Flag-protected. Add stateless reject support to crypto streams.

net/quic/quic_crypto_server_stream.h

Index: net/quic/quic_crypto_server_stream.h
diff --git a/net/quic/quic_crypto_server_stream.h b/net/quic/quic_crypto_server_stream.h
index 7b842ae08d1da4fefea06d045ad2823751b8e999..27f6f958482045dea3b5fdf032efa046d22328f6 100644
--- a/net/quic/quic_crypto_server_stream.h
+++ b/net/quic/quic_crypto_server_stream.h
@@ -23,6 +23,7 @@ class QuicSession;
 
 namespace test {
 class CryptoTestUtils;
+class QuicCryptoServerStreamPeer;
 }  // namespace test
 
 // Receives a notification when the server hello (SHLO) has been ACKed by the
@@ -84,6 +85,28 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream : public QuicCryptoStream {
 
   const CachedNetworkParameters* previous_cached_network_params() const;
 
+  bool use_stateless_rejects_if_peer_supported() const {
+    return use_stateless_rejects_if_peer_supported_;
+  }
+
+  // Used by the quic dispatcher to indicate that this crypto server
+  // stream should use stateless rejects, so long as stateless rejects
+  // are supported by the client.
+  void set_use_stateless_rejects_if_peer_supported(
+      bool use_stateless_rejects_if_peer_supported) {
+    use_stateless_rejects_if_peer_supported_ =
+        use_stateless_rejects_if_peer_supported;
+  }
+
+  bool peer_supports_stateless_rejects() const {
+    return peer_supports_stateless_rejects_;
+  }
+
+  void set_peer_supports_stateless_rejects(
+      bool peer_supports_stateless_rejects) {
+    peer_supports_stateless_rejects_ = peer_supports_stateless_rejects;
+  }
+
  protected:
   virtual QuicErrorCode ProcessClientHello(
       const CryptoHandshakeMessage& message,
@@ -95,8 +118,14 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream : public QuicCryptoStream {
   // before going through the parameter negotiation step.
   virtual void OverrideQuicConfigDefaults(QuicConfig* config);
 
+  // Given the current connection_id, generates a new ConnectionId to
+  // be returned with a stateless reject.
+  virtual QuicConnectionId GenerateConnectionIdForReject(
+      QuicConnectionId connection_id);
+
  private:
   friend class test::CryptoTestUtils;
+  friend class test::QuicCryptoServerStreamPeer;
 
   class ValidateCallback : public ValidateClientHelloResultCallback {
    public:
@@ -121,6 +150,11 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream : public QuicCryptoStream {
       const CryptoHandshakeMessage& message,
       const ValidateClientHelloResultCallback::Result& result);
 
+  // Checks the options on the handshake-message to see whether the
+  // peer supports stateless-rejects.
+  static bool DoesPeerSupportStatelessRejects(
+      const CryptoHandshakeMessage& message);
+
   // crypto_config_ contains crypto parameters for the handshake.
   const QuicCryptoServerConfig* crypto_config_;
 
@@ -144,6 +178,17 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream : public QuicCryptoStream {
   // Contains any source address tokens which were present in the CHLO.
   SourceAddressTokens previous_source_address_tokens_;
 
+  // If true, the server should use stateless rejects, so long as the
+  // client supports them, as indicated by
+  // peer_supports_stateless_rejects_.
+  bool use_stateless_rejects_if_peer_supported_;
+
+  // Set to true, once the server has received information from the
+  // client that it supports stateless reject.
+  //  TODO(jokulik): Remove once client stateless reject support
+  // becomes the default.
+  bool peer_supports_stateless_rejects_;
+
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerStream);
 };