commit 6a578aeea32edbac9f16070ef9270604ae7be373
author fayang <fayang@google.com> Tue Mar 22 17:32:57 2022 -0700
committer Copybara-Service <copybara-worker@google.com> Tue Mar 22 17:33:34 2022 -0700
tree a1554322cff8d3fadf04913ec3d883e4cf5c39e1
parent b030612c6f3dd140e91bf114750ff05ab5d53da1

On the server side, drop packets with changed server address silently.

Protected by FLAGS_quic_reloadable_flag_quic_drop_packets_with_changed_server_address.

PiperOrigin-RevId: 436612382

quic/core/quic_connection.cc

diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index 72e47a3..f59e250 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -2980,6 +2980,12 @@
             ", packet number: ", header.packet_number.ToString(),
             ", encryption level: ",
             EncryptionLevelToString(last_decrypted_packet_level_));
+        if (GetQuicReloadableFlag(
+                quic_drop_packets_with_changed_server_address)) {
+          QUIC_LOG_EVERY_N_SEC(INFO, 100) << error_details;
+          QUIC_CODE_COUNT(quic_dropped_packets_with_changed_server_address);
+          return false;
+        }
         QUIC_PEER_BUG(Server self address change) << error_details;
         CloseConnection(QUIC_ERROR_MIGRATING_ADDRESS, error_details,
                         ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);

quic/core/quic_connection_test.cc

diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index 93a2364..aa13e51 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc
@@ -1573,7 +1573,15 @@
   QuicIpAddress host;
   host.FromString("1.1.1.1");
   QuicSocketAddress self_address(host, 123);
+  EXPECT_EQ(0u, connection_.GetStats().packets_dropped);
   EXPECT_CALL(visitor_, AllowSelfAddressChange()).WillOnce(Return(false));
+  if (GetQuicReloadableFlag(quic_drop_packets_with_changed_server_address)) {
+    ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address,
+                                    kPeerAddress, ENCRYPTION_INITIAL);
+    EXPECT_TRUE(connection_.connected());
+    EXPECT_EQ(1u, connection_.GetStats().packets_dropped);
+    return;
+  }
   if (version().handshake_protocol == PROTOCOL_TLS1_3) {
     EXPECT_CALL(visitor_, BeforeConnectionCloseSent());
   }
@@ -1584,6 +1592,7 @@
       "Self address migration is not supported at the server");
   EXPECT_FALSE(connection_.connected());
   TestConnectionCloseQuicErrorCode(QUIC_ERROR_MIGRATING_ADDRESS);
+  EXPECT_EQ(1u, connection_.GetStats().packets_dropped);
 }
 
 TEST_P(QuicConnectionTest, AllowSelfAddressChangeToMappedIpv4AddressAtServer) {

quic/core/quic_flags_list.h

diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index ee642d9..106288e 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -85,6 +85,8 @@
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_require_handshake_confirmation, false)
 // If true, server proactively retires client issued connection ID on reverse path validation failure. 
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_retire_cid_on_reverse_path_validation_failure, true)
+// If true, servers drop received packets with changed server address.
+QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_drop_packets_with_changed_server_address, false)
 // If true, set burst token to 2 in cwnd bootstrapping experiment.
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_conservative_bursts, false)
 // If true, stop resetting ideal_next_packet_send_time_ in pacing sender.