Explanations and consts

gravitational · Oct 17, 2024 · 5fad0d5 · 5fad0d5
1 parent c32aaa5
commit 5fad0d5
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/lib/proxy/peer/quic.go b/lib/proxy/peer/quic.go
@@ -26,11 +26,12 @@ const (
  quicMaxIdleTimeout = 30 * time.Second
  quicKeepAlivePeriod = 5 * time.Second
 
- quicMaxReceiveWindow = quicvarint.Max
+ quicMaxReceiveWindow = quicvarint.Max
+ quicMaxIncomingStreams = 1 << 60 // maximum allowed value as per the quic-go docs
 
  // quicNextProto is the ALPN indicator for the current version of the QUIC
  // proxy peering protocol.
- quicNextProto = "teleport-peer-v1a"
+ quicNextProto = "teleport-peer-v1alpha"
 
  // quicMaxMessageSize is the maximum accepted size (in protobuf binary
  // format) for the request and response messages exchanged as part of the
@@ -44,8 +45,12 @@ const (
  // quicNoncePersistence is the shortest time for which a nonce will be kept
  // in memory to prevent 0-RTT replay attacks. Should be significantly longer
  // than [quicTimestampGraceWindow]. In the current implementation, nonces
- // are kept for at least twice this value.
+ // can be kept for at most twice this value.
  quicNoncePersistence = 5 * time.Minute
+
+ quicDialTimeout = 30 * time.Second
+ quicRequestTimeout = 10 * time.Second
+ quicErrorResponseTimeout = 10 * time.Second
 )
 
 /*

diff --git a/lib/proxy/peer/quicclient.go b/lib/proxy/peer/quicclient.go
@@ -212,7 +212,7 @@ func (c *quicClientConn) dial(nodeID string, src net.Addr, dst net.Addr, tunnelT
  tlsConfig := c.tlsConfig.Clone()
  tlsConfig.RootCAs = rootCAs
 
- deadline := time.Now().Add(30 * time.Second)
+ deadline := time.Now().Add(quicDialTimeout)
  dialCtx, cancel := context.WithDeadline(context.Background(), deadline)
  defer cancel()
 

diff --git a/lib/proxy/peer/quicserver.go b/lib/proxy/peer/quicserver.go
@@ -145,7 +145,7 @@ func NewQUICServer(cfg QUICServerConfig) (*QUICServer, error) {
  MaxStreamReceiveWindow: quicMaxReceiveWindow,
  MaxConnectionReceiveWindow: quicMaxReceiveWindow,
 
- MaxIncomingStreams: 1 << 60,
+ MaxIncomingStreams: quicMaxIncomingStreams,
  MaxIncomingUniStreams: -1,
 
  MaxIdleTimeout: quicMaxIdleTimeout,
@@ -265,7 +265,7 @@ func (s *QUICServer) handleStream(st quic.Stream, c quic.EarlyConnection, log *s
  log.WarnContext(c.Context(), "refusing to send oversized error message (this is a bug)")
  return
  }
- st.SetWriteDeadline(time.Now().Add(10 * time.Second))
+ st.SetWriteDeadline(time.Now().Add(quicErrorResponseTimeout))
  if _, err := st.Write(binary.LittleEndian.AppendUint32(nil, uint32(len(errBuf)))); err != nil {
  return
  }
@@ -277,7 +277,7 @@ func (s *QUICServer) handleStream(st quic.Stream, c quic.EarlyConnection, log *s
  }
  }
 
- st.SetReadDeadline(time.Now().Add(10 * time.Second))
+ st.SetReadDeadline(time.Now().Add(quicRequestTimeout))
  var reqLen uint32
  if err := binary.Read(st, binary.LittleEndian, &reqLen); err != nil {
  log.DebugContext(c.Context(), "failed to read request size", "error", err)