Google Git
Sign in
quiche / quiche.git / 4b5a68aaee041f74ef8317f75183d267a4774eb1^! / . / quic / core / chlo_extractor.cc
commit4b5a68aaee041f74ef8317f75183d267a4774eb1[log] [tgz]
authordschinazi <dschinazi@google.com>Thu Aug 15 15:45:36 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Aug 16 04:55:51 2019 -0700
tree256b25e50991575885fce7bc23172e8d54d97c94
parent748cc738ca5d66168e23dedd756bbcb66066c2f9 [diff] [blame]
Do not queue coalesced undecryptable packets twice

This CL adds QuicFramerVisitorInterface::OnUndecryptablePacket and uses it to send undecryptable packets from QuicFramer to QuicConnection, instead of the previous mechanism which relied on QuicFramer::ProcessPacket returning QUIC_DECRYPTION_FAILURE. The new mechanism has the following advantages:
1) It only sends the current packet, without any subsequent coalesced packets
2) It knows if the decryption failed due to a missing key, which allows us to avoid buffering packets that we know we will never be able to decrypt

This mechanism is enabled for versions that KnowsWhichDecrypterToUse() (which are v47+ || TLS, none of which are currently enabled) and when the new flag quic_framer_uses_undecryptable_upcall is true - the intent being to enable this for all versions once the flag protection process is complete.

This CL also adds QuicDataReader::FullPayload which is required to extract only this packet without further coalesced packets, and associated test.

gfe-relnote: do not queue coalesced undecryptable packets twice, protected by disabled flag gfe2_restart_flag_quic_framer_uses_undecryptable_upcall
PiperOrigin-RevId: 263658152
Change-Id: I66aca2138e353306a5cf4fa9ec259680f4115890

diff --git a/quic/core/chlo_extractor.cc b/quic/core/chlo_extractor.cc
index 0e8e6f5..38e97bd 100644
--- a/quic/core/chlo_extractor.cc
+++ b/quic/core/chlo_extractor.cc

@@ -44,6 +44,9 @@
   void OnDecryptedPacket(EncryptionLevel /*level*/) override {}
   bool OnPacketHeader(const QuicPacketHeader& header) override;
   void OnCoalescedPacket(const QuicEncryptedPacket& packet) override;
+  void OnUndecryptablePacket(const QuicEncryptedPacket& packet,
+                             EncryptionLevel decryption_level,
+                             bool has_decryption_key) override;
   bool OnStreamFrame(const QuicStreamFrame& frame) override;
   bool OnCryptoFrame(const QuicCryptoFrame& frame) override;
   bool OnAckFrameStart(QuicPacketNumber largest_acked,
@@ -142,8 +145,15 @@
 bool ChloFramerVisitor::OnPacketHeader(const QuicPacketHeader& /*header*/) {
   return true;
 }
+
 void ChloFramerVisitor::OnCoalescedPacket(
     const QuicEncryptedPacket& /*packet*/) {}
+
+void ChloFramerVisitor::OnUndecryptablePacket(
+    const QuicEncryptedPacket& /*packet*/,
+    EncryptionLevel /*decryption_level*/,
+    bool /*has_decryption_key*/) {}
+
 bool ChloFramerVisitor::OnStreamFrame(const QuicStreamFrame& frame) {
   if (QuicVersionUsesCryptoFrames(framer_->transport_version())) {
     // CHLO will be sent in CRYPTO frames in v47 and above.