commit 692750b14feac5320c9b627f8bfa5fefc57b4c41
author QUICHE team <quiche-dev@google.com> Sun Mar 17 17:57:46 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Sun Mar 17 17:58:14 2019 -0700
tree 65a4b32cf02c0b36863a4dbc56d89fa788afb6d7
parent 70914269abdaa5d208822c1114a9f8e438e290e1

gfe-relnote: In QUIC, validate packet number post decryption. Protected by quic_validate_packet_number_post_decryption.

PiperOrigin-RevId: 238908380
Change-Id: I4cd204b4e050427f19a7671bad65443a29305a83

quic/core/quic_connection.cc

diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index cf72fec..ffc4093 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -339,7 +339,9 @@
       no_version_negotiation_(supported_versions.size() == 1),
       fix_termination_packets_(
           GetQuicReloadableFlag(quic_fix_termination_packets)),
-      send_ack_when_on_can_write_(false) {
+      send_ack_when_on_can_write_(false),
+      validate_packet_number_post_decryption_(
+          GetQuicReloadableFlag(quic_validate_packet_number_post_decryption)) {
   if (ack_mode_ == ACK_DECIMATION) {
     QUIC_RELOADABLE_FLAG_COUNT(quic_enable_ack_decimation);
   }
@@ -353,6 +355,9 @@
   if (received_packet_manager_.decide_when_to_send_acks()) {
     QUIC_RELOADABLE_FLAG_COUNT(quic_rpm_decides_when_to_send_acks);
   }
+  if (validate_packet_number_post_decryption_) {
+    QUIC_RELOADABLE_FLAG_COUNT(quic_validate_packet_number_post_decryption);
+  }
   QUIC_DLOG(INFO) << ENDPOINT
                   << "Created connection with connection_id: " << connection_id
                   << " and version: "
@@ -758,7 +763,8 @@
 
   // If this packet has already been seen, or the sender has told us that it
   // will not be retransmitted, then stop processing the packet.
-  if (!received_packet_manager_.IsAwaitingPacket(header.packet_number)) {
+  if (!validate_packet_number_post_decryption_ &&
+      !received_packet_manager_.IsAwaitingPacket(header.packet_number)) {
     if (framer_.IsIetfStatelessResetPacket(header)) {
       QuicIetfStatelessResetPacket packet(
           header, header.possible_stateless_reset_token);
@@ -1977,6 +1983,16 @@
 
 bool QuicConnection::ValidateReceivedPacketNumber(
     QuicPacketNumber packet_number) {
+  if (validate_packet_number_post_decryption_ &&
+      !received_packet_manager_.IsAwaitingPacket(packet_number)) {
+    QUIC_DLOG(INFO) << ENDPOINT << "Packet " << packet_number
+                    << " no longer being waited for.  Discarding.";
+    if (debug_visitor_ != nullptr) {
+      debug_visitor_->OnDuplicatePacket(packet_number);
+    }
+    return false;
+  }
+
   if (GetQuicRestartFlag(quic_enable_accept_random_ipn)) {
     QUIC_RESTART_FLAG_COUNT_N(quic_enable_accept_random_ipn, 2, 2);
     // Configured to accept any packet number in range 1...0x7fffffff as initial