Release 4.2.0

Author: gwanglst

CHANGELOG

@@ -1,7 +1,12 @@
+2025-02-18
+    - 4.2.0
+    - Address hash flood attack for lsquic_hash by switching to rapidhash with stronger random seed.
+    - Fix packet packing problem for post-quantum support.
+    - Add configuration to control version negotiation and amplification factor.
+
 2024-12-16
     - 4.1.0
     - Update to ls-qpack v2.6.1 to fix a infinite loop.
-    - Fix packet packing problem for post-quantum support
     - Add lsquic_engine_get_conns_count() API
     - Updated ea_generate_scid() API
     - Fix retry packet SCID generation to follow engine API.

docs/conf.py

@@ -24,9 +24,9 @@
 author = u'LiteSpeed Technologies'
 
 # The short X.Y version
-version = u'4.1'
+version = u'4.2'
 # The full version, including alpha/beta/rc tags
-release = u'4.1.0'
+release = u'4.2.0'
 
 
 # -- General configuration ---------------------------------------------------

include/lsquic.h

@@ -26,7 +26,7 @@ extern "C" {
 #endif
 
 #define LSQUIC_MAJOR_VERSION 4
-#define LSQUIC_MINOR_VERSION 1
+#define LSQUIC_MINOR_VERSION 2
 #define LSQUIC_PATCH_VERSION 0
 
 /**
@@ -335,6 +335,12 @@ typedef struct ssl_ctx_st * (*lsquic_lookup_cert_f)(
  */
 #define LSQUIC_DF_SEND_PRST        0
 
+/**
+ * By default, LSQUIC will send Version Negotiation packets in response to
+ * packets that specify unknown versions.
+ */
+#define LSQUIC_DF_SEND_VERNEG      1
+
 /** By default, infinite loop checks are turned on */
 #define LSQUIC_DF_PROGRESS_CHECK    1000
 
@@ -398,6 +404,9 @@ typedef struct ssl_ctx_st * (*lsquic_lookup_cert_f)(
 /** Turn on timestamp extension by default */
 #define LSQUIC_DF_TIMESTAMPS 1
 
+/** default anti-amplification factor is 3 */
+#define LSQUIC_DF_AMP_FACTOR 3
+
 /* Use Adaptive CC by default */
 #define LSQUIC_DF_CC_ALGO 3
 
@@ -1092,6 +1101,20 @@ struct lsquic_engine_settings {
      * Default value is @ref LSQUIC_DF_CHECK_TP_SANITY
      */
     int             es_check_tp_sanity;
+
+    /**
+     * This is the anti-amplification factor when peer address has not be verified.
+     *
+     * Default value is @ref LSQUIC_DF_AMP_FACTOR
+     */
+    int             es_amp_factor;
+
+    /**
+     * If set to true value, the library will send Version Negotiation packets
+     * in response to incoming packets with unsupported versions.
+     * The default is @ref LSQUIC_DF_SEND_VERNEG.
+     */
+    int             es_send_verneg;
 };
 
 /* Initialize `settings' to default values */

src/liblsquic/lsquic_engine.c

@@ -43,6 +43,7 @@
 #endif
 
 #include <openssl/aead.h>
+#include <openssl/rand.h>
 
 #include "lsquic.h"
 #include "lsquic_types.h"
@@ -398,6 +399,8 @@ lsquic_engine_init_settings (struct lsquic_engine_settings *settings,
     settings->es_ptpc_err_divisor= LSQUIC_DF_PTPC_ERR_DIVISOR;
     settings->es_delay_onclose   = LSQUIC_DF_DELAY_ONCLOSE;
     settings->es_check_tp_sanity = LSQUIC_DF_CHECK_TP_SANITY;
+    settings->es_amp_factor      = LSQUIC_DF_AMP_FACTOR;
+    settings->es_send_verneg     = LSQUIC_DF_SEND_VERNEG;
 }
 
 
@@ -545,6 +548,7 @@ lsquic_engine_new (unsigned flags,
     size_t alpn_len;
     unsigned i;
     char err_buf[100];
+    uint64_t seed;
 
     if (!api->ea_packets_out)
     {
@@ -669,6 +673,8 @@ lsquic_engine_new (unsigned flags,
     if (hash_conns_by_addr(engine))
         engine->flags |= ENG_CONNS_BY_ADDR;
     engine->conns_hash = lsquic_hash_create();
+    RAND_bytes((uint8_t *)&seed, 8);
+    lsquic_hash_set_seed(engine->conns_hash, seed);
     engine->pub.enp_tokgen = lsquic_tg_new(&engine->pub);
     if (!engine->pub.enp_tokgen)
         return NULL;
@@ -1094,6 +1100,8 @@ insert_conn_into_hash (struct lsquic_engine *engine, struct lsquic_conn *conn,
         {
             cce = &conn->cn_cces[n];
             assert(!(cce->cce_hash_el.qhe_flags & QHE_HASHED));
+            LSQ_DEBUGC("Insert into connection hash-table by CID %"CID_FMT,
+                    CID_BITS(&cce->cce_cid));
             if (lsquic_hash_insert(engine->conns_hash, cce->cce_cid.idbuf,
                                     cce->cce_cid.len, conn, &cce->cce_hash_el))
                 done |= 1 << n;
@@ -1413,6 +1421,8 @@ find_or_create_conn (lsquic_engine_t *engine, lsquic_packet_in_t *packet_in,
         LSQ_DEBUG("packet header does not have connection ID: discarding");
         return NULL;
     }
+    LSQ_DEBUGC("To find connection by CID %"CID_FMT,
+                    CID_BITS(&packet_in->pi_conn_id));
     el = lsquic_hash_find(engine->conns_hash,
                     packet_in->pi_conn_id.idbuf, packet_in->pi_conn_id.len);
 
@@ -1492,7 +1502,8 @@ find_or_create_conn (lsquic_engine_t *engine, lsquic_packet_in_t *packet_in,
     switch (version_matches(engine, packet_in, &version))
     {
     case VER_UNSUPPORTED:
-        if (engine->flags & ENG_SERVER)
+        if ((engine->flags & ENG_SERVER) &&
+                            engine->pub.enp_settings.es_send_verneg)
             schedule_req_packet(engine, PACKET_REQ_VERNEG, packet_in,
                                                 sa_local, sa_peer, peer_ctx);
         return NULL;
@@ -3564,8 +3575,10 @@ lsquic_engine_retire_cid (struct lsquic_engine_public *enpub,
     assert(cce_idx < conn->cn_n_cces);
 
     if (cce->cce_hash_el.qhe_flags & QHE_HASHED)
+    {
+        LSQ_DEBUGC("drop from conn hash-table CID %"CID_FMT, CID_BITS(&cce->cce_cid));
         lsquic_hash_erase(engine->conns_hash, &cce->cce_hash_el);
-
+    }
     if (engine->purga)
     {
         peer_ctx = lsquic_conn_get_peer_ctx(conn, NULL);

src/liblsquic/lsquic_full_conn_ietf.c

@@ -6210,7 +6210,6 @@ process_max_stream_data_frame (struct ietf_full_conn *conn,
                 LSQ_DEBUG("Connection closing: ignore frame");
                 return parsed_len;
             }
-
             const lsquic_stream_id_t max_allowed =
                     conn->ifc_max_allowed_stream_id[stream_id & SIT_MASK];
             if (stream_id >= max_allowed)

src/liblsquic/lsquic_hash.c

@@ -8,12 +8,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/queue.h>
+#include <time.h>
+
 #ifdef WIN32
 #include <vc_compat.h>
+#else
+#include <sys/time.h>
+#include <unistd.h>
 #endif
 
 #include "lsquic_hash.h"
-#include "lsquic_xxhash.h"
+#include "lsquic_rapidhash.h"
 
 TAILQ_HEAD(hels_head, lsquic_hash_elem);
 
@@ -26,15 +31,47 @@ struct lsquic_hash
                              qh_all;
     struct lsquic_hash_elem *qh_iter_next;
     int                    (*qh_cmp)(const void *, const void *, size_t);
-    unsigned               (*qh_hash)(const void *, size_t, unsigned seed);
+    uint64_t               (*qh_hash)(const void *, size_t, uint64_t seed);
     unsigned                 qh_count;
     unsigned                 qh_nbits;
+    uint64_t                 qh_hash_seed;
 };
 
 
+static uint64_t get_seed()
+{
+    static uint64_t seed = 0;
+    if (seed == 0)
+    {
+#if defined(WIN32)
+        LARGE_INTEGER counter;
+        QueryPerformanceCounter(&counter);
+        seed = counter.QuadPart;
+#elif defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
+        struct timespec ts;
+        (void) clock_gettime(CLOCK_MONOTONIC, &ts);
+        seed = ts.tv_sec * 1000000000 + ts.tv_nsec;
+#elif defined(__APPLE__)
+        seed = mach_absolute_time();
+#else
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        seed = tv.tv_sec * 1000000000 + tv.tv_usec * 1000;
+#endif
+        srand(seed);
+        for(unsigned i = 0; i < (seed & 0xf) + 1; ++i)
+        {
+            seed = (seed << 8) | (seed >> 56);
+            seed ^= rand();
+        }
+    }
+    return seed;
+}
+
+
 struct lsquic_hash *
 lsquic_hash_create_ext (int (*cmp)(const void *, const void *, size_t),
-                    unsigned (*hashf)(const void *, size_t, unsigned seed))
+                    uint64_t (*hashf)(const void *, size_t, uint64_t seed))
 {
     struct hels_head *buckets;
     struct lsquic_hash *hash;
@@ -62,14 +99,26 @@ lsquic_hash_create_ext (int (*cmp)(const void *, const void *, size_t),
     hash->qh_nbits     = nbits;
     hash->qh_iter_next = NULL;
     hash->qh_count     = 0;
+    hash->qh_hash_seed = get_seed() ^ (uint64_t)hash
+                        ^ ((uint64_t)buckets << 32) ^ rand();
     return hash;
 }
 
 
 struct lsquic_hash *
 lsquic_hash_create (void)
 {
-    return lsquic_hash_create_ext(memcmp, XXH32);
+    return lsquic_hash_create_ext(memcmp, rapidhash_withSeed);
+}
+
+
+int
+lsquic_hash_set_seed (struct lsquic_hash * hash, uint64_t seed)
+{
+    if (hash->qh_count > 0)
+        return -1;
+    hash->qh_hash_seed = seed;
+    return 0;
 }
 
 
@@ -119,7 +168,8 @@ struct lsquic_hash_elem *
 lsquic_hash_insert (struct lsquic_hash *hash, const void *key,
                     unsigned key_sz, void *value, struct lsquic_hash_elem *el)
 {
-    unsigned buckno, hash_val;
+    uint64_t hash_val;
+    unsigned buckno;
 
     if (el->qhe_flags & QHE_HASHED)
         return NULL;
@@ -128,7 +178,7 @@ lsquic_hash_insert (struct lsquic_hash *hash, const void *key,
                                             0 != lsquic_hash_grow(hash))
         return NULL;
 
-    hash_val = hash->qh_hash(key, key_sz, (uintptr_t) hash);
+    hash_val = hash->qh_hash(key, key_sz, hash->qh_hash_seed);
     buckno = BUCKNO(hash->qh_nbits, hash_val);
     TAILQ_INSERT_TAIL(&hash->qh_all, el, qhe_next_all);
     TAILQ_INSERT_TAIL(&hash->qh_buckets[buckno], el, qhe_next_bucket);
@@ -145,10 +195,11 @@ lsquic_hash_insert (struct lsquic_hash *hash, const void *key,
 struct lsquic_hash_elem *
 lsquic_hash_find (struct lsquic_hash *hash, const void *key, unsigned key_sz)
 {
-    unsigned buckno, hash_val;
+    uint64_t hash_val;
+    unsigned buckno;
     struct lsquic_hash_elem *el;
 
-    hash_val = hash->qh_hash(key, key_sz, (uintptr_t) hash);
+    hash_val = hash->qh_hash(key, key_sz, hash->qh_hash_seed);
     buckno = BUCKNO(hash->qh_nbits, hash_val);
     TAILQ_FOREACH(el, &hash->qh_buckets[buckno], qhe_next_bucket)
         if (hash_val == el->qhe_hash_val &&

src/liblsquic/lsquic_hash.h

@@ -6,6 +6,8 @@
 #ifndef LSQUIC_HASH_H
 #define LSQUIC_HASH_H
 
+#include <inttypes.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -20,7 +22,7 @@ struct lsquic_hash_elem
     const void     *qhe_key_data;
     void           *qhe_value;
     unsigned        qhe_key_len;
-    unsigned        qhe_hash_val;
+    uint64_t        qhe_hash_val;
     enum {
         QHE_HASHED  = 1 << 0,
     }               qhe_flags;
@@ -31,7 +33,10 @@ lsquic_hash_create (void);
 
 struct lsquic_hash *
 lsquic_hash_create_ext (int (*cmp)(const void *, const void *, size_t),
-                    unsigned (*hash)(const void *, size_t, unsigned seed));
+                    uint64_t (*hash)(const void *, size_t, uint64_t seed));
+
+int
+lsquic_hash_set_seed (struct lsquic_hash *, uint64_t seed);
 
 void
 lsquic_hash_destroy (struct lsquic_hash *);

src/liblsquic/lsquic_mini_conn_ietf.c

@@ -318,11 +318,11 @@ imico_stream_write (void *stream, const void *bufp, size_t bufsz)
         if (!packet_out)
             return -1;
         // NOTE: reduce the size of first crypto frame to combine packets
-        int avail = lsquic_packet_out_avail(packet_out);
+        unsigned avail = lsquic_packet_out_avail(packet_out);
         int coalescing = 0;
         if (cryst->mcs_enc_level == ENC_LEV_HSK
             && cryst->mcs_write_off == 0
-            && avail > (int)conn->imc_hello_pkt_remain - conn->imc_long_header_sz)
+            && avail > (unsigned)conn->imc_hello_pkt_remain - conn->imc_long_header_sz)
         {
             avail = conn->imc_hello_pkt_remain - conn->imc_long_header_sz;
             conn->imc_hello_pkt_remain = 0;
@@ -339,7 +339,7 @@ imico_stream_write (void *stream, const void *bufp, size_t bufsz)
         packet_out->po_data_sz += len;
         packet_out->po_frame_types |= 1 << QUIC_FRAME_CRYPTO;
         packet_out->po_flags |= PO_HELLO;
-        if (coalescing && len < avail)
+        if (coalescing && len < (int)avail)
         {
             LSQ_DEBUG("generated PADDING frame: %d bytes for packet %"PRIu64,
                          avail - len, packet_out->po_packno);
@@ -810,7 +810,8 @@ static int
 imico_can_send (const struct ietf_mini_conn *conn, size_t size)
 {
     return (conn->imc_flags & IMC_ADDR_VALIDATED)
-        || conn->imc_bytes_in * 3 >= conn->imc_bytes_out + size
+        || conn->imc_bytes_in * conn->imc_enpub->enp_settings.es_amp_factor
+                        >= conn->imc_bytes_out + size
         ;
 }
 
@@ -2331,6 +2332,8 @@ ietf_mini_conn_ci_tick (struct lsquic_conn *lconn, lsquic_time_t now)
                     (IMC_HAVE_TP|IMC_ADDR_VALIDATED|IMC_BAD_TRANS_PARAMS))
                             && conn->imc_enpub->enp_settings.es_support_srej)
     {
+        if (conn->imc_flags & IMC_ERROR)
+            goto close_on_error;
         LSQ_DEBUG("Peer not validated and do not have transport parameters "
             "on the first tick: retry");
         return TICK_RETRY|TICK_CLOSE;
@@ -2356,7 +2359,7 @@ ietf_mini_conn_ci_tick (struct lsquic_conn *lconn, lsquic_time_t now)
   close_on_error:
         if (!(conn->imc_flags & IMC_CLOSE_RECVD))
             imico_generate_conn_close(conn);
-        tick |= TICK_CLOSE;
+        tick = TICK_CLOSE;
     }
     else if (conn->imc_flags & IMC_HSK_OK)
     {

src/liblsquic/lsquic_pr_queue.c

@@ -37,7 +37,7 @@
 #include "lsquic_engine_public.h"
 #include "lsquic_sizes.h"
 #include "lsquic_handshake.h"
-#include "lsquic_xxhash.h"
+#include "lsquic_rapidhash.h"
 #include "lsquic_crand.h"
 
 #define LSQUIC_LOGGER_MODULE LSQLM_PRQ
@@ -134,13 +134,13 @@ comp_reqs (const void *s1, const void *s2, size_t n)
 }
 
 
-static unsigned
-hash_req (const void *p, size_t len, unsigned seed)
+static uint64_t
+hash_req (const void *p, size_t len, uint64_t seed)
 {
     const struct packet_req *req;
 
     req = p;
-    return XXH32(req->pr_dcid.idbuf, req->pr_dcid.len, seed);
+    return rapidhash_withSeed(req->pr_dcid.idbuf, req->pr_dcid.len, seed);
 }