Compare commits

...
4 Commits
Author SHA1 Message Date
DuProcess b90c34dc17 Bump release candidate to rc4
ci / test (push) Has been cancelled
ci / fuzz-smoke (push) Has been cancelled
ci / windows-client (push) Has been cancelled
ci / package-release (linux-x86_64, ubuntu-latest) (push) Has been cancelled
ci / package-release (macos-aarch64, macos-14) (push) Has been cancelled
ci / package-release (macos-x86_64, macos-13) (push) Has been cancelled
ci / package-release (windows-x86_64, windows-latest) (push) Has been cancelled
ci / remote-bench (push) Has been cancelled
2026-07-05 18:00:59 -04:00
DuProcess f205e0c128 Harden native auth and SDK datagram handling 2026-07-05 18:00:31 -04:00
DuProcess 92c94176bd Bump release candidate to rc3
ci / test (push) Has been cancelled
ci / fuzz-smoke (push) Has been cancelled
ci / windows-client (push) Has been cancelled
ci / package-release (linux-x86_64, ubuntu-latest) (push) Has been cancelled
ci / package-release (macos-aarch64, macos-14) (push) Has been cancelled
ci / package-release (macos-x86_64, macos-13) (push) Has been cancelled
ci / package-release (windows-x86_64, windows-latest) (push) Has been cancelled
ci / remote-bench (push) Has been cancelled
2026-07-05 09:39:21 -04:00
DuProcess 4b2e9a62d5 Harden embedded transport under UDP churn
ci / test (push) Has been cancelled
ci / fuzz-smoke (push) Has been cancelled
ci / windows-client (push) Has been cancelled
ci / package-release (linux-x86_64, ubuntu-latest) (push) Has been cancelled
ci / package-release (macos-aarch64, macos-14) (push) Has been cancelled
ci / package-release (macos-x86_64, macos-13) (push) Has been cancelled
ci / package-release (windows-x86_64, windows-latest) (push) Has been cancelled
ci / remote-bench (push) Has been cancelled
2026-07-05 09:37:44 -04:00
8 changed files with 416 additions and 135 deletions
Generated
+1 -1
View File
@@ -436,7 +436,7 @@ dependencies = [
[[package]] [[package]]
name = "dosh" name = "dosh"
version = "1.0.0-rc2" version = "1.0.0-rc4"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64", "base64",
+1 -1
View File
@@ -1,6 +1,6 @@
[package] [package]
name = "dosh" name = "dosh"
version = "1.0.0-rc2" version = "1.0.0-rc4"
edition = "2024" edition = "2024"
license = "MIT" license = "MIT"
+38 -67
View File
@@ -36,6 +36,7 @@ use dosh::transport::{
DoshTransport, SessionEvent, SessionRole, SessionTransportConfig, TransportConfig, DoshTransport, SessionEvent, SessionRole, SessionTransportConfig, TransportConfig,
TransportEvent, TransportEvent,
}; };
use dosh::udp::is_transient_udp_send_error;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use std::collections::BTreeMap; use std::collections::BTreeMap;
@@ -3534,52 +3535,6 @@ async fn send_terminal_udp(socket: &UdpSocket, packet: &[u8], addr: SocketAddr)
} }
} }
fn is_transient_udp_send_error(err: &std::io::Error) -> bool {
matches!(
err.kind(),
std::io::ErrorKind::Interrupted
| std::io::ErrorKind::TimedOut
| std::io::ErrorKind::WouldBlock
) || err.raw_os_error().is_some_and(is_transient_udp_os_error)
}
#[cfg(unix)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
libc::EADDRNOTAVAIL
| libc::ECONNREFUSED
| libc::ECONNRESET
| libc::EHOSTDOWN
| libc::EHOSTUNREACH
| libc::ENETDOWN
| libc::ENETRESET
| libc::ENETUNREACH
| libc::ETIMEDOUT
)
}
#[cfg(windows)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
10049 // WSAEADDRNOTAVAIL
| 10050 // WSAENETDOWN
| 10051 // WSAENETUNREACH
| 10052 // WSAENETRESET
| 10054 // WSAECONNRESET
| 10060 // WSAETIMEDOUT
| 10061 // WSAECONNREFUSED
| 10064 // WSAEHOSTDOWN
| 10065 // WSAEHOSTUNREACH
)
}
#[cfg(not(any(unix, windows)))]
fn is_transient_udp_os_error(_code: i32) -> bool {
false
}
#[allow(clippy::too_many_arguments)] #[allow(clippy::too_many_arguments)]
async fn try_native_auth( async fn try_native_auth(
socket: &UdpSocket, socket: &UdpSocket,
@@ -7278,23 +7233,23 @@ mod tests {
PredictMode, Predictor, RESTART_STATUS_SCRIPT, RemoteForward, STARTUP_INPUT_HOLD, PredictMode, Predictor, RESTART_STATUS_SCRIPT, RemoteForward, STARTUP_INPUT_HOLD,
SshConfig, StartupGateMode, StatusAction, auth_allows, cache_key, cache_server_prefix, SshConfig, StartupGateMode, StatusAction, auth_allows, cache_key, cache_server_prefix,
clear_cached_credentials, ensure_tui_safe_status_overlay, input_matches_escape, clear_cached_credentials, ensure_tui_safe_status_overlay, input_matches_escape,
is_local_status_target, is_resume_response_for_client, is_transient_udp_os_error, is_local_status_target, is_resume_response_for_client, latest_release_download_url,
latest_release_download_url, load_first_native_identity_with_prompt, parse_dynamic_forward, load_first_native_identity_with_prompt, parse_dynamic_forward, parse_escape_key,
parse_escape_key, parse_local_forward, parse_remote_forward, parse_ssh_config, parse_local_forward, parse_remote_forward, parse_ssh_config, post_submit_hold_duration,
post_submit_hold_duration, queue_pending_user_input, raw_contains_host_table, queue_pending_user_input, raw_contains_host_table, recv_response_until, refresh_live_addr,
recv_response_until, refresh_live_addr, release_tag_download_url, release_tag_download_url, release_tag_from_effective_url, release_version_from_tag,
release_tag_from_effective_url, release_version_from_tag, render_status_clear, render_status_clear, render_status_overlay, requested_env, resolved_startup_command,
render_status_overlay, requested_env, resolved_startup_command, retransmit_stream_opens, retransmit_stream_opens, rewrite_forward_command, selected_predict_mode, selected_udp_host,
rewrite_forward_command, selected_predict_mode, selected_udp_host, server_version_mismatch, server_version_mismatch, should_flush_terminal_input_after_contact,
should_flush_terminal_input_after_contact, should_hold_during_startup_gate, should_hold_during_startup_gate, should_hold_post_submit_input, split_after_command_submit,
should_hold_post_submit_input, split_after_command_submit, ssh_destination_host, ssh_destination_host, ssh_username, ssh_with_user, startup_command, status_ssh_target,
ssh_username, ssh_with_user, startup_command, status_ssh_target, strip_stale_mouse_reports, strip_stale_mouse_reports, toml_bare_key_or_quoted, update_check_requested,
toml_bare_key_or_quoted, update_check_requested, update_version_status, update_version_status, upsert_managed_block, valid_forward_host, vscode_safe_alias,
upsert_managed_block, valid_forward_host, vscode_safe_alias,
}; };
use dosh::config::{ClientConfig, CommandExtension, HostConfig}; use dosh::config::{ClientConfig, CommandExtension, HostConfig};
use dosh::native::EnvVar; use dosh::native::EnvVar;
use dosh::protocol::{self, Frame, PacketKind}; use dosh::protocol::{self, Frame, PacketKind};
use dosh::udp::is_transient_udp_send_error;
use ed25519_dalek::{SigningKey, VerifyingKey}; use ed25519_dalek::{SigningKey, VerifyingKey};
use std::collections::{HashMap, VecDeque}; use std::collections::{HashMap, VecDeque};
use std::fs; use std::fs;
@@ -8524,18 +8479,34 @@ mod tests {
fn transient_udp_send_errors_are_not_terminal_fatal() { fn transient_udp_send_errors_are_not_terminal_fatal() {
#[cfg(unix)] #[cfg(unix)]
{ {
assert!(is_transient_udp_os_error(libc::ENETUNREACH)); assert!(is_transient_udp_send_error(
assert!(is_transient_udp_os_error(libc::EHOSTUNREACH)); &std::io::Error::from_raw_os_error(libc::ENETUNREACH)
assert!(is_transient_udp_os_error(libc::EADDRNOTAVAIL)); ));
assert!(!is_transient_udp_os_error(libc::EINVAL)); assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(libc::EHOSTUNREACH)
));
assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(libc::EADDRNOTAVAIL)
));
assert!(!is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(libc::EINVAL)
));
} }
#[cfg(windows)] #[cfg(windows)]
{ {
assert!(is_transient_udp_os_error(10051)); // WSAENETUNREACH assert!(is_transient_udp_send_error(
assert!(is_transient_udp_os_error(10065)); // WSAEHOSTUNREACH &std::io::Error::from_raw_os_error(10051)
assert!(is_transient_udp_os_error(10049)); // WSAEADDRNOTAVAIL )); // WSAENETUNREACH
assert!(!is_transient_udp_os_error(10022)); // WSAEINVAL assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(10065)
)); // WSAEHOSTUNREACH
assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(10049)
)); // WSAEADDRNOTAVAIL
assert!(!is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(10022)
)); // WSAEINVAL
} }
} }
+43 -50
View File
@@ -28,6 +28,7 @@ use dosh::protocol::{
TicketAttachBody, TicketAttachEnvelope, TicketAttachOkEnvelope, TicketAttachBody, TicketAttachEnvelope, TicketAttachOkEnvelope,
}; };
use dosh::pty::{PtyHandle, PtyOutput, adopt_pty_from_fd, spawn_pty_session}; use dosh::pty::{PtyHandle, PtyOutput, adopt_pty_from_fd, spawn_pty_session};
use dosh::udp::is_transient_udp_send_error;
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use std::collections::{BTreeMap, HashMap, HashSet, VecDeque}; use std::collections::{BTreeMap, HashMap, HashSet, VecDeque};
use std::fs; use std::fs;
@@ -432,6 +433,7 @@ struct PendingStreamOpen {
attempts: u32, attempts: u32,
} }
#[derive(Clone)]
struct PendingNativeAuth { struct PendingNativeAuth {
client: dosh::native::NativeClientHello, client: dosh::native::NativeClientHello,
server: NativeServerHello, server: NativeServerHello,
@@ -991,8 +993,8 @@ async fn handle_native_user_auth(
packet: &protocol::Packet, packet: &protocol::Packet,
) -> Result<()> { ) -> Result<()> {
let pending = { let pending = {
let mut locked = state.lock().expect("server state poisoned"); let locked = state.lock().expect("server state poisoned");
locked.pending_native.remove(&packet.header.conn_id) locked.pending_native.get(&packet.header.conn_id).cloned()
}; };
let Some(pending) = pending else { let Some(pending) = pending else {
return send_reject_to_client(socket, peer, packet.header.conn_id, "unknown native auth") return send_reject_to_client(socket, peer, packet.header.conn_id, "unknown native auth")
@@ -1008,11 +1010,38 @@ async fn handle_native_user_auth(
.await; .await;
} }
if pending.created_at.elapsed() > Duration::from_secs(30) { if pending.created_at.elapsed() > Duration::from_secs(30) {
state
.lock()
.expect("server state poisoned")
.pending_native
.remove(&packet.header.conn_id);
return send_reject_to_client(socket, peer, packet.header.conn_id, "native auth expired") return send_reject_to_client(socket, peer, packet.header.conn_id, "native auth expired")
.await; .await;
} }
let body = protocol::decrypt_body(packet, &pending.session_key, CLIENT_TO_SERVER)?; let body = match protocol::decrypt_body(packet, &pending.session_key, CLIENT_TO_SERVER) {
let req: NativeUserAuthBody = protocol::from_body(&body)?; Ok(body) => body,
Err(_) => {
return send_reject_to_client(
socket,
peer,
packet.header.conn_id,
"native auth decrypt failed",
)
.await;
}
};
let req: NativeUserAuthBody = match protocol::from_body(&body) {
Ok(req) => req,
Err(_) => {
return send_reject_to_client(
socket,
peer,
packet.header.conn_id,
"invalid native auth body",
)
.await;
}
};
if pending.client.requested_mode == "doctor" { if pending.client.requested_mode == "doctor" {
let check_result = { let check_result = {
let locked = state.lock().expect("server state poisoned"); let locked = state.lock().expect("server state poisoned");
@@ -1048,6 +1077,11 @@ async fn handle_native_user_auth(
.await; .await;
} }
}; };
state
.lock()
.expect("server state poisoned")
.pending_native
.remove(&packet.header.conn_id);
let body = protocol::to_body(&check)?; let body = protocol::to_body(&check)?;
let out = protocol::encode_encrypted( let out = protocol::encode_encrypted(
PacketKind::NativeAuthCheckOk, PacketKind::NativeAuthCheckOk,
@@ -1228,6 +1262,11 @@ async fn handle_native_user_auth(
if let Some((listener, path)) = agent_listener { if let Some((listener, path)) = agent_listener {
spawn_agent_forward(state, socket, client_id, listener, path); spawn_agent_forward(state, socket, client_id, listener, path);
} }
state
.lock()
.expect("server state poisoned")
.pending_native
.remove(&packet.header.conn_id);
let ok = NativeAuthOk { let ok = NativeAuthOk {
client_id, client_id,
@@ -1713,52 +1752,6 @@ async fn send_udp(socket: &UdpSocket, packet: &[u8], peer: SocketAddr) -> Result
} }
} }
fn is_transient_udp_send_error(err: &std::io::Error) -> bool {
matches!(
err.kind(),
std::io::ErrorKind::Interrupted
| std::io::ErrorKind::TimedOut
| std::io::ErrorKind::WouldBlock
) || err.raw_os_error().is_some_and(is_transient_udp_os_error)
}
#[cfg(unix)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
libc::EADDRNOTAVAIL
| libc::ECONNREFUSED
| libc::ECONNRESET
| libc::EHOSTDOWN
| libc::EHOSTUNREACH
| libc::ENETDOWN
| libc::ENETRESET
| libc::ENETUNREACH
| libc::ETIMEDOUT
)
}
#[cfg(windows)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
10049 // WSAEADDRNOTAVAIL
| 10050 // WSAENETDOWN
| 10051 // WSAENETUNREACH
| 10052 // WSAENETRESET
| 10054 // WSAECONNRESET
| 10060 // WSAETIMEDOUT
| 10061 // WSAECONNREFUSED
| 10064 // WSAEHOSTDOWN
| 10065 // WSAEHOSTUNREACH
)
}
#[cfg(not(any(unix, windows)))]
fn is_transient_udp_os_error(_code: i32) -> bool {
false
}
async fn handle_ack( async fn handle_ack(
state: &Arc<Mutex<ServerState>>, state: &Arc<Mutex<ServerState>>,
peer: SocketAddr, peer: SocketAddr,
+1
View File
@@ -23,3 +23,4 @@ pub mod pty;
pub mod server; pub mod server;
pub mod ssh_agent; pub mod ssh_agent;
pub mod transport; pub mod transport;
pub mod udp;
+120 -6
View File
@@ -13,6 +13,7 @@ use crate::transport::{
DoshTransport, SessionEvent, SessionRole, SessionTransportConfig, TransportConfig, DoshTransport, SessionEvent, SessionRole, SessionTransportConfig, TransportConfig,
service_name_from_target, service_name_from_target,
}; };
use crate::udp::is_transient_udp_send_error;
use anyhow::{Context, Result, anyhow, bail}; use anyhow::{Context, Result, anyhow, bail};
use ed25519_dalek::SigningKey; use ed25519_dalek::SigningKey;
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
@@ -97,6 +98,7 @@ pub enum DoshServerEvent {
Ignored, Ignored,
} }
#[derive(Debug, Clone)]
struct PendingServerAuth { struct PendingServerAuth {
client: native::NativeClientHello, client: native::NativeClientHello,
server: NativeServerHello, server: NativeServerHello,
@@ -255,7 +257,7 @@ impl DoshServer {
}; };
let body = protocol::to_body(&NativeServerHelloBody { hello })?; let body = protocol::to_body(&NativeServerHelloBody { hello })?;
let out = protocol::encode_plain(PacketKind::NativeServerHello, pending_id, 1, 0, &body)?; let out = protocol::encode_plain(PacketKind::NativeServerHello, pending_id, 1, 0, &body)?;
self.socket.send_to(&out, peer).await?; let _ = send_udp(&self.socket, &out, peer).await?;
Ok(()) Ok(())
} }
@@ -327,7 +329,7 @@ impl DoshServer {
peer: SocketAddr, peer: SocketAddr,
packet: &protocol::Packet, packet: &protocol::Packet,
) -> Result<DoshServerEvent> { ) -> Result<DoshServerEvent> {
let Some(pending) = self.pending.remove(&packet.header.conn_id) else { let Some(pending) = self.pending.get(&packet.header.conn_id).cloned() else {
self.send_reject(peer, packet.header.conn_id, "unknown native auth") self.send_reject(peer, packet.header.conn_id, "unknown native auth")
.await?; .await?;
return Ok(DoshServerEvent::Ignored); return Ok(DoshServerEvent::Ignored);
@@ -338,13 +340,28 @@ impl DoshServer {
return Ok(DoshServerEvent::Ignored); return Ok(DoshServerEvent::Ignored);
} }
if pending.created_at.elapsed() > self.config.auth_timeout { if pending.created_at.elapsed() > self.config.auth_timeout {
self.pending.remove(&packet.header.conn_id);
self.send_reject(peer, packet.header.conn_id, "native auth expired") self.send_reject(peer, packet.header.conn_id, "native auth expired")
.await?; .await?;
return Ok(DoshServerEvent::Ignored); return Ok(DoshServerEvent::Ignored);
} }
let body = protocol::decrypt_body(packet, &pending.session_key, CLIENT_TO_SERVER)?; let body = match protocol::decrypt_body(packet, &pending.session_key, CLIENT_TO_SERVER) {
let req: NativeUserAuthBody = protocol::from_body(&body)?; Ok(body) => body,
Err(_) => {
self.send_reject(peer, packet.header.conn_id, "native auth decrypt failed")
.await?;
return Ok(DoshServerEvent::Ignored);
}
};
let req: NativeUserAuthBody = match protocol::from_body(&body) {
Ok(req) => req,
Err(_) => {
self.send_reject(peer, packet.header.conn_id, "invalid native auth body")
.await?;
return Ok(DoshServerEvent::Ignored);
}
};
let services = match self.verify_auth_and_services(&pending, &req.auth) { let services = match self.verify_auth_and_services(&pending, &req.auth) {
Ok(services) => services, Ok(services) => services,
Err(err) => { Err(err) => {
@@ -353,6 +370,7 @@ impl DoshServer {
return Ok(DoshServerEvent::Ignored); return Ok(DoshServerEvent::Ignored);
} }
}; };
self.pending.remove(&packet.header.conn_id);
let conn_id = crypto::random_16(); let conn_id = crypto::random_16();
let key_id = protocol::session_key_id(&pending.session_key); let key_id = protocol::session_key_id(&pending.session_key);
@@ -381,7 +399,7 @@ impl DoshServer {
SERVER_TO_CLIENT, SERVER_TO_CLIENT,
&body, &body,
)?; )?;
self.socket.send_to(&out, peer).await?; let _ = send_udp(&self.socket, &out, peer).await?;
let transport = DoshTransport::new( let transport = DoshTransport::new(
Arc::clone(&self.socket), Arc::clone(&self.socket),
@@ -428,7 +446,7 @@ impl DoshServer {
reason: reason.to_string(), reason: reason.to_string(),
})?; })?;
let out = protocol::encode_plain(PacketKind::AttachReject, conn_id, 0, 0, &body)?; let out = protocol::encode_plain(PacketKind::AttachReject, conn_id, 0, 0, &body)?;
self.socket.send_to(&out, peer).await?; let _ = send_udp(&self.socket, &out, peer).await?;
Ok(()) Ok(())
} }
@@ -439,6 +457,14 @@ impl DoshServer {
} }
} }
async fn send_udp(socket: &UdpSocket, packet: &[u8], peer: SocketAddr) -> Result<bool> {
match socket.send_to(packet, peer).await {
Ok(_) => Ok(true),
Err(err) if is_transient_udp_send_error(&err) => Ok(false),
Err(err) => Err(err).with_context(|| format!("send UDP packet to {peer}")),
}
}
fn validate_requested_services( fn validate_requested_services(
allowed_services: &HashSet<String>, allowed_services: &HashSet<String>,
requests: &[ForwardingRequest], requests: &[ForwardingRequest],
@@ -477,6 +503,7 @@ mod tests {
use super::*; use super::*;
use crate::client::DoshClient; use crate::client::DoshClient;
use crate::config::{ClientConfig, HostsConfig}; use crate::config::{ClientConfig, HostsConfig};
use crate::protocol::{CLIENT_TO_SERVER, NativeUserAuthBody};
use crate::transport::TransportEvent; use crate::transport::TransportEvent;
use ed25519_dalek::SigningKey; use ed25519_dalek::SigningKey;
@@ -588,4 +615,91 @@ mod tests {
} }
} }
} }
#[tokio::test]
async fn bad_native_auth_does_not_consume_pending_challenge() {
let dir = tempfile::tempdir().unwrap();
let host_key = dir.path().join("host_key");
let authorized_keys = dir.path().join("authorized_keys");
let signing = SigningKey::from_bytes(&[93u8; 32]);
let keypair = ssh_key::private::Ed25519Keypair::from(&signing);
let private =
ssh_key::PrivateKey::new(ssh_key::private::KeypairData::from(keypair), "").unwrap();
std::fs::write(
&authorized_keys,
format!("{}\n", private.public_key().to_openssh().unwrap()),
)
.unwrap();
let server_config = ServerConfig {
host_key: host_key.to_string_lossy().to_string(),
authorized_keys: vec![authorized_keys.to_string_lossy().to_string()],
..ServerConfig::default()
};
let server_config = DoshServerConfig::new(server_config)
.bind_addr("127.0.0.1:0".parse().unwrap())
.require_current_user(false);
let mut server = DoshServer::bind(server_config).await.unwrap();
let peer: SocketAddr = "127.0.0.1:9".parse().unwrap();
let (client_secret, client_public) = native::generate_native_ephemeral();
let hello = native::NativeClientHello {
protocol_version: native::NATIVE_PROTOCOL_VERSION,
client_random: crypto::random_32(),
client_ephemeral_public: client_public,
requested_host: "127.0.0.1".to_string(),
requested_user: "sdk-user".to_string(),
requested_session: "test".to_string(),
requested_mode: "forward-only".to_string(),
terminal_size: (80, 24),
supported_aead: vec!["chacha20poly1305".to_string()],
supported_user_key_algorithms: vec!["ssh-ed25519".to_string()],
cached_host_key_fingerprint: None,
attach_ticket_envelope: None,
requested_env: Vec::new(),
};
let (pending_id, server_hello) = server.build_server_hello(hello.clone(), peer).unwrap();
let session_key = native::derive_native_session_key(
&client_secret,
server_hello.server_ephemeral_public,
&hello,
&server_hello,
)
.unwrap();
let auth = native::sign_user_auth(&signing, &hello, &server_hello, Vec::new()).unwrap();
let body = protocol::to_body(&NativeUserAuthBody { auth }).unwrap();
let bad = protocol::encode_encrypted(
PacketKind::NativeUserAuth,
pending_id,
2,
1,
&[7u8; 32],
CLIENT_TO_SERVER,
&body,
)
.unwrap();
let bad = protocol::decode(&bad).unwrap();
assert!(matches!(
server.handle_user_auth(peer, &bad).await.unwrap(),
DoshServerEvent::Ignored
));
assert!(server.pending.contains_key(&pending_id));
let valid = protocol::encode_encrypted(
PacketKind::NativeUserAuth,
pending_id,
2,
1,
&session_key,
CLIENT_TO_SERVER,
&body,
)
.unwrap();
let valid = protocol::decode(&valid).unwrap();
assert!(matches!(
server.handle_user_auth(peer, &valid).await.unwrap(),
DoshServerEvent::Accepted(_)
));
assert!(!server.pending.contains_key(&pending_id));
}
} }
+114 -10
View File
@@ -19,6 +19,7 @@ use crate::protocol::{
self, CLIENT_TO_SERVER, PacketKind, ReplayWindow, SERVER_TO_CLIENT, StreamClose, StreamData, self, CLIENT_TO_SERVER, PacketKind, ReplayWindow, SERVER_TO_CLIENT, StreamClose, StreamData,
StreamOpen, StreamOpenOk, StreamOpenReject, StreamWindowAdjust, StreamOpen, StreamOpenOk, StreamOpenReject, StreamWindowAdjust,
}; };
use crate::udp::is_transient_udp_send_error;
use anyhow::{Result, anyhow, bail}; use anyhow::{Result, anyhow, bail};
use std::collections::{BTreeMap, HashMap, HashSet, VecDeque}; use std::collections::{BTreeMap, HashMap, HashSet, VecDeque};
use std::net::SocketAddr; use std::net::SocketAddr;
@@ -348,8 +349,8 @@ impl StreamMux {
&mut self, &mut self,
adjust: StreamWindowAdjust, adjust: StreamWindowAdjust,
) -> Result<Vec<OutgoingStreamPacket>> { ) -> Result<Vec<OutgoingStreamPacket>> {
self.ack_data(adjust.stream_id, adjust.received_offset); let acked_bytes = self.ack_data(adjust.stream_id, adjust.received_offset);
self.add_credit(adjust.stream_id, adjust.bytes as usize); self.add_credit(adjust.stream_id, acked_bytes);
self.flush_pending_data(adjust.stream_id) self.flush_pending_data(adjust.stream_id)
} }
@@ -556,9 +557,9 @@ impl StreamMux {
(chunks, consumed, *expected) (chunks, consumed, *expected)
} }
fn ack_data(&mut self, stream_id: u64, received_offset: u64) { fn ack_data(&mut self, stream_id: u64, received_offset: u64) -> usize {
let Some(sent) = self.sent_data.get_mut(&stream_id) else { let Some(sent) = self.sent_data.get_mut(&stream_id) else {
return; return 0;
}; };
let acked_offsets = sent let acked_offsets = sent
.iter() .iter()
@@ -567,12 +568,16 @@ impl StreamMux {
(end <= received_offset).then_some(*offset) (end <= received_offset).then_some(*offset)
}) })
.collect::<Vec<_>>(); .collect::<Vec<_>>();
let mut acked_bytes = 0usize;
for offset in acked_offsets { for offset in acked_offsets {
sent.remove(&offset); if let Some(chunk) = sent.remove(&offset) {
acked_bytes = acked_bytes.saturating_add(chunk.bytes.len());
}
} }
if sent.is_empty() { if sent.is_empty() {
self.sent_data.remove(&stream_id); self.sent_data.remove(&stream_id);
} }
acked_bytes
} }
fn add_credit(&mut self, stream_id: u64, bytes: usize) { fn add_credit(&mut self, stream_id: u64, bytes: usize) {
@@ -732,11 +737,17 @@ impl DoshTransport {
if packet.header.conn_id != self.conn_id { if packet.header.conn_id != self.conn_id {
continue; continue;
} }
let plain = match protocol::decrypt_body(
&packet,
&self.session_key,
self.role.recv_direction(),
) {
Ok(plain) => plain,
Err(_) => continue,
};
if !self.replay.accept(packet.header.seq) { if !self.replay.accept(packet.header.seq) {
continue; continue;
} }
let plain =
protocol::decrypt_body(&packet, &self.session_key, self.role.recv_direction())?;
self.peer_addr = peer; self.peer_addr = peer;
self.ack_seq = self.ack_seq.max(packet.header.seq); self.ack_seq = self.ack_seq.max(packet.header.seq);
self.last_contact = Instant::now(); self.last_contact = Instant::now();
@@ -751,14 +762,21 @@ impl DoshTransport {
datagram: &[u8], datagram: &[u8],
peer: SocketAddr, peer: SocketAddr,
) -> Result<SessionEvent> { ) -> Result<SessionEvent> {
let packet = protocol::decode(datagram)?; let packet = match protocol::decode(datagram) {
Ok(packet) => packet,
Err(_) => return Ok(SessionEvent::Ignored),
};
if packet.header.conn_id != self.conn_id { if packet.header.conn_id != self.conn_id {
return Ok(SessionEvent::Ignored); return Ok(SessionEvent::Ignored);
} }
let plain =
match protocol::decrypt_body(&packet, &self.session_key, self.role.recv_direction()) {
Ok(plain) => plain,
Err(_) => return Ok(SessionEvent::Ignored),
};
if !self.replay.accept(packet.header.seq) { if !self.replay.accept(packet.header.seq) {
return Ok(SessionEvent::Ignored); return Ok(SessionEvent::Ignored);
} }
let plain = protocol::decrypt_body(&packet, &self.session_key, self.role.recv_direction())?;
self.peer_addr = peer; self.peer_addr = peer;
self.ack_seq = self.ack_seq.max(packet.header.seq); self.ack_seq = self.ack_seq.max(packet.header.seq);
self.last_contact = Instant::now(); self.last_contact = Instant::now();
@@ -815,7 +833,12 @@ impl DoshTransport {
async fn send_kind(&mut self, kind: PacketKind, body: &[u8]) -> Result<()> { async fn send_kind(&mut self, kind: PacketKind, body: &[u8]) -> Result<()> {
let encoded = self.encode_kind(kind, body)?; let encoded = self.encode_kind(kind, body)?;
self.socket.send_to(&encoded, self.peer_addr).await?; if let Err(err) = self.socket.send_to(&encoded, self.peer_addr).await {
if is_transient_udp_send_error(&err) {
return Ok(());
}
return Err(err.into());
}
Ok(()) Ok(())
} }
@@ -980,6 +1003,30 @@ mod tests {
assert_eq!(data.bytes, b"!"); assert_eq!(data.bytes, b"!");
} }
#[test]
fn cumulative_window_adjust_restores_credit_even_if_delta_was_lost() {
let mut mux = StreamMux::new(TransportConfig {
initial_window: 5,
retransmit_after: Duration::from_secs(1),
..TransportConfig::default()
});
mux.open_stream(1, "@dosh-test", 0).unwrap();
mux.handle_open_ok(StreamOpenOk { stream_id: 1 }).unwrap();
assert_eq!(mux.send_data(1, b"hello".to_vec()).unwrap().len(), 1);
assert_eq!(mux.send_credit[&1], 0);
let flushed = mux
.handle_window_adjust(StreamWindowAdjust {
stream_id: 1,
received_offset: 5,
bytes: 0,
})
.unwrap();
assert!(flushed.is_empty());
assert_eq!(mux.send_credit[&1], 5);
assert_eq!(mux.send_data(1, b"!".to_vec()).unwrap().len(), 1);
}
#[test] #[test]
fn handle_packet_decodes_and_dispatches_stream_packets() { fn handle_packet_decodes_and_dispatches_stream_packets() {
let mut mux = StreamMux::new(TransportConfig::default()); let mut mux = StreamMux::new(TransportConfig::default());
@@ -1096,4 +1143,61 @@ mod tests {
assert!(matches!(server.recv().await.unwrap(), SessionEvent::Ping)); assert!(matches!(server.recv().await.unwrap(), SessionEvent::Ping));
assert_eq!(server.peer_addr(), roaming_addr); assert_eq!(server.peer_addr(), roaming_addr);
} }
#[tokio::test]
async fn unauthenticated_datagram_does_not_poison_replay_window() {
let socket = UdpSocket::bind("127.0.0.1:0").await.unwrap();
let peer: SocketAddr = "127.0.0.1:9".parse().unwrap();
let key = [11u8; 32];
let wrong_key = [12u8; 32];
let conn_id = [4u8; 16];
let mut transport = DoshTransport::new_owned(
socket,
SessionTransportConfig {
role: SessionRole::Client,
conn_id,
session_key: key,
peer_addr: peer,
initial_send_seq: 1,
initial_ack: 0,
stream: TransportConfig::default(),
},
);
let bad = protocol::encode_encrypted(
PacketKind::Pong,
conn_id,
9,
0,
&wrong_key,
SERVER_TO_CLIENT,
b"",
)
.unwrap();
let valid = protocol::encode_encrypted(
PacketKind::Pong,
conn_id,
9,
0,
&key,
SERVER_TO_CLIENT,
b"",
)
.unwrap();
assert!(matches!(
transport
.handle_datagram(b"not a dosh packet", peer)
.await
.unwrap(),
SessionEvent::Ignored
));
assert!(matches!(
transport.handle_datagram(&bad, peer).await.unwrap(),
SessionEvent::Ignored
));
assert!(matches!(
transport.handle_datagram(&valid, peer).await.unwrap(),
SessionEvent::Pong
));
}
} }
+98
View File
@@ -0,0 +1,98 @@
//! UDP error classification shared by Dosh clients, servers, and embedders.
pub fn is_transient_udp_send_error(err: &std::io::Error) -> bool {
matches!(
err.kind(),
std::io::ErrorKind::Interrupted
| std::io::ErrorKind::TimedOut
| std::io::ErrorKind::WouldBlock
) || err.raw_os_error().is_some_and(is_transient_udp_os_error)
}
#[cfg(unix)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
libc::EADDRNOTAVAIL
| libc::ECONNREFUSED
| libc::ECONNRESET
| libc::EHOSTDOWN
| libc::EHOSTUNREACH
| libc::ENETDOWN
| libc::ENETRESET
| libc::ENETUNREACH
| libc::ETIMEDOUT
)
}
#[cfg(windows)]
fn is_transient_udp_os_error(code: i32) -> bool {
matches!(
code,
10049 // WSAEADDRNOTAVAIL
| 10050 // WSAENETDOWN
| 10051 // WSAENETUNREACH
| 10052 // WSAENETRESET
| 10054 // WSAECONNRESET
| 10060 // WSAETIMEDOUT
| 10061 // WSAECONNREFUSED
| 10064 // WSAEHOSTDOWN
| 10065 // WSAEHOSTUNREACH
)
}
#[cfg(not(any(unix, windows)))]
fn is_transient_udp_os_error(_code: i32) -> bool {
false
}
#[cfg(test)]
mod tests {
use super::is_transient_udp_send_error;
#[test]
fn classifies_portable_transient_send_errors() {
for kind in [
std::io::ErrorKind::Interrupted,
std::io::ErrorKind::TimedOut,
std::io::ErrorKind::WouldBlock,
] {
assert!(is_transient_udp_send_error(&std::io::Error::from(kind)));
}
assert!(!is_transient_udp_send_error(&std::io::Error::from(
std::io::ErrorKind::PermissionDenied,
)));
}
#[cfg(unix)]
#[test]
fn classifies_unix_network_churn_as_transient() {
for code in [
libc::EADDRNOTAVAIL,
libc::ECONNREFUSED,
libc::ECONNRESET,
libc::EHOSTDOWN,
libc::EHOSTUNREACH,
libc::ENETDOWN,
libc::ENETRESET,
libc::ENETUNREACH,
libc::ETIMEDOUT,
] {
assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(code)
));
}
}
#[cfg(windows)]
#[test]
fn classifies_windows_network_churn_as_transient() {
for code in [
10049, 10050, 10051, 10052, 10054, 10060, 10061, 10064, 10065,
] {
assert!(is_transient_udp_send_error(
&std::io::Error::from_raw_os_error(code)
));
}
}
}