TUN-4961: Update quic-go to latest

- Updates fips-go to be the latest on cfsetup.yaml
- Updates sumtype's x/tools to be latest to avoid Internal: nil pkg
  errors with fips.

vendor/github.com/lucas-clemente/quic-go/internal/ackhandler/ackhandler.go

@@ -9,12 +9,13 @@ import (
 // NewAckHandler creates a new SentPacketHandler and a new ReceivedPacketHandler
 func NewAckHandler(
 	initialPacketNumber protocol.PacketNumber,
+	initialMaxDatagramSize protocol.ByteCount,
 	rttStats *utils.RTTStats,
 	pers protocol.Perspective,
 	tracer logging.ConnectionTracer,
 	logger utils.Logger,
 	version protocol.VersionNumber,
 ) (SentPacketHandler, ReceivedPacketHandler) {
-	sph := newSentPacketHandler(initialPacketNumber, rttStats, pers, tracer, logger)
+	sph := newSentPacketHandler(initialPacketNumber, initialMaxDatagramSize, rttStats, pers, tracer, logger)
 	return sph, newReceivedPacketHandler(sph, rttStats, logger, version)
 }

vendor/github.com/lucas-clemente/quic-go/internal/ackhandler/interfaces.go

@@ -27,7 +27,7 @@ type Packet struct {
 type SentPacketHandler interface {
 	// SentPacket may modify the packet
 	SentPacket(packet *Packet)
-	ReceivedAck(ackFrame *wire.AckFrame, encLevel protocol.EncryptionLevel, recvTime time.Time) error
+	ReceivedAck(ackFrame *wire.AckFrame, encLevel protocol.EncryptionLevel, recvTime time.Time) (bool /* 1-RTT packet acked */, error)
 	ReceivedBytes(protocol.ByteCount)
 	DropPackets(protocol.EncryptionLevel)
 	ResetForRetry() error

vendor/github.com/lucas-clemente/quic-go/internal/ackhandler/sent_packet_handler.go

@@ -21,6 +21,8 @@ const (
 	packetThreshold = 3
 	// Before validating the client's address, the server won't send more than 3x bytes than it received.
 	amplificationFactor = 3
+	// We use Retry packets to derive an RTT estimate. Make sure we don't set the RTT to a super low value yet.
+	minRTTAfterRetry = 5 * time.Millisecond
 )
 
 type packetNumberSpace struct {
@@ -101,6 +103,7 @@ var (
 
 func newSentPacketHandler(
 	initialPN protocol.PacketNumber,
+	initialMaxDatagramSize protocol.ByteCount,
 	rttStats *utils.RTTStats,
 	pers protocol.Perspective,
 	tracer logging.ConnectionTracer,
@@ -109,6 +112,7 @@ func newSentPacketHandler(
 	congestion := congestion.NewCubicSender(
 		congestion.DefaultClock{},
 		rttStats,
+		initialMaxDatagramSize,
 		true, // use Reno
 		tracer,
 	)
@@ -194,12 +198,17 @@ func (h *sentPacketHandler) dropPackets(encLevel protocol.EncryptionLevel) {
 }
 
 func (h *sentPacketHandler) ReceivedBytes(n protocol.ByteCount) {
+	wasAmplificationLimit := h.isAmplificationLimited()
 	h.bytesReceived += n
+	if wasAmplificationLimit && !h.isAmplificationLimited() {
+		h.setLossDetectionTimer()
+	}
 }
 
-func (h *sentPacketHandler) ReceivedPacket(encLevel protocol.EncryptionLevel) {
-	if h.perspective == protocol.PerspectiveServer && encLevel == protocol.EncryptionHandshake {
+func (h *sentPacketHandler) ReceivedPacket(l protocol.EncryptionLevel) {
+	if h.perspective == protocol.PerspectiveServer && l == protocol.EncryptionHandshake && !h.peerAddressValidated {
 		h.peerAddressValidated = true
+		h.setLossDetectionTimer()
 	}
 }
 
@@ -268,12 +277,15 @@ func (h *sentPacketHandler) sentPacketImpl(packet *Packet) bool /* is ack-elicit
 	return isAckEliciting
 }
 
-func (h *sentPacketHandler) ReceivedAck(ack *wire.AckFrame, encLevel protocol.EncryptionLevel, rcvTime time.Time) error {
+func (h *sentPacketHandler) ReceivedAck(ack *wire.AckFrame, encLevel protocol.EncryptionLevel, rcvTime time.Time) (bool /* contained 1-RTT packet */, error) {
 	pnSpace := h.getPacketNumberSpace(encLevel)
 
 	largestAcked := ack.LargestAcked()
 	if largestAcked > pnSpace.largestSent {
-		return qerr.NewError(qerr.ProtocolViolation, "Received ACK for an unsent packet")
+		return false, &qerr.TransportError{
+			ErrorCode:    qerr.ProtocolViolation,
+			ErrorMessage: "received ACK for an unsent packet",
+		}
 	}
 
 	pnSpace.largestAcked = utils.MaxPacketNumber(pnSpace.largestAcked, largestAcked)
@@ -290,7 +302,7 @@ func (h *sentPacketHandler) ReceivedAck(ack *wire.AckFrame, encLevel protocol.En
 	priorInFlight := h.bytesInFlight
 	ackedPackets, err := h.detectAndRemoveAckedPackets(ack, encLevel)
 	if err != nil || len(ackedPackets) == 0 {
-		return err
+		return false, err
 	}
 	// update the RTT, if the largest acked is newly acknowledged
 	if len(ackedPackets) > 0 {
@@ -308,15 +320,16 @@ func (h *sentPacketHandler) ReceivedAck(ack *wire.AckFrame, encLevel protocol.En
 		}
 	}
 	if err := h.detectLostPackets(rcvTime, encLevel); err != nil {
-		return err
+		return false, err
 	}
+	var acked1RTTPacket bool
 	for _, p := range ackedPackets {
-		if p.skippedPacket {
-			return fmt.Errorf("received an ACK for skipped packet number: %d (%s)", p.PacketNumber, encLevel)
-		}
 		if p.includedInBytesInFlight && !p.declaredLost {
 			h.congestion.OnPacketAcked(p.PacketNumber, p.Length, priorInFlight, rcvTime)
 		}
+		if p.EncryptionLevel == protocol.Encryption1RTT {
+			acked1RTTPacket = true
+		}
 		h.removeFromBytesInFlight(p)
 	}
 
@@ -335,7 +348,7 @@ func (h *sentPacketHandler) ReceivedAck(ack *wire.AckFrame, encLevel protocol.En
 
 	pnSpace.history.DeleteOldPackets(rcvTime)
 	h.setLossDetectionTimer()
-	return nil
+	return acked1RTTPacket, nil
 }
 
 func (h *sentPacketHandler) GetLowestPacketNotConfirmedAcked() protocol.PacketNumber {
@@ -367,15 +380,20 @@ func (h *sentPacketHandler) detectAndRemoveAckedPackets(ack *wire.AckFrame, encL
 				ackRange = ack.AckRanges[len(ack.AckRanges)-1-ackRangeIndex]
 			}
 
-			if p.PacketNumber >= ackRange.Smallest { // packet i contained in ACK range
-				if p.PacketNumber > ackRange.Largest {
-					return false, fmt.Errorf("BUG: ackhandler would have acked wrong packet %d, while evaluating range %d -> %d", p.PacketNumber, ackRange.Smallest, ackRange.Largest)
-				}
-				h.ackedPackets = append(h.ackedPackets, p)
+			if p.PacketNumber < ackRange.Smallest { // packet not contained in ACK range
+				return true, nil
+			}
+			if p.PacketNumber > ackRange.Largest {
+				return false, fmt.Errorf("BUG: ackhandler would have acked wrong packet %d, while evaluating range %d -> %d", p.PacketNumber, ackRange.Smallest, ackRange.Largest)
 			}
-		} else {
-			h.ackedPackets = append(h.ackedPackets, p)
 		}
+		if p.skippedPacket {
+			return false, &qerr.TransportError{
+				ErrorCode:    qerr.ProtocolViolation,
+				ErrorMessage: fmt.Sprintf("received an ACK for skipped packet number: %d (%s)", p.PacketNumber, encLevel),
+			}
+		}
+		h.ackedPackets = append(h.ackedPackets, p)
 		return true, nil
 	})
 	if h.logger.Debug() && len(h.ackedPackets) > 0 {
@@ -399,6 +417,9 @@ func (h *sentPacketHandler) detectAndRemoveAckedPackets(ack *wire.AckFrame, encL
 		if err := pnSpace.history.Remove(p.PacketNumber); err != nil {
 			return nil, err
 		}
+		if h.tracer != nil {
+			h.tracer.AcknowledgedPacket(encLevel, p.PacketNumber)
+		}
 	}
 
 	return h.ackedPackets, err
@@ -424,20 +445,20 @@ func (h *sentPacketHandler) getLossTimeAndSpace() (time.Time, protocol.Encryptio
 }
 
 // same logic as getLossTimeAndSpace, but for lastAckElicitingPacketTime instead of lossTime
-func (h *sentPacketHandler) getPTOTimeAndSpace() (time.Time, protocol.EncryptionLevel) {
-	if !h.hasOutstandingPackets() {
+func (h *sentPacketHandler) getPTOTimeAndSpace() (pto time.Time, encLevel protocol.EncryptionLevel, ok bool) {
+	// We only send application data probe packets once the handshake is confirmed,
+	// because before that, we don't have the keys to decrypt ACKs sent in 1-RTT packets.
+	if !h.handshakeConfirmed && !h.hasOutstandingCryptoPackets() {
+		if h.peerCompletedAddressValidation {
+			return
+		}
 		t := time.Now().Add(h.rttStats.PTO(false) << h.ptoCount)
 		if h.initialPackets != nil {
-			return t, protocol.EncryptionInitial
+			return t, protocol.EncryptionInitial, true
 		}
-		return t, protocol.EncryptionHandshake
+		return t, protocol.EncryptionHandshake, true
 	}
 
-	var (
-		encLevel protocol.EncryptionLevel
-		pto      time.Time
-	)
-
 	if h.initialPackets != nil {
 		encLevel = protocol.EncryptionInitial
 		if t := h.initialPackets.lastAckElicitingPacketTime; !t.IsZero() {
@@ -458,30 +479,27 @@ func (h *sentPacketHandler) getPTOTimeAndSpace() (time.Time, protocol.Encryption
 			encLevel = protocol.Encryption1RTT
 		}
 	}
-	return pto, encLevel
+	return pto, encLevel, true
 }
 
 func (h *sentPacketHandler) hasOutstandingCryptoPackets() bool {
-	var hasInitial, hasHandshake bool
-	if h.initialPackets != nil {
-		hasInitial = h.initialPackets.history.HasOutstandingPackets()
+	if h.initialPackets != nil && h.initialPackets.history.HasOutstandingPackets() {
+		return true
 	}
-	if h.handshakePackets != nil {
-		hasHandshake = h.handshakePackets.history.HasOutstandingPackets()
+	if h.handshakePackets != nil && h.handshakePackets.history.HasOutstandingPackets() {
+		return true
 	}
-	return hasInitial || hasHandshake
+	return false
 }
 
 func (h *sentPacketHandler) hasOutstandingPackets() bool {
-	// We only send application data probe packets once the handshake completes,
-	// because before that, we don't have the keys to decrypt ACKs sent in 1-RTT packets.
-	return (h.handshakeConfirmed && h.appDataPackets.history.HasOutstandingPackets()) ||
-		h.hasOutstandingCryptoPackets()
+	return h.appDataPackets.history.HasOutstandingPackets() || h.hasOutstandingCryptoPackets()
 }
 
 func (h *sentPacketHandler) setLossDetectionTimer() {
 	oldAlarm := h.alarm // only needed in case tracing is enabled
-	if lossTime, encLevel := h.getLossTimeAndSpace(); !lossTime.IsZero() {
+	lossTime, encLevel := h.getLossTimeAndSpace()
+	if !lossTime.IsZero() {
 		// Early retransmit timer or time loss detection.
 		h.alarm = lossTime
 		if h.tracer != nil && h.alarm != oldAlarm {
@@ -490,18 +508,42 @@ func (h *sentPacketHandler) setLossDetectionTimer() {
 		return
 	}
 
+	// Cancel the alarm if amplification limited.
+	if h.isAmplificationLimited() {
+		h.alarm = time.Time{}
+		if !oldAlarm.IsZero() {
+			h.logger.Debugf("Canceling loss detection timer. Amplification limited.")
+			if h.tracer != nil {
+				h.tracer.LossTimerCanceled()
+			}
+		}
+		return
+	}
+
 	// Cancel the alarm if no packets are outstanding
 	if !h.hasOutstandingPackets() && h.peerCompletedAddressValidation {
 		h.alarm = time.Time{}
-		h.logger.Debugf("Canceling loss detection timer. No packets in flight.")
-		if h.tracer != nil && !oldAlarm.IsZero() {
-			h.tracer.LossTimerCanceled()
+		if !oldAlarm.IsZero() {
+			h.logger.Debugf("Canceling loss detection timer. No packets in flight.")
+			if h.tracer != nil {
+				h.tracer.LossTimerCanceled()
+			}
 		}
 		return
 	}
 
 	// PTO alarm
-	ptoTime, encLevel := h.getPTOTimeAndSpace()
+	ptoTime, encLevel, ok := h.getPTOTimeAndSpace()
+	if !ok {
+		if !oldAlarm.IsZero() {
+			h.alarm = time.Time{}
+			h.logger.Debugf("Canceling loss detection timer. No PTO needed..")
+			if h.tracer != nil {
+				h.tracer.LossTimerCanceled()
+			}
+		}
+		return
+	}
 	h.alarm = ptoTime
 	if h.tracer != nil && h.alarm != oldAlarm {
 		h.tracer.SetLossTimer(logging.TimerTypePTO, encLevel, h.alarm)
@@ -569,20 +611,7 @@ func (h *sentPacketHandler) detectLostPackets(now time.Time, encLevel protocol.E
 }
 
 func (h *sentPacketHandler) OnLossDetectionTimeout() error {
-	// When all outstanding are acknowledged, the alarm is canceled in
-	// setLossDetectionTimer. This doesn't reset the timer in the session though.
-	// When OnAlarm is called, we therefore need to make sure that there are
-	// actually packets outstanding.
-	if h.hasOutstandingPackets() || !h.peerCompletedAddressValidation {
-		if err := h.onVerifiedLossDetectionTimeout(); err != nil {
-			return err
-		}
-	}
-	h.setLossDetectionTimer()
-	return nil
-}
-
-func (h *sentPacketHandler) onVerifiedLossDetectionTimeout() error {
+	defer h.setLossDetectionTimer()
 	earliestLossTime, encLevel := h.getLossTimeAndSpace()
 	if !earliestLossTime.IsZero() {
 		if h.logger.Debug() {
@@ -596,34 +625,12 @@ func (h *sentPacketHandler) onVerifiedLossDetectionTimeout() error {
 	}
 
 	// PTO
-	h.ptoCount++
-	if h.bytesInFlight > 0 {
-		_, encLevel = h.getPTOTimeAndSpace()
-		if h.logger.Debug() {
-			h.logger.Debugf("Loss detection alarm for %s fired in PTO mode. PTO count: %d", encLevel, h.ptoCount)
-		}
-		if h.tracer != nil {
-			h.tracer.LossTimerExpired(logging.TimerTypePTO, encLevel)
-			h.tracer.UpdatedPTOCount(h.ptoCount)
-		}
-		h.numProbesToSend += 2
-		//nolint:exhaustive // We never arm a PTO timer for 0-RTT packets.
-		switch encLevel {
-		case protocol.EncryptionInitial:
-			h.ptoMode = SendPTOInitial
-		case protocol.EncryptionHandshake:
-			h.ptoMode = SendPTOHandshake
-		case protocol.Encryption1RTT:
-			// skip a packet number in order to elicit an immediate ACK
-			_ = h.PopPacketNumber(protocol.Encryption1RTT)
-			h.ptoMode = SendPTOAppData
-		default:
-			return fmt.Errorf("PTO timer in unexpected encryption level: %s", encLevel)
-		}
-	} else {
-		if h.perspective == protocol.PerspectiveServer {
-			return errors.New("sentPacketHandler BUG: PTO fired, but bytes_in_flight is 0")
-		}
+	// When all outstanding are acknowledged, the alarm is canceled in
+	// setLossDetectionTimer. This doesn't reset the timer in the session though.
+	// When OnAlarm is called, we therefore need to make sure that there are
+	// actually packets outstanding.
+	if h.bytesInFlight == 0 && !h.peerCompletedAddressValidation {
+		h.ptoCount++
 		h.numProbesToSend++
 		if h.initialPackets != nil {
 			h.ptoMode = SendPTOInitial
@@ -632,6 +639,37 @@ func (h *sentPacketHandler) onVerifiedLossDetectionTimeout() error {
 		} else {
 			return errors.New("sentPacketHandler BUG: PTO fired, but bytes_in_flight is 0 and Initial and Handshake already dropped")
 		}
+		return nil
+	}
+
+	_, encLevel, ok := h.getPTOTimeAndSpace()
+	if !ok {
+		return nil
+	}
+	if ps := h.getPacketNumberSpace(encLevel); !ps.history.HasOutstandingPackets() && !h.peerCompletedAddressValidation {
+		return nil
+	}
+	h.ptoCount++
+	if h.logger.Debug() {
+		h.logger.Debugf("Loss detection alarm for %s fired in PTO mode. PTO count: %d", encLevel, h.ptoCount)
+	}
+	if h.tracer != nil {
+		h.tracer.LossTimerExpired(logging.TimerTypePTO, encLevel)
+		h.tracer.UpdatedPTOCount(h.ptoCount)
+	}
+	h.numProbesToSend += 2
+	//nolint:exhaustive // We never arm a PTO timer for 0-RTT packets.
+	switch encLevel {
+	case protocol.EncryptionInitial:
+		h.ptoMode = SendPTOInitial
+	case protocol.EncryptionHandshake:
+		h.ptoMode = SendPTOHandshake
+	case protocol.Encryption1RTT:
+		// skip a packet number in order to elicit an immediate ACK
+		_ = h.PopPacketNumber(protocol.Encryption1RTT)
+		h.ptoMode = SendPTOAppData
+	default:
+		return fmt.Errorf("PTO timer in unexpected encryption level: %s", encLevel)
 	}
 	return nil
 }
@@ -768,8 +806,9 @@ func (h *sentPacketHandler) ResetForRetry() error {
 	// Only use the Retry to estimate the RTT if we didn't send any retransmission for the Initial.
 	// Otherwise, we don't know which Initial the Retry was sent in response to.
 	if h.ptoCount == 0 {
+		// Don't set the RTT to a value lower than 5ms here.
 		now := time.Now()
-		h.rttStats.UpdateRTT(now.Sub(firstPacketSendTime), 0, now)
+		h.rttStats.UpdateRTT(utils.MaxDuration(minRTTAfterRetry, now.Sub(firstPacketSendTime)), 0, now)
 		if h.logger.Debug() {
 			h.logger.Debugf("\tupdated RTT: %s (σ: %s)", h.rttStats.SmoothedRTT(), h.rttStats.MeanDeviation())
 		}

vendor/github.com/lucas-clemente/quic-go/internal/ackhandler/sent_packet_history.go

@@ -64,8 +64,9 @@ func (h *sentPacketHistory) Iterate(cb func(*Packet) (cont bool, err error)) err
 // FirstOutStanding returns the first outstanding packet.
 func (h *sentPacketHistory) FirstOutstanding() *Packet {
 	for el := h.packetList.Front(); el != nil; el = el.Next() {
-		if !el.Value.declaredLost && !el.Value.skippedPacket {
-			return &el.Value
+		p := &el.Value
+		if !p.declaredLost && !p.skippedPacket && !p.IsPathMTUProbePacket {
+			return p
 		}
 	}
 	return nil