QUIC TXP: Do not generate full-size packets when sending CC-excess probes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)

diff --git a/include/internal/quic_txp.h b/include/internal/quic_txp.h
index 2a503770bc8646658a3074781c9a979caeadd2c9..ed11f09fa05f06ed755fa8b21324a0e513cdb5a1 100644 (file)
--- a/include/internal/quic_txp.h
+++ b/include/internal/quic_txp.h
@@ -68,10 +68,10 @@ typedef void (ossl_quic_initial_token_free_fn)(const unsigned char *buf,
 void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp);
 
 /* Generate normal packets containing most frame types. */
-#define TX_PACKETISER_ARCHETYPE_NORMAL      0
-/* Generate ACKs only. */
-#define TX_PACKETISER_ARCHETYPE_ACK_ONLY    1
-#define TX_PACKETISER_ARCHETYPE_NUM         2
+#define TX_PACKETISER_ARCHETYPE_NORMAL              0
+/* Generate ACKs and PINGs only. */
+#define TX_PACKETISER_ARCHETYPE_ACK_AND_PING_ONLY   1
+#define TX_PACKETISER_ARCHETYPE_NUM                 2
 
 /*
  * Generates a datagram by polling the various ELs to determine if they want to

diff --git a/ssl/quic/quic_txp.c b/ssl/quic/quic_txp.c
index e008255b22da532e4ff29ba54950f64b878a498a..959186d4a64be44260b20e252bd8c776451c5ac0 100644 (file)
--- a/ssl/quic/quic_txp.c
+++ b/ssl/quic/quic_txp.c
@@ -661,10 +661,10 @@ static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_
             /*allow_new_token                 =*/ 0,
             /*allow_force_ack_eliciting       =*/ 1,
         },
-        /* EL 0(INITIAL) - Archetype 1(ACK_ONLY) */
+        /* EL 0(INITIAL) - Archetype 1(ACK_AND_PING_ONLY) */
         {
             /*allow_ack                       =*/ 1,
-            /*allow_ping                      =*/ 0,
+            /*allow_ping                      =*/ 1,
             /*allow_crypto                    =*/ 0,
             /*allow_handshake_done            =*/ 0,
             /*allow_path_challenge            =*/ 0,
@@ -698,10 +698,10 @@ static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_
             /*allow_new_token                 =*/ 0,
             /*allow_force_ack_eliciting       =*/ 1,
         },
-        /* EL 1(HANDSHAKE) - Archetype 1(ACK_ONLY) */
+        /* EL 1(HANDSHAKE) - Archetype 1(ACK_AND_PING_ONLY) */
         {
             /*allow_ack                       =*/ 1,
-            /*allow_ping                      =*/ 0,
+            /*allow_ping                      =*/ 1,
             /*allow_crypto                    =*/ 0,
             /*allow_handshake_done            =*/ 0,
             /*allow_path_challenge            =*/ 0,
@@ -735,10 +735,10 @@ static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_
             /*allow_new_token                 =*/ 0,
             /*allow_force_ack_eliciting       =*/ 0,
         },
-        /* EL 2(0RTT) - Archetype 1(ACK_ONLY) */
+        /* EL 2(0RTT) - Archetype 1(ACK_AND_PING_ONLY) */
         {
             /*allow_ack                       =*/ 0,
-            /*allow_ping                      =*/ 0,
+            /*allow_ping                      =*/ 1,
             /*allow_crypto                    =*/ 0,
             /*allow_handshake_done            =*/ 0,
             /*allow_path_challenge            =*/ 0,
@@ -772,10 +772,10 @@ static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_
             /*allow_new_token                 =*/ 1,
             /*allow_force_ack_eliciting       =*/ 1,
         },
-        /* EL 3(1RTT) - Archetype 1(ACK_ONLY) */
+        /* EL 3(1RTT) - Archetype 1(ACK_AND_PING_ONLY) */
         {
             /*allow_ack                       =*/ 1,
-            /*allow_ping                      =*/ 0,
+            /*allow_ping                      =*/ 1,
             /*allow_crypto                    =*/ 0,
             /*allow_handshake_done            =*/ 0,
             /*allow_path_challenge            =*/ 0,
@@ -999,10 +999,13 @@ static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp, uint32_t enc_level,
     /* Determine the limit CC imposes on what we can send. */
     if (!cc_can_send) {
         /*
-         * If we are called when we cannot send, this must be because we want
-         * to generate a probe. In this circumstance, don't clamp based on CC.
+         * If we are called when we cannot send, this must be because we want to
+         * generate a probe. In this circumstance, don't clamp based on CC, but
+         * don't add application data and limit ourselves to generating a small
+         * packet containing only PING and ACK frames.
          */
-        cc_limit = SIZE_MAX;
+        cc_limit  = SIZE_MAX;
+        archetype = TX_PACKETISER_ARCHETYPE_ACK_AND_PING_ONLY;
     } else {
         /* Allow CC to clamp how much we can send. */
         cc_limit_ = txp->args.cc_method->get_tx_allowance(txp->args.cc_data);