack frame will be processed while ticking connection before it is aborted, that may lead to assert failure; Solution: - close connection if neccessary before processing ack while ci_tick. --- src/liblsquic/lsquic_full_conn.c | 2 ++ src/liblsquic/lsquic_full_conn_ietf.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/liblsquic/lsquic_full_conn.c b/src/liblsquic/lsquic_full_conn.c index 81632dd..4ec7027 100644 --- a/src/liblsquic/lsquic_full_conn.c +++ b/src/liblsquic/lsquic_full_conn.c @@ -3411,6 +3411,8 @@ full_conn_ci_tick (lsquic_conn_t *lconn, lsquic_time_t now) ++conn->fc_stats.n_ticks; #endif + CLOSE_IF_NECESSARY(); + if (LSQ_LOG_ENABLED(LSQ_LOG_DEBUG) && conn->fc_mem_logged_last + 1000000 <= now) { diff --git a/src/liblsquic/lsquic_full_conn_ietf.c b/src/liblsquic/lsquic_full_conn_ietf.c index e409d48..2910a62 100644 --- a/src/liblsquic/lsquic_full_conn_ietf.c +++ b/src/liblsquic/lsquic_full_conn_ietf.c @@ -8201,6 +8201,8 @@ ietf_full_conn_ci_tick (struct lsquic_conn *lconn, lsquic_time_t now) CONN_STATS(n_ticks, 1); + CLOSE_IF_NECESSARY(); + if (conn->ifc_flags & IFC_HAVE_SAVED_ACK) { (void) /* If there is an error, we'll fail shortly */