Deprecate --gfe2_reloadable_flag_quic_close_connection_on_0rtt_packet_number_higher_than_1rtt
PiperOrigin-RevId: 361813520
Change-Id: I9cc5b8ba223fc73aedb59fd90997cc0c61721791
diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index a22d5c3..fc72a8a 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc
@@ -13565,64 +13565,7 @@
}
TEST_P(QuicConnectionTest,
- ServerReceivedZeroRttWithHigherPacketNumberThanOneRttAndFlagDisabled) {
- SetQuicReloadableFlag(
- quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, false);
- if (!connection_.version().UsesTls()) {
- return;
- }
-
- // The code that checks for this error piggybacks on some book-keeping state
- // kept for key update, so enable key update for the test.
- std::string error_details;
- TransportParameters params;
- params.key_update_not_yet_supported = false;
- QuicConfig config;
- EXPECT_THAT(config.ProcessTransportParameters(
- params, /* is_resumption = */ false, &error_details),
- IsQuicNoError());
- config.SetKeyUpdateSupportedLocally();
- QuicConfigPeer::SetNegotiated(&config, true);
- QuicConfigPeer::SetReceivedOriginalConnectionId(&config,
- connection_.connection_id());
- QuicConfigPeer::SetReceivedInitialSourceConnectionId(
- &config, connection_.connection_id());
- EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
- connection_.SetFromConfig(config);
-
- set_perspective(Perspective::IS_SERVER);
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- std::make_unique<NullDecrypter>(Perspective::IS_SERVER));
-
- EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
- ProcessDataPacketAtLevel(1, !kHasStopWaiting, ENCRYPTION_ZERO_RTT);
-
- // Finish handshake.
- connection_.SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
- notifier_.NeuterUnencryptedData();
- connection_.NeuterUnencryptedPackets();
- connection_.OnHandshakeComplete();
- EXPECT_CALL(visitor_, GetHandshakeState())
- .WillRepeatedly(Return(HANDSHAKE_COMPLETE));
-
- // Decrypt a 1-RTT packet.
- EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
- ProcessDataPacketAtLevel(2, !kHasStopWaiting, ENCRYPTION_FORWARD_SECURE);
- EXPECT_TRUE(connection_.GetDiscardZeroRttDecryptionKeysAlarm()->IsSet());
-
- // 0-RTT packet with higher packet number than a 1-RTT packet is invalid, but
- // accepted as the
- // quic_close_connection_on_0rtt_packet_number_higher_than_1rtt
- // flag is disabled.
- EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
- ProcessDataPacketAtLevel(3, !kHasStopWaiting, ENCRYPTION_ZERO_RTT);
- EXPECT_TRUE(connection_.connected());
-}
-
-TEST_P(QuicConnectionTest,
ServerReceivedZeroRttWithHigherPacketNumberThanOneRtt) {
- SetQuicReloadableFlag(
- quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, true);
if (!connection_.version().UsesTls()) {
return;
}
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index 795353b..0ed0395 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -15,7 +15,6 @@
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_bbr2_bw_startup, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_bbr2_fewer_startup_round_trips, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_can_send_ack_frequency, true)
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_close_connection_with_too_many_outstanding_packets, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_connection_support_multiple_cids, false)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_conservative_bursts, false)
diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index 2c20a44..74d73d9 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -4849,21 +4849,16 @@
decrypted_buffer, decrypted_length, buffer_length);
if (success) {
visitor_->OnDecryptedPacket(udp_packet_length, level);
- if (GetQuicReloadableFlag(
- quic_close_connection_on_0rtt_packet_number_higher_than_1rtt)) {
- QUIC_RELOADABLE_FLAG_COUNT(
- quic_close_connection_on_0rtt_packet_number_higher_than_1rtt);
- if (level == ENCRYPTION_ZERO_RTT &&
- current_key_phase_first_received_packet_number_.IsInitialized() &&
- header.packet_number >
- current_key_phase_first_received_packet_number_) {
- set_detailed_error(absl::StrCat(
- "Decrypted a 0-RTT packet with a packet number ",
- header.packet_number.ToString(),
- " which is higher than a 1-RTT packet number ",
- current_key_phase_first_received_packet_number_.ToString()));
- return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
- }
+ if (level == ENCRYPTION_ZERO_RTT &&
+ current_key_phase_first_received_packet_number_.IsInitialized() &&
+ header.packet_number >
+ current_key_phase_first_received_packet_number_) {
+ set_detailed_error(absl::StrCat(
+ "Decrypted a 0-RTT packet with a packet number ",
+ header.packet_number.ToString(),
+ " which is higher than a 1-RTT packet number ",
+ current_key_phase_first_received_packet_number_.ToString()));
+ return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
}
*decrypted_level = level;
potential_peer_key_update_attempt_count_ = 0;