Landing Recent QUIC changes until 01/28/2016 18:41 UTC

net/quic/quic_connection.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_connection.h"
 
 #include <string.h>
 #include <sys/types.h>
 
 #include <algorithm>
 #include <iterator>
 #include <limits>
 #include <memory>
 #include <set>
 #include <utility>
 
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
+#include "net/base/address_family.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
 #include "net/quic/quic_bandwidth.h"
 #include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_config.h"
 #include "net/quic/quic_fec_group.h"
 #include "net/quic/quic_flags.h"
@@ skipping 38 matching lines @@
 // rapidly increasing.
 const QuicPacketCount kMinReceivedBeforeAckDecimation = 100;
 // Wait for up to 10 retransmittable packets before sending an ack.
 const QuicPacketCount kMaxRetransmittablePacketsBeforeAck = 10;
 
 bool Near(QuicPacketNumber a, QuicPacketNumber b) {
   QuicPacketNumber delta = (a > b) ? a - b : b - a;
   return delta <= kMaxPacketGap;
 }
 
+bool IsInitializedIPEndPoint(const IPEndPoint& address) {
+  return net::GetAddressFamily(address.address().bytes()) !=
+         net::ADDRESS_FAMILY_UNSPECIFIED;
+}
+
 // An alarm that is scheduled to send an ack if a timeout occurs.
 class AckAlarm : public QuicAlarm::Delegate {
  public:
   explicit AckAlarm(QuicConnection* connection) : connection_(connection) {}
 
   QuicTime OnAlarm() override {
     DCHECK(connection_->ack_frame_updated());
     connection_->SendAck();
     return QuicTime::Zero();
   }
@@ skipping 566 matching lines @@
     debug_visitor_->OnPacketHeader(header);
   }
 
   // Will be decremented below if we fall through to return true.
   ++stats_.packets_dropped;
 
   if (!ProcessValidatedPacket(header)) {
     return false;
   }
 
+  MaybeMigrateConnectionToNewPeerAddress();
+
   --stats_.packets_dropped;
   DVLOG(1) << ENDPOINT << "Received packet header: " << header;
   last_header_ = header;
   DCHECK(connected_);
   return true;
 }
 
 void QuicConnection::OnFecProtectedPayload(StringPiece payload) {
   DCHECK_EQ(IN_FEC_GROUP, last_header_.is_in_fec_group);
   DCHECK_NE(0u, last_header_.fec_group);
@@ skipping 503 matching lines @@
     // All data for streams which are reset with QUIC_STREAM_NO_ERROR must
     // be received by the peer.
     return;
   }
 
   sent_packet_manager_.CancelRetransmissionsForStream(id);
   // Remove all queued packets which only contain data for the reset stream.
   QueuedPacketList::iterator packet_iterator = queued_packets_.begin();
   while (packet_iterator != queued_packets_.end()) {
     QuicFrames* retransmittable_frames =
-        packet_iterator->retransmittable_frames;
-    if (retransmittable_frames == nullptr) {
+        &packet_iterator->retransmittable_frames;
+    if (retransmittable_frames->empty()) {
       ++packet_iterator;
       continue;
     }
     QuicUtils::RemoveFramesForStream(retransmittable_frames, id);
     if (!retransmittable_frames->empty()) {
       ++packet_iterator;
       continue;
     }
     QuicUtils::ClearSerializedPacket(&(*packet_iterator));
     packet_iterator = queued_packets_.erase(packet_iterator);
@@ skipping 49 matching lines @@
                                       const IPEndPoint& peer_address,
                                       const QuicEncryptedPacket& packet) {
   if (!connected_) {
     return;
   }
   if (debug_visitor_ != nullptr) {
     debug_visitor_->OnPacketReceived(self_address, peer_address, packet);
   }
   last_size_ = packet.length();
 
-  CheckForAddressMigration(self_address, peer_address);
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    last_packet_destination_address_ = self_address;
+    last_packet_source_address_ = peer_address;
+    if (!IsInitializedIPEndPoint(self_address_)) {
+      self_address_ = last_packet_destination_address_;
+    }
+    if (!IsInitializedIPEndPoint(peer_address_)) {
+      peer_address_ = last_packet_source_address_;
+    }
+  } else {
+    CheckForAddressMigration(self_address, peer_address);
+  }
 
   stats_.bytes_received += packet.length();
   ++stats_.packets_received;
 
   ScopedRetransmissionScheduler alarm_delayer(this);
   if (!framer_.ProcessPacket(packet)) {
     // If we are unable to decrypt this packet, it might be
     // because the CHLO or SHLO packet was lost.
     if (framer_.error() == QUIC_DECRYPTION_FAILURE) {
       if (encryption_level_ != ENCRYPTION_FORWARD_SECURE &&
@@ skipping 34 matching lines @@
 
     // Store in case we want to migrate connection in ProcessValidatedPacket.
     migrating_peer_ip_ = peer_address.address().bytes();
     migrating_peer_port_ = peer_address.port();
   }
 
   if (!self_address.address().empty() && !self_address_.address().empty()) {
     self_ip_changed_ = (self_address.address() != self_address_.address());
     self_port_changed_ = (self_address.port() != self_address_.port());
   }
-
-  // TODO(vasilvv): reset maximum packet size on connection migration. Whenever
-  // the connection is migrated, it usually ends up being on a different path,
-  // with possibly smaller MTU.  This means the max packet size has to be reset
-  // and MTU discovery mechanism re-initialized.  The main reason the code does
-  // not do it now is that the retransmission code currently cannot deal with
-  // the case when it needs to resend a packet created with larger MTU (see
-  // b/22172803).
 }
 
 void QuicConnection::OnCanWrite() {
   DCHECK(!writer_->IsWriteBlocked());
 
   WriteQueuedPackets();
   WritePendingRetransmissions();
 
   // Sending queued packets may have caused the socket to become write blocked,
   // or the congestion manager to prohibit sending.  If we've sent everything
@@ skipping 20 matching lines @@
   }
 }
 
 void QuicConnection::WriteIfNotBlocked() {
   if (!writer_->IsWriteBlocked()) {
     OnCanWrite();
   }
 }
 
 bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
-  if (self_ip_changed_ || self_port_changed_) {
-    SendConnectionCloseWithDetails(QUIC_ERROR_MIGRATING_ADDRESS,
-                                   "Self address migration is not supported.");
-    return false;
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    if (IsInitializedIPEndPoint(self_address_) &&
+        IsInitializedIPEndPoint(last_packet_destination_address_) &&
+        (!(self_address_ == last_packet_destination_address_))) {
+      SendConnectionCloseWithDetails(
+          QUIC_ERROR_MIGRATING_ADDRESS,
+          "Self address migration is not supported.");
+      return false;
+    }
+  } else {
+    if (self_ip_changed_ || self_port_changed_) {
+      SendConnectionCloseWithDetails(
+          QUIC_ERROR_MIGRATING_ADDRESS,
+          "Self address migration is not supported.");
+      return false;
+    }
   }
 
   if (!Near(header.packet_number, last_header_.packet_number)) {
     DVLOG(1) << ENDPOINT << "Packet " << header.packet_number
              << " out of bounds.  Discarding";
     SendConnectionCloseWithDetails(QUIC_INVALID_PACKET_HEADER,
                                    "packet number out of bounds");
     return false;
   }
 
@@ skipping 35 matching lines @@
       version_negotiation_state_ = NEGOTIATED_VERSION;
       visitor_->OnSuccessfulVersionNegotiation(version());
       if (debug_visitor_ != nullptr) {
         debug_visitor_->OnSuccessfulVersionNegotiation(version());
       }
     }
   }
 
   DCHECK_EQ(NEGOTIATED_VERSION, version_negotiation_state_);
 
-  if (peer_ip_changed_ || peer_port_changed_) {
-    PeerAddressChangeType type = DeterminePeerAddressChangeType();
-    IPEndPoint old_peer_address = peer_address_;
-    peer_address_ = IPEndPoint(
-        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
-        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
-
-    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
-             << old_peer_address.ToString() << " to "
-             << peer_address_.ToString() << ", migrating connection.";
-
-    visitor_->OnConnectionMigration();
-    DCHECK_NE(type, NO_CHANGE);
-    sent_packet_manager_.OnConnectionMigration(type);
-  }
-
   time_of_last_received_packet_ = clock_->Now();
   DVLOG(1) << ENDPOINT << "time of last received packet: "
            << time_of_last_received_packet_.ToDebuggingValue();
 
   if (last_size_ > largest_received_packet_size_) {
     largest_received_packet_size_ = last_size_;
   }
 
   if (perspective_ == Perspective::IS_SERVER &&
       encryption_level_ == ENCRYPTION_NONE &&
@@ skipping 368 matching lines @@
                                                 packet->entropy_hash);
   // If there are already queued packets, queue this one immediately to ensure
   // it's written in sequence number order.
   if (!queued_packets_.empty() || !WritePacket(packet)) {
     // Take ownership of the underlying encrypted packet.
     if (!packet->packet->owns_buffer()) {
       scoped_ptr<QuicEncryptedPacket> encrypted_deleter(packet->packet);
       packet->packet = packet->packet->Clone();
     }
     queued_packets_.push_back(*packet);
+    packet->retransmittable_frames.clear();
   }
 
   // If a forward-secure encrypter is available but is not being used and the
   // next packet number is the first packet which requires
   // forward security, start using the forward-secure encrypter.
   if (encryption_level_ != ENCRYPTION_FORWARD_SECURE &&
       has_forward_secure_encrypter_ &&
       packet->packet_number >= first_required_forward_secure_packet_ - 1) {
     SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
   }
 }
 
-PeerAddressChangeType QuicConnection::DeterminePeerAddressChangeType() {
-  return UNSPECIFIED_CHANGE;
-}
-
 void QuicConnection::OnPingTimeout() {
   if (!retransmission_alarm_->IsSet()) {
     SendPing();
   }
 }
 
 void QuicConnection::SendPing() {
   ScopedPacketBundler bundler(this, ack_queued_ ? SEND_ACK : NO_ACK);
   packet_generator_.AddControlFrame(QuicFrame(QuicPingFrame()));
   // Send PING frame immediately, without checking for congestion window bounds.
@@ skipping 498 matching lines @@
     connection_->SetRetransmissionAlarm();
     connection_->pending_retransmission_alarm_ = false;
   }
 }
 
 HasRetransmittableData QuicConnection::IsRetransmittable(
     const SerializedPacket& packet) {
   // Retransmitted packets retransmittable frames are owned by the unacked
   // packet map, but are not present in the serialized packet.
   if (packet.transmission_type != NOT_RETRANSMISSION ||
-      packet.retransmittable_frames != nullptr) {
+      !packet.retransmittable_frames.empty()) {
     return HAS_RETRANSMITTABLE_DATA;
   } else {
     return NO_RETRANSMITTABLE_DATA;
   }
 }
 
 bool QuicConnection::IsTerminationPacket(const SerializedPacket& packet) {
-  if (packet.retransmittable_frames == nullptr) {
+  if (packet.retransmittable_frames.empty()) {
     return false;
   }
-  for (const QuicFrame& frame : *packet.retransmittable_frames) {
+  for (const QuicFrame& frame : packet.retransmittable_frames) {
     if (frame.type == CONNECTION_CLOSE_FRAME) {
       return true;
     }
     if (save_crypto_packets_as_termination_packets_ &&
         frame.type == STREAM_FRAME &&
         frame.stream_frame->stream_id == kCryptoStreamId) {
       return true;
     }
   }
   return false;
@@ skipping 54 matching lines @@
   next_mtu_probe_at_ =
       packet_number_of_last_sent_packet_ + packets_between_mtu_probes_ + 1;
   ++mtu_probe_count_;
 
   DVLOG(2) << "Sending a path MTU discovery packet #" << mtu_probe_count_;
   SendMtuDiscoveryPacket(mtu_discovery_target_);
 
   DCHECK(!mtu_discovery_alarm_->IsSet());
 }
 
+PeerAddressChangeType QuicConnection::DeterminePeerAddressChangeType() {
+  IPEndPoint last_peer_address;
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    last_peer_address = last_packet_source_address_;
+  } else {
+    last_peer_address = IPEndPoint(
+        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
+        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
+  }
+
+  if (!IsInitializedIPEndPoint(peer_address_) ||
+      !IsInitializedIPEndPoint(last_peer_address) ||
+      peer_address_ == last_peer_address) {
+    return NO_CHANGE;
+  }
+
+  if (peer_address_.address() == last_peer_address.address()) {
+    return PORT_CHANGE;
+  }
+
+  bool old_ip_is_ipv4 = peer_address_.address().IsIPv4();
+  bool migrating_ip_is_ipv4 = last_peer_address.address().IsIPv4();
+  if (old_ip_is_ipv4 && !migrating_ip_is_ipv4) {
+    return IPV4_TO_IPV6_CHANGE;
+  }
+
+  if (!old_ip_is_ipv4) {
+    return migrating_ip_is_ipv4 ? IPV6_TO_IPV4_CHANGE : IPV6_TO_IPV6_CHANGE;
+  }
+
+  // TODO(rtenneti): Implement better way to test SubnetMask length of 24 bits.
+  IPAddressNumber peer_address_bytes = peer_address_.address().bytes();
+  IPAddressNumber last_peer_address_bytes = last_peer_address.address().bytes();
+  if (peer_address_bytes[0] == last_peer_address_bytes[0] &&
+      peer_address_bytes[1] == last_peer_address_bytes[1] &&
+      peer_address_bytes[2] == last_peer_address_bytes[2]) {
+    // Subnet part does not change (here, we use /24), which is considered to be
+    // caused by NATs.
+    return IPV4_SUBNET_CHANGE;
+  }
+
+  return UNSPECIFIED_CHANGE;
+}
+
+void QuicConnection::MaybeMigrateConnectionToNewPeerAddress() {
+  PeerAddressChangeType peer_address_change_type =
+      DeterminePeerAddressChangeType();
+  // TODO(fayang): Currently, all peer address change type are allowed. Need to
+  // add a method ShouldAllowPeerAddressChange(PeerAddressChangeType type) to
+  // determine whehter |type| is allowed.
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    if (peer_address_change_type == NO_CHANGE) {
+      return;
+    }
+
+    IPEndPoint old_peer_address = peer_address_;
+    peer_address_ = last_packet_source_address_;
+
+    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
+             << old_peer_address.ToString() << " to "
+             << peer_address_.ToString() << ", migrating connection.";
+
+    visitor_->OnConnectionMigration();
+    sent_packet_manager_.OnConnectionMigration(peer_address_change_type);
+
+    return;
+  }
+
+  if (peer_ip_changed_ || peer_port_changed_) {
+    IPEndPoint old_peer_address = peer_address_;
+    peer_address_ = IPEndPoint(
+        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
+        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
+
+    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
+             << old_peer_address.ToString() << " to "
+             << peer_address_.ToString() << ", migrating connection.";
+
+    visitor_->OnConnectionMigration();
+    DCHECK_NE(peer_address_change_type, NO_CHANGE);
+    sent_packet_manager_.OnConnectionMigration(peer_address_change_type);
+  }
+}
+
 void QuicConnection::OnPathClosed(QuicPathId path_id) {
   // Stop receiving packets on this path.
   framer_.OnPathClosed(path_id);
 }
 
 bool QuicConnection::ack_frame_updated() const {
   return received_packet_manager_.ack_frame_updated();
 }
 
 }  // namespace net