More from @martinthomson

neqo-transport/src/addr_valid.rs

@@ -222,47 +222,46 @@ impl AddressValidation {
  let enc = &token[TOKEN_IDENTIFIER_RETRY.len()..];
  // Note that this allows the token identifier part to be corrupted.
  // That's OK here as we don't depend on that being authenticated.
- self.decrypt_token(enc, peer_address, retry, now)
- .map_or_else(
- || {
- if retry {
- // If this looked like a Retry, treat it as being bad.
- qinfo!("AddressValidation: invalid Retry token; rejecting");
- AddressValidationResult::Invalid
- } else if self.validation == ValidateAddress::Never {
- // We don't require validation, so OK.
- qinfo!("AddressValidation: invalid NEW_TOKEN token; accepting");
- AddressValidationResult::Pass
- } else {
- // This might be an invalid NEW_TOKEN token, or a valid one
- // for which we have since lost the keys. Check again.
- qinfo!("AddressValidation: invalid NEW_TOKEN token; validating again");
- AddressValidationResult::Validate
- }
- },
- |cid| {
- if retry {
- // This is from Retry, so we should have an ODCID >= 8.
- if cid.len() >= 8 {
- qinfo!("AddressValidation: valid Retry token for {}", cid);
- AddressValidationResult::ValidRetry(cid)
- } else {
- panic!("AddressValidation: Retry token with small CID {cid}");
- }
- } else if cid.is_empty() {
- // An empty connection ID means NEW_TOKEN.
- if self.validation == ValidateAddress::Always {
- qinfo!("AddressValidation: valid NEW_TOKEN token; validating again");
- AddressValidationResult::Validate
- } else {
- qinfo!("AddressValidation: valid NEW_TOKEN token; accepting");
- AddressValidationResult::Pass
- }
- } else {
- panic!("AddressValidation: NEW_TOKEN token with CID {cid}");
- }
- },
- )
+ #[allow(clippy::option_if_let_else)]
+ if let Some(cid) = self.decrypt_token(enc, peer_address, retry, now) {
+ if retry {
+ // This is from Retry, so we should have an ODCID >= 8.
+ if cid.len() >= 8 {
+ qinfo!("AddressValidation: valid Retry token for {}", cid);
+ AddressValidationResult::ValidRetry(cid)
+ } else {
+ panic!("AddressValidation: Retry token with small CID {cid}");
+ }
+ } else if cid.is_empty() {
+ // An empty connection ID means NEW_TOKEN.
+ if self.validation == ValidateAddress::Always {
+ qinfo!("AddressValidation: valid NEW_TOKEN token; validating again");
+ AddressValidationResult::Validate
+ } else {
+ qinfo!("AddressValidation: valid NEW_TOKEN token; accepting");
+ AddressValidationResult::Pass
+ }
+ } else {
+ panic!("AddressValidation: NEW_TOKEN token with CID {cid}");
+ }
+ } else {
+ // From here on, we have a token that we couldn't decrypt.
+ // We've either lost the keys or we've received junk.
+ if retry {
+ // If this looked like a Retry, treat it as being bad.
+ qinfo!("AddressValidation: invalid Retry token; rejecting");
+ AddressValidationResult::Invalid
+ } else if self.validation == ValidateAddress::Never {
+ // We don't require validation, so OK.
+ qinfo!("AddressValidation: invalid NEW_TOKEN token; accepting");
+ AddressValidationResult::Pass
+ } else {
+ // This might be an invalid NEW_TOKEN token, or a valid one
+ // for which we have since lost the keys. Check again.
+ qinfo!("AddressValidation: invalid NEW_TOKEN token; validating again");
+ AddressValidationResult::Validate
+ }
+ }
  }
 }