1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "quiche/quic/core/quic_dispatcher.h"
6
7 #include <memory>
8 #include <string>
9 #include <utility>
10
11 #include "absl/base/optimization.h"
12 #include "absl/container/flat_hash_set.h"
13 #include "absl/strings/string_view.h"
14 #include "quiche/quic/core/chlo_extractor.h"
15 #include "quiche/quic/core/crypto/crypto_protocol.h"
16 #include "quiche/quic/core/quic_connection_id.h"
17 #include "quiche/quic/core/quic_error_codes.h"
18 #include "quiche/quic/core/quic_session.h"
19 #include "quiche/quic/core/quic_time_wait_list_manager.h"
20 #include "quiche/quic/core/quic_types.h"
21 #include "quiche/quic/core/quic_utils.h"
22 #include "quiche/quic/core/quic_versions.h"
23 #include "quiche/quic/core/tls_chlo_extractor.h"
24 #include "quiche/quic/platform/api/quic_bug_tracker.h"
25 #include "quiche/quic/platform/api/quic_flag_utils.h"
26 #include "quiche/quic/platform/api/quic_flags.h"
27 #include "quiche/quic/platform/api/quic_logging.h"
28 #include "quiche/quic/platform/api/quic_socket_address.h"
29 #include "quiche/quic/platform/api/quic_stack_trace.h"
30 #include "quiche/common/quiche_text_utils.h"
31
32 namespace quic {
33
34 using BufferedPacket = QuicBufferedPacketStore::BufferedPacket;
35 using BufferedPacketList = QuicBufferedPacketStore::BufferedPacketList;
36 using EnqueuePacketResult = QuicBufferedPacketStore::EnqueuePacketResult;
37
38 namespace {
39
40 // Minimal INITIAL packet length sent by clients is 1200.
41 const QuicPacketLength kMinClientInitialPacketLength = 1200;
42
43 // An alarm that informs the QuicDispatcher to delete old sessions.
44 class DeleteSessionsAlarm : public QuicAlarm::DelegateWithoutContext {
45 public:
DeleteSessionsAlarm(QuicDispatcher * dispatcher)46 explicit DeleteSessionsAlarm(QuicDispatcher* dispatcher)
47 : dispatcher_(dispatcher) {}
48 DeleteSessionsAlarm(const DeleteSessionsAlarm&) = delete;
49 DeleteSessionsAlarm& operator=(const DeleteSessionsAlarm&) = delete;
50
OnAlarm()51 void OnAlarm() override { dispatcher_->DeleteSessions(); }
52
53 private:
54 // Not owned.
55 QuicDispatcher* dispatcher_;
56 };
57
58 // An alarm that informs the QuicDispatcher to clear
59 // recent_stateless_reset_addresses_.
60 class ClearStatelessResetAddressesAlarm
61 : public QuicAlarm::DelegateWithoutContext {
62 public:
ClearStatelessResetAddressesAlarm(QuicDispatcher * dispatcher)63 explicit ClearStatelessResetAddressesAlarm(QuicDispatcher* dispatcher)
64 : dispatcher_(dispatcher) {}
65 ClearStatelessResetAddressesAlarm(const DeleteSessionsAlarm&) = delete;
66 ClearStatelessResetAddressesAlarm& operator=(const DeleteSessionsAlarm&) =
67 delete;
68
OnAlarm()69 void OnAlarm() override { dispatcher_->ClearStatelessResetAddresses(); }
70
71 private:
72 // Not owned.
73 QuicDispatcher* dispatcher_;
74 };
75
76 // Collects packets serialized by a QuicPacketCreator in order
77 // to be handed off to the time wait list manager.
78 class PacketCollector : public QuicPacketCreator::DelegateInterface,
79 public QuicStreamFrameDataProducer {
80 public:
PacketCollector(quiche::QuicheBufferAllocator * allocator)81 explicit PacketCollector(quiche::QuicheBufferAllocator* allocator)
82 : send_buffer_(allocator) {}
83 ~PacketCollector() override = default;
84
85 // QuicPacketCreator::DelegateInterface methods:
OnSerializedPacket(SerializedPacket serialized_packet)86 void OnSerializedPacket(SerializedPacket serialized_packet) override {
87 // Make a copy of the serialized packet to send later.
88 packets_.emplace_back(
89 new QuicEncryptedPacket(CopyBuffer(serialized_packet),
90 serialized_packet.encrypted_length, true));
91 }
92
GetPacketBuffer()93 QuicPacketBuffer GetPacketBuffer() override {
94 // Let QuicPacketCreator to serialize packets on stack buffer.
95 return {nullptr, nullptr};
96 }
97
OnUnrecoverableError(QuicErrorCode,const std::string &)98 void OnUnrecoverableError(QuicErrorCode /*error*/,
99 const std::string& /*error_details*/) override {}
100
ShouldGeneratePacket(HasRetransmittableData,IsHandshake)101 bool ShouldGeneratePacket(HasRetransmittableData /*retransmittable*/,
102 IsHandshake /*handshake*/) override {
103 QUICHE_DCHECK(false);
104 return true;
105 }
106
MaybeBundleAckOpportunistically()107 const QuicFrames MaybeBundleAckOpportunistically() override {
108 QUICHE_DCHECK(false);
109 return {};
110 }
111
GetSerializedPacketFate(bool,EncryptionLevel)112 SerializedPacketFate GetSerializedPacketFate(
113 bool /*is_mtu_discovery*/,
114 EncryptionLevel /*encryption_level*/) override {
115 return SEND_TO_WRITER;
116 }
117
118 // QuicStreamFrameDataProducer
WriteStreamData(QuicStreamId,QuicStreamOffset offset,QuicByteCount data_length,QuicDataWriter * writer)119 WriteStreamDataResult WriteStreamData(QuicStreamId /*id*/,
120 QuicStreamOffset offset,
121 QuicByteCount data_length,
122 QuicDataWriter* writer) override {
123 if (send_buffer_.WriteStreamData(offset, data_length, writer)) {
124 return WRITE_SUCCESS;
125 }
126 return WRITE_FAILED;
127 }
WriteCryptoData(EncryptionLevel,QuicStreamOffset offset,QuicByteCount data_length,QuicDataWriter * writer)128 bool WriteCryptoData(EncryptionLevel /*level*/, QuicStreamOffset offset,
129 QuicByteCount data_length,
130 QuicDataWriter* writer) override {
131 return send_buffer_.WriteStreamData(offset, data_length, writer);
132 }
133
packets()134 std::vector<std::unique_ptr<QuicEncryptedPacket>>* packets() {
135 return &packets_;
136 }
137
138 private:
139 std::vector<std::unique_ptr<QuicEncryptedPacket>> packets_;
140 // This is only needed until the packets are encrypted. Once packets are
141 // encrypted, the stream data is no longer required.
142 QuicStreamSendBuffer send_buffer_;
143 };
144
145 // Helper for statelessly closing connections by generating the
146 // correct termination packets and adding the connection to the time wait
147 // list manager.
148 class StatelessConnectionTerminator {
149 public:
StatelessConnectionTerminator(QuicConnectionId server_connection_id,QuicConnectionId original_server_connection_id,const ParsedQuicVersion version,QuicConnectionHelperInterface * helper,QuicTimeWaitListManager * time_wait_list_manager)150 StatelessConnectionTerminator(QuicConnectionId server_connection_id,
151 QuicConnectionId original_server_connection_id,
152 const ParsedQuicVersion version,
153 QuicConnectionHelperInterface* helper,
154 QuicTimeWaitListManager* time_wait_list_manager)
155 : server_connection_id_(server_connection_id),
156 framer_(ParsedQuicVersionVector{version},
157 /*unused*/ QuicTime::Zero(), Perspective::IS_SERVER,
158 /*unused*/ kQuicDefaultConnectionIdLength),
159 collector_(helper->GetStreamSendBufferAllocator()),
160 creator_(server_connection_id, &framer_, &collector_),
161 time_wait_list_manager_(time_wait_list_manager) {
162 framer_.set_data_producer(&collector_);
163 // Always set encrypter with original_server_connection_id.
164 framer_.SetInitialObfuscators(original_server_connection_id);
165 }
166
~StatelessConnectionTerminator()167 ~StatelessConnectionTerminator() {
168 // Clear framer's producer.
169 framer_.set_data_producer(nullptr);
170 }
171
172 // Generates a packet containing a CONNECTION_CLOSE frame specifying
173 // |error_code| and |error_details| and add the connection to time wait.
CloseConnection(QuicErrorCode error_code,const std::string & error_details,bool ietf_quic,std::vector<QuicConnectionId> active_connection_ids)174 void CloseConnection(QuicErrorCode error_code,
175 const std::string& error_details, bool ietf_quic,
176 std::vector<QuicConnectionId> active_connection_ids) {
177 SerializeConnectionClosePacket(error_code, error_details);
178
179 time_wait_list_manager_->AddConnectionIdToTimeWait(
180 QuicTimeWaitListManager::SEND_TERMINATION_PACKETS,
181 TimeWaitConnectionInfo(ietf_quic, collector_.packets(),
182 std::move(active_connection_ids),
183 /*srtt=*/QuicTime::Delta::Zero()));
184 }
185
186 private:
SerializeConnectionClosePacket(QuicErrorCode error_code,const std::string & error_details)187 void SerializeConnectionClosePacket(QuicErrorCode error_code,
188 const std::string& error_details) {
189 QuicConnectionCloseFrame* frame =
190 new QuicConnectionCloseFrame(framer_.transport_version(), error_code,
191 NO_IETF_QUIC_ERROR, error_details,
192 /*transport_close_frame_type=*/0);
193
194 if (!creator_.AddFrame(QuicFrame(frame), NOT_RETRANSMISSION)) {
195 QUIC_BUG(quic_bug_10287_1) << "Unable to add frame to an empty packet";
196 delete frame;
197 return;
198 }
199 creator_.FlushCurrentPacket();
200 QUICHE_DCHECK_EQ(1u, collector_.packets()->size());
201 }
202
203 QuicConnectionId server_connection_id_;
204 QuicFramer framer_;
205 // Set as the visitor of |creator_| to collect any generated packets.
206 PacketCollector collector_;
207 QuicPacketCreator creator_;
208 QuicTimeWaitListManager* time_wait_list_manager_;
209 };
210
211 // Class which extracts the ALPN and SNI from a QUIC_CRYPTO CHLO packet.
212 class ChloAlpnSniExtractor : public ChloExtractor::Delegate {
213 public:
OnChlo(QuicTransportVersion,QuicConnectionId,const CryptoHandshakeMessage & chlo)214 void OnChlo(QuicTransportVersion /*version*/,
215 QuicConnectionId /*server_connection_id*/,
216 const CryptoHandshakeMessage& chlo) override {
217 absl::string_view alpn_value;
218 if (chlo.GetStringPiece(kALPN, &alpn_value)) {
219 alpn_ = std::string(alpn_value);
220 }
221 absl::string_view sni;
222 if (chlo.GetStringPiece(quic::kSNI, &sni)) {
223 sni_ = std::string(sni);
224 }
225 absl::string_view uaid_value;
226 if (chlo.GetStringPiece(quic::kUAID, &uaid_value)) {
227 uaid_ = std::string(uaid_value);
228 }
229 }
230
ConsumeAlpn()231 std::string&& ConsumeAlpn() { return std::move(alpn_); }
232
ConsumeSni()233 std::string&& ConsumeSni() { return std::move(sni_); }
234
ConsumeUaid()235 std::string&& ConsumeUaid() { return std::move(uaid_); }
236
237 private:
238 std::string alpn_;
239 std::string sni_;
240 std::string uaid_;
241 };
242
243 } // namespace
244
QuicDispatcher(const QuicConfig * config,const QuicCryptoServerConfig * crypto_config,QuicVersionManager * version_manager,std::unique_ptr<QuicConnectionHelperInterface> helper,std::unique_ptr<QuicCryptoServerStreamBase::Helper> session_helper,std::unique_ptr<QuicAlarmFactory> alarm_factory,uint8_t expected_server_connection_id_length,ConnectionIdGeneratorInterface & connection_id_generator)245 QuicDispatcher::QuicDispatcher(
246 const QuicConfig* config, const QuicCryptoServerConfig* crypto_config,
247 QuicVersionManager* version_manager,
248 std::unique_ptr<QuicConnectionHelperInterface> helper,
249 std::unique_ptr<QuicCryptoServerStreamBase::Helper> session_helper,
250 std::unique_ptr<QuicAlarmFactory> alarm_factory,
251 uint8_t expected_server_connection_id_length,
252 ConnectionIdGeneratorInterface& connection_id_generator)
253 : config_(config),
254 crypto_config_(crypto_config),
255 compressed_certs_cache_(
256 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
257 helper_(std::move(helper)),
258 session_helper_(std::move(session_helper)),
259 alarm_factory_(std::move(alarm_factory)),
260 delete_sessions_alarm_(
261 alarm_factory_->CreateAlarm(new DeleteSessionsAlarm(this))),
262 buffered_packets_(this, helper_->GetClock(), alarm_factory_.get()),
263 version_manager_(version_manager),
264 last_error_(QUIC_NO_ERROR),
265 new_sessions_allowed_per_event_loop_(0u),
266 accept_new_connections_(true),
267 allow_short_initial_server_connection_ids_(false),
268 expected_server_connection_id_length_(
269 expected_server_connection_id_length),
270 clear_stateless_reset_addresses_alarm_(alarm_factory_->CreateAlarm(
271 new ClearStatelessResetAddressesAlarm(this))),
272 should_update_expected_server_connection_id_length_(false),
273 connection_id_generator_(connection_id_generator) {
274 QUIC_BUG_IF(quic_bug_12724_1, GetSupportedVersions().empty())
275 << "Trying to create dispatcher without any supported versions";
276 QUIC_DLOG(INFO) << "Created QuicDispatcher with versions: "
277 << ParsedQuicVersionVectorToString(GetSupportedVersions());
278 }
279
~QuicDispatcher()280 QuicDispatcher::~QuicDispatcher() {
281 if (delete_sessions_alarm_ != nullptr) {
282 delete_sessions_alarm_->PermanentCancel();
283 }
284 if (clear_stateless_reset_addresses_alarm_ != nullptr) {
285 clear_stateless_reset_addresses_alarm_->PermanentCancel();
286 }
287 reference_counted_session_map_.clear();
288 closed_session_list_.clear();
289 num_sessions_in_session_map_ = 0;
290 }
291
InitializeWithWriter(QuicPacketWriter * writer)292 void QuicDispatcher::InitializeWithWriter(QuicPacketWriter* writer) {
293 QUICHE_DCHECK(writer_ == nullptr);
294 writer_.reset(writer);
295 time_wait_list_manager_.reset(CreateQuicTimeWaitListManager());
296 }
297
ProcessPacket(const QuicSocketAddress & self_address,const QuicSocketAddress & peer_address,const QuicReceivedPacket & packet)298 void QuicDispatcher::ProcessPacket(const QuicSocketAddress& self_address,
299 const QuicSocketAddress& peer_address,
300 const QuicReceivedPacket& packet) {
301 QUIC_DVLOG(2) << "Dispatcher received encrypted " << packet.length()
302 << " bytes:" << std::endl
303 << quiche::QuicheTextUtils::HexDump(
304 absl::string_view(packet.data(), packet.length()));
305 ReceivedPacketInfo packet_info(self_address, peer_address, packet);
306 std::string detailed_error;
307 QuicErrorCode error;
308 error = QuicFramer::ParsePublicHeaderDispatcherShortHeaderLengthUnknown(
309 packet, &packet_info.form, &packet_info.long_packet_type,
310 &packet_info.version_flag, &packet_info.use_length_prefix,
311 &packet_info.version_label, &packet_info.version,
312 &packet_info.destination_connection_id, &packet_info.source_connection_id,
313 &packet_info.retry_token, &detailed_error, connection_id_generator_);
314
315 if (error != QUIC_NO_ERROR) {
316 // Packet has framing error.
317 SetLastError(error);
318 QUIC_DLOG(ERROR) << detailed_error;
319 return;
320 }
321 if (packet_info.destination_connection_id.length() !=
322 expected_server_connection_id_length_ &&
323 !should_update_expected_server_connection_id_length_ &&
324 packet_info.version.IsKnown() &&
325 !packet_info.version.AllowsVariableLengthConnectionIds()) {
326 SetLastError(QUIC_INVALID_PACKET_HEADER);
327 QUIC_DLOG(ERROR) << "Invalid Connection Id Length";
328 return;
329 }
330
331 if (packet_info.version_flag && IsSupportedVersion(packet_info.version)) {
332 if (!QuicUtils::IsConnectionIdValidForVersion(
333 packet_info.destination_connection_id,
334 packet_info.version.transport_version)) {
335 SetLastError(QUIC_INVALID_PACKET_HEADER);
336 QUIC_DLOG(ERROR)
337 << "Invalid destination connection ID length for version";
338 return;
339 }
340 if (packet_info.version.SupportsClientConnectionIds() &&
341 !QuicUtils::IsConnectionIdValidForVersion(
342 packet_info.source_connection_id,
343 packet_info.version.transport_version)) {
344 SetLastError(QUIC_INVALID_PACKET_HEADER);
345 QUIC_DLOG(ERROR) << "Invalid source connection ID length for version";
346 return;
347 }
348 }
349
350 // Before introducing the flag, it was impossible for a short header to
351 // update |expected_server_connection_id_length_|.
352 if (should_update_expected_server_connection_id_length_ &&
353 packet_info.version_flag) {
354 expected_server_connection_id_length_ =
355 packet_info.destination_connection_id.length();
356 }
357
358 if (MaybeDispatchPacket(packet_info)) {
359 // Packet has been dropped or successfully dispatched, stop processing.
360 return;
361 }
362 // The framer might have extracted the incorrect Connection ID length from a
363 // short header. |packet| could be gQUIC; if Q043, the connection ID has been
364 // parsed correctly thanks to the fixed bit. If a Q046 or Q050 short header,
365 // the dispatcher might have assumed it was a long connection ID when (because
366 // it was gQUIC) it actually issued or kept an 8-byte ID. The other case is
367 // where NEW_CONNECTION_IDs are not using the generator, and the dispatcher
368 // is, due to flag misconfiguration.
369 if (!packet_info.version_flag &&
370 (IsSupportedVersion(ParsedQuicVersion::Q046()) ||
371 IsSupportedVersion(ParsedQuicVersion::Q050()))) {
372 ReceivedPacketInfo gquic_packet_info(self_address, peer_address, packet);
373 // Try again without asking |connection_id_generator_| for the length.
374 const QuicErrorCode gquic_error = QuicFramer::ParsePublicHeaderDispatcher(
375 packet, expected_server_connection_id_length_, &gquic_packet_info.form,
376 &gquic_packet_info.long_packet_type, &gquic_packet_info.version_flag,
377 &gquic_packet_info.use_length_prefix, &gquic_packet_info.version_label,
378 &gquic_packet_info.version,
379 &gquic_packet_info.destination_connection_id,
380 &gquic_packet_info.source_connection_id, &gquic_packet_info.retry_token,
381 &detailed_error);
382 if (gquic_error == QUIC_NO_ERROR) {
383 if (MaybeDispatchPacket(gquic_packet_info)) {
384 return;
385 }
386 } else {
387 QUICHE_VLOG(1) << "Tried to parse short header as gQUIC packet: "
388 << detailed_error;
389 }
390 }
391 ProcessHeader(&packet_info);
392 }
393
394 namespace {
IsSourceUdpPortBlocked(uint16_t port)395 constexpr bool IsSourceUdpPortBlocked(uint16_t port) {
396 // These UDP source ports have been observed in large scale denial of service
397 // attacks and are not expected to ever carry user traffic, they are therefore
398 // blocked as a safety measure. See draft-ietf-quic-applicability for details.
399 constexpr uint16_t blocked_ports[] = {
400 0, // We cannot send to port 0 so drop that source port.
401 17, // Quote of the Day, can loop with QUIC.
402 19, // Chargen, can loop with QUIC.
403 53, // DNS, vulnerable to reflection attacks.
404 111, // Portmap.
405 123, // NTP, vulnerable to reflection attacks.
406 137, // NETBIOS Name Service,
407 138, // NETBIOS Datagram Service
408 161, // SNMP.
409 389, // CLDAP.
410 500, // IKE, can loop with QUIC.
411 1900, // SSDP, vulnerable to reflection attacks.
412 3702, // WS-Discovery, vulnerable to reflection attacks.
413 5353, // mDNS, vulnerable to reflection attacks.
414 5355, // LLMNR, vulnerable to reflection attacks.
415 11211, // memcache, vulnerable to reflection attacks.
416 // This list MUST be sorted in increasing order.
417 };
418 constexpr size_t num_blocked_ports = ABSL_ARRAYSIZE(blocked_ports);
419 constexpr uint16_t highest_blocked_port =
420 blocked_ports[num_blocked_ports - 1];
421 if (ABSL_PREDICT_TRUE(port > highest_blocked_port)) {
422 // Early-return to skip comparisons for the majority of traffic.
423 return false;
424 }
425 for (size_t i = 0; i < num_blocked_ports; i++) {
426 if (port == blocked_ports[i]) {
427 return true;
428 }
429 }
430 return false;
431 }
432 } // namespace
433
MaybeDispatchPacket(const ReceivedPacketInfo & packet_info)434 bool QuicDispatcher::MaybeDispatchPacket(
435 const ReceivedPacketInfo& packet_info) {
436 if (IsSourceUdpPortBlocked(packet_info.peer_address.port())) {
437 // Silently drop the received packet.
438 QUIC_CODE_COUNT(quic_dropped_blocked_port);
439 return true;
440 }
441
442 const QuicConnectionId server_connection_id =
443 packet_info.destination_connection_id;
444
445 // The IETF spec requires the client to generate an initial server
446 // connection ID that is at least 64 bits long. After that initial
447 // connection ID, the dispatcher picks a new one of its expected length.
448 // Therefore we should never receive a connection ID that is smaller
449 // than 64 bits and smaller than what we expect. Unless the version is
450 // unknown, in which case we allow short connection IDs for version
451 // negotiation because that version could allow those.
452 if (packet_info.version_flag && packet_info.version.IsKnown() &&
453 IsServerConnectionIdTooShort(server_connection_id)) {
454 QUICHE_DCHECK(packet_info.version_flag);
455 QUICHE_DCHECK(packet_info.version.AllowsVariableLengthConnectionIds());
456 QUIC_DLOG(INFO) << "Packet with short destination connection ID "
457 << server_connection_id << " expected "
458 << static_cast<int>(expected_server_connection_id_length_);
459 // Drop the packet silently.
460 QUIC_CODE_COUNT(quic_dropped_invalid_small_initial_connection_id);
461 return true;
462 }
463
464 if (packet_info.version_flag && packet_info.version.IsKnown() &&
465 !QuicUtils::IsConnectionIdLengthValidForVersion(
466 server_connection_id.length(),
467 packet_info.version.transport_version)) {
468 QUIC_DLOG(INFO) << "Packet with destination connection ID "
469 << server_connection_id << " is invalid with version "
470 << packet_info.version;
471 // Drop the packet silently.
472 QUIC_CODE_COUNT(quic_dropped_invalid_initial_connection_id);
473 return true;
474 }
475
476 // Packets with connection IDs for active connections are processed
477 // immediately.
478 auto it = reference_counted_session_map_.find(server_connection_id);
479 if (it != reference_counted_session_map_.end()) {
480 QUICHE_DCHECK(!buffered_packets_.HasBufferedPackets(server_connection_id));
481 it->second->ProcessUdpPacket(packet_info.self_address,
482 packet_info.peer_address, packet_info.packet);
483 return true;
484 }
485
486 if (buffered_packets_.HasChloForConnection(server_connection_id)) {
487 BufferEarlyPacket(packet_info);
488 return true;
489 }
490
491 if (OnFailedToDispatchPacket(packet_info)) {
492 return true;
493 }
494
495 if (time_wait_list_manager_->IsConnectionIdInTimeWait(server_connection_id)) {
496 // This connection ID is already in time-wait state.
497 time_wait_list_manager_->ProcessPacket(
498 packet_info.self_address, packet_info.peer_address,
499 packet_info.destination_connection_id, packet_info.form,
500 packet_info.packet.length(), GetPerPacketContext());
501 return true;
502 }
503
504 // The packet has an unknown connection ID.
505 if (!accept_new_connections_ && packet_info.version_flag) {
506 // If not accepting new connections, reject packets with version which can
507 // potentially result in new connection creation. But if the packet doesn't
508 // have version flag, leave it to ValidityChecks() to reset it.
509 // By adding the connection to time wait list, following packets on this
510 // connection will not reach ShouldAcceptNewConnections().
511 StatelesslyTerminateConnection(
512 packet_info.destination_connection_id, packet_info.form,
513 packet_info.version_flag, packet_info.use_length_prefix,
514 packet_info.version, QUIC_HANDSHAKE_FAILED,
515 "Stop accepting new connections",
516 quic::QuicTimeWaitListManager::SEND_STATELESS_RESET);
517 // Time wait list will reject the packet correspondingly..
518 time_wait_list_manager()->ProcessPacket(
519 packet_info.self_address, packet_info.peer_address,
520 packet_info.destination_connection_id, packet_info.form,
521 packet_info.packet.length(), GetPerPacketContext());
522 OnNewConnectionRejected();
523 return true;
524 }
525
526 // Unless the packet provides a version, assume that we can continue
527 // processing using our preferred version.
528 if (packet_info.version_flag) {
529 if (!IsSupportedVersion(packet_info.version)) {
530 if (ShouldCreateSessionForUnknownVersion(packet_info.version_label)) {
531 return false;
532 }
533 // Since the version is not supported, send a version negotiation
534 // packet and stop processing the current packet.
535 MaybeSendVersionNegotiationPacket(packet_info);
536 return true;
537 }
538
539 if (crypto_config()->validate_chlo_size() &&
540 packet_info.form == IETF_QUIC_LONG_HEADER_PACKET &&
541 packet_info.long_packet_type == INITIAL &&
542 packet_info.packet.length() < kMinClientInitialPacketLength) {
543 QUIC_DVLOG(1) << "Dropping initial packet which is too short, length: "
544 << packet_info.packet.length();
545 QUIC_CODE_COUNT(quic_drop_small_initial_packets);
546 return true;
547 }
548 }
549
550 return false;
551 }
552
ProcessHeader(ReceivedPacketInfo * packet_info)553 void QuicDispatcher::ProcessHeader(ReceivedPacketInfo* packet_info) {
554 QuicConnectionId server_connection_id =
555 packet_info->destination_connection_id;
556 // Packet's connection ID is unknown. Apply the validity checks.
557 QuicPacketFate fate = ValidityChecks(*packet_info);
558
559 // |connection_close_error_code| is used if the final packet fate is
560 // kFateTimeWait.
561 QuicErrorCode connection_close_error_code = QUIC_HANDSHAKE_FAILED;
562
563 // If a fatal TLS alert was received when extracting Client Hello,
564 // |tls_alert_error_detail| will be set and will be used as the error_details
565 // of the connection close.
566 std::string tls_alert_error_detail;
567
568 if (fate == kFateProcess) {
569 ExtractChloResult extract_chlo_result =
570 TryExtractChloOrBufferEarlyPacket(*packet_info);
571 auto& parsed_chlo = extract_chlo_result.parsed_chlo;
572
573 if (extract_chlo_result.tls_alert.has_value()) {
574 QUIC_BUG_IF(quic_dispatcher_parsed_chlo_and_tls_alert_coexist_1,
575 parsed_chlo.has_value())
576 << "parsed_chlo and tls_alert should not be set at the same time.";
577 // Fatal TLS alert when parsing Client Hello.
578 fate = kFateTimeWait;
579 uint8_t tls_alert = *extract_chlo_result.tls_alert;
580 connection_close_error_code = TlsAlertToQuicErrorCode(tls_alert);
581 tls_alert_error_detail =
582 absl::StrCat("TLS handshake failure (",
583 EncryptionLevelToString(ENCRYPTION_INITIAL), ") ",
584 static_cast<int>(tls_alert), ": ",
585 SSL_alert_desc_string_long(tls_alert));
586 } else if (!parsed_chlo.has_value()) {
587 // Client Hello incomplete. Packet has been buffered or (rarely) dropped.
588 return;
589 } else {
590 // Client Hello fully received.
591 fate = ValidityChecksOnFullChlo(*packet_info, *parsed_chlo);
592
593 if (fate == kFateProcess) {
594 ProcessChlo(*std::move(parsed_chlo), packet_info);
595 return;
596 }
597 }
598 }
599
600 switch (fate) {
601 case kFateProcess:
602 // kFateProcess have been processed above.
603 QUIC_BUG(quic_dispatcher_bad_packet_fate) << fate;
604 break;
605 case kFateTimeWait: {
606 // Add this connection_id to the time-wait state, to safely reject
607 // future packets.
608 QUIC_DLOG(INFO) << "Adding connection ID " << server_connection_id
609 << " to time-wait list.";
610 QUIC_CODE_COUNT(quic_reject_fate_time_wait);
611 const std::string& connection_close_error_detail =
612 tls_alert_error_detail.empty() ? "Reject connection"
613 : tls_alert_error_detail;
614 StatelesslyTerminateConnection(
615 server_connection_id, packet_info->form, packet_info->version_flag,
616 packet_info->use_length_prefix, packet_info->version,
617 connection_close_error_code, connection_close_error_detail,
618 quic::QuicTimeWaitListManager::SEND_STATELESS_RESET);
619
620 QUICHE_DCHECK(time_wait_list_manager_->IsConnectionIdInTimeWait(
621 server_connection_id));
622 time_wait_list_manager_->ProcessPacket(
623 packet_info->self_address, packet_info->peer_address,
624 server_connection_id, packet_info->form, packet_info->packet.length(),
625 GetPerPacketContext());
626
627 buffered_packets_.DiscardPackets(server_connection_id);
628 } break;
629 case kFateDrop:
630 break;
631 }
632 }
633
634 QuicDispatcher::ExtractChloResult
TryExtractChloOrBufferEarlyPacket(const ReceivedPacketInfo & packet_info)635 QuicDispatcher::TryExtractChloOrBufferEarlyPacket(
636 const ReceivedPacketInfo& packet_info) {
637 ExtractChloResult result;
638 if (packet_info.version.UsesTls()) {
639 bool has_full_tls_chlo = false;
640 std::string sni;
641 std::vector<std::string> alpns;
642 bool resumption_attempted = false, early_data_attempted = false;
643 if (buffered_packets_.HasBufferedPackets(
644 packet_info.destination_connection_id)) {
645 // If we already have buffered packets for this connection ID,
646 // use the associated TlsChloExtractor to parse this packet.
647 has_full_tls_chlo = buffered_packets_.IngestPacketForTlsChloExtraction(
648 packet_info.destination_connection_id, packet_info.version,
649 packet_info.packet, &alpns, &sni, &resumption_attempted,
650 &early_data_attempted, &result.tls_alert);
651 } else {
652 // If we do not have a BufferedPacketList for this connection ID,
653 // create a single-use one to check whether this packet contains a
654 // full single-packet CHLO.
655 TlsChloExtractor tls_chlo_extractor;
656 tls_chlo_extractor.IngestPacket(packet_info.version, packet_info.packet);
657 if (tls_chlo_extractor.HasParsedFullChlo()) {
658 // This packet contains a full single-packet CHLO.
659 has_full_tls_chlo = true;
660 alpns = tls_chlo_extractor.alpns();
661 sni = tls_chlo_extractor.server_name();
662 resumption_attempted = tls_chlo_extractor.resumption_attempted();
663 early_data_attempted = tls_chlo_extractor.early_data_attempted();
664 } else {
665 result.tls_alert = tls_chlo_extractor.tls_alert();
666 }
667 }
668
669 if (result.tls_alert.has_value()) {
670 QUIC_BUG_IF(quic_dispatcher_parsed_chlo_and_tls_alert_coexist_2,
671 has_full_tls_chlo)
672 << "parsed_chlo and tls_alert should not be set at the same time.";
673 return result;
674 }
675
676 if (GetQuicFlag(quic_allow_chlo_buffering) && !has_full_tls_chlo) {
677 // This packet does not contain a full CHLO. It could be a 0-RTT
678 // packet that arrived before the CHLO (due to loss or reordering),
679 // or it could be a fragment of a multi-packet CHLO.
680 BufferEarlyPacket(packet_info);
681 return result;
682 }
683
684 ParsedClientHello& parsed_chlo = result.parsed_chlo.emplace();
685 parsed_chlo.sni = std::move(sni);
686 parsed_chlo.alpns = std::move(alpns);
687 if (packet_info.retry_token.has_value()) {
688 parsed_chlo.retry_token = std::string(*packet_info.retry_token);
689 }
690 parsed_chlo.resumption_attempted = resumption_attempted;
691 parsed_chlo.early_data_attempted = early_data_attempted;
692 return result;
693 }
694
695 ChloAlpnSniExtractor alpn_extractor;
696 if (GetQuicFlag(quic_allow_chlo_buffering) &&
697 !ChloExtractor::Extract(packet_info.packet, packet_info.version,
698 config_->create_session_tag_indicators(),
699 &alpn_extractor,
700 packet_info.destination_connection_id.length())) {
701 // Buffer non-CHLO packets.
702 BufferEarlyPacket(packet_info);
703 return result;
704 }
705
706 // We only apply this check for versions that do not use the IETF
707 // invariant header because those versions are already checked in
708 // QuicDispatcher::MaybeDispatchPacket.
709 if (packet_info.version_flag &&
710 !packet_info.version.HasIetfInvariantHeader() &&
711 crypto_config()->validate_chlo_size() &&
712 packet_info.packet.length() < kMinClientInitialPacketLength) {
713 QUIC_DVLOG(1) << "Dropping CHLO packet which is too short, length: "
714 << packet_info.packet.length();
715 QUIC_CODE_COUNT(quic_drop_small_chlo_packets);
716 return result;
717 }
718
719 ParsedClientHello& parsed_chlo = result.parsed_chlo.emplace();
720 parsed_chlo.sni = alpn_extractor.ConsumeSni();
721 parsed_chlo.uaid = alpn_extractor.ConsumeUaid();
722 parsed_chlo.alpns = {alpn_extractor.ConsumeAlpn()};
723 return result;
724 }
725
SelectAlpn(const std::vector<std::string> & alpns)726 std::string QuicDispatcher::SelectAlpn(const std::vector<std::string>& alpns) {
727 if (alpns.empty()) {
728 return "";
729 }
730 if (alpns.size() > 1u) {
731 const std::vector<std::string>& supported_alpns =
732 version_manager_->GetSupportedAlpns();
733 for (const std::string& alpn : alpns) {
734 if (std::find(supported_alpns.begin(), supported_alpns.end(), alpn) !=
735 supported_alpns.end()) {
736 return alpn;
737 }
738 }
739 }
740 return alpns[0];
741 }
742
ValidityChecks(const ReceivedPacketInfo & packet_info)743 QuicDispatcher::QuicPacketFate QuicDispatcher::ValidityChecks(
744 const ReceivedPacketInfo& packet_info) {
745 if (!packet_info.version_flag) {
746 QUIC_DLOG(INFO)
747 << "Packet without version arrived for unknown connection ID "
748 << packet_info.destination_connection_id;
749 MaybeResetPacketsWithNoVersion(packet_info);
750 return kFateDrop;
751 }
752
753 // Let the connection parse and validate packet number.
754 return kFateProcess;
755 }
756
CleanUpSession(QuicConnectionId server_connection_id,QuicConnection * connection,QuicErrorCode,const std::string &,ConnectionCloseSource)757 void QuicDispatcher::CleanUpSession(QuicConnectionId server_connection_id,
758 QuicConnection* connection,
759 QuicErrorCode /*error*/,
760 const std::string& /*error_details*/,
761 ConnectionCloseSource /*source*/) {
762 write_blocked_list_.erase(connection);
763 QuicTimeWaitListManager::TimeWaitAction action =
764 QuicTimeWaitListManager::SEND_STATELESS_RESET;
765 if (connection->termination_packets() != nullptr &&
766 !connection->termination_packets()->empty()) {
767 action = QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS;
768 } else {
769 if (!connection->IsHandshakeComplete()) {
770 // TODO(fayang): Do not serialize connection close packet if the
771 // connection is closed by the client.
772 if (!connection->version().HasIetfInvariantHeader()) {
773 QUIC_CODE_COUNT(gquic_add_to_time_wait_list_with_handshake_failed);
774 } else {
775 QUIC_CODE_COUNT(quic_v44_add_to_time_wait_list_with_handshake_failed);
776 }
777 // This serializes a connection close termination packet and adds the
778 // connection to the time wait list.
779 StatelessConnectionTerminator terminator(
780 server_connection_id,
781 connection->GetOriginalDestinationConnectionId(),
782 connection->version(), helper_.get(), time_wait_list_manager_.get());
783 terminator.CloseConnection(
784 QUIC_HANDSHAKE_FAILED,
785 "Connection is closed by server before handshake confirmed",
786 connection->version().HasIetfInvariantHeader(),
787 connection->GetActiveServerConnectionIds());
788 return;
789 }
790 QUIC_CODE_COUNT(quic_v44_add_to_time_wait_list_with_stateless_reset);
791 }
792 time_wait_list_manager_->AddConnectionIdToTimeWait(
793 action,
794 TimeWaitConnectionInfo(
795 connection->version().HasIetfInvariantHeader(),
796 connection->termination_packets(),
797 connection->GetActiveServerConnectionIds(),
798 connection->sent_packet_manager().GetRttStats()->smoothed_rtt()));
799 }
800
StartAcceptingNewConnections()801 void QuicDispatcher::StartAcceptingNewConnections() {
802 accept_new_connections_ = true;
803 }
804
StopAcceptingNewConnections()805 void QuicDispatcher::StopAcceptingNewConnections() {
806 accept_new_connections_ = false;
807 // No more CHLO will arrive and buffered CHLOs shouldn't be able to create
808 // connections.
809 buffered_packets_.DiscardAllPackets();
810 }
811
PerformActionOnActiveSessions(std::function<void (QuicSession *)> operation) const812 void QuicDispatcher::PerformActionOnActiveSessions(
813 std::function<void(QuicSession*)> operation) const {
814 absl::flat_hash_set<QuicSession*> visited_session;
815 visited_session.reserve(reference_counted_session_map_.size());
816 for (auto const& kv : reference_counted_session_map_) {
817 QuicSession* session = kv.second.get();
818 if (visited_session.insert(session).second) {
819 operation(session);
820 }
821 }
822 }
823
824 // Get a snapshot of all sessions.
GetSessionsSnapshot() const825 std::vector<std::shared_ptr<QuicSession>> QuicDispatcher::GetSessionsSnapshot()
826 const {
827 std::vector<std::shared_ptr<QuicSession>> snapshot;
828 snapshot.reserve(reference_counted_session_map_.size());
829 absl::flat_hash_set<QuicSession*> visited_session;
830 visited_session.reserve(reference_counted_session_map_.size());
831 for (auto const& kv : reference_counted_session_map_) {
832 QuicSession* session = kv.second.get();
833 if (visited_session.insert(session).second) {
834 snapshot.push_back(kv.second);
835 }
836 }
837 return snapshot;
838 }
839
GetPerPacketContext() const840 std::unique_ptr<QuicPerPacketContext> QuicDispatcher::GetPerPacketContext()
841 const {
842 return nullptr;
843 }
844
DeleteSessions()845 void QuicDispatcher::DeleteSessions() {
846 if (!write_blocked_list_.empty()) {
847 for (const auto& session : closed_session_list_) {
848 if (write_blocked_list_.erase(session->connection()) != 0) {
849 QUIC_BUG(quic_bug_12724_2)
850 << "QuicConnection was in WriteBlockedList before destruction "
851 << session->connection()->connection_id();
852 }
853 }
854 }
855 closed_session_list_.clear();
856 }
857
ClearStatelessResetAddresses()858 void QuicDispatcher::ClearStatelessResetAddresses() {
859 recent_stateless_reset_addresses_.clear();
860 }
861
OnCanWrite()862 void QuicDispatcher::OnCanWrite() {
863 // The socket is now writable.
864 writer_->SetWritable();
865
866 // Move every blocked writer in |write_blocked_list_| to a temporary list.
867 const size_t num_blocked_writers_before = write_blocked_list_.size();
868 WriteBlockedList temp_list;
869 temp_list.swap(write_blocked_list_);
870 QUICHE_DCHECK(write_blocked_list_.empty());
871
872 // Give each blocked writer a chance to write what they indended to write.
873 // If they are blocked again, they will call |OnWriteBlocked| to add
874 // themselves back into |write_blocked_list_|.
875 while (!temp_list.empty()) {
876 QuicBlockedWriterInterface* blocked_writer = temp_list.begin()->first;
877 temp_list.erase(temp_list.begin());
878 blocked_writer->OnBlockedWriterCanWrite();
879 }
880 const size_t num_blocked_writers_after = write_blocked_list_.size();
881 if (num_blocked_writers_after != 0) {
882 if (num_blocked_writers_before == num_blocked_writers_after) {
883 QUIC_CODE_COUNT(quic_zero_progress_on_can_write);
884 } else {
885 QUIC_CODE_COUNT(quic_blocked_again_on_can_write);
886 }
887 }
888 }
889
HasPendingWrites() const890 bool QuicDispatcher::HasPendingWrites() const {
891 return !write_blocked_list_.empty();
892 }
893
Shutdown()894 void QuicDispatcher::Shutdown() {
895 while (!reference_counted_session_map_.empty()) {
896 QuicSession* session = reference_counted_session_map_.begin()->second.get();
897 session->connection()->CloseConnection(
898 QUIC_PEER_GOING_AWAY, "Server shutdown imminent",
899 ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
900 // Validate that the session removes itself from the session map on close.
901 QUICHE_DCHECK(reference_counted_session_map_.empty() ||
902 reference_counted_session_map_.begin()->second.get() !=
903 session);
904 }
905 DeleteSessions();
906 }
907
OnConnectionClosed(QuicConnectionId server_connection_id,QuicErrorCode error,const std::string & error_details,ConnectionCloseSource source)908 void QuicDispatcher::OnConnectionClosed(QuicConnectionId server_connection_id,
909 QuicErrorCode error,
910 const std::string& error_details,
911 ConnectionCloseSource source) {
912 auto it = reference_counted_session_map_.find(server_connection_id);
913 if (it == reference_counted_session_map_.end()) {
914 QUIC_BUG(quic_bug_10287_3) << "ConnectionId " << server_connection_id
915 << " does not exist in the session map. Error: "
916 << QuicErrorCodeToString(error);
917 QUIC_BUG(quic_bug_10287_4) << QuicStackTrace();
918 return;
919 }
920
921 QUIC_DLOG_IF(INFO, error != QUIC_NO_ERROR)
922 << "Closing connection (" << server_connection_id
923 << ") due to error: " << QuicErrorCodeToString(error)
924 << ", with details: " << error_details;
925
926 const QuicSession* session = it->second.get();
927 QuicConnection* connection = it->second->connection();
928 // Set up alarm to fire immediately to bring destruction of this session
929 // out of current call stack.
930 if (closed_session_list_.empty()) {
931 delete_sessions_alarm_->Update(helper()->GetClock()->ApproximateNow(),
932 QuicTime::Delta::Zero());
933 }
934 closed_session_list_.push_back(std::move(it->second));
935 CleanUpSession(it->first, connection, error, error_details, source);
936 bool session_removed = false;
937 for (const QuicConnectionId& cid :
938 connection->GetActiveServerConnectionIds()) {
939 auto it1 = reference_counted_session_map_.find(cid);
940 if (it1 != reference_counted_session_map_.end()) {
941 const QuicSession* session2 = it1->second.get();
942 // For cid == server_connection_id, session2 is a nullptr (and hence
943 // session2 != session) now since we have std::move the session into
944 // closed_session_list_ above.
945 if (session2 == session || cid == server_connection_id) {
946 reference_counted_session_map_.erase(it1);
947 session_removed = true;
948 } else {
949 // Leave this session in the map.
950 QUIC_BUG(quic_dispatcher_session_mismatch)
951 << "Session is mismatched in the map. server_connection_id: "
952 << server_connection_id << ". Current cid: " << cid
953 << ". Cid of the other session "
954 << (session2 == nullptr
955 ? "null"
956 : session2->connection()->connection_id().ToString());
957 }
958 } else {
959 // GetActiveServerConnectionIds might return the original destination
960 // ID, which is not contained in the session map.
961 QUIC_BUG_IF(quic_dispatcher_session_not_found,
962 cid != connection->GetOriginalDestinationConnectionId())
963 << "Missing session for cid " << cid
964 << ". server_connection_id: " << server_connection_id;
965 }
966 }
967 QUIC_BUG_IF(quic_session_is_not_removed, !session_removed);
968 --num_sessions_in_session_map_;
969 }
970
OnWriteBlocked(QuicBlockedWriterInterface * blocked_writer)971 void QuicDispatcher::OnWriteBlocked(
972 QuicBlockedWriterInterface* blocked_writer) {
973 if (!blocked_writer->IsWriterBlocked()) {
974 // It is a programming error if this ever happens. When we are sure it is
975 // not happening, replace it with a QUICHE_DCHECK.
976 QUIC_BUG(quic_bug_12724_4)
977 << "Tried to add writer into blocked list when it shouldn't be added";
978 // Return without adding the connection to the blocked list, to avoid
979 // infinite loops in OnCanWrite.
980 return;
981 }
982
983 write_blocked_list_.insert(std::make_pair(blocked_writer, true));
984 }
985
OnRstStreamReceived(const QuicRstStreamFrame &)986 void QuicDispatcher::OnRstStreamReceived(const QuicRstStreamFrame& /*frame*/) {}
987
OnStopSendingReceived(const QuicStopSendingFrame &)988 void QuicDispatcher::OnStopSendingReceived(
989 const QuicStopSendingFrame& /*frame*/) {}
990
TryAddNewConnectionId(const QuicConnectionId & server_connection_id,const QuicConnectionId & new_connection_id)991 bool QuicDispatcher::TryAddNewConnectionId(
992 const QuicConnectionId& server_connection_id,
993 const QuicConnectionId& new_connection_id) {
994 auto it = reference_counted_session_map_.find(server_connection_id);
995 if (it == reference_counted_session_map_.end()) {
996 QUIC_BUG(quic_bug_10287_7)
997 << "Couldn't locate the session that issues the connection ID in "
998 "reference_counted_session_map_. server_connection_id:"
999 << server_connection_id << " new_connection_id: " << new_connection_id;
1000 return false;
1001 }
1002 // Count new connection ID added to the dispatcher map.
1003 QUIC_RELOADABLE_FLAG_COUNT_N(quic_connection_migration_use_new_cid_v2, 6, 6);
1004 auto insertion_result = reference_counted_session_map_.insert(
1005 std::make_pair(new_connection_id, it->second));
1006 if (!insertion_result.second) {
1007 QUIC_CODE_COUNT(quic_cid_already_in_session_map);
1008 }
1009 return insertion_result.second;
1010 }
1011
OnConnectionIdRetired(const QuicConnectionId & server_connection_id)1012 void QuicDispatcher::OnConnectionIdRetired(
1013 const QuicConnectionId& server_connection_id) {
1014 reference_counted_session_map_.erase(server_connection_id);
1015 }
1016
OnConnectionAddedToTimeWaitList(QuicConnectionId server_connection_id)1017 void QuicDispatcher::OnConnectionAddedToTimeWaitList(
1018 QuicConnectionId server_connection_id) {
1019 QUIC_DLOG(INFO) << "Connection " << server_connection_id
1020 << " added to time wait list.";
1021 }
1022
StatelesslyTerminateConnection(QuicConnectionId server_connection_id,PacketHeaderFormat format,bool version_flag,bool use_length_prefix,ParsedQuicVersion version,QuicErrorCode error_code,const std::string & error_details,QuicTimeWaitListManager::TimeWaitAction action)1023 void QuicDispatcher::StatelesslyTerminateConnection(
1024 QuicConnectionId server_connection_id, PacketHeaderFormat format,
1025 bool version_flag, bool use_length_prefix, ParsedQuicVersion version,
1026 QuicErrorCode error_code, const std::string& error_details,
1027 QuicTimeWaitListManager::TimeWaitAction action) {
1028 if (format != IETF_QUIC_LONG_HEADER_PACKET && !version_flag) {
1029 QUIC_DVLOG(1) << "Statelessly terminating " << server_connection_id
1030 << " based on a non-ietf-long packet, action:" << action
1031 << ", error_code:" << error_code
1032 << ", error_details:" << error_details;
1033 time_wait_list_manager_->AddConnectionIdToTimeWait(
1034 action, TimeWaitConnectionInfo(format != GOOGLE_QUIC_PACKET, nullptr,
1035 {server_connection_id}));
1036 return;
1037 }
1038
1039 // If the version is known and supported by framer, send a connection close.
1040 if (IsSupportedVersion(version)) {
1041 QUIC_DVLOG(1)
1042 << "Statelessly terminating " << server_connection_id
1043 << " based on an ietf-long packet, which has a supported version:"
1044 << version << ", error_code:" << error_code
1045 << ", error_details:" << error_details;
1046
1047 StatelessConnectionTerminator terminator(
1048 server_connection_id, server_connection_id, version, helper_.get(),
1049 time_wait_list_manager_.get());
1050 // This also adds the connection to time wait list.
1051 terminator.CloseConnection(
1052 error_code, error_details, format != GOOGLE_QUIC_PACKET,
1053 /*active_connection_ids=*/{server_connection_id});
1054 QUIC_CODE_COUNT(quic_dispatcher_generated_connection_close);
1055 QuicSession::RecordConnectionCloseAtServer(
1056 error_code, ConnectionCloseSource::FROM_SELF);
1057 return;
1058 }
1059
1060 QUIC_DVLOG(1)
1061 << "Statelessly terminating " << server_connection_id
1062 << " based on an ietf-long packet, which has an unsupported version:"
1063 << version << ", error_code:" << error_code
1064 << ", error_details:" << error_details;
1065 // Version is unknown or unsupported by framer, send a version negotiation
1066 // with an empty version list, which can be understood by the client.
1067 std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
1068 termination_packets.push_back(QuicFramer::BuildVersionNegotiationPacket(
1069 server_connection_id, EmptyQuicConnectionId(),
1070 /*ietf_quic=*/format != GOOGLE_QUIC_PACKET, use_length_prefix,
1071 /*versions=*/{}));
1072 time_wait_list_manager()->AddConnectionIdToTimeWait(
1073 QuicTimeWaitListManager::SEND_TERMINATION_PACKETS,
1074 TimeWaitConnectionInfo(/*ietf_quic=*/format != GOOGLE_QUIC_PACKET,
1075 &termination_packets, {server_connection_id}));
1076 }
1077
ShouldCreateSessionForUnknownVersion(QuicVersionLabel)1078 bool QuicDispatcher::ShouldCreateSessionForUnknownVersion(
1079 QuicVersionLabel /*version_label*/) {
1080 return false;
1081 }
1082
OnExpiredPackets(QuicConnectionId server_connection_id,BufferedPacketList early_arrived_packets)1083 void QuicDispatcher::OnExpiredPackets(
1084 QuicConnectionId server_connection_id,
1085 BufferedPacketList early_arrived_packets) {
1086 QUIC_CODE_COUNT(quic_reject_buffered_packets_expired);
1087 StatelesslyTerminateConnection(
1088 server_connection_id,
1089 early_arrived_packets.ietf_quic ? IETF_QUIC_LONG_HEADER_PACKET
1090 : GOOGLE_QUIC_PACKET,
1091 /*version_flag=*/true,
1092 early_arrived_packets.version.HasLengthPrefixedConnectionIds(),
1093 early_arrived_packets.version, QUIC_HANDSHAKE_FAILED,
1094 "Packets buffered for too long",
1095 quic::QuicTimeWaitListManager::SEND_STATELESS_RESET);
1096 }
1097
ProcessBufferedChlos(size_t max_connections_to_create)1098 void QuicDispatcher::ProcessBufferedChlos(size_t max_connections_to_create) {
1099 // Reset the counter before starting creating connections.
1100 new_sessions_allowed_per_event_loop_ = max_connections_to_create;
1101 for (; new_sessions_allowed_per_event_loop_ > 0;
1102 --new_sessions_allowed_per_event_loop_) {
1103 QuicConnectionId server_connection_id;
1104 BufferedPacketList packet_list =
1105 buffered_packets_.DeliverPacketsForNextConnection(
1106 &server_connection_id);
1107 const std::list<BufferedPacket>& packets = packet_list.buffered_packets;
1108 if (packets.empty()) {
1109 return;
1110 }
1111 if (!packet_list.parsed_chlo.has_value()) {
1112 QUIC_BUG(quic_dispatcher_no_parsed_chlo_in_buffered_packets)
1113 << "Buffered connection has no CHLO. connection_id:"
1114 << server_connection_id;
1115 continue;
1116 }
1117 auto session_ptr = QuicDispatcher::CreateSessionFromChlo(
1118 server_connection_id, *packet_list.parsed_chlo, packet_list.version,
1119 packets.front().self_address, packets.front().peer_address);
1120 if (session_ptr != nullptr) {
1121 DeliverPacketsToSession(packets, session_ptr.get());
1122 }
1123 }
1124 }
1125
HasChlosBuffered() const1126 bool QuicDispatcher::HasChlosBuffered() const {
1127 return buffered_packets_.HasChlosBuffered();
1128 }
1129
1130 // Return true if there is any packet buffered in the store.
HasBufferedPackets(QuicConnectionId server_connection_id)1131 bool QuicDispatcher::HasBufferedPackets(QuicConnectionId server_connection_id) {
1132 return buffered_packets_.HasBufferedPackets(server_connection_id);
1133 }
1134
OnBufferPacketFailure(EnqueuePacketResult result,QuicConnectionId server_connection_id)1135 void QuicDispatcher::OnBufferPacketFailure(
1136 EnqueuePacketResult result, QuicConnectionId server_connection_id) {
1137 QUIC_DLOG(INFO) << "Fail to buffer packet on connection "
1138 << server_connection_id << " because of " << result;
1139 }
1140
CreateQuicTimeWaitListManager()1141 QuicTimeWaitListManager* QuicDispatcher::CreateQuicTimeWaitListManager() {
1142 return new QuicTimeWaitListManager(writer_.get(), this, helper_->GetClock(),
1143 alarm_factory_.get());
1144 }
1145
BufferEarlyPacket(const ReceivedPacketInfo & packet_info)1146 void QuicDispatcher::BufferEarlyPacket(const ReceivedPacketInfo& packet_info) {
1147 EnqueuePacketResult rs = buffered_packets_.EnqueuePacket(
1148 packet_info.destination_connection_id,
1149 packet_info.form != GOOGLE_QUIC_PACKET, packet_info.packet,
1150 packet_info.self_address, packet_info.peer_address, packet_info.version,
1151 /*parsed_chlo=*/absl::nullopt);
1152 if (rs != EnqueuePacketResult::SUCCESS) {
1153 OnBufferPacketFailure(rs, packet_info.destination_connection_id);
1154 }
1155 }
1156
ProcessChlo(ParsedClientHello parsed_chlo,ReceivedPacketInfo * packet_info)1157 void QuicDispatcher::ProcessChlo(ParsedClientHello parsed_chlo,
1158 ReceivedPacketInfo* packet_info) {
1159 if (GetQuicFlag(quic_allow_chlo_buffering) &&
1160 new_sessions_allowed_per_event_loop_ <= 0) {
1161 // Can't create new session any more. Wait till next event loop.
1162 QUIC_BUG_IF(quic_bug_12724_7, buffered_packets_.HasChloForConnection(
1163 packet_info->destination_connection_id));
1164 EnqueuePacketResult rs = buffered_packets_.EnqueuePacket(
1165 packet_info->destination_connection_id,
1166 packet_info->form != GOOGLE_QUIC_PACKET, packet_info->packet,
1167 packet_info->self_address, packet_info->peer_address,
1168 packet_info->version, std::move(parsed_chlo));
1169 if (rs != EnqueuePacketResult::SUCCESS) {
1170 OnBufferPacketFailure(rs, packet_info->destination_connection_id);
1171 }
1172 return;
1173 }
1174
1175 auto session_ptr = QuicDispatcher::CreateSessionFromChlo(
1176 packet_info->destination_connection_id, parsed_chlo, packet_info->version,
1177 packet_info->self_address, packet_info->peer_address);
1178 if (session_ptr == nullptr) {
1179 return;
1180 }
1181 std::list<BufferedPacket> packets =
1182 buffered_packets_.DeliverPackets(packet_info->destination_connection_id)
1183 .buffered_packets;
1184 if (packet_info->destination_connection_id != session_ptr->connection_id()) {
1185 // Provide the calling function with access to the new connection ID.
1186 packet_info->destination_connection_id = session_ptr->connection_id();
1187 if (!packets.empty()) {
1188 QUIC_CODE_COUNT(
1189 quic_delivered_buffered_packets_to_connection_with_replaced_id);
1190 }
1191 }
1192 // Process CHLO at first.
1193 session_ptr->ProcessUdpPacket(packet_info->self_address,
1194 packet_info->peer_address, packet_info->packet);
1195 // Deliver queued-up packets in the same order as they arrived.
1196 // Do this even when flag is off because there might be still some packets
1197 // buffered in the store before flag is turned off.
1198 DeliverPacketsToSession(packets, session_ptr.get());
1199 --new_sessions_allowed_per_event_loop_;
1200 }
1201
SetLastError(QuicErrorCode error)1202 void QuicDispatcher::SetLastError(QuicErrorCode error) { last_error_ = error; }
1203
OnFailedToDispatchPacket(const ReceivedPacketInfo &)1204 bool QuicDispatcher::OnFailedToDispatchPacket(
1205 const ReceivedPacketInfo& /*packet_info*/) {
1206 return false;
1207 }
1208
GetSupportedVersions()1209 const ParsedQuicVersionVector& QuicDispatcher::GetSupportedVersions() {
1210 return version_manager_->GetSupportedVersions();
1211 }
1212
DeliverPacketsToSession(const std::list<BufferedPacket> & packets,QuicSession * session)1213 void QuicDispatcher::DeliverPacketsToSession(
1214 const std::list<BufferedPacket>& packets, QuicSession* session) {
1215 for (const BufferedPacket& packet : packets) {
1216 session->ProcessUdpPacket(packet.self_address, packet.peer_address,
1217 *(packet.packet));
1218 }
1219 }
1220
IsSupportedVersion(const ParsedQuicVersion version)1221 bool QuicDispatcher::IsSupportedVersion(const ParsedQuicVersion version) {
1222 for (const ParsedQuicVersion& supported_version :
1223 version_manager_->GetSupportedVersions()) {
1224 if (version == supported_version) {
1225 return true;
1226 }
1227 }
1228 return false;
1229 }
1230
IsServerConnectionIdTooShort(QuicConnectionId connection_id) const1231 bool QuicDispatcher::IsServerConnectionIdTooShort(
1232 QuicConnectionId connection_id) const {
1233 if (connection_id.length() >= kQuicMinimumInitialConnectionIdLength ||
1234 connection_id.length() >= expected_server_connection_id_length_ ||
1235 allow_short_initial_server_connection_ids_) {
1236 return false;
1237 }
1238 uint8_t generator_output =
1239 connection_id.IsEmpty()
1240 ? connection_id_generator_.ConnectionIdLength(0x00)
1241 : connection_id_generator_.ConnectionIdLength(
1242 static_cast<uint8_t>(*connection_id.data()));
1243 return connection_id.length() < generator_output;
1244 }
1245
CreateSessionFromChlo(const QuicConnectionId original_connection_id,const ParsedClientHello & parsed_chlo,const ParsedQuicVersion version,const QuicSocketAddress self_address,const QuicSocketAddress peer_address)1246 std::shared_ptr<QuicSession> QuicDispatcher::CreateSessionFromChlo(
1247 const QuicConnectionId original_connection_id,
1248 const ParsedClientHello& parsed_chlo, const ParsedQuicVersion version,
1249 const QuicSocketAddress self_address,
1250 const QuicSocketAddress peer_address) {
1251 absl::optional<QuicConnectionId> server_connection_id =
1252 connection_id_generator_.MaybeReplaceConnectionId(original_connection_id,
1253 version);
1254 const bool replaced_connection_id = server_connection_id.has_value();
1255 if (!replaced_connection_id) {
1256 server_connection_id = original_connection_id;
1257 }
1258 if (reference_counted_session_map_.count(*server_connection_id) > 0) {
1259 // The new connection ID is owned by another session. Avoid creating one
1260 // altogether, as this connection attempt cannot possibly succeed.
1261 if (replaced_connection_id) {
1262 // The original connection ID does not correspond to an existing
1263 // session. It is safe to send CONNECTION_CLOSE and add to TIME_WAIT.
1264 StatelesslyTerminateConnection(
1265 original_connection_id, IETF_QUIC_LONG_HEADER_PACKET,
1266 /*version_flag=*/true, version.HasLengthPrefixedConnectionIds(),
1267 version, QUIC_HANDSHAKE_FAILED,
1268 "Connection ID collision, please retry",
1269 QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS);
1270 }
1271 return nullptr;
1272 }
1273 // Creates a new session and process all buffered packets for this connection.
1274 std::string alpn = SelectAlpn(parsed_chlo.alpns);
1275 std::unique_ptr<QuicSession> session =
1276 CreateQuicSession(*server_connection_id, self_address, peer_address, alpn,
1277 version, parsed_chlo);
1278 if (ABSL_PREDICT_FALSE(session == nullptr)) {
1279 QUIC_BUG(quic_bug_10287_8)
1280 << "CreateQuicSession returned nullptr for " << *server_connection_id
1281 << " from " << peer_address << " to " << self_address << " ALPN \""
1282 << alpn << "\" version " << version;
1283 return nullptr;
1284 }
1285
1286 if (replaced_connection_id) {
1287 session->connection()->SetOriginalDestinationConnectionId(
1288 original_connection_id);
1289 }
1290 QUIC_DLOG(INFO) << "Created new session for " << *server_connection_id;
1291
1292 auto insertion_result = reference_counted_session_map_.insert(std::make_pair(
1293 *server_connection_id, std::shared_ptr<QuicSession>(std::move(session))));
1294 std::shared_ptr<QuicSession> session_ptr = insertion_result.first->second;
1295 if (!insertion_result.second) {
1296 QUIC_BUG(quic_bug_10287_9)
1297 << "Tried to add a session to session_map with existing "
1298 "connection id: "
1299 << *server_connection_id;
1300 } else {
1301 ++num_sessions_in_session_map_;
1302 if (replaced_connection_id) {
1303 auto insertion_result2 = reference_counted_session_map_.insert(
1304 std::make_pair(original_connection_id, session_ptr));
1305 QUIC_BUG_IF(quic_460317833_02, !insertion_result2.second)
1306 << "Original connection ID already in session_map: "
1307 << original_connection_id;
1308 // If insertion of the original connection ID fails, it might cause
1309 // loss of 0-RTT and other first flight packets, but the connection
1310 // will usually progress.
1311 }
1312 }
1313 return session_ptr;
1314 }
1315
MaybeResetPacketsWithNoVersion(const ReceivedPacketInfo & packet_info)1316 void QuicDispatcher::MaybeResetPacketsWithNoVersion(
1317 const ReceivedPacketInfo& packet_info) {
1318 QUICHE_DCHECK(!packet_info.version_flag);
1319 // Do not send a stateless reset if a reset has been sent to this address
1320 // recently.
1321 if (recent_stateless_reset_addresses_.contains(packet_info.peer_address)) {
1322 QUIC_CODE_COUNT(quic_donot_send_reset_repeatedly);
1323 return;
1324 }
1325 if (packet_info.form != GOOGLE_QUIC_PACKET) {
1326 // Drop IETF packets smaller than the minimal stateless reset length.
1327 if (packet_info.packet.length() <=
1328 QuicFramer::GetMinStatelessResetPacketLength()) {
1329 QUIC_CODE_COUNT(quic_drop_too_small_short_header_packets);
1330 return;
1331 }
1332 } else {
1333 const size_t MinValidPacketLength =
1334 kPacketHeaderTypeSize + expected_server_connection_id_length_ +
1335 PACKET_1BYTE_PACKET_NUMBER + /*payload size=*/1 + /*tag size=*/12;
1336 if (packet_info.packet.length() < MinValidPacketLength) {
1337 // The packet size is too small.
1338 QUIC_CODE_COUNT(drop_too_small_packets);
1339 return;
1340 }
1341 }
1342 // Do not send a stateless reset if there are too many stateless reset
1343 // addresses.
1344 if (recent_stateless_reset_addresses_.size() >=
1345 GetQuicFlag(quic_max_recent_stateless_reset_addresses)) {
1346 QUIC_CODE_COUNT(quic_too_many_recent_reset_addresses);
1347 return;
1348 }
1349 if (recent_stateless_reset_addresses_.empty()) {
1350 clear_stateless_reset_addresses_alarm_->Update(
1351 helper()->GetClock()->ApproximateNow() +
1352 QuicTime::Delta::FromMilliseconds(
1353 GetQuicFlag(quic_recent_stateless_reset_addresses_lifetime_ms)),
1354 QuicTime::Delta::Zero());
1355 }
1356 recent_stateless_reset_addresses_.emplace(packet_info.peer_address);
1357
1358 time_wait_list_manager()->SendPublicReset(
1359 packet_info.self_address, packet_info.peer_address,
1360 packet_info.destination_connection_id,
1361 packet_info.form != GOOGLE_QUIC_PACKET, packet_info.packet.length(),
1362 GetPerPacketContext());
1363 }
1364
MaybeSendVersionNegotiationPacket(const ReceivedPacketInfo & packet_info)1365 void QuicDispatcher::MaybeSendVersionNegotiationPacket(
1366 const ReceivedPacketInfo& packet_info) {
1367 if (crypto_config()->validate_chlo_size() &&
1368 packet_info.packet.length() < kMinPacketSizeForVersionNegotiation) {
1369 return;
1370 }
1371 time_wait_list_manager()->SendVersionNegotiationPacket(
1372 packet_info.destination_connection_id, packet_info.source_connection_id,
1373 packet_info.form != GOOGLE_QUIC_PACKET, packet_info.use_length_prefix,
1374 GetSupportedVersions(), packet_info.self_address,
1375 packet_info.peer_address, GetPerPacketContext());
1376 }
1377
NumSessions() const1378 size_t QuicDispatcher::NumSessions() const {
1379 return num_sessions_in_session_map_;
1380 }
1381
1382 } // namespace quic
1383