71ce4ef981
We previously introduced a safety check ensuring that if a datagram had already been dropped twice, it would no longer be dropped or delayed after that. This missed an edge case: if a datagram is dropped once, it can be delayed any number of times. Since "delay" is not defined in terms of time (x seconds) but in terms of ordering with respect to other messages (will be forwarded after the next message is forwarded), depending on the RNG results this could result in an endless loop where all messages are delayed until the next, which is itself delayed, etc. and no message is ever forwarded. The probability of this happening n times in a row is (1/d)^n, where d is the value passed as delay=d, so for delay=5 and n=5 it's around 0.03% which seems small but we still happened on such an occurrence in real life: tests/ssl-opt.sh --seed 1625061502 -f 'DTLS proxy: 3d, min handshake, resumption$' results (according to debug statements added for the investigation) in the ClientHello of the second handshake being dropped once then delayed 5 times, after which the client stops re-trying and the test fails for no interesting reason. Make sure this doesn't happen again by putting a cap on the number of times we fail to forward a given datagram immediately. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> |
||
---|---|---|
.. | ||
cmake_package | ||
cmake_package_install | ||
cmake_subproject | ||
benchmark.c | ||
CMakeLists.txt | ||
cpp_dummy_build.cpp | ||
query_compile_time_config.c | ||
query_config.h | ||
selftest.c | ||
udp_proxy_wrapper.sh | ||
udp_proxy.c | ||
zeroize.c |