Make QuicConnection always normalize incoming packets' destination address before processing the packet.
This change also stops IETF QUIC server connection from changing self address based on the incoming packets' destination address.
Protected by FLAGS_quic_reloadable_flag_quic_normalize_incoming_packets_destination_address.
PiperOrigin-RevId: 503988370
diff --git a/quiche/quic/core/quic_connection.cc b/quiche/quic/core/quic_connection.cc
index de88ae6..8001ceb 100644
--- a/quiche/quic/core/quic_connection.cc
+++ b/quiche/quic/core/quic_connection.cc
@@ -2683,12 +2683,27 @@
absl::string_view(packet.data(), packet.length()));
QUIC_BUG_IF(quic_bug_12714_21, current_packet_data_ != nullptr)
<< "ProcessUdpPacket must not be called while processing a packet.";
- if (debug_visitor_ != nullptr) {
- debug_visitor_->OnPacketReceived(self_address, peer_address, packet);
+ QuicSocketAddress normalized_self_address = self_address;
+ QuicSocketAddress normalized_peer_address = peer_address;
+ if (normalize_incoming_packets_addresses_) {
+ normalized_self_address = self_address.Normalized();
+ normalized_peer_address = peer_address.Normalized();
+ if (normalized_self_address != self_address) {
+ QUIC_RELOADABLE_FLAG_COUNT_N(quic_normalize_incoming_packets_addresses, 1,
+ 3);
+ }
+ if (normalized_peer_address != peer_address) {
+ QUIC_RELOADABLE_FLAG_COUNT_N(quic_normalize_incoming_packets_addresses, 2,
+ 3);
+ }
}
- last_received_packet_info_ =
- ReceivedPacketInfo(self_address, peer_address, packet.receipt_time(),
- packet.length(), packet.ecn_codepoint());
+ if (debug_visitor_ != nullptr) {
+ debug_visitor_->OnPacketReceived(normalized_self_address,
+ normalized_peer_address, packet);
+ }
+ last_received_packet_info_ = ReceivedPacketInfo(
+ normalized_self_address, normalized_peer_address, packet.receipt_time(),
+ packet.length(), packet.ecn_codepoint());
current_packet_data_ = packet.data();
if (!default_path_.self_address.IsInitialized()) {
@@ -2959,12 +2974,17 @@
last_received_packet_info_.destination_address.IsInitialized() &&
default_path_.self_address !=
last_received_packet_info_.destination_address) {
- // Allow change between pure IPv4 and equivalent mapped IPv4 address.
- if (default_path_.self_address.port() !=
+ bool self_address_changed =
+ default_path_.self_address.port() !=
last_received_packet_info_.destination_address.port() ||
default_path_.self_address.host().Normalized() !=
- last_received_packet_info_.destination_address.host()
- .Normalized()) {
+ last_received_packet_info_.destination_address.host().Normalized();
+ if (normalize_incoming_packets_addresses_) {
+ QUIC_RELOADABLE_FLAG_COUNT_N(quic_normalize_incoming_packets_addresses, 3,
+ 3);
+ self_address_changed = true;
+ }
+ if (self_address_changed) {
if (!visitor_->AllowSelfAddressChange()) {
const std::string error_details = absl::StrCat(
"Self address migration is not supported at the server, current "
diff --git a/quiche/quic/core/quic_connection.h b/quiche/quic/core/quic_connection.h
index 7969a0e..4547ff3 100644
--- a/quiche/quic/core/quic_connection.h
+++ b/quiche/quic/core/quic_connection.h
@@ -2325,6 +2325,9 @@
// peer. For now, this is only stored for tests.
QuicEcnCounts
peer_ack_ecn_counts_[PacketNumberSpace::NUM_PACKET_NUMBER_SPACES];
+
+ const bool normalize_incoming_packets_addresses_ =
+ GetQuicReloadableFlag(quic_normalize_incoming_packets_addresses);
};
} // namespace quic
diff --git a/quiche/quic/core/quic_connection_test.cc b/quiche/quic/core/quic_connection_test.cc
index c4fe88f..4a46705 100644
--- a/quiche/quic/core/quic_connection_test.cc
+++ b/quiche/quic/core/quic_connection_test.cc
@@ -1681,8 +1681,13 @@
host2.FromString(
absl::StrCat("::ffff:", connection_.self_address().host().ToString()));
QuicSocketAddress self_address2(host2, connection_.self_address().port());
+ EXPECT_CALL(visitor_, AllowSelfAddressChange()).Times(0u);
ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address2,
kPeerAddress, ENCRYPTION_INITIAL);
+ EXPECT_EQ(GetQuicReloadableFlag(quic_normalize_incoming_packets_addresses)
+ ? self_address1
+ : self_address2,
+ connection_.self_address());
EXPECT_TRUE(connection_.connected());
// self_address change back to Ipv4 address.
ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address1,
diff --git a/quiche/quic/core/quic_flags_list.h b/quiche/quic/core/quic_flags_list.h
index d9333b2..da4dc43 100644
--- a/quiche/quic/core/quic_flags_list.h
+++ b/quiche/quic/core/quic_flags_list.h
@@ -19,6 +19,8 @@
QUIC_FLAG(quic_reloadable_flag_quic_no_write_control_frame_upon_connection_close, true)
// If true, QUIC will default enable MTU discovery at server, with a target of 1450 bytes.
QUIC_FLAG(quic_reloadable_flag_quic_enable_mtu_discovery_at_server, false)
+// If true, QuicConnection will normalize the packet's source and destination addresses before processing the packet.
+QUIC_FLAG(quic_reloadable_flag_quic_normalize_incoming_packets_addresses, true)
// If true, QuicGsoBatchWriter will support release time if it is available and the process has the permission to do so.
QUIC_FLAG(quic_restart_flag_quic_support_release_time_for_gso, false)
// If true, ack frequency frame can be sent from server to client.
