Skip to content

feat(s2n-quic-tls): record server's ConnectionInfo in s2n-quic's TLS Connection #2906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
boquan-fang merged 10 commits into from
Dec 11, 2025
Merged

feat(s2n-quic-tls): record server's ConnectionInfo in s2n-quic's TLS Connection #2906

boquan-fang merged 10 commits into from
Dec 11, 2025

Conversation

@boquan-fang
Copy link
Contributor

@boquan-fang boquan-fang commented Dec 3, 2025
edited
Loading

Release Summary:

Set application context of s2n-tls connection with the ip address that client used to connect with the server.

Resolved issues:

Related to aws/s2n-tls#5649.

Description of changes:

The main change is the application context associated with the s2n_tls::Connection will be set with the client's remote address (server's local address), so that the server knows about the addressing information at the very early stage of the handshake.

Hence, we have to specifically set application context in the Session::new() method. Since the Session::new() method and the new_server_session method don't have access to the client's remote address, we will have to add a new parameter for those methods to pass in address information.

Call-outs:

I am changing those two APIs in s2n-quic-core and s2n-quic-tls, but the public s2n-quic API won't be changed. Our users shouldn't solely depend on s2n-quic-* creates other than the s2n-quic crate, so I don't think my change would break customers.

This is an internal crate used by s2n-quic. The API is not currently stable and should not be used directly.

https://github.com/aws/s2n-quic/blob/main/quic/s2n-quic-core/README.md

Testing:

I add a unit test in quic/s2n-quic-tls/src/tests.rs. The test sets up a new session and it proves the ip address information can be queried from the session's connection.

In addition to a unit test, I also added a integration test. The ch_callback_server_local_address_test test would set up a ClientHelloCallback handler and implement the trait. The test verifies that the client hello callback can accurately access the connection info set on the s2n-tls::Connection.

This integration test is only available on Linux, since it's only available if s2n-quic is used with s2n-tls as its underlying TLS implementation.

test tests::new_server_session_with_remote_address_test ... ok
...
test tests::ch_callback_connection_info::ch_callback_connection_info_test ... ok

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@boquan-fang boquan-fang marked this pull request as ready for review December 4, 2025 00:07
@boquan-fang boquan-fang requested a review from a team as a code owner December 4, 2025 00:07
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from 5eec613 to f0127dc Compare December 8, 2025 23:54
@boquan-fang boquan-fang changed the title feat(s2n-quic-tls): record client's remote addr in s2n-quic's Connection feat(s2n-quic-tls): record server's local address in s2n-quic's Connection Dec 8, 2025
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch 2 times, most recently from 3e9f21c to 5f7e5b0 Compare December 9, 2025 18:08
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from 5f7e5b0 to 793aa05 Compare December 9, 2025 18:37
WesleyRosenblum
WesleyRosenblum reviewed Dec 9, 2025
View reviewed changes
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch 3 times, most recently from f9df0af to d2030c8 Compare December 10, 2025 02:11
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch 2 times, most recently from fd4c02d to dc5b469 Compare December 10, 2025 18:46
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from dc5b469 to d6197d8 Compare December 10, 2025 18:47
@boquan-fang boquan-fang changed the title feat(s2n-quic-tls): record server's local address in s2n-quic's Connection feat(s2n-quic-tls): record server's ConnectionInfo in s2n-quic's TLS Connection Dec 10, 2025
@WesleyRosenblum WesleyRosenblum mentioned this pull request Dec 10, 2025
Merged
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from c9aa47b to 19e876c Compare December 10, 2025 22:43
WesleyRosenblum
WesleyRosenblum reviewed Dec 10, 2025
View reviewed changes
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from 5929ad3 to 1b72dbc Compare December 11, 2025 00:17
@boquan-fang
chore: address PR comments:
3aa4911 
* Make the new_server_session connectioninfo required
* Add a comment about why we set connection info as a app cxt
* Assert that connection_info is acquired in CHCallback
* Simplify test address creating logic in integ test
* Re-export ConnectionInfo for easier access
@boquan-fang boquan-fang force-pushed the get-ip-from-connection branch from 1b72dbc to 3aa4911 Compare December 11, 2025 00:19
@boquan-fang boquan-fang merged commit 51f2be4 into aws:main Dec 11, 2025
124 checks passed
@boquan-fang boquan-fang deleted the get-ip-from-connection branch December 11, 2025 17:55
@boquan-fang boquan-fang mentioned this pull request Dec 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WesleyRosenblum WesleyRosenblum WesleyRosenblum approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@boquan-fang @WesleyRosenblum