Google Git
Sign in
quiche / quiche.git / 1b0c745128f121dfa373610a783a53a0a2304f91 / . / quic / core / quic_connection.cc
blob: 7bcf5a4264a54087ee7a2da39a707f2858067ec1 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quic/core/quic_connection.h"
#include <string.h>
#include <sys/types.h>
#include <algorithm>
#include <iterator>
#include <limits>
#include <memory>
#include <optional>
#include <set>
#include <string>
#include <utility>
#include "absl/strings/escaping.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/string_view.h"
#include "quic/core/congestion_control/rtt_stats.h"
#include "quic/core/congestion_control/send_algorithm_interface.h"
#include "quic/core/crypto/crypto_protocol.h"
#include "quic/core/crypto/crypto_utils.h"
#include "quic/core/crypto/quic_decrypter.h"
#include "quic/core/crypto/quic_encrypter.h"
#include "quic/core/proto/cached_network_parameters_proto.h"
#include "quic/core/quic_bandwidth.h"
#include "quic/core/quic_config.h"
#include "quic/core/quic_connection_id.h"
#include "quic/core/quic_constants.h"
#include "quic/core/quic_error_codes.h"
#include "quic/core/quic_legacy_version_encapsulator.h"
#include "quic/core/quic_packet_creator.h"
#include "quic/core/quic_packet_writer.h"
#include "quic/core/quic_path_validator.h"
#include "quic/core/quic_types.h"
#include "quic/core/quic_utils.h"
#include "quic/platform/api/quic_bug_tracker.h"
#include "quic/platform/api/quic_client_stats.h"
#include "quic/platform/api/quic_error_code_wrappers.h"
#include "quic/platform/api/quic_exported_stats.h"
#include "quic/platform/api/quic_flag_utils.h"
#include "quic/platform/api/quic_flags.h"
#include "quic/platform/api/quic_hostname_utils.h"
#include "quic/platform/api/quic_logging.h"
#include "quic/platform/api/quic_server_stats.h"
#include "quic/platform/api/quic_socket_address.h"
#include "common/quiche_text_utils.h"
namespace quic {
class QuicDecrypter;
class QuicEncrypter;
namespace {
// Maximum number of consecutive sent nonretransmittable packets.
const QuicPacketCount kMaxConsecutiveNonRetransmittablePackets = 19;
// The minimum release time into future in ms.
const int kMinReleaseTimeIntoFutureMs = 1;
// An alarm that is scheduled to send an ack if a timeout occurs.
class AckAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit AckAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
AckAlarmDelegate(const AckAlarmDelegate&) = delete;
AckAlarmDelegate& operator=(const AckAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->ack_frame_updated());
QUICHE_DCHECK(connection_->connected());
QuicConnection::ScopedPacketFlusher flusher(connection_);
if (connection_->SupportsMultiplePacketNumberSpaces()) {
connection_->SendAllPendingAcks();
} else {
connection_->SendAck();
}
}
private:
QuicConnection* connection_;
};
// This alarm will be scheduled any time a data-bearing packet is sent out.
// When the alarm goes off, the connection checks to see if the oldest packets
// have been acked, and retransmit them if they have not.
class RetransmissionAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit RetransmissionAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
RetransmissionAlarmDelegate(const RetransmissionAlarmDelegate&) = delete;
RetransmissionAlarmDelegate& operator=(const RetransmissionAlarmDelegate&) =
delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
connection_->OnRetransmissionTimeout();
}
private:
QuicConnection* connection_;
};
// An alarm that is scheduled when the SentPacketManager requires a delay
// before sending packets and fires when the packet may be sent.
class SendAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit SendAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
SendAlarmDelegate(const SendAlarmDelegate&) = delete;
SendAlarmDelegate& operator=(const SendAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
connection_->WriteIfNotBlocked();
}
private:
QuicConnection* connection_;
};
class PingAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit PingAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
PingAlarmDelegate(const PingAlarmDelegate&) = delete;
PingAlarmDelegate& operator=(const PingAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
connection_->OnPingTimeout();
}
private:
QuicConnection* connection_;
};
class MtuDiscoveryAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit MtuDiscoveryAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
MtuDiscoveryAlarmDelegate(const MtuDiscoveryAlarmDelegate&) = delete;
MtuDiscoveryAlarmDelegate& operator=(const MtuDiscoveryAlarmDelegate&) =
delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
connection_->DiscoverMtu();
}
private:
QuicConnection* connection_;
};
class ProcessUndecryptablePacketsAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit ProcessUndecryptablePacketsAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
ProcessUndecryptablePacketsAlarmDelegate(
const ProcessUndecryptablePacketsAlarmDelegate&) = delete;
ProcessUndecryptablePacketsAlarmDelegate& operator=(
const ProcessUndecryptablePacketsAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
QuicConnection::ScopedPacketFlusher flusher(connection_);
connection_->MaybeProcessUndecryptablePackets();
}
private:
QuicConnection* connection_;
};
class DiscardPreviousOneRttKeysAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit DiscardPreviousOneRttKeysAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
DiscardPreviousOneRttKeysAlarmDelegate(
const DiscardPreviousOneRttKeysAlarmDelegate&) = delete;
DiscardPreviousOneRttKeysAlarmDelegate& operator=(
const DiscardPreviousOneRttKeysAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
connection_->DiscardPreviousOneRttKeys();
}
private:
QuicConnection* connection_;
};
class DiscardZeroRttDecryptionKeysAlarmDelegate : public QuicAlarm::Delegate {
public:
explicit DiscardZeroRttDecryptionKeysAlarmDelegate(QuicConnection* connection)
: connection_(connection) {}
DiscardZeroRttDecryptionKeysAlarmDelegate(
const DiscardZeroRttDecryptionKeysAlarmDelegate&) = delete;
DiscardZeroRttDecryptionKeysAlarmDelegate& operator=(
const DiscardZeroRttDecryptionKeysAlarmDelegate&) = delete;
void OnAlarm() override {
QUICHE_DCHECK(connection_->connected());
QUIC_DLOG(INFO) << "0-RTT discard alarm fired";
connection_->RemoveDecrypter(ENCRYPTION_ZERO_RTT);
}
private:
QuicConnection* connection_;
};
// When the clearer goes out of scope, the coalesced packet gets cleared.
class ScopedCoalescedPacketClearer {
public:
explicit ScopedCoalescedPacketClearer(QuicCoalescedPacket* coalesced)
: coalesced_(coalesced) {}
~ScopedCoalescedPacketClearer() { coalesced_->Clear(); }
private:
QuicCoalescedPacket* coalesced_; // Unowned.
};
// Whether this incoming packet is allowed to replace our connection ID.
bool PacketCanReplaceServerConnectionId(const QuicPacketHeader& header,
Perspective perspective) {
return perspective == Perspective::IS_CLIENT &&
header.form == IETF_QUIC_LONG_HEADER_PACKET &&
header.version.IsKnown() &&
header.version.AllowsVariableLengthConnectionIds() &&
(header.long_packet_type == INITIAL ||
header.long_packet_type == RETRY);
}
CongestionControlType GetDefaultCongestionControlType() {
if (GetQuicReloadableFlag(quic_default_to_bbr_v2)) {
return kBBRv2;
}
if (GetQuicReloadableFlag(quic_default_to_bbr)) {
return kBBR;
}
return kCubicBytes;
}
} // namespace
#define ENDPOINT \
(perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ")
QuicConnection::QuicConnection(
QuicConnectionId server_connection_id,
QuicSocketAddress initial_self_address,
QuicSocketAddress initial_peer_address,
QuicConnectionHelperInterface* helper,
QuicAlarmFactory* alarm_factory,
QuicPacketWriter* writer,
bool owns_writer,
Perspective perspective,
const ParsedQuicVersionVector& supported_versions)
: framer_(supported_versions,
helper->GetClock()->ApproximateNow(),
perspective,
server_connection_id.length()),
current_packet_content_(NO_FRAMES_RECEIVED),
is_current_packet_connectivity_probing_(false),
has_path_challenge_in_current_packet_(false),
current_effective_peer_migration_type_(NO_CHANGE),
helper_(helper),
alarm_factory_(alarm_factory),
per_packet_options_(nullptr),
writer_(writer),
owns_writer_(owns_writer),
encryption_level_(ENCRYPTION_INITIAL),
clock_(helper->GetClock()),
random_generator_(helper->GetRandomGenerator()),
client_connection_id_is_set_(false),
direct_peer_address_(initial_peer_address),
default_path_(initial_self_address,
QuicSocketAddress(),
/*client_connection_id=*/EmptyQuicConnectionId(),
server_connection_id,
/*stateless_reset_token_received=*/false,
/*stateless_reset_token=*/{}),
active_effective_peer_migration_type_(NO_CHANGE),
support_key_update_for_connection_(false),
last_packet_decrypted_(false),
last_size_(0),
current_packet_data_(nullptr),
last_decrypted_packet_level_(ENCRYPTION_INITIAL),
should_last_packet_instigate_acks_(false),
max_undecryptable_packets_(0),
max_tracked_packets_(GetQuicFlag(FLAGS_quic_max_tracked_packet_count)),
idle_timeout_connection_close_behavior_(
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET),
num_rtos_for_blackhole_detection_(0),
uber_received_packet_manager_(&stats_),
stop_waiting_count_(0),
pending_retransmission_alarm_(false),
defer_send_in_response_to_packets_(false),
ping_timeout_(QuicTime::Delta::FromSeconds(kPingTimeoutSecs)),
initial_retransmittable_on_wire_timeout_(QuicTime::Delta::Infinite()),
consecutive_retransmittable_on_wire_ping_count_(0),
retransmittable_on_wire_ping_count_(0),
arena_(),
ack_alarm_(alarm_factory_->CreateAlarm(arena_.New<AckAlarmDelegate>(this),
&arena_)),
retransmission_alarm_(alarm_factory_->CreateAlarm(
arena_.New<RetransmissionAlarmDelegate>(this),
&arena_)),
send_alarm_(
alarm_factory_->CreateAlarm(arena_.New<SendAlarmDelegate>(this),
&arena_)),
ping_alarm_(
alarm_factory_->CreateAlarm(arena_.New<PingAlarmDelegate>(this),
&arena_)),
mtu_discovery_alarm_(alarm_factory_->CreateAlarm(
arena_.New<MtuDiscoveryAlarmDelegate>(this),
&arena_)),
process_undecryptable_packets_alarm_(alarm_factory_->CreateAlarm(
arena_.New<ProcessUndecryptablePacketsAlarmDelegate>(this),
&arena_)),
discard_previous_one_rtt_keys_alarm_(alarm_factory_->CreateAlarm(
arena_.New<DiscardPreviousOneRttKeysAlarmDelegate>(this),
&arena_)),
discard_zero_rtt_decryption_keys_alarm_(alarm_factory_->CreateAlarm(
arena_.New<DiscardZeroRttDecryptionKeysAlarmDelegate>(this),
&arena_)),
visitor_(nullptr),
debug_visitor_(nullptr),
packet_creator_(server_connection_id, &framer_, random_generator_, this),
last_received_packet_info_(clock_->ApproximateNow()),
sent_packet_manager_(perspective,
clock_,
random_generator_,
&stats_,
GetDefaultCongestionControlType()),
version_negotiated_(false),
perspective_(perspective),
connected_(true),
can_truncate_connection_ids_(perspective == Perspective::IS_SERVER),
mtu_probe_count_(0),
previous_validated_mtu_(0),
peer_max_packet_size_(kDefaultMaxPacketSizeTransportParam),
largest_received_packet_size_(0),
write_error_occurred_(false),
no_stop_waiting_frames_(version().HasIetfInvariantHeader()),
consecutive_num_packets_with_no_retransmittable_frames_(0),
max_consecutive_num_packets_with_no_retransmittable_frames_(
kMaxConsecutiveNonRetransmittablePackets),
bundle_retransmittable_with_pto_ack_(false),
fill_up_link_during_probing_(false),
probing_retransmission_pending_(false),
last_control_frame_id_(kInvalidControlFrameId),
is_path_degrading_(false),
processing_ack_frame_(false),
supports_release_time_(false),
release_time_into_future_(QuicTime::Delta::Zero()),
blackhole_detector_(this, &arena_, alarm_factory_),
idle_network_detector_(this,
clock_->ApproximateNow(),
&arena_,
alarm_factory_),
use_encryption_level_context_(
GetQuicReloadableFlag(quic_use_encryption_level_context)),
path_validator_(alarm_factory_, &arena_, this, random_generator_),
most_recent_frame_type_(NUM_FRAME_TYPES) {
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT ||
default_path_.self_address.IsInitialized());
if (use_encryption_level_context_) {
QUIC_RELOADABLE_FLAG_COUNT(quic_use_encryption_level_context);
}
if (add_missing_update_ack_timeout_) {
QUIC_RELOADABLE_FLAG_COUNT(quic_add_missing_update_ack_timeout);
}
support_multiple_connection_ids_ =
version().HasIetfQuicFrames() &&
GetQuicRestartFlag(quic_time_wait_list_support_multiple_cid_v2) &&
GetQuicRestartFlag(
quic_dispatcher_support_multiple_cid_per_connection_v2) &&
GetQuicReloadableFlag(quic_connection_support_multiple_cids_v4);
QUIC_DLOG(INFO) << ENDPOINT << "Created connection with server connection ID "
<< server_connection_id
<< " and version: " << ParsedQuicVersionToString(version());
QUIC_BUG_IF(quic_bug_12714_2, !QuicUtils::IsConnectionIdValidForVersion(
server_connection_id, transport_version()))
<< "QuicConnection: attempted to use server connection ID "
<< server_connection_id << " which is invalid with version " << version();
framer_.set_visitor(this);
stats_.connection_creation_time = clock_->ApproximateNow();
// TODO(ianswett): Supply the NetworkChangeVisitor as a constructor argument
// and make it required non-null, because it's always used.
sent_packet_manager_.SetNetworkChangeVisitor(this);
if (GetQuicRestartFlag(quic_offload_pacing_to_usps2)) {
sent_packet_manager_.SetPacingAlarmGranularity(QuicTime::Delta::Zero());
release_time_into_future_ =
QuicTime::Delta::FromMilliseconds(kMinReleaseTimeIntoFutureMs);
}
// Allow the packet writer to potentially reduce the packet size to a value
// even smaller than kDefaultMaxPacketSize.
SetMaxPacketLength(perspective_ == Perspective::IS_SERVER
? kDefaultServerMaxPacketSize
: kDefaultMaxPacketSize);
uber_received_packet_manager_.set_max_ack_ranges(255);
MaybeEnableMultiplePacketNumberSpacesSupport();
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT ||
supported_versions.size() == 1);
InstallInitialCrypters(default_path_.server_connection_id);
// On the server side, version negotiation has been done by the dispatcher,
// and the server connection is created with the right version.
if (perspective_ == Perspective::IS_SERVER) {
SetVersionNegotiated();
}
if (default_enable_5rto_blackhole_detection_) {
num_rtos_for_blackhole_detection_ = 5;
if (GetQuicReloadableFlag(quic_disable_server_blackhole_detection) &&
perspective_ == Perspective::IS_SERVER) {
QUIC_RELOADABLE_FLAG_COUNT(quic_disable_server_blackhole_detection);
blackhole_detection_disabled_ = true;
}
}
packet_creator_.SetDefaultPeerAddress(initial_peer_address);
}
void QuicConnection::InstallInitialCrypters(QuicConnectionId connection_id) {
CrypterPair crypters;
CryptoUtils::CreateInitialObfuscators(perspective_, version(), connection_id,
&crypters);
SetEncrypter(ENCRYPTION_INITIAL, std::move(crypters.encrypter));
if (version().KnowsWhichDecrypterToUse()) {
InstallDecrypter(ENCRYPTION_INITIAL, std::move(crypters.decrypter));
} else {
SetDecrypter(ENCRYPTION_INITIAL, std::move(crypters.decrypter));
}
}
QuicConnection::~QuicConnection() {
QUICHE_DCHECK_GE(stats_.max_egress_mtu, long_term_mtu_);
if (owns_writer_) {
delete writer_;
}
ClearQueuedPackets();
if (stats_
.num_tls_server_zero_rtt_packets_received_after_discarding_decrypter >
0) {
QUIC_CODE_COUNT_N(
quic_server_received_tls_zero_rtt_packet_after_discarding_decrypter, 2,
3);
} else {
QUIC_CODE_COUNT_N(
quic_server_received_tls_zero_rtt_packet_after_discarding_decrypter, 3,
3);
}
}
void QuicConnection::ClearQueuedPackets() {
buffered_packets_.clear();
}
bool QuicConnection::ValidateConfigConnectionIds(const QuicConfig& config) {
QUICHE_DCHECK(config.negotiated());
if (!version().UsesTls()) {
// QUIC+TLS is required to transmit connection ID transport parameters.
return true;
}
// This function validates connection IDs as defined in IETF draft-28 and
// later.
// Validate initial_source_connection_id.
QuicConnectionId expected_initial_source_connection_id;
if (perspective_ == Perspective::IS_CLIENT) {
expected_initial_source_connection_id = default_path_.server_connection_id;
} else {
expected_initial_source_connection_id = default_path_.client_connection_id;
}
if (!config.HasReceivedInitialSourceConnectionId() ||
config.ReceivedInitialSourceConnectionId() !=
expected_initial_source_connection_id) {
std::string received_value;
if (config.HasReceivedInitialSourceConnectionId()) {
received_value = config.ReceivedInitialSourceConnectionId().ToString();
} else {
received_value = "none";
}
std::string error_details =
absl::StrCat("Bad initial_source_connection_id: expected ",
expected_initial_source_connection_id.ToString(),
", received ", received_value);
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
if (perspective_ == Perspective::IS_CLIENT) {
// Validate original_destination_connection_id.
if (!config.HasReceivedOriginalConnectionId() ||
config.ReceivedOriginalConnectionId() !=
GetOriginalDestinationConnectionId()) {
std::string received_value;
if (config.HasReceivedOriginalConnectionId()) {
received_value = config.ReceivedOriginalConnectionId().ToString();
} else {
received_value = "none";
}
std::string error_details =
absl::StrCat("Bad original_destination_connection_id: expected ",
GetOriginalDestinationConnectionId().ToString(),
", received ", received_value);
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
// Validate retry_source_connection_id.
if (retry_source_connection_id_.has_value()) {
// We received a RETRY packet, validate that the retry source
// connection ID from the config matches the one from the RETRY.
if (!config.HasReceivedRetrySourceConnectionId() ||
config.ReceivedRetrySourceConnectionId() !=
retry_source_connection_id_.value()) {
std::string received_value;
if (config.HasReceivedRetrySourceConnectionId()) {
received_value = config.ReceivedRetrySourceConnectionId().ToString();
} else {
received_value = "none";
}
std::string error_details =
absl::StrCat("Bad retry_source_connection_id: expected ",
retry_source_connection_id_.value().ToString(),
", received ", received_value);
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
} else {
// We did not receive a RETRY packet, make sure we did not receive the
// retry_source_connection_id transport parameter.
if (config.HasReceivedRetrySourceConnectionId()) {
std::string error_details = absl::StrCat(
"Bad retry_source_connection_id: did not receive RETRY but "
"received ",
config.ReceivedRetrySourceConnectionId().ToString());
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
}
}
return true;
}
void QuicConnection::SetFromConfig(const QuicConfig& config) {
if (config.negotiated()) {
// Handshake complete, set handshake timeout to Infinite.
SetNetworkTimeouts(QuicTime::Delta::Infinite(),
config.IdleNetworkTimeout());
idle_timeout_connection_close_behavior_ =
ConnectionCloseBehavior::SILENT_CLOSE;
if (perspective_ == Perspective::IS_SERVER) {
idle_timeout_connection_close_behavior_ = ConnectionCloseBehavior::
SILENT_CLOSE_WITH_CONNECTION_CLOSE_PACKET_SERIALIZED;
}
if (config.HasClientRequestedIndependentOption(kNSLC, perspective_)) {
idle_timeout_connection_close_behavior_ =
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET;
}
if (!ValidateConfigConnectionIds(config)) {
return;
}
support_key_update_for_connection_ =
config.KeyUpdateSupportedForConnection();
framer_.SetKeyUpdateSupportForConnection(
support_key_update_for_connection_);
} else {
SetNetworkTimeouts(config.max_time_before_crypto_handshake(),
config.max_idle_time_before_crypto_handshake());
if (config.HasClientRequestedIndependentOption(kCHSP, perspective_)) {
packet_creator_.set_chaos_protection_enabled(true);
}
}
if (support_multiple_connection_ids_ &&
config.HasReceivedPreferredAddressConnectionIdAndToken()) {
QuicNewConnectionIdFrame frame;
std::tie(frame.connection_id, frame.stateless_reset_token) =
config.ReceivedPreferredAddressConnectionIdAndToken();
frame.sequence_number = 1u;
frame.retire_prior_to = 0u;
OnNewConnectionIdFrameInner(frame);
}
sent_packet_manager_.SetFromConfig(config);
if (perspective_ == Perspective::IS_SERVER &&
config.HasClientSentConnectionOption(kAFF2, perspective_)) {
send_ack_frequency_on_handshake_completion_ = true;
}
if (config.HasReceivedBytesForConnectionId() &&
can_truncate_connection_ids_) {
packet_creator_.SetServerConnectionIdLength(
config.ReceivedBytesForConnectionId());
}
max_undecryptable_packets_ = config.max_undecryptable_packets();
if (!GetQuicReloadableFlag(quic_enable_mtu_discovery_at_server)) {
if (config.HasClientRequestedIndependentOption(kMTUH, perspective_)) {
SetMtuDiscoveryTarget(kMtuDiscoveryTargetPacketSizeHigh);
}
}
if (config.HasClientRequestedIndependentOption(kMTUL, perspective_)) {
SetMtuDiscoveryTarget(kMtuDiscoveryTargetPacketSizeLow);
}
if (default_enable_5rto_blackhole_detection_) {
if (config.HasClientRequestedIndependentOption(kCBHD, perspective_)) {
QUIC_CODE_COUNT(quic_client_only_blackhole_detection);
blackhole_detection_disabled_ = true;
}
if (config.HasClientSentConnectionOption(kNBHD, perspective_)) {
blackhole_detection_disabled_ = true;
}
if (config.HasClientSentConnectionOption(k2RTO, perspective_)) {
QUIC_CODE_COUNT(quic_2rto_blackhole_detection);
num_rtos_for_blackhole_detection_ = 2;
}
if (config.HasClientSentConnectionOption(k3RTO, perspective_)) {
QUIC_CODE_COUNT(quic_3rto_blackhole_detection);
num_rtos_for_blackhole_detection_ = 3;
}
if (config.HasClientSentConnectionOption(k4RTO, perspective_)) {
QUIC_CODE_COUNT(quic_4rto_blackhole_detection);
num_rtos_for_blackhole_detection_ = 4;
}
if (config.HasClientSentConnectionOption(k6RTO, perspective_)) {
QUIC_CODE_COUNT(quic_6rto_blackhole_detection);
num_rtos_for_blackhole_detection_ = 6;
}
}
if (config.HasClientRequestedIndependentOption(kFIDT, perspective_)) {
idle_network_detector_.enable_shorter_idle_timeout_on_sent_packet();
}
if (config.HasClientRequestedIndependentOption(k3AFF, perspective_)) {
anti_amplification_factor_ = 3;
}
if (config.HasClientRequestedIndependentOption(k10AF, perspective_)) {
anti_amplification_factor_ = 10;
}
if (GetQuicReloadableFlag(quic_enable_server_on_wire_ping) &&
perspective_ == Perspective::IS_SERVER &&
config.HasClientSentConnectionOption(kSRWP, perspective_)) {
QUIC_RELOADABLE_FLAG_COUNT(quic_enable_server_on_wire_ping);
set_initial_retransmittable_on_wire_timeout(
QuicTime::Delta::FromMilliseconds(200));
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnSetFromConfig(config);
}
uber_received_packet_manager_.SetFromConfig(config, perspective_);
if (config.HasClientSentConnectionOption(k5RTO, perspective_)) {
num_rtos_for_blackhole_detection_ = 5;
}
if (sent_packet_manager_.pto_enabled()) {
if (config.HasClientSentConnectionOption(k6PTO, perspective_) ||
config.HasClientSentConnectionOption(k7PTO, perspective_) ||
config.HasClientSentConnectionOption(k8PTO, perspective_)) {
num_rtos_for_blackhole_detection_ = 5;
}
}
if (config.HasClientSentConnectionOption(kNSTP, perspective_)) {
no_stop_waiting_frames_ = true;
}
if (config.HasReceivedStatelessResetToken()) {
default_path_.stateless_reset_token_received = true;
default_path_.stateless_reset_token = config.ReceivedStatelessResetToken();
}
if (config.HasReceivedAckDelayExponent()) {
framer_.set_peer_ack_delay_exponent(config.ReceivedAckDelayExponent());
}
if (GetQuicReloadableFlag(quic_send_timestamps) &&
config.HasClientSentConnectionOption(kSTMP, perspective_)) {
QUIC_RELOADABLE_FLAG_COUNT(quic_send_timestamps);
framer_.set_process_timestamps(true);
uber_received_packet_manager_.set_save_timestamps(true);
}
if (config.HasClientSentConnectionOption(kEACK, perspective_)) {
bundle_retransmittable_with_pto_ack_ = true;
}
if (config.HasClientSentConnectionOption(kDFER, perspective_)) {
defer_send_in_response_to_packets_ = false;
}
if (framer_.version().HasIetfQuicFrames() && use_path_validator_ &&
count_bytes_on_alternative_path_separately_ &&
GetQuicReloadableFlag(quic_server_reverse_validate_new_path3) &&
config.HasClientSentConnectionOption(kRVCM, perspective_)) {
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 6, 6);
validate_client_addresses_ = true;
}
// Having connection_migration_use_new_cid_ depends on the same set of flags
// and connection option on both client and server sides has the advantage of:
// 1) Less chance of skew in using new connection ID or not between client
// and server in unit tests with random flag combinations.
// 2) Client side's rollout can be protected by the same connection option.
connection_migration_use_new_cid_ =
support_multiple_connection_ids_ && validate_client_addresses_ &&
group_path_response_and_challenge_sending_closer_ &&
GetQuicReloadableFlag(quic_drop_unsent_path_response) &&
GetQuicReloadableFlag(quic_connection_migration_use_new_cid_v2);
if (config.HasReceivedMaxPacketSize()) {
peer_max_packet_size_ = config.ReceivedMaxPacketSize();
MaybeUpdatePacketCreatorMaxPacketLengthAndPadding();
}
if (config.HasReceivedMaxDatagramFrameSize()) {
packet_creator_.SetMaxDatagramFrameSize(
config.ReceivedMaxDatagramFrameSize());
}
supports_release_time_ =
writer_ != nullptr && writer_->SupportsReleaseTime() &&
!config.HasClientSentConnectionOption(kNPCO, perspective_);
if (supports_release_time_) {
UpdateReleaseTimeIntoFuture();
}
}
void QuicConnection::EnableLegacyVersionEncapsulation(
const std::string& server_name) {
if (perspective_ != Perspective::IS_CLIENT) {
QUIC_BUG(quic_bug_10511_1)
<< "Cannot enable Legacy Version Encapsulation on the server";
return;
}
if (legacy_version_encapsulation_enabled_) {
QUIC_BUG(quic_bug_10511_2)
<< "Do not call EnableLegacyVersionEncapsulation twice";
return;
}
if (!QuicHostnameUtils::IsValidSNI(server_name)) {
// Legacy Version Encapsulation is only used when SNI is transmitted.
QUIC_DLOG(INFO)
<< "Refusing to use Legacy Version Encapsulation with invalid SNI \""
<< server_name << "\"";
return;
}
QUIC_DLOG(INFO) << "Enabling Legacy Version Encapsulation with SNI \""
<< server_name << "\"";
legacy_version_encapsulation_enabled_ = true;
legacy_version_encapsulation_sni_ = server_name;
}
bool QuicConnection::MaybeTestLiveness() {
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
if (encryption_level_ != ENCRYPTION_FORWARD_SECURE) {
return false;
}
const QuicTime idle_network_deadline =
idle_network_detector_.GetIdleNetworkDeadline();
if (!idle_network_deadline.IsInitialized()) {
return false;
}
const QuicTime now = clock_->ApproximateNow();
if (now > idle_network_deadline) {
QUIC_DLOG(WARNING) << "Idle network deadline has passed";
return false;
}
const QuicTime::Delta timeout = idle_network_deadline - now;
if (2 * timeout > idle_network_detector_.idle_network_timeout()) {
// Do not test liveness if timeout is > half timeout. This is used to
// prevent an infinite loop for short idle timeout.
return false;
}
if (!sent_packet_manager_.IsLessThanThreePTOs(timeout)) {
return false;
}
SendConnectivityProbingPacket(writer_, peer_address());
return true;
}
void QuicConnection::ApplyConnectionOptions(
const QuicTagVector& connection_options) {
sent_packet_manager_.ApplyConnectionOptions(connection_options);
}
void QuicConnection::OnSendConnectionState(
const CachedNetworkParameters& cached_network_params) {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnSendConnectionState(cached_network_params);
}
}
void QuicConnection::OnReceiveConnectionState(
const CachedNetworkParameters& cached_network_params) {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnReceiveConnectionState(cached_network_params);
}
}
void QuicConnection::ResumeConnectionState(
const CachedNetworkParameters& cached_network_params,
bool max_bandwidth_resumption) {
sent_packet_manager_.ResumeConnectionState(cached_network_params,
max_bandwidth_resumption);
}
void QuicConnection::SetMaxPacingRate(QuicBandwidth max_pacing_rate) {
sent_packet_manager_.SetMaxPacingRate(max_pacing_rate);
}
void QuicConnection::AdjustNetworkParameters(
const SendAlgorithmInterface::NetworkParams& params) {
sent_packet_manager_.AdjustNetworkParameters(params);
}
void QuicConnection::SetLossDetectionTuner(
std::unique_ptr<LossDetectionTunerInterface> tuner) {
sent_packet_manager_.SetLossDetectionTuner(std::move(tuner));
}
void QuicConnection::OnConfigNegotiated() {
sent_packet_manager_.OnConfigNegotiated();
if (GetQuicReloadableFlag(quic_enable_mtu_discovery_at_server) &&
perspective_ == Perspective::IS_SERVER) {
QUIC_RELOADABLE_FLAG_COUNT(quic_enable_mtu_discovery_at_server);
SetMtuDiscoveryTarget(kMtuDiscoveryTargetPacketSizeHigh);
}
}
QuicBandwidth QuicConnection::MaxPacingRate() const {
return sent_packet_manager_.MaxPacingRate();
}
bool QuicConnection::SelectMutualVersion(
const ParsedQuicVersionVector& available_versions) {
// Try to find the highest mutual version by iterating over supported
// versions, starting with the highest, and breaking out of the loop once we
// find a matching version in the provided available_versions vector.
const ParsedQuicVersionVector& supported_versions =
framer_.supported_versions();
for (size_t i = 0; i < supported_versions.size(); ++i) {
const ParsedQuicVersion& version = supported_versions[i];
if (std::find(available_versions.begin(), available_versions.end(),
version) != available_versions.end()) {
framer_.set_version(version);
return true;
}
}
return false;
}
void QuicConnection::OnError(QuicFramer* framer) {
// Packets that we can not or have not decrypted are dropped.
// TODO(rch): add stats to measure this.
if (!connected_ || last_packet_decrypted_ == false) {
return;
}
CloseConnection(framer->error(), framer->detailed_error(),
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
}
void QuicConnection::OnPacket() {
last_packet_decrypted_ = false;
}
void QuicConnection::OnPublicResetPacket(const QuicPublicResetPacket& packet) {
// Check that any public reset packet with a different connection ID that was
// routed to this QuicConnection has been redirected before control reaches
// here. (Check for a bug regression.)
QUICHE_DCHECK_EQ(default_path_.server_connection_id, packet.connection_id);
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
QUICHE_DCHECK(!version().HasIetfInvariantHeader());
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPublicResetPacket(packet);
}
std::string error_details = "Received public reset.";
if (perspective_ == Perspective::IS_CLIENT && !packet.endpoint_id.empty()) {
absl::StrAppend(&error_details, " From ", packet.endpoint_id, ".");
}
QUIC_DLOG(INFO) << ENDPOINT << error_details;
QUIC_CODE_COUNT(quic_tear_down_local_connection_on_public_reset);
TearDownLocalConnectionState(QUIC_PUBLIC_RESET, NO_IETF_QUIC_ERROR,
error_details, ConnectionCloseSource::FROM_PEER);
}
bool QuicConnection::OnProtocolVersionMismatch(
ParsedQuicVersion received_version) {
QUIC_DLOG(INFO) << ENDPOINT << "Received packet with mismatched version "
<< ParsedQuicVersionToString(received_version);
if (perspective_ == Perspective::IS_CLIENT) {
const std::string error_details = "Protocol version mismatch.";
QUIC_BUG(quic_bug_10511_3) << ENDPOINT << error_details;
CloseConnection(QUIC_INTERNAL_ERROR, error_details,
ConnectionCloseBehavior::SILENT_CLOSE);
}
// Server drops old packets that were sent by the client before the version
// was negotiated.
return false;
}
// Handles version negotiation for client connection.
void QuicConnection::OnVersionNegotiationPacket(
const QuicVersionNegotiationPacket& packet) {
// Check that any public reset packet with a different connection ID that was
// routed to this QuicConnection has been redirected before control reaches
// here. (Check for a bug regression.)
QUICHE_DCHECK_EQ(default_path_.server_connection_id, packet.connection_id);
if (perspective_ == Perspective::IS_SERVER) {
const std::string error_details =
"Server received version negotiation packet.";
QUIC_BUG(quic_bug_10511_4) << error_details;
QUIC_CODE_COUNT(quic_tear_down_local_connection_on_version_negotiation);
CloseConnection(QUIC_INTERNAL_ERROR, error_details,
ConnectionCloseBehavior::SILENT_CLOSE);
return;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnVersionNegotiationPacket(packet);
}
if (version_negotiated_) {
// Possibly a duplicate version negotiation packet.
return;
}
if (std::find(packet.versions.begin(), packet.versions.end(), version()) !=
packet.versions.end()) {
const std::string error_details = absl::StrCat(
"Server already supports client's version ",
ParsedQuicVersionToString(version()),
" and should have accepted the connection instead of sending {",
ParsedQuicVersionVectorToString(packet.versions), "}.");
QUIC_DLOG(WARNING) << error_details;
CloseConnection(QUIC_INVALID_VERSION_NEGOTIATION_PACKET, error_details,
ConnectionCloseBehavior::SILENT_CLOSE);
return;
}
server_supported_versions_ = packet.versions;
CloseConnection(
QUIC_INVALID_VERSION,
absl::StrCat(
"Client may support one of the versions in the server's list, but "
"it's going to close the connection anyway. Supported versions: {",
ParsedQuicVersionVectorToString(framer_.supported_versions()),
"}, peer supported versions: {",
ParsedQuicVersionVectorToString(packet.versions), "}"),
ConnectionCloseBehavior::SILENT_CLOSE);
}
// Handles retry for client connection.
void QuicConnection::OnRetryPacket(QuicConnectionId original_connection_id,
QuicConnectionId new_connection_id,
absl::string_view retry_token,
absl::string_view retry_integrity_tag,
absl::string_view retry_without_tag) {
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
if (version().UsesTls()) {
if (!CryptoUtils::ValidateRetryIntegrityTag(
version(), default_path_.server_connection_id, retry_without_tag,
retry_integrity_tag)) {
QUIC_DLOG(ERROR) << "Ignoring RETRY with invalid integrity tag";
return;
}
} else {
if (original_connection_id != default_path_.server_connection_id) {
QUIC_DLOG(ERROR) << "Ignoring RETRY with original connection ID "
<< original_connection_id << " not matching expected "
<< default_path_.server_connection_id << " token "
<< absl::BytesToHexString(retry_token);
return;
}
}
framer_.set_drop_incoming_retry_packets(true);
stats_.retry_packet_processed = true;
QUIC_DLOG(INFO) << "Received RETRY, replacing connection ID "
<< default_path_.server_connection_id << " with "
<< new_connection_id << ", received token "
<< absl::BytesToHexString(retry_token);
if (!original_destination_connection_id_.has_value()) {
original_destination_connection_id_ = default_path_.server_connection_id;
}
QUICHE_DCHECK(!retry_source_connection_id_.has_value())
<< retry_source_connection_id_.value();
retry_source_connection_id_ = new_connection_id;
ReplaceInitialServerConnectionId(new_connection_id);
packet_creator_.SetRetryToken(retry_token);
// Reinstall initial crypters because the connection ID changed.
InstallInitialCrypters(default_path_.server_connection_id);
sent_packet_manager_.MarkInitialPacketsForRetransmission();
}
void QuicConnection::SetOriginalDestinationConnectionId(
const QuicConnectionId& original_destination_connection_id) {
QUIC_DLOG(INFO) << "Setting original_destination_connection_id to "
<< original_destination_connection_id
<< " on connection with server_connection_id "
<< default_path_.server_connection_id;
QUICHE_DCHECK_NE(original_destination_connection_id,
default_path_.server_connection_id);
InstallInitialCrypters(original_destination_connection_id);
QUICHE_DCHECK(!original_destination_connection_id_.has_value())
<< original_destination_connection_id_.value();
original_destination_connection_id_ = original_destination_connection_id;
original_destination_connection_id_replacement_ =
default_path_.server_connection_id;
}
QuicConnectionId QuicConnection::GetOriginalDestinationConnectionId() {
if (original_destination_connection_id_.has_value()) {
return original_destination_connection_id_.value();
}
return default_path_.server_connection_id;
}
bool QuicConnection::ValidateServerConnectionId(
const QuicPacketHeader& header) const {
if (perspective_ == Perspective::IS_CLIENT &&
header.form == IETF_QUIC_SHORT_HEADER_PACKET) {
return true;
}
QuicConnectionId server_connection_id =
GetServerConnectionIdAsRecipient(header, perspective_);
if (server_connection_id == default_path_.server_connection_id ||
server_connection_id == original_destination_connection_id_) {
return true;
}
if (PacketCanReplaceServerConnectionId(header, perspective_)) {
QUIC_DLOG(INFO) << ENDPOINT << "Accepting packet with new connection ID "
<< server_connection_id << " instead of "
<< default_path_.server_connection_id;
return true;
}
if (connection_migration_use_new_cid_ &&
perspective_ == Perspective::IS_SERVER &&
self_issued_cid_manager_ != nullptr &&
self_issued_cid_manager_->IsConnectionIdInUse(server_connection_id)) {
return true;
}
return false;
}
bool QuicConnection::OnUnauthenticatedPublicHeader(
const QuicPacketHeader& header) {
last_packet_destination_connection_id_ = header.destination_connection_id;
// If last packet destination connection ID is the original server
// connection ID chosen by client, replaces it with the connection ID chosen
// by server.
if (perspective_ == Perspective::IS_SERVER &&
original_destination_connection_id_.has_value() &&
last_packet_destination_connection_id_ ==
*original_destination_connection_id_) {
last_packet_destination_connection_id_ =
original_destination_connection_id_replacement_;
}
// As soon as we receive an initial we start ignoring subsequent retries.
if (header.version_flag && header.long_packet_type == INITIAL) {
framer_.set_drop_incoming_retry_packets(true);
}
if (!ValidateServerConnectionId(header)) {
++stats_.packets_dropped;
QuicConnectionId server_connection_id =
GetServerConnectionIdAsRecipient(header, perspective_);
QUIC_DLOG(INFO) << ENDPOINT
<< "Ignoring packet from unexpected server connection ID "
<< server_connection_id << " instead of "
<< default_path_.server_connection_id;
if (debug_visitor_ != nullptr) {
debug_visitor_->OnIncorrectConnectionId(server_connection_id);
}
// If this is a server, the dispatcher routes each packet to the
// QuicConnection responsible for the packet's connection ID. So if control
// arrives here and this is a server, the dispatcher must be malfunctioning.
QUICHE_DCHECK_NE(Perspective::IS_SERVER, perspective_);
return false;
}
if (!version().SupportsClientConnectionIds()) {
return true;
}
if (perspective_ == Perspective::IS_SERVER &&
header.form == IETF_QUIC_SHORT_HEADER_PACKET) {
return true;
}
QuicConnectionId client_connection_id =
GetClientConnectionIdAsRecipient(header, perspective_);
if (client_connection_id == default_path_.client_connection_id) {
return true;
}
if (!client_connection_id_is_set_ && perspective_ == Perspective::IS_SERVER) {
QUIC_DLOG(INFO) << ENDPOINT
<< "Setting client connection ID from first packet to "
<< client_connection_id;
set_client_connection_id(client_connection_id);
return true;
}
if (connection_migration_use_new_cid_ &&
perspective_ == Perspective::IS_CLIENT &&
self_issued_cid_manager_ != nullptr &&
self_issued_cid_manager_->IsConnectionIdInUse(client_connection_id)) {
return true;
}
++stats_.packets_dropped;
QUIC_DLOG(INFO) << ENDPOINT
<< "Ignoring packet from unexpected client connection ID "
<< client_connection_id << " instead of "
<< default_path_.client_connection_id;
return false;
}
bool QuicConnection::OnUnauthenticatedHeader(const QuicPacketHeader& header) {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnUnauthenticatedHeader(header);
}
// Sanity check on the server connection ID in header.
QUICHE_DCHECK(ValidateServerConnectionId(header));
if (packet_creator_.HasPendingFrames()) {
// Incoming packets may change a queued ACK frame.
const std::string error_details =
"Pending frames must be serialized before incoming packets are "
"processed.";
QUIC_BUG(quic_pending_frames_not_serialized)
<< error_details << ", received header: " << header;
CloseConnection(QUIC_INTERNAL_ERROR, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
return true;
}
void QuicConnection::OnSuccessfulVersionNegotiation() {
visitor_->OnSuccessfulVersionNegotiation(version());
if (debug_visitor_ != nullptr) {
debug_visitor_->OnSuccessfulVersionNegotiation(version());
}
}
void QuicConnection::OnSuccessfulMigration(bool is_port_change) {
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
if (IsPathDegrading()) {
// If path was previously degrading, and migration is successful after
// probing, restart the path degrading and blackhole detection.
OnForwardProgressMade();
}
if (IsAlternativePath(default_path_.self_address,
default_path_.peer_address)) {
// Reset alternative path state even if it is still under validation.
alternative_path_.Clear();
}
// TODO(b/159074035): notify SentPacketManger with RTT sample from probing.
if (version().HasIetfQuicFrames() && !is_port_change) {
sent_packet_manager_.OnConnectionMigration(/*reset_send_algorithm=*/true);
}
}
void QuicConnection::OnTransportParametersSent(
const TransportParameters& transport_parameters) const {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnTransportParametersSent(transport_parameters);
}
}
void QuicConnection::OnTransportParametersReceived(
const TransportParameters& transport_parameters) const {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnTransportParametersReceived(transport_parameters);
}
}
void QuicConnection::OnTransportParametersResumed(
const TransportParameters& transport_parameters) const {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnTransportParametersResumed(transport_parameters);
}
}
bool QuicConnection::HasPendingAcks() const {
return ack_alarm_->IsSet();
}
void QuicConnection::OnDecryptedPacket(size_t /*length*/,
EncryptionLevel level) {
last_decrypted_packet_level_ = level;
last_packet_decrypted_ = true;
if (level == ENCRYPTION_FORWARD_SECURE &&
!have_decrypted_first_one_rtt_packet_) {
have_decrypted_first_one_rtt_packet_ = true;
if (version().UsesTls() && perspective_ == Perspective::IS_SERVER) {
// Servers MAY temporarily retain 0-RTT keys to allow decrypting reordered
// packets without requiring their contents to be retransmitted with 1-RTT
// keys. After receiving a 1-RTT packet, servers MUST discard 0-RTT keys
// within a short time; the RECOMMENDED time period is three times the
// Probe Timeout.
// https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-discarding-0-rtt-keys
discard_zero_rtt_decryption_keys_alarm_->Set(
clock_->ApproximateNow() + sent_packet_manager_.GetPtoDelay() * 3);
}
}
if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
(last_decrypted_packet_level_ == ENCRYPTION_HANDSHAKE ||
last_decrypted_packet_level_ == ENCRYPTION_FORWARD_SECURE)) {
// Address is validated by successfully processing a HANDSHAKE or 1-RTT
// packet.
default_path_.validated = true;
stats_.address_validated_via_decrypting_packet = true;
}
idle_network_detector_.OnPacketReceived(
last_received_packet_info_.receipt_time);
visitor_->OnPacketDecrypted(level);
}
QuicSocketAddress QuicConnection::GetEffectivePeerAddressFromCurrentPacket()
const {
// By default, the connection is not proxied, and the effective peer address
// is the packet's source address, i.e. the direct peer address.
return last_received_packet_info_.source_address;
}
bool QuicConnection::OnPacketHeader(const QuicPacketHeader& header) {
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPacketHeader(header, clock_->ApproximateNow(),
last_decrypted_packet_level_);
}
// Will be decremented below if we fall through to return true.
++stats_.packets_dropped;
if (!ProcessValidatedPacket(header)) {
return false;
}
// Initialize the current packet content state.
most_recent_frame_type_ = NUM_FRAME_TYPES;
current_packet_content_ = NO_FRAMES_RECEIVED;
is_current_packet_connectivity_probing_ = false;
has_path_challenge_in_current_packet_ = false;
current_effective_peer_migration_type_ = NO_CHANGE;
if (perspective_ == Perspective::IS_CLIENT) {
if (!GetLargestReceivedPacket().IsInitialized() ||
header.packet_number > GetLargestReceivedPacket()) {
// Update direct_peer_address_ and default path peer_address immediately
// for client connections.
// TODO(fayang): only change peer addresses in application data packet
// number space.
UpdatePeerAddress(last_received_packet_info_.source_address);
default_path_.peer_address = GetEffectivePeerAddressFromCurrentPacket();
}
} else {
// At server, remember the address change type of effective_peer_address
// in current_effective_peer_migration_type_. But this variable alone
// doesn't necessarily starts a migration. A migration will be started
// later, once the current packet is confirmed to meet the following
// conditions:
// 1) current_effective_peer_migration_type_ is not NO_CHANGE.
// 2) The current packet is not a connectivity probing.
// 3) The current packet is not reordered, i.e. its packet number is the
// largest of this connection so far.
// Once the above conditions are confirmed, a new migration will start
// even if there is an active migration underway.
current_effective_peer_migration_type_ =
QuicUtils::DetermineAddressChangeType(
default_path_.peer_address,
GetEffectivePeerAddressFromCurrentPacket());
if (connection_migration_use_new_cid_) {
auto effective_peer_address = GetEffectivePeerAddressFromCurrentPacket();
// Since server does not send new connection ID to client before handshake
// completion and source connection ID is omitted in short header packet,
// the server_connection_id on PathState on the server side does not
// affect the packets server writes after handshake completion. On the
// other hand, it is still desirable to have the "correct" server
// connection ID set on path.
// 1) If client uses 1 unique server connection ID per path and the packet
// is received from an existing path, then
// last_packet_destination_connection_id_ will always be the same as the
// server connection ID on path. Server side will maintain the 1-to-1
// mapping from server connection ID to path.
// 2) If client uses multiple server connection IDs on the same path,
// compared to the server_connection_id on path,
// last_packet_destination_connection_id_ has the advantage that it is
// still present in the session map since the packet can be routed here
// regardless of packet reordering.
if (IsDefaultPath(last_received_packet_info_.destination_address,
effective_peer_address)) {
default_path_.server_connection_id =
last_packet_destination_connection_id_;
} else if (IsAlternativePath(
last_received_packet_info_.destination_address,
effective_peer_address)) {
alternative_path_.server_connection_id =
last_packet_destination_connection_id_;
}
}
if (last_packet_destination_connection_id_ !=
default_path_.server_connection_id &&
(!original_destination_connection_id_.has_value() ||
last_packet_destination_connection_id_ !=
*original_destination_connection_id_)) {
QUIC_CODE_COUNT(quic_connection_id_change);
}
QUIC_DLOG_IF(INFO, current_effective_peer_migration_type_ != NO_CHANGE)
<< ENDPOINT << "Effective peer's ip:port changed from "
<< default_path_.peer_address.ToString() << " to "
<< GetEffectivePeerAddressFromCurrentPacket().ToString()
<< ", active_effective_peer_migration_type is "
<< active_effective_peer_migration_type_;
}
--stats_.packets_dropped;
QUIC_DVLOG(1) << ENDPOINT << "Received packet header: " << header;
last_header_ = header;
if (!stats_.first_decrypted_packet.IsInitialized()) {
stats_.first_decrypted_packet = last_header_.packet_number;
}
// Record packet receipt to populate ack info before processing stream
// frames, since the processing may result in sending a bundled ack.
QuicTime receipt_time = idle_network_detector_.time_of_last_received_packet();
if (reset_per_packet_state_for_undecryptable_packets_ &&
SupportsMultiplePacketNumberSpaces()) {
QUIC_RELOADABLE_FLAG_COUNT_N(
quic_reset_per_packet_state_for_undecryptable_packets, 2, 2);
receipt_time = last_received_packet_info_.receipt_time;
}
uber_received_packet_manager_.RecordPacketReceived(
last_decrypted_packet_level_, last_header_, receipt_time);
if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
!header.retry_token.empty() &&
visitor_->ValidateToken(header.retry_token)) {
QUIC_DLOG(INFO) << ENDPOINT << "Address validated via token.";
QUIC_CODE_COUNT(quic_address_validated_via_token);
default_path_.validated = true;
stats_.address_validated_via_token = true;
}
QUICHE_DCHECK(connected_);
return true;
}
bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_3, !connected_)
<< "Processing STREAM frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a stream frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(STREAM_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnStreamFrame(frame);
}
if (!QuicUtils::IsCryptoStreamId(transport_version(), frame.stream_id) &&
last_decrypted_packet_level_ == ENCRYPTION_INITIAL) {
if (MaybeConsiderAsMemoryCorruption(frame)) {
CloseConnection(QUIC_MAYBE_CORRUPTED_MEMORY,
"Received crypto frame on non crypto stream.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
QUIC_PEER_BUG(quic_peer_bug_10511_6)
<< ENDPOINT << "Received an unencrypted data frame: closing connection"
<< " packet_number:" << last_header_.packet_number
<< " stream_id:" << frame.stream_id
<< " received_packets:" << ack_frame();
CloseConnection(QUIC_UNENCRYPTED_STREAM_DATA,
"Unencrypted stream data seen.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
// TODO(fayang): Consider moving UpdatePacketContent and
// MaybeUpdateAckTimeout to a stand-alone function instead of calling them for
// all frames.
MaybeUpdateAckTimeout();
visitor_->OnStreamFrame(frame);
stats_.stream_bytes_received += frame.data_length;
consecutive_retransmittable_on_wire_ping_count_ = 0;
return connected_;
}
bool QuicConnection::OnCryptoFrame(const QuicCryptoFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_4, !connected_)
<< "Processing CRYPTO frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a CRYPTO frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(CRYPTO_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnCryptoFrame(frame);
}
MaybeUpdateAckTimeout();
visitor_->OnCryptoFrame(frame);
return connected_;
}
bool QuicConnection::OnAckFrameStart(QuicPacketNumber largest_acked,
QuicTime::Delta ack_delay_time) {
QUIC_BUG_IF(quic_bug_12714_5, !connected_)
<< "Processing ACK frame start when connection is closed. Last frame: "
<< most_recent_frame_type_;
if (processing_ack_frame_) {
CloseConnection(QUIC_INVALID_ACK_DATA,
"Received a new ack while processing an ack frame.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
// Since an ack frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(ACK_FRAME)) {
return false;
}
QUIC_DVLOG(1) << ENDPOINT
<< "OnAckFrameStart, largest_acked: " << largest_acked;
if (GetLargestReceivedPacketWithAck().IsInitialized() &&
last_header_.packet_number <= GetLargestReceivedPacketWithAck()) {
QUIC_DLOG(INFO) << ENDPOINT << "Received an old ack frame: ignoring";
return true;
}
if (!sent_packet_manager_.GetLargestSentPacket().IsInitialized() ||
largest_acked > sent_packet_manager_.GetLargestSentPacket()) {
QUIC_DLOG(WARNING) << ENDPOINT
<< "Peer's observed unsent packet:" << largest_acked
<< " vs " << sent_packet_manager_.GetLargestSentPacket()
<< ". SupportsMultiplePacketNumberSpaces():"
<< SupportsMultiplePacketNumberSpaces()
<< ", last_decrypted_packet_level_:"
<< last_decrypted_packet_level_;
// We got an ack for data we have not sent.
CloseConnection(QUIC_INVALID_ACK_DATA, "Largest observed too high.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
processing_ack_frame_ = true;
sent_packet_manager_.OnAckFrameStart(
largest_acked, ack_delay_time,
idle_network_detector_.time_of_last_received_packet());
return true;
}
bool QuicConnection::OnAckRange(QuicPacketNumber start, QuicPacketNumber end) {
QUIC_BUG_IF(quic_bug_12714_6, !connected_)
<< "Processing ACK frame range when connection is closed. Last frame: "
<< most_recent_frame_type_;
QUIC_DVLOG(1) << ENDPOINT << "OnAckRange: [" << start << ", " << end << ")";
if (GetLargestReceivedPacketWithAck().IsInitialized() &&
last_header_.packet_number <= GetLargestReceivedPacketWithAck()) {
QUIC_DLOG(INFO) << ENDPOINT << "Received an old ack frame: ignoring";
return true;
}
sent_packet_manager_.OnAckRange(start, end);
return true;
}
bool QuicConnection::OnAckTimestamp(QuicPacketNumber packet_number,
QuicTime timestamp) {
QUIC_BUG_IF(quic_bug_10511_7, !connected_)
<< "Processing ACK frame time stamp when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
QUIC_DVLOG(1) << ENDPOINT << "OnAckTimestamp: [" << packet_number << ", "
<< timestamp.ToDebuggingValue() << ")";
if (GetLargestReceivedPacketWithAck().IsInitialized() &&
last_header_.packet_number <= GetLargestReceivedPacketWithAck()) {
QUIC_DLOG(INFO) << ENDPOINT << "Received an old ack frame: ignoring";
return true;
}
sent_packet_manager_.OnAckTimestamp(packet_number, timestamp);
return true;
}
bool QuicConnection::OnAckFrameEnd(QuicPacketNumber start) {
QUIC_BUG_IF(quic_bug_12714_7, !connected_)
<< "Processing ACK frame end when connection is closed. Last frame: "
<< most_recent_frame_type_;
QUIC_DVLOG(1) << ENDPOINT << "OnAckFrameEnd, start: " << start;
if (GetLargestReceivedPacketWithAck().IsInitialized() &&
last_header_.packet_number <= GetLargestReceivedPacketWithAck()) {
QUIC_DLOG(INFO) << ENDPOINT << "Received an old ack frame: ignoring";
return true;
}
const bool one_rtt_packet_was_acked =
sent_packet_manager_.one_rtt_packet_acked();
const bool zero_rtt_packet_was_acked =
sent_packet_manager_.zero_rtt_packet_acked();
const AckResult ack_result = sent_packet_manager_.OnAckFrameEnd(
idle_network_detector_.time_of_last_received_packet(),
last_header_.packet_number, last_decrypted_packet_level_);
if (ack_result != PACKETS_NEWLY_ACKED &&
ack_result != NO_PACKETS_NEWLY_ACKED) {
// Error occurred (e.g., this ACK tries to ack packets in wrong packet
// number space), and this would cause the connection to be closed.
QUIC_DLOG(ERROR) << ENDPOINT
<< "Error occurred when processing an ACK frame: "
<< QuicUtils::AckResultToString(ack_result);
return false;
}
if (SupportsMultiplePacketNumberSpaces() && !one_rtt_packet_was_acked &&
sent_packet_manager_.one_rtt_packet_acked()) {
visitor_->OnOneRttPacketAcknowledged();
}
if (debug_visitor_ != nullptr && version().UsesTls() &&
!zero_rtt_packet_was_acked &&
sent_packet_manager_.zero_rtt_packet_acked()) {
debug_visitor_->OnZeroRttPacketAcked();
}
// Cancel the send alarm because new packets likely have been acked, which
// may change the congestion window and/or pacing rate. Canceling the alarm
// causes CanWrite to recalculate the next send time.
if (send_alarm_->IsSet()) {
send_alarm_->Cancel();
}
if (supports_release_time_) {
// Update pace time into future because smoothed RTT is likely updated.
UpdateReleaseTimeIntoFuture();
}
SetLargestReceivedPacketWithAck(last_header_.packet_number);
// If the incoming ack's packets set expresses missing packets: peer is still
// waiting for a packet lower than a packet that we are no longer planning to
// send.
// If the incoming ack's packets set expresses received packets: peer is still
// acking packets which we never care about.
// Send an ack to raise the high water mark.
const bool send_stop_waiting =
no_stop_waiting_frames_ ? false : GetLeastUnacked() > start;
PostProcessAfterAckFrame(send_stop_waiting,
ack_result == PACKETS_NEWLY_ACKED);
processing_ack_frame_ = false;
return connected_;
}
bool QuicConnection::OnStopWaitingFrame(const QuicStopWaitingFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_8, !connected_)
<< "Processing STOP_WAITING frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a stop waiting frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(STOP_WAITING_FRAME)) {
return false;
}
if (no_stop_waiting_frames_) {
return true;
}
if (largest_seen_packet_with_stop_waiting_.IsInitialized() &&
last_header_.packet_number <= largest_seen_packet_with_stop_waiting_) {
QUIC_DLOG(INFO) << ENDPOINT
<< "Received an old stop waiting frame: ignoring";
return true;
}
const char* error = ValidateStopWaitingFrame(frame);
if (error != nullptr) {
CloseConnection(QUIC_INVALID_STOP_WAITING_DATA, error,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnStopWaitingFrame(frame);
}
largest_seen_packet_with_stop_waiting_ = last_header_.packet_number;
uber_received_packet_manager_.DontWaitForPacketsBefore(
last_decrypted_packet_level_, frame.least_unacked);
return connected_;
}
bool QuicConnection::OnPaddingFrame(const QuicPaddingFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_9, !connected_)
<< "Processing PADDING frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(PADDING_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPaddingFrame(frame);
}
return true;
}
bool QuicConnection::OnPingFrame(const QuicPingFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_10, !connected_)
<< "Processing PING frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(PING_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
QuicTime::Delta ping_received_delay = QuicTime::Delta::Zero();
const QuicTime now = clock_->ApproximateNow();
if (now > stats_.connection_creation_time) {
ping_received_delay = now - stats_.connection_creation_time;
}
debug_visitor_->OnPingFrame(frame, ping_received_delay);
}
MaybeUpdateAckTimeout();
return true;
}
const char* QuicConnection::ValidateStopWaitingFrame(
const QuicStopWaitingFrame& stop_waiting) {
const QuicPacketNumber peer_least_packet_awaiting_ack =
uber_received_packet_manager_.peer_least_packet_awaiting_ack();
if (peer_least_packet_awaiting_ack.IsInitialized() &&
stop_waiting.least_unacked < peer_least_packet_awaiting_ack) {
QUIC_DLOG(ERROR) << ENDPOINT << "Peer's sent low least_unacked: "
<< stop_waiting.least_unacked << " vs "
<< peer_least_packet_awaiting_ack;
// We never process old ack frames, so this number should only increase.
return "Least unacked too small.";
}
if (stop_waiting.least_unacked > last_header_.packet_number) {
QUIC_DLOG(ERROR) << ENDPOINT
<< "Peer sent least_unacked:" << stop_waiting.least_unacked
<< " greater than the enclosing packet number:"
<< last_header_.packet_number;
return "Least unacked too large.";
}
return nullptr;
}
bool QuicConnection::OnRstStreamFrame(const QuicRstStreamFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_11, !connected_)
<< "Processing RST_STREAM frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a reset stream frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(RST_STREAM_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnRstStreamFrame(frame);
}
QUIC_DLOG(INFO) << ENDPOINT
<< "RST_STREAM_FRAME received for stream: " << frame.stream_id
<< " with error: "
<< QuicRstStreamErrorCodeToString(frame.error_code);
MaybeUpdateAckTimeout();
visitor_->OnRstStream(frame);
return connected_;
}
bool QuicConnection::OnStopSendingFrame(const QuicStopSendingFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_12, !connected_)
<< "Processing STOP_SENDING frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a reset stream frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(STOP_SENDING_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnStopSendingFrame(frame);
}
QUIC_DLOG(INFO) << ENDPOINT << "STOP_SENDING frame received for stream: "
<< frame.stream_id
<< " with error: " << frame.ietf_error_code;
if (add_missing_update_ack_timeout_) {
MaybeUpdateAckTimeout();
}
visitor_->OnStopSendingFrame(frame);
return connected_;
}
class ReversePathValidationContext : public QuicPathValidationContext {
public:
ReversePathValidationContext(const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
const QuicSocketAddress& effective_peer_address,
QuicConnection* connection)
: QuicPathValidationContext(self_address,
peer_address,
effective_peer_address),
connection_(connection) {}
QuicPacketWriter* WriterToUse() override { return connection_->writer(); }
private:
QuicConnection* connection_;
};
bool QuicConnection::OnPathChallengeFrame(const QuicPathChallengeFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_8, !connected_)
<< "Processing PATH_CHALLENGE frame when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
if (has_path_challenge_in_current_packet_) {
QUICHE_DCHECK(send_path_response_);
QUIC_RELOADABLE_FLAG_COUNT_N(quic_send_path_response2, 2, 5);
// Only respond to the 1st PATH_CHALLENGE in the packet.
return true;
}
if (!validate_client_addresses_) {
return OnPathChallengeFrameInternal(frame);
}
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 1, 6);
{
// UpdatePacketStateAndReplyPathChallenge() may start reverse path
// validation, if so bundle the PATH_CHALLENGE together with the
// PATH_RESPONSE. This context needs to be out of scope before returning.
// TODO(danzh) inline OnPathChallengeFrameInternal() once
// support_reverse_path_validation_ is deprecated.
auto context =
group_path_response_and_challenge_sending_closer_
? nullptr
: std::make_unique<QuicPacketCreator::ScopedPeerAddressContext>(
&packet_creator_, last_received_packet_info_.source_address,
/*update_connection_id=*/false);
if (!OnPathChallengeFrameInternal(frame)) {
return false;
}
}
return connected_;
}
bool QuicConnection::OnPathChallengeFrameInternal(
const QuicPathChallengeFrame& frame) {
should_proactively_validate_peer_address_on_path_challenge_ = false;
// UpdatePacketContent() may start reverse path validation.
if (!UpdatePacketContent(PATH_CHALLENGE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPathChallengeFrame(frame);
}
std::unique_ptr<QuicPacketCreator::ScopedPeerAddressContext> context;
const QuicSocketAddress current_effective_peer_address =
GetEffectivePeerAddressFromCurrentPacket();
if (group_path_response_and_challenge_sending_closer_) {
QuicConnectionId client_cid, server_cid;
FindOnPathConnectionIds(last_received_packet_info_.destination_address,
current_effective_peer_address, &client_cid,
&server_cid);
context = std::make_unique<QuicPacketCreator::ScopedPeerAddressContext>(
&packet_creator_, last_received_packet_info_.source_address, client_cid,
server_cid, connection_migration_use_new_cid_);
}
if (should_proactively_validate_peer_address_on_path_challenge_) {
QUIC_RELOADABLE_FLAG_COUNT(
quic_group_path_response_and_challenge_sending_closer);
// Conditions to proactively validate peer address:
// The perspective is server
// The PATH_CHALLENGE is received on an unvalidated alternative path.
// The connection isn't validating migrated peer address, which is of
// higher prority.
QUIC_DVLOG(1) << "Proactively validate the effective peer address "
<< current_effective_peer_address;
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 2, 6);
ValidatePath(std::make_unique<ReversePathValidationContext>(
default_path_.self_address,
last_received_packet_info_.source_address,
current_effective_peer_address, this),
std::make_unique<ReversePathValidationResultDelegate>(
this, peer_address()));
}
if (!send_path_response_) {
// Save the path challenge's payload, for later use in generating the
// response.
received_path_challenge_payloads_.push_back(frame.data_buffer);
MaybeUpdateAckTimeout();
return true;
}
QUIC_RELOADABLE_FLAG_COUNT_N(quic_send_path_response2, 3, 5);
has_path_challenge_in_current_packet_ = true;
MaybeUpdateAckTimeout();
// Queue or send PATH_RESPONSE. Send PATH_RESPONSE to the source address of
// the current incoming packet, even if it's not the default path or the
// alternative path.
const bool success = SendPathResponse(
frame.data_buffer, last_received_packet_info_.source_address,
current_effective_peer_address);
if (GetQuicReloadableFlag(quic_drop_unsent_path_response)) {
QUIC_RELOADABLE_FLAG_COUNT(quic_drop_unsent_path_response);
}
if (!success) {
QUIC_CODE_COUNT(quic_failed_to_send_path_response);
if (!GetQuicReloadableFlag(quic_drop_unsent_path_response)) {
// Queue the payloads to re-try later.
pending_path_challenge_payloads_.push_back(
{frame.data_buffer, last_received_packet_info_.source_address});
}
}
// TODO(b/150095588): change the stats to
// num_valid_path_challenge_received.
++stats_.num_connectivity_probing_received;
// SendPathResponse() might cause connection to be closed.
return connected_;
}
bool QuicConnection::OnPathResponseFrame(const QuicPathResponseFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_9, !connected_)
<< "Processing PATH_RESPONSE frame when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(PATH_RESPONSE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPathResponseFrame(frame);
}
MaybeUpdateAckTimeout();
if (use_path_validator_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_pass_path_response_to_validator, 1, 4);
path_validator_.OnPathResponse(
frame.data_buffer, last_received_packet_info_.destination_address);
} else {
if (!transmitted_connectivity_probe_payload_ ||
*transmitted_connectivity_probe_payload_ != frame.data_buffer) {
// Is not for the probe we sent, ignore it.
return true;
}
// Have received the matching PATH RESPONSE, saved payload no longer valid.
transmitted_connectivity_probe_payload_ = nullptr;
}
return connected_;
}
bool QuicConnection::OnConnectionCloseFrame(
const QuicConnectionCloseFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_10, !connected_)
<< "Processing CONNECTION_CLOSE frame when "
"connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a connection close frame was received, this is not a connectivity
// probe. A probe only contains a PING and full padding.
if (!UpdatePacketContent(CONNECTION_CLOSE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnConnectionCloseFrame(frame);
}
switch (frame.close_type) {
case GOOGLE_QUIC_CONNECTION_CLOSE:
QUIC_DLOG(INFO) << ENDPOINT << "Received ConnectionClose for connection: "
<< connection_id() << ", with error: "
<< QuicErrorCodeToString(frame.quic_error_code) << " ("
<< frame.error_details << ")";
break;
case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE:
QUIC_DLOG(INFO) << ENDPOINT
<< "Received Transport ConnectionClose for connection: "
<< connection_id() << ", with error: "
<< QuicErrorCodeToString(frame.quic_error_code) << " ("
<< frame.error_details << ")"
<< ", transport error code: " << frame.wire_error_code
<< ", error frame type: "
<< frame.transport_close_frame_type;
break;
case IETF_QUIC_APPLICATION_CONNECTION_CLOSE:
QUIC_DLOG(INFO) << ENDPOINT
<< "Received Application ConnectionClose for connection: "
<< connection_id() << ", with error: "
<< QuicErrorCodeToString(frame.quic_error_code) << " ("
<< frame.error_details << ")"
<< ", application error code: " << frame.wire_error_code;
break;
}
if (frame.quic_error_code == QUIC_BAD_MULTIPATH_FLAG) {
QUIC_LOG_FIRST_N(ERROR, 10) << "Unexpected QUIC_BAD_MULTIPATH_FLAG error."
<< " last_received_header: " << last_header_
<< " encryption_level: " << encryption_level_;
}
TearDownLocalConnectionState(frame, ConnectionCloseSource::FROM_PEER);
return connected_;
}
bool QuicConnection::OnMaxStreamsFrame(const QuicMaxStreamsFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_13, !connected_)
<< "Processing MAX_STREAMS frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(MAX_STREAMS_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnMaxStreamsFrame(frame);
}
if (add_missing_update_ack_timeout_) {
MaybeUpdateAckTimeout();
}
return visitor_->OnMaxStreamsFrame(frame) && connected_;
}
bool QuicConnection::OnStreamsBlockedFrame(
const QuicStreamsBlockedFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_11, !connected_)
<< "Processing STREAMS_BLOCKED frame when "
"connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(STREAMS_BLOCKED_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnStreamsBlockedFrame(frame);
}
if (add_missing_update_ack_timeout_) {
MaybeUpdateAckTimeout();
}
return visitor_->OnStreamsBlockedFrame(frame) && connected_;
}
bool QuicConnection::OnGoAwayFrame(const QuicGoAwayFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_14, !connected_)
<< "Processing GOAWAY frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a go away frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(GOAWAY_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnGoAwayFrame(frame);
}
QUIC_DLOG(INFO) << ENDPOINT << "GOAWAY_FRAME received with last good stream: "
<< frame.last_good_stream_id
<< " and error: " << QuicErrorCodeToString(frame.error_code)
<< " and reason: " << frame.reason_phrase;
MaybeUpdateAckTimeout();
visitor_->OnGoAway(frame);
return connected_;
}
bool QuicConnection::OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_12, !connected_)
<< "Processing WINDOW_UPDATE frame when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
// Since a window update frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(WINDOW_UPDATE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnWindowUpdateFrame(
frame, idle_network_detector_.time_of_last_received_packet());
}
QUIC_DVLOG(1) << ENDPOINT << "WINDOW_UPDATE_FRAME received " << frame;
MaybeUpdateAckTimeout();
visitor_->OnWindowUpdateFrame(frame);
return connected_;
}
void QuicConnection::OnClientConnectionIdAvailable() {
QUICHE_DCHECK(perspective_ == Perspective::IS_SERVER);
if (!peer_issued_cid_manager_->HasUnusedConnectionId()) {
return;
}
if (default_path_.client_connection_id.IsEmpty()) {
// Count client connection ID patched onto the default path.
QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_migration_use_new_cid_v2, 3,
6);
const QuicConnectionIdData* unused_cid_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
QUIC_DVLOG(1) << ENDPOINT << "Patch connection ID "
<< unused_cid_data->connection_id << " to default path";
default_path_.client_connection_id = unused_cid_data->connection_id;
default_path_.stateless_reset_token_received = true;
default_path_.stateless_reset_token =
unused_cid_data->stateless_reset_token;
QUICHE_DCHECK(!packet_creator_.HasPendingFrames());
QUICHE_DCHECK(packet_creator_.GetDestinationConnectionId().IsEmpty());
packet_creator_.SetClientConnectionId(default_path_.client_connection_id);
return;
}
if (alternative_path_.peer_address.IsInitialized() &&
alternative_path_.client_connection_id.IsEmpty()) {
// Count client connection ID patched onto the alternative path.
QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_migration_use_new_cid_v2, 4,
6);
const QuicConnectionIdData* unused_cid_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
QUIC_DVLOG(1) << ENDPOINT << "Patch connection ID "
<< unused_cid_data->connection_id << " to alternative path";
alternative_path_.client_connection_id = unused_cid_data->connection_id;
alternative_path_.stateless_reset_token_received = true;
alternative_path_.stateless_reset_token =
unused_cid_data->stateless_reset_token;
}
}
bool QuicConnection::ShouldSetRetransmissionAlarmOnPacketSent(
bool in_flight, EncryptionLevel level) const {
if (!retransmission_alarm_->IsSet()) {
return true;
}
if (!in_flight) {
return false;
}
if (!SupportsMultiplePacketNumberSpaces()) {
return true;
}
// Before handshake gets confirmed, do not re-arm PTO timer on application
// data. Think about this scenario: on the client side, the CHLO gets
// acknowledged and the SHLO is not received yet. The PTO alarm is set when
// the CHLO acknowledge is received (and there is no in flight INITIAL
// packet). Re-arming PTO alarm on 0-RTT packet would keep postponing the PTO
// alarm.
return IsHandshakeConfirmed() || level == ENCRYPTION_INITIAL ||
level == ENCRYPTION_HANDSHAKE;
}
bool QuicConnection::OnNewConnectionIdFrameInner(
const QuicNewConnectionIdFrame& frame) {
QUICHE_DCHECK(support_multiple_connection_ids_);
if (peer_issued_cid_manager_ == nullptr) {
CloseConnection(
IETF_QUIC_PROTOCOL_VIOLATION,
"Receives NEW_CONNECTION_ID while peer uses zero length connection ID",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
std::string error_detail;
QuicErrorCode error =
peer_issued_cid_manager_->OnNewConnectionIdFrame(frame, &error_detail);
if (error != QUIC_NO_ERROR) {
CloseConnection(error, error_detail,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
if (perspective_ == Perspective::IS_SERVER) {
OnClientConnectionIdAvailable();
}
QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_support_multiple_cids_v4, 1, 2);
if (ack_cid_frames_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_ack_cid_frames, 1, 2);
MaybeUpdateAckTimeout();
}
return true;
}
bool QuicConnection::OnNewConnectionIdFrame(
const QuicNewConnectionIdFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_13, !connected_)
<< "Processing NEW_CONNECTION_ID frame when "
"connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(NEW_CONNECTION_ID_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnNewConnectionIdFrame(frame);
}
if (!support_multiple_connection_ids_) {
return true;
}
return OnNewConnectionIdFrameInner(frame);
}
bool QuicConnection::OnRetireConnectionIdFrame(
const QuicRetireConnectionIdFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_14, !connected_)
<< "Processing RETIRE_CONNECTION_ID frame when "
"connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(RETIRE_CONNECTION_ID_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnRetireConnectionIdFrame(frame);
}
if (!connection_migration_use_new_cid_) {
// Do not respond to RetireConnectionId frame.
return true;
}
if (!support_multiple_connection_ids_) {
return true;
}
if (self_issued_cid_manager_ == nullptr) {
CloseConnection(
IETF_QUIC_PROTOCOL_VIOLATION,
"Receives RETIRE_CONNECTION_ID while new connection ID is never issued",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
std::string error_detail;
QuicErrorCode error = self_issued_cid_manager_->OnRetireConnectionIdFrame(
frame, sent_packet_manager_.GetPtoDelay(), &error_detail);
if (error != QUIC_NO_ERROR) {
CloseConnection(error, error_detail,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_support_multiple_cids_v4, 2, 2);
// Count successfully received RETIRE_CONNECTION_ID frames.
QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_migration_use_new_cid_v2, 5, 6);
if (ack_cid_frames_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_ack_cid_frames, 2, 2);
MaybeUpdateAckTimeout();
}
return true;
}
bool QuicConnection::OnNewTokenFrame(const QuicNewTokenFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_15, !connected_)
<< "Processing NEW_TOKEN frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
if (!UpdatePacketContent(NEW_TOKEN_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnNewTokenFrame(frame);
}
if (perspective_ == Perspective::IS_SERVER) {
CloseConnection(QUIC_INVALID_NEW_TOKEN, "Server received new token frame.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
// NEW_TOKEN frame should insitgate ACKs.
MaybeUpdateAckTimeout();
visitor_->OnNewTokenReceived(frame.token);
return true;
}
bool QuicConnection::OnMessageFrame(const QuicMessageFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_16, !connected_)
<< "Processing MESSAGE frame when connection is closed. Last frame: "
<< most_recent_frame_type_;
// Since a message frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(MESSAGE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnMessageFrame(frame);
}
MaybeUpdateAckTimeout();
visitor_->OnMessageReceived(
absl::string_view(frame.data, frame.message_length));
return connected_;
}
bool QuicConnection::OnHandshakeDoneFrame(const QuicHandshakeDoneFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_15, !connected_)
<< "Processing HANDSHAKE_DONE frame when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
if (!version().UsesTls()) {
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION,
"Handshake done frame is unsupported",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
if (perspective_ == Perspective::IS_SERVER) {
CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION,
"Server received handshake done frame.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
// Since a handshake done frame was received, this is not a connectivity
// probe. A probe only contains a PING and full padding.
if (!UpdatePacketContent(HANDSHAKE_DONE_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnHandshakeDoneFrame(frame);
}
MaybeUpdateAckTimeout();
visitor_->OnHandshakeDoneReceived();
return connected_;
}
bool QuicConnection::OnAckFrequencyFrame(const QuicAckFrequencyFrame& frame) {
QUIC_BUG_IF(quic_bug_10511_16, !connected_)
<< "Processing ACK_FREQUENCY frame when connection "
"is closed. Last frame: "
<< most_recent_frame_type_;
if (debug_visitor_ != nullptr) {
debug_visitor_->OnAckFrequencyFrame(frame);
}
if (!UpdatePacketContent(ACK_FREQUENCY_FRAME)) {
return false;
}
if (!can_receive_ack_frequency_frame_) {
QUIC_LOG_EVERY_N_SEC(ERROR, 120) << "Get unexpected AckFrequencyFrame.";
return false;
}
if (auto packet_number_space =
QuicUtils::GetPacketNumberSpace(last_decrypted_packet_level_) ==
APPLICATION_DATA) {
uber_received_packet_manager_.OnAckFrequencyFrame(frame);
} else {
QUIC_LOG_EVERY_N_SEC(ERROR, 120)
<< "Get AckFrequencyFrame in packet number space "
<< packet_number_space;
}
MaybeUpdateAckTimeout();
return true;
}
bool QuicConnection::OnBlockedFrame(const QuicBlockedFrame& frame) {
QUIC_BUG_IF(quic_bug_12714_17, !connected_)
<< "Processing BLOCKED frame when connection is closed. Last frame was "
<< most_recent_frame_type_;
// Since a blocked frame was received, this is not a connectivity probe.
// A probe only contains a PING and full padding.
if (!UpdatePacketContent(BLOCKED_FRAME)) {
return false;
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnBlockedFrame(frame);
}
QUIC_DLOG(INFO) << ENDPOINT
<< "BLOCKED_FRAME received for stream: " << frame.stream_id;
MaybeUpdateAckTimeout();
visitor_->OnBlockedFrame(frame);
stats_.blocked_frames_received++;
return connected_;
}
void QuicConnection::OnPacketComplete() {
// Don't do anything if this packet closed the connection.
if (!connected_) {
ClearLastFrames();
return;
}
if (IsCurrentPacketConnectivityProbing()) {
QUICHE_DCHECK(!version().HasIetfQuicFrames());
++stats_.num_connectivity_probing_received;
}
QUIC_DVLOG(1) << ENDPOINT << "Got"
<< (SupportsMultiplePacketNumberSpaces()
? (" " + EncryptionLevelToString(
last_decrypted_packet_level_))
: "")
<< " packet " << last_header_.packet_number << " for "
<< GetServerConnectionIdAsRecipient(last_header_, perspective_);
QUIC_DLOG_IF(INFO, current_packet_content_ == SECOND_FRAME_IS_PADDING)
<< ENDPOINT << "Received a padded PING packet. is_probing: "
<< IsCurrentPacketConnectivityProbing();
MaybeRespondToConnectivityProbingOrMigration();
current_effective_peer_migration_type_ = NO_CHANGE;
// For IETF QUIC, it is guaranteed that TLS will give connection the
// corresponding write key before read key. In other words, connection should
// never process a packet while an ACK for it cannot be encrypted.
if (!should_last_packet_instigate_acks_) {
uber_received_packet_manager_.MaybeUpdateAckTimeout(
should_last_packet_instigate_acks_, last_decrypted_packet_level_,
last_header_.packet_number, clock_->ApproximateNow(),
sent_packet_manager_.GetRttStats());
}
ClearLastFrames();
CloseIfTooManyOutstandingSentPackets();
}
void QuicConnection::MaybeRespondToConnectivityProbingOrMigration() {
if (version().HasIetfQuicFrames()) {
if (send_path_response_) {
return;
}
if (perspective_ == Perspective::IS_CLIENT) {
// This node is a client, notify that a speculative connectivity probing
// packet has been received anyway.
visitor_->OnPacketReceived(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address,
/*is_connectivity_probe=*/false);
return;
}
if (!received_path_challenge_payloads_.empty()) {
if (current_effective_peer_migration_type_ != NO_CHANGE) {
// TODO(b/150095588): change the stats to
// num_valid_path_challenge_received.
++stats_.num_connectivity_probing_received;
}
// If the packet contains PATH CHALLENGE, send appropriate RESPONSE.
// There was at least one PATH CHALLENGE in the received packet,
// Generate the required PATH RESPONSE.
SendGenericPathProbePacket(nullptr,
last_received_packet_info_.source_address,
/* is_response=*/true);
return;
}
} else {
if (IsCurrentPacketConnectivityProbing()) {
visitor_->OnPacketReceived(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address,
/*is_connectivity_probe=*/true);
return;
}
if (perspective_ == Perspective::IS_CLIENT) {
// This node is a client, notify that a speculative connectivity probing
// packet has been received anyway.
QUIC_DVLOG(1)
<< ENDPOINT
<< "Received a speculative connectivity probing packet for "
<< GetServerConnectionIdAsRecipient(last_header_, perspective_)
<< " from ip:port: "
<< last_received_packet_info_.source_address.ToString()
<< " to ip:port: "
<< last_received_packet_info_.destination_address.ToString();
visitor_->OnPacketReceived(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address,
/*is_connectivity_probe=*/false);
return;
}
}
}
bool QuicConnection::IsValidStatelessResetToken(
const StatelessResetToken& token) const {
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
return default_path_.stateless_reset_token_received &&
QuicUtils::AreStatelessResetTokensEqual(
token, default_path_.stateless_reset_token);
}
void QuicConnection::OnAuthenticatedIetfStatelessResetPacket(
const QuicIetfStatelessResetPacket& /*packet*/) {
// TODO(fayang): Add OnAuthenticatedIetfStatelessResetPacket to
// debug_visitor_.
QUICHE_DCHECK(version().HasIetfInvariantHeader());
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
if (use_path_validator_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_pass_path_response_to_validator, 4, 4);
if (!IsDefaultPath(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address)) {
// This packet is received on a probing path. Do not close connection.
if (IsAlternativePath(last_received_packet_info_.destination_address,
GetEffectivePeerAddressFromCurrentPacket())) {
QUIC_BUG_IF(quic_bug_12714_18, alternative_path_.validated)
<< "STATELESS_RESET received on alternate path after it's "
"validated.";
path_validator_.CancelPathValidation();
} else {
QUIC_BUG(quic_bug_10511_17)
<< "Received Stateless Reset on unknown socket.";
}
return;
}
} else if (!visitor_->ValidateStatelessReset(
last_received_packet_info_.destination_address,
last_received_packet_info_.source_address)) {
// This packet is received on a probing path. Do not close connection.
return;
}
const std::string error_details = "Received stateless reset.";
QUIC_CODE_COUNT(quic_tear_down_local_connection_on_stateless_reset);
TearDownLocalConnectionState(QUIC_PUBLIC_RESET, NO_IETF_QUIC_ERROR,
error_details, ConnectionCloseSource::FROM_PEER);
}
void QuicConnection::OnKeyUpdate(KeyUpdateReason reason) {
QUICHE_DCHECK(support_key_update_for_connection_);
QUIC_DLOG(INFO) << ENDPOINT << "Key phase updated for " << reason;
lowest_packet_sent_in_current_key_phase_.Clear();
stats_.key_update_count++;
// If another key update triggers while the previous
// discard_previous_one_rtt_keys_alarm_ hasn't fired yet, cancel it since the
// old keys would already be discarded.
discard_previous_one_rtt_keys_alarm_->Cancel();
visitor_->OnKeyUpdate(reason);
}
void QuicConnection::OnDecryptedFirstPacketInKeyPhase() {
QUIC_DLOG(INFO) << ENDPOINT << "OnDecryptedFirstPacketInKeyPhase";
// An endpoint SHOULD retain old read keys for no more than three times the
// PTO after having received a packet protected using the new keys. After this
// period, old read keys and their corresponding secrets SHOULD be discarded.
//
// Note that this will cause an unnecessary
// discard_previous_one_rtt_keys_alarm_ on the first packet in the 1RTT
// encryption level, but this is harmless.
discard_previous_one_rtt_keys_alarm_->Set(
clock_->ApproximateNow() + sent_packet_manager_.GetPtoDelay() * 3);
}
std::unique_ptr<QuicDecrypter>
QuicConnection::AdvanceKeysAndCreateCurrentOneRttDecrypter() {
QUIC_DLOG(INFO) << ENDPOINT << "AdvanceKeysAndCreateCurrentOneRttDecrypter";
return visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter();
}
std::unique_ptr<QuicEncrypter> QuicConnection::CreateCurrentOneRttEncrypter() {
QUIC_DLOG(INFO) << ENDPOINT << "CreateCurrentOneRttEncrypter";
return visitor_->CreateCurrentOneRttEncrypter();
}
void QuicConnection::ClearLastFrames() {
should_last_packet_instigate_acks_ = false;
}
void QuicConnection::CloseIfTooManyOutstandingSentPackets() {
// This occurs if we don't discard old packets we've seen fast enough. It's
// possible largest observed is less than leaset unacked.
const bool should_close =
sent_packet_manager_.GetLargestSentPacket().IsInitialized() &&
sent_packet_manager_.GetLargestSentPacket() >
sent_packet_manager_.GetLeastUnacked() + max_tracked_packets_;
if (should_close) {
CloseConnection(
QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS,
absl::StrCat("More than ", max_tracked_packets_,
" outstanding, least_unacked: ",
sent_packet_manager_.GetLeastUnacked().ToUint64(),
", packets_processed: ", stats_.packets_processed,
", last_decrypted_packet_level: ",
EncryptionLevelToString(last_decrypted_packet_level_)),
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
}
}
const QuicFrame QuicConnection::GetUpdatedAckFrame() {
QUICHE_DCHECK(!uber_received_packet_manager_.IsAckFrameEmpty(
QuicUtils::GetPacketNumberSpace(encryption_level_)))
<< "Try to retrieve an empty ACK frame";
return uber_received_packet_manager_.GetUpdatedAckFrame(
QuicUtils::GetPacketNumberSpace(encryption_level_),
clock_->ApproximateNow());
}
void QuicConnection::PopulateStopWaitingFrame(
QuicStopWaitingFrame* stop_waiting) {
stop_waiting->least_unacked = GetLeastUnacked();
}
QuicPacketNumber QuicConnection::GetLeastUnacked() const {
return sent_packet_manager_.GetLeastUnacked();
}
bool QuicConnection::HandleWriteBlocked() {
if (!writer_->IsWriteBlocked()) {
return false;
}
visitor_->OnWriteBlocked();
return true;
}
void QuicConnection::MaybeSendInResponseToPacket() {
if (!connected_) {
return;
}
// If the writer is blocked, don't attempt to send packets now or in the send
// alarm. When the writer unblocks, OnCanWrite() will be called for this
// connection to send.
if (HandleWriteBlocked()) {
return;
}
// Now that we have received an ack, we might be able to send packets which
// are queued locally, or drain streams which are blocked.
if (defer_send_in_response_to_packets_) {
send_alarm_->Update(clock_->ApproximateNow(), QuicTime::Delta::Zero());
} else {
WriteIfNotBlocked();
}
}
void QuicConnection::MaybeActivateLegacyVersionEncapsulation() {
if (!legacy_version_encapsulation_enabled_) {
return;
}
QUICHE_DCHECK(!legacy_version_encapsulation_in_progress_);
QUIC_BUG_IF(quic_bug_12714_19, !packet_creator_.CanSetMaxPacketLength())
<< "Cannot activate Legacy Version Encapsulation mid-packet";
QUIC_BUG_IF(quic_bug_12714_20, coalesced_packet_.length() != 0u)
<< "Cannot activate Legacy Version Encapsulation mid-coalesced-packet";
legacy_version_encapsulation_in_progress_ = true;
MaybeUpdatePacketCreatorMaxPacketLengthAndPadding();
}
void QuicConnection::MaybeDisactivateLegacyVersionEncapsulation() {
if (!legacy_version_encapsulation_in_progress_) {
return;
}
// Flush any remaining packet before disactivating encapsulation.
packet_creator_.FlushCurrentPacket();
QUICHE_DCHECK(legacy_version_encapsulation_enabled_);
legacy_version_encapsulation_in_progress_ = false;
MaybeUpdatePacketCreatorMaxPacketLengthAndPadding();
}
size_t QuicConnection::SendCryptoData(EncryptionLevel level,
size_t write_length,
QuicStreamOffset offset) {
if (write_length == 0) {
QUIC_BUG(quic_bug_10511_18) << "Attempt to send empty crypto frame";
return 0;
}
if (level == ENCRYPTION_INITIAL) {
MaybeActivateLegacyVersionEncapsulation();
}
size_t consumed_length;
{
ScopedPacketFlusher flusher(this);
consumed_length =
packet_creator_.ConsumeCryptoData(level, write_length, offset);
} // Added scope ensures packets are flushed before continuing.
MaybeDisactivateLegacyVersionEncapsulation();
return consumed_length;
}
QuicConsumedData QuicConnection::SendStreamData(QuicStreamId id,
size_t write_length,
QuicStreamOffset offset,
StreamSendingState state) {
if (state == NO_FIN && write_length == 0) {
QUIC_BUG(quic_bug_10511_19) << "Attempt to send empty stream frame";
return QuicConsumedData(0, false);
}
if (packet_creator_.encryption_level() == ENCRYPTION_INITIAL &&
QuicUtils::IsCryptoStreamId(transport_version(), id)) {
MaybeActivateLegacyVersionEncapsulation();
}
if (perspective_ == Perspective::IS_SERVER &&
version().CanSendCoalescedPackets() && !IsHandshakeConfirmed()) {
if (GetQuicReloadableFlag(quic_donot_pto_half_rtt_data)) {
QUIC_RELOADABLE_FLAG_COUNT(quic_donot_pto_half_rtt_data);
if (in_on_retransmission_time_out_ &&
coalesced_packet_.NumberOfPackets() == 0u) {
// PTO fires while handshake is not confirmed. Do not preempt handshake
// data with stream data.
QUIC_CODE_COUNT(quic_try_to_send_half_rtt_data_when_pto_fires);
return QuicConsumedData(0, false);
}
}
if (coalesced_packet_.ContainsPacketOfEncryptionLevel(ENCRYPTION_INITIAL) &&
coalesced_packet_.NumberOfPackets() == 1u) {
// Handshake is not confirmed yet, if there is only an initial packet in
// the coalescer, try to bundle an ENCRYPTION_HANDSHAKE packet before
// sending stream data.
sent_packet_manager_.RetransmitDataOfSpaceIfAny(HANDSHAKE_DATA);
}
}
QuicConsumedData consumed_data(0, false);
{
// Opportunistically bundle an ack with every outgoing packet.
// Particularly, we want to bundle with handshake packets since we don't
// know which decrypter will be used on an ack packet following a handshake
// packet (a handshake packet from client to server could result in a REJ or
// a SHLO from the server, leading to two different decrypters at the
// server.)
ScopedPacketFlusher flusher(this);
consumed_data =
packet_creator_.ConsumeData(id, write_length, offset, state);
} // Added scope ensures packets are flushed before continuing.
MaybeDisactivateLegacyVersionEncapsulation();
return consumed_data;
}
bool QuicConnection::SendControlFrame(const QuicFrame& frame) {
if (SupportsMultiplePacketNumberSpaces() &&
(encryption_level_ == ENCRYPTION_INITIAL ||
encryption_level_ == ENCRYPTION_HANDSHAKE) &&
frame.type != PING_FRAME) {
// Allow PING frame to be sent without APPLICATION key. For example, when
// anti-amplification limit is used, client needs to send something to avoid
// handshake deadlock.
QUIC_DVLOG(1) << ENDPOINT << "Failed to send control frame: " << frame
<< " at encryption level: " << encryption_level_;
return false;
}
ScopedPacketFlusher flusher(this);
const bool consumed =
packet_creator_.ConsumeRetransmittableControlFrame(frame);
if (!consumed) {
QUIC_DVLOG(1) << ENDPOINT << "Failed to send control frame: " << frame;
return false;
}
if (frame.type == PING_FRAME) {
// Flush PING frame immediately.
packet_creator_.FlushCurrentPacket();
stats_.ping_frames_sent++;
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPingSent();
}
}
if (frame.type == BLOCKED_FRAME) {
stats_.blocked_frames_sent++;
}
return true;
}
void QuicConnection::OnStreamReset(QuicStreamId id,
QuicRstStreamErrorCode error) {
if (error == QUIC_STREAM_NO_ERROR) {
// All data for streams which are reset with QUIC_STREAM_NO_ERROR must
// be received by the peer.
return;
}
// Flush stream frames of reset stream.
if (packet_creator_.HasPendingStreamFramesOfStream(id)) {
ScopedPacketFlusher flusher(this);
packet_creator_.FlushCurrentPacket();
}
// TODO(ianswett): Consider checking for 3 RTOs when the last stream is
// cancelled as well.
}
const QuicConnectionStats& QuicConnection::GetStats() {
const RttStats* rtt_stats = sent_packet_manager_.GetRttStats();
// Update rtt and estimated bandwidth.
QuicTime::Delta min_rtt = rtt_stats->min_rtt();
if (min_rtt.IsZero()) {
// If min RTT has not been set, use initial RTT instead.
min_rtt = rtt_stats->initial_rtt();
}
stats_.min_rtt_us = min_rtt.ToMicroseconds();
QuicTime::Delta srtt = rtt_stats->SmoothedOrInitialRtt();
stats_.srtt_us = srtt.ToMicroseconds();
stats_.estimated_bandwidth = sent_packet_manager_.BandwidthEstimate();
sent_packet_manager_.GetSendAlgorithm()->PopulateConnectionStats(&stats_);
stats_.egress_mtu = long_term_mtu_;
stats_.ingress_mtu = largest_received_packet_size_;
return stats_;
}
void QuicConnection::OnCoalescedPacket(const QuicEncryptedPacket& packet) {
QueueCoalescedPacket(packet);
}
void QuicConnection::OnUndecryptablePacket(const QuicEncryptedPacket& packet,
EncryptionLevel decryption_level,
bool has_decryption_key) {
QUIC_DVLOG(1) << ENDPOINT << "Received undecryptable packet of length "
<< packet.length() << " with"
<< (has_decryption_key ? "" : "out") << " key at level "
<< decryption_level
<< " while connection is at encryption level "
<< encryption_level_;
QUICHE_DCHECK(EncryptionLevelIsValid(decryption_level));
if (encryption_level_ != ENCRYPTION_FORWARD_SECURE) {
++stats_.undecryptable_packets_received_before_handshake_complete;
}
const bool should_enqueue =
ShouldEnqueueUnDecryptablePacket(decryption_level, has_decryption_key);
if (should_enqueue) {
QueueUndecryptablePacket(packet, decryption_level);
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnUndecryptablePacket(decryption_level,
/*dropped=*/!should_enqueue);
}
if (has_decryption_key) {
stats_.num_failed_authentication_packets_received++;
if (version().UsesTls()) {
// Should always be non-null if has_decryption_key is true.
QUICHE_DCHECK(framer_.GetDecrypter(decryption_level));
const QuicPacketCount integrity_limit =
framer_.GetDecrypter(decryption_level)->GetIntegrityLimit();
QUIC_DVLOG(2) << ENDPOINT << "Checking AEAD integrity limits:"
<< " num_failed_authentication_packets_received="
<< stats_.num_failed_authentication_packets_received
<< " integrity_limit=" << integrity_limit;
if (stats_.num_failed_authentication_packets_received >=
integrity_limit) {
const std::string error_details = absl::StrCat(
"decrypter integrity limit reached:"
" num_failed_authentication_packets_received=",
stats_.num_failed_authentication_packets_received,
" integrity_limit=", integrity_limit);
CloseConnection(QUIC_AEAD_LIMIT_REACHED, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
}
}
}
if (version().UsesTls() && perspective_ == Perspective::IS_SERVER &&
decryption_level == ENCRYPTION_ZERO_RTT && !has_decryption_key &&
had_zero_rtt_decrypter_) {
QUIC_CODE_COUNT_N(
quic_server_received_tls_zero_rtt_packet_after_discarding_decrypter, 1,
3);
stats_
.num_tls_server_zero_rtt_packets_received_after_discarding_decrypter++;
}
}
bool QuicConnection::ShouldEnqueueUnDecryptablePacket(
EncryptionLevel decryption_level, bool has_decryption_key) const {
if (!GetQuicReloadableFlag(quic_queue_until_handshake_complete) &&
encryption_level_ == ENCRYPTION_FORWARD_SECURE) {
// We do not expect to install any further keys.
return false;
}
if (has_decryption_key) {
// We already have the key for this decryption level, therefore no
// future keys will allow it be decrypted.
return false;
}
if (GetQuicReloadableFlag(quic_queue_until_handshake_complete) &&
IsHandshakeComplete()) {
QUICHE_RELOADABLE_FLAG_COUNT(quic_queue_until_handshake_complete);
// We do not expect to install any further keys.
return false;
}
if (undecryptable_packets_.size() >= max_undecryptable_packets_) {
// We do not queue more than max_undecryptable_packets_ packets.
return false;
}
if (version().KnowsWhichDecrypterToUse() &&
decryption_level == ENCRYPTION_INITIAL) {
// When the corresponding decryption key is not available, all
// non-Initial packets should be buffered until the handshake is complete.
return false;
}
if (perspective_ == Perspective::IS_CLIENT && version().UsesTls() &&
decryption_level == ENCRYPTION_ZERO_RTT) {
// Only clients send Zero RTT packets in IETF QUIC.
QUIC_PEER_BUG(quic_peer_bug_client_received_zero_rtt)
<< "Client received a Zero RTT packet, not buffering.";
return false;
}
return true;
}
std::string QuicConnection::UndecryptablePacketsInfo() const {
std::string info = absl::StrCat(
"num_undecryptable_packets: ", undecryptable_packets_.size(), " {");
for (const auto& packet : undecryptable_packets_) {
absl::StrAppend(&info, "[",
EncryptionLevelToString(packet.encryption_level), ", ",
packet.packet->length(), "]");
}
absl::StrAppend(&info, "}");
return info;
}
void QuicConnection::MaybeUpdatePacketCreatorMaxPacketLengthAndPadding() {
QuicByteCount max_packet_length = GetLimitedMaxPacketSize(long_term_mtu_);
if (legacy_version_encapsulation_in_progress_) {
QUICHE_DCHECK(legacy_version_encapsulation_enabled_);
const QuicByteCount minimum_overhead =
QuicLegacyVersionEncapsulator::GetMinimumOverhead(
legacy_version_encapsulation_sni_);
if (max_packet_length < minimum_overhead) {
QUIC_BUG(quic_bug_10511_20)
<< "Cannot apply Legacy Version Encapsulation overhead because "
<< "max_packet_length " << max_packet_length << " < minimum_overhead "
<< minimum_overhead;
legacy_version_encapsulation_in_progress_ = false;
legacy_version_encapsulation_enabled_ = false;
MaybeUpdatePacketCreatorMaxPacketLengthAndPadding();
return;
}
max_packet_length -= minimum_overhead;
}
packet_creator_.SetMaxPacketLength(max_packet_length);
}
void QuicConnection::ProcessUdpPacket(const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
const QuicReceivedPacket& packet) {
if (!connected_) {
return;
}
QUIC_DVLOG(2) << ENDPOINT << "Received encrypted " << packet.length()
<< " bytes:" << std::endl
<< quiche::QuicheTextUtils::HexDump(
absl::string_view(packet.data(), packet.length()));
QUIC_BUG_IF(quic_bug_12714_21, current_packet_data_ != nullptr)
<< "ProcessUdpPacket must not be called while processing a packet.";
if (debug_visitor_ != nullptr) {
debug_visitor_->OnPacketReceived(self_address, peer_address, packet);
}
last_received_packet_info_ =
ReceivedPacketInfo(self_address, peer_address, packet.receipt_time());
last_size_ = packet.length();
current_packet_data_ = packet.data();
if (!default_path_.self_address.IsInitialized()) {
default_path_.self_address = last_received_packet_info_.destination_address;
}
if (!direct_peer_address_.IsInitialized()) {
UpdatePeerAddress(last_received_packet_info_.source_address);
}
if (!default_path_.peer_address.IsInitialized()) {
const QuicSocketAddress effective_peer_addr =
GetEffectivePeerAddressFromCurrentPacket();
// The default path peer_address must be initialized at the beginning of the
// first packet processed(here). If effective_peer_addr is uninitialized,
// just set effective_peer_address_ to the direct peer address.
default_path_.peer_address = effective_peer_addr.IsInitialized()
? effective_peer_addr
: direct_peer_address_;
}
stats_.bytes_received += packet.length();
++stats_.packets_received;
if (!count_bytes_on_alternative_path_separately_) {
if (EnforceAntiAmplificationLimit()) {
default_path_.bytes_received_before_address_validation += last_size_;
}
} else if (IsDefaultPath(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address) &&
EnforceAntiAmplificationLimit()) {
QUIC_CODE_COUNT_N(quic_count_bytes_on_alternative_path_seperately, 1, 5);
last_received_packet_info_.received_bytes_counted = true;
default_path_.bytes_received_before_address_validation += last_size_;
}
// Ensure the time coming from the packet reader is within 2 minutes of now.
if (std::abs((packet.receipt_time() - clock_->ApproximateNow()).ToSeconds()) >
2 * 60) {
QUIC_BUG(quic_bug_10511_21)
<< "Packet receipt time:" << packet.receipt_time().ToDebuggingValue()
<< " too far from current time:"
<< clock_->ApproximateNow().ToDebuggingValue();
}
QUIC_DVLOG(1) << ENDPOINT << "time of last received packet: "
<< packet.receipt_time().ToDebuggingValue() << " from peer "
<< last_received_packet_info_.source_address;
ScopedPacketFlusher flusher(this);
if (!framer_.ProcessPacket(packet)) {
// If we are unable to decrypt this packet, it might be
// because the CHLO or SHLO packet was lost.
QUIC_DVLOG(1) << ENDPOINT
<< "Unable to process packet. Last packet processed: "
<< last_header_.packet_number;
current_packet_data_ = nullptr;
is_current_packet_connectivity_probing_ = false;
MaybeProcessCoalescedPackets();
return;
}
++stats_.packets_processed;
QUIC_DLOG_IF(INFO, active_effective_peer_migration_type_ != NO_CHANGE)
<< "sent_packet_manager_.GetLargestObserved() = "
<< sent_packet_manager_.GetLargestObserved()
<< ", highest_packet_sent_before_effective_peer_migration_ = "
<< highest_packet_sent_before_effective_peer_migration_;
if (!validate_client_addresses_ &&
active_effective_peer_migration_type_ != NO_CHANGE &&
sent_packet_manager_.GetLargestObserved().IsInitialized() &&
(!highest_packet_sent_before_effective_peer_migration_.IsInitialized() ||
sent_packet_manager_.GetLargestObserved() >
highest_packet_sent_before_effective_peer_migration_)) {
if (perspective_ == Perspective::IS_SERVER) {
OnEffectivePeerMigrationValidated();
}
}
const bool processed = MaybeProcessCoalescedPackets();
if (!donot_write_mid_packet_processing_ || !processed) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_donot_write_mid_packet_processing, 3, 3);
MaybeProcessUndecryptablePackets();
MaybeSendInResponseToPacket();
}
SetPingAlarm();
RetirePeerIssuedConnectionIdsNoLongerOnPath();
current_packet_data_ = nullptr;
is_current_packet_connectivity_probing_ = false;
}
void QuicConnection::OnBlockedWriterCanWrite() {
writer_->SetWritable();
OnCanWrite();
}
void QuicConnection::OnCanWrite() {
if (!connected_) {
return;
}
if (writer_->IsWriteBlocked()) {
const std::string error_details =
"Writer is blocked while calling OnCanWrite.";
QUIC_BUG(quic_bug_10511_22) << ENDPOINT << error_details;
CloseConnection(QUIC_INTERNAL_ERROR, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return;
}
ScopedPacketFlusher flusher(this);
WriteQueuedPackets();
const QuicTime ack_timeout =
uber_received_packet_manager_.GetEarliestAckTimeout();
if (ack_timeout.IsInitialized() && ack_timeout <= clock_->ApproximateNow()) {
// Send an ACK now because either 1) we were write blocked when we last
// tried to send an ACK, or 2) both ack alarm and send alarm were set to
// go off together.
if (SupportsMultiplePacketNumberSpaces()) {
SendAllPendingAcks();
} else {
SendAck();
}
}
// TODO(danzh) PATH_RESPONSE is of more interest to the peer than ACK,
// evaluate if it's worth to send them before sending ACKs.
while (!pending_path_challenge_payloads_.empty()) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_send_path_response2, 4, 5);
const PendingPathChallenge& pending_path_challenge =
pending_path_challenge_payloads_.front();
// Note connection_migration_use_cid_ will depends on
// quic_drop_unsent_path_response flag eventually, and hence the empty
// effective_peer_address here will not be used.
if (!SendPathResponse(pending_path_challenge.received_path_challenge,
pending_path_challenge.peer_address,
/*effective_peer_address=*/QuicSocketAddress())) {
break;
}
pending_path_challenge_payloads_.pop_front();
}
// Sending queued packets may have caused the socket to become write blocked,
// or the congestion manager to prohibit sending.
if (!CanWrite(HAS_RETRANSMITTABLE_DATA)) {
return;
}
// Tell the session it can write.
visitor_->OnCanWrite();
// After the visitor writes, it may have caused the socket to become write
// blocked or the congestion manager to prohibit sending, so check again.
if (visitor_->WillingAndAbleToWrite() && !send_alarm_->IsSet() &&
CanWrite(HAS_RETRANSMITTABLE_DATA)) {
// We're not write blocked, but some data wasn't written. Register for
// 'immediate' resumption so we'll keep writing after other connections.
send_alarm_->Set(clock_->ApproximateNow());
}
}
void QuicConnection::WriteIfNotBlocked() {
if (donot_write_mid_packet_processing_ && framer().is_processing_packet()) {
QUIC_BUG(connection_write_mid_packet_processing)
<< ENDPOINT << "Tried to write in mid of packet processing";
return;
}
if (!HandleWriteBlocked()) {
OnCanWrite();
}
}
void QuicConnection::MaybeClearQueuedPacketsOnPathChange() {
if (connection_migration_use_new_cid_ &&
peer_issued_cid_manager_ != nullptr && HasQueuedPackets()) {
// Discard packets serialized with the connection ID on the old code path.
// It is possible to clear queued packets only if connection ID changes.
// However, the case where connection ID is unchanged and queued packets are
// non-empty is quite rare.
ClearQueuedPackets();
}
}
void QuicConnection::ReplaceInitialServerConnectionId(
const QuicConnectionId& new_server_connection_id) {
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT);
if (support_multiple_connection_ids_) {
if (new_server_connection_id.IsEmpty()) {
peer_issued_cid_manager_ = nullptr;
} else {
if (peer_issued_cid_manager_ != nullptr) {
QUIC_BUG_IF(quic_bug_12714_22,
!peer_issued_cid_manager_->IsConnectionIdActive(
default_path_.server_connection_id))
<< "Connection ID replaced header is no longer active. old id: "
<< default_path_.server_connection_id
<< " new_id: " << new_server_connection_id;
peer_issued_cid_manager_->ReplaceConnectionId(
default_path_.server_connection_id, new_server_connection_id);
} else {
peer_issued_cid_manager_ =
std::make_unique<QuicPeerIssuedConnectionIdManager>(
kMinNumOfActiveConnectionIds, new_server_connection_id, clock_,
alarm_factory_, this);
}
}
}
default_path_.server_connection_id = new_server_connection_id;
packet_creator_.SetServerConnectionId(default_path_.server_connection_id);
}
void QuicConnection::FindMatchingOrNewClientConnectionIdOrToken(
const PathState& default_path,
const PathState& alternative_path,
const QuicConnectionId& server_connection_id,
QuicConnectionId* client_connection_id,
bool* stateless_reset_token_received,
StatelessResetToken* stateless_reset_token) {
QUICHE_DCHECK(perspective_ == Perspective::IS_SERVER);
if (peer_issued_cid_manager_ == nullptr ||
server_connection_id == default_path.server_connection_id) {
*client_connection_id = default_path.client_connection_id;
*stateless_reset_token_received =
default_path.stateless_reset_token_received;
*stateless_reset_token = default_path.stateless_reset_token;
return;
}
if (server_connection_id == alternative_path_.server_connection_id) {
*client_connection_id = alternative_path.client_connection_id;
*stateless_reset_token_received =
alternative_path.stateless_reset_token_received;
*stateless_reset_token = alternative_path.stateless_reset_token;
return;
}
if (!connection_migration_use_new_cid_) {
QUIC_BUG(quic_bug_46004) << "Cannot find matching connection ID.";
return;
}
auto* connection_id_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
if (connection_id_data == nullptr) {
return;
}
*client_connection_id = connection_id_data->connection_id;
*stateless_reset_token = connection_id_data->stateless_reset_token;
*stateless_reset_token_received = true;
}
bool QuicConnection::FindOnPathConnectionIds(
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
QuicConnectionId* client_connection_id,
QuicConnectionId* server_connection_id) const {
if (IsDefaultPath(self_address, peer_address)) {
*client_connection_id = default_path_.client_connection_id,
*server_connection_id = default_path_.server_connection_id;
return true;
}
if (IsAlternativePath(self_address, peer_address)) {
*client_connection_id = alternative_path_.client_connection_id,
*server_connection_id = alternative_path_.server_connection_id;
return true;
}
return false;
}
void QuicConnection::SetDefaultPathState(PathState new_path_state) {
default_path_ = std::move(new_path_state);
if (connection_migration_use_new_cid_) {
packet_creator_.SetClientConnectionId(default_path_.client_connection_id);
packet_creator_.SetServerConnectionId(default_path_.server_connection_id);
}
}
bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
if (perspective_ == Perspective::IS_CLIENT && version().HasIetfQuicFrames() &&
direct_peer_address_.IsInitialized() &&
last_received_packet_info_.source_address.IsInitialized() &&
direct_peer_address_ != last_received_packet_info_.source_address &&
!visitor_->IsKnownServerAddress(
last_received_packet_info_.source_address)) {
// TODO(haoyuewang) Revisit this when preferred_address transport parameter
// is used on the client side.
// Discard packets received from unseen server addresses.
return false;
}
if (perspective_ == Perspective::IS_SERVER &&
default_path_.self_address.IsInitialized() &&
last_received_packet_info_.destination_address.IsInitialized() &&
default_path_.self_address !=
last_received_packet_info_.destination_address) {
// Allow change between pure IPv4 and equivalent mapped IPv4 address.
if (default_path_.self_address.port() !=
last_received_packet_info_.destination_address.port() ||
default_path_.self_address.host().Normalized() !=
last_received_packet_info_.destination_address.host()
.Normalized()) {
if (!visitor_->AllowSelfAddressChange()) {
CloseConnection(
QUIC_ERROR_MIGRATING_ADDRESS,
"Self address migration is not supported at the server.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return false;
}
}
default_path_.self_address = last_received_packet_info_.destination_address;
}
if (PacketCanReplaceServerConnectionId(header, perspective_) &&
default_path_.server_connection_id != header.source_connection_id) {
QUICHE_DCHECK_EQ(header.long_packet_type, INITIAL);
if (server_connection_id_replaced_by_initial_) {
QUIC_DLOG(ERROR) << ENDPOINT << "Refusing to replace connection ID "
<< default_path_.server_connection_id << " with "
<< header.source_connection_id;
return false;
}
server_connection_id_replaced_by_initial_ = true;
QUIC_DLOG(INFO) << ENDPOINT << "Replacing connection ID "
<< default_path_.server_connection_id << " with "
<< header.source_connection_id;
if (!original_destination_connection_id_.has_value()) {
original_destination_connection_id_ = default_path_.server_connection_id;
}
ReplaceInitialServerConnectionId(header.source_connection_id);
}
if (!ValidateReceivedPacketNumber(header.packet_number)) {
return false;
}
if (!version_negotiated_) {
if (perspective_ == Perspective::IS_CLIENT) {
QUICHE_DCHECK(!header.version_flag || header.form != GOOGLE_QUIC_PACKET);
if (!version().HasIetfInvariantHeader()) {
// If the client gets a packet without the version flag from the server
// it should stop sending version since the version negotiation is done.
// IETF QUIC stops sending version once encryption level switches to
// forward secure.
packet_creator_.StopSendingVersion();
}
version_negotiated_ = true;
OnSuccessfulVersionNegotiation();
}
}
if (last_size_ > largest_received_packet_size_) {
largest_received_packet_size_ = last_size_;
}
if (perspective_ == Perspective::IS_SERVER &&
encryption_level_ == ENCRYPTION_INITIAL &&
last_size_ > packet_creator_.max_packet_length()) {
SetMaxPacketLength(last_size_);
}
return true;
}
bool QuicConnection::ValidateReceivedPacketNumber(
QuicPacketNumber packet_number) {
// If this packet has already been seen, or the sender has told us that it
// will not be retransmitted, then stop processing the packet.
if (!uber_received_packet_manager_.IsAwaitingPacket(
last_decrypted_packet_level_, packet_number)) {
QUIC_DLOG(INFO) << ENDPOINT << "Packet " << packet_number
<< " no longer being waited for at level "
<< static_cast<int>(last_decrypted_packet_level_)
<< ". Discarding.";
if (debug_visitor_ != nullptr) {
debug_visitor_->OnDuplicatePacket(packet_number);
}
return false;
}
return true;
}
void QuicConnection::WriteQueuedPackets() {
QUICHE_DCHECK(!writer_->IsWriteBlocked());
QUIC_CLIENT_HISTOGRAM_COUNTS("QuicSession.NumQueuedPacketsBeforeWrite",
buffered_packets_.size(), 1, 1000, 50, "");
while (!buffered_packets_.empty()) {
if (HandleWriteBlocked()) {
break;
}
const BufferedPacket& packet = buffered_packets_.front();
WriteResult result = writer_->WritePacket(
packet.encrypted_buffer.data(), packet.encrypted_buffer.length(),
packet.self_address.host(), packet.peer_address, per_packet_options_);
QUIC_DVLOG(1) << ENDPOINT << "Sending buffered packet, result: " << result;
if (IsMsgTooBig(result) &&
packet.encrypted_buffer.length() > long_term_mtu_) {
// When MSG_TOO_BIG is returned, the system typically knows what the
// actual MTU is, so there is no need to probe further.
// TODO(wub): Reduce max packet size to a safe default, or the actual MTU.
mtu_discoverer_.Disable();
mtu_discovery_alarm_->Cancel();
buffered_packets_.pop_front();
continue;
}
if (IsWriteError(result.status)) {
OnWriteError(result.error_code);
break;
}
if (result.status == WRITE_STATUS_OK ||
result.status == WRITE_STATUS_BLOCKED_DATA_BUFFERED) {
buffered_packets_.pop_front();
}
if (IsWriteBlockedStatus(result.status)) {
visitor_->OnWriteBlocked();
break;
}
}
}
void QuicConnection::SendProbingRetransmissions() {
while (sent_packet_manager_.GetSendAlgorithm()->ShouldSendProbingPacket() &&
CanWrite(HAS_RETRANSMITTABLE_DATA)) {
if (!visitor_->SendProbingData()) {
QUIC_DVLOG(1)
<< "Cannot send probing retransmissions: nothing to retransmit.";
break;
}
}
}
void QuicConnection::MarkZeroRttPacketsForRetransmission(int reject_reason) {
sent_packet_manager_.MarkZeroRttPacketsForRetransmission();
if (debug_visitor_ != nullptr && version().UsesTls()) {
debug_visitor_->OnZeroRttRejected(reject_reason);
}
}
void QuicConnection::NeuterUnencryptedPackets() {
sent_packet_manager_.NeuterUnencryptedPackets();
// This may have changed the retransmission timer, so re-arm it.
SetRetransmissionAlarm();
if (default_enable_5rto_blackhole_detection_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_default_enable_5rto_blackhole_detection2,
1, 3);
// Consider this as forward progress since this is called when initial key
// gets discarded (or previous unencrypted data is not needed anymore).
OnForwardProgressMade();
}
if (SupportsMultiplePacketNumberSpaces()) {
// Stop sending ack of initial packet number space.
uber_received_packet_manager_.ResetAckStates(ENCRYPTION_INITIAL);
// Re-arm ack alarm.
ack_alarm_->Update(uber_received_packet_manager_.GetEarliestAckTimeout(),
kAlarmGranularity);
}
}
bool QuicConnection::ShouldGeneratePacket(
HasRetransmittableData retransmittable,
IsHandshake handshake) {
QUICHE_DCHECK(handshake != IS_HANDSHAKE ||
QuicVersionUsesCryptoFrames(transport_version()))
<< ENDPOINT
<< "Handshake in STREAM frames should not check ShouldGeneratePacket";
if (support_multiple_connection_ids_ && peer_issued_cid_manager_ != nullptr &&
packet_creator_.GetDestinationConnectionId().IsEmpty()) {
QUIC_CODE_COUNT(quic_generate_packet_blocked_by_no_connection_id);
QUIC_BUG_IF(quic_bug_90265_1, perspective_ == Perspective::IS_CLIENT);
QUIC_DLOG(INFO) << ENDPOINT
<< "There is no destination connection ID available to "
"generate packet.";
return false;
}
if (!count_bytes_on_alternative_path_separately_) {
return CanWrite(retransmittable);
}
QUIC_CODE_COUNT_N(quic_count_bytes_on_alternative_path_seperately, 4, 5);
if (IsDefaultPath(default_path_.self_address,
packet_creator_.peer_address())) {
return CanWrite(retransmittable);
}
// This is checking on the alternative path with a different peer address. The
// self address and the writer used are the same as the default path. In the
// case of different self address and writer, writing packet would use a
// differnt code path without checking the states of the default writer.
return connected_ && !HandleWriteBlocked();
}
const QuicFrames QuicConnection::MaybeBundleAckOpportunistically() {
if (!ack_frequency_sent_ && sent_packet_manager_.CanSendAckFrequency()) {
if (packet_creator_.NextSendingPacketNumber() >=
FirstSendingPacketNumber() + kMinReceivedBeforeAckDecimation) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_can_send_ack_frequency, 3, 3);
ack_frequency_sent_ = true;
auto frame = sent_packet_manager_.GetUpdatedAckFrequencyFrame();
visitor_->SendAckFrequency(frame);
}
}
QuicFrames frames;
const bool has_pending_ack =
uber_received_packet_manager_
.GetAckTimeout(QuicUtils::GetPacketNumberSpace(encryption_level_))
.IsInitialized();
if (!has_pending_ack && stop_waiting_count_ <= 1) {
// No need to send an ACK.
return frames;
}
ResetAckStates();
QUIC_DVLOG(1) << ENDPOINT << "Bundle an ACK opportunistically";
QuicFrame updated_ack_frame = GetUpdatedAckFrame();
QUIC_BUG_IF(quic_bug_12714_23, updated_ack_frame.ack_frame->packets.Empty())
<< ENDPOINT << "Attempted to opportunistically bundle an empty "
<< encryption_level_ << " ACK, " << (has_pending_ack ? "" : "!")
<< "has_pending_ack, stop_waiting_count_ " << stop_waiting_count_;
frames.push_back(updated_ack_frame);
if (!no_stop_waiting_frames_) {
QuicStopWaitingFrame stop_waiting;
PopulateStopWaitingFrame(&stop_waiting);
frames.push_back(QuicFrame(stop_waiting));
}
return frames;
}
bool QuicConnection::CanWrite(HasRetransmittableData retransmittable) {
if (!connected_) {
return false;
}
if (fill_coalesced_packet_) {
// Try to coalesce packet, only allow to write when creator is on soft max
// packet length. Given the next created packet is going to fill current
// coalesced packet, do not check amplification factor.
return packet_creator_.HasSoftMaxPacketLength();
}
if (LimitedByAmplificationFactor()) {
// Server is constrained by the amplification restriction.
QUIC_CODE_COUNT(quic_throttled_by_amplification_limit);
QUIC_DVLOG(1) << ENDPOINT
<< "Constrained by amplification restriction to peer address "
<< default_path_.peer_address << " bytes received "
<< default_path_.bytes_received_before_address_validation
<< ", bytes sent"
<< default_path_.bytes_sent_before_address_validation;
++stats_.num_amplification_throttling;
return false;
}
if (sent_packet_manager_.pending_timer_transmission_count() > 0) {
// Force sending the retransmissions for HANDSHAKE, TLP, RTO, PROBING cases.
return true;
}
if (HandleWriteBlocked()) {
return false;
}
// Allow acks and probing frames to be sent immediately.
if (retransmittable == NO_RETRANSMITTABLE_DATA) {
return true;
}
// If the send alarm is set, wait for it to fire.
if (send_alarm_->IsSet()) {
return false;
}
QuicTime now = clock_->Now();
QuicTime::Delta delay = sent_packet_manager_.TimeUntilSend(now);
if (delay.IsInfinite()) {
send_alarm_->Cancel();
return false;
}
// Scheduler requires a delay.
if (!delay.IsZero()) {
if (delay <= release_time_into_future_) {
// Required delay is within pace time into future, send now.
return true;
}
// Cannot send packet now because delay is too far in the future.
send_alarm_->Update(now + delay, kAlarmGranularity);
QUIC_DVLOG(1) << ENDPOINT << "Delaying sending " << delay.ToMilliseconds()
<< "ms";
return false;
}
return true;
}
QuicTime QuicConnection::CalculatePacketSentTime() {
const QuicTime now = clock_->Now();
if (!supports_release_time_ || per_packet_options_ == nullptr) {
// Don't change the release delay.
return now;
}
auto next_release_time_result = sent_packet_manager_.GetNextReleaseTime();
// Release before |now| is impossible.
QuicTime next_release_time =
std::max(now, next_release_time_result.release_time);
per_packet_options_->release_time_delay = next_release_time - now;
per_packet_options_->allow_burst = next_release_time_result.allow_burst;
return next_release_time;
}
bool QuicConnection::WritePacket(SerializedPacket* packet) {
if (sent_packet_manager_.GetLargestSentPacket().IsInitialized() &&
packet->packet_number < sent_packet_manager_.GetLargestSentPacket()) {
QUIC_BUG(quic_bug_10511_23)
<< "Attempt to write packet:" << packet->packet_number
<< " after:" << sent_packet_manager_.GetLargestSentPacket();
CloseConnection(QUIC_INTERNAL_ERROR, "Packet written out of order.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return true;
}
const bool is_mtu_discovery = QuicUtils::ContainsFrameType(
packet->nonretransmittable_frames, MTU_DISCOVERY_FRAME);
const SerializedPacketFate fate = packet->fate;
// Termination packets are encrypted and saved, so don't exit early.
QuicErrorCode error_code = QUIC_NO_ERROR;
const bool is_termination_packet = IsTerminationPacket(*packet, &error_code);
QuicPacketNumber packet_number = packet->packet_number;
QuicPacketLength encrypted_length = packet->encrypted_length;
// Termination packets are eventually owned by TimeWaitListManager.
// Others are deleted at the end of this call.
if (is_termination_packet) {
if (termination_packets_ == nullptr) {
termination_packets_.reset(
new std::vector<std::unique_ptr<QuicEncryptedPacket>>);
}
// Copy the buffer so it's owned in the future.
char* buffer_copy = CopyBuffer(*packet);
termination_packets_->emplace_back(
new QuicEncryptedPacket(buffer_copy, encrypted_length, true));
if (error_code == QUIC_SILENT_IDLE_TIMEOUT) {
QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
// TODO(fayang): populate histogram indicating the time elapsed from this
// connection gets closed to following client packets get received.
QUIC_DVLOG(1) << ENDPOINT
<< "Added silent connection close to termination packets, "
"num of termination packets: "
<< termination_packets_->size();
return true;
}
}
QUICHE_DCHECK_LE(encrypted_length, kMaxOutgoingPacketSize);
QUICHE_DCHECK(is_mtu_discovery ||
encrypted_length <= packet_creator_.max_packet_length())
<< " encrypted_length=" << encrypted_length
<< " > packet_creator max_packet_length="
<< packet_creator_.max_packet_length();
QUIC_DVLOG(1) << ENDPOINT << "Sending packet " << packet_number << " : "
<< (IsRetransmittable(*packet) == HAS_RETRANSMITTABLE_DATA
? "data bearing "
: " ack or probing only ")
<< ", encryption level: " << packet->encryption_level
<< ", encrypted length:" << encrypted_length
<< ", fate: " << fate << " to peer " << packet->peer_address;
QUIC_DVLOG(2) << ENDPOINT << packet->encryption_level << " packet number "
<< packet_number << " of length " << encrypted_length << ": "
<< std::endl
<< quiche::QuicheTextUtils::HexDump(absl::string_view(
packet->encrypted_buffer, encrypted_length));
// Measure the RTT from before the write begins to avoid underestimating the
// min_rtt_, especially in cases where the thread blocks or gets swapped out
// during the WritePacket below.
QuicTime packet_send_time = CalculatePacketSentTime();
WriteResult result(WRITE_STATUS_OK, encrypted_length);
QuicSocketAddress send_to_address =
(send_path_response_) ? packet->peer_address : peer_address();
// Self address is always the default self address on this code path.
bool send_on_current_path = send_to_address == peer_address();
switch (fate) {
case DISCARD:
++stats_.packets_discarded;
return true;
case COALESCE:
QUIC_BUG_IF(quic_bug_12714_24,
!version().CanSendCoalescedPackets() || coalescing_done_);
if (!coalesced_packet_.MaybeCoalescePacket(
*packet, self_address(), send_to_address,
helper_->GetStreamSendBufferAllocator(),
packet_creator_.max_packet_length())) {
// Failed to coalesce packet, flush current coalesced packet.
if (!FlushCoalescedPacket()) {
// Failed to flush coalesced packet, write error has been handled.
return false;
}
if (!coalesced_packet_.MaybeCoalescePacket(
*packet, self_address(), send_to_address,
helper_->GetStreamSendBufferAllocator(),
packet_creator_.max_packet_length())) {
// Failed to coalesce packet even it is the only packet, raise a write
// error.
QUIC_DLOG(ERROR) << ENDPOINT << "Failed to coalesce packet";
result.error_code = WRITE_STATUS_FAILED_TO_COALESCE_PACKET;
break;
}
}
if (coalesced_packet_.length() < coalesced_packet_.max_packet_length()) {
QUIC_DVLOG(1) << ENDPOINT << "Trying to set soft max packet length to "
<< coalesced_packet_.max_packet_length() -
coalesced_packet_.length();
packet_creator_.SetSoftMaxPacketLength(
coalesced_packet_.max_packet_length() - coalesced_packet_.length());
}
break;
case BUFFER:
QUIC_DVLOG(1) << ENDPOINT << "Adding packet: " << packet->packet_number
<< " to buffered packets";
buffered_packets_.emplace_back(*packet, self_address(), send_to_address);
break;
case SEND_TO_WRITER:
// Stop using coalescer from now on.
coalescing_done_ = true;
// At this point, packet->release_encrypted_buffer is either nullptr,
// meaning |packet->encrypted_buffer| is a stack buffer, or not-nullptr,
/// meaning it's a writer-allocated buffer. Note that connectivity probing
// packets do not use this function, so setting release_encrypted_buffer
// to nullptr will not cause probing packets to be leaked.
//
// writer_->WritePacket transfers buffer ownership back to the writer.
packet->release_encrypted_buffer = nullptr;
result = writer_->WritePacket(packet->encrypted_buffer, encrypted_length,
self_address().host(), send_to_address,
per_packet_options_);
// This is a work around for an issue with linux UDP GSO batch writers.
// When sending a GSO packet with 2 segments, if the first segment is
// larger than the path MTU, instead of EMSGSIZE, the linux kernel returns
// EINVAL, which translates to WRITE_STATUS_ERROR and causes conneciton to
// be closed. By manually flush the writer here, the MTU probe is sent in
// a normal(non-GSO) packet, so the kernel can return EMSGSIZE and we will
// not close the connection.
if (is_mtu_discovery && writer_->IsBatchMode()) {
result = writer_->Flush();
}
break;
case LEGACY_VERSION_ENCAPSULATE: {
QUICHE_DCHECK(!is_mtu_discovery);
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
QUICHE_DCHECK_EQ(packet->encryption_level, ENCRYPTION_INITIAL);
QUICHE_DCHECK(legacy_version_encapsulation_enabled_);
QUICHE_DCHECK(legacy_version_encapsulation_in_progress_);
QuicPacketLength encapsulated_length =
QuicLegacyVersionEncapsulator::Encapsulate(
legacy_version_encapsulation_sni_,
absl::string_view(packet->encrypted_buffer,
packet->encrypted_length),
default_path_.server_connection_id, framer_.creation_time(),
GetLimitedMaxPacketSize(long_term_mtu_),
const_cast<char*>(packet->encrypted_buffer));
if (encapsulated_length != 0) {
stats_.sent_legacy_version_encapsulated_packets++;
packet->encrypted_length = encapsulated_length;
encrypted_length = encapsulated_length;
QUIC_DVLOG(2)
<< ENDPOINT
<< "Successfully performed Legacy Version Encapsulation on "
<< packet->encryption_level << " packet number " << packet_number
<< " of length " << encrypted_length << ": " << std::endl
<< quiche::QuicheTextUtils::HexDump(absl::string_view(
packet->encrypted_buffer, encrypted_length));
} else {
QUIC_BUG(quic_bug_10511_24)
<< ENDPOINT << "Failed to perform Legacy Version Encapsulation on "
<< packet->encryption_level << " packet number " << packet_number
<< " of length " << encrypted_length;
}
if (!buffered_packets_.empty() || HandleWriteBlocked()) {
// Buffer the packet.
buffered_packets_.emplace_back(*packet, self_address(),
send_to_address);
} else { // Send the packet to the writer.
// writer_->WritePacket transfers buffer ownership back to the writer.
packet->release_encrypted_buffer = nullptr;
result = writer_->WritePacket(packet->encrypted_buffer,
encrypted_length, self_address().host(),
send_to_address, per_packet_options_);
}
} break;
default:
QUICHE_DCHECK(false);
break;
}
QUIC_HISTOGRAM_ENUM(
"QuicConnection.WritePacketStatus", result.status,
WRITE_STATUS_NUM_VALUES,
"Status code returned by writer_->WritePacket() in QuicConnection.");
if (IsWriteBlockedStatus(result.status)) {
// Ensure the writer is still write blocked, otherwise QUIC may continue
// trying to write when it will not be able to.
QUICHE_DCHECK(writer_->IsWriteBlocked());
visitor_->OnWriteBlocked();
// If the socket buffers the data, then the packet should not
// be queued and sent again, which would result in an unnecessary
// duplicate packet being sent. The helper must call OnCanWrite
// when the write completes, and OnWriteError if an error occurs.
if (result.status != WRITE_STATUS_BLOCKED_DATA_BUFFERED) {
QUIC_DVLOG(1) << ENDPOINT << "Adding packet: " << packet->packet_number
<< " to buffered packets";
buffered_packets_.emplace_back(*packet, self_address(), send_to_address);
}
}
// In some cases, an MTU probe can cause EMSGSIZE. This indicates that the
// MTU discovery is permanently unsuccessful.
if (IsMsgTooBig(result)) {
if (is_mtu_discovery) {
// When MSG_TOO_BIG is returned, the system typically knows what the
// actual MTU is, so there is no need to probe further.
// TODO(wub): Reduce max packet size to a safe default, or the actual MTU.
QUIC_DVLOG(1) << ENDPOINT
<< " MTU probe packet too big, size:" << encrypted_length
<< ", long_term_mtu_:" << long_term_mtu_;
mtu_discoverer_.Disable();
mtu_discovery_alarm_->Cancel();
// The write failed, but the writer is not blocked, so return true.
return true;
}
if (use_path_validator_ && !send_on_current_path) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_pass_path_response_to_validator, 2, 4);
// Only handle MSG_TOO_BIG as error on current path.
return true;
}
}
if (IsWriteError(result.status)) {
QUIC_LOG_FIRST_N(ERROR, 10)
<< ENDPOINT << "Failed writing packet " << packet_number << " of "
<< encrypted_length << " bytes from " << self_address().host() << " to "
<< send_to_address << ", with error code " << result.error_code
<< ". long_term_mtu_:" << long_term_mtu_
<< ", previous_validated_mtu_:" << previous_validated_mtu_
<< ", max_packet_length():" << max_packet_length()
<< ", is_mtu_discovery:" << is_mtu_discovery;
if (MaybeRevertToPreviousMtu()) {
return true;
}
OnWriteError(result.error_code);
return false;
}
if (result.status == WRITE_STATUS_OK) {
// packet_send_time is the ideal send time, if allow_burst is true, writer
// may have sent it earlier than that.
packet_send_time = packet_send_time + result.send_time_offset;
}
if (IsRetransmittable(*packet) == HAS_RETRANSMITTABLE_DATA &&
!is_termination_packet) {
// Start blackhole/path degrading detections if the sent packet is not
// termination packet and contains retransmittable data.
// Do not restart detection if detection is in progress indicating no
// forward progress has been made since last event (i.e., packet was sent
// or new packets were acknowledged).
if (!blackhole_detector_.IsDetectionInProgress()) {
// Try to start detections if no detection in progress. This could
// because either both detections are inactive when sending last packet
// or this connection just gets out of quiescence.
blackhole_detector_.RestartDetection(GetPathDegradingDeadline(),
GetNetworkBlackholeDeadline(),
GetPathMtuReductionDeadline());
}
idle_network_detector_.OnPacketSent(packet_send_time,
sent_packet_manager_.GetPtoDelay());
}
MaybeSetMtuAlarm(packet_number);
QUIC_DVLOG(1) << ENDPOINT << "time we began writing last sent packet: "
<< packet_send_time.ToDebuggingValue();
if (!count_bytes_on_alternative_path_separately_) {
if (EnforceAntiAmplificationLimit()) {
// Include bytes sent even if they are not in flight.
default_path_.bytes_sent_before_address_validation += encrypted_length;
}
} else {
QUIC_CODE_COUNT_N(quic_count_bytes_on_alternative_path_seperately, 2, 5);
if (IsDefaultPath(default_path_.self_address, send_to_address)) {
if (EnforceAntiAmplificationLimit()) {
// Include bytes sent even if they are not in flight.
default_path_.bytes_sent_before_address_validation += encrypted_length;
}
} else {
MaybeUpdateBytesSentToAlternativeAddress(send_to_address,
encrypted_length);
}
}
// Do not measure rtt of this packet if it's not sent on current path.
QUIC_DLOG_IF(INFO, !send_on_current_path)
<< ENDPOINT << " Sent packet " << packet->packet_number
<< " on a different path with remote address " << send_to_address
<< " while current path has peer address " << peer_address();
const bool in_flight = sent_packet_manager_.OnPacketSent(
packet, packet_send_time, packet->transmission_type,
IsRetransmittable(*packet), /*measure_rtt=*/send_on_current_path);
QUIC_BUG_IF(quic_bug_12714_25,
default_enable_5rto_blackhole_detection_ &&
blackhole_detector_.IsDetectionInProgress() &&
!sent_packet_manager_.HasInFlightPackets())
<< ENDPOINT
<< "Trying to start blackhole detection without no bytes in flight";
if (debug_visitor_ != nullptr) {
if (sent_packet_manager_.unacked_packets().empty()) {
QUIC_BUG(quic_bug_10511_25)
<< "Unacked map is empty right after packet is sent";
} else {
debug_visitor_->OnPacketSent(
packet->packet_number, packet->encrypted_length,
packet->has_crypto_handshake, packet->transmission_type,
packet->encryption_level,
sent_packet_manager_.unacked_packets()
.rbegin()
->retransmittable_frames,
packet->nonretransmittable_frames, packet_send_time);
}
}
if (packet->encryption_level == ENCRYPTION_HANDSHAKE) {
handshake_packet_sent_ = true;
}
if (packet->encryption_level == ENCRYPTION_FORWARD_SECURE) {
if (!lowest_packet_sent_in_current_key_phase_.IsInitialized()) {
QUIC_DLOG(INFO) << ENDPOINT
<< "lowest_packet_sent_in_current_key_phase_ = "
<< packet_number;
lowest_packet_sent_in_current_key_phase_ = packet_number;
}
if (!is_termination_packet &&
MaybeHandleAeadConfidentialityLimits(*packet)) {
return true;
}
}
if (GetQuicReloadableFlag(
quic_donot_rearm_pto_on_application_data_during_handshake)) {
QUIC_RELOADABLE_FLAG_COUNT(
quic_donot_rearm_pto_on_application_data_during_handshake);
if (ShouldSetRetransmissionAlarmOnPacketSent(in_flight,
packet->encryption_level)) {
SetRetransmissionAlarm();
}
} else if (in_flight || !retransmission_alarm_->IsSet()) {
SetRetransmissionAlarm();
}
SetPingAlarm();
RetirePeerIssuedConnectionIdsNoLongerOnPath();
// The packet number length must be updated after OnPacketSent, because it
// may change the packet number length in packet.
packet_creator_.UpdatePacketNumberLength(
sent_packet_manager_.GetLeastPacketAwaitedByPeer(encryption_level_),
sent_packet_manager_.EstimateMaxPacketsInFlight(max_packet_length()));
stats_.bytes_sent += result.bytes_written;
++stats_.packets_sent;
if (packet->transmission_type != NOT_RETRANSMISSION) {
stats_.bytes_retransmitted += result.bytes_written;
++stats_.packets_retransmitted;
}
return true;
}
bool QuicConnection::MaybeHandleAeadConfidentialityLimits(
const SerializedPacket& packet) {
if (!version().UsesTls()) {
return false;
}
if (packet.encryption_level != ENCRYPTION_FORWARD_SECURE) {
QUIC_BUG(quic_bug_12714_26)
<< "MaybeHandleAeadConfidentialityLimits called on non 1-RTT packet";
return false;
}
if (!lowest_packet_sent_in_current_key_phase_.IsInitialized()) {
QUIC_BUG(quic_bug_10511_26)
<< "lowest_packet_sent_in_current_key_phase_ must be initialized "
"before calling MaybeHandleAeadConfidentialityLimits";
return false;
}
// Calculate the number of packets encrypted from the packet number, which is
// simpler than keeping another counter. The packet number space may be
// sparse, so this might overcount, but doing a key update earlier than
// necessary would only improve security and has negligible cost.
if (packet.packet_number < lowest_packet_sent_in_current_key_phase_) {
const std::string error_details =
absl::StrCat("packet_number(", packet.packet_number.ToString(),
") < lowest_packet_sent_in_current_key_phase_ (",
lowest_packet_sent_in_current_key_phase_.ToString(), ")");
QUIC_BUG(quic_bug_10511_27) << error_details;
CloseConnection(QUIC_INTERNAL_ERROR, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return true;
}
const QuicPacketCount num_packets_encrypted_in_current_key_phase =
packet.packet_number - lowest_packet_sent_in_current_key_phase_ + 1;
const QuicPacketCount confidentiality_limit =
framer_.GetOneRttEncrypterConfidentialityLimit();
// Attempt to initiate a key update before reaching the AEAD
// confidentiality limit when the number of packets sent in the current
// key phase gets within |kKeyUpdateConfidentialityLimitOffset| packets of
// the limit, unless overridden by
// FLAGS_quic_key_update_confidentiality_limit.
constexpr QuicPacketCount kKeyUpdateConfidentialityLimitOffset = 1000;
QuicPacketCount key_update_limit = 0;
if (confidentiality_limit > kKeyUpdateConfidentialityLimitOffset) {
key_update_limit =
confidentiality_limit - kKeyUpdateConfidentialityLimitOffset;
}
const QuicPacketCount key_update_limit_override =
GetQuicFlag(FLAGS_quic_key_update_confidentiality_limit);
if (key_update_limit_override) {
key_update_limit = key_update_limit_override;
}
QUIC_DVLOG(2) << ENDPOINT << "Checking AEAD confidentiality limits: "
<< "num_packets_encrypted_in_current_key_phase="
<< num_packets_encrypted_in_current_key_phase
<< " key_update_limit=" << key_update_limit
<< " confidentiality_limit=" << confidentiality_limit
<< " IsKeyUpdateAllowed()=" << IsKeyUpdateAllowed();
if (num_packets_encrypted_in_current_key_phase >= confidentiality_limit) {
// Reached the confidentiality limit without initiating a key update,
// must close the connection.
const std::string error_details = absl::StrCat(
"encrypter confidentiality limit reached: "
"num_packets_encrypted_in_current_key_phase=",
num_packets_encrypted_in_current_key_phase,
" key_update_limit=", key_update_limit,
" confidentiality_limit=", confidentiality_limit,
" IsKeyUpdateAllowed()=", IsKeyUpdateAllowed());
CloseConnection(QUIC_AEAD_LIMIT_REACHED, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return true;
}
if (IsKeyUpdateAllowed() &&
num_packets_encrypted_in_current_key_phase >= key_update_limit) {
// Approaching the confidentiality limit, initiate key update so that
// the next set of keys will be ready for the next packet before the
// limit is reached.
KeyUpdateReason reason = KeyUpdateReason::kLocalAeadConfidentialityLimit;
if (key_update_limit_override) {
QUIC_DLOG(INFO) << ENDPOINT
<< "reached FLAGS_quic_key_update_confidentiality_limit, "
"initiating key update: "
<< "num_packets_encrypted_in_current_key_phase="
<< num_packets_encrypted_in_current_key_phase
<< " key_update_limit=" << key_update_limit
<< " confidentiality_limit=" << confidentiality_limit;
reason = KeyUpdateReason::kLocalKeyUpdateLimitOverride;
} else {
QUIC_DLOG(INFO) << ENDPOINT
<< "approaching AEAD confidentiality limit, "
"initiating key update: "
<< "num_packets_encrypted_in_current_key_phase="
<< num_packets_encrypted_in_current_key_phase
<< " key_update_limit=" << key_update_limit
<< " confidentiality_limit=" << confidentiality_limit;
}
InitiateKeyUpdate(reason);
}
return false;
}
void QuicConnection::FlushPackets() {
if (!connected_) {
return;
}
if (!writer_->IsBatchMode()) {
return;
}
if (HandleWriteBlocked()) {
QUIC_DLOG(INFO) << ENDPOINT << "FlushPackets called while blocked.";
return;
}
WriteResult result = writer_->Flush();
QUIC_HISTOGRAM_ENUM("QuicConnection.FlushPacketStatus", result.status,
WRITE_STATUS_NUM_VALUES,
"Status code returned by writer_->Flush() in "
"QuicConnection::FlushPackets.");
if (HandleWriteBlocked()) {
QUICHE_DCHECK_EQ(WRITE_STATUS_BLOCKED, result.status)
<< "Unexpected flush result:" << result;
QUIC_DLOG(INFO) << ENDPOINT << "Write blocked in FlushPackets.";
return;
}
if (IsWriteError(result.status) && !MaybeRevertToPreviousMtu()) {
OnWriteError(result.error_code);
}
}
bool QuicConnection::IsMsgTooBig(const WriteResult& result) {
return (result.status == WRITE_STATUS_MSG_TOO_BIG) ||
(IsWriteError(result.status) && result.error_code == QUIC_EMSGSIZE);
}
bool QuicConnection::ShouldDiscardPacket(EncryptionLevel encryption_level) {
if (!connected_) {
QUIC_DLOG(INFO) << ENDPOINT
<< "Not sending packet as connection is disconnected.";
return true;
}
if (encryption_level_ == ENCRYPTION_FORWARD_SECURE &&
encryption_level == ENCRYPTION_INITIAL) {
// Drop packets that are NULL encrypted since the peer won't accept them
// anymore.
QUIC_DLOG(INFO) << ENDPOINT
<< "Dropping NULL encrypted packet since the connection is "
"forward secure.";
return true;
}
return false;
}
QuicTime QuicConnection::GetPathMtuReductionDeadline() const {
if (previous_validated_mtu_ == 0) {
return QuicTime::Zero();
}
QuicTime::Delta delay = sent_packet_manager_.GetMtuReductionDelay(
num_rtos_for_blackhole_detection_);
if (delay.IsZero()) {
return QuicTime::Zero();
}
return clock_->ApproximateNow() + delay;
}
bool QuicConnection::MaybeRevertToPreviousMtu() {
if (previous_validated_mtu_ == 0) {
return false;
}
SetMaxPacketLength(previous_validated_mtu_);
mtu_discoverer_.Disable();
mtu_discovery_alarm_->Cancel();
previous_validated_mtu_ = 0;
return true;
}
void QuicConnection::OnWriteError(int error_code) {
if (write_error_occurred_) {
// A write error already occurred. The connection is being closed.
return;
}
write_error_occurred_ = true;
const std::string error_details = absl::StrCat(
"Write failed with error: ", error_code, " (", strerror(error_code), ")");
QUIC_LOG_FIRST_N(ERROR, 2) << ENDPOINT << error_details;
switch (error_code) {
case QUIC_EMSGSIZE:
CloseConnection(QUIC_PACKET_WRITE_ERROR, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
break;
default:
// We can't send an error as the socket is presumably borked.
if (version().HasIetfInvariantHeader()) {
QUIC_CODE_COUNT(quic_tear_down_local_connection_on_write_error_ietf);
} else {
QUIC_CODE_COUNT(
quic_tear_down_local_connection_on_write_error_non_ietf);
}
CloseConnection(QUIC_PACKET_WRITE_ERROR, error_details,
ConnectionCloseBehavior::SILENT_CLOSE);
}
}
QuicPacketBuffer QuicConnection::GetPacketBuffer() {
if (version().CanSendCoalescedPackets() && !coalescing_done_) {
// Do not use writer's packet buffer for coalesced packets which may
// contain multiple QUIC packets.
return {nullptr, nullptr};
}
return writer_->GetNextWriteLocation(self_address().host(), peer_address());
}
void QuicConnection::OnSerializedPacket(SerializedPacket serialized_packet) {
if (serialized_packet.encrypted_buffer == nullptr) {
// We failed to serialize the packet, so close the connection.
// Specify that the close is silent, that no packet be sent, so no infinite
// loop here.
// TODO(ianswett): This is actually an internal error, not an
// encryption failure.
if (version().HasIetfInvariantHeader()) {
QUIC_CODE_COUNT(
quic_tear_down_local_connection_on_serialized_packet_ietf);
} else {
QUIC_CODE_COUNT(
quic_tear_down_local_connection_on_serialized_packet_non_ietf);
}
CloseConnection(QUIC_ENCRYPTION_FAILURE,
"Serialized packet does not have an encrypted buffer.",
ConnectionCloseBehavior::SILENT_CLOSE);
return;
}
if (serialized_packet.retransmittable_frames.empty()) {
// Increment consecutive_num_packets_with_no_retransmittable_frames_ if
// this packet is a new transmission with no retransmittable frames.
++consecutive_num_packets_with_no_retransmittable_frames_;
} else {
consecutive_num_packets_with_no_retransmittable_frames_ = 0;
}
SendOrQueuePacket(std::move(serialized_packet));
}
void QuicConnection::OnUnrecoverableError(QuicErrorCode error,
const std::string& error_details) {
// The packet creator or generator encountered an unrecoverable error: tear
// down local connection state immediately.
if (version().HasIetfInvariantHeader()) {
QUIC_CODE_COUNT(
quic_tear_down_local_connection_on_unrecoverable_error_ietf);
} else {
QUIC_CODE_COUNT(
quic_tear_down_local_connection_on_unrecoverable_error_non_ietf);
}
CloseConnection(error, error_details, ConnectionCloseBehavior::SILENT_CLOSE);
}
void QuicConnection::OnCongestionChange() {
visitor_->OnCongestionWindowChange(clock_->ApproximateNow());
// Uses the connection's smoothed RTT. If zero, uses initial_rtt.
QuicTime::Delta rtt = sent_packet_manager_.GetRttStats()->smoothed_rtt();
if (rtt.IsZero()) {
rtt = sent_packet_manager_.GetRttStats()->initial_rtt();
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnRttChanged(rtt);
}
}
void QuicConnection::OnPathMtuIncreased(QuicPacketLength packet_size) {
if (packet_size > max_packet_length()) {
previous_validated_mtu_ = max_packet_length();
SetMaxPacketLength(packet_size);
mtu_discoverer_.OnMaxPacketLengthUpdated(previous_validated_mtu_,
max_packet_length());
}
}
std::unique_ptr<QuicSelfIssuedConnectionIdManager>
QuicConnection::MakeSelfIssuedConnectionIdManager() {
QUICHE_DCHECK((perspective_ == Perspective::IS_CLIENT &&
!default_path_.client_connection_id.IsEmpty()) ||
(perspective_ == Perspective::IS_SERVER &&
!default_path_.server_connection_id.IsEmpty()));
return std::make_unique<QuicSelfIssuedConnectionIdManager>(
kMinNumOfActiveConnectionIds,
perspective_ == Perspective::IS_CLIENT
? default_path_.client_connection_id
: default_path_.server_connection_id,
clock_, alarm_factory_, this);
}
void QuicConnection::MaybeSendConnectionIdToClient() {
if (perspective_ == Perspective::IS_CLIENT) {
return;
}
QUICHE_DCHECK(self_issued_cid_manager_ != nullptr);
self_issued_cid_manager_->MaybeSendNewConnectionIds();
}
void QuicConnection::OnHandshakeComplete() {
sent_packet_manager_.SetHandshakeConfirmed();
if (connection_migration_use_new_cid_ &&
perspective_ == Perspective::IS_SERVER &&
self_issued_cid_manager_ != nullptr) {
self_issued_cid_manager_->MaybeSendNewConnectionIds();
}
if (send_ack_frequency_on_handshake_completion_ &&
sent_packet_manager_.CanSendAckFrequency()) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_can_send_ack_frequency, 2, 3);
auto ack_frequency_frame =
sent_packet_manager_.GetUpdatedAckFrequencyFrame();
// This AckFrequencyFrame is meant to only update the max_ack_delay. Set
// packet tolerance to the default value for now.
ack_frequency_frame.packet_tolerance =
kDefaultRetransmittablePacketsBeforeAck;
visitor_->SendAckFrequency(ack_frequency_frame);
if (!connected_) {
return;
}
}
// This may have changed the retransmission timer, so re-arm it.
SetRetransmissionAlarm();
if (default_enable_5rto_blackhole_detection_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_default_enable_5rto_blackhole_detection2,
2, 3);
OnForwardProgressMade();
}
if (!SupportsMultiplePacketNumberSpaces()) {
// The client should immediately ack the SHLO to confirm the handshake is
// complete with the server.
if (perspective_ == Perspective::IS_CLIENT && ack_frame_updated()) {
ack_alarm_->Update(clock_->ApproximateNow(), QuicTime::Delta::Zero());
}
return;
}
// Stop sending ack of handshake packet number space.
uber_received_packet_manager_.ResetAckStates(ENCRYPTION_HANDSHAKE);
// Re-arm ack alarm.
ack_alarm_->Update(uber_received_packet_manager_.GetEarliestAckTimeout(),
kAlarmGranularity);
}
void QuicConnection::SendOrQueuePacket(SerializedPacket packet) {
// The caller of this function is responsible for checking CanWrite().
WritePacket(&packet);
}
void QuicConnection::OnPingTimeout() {
if (retransmission_alarm_->IsSet() ||
!visitor_->ShouldKeepConnectionAlive()) {
return;
}
SendPingAtLevel(use_encryption_level_context_
? framer().GetEncryptionLevelToSendApplicationData()
: encryption_level_);
}
void QuicConnection::SendAck() {
QUICHE_DCHECK(!SupportsMultiplePacketNumberSpaces());
QUIC_DVLOG(1) << ENDPOINT << "Sending an ACK proactively";
QuicFrames frames;
frames.push_back(GetUpdatedAckFrame());
if (!no_stop_waiting_frames_) {
QuicStopWaitingFrame stop_waiting;
PopulateStopWaitingFrame(&stop_waiting);
frames.push_back(QuicFrame(stop_waiting));
}
if (!packet_creator_.FlushAckFrame(frames)) {
return;
}
ResetAckStates();
if (!ShouldBundleRetransmittableFrameWithAck()) {
return;
}
consecutive_num_packets_with_no_retransmittable_frames_ = 0;
if (packet_creator_.HasPendingRetransmittableFrames() ||
visitor_->WillingAndAbleToWrite()) {
// There are pending retransmittable frames.
return;
}
visitor_->OnAckNeedsRetransmittableFrame();
}
void QuicConnection::OnRetransmissionTimeout() {
ScopedRetransmissionTimeoutIndicator indicator(this);
#ifndef NDEBUG
if (sent_packet_manager_.unacked_packets().empty()) {
QUICHE_DCHECK(sent_packet_manager_.handshake_mode_disabled());
QUICHE_DCHECK(!IsHandshakeComplete());
}
#endif
if (!connected_) {
return;
}
QuicPacketNumber previous_created_packet_number =
packet_creator_.packet_number();
const auto retransmission_mode =
sent_packet_manager_.OnRetransmissionTimeout();
if (sent_packet_manager_.skip_packet_number_for_pto() &&
retransmission_mode == QuicSentPacketManager::PTO_MODE &&
sent_packet_manager_.pending_timer_transmission_count() == 1) {
// Skip a packet number when a single PTO packet is sent to elicit an
// immediate ACK.
const QuicPacketCount num_packet_numbers_to_skip = 1;
packet_creator_.SkipNPacketNumbers(
num_packet_numbers_to_skip,
sent_packet_manager_.GetLeastPacketAwaitedByPeer(encryption_level_),
sent_packet_manager_.EstimateMaxPacketsInFlight(max_packet_length()));
previous_created_packet_number += num_packet_numbers_to_skip;
if (debug_visitor_ != nullptr) {
debug_visitor_->OnNPacketNumbersSkipped(num_packet_numbers_to_skip,
clock_->Now());
}
}
if (default_enable_5rto_blackhole_detection_ &&
!sent_packet_manager_.HasInFlightPackets() &&
blackhole_detector_.IsDetectionInProgress()) {
// Stop detection in quiescence.
QUICHE_DCHECK_EQ(QuicSentPacketManager::LOSS_MODE, retransmission_mode);
blackhole_detector_.StopDetection();
}
WriteIfNotBlocked();
// A write failure can result in the connection being closed, don't attempt to
// write further packets, or to set alarms.
if (!connected_) {
return;
}
// In the PTO and TLP cases, the SentPacketManager gives the connection the
// opportunity to send new data before retransmitting.
if (sent_packet_manager_.pto_enabled()) {
sent_packet_manager_.MaybeSendProbePackets();
} else if (sent_packet_manager_.MaybeRetransmitTailLossProbe()) {
// Send the pending retransmission now that it's been queued.
WriteIfNotBlocked();
}
if (packet_creator_.packet_number() == previous_created_packet_number &&
(retransmission_mode == QuicSentPacketManager::TLP_MODE ||
retransmission_mode == QuicSentPacketManager::RTO_MODE ||
retransmission_mode == QuicSentPacketManager::PTO_MODE) &&
!visitor_->WillingAndAbleToWrite()) {
// Send PING if timer fires in TLP/RTO/PTO mode but there is no data to
// send.
QUIC_DLOG(INFO) << ENDPOINT
<< "No packet gets sent when timer fires in mode "
<< retransmission_mode << ", send PING";
QUICHE_DCHECK_LT(0u,
sent_packet_manager_.pending_timer_transmission_count());
if (SupportsMultiplePacketNumberSpaces()) {
// Based on https://datatracker.ietf.org/doc/html/rfc9002#appendix-A.9
PacketNumberSpace packet_number_space;
if (sent_packet_manager_
.GetEarliestPacketSentTimeForPto(&packet_number_space)
.IsInitialized()) {
SendPingAtLevel(QuicUtils::GetEncryptionLevel(packet_number_space));
} else {
// The client must PTO when there is nothing in flight if the server
// could be blocked from sending by the amplification limit
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
if (framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE)) {
SendPingAtLevel(ENCRYPTION_HANDSHAKE);
} else if (framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL)) {
SendPingAtLevel(ENCRYPTION_INITIAL);
} else {
QUIC_BUG(quic_bug_no_pto) << "PTO fired but nothing was sent.";
}
}
} else {
SendPingAtLevel(encryption_level_);
}
}
if (retransmission_mode == QuicSentPacketManager::PTO_MODE) {
sent_packet_manager_.AdjustPendingTimerTransmissions();
}
if (retransmission_mode != QuicSentPacketManager::LOSS_MODE &&
retransmission_mode != QuicSentPacketManager::HANDSHAKE_MODE) {
// When timer fires in TLP/RTO/PTO mode, ensure 1) at least one packet is
// created, or there is data to send and available credit (such that
// packets will be sent eventually).
QUIC_BUG_IF(
quic_bug_12714_27,
packet_creator_.packet_number() == previous_created_packet_number &&
(!visitor_->WillingAndAbleToWrite() ||
sent_packet_manager_.pending_timer_transmission_count() == 0u))
<< "retransmission_mode: " << retransmission_mode
<< ", packet_number: " << packet_creator_.packet_number()
<< ", session has data to write: " << visitor_->WillingAndAbleToWrite()
<< ", writer is blocked: " << writer_->IsWriteBlocked()
<< ", pending_timer_transmission_count: "
<< sent_packet_manager_.pending_timer_transmission_count();
}
// Ensure the retransmission alarm is always set if there are unacked packets
// and nothing waiting to be sent.
// This happens if the loss algorithm invokes a timer based loss, but the
// packet doesn't need to be retransmitted.
if (!HasQueuedData() && !retransmission_alarm_->IsSet()) {
SetRetransmissionAlarm();
}
}
void QuicConnection::SetEncrypter(EncryptionLevel level,
std::unique_ptr<QuicEncrypter> encrypter) {
packet_creator_.SetEncrypter(level, std::move(encrypter));
}
void QuicConnection::RemoveEncrypter(EncryptionLevel level) {
framer_.RemoveEncrypter(level);
}
void QuicConnection::SetDiversificationNonce(
const DiversificationNonce& nonce) {
QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
packet_creator_.SetDiversificationNonce(nonce);
}
void QuicConnection::SetDefaultEncryptionLevel(EncryptionLevel level) {
QUIC_DVLOG(1) << ENDPOINT << "Setting default encryption level from "
<< encryption_level_ << " to " << level;
const bool changing_level = level != encryption_level_;
if (changing_level && packet_creator_.HasPendingFrames()) {
// Flush all queued frames when encryption level changes.
ScopedPacketFlusher flusher(this);
packet_creator_.FlushCurrentPacket();
}
encryption_level_ = level;
packet_creator_.set_encryption_level(level);
QUIC_BUG_IF(quic_bug_12714_28, !framer_.HasEncrypterOfEncryptionLevel(level))
<< ENDPOINT << "Trying to set encryption level to "
<< EncryptionLevelToString(level) << " while the key is missing";
if (!changing_level) {
return;
}
// The least packet awaited by the peer depends on the encryption level so
// we recalculate it here.
packet_creator_.UpdatePacketNumberLength(
sent_packet_manager_.GetLeastPacketAwaitedByPeer(encryption_level_),
sent_packet_manager_.EstimateMaxPacketsInFlight(max_packet_length()));
}
void QuicConnection::SetDecrypter(EncryptionLevel level,
std::unique_ptr<QuicDecrypter> decrypter) {
framer_.SetDecrypter(level, std::move(decrypter));
if (!undecryptable_packets_.empty() &&
!process_undecryptable_packets_alarm_->IsSet()) {
process_undecryptable_packets_alarm_->Set(clock_->ApproximateNow());
}
}
void QuicConnection::SetAlternativeDecrypter(
EncryptionLevel level,
std::unique_ptr<QuicDecrypter> decrypter,
bool latch_once_used) {
framer_.SetAlternativeDecrypter(level, std::move(decrypter), latch_once_used);
if (!undecryptable_packets_.empty() &&
!process_undecryptable_packets_alarm_->IsSet()) {
process_undecryptable_packets_alarm_->Set(clock_->ApproximateNow());
}
}
void QuicConnection::InstallDecrypter(
EncryptionLevel level,
std::unique_ptr<QuicDecrypter> decrypter) {
if (level == ENCRYPTION_ZERO_RTT) {
had_zero_rtt_decrypter_ = true;
}
framer_.InstallDecrypter(level, std::move(decrypter));
if (!undecryptable_packets_.empty() &&
!process_undecryptable_packets_alarm_->IsSet()) {
process_undecryptable_packets_alarm_->Set(clock_->ApproximateNow());
}
}
void QuicConnection::RemoveDecrypter(EncryptionLevel level) {
framer_.RemoveDecrypter(level);
}
void QuicConnection::DiscardPreviousOneRttKeys() {
framer_.DiscardPreviousOneRttKeys();
}
bool QuicConnection::IsKeyUpdateAllowed() const {
return support_key_update_for_connection_ &&
GetLargestAckedPacket().IsInitialized() &&
lowest_packet_sent_in_current_key_phase_.IsInitialized() &&
GetLargestAckedPacket() >= lowest_packet_sent_in_current_key_phase_;
}
bool QuicConnection::HaveSentPacketsInCurrentKeyPhaseButNoneAcked() const {
return lowest_packet_sent_in_current_key_phase_.IsInitialized() &&
(!GetLargestAckedPacket().IsInitialized() ||
GetLargestAckedPacket() < lowest_packet_sent_in_current_key_phase_);
}
QuicPacketCount QuicConnection::PotentialPeerKeyUpdateAttemptCount() const {
return framer_.PotentialPeerKeyUpdateAttemptCount();
}
bool QuicConnection::InitiateKeyUpdate(KeyUpdateReason reason) {
QUIC_DLOG(INFO) << ENDPOINT << "InitiateKeyUpdate";
if (!IsKeyUpdateAllowed()) {
QUIC_BUG(quic_bug_10511_28) << "key update not allowed";
return false;
}
return framer_.DoKeyUpdate(reason);
}
const QuicDecrypter* QuicConnection::decrypter() const {
return framer_.decrypter();
}
const QuicDecrypter* QuicConnection::alternative_decrypter() const {
return framer_.alternative_decrypter();
}
void QuicConnection::QueueUndecryptablePacket(
const QuicEncryptedPacket& packet,
EncryptionLevel decryption_level) {
for (const auto& saved_packet : undecryptable_packets_) {
if (packet.data() == saved_packet.packet->data() &&
packet.length() == saved_packet.packet->length()) {
QUIC_DVLOG(1) << ENDPOINT << "Not queueing known undecryptable packet";
return;
}
}
QUIC_DVLOG(1) << ENDPOINT << "Queueing undecryptable packet.";
undecryptable_packets_.emplace_back(packet, decryption_level,
last_received_packet_info_);
if (perspective_ == Perspective::IS_CLIENT) {
if (!retransmission_alarm_->IsSet() ||
GetRetransmissionDeadline() < retransmission_alarm_->deadline()) {
// Re-arm PTO only if we can make it sooner to speed up recovery.
SetRetransmissionAlarm();
}
}
}
void QuicConnection::MaybeProcessUndecryptablePackets() {
process_undecryptable_packets_alarm_->Cancel();
if (undecryptable_packets_.empty() ||
encryption_level_ == ENCRYPTION_INITIAL) {
return;
}
auto iter = undecryptable_packets_.begin();
while (connected_ && iter != undecryptable_packets_.end()) {
// Making sure there is no pending frames when processing next undecrypted
// packet because the queued ack frame may change.
packet_creator_.FlushCurrentPacket();
if (!connected_) {
return;
}
UndecryptablePacket* undecryptable_packet = &*iter;
QUIC_DVLOG(1) << ENDPOINT << "Attempting to process undecryptable packet";
if (debug_visitor_ != nullptr) {
debug_visitor_->OnAttemptingToProcessUndecryptablePacket(
undecryptable_packet->encryption_level);
}
bool processed = false;
if (reset_per_packet_state_for_undecryptable_packets_) {
QUIC_RELOADABLE_FLAG_COUNT_N(
quic_reset_per_packet_state_for_undecryptable_packets, 1, 2);
last_received_packet_info_ = undecryptable_packet->packet_info;
last_size_ = undecryptable_packet->packet->length();
current_packet_data_ = undecryptable_packet->packet->data();
processed = framer_.ProcessPacket(*undecryptable_packet->packet);
current_packet_data_ = nullptr;
} else {
processed = framer_.ProcessPacket(*undecryptable_packet->packet);
}
if (processed) {
QUIC_DVLOG(1) << ENDPOINT << "Processed undecryptable packet!";
iter = undecryptable_packets_.erase(iter);
++stats_.packets_processed;
continue;
}
const bool has_decryption_key = version().KnowsWhichDecrypterToUse() &&
framer_.HasDecrypterOfEncryptionLevel(
undecryptable_packet->encryption_level);
if (framer_.error() == QUIC_DECRYPTION_FAILURE &&
ShouldEnqueueUnDecryptablePacket(undecryptable_packet->encryption_level,
has_decryption_key)) {
QUIC_DVLOG(1)
<< ENDPOINT
<< "Need to attempt to process this undecryptable packet later";
++iter;
continue;
}
iter = undecryptable_packets_.erase(iter);
}
// Once forward secure encryption is in use, there will be no
// new keys installed and hence any undecryptable packets will
// never be able to be decrypted.
if (encryption_level_ == ENCRYPTION_FORWARD_SECURE) {
if (debug_visitor_ != nullptr) {
for (const auto& undecryptable_packet : undecryptable_packets_) {
debug_visitor_->OnUndecryptablePacket(
undecryptable_packet.encryption_level, /*dropped=*/true);
}
}
undecryptable_packets_.clear();
}
if (perspective_ == Perspective::IS_CLIENT) {
if (!retransmission_alarm_->IsSet() || undecryptable_packets_.empty() ||
GetRetransmissionDeadline() < retransmission_alarm_->deadline()) {
// 1) If there is still undecryptable packet, only re-arm PTO to make it
// sooner to speed up recovery.
// 2) If all undecryptable packets get processed, re-arm (which may
// postpone) PTO since no immediate recovery is needed.
SetRetransmissionAlarm();
}
}
}
void QuicConnection::QueueCoalescedPacket(const QuicEncryptedPacket& packet) {
QUIC_DVLOG(1) << ENDPOINT << "Queueing coalesced packet.";
received_coalesced_packets_.push_back(packet.Clone());
++stats_.num_coalesced_packets_received;
}
bool QuicConnection::MaybeProcessCoalescedPackets() {
bool processed = false;
while (connected_ && !received_coalesced_packets_.empty()) {
// Making sure there are no pending frames when processing the next
// coalesced packet because the queued ack frame may change.
packet_creator_.FlushCurrentPacket();
if (!connected_) {
return processed;
}
std::unique_ptr<QuicEncryptedPacket> packet =
std::move(received_coalesced_packets_.front());
received_coalesced_packets_.pop_front();
QUIC_DVLOG(1) << ENDPOINT << "Processing coalesced packet";
if (framer_.ProcessPacket(*packet)) {
processed = true;
++stats_.num_coalesced_packets_processed;
} else {
// If we are unable to decrypt this packet, it might be
// because the CHLO or SHLO packet was lost.
}
}
if (processed) {
MaybeProcessUndecryptablePackets();
if (donot_write_mid_packet_processing_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_donot_write_mid_packet_processing, 2,
3);
MaybeSendInResponseToPacket();
}
}
return processed;
}
void QuicConnection::CloseConnection(
QuicErrorCode error,
const std::string& details,
ConnectionCloseBehavior connection_close_behavior) {
CloseConnection(error, NO_IETF_QUIC_ERROR, details,
connection_close_behavior);
}
void QuicConnection::CloseConnection(
QuicErrorCode error,
QuicIetfTransportErrorCodes ietf_error,
const std::string& error_details,
ConnectionCloseBehavior connection_close_behavior) {
QUICHE_DCHECK(!error_details.empty());
if (!connected_) {
QUIC_DLOG(INFO) << "Connection is already closed.";
return;
}
if (ietf_error != NO_IETF_QUIC_ERROR) {
QUIC_DLOG(INFO) << ENDPOINT << "Closing connection: " << connection_id()
<< ", with wire error: " << ietf_error
<< ", error: " << QuicErrorCodeToString(error)
<< ", and details: " << error_details;
} else {
QUIC_DLOG(INFO) << ENDPOINT << "Closing connection: " << connection_id()
<< ", with error: " << QuicErrorCodeToString(error) << " ("
<< error << "), and details: " << error_details;
}
if (connection_close_behavior != ConnectionCloseBehavior::SILENT_CLOSE) {
SendConnectionClosePacket(error, ietf_error, error_details);
}
TearDownLocalConnectionState(error, ietf_error, error_details,
ConnectionCloseSource::FROM_SELF);
}
void QuicConnection::SendConnectionClosePacket(
QuicErrorCode error,
QuicIetfTransportErrorCodes ietf_error,
const std::string& details) {
// Always use the current path to send CONNECTION_CLOSE.
QuicPacketCreator::ScopedPeerAddressContext context(
&packet_creator_, peer_address(), default_path_.client_connection_id,
default_path_.server_connection_id, connection_migration_use_new_cid_);
if (!SupportsMultiplePacketNumberSpaces()) {
QUIC_DLOG(INFO) << ENDPOINT << "Sending connection close packet.";
if (!use_encryption_level_context_) {
SetDefaultEncryptionLevel(GetConnectionCloseEncryptionLevel());
}
ScopedEncryptionLevelContext context(
use_encryption_level_context_ ? this : nullptr,
GetConnectionCloseEncryptionLevel());
if (version().CanSendCoalescedPackets()) {
coalesced_packet_.Clear();
}
ClearQueuedPackets();
// If there was a packet write error, write the smallest close possible.
ScopedPacketFlusher flusher(this);
// Always bundle an ACK with connection close for debugging purpose.
bool send_ack = error != QUIC_PACKET_WRITE_ERROR &&
!uber_received_packet_manager_.IsAckFrameEmpty(
QuicUtils::GetPacketNumberSpace(encryption_level_));
if (GetQuicReloadableFlag(quic_single_ack_in_packet2)) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_single_ack_in_packet2, 1, 2);
send_ack = !packet_creator_.has_ack() && send_ack;
}
if (send_ack) {
SendAck();
}
QuicConnectionCloseFrame* frame;
frame = new QuicConnectionCloseFrame(transport_version(), error, ietf_error,
details,
framer_.current_received_frame_type());
packet_creator_.ConsumeRetransmittableControlFrame(QuicFrame(frame));
packet_creator_.FlushCurrentPacket();
if (version().CanSendCoalescedPackets()) {
FlushCoalescedPacket();
}
ClearQueuedPackets();
return;
}
const EncryptionLevel current_encryption_level = encryption_level_;
ScopedPacketFlusher flusher(this);
// Now that the connection is being closed, discard any unsent packets
// so the only packets to be sent will be connection close packets.
if (version().CanSendCoalescedPackets()) {
coalesced_packet_.Clear();
}
ClearQueuedPackets();
for (EncryptionLevel level :
{ENCRYPTION_INITIAL, ENCRYPTION_HANDSHAKE, ENCRYPTION_ZERO_RTT,
ENCRYPTION_FORWARD_SECURE}) {
if (!framer_.HasEncrypterOfEncryptionLevel(level)) {
continue;
}
QUIC_DLOG(INFO) << ENDPOINT
<< "Sending connection close packet at level: " << level;
if (!use_encryption_level_context_) {
SetDefaultEncryptionLevel(level);
}
ScopedEncryptionLevelContext context(
use_encryption_level_context_ ? this : nullptr, level);
// Bundle an ACK of the corresponding packet number space for debugging
// purpose.
bool send_ack = error != QUIC_PACKET_WRITE_ERROR &&
!uber_received_packet_manager_.IsAckFrameEmpty(
QuicUtils::GetPacketNumberSpace(encryption_level_));
if (GetQuicReloadableFlag(quic_single_ack_in_packet2)) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_single_ack_in_packet2, 2, 2);
send_ack = !packet_creator_.has_ack() && send_ack;
}
if (send_ack) {
QuicFrames frames;
frames.push_back(GetUpdatedAckFrame());
packet_creator_.FlushAckFrame(frames);
}
if (level == ENCRYPTION_FORWARD_SECURE &&
perspective_ == Perspective::IS_SERVER) {
visitor_->BeforeConnectionCloseSent();
}
auto* frame = new QuicConnectionCloseFrame(
transport_version(), error, ietf_error, details,
framer_.current_received_frame_type());
packet_creator_.ConsumeRetransmittableControlFrame(QuicFrame(frame));
packet_creator_.FlushCurrentPacket();
}
if (version().CanSendCoalescedPackets()) {
FlushCoalescedPacket();
}
// Since the connection is closing, if the connection close packets were not
// sent, then they should be discarded.
ClearQueuedPackets();
if (!use_encryption_level_context_) {
SetDefaultEncryptionLevel(current_encryption_level);
}
}
void QuicConnection::TearDownLocalConnectionState(
QuicErrorCode error,
QuicIetfTransportErrorCodes ietf_error,
const std::string& error_details,
ConnectionCloseSource source) {
QuicConnectionCloseFrame frame(transport_version(), error, ietf_error,
error_details,
framer_.current_received_frame_type());
return TearDownLocalConnectionState(frame, source);
}
void QuicConnection::TearDownLocalConnectionState(
const QuicConnectionCloseFrame& frame,
ConnectionCloseSource source) {
if (!connected_) {
QUIC_DLOG(INFO) << "Connection is already closed.";
return;
}
// If we are using a batch writer, flush packets queued in it, if any.
FlushPackets();
connected_ = false;
QUICHE_DCHECK(visitor_ != nullptr);
visitor_->OnConnectionClosed(frame, source);
// LossDetectionTunerInterface::Finish() may be called from
// sent_packet_manager_.OnConnectionClosed. Which may require the session to
// finish its business first.
sent_packet_manager_.OnConnectionClosed();
if (debug_visitor_ != nullptr) {
debug_visitor_->OnConnectionClosed(frame, source);
}
// Cancel the alarms so they don't trigger any action now that the
// connection is closed.
CancelAllAlarms();
if (use_path_validator_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_pass_path_response_to_validator, 3, 4);
CancelPathValidation();
}
peer_issued_cid_manager_.reset();
self_issued_cid_manager_.reset();
}
void QuicConnection::CancelAllAlarms() {
QUIC_DVLOG(1) << "Cancelling all QuicConnection alarms.";
ack_alarm_->Cancel();
ping_alarm_->Cancel();
retransmission_alarm_->Cancel();
send_alarm_->Cancel();
mtu_discovery_alarm_->Cancel();
process_undecryptable_packets_alarm_->Cancel();
discard_previous_one_rtt_keys_alarm_->Cancel();
discard_zero_rtt_decryption_keys_alarm_->Cancel();
blackhole_detector_.StopDetection();
idle_network_detector_.StopDetection();
}
QuicByteCount QuicConnection::max_packet_length() const {
return packet_creator_.max_packet_length();
}
void QuicConnection::SetMaxPacketLength(QuicByteCount length) {
long_term_mtu_ = length;
stats_.max_egress_mtu = std::max(stats_.max_egress_mtu, long_term_mtu_);
MaybeUpdatePacketCreatorMaxPacketLengthAndPadding();
}
bool QuicConnection::HasQueuedData() const {
return packet_creator_.HasPendingFrames() || !buffered_packets_.empty();
}
void QuicConnection::SetNetworkTimeouts(QuicTime::Delta handshake_timeout,
QuicTime::Delta idle_timeout) {
QUIC_BUG_IF(quic_bug_12714_29, idle_timeout > handshake_timeout)
<< "idle_timeout:" << idle_timeout.ToMilliseconds()
<< " handshake_timeout:" << handshake_timeout.ToMilliseconds();
// Adjust the idle timeout on client and server to prevent clients from
// sending requests to servers which have already closed the connection.
if (perspective_ == Perspective::IS_SERVER) {
idle_timeout = idle_timeout + QuicTime::Delta::FromSeconds(3);
} else if (idle_timeout > QuicTime::Delta::FromSeconds(1)) {
idle_timeout = idle_timeout - QuicTime::Delta::FromSeconds(1);
}
idle_network_detector_.SetTimeouts(handshake_timeout, idle_timeout);
}
void QuicConnection::SetPingAlarm() {
if (perspective_ == Perspective::IS_SERVER &&
initial_retransmittable_on_wire_timeout_.IsInfinite()) {
// The PING alarm exists to support two features:
// 1) clients send PINGs every 15s to prevent NAT timeouts,
// 2) both clients and servers can send retransmittable on the wire PINGs
// (ROWP) while ShouldKeepConnectionAlive is true and there is no packets in
// flight.
return;
}
if (!visitor_->ShouldKeepConnectionAlive()) {
ping_alarm_->Cancel();
// Don't send a ping unless the application (ie: HTTP/3) says to, usually
// because it is expecting a response from the server.
return;
}
if (initial_retransmittable_on_wire_timeout_.IsInfinite() ||
sent_packet_manager_.HasInFlightPackets() ||
retransmittable_on_wire_ping_count_ >
GetQuicFlag(FLAGS_quic_max_retransmittable_on_wire_ping_count)) {
if (perspective_ == Perspective::IS_CLIENT) {
// Clients send 15s PINGs to avoid NATs from timing out.
ping_alarm_->Update(clock_->ApproximateNow() + ping_timeout_,
QuicTime::Delta::FromSeconds(1));
} else {
// Servers do not send 15s PINGs.
ping_alarm_->Cancel();
}
return;
}
QUICHE_DCHECK_LT(initial_retransmittable_on_wire_timeout_, ping_timeout_);
QuicTime::Delta retransmittable_on_wire_timeout =
initial_retransmittable_on_wire_timeout_;
int max_aggressive_retransmittable_on_wire_ping_count =
GetQuicFlag(FLAGS_quic_max_aggressive_retransmittable_on_wire_ping_count);
QUICHE_DCHECK_LE(0, max_aggressive_retransmittable_on_wire_ping_count);
if (consecutive_retransmittable_on_wire_ping_count_ >
max_aggressive_retransmittable_on_wire_ping_count) {
// Exponentially back off the timeout if the number of consecutive
// retransmittable on wire pings has exceeds the allowance.
int shift = consecutive_retransmittable_on_wire_ping_count_ -
max_aggressive_retransmittable_on_wire_ping_count;
retransmittable_on_wire_timeout =
initial_retransmittable_on_wire_timeout_ * (1 << shift);
}
// If it's already set to an earlier time, then don't update it.
if (ping_alarm_->IsSet() &&
ping_alarm_->deadline() <
clock_->ApproximateNow() + retransmittable_on_wire_timeout) {
return;
}
if (retransmittable_on_wire_timeout < ping_timeout_) {
// Use a shorter timeout if there are open streams, but nothing on the wire.
ping_alarm_->Update(
clock_->ApproximateNow() + retransmittable_on_wire_timeout,
kAlarmGranularity);
if (max_aggressive_retransmittable_on_wire_ping_count != 0) {
consecutive_retransmittable_on_wire_ping_count_++;
}
retransmittable_on_wire_ping_count_++;
return;
}
ping_alarm_->Update(clock_->ApproximateNow() + ping_timeout_,
kAlarmGranularity);
}
void QuicConnection::SetRetransmissionAlarm() {
if (!connected_) {
if (retransmission_alarm_->IsSet()) {
QUIC_BUG(quic_bug_10511_29)
<< ENDPOINT << "Retransmission alarm is set while disconnected";
retransmission_alarm_->Cancel();
}
return;
}
if (packet_creator_.PacketFlusherAttached()) {
pending_retransmission_alarm_ = true;
return;
}
if (LimitedByAmplificationFactor()) {
// Do not set retransmission timer if connection is anti-amplification limit
// throttled. Otherwise, nothing can be sent when timer fires.
retransmission_alarm_->Cancel();
return;
}
retransmission_alarm_->Update(GetRetransmissionDeadline(), kAlarmGranularity);
}
void QuicConnection::MaybeSetMtuAlarm(QuicPacketNumber sent_packet_number) {
if (mtu_discovery_alarm_->IsSet() ||
!mtu_discoverer_.ShouldProbeMtu(sent_packet_number)) {
return;
}
mtu_discovery_alarm_->Set(clock_->ApproximateNow());
}
QuicConnection::ScopedPacketFlusher::ScopedPacketFlusher(
QuicConnection* connection)
: connection_(connection),
flush_and_set_pending_retransmission_alarm_on_delete_(false),
handshake_packet_sent_(connection != nullptr &&
connection->handshake_packet_sent_) {
if (connection_ == nullptr) {
return;
}
if (!connection_->packet_creator_.PacketFlusherAttached()) {
flush_and_set_pending_retransmission_alarm_on_delete_ = true;
connection->packet_creator_.AttachPacketFlusher();
}
}
QuicConnection::ScopedPacketFlusher::~ScopedPacketFlusher() {
if (connection_ == nullptr || !connection_->connected()) {
return;
}
if (flush_and_set_pending_retransmission_alarm_on_delete_) {
const QuicTime ack_timeout =
connection_->uber_received_packet_manager_.GetEarliestAckTimeout();
if (ack_timeout.IsInitialized()) {
if (ack_timeout <= connection_->clock_->ApproximateNow() &&
!connection_->CanWrite(NO_RETRANSMITTABLE_DATA)) {
// Cancel ACK alarm if connection is write blocked, and ACK will be
// sent when connection gets unblocked.
connection_->ack_alarm_->Cancel();
} else if (!connection_->ack_alarm_->IsSet() ||
connection_->ack_alarm_->deadline() > ack_timeout) {
connection_->ack_alarm_->Update(ack_timeout, QuicTime::Delta::Zero());
}
}
if (connection_->ack_alarm_->IsSet() &&
connection_->ack_alarm_->deadline() <=
connection_->clock_->ApproximateNow()) {
// An ACK needs to be sent right now. This ACK did not get bundled
// because either there was no data to write or packets were marked as
// received after frames were queued in the generator.
if (connection_->send_alarm_->IsSet() &&
connection_->send_alarm_->deadline() <=
connection_->clock_->ApproximateNow()) {
// If send alarm will go off soon, let send alarm send the ACK.
connection_->ack_alarm_->Cancel();
} else if (connection_->SupportsMultiplePacketNumberSpaces()) {
connection_->SendAllPendingAcks();
} else {
connection_->SendAck();
}
}
connection_->packet_creator_.Flush();
if (connection_->version().CanSendCoalescedPackets()) {
connection_->MaybeCoalescePacketOfHigherSpace();
connection_->FlushCoalescedPacket();
}
connection_->FlushPackets();
if (!handshake_packet_sent_ && connection_->handshake_packet_sent_) {
// This would cause INITIAL key to be dropped. Drop keys here to avoid
// missing the write keys in the middle of writing.
connection_->visitor_->OnHandshakePacketSent();
}
// Reset transmission type.
connection_->SetTransmissionType(NOT_RETRANSMISSION);
// Once all transmissions are done, check if there is any outstanding data
// to send and notify the congestion controller if not.
//
// Note that this means that the application limited check will happen as
// soon as the last flusher gets destroyed, which is typically after a
// single stream write is finished. This means that if all the data from a
// single write goes through the connection, the application-limited signal
// will fire even if the caller does a write operation immediately after.
// There are two important approaches to remedy this situation:
// (1) Instantiate ScopedPacketFlusher before performing multiple subsequent
// writes, thus deferring this check until all writes are done.
// (2) Write data in chunks sufficiently large so that they cause the
// connection to be limited by the congestion control. Typically, this
// would mean writing chunks larger than the product of the current
// pacing rate and the pacer granularity. So, for instance, if the
// pacing rate of the connection is 1 Gbps, and the pacer granularity is
// 1 ms, the caller should send at least 125k bytes in order to not
// be marked as application-limited.
connection_->CheckIfApplicationLimited();
if (connection_->pending_retransmission_alarm_) {
connection_->SetRetransmissionAlarm();
connection_->pending_retransmission_alarm_ = false;
}
}
QUICHE_DCHECK_EQ(flush_and_set_pending_retransmission_alarm_on_delete_,
!connection_->packet_creator_.PacketFlusherAttached());
}
QuicConnection::ScopedEncryptionLevelContext::ScopedEncryptionLevelContext(
QuicConnection* connection,
EncryptionLevel encryption_level)
: connection_(connection), latched_encryption_level_(ENCRYPTION_INITIAL) {
if (connection_ == nullptr) {
return;
}
latched_encryption_level_ = connection_->encryption_level_;
connection_->SetDefaultEncryptionLevel(encryption_level);
}
QuicConnection::ScopedEncryptionLevelContext::~ScopedEncryptionLevelContext() {
if (connection_ == nullptr || !connection_->connected_) {
return;
}
connection_->SetDefaultEncryptionLevel(latched_encryption_level_);
}
QuicConnection::BufferedPacket::BufferedPacket(
const SerializedPacket& packet,
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address)
: encrypted_buffer(CopyBuffer(packet), packet.encrypted_length),
self_address(self_address),
peer_address(peer_address) {}
QuicConnection::BufferedPacket::BufferedPacket(
char* encrypted_buffer,
QuicPacketLength encrypted_length,
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address)
: encrypted_buffer(CopyBuffer(encrypted_buffer, encrypted_length),
encrypted_length),
self_address(self_address),
peer_address(peer_address) {}
QuicConnection::BufferedPacket::~BufferedPacket() {
delete[] encrypted_buffer.data();
}
HasRetransmittableData QuicConnection::IsRetransmittable(
const SerializedPacket& packet) {
// Retransmitted packets retransmittable frames are owned by the unacked
// packet map, but are not present in the serialized packet.
if (packet.transmission_type != NOT_RETRANSMISSION ||
!packet.retransmittable_frames.empty()) {
return HAS_RETRANSMITTABLE_DATA;
} else {
return NO_RETRANSMITTABLE_DATA;
}
}
bool QuicConnection::IsTerminationPacket(const SerializedPacket& packet,
QuicErrorCode* error_code) {
if (packet.retransmittable_frames.empty()) {
return false;
}
for (const QuicFrame& frame : packet.retransmittable_frames) {
if (frame.type == CONNECTION_CLOSE_FRAME) {
*error_code = frame.connection_close_frame->quic_error_code;
return true;
}
}
return false;
}
void QuicConnection::SetMtuDiscoveryTarget(QuicByteCount target) {
QUIC_DVLOG(2) << ENDPOINT << "SetMtuDiscoveryTarget: " << target;
mtu_discoverer_.Disable();
mtu_discoverer_.Enable(max_packet_length(), GetLimitedMaxPacketSize(target));
}
QuicByteCount QuicConnection::GetLimitedMaxPacketSize(
QuicByteCount suggested_max_packet_size) {
if (!peer_address().IsInitialized()) {
QUIC_BUG(quic_bug_10511_30)
<< "Attempted to use a connection without a valid peer address";
return suggested_max_packet_size;
}
const QuicByteCount writer_limit = writer_->GetMaxPacketSize(peer_address());
QuicByteCount max_packet_size = suggested_max_packet_size;
if (max_packet_size > writer_limit) {
max_packet_size = writer_limit;
}
if (max_packet_size > peer_max_packet_size_) {
max_packet_size = peer_max_packet_size_;
}
if (max_packet_size > kMaxOutgoingPacketSize) {
max_packet_size = kMaxOutgoingPacketSize;
}
return max_packet_size;
}
void QuicConnection::SendMtuDiscoveryPacket(QuicByteCount target_mtu) {
// Currently, this limit is ensured by the caller.
QUICHE_DCHECK_EQ(target_mtu, GetLimitedMaxPacketSize(target_mtu));
// Send the probe.
packet_creator_.GenerateMtuDiscoveryPacket(target_mtu);
}
// TODO(zhongyi): change this method to generate a connectivity probing packet
// and let the caller to call writer to write the packet and handle write
// status.
bool QuicConnection::SendConnectivityProbingPacket(
QuicPacketWriter* probing_writer,
const QuicSocketAddress& peer_address) {
return SendGenericPathProbePacket(probing_writer, peer_address,
/* is_response= */ false);
}
void QuicConnection::SendConnectivityProbingResponsePacket(
const QuicSocketAddress& peer_address) {
SendGenericPathProbePacket(nullptr, peer_address,
/* is_response= */ true);
}
bool QuicConnection::SendGenericPathProbePacket(
QuicPacketWriter* probing_writer,
const QuicSocketAddress& peer_address,
bool is_response) {
QUICHE_DCHECK(peer_address.IsInitialized());
if (!connected_) {
QUIC_BUG(quic_bug_10511_31)
<< "Not sending connectivity probing packet as connection is "
<< "disconnected.";
return false;
}
if (perspective_ == Perspective::IS_SERVER && probing_writer == nullptr) {
// Server can use default packet writer to write packet.
probing_writer = writer_;
}
QUICHE_DCHECK(probing_writer);
if (probing_writer->IsWriteBlocked()) {
QUIC_DLOG(INFO)
<< ENDPOINT
<< "Writer blocked when sending connectivity probing packet.";
if (probing_writer == writer_) {
// Visitor should not be write blocked if the probing writer is not the
// default packet writer.
visitor_->OnWriteBlocked();
}
return true;
}
QUIC_DLOG(INFO) << ENDPOINT
<< "Sending path probe packet for connection_id = "
<< default_path_.server_connection_id;
std::unique_ptr<SerializedPacket> probing_packet;
if (!version().HasIetfQuicFrames()) {
// Non-IETF QUIC, generate a padded ping regardless of whether this is a
// request or a response.
probing_packet = packet_creator_.SerializeConnectivityProbingPacket();
} else if (is_response) {
QUICHE_DCHECK(!send_path_response_);
// IETF QUIC path response.
// Respond to path probe request using IETF QUIC PATH_RESPONSE frame.
probing_packet =
packet_creator_.SerializePathResponseConnectivityProbingPacket(
received_path_challenge_payloads_,
/*is_padded=*/false);
received_path_challenge_payloads_.clear();
} else {
// IETF QUIC path challenge.
// Send a path probe request using IETF QUIC PATH_CHALLENGE frame.
transmitted_connectivity_probe_payload_ =
std::make_unique<QuicPathFrameBuffer>();
random_generator_->RandBytes(transmitted_connectivity_probe_payload_.get(),
sizeof(QuicPathFrameBuffer));
probing_packet =
packet_creator_.SerializePathChallengeConnectivityProbingPacket(
*transmitted_connectivity_probe_payload_);
if (!probing_packet) {
transmitted_connectivity_probe_payload_ = nullptr;
}
}
QUICHE_DCHECK_EQ(IsRetransmittable(*probing_packet), NO_RETRANSMITTABLE_DATA);
return WritePacketUsingWriter(std::move(probing_packet), probing_writer,
self_address(), peer_address,
/*measure_rtt=*/true);
}
bool QuicConnection::WritePacketUsingWriter(
std::unique_ptr<SerializedPacket> packet,
QuicPacketWriter* writer,
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
bool measure_rtt) {
const QuicTime packet_send_time = clock_->Now();
QUIC_DVLOG(2) << ENDPOINT
<< "Sending path probe packet for server connection ID "
<< default_path_.server_connection_id << std::endl
<< quiche::QuicheTextUtils::HexDump(absl::string_view(
packet->encrypted_buffer, packet->encrypted_length));
WriteResult result = writer->WritePacket(
packet->encrypted_buffer, packet->encrypted_length, self_address.host(),
peer_address, per_packet_options_);
// If using a batch writer and the probing packet is buffered, flush it.
if (writer->IsBatchMode() && result.status == WRITE_STATUS_OK &&
result.bytes_written == 0) {
result = writer->Flush();
}
if (IsWriteError(result.status)) {
// Write error for any connectivity probe should not affect the connection
// as it is sent on a different path.
QUIC_DLOG(INFO) << ENDPOINT << "Write probing packet failed with error = "
<< result.error_code;
return false;
}
// Send in currrent path. Call OnPacketSent regardless of the write result.
sent_packet_manager_.OnPacketSent(packet.get(), packet_send_time,
packet->transmission_type,
NO_RETRANSMITTABLE_DATA, measure_rtt);
if (debug_visitor_ != nullptr) {
if (sent_packet_manager_.unacked_packets().empty()) {
QUIC_BUG(quic_bug_10511_32)
<< "Unacked map is empty right after packet is sent";
} else {
debug_visitor_->OnPacketSent(
packet->packet_number, packet->encrypted_length,
packet->has_crypto_handshake, packet->transmission_type,
packet->encryption_level,
sent_packet_manager_.unacked_packets()
.rbegin()
->retransmittable_frames,
packet->nonretransmittable_frames, packet_send_time);
}
}
if (IsWriteBlockedStatus(result.status)) {
if (writer == writer_) {
// Visitor should not be write blocked if the probing writer is not the
// default packet writer.
visitor_->OnWriteBlocked();
}
if (result.status == WRITE_STATUS_BLOCKED_DATA_BUFFERED) {
QUIC_DLOG(INFO) << ENDPOINT << "Write probing packet blocked";
}
}
return true;
}
void QuicConnection::DisableMtuDiscovery() {
mtu_discoverer_.Disable();
mtu_discovery_alarm_->Cancel();
}
void QuicConnection::DiscoverMtu() {
QUICHE_DCHECK(!mtu_discovery_alarm_->IsSet());
const QuicPacketNumber largest_sent_packet =
sent_packet_manager_.GetLargestSentPacket();
if (mtu_discoverer_.ShouldProbeMtu(largest_sent_packet)) {
++mtu_probe_count_;
SendMtuDiscoveryPacket(
mtu_discoverer_.GetUpdatedMtuProbeSize(largest_sent_packet));
}
QUICHE_DCHECK(!mtu_discovery_alarm_->IsSet());
}
void QuicConnection::OnEffectivePeerMigrationValidated() {
if (active_effective_peer_migration_type_ == NO_CHANGE) {
QUIC_BUG(quic_bug_10511_33) << "No migration underway.";
return;
}
highest_packet_sent_before_effective_peer_migration_.Clear();
const bool send_address_token =
active_effective_peer_migration_type_ != PORT_CHANGE;
active_effective_peer_migration_type_ = NO_CHANGE;
++stats_.num_validated_peer_migration;
if (!validate_client_addresses_) {
return;
}
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 2, 6);
if (debug_visitor_ != nullptr) {
const QuicTime now = clock_->ApproximateNow();
if (now >= stats_.handshake_completion_time) {
debug_visitor_->OnPeerMigrationValidated(
now - stats_.handshake_completion_time);
} else {
QUIC_BUG(quic_bug_10511_34)
<< "Handshake completion time is larger than current time.";
}
}
// Lift anti-amplification limit.
default_path_.validated = true;
alternative_path_.Clear();
if (send_address_token) {
visitor_->MaybeSendAddressToken();
}
}
void QuicConnection::StartEffectivePeerMigration(AddressChangeType type) {
// TODO(fayang): Currently, all peer address change type are allowed. Need to
// add a method ShouldAllowPeerAddressChange(PeerAddressChangeType type) to
// determine whether |type| is allowed.
if (!validate_client_addresses_) {
if (type == NO_CHANGE) {
QUIC_BUG(quic_bug_10511_35)
<< "EffectivePeerMigration started without address change.";
return;
}
QUIC_DLOG(INFO)
<< ENDPOINT << "Effective peer's ip:port changed from "
<< default_path_.peer_address.ToString() << " to "
<< GetEffectivePeerAddressFromCurrentPacket().ToString()
<< ", address change type is " << type
<< ", migrating connection without validating new client address.";
highest_packet_sent_before_effective_peer_migration_ =
sent_packet_manager_.GetLargestSentPacket();
default_path_.peer_address = GetEffectivePeerAddressFromCurrentPacket();
active_effective_peer_migration_type_ = type;
OnConnectionMigration();
return;
}
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 3, 6);
if (type == NO_CHANGE) {
UpdatePeerAddress(last_received_packet_info_.source_address);
QUIC_BUG(quic_bug_10511_36)
<< "EffectivePeerMigration started without address change.";
return;
}
// Action items:
// 1. Switch congestion controller;
// 2. Update default_path_ (addresses, validation and bytes accounting);
// 3. Save previous default path if needed;
// 4. Kick off reverse path validation if needed.
// Items 1 and 2 are must-to-do. Items 3 and 4 depends on if the new address
// is validated or not and which path the incoming packet is on.
const QuicSocketAddress current_effective_peer_address =
GetEffectivePeerAddressFromCurrentPacket();
QUIC_DLOG(INFO) << ENDPOINT << "Effective peer's ip:port changed from "
<< default_path_.peer_address.ToString() << " to "
<< current_effective_peer_address.ToString()
<< ", address change type is " << type
<< ", migrating connection.";
const QuicSocketAddress previous_direct_peer_address = direct_peer_address_;
PathState previous_default_path = std::move(default_path_);
active_effective_peer_migration_type_ = type;
MaybeClearQueuedPacketsOnPathChange();
OnConnectionMigration();
// Update congestion controller if the address change type is not PORT_CHANGE.
if (type == PORT_CHANGE) {
QUICHE_DCHECK(previous_default_path.validated ||
(alternative_path_.validated &&
alternative_path_.send_algorithm != nullptr));
// No need to store previous congestion controller because either the new
// default path is validated or the alternative path is validated and
// already has associated congestion controller.
} else {
previous_default_path.rtt_stats.emplace();
previous_default_path.rtt_stats->CloneFrom(
*sent_packet_manager_.GetRttStats());
// If the new peer address share the same IP with the alternative path, the
// connection should switch to the congestion controller of the alternative
// path. Otherwise, the connection should use a brand new one.
// In order to re-use existing code in sent_packet_manager_, reset
// congestion controller to initial state first and then change to the one
// on alternative path.
// TODO(danzh) combine these two steps into one after deprecating gQUIC.
previous_default_path.send_algorithm = OnPeerIpAddressChanged();
if (alternative_path_.peer_address.host() ==
current_effective_peer_address.host() &&
alternative_path_.send_algorithm != nullptr) {
// Update the default path with the congestion controller of the
// alternative path.
sent_packet_manager_.SetSendAlgorithm(
alternative_path_.send_algorithm.release());
sent_packet_manager_.SetRttStats(
std::move(alternative_path_.rtt_stats).value());
}
}
// Update to the new peer address.
UpdatePeerAddress(last_received_packet_info_.source_address);
// Update the default path.
if (IsAlternativePath(last_received_packet_info_.destination_address,
current_effective_peer_address)) {
SetDefaultPathState(std::move(alternative_path_));
} else {
QuicConnectionId client_connection_id;
bool stateless_reset_token_received = false;
StatelessResetToken stateless_reset_token;
FindMatchingOrNewClientConnectionIdOrToken(
previous_default_path, alternative_path_,
last_packet_destination_connection_id_, &client_connection_id,
&stateless_reset_token_received, &stateless_reset_token);
SetDefaultPathState(
PathState(last_received_packet_info_.destination_address,
current_effective_peer_address, client_connection_id,
last_packet_destination_connection_id_,
stateless_reset_token_received, stateless_reset_token));
// The path is considered validated if its peer IP address matches any
// validated path's peer IP address.
default_path_.validated =
(alternative_path_.peer_address.host() ==
current_effective_peer_address.host() &&
alternative_path_.validated) ||
(previous_default_path.validated && type == PORT_CHANGE);
}
if (!last_received_packet_info_.received_bytes_counted) {
// Increment bytes counting on the new default path.
default_path_.bytes_received_before_address_validation += last_size_;
last_received_packet_info_.received_bytes_counted = true;
}
if (!previous_default_path.validated) {
// If the old address is under validation, cancel and fail it. Failing to
// validate the old path shouldn't take any effect.
QUIC_DVLOG(1) << "Cancel validation of previous peer address change to "
<< previous_default_path.peer_address
<< " upon peer migration to " << default_path_.peer_address;
path_validator_.CancelPathValidation();
++stats_.num_peer_migration_while_validating_default_path;
}
// Clear alternative path if the new default path shares the same IP as the
// alternative path.
if (alternative_path_.peer_address.host() ==
default_path_.peer_address.host()) {
alternative_path_.Clear();
}
if (default_path_.validated) {
QUIC_DVLOG(1) << "Peer migrated to a validated address.";
// No need to save previous default path, validate new peer address or
// update bytes sent/received.
if (!(previous_default_path.validated && type == PORT_CHANGE)) {
// The alternative path was validated because of proactive reverse path
// validation.
++stats_.num_peer_migration_to_proactively_validated_address;
}
OnEffectivePeerMigrationValidated();
return;
}
// The new default address is not validated yet. Anti-amplification limit is
// enforced.
QUICHE_DCHECK(EnforceAntiAmplificationLimit());
QUIC_DVLOG(1) << "Apply anti-amplification limit to effective peer address "
<< default_path_.peer_address << " with "
<< default_path_.bytes_sent_before_address_validation
<< " bytes sent and "
<< default_path_.bytes_received_before_address_validation
<< " bytes received.";
QUICHE_DCHECK(!alternative_path_.peer_address.IsInitialized() ||
alternative_path_.peer_address.host() !=
default_path_.peer_address.host());
// Save previous default path to the altenative path.
if (previous_default_path.validated) {
// The old path is a validated path which the connection might revert back
// to later. Store it as the alternative path.
alternative_path_ = std::move(previous_default_path);
QUICHE_DCHECK(alternative_path_.send_algorithm != nullptr);
}
// If the new address is not validated and the connection is not already
// validating that address, a new reverse path validation is needed.
if (!path_validator_.IsValidatingPeerAddress(
current_effective_peer_address)) {
++stats_.num_reverse_path_validtion_upon_migration;
ValidatePath(std::make_unique<ReversePathValidationContext>(
default_path_.self_address, peer_address(),
default_path_.peer_address, this),
std::make_unique<ReversePathValidationResultDelegate>(
this, previous_direct_peer_address));
} else {
QUIC_DVLOG(1) << "Peer address " << default_path_.peer_address
<< " is already under validation, wait for result.";
++stats_.num_peer_migration_to_proactively_validated_address;
}
}
void QuicConnection::OnConnectionMigration() {
if (debug_visitor_ != nullptr) {
const QuicTime now = clock_->ApproximateNow();
if (now >= stats_.handshake_completion_time) {
debug_visitor_->OnPeerAddressChange(
active_effective_peer_migration_type_,
now - stats_.handshake_completion_time);
}
}
visitor_->OnConnectionMigration(active_effective_peer_migration_type_);
if (active_effective_peer_migration_type_ != PORT_CHANGE &&
active_effective_peer_migration_type_ != IPV4_SUBNET_CHANGE &&
!validate_client_addresses_) {
sent_packet_manager_.OnConnectionMigration(/*reset_send_algorithm=*/false);
}
}
bool QuicConnection::IsCurrentPacketConnectivityProbing() const {
return is_current_packet_connectivity_probing_;
}
bool QuicConnection::ack_frame_updated() const {
return uber_received_packet_manager_.IsAckFrameUpdated();
}
absl::string_view QuicConnection::GetCurrentPacket() {
if (current_packet_data_ == nullptr) {
return absl::string_view();
}
return absl::string_view(current_packet_data_, last_size_);
}
bool QuicConnection::MaybeConsiderAsMemoryCorruption(
const QuicStreamFrame& frame) {
if (QuicUtils::IsCryptoStreamId(transport_version(), frame.stream_id) ||
last_decrypted_packet_level_ != ENCRYPTION_INITIAL) {
return false;
}
if (perspective_ == Perspective::IS_SERVER &&
frame.data_length >= sizeof(kCHLO) &&
strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kCHLO),
sizeof(kCHLO)) == 0) {
return true;
}
if (perspective_ == Perspective::IS_CLIENT &&
frame.data_length >= sizeof(kREJ) &&
strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kREJ),
sizeof(kREJ)) == 0) {
return true;
}
return false;
}
void QuicConnection::MaybeSendProbingRetransmissions() {
QUICHE_DCHECK(fill_up_link_during_probing_);
// Don't send probing retransmissions until the handshake has completed.
if (!IsHandshakeComplete() ||
sent_packet_manager().HasUnackedCryptoPackets()) {
return;
}
if (probing_retransmission_pending_) {
QUIC_BUG(quic_bug_10511_37)
<< "MaybeSendProbingRetransmissions is called while another call "
"to it is already in progress";
return;
}
probing_retransmission_pending_ = true;
SendProbingRetransmissions();
probing_retransmission_pending_ = false;
}
void QuicConnection::CheckIfApplicationLimited() {
if (!connected_ || probing_retransmission_pending_) {
return;
}
bool application_limited =
buffered_packets_.empty() && !visitor_->WillingAndAbleToWrite();
if (!application_limited) {
return;
}
if (fill_up_link_during_probing_) {
MaybeSendProbingRetransmissions();
if (!CanWrite(HAS_RETRANSMITTABLE_DATA)) {
return;
}
}
sent_packet_manager_.OnApplicationLimited();
}
bool QuicConnection::UpdatePacketContent(QuicFrameType type) {
most_recent_frame_type_ = type;
if (version().HasIetfQuicFrames()) {
if (!QuicUtils::IsProbingFrame(type)) {
MaybeStartIetfPeerMigration();
return connected_;
}
QuicSocketAddress current_effective_peer_address =
GetEffectivePeerAddressFromCurrentPacket();
if (!count_bytes_on_alternative_path_separately_ ||
IsDefaultPath(last_received_packet_info_.destination_address,
last_received_packet_info_.source_address)) {
return connected_;
}
QUIC_CODE_COUNT_N(quic_count_bytes_on_alternative_path_seperately, 3, 5);
if (perspective_ == Perspective::IS_SERVER &&
type == PATH_CHALLENGE_FRAME &&
!IsAlternativePath(last_received_packet_info_.destination_address,
current_effective_peer_address)) {
QUIC_DVLOG(1)
<< "The peer is probing a new path with effective peer address "
<< current_effective_peer_address << ", self address "
<< last_received_packet_info_.destination_address;
if (!validate_client_addresses_) {
QuicConnectionId client_cid;
bool stateless_reset_token_received = false;
StatelessResetToken stateless_reset_token;
FindMatchingOrNewClientConnectionIdOrToken(
default_path_, alternative_path_,
last_packet_destination_connection_id_, &client_cid,
&stateless_reset_token_received, &stateless_reset_token);
alternative_path_ =
PathState(last_received_packet_info_.destination_address,
current_effective_peer_address, client_cid,
last_packet_destination_connection_id_,
stateless_reset_token_received, stateless_reset_token);
} else if (!default_path_.validated) {
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 4, 6);
// Skip reverse path validation because either handshake hasn't
// completed or the connection is validating the default path. Using
// PATH_CHALLENGE to validate alternative client address before
// handshake gets comfirmed is meaningless because anyone can respond to
// it. If the connection is validating the default path, this
// alternative path is currently the only validated path which shouldn't
// be overridden.
QUIC_DVLOG(1) << "The connection hasn't finished handshake or is "
"validating a recent peer address change.";
QUIC_BUG_IF(quic_bug_12714_30,
IsHandshakeConfirmed() && !alternative_path_.validated)
<< "No validated peer address to send after handshake comfirmed.";
} else if (!IsReceivedPeerAddressValidated()) {
QUIC_CODE_COUNT_N(quic_server_reverse_validate_new_path3, 5, 6);
QuicConnectionId client_connection_id;
bool stateless_reset_token_received;
StatelessResetToken stateless_reset_token;
FindMatchingOrNewClientConnectionIdOrToken(
default_path_, alternative_path_,
last_packet_destination_connection_id_, &client_connection_id,
&stateless_reset_token_received, &stateless_reset_token);
// Only override alternative path state upon receiving a PATH_CHALLENGE
// from an unvalidated peer address, and the connection isn't validating
// a recent peer migration.
alternative_path_ =
PathState(last_received_packet_info_.destination_address,
current_effective_peer_address, client_connection_id,
last_packet_destination_connection_id_,
stateless_reset_token_received, stateless_reset_token);
if (group_path_response_and_challenge_sending_closer_) {
should_proactively_validate_peer_address_on_path_challenge_ = true;
} else {
// Conditions to proactively validate peer address:
// The perspective is server
// The PATH_CHALLENGE is received on an unvalidated alternative path.
// The connection isn't validating migrated peer address, which is of
// higher prority.
QUIC_DVLOG(1) << "Proactively validate the effective peer address "
<< current_effective_peer_address;
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 1, 6);
ValidatePath(std::make_unique<ReversePathValidationContext>(
default_path_.self_address,
last_received_packet_info_.source_address,
current_effective_peer_address, this),
std::make_unique<ReversePathValidationResultDelegate>(
this, peer_address()));
}
}
}
MaybeUpdateBytesReceivedFromAlternativeAddress(last_size_);
return connected_;
}
// Packet content is tracked to identify connectivity probe in non-IETF
// version, where a connectivity probe is defined as
// - a padded PING packet with peer address change received by server,
// - a padded PING packet on new path received by client.
if (current_packet_content_ == NOT_PADDED_PING) {
// We have already learned the current packet is not a connectivity
// probing packet. Peer migration should have already been started earlier
// if needed.
return connected_;
}
if (type == PING_FRAME) {
if (current_packet_content_ == NO_FRAMES_RECEIVED) {
current_packet_content_ = FIRST_FRAME_IS_PING;
return connected_;
}
}
// In Google QUIC, we look for a packet with just a PING and PADDING.
// If the condition is met, mark things as connectivity-probing, causing
// later processing to generate the correct response.
if (type == PADDING_FRAME && current_packet_content_ == FIRST_FRAME_IS_PING) {
current_packet_content_ = SECOND_FRAME_IS_PADDING;
if (perspective_ == Perspective::IS_SERVER) {
is_current_packet_connectivity_probing_ =
current_effective_peer_migration_type_ != NO_CHANGE;
QUIC_DLOG_IF(INFO, is_current_packet_connectivity_probing_)
<< ENDPOINT
<< "Detected connectivity probing packet. "
"current_effective_peer_migration_type_:"
<< current_effective_peer_migration_type_;
} else {
is_current_packet_connectivity_probing_ =
(last_received_packet_info_.source_address != peer_address()) ||
(last_received_packet_info_.destination_address !=
default_path_.self_address);
QUIC_DLOG_IF(INFO, is_current_packet_connectivity_probing_)
<< ENDPOINT
<< "Detected connectivity probing packet. "
"last_packet_source_address:"
<< last_received_packet_info_.source_address
<< ", peer_address_:" << peer_address()
<< ", last_packet_destination_address:"
<< last_received_packet_info_.destination_address
<< ", default path self_address :" << default_path_.self_address;
}
return connected_;
}
current_packet_content_ = NOT_PADDED_PING;
if (GetLargestReceivedPacket().IsInitialized() &&
last_header_.packet_number == GetLargestReceivedPacket()) {
UpdatePeerAddress(last_received_packet_info_.source_address);
if (current_effective_peer_migration_type_ != NO_CHANGE) {
// Start effective peer migration immediately when the current packet is
// confirmed not a connectivity probing packet.
StartEffectivePeerMigration(current_effective_peer_migration_type_);
}
}
current_effective_peer_migration_type_ = NO_CHANGE;
return connected_;
}
void QuicConnection::MaybeStartIetfPeerMigration() {
QUICHE_DCHECK(version().HasIetfQuicFrames());
if (current_effective_peer_migration_type_ != NO_CHANGE &&
!IsHandshakeConfirmed()) {
QUIC_LOG_EVERY_N_SEC(INFO, 60)
<< ENDPOINT << "Effective peer's ip:port changed from "
<< default_path_.peer_address.ToString() << " to "
<< GetEffectivePeerAddressFromCurrentPacket().ToString()
<< " before handshake confirmed, "
"current_effective_peer_migration_type_: "
<< current_effective_peer_migration_type_;
// Peer migrated before handshake gets confirmed.
CloseConnection((current_effective_peer_migration_type_ == PORT_CHANGE
? QUIC_PEER_PORT_CHANGE_HANDSHAKE_UNCONFIRMED
: QUIC_CONNECTION_MIGRATION_HANDSHAKE_UNCONFIRMED),
"Peer address changed before handshake is confirmed.",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return;
}
if (GetLargestReceivedPacket().IsInitialized() &&
last_header_.packet_number == GetLargestReceivedPacket()) {
if (current_effective_peer_migration_type_ != NO_CHANGE) {
// Start effective peer migration when the current packet contains a
// non-probing frame.
// TODO(fayang): When multiple packet number spaces is supported, only
// start peer migration for the application data.
if (!validate_client_addresses_) {
UpdatePeerAddress(last_received_packet_info_.source_address);
}
StartEffectivePeerMigration(current_effective_peer_migration_type_);
} else {
UpdatePeerAddress(last_received_packet_info_.source_address);
}
}
current_effective_peer_migration_type_ = NO_CHANGE;
}
void QuicConnection::PostProcessAfterAckFrame(bool send_stop_waiting,
bool acked_new_packet) {
if (no_stop_waiting_frames_ && !packet_creator_.has_ack()) {
uber_received_packet_manager_.DontWaitForPacketsBefore(
last_decrypted_packet_level_,
SupportsMultiplePacketNumberSpaces()
? sent_packet_manager_.GetLargestPacketPeerKnowsIsAcked(
last_decrypted_packet_level_)
: sent_packet_manager_.largest_packet_peer_knows_is_acked());
}
// Always reset the retransmission alarm when an ack comes in, since we now
// have a better estimate of the current rtt than when it was set.
SetRetransmissionAlarm();
if (acked_new_packet) {
OnForwardProgressMade();
} else if (default_enable_5rto_blackhole_detection_ &&
!sent_packet_manager_.HasInFlightPackets() &&
blackhole_detector_.IsDetectionInProgress()) {
// In case no new packets get acknowledged, it is possible packets are
// detected lost because of time based loss detection. Cancel blackhole
// detection if there is no packets in flight.
blackhole_detector_.StopDetection();
}
if (send_stop_waiting) {
++stop_waiting_count_;
} else {
stop_waiting_count_ = 0;
}
}
void QuicConnection::SetSessionNotifier(
SessionNotifierInterface* session_notifier) {
sent_packet_manager_.SetSessionNotifier(session_notifier);
}
void QuicConnection::SetDataProducer(
QuicStreamFrameDataProducer* data_producer) {
framer_.set_data_producer(data_producer);
}
void QuicConnection::SetTransmissionType(TransmissionType type) {
packet_creator_.SetTransmissionType(type);
}
void QuicConnection::UpdateReleaseTimeIntoFuture() {
QUICHE_DCHECK(supports_release_time_);
const QuicTime::Delta prior_max_release_time = release_time_into_future_;
release_time_into_future_ = std::max(
QuicTime::Delta::FromMilliseconds(kMinReleaseTimeIntoFutureMs),
std::min(
QuicTime::Delta::FromMilliseconds(
GetQuicFlag(FLAGS_quic_max_pace_time_into_future_ms)),
sent_packet_manager_.GetRttStats()->SmoothedOrInitialRtt() *
GetQuicFlag(FLAGS_quic_pace_time_into_future_srtt_fraction)));
QUIC_DVLOG(3) << "Updated max release time delay from "
<< prior_max_release_time << " to "
<< release_time_into_future_;
}
void QuicConnection::ResetAckStates() {
ack_alarm_->Cancel();
stop_waiting_count_ = 0;
uber_received_packet_manager_.ResetAckStates(encryption_level_);
}
MessageStatus QuicConnection::SendMessage(QuicMessageId message_id,
absl::Span<QuicMemSlice> message,
bool flush) {
if (!VersionSupportsMessageFrames(transport_version())) {
QUIC_BUG(quic_bug_10511_38)
<< "MESSAGE frame is not supported for version " << transport_version();
return MESSAGE_STATUS_UNSUPPORTED;
}
if (MemSliceSpanTotalSize(message) > GetCurrentLargestMessagePayload()) {
return MESSAGE_STATUS_TOO_LARGE;
}
if (!connected_ || (!flush && !CanWrite(HAS_RETRANSMITTABLE_DATA))) {
return MESSAGE_STATUS_BLOCKED;
}
ScopedPacketFlusher flusher(this);
return packet_creator_.AddMessageFrame(message_id, message);
}
QuicPacketLength QuicConnection::GetCurrentLargestMessagePayload() const {
return packet_creator_.GetCurrentLargestMessagePayload();
}
QuicPacketLength QuicConnection::GetGuaranteedLargestMessagePayload() const {
return packet_creator_.GetGuaranteedLargestMessagePayload();
}
uint32_t QuicConnection::cipher_id() const {
if (version().KnowsWhichDecrypterToUse()) {
return framer_.GetDecrypter(last_decrypted_packet_level_)->cipher_id();
}
return framer_.decrypter()->cipher_id();
}
EncryptionLevel QuicConnection::GetConnectionCloseEncryptionLevel() const {
if (perspective_ == Perspective::IS_CLIENT) {
return encryption_level_;
}
if (IsHandshakeComplete()) {
// A forward secure packet has been received.
QUIC_BUG_IF(quic_bug_12714_31,
encryption_level_ != ENCRYPTION_FORWARD_SECURE)
<< ENDPOINT << "Unexpected connection close encryption level "
<< encryption_level_;
return ENCRYPTION_FORWARD_SECURE;
}
if (framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT)) {
if (encryption_level_ != ENCRYPTION_ZERO_RTT) {
if (version().HasIetfInvariantHeader()) {
QUIC_CODE_COUNT(quic_wrong_encryption_level_connection_close_ietf);
} else {
QUIC_CODE_COUNT(quic_wrong_encryption_level_connection_close);
}
}
return ENCRYPTION_ZERO_RTT;
}
return ENCRYPTION_INITIAL;
}
void QuicConnection::MaybeBundleCryptoDataWithAcks() {
QUICHE_DCHECK(SupportsMultiplePacketNumberSpaces());
if (IsHandshakeConfirmed()) {
return;
}
PacketNumberSpace space = HANDSHAKE_DATA;
if (perspective() == Perspective::IS_SERVER &&
framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL)) {
// On the server side, sends INITIAL data with INITIAL ACK if initial key is
// available.
space = INITIAL_DATA;
}
const QuicTime ack_timeout =
uber_received_packet_manager_.GetAckTimeout(space);
if (!ack_timeout.IsInitialized() ||
(ack_timeout > clock_->ApproximateNow() &&
ack_timeout > uber_received_packet_manager_.GetEarliestAckTimeout())) {
// No pending ACK of space.
return;
}
if (coalesced_packet_.length() > 0) {
// Do not bundle CRYPTO data if the ACK could be coalesced with other
// packets.
return;
}
if (!framer_.HasAnEncrypterForSpace(space)) {
QUIC_BUG(quic_bug_10511_39)
<< ENDPOINT
<< "Try to bundle crypto with ACK with missing key of space "
<< PacketNumberSpaceToString(space);
return;
}
sent_packet_manager_.RetransmitDataOfSpaceIfAny(space);
}
void QuicConnection::SendAllPendingAcks() {
QUICHE_DCHECK(SupportsMultiplePacketNumberSpaces());
QUIC_DVLOG(1) << ENDPOINT << "Trying to send all pending ACKs";
ack_alarm_->Cancel();
QuicTime earliest_ack_timeout =
uber_received_packet_manager_.GetEarliestAckTimeout();
QUIC_BUG_IF(quic_bug_12714_32, !earliest_ack_timeout.IsInitialized());
MaybeBundleCryptoDataWithAcks();
earliest_ack_timeout = uber_received_packet_manager_.GetEarliestAckTimeout();
if (!earliest_ack_timeout.IsInitialized()) {
return;
}
// Latches current encryption level.
const EncryptionLevel current_encryption_level = encryption_level_;
for (int8_t i = INITIAL_DATA; i <= APPLICATION_DATA; ++i) {
const QuicTime ack_timeout = uber_received_packet_manager_.GetAckTimeout(
static_cast<PacketNumberSpace>(i));
if (!ack_timeout.IsInitialized()) {
continue;
}
if (!framer_.HasAnEncrypterForSpace(static_cast<PacketNumberSpace>(i))) {
// The key has been dropped.
continue;
}
if (ack_timeout > clock_->ApproximateNow() &&
ack_timeout > earliest_ack_timeout) {
// Always send the earliest ACK to make forward progress in case alarm
// fires early.
continue;
}
QUIC_DVLOG(1) << ENDPOINT << "Sending ACK of packet number space "
<< PacketNumberSpaceToString(
static_cast<PacketNumberSpace>(i));
// Switch to the appropriate encryption level.
if (!use_encryption_level_context_) {
SetDefaultEncryptionLevel(
QuicUtils::GetEncryptionLevel(static_cast<PacketNumberSpace>(i)));
}
ScopedEncryptionLevelContext context(
use_encryption_level_context_ ? this : nullptr,
QuicUtils::GetEncryptionLevel(static_cast<PacketNumberSpace>(i)));
QuicFrames frames;
frames.push_back(uber_received_packet_manager_.GetUpdatedAckFrame(
static_cast<PacketNumberSpace>(i), clock_->ApproximateNow()));
const bool flushed = packet_creator_.FlushAckFrame(frames);
if (!flushed) {
// Connection is write blocked.
QUIC_BUG_IF(quic_bug_12714_33,
!writer_->IsWriteBlocked() && !LimitedByAmplificationFactor())
<< "Writer not blocked and not throttled by amplification factor, "
"but ACK not flushed for packet space:"
<< i;
break;
}
ResetAckStates();
}
if (!use_encryption_level_context_) {
// Restores encryption level.
SetDefaultEncryptionLevel(current_encryption_level);
}
const QuicTime timeout =
uber_received_packet_manager_.GetEarliestAckTimeout();
if (timeout.IsInitialized()) {
// If there are ACKs pending, re-arm ack alarm.
ack_alarm_->Update(timeout, kAlarmGranularity);
}
// Only try to bundle retransmittable data with ACK frame if default
// encryption level is forward secure.
if (encryption_level_ != ENCRYPTION_FORWARD_SECURE ||
!ShouldBundleRetransmittableFrameWithAck()) {
return;
}
consecutive_num_packets_with_no_retransmittable_frames_ = 0;
if (packet_creator_.HasPendingRetransmittableFrames() ||
visitor_->WillingAndAbleToWrite()) {
// There are pending retransmittable frames.
return;
}
visitor_->OnAckNeedsRetransmittableFrame();
}
bool QuicConnection::ShouldBundleRetransmittableFrameWithAck() const {
if (consecutive_num_packets_with_no_retransmittable_frames_ >=
max_consecutive_num_packets_with_no_retransmittable_frames_) {
return true;
}
if (bundle_retransmittable_with_pto_ack_ &&
(sent_packet_manager_.GetConsecutiveRtoCount() > 0 ||
sent_packet_manager_.GetConsecutivePtoCount() > 0)) {
// Bundle a retransmittable frame with an ACK if the PTO or RTO has fired
// in order to recover more quickly in cases of temporary network outage.
return true;
}
return false;
}
void QuicConnection::MaybeCoalescePacketOfHigherSpace() {
if (!connected() || !packet_creator_.HasSoftMaxPacketLength() ||
fill_coalesced_packet_) {
// Make sure MaybeCoalescePacketOfHigherSpace is not re-entrant.
return;
}
// INITIAL or HANDSHAKE retransmission could cause peer to derive new
// keys, such that the buffered undecryptable packets may be processed.
// This endpoint would derive an inflated RTT sample (which includes the PTO
// timeout) when receiving ACKs of those undecryptable packets. To mitigate
// this, tries to coalesce a packet of higher encryption level.
for (EncryptionLevel retransmission_level :
{ENCRYPTION_INITIAL, ENCRYPTION_HANDSHAKE}) {
// Coalesce HANDSHAKE with INITIAL retransmission, and coalesce 1-RTT with
// HANDSHAKE retransmission.
const EncryptionLevel coalesced_level =
retransmission_level == ENCRYPTION_INITIAL ? ENCRYPTION_HANDSHAKE
: ENCRYPTION_FORWARD_SECURE;
if (coalesced_packet_.ContainsPacketOfEncryptionLevel(
retransmission_level) &&
coalesced_packet_.TransmissionTypeOfPacket(retransmission_level) !=
NOT_RETRANSMISSION &&
framer_.HasEncrypterOfEncryptionLevel(coalesced_level) &&
!coalesced_packet_.ContainsPacketOfEncryptionLevel(coalesced_level)) {
fill_coalesced_packet_ = true;
sent_packet_manager_.RetransmitDataOfSpaceIfAny(
QuicUtils::GetPacketNumberSpace(coalesced_level));
fill_coalesced_packet_ = false;
}
}
}
bool QuicConnection::FlushCoalescedPacket() {
ScopedCoalescedPacketClearer clearer(&coalesced_packet_);
if (!connected_) {
return false;
}
if (!version().CanSendCoalescedPackets()) {
QUIC_BUG_IF(quic_bug_12714_34, coalesced_packet_.length() > 0);
return true;
}
if (coalesced_packet_.ContainsPacketOfEncryptionLevel(ENCRYPTION_INITIAL) &&
!framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL)) {
// Initial packet will be re-serialized. Neuter it in case initial key has
// been dropped.
QUIC_BUG(quic_bug_10511_40)
<< ENDPOINT
<< "Coalescer contains initial packet while initial key has "
"been dropped.";
coalesced_packet_.NeuterInitialPacket();
}
if (coalesced_packet_.length() == 0) {
return true;
}
char buffer[kMaxOutgoingPacketSize];
const size_t length = packet_creator_.SerializeCoalescedPacket(
coalesced_packet_, buffer, coalesced_packet_.max_packet_length());
if (length == 0) {
return false;
}
QUIC_DVLOG(1) << ENDPOINT << "Sending coalesced packet "
<< coalesced_packet_.ToString(length);
if (!buffered_packets_.empty() || HandleWriteBlocked()) {
QUIC_DVLOG(1) << ENDPOINT
<< "Buffering coalesced packet of len: " << length;
buffered_packets_.emplace_back(
buffer, static_cast<QuicPacketLength>(length),
coalesced_packet_.self_address(), coalesced_packet_.peer_address());
if (debug_visitor_ != nullptr) {
debug_visitor_->OnCoalescedPacketSent(coalesced_packet_, length);
}
return true;
}
WriteResult result = writer_->WritePacket(
buffer, length, coalesced_packet_.self_address().host(),
coalesced_packet_.peer_address(), per_packet_options_);
if (IsWriteError(result.status)) {
OnWriteError(result.error_code);
return false;
}
if (IsWriteBlockedStatus(result.status)) {
visitor_->OnWriteBlocked();
if (result.status != WRITE_STATUS_BLOCKED_DATA_BUFFERED) {
QUIC_DVLOG(1) << ENDPOINT
<< "Buffering coalesced packet of len: " << length;
buffered_packets_.emplace_back(
buffer, static_cast<QuicPacketLength>(length),
coalesced_packet_.self_address(), coalesced_packet_.peer_address());
}
}
if (debug_visitor_ != nullptr) {
debug_visitor_->OnCoalescedPacketSent(coalesced_packet_, length);
}
// Account for added padding.
if (length > coalesced_packet_.length()) {
size_t padding_size = length - coalesced_packet_.length();
if (!count_bytes_on_alternative_path_separately_) {
if (EnforceAntiAmplificationLimit()) {
default_path_.bytes_sent_before_address_validation += padding_size;
}
} else {
QUIC_CODE_COUNT_N(quic_count_bytes_on_alternative_path_seperately, 5, 5);
if (IsDefaultPath(coalesced_packet_.self_address(),
coalesced_packet_.peer_address())) {
if (EnforceAntiAmplificationLimit()) {
// Include bytes sent even if they are not in flight.
default_path_.bytes_sent_before_address_validation += padding_size;
}
} else {
MaybeUpdateBytesSentToAlternativeAddress(
coalesced_packet_.peer_address(), padding_size);
}
}
stats_.bytes_sent += padding_size;
if (coalesced_packet_.initial_packet() != nullptr &&
coalesced_packet_.initial_packet()->transmission_type !=
NOT_RETRANSMISSION) {
stats_.bytes_retransmitted += padding_size;
}
}
return true;
}
void QuicConnection::MaybeEnableMultiplePacketNumberSpacesSupport() {
if (version().handshake_protocol != PROTOCOL_TLS1_3) {
return;
}
QUIC_DVLOG(1) << ENDPOINT << "connection " << connection_id()
<< " supports multiple packet number spaces";
framer_.EnableMultiplePacketNumberSpacesSupport();
sent_packet_manager_.EnableMultiplePacketNumberSpacesSupport();
uber_received_packet_manager_.EnableMultiplePacketNumberSpacesSupport(
perspective_);
}
bool QuicConnection::SupportsMultiplePacketNumberSpaces() const {
return sent_packet_manager_.supports_multiple_packet_number_spaces();
}
void QuicConnection::SetLargestReceivedPacketWithAck(
QuicPacketNumber new_value) {
if (SupportsMultiplePacketNumberSpaces()) {
largest_seen_packets_with_ack_[QuicUtils::GetPacketNumberSpace(
last_decrypted_packet_level_)] = new_value;
} else {
largest_seen_packet_with_ack_ = new_value;
}
}
void QuicConnection::OnForwardProgressMade() {
if (is_path_degrading_) {
visitor_->OnForwardProgressMadeAfterPathDegrading();
is_path_degrading_ = false;
}
if (sent_packet_manager_.HasInFlightPackets()) {
// Restart detections if forward progress has been made.
blackhole_detector_.RestartDetection(GetPathDegradingDeadline(),
GetNetworkBlackholeDeadline(),
GetPathMtuReductionDeadline());
} else {
// Stop detections in quiecense.
blackhole_detector_.StopDetection();
}
QUIC_BUG_IF(quic_bug_12714_35,
default_enable_5rto_blackhole_detection_ &&
blackhole_detector_.IsDetectionInProgress() &&
!sent_packet_manager_.HasInFlightPackets())
<< ENDPOINT
<< "Trying to start blackhole detection without no bytes in flight";
}
QuicPacketNumber QuicConnection::GetLargestReceivedPacketWithAck() const {
if (SupportsMultiplePacketNumberSpaces()) {
return largest_seen_packets_with_ack_[QuicUtils::GetPacketNumberSpace(
last_decrypted_packet_level_)];
}
return largest_seen_packet_with_ack_;
}
QuicPacketNumber QuicConnection::GetLargestAckedPacket() const {
if (SupportsMultiplePacketNumberSpaces()) {
return sent_packet_manager_.GetLargestAckedPacket(
last_decrypted_packet_level_);
}
return sent_packet_manager_.GetLargestObserved();
}
QuicPacketNumber QuicConnection::GetLargestReceivedPacket() const {
return uber_received_packet_manager_.GetLargestObserved(
last_decrypted_packet_level_);
}
bool QuicConnection::EnforceAntiAmplificationLimit() const {
return version().SupportsAntiAmplificationLimit() &&
perspective_ == Perspective::IS_SERVER && !default_path_.validated;
}
// TODO(danzh) Pass in path object or its reference of some sort to use this
// method to check anti-amplification limit on non-default path.
bool QuicConnection::LimitedByAmplificationFactor() const {
return EnforceAntiAmplificationLimit() &&
default_path_.bytes_sent_before_address_validation >=
anti_amplification_factor_ *
default_path_.bytes_received_before_address_validation;
}
SerializedPacketFate QuicConnection::GetSerializedPacketFate(
bool is_mtu_discovery,
EncryptionLevel encryption_level) {
if (ShouldDiscardPacket(encryption_level)) {
return DISCARD;
}
if (legacy_version_encapsulation_in_progress_) {
QUICHE_DCHECK(!is_mtu_discovery);
return LEGACY_VERSION_ENCAPSULATE;
}
if (version().CanSendCoalescedPackets() && !coalescing_done_ &&
!is_mtu_discovery) {
if (!IsHandshakeConfirmed()) {
// Before receiving ACK for any 1-RTT packets, always try to coalesce
// packet (except MTU discovery packet).
return COALESCE;
}
if (coalesced_packet_.length() > 0) {
// If the coalescer is not empty, let this packet go through coalescer
// to avoid potential out of order sending.
return COALESCE;
}
}
if (!buffered_packets_.empty() || HandleWriteBlocked()) {
return BUFFER;
}
return SEND_TO_WRITER;
}
bool QuicConnection::IsHandshakeComplete() const {
return visitor_->GetHandshakeState() >= HANDSHAKE_COMPLETE;
}
bool QuicConnection::IsHandshakeConfirmed() const {
QUICHE_DCHECK_EQ(PROTOCOL_TLS1_3, version().handshake_protocol);
return visitor_->GetHandshakeState() == HANDSHAKE_CONFIRMED;
}
size_t QuicConnection::min_received_before_ack_decimation() const {
return uber_received_packet_manager_.min_received_before_ack_decimation();
}
void QuicConnection::set_min_received_before_ack_decimation(size_t new_value) {
uber_received_packet_manager_.set_min_received_before_ack_decimation(
new_value);
}
const QuicAckFrame& QuicConnection::ack_frame() const {
if (SupportsMultiplePacketNumberSpaces()) {
return uber_received_packet_manager_.GetAckFrame(
QuicUtils::GetPacketNumberSpace(last_decrypted_packet_level_));
}
return uber_received_packet_manager_.ack_frame();
}
void QuicConnection::set_client_connection_id(
QuicConnectionId client_connection_id) {
if (!version().SupportsClientConnectionIds()) {
QUIC_BUG_IF(quic_bug_12714_36, !client_connection_id.IsEmpty())
<< ENDPOINT << "Attempted to use client connection ID "
<< client_connection_id << " with unsupported version " << version();
return;
}
default_path_.client_connection_id = client_connection_id;
client_connection_id_is_set_ = true;
if (support_multiple_connection_ids_ && !client_connection_id.IsEmpty()) {
if (perspective_ == Perspective::IS_SERVER) {
QUICHE_DCHECK(peer_issued_cid_manager_ == nullptr);
peer_issued_cid_manager_ =
std::make_unique<QuicPeerIssuedConnectionIdManager>(
kMinNumOfActiveConnectionIds, client_connection_id, clock_,
alarm_factory_, this);
} else {
// Note in Chromium client, set_client_connection_id is not called and
// thus self_issued_cid_manager_ should be null.
self_issued_cid_manager_ = MakeSelfIssuedConnectionIdManager();
}
}
QUIC_DLOG(INFO) << ENDPOINT << "setting client connection ID to "
<< default_path_.client_connection_id
<< " for connection with server connection ID "
<< default_path_.server_connection_id;
packet_creator_.SetClientConnectionId(default_path_.client_connection_id);
framer_.SetExpectedClientConnectionIdLength(
default_path_.client_connection_id.length());
}
void QuicConnection::OnPathDegradingDetected() {
is_path_degrading_ = true;
visitor_->OnPathDegrading();
}
void QuicConnection::OnBlackholeDetected() {
if (default_enable_5rto_blackhole_detection_ &&
!sent_packet_manager_.HasInFlightPackets()) {
QUIC_BUG(quic_bug_10511_41)
<< ENDPOINT
<< "Blackhole detected, but there is no bytes in flight, version: "
<< version();
// Do not close connection if there is no bytes in flight.
return;
}
CloseConnection(QUIC_TOO_MANY_RTOS, "Network blackhole detected",
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
}
void QuicConnection::OnPathMtuReductionDetected() {
MaybeRevertToPreviousMtu();
}
void QuicConnection::OnHandshakeTimeout() {
const QuicTime::Delta duration =
clock_->ApproximateNow() - stats_.connection_creation_time;
std::string error_details = absl::StrCat(
"Handshake timeout expired after ", duration.ToDebuggingValue(),
". Timeout:",
idle_network_detector_.handshake_timeout().ToDebuggingValue());
if (perspective() == Perspective::IS_CLIENT && version().UsesTls()) {
absl::StrAppend(&error_details, UndecryptablePacketsInfo());
}
QUIC_DVLOG(1) << ENDPOINT << error_details;
CloseConnection(QUIC_HANDSHAKE_TIMEOUT, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
}
void QuicConnection::OnIdleNetworkDetected() {
const QuicTime::Delta duration =
clock_->ApproximateNow() -
idle_network_detector_.last_network_activity_time();
std::string error_details = absl::StrCat(
"No recent network activity after ", duration.ToDebuggingValue(),
". Timeout:",
idle_network_detector_.idle_network_timeout().ToDebuggingValue());
if (perspective() == Perspective::IS_CLIENT && version().UsesTls() &&
!IsHandshakeComplete()) {
absl::StrAppend(&error_details, UndecryptablePacketsInfo());
}
QUIC_DVLOG(1) << ENDPOINT << error_details;
const bool has_consecutive_pto =
sent_packet_manager_.GetConsecutiveTlpCount() > 0 ||
sent_packet_manager_.GetConsecutiveRtoCount() > 0 ||
sent_packet_manager_.GetConsecutivePtoCount() > 0;
if (has_consecutive_pto || visitor_->ShouldKeepConnectionAlive()) {
if (GetQuicReloadableFlag(quic_add_stream_info_to_idle_close_detail) &&
!has_consecutive_pto) {
// Include stream information in error detail if there are open streams.
QUIC_RELOADABLE_FLAG_COUNT(quic_add_stream_info_to_idle_close_detail);
absl::StrAppend(&error_details, ", ",
visitor_->GetStreamsInfoForLogging());
}
CloseConnection(QUIC_NETWORK_IDLE_TIMEOUT, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
return;
}
QuicErrorCode error_code = QUIC_NETWORK_IDLE_TIMEOUT;
if (idle_timeout_connection_close_behavior_ ==
ConnectionCloseBehavior::
SILENT_CLOSE_WITH_CONNECTION_CLOSE_PACKET_SERIALIZED) {
error_code = QUIC_SILENT_IDLE_TIMEOUT;
}
CloseConnection(error_code, error_details,
idle_timeout_connection_close_behavior_);
}
void QuicConnection::OnPeerIssuedConnectionIdRetired() {
QUICHE_DCHECK(peer_issued_cid_manager_ != nullptr);
QuicConnectionId* default_path_cid =
perspective_ == Perspective::IS_CLIENT
? &default_path_.server_connection_id
: &default_path_.client_connection_id;
QuicConnectionId* alternative_path_cid =
perspective_ == Perspective::IS_CLIENT
? &alternative_path_.server_connection_id
: &alternative_path_.client_connection_id;
bool default_path_and_alternative_path_use_the_same_peer_connection_id =
*default_path_cid == *alternative_path_cid;
if (!default_path_cid->IsEmpty() &&
!peer_issued_cid_manager_->IsConnectionIdActive(*default_path_cid)) {
*default_path_cid = QuicConnectionId();
}
// TODO(haoyuewang) Handle the change for default_path_ & alternatvie_path_
// via the same helper function.
if (default_path_cid->IsEmpty()) {
// Try setting a new connection ID now such that subsequent
// RetireConnectionId frames can be sent on the default path.
const QuicConnectionIdData* unused_connection_id_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
if (unused_connection_id_data != nullptr) {
*default_path_cid = unused_connection_id_data->connection_id;
default_path_.stateless_reset_token =
unused_connection_id_data->stateless_reset_token;
default_path_.stateless_reset_token_received = true;
if (perspective_ == Perspective::IS_CLIENT) {
packet_creator_.SetServerConnectionId(
unused_connection_id_data->connection_id);
} else {
packet_creator_.SetClientConnectionId(
unused_connection_id_data->connection_id);
}
}
}
if (default_path_and_alternative_path_use_the_same_peer_connection_id) {
*alternative_path_cid = *default_path_cid;
alternative_path_.stateless_reset_token_received =
default_path_.stateless_reset_token_received;
alternative_path_.stateless_reset_token =
default_path_.stateless_reset_token;
} else if (!alternative_path_cid->IsEmpty() &&
!peer_issued_cid_manager_->IsConnectionIdActive(
*alternative_path_cid)) {
*alternative_path_cid = EmptyQuicConnectionId();
const QuicConnectionIdData* unused_connection_id_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
if (unused_connection_id_data != nullptr) {
*alternative_path_cid = unused_connection_id_data->connection_id;
alternative_path_.stateless_reset_token =
unused_connection_id_data->stateless_reset_token;
alternative_path_.stateless_reset_token_received = true;
}
}
std::vector<uint64_t> retired_cid_sequence_numbers =
peer_issued_cid_manager_->ConsumeToBeRetiredConnectionIdSequenceNumbers();
QUICHE_DCHECK(!retired_cid_sequence_numbers.empty());
for (const auto& sequence_number : retired_cid_sequence_numbers) {
++stats_.num_retire_connection_id_sent;
visitor_->SendRetireConnectionId(sequence_number);
}
}
bool QuicConnection::SendNewConnectionId(
const QuicNewConnectionIdFrame& frame) {
visitor_->SendNewConnectionId(frame);
++stats_.num_new_connection_id_sent;
return connected_;
}
void QuicConnection::OnNewConnectionIdIssued(
const QuicConnectionId& connection_id) {
if (perspective_ == Perspective::IS_SERVER) {
visitor_->OnServerConnectionIdIssued(connection_id);
}
}
void QuicConnection::OnSelfIssuedConnectionIdRetired(
const QuicConnectionId& connection_id) {
if (perspective_ == Perspective::IS_SERVER) {
visitor_->OnServerConnectionIdRetired(connection_id);
}
}
void QuicConnection::MaybeUpdateAckTimeout() {
if (should_last_packet_instigate_acks_) {
return;
}
should_last_packet_instigate_acks_ = true;
uber_received_packet_manager_.MaybeUpdateAckTimeout(
/*should_last_packet_instigate_acks=*/true, last_decrypted_packet_level_,
last_header_.packet_number, clock_->ApproximateNow(),
sent_packet_manager_.GetRttStats());
}
QuicTime QuicConnection::GetPathDegradingDeadline() const {
if (!ShouldDetectPathDegrading()) {
return QuicTime::Zero();
}
return clock_->ApproximateNow() +
sent_packet_manager_.GetPathDegradingDelay();
}
bool QuicConnection::ShouldDetectPathDegrading() const {
if (!connected_) {
return false;
}
// No path degrading detection before handshake completes.
if (!idle_network_detector_.handshake_timeout().IsInfinite()) {
return false;
}
return perspective_ == Perspective::IS_CLIENT && !is_path_degrading_;
}
QuicTime QuicConnection::GetNetworkBlackholeDeadline() const {
if (!ShouldDetectBlackhole()) {
return QuicTime::Zero();
}
QUICHE_DCHECK_LT(0u, num_rtos_for_blackhole_detection_);
return clock_->ApproximateNow() +
sent_packet_manager_.GetNetworkBlackholeDelay(
num_rtos_for_blackhole_detection_);
}
bool QuicConnection::ShouldDetectBlackhole() const {
if (!connected_ || blackhole_detection_disabled_) {
return false;
}
// No blackhole detection before handshake completes.
if (default_enable_5rto_blackhole_detection_) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_default_enable_5rto_blackhole_detection2,
3, 3);
return IsHandshakeComplete();
}
if (!idle_network_detector_.handshake_timeout().IsInfinite()) {
return false;
}
return num_rtos_for_blackhole_detection_ > 0;
}
QuicTime QuicConnection::GetRetransmissionDeadline() const {
if (perspective_ == Perspective::IS_CLIENT &&
SupportsMultiplePacketNumberSpaces() && !IsHandshakeConfirmed() &&
stats_.pto_count == 0 &&
!framer_.HasDecrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE) &&
!undecryptable_packets_.empty()) {
// Retransmits ClientHello quickly when a Handshake or 1-RTT packet is
// received prior to having Handshake keys. Adding kAlarmGranulary will
// avoid spurious retransmissions in the case of small-scale reordering.
return clock_->ApproximateNow() + kAlarmGranularity;
}
return sent_packet_manager_.GetRetransmissionTime();
}
bool QuicConnection::SendPathChallenge(
const QuicPathFrameBuffer& data_buffer,
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
const QuicSocketAddress& effective_peer_address,
QuicPacketWriter* writer) {
if (!framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) {
return connected_;
}
if (connection_migration_use_new_cid_) {
{
QuicConnectionId client_cid, server_cid;
FindOnPathConnectionIds(self_address, effective_peer_address, &client_cid,
&server_cid);
QuicPacketCreator::ScopedPeerAddressContext context(
&packet_creator_, peer_address, client_cid, server_cid,
connection_migration_use_new_cid_);
if (writer == writer_) {
ScopedPacketFlusher flusher(this);
// It's on current path, add the PATH_CHALLENGE the same way as other
// frames. This may cause connection to be closed.
packet_creator_.AddPathChallengeFrame(data_buffer);
} else {
std::unique_ptr<SerializedPacket> probing_packet =
packet_creator_.SerializePathChallengeConnectivityProbingPacket(
data_buffer);
QUICHE_DCHECK_EQ(IsRetransmittable(*probing_packet),
NO_RETRANSMITTABLE_DATA);
QUICHE_DCHECK_EQ(self_address, alternative_path_.self_address);
WritePacketUsingWriter(std::move(probing_packet), writer, self_address,
peer_address, /*measure_rtt=*/false);
}
}
return connected_;
}
if (writer == writer_) {
ScopedPacketFlusher flusher(this);
{
// It's on current path, add the PATH_CHALLENGE the same way as other
// frames.
QuicPacketCreator::ScopedPeerAddressContext context(
&packet_creator_, peer_address, /*update_connection_id=*/false);
// This may cause connection to be closed.
packet_creator_.AddPathChallengeFrame(data_buffer);
}
// Return outside of the scope so that the flush result can be reflected.
return connected_;
}
std::unique_ptr<SerializedPacket> probing_packet =
packet_creator_.SerializePathChallengeConnectivityProbingPacket(
data_buffer);
QUICHE_DCHECK_EQ(IsRetransmittable(*probing_packet), NO_RETRANSMITTABLE_DATA);
QUICHE_DCHECK_EQ(self_address, alternative_path_.self_address);
WritePacketUsingWriter(std::move(probing_packet), writer, self_address,
peer_address, /*measure_rtt=*/false);
return true;
}
QuicTime QuicConnection::GetRetryTimeout(
const QuicSocketAddress& peer_address_to_use,
QuicPacketWriter* writer_to_use) const {
if (writer_to_use == writer_ && peer_address_to_use == peer_address()) {
return clock_->ApproximateNow() + sent_packet_manager_.GetPtoDelay();
}
return clock_->ApproximateNow() +
QuicTime::Delta::FromMilliseconds(3 * kInitialRttMs);
}
void QuicConnection::ValidatePath(
std::unique_ptr<QuicPathValidationContext> context,
std::unique_ptr<QuicPathValidator::ResultDelegate> result_delegate) {
QUICHE_DCHECK(use_path_validator_);
if (!connection_migration_use_new_cid_ &&
perspective_ == Perspective::IS_CLIENT &&
!IsDefaultPath(context->self_address(), context->peer_address())) {
alternative_path_ = PathState(
context->self_address(), context->peer_address(),
default_path_.client_connection_id, default_path_.server_connection_id,
default_path_.stateless_reset_token_received,
default_path_.stateless_reset_token);
}
if (path_validator_.HasPendingPathValidation()) {
// Cancel and fail any earlier validation.
path_validator_.CancelPathValidation();
}
if (connection_migration_use_new_cid_ &&
perspective_ == Perspective::IS_CLIENT &&
!IsDefaultPath(context->self_address(), context->peer_address())) {
if (self_issued_cid_manager_ != nullptr) {
self_issued_cid_manager_->MaybeSendNewConnectionIds();
if (!connected_) {
return;
}
}
if ((self_issued_cid_manager_ != nullptr &&
!self_issued_cid_manager_->HasConnectionIdToConsume()) ||
(peer_issued_cid_manager_ != nullptr &&
!peer_issued_cid_manager_->HasUnusedConnectionId())) {
QUIC_DVLOG(1) << "Client cannot start new path validation as there is no "
"requried connection ID is available.";
result_delegate->OnPathValidationFailure(std::move(context));
return;
}
QuicConnectionId client_connection_id, server_connection_id;
StatelessResetToken stateless_reset_token;
bool stateless_reset_token_received = false;
if (self_issued_cid_manager_ != nullptr) {
client_connection_id =
*self_issued_cid_manager_->ConsumeOneConnectionId();
}
if (peer_issued_cid_manager_ != nullptr) {
const auto* connection_id_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
server_connection_id = connection_id_data->connection_id;
stateless_reset_token_received = true;
stateless_reset_token = connection_id_data->stateless_reset_token;
}
alternative_path_ =
PathState(context->self_address(), context->peer_address(),
client_connection_id, server_connection_id,
stateless_reset_token_received, stateless_reset_token);
}
path_validator_.StartPathValidation(std::move(context),
std::move(result_delegate));
}
bool QuicConnection::SendPathResponse(
const QuicPathFrameBuffer& data_buffer,
const QuicSocketAddress& peer_address_to_send,
const QuicSocketAddress& effective_peer_address) {
if (!framer_.HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) {
return false;
}
QuicConnectionId client_cid, server_cid;
if (connection_migration_use_new_cid_) {
FindOnPathConnectionIds(last_received_packet_info_.destination_address,
effective_peer_address, &client_cid, &server_cid);
}
// Send PATH_RESPONSE using the provided peer address. If the creator has been
// using a different peer address, it will flush before and after serializing
// the current PATH_RESPONSE.
QuicPacketCreator::ScopedPeerAddressContext context(
&packet_creator_, peer_address_to_send, client_cid, server_cid,
connection_migration_use_new_cid_);
QUIC_DVLOG(1) << ENDPOINT << "Send PATH_RESPONSE to " << peer_address_to_send;
if (default_path_.self_address ==
last_received_packet_info_.destination_address) {
// The PATH_CHALLENGE is received on the default socket. Respond on the same
// socket.
return packet_creator_.AddPathResponseFrame(data_buffer);
}
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
// This PATH_CHALLENGE is received on an alternative socket which should be
// used to send PATH_RESPONSE.
if (!path_validator_.HasPendingPathValidation() ||
path_validator_.GetContext()->self_address() !=
last_received_packet_info_.destination_address) {
// Ignore this PATH_CHALLENGE if it's received from an uninteresting
// socket.
return true;
}
QuicPacketWriter* writer = path_validator_.GetContext()->WriterToUse();
std::unique_ptr<SerializedPacket> probing_packet =
packet_creator_.SerializePathResponseConnectivityProbingPacket(
{data_buffer}, /*is_padded=*/true);
QUICHE_DCHECK_EQ(IsRetransmittable(*probing_packet), NO_RETRANSMITTABLE_DATA);
QUIC_DVLOG(1) << ENDPOINT
<< "Send PATH_RESPONSE from alternative socket with address "
<< last_received_packet_info_.destination_address;
// Ignore the return value to treat write error on the alternative writer as
// part of network error. If the writer becomes blocked, wait for the peer to
// send another PATH_CHALLENGE.
WritePacketUsingWriter(std::move(probing_packet), writer,
last_received_packet_info_.destination_address,
peer_address_to_send,
/*measure_rtt=*/false);
return true;
}
void QuicConnection::UpdatePeerAddress(QuicSocketAddress peer_address) {
direct_peer_address_ = peer_address;
packet_creator_.SetDefaultPeerAddress(peer_address);
}
void QuicConnection::SendPingAtLevel(EncryptionLevel level) {
ScopedEncryptionLevelContext context(this, level);
SendControlFrame(QuicFrame(QuicPingFrame()));
}
bool QuicConnection::HasPendingPathValidation() const {
QUICHE_DCHECK(use_path_validator_);
return path_validator_.HasPendingPathValidation();
}
QuicPathValidationContext* QuicConnection::GetPathValidationContext() const {
QUICHE_DCHECK(use_path_validator_);
return path_validator_.GetContext();
}
void QuicConnection::CancelPathValidation() {
QUICHE_DCHECK(use_path_validator_);
path_validator_.CancelPathValidation();
}
bool QuicConnection::UpdateConnectionIdsOnClientMigration(
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address) {
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT);
if (IsAlternativePath(self_address, peer_address)) {
// Client migration is after path validation.
default_path_.client_connection_id = alternative_path_.client_connection_id;
default_path_.server_connection_id = alternative_path_.server_connection_id;
default_path_.stateless_reset_token =
alternative_path_.stateless_reset_token;
default_path_.stateless_reset_token_received =
alternative_path_.stateless_reset_token_received;
return true;
}
// Client migration is without path validation.
if (self_issued_cid_manager_ != nullptr) {
self_issued_cid_manager_->MaybeSendNewConnectionIds();
if (!connected_) {
return false;
}
}
if ((self_issued_cid_manager_ != nullptr &&
!self_issued_cid_manager_->HasConnectionIdToConsume()) ||
(peer_issued_cid_manager_ != nullptr &&
!peer_issued_cid_manager_->HasUnusedConnectionId())) {
return false;
}
if (self_issued_cid_manager_ != nullptr) {
default_path_.client_connection_id =
*self_issued_cid_manager_->ConsumeOneConnectionId();
}
if (peer_issued_cid_manager_ != nullptr) {
const auto* connection_id_data =
peer_issued_cid_manager_->ConsumeOneUnusedConnectionId();
default_path_.server_connection_id = connection_id_data->connection_id;
default_path_.stateless_reset_token_received = true;
default_path_.stateless_reset_token =
connection_id_data->stateless_reset_token;
}
return true;
}
void QuicConnection::RetirePeerIssuedConnectionIdsNoLongerOnPath() {
if (!connection_migration_use_new_cid_ ||
peer_issued_cid_manager_ == nullptr) {
return;
}
if (perspective_ == Perspective::IS_CLIENT) {
peer_issued_cid_manager_->MaybeRetireUnusedConnectionIds(
{default_path_.server_connection_id,
alternative_path_.server_connection_id});
} else {
peer_issued_cid_manager_->MaybeRetireUnusedConnectionIds(
{default_path_.client_connection_id,
alternative_path_.client_connection_id});
}
}
bool QuicConnection::MigratePath(const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address,
QuicPacketWriter* writer,
bool owns_writer) {
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT);
if (!connected_) {
if (owns_writer) {
delete writer;
}
return false;
}
QUICHE_DCHECK(!version().UsesHttp3() || IsHandshakeConfirmed());
if (connection_migration_use_new_cid_) {
if (!UpdateConnectionIdsOnClientMigration(self_address, peer_address)) {
if (owns_writer) {
delete writer;
}
return false;
}
if (packet_creator_.GetServerConnectionId().length() !=
default_path_.server_connection_id.length()) {
packet_creator_.FlushCurrentPacket();
}
packet_creator_.SetClientConnectionId(default_path_.client_connection_id);
packet_creator_.SetServerConnectionId(default_path_.server_connection_id);
}
const auto self_address_change_type = QuicUtils::DetermineAddressChangeType(
default_path_.self_address, self_address);
const auto peer_address_change_type = QuicUtils::DetermineAddressChangeType(
default_path_.peer_address, peer_address);
QUICHE_DCHECK(self_address_change_type != NO_CHANGE ||
peer_address_change_type != NO_CHANGE);
const bool is_port_change = (self_address_change_type == PORT_CHANGE ||
self_address_change_type == NO_CHANGE) &&
(peer_address_change_type == PORT_CHANGE ||
peer_address_change_type == NO_CHANGE);
SetSelfAddress(self_address);
UpdatePeerAddress(peer_address);
SetQuicPacketWriter(writer, owns_writer);
MaybeClearQueuedPacketsOnPathChange();
OnSuccessfulMigration(is_port_change);
return true;
}
void QuicConnection::OnPathValidationFailureAtClient() {
if (connection_migration_use_new_cid_) {
QUICHE_DCHECK(perspective_ == Perspective::IS_CLIENT);
alternative_path_.Clear();
}
// The alarm to retire connection IDs no longer on paths is scheduled at the
// end of writing and reading packet. On path validation failure, there could
// be no packet to write or read. Hence the retirement alarm for the
// connection ID associated with the failed path needs to be proactively
// scheduled here.
RetirePeerIssuedConnectionIdsNoLongerOnPath();
}
std::vector<QuicConnectionId> QuicConnection::GetActiveServerConnectionIds()
const {
if (!support_multiple_connection_ids_ ||
self_issued_cid_manager_ == nullptr) {
return {default_path_.server_connection_id};
}
return self_issued_cid_manager_->GetUnretiredConnectionIds();
}
void QuicConnection::CreateConnectionIdManager() {
if (!support_multiple_connection_ids_) {
return;
}
if (perspective_ == Perspective::IS_CLIENT) {
if (!default_path_.server_connection_id.IsEmpty()) {
peer_issued_cid_manager_ =
std::make_unique<QuicPeerIssuedConnectionIdManager>(
kMinNumOfActiveConnectionIds, default_path_.server_connection_id,
clock_, alarm_factory_, this);
}
} else {
if (!default_path_.server_connection_id.IsEmpty()) {
self_issued_cid_manager_ = MakeSelfIssuedConnectionIdManager();
}
}
}
void QuicConnection::SetUnackedMapInitialCapacity() {
sent_packet_manager_.ReserveUnackedPacketsInitialCapacity(
GetUnackedMapInitialCapacity());
}
void QuicConnection::SetSourceAddressTokenToSend(absl::string_view token) {
QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
if (!packet_creator_.HasRetryToken()) {
// Ignore received tokens (via NEW_TOKEN frame) from previous connections
// when a RETRY token has been received.
packet_creator_.SetRetryToken(std::string(token.data(), token.length()));
}
}
void QuicConnection::MaybeUpdateBytesSentToAlternativeAddress(
const QuicSocketAddress& peer_address,
QuicByteCount sent_packet_size) {
if (!version().SupportsAntiAmplificationLimit() ||
perspective_ != Perspective::IS_SERVER) {
return;
}
QUICHE_DCHECK(!IsDefaultPath(default_path_.self_address, peer_address));
if (!IsAlternativePath(default_path_.self_address, peer_address)) {
QUIC_DLOG(INFO) << "Wrote to uninteresting peer address: " << peer_address
<< " default direct_peer_address_ " << direct_peer_address_
<< " alternative path peer address "
<< alternative_path_.peer_address;
return;
}
if (alternative_path_.validated) {
return;
}
if (alternative_path_.bytes_sent_before_address_validation >=
anti_amplification_factor_ *
alternative_path_.bytes_received_before_address_validation) {
QUIC_LOG_FIRST_N(WARNING, 100)
<< "Server sent more data than allowed to unverified alternative "
"peer address "
<< peer_address << " bytes sent "
<< alternative_path_.bytes_sent_before_address_validation
<< ", bytes received "
<< alternative_path_.bytes_received_before_address_validation;
}
alternative_path_.bytes_sent_before_address_validation += sent_packet_size;
}
void QuicConnection::MaybeUpdateBytesReceivedFromAlternativeAddress(
QuicByteCount received_packet_size) {
if (!version().SupportsAntiAmplificationLimit() ||
perspective_ != Perspective::IS_SERVER ||
!IsAlternativePath(last_received_packet_info_.destination_address,
GetEffectivePeerAddressFromCurrentPacket()) ||
last_received_packet_info_.received_bytes_counted) {
return;
}
// Only update bytes received if this probing frame is received on the most
// recent alternative path.
QUICHE_DCHECK(!IsDefaultPath(last_received_packet_info_.destination_address,
GetEffectivePeerAddressFromCurrentPacket()));
if (!alternative_path_.validated) {
alternative_path_.bytes_received_before_address_validation +=
received_packet_size;
}
last_received_packet_info_.received_bytes_counted = true;
}
bool QuicConnection::IsDefaultPath(
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address) const {
return direct_peer_address_ == peer_address &&
default_path_.self_address == self_address;
}
bool QuicConnection::IsAlternativePath(
const QuicSocketAddress& self_address,
const QuicSocketAddress& peer_address) const {
return alternative_path_.peer_address == peer_address &&
alternative_path_.self_address == self_address;
}
void QuicConnection::PathState::Clear() {
self_address = QuicSocketAddress();
peer_address = QuicSocketAddress();
client_connection_id = {};
server_connection_id = {};
stateless_reset_token_received = false;
validated = false;
bytes_received_before_address_validation = 0;
bytes_sent_before_address_validation = 0;
send_algorithm = nullptr;
rtt_stats = absl::nullopt;
}
QuicConnection::PathState::PathState(PathState&& other) {
*this = std::move(other);
}
QuicConnection::PathState& QuicConnection::PathState::operator=(
QuicConnection::PathState&& other) {
if (this != &other) {
self_address = other.self_address;
peer_address = other.peer_address;
client_connection_id = other.client_connection_id;
server_connection_id = other.server_connection_id;
stateless_reset_token_received = other.stateless_reset_token_received;
stateless_reset_token = other.stateless_reset_token;
validated = other.validated;
bytes_received_before_address_validation =
other.bytes_received_before_address_validation;
bytes_sent_before_address_validation =
other.bytes_sent_before_address_validation;
send_algorithm = std::move(other.send_algorithm);
if (other.rtt_stats.has_value()) {
rtt_stats.emplace();
rtt_stats->CloneFrom(other.rtt_stats.value());
} else {
rtt_stats.reset();
}
other.Clear();
}
return *this;
}
bool QuicConnection::IsReceivedPeerAddressValidated() const {
QuicSocketAddress current_effective_peer_address =
GetEffectivePeerAddressFromCurrentPacket();
QUICHE_DCHECK(current_effective_peer_address.IsInitialized());
return (alternative_path_.peer_address.host() ==
current_effective_peer_address.host() &&
alternative_path_.validated) ||
(default_path_.validated && default_path_.peer_address.host() ==
current_effective_peer_address.host());
}
QuicConnection::ReversePathValidationResultDelegate::
ReversePathValidationResultDelegate(
QuicConnection* connection,
const QuicSocketAddress& direct_peer_address)
: QuicPathValidator::ResultDelegate(),
connection_(connection),
original_direct_peer_address_(direct_peer_address) {}
void QuicConnection::ReversePathValidationResultDelegate::
OnPathValidationSuccess(
std::unique_ptr<QuicPathValidationContext> context) {
QUIC_DLOG(INFO) << "Successfully validated new path " << *context;
if (connection_->IsDefaultPath(context->self_address(),
context->peer_address())) {
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 3, 6);
connection_->OnEffectivePeerMigrationValidated();
} else {
QUICHE_DCHECK(connection_->IsAlternativePath(
context->self_address(), context->effective_peer_address()));
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 4, 6);
QUIC_DVLOG(1) << "Mark alternative peer address "
<< context->effective_peer_address() << " validated.";
connection_->alternative_path_.validated = true;
}
}
void QuicConnection::ReversePathValidationResultDelegate::
OnPathValidationFailure(
std::unique_ptr<QuicPathValidationContext> context) {
if (!connection_->connected()) {
return;
}
QUIC_DLOG(INFO) << "Fail to validate new path " << *context;
if (connection_->IsDefaultPath(context->self_address(),
context->peer_address())) {
// Only act upon validation failure on the default path.
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 5, 6);
connection_->RestoreToLastValidatedPath(original_direct_peer_address_);
} else if (connection_->IsAlternativePath(
context->self_address(), context->effective_peer_address())) {
QUIC_CODE_COUNT_N(quic_kick_off_client_address_validation, 6, 6);
connection_->alternative_path_.Clear();
}
}
QuicConnection::ScopedRetransmissionTimeoutIndicator::
ScopedRetransmissionTimeoutIndicator(QuicConnection* connection)
: connection_(connection) {
QUICHE_DCHECK(!connection_->in_on_retransmission_time_out_)
<< "ScopedRetransmissionTimeoutIndicator is not supposed to be nested";
connection_->in_on_retransmission_time_out_ = true;
}
QuicConnection::ScopedRetransmissionTimeoutIndicator::
~ScopedRetransmissionTimeoutIndicator() {
QUICHE_DCHECK(connection_->in_on_retransmission_time_out_);
connection_->in_on_retransmission_time_out_ = false;
}
void QuicConnection::RestoreToLastValidatedPath(
QuicSocketAddress original_direct_peer_address) {
QUIC_DLOG(INFO) << "Switch back to use the old peer address "
<< alternative_path_.peer_address;
if (!alternative_path_.validated) {
// If not validated by now, close connection silently so that the following
// packets received will be rejected.
CloseConnection(QUIC_INTERNAL_ERROR,
"No validated peer address to use after reverse path "
"validation failure.",
ConnectionCloseBehavior::SILENT_CLOSE);
return;
}
MaybeClearQueuedPacketsOnPathChange();
// Revert congestion control context to old state.
OnPeerIpAddressChanged();
if (alternative_path_.send_algorithm != nullptr) {
sent_packet_manager_.SetSendAlgorithm(
alternative_path_.send_algorithm.release());
sent_packet_manager_.SetRttStats(alternative_path_.rtt_stats.value());
} else {
QUIC_BUG(quic_bug_10511_42)
<< "Fail to store congestion controller before migration.";
}
UpdatePeerAddress(original_direct_peer_address);
SetDefaultPathState(std::move(alternative_path_));
active_effective_peer_migration_type_ = NO_CHANGE;
++stats_.num_invalid_peer_migration;
// The reverse path validation failed because of alarm firing, flush all the
// pending writes previously throttled by anti-amplification limit.
WriteIfNotBlocked();
}
std::unique_ptr<SendAlgorithmInterface>
QuicConnection::OnPeerIpAddressChanged() {
QUICHE_DCHECK(validate_client_addresses_);
std::unique_ptr<SendAlgorithmInterface> old_send_algorithm =
sent_packet_manager_.OnConnectionMigration(
/*reset_send_algorithm=*/true);
// OnConnectionMigration() should have marked in-flight packets to be
// retransmitted if there is any.
QUICHE_DCHECK(!sent_packet_manager_.HasInFlightPackets());
// OnConnectionMigration() may have changed the retransmission timer, so
// re-arm it.
SetRetransmissionAlarm();
// Stop detections in quiecense.
blackhole_detector_.StopDetection();
return old_send_algorithm;
}
#undef ENDPOINT // undef for jumbo builds
} // namespace quic