| commit | bd2047ebc9ae39c69059990943a98b910ed92140 | [log] [tgz] |
|---|---|---|
| author | dschinazi <dschinazi@google.com> | Mon Aug 16 18:21:13 2021 -0700 |
| committer | Copybara-Service <copybara-worker@google.com> | Mon Aug 23 14:09:52 2021 -0700 |
| tree | 8a270e490badd6f262df7532f56766b98b8fbefd | |
| parent | cdddab316f4191456f87252094eabcc05b578298 [diff] |
Drop QUIC packets with invalid flags We recently noticed an amplification attack where a QUIC server was receiving non-QUIC packets and responding to them with stateless resets. Since the purpose of stateless reset packets is to notify clients of server state loss, there is no purpose to sending them when the received packet is invalid, as no client could have generated that. Protected by FLAGS_quic_restart_flag_quic_drop_invalid_flags. PiperOrigin-RevId: 391182458
QUICHE stands for QUIC, Http/2, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.
There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:
To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:
QUICHE is only supported on little-endian platforms.