commit fef3e30640dbcb331ffef352f4feb0127bd016cf
author haoyuewang <haoyuewang@google.com> Wed Mar 03 10:31:12 2021 -0800
committer Copybara-Service <copybara-worker@google.com> Wed Mar 03 10:32:16 2021 -0800
tree ac65e5a37f37ea8d544740b633ec4a2d81e1eec2
parent 59513a9afa590bdc5ca799d8ac8063dcdf0bb529

Close connection when an IETF frame of unexpected type is received at the corresponding encryption level.

Protected by FLAGS_quic_reloadable_flag_quic_reject_unexpected_ietf_frame_types.

PiperOrigin-RevId: 360703267
Change-Id: Iba465aee2e8b709757f2c77d9b8bfd860ef89bf4

quic/core/quic_framer.h

diff --git a/quic/core/quic_framer.h b/quic/core/quic_framer.h
index 571278d..0307594 100644
--- a/quic/core/quic_framer.h
+++ b/quic/core/quic_framer.h
@@ -826,8 +826,13 @@
       QuicPacketNumber base_packet_number,
       uint64_t* packet_number);
   bool ProcessFrameData(QuicDataReader* reader, const QuicPacketHeader& header);
+
+  static bool IsIetfFrameTypeExpectedForEncryptionLevel(uint64_t frame_type,
+                                                        EncryptionLevel level);
+
   bool ProcessIetfFrameData(QuicDataReader* reader,
-                            const QuicPacketHeader& header);
+                            const QuicPacketHeader& header,
+                            EncryptionLevel decrypted_level);
   bool ProcessStreamFrame(QuicDataReader* reader,
                           uint8_t frame_type,
                           QuicStreamFrame* frame);
@@ -1158,6 +1163,9 @@
   // Indicates whether received RETRY packets should be dropped.
   bool drop_incoming_retry_packets_ = false;
 
+  bool reject_unexpected_ietf_frame_types_ =
+      GetQuicReloadableFlag(quic_reject_unexpected_ietf_frame_types);
+
   // The length in bytes of the last packet number written to an IETF-framed
   // packet.
   size_t last_written_packet_number_length_;