Protected by FLAGS_enable_quic_stateless_reject_support. Add support

net/tools/quic/quic_dispatcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/tools/quic/quic_dispatcher.h"
 
 #include <utility>
 
 #include "base/debug/stack_trace.h"
 #include "base/logging.h"
 #include "base/stl_util.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_utils.h"
 #include "net/tools/quic/quic_per_connection_packet_writer.h"
 #include "net/tools/quic/quic_time_wait_list_manager.h"
 
 namespace net {
 
 namespace tools {
 
 using std::make_pair;
 using base::StringPiece;
 
+// The threshold size for the session map, over which the dispatcher will start
+// sending stateless rejects (SREJ), rather than stateful rejects (REJ) to
+// clients who support them.  If -1, stateless rejects will not be sent.  If 0,
+// the server will only send stateless rejects to clients who support them.
+int32 FLAGS_quic_session_map_threshold_for_stateless_rejects = -1;
+
 namespace {
 
 // An alarm that informs the QuicDispatcher to delete old sessions.
 class DeleteSessionsAlarm : public QuicAlarm::Delegate {
  public:
   explicit DeleteSessionsAlarm(QuicDispatcher* dispatcher)
       : dispatcher_(dispatcher) {
   }
 
   QuicTime OnAlarm() override {
@@ skipping 250 matching lines @@
   QuicPacketFate fate = ValidityChecks(header);
   switch (fate) {
     case kFateProcess: {
       // Create a session and process the packet.
       QuicServerSession* session = CreateQuicSession(
           connection_id, current_server_address_, current_client_address_);
       DVLOG(1) << "Created new session for " << connection_id;
       session_map_.insert(make_pair(connection_id, session));
       session->connection()->ProcessUdpPacket(
           current_server_address_, current_client_address_, *current_packet_);
+
+      if (FLAGS_enable_quic_stateless_reject_support &&
+          session->UsingStatelessRejectsIfPeerSupported() &&
+          session->PeerSupportsStatelessRejects() &&
+          !session->IsCryptoHandshakeConfirmed()) {
+        DVLOG(1) << "Removing new session for " << connection_id
+                 << " because the session is in stateless reject mode and"
+                 << " encryption has not been established.";
+        session->connection()->CloseConnection(
+            QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT, /* from_peer */ false);
+      }
       break;
     }
     case kFateTimeWait:
       // Add this connection_id to the time-wait state, to safely reject
       // future packets.
       DVLOG(1) << "Adding connection ID " << connection_id
                << "to time-wait list.";
       time_wait_list_manager_->AddConnectionIdToTimeWait(
           connection_id, framer_.version(),
           /*connection_rejected_statelessly=*/false, nullptr);
@@ skipping 34 matching lines @@
   // Check that the sequence numer is within the range that the client is
   // expected to send before receiving a response from the server.
   if (header.packet_sequence_number == kInvalidPacketSequenceNumber ||
       header.packet_sequence_number > kMaxReasonableInitialSequenceNumber) {
     return kFateTimeWait;
   }
 
   return kFateProcess;
 }
 
-void QuicDispatcher::CleanUpSession(SessionMap::iterator it) {
+void QuicDispatcher::CleanUpSession(SessionMap::iterator it,
+                                    bool should_close_statelessly) {
   QuicConnection* connection = it->second->connection();
   QuicEncryptedPacket* connection_close_packet =
       connection->ReleaseConnectionClosePacket();
   write_blocked_list_.erase(connection);
+  DCHECK(!should_close_statelessly || !connection_close_packet);
   time_wait_list_manager_->AddConnectionIdToTimeWait(
-      it->first, connection->version(),
-      /*connection_rejected_statelessly=*/false, connection_close_packet);
+      it->first, connection->version(), should_close_statelessly,
+      connection_close_packet);
   session_map_.erase(it);
 }
 
 void QuicDispatcher::DeleteSessions() {
   STLDeleteElements(&closed_session_list_);
 }
 
 void QuicDispatcher::OnCanWrite() {
   // The socket is now writable.
   writer_->SetWritable();
@@ skipping 36 matching lines @@
   DVLOG_IF(1, error != QUIC_NO_ERROR) << "Closing connection ("
                                       << connection_id
                                       << ") due to error: "
                                       << QuicUtils::ErrorToString(error);
 
   if (closed_session_list_.empty()) {
     delete_sessions_alarm_->Cancel();
     delete_sessions_alarm_->Set(helper()->GetClock()->ApproximateNow());
   }
   closed_session_list_.push_back(it->second);
-  CleanUpSession(it);
+  const bool should_close_statelessly =
+      (error == QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT);
+  CleanUpSession(it, should_close_statelessly);
 }
 
 void QuicDispatcher::OnWriteBlocked(
     QuicBlockedWriterInterface* blocked_writer) {
   if (!writer_->IsWriteBlocked()) {
     LOG(DFATAL) <<
         "QuicDispatcher::OnWriteBlocked called when the writer is not blocked.";
     // Return without adding the connection to the blocked list, to avoid
     // infinite loops in OnCanWrite.
     return;
@@ skipping 16 matching lines @@
     const IPEndPoint& server_address,
     const IPEndPoint& client_address) {
   // The QuicServerSession takes ownership of |connection| below.
   QuicConnection* connection = new QuicConnection(
       connection_id, client_address, helper_.get(), connection_writer_factory_,
       /* owns_writer= */ true, Perspective::IS_SERVER,
       crypto_config_->HasProofSource(), supported_versions_);
 
   QuicServerSession* session = new QuicServerSession(config_, connection, this);
   session->InitializeSession(crypto_config_);
+  if (FLAGS_quic_session_map_threshold_for_stateless_rejects != -1 &&
+      session_map_.size() >=
+          static_cast<size_t>(
+              FLAGS_quic_session_map_threshold_for_stateless_rejects)) {
+    session->set_use_stateless_rejects_if_peer_supported(true);
+  }
   return session;
 }
 
 QuicTimeWaitListManager* QuicDispatcher::CreateQuicTimeWaitListManager() {
   return new QuicTimeWaitListManager(
       writer_.get(), this, helper_.get(), supported_versions());
 }
 
 bool QuicDispatcher::HandlePacketForTimeWait(
     const QuicPacketPublicHeader& header) {
   if (header.reset_flag) {
     // Public reset packets do not have sequence numbers, so ignore the packet.
     return false;
   }
 
   // Switch the framer to the correct version, so that the sequence number can
   // be parsed correctly.
   framer_.set_version(time_wait_list_manager_->GetQuicVersionFromConnectionId(
       header.connection_id));
 
   // Continue parsing the packet to extract the sequence number.  Then
   // send it to the time wait manager in OnUnathenticatedHeader.
   return true;
 }
 
 }  // namespace tools
 }  // namespace net