toidiu

send ConnectionClose when the first packet is malformed

1

Currently we [discard](https://github.com/awslabs/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/endpoint/mod.rs#L725) the connection when there is an error in the first Initial packet without notifying the peer. This goes against the [RFC](https://datatracker.ietf.org/doc/html/rfc9000#section-7.3) and also makes it hard to...

- [x] Allow open connections to transmit ConnectionClose before terminating the client https://github.com/awslabs/s2n-quic/pull/1054 - [x] handshake confirm on 1rtt acked https://github.com/awslabs/s2n-quic/pull/1055 - [x] https://github.com/awslabs/s2n-quic/issues/1012 https://github.com/awslabs/s2n-quic/pull/1057 - [x] #1056 https://github.com/awslabs/s2n-quic/pull/1076 -...

fail earlier when handling malformed ClientHello (s2n-tls)

1

NOTE: This is an integration bug and not a bug with s2n-tls/rustls. All references to s2n-tls and rustls mean the integration of tls provider with s2n-quic. Currently rustls and s2n-tls...

https://datatracker.ietf.org/doc/html/rfc9000#section-9.6 ``` QUIC allows servers to accept connections on one IP address and attempt to transfer these connections to a more preferred address shortly after the handshake. This is particularly...

- [ ] https://github.com/awslabs/s2n-quic/issues/713 - [ ] https://github.com/awslabs/s2n-quic/issues/714 - [ ] https://github.com/awslabs/s2n-quic/issues/743 - [ ] https://github.com/awslabs/s2n-quic/issues/741 - [ ] https://github.com/awslabs/s2n-quic/issues/1067

### summary - RFC: https://datatracker.ietf.org/doc/html/rfc9000#section-21.6 - article: https://web.archive.org/web/20150426090206/http://ha.ckers.org/slowloris/ > The attacks commonly known as Slowloris [SLOWLORIS] try to keep many connections to the target endpoint open and hold them open...

### Current behavior: - HandshakeDone frame is [prioritized sending on each transmission](https://github.com/awslabs/s2n-quic/blob/7b23a7f39c1679a3ae96163863eef5c12021e720/quic/s2n-quic-transport/src/transmission/application.rs#L118-L120) - The frame is however not sent in a continuous packet number range (if MTU probe is sent...

- [x] set [active_connection_id_limit](https://github.com/awslabs/s2n-quic/blob/7b23a7f39c1679a3ae96163863eef5c12021e720/quic/s2n-quic-transport/src/connection/peer_id_registry.rs#L46) in [client](https://github.com/awslabs/s2n-quic/blob/7b23a7f39c1679a3ae96163863eef5c12021e720/quic/s2n-quic-transport/src/endpoint/mod.rs#L258) transort params - [ ] issue conn ids sooner on client - [ ] send mtu probe sooner on client (right after application keys...

Pr https://github.com/awslabs/s2n-quic/pull/1043 adds the active_connection_id_limit transport param to the ClientHello. This value was previously loaded from the peer-provided Limits: https://github.com/awslabs/s2n-quic/blob/main/quic/s2n-quic-core/src/transport/parameters/mod.rs#L1343. However the peer-provided limits also doesnt make sense since the...

https://github.com/awslabs/s2n-quic/blob/df3904e9b91b20552c36dc1ef08c02237216ef0b/quic/s2n-quic-transport/src/connection/api.rs#L103