gfe-relnote: In QUIC, inline ProcessUnauthenticatedHeaderFate. Not protected.
Also remove unused kFateDrop and kFateBuffer.
PiperOrigin-RevId: 254387278
Change-Id: I148631c8f8bad21d61236f6b5b43a837376d9dab
diff --git a/quic/core/quic_dispatcher.cc b/quic/core/quic_dispatcher.cc
index 48f5023..f6fa002 100644
--- a/quic/core/quic_dispatcher.cc
+++ b/quic/core/quic_dispatcher.cc
@@ -327,14 +327,27 @@
QUIC_DLOG(INFO) << "Packet with short destination connection ID "
<< server_connection_id << " expected "
<< static_cast<int>(expected_server_connection_id_length_);
- QuicPacketFate fate = kFateDrop;
if (!GetQuicReloadableFlag(quic_drop_invalid_small_initial_connection_id)) {
- fate = kFateTimeWait;
+ // Add this connection_id to the time-wait state, to safely reject
+ // future packets.
+ QUIC_DLOG(INFO) << "Adding connection ID " << server_connection_id
+ << " to time-wait list.";
+ StatelesslyTerminateConnection(
+ server_connection_id, form, version_flag, version,
+ QUIC_HANDSHAKE_FAILED, "Reject connection",
+ quic::QuicTimeWaitListManager::SEND_STATELESS_RESET);
+
+ DCHECK(time_wait_list_manager_->IsConnectionIdInTimeWait(
+ server_connection_id));
+ time_wait_list_manager_->ProcessPacket(
+ current_self_address_, current_peer_address_, server_connection_id,
+ form, GetPerPacketContext());
+
+ buffered_packets_.DiscardPackets(server_connection_id);
} else {
QUIC_RELOADABLE_FLAG_COUNT(quic_drop_invalid_small_initial_connection_id);
+ // Drop the packet silently.
}
- ProcessUnauthenticatedHeaderFate(fate, server_connection_id, form,
- version_flag, version);
return true;
}
@@ -403,48 +416,28 @@
// ProcessUnauthenticatedHeaderFate in one place.
QuicPacketFate fate =
ValidityChecks(version_flag, version, destination_connection_id);
- if (fate == kFateProcess) {
- if (version.handshake_protocol == PROTOCOL_TLS1_3) {
- ProcessUnauthenticatedHeaderFate(kFateProcess, server_connection_id, form,
- version_flag, version);
- return;
- // TODO(nharper): Support buffering non-ClientHello packets when using
- // TLS.
- }
-
- ChloAlpnExtractor alpn_extractor;
- if (GetQuicFlag(FLAGS_quic_allow_chlo_buffering) &&
- !ChloExtractor::Extract(*current_packet_, GetSupportedVersions(),
- config_->create_session_tag_indicators(),
- &alpn_extractor,
- server_connection_id.length())) {
- // Buffer non-CHLO packets.
- ProcessUnauthenticatedHeaderFate(kFateBuffer, server_connection_id, form,
- version_flag, version);
- return;
- }
- current_alpn_ = alpn_extractor.ConsumeAlpn();
- ProcessUnauthenticatedHeaderFate(kFateProcess, server_connection_id, form,
- version_flag, version);
- return;
- }
-
- // Fate is already known.
- ProcessUnauthenticatedHeaderFate(fate, server_connection_id, form,
- version_flag, version);
-}
-
-void QuicDispatcher::ProcessUnauthenticatedHeaderFate(
- QuicPacketFate fate,
- QuicConnectionId server_connection_id,
- PacketHeaderFormat form,
- bool version_flag,
- ParsedQuicVersion version) {
+ ChloAlpnExtractor alpn_extractor;
switch (fate) {
- case kFateProcess: {
+ case kFateProcess:
+ if (version.handshake_protocol == PROTOCOL_TLS1_3) {
+ // TODO(nharper): Support buffering non-ClientHello packets when using
+ // TLS.
+ ProcessChlo(form, version);
+ break;
+ }
+ if (GetQuicFlag(FLAGS_quic_allow_chlo_buffering) &&
+ !ChloExtractor::Extract(*current_packet_, GetSupportedVersions(),
+ config_->create_session_tag_indicators(),
+ &alpn_extractor,
+ server_connection_id.length())) {
+ // Buffer non-CHLO packets.
+ BufferEarlyPacket(server_connection_id, form != GOOGLE_QUIC_PACKET,
+ version);
+ break;
+ }
+ current_alpn_ = alpn_extractor.ConsumeAlpn();
ProcessChlo(form, version);
break;
- }
case kFateTimeWait:
// Add this connection_id to the time-wait state, to safely reject
// future packets.
@@ -464,16 +457,6 @@
buffered_packets_.DiscardPackets(server_connection_id);
break;
- case kFateBuffer:
- // This packet is a non-CHLO packet which has arrived before the
- // corresponding CHLO, *or* this packet was received while the
- // corresponding CHLO was being processed. Buffer it.
- BufferEarlyPacket(server_connection_id, form != GOOGLE_QUIC_PACKET,
- version);
- break;
- case kFateDrop:
- // Do nothing with the packet.
- break;
}
}
diff --git a/quic/core/quic_dispatcher.h b/quic/core/quic_dispatcher.h
index 41c58de..65f3d28 100644
--- a/quic/core/quic_dispatcher.h
+++ b/quic/core/quic_dispatcher.h
@@ -158,19 +158,12 @@
QuicConnectionId source_connection_id);
// Values to be returned by ValidityChecks() to indicate what should be done
- // with a packet. Fates with greater values are considered to be higher
- // priority, in that if one validity check indicates a lower-valued fate and
- // another validity check indicates a higher-valued fate, the higher-valued
- // fate should be obeyed.
+ // with a packet.
enum QuicPacketFate {
// Process the packet normally, which is usually to establish a connection.
kFateProcess,
// Put the connection ID into time-wait state and send a public reset.
kFateTimeWait,
- // Buffer the packet.
- kFateBuffer,
- // Drop the packet (ignore and give no response).
- kFateDrop,
};
// This method is called by ProcessHeader on packets not associated with a
@@ -334,14 +327,6 @@
const std::list<QuicBufferedPacketStore::BufferedPacket>& packets,
QuicSession* session);
- // Perform the appropriate actions on the current packet based on |fate| -
- // either process, buffer, or drop it.
- void ProcessUnauthenticatedHeaderFate(QuicPacketFate fate,
- QuicConnectionId server_connection_id,
- PacketHeaderFormat form,
- bool version_flag,
- ParsedQuicVersion version);
-
// If the connection ID length is different from what the dispatcher expects,
// replace the connection ID with a random one of the right length,
// and save it to make sure the mapping is persistent.