On the server side, drop packets with changed server address silently.
Protected by FLAGS_quic_reloadable_flag_quic_drop_packets_with_changed_server_address.
PiperOrigin-RevId: 436612382
diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index 72e47a3..f59e250 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -2980,6 +2980,12 @@
", packet number: ", header.packet_number.ToString(),
", encryption level: ",
EncryptionLevelToString(last_decrypted_packet_level_));
+ if (GetQuicReloadableFlag(
+ quic_drop_packets_with_changed_server_address)) {
+ QUIC_LOG_EVERY_N_SEC(INFO, 100) << error_details;
+ QUIC_CODE_COUNT(quic_dropped_packets_with_changed_server_address);
+ return false;
+ }
QUIC_PEER_BUG(Server self address change) << error_details;
CloseConnection(QUIC_ERROR_MIGRATING_ADDRESS, error_details,
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index 93a2364..aa13e51 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc
@@ -1573,7 +1573,15 @@
QuicIpAddress host;
host.FromString("1.1.1.1");
QuicSocketAddress self_address(host, 123);
+ EXPECT_EQ(0u, connection_.GetStats().packets_dropped);
EXPECT_CALL(visitor_, AllowSelfAddressChange()).WillOnce(Return(false));
+ if (GetQuicReloadableFlag(quic_drop_packets_with_changed_server_address)) {
+ ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address,
+ kPeerAddress, ENCRYPTION_INITIAL);
+ EXPECT_TRUE(connection_.connected());
+ EXPECT_EQ(1u, connection_.GetStats().packets_dropped);
+ return;
+ }
if (version().handshake_protocol == PROTOCOL_TLS1_3) {
EXPECT_CALL(visitor_, BeforeConnectionCloseSent());
}
@@ -1584,6 +1592,7 @@
"Self address migration is not supported at the server");
EXPECT_FALSE(connection_.connected());
TestConnectionCloseQuicErrorCode(QUIC_ERROR_MIGRATING_ADDRESS);
+ EXPECT_EQ(1u, connection_.GetStats().packets_dropped);
}
TEST_P(QuicConnectionTest, AllowSelfAddressChangeToMappedIpv4AddressAtServer) {
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index ee642d9..106288e 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -85,6 +85,8 @@
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_require_handshake_confirmation, false)
// If true, server proactively retires client issued connection ID on reverse path validation failure.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_retire_cid_on_reverse_path_validation_failure, true)
+// If true, servers drop received packets with changed server address.
+QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_drop_packets_with_changed_server_address, false)
// If true, set burst token to 2 in cwnd bootstrapping experiment.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_conservative_bursts, false)
// If true, stop resetting ideal_next_packet_send_time_ in pacing sender.