Begin performing Stubby handshake inspection in the prod --> off-net direction.
For now, all prod --> off-net Stubby connections will be inspected, logged, and then accepted. Once we fill out the qbone.acl with acceptable on-net clients, we can begin enforcing the ACL by flipping the qbone_enforce_acl_for_on_net_clients flag.
This change includes a renaming of the enum QbonePacketProcessor::Direction::FROM_CLIENT to FROM_OFF_NETWORK along with several other replacements of peer --> on-net and client --> off-net. These values are in reference to the direction of the packets through the tunnel, *not* in reference to the client/server roles in the TCP connection being inspected through the tunnel.
For tracking the client/server roles in each TCP connection, a new QboneTcpHandshakeInspector::Party enum has been introduced to track which side of the TCP connection is currently being inspected.
gfe-relnote: n/a (QBONE-only change)
PiperOrigin-RevId: 284260144
Change-Id: I820fcbdd9b37620fa33afcd13d5e36d8a5cac90e
diff --git a/quic/qbone/qbone_server_session.cc b/quic/qbone/qbone_server_session.cc
index 2b4a736..1360e6d 100644
--- a/quic/qbone/qbone_server_session.cc
+++ b/quic/qbone/qbone_server_session.cc
@@ -80,7 +80,7 @@
void QboneServerSession::ProcessPacketFromPeer(QuicStringPiece packet) {
string buffer = string(packet);
processor_.ProcessPacket(&buffer,
- QbonePacketProcessor::Direction::FROM_CLIENT);
+ QbonePacketProcessor::Direction::FROM_OFF_NETWORK);
}
void QboneServerSession::SendPacketToClient(QuicStringPiece packet) {
