hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 22:19:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-7970: Default to enable post quantum encryption for quic transport

Browse Source
This commit is contained in:
Chung-Ting
2023-12-07 11:27:44 +00:00
parent 8068cdebb6
commit 4ddc8d758b
4 changed files with 22 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
features/selector.go
View File

@@ -21,9 +21,8 @@ const (
type PostQuantumMode uint8
const (
PostQuantumDisabled PostQuantumMode = iota
// Prefer post quantum, but fallback if connection cannot be established
PostQuantumPrefer
PostQuantumPrefer PostQuantumMode = iota
// If the user passes the --post-quantum flag, we override
// CurvePreferences to only support hybrid post-quantum key agreements.
PostQuantumStrict
@@ -31,9 +30,8 @@ const (
// If the TXT record adds other fields, the umarshal logic will ignore those keys
// If the TXT record is missing a key, the field will unmarshal to the default Go value
type featuresRecord struct {
PostQuantumPercentage int32 `json:"pq"`
}
// pq was removed in TUN-7970
type featuresRecord struct{}
func NewFeatureSelector(ctx context.Context, accountTag string, staticFeatures StaticFeatures, logger *zerolog.Logger) (*FeatureSelector, error) {
return newFeatureSelector(ctx, accountTag, logger, newDNSResolver(), staticFeatures, defaultRefreshFreq)
@@ -70,7 +68,7 @@ func newFeatureSelector(ctx context.Context, accountTag string, logger *zerolog.
logger.Err(err).Msg("Failed to fetch features, default to disable")
}
go selector.refreshLoop(ctx, refreshFreq)
// Run refreshLoop next time we have a new feature to rollout
return selector, nil
}
@@ -80,13 +78,7 @@ func (fs *FeatureSelector) PostQuantumMode() PostQuantumMode {
return *fs.staticFeatures.PostQuantumMode
}
fs.lock.RLock()
defer fs.lock.RUnlock()
if fs.features.PostQuantumPercentage > fs.accountHash {
return PostQuantumPrefer
}
return PostQuantumDisabled
return PostQuantumPrefer
}
func (fs *FeatureSelector) refreshLoop(ctx context.Context, refreshFreq time.Duration) {
@@ -115,9 +107,6 @@ func (fs *FeatureSelector) refresh(ctx context.Context) error {
return err
}
pq_enabled := features.PostQuantumPercentage > fs.accountHash
fs.logger.Debug().Int32("account_hash", fs.accountHash).Int32("pq_perct", features.PostQuantumPercentage).Bool("pq_enabled", pq_enabled).Msg("Refreshed feature")
fs.lock.Lock()
defer fs.lock.Unlock()