Summary:
This implements the connection ID validation via transport parameters. Note we don't do anything with the retry transport parameter yet.
This will probably require further surgery to tests when we want the MVFST version to do this, but for now I'm punting on that test plumbing.
This retains support for h3-27.
Reviewed By: yangchi
Differential Revision: D22045631
fbshipit-source-id: e93841e734c0683655c751d808fd90b3b391eb3e
Summary: I think this is still within specs requirement
Reviewed By: mjoras
Differential Revision: D21648049
fbshipit-source-id: 990e84740e1022955d7dd8957ce9131602536a63
Summary:
Becuase when we clone an existing packet, the logic inside the current
writetStreamFrameHeader is no longer correct.
Reviewed By: mjoras
Differential Revision: D21383828
fbshipit-source-id: 8e6bbb048eefd97ca7cf17b89edc2f395f274a73
Summary:
Now we won't have a zero PTO and we will properly clear out the outstanding packets.
Note that this cipher dropping is not what the draft prescribes, instead dropping both the initial and handshake ciphers when we know 1-rtt communication is functioning.
Reviewed By: yangchi
Differential Revision: D20388737
fbshipit-source-id: 0b89eb80c8faa796ab09eda3eaa10a00dcf7bae9
Summary:
This is a safer default than allowing limited on the source address not matching.
While here, also change the attemptEarlyData setting to false, since 0-rtt should be opt-in.
Reviewed By: yangchi, JunqiWang
Differential Revision: D21383402
fbshipit-source-id: b60fbbbe9438861eea894cb11ccb8bae2243a174
Summary:
Currently the packet builder contructor will encode the packet
builder. This is fine when the builder creates its own output buffer. If later
on we decides not to use this builder, or it fails to build packet, the buffer
will be thrown away. But once the builder uses a buffer provided by caller, and
will be reused, we can no longer just throw it away if we decide not to use
this builder. So we have to delay the header encoding until we know we will use
the builder.
This is still not enough to solve the case where we want to use this builder,
it builds, then it fails . For that, we will need to retreat the tail position
of the IOBuf.
Reviewed By: mjoras
Differential Revision: D21000658
fbshipit-source-id: 4d758b3e260463b17c870618ba68bd4b898a7d4c
Summary: We may have a bug in recvmmsg usage, so keep this around.
Reviewed By: lnicco
Differential Revision: D21246413
fbshipit-source-id: e39d74b8e856339d0022ba403969b83dc29ff63f
Summary: This is essentially duplicated code, as if recvmmsg is not available the netops wrapper will simulate it with multiple calls.
Reviewed By: yangchi
Differential Revision: D21150890
fbshipit-source-id: 0e48e8a80f4ddc90df69c3e57cecc96dbc3f0913
Summary: This makes the change for the client to use stateless retries
Reviewed By: mjoras
Differential Revision: D19657433
fbshipit-source-id: d4b34087d15e49153860a7833ed54e28c6cd6777
Summary: This adds the ability to verify the integrity token present in a retry packet, as per section 5.8 of the QUIC-TLS draft (https://fburl.com/kw9l8dvu). This doesn't change any existing functionality.
Reviewed By: mjoras
Differential Revision: D19631864
fbshipit-source-id: 2ff8288986b3e27c85fe885b132ab6753fed3be8
