tokio-quiche: Add test for active connection migration

Now that the tokio-quiche work loop issues extra connection IDs, we can
properly support active connection migration. This is not a feature
available to tokio-quiche clients today, but other QUIC clients talking
to tokio-quiche servers can take advantage of it.

Author: TheJokr

tokio-quiche/tests/fixtures/mod.rs

@@ -52,6 +52,7 @@ use futures::StreamExt;
 use regex::Regex;
 use std::collections::HashMap;
 use std::collections::HashSet;
+use std::net::SocketAddr;
 use std::sync::atomic::AtomicBool;
 use std::sync::atomic::AtomicUsize;
 use std::sync::atomic::Ordering;
@@ -266,6 +267,15 @@ where
     url
 }
 
+pub fn extract_host_ipv4(url: &str) -> SocketAddr {
+    let url = url::Url::parse(url).expect("url should be valid");
+    match (url.host(), url.port()) {
+        (Some(url::Host::Ipv4(addr)), Some(port)) =>
+            SocketAddr::new(addr.into(), port),
+        _ => panic!("invalid server address"),
+    }
+}
+
 pub fn map_responses(
     responses: Vec<HashMap<u64, String>>,
 ) -> HashMap<usize, HashSet<usize>> {

tokio-quiche/tests/integration_tests/migration.rs

@@ -25,51 +25,55 @@
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 use h3i::quiche;
+use tokio_quiche::quic::SimpleConnectionIdGenerator;
+use tokio_quiche::ConnectionIdGenerator as _;
 
 use crate::fixtures::*;
 
 #[tokio::test]
-/// Tests that client can migrate passively.
+async fn test_passive_migration() {
+    run_migration_test(false).await;
+}
+
+#[tokio::test]
+async fn test_active_migration() {
+    run_migration_test(true).await;
+}
+
+/// Tests that the client can migrate either actively or passively.
 ///
-/// This means that the client's address somehow changes, but the client is not
-/// necessarily aware of it happening (e.g. due to NAT rebinding). This differs
-/// from "active" migration because in that case the client would explicitly
-/// provide a new connection ID that the server is then expected to use for the
-/// new path.
+/// Active migration means the client intentionally chooses a new local address
+/// to switch to. In this case, it must select a new DCID that was previously
+/// issued to it by the server. The server then also switches to a new DCID
+/// that was generated by the client.
+///
+/// Passive migration occurs when the client's address changes while keeping
+/// the same source and destination CIDs. The client is not necessarily aware
+/// of the change (e.g. due to NAT rebinding). Under these circumstances, the
+/// endpoints are allowed to keep talking to each other with the existing
+/// DCIDs.
 ///
 /// The test simply binds a UDP socket on one address which is then used to
-/// complete the handshake and send an initial HTTP/3 request, then uses a new
-/// socket bound to a different port to send an additional HTTP/3 request, if
-/// both requests complete that means that the client was successfully migrated
-/// to the new address.
+/// complete the handshake and send an initial HTTP/3 request. Next, it
+/// switches (actively or passively) to a new socket bound to a different port
+/// and sends an additional HTTP/3 request. If both requests complete that
+/// means that the client was successfully migrated to the new address.
 ///
 /// This requires using "plain" quiche as a client to properly control when and
 /// where packets are sent to, which is not possible using h3i.
-async fn test_passive_migration() {
+async fn run_migration_test(active: bool) {
     let mut quic_settings = QuicSettings::default();
     quic_settings.active_connection_id_limit = 2;
-    quic_settings.disable_active_migration = true;
+    quic_settings.disable_active_migration = !active;
     quic_settings.disable_dcid_reuse = false;
 
-    let hook = TestConnectionHook::new();
-
     let url = start_server_with_settings(
         quic_settings,
         Http3Settings::default(),
-        hook,
+        TestConnectionHook::new(),
         handle_connection,
     );
-
-    let url = url::Url::parse(&url).unwrap();
-
-    let server_addr = match url.host().unwrap() {
-        url::Host::Ipv4(addr) => std::net::SocketAddr::new(
-            std::net::IpAddr::V4(addr),
-            url.port().unwrap(),
-        ),
-
-        _ => panic!("invalid server address"),
-    };
+    let server_addr = extract_host_ipv4(&url);
 
     let mut client_config =
         quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
@@ -80,15 +84,15 @@ async fn test_passive_migration() {
     client_config.set_initial_max_stream_data_uni(1500);
     client_config.set_initial_max_streams_bidi(10);
     client_config.set_initial_max_streams_uni(3);
+    client_config.set_active_connection_id_limit(2);
+    // We don't need to allow the server to initiate connection migration
     client_config.set_disable_active_migration(true);
     client_config.verify_peer(false);
 
-    let mut client_scid = [0; quiche::MAX_CONN_ID_LEN];
-    boring::rand::rand_bytes(&mut client_scid[..]).unwrap();
-    let client_scid = quiche::ConnectionId::from_ref(&client_scid);
-    let client_addr = "127.0.0.1:12345".parse().unwrap();
+    let client_scid = SimpleConnectionIdGenerator.new_connection_id();
 
-    let socket = tokio::net::UdpSocket::bind(client_addr).await.unwrap();
+    let socket = tokio::net::UdpSocket::bind("127.0.0.1:0").await.unwrap();
+    let client_addr = socket.local_addr().unwrap();
 
     let mut conn = quiche::connect(
         Some("test.com"),
@@ -99,10 +103,16 @@ async fn test_passive_migration() {
     )
     .unwrap();
 
+    if active {
+        // Supply a second SCID to the server to facilitate active migration
+        let extra_scid = SimpleConnectionIdGenerator.new_connection_id();
+        conn.new_scid(&extra_scid, 0xAABBCCDDEEFF0123454678, false)
+            .unwrap();
+    }
+
     // Handshake.
     while !conn.is_established() {
         emit_flight(&socket, &mut conn).await;
-
         process_flight(&socket, client_addr, &mut conn).await;
     }
 
@@ -126,16 +136,28 @@ async fn test_passive_migration() {
 
     assert_eq!(process_h3_events(&mut h3_conn, &mut conn), (true, true));
 
-    // Client "migrates" to new address.
-    let migrated_addr: std::net::SocketAddr = "127.0.0.1:54321".parse().unwrap();
+    // Client migrates to new address.
     let migrated_socket =
-        tokio::net::UdpSocket::bind(migrated_addr).await.unwrap();
+        tokio::net::UdpSocket::bind("127.0.0.1:0").await.unwrap();
+    let migrated_addr = migrated_socket.local_addr().unwrap();
+    assert_ne!(
+        client_addr, migrated_addr,
+        "migrated socket must use a different local address",
+    );
+
+    let client_addr = if active {
+        // We actively switch the connection to `migrated_addr` and report that
+        // address for all packets we receive from now on.
+        conn.migrate_source(migrated_addr)
+            .expect("active migration should succeed");
+        migrated_addr
+    } else {
+        // We keep using the original client address to simulate the fact that the
+        // client doesn't know that the path changes (e.g. due to NAT rebinding).
+        client_addr
+    };
 
     // Client sends second request on the new address.
-    //
-    // Note that even though we use the `migrated_socket`, we still use the
-    // original client address (`client_addr`) to simulate the fact that the
-    // client doesn't know that the path changes (e.g. due to NAT rebinding).
     h3_conn.send_request(&mut conn, &req, true).unwrap();
     emit_flight(&migrated_socket, &mut conn).await;
 
@@ -181,18 +203,12 @@ async fn process_flight(
 ) {
     let mut buf = [0; 65535];
 
-    let mut did_recv = false;
+    socket.readable().await.unwrap();
 
     loop {
-        if !did_recv {
-            socket.readable().await.unwrap();
-        }
-
         let (len, from) = match socket.try_recv_from(&mut buf) {
             Ok(v) => v,
-
             Err(e) if e.kind() == std::io::ErrorKind::WouldBlock => break,
-
             Err(e) => panic!("failed to receive packets: {e:?}"),
         };
 
@@ -206,8 +222,6 @@ async fn process_flight(
 
         // Process potentially coalesced packets.
         let _ = conn.recv(&mut buf[..len], recv_info).unwrap();
-
-        did_recv = true;
     }
 }
 
@@ -224,7 +238,7 @@ fn process_h3_events(
 
             Ok((stream_id, quiche::h3::Event::Data)) => {
                 // Drain stream and drop the data.
-                while let Ok(_) = h3_conn.recv_body(conn, stream_id, &mut buf) {}
+                while h3_conn.recv_body(conn, stream_id, &mut buf).is_ok() {}
             },
 
             Ok((_, quiche::h3::Event::Finished)) => {