commit 5d0f0673b859b2836354281272798117028f0d70
author mattm <mattm@google.com> Tue Mar 09 08:16:07 2021 -0800
committer Copybara-Service <copybara-worker@google.com> Tue Mar 09 08:16:53 2021 -0800
tree e7ce8c64c91e3efb5cfca157bad1249687be21af
parent 08622a143f22351f30cf4ba9ad8428b147e9b791

Deprecate --gfe2_reloadable_flag_quic_close_connection_on_0rtt_packet_number_higher_than_1rtt

PiperOrigin-RevId: 361813520
Change-Id: I9cc5b8ba223fc73aedb59fd90997cc0c61721791

quic/core/quic_connection_test.cc

diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index a22d5c3..fc72a8a 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc
@@ -13565,64 +13565,7 @@
 }
 
 TEST_P(QuicConnectionTest,
-       ServerReceivedZeroRttWithHigherPacketNumberThanOneRttAndFlagDisabled) {
-  SetQuicReloadableFlag(
-      quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, false);
-  if (!connection_.version().UsesTls()) {
-    return;
-  }
-
-  // The code that checks for this error piggybacks on some book-keeping state
-  // kept for key update, so enable key update for the test.
-  std::string error_details;
-  TransportParameters params;
-  params.key_update_not_yet_supported = false;
-  QuicConfig config;
-  EXPECT_THAT(config.ProcessTransportParameters(
-                  params, /* is_resumption = */ false, &error_details),
-              IsQuicNoError());
-  config.SetKeyUpdateSupportedLocally();
-  QuicConfigPeer::SetNegotiated(&config, true);
-  QuicConfigPeer::SetReceivedOriginalConnectionId(&config,
-                                                  connection_.connection_id());
-  QuicConfigPeer::SetReceivedInitialSourceConnectionId(
-      &config, connection_.connection_id());
-  EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
-  connection_.SetFromConfig(config);
-
-  set_perspective(Perspective::IS_SERVER);
-  SetDecrypter(ENCRYPTION_ZERO_RTT,
-               std::make_unique<NullDecrypter>(Perspective::IS_SERVER));
-
-  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
-  ProcessDataPacketAtLevel(1, !kHasStopWaiting, ENCRYPTION_ZERO_RTT);
-
-  // Finish handshake.
-  connection_.SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
-  notifier_.NeuterUnencryptedData();
-  connection_.NeuterUnencryptedPackets();
-  connection_.OnHandshakeComplete();
-  EXPECT_CALL(visitor_, GetHandshakeState())
-      .WillRepeatedly(Return(HANDSHAKE_COMPLETE));
-
-  // Decrypt a 1-RTT packet.
-  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
-  ProcessDataPacketAtLevel(2, !kHasStopWaiting, ENCRYPTION_FORWARD_SECURE);
-  EXPECT_TRUE(connection_.GetDiscardZeroRttDecryptionKeysAlarm()->IsSet());
-
-  // 0-RTT packet with higher packet number than a 1-RTT packet is invalid, but
-  // accepted as the
-  // quic_close_connection_on_0rtt_packet_number_higher_than_1rtt
-  // flag is disabled.
-  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
-  ProcessDataPacketAtLevel(3, !kHasStopWaiting, ENCRYPTION_ZERO_RTT);
-  EXPECT_TRUE(connection_.connected());
-}
-
-TEST_P(QuicConnectionTest,
        ServerReceivedZeroRttWithHigherPacketNumberThanOneRtt) {
-  SetQuicReloadableFlag(
-      quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, true);
   if (!connection_.version().UsesTls()) {
     return;
   }

quic/core/quic_flags_list.h

diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index 795353b..0ed0395 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -15,7 +15,6 @@
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_bbr2_bw_startup, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_bbr2_fewer_startup_round_trips, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_can_send_ack_frequency, true)
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_close_connection_on_0rtt_packet_number_higher_than_1rtt, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_close_connection_with_too_many_outstanding_packets, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_connection_support_multiple_cids, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_conservative_bursts, false)

quic/core/quic_framer.cc

diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index 2c20a44..74d73d9 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -4849,21 +4849,16 @@
       decrypted_buffer, decrypted_length, buffer_length);
   if (success) {
     visitor_->OnDecryptedPacket(udp_packet_length, level);
-    if (GetQuicReloadableFlag(
-            quic_close_connection_on_0rtt_packet_number_higher_than_1rtt)) {
-      QUIC_RELOADABLE_FLAG_COUNT(
-          quic_close_connection_on_0rtt_packet_number_higher_than_1rtt);
-      if (level == ENCRYPTION_ZERO_RTT &&
-          current_key_phase_first_received_packet_number_.IsInitialized() &&
-          header.packet_number >
-              current_key_phase_first_received_packet_number_) {
-        set_detailed_error(absl::StrCat(
-            "Decrypted a 0-RTT packet with a packet number ",
-            header.packet_number.ToString(),
-            " which is higher than a 1-RTT packet number ",
-            current_key_phase_first_received_packet_number_.ToString()));
-        return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
-      }
+    if (level == ENCRYPTION_ZERO_RTT &&
+        current_key_phase_first_received_packet_number_.IsInitialized() &&
+        header.packet_number >
+            current_key_phase_first_received_packet_number_) {
+      set_detailed_error(absl::StrCat(
+          "Decrypted a 0-RTT packet with a packet number ",
+          header.packet_number.ToString(),
+          " which is higher than a 1-RTT packet number ",
+          current_key_phase_first_received_packet_number_.ToString()));
+      return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
     }
     *decrypted_level = level;
     potential_peer_key_update_attempt_count_ = 0;