Skip to content

feat(s2n-quic-transport): add mitigation for optimistic ack attack #1986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
camshaft merged 8 commits into from
Oct 11, 2023
Merged

feat(s2n-quic-transport): add mitigation for optimistic ack attack #1986

camshaft merged 8 commits into from
Oct 11, 2023

Conversation

@toidiu
Copy link
Contributor

@toidiu toidiu commented Oct 5, 2023
edited
Loading

Resolved issues:

#1962

Description of changes:

The RFC actually does a decent job of describing the issue:

An endpoint that acknowledges packets it has not received might cause a congestion controller to permit sending at rates beyond what the network supports. An endpoint MAY skip packet numbers when sending packets to detect this behavior. An endpoint can then immediately close the connection with a connection error of type PROTOCOL_VIOLATION

This PR implements packet skipping for Opt Ack mitigation. I also added events to make this easier to test/introspect upon.

Callouts

I fixed a few new clippy lints in the PR.

Testing:

  • Unit and integration tests.
  • I would also like to add a negative test where we receive an Ack and close the connection. I tested this case manually but need to expose the functionality in the packet_interceptor to write this test. To keep this PR small I'll do this in a followup PR.

Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed? -->

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@toidiu toidiu force-pushed the ak-ack_mitigation branch from e77ff36 to e8614d8 Compare October 5, 2023 20:03
@toidiu toidiu marked this pull request as ready for review October 5, 2023 20:04
@toidiu toidiu closed this Oct 5, 2023
@toidiu toidiu deleted the ak-ack_mitigation branch October 5, 2023 21:43
@toidiu toidiu restored the ak-ack_mitigation branch October 5, 2023 21:45
@toidiu toidiu reopened this Oct 5, 2023
@toidiu toidiu requested a review from camshaft October 5, 2023 21:46
@toidiu toidiu force-pushed the ak-ack_mitigation branch 2 times, most recently from 99c6729 to badc0bc Compare October 9, 2023 19:22
camshaft
camshaft reviewed Oct 10, 2023
View reviewed changes
@toidiu toidiu force-pushed the ak-ack_mitigation branch from badc0bc to 18e5347 Compare October 11, 2023 06:15
@toidiu toidiu force-pushed the ak-ack_mitigation branch from 18e5347 to 8457b87 Compare October 11, 2023 06:16
@toidiu toidiu force-pushed the ak-ack_mitigation branch from a7e454a to fd15fb9 Compare October 11, 2023 06:46
camshaft
camshaft reviewed Oct 11, 2023
View reviewed changes
quic/s2n-quic/src/tests/skip_packets.rs
let client_subscriber = recorder::PacketSkipped::new();
let client_events = server_subscriber.events();
test(model, |handle| {
let mut server = Server::builder()
Copy link
Contributor

@camshaft camshaft Oct 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we seed the random provider and assert an exact skip count? You could then run the test a few times with different seeds.

Copy link
Contributor

@camshaft camshaft Oct 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Speaking of: we need to set the seeds for all of the other tests since this PR introduces non-determinism

Copy link
Contributor Author

@toidiu toidiu Oct 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed here 31d8f0d

You could then run the test a few times with different seeds.
I tested with different seeds locally. Please let me know if I interpreted your suggestion incorrectly.

@toidiu toidiu requested a review from camshaft October 11, 2023 17:39
@camshaft camshaft merged commit 7ef5824 into main Oct 11, 2023
@camshaft camshaft deleted the ak-ack_mitigation branch October 11, 2023 19:44
@camshaft camshaft mentioned this pull request Oct 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@camshaft camshaft camshaft approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@toidiu @camshaft