During QUIC handshake check IsHandshakeConfirmed() before mark address_validated_ as true.
address_validated_ is initialize as false and marked true before handshake gets confirmed. So this change is a no-op.
PiperOrigin-RevId: 353667687
Change-Id: I3d8eb0c75616418ed12d38f0baf88096b53a947d
diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index bf8cd2d..aae0c57 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -1153,7 +1153,7 @@
clock_->ApproximateNow() + sent_packet_manager_.GetPtoDelay() * 3);
}
}
- if (EnforceAntiAmplificationLimit() &&
+ if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
(last_decrypted_packet_level_ == ENCRYPTION_HANDSHAKE ||
last_decrypted_packet_level_ == ENCRYPTION_FORWARD_SECURE)) {
// Address is validated by successfully processing a HANDSHAKE or 1-RTT
@@ -1243,7 +1243,8 @@
if (GetQuicReloadableFlag(quic_enable_token_based_address_validation)) {
QUIC_RELOADABLE_FLAG_COUNT_N(quic_enable_token_based_address_validation, 2,
2);
- if (EnforceAntiAmplificationLimit() && !header.retry_token.empty() &&
+ if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
+ !header.retry_token.empty() &&
visitor_->ValidateToken(header.retry_token)) {
QUIC_DLOG(INFO) << ENDPOINT << "Address validated via token.";
QUIC_CODE_COUNT(quic_address_validated_via_token);
