Google Git
Sign in
quiche/quiche/adc7507d2def246f5f4823fa5bd29c12f654d710
commit
adc7507d2def246f5f4823fa5bd29c12f654d710
[log] [tgz]
author
dschinazi <dschinazi@google.com>
Mon Aug 19 10:54:45 2019 -0700
committer
Copybara-Service <copybara-worker@google.com>
Mon Aug 19 18:07:32 2019 -0700
tree
3cf87b3a632d4f555529cc145dec6ea57c166a8d
parent
83161e4529919be48c5554e72a0640413020450a [diff]
Use deterministic replacement connection IDs

This CL removes a DoS attack vector where an attacker could grow QuicDispatcher::connection_id_map_ unboundedly. It does so by no longer using random connection IDs that are saved in connection_id_map_; instead we now generate deterministic replacement connection IDs, removing the need for a map. It should not impact the GFE because the GFE overrides QuicDispatcher::GenerateNewServerConnectionId with an already deterministic method, but is still flag protected just in case.

gfe-relnote: use deterministic replacement connection IDs, protected by new disabled flag gfe2_restart_flag_quic_deterministic_replacement_connection_ids
PiperOrigin-RevId: 264192278
Change-Id: I843bf0d846830d4b13e0bb1b470a71b2428ad7c8
6 files changed
tree: 3cf87b3a632d4f555529cc145dec6ea57c166a8d
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/
  6. CONTRIBUTING.md
  7. LICENSE
  8. README.md
README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.