Google Git
Sign in
quiche/quiche/7aef4da40e1edfeda7c263d0dbe141cf182dace3^!/.
commit
7aef4da40e1edfeda7c263d0dbe141cf182dace3
[log] [tgz]
author
danzh <danzh@google.com>
Mon Jan 25 09:51:20 2021 -0800
committer
Copybara-Service <copybara-worker@google.com>
Mon Jan 25 09:51:56 2021 -0800
tree
c4943f3e34639eb2e86d3437b3db82e229c81de8
parent
b7a333913886f3a07bc1ba49cd015ee00e8ab118 [diff]
During QUIC handshake check IsHandshakeConfirmed() before mark address_validated_ as true.

address_validated_ is initialize as false and marked true before handshake gets confirmed. So this change is a no-op.

PiperOrigin-RevId: 353667687
Change-Id: I3d8eb0c75616418ed12d38f0baf88096b53a947d

diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index bf8cd2d..aae0c57 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc

@@ -1153,7 +1153,7 @@
           clock_->ApproximateNow() + sent_packet_manager_.GetPtoDelay() * 3);
     }
   }
-  if (EnforceAntiAmplificationLimit() &&
+  if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
       (last_decrypted_packet_level_ == ENCRYPTION_HANDSHAKE ||
        last_decrypted_packet_level_ == ENCRYPTION_FORWARD_SECURE)) {
     // Address is validated by successfully processing a HANDSHAKE or 1-RTT
@@ -1243,7 +1243,8 @@
   if (GetQuicReloadableFlag(quic_enable_token_based_address_validation)) {
     QUIC_RELOADABLE_FLAG_COUNT_N(quic_enable_token_based_address_validation, 2,
                                  2);
-    if (EnforceAntiAmplificationLimit() && !header.retry_token.empty() &&
+    if (EnforceAntiAmplificationLimit() && !IsHandshakeConfirmed() &&
+        !header.retry_token.empty() &&
         visitor_->ValidateToken(header.retry_token)) {
       QUIC_DLOG(INFO) << ENDPOINT << "Address validated via token.";
       QUIC_CODE_COUNT(quic_address_validated_via_token);