gfe-relnote: In QUIC, add anti-amplification limit. Protected by version T099.
Anti-amplification limit kicks in before address validation. Now, server can only validate address by processing HANDSHAKE encrypted packet since address validation via token is not implemented.
In T099, deprecate HANDSHAKE_MODE and PTO is armed when 1) handshake is not confirmed 2) or there is packets in flight. Such that when PTO fires, at least 1 packet is sent to avoid handshake deadlock due to anti-amplification limit in case of packet losses.
PiperOrigin-RevId: 264960590
Change-Id: Ib2d9749b773af9328f96c176a49b2505be006b00
diff --git a/quic/core/quic_connection.h b/quic/core/quic_connection.h
index 9754c14..5572f5d 100644
--- a/quic/core/quic_connection.h
+++ b/quic/core/quic_connection.h
@@ -1131,6 +1131,12 @@
// Whether incoming_connection_ids_ contains connection_id.
bool HasIncomingConnectionId(QuicConnectionId connection_id);
+ // Whether connection enforces anti-amplification limit.
+ bool EnforceAntiAmplificationLimit() const;
+
+ // Whether connection is limited by amplification factor.
+ bool LimitedByAmplificationFactor() const;
+
QuicFramer framer_;
// Contents received in the current packet, especially used to identify
@@ -1440,6 +1446,20 @@
// If max_consecutive_ptos_ > 0, close connection if consecutive PTOs is
// greater than max_consecutive_ptos.
size_t max_consecutive_ptos_;
+
+ // Bytes received before address validation. Only used when
+ // EnforceAntiAmplificationLimit returns true.
+ size_t bytes_received_before_address_validation_;
+
+ // Bytes sent before address validation. Only used when
+ // EnforceAntiAmplificationLimit returns true.
+ size_t bytes_sent_before_address_validation_;
+
+ // True if peer address has been validated. Address is considered validated
+ // when 1) an address token is received and validated, or 2) a HANDSHAKE
+ // packet has been successfully processed. Only used when
+ // EnforceAntiAmplificationLimit returns true.
+ bool address_validated_;
};
} // namespace quic
