-
Notifications
You must be signed in to change notification settings - Fork 354
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add timeout to the tcp connection for the pq key negotiation ios 701 #6343
Add timeout to the tcp connection for the pq key negotiation ios 701 #6343
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 16 of 16 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @buggmagnet)
ios/MullvadPostQuantum/PostQuantumKeyNegotiator.swift
line 17 at r1 (raw file):
// swiftlint:disable function_parameter_count public protocol PostQuantumKeyNegotiation {
Are you sure about the name? This doesn't look like a negotiation but rather as something that negotiates. Perhaps PostQuantumKeyNegotiating
would be a better name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 13 of 16 files reviewed, 1 unresolved discussion (waiting on @acb-mv)
ios/MullvadPostQuantum/PostQuantumKeyNegotiator.swift
line 17 at r1 (raw file):
Previously, acb-mv wrote…
Are you sure about the name? This doesn't look like a negotiation but rather as something that negotiates. Perhaps
PostQuantumKeyNegotiating
would be a better name.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 16 files at r1, all commit messages.
Reviewable status: 13 of 16 files reviewed, 8 unresolved discussions (waiting on @acb-mv and @buggmagnet)
talpid-tunnel-config-client/src/ios_ffi/ios_runtime.rs
line 100 at r1 (raw file):
} /// Creates a `RelayConfigService` using the in-tunnel TCP Connection provided by the Packet /// Tunnel Provider # Safety
Nit A bit of a weird line formatting here 🤓
Code quote:
/// Tunnel Provider # Safety
talpid-tunnel-config-client/src/ios_ffi/ios_runtime.rs
line 159 at r1 (raw file):
log::error!("No suitable peer was found"); swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null()); }
Nit The log-statement shouldn't be in the unsafe
block. Consider moving the unsafe
token to the line where it is actually needed
None => {
log::error!("No suitable peer was found");
unsafe { swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null()) };
}
Code quote:
None => unsafe {
log::error!("No suitable peer was found");
swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null());
}
talpid-tunnel-config-client/src/ios_ffi/ios_runtime.rs
line 166 at r1 (raw file):
log::error!("Key exchange failed {}", error); swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null()); }
Dito
Code quote:
Err(error) => unsafe {
log::error!("Key exchange failed {}", error);
swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null());
}
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 69 at r1 (raw file):
/// `tcp_connection` must be pointing to a valid instance of a `NWTCPConnection`, created by the /// `PacketTunnelProvider` pub unsafe fn new(connection: Arc<Mutex<ConnectionContext>>) -> (Self, IosTcpShutdownHandle) {
Nit The comment says tcp_connection
, but the function parameter is named connection
😊
Code quote:
/// # Safety
/// `tcp_connection` must be pointing to a valid instance of a `NWTCPConnection`, created by the
/// `PacketTunnelProvider`
pub unsafe fn new(connection: Arc<Mutex<ConnectionContext>>) -> (Self, IosTcpShutdownHandle) {
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 107 at r1 (raw file):
std::mem::drop(context); } }
Nit Seems like there is an unncecessary level of indentation here?
pub fn shutdown(self) {
let Ok(mut context) = self.context.lock() else {
return;
};
context.tcp_connection = None;
if let Some(waker) = context.waker.take() {
waker.wake();
}
std::mem::drop(context);
}
Code quote:
pub fn shutdown(self) {
{
let Ok(mut context) = self.context.lock() else {
return;
};
context.tcp_connection = None;
if let Some(waker) = context.waker.take() {
waker.wake();
}
std::mem::drop(context);
}
}
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 139 at r1 (raw file):
unsafe { swift_nw_tcp_connection_send( // self.tcp_connection,
Comment
Code quote:
// self.tcp_connection,
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 197 at r1 (raw file):
unsafe { // TODO swift_nw_tcp_connection_read(tcp_ptr, raw_sender as _);
TODO
Code quote:
// TODO
swift_nw_tcp_connection_read(tcp_ptr, raw_sender as _);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 13 of 16 files reviewed, 6 unresolved discussions (waiting on @acb-mv, @MarkusPettersson98, and @pinkisemils)
talpid-tunnel-config-client/src/ios_ffi/ios_runtime.rs
line 159 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
Nit The log-statement shouldn't be in the
unsafe
block. Consider moving theunsafe
token to the line where it is actually neededNone => { log::error!("No suitable peer was found"); unsafe { swift_post_quantum_key_ready(packet_tunnel_ptr, ptr::null(), ptr::null()) }; }
Done
talpid-tunnel-config-client/src/ios_ffi/ios_runtime.rs
line 166 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
Dito
Done.
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 69 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
Nit The comment says
tcp_connection
, but the function parameter is namedconnection
😊
Done
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 107 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
Nit Seems like there is an unncecessary level of indentation here?
pub fn shutdown(self) { let Ok(mut context) = self.context.lock() else { return; }; context.tcp_connection = None; if let Some(waker) = context.waker.take() { waker.wake(); } std::mem::drop(context); }
Indeed ! Fixed.
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 139 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
Comment
Done.
talpid-tunnel-config-client/src/ios_ffi/ios_tcp_connection.rs
line 197 at r1 (raw file):
Previously, MarkusPettersson98 (Markus Pettersson) wrote…
TODO
I think it's just a leftover of a different idea @pinkisemils was thinking about.
I've removed it.
1484f8b
to
76d6ac5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 4 files at r3, all commit messages.
Reviewable status: 11 of 16 files reviewed, 2 unresolved discussions (waiting on @acb-mv and @buggmagnet)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 3 files at r2, 2 of 4 files at r3, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @buggmagnet)
76d6ac5
to
0becdb7
Compare
0becdb7
to
0af08f5
Compare
This PR adds an exponential backoff timeout when negotiating post quantum keys.
The timeout plays 2 important part :
This PR was co-authored by @pinkisemils and @buggmagnet
@MarkusPettersson98's approval is required for the rust side changes
@acb-mv's approval is required for the swift side changes.
This change is