blob: c35c076fbf383659ea008eb761a31f0df97647e7 [file] [log] [blame] [edit]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/quic_framer.h"
#include <cstddef>
#include <cstdint>
#include <memory>
#include <string>
#include "net/third_party/quiche/src/quic/core/crypto/crypto_framer.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_utils.h"
#include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_random.h"
#include "net/third_party/quiche/src/quic/core/quic_connection_id.h"
#include "net/third_party/quiche/src/quic/core/quic_constants.h"
#include "net/third_party/quiche/src/quic/core/quic_data_reader.h"
#include "net/third_party/quiche/src/quic/core/quic_data_writer.h"
#include "net/third_party/quiche/src/quic/core/quic_error_codes.h"
#include "net/third_party/quiche/src/quic/core/quic_socket_address_coder.h"
#include "net/third_party/quiche/src/quic/core/quic_stream_frame_data_producer.h"
#include "net/third_party/quiche/src/quic/core/quic_types.h"
#include "net/third_party/quiche/src/quic/core/quic_utils.h"
#include "net/third_party/quiche/src/quic/core/quic_versions.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_aligned.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_arraysize.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_client_stats.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_endian.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_fallthrough.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_flag_utils.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_map_util.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_stack_trace.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_str_cat.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_text_utils.h"
namespace quic {
namespace {
#define ENDPOINT \
(perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ")
// How much to shift the timestamp in the IETF Ack frame.
// TODO(fkastenholz) when we get real IETF QUIC, need to get
// the currect shift from the transport parameters.
const int kIetfAckTimestampShift = 3;
// Number of bits the packet number length bits are shifted from the right
// edge of the header.
const uint8_t kPublicHeaderSequenceNumberShift = 4;
// There are two interpretations for the Frame Type byte in the QUIC protocol,
// resulting in two Frame Types: Special Frame Types and Regular Frame Types.
//
// Regular Frame Types use the Frame Type byte simply. Currently defined
// Regular Frame Types are:
// Padding : 0b 00000000 (0x00)
// ResetStream : 0b 00000001 (0x01)
// ConnectionClose : 0b 00000010 (0x02)
// GoAway : 0b 00000011 (0x03)
// WindowUpdate : 0b 00000100 (0x04)
// Blocked : 0b 00000101 (0x05)
//
// Special Frame Types encode both a Frame Type and corresponding flags
// all in the Frame Type byte. Currently defined Special Frame Types
// are:
// Stream : 0b 1xxxxxxx
// Ack : 0b 01xxxxxx
//
// Semantics of the flag bits above (the x bits) depends on the frame type.
// Masks to determine if the frame type is a special use
// and for specific special frame types.
const uint8_t kQuicFrameTypeBrokenMask = 0xE0; // 0b 11100000
const uint8_t kQuicFrameTypeSpecialMask = 0xC0; // 0b 11000000
const uint8_t kQuicFrameTypeStreamMask = 0x80;
const uint8_t kQuicFrameTypeAckMask = 0x40;
static_assert(kQuicFrameTypeSpecialMask ==
(kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask),
"Invalid kQuicFrameTypeSpecialMask");
// The stream type format is 1FDOOOSS, where
// F is the fin bit.
// D is the data length bit (0 or 2 bytes).
// OO/OOO are the size of the offset.
// SS is the size of the stream ID.
// Note that the stream encoding can not be determined by inspection. It can
// be determined only by knowing the QUIC Version.
// Stream frame relative shifts and masks for interpreting the stream flags.
// StreamID may be 1, 2, 3, or 4 bytes.
const uint8_t kQuicStreamIdShift = 2;
const uint8_t kQuicStreamIDLengthMask = 0x03;
// Offset may be 0, 2, 4, or 8 bytes.
const uint8_t kQuicStreamShift = 3;
const uint8_t kQuicStreamOffsetMask = 0x07;
// Data length may be 0 or 2 bytes.
const uint8_t kQuicStreamDataLengthShift = 1;
const uint8_t kQuicStreamDataLengthMask = 0x01;
// Fin bit may be set or not.
const uint8_t kQuicStreamFinShift = 1;
const uint8_t kQuicStreamFinMask = 0x01;
// The format is 01M0LLOO, where
// M if set, there are multiple ack blocks in the frame.
// LL is the size of the largest ack field.
// OO is the size of the ack blocks offset field.
// packet number size shift used in AckFrames.
const uint8_t kQuicSequenceNumberLengthNumBits = 2;
const uint8_t kActBlockLengthOffset = 0;
const uint8_t kLargestAckedOffset = 2;
// Acks may have only one ack block.
const uint8_t kQuicHasMultipleAckBlocksOffset = 5;
// Timestamps are 4 bytes followed by 2 bytes.
const uint8_t kQuicNumTimestampsLength = 1;
const uint8_t kQuicFirstTimestampLength = 4;
const uint8_t kQuicTimestampLength = 2;
// Gaps between packet numbers are 1 byte.
const uint8_t kQuicTimestampPacketNumberGapLength = 1;
// Maximum length of encoded error strings.
const int kMaxErrorStringLength = 256;
const uint8_t kConnectionIdLengthAdjustment = 3;
const uint8_t kDestinationConnectionIdLengthMask = 0xF0;
const uint8_t kSourceConnectionIdLengthMask = 0x0F;
// Returns the absolute value of the difference between |a| and |b|.
uint64_t Delta(uint64_t a, uint64_t b) {
// Since these are unsigned numbers, we can't just return abs(a - b)
if (a < b) {
return b - a;
}
return a - b;
}
uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) {
return (Delta(target, a) < Delta(target, b)) ? a : b;
}
uint64_t PacketNumberIntervalLength(
const QuicInterval<QuicPacketNumber>& interval) {
if (interval.Empty()) {
return 0u;
}
return interval.max() - interval.min();
}
QuicPacketNumberLength ReadSequenceNumberLength(uint8_t flags) {
switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
case PACKET_FLAGS_8BYTE_PACKET:
return PACKET_6BYTE_PACKET_NUMBER;
case PACKET_FLAGS_4BYTE_PACKET:
return PACKET_4BYTE_PACKET_NUMBER;
case PACKET_FLAGS_2BYTE_PACKET:
return PACKET_2BYTE_PACKET_NUMBER;
case PACKET_FLAGS_1BYTE_PACKET:
return PACKET_1BYTE_PACKET_NUMBER;
default:
QUIC_BUG << "Unreachable case statement.";
return PACKET_6BYTE_PACKET_NUMBER;
}
}
QuicPacketNumberLength ReadAckPacketNumberLength(QuicTransportVersion version,
uint8_t flags) {
switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
case PACKET_FLAGS_8BYTE_PACKET:
return PACKET_6BYTE_PACKET_NUMBER;
case PACKET_FLAGS_4BYTE_PACKET:
return PACKET_4BYTE_PACKET_NUMBER;
case PACKET_FLAGS_2BYTE_PACKET:
return PACKET_2BYTE_PACKET_NUMBER;
case PACKET_FLAGS_1BYTE_PACKET:
return PACKET_1BYTE_PACKET_NUMBER;
default:
QUIC_BUG << "Unreachable case statement.";
return PACKET_6BYTE_PACKET_NUMBER;
}
}
uint8_t PacketNumberLengthToOnWireValue(
QuicTransportVersion version,
QuicPacketNumberLength packet_number_length) {
if (version > QUIC_VERSION_44) {
return packet_number_length - 1;
}
switch (packet_number_length) {
case PACKET_1BYTE_PACKET_NUMBER:
return 0;
case PACKET_2BYTE_PACKET_NUMBER:
return 1;
case PACKET_4BYTE_PACKET_NUMBER:
return 2;
default:
QUIC_BUG << "Invalid packet number length.";
return 0;
}
}
bool GetShortHeaderPacketNumberLength(
QuicTransportVersion version,
uint8_t type,
bool infer_packet_header_type_from_version,
QuicPacketNumberLength* packet_number_length) {
DCHECK(!(type & FLAGS_LONG_HEADER));
const bool two_bits_packet_number_length =
infer_packet_header_type_from_version ? version > QUIC_VERSION_44
: (type & FLAGS_FIXED_BIT);
if (two_bits_packet_number_length) {
*packet_number_length =
static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
return true;
}
switch (type & 0x07) {
case 0:
*packet_number_length = PACKET_1BYTE_PACKET_NUMBER;
break;
case 1:
*packet_number_length = PACKET_2BYTE_PACKET_NUMBER;
break;
case 2:
*packet_number_length = PACKET_4BYTE_PACKET_NUMBER;
break;
default:
*packet_number_length = PACKET_6BYTE_PACKET_NUMBER;
return false;
}
return true;
}
uint8_t LongHeaderTypeToOnWireValue(QuicTransportVersion version,
QuicLongHeaderType type) {
switch (type) {
case INITIAL:
return version > QUIC_VERSION_44 ? 0 : 0x7F;
case ZERO_RTT_PROTECTED:
return version > QUIC_VERSION_44 ? 1 << 4 : 0x7C;
case HANDSHAKE:
return version > QUIC_VERSION_44 ? 2 << 4 : 0x7D;
case RETRY:
return version > QUIC_VERSION_44 ? 3 << 4 : 0x7E;
case VERSION_NEGOTIATION:
return 0xF0; // Value does not matter
default:
QUIC_BUG << "Invalid long header type: " << type;
return 0xFF;
}
}
bool GetLongHeaderType(QuicTransportVersion version,
uint8_t type,
QuicLongHeaderType* long_header_type) {
DCHECK((type & FLAGS_LONG_HEADER) && version != QUIC_VERSION_UNSUPPORTED);
if (version > QUIC_VERSION_44) {
switch ((type & 0x30) >> 4) {
case 0:
*long_header_type = INITIAL;
break;
case 1:
*long_header_type = ZERO_RTT_PROTECTED;
break;
case 2:
*long_header_type = HANDSHAKE;
break;
case 3:
*long_header_type = RETRY;
break;
default:
QUIC_BUG << "Unreachable statement";
*long_header_type = INVALID_PACKET_TYPE;
return false;
}
return true;
}
switch (type & 0x7F) {
case 0x7F:
*long_header_type = INITIAL;
break;
case 0x7C:
*long_header_type = ZERO_RTT_PROTECTED;
break;
case 0x7D:
*long_header_type = HANDSHAKE;
break;
case 0x7E:
*long_header_type = RETRY;
break;
default:
// Invalid packet header type. Whether a packet is version negotiation is
// determined by the version field.
*long_header_type = INVALID_PACKET_TYPE;
return false;
}
return true;
}
QuicPacketNumberLength GetLongHeaderPacketNumberLength(
QuicTransportVersion version,
uint8_t type) {
if (version > QUIC_VERSION_44) {
return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
}
return PACKET_4BYTE_PACKET_NUMBER;
}
// Used to get packet number space before packet gets decrypted.
PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) {
switch (header.form) {
case GOOGLE_QUIC_PACKET:
QUIC_BUG << "Try to get packet number space of Google QUIC packet";
break;
case IETF_QUIC_SHORT_HEADER_PACKET:
return APPLICATION_DATA;
case IETF_QUIC_LONG_HEADER_PACKET:
switch (header.long_packet_type) {
case INITIAL:
return INITIAL_DATA;
case HANDSHAKE:
return HANDSHAKE_DATA;
case ZERO_RTT_PROTECTED:
return APPLICATION_DATA;
case VERSION_NEGOTIATION:
case RETRY:
case INVALID_PACKET_TYPE:
QUIC_BUG << "Try to get packet number space of long header type: "
<< QuicUtils::QuicLongHeaderTypetoString(
header.long_packet_type);
break;
}
}
return NUM_PACKET_NUMBER_SPACES;
}
EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) {
switch (header.form) {
case GOOGLE_QUIC_PACKET:
QUIC_BUG << "Cannot determine EncryptionLevel from Google QUIC header";
break;
case IETF_QUIC_SHORT_HEADER_PACKET:
return ENCRYPTION_FORWARD_SECURE;
case IETF_QUIC_LONG_HEADER_PACKET:
switch (header.long_packet_type) {
case INITIAL:
return ENCRYPTION_INITIAL;
case HANDSHAKE:
return ENCRYPTION_HANDSHAKE;
case ZERO_RTT_PROTECTED:
return ENCRYPTION_ZERO_RTT;
case VERSION_NEGOTIATION:
case RETRY:
case INVALID_PACKET_TYPE:
QUIC_BUG << "No encryption used with type "
<< QuicUtils::QuicLongHeaderTypetoString(
header.long_packet_type);
}
}
return NUM_ENCRYPTION_LEVELS;
}
QuicStringPiece TruncateErrorString(QuicStringPiece error) {
if (error.length() <= kMaxErrorStringLength) {
return error;
}
return QuicStringPiece(error.data(), kMaxErrorStringLength);
}
size_t TruncatedErrorStringSize(const QuicStringPiece& error) {
if (error.length() < kMaxErrorStringLength) {
return error.length();
}
return kMaxErrorStringLength;
}
uint8_t GetConnectionIdLengthValue(QuicConnectionIdLength length) {
if (length == 0) {
return 0;
}
return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment);
}
bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) {
size_t length = packet_number_length;
return length == 1 || length == 2 || length == 4 || length == 6 ||
length == 8;
}
bool IsValidFullPacketNumber(uint64_t full_packet_number,
QuicTransportVersion version) {
return full_packet_number > 0 || version == QUIC_VERSION_99;
}
bool AppendIetfConnectionIds(bool version_flag,
QuicConnectionId destination_connection_id,
QuicConnectionId source_connection_id,
QuicDataWriter* writer) {
if (!version_flag) {
return writer->WriteConnectionId(destination_connection_id);
}
// Compute connection ID length byte.
uint8_t dcil = GetConnectionIdLengthValue(
static_cast<QuicConnectionIdLength>(destination_connection_id.length()));
uint8_t scil = GetConnectionIdLengthValue(
static_cast<QuicConnectionIdLength>(source_connection_id.length()));
uint8_t connection_id_length = dcil << 4 | scil;
return writer->WriteUInt8(connection_id_length) &&
writer->WriteConnectionId(destination_connection_id) &&
writer->WriteConnectionId(source_connection_id);
}
enum class DroppedPacketReason {
// General errors
INVALID_PUBLIC_HEADER,
VERSION_MISMATCH,
// Version negotiation packet errors
INVALID_VERSION_NEGOTIATION_PACKET,
// Public reset packet errors, pre-v44
INVALID_PUBLIC_RESET_PACKET,
// Data packet errors
INVALID_PACKET_NUMBER,
INVALID_DIVERSIFICATION_NONCE,
DECRYPTION_FAILURE,
NUM_REASONS,
};
void RecordDroppedPacketReason(DroppedPacketReason reason) {
QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason,
DroppedPacketReason::NUM_REASONS,
"The reason a packet was not processed. Recorded "
"each time such a packet is dropped");
}
PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) {
return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET
: IETF_QUIC_SHORT_HEADER_PACKET;
}
} // namespace
QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions,
QuicTime creation_time,
Perspective perspective,
uint8_t expected_server_connection_id_length)
: visitor_(nullptr),
error_(QUIC_NO_ERROR),
last_serialized_server_connection_id_(EmptyQuicConnectionId()),
last_serialized_client_connection_id_(EmptyQuicConnectionId()),
last_version_label_(0),
version_(PROTOCOL_UNSUPPORTED, QUIC_VERSION_UNSUPPORTED),
supported_versions_(supported_versions),
decrypter_level_(ENCRYPTION_INITIAL),
alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS),
alternative_decrypter_latch_(false),
perspective_(perspective),
validate_flags_(true),
process_timestamps_(false),
creation_time_(creation_time),
last_timestamp_(QuicTime::Delta::Zero()),
first_sending_packet_number_(FirstSendingPacketNumber()),
data_producer_(nullptr),
infer_packet_header_type_from_version_(perspective ==
Perspective::IS_CLIENT),
expected_server_connection_id_length_(
expected_server_connection_id_length),
expected_client_connection_id_length_(0),
should_update_expected_server_connection_id_length_(false),
supports_multiple_packet_number_spaces_(false),
last_written_packet_number_length_(0) {
DCHECK(!supported_versions.empty());
version_ = supported_versions_[0];
decrypter_[ENCRYPTION_INITIAL] = QuicMakeUnique<NullDecrypter>(perspective);
encrypter_[ENCRYPTION_INITIAL] = QuicMakeUnique<NullEncrypter>(perspective);
}
QuicFramer::~QuicFramer() {}
// static
size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version,
QuicStreamId stream_id,
QuicStreamOffset offset,
bool last_frame_in_packet,
QuicPacketLength data_length) {
if (version == QUIC_VERSION_99) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) +
(last_frame_in_packet
? 0
: QuicDataWriter::GetVarInt62Len(data_length)) +
(offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0);
}
return kQuicFrameTypeSize + GetStreamIdSize(stream_id) +
GetStreamOffsetSize(version, offset) +
(last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize);
}
// static
size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset,
QuicPacketLength data_length) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) +
QuicDataWriter::GetVarInt62Len(data_length);
}
// static
size_t QuicFramer::GetMessageFrameSize(QuicTransportVersion version,
bool last_frame_in_packet,
QuicByteCount length) {
QUIC_BUG_IF(version <= QUIC_VERSION_44)
<< "Try to serialize MESSAGE frame in " << version;
return kQuicFrameTypeSize +
(last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) +
length;
}
// static
size_t QuicFramer::GetMinAckFrameSize(
QuicTransportVersion version,
QuicPacketNumberLength largest_observed_length) {
if (version == QUIC_VERSION_99) {
// The minimal ack frame consists of the following four fields: Largest
// Acknowledged, ACK Delay, ACK Block Count, and First ACK Block. Minimum
// size of each is 1 byte.
return kQuicFrameTypeSize + 4;
}
size_t min_size = kQuicFrameTypeSize + largest_observed_length +
kQuicDeltaTimeLargestObservedSize;
return min_size + kQuicNumTimestampsSize;
}
// static
size_t QuicFramer::GetStopWaitingFrameSize(
QuicTransportVersion version,
QuicPacketNumberLength packet_number_length) {
size_t min_size = kQuicFrameTypeSize + packet_number_length;
return min_size;
}
// static
size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version,
const QuicRstStreamFrame& frame) {
if (version == QUIC_VERSION_99) {
return QuicDataWriter::GetVarInt62Len(frame.stream_id) +
QuicDataWriter::GetVarInt62Len(frame.byte_offset) +
kQuicFrameTypeSize + kQuicIetfQuicErrorCodeSize;
}
return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize +
kQuicErrorCodeSize;
}
// static
size_t QuicFramer::GetConnectionCloseFrameSize(
QuicTransportVersion version,
const QuicConnectionCloseFrame& frame) {
if (version != QUIC_VERSION_99) {
// Not version 99/IETF QUIC, return Google QUIC CONNECTION CLOSE frame size.
return kQuicFrameTypeSize + kQuicErrorCodeSize +
kQuicErrorDetailsLengthSize +
TruncatedErrorStringSize(frame.error_details);
}
// TODO(fkastenholz): For complete support of IETF QUIC CONNECTION_CLOSE,
// check if the frame is a Transport close and if the frame's
// extracted_error_code is not QUIC_IETF_GQUIC_ERROR_MISSING. If so,
// extend the error string to include " QuicErrorCode: #"
const size_t truncated_error_string_size =
TruncatedErrorStringSize(frame.error_details);
const size_t frame_size =
truncated_error_string_size +
QuicDataWriter::GetVarInt62Len(truncated_error_string_size) +
kQuicFrameTypeSize + kQuicIetfQuicErrorCodeSize;
if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
return frame_size;
}
// frame includes the transport_close_frame_type, so include its length.
return frame_size +
QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type);
}
// static
size_t QuicFramer::GetMinGoAwayFrameSize() {
return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize +
kQuicMaxStreamIdSize;
}
// static
size_t QuicFramer::GetWindowUpdateFrameSize(
QuicTransportVersion version,
const QuicWindowUpdateFrame& frame) {
if (version != QUIC_VERSION_99) {
return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize;
}
if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
// Frame would be a MAX DATA frame, which has only a Maximum Data field.
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.byte_offset);
}
// Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID
// fields.
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.byte_offset) +
QuicDataWriter::GetVarInt62Len(frame.stream_id);
}
// static
size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version,
const QuicMaxStreamsFrame& frame) {
if (version != QUIC_VERSION_99) {
QUIC_BUG << "In version " << version
<< " - not 99 - and tried to serialize MaxStreams Frame.";
}
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.stream_count);
}
// static
size_t QuicFramer::GetStreamsBlockedFrameSize(
QuicTransportVersion version,
const QuicStreamsBlockedFrame& frame) {
if (version != QUIC_VERSION_99) {
QUIC_BUG << "In version " << version
<< " - not 99 - and tried to serialize StreamsBlocked Frame.";
}
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.stream_count);
}
// static
size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version,
const QuicBlockedFrame& frame) {
if (version != QUIC_VERSION_99) {
return kQuicFrameTypeSize + kQuicMaxStreamIdSize;
}
if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
// return size of IETF QUIC Blocked frame
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset);
}
// return size of IETF QUIC Stream Blocked frame.
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) +
QuicDataWriter::GetVarInt62Len(frame.stream_id);
}
// static
size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) +
sizeof(QuicApplicationErrorCode);
}
// static
size_t QuicFramer::GetPathChallengeFrameSize(
const QuicPathChallengeFrame& frame) {
return kQuicFrameTypeSize + sizeof(frame.data_buffer);
}
// static
size_t QuicFramer::GetPathResponseFrameSize(
const QuicPathResponseFrame& frame) {
return kQuicFrameTypeSize + sizeof(frame.data_buffer);
}
// static
size_t QuicFramer::GetRetransmittableControlFrameSize(
QuicTransportVersion version,
const QuicFrame& frame) {
switch (frame.type) {
case PING_FRAME:
// Ping has no payload.
return kQuicFrameTypeSize;
case RST_STREAM_FRAME:
return GetRstStreamFrameSize(version, *frame.rst_stream_frame);
case CONNECTION_CLOSE_FRAME:
return GetConnectionCloseFrameSize(version,
*frame.connection_close_frame);
case GOAWAY_FRAME:
return GetMinGoAwayFrameSize() +
TruncatedErrorStringSize(frame.goaway_frame->reason_phrase);
case WINDOW_UPDATE_FRAME:
// For version 99, this could be either a MAX DATA or MAX STREAM DATA.
// GetWindowUpdateFrameSize figures this out and returns the correct
// length.
return GetWindowUpdateFrameSize(version, *frame.window_update_frame);
case BLOCKED_FRAME:
return GetBlockedFrameSize(version, *frame.blocked_frame);
case NEW_CONNECTION_ID_FRAME:
return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame);
case RETIRE_CONNECTION_ID_FRAME:
return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame);
case NEW_TOKEN_FRAME:
return GetNewTokenFrameSize(*frame.new_token_frame);
case MAX_STREAMS_FRAME:
return GetMaxStreamsFrameSize(version, frame.max_streams_frame);
case STREAMS_BLOCKED_FRAME:
return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame);
case PATH_RESPONSE_FRAME:
return GetPathResponseFrameSize(*frame.path_response_frame);
case PATH_CHALLENGE_FRAME:
return GetPathChallengeFrameSize(*frame.path_challenge_frame);
case STOP_SENDING_FRAME:
return GetStopSendingFrameSize(*frame.stop_sending_frame);
case STREAM_FRAME:
case ACK_FRAME:
case STOP_WAITING_FRAME:
case MTU_DISCOVERY_FRAME:
case PADDING_FRAME:
case MESSAGE_FRAME:
case CRYPTO_FRAME:
case NUM_FRAME_TYPES:
DCHECK(false);
return 0;
}
// Not reachable, but some Chrome compilers can't figure that out. *sigh*
DCHECK(false);
return 0;
}
// static
size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) {
// Sizes are 1 through 4 bytes.
for (int i = 1; i <= 4; ++i) {
stream_id >>= 8;
if (stream_id == 0) {
return i;
}
}
QUIC_BUG << "Failed to determine StreamIDSize.";
return 4;
}
// static
size_t QuicFramer::GetStreamOffsetSize(QuicTransportVersion version,
QuicStreamOffset offset) {
// 0 is a special case.
if (offset == 0) {
return 0;
}
// 2 through 8 are the remaining sizes.
offset >>= 8;
for (int i = 2; i <= 8; ++i) {
offset >>= 8;
if (offset == 0) {
return i;
}
}
QUIC_BUG << "Failed to determine StreamOffsetSize.";
return 8;
}
// static
size_t QuicFramer::GetNewConnectionIdFrameSize(
const QuicNewConnectionIdFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
kConnectionIdLengthSize + frame.connection_id.length() +
sizeof(frame.stateless_reset_token);
}
// static
size_t QuicFramer::GetRetireConnectionIdFrameSize(
const QuicRetireConnectionIdFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.sequence_number);
}
// static
size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.token.length()) +
frame.token.length();
}
// TODO(nharper): Change this method to take a ParsedQuicVersion.
bool QuicFramer::IsSupportedTransportVersion(
const QuicTransportVersion version) const {
for (ParsedQuicVersion supported_version : supported_versions_) {
if (version == supported_version.transport_version) {
return true;
}
}
return false;
}
bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const {
for (const ParsedQuicVersion& supported_version : supported_versions_) {
if (version == supported_version) {
return true;
}
}
return false;
}
size_t QuicFramer::GetSerializedFrameLength(
const QuicFrame& frame,
size_t free_bytes,
bool first_frame,
bool last_frame,
QuicPacketNumberLength packet_number_length) {
// Prevent a rare crash reported in b/19458523.
if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) {
QUIC_BUG << "Cannot compute the length of a null ack frame. free_bytes:"
<< free_bytes << " first_frame:" << first_frame
<< " last_frame:" << last_frame
<< " seq num length:" << packet_number_length;
set_error(QUIC_INTERNAL_ERROR);
visitor_->OnError(this);
return 0;
}
if (frame.type == PADDING_FRAME) {
if (frame.padding_frame.num_padding_bytes == -1) {
// Full padding to the end of the packet.
return free_bytes;
} else {
// Lite padding.
return free_bytes <
static_cast<size_t>(frame.padding_frame.num_padding_bytes)
? free_bytes
: frame.padding_frame.num_padding_bytes;
}
}
size_t frame_len =
ComputeFrameLength(frame, last_frame, packet_number_length);
if (frame_len <= free_bytes) {
// Frame fits within packet. Note that acks may be truncated.
return frame_len;
}
// Only truncate the first frame in a packet, so if subsequent ones go
// over, stop including more frames.
if (!first_frame) {
return 0;
}
bool can_truncate =
frame.type == ACK_FRAME &&
free_bytes >= GetMinAckFrameSize(version_.transport_version,
PACKET_6BYTE_PACKET_NUMBER);
if (can_truncate) {
// Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize.
// Note that we may not use every byte of the writer in this case.
QUIC_DLOG(INFO) << ENDPOINT
<< "Truncating large frame, free bytes: " << free_bytes;
return free_bytes;
}
return 0;
}
QuicFramer::AckFrameInfo::AckFrameInfo()
: max_block_length(0), first_block_length(0), num_ack_blocks(0) {}
QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default;
QuicFramer::AckFrameInfo::~AckFrameInfo() {}
bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t length_field_offset,
EncryptionLevel level) {
if (!QuicVersionHasLongHeaderLengths(transport_version()) ||
!header.version_flag || length_field_offset == 0) {
return true;
}
if (writer->length() < length_field_offset ||
writer->length() - length_field_offset <
kQuicDefaultLongHeaderLengthLength) {
set_detailed_error("Invalid length_field_offset.");
QUIC_BUG << "Invalid length_field_offset.";
return false;
}
size_t length_to_write = writer->length() - length_field_offset -
kQuicDefaultLongHeaderLengthLength;
// Add length of auth tag.
length_to_write = GetCiphertextSize(level, length_to_write);
QuicDataWriter length_writer(writer->length() - length_field_offset,
writer->data() + length_field_offset);
if (!length_writer.WriteVarInt62(length_to_write,
kQuicDefaultLongHeaderLengthLength)) {
set_detailed_error("Failed to overwrite long header length.");
QUIC_BUG << "Failed to overwrite long header length.";
return false;
}
return true;
}
size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header,
const QuicFrames& frames,
char* buffer,
size_t packet_length,
EncryptionLevel level) {
QuicDataWriter writer(packet_length, buffer);
size_t length_field_offset = 0;
if (!AppendPacketHeader(header, &writer, &length_field_offset)) {
QUIC_BUG << "AppendPacketHeader failed";
return 0;
}
if (transport_version() == QUIC_VERSION_99) {
if (AppendIetfFrames(frames, &writer) == 0) {
return 0;
}
if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset,
level)) {
return 0;
}
return writer.length();
}
// TODO(dschinazi) if we enable long header lengths before v99, we need to
// add support for fixing up lengths in QuicFramer::BuildDataPacket.
DCHECK(!QuicVersionHasLongHeaderLengths(transport_version()));
size_t i = 0;
for (const QuicFrame& frame : frames) {
// Determine if we should write stream frame length in header.
const bool last_frame_in_packet = i == frames.size() - 1;
if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) {
QUIC_BUG << "AppendTypeByte failed";
return 0;
}
switch (frame.type) {
case PADDING_FRAME:
if (!AppendPaddingFrame(frame.padding_frame, &writer)) {
QUIC_BUG << "AppendPaddingFrame of "
<< frame.padding_frame.num_padding_bytes << " failed";
return 0;
}
break;
case STREAM_FRAME:
if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
&writer)) {
QUIC_BUG << "AppendStreamFrame failed";
return 0;
}
break;
case ACK_FRAME:
if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) {
QUIC_BUG << "AppendAckFrameAndTypeByte failed: " << detailed_error_;
return 0;
}
break;
case STOP_WAITING_FRAME:
if (!AppendStopWaitingFrame(header, frame.stop_waiting_frame,
&writer)) {
QUIC_BUG << "AppendStopWaitingFrame failed";
return 0;
}
break;
case MTU_DISCOVERY_FRAME:
// MTU discovery frames are serialized as ping frames.
QUIC_FALLTHROUGH_INTENDED;
case PING_FRAME:
// Ping has no payload.
break;
case RST_STREAM_FRAME:
if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) {
QUIC_BUG << "AppendRstStreamFrame failed";
return 0;
}
break;
case CONNECTION_CLOSE_FRAME:
if (!AppendConnectionCloseFrame(*frame.connection_close_frame,
&writer)) {
QUIC_BUG << "AppendConnectionCloseFrame failed";
return 0;
}
break;
case GOAWAY_FRAME:
if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) {
QUIC_BUG << "AppendGoAwayFrame failed";
return 0;
}
break;
case WINDOW_UPDATE_FRAME:
if (!AppendWindowUpdateFrame(*frame.window_update_frame, &writer)) {
QUIC_BUG << "AppendWindowUpdateFrame failed";
return 0;
}
break;
case BLOCKED_FRAME:
if (!AppendBlockedFrame(*frame.blocked_frame, &writer)) {
QUIC_BUG << "AppendBlockedFrame failed";
return 0;
}
break;
case NEW_CONNECTION_ID_FRAME:
set_detailed_error(
"Attempt to append NEW_CONNECTION_ID frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case RETIRE_CONNECTION_ID_FRAME:
set_detailed_error(
"Attempt to append RETIRE_CONNECTION_ID frame and not in version "
"99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case NEW_TOKEN_FRAME:
set_detailed_error(
"Attempt to append NEW_TOKEN_ID frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case MAX_STREAMS_FRAME:
set_detailed_error(
"Attempt to append MAX_STREAMS frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case STREAMS_BLOCKED_FRAME:
set_detailed_error(
"Attempt to append STREAMS_BLOCKED frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case PATH_RESPONSE_FRAME:
set_detailed_error(
"Attempt to append PATH_RESPONSE frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case PATH_CHALLENGE_FRAME:
set_detailed_error(
"Attempt to append PATH_CHALLENGE frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case STOP_SENDING_FRAME:
set_detailed_error(
"Attempt to append STOP_SENDING frame and not in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case MESSAGE_FRAME:
if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
last_frame_in_packet, &writer)) {
QUIC_BUG << "AppendMessageFrame failed";
return 0;
}
break;
case CRYPTO_FRAME:
if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
set_detailed_error(
"Attempt to append CRYPTO frame in version prior to 47.");
return RaiseError(QUIC_INTERNAL_ERROR);
}
if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) {
QUIC_BUG << "AppendCryptoFrame failed";
return 0;
}
break;
default:
RaiseError(QUIC_INVALID_FRAME_DATA);
QUIC_BUG << "QUIC_INVALID_FRAME_DATA";
return 0;
}
++i;
}
return writer.length();
}
size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames,
QuicDataWriter* writer) {
size_t i = 0;
for (const QuicFrame& frame : frames) {
// Determine if we should write stream frame length in header.
const bool last_frame_in_packet = i == frames.size() - 1;
if (!AppendIetfTypeByte(frame, last_frame_in_packet, writer)) {
QUIC_BUG << "AppendIetfTypeByte failed: " << detailed_error();
return 0;
}
switch (frame.type) {
case PADDING_FRAME:
if (!AppendPaddingFrame(frame.padding_frame, writer)) {
QUIC_BUG << "AppendPaddingFrame of "
<< frame.padding_frame.num_padding_bytes
<< " failed: " << detailed_error();
return 0;
}
break;
case STREAM_FRAME:
if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
writer)) {
QUIC_BUG << "AppendStreamFrame failed: " << detailed_error();
return 0;
}
break;
case ACK_FRAME:
if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) {
QUIC_BUG << "AppendIetfAckFrameAndTypeByte failed: "
<< detailed_error();
return 0;
}
break;
case STOP_WAITING_FRAME:
set_detailed_error(
"Attempt to append STOP WAITING frame in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case MTU_DISCOVERY_FRAME:
// MTU discovery frames are serialized as ping frames.
QUIC_FALLTHROUGH_INTENDED;
case PING_FRAME:
// Ping has no payload.
break;
case RST_STREAM_FRAME:
if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) {
QUIC_BUG << "AppendRstStreamFrame failed: " << detailed_error();
return 0;
}
break;
case CONNECTION_CLOSE_FRAME:
if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame,
writer)) {
QUIC_BUG << "AppendIetfConnectionCloseFrame failed: "
<< detailed_error();
return 0;
}
break;
case GOAWAY_FRAME:
set_detailed_error("Attempt to append GOAWAY frame in version 99.");
return RaiseError(QUIC_INTERNAL_ERROR);
case WINDOW_UPDATE_FRAME:
// Depending on whether there is a stream ID or not, will be either a
// MAX STREAM DATA frame or a MAX DATA frame.
if (frame.window_update_frame->stream_id ==
QuicUtils::GetInvalidStreamId(transport_version())) {
if (!AppendMaxDataFrame(*frame.window_update_frame, writer)) {
QUIC_BUG << "AppendMaxDataFrame failed: " << detailed_error();
return 0;
}
} else {
if (!AppendMaxStreamDataFrame(*frame.window_update_frame, writer)) {
QUIC_BUG << "AppendMaxStreamDataFrame failed: " << detailed_error();
return 0;
}
}
break;
case BLOCKED_FRAME:
if (!AppendBlockedFrame(*frame.blocked_frame, writer)) {
QUIC_BUG << "AppendBlockedFrame failed: " << detailed_error();
return 0;
}
break;
case MAX_STREAMS_FRAME:
if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) {
QUIC_BUG << "AppendMaxStreamsFrame failed" << detailed_error();
return 0;
}
break;
case STREAMS_BLOCKED_FRAME:
if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) {
QUIC_BUG << "AppendStreamsBlockedFrame failed" << detailed_error();
return 0;
}
break;
case NEW_CONNECTION_ID_FRAME:
if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame,
writer)) {
QUIC_BUG << "AppendNewConnectionIdFrame failed: " << detailed_error();
return 0;
}
break;
case RETIRE_CONNECTION_ID_FRAME:
if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame,
writer)) {
QUIC_BUG << "AppendRetireConnectionIdFrame failed: "
<< detailed_error();
return 0;
}
break;
case NEW_TOKEN_FRAME:
if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) {
QUIC_BUG << "AppendNewTokenFrame failed: " << detailed_error();
return 0;
}
break;
case STOP_SENDING_FRAME:
if (!AppendStopSendingFrame(*frame.stop_sending_frame, writer)) {
QUIC_BUG << "AppendStopSendingFrame failed: " << detailed_error();
return 0;
}
break;
case PATH_CHALLENGE_FRAME:
if (!AppendPathChallengeFrame(*frame.path_challenge_frame, writer)) {
QUIC_BUG << "AppendPathChallengeFrame failed: " << detailed_error();
return 0;
}
break;
case PATH_RESPONSE_FRAME:
if (!AppendPathResponseFrame(*frame.path_response_frame, writer)) {
QUIC_BUG << "AppendPathResponseFrame failed: " << detailed_error();
return 0;
}
break;
case MESSAGE_FRAME:
if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
last_frame_in_packet, writer)) {
QUIC_BUG << "AppendMessageFrame failed: " << detailed_error();
return 0;
}
break;
case CRYPTO_FRAME:
if (!AppendCryptoFrame(*frame.crypto_frame, writer)) {
QUIC_BUG << "AppendCryptoFrame failed: " << detailed_error();
return 0;
}
break;
default:
RaiseError(QUIC_INVALID_FRAME_DATA);
set_detailed_error("Tried to append unknown frame type.");
QUIC_BUG << "QUIC_INVALID_FRAME_DATA";
return 0;
}
++i;
}
return writer->length();
}
size_t QuicFramer::BuildConnectivityProbingPacket(
const QuicPacketHeader& header,
char* buffer,
size_t packet_length,
EncryptionLevel level) {
QuicFrames frames;
// Write a PING frame, which has no data payload.
QuicPingFrame ping_frame;
frames.push_back(QuicFrame(ping_frame));
// Add padding to the rest of the packet.
QuicPaddingFrame padding_frame;
frames.push_back(QuicFrame(padding_frame));
return BuildDataPacket(header, frames, buffer, packet_length, level);
}
size_t QuicFramer::BuildPaddedPathChallengePacket(
const QuicPacketHeader& header,
char* buffer,
size_t packet_length,
QuicPathFrameBuffer* payload,
QuicRandom* randomizer,
EncryptionLevel level) {
if (version_.transport_version != QUIC_VERSION_99) {
QUIC_BUG << "Attempt to build a PATH_CHALLENGE Connectivity Probing "
"packet and not doing IETF QUIC";
return 0;
}
QuicFrames frames;
// Write a PATH_CHALLENGE frame, which has a random 8-byte payload
randomizer->RandBytes(payload->data(), payload->size());
QuicPathChallengeFrame path_challenge_frame(0, *payload);
frames.push_back(QuicFrame(&path_challenge_frame));
// Add padding to the rest of the packet in order to assess Path MTU
// characteristics.
QuicPaddingFrame padding_frame;
frames.push_back(QuicFrame(padding_frame));
return BuildDataPacket(header, frames, buffer, packet_length, level);
}
size_t QuicFramer::BuildPathResponsePacket(
const QuicPacketHeader& header,
char* buffer,
size_t packet_length,
const QuicDeque<QuicPathFrameBuffer>& payloads,
const bool is_padded,
EncryptionLevel level) {
if (payloads.empty()) {
QUIC_BUG
<< "Attempt to generate connectivity response with no request payloads";
return 0;
}
if (version_.transport_version != QUIC_VERSION_99) {
QUIC_BUG << "Attempt to build a PATH_RESPONSE Connectivity Probing "
"packet and not doing IETF QUIC";
return 0;
}
std::vector<std::unique_ptr<QuicPathResponseFrame>> path_response_frames;
for (const QuicPathFrameBuffer& payload : payloads) {
// Note that the control frame ID can be 0 since this is not retransmitted.
path_response_frames.push_back(
QuicMakeUnique<QuicPathResponseFrame>(0, payload));
}
QuicFrames frames;
for (const std::unique_ptr<QuicPathResponseFrame>& path_response_frame :
path_response_frames) {
frames.push_back(QuicFrame(path_response_frame.get()));
}
if (is_padded) {
// Add padding to the rest of the packet in order to assess Path MTU
// characteristics.
QuicPaddingFrame padding_frame;
frames.push_back(QuicFrame(padding_frame));
}
return BuildDataPacket(header, frames, buffer, packet_length, level);
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket(
const QuicPublicResetPacket& packet) {
CryptoHandshakeMessage reset;
reset.set_tag(kPRST);
reset.SetValue(kRNON, packet.nonce_proof);
if (packet.client_address.host().address_family() !=
IpAddressFamily::IP_UNSPEC) {
// packet.client_address is non-empty.
QuicSocketAddressCoder address_coder(packet.client_address);
std::string serialized_address = address_coder.Encode();
if (serialized_address.empty()) {
return nullptr;
}
reset.SetStringPiece(kCADR, serialized_address);
}
if (!packet.endpoint_id.empty()) {
reset.SetStringPiece(kEPID, packet.endpoint_id);
}
const QuicData& reset_serialized = reset.GetSerialized();
size_t len = kPublicFlagsSize + packet.connection_id.length() +
reset_serialized.length();
std::unique_ptr<char[]> buffer(new char[len]);
// Endianness is not a concern here, as writer is not going to write integers
// or floating numbers.
QuicDataWriter writer(len, buffer.get());
uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST |
PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
// This hack makes post-v33 public reset packet look like pre-v33 packets.
flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
if (!writer.WriteUInt8(flags)) {
return nullptr;
}
if (!writer.WriteConnectionId(packet.connection_id)) {
return nullptr;
}
if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) {
return nullptr;
}
return QuicMakeUnique<QuicEncryptedPacket>(buffer.release(), len, true);
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
QuicConnectionId connection_id,
QuicUint128 stateless_reset_token) {
QUIC_DVLOG(1) << "Building IETF stateless reset packet.";
size_t len = kPacketHeaderTypeSize + kMinRandomBytesLengthInStatelessReset +
sizeof(stateless_reset_token);
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
uint8_t type = 0;
type |= FLAGS_FIXED_BIT;
type |= FLAGS_SHORT_HEADER_RESERVED_1;
type |= FLAGS_SHORT_HEADER_RESERVED_2;
type |= PacketNumberLengthToOnWireValue(QUIC_VERSION_UNSUPPORTED,
PACKET_1BYTE_PACKET_NUMBER);
// Append type byte.
if (!writer.WriteUInt8(type)) {
return nullptr;
}
// Append random bytes.
if (!writer.WriteRandomBytes(QuicRandom::GetInstance(),
kMinRandomBytesLengthInStatelessReset)) {
return nullptr;
}
// Append stateless reset token.
if (!writer.WriteBytes(&stateless_reset_token,
sizeof(stateless_reset_token))) {
return nullptr;
}
return QuicMakeUnique<QuicEncryptedPacket>(buffer.release(), len, true);
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket(
QuicConnectionId server_connection_id,
QuicConnectionId client_connection_id,
bool ietf_quic,
const ParsedQuicVersionVector& versions) {
if (ietf_quic) {
return BuildIetfVersionNegotiationPacket(server_connection_id,
client_connection_id, versions);
}
DCHECK(client_connection_id.IsEmpty());
DCHECK(!versions.empty());
size_t len = kPublicFlagsSize + server_connection_id.length() +
versions.size() * kQuicVersionSize;
std::unique_ptr<char[]> buffer(new char[len]);
// Endianness is not a concern here, version negotiation packet does not have
// integers or floating numbers.
QuicDataWriter writer(len, buffer.get());
uint8_t flags = static_cast<uint8_t>(
PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID |
// TODO(rch): Remove this QUIC_VERSION_32 is retired.
PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
if (!writer.WriteUInt8(flags)) {
return nullptr;
}
if (!writer.WriteConnectionId(server_connection_id)) {
return nullptr;
}
for (const ParsedQuicVersion& version : versions) {
// TODO(rch): Use WriteUInt32() once QUIC_VERSION_35 is removed.
if (!writer.WriteTag(
QuicEndian::HostToNet32(CreateQuicVersionLabel(version)))) {
return nullptr;
}
}
return QuicMakeUnique<QuicEncryptedPacket>(buffer.release(), len, true);
}
// static
std::unique_ptr<QuicEncryptedPacket>
QuicFramer::BuildIetfVersionNegotiationPacket(
QuicConnectionId server_connection_id,
QuicConnectionId client_connection_id,
const ParsedQuicVersionVector& versions) {
QUIC_DVLOG(1) << "Building IETF version negotiation packet: "
<< ParsedQuicVersionVectorToString(versions);
DCHECK(!versions.empty());
size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize +
client_connection_id.length() + server_connection_id.length() +
(versions.size() + 1) * kQuicVersionSize;
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
// TODO(fayang): Randomly select a value for the type.
uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER);
if (GetQuicReloadableFlag(quic_send_version_negotiation_fixed_bit)) {
QUIC_RELOADABLE_FLAG_COUNT(quic_send_version_negotiation_fixed_bit);
type |= static_cast<uint8_t>(FLAGS_FIXED_BIT);
}
if (!writer.WriteUInt8(type)) {
return nullptr;
}
if (!writer.WriteUInt32(0)) {
return nullptr;
}
if (!AppendIetfConnectionIds(true, client_connection_id, server_connection_id,
&writer)) {
return nullptr;
}
for (const ParsedQuicVersion& version : versions) {
// TODO(rch): Use WriteUInt32() once QUIC_VERSION_35 is removed.
if (!writer.WriteTag(
QuicEndian::HostToNet32(CreateQuicVersionLabel(version)))) {
return nullptr;
}
}
return QuicMakeUnique<QuicEncryptedPacket>(buffer.release(), len, true);
}
bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
QuicDataReader reader(packet.data(), packet.length());
bool packet_has_ietf_packet_header = false;
if (infer_packet_header_type_from_version_) {
packet_has_ietf_packet_header =
version_.transport_version > QUIC_VERSION_43;
} else if (!reader.IsDoneReading()) {
uint8_t type = reader.PeekByte();
packet_has_ietf_packet_header = QuicUtils::IsIetfPacketHeader(type);
}
if (packet_has_ietf_packet_header) {
QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet.";
}
visitor_->OnPacket();
QuicPacketHeader header;
if (!ProcessPublicHeader(&reader, packet_has_ietf_packet_header, &header)) {
DCHECK_NE("", detailed_error_);
QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: "
<< detailed_error_;
DCHECK_NE("", detailed_error_);
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (!visitor_->OnUnauthenticatedPublicHeader(header)) {
// The visitor suppresses further processing of the packet.
return true;
}
if (IsVersionNegotiation(header, packet_has_ietf_packet_header)) {
if (!GetQuicRestartFlag(quic_server_drop_version_negotiation)) {
QUIC_DVLOG(1) << ENDPOINT << "Received version negotiation packet";
return ProcessVersionNegotiationPacket(&reader, header);
}
QUIC_RESTART_FLAG_COUNT_N(quic_server_drop_version_negotiation, 1, 2);
if (perspective_ == Perspective::IS_CLIENT) {
QUIC_DVLOG(1) << "Client received version negotiation packet";
return ProcessVersionNegotiationPacket(&reader, header);
} else {
QUIC_DLOG(ERROR) << "Server received version negotiation packet";
set_detailed_error("Server received version negotiation packet.");
return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
}
}
if (header.version_flag && header.version != version_) {
if (perspective_ == Perspective::IS_SERVER) {
if (!visitor_->OnProtocolVersionMismatch(header.version, header.form)) {
RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH);
return true;
}
} else {
// A client received a packet of a different version but that packet is
// not a version negotiation packet. It is therefore invalid and dropped.
QUIC_DLOG(ERROR) << "Client received unexpected version "
<< ParsedQuicVersionToString(header.version)
<< " instead of " << ParsedQuicVersionToString(version_);
set_detailed_error("Client received unexpected version.");
return RaiseError(QUIC_INVALID_VERSION);
}
}
bool rv;
if (header.long_packet_type == RETRY) {
rv = ProcessRetryPacket(&reader, header);
} else if (header.reset_flag) {
rv = ProcessPublicResetPacket(&reader, header);
} else if (packet.length() <= kMaxIncomingPacketSize) {
// The optimized decryption algorithm implementations run faster when
// operating on aligned memory.
QUIC_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize];
if (packet_has_ietf_packet_header) {
rv = ProcessIetfDataPacket(&reader, &header, packet, buffer,
QUIC_ARRAYSIZE(buffer));
} else {
rv = ProcessDataPacket(&reader, &header, packet, buffer,
QUIC_ARRAYSIZE(buffer));
}
} else {
std::unique_ptr<char[]> large_buffer(new char[packet.length()]);
if (packet_has_ietf_packet_header) {
rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(),
packet.length());
} else {
rv = ProcessDataPacket(&reader, &header, packet, large_buffer.get(),
packet.length());
}
QUIC_BUG_IF(rv) << "QUIC should never successfully process packets larger"
<< "than kMaxIncomingPacketSize. packet size:"
<< packet.length();
}
return rv;
}
bool QuicFramer::ProcessVersionNegotiationPacket(
QuicDataReader* reader,
const QuicPacketHeader& header) {
DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
QuicVersionNegotiationPacket packet(
GetServerConnectionIdAsRecipient(header, perspective_));
// Try reading at least once to raise error if the packet is invalid.
do {
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read supported version in negotiation.");
RecordDroppedPacketReason(
DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET);
return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
}
packet.versions.push_back(ParseQuicVersionLabel(version_label));
} while (!reader->IsDoneReading());
QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: "
<< ParsedQuicVersionVectorToString(packet.versions);
visitor_->OnVersionNegotiationPacket(packet);
return true;
}
bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader,
const QuicPacketHeader& header) {
DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
// Parse Original Destination Connection ID Length.
uint8_t odcil = header.type_byte & 0xf;
if (odcil != 0) {
odcil += kConnectionIdLengthAdjustment;
}
// Parse Original Destination Connection ID.
QuicConnectionId original_destination_connection_id;
if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) {
set_detailed_error("Unable to read Original Destination ConnectionId.");
return false;
}
QuicStringPiece retry_token = reader->ReadRemainingPayload();
visitor_->OnRetryPacket(original_destination_connection_id,
header.source_connection_id, retry_token);
return true;
}
bool QuicFramer::MaybeProcessIetfInitialRetryToken(
QuicDataReader* encrypted_reader,
QuicPacketHeader* header) {
if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) ||
header->form != IETF_QUIC_LONG_HEADER_PACKET ||
header->long_packet_type != INITIAL) {
return true;
}
uint64_t retry_token_length = 0;
header->retry_token_length_length = encrypted_reader->PeekVarInt62Length();
if (!encrypted_reader->ReadVarInt62(&retry_token_length)) {
set_detailed_error("Unable to read INITIAL retry token length.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->retry_token = encrypted_reader->PeekRemainingPayload();
// Safety check to avoid spending ressources if malformed.
// At this point header->retry_token contains the rest of the packet
// so its length() is the amount of data remaining in the packet.
if (retry_token_length > header->retry_token.length()) {
set_detailed_error("INITIAL token length longer than packet.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
// Resize retry_token to make it only contain the retry token.
header->retry_token.remove_suffix(header->retry_token.length() -
retry_token_length);
// Advance encrypted_reader by retry_token_length.
uint8_t wasted_byte;
for (uint64_t i = 0; i < retry_token_length; ++i) {
if (!encrypted_reader->ReadUInt8(&wasted_byte)) {
set_detailed_error("Unable to read INITIAL retry token.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
}
return true;
}
// Seeks the current packet to check for a coalesced packet at the end.
// If the IETF length field only spans part of the outer packet,
// then there is a coalesced packet after this one.
void QuicFramer::MaybeProcessCoalescedPacket(
const QuicDataReader& encrypted_reader,
uint64_t remaining_bytes_length,
const QuicPacketHeader& header) {
if (header.remaining_packet_length >= remaining_bytes_length) {
// There is no coalesced packet.
return;
}
QuicStringPiece remaining_data = encrypted_reader.PeekRemainingPayload();
DCHECK_EQ(remaining_data.length(), remaining_bytes_length);
const char* coalesced_data =
remaining_data.data() + header.remaining_packet_length;
uint64_t coalesced_data_length =
remaining_bytes_length - header.remaining_packet_length;
QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length);
QuicPacketHeader coalesced_header;
if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) {
QUIC_PEER_BUG << ENDPOINT
<< "Failed to parse received coalesced header of length "
<< coalesced_data_length << ": "
<< QuicTextUtils::HexEncode(coalesced_data,
coalesced_data_length)
<< " previous header was " << header;
return;
}
if (coalesced_header.destination_connection_id !=
header.destination_connection_id ||
(coalesced_header.form != IETF_QUIC_SHORT_HEADER_PACKET &&
coalesced_header.version != header.version)) {
QUIC_PEER_BUG << ENDPOINT << "Received mismatched coalesced header "
<< coalesced_header << " previous header was " << header;
return;
}
QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length,
/*owns_buffer=*/false);
visitor_->OnCoalescedPacket(coalesced_packet);
}
bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader,
QuicPacketHeader* header) {
if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) ||
header->form != IETF_QUIC_LONG_HEADER_PACKET ||
(header->long_packet_type != INITIAL &&
header->long_packet_type != HANDSHAKE &&
header->long_packet_type != ZERO_RTT_PROTECTED)) {
return true;
}
header->length_length = encrypted_reader->PeekVarInt62Length();
if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) {
set_detailed_error("Unable to read long header payload length.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining();
if (header->remaining_packet_length > remaining_bytes_length) {
set_detailed_error("Long header payload length longer than packet.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length,
*header);
if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) {
set_detailed_error("Length TruncateRemaining failed.");
QUIC_BUG << "Length TruncateRemaining failed.";
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
return true;
}
bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader,
QuicPacketHeader* header,
const QuicEncryptedPacket& packet,
char* decrypted_buffer,
size_t buffer_length) {
DCHECK_NE(GOOGLE_QUIC_PACKET, header->form);
DCHECK(!header->has_possible_stateless_reset_token);
header->retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0;
header->retry_token = QuicStringPiece();
header->length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0;
header->remaining_packet_length = 0;
if (header->form == IETF_QUIC_SHORT_HEADER_PACKET &&
perspective_ == Perspective::IS_CLIENT) {
// Peek possible stateless reset token. Will only be used on decryption
// failure.
QuicStringPiece remaining = encrypted_reader->PeekRemainingPayload();
if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) {
header->has_possible_stateless_reset_token = true;
memcpy(&header->possible_stateless_reset_token,
&remaining.data()[remaining.length() -
sizeof(header->possible_stateless_reset_token)],
sizeof(header->possible_stateless_reset_token));
}
}
if (!MaybeProcessIetfInitialRetryToken(encrypted_reader, header)) {
return false;
}
if (!MaybeProcessIetfLength(encrypted_reader, header)) {
return false;
}
QuicStringPiece associated_data;
std::vector<char> ad_storage;
if (header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
header->long_packet_type != VERSION_NEGOTIATION) {
DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
header->long_packet_type == INITIAL ||
header->long_packet_type == HANDSHAKE ||
header->long_packet_type == ZERO_RTT_PROTECTED);
// Process packet number.
QuicPacketNumber base_packet_number;
if (supports_multiple_packet_number_spaces_) {
PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
if (pn_space == NUM_PACKET_NUMBER_SPACES) {
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
base_packet_number = largest_decrypted_packet_numbers_[pn_space];
} else {
base_packet_number = largest_packet_number_;
}
uint64_t full_packet_number;
bool hp_removal_failed = false;
if (version_.HasHeaderProtection()) {
if (!RemoveHeaderProtection(encrypted_reader, packet, header,
&full_packet_number, &ad_storage)) {
hp_removal_failed = true;
}
associated_data = QuicStringPiece(ad_storage.data(), ad_storage.size());
} else if (!ProcessAndCalculatePacketNumber(
encrypted_reader, header->packet_number_length,
base_packet_number, &full_packet_number)) {
set_detailed_error("Unable to read packet number.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (hp_removal_failed ||
!IsValidFullPacketNumber(full_packet_number, transport_version())) {
if (IsIetfStatelessResetPacket(*header)) {
// This is a stateless reset packet.
QuicIetfStatelessResetPacket packet(
*header, header->possible_stateless_reset_token);
visitor_->OnAuthenticatedIetfStatelessResetPacket(packet);
return true;
}
if (hp_removal_failed) {
set_detailed_error("Unable to decrypt header protection.");
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
set_detailed_error("packet numbers cannot be 0.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->packet_number = QuicPacketNumber(full_packet_number);
}
// A nonce should only present in SHLO from the server to the client when
// using QUIC crypto.
if (header->form == IETF_QUIC_LONG_HEADER_PACKET &&
header->long_packet_type == ZERO_RTT_PROTECTED &&
perspective_ == Perspective::IS_CLIENT &&
version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
if (!encrypted_reader->ReadBytes(
reinterpret_cast<uint8_t*>(last_nonce_.data()),
last_nonce_.size())) {
set_detailed_error("Unable to read nonce.");
RecordDroppedPacketReason(
DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->nonce = &last_nonce_;
} else {
header->nonce = nullptr;
}
if (!visitor_->OnUnauthenticatedHeader(*header)) {
set_detailed_error(
"Visitor asked to stop processing of unauthenticated header.");
return false;
}
QuicStringPiece encrypted = encrypted_reader->ReadRemainingPayload();
if (!version_.HasHeaderProtection()) {
associated_data = GetAssociatedDataFromEncryptedPacket(
version_.transport_version, packet,
GetIncludedDestinationConnectionIdLength(*header),
GetIncludedSourceConnectionIdLength(*header), header->version_flag,
header->nonce != nullptr, header->packet_number_length,
header->retry_token_length_length, header->retry_token.length(),
header->length_length);
}
size_t decrypted_length = 0;
EncryptionLevel decrypted_level;
if (!DecryptPayload(encrypted, associated_data, *header, decrypted_buffer,
buffer_length, &decrypted_length, &decrypted_level)) {
if (IsIetfStatelessResetPacket(*header)) {
// This is a stateless reset packet.
QuicIetfStatelessResetPacket packet(
*header, header->possible_stateless_reset_token);
visitor_->OnAuthenticatedIetfStatelessResetPacket(packet);
return true;
}
set_detailed_error("Unable to decrypt payload.");
RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
QuicDataReader reader(decrypted_buffer, decrypted_length);
// Update the largest packet number after we have decrypted the packet
// so we are confident is not attacker controlled.
if (supports_multiple_packet_number_spaces_) {
largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
decrypted_level)]
.UpdateMax(header->packet_number);
} else {
largest_packet_number_.UpdateMax(header->packet_number);
}
if (!visitor_->OnPacketHeader(*header)) {
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
// The visitor suppresses further processing of the packet.
return true;
}
if (packet.length() > kMaxIncomingPacketSize) {
set_detailed_error("Packet too large.");
return RaiseError(QUIC_PACKET_TOO_LARGE);
}
// Handle the payload.
if (version_.transport_version == QUIC_VERSION_99) {
if (!ProcessIetfFrameData(&reader, *header)) {
DCHECK_NE(QUIC_NO_ERROR, error_); // ProcessIetfFrameData sets the error.
DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
} else {
if (!ProcessFrameData(&reader, *header)) {
DCHECK_NE(QUIC_NO_ERROR, error_); // ProcessFrameData sets the error.
DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
}
visitor_->OnPacketComplete();
return true;
}
bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader,
QuicPacketHeader* header,
const QuicEncryptedPacket& packet,
char* decrypted_buffer,
size_t buffer_length) {
if (!ProcessUnauthenticatedHeader(encrypted_reader, header)) {
DCHECK_NE("", detailed_error_);
QUIC_DVLOG(1)
<< ENDPOINT
<< "Unable to process packet header. Stopping parsing. Error: "
<< detailed_error_;
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
return false;
}
QuicStringPiece encrypted = encrypted_reader->ReadRemainingPayload();
QuicStringPiece associated_data = GetAssociatedDataFromEncryptedPacket(
version_.transport_version, packet,
GetIncludedDestinationConnectionIdLength(*header),
GetIncludedSourceConnectionIdLength(*header), header->version_flag,
header->nonce != nullptr, header->packet_number_length,
header->retry_token_length_length, header->retry_token.length(),
header->length_length);
size_t decrypted_length = 0;
EncryptionLevel decrypted_level;
if (!DecryptPayload(encrypted, associated_data, *header, decrypted_buffer,
buffer_length, &decrypted_length, &decrypted_level)) {
RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
set_detailed_error("Unable to decrypt payload.");
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
QuicDataReader reader(decrypted_buffer, decrypted_length);
// Update the largest packet number after we have decrypted the packet
// so we are confident is not attacker controlled.
if (supports_multiple_packet_number_spaces_) {
largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
decrypted_level)]
.UpdateMax(header->packet_number);
} else {
largest_packet_number_.UpdateMax(header->packet_number);
}
if (!visitor_->OnPacketHeader(*header)) {
// The visitor suppresses further processing of the packet.
return true;
}
if (packet.length() > kMaxIncomingPacketSize) {
set_detailed_error("Packet too large.");
return RaiseError(QUIC_PACKET_TOO_LARGE);
}
// Handle the payload.
if (!ProcessFrameData(&reader, *header)) {
DCHECK_NE(QUIC_NO_ERROR, error_); // ProcessFrameData sets the error.
DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
visitor_->OnPacketComplete();
return true;
}
bool QuicFramer::ProcessPublicResetPacket(QuicDataReader* reader,
const QuicPacketHeader& header) {
QuicPublicResetPacket packet(
GetServerConnectionIdAsRecipient(header, perspective_));
std::unique_ptr<CryptoHandshakeMessage> reset(
CryptoFramer::ParseMessage(reader->ReadRemainingPayload()));
if (!reset.get()) {
set_detailed_error("Unable to read reset message.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
if (reset->tag() != kPRST) {
set_detailed_error("Incorrect message tag.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
if (reset->GetUint64(kRNON, &packet.nonce_proof) != QUIC_NO_ERROR) {
set_detailed_error("Unable to read nonce proof.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
// TODO(satyamshekhar): validate nonce to protect against DoS.
QuicStringPiece address;
if (reset->GetStringPiece(kCADR, &address)) {
QuicSocketAddressCoder address_coder;
if (address_coder.Decode(address.data(), address.length())) {
packet.client_address =
QuicSocketAddress(address_coder.ip(), address_coder.port());
}
}
QuicStringPiece endpoint_id;
if (perspective_ == Perspective::IS_CLIENT &&
reset->GetStringPiece(kEPID, &endpoint_id)) {
packet.endpoint_id = std::string(endpoint_id);
packet.endpoint_id += '\0';
}
visitor_->OnPublicResetPacket(packet);
return true;
}
bool QuicFramer::IsIetfStatelessResetPacket(
const QuicPacketHeader& header) const {
QUIC_BUG_IF(header.has_possible_stateless_reset_token &&
perspective_ != Perspective::IS_CLIENT)
<< "has_possible_stateless_reset_token can only be true at client side.";
return header.form == IETF_QUIC_SHORT_HEADER_PACKET &&
header.has_possible_stateless_reset_token &&
visitor_->IsValidStatelessResetToken(
header.possible_stateless_reset_token);
}
bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const {
return encrypter_[level] != nullptr;
}
bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t* length_field_offset) {
if (transport_version() > QUIC_VERSION_43) {
return AppendIetfPacketHeader(header, writer, length_field_offset);
}
QUIC_DVLOG(1) << ENDPOINT << "Appending header: " << header;
uint8_t public_flags = 0;
if (header.reset_flag) {
public_flags |= PACKET_PUBLIC_FLAGS_RST;
}
if (header.version_flag) {
public_flags |= PACKET_PUBLIC_FLAGS_VERSION;
}
public_flags |= GetPacketNumberFlags(header.packet_number_length)
<< kPublicHeaderSequenceNumberShift;
if (header.nonce != nullptr) {
DCHECK_EQ(Perspective::IS_SERVER, perspective_);
public_flags |= PACKET_PUBLIC_FLAGS_NONCE;
}
QuicConnectionId server_connection_id =
GetServerConnectionIdAsSender(header, perspective_);
QuicConnectionIdIncluded server_connection_id_included =
GetServerConnectionIdIncludedAsSender(header, perspective_);
DCHECK_EQ(CONNECTION_ID_ABSENT,
GetClientConnectionIdIncludedAsSender(header, perspective_));
switch (server_connection_id_included) {
case CONNECTION_ID_ABSENT:
if (!writer->WriteUInt8(public_flags |
PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID)) {
return false;
}
break;
case CONNECTION_ID_PRESENT:
QUIC_BUG_IF(!QuicUtils::IsConnectionIdValidForVersion(
server_connection_id, transport_version()))
<< "AppendPacketHeader: attempted to use connection ID "
<< server_connection_id << " which is invalid with version "
<< QuicVersionToString(transport_version());
public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID;
if (perspective_ == Perspective::IS_CLIENT) {
public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD;
}
if (!writer->WriteUInt8(public_flags) ||
!writer->WriteConnectionId(server_connection_id)) {
return false;
}
break;
}
last_serialized_server_connection_id_ = server_connection_id;
if (header.version_flag) {
DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
// TODO(rch): Use WriteUInt32() once QUIC_VERSION_35 is removed.
if (!writer->WriteTag(QuicEndian::NetToHost32(version_label))) {
return false;
}
QUIC_DVLOG(1) << ENDPOINT << "label = '"
<< QuicVersionLabelToString(version_label) << "'";
}
if (header.nonce != nullptr &&
!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
return false;
}
if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
writer)) {
return false;
}
return true;
}
bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header,
QuicDataWriter* writer) {
uint8_t type = 0;
if (transport_version() > QUIC_VERSION_44) {
if (header.version_flag) {
type = static_cast<uint8_t>(
FLAGS_LONG_HEADER | FLAGS_FIXED_BIT |
LongHeaderTypeToOnWireValue(transport_version(),
header.long_packet_type) |
PacketNumberLengthToOnWireValue(transport_version(),
header.packet_number_length));
} else {
type = static_cast<uint8_t>(
FLAGS_FIXED_BIT |
PacketNumberLengthToOnWireValue(transport_version(),
header.packet_number_length));
}
return writer->WriteUInt8(type);
}
if (header.version_flag) {
type = static_cast<uint8_t>(
FLAGS_LONG_HEADER | LongHeaderTypeToOnWireValue(
transport_version(), header.long_packet_type));
DCHECK_EQ(PACKET_4BYTE_PACKET_NUMBER, header.packet_number_length);
} else {
type |= FLAGS_SHORT_HEADER_RESERVED_1;
type |= FLAGS_SHORT_HEADER_RESERVED_2;
DCHECK_GE(PACKET_4BYTE_PACKET_NUMBER, header.packet_number_length);
type |= PacketNumberLengthToOnWireValue(transport_version(),
header.packet_number_length);
}
return writer->WriteUInt8(type);
}
bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t* length_field_offset) {
QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header;
QuicConnectionId server_connection_id =
GetServerConnectionIdAsSender(header, perspective_);
QUIC_BUG_IF(!QuicUtils::IsConnectionIdValidForVersion(server_connection_id,
transport_version()))
<< "AppendIetfPacketHeader: attempted to use connection ID "
<< server_connection_id << " which is invalid with version "
<< QuicVersionToString(transport_version());
if (!AppendIetfHeaderTypeByte(header, writer)) {
return false;
}
if (header.version_flag) {
// Append version for long header.
QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
// TODO(rch): Use WriteUInt32() once QUIC_VERSION_35 is removed.
if (!writer->WriteTag(QuicEndian::NetToHost32(version_label))) {
return false;
}
}
// Append connection ID.
if (!AppendIetfConnectionIds(
header.version_flag,
header.destination_connection_id_included != CONNECTION_ID_ABSENT
? header.destination_connection_id
: EmptyQuicConnectionId(),
header.source_connection_id_included != CONNECTION_ID_ABSENT
? header.source_connection_id
: EmptyQuicConnectionId(),
writer)) {
return false;
}
last_serialized_server_connection_id_ = server_connection_id;
if (version_.SupportsClientConnectionIds()) {
last_serialized_client_connection_id_ = GetClientConnectionIdAsSender(header, perspective_);
}
if (QuicVersionHasLongHeaderLengths(transport_version()) &&
header.version_flag) {
if (header.long_packet_type == INITIAL) {
// Write retry token length.
if (!writer->WriteVarInt62(header.retry_token.length(),
header.retry_token_length_length)) {
return false;
}
// Write retry token.
if (!header.retry_token.empty() &&
!writer->WriteStringPiece(header.retry_token)) {
return false;
}
}
if (length_field_offset != nullptr) {
*length_field_offset = writer->length();
}
// Add fake length to reserve two bytes to add length in later.
writer->WriteVarInt62(256);
} else if (length_field_offset != nullptr) {
*length_field_offset = 0;
}
// Append packet number.
if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
writer)) {
return false;
}
last_written_packet_number_length_ = header.packet_number_length;
if (!header.version_flag) {
return true;
}
if (header.nonce != nullptr) {
DCHECK(header.version_flag);
DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type);
DCHECK_EQ(Perspective::IS_SERVER, perspective_);
if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
return false;
}
}
return true;
}
const QuicTime::Delta QuicFramer::CalculateTimestampFromWire(
uint32_t time_delta_us) {
// The new time_delta might have wrapped to the next epoch, or it
// might have reverse wrapped to the previous epoch, or it might
// remain in the same epoch. Select the time closest to the previous
// time.
//
// epoch_delta is the delta between epochs. A delta is 4 bytes of
// microseconds.
const uint64_t epoch_delta = UINT64_C(1) << 32;
uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1);
// Wrapping is safe here because a wrapped value will not be ClosestTo below.
uint64_t prev_epoch = epoch - epoch_delta;
uint64_t next_epoch = epoch + epoch_delta;
uint64_t time = ClosestTo(
last_timestamp_.ToMicroseconds(), epoch + time_delta_us,
ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us,
next_epoch + time_delta_us));
return QuicTime::Delta::FromMicroseconds(time);
}
uint64_t QuicFramer::CalculatePacketNumberFromWire(
QuicPacketNumberLength packet_number_length,
QuicPacketNumber base_packet_number,
uint64_t packet_number) const {
// The new packet number might have wrapped to the next epoch, or
// it might have reverse wrapped to the previous epoch, or it might
// remain in the same epoch. Select the packet number closest to the
// next expected packet number, the previous packet number plus 1.
// epoch_delta is the delta between epochs the packet number was serialized
// with, so the correct value is likely the same epoch as the last sequence
// number or an adjacent epoch.
if (!base_packet_number.IsInitialized()) {
return packet_number;
}
const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length);
uint64_t next_packet_number = base_packet_number.ToUint64() + 1;
uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1);
uint64_t prev_epoch = epoch - epoch_delta;
uint64_t next_epoch = epoch + epoch_delta;
return ClosestTo(next_packet_number, epoch + packet_number,
ClosestTo(next_packet_number, prev_epoch + packet_number,
next_epoch + packet_number));
}
bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader,
bool packet_has_ietf_packet_header,
QuicPacketHeader* header) {
if (packet_has_ietf_packet_header) {
return ProcessIetfPacketHeader(reader, header);
}
uint8_t public_flags;
if (!reader->ReadBytes(&public_flags, 1)) {
set_detailed_error("Unable to read public flags.");
return false;
}
header->reset_flag = (public_flags & PACKET_PUBLIC_FLAGS_RST) != 0;
header->version_flag = (public_flags & PACKET_PUBLIC_FLAGS_VERSION) != 0;
if (validate_flags_ && !header->version_flag &&
public_flags > PACKET_PUBLIC_FLAGS_MAX) {
set_detailed_error("Illegal public flags value.");
return false;
}
if (header->reset_flag && header->version_flag) {
set_detailed_error("Got version flag in reset packet");
return false;
}
QuicConnectionId* header_connection_id = &header->destination_connection_id;
QuicConnectionIdIncluded* header_connection_id_included =
&header->destination_connection_id_included;
if (perspective_ == Perspective::IS_CLIENT &&
GetQuicRestartFlag(quic_do_not_override_connection_id)) {
header_connection_id = &header->source_connection_id;
header_connection_id_included = &header->source_connection_id_included;
}
switch (public_flags & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) {
case PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID:
if (!reader->ReadConnectionId(header_connection_id,
kQuicDefaultConnectionIdLength)) {
set_detailed_error("Unable to read ConnectionId.");
return false;
}
*header_connection_id_included = CONNECTION_ID_PRESENT;
break;
case PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID:
*header_connection_id_included = CONNECTION_ID_ABSENT;
*header_connection_id = last_serialized_server_connection_id_;
break;
}
header->packet_number_length = ReadSequenceNumberLength(
public_flags >> kPublicHeaderSequenceNumberShift);
// Read the version only if the packet is from the client.
// version flag from the server means version negotiation packet.
if (header->version_flag && perspective_ == Perspective::IS_SERVER) {
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read protocol version.");
return false;
}
// If the version from the new packet is the same as the version of this
// framer, then the public flags should be set to something we understand.
// If not, this raises an error.
last_version_label_ = version_label;
ParsedQuicVersion version = ParseQuicVersionLabel(version_label);
if (version == version_ && public_flags > PACKET_PUBLIC_FLAGS_MAX) {
set_detailed_error("Illegal public flags value.");
return false;
}
header->version = version;
}
// A nonce should only be present in packets from the server to the client,
// which are neither version negotiation nor public reset packets.
if (public_flags & PACKET_PUBLIC_FLAGS_NONCE &&
!(public_flags & PACKET_PUBLIC_FLAGS_VERSION) &&
!(public_flags & PACKET_PUBLIC_FLAGS_RST) &&
// The nonce flag from a client is ignored and is assumed to be an older
// client indicating an eight-byte connection ID.
perspective_ == Perspective::IS_CLIENT) {
if (!reader->ReadBytes(reinterpret_cast<uint8_t*>(last_nonce_.data()),
last_nonce_.size())) {
set_detailed_error("Unable to read nonce.");
return false;
}
header->nonce = &last_nonce_;
} else {
header->nonce = nullptr;
}
return true;
}
// static
QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength(
QuicTransportVersion version,
QuicPacketNumber packet_number) {
DCHECK(packet_number.IsInitialized());
if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) {
return PACKET_1BYTE_PACKET_NUMBER;
} else if (packet_number <
QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) {
return PACKET_2BYTE_PACKET_NUMBER;
} else if (packet_number <
QuicPacketNumber(UINT64_C(1)
<< (PACKET_4BYTE_PACKET_NUMBER * 8))) {
return PACKET_4BYTE_PACKET_NUMBER;
} else {
return PACKET_6BYTE_PACKET_NUMBER;
}
}
// static
uint8_t QuicFramer::GetPacketNumberFlags(
QuicPacketNumberLength packet_number_length) {
switch (packet_number_length) {
case PACKET_1BYTE_PACKET_NUMBER:
return PACKET_FLAGS_1BYTE_PACKET;
case PACKET_2BYTE_PACKET_NUMBER:
return PACKET_FLAGS_2BYTE_PACKET;
case PACKET_4BYTE_PACKET_NUMBER:
return PACKET_FLAGS_4BYTE_PACKET;
case PACKET_6BYTE_PACKET_NUMBER:
case PACKET_8BYTE_PACKET_NUMBER:
return PACKET_FLAGS_8BYTE_PACKET;
default:
QUIC_BUG << "Unreachable case statement.";
return PACKET_FLAGS_8BYTE_PACKET;
}
}
// static
QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
const QuicAckFrame& frame) {
AckFrameInfo new_ack_info;
if (frame.packets.Empty()) {
return new_ack_info;
}
// The first block is the last interval. It isn't encoded with the gap-length
// encoding, so skip it.
new_ack_info.first_block_length = frame.packets.LastIntervalLength();
auto itr = frame.packets.rbegin();
QuicPacketNumber previous_start = itr->min();
new_ack_info.max_block_length = PacketNumberIntervalLength(*itr);
++itr;
// Don't do any more work after getting information for 256 ACK blocks; any
// more can't be encoded anyway.
for (; itr != frame.packets.rend() &&
new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max();
previous_start = itr->min(), ++itr) {
const auto& interval = *itr;
const QuicPacketCount total_gap = previous_start - interval.max();
new_ack_info.num_ack_blocks +=
(total_gap + std::numeric_limits<uint8_t>::max() - 1) /
std::numeric_limits<uint8_t>::max();
new_ack_info.max_block_length = std::max(
new_ack_info.max_block_length, PacketNumberIntervalLength(interval));
}
return new_ack_info;
}
bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader,
QuicPacketHeader* header) {
QuicPacketNumber base_packet_number;
if (supports_multiple_packet_number_spaces_) {
PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
if (pn_space == NUM_PACKET_NUMBER_SPACES) {
set_detailed_error("Unable to determine packet number space.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
base_packet_number = largest_decrypted_packet_numbers_[pn_space];
} else {
base_packet_number = largest_packet_number_;
}
uint64_t full_packet_number;
if (!ProcessAndCalculatePacketNumber(
encrypted_reader, header->packet_number_length, base_packet_number,
&full_packet_number)) {
set_detailed_error("Unable to read packet number.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (!IsValidFullPacketNumber(full_packet_number, transport_version())) {
set_detailed_error("packet numbers cannot be 0.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->packet_number = QuicPacketNumber(full_packet_number);
if (!visitor_->OnUnauthenticatedHeader(*header)) {
set_detailed_error(
"Visitor asked to stop processing of unauthenticated header.");
return false;
}
// The function we are in is called because the framer believes that it is
// processing a packet that uses the non-IETF (i.e. Google QUIC) packet header
// type. Usually, the framer makes that decision based on the framer's
// version, but when the framer is used with Perspective::IS_SERVER, then
// before version negotiation is complete (specifically, before
// InferPacketHeaderTypeFromVersion is called), this decision is made based on
// the type byte of the packet.
//
// If the framer's version KnowsWhichDecrypterToUse, then that version expects
// to use the IETF packet header type. If that's the case and we're in this
// function, then the packet received is invalid: the framer was expecting an
// IETF packet header and didn't get one.
if (version().KnowsWhichDecrypterToUse()) {
set_detailed_error("Invalid public header type for expected version.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
return true;
}
bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader,
QuicPacketHeader* header) {
uint8_t type;
if (!reader->ReadBytes(&type, 1)) {
set_detailed_error("Unable to read type.");
return false;
}
header->type_byte = type;
// Determine whether this is a long or short header.
header->form = GetIetfPacketHeaderFormat(type);
if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
// Version is always present in long headers.
header->version_flag = true;
// Long header packets received by client must include 8-byte source
// connection ID, and those received by server must include 8-byte
// destination connection ID.
header->destination_connection_id_included =
(perspective_ == Perspective::IS_SERVER ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
header->source_connection_id_included =
(perspective_ == Perspective::IS_CLIENT ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
// Read version tag.
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read protocol version.");
return false;
}
if (!version_label) {
// Version label is 0 indicating this is a version negotiation packet.
header->long_packet_type = VERSION_NEGOTIATION;
} else {
header->version = ParseQuicVersionLabel(version_label);
if (header->version.transport_version != QUIC_VERSION_UNSUPPORTED) {
if (header->version.transport_version > QUIC_VERSION_44 &&
!(type & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in long header.");
return false;
}
if (!GetLongHeaderType(header->version.transport_version, type,
&header->long_packet_type)) {
set_detailed_error("Illegal long header type value.");
return false;
}
if (header->long_packet_type == RETRY) {
if (!version().SupportsRetry()) {
set_detailed_error("RETRY not supported in this version.");
return false;
}
if (perspective_ == Perspective::IS_SERVER) {
set_detailed_error("Client-initiated RETRY is invalid.");
return false;
}
} else if (!header->version.HasHeaderProtection()) {
header->packet_number_length = GetLongHeaderPacketNumberLength(
header->version.transport_version, type);
}
}
}
if (header->long_packet_type != VERSION_NEGOTIATION) {
// Do not save version of version negotiation packet.
last_version_label_ = version_label;
}
QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: "
<< QuicUtils::QuicLongHeaderTypetoString(
header->long_packet_type);
return true;
}
QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header";
// Version is not present in short headers.
header->version_flag = false;
// Connection ID length depends on the perspective. Client does not expect
// destination connection ID, and server expects destination connection ID.
header->destination_connection_id_included =
(perspective_ == Perspective::IS_SERVER ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
header->source_connection_id_included = CONNECTION_ID_ABSENT;
if (infer_packet_header_type_from_version_ &&
transport_version() > QUIC_VERSION_44 && !(type & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in short header.");
return false;
}
if (!header->version.HasHeaderProtection() &&
!GetShortHeaderPacketNumberLength(transport_version(), type,
infer_packet_header_type_from_version_,
&header->packet_number_length)) {
set_detailed_error("Illegal short header type value.");
return false;
}
QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length;
return true;
}
// static
bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader,
QuicVersionLabel* version_label) {
if (!reader->ReadTag(version_label)) {
return false;
}
// TODO(rch): Use ReadUInt32() once QUIC_VERSION_35 is removed.
*version_label = QuicEndian::NetToHost32(*version_label);
return true;
}
// static
bool QuicFramer::ProcessAndValidateIetfConnectionIdLength(
QuicDataReader* reader,
ParsedQuicVersion version,
Perspective perspective,
bool should_update_expected_server_connection_id_length,
uint8_t* expected_server_connection_id_length,
uint8_t* destination_connection_id_length,
uint8_t* source_connection_id_length,
std::string* detailed_error) {
QUIC_LOG(ERROR) << "ds33 should_update_expected_server_connection_id_length "
<< (should_update_expected_server_connection_id_length ? "Y"
: "N")
<< " expected_server_connection_id_length "
<< (int)*expected_server_connection_id_length
<< " destination_connection_id_length "
<< (int)*destination_connection_id_length
<< " source_connection_id_length "
<< (int)*source_connection_id_length;
uint8_t connection_id_lengths_byte;
if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) {
*detailed_error = "Unable to read ConnectionId length.";
return false;
}
uint8_t dcil =
(connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
if (dcil != 0) {
dcil += kConnectionIdLengthAdjustment;
}
uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask;
if (scil != 0) {
scil += kConnectionIdLengthAdjustment;
}
if (should_update_expected_server_connection_id_length) {
uint8_t server_connection_id_length =
perspective == Perspective::IS_SERVER ? dcil : scil;
if (*expected_server_connection_id_length != server_connection_id_length) {
QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: "
<< static_cast<int>(*expected_server_connection_id_length)
<< " -> " << static_cast<int>(server_connection_id_length);
*expected_server_connection_id_length = server_connection_id_length;
}
}
if (!should_update_expected_server_connection_id_length &&
(dcil != *destination_connection_id_length ||
scil != *source_connection_id_length) &&
!QuicUtils::VariableLengthConnectionIdAllowedForVersion(
version.transport_version)) {
// TODO(dschinazi): use the framer's version once the
// OnProtocolVersionMismatch call is moved to before this is run.
QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil)
<< ", scil: " << static_cast<uint32_t>(scil);
*detailed_error = "Invalid ConnectionId length.";
return false;
}
*destination_connection_id_length = dcil;
*source_connection_id_length = scil;
return true;
}
bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader,
QuicPacketHeader* header) {
if (!ProcessIetfHeaderTypeByte(reader, header)) {
return false;
}
uint8_t destination_connection_id_length =
header->destination_connection_id_included == CONNECTION_ID_PRESENT
? (perspective_ == Perspective::IS_SERVER
? expected_server_connection_id_length_
: expected_client_connection_id_length_)
: 0;
uint8_t source_connection_id_length =
header->source_connection_id_included == CONNECTION_ID_PRESENT
? (perspective_ == Perspective::IS_CLIENT
? expected_server_connection_id_length_
: expected_client_connection_id_length_)
: 0;
QUIC_LOG(ERROR) << ENDPOINT
<< "ds33 should_update_expected_server_connection_id_length_ "
<< (should_update_expected_server_connection_id_length_ ? "Y"
: "N")
<< " expected_server_connection_id_length_ "
<< (int)expected_server_connection_id_length_
<< " expected_client_connection_id_length_ "
<< (int)expected_client_connection_id_length_
<< " destination_connection_id_length "
<< (int)destination_connection_id_length
<< " source_connection_id_length "
<< (int)source_connection_id_length << " header " << *header;
if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
if (!ProcessAndValidateIetfConnectionIdLength(
reader, header->version, perspective_,
should_update_expected_server_connection_id_length_,
&expected_server_connection_id_length_,
&destination_connection_id_length, &source_connection_id_length,
&detailed_error_)) {
return false;
}
}
DCHECK_LE(destination_connection_id_length, kQuicMaxConnectionIdLength);
DCHECK_LE(source_connection_id_length, kQuicMaxConnectionIdLength);
// Read connection ID.
if (!reader->ReadConnectionId(&header->destination_connection_id,
destination_connection_id_length)) {
set_detailed_error("Unable to read Destination ConnectionId.");
return false;
}
if (!reader->ReadConnectionId(&header->source_connection_id,
source_connection_id_length)) {
set_detailed_error("Unable to read Source ConnectionId.");
return false;
}
if (!GetQuicRestartFlag(quic_do_not_override_connection_id)) {
if (header->source_connection_id_included == CONNECTION_ID_PRESENT) {
DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
DCHECK_EQ(IETF_QUIC_LONG_HEADER_PACKET, header->form);
if (!header->destination_connection_id.IsEmpty()) {
set_detailed_error("Client connection ID not supported yet.");
return false;
}
// Set destination connection ID to source connection ID.
header->destination_connection_id = header->source_connection_id;
} else if (header->destination_connection_id_included ==
CONNECTION_ID_ABSENT) {
header->destination_connection_id = last_serialized_server_connection_id_;
}
} else {
QUIC_RESTART_FLAG_COUNT_N(quic_do_not_override_connection_id, 5, 5);
if (header->source_connection_id_included == CONNECTION_ID_ABSENT) {
DCHECK_EQ(EmptyQuicConnectionId(), header->source_connection_id);
if (perspective_ == Perspective::IS_CLIENT) {
header->source_connection_id = last_serialized_server_connection_id_;
} else {
header->source_connection_id = last_serialized_client_connection_id_;
}
}
}
return true;
}
bool QuicFramer::ProcessAndCalculatePacketNumber(
QuicDataReader* reader,
QuicPacketNumberLength packet_number_length,
QuicPacketNumber base_packet_number,
uint64_t* packet_number) {
uint64_t wire_packet_number;
if (!reader->ReadBytesToUInt64(packet_number_length, &wire_packet_number)) {
return false;
}
// TODO(ianswett): Explore the usefulness of trying multiple packet numbers
// in case the first guess is incorrect.
*packet_number = CalculatePacketNumberFromWire(
packet_number_length, base_packet_number, wire_packet_number);
return true;
}
bool QuicFramer::ProcessFrameData(QuicDataReader* reader,
const QuicPacketHeader& header) {
DCHECK_NE(QUIC_VERSION_99, version_.transport_version)
<< "Version 99 negotiated, but not processing frames as version 99.";
if (reader->IsDoneReading()) {
set_detailed_error("Packet has no frames.");
return RaiseError(QUIC_MISSING_PAYLOAD);
}
while (!reader->IsDoneReading()) {
uint8_t frame_type;
if (!reader->ReadBytes(&frame_type, 1)) {
set_detailed_error("Unable to read frame type.");
return RaiseError(QUIC_INVALID_FRAME_DATA);
}
const uint8_t special_mask = transport_version() <= QUIC_VERSION_44
? kQuicFrameTypeBrokenMask
: kQuicFrameTypeSpecialMask;
if (frame_type & special_mask) {
// Stream Frame
if (frame_type & kQuicFrameTypeStreamMask) {
QuicStreamFrame frame;
if (!ProcessStreamFrame(reader, frame_type, &frame)) {
return RaiseError(QUIC_INVALID_STREAM_DATA);
}
if (!visitor_->OnStreamFrame(frame)) {
QUIC_DVLOG(1) << ENDPOINT
<< "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
// Ack Frame
if (frame_type & kQuicFrameTypeAckMask) {
if (!ProcessAckFrame(reader, frame_type)) {
return RaiseError(QUIC_INVALID_ACK_DATA);
}
continue;
}
// This was a special frame type that did not match any
// of the known ones. Error.
set_detailed_error("Illegal frame type.");
QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: "
<< static_cast<int>(frame_type);
return RaiseError(QUIC_INVALID_FRAME_DATA);
}
switch (frame_type) {
case PADDING_FRAME: {
QuicPaddingFrame frame;
ProcessPaddingFrame(reader, &frame);
if (!visitor_->OnPaddingFrame(frame)) {
QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
case RST_STREAM_FRAME: {
QuicRstStreamFrame frame;
if (!ProcessRstStreamFrame(reader, &frame)) {
return RaiseError(QUIC_INVALID_RST_STREAM_DATA);
}
if (!visitor_->OnRstStreamFrame(frame)) {
QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
case CONNECTION_CLOSE_FRAME: {
QuicConnectionCloseFrame frame;
if (!ProcessConnectionCloseFrame(reader, &frame)) {
return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA);
}
if (!visitor_->OnConnectionCloseFrame(frame)) {
QUIC_DVLOG(1) << ENDPOINT
<< "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
case GOAWAY_FRAME: {
QuicGoAwayFrame goaway_frame;
if (!ProcessGoAwayFrame(reader, &goaway_frame)) {
return RaiseError(QUIC_INVALID_GOAWAY_DATA);
}
if (!visitor_->OnGoAwayFrame(goaway_frame)) {
QUIC_DVLOG(1) << ENDPOINT
<< "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
case WINDOW_UPDATE_FRAME: {
QuicWindowUpdateFrame window_update_frame;
if (!ProcessWindowUpdateFrame(reader, &window_update_frame)) {
return RaiseError(QUIC_INVALID_WINDOW_UPDATE_DATA);
}
if (!visitor_->OnWindowUpdateFrame(window_update_frame)) {
QUIC_DVLOG(1) << ENDPOINT
<< "Visitor asked to stop further processing.";
// Returning true since there was no parsing error.
return true;
}
continue;
}
case BLOCKED_FRAME: {
QuicBlockedFrame blocked_frame;
if (!ProcessBlockedFrame(reader, &blocked_frame)) {
return RaiseError(QUIC_INVALID_BLOCKED_DATA);
}
if (!visitor_->OnBlockedFrame(blocked_frame)) {
QUIC_DVLOG(<