commit adc7507d2def246f5f4823fa5bd29c12f654d710
author dschinazi <dschinazi@google.com> Mon Aug 19 10:54:45 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Mon Aug 19 18:07:32 2019 -0700
tree 3cf87b3a632d4f555529cc145dec6ea57c166a8d
parent 83161e4529919be48c5554e72a0640413020450a

Use deterministic replacement connection IDs

This CL removes a DoS attack vector where an attacker could grow QuicDispatcher::connection_id_map_ unboundedly. It does so by no longer using random connection IDs that are saved in connection_id_map_; instead we now generate deterministic replacement connection IDs, removing the need for a map. It should not impact the GFE because the GFE overrides QuicDispatcher::GenerateNewServerConnectionId with an already deterministic method, but is still flag protected just in case.

gfe-relnote: use deterministic replacement connection IDs, protected by new disabled flag gfe2_restart_flag_quic_deterministic_replacement_connection_ids
PiperOrigin-RevId: 264192278
Change-Id: I843bf0d846830d4b13e0bb1b470a71b2428ad7c8

quic/core/quic_dispatcher.h

diff --git a/quic/core/quic_dispatcher.h b/quic/core/quic_dispatcher.h
index f7b0450..566d3bc 100644
--- a/quic/core/quic_dispatcher.h
+++ b/quic/core/quic_dispatcher.h
@@ -153,6 +153,8 @@
   virtual bool MaybeDispatchPacket(const ReceivedPacketInfo& packet_info);
 
   // Generate a connection ID with a length that is expected by the dispatcher.
+  // Note that this MUST produce a deterministic result (calling this method
+  // with two connection IDs that are equal must produce the same result).
   virtual QuicConnectionId GenerateNewServerConnectionId(
       ParsedQuicVersion version,
       QuicConnectionId connection_id) const;