Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add Transport config options to limit the number of handshakes #4248

Merged
merged 3 commits into from
Jan 23, 2024
Merged

add Transport config options to limit the number of handshakes #4248

merged 3 commits into from
Jan 23, 2024

Conversation

marten-seemann
Copy link
Member

Fixes #3549.

@marten-seemann marten-seemann added this to the v0.42 milestone Jan 18, 2024
@marten-seemann marten-seemann force-pushed the server-accept-closed-connections branch from 908a1ae to 28c730d Compare January 19, 2024 06:29
@marten-seemann marten-seemann changed the base branch from server-accept-closed-connections to master January 19, 2024 06:49
@codecov Codecov
Copy link

codecov bot commented Jan 19, 2024
edited
Loading

Codecov Report

Attention: 8 lines in your changes are missing coverage. Please review.

Comparison is base (594440b) 84.09% compared to head (ded0673) 84.08%.
Report is 1 commits behind head on master.

Files Patch % Lines
server.go 88.57% 6 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4248      +/-   ##
==========================================
- Coverage   84.09%   84.08%   -0.00%     
==========================================
  Files         150      150              
  Lines       15401    15431      +30     
==========================================
+ Hits        12950    12975      +25     
- Misses       1950     1953       +3     
- Partials      501      503       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@marten-seemann marten-seemann mentioned this pull request Jan 19, 2024
Merged
marten-seemann
marten-seemann commented Jan 19, 2024
View reviewed changes
transport.go Outdated
@@ -18,6 +18,11 @@ import (

var errListenerAlreadySet = errors.New("listener already set")

const (
defaultMaxNumUnvalidatedHandshakes = 32
defaultMaxNumHandshakes = 64
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These values seem unreasonably low.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should set defaultMaxNumHandshakes to unlimited? It's really hard to pick a limit that fits for all.

Copy link
Collaborator

@sukunrt sukunrt Jan 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

64 feels too low for defaultMaxNumHandshakes. This number is way too easy to DoS for even very small machines. I think a high value > 1000 is better. I think unlimited is also better than this being < 1000.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to unlimited in 77ede93. Not entirely happy with that, but we can always change it later once we come up with a better value.

@marten-seemann marten-seemann mentioned this pull request Jan 21, 2024
Open
sukunrt
sukunrt requested changes Jan 22, 2024
View reviewed changes
server.go Outdated Show resolved Hide resolved
@marten-seemann marten-seemann merged commit 892851e into master Jan 23, 2024
34 checks passed
@marten-seemann marten-seemann deleted the retry-config branch January 23, 2024 05:06
@marten-seemann marten-seemann mentioned this pull request Jan 23, 2024
Closed
mgjeong pushed a commit to mgjeong/quic-go that referenced this pull request Feb 13, 2024
@marten-seemann @mgjeong
add Transport config options to limit the number of handshakes (quic-…
09adfa6 
…go#4248)

* add Transport config options to limit the number of handshakes

* fix accounting for failed handshakes

* increase handshake limits, improve documentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sukunrt sukunrt sukunrt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.42
Development

Successfully merging this pull request may close these issues.

How to best implement address validation callback
2 participants
@marten-seemann @sukunrt