gfe-relnote: In QUIC, add anti-amplification limit. Protected by version T099. Anti-amplification limit kicks in before address validation. Now, server can only validate address by processing HANDSHAKE encrypted packet since address validation via token is not implemented. In T099, deprecate HANDSHAKE_MODE and PTO is armed when 1) handshake is not confirmed 2) or there is packets in flight. Such that when PTO fires, at least 1 packet is sent to avoid handshake deadlock due to anti-amplification limit in case of packet losses. PiperOrigin-RevId: 264960590 Change-Id: Ib2d9749b773af9328f96c176a49b2505be006b00

commit: 5f13505fff1cda764a9ba8aeb39551f502122141 [log] [tgz]
author: fayang <fayang@google.com> Thu Aug 22 17:59:40 2019 -0700
committer: Copybara-Service <copybara-worker@google.com> Fri Aug 23 12:19:31 2019 -0700
tree: f6b2d9b15313771d57c5308d307fe6949d1689ca
parent: d17a7400d12793f89e4e98c6dff03e8d828ae933 [diff] [blame]
diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index e3e649e..27e47b2 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc

@@ -692,6 +692,8 @@
     // them into |framer|, perform the decryption with them, and then swap ther
     // back.
     QuicConnectionPeer::SwapCrypters(dest_conn, framer.framer());
+    QuicConnectionPeer::AddBytesReceived(
+        dest_conn, source_conn->encrypted_packets_[index]->length());
     if (!framer.ProcessPacket(*source_conn->encrypted_packets_[index])) {
       // The framer will be unable to decrypt forward-secure packets sent after
       // the handshake is complete. Don't treat them as handshake packets.
commit	5f13505fff1cda764a9ba8aeb39551f502122141	[log] [tgz]
author	fayang <fayang@google.com>	Thu Aug 22 17:59:40 2019 -0700
committer	Copybara-Service <copybara-worker@google.com>	Fri Aug 23 12:19:31 2019 -0700
tree	f6b2d9b15313771d57c5308d307fe6949d1689ca
parent	d17a7400d12793f89e4e98c6dff03e8d828ae933 [diff] [blame]