Adds connection limits config

Author: maddeleine

quic/s2n-quic-core/src/connection/limits.rs

@@ -39,6 +39,7 @@ const MAX_KEEP_ALIVE_PERIOD_DEFAULT: Duration = Duration::from_secs(30);
 pub const ANTI_AMPLIFICATION_MULTIPLIER: u8 = 3;
 
 pub const DEFAULT_STREAM_BATCH_SIZE: u8 = 1;
+pub const DEFAULT_STORED_PACKET_SIZE: usize = 0;
 
 #[non_exhaustive]
 #[derive(Debug)]
@@ -104,6 +105,7 @@ pub struct Limits {
     pub(crate) migration_support: MigrationSupport,
     pub(crate) anti_amplification_multiplier: u8,
     pub(crate) stream_batch_size: u8,
+    pub(crate) stored_packet_size: usize,
 }
 
 impl Default for Limits {
@@ -151,6 +153,7 @@ impl Limits {
             migration_support: MigrationSupport::RECOMMENDED,
             anti_amplification_multiplier: ANTI_AMPLIFICATION_MULTIPLIER,
             stream_batch_size: DEFAULT_STREAM_BATCH_SIZE,
+            stored_packet_size: DEFAULT_STORED_PACKET_SIZE,
         }
     }
 
@@ -254,6 +257,7 @@ impl Limits {
         u64
     );
     setter!(with_stream_batch_size, stream_batch_size, u8);
+    setter!(with_stored_packet_size, stored_packet_size, usize);
     setter!(with_ack_elicitation_interval, ack_elicitation_interval, u8);
     setter!(with_max_ack_ranges, ack_ranges_limit, u8);
     setter!(
@@ -422,6 +426,12 @@ impl Limits {
     pub fn stream_batch_size(&self) -> u8 {
         self.stream_batch_size
     }
+
+    #[doc(hidden)]
+    #[inline]
+    pub fn stored_packet_size(&self) -> usize {
+        self.stored_packet_size
+    }
 }
 
 #[must_use]

quic/s2n-quic-transport/src/connection/connection_impl.rs

@@ -364,7 +364,7 @@ impl<Config: endpoint::Config> ConnectionImpl<Config> {
             // use `from` instead of `into` so the location is correctly captured
             Poll::Ready(Err(err)) => return Err(connection::Error::from(err)),
             Poll::Pending => {
-                // Process stored handshake packets if the handshake space was created during the last poll crypto call
+                // Process stored handshake packets if the handshake space was recently created
                 if self.space_manager.handshake().is_some()
                     && self.stored_packet_type == Some(PacketNumberSpace::Handshake)
                 {
@@ -1620,8 +1620,12 @@ impl<Config: endpoint::Config> connection::Trait for ConnectionImpl<Config> {
                 //# The client MAY drop these packets, or it MAY buffer them in anticipation
                 //# of later packets that allow it to compute the key.
 
-                self.packet_storage = packet.get_wire_bytes();
-                self.stored_packet_type = Some(PacketNumberSpace::Handshake)
+                let packet_bytes = packet.get_wire_bytes();
+                if packet_bytes.len() + self.packet_storage.len() < self.limits.stored_packet_size()
+                {
+                    self.packet_storage.extend(packet_bytes);
+                    self.stored_packet_type = Some(PacketNumberSpace::Handshake)
+                }
             } else {
                 let path = &self.path_manager[path_id];
                 publisher.on_packet_dropped(event::builder::PacketDropped {
@@ -1666,7 +1670,6 @@ impl<Config: endpoint::Config> connection::Trait for ConnectionImpl<Config> {
         //# complete.
 
         if !self.space_manager.is_handshake_complete() {
-            // We only store one packet of application data for now.
             if self.stored_packet_type.is_none() {
                 //= https://www.rfc-editor.org/rfc/rfc9001#section-4.1.4
                 //# However, a TLS implementation could perform some of its processing
@@ -1684,8 +1687,14 @@ impl<Config: endpoint::Config> connection::Trait for ConnectionImpl<Config> {
                 //# The client MAY drop these packets, or it MAY buffer them in anticipation
                 //# of later packets that allow it to compute the key.
 
-                self.packet_storage = packet.get_wire_bytes();
-                self.stored_packet_type = Some(PacketNumberSpace::ApplicationData);
+                let packet_bytes = packet.get_wire_bytes();
+                if packet_bytes.len() < self.limits.stored_packet_size() {
+                    // We only store one packet of application data for now. This is due to the fact that
+                    // short packets do not contain a length prefix, therefore, we would have to store additional
+                    // length info per packet to properly parse them once the application space is created.
+                    self.packet_storage = packet_bytes;
+                    self.stored_packet_type = Some(PacketNumberSpace::ApplicationData)
+                }
             } else {
                 let path = &self.path_manager[path_id];
                 publisher.on_packet_dropped(event::builder::PacketDropped {

quic/s2n-quic/src/tests/slow_tls.rs

@@ -5,7 +5,10 @@
 fn slow_tls() {
     use super::*;
     use crate::provider::tls::default;
-    use s2n_quic_core::crypto::tls::testing::certificates::{CERT_PEM, KEY_PEM};
+    use s2n_quic_core::{
+        connection::limits::Limits,
+        crypto::tls::testing::certificates::{CERT_PEM, KEY_PEM},
+    };
 
     let model = Model::default();
 
@@ -27,15 +30,20 @@ fn slow_tls() {
         endpoint: client_endpoint,
     };
 
+    // Connections will store up to 4000 bytes of packets that can't be processed yet
+    let limits = Limits::default().with_stored_packet_size(4000).unwrap();
+
     test(model, |handle| {
         let server = Server::builder()
             .with_io(handle.builder().build()?)?
+            .with_limits(limits)?
             .with_tls(slow_server)?
             .start()?;
 
         let client = Client::builder()
             .with_io(handle.builder().build().unwrap())?
             .with_tls(slow_client)?
+            .with_limits(limits)?
             .with_event((tracing_events(), MyEvents))?
             .start()?;
         let addr = start_server(server)?;