Postpone checking peer address change after the packet is successfully

net/quic/quic_connection.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_connection.h"
 
 #include <string.h>
 #include <sys/types.h>
 
 #include <algorithm>
 #include <iterator>
 #include <limits>
 #include <memory>
 #include <set>
 #include <utility>
 
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
+#include "net/base/address_family.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
 #include "net/quic/quic_bandwidth.h"
 #include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_config.h"
 #include "net/quic/quic_fec_group.h"
 #include "net/quic/quic_flags.h"
@@ skipping 38 matching lines @@
 // rapidly increasing.
 const QuicPacketCount kMinReceivedBeforeAckDecimation = 100;
 // Wait for up to 10 retransmittable packets before sending an ack.
 const QuicPacketCount kMaxRetransmittablePacketsBeforeAck = 10;
 
 bool Near(QuicPacketNumber a, QuicPacketNumber b) {
   QuicPacketNumber delta = (a > b) ? a - b : b - a;
   return delta <= kMaxPacketGap;
 }
 
+bool IsInitializedIPEndPoint(const IPEndPoint& address) {
+  return net::GetAddressFamily(address.address().bytes()) !=
+         net::ADDRESS_FAMILY_UNSPECIFIED;
+}
+
 // An alarm that is scheduled to send an ack if a timeout occurs.
 class AckAlarm : public QuicAlarm::Delegate {
  public:
   explicit AckAlarm(QuicConnection* connection) : connection_(connection) {}
 
   QuicTime OnAlarm() override {
     DCHECK(connection_->ack_frame_updated());
     connection_->SendAck();
     return QuicTime::Zero();
   }
@@ skipping 566 matching lines @@
     debug_visitor_->OnPacketHeader(header);
   }
 
   // Will be decremented below if we fall through to return true.
   ++stats_.packets_dropped;
 
   if (!ProcessValidatedPacket(header)) {
     return false;
   }
 
+  MaybeMigrateConnectionToNewPeerAddress();
+
   --stats_.packets_dropped;
   DVLOG(1) << ENDPOINT << "Received packet header: " << header;
   last_header_ = header;
   DCHECK(connected_);
   return true;
 }
 
 void QuicConnection::OnFecProtectedPayload(StringPiece payload) {
   DCHECK_EQ(IN_FEC_GROUP, last_header_.is_in_fec_group);
   DCHECK_NE(0u, last_header_.fec_group);
@@ skipping 574 matching lines @@
                                       const IPEndPoint& peer_address,
                                       const QuicEncryptedPacket& packet) {
   if (!connected_) {
     return;
   }
   if (debug_visitor_ != nullptr) {
     debug_visitor_->OnPacketReceived(self_address, peer_address, packet);
   }
   last_size_ = packet.length();
 
-  CheckForAddressMigration(self_address, peer_address);
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    last_packet_destination_address_ = self_address;
+    last_packet_source_address_ = peer_address;
+    if (!IsInitializedIPEndPoint(self_address_)) {
+      self_address_ = last_packet_destination_address_;
+    }
+    if (!IsInitializedIPEndPoint(peer_address_)) {
+      peer_address_ = last_packet_source_address_;
+    }
+  } else {
+    CheckForAddressMigration(self_address, peer_address);
+  }
 
   stats_.bytes_received += packet.length();
   ++stats_.packets_received;
 
   ScopedRetransmissionScheduler alarm_delayer(this);
   if (!framer_.ProcessPacket(packet)) {
     // If we are unable to decrypt this packet, it might be
     // because the CHLO or SHLO packet was lost.
     if (framer_.error() == QUIC_DECRYPTION_FAILURE) {
       if (encryption_level_ != ENCRYPTION_FORWARD_SECURE &&
@@ skipping 34 matching lines @@
 
     // Store in case we want to migrate connection in ProcessValidatedPacket.
     migrating_peer_ip_ = peer_address.address().bytes();
     migrating_peer_port_ = peer_address.port();
   }
 
   if (!self_address.address().empty() && !self_address_.address().empty()) {
     self_ip_changed_ = (self_address.address() != self_address_.address());
     self_port_changed_ = (self_address.port() != self_address_.port());
   }
-
-  // TODO(vasilvv): reset maximum packet size on connection migration. Whenever
-  // the connection is migrated, it usually ends up being on a different path,
-  // with possibly smaller MTU.  This means the max packet size has to be reset
-  // and MTU discovery mechanism re-initialized.  The main reason the code does
-  // not do it now is that the retransmission code currently cannot deal with
-  // the case when it needs to resend a packet created with larger MTU (see
-  // b/22172803).
 }
 
 void QuicConnection::OnCanWrite() {
   DCHECK(!writer_->IsWriteBlocked());
 
   WriteQueuedPackets();
   WritePendingRetransmissions();
 
   // Sending queued packets may have caused the socket to become write blocked,
   // or the congestion manager to prohibit sending.  If we've sent everything
@@ skipping 20 matching lines @@
   }
 }
 
 void QuicConnection::WriteIfNotBlocked() {
   if (!writer_->IsWriteBlocked()) {
     OnCanWrite();
   }
 }
 
 bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
-  if (self_ip_changed_ || self_port_changed_) {
-    SendConnectionCloseWithDetails(QUIC_ERROR_MIGRATING_ADDRESS,
-                                   "Self address migration is not supported.");
-    return false;
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    if (IsInitializedIPEndPoint(self_address_) &&
+        IsInitializedIPEndPoint(last_packet_destination_address_) &&
+        (!(self_address_ == last_packet_destination_address_))) {
+      SendConnectionCloseWithDetails(
+          QUIC_ERROR_MIGRATING_ADDRESS,
+          "Self address migration is not supported.");
+      return false;
+    }
+  } else {
+    if (self_ip_changed_ || self_port_changed_) {
+      SendConnectionCloseWithDetails(
+          QUIC_ERROR_MIGRATING_ADDRESS,
+          "Self address migration is not supported.");
+      return false;
+    }
   }
 
   if (!Near(header.packet_number, last_header_.packet_number)) {
     DVLOG(1) << ENDPOINT << "Packet " << header.packet_number
              << " out of bounds.  Discarding";
     SendConnectionCloseWithDetails(QUIC_INVALID_PACKET_HEADER,
                                    "packet number out of bounds");
     return false;
   }
 
@@ skipping 35 matching lines @@
       version_negotiation_state_ = NEGOTIATED_VERSION;
       visitor_->OnSuccessfulVersionNegotiation(version());
       if (debug_visitor_ != nullptr) {
         debug_visitor_->OnSuccessfulVersionNegotiation(version());
       }
     }
   }
 
   DCHECK_EQ(NEGOTIATED_VERSION, version_negotiation_state_);
 
-  if (peer_ip_changed_ || peer_port_changed_) {
-    PeerAddressChangeType type = DeterminePeerAddressChangeType();
-    IPEndPoint old_peer_address = peer_address_;
-    peer_address_ = IPEndPoint(
-        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
-        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
-
-    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
-             << old_peer_address.ToString() << " to "
-             << peer_address_.ToString() << ", migrating connection.";
-
-    visitor_->OnConnectionMigration();
-    DCHECK_NE(type, NO_CHANGE);
-    sent_packet_manager_.OnConnectionMigration(type);
-  }
-
   time_of_last_received_packet_ = clock_->Now();
   DVLOG(1) << ENDPOINT << "time of last received packet: "
            << time_of_last_received_packet_.ToDebuggingValue();
 
   if (last_size_ > largest_received_packet_size_) {
     largest_received_packet_size_ = last_size_;
   }
 
   if (perspective_ == Perspective::IS_SERVER &&
       encryption_level_ == ENCRYPTION_NONE &&
@@ skipping 381 matching lines @@
   // If a forward-secure encrypter is available but is not being used and the
   // next packet number is the first packet which requires
   // forward security, start using the forward-secure encrypter.
   if (encryption_level_ != ENCRYPTION_FORWARD_SECURE &&
       has_forward_secure_encrypter_ &&
       packet->packet_number >= first_required_forward_secure_packet_ - 1) {
     SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
   }
 }
 
-PeerAddressChangeType QuicConnection::DeterminePeerAddressChangeType() {
-  return UNSPECIFIED_CHANGE;
-}
-
 void QuicConnection::OnPingTimeout() {
   if (!retransmission_alarm_->IsSet()) {
     SendPing();
   }
 }
 
 void QuicConnection::SendPing() {
   ScopedPacketBundler bundler(this, ack_queued_ ? SEND_ACK : NO_ACK);
   packet_generator_.AddControlFrame(QuicFrame(QuicPingFrame()));
   // Send PING frame immediately, without checking for congestion window bounds.
@@ skipping 584 matching lines @@
   next_mtu_probe_at_ =
       packet_number_of_last_sent_packet_ + packets_between_mtu_probes_ + 1;
   ++mtu_probe_count_;
 
   DVLOG(2) << "Sending a path MTU discovery packet #" << mtu_probe_count_;
   SendMtuDiscoveryPacket(mtu_discovery_target_);
 
   DCHECK(!mtu_discovery_alarm_->IsSet());
 }
 
+PeerAddressChangeType QuicConnection::DeterminePeerAddressChangeType() {
+  IPEndPoint last_peer_address;
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    last_peer_address = last_packet_source_address_;
+  } else {
+    last_peer_address = IPEndPoint(
+        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
+        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
+  }
+
+  if (!IsInitializedIPEndPoint(peer_address_) ||
+      !IsInitializedIPEndPoint(last_peer_address) ||
+      peer_address_ == last_peer_address) {
+    return NO_CHANGE;
+  }
+
+  if (peer_address_.address() == last_peer_address.address()) {
+    return PORT_CHANGE;
+  }
+
+  bool old_ip_is_ipv4 = peer_address_.address().IsIPv4();
+  bool migrating_ip_is_ipv4 = last_peer_address.address().IsIPv4();
+  if (old_ip_is_ipv4 && !migrating_ip_is_ipv4) {
+    return IPV4_TO_IPV6_CHANGE;
+  }
+
+  if (!old_ip_is_ipv4) {
+    return migrating_ip_is_ipv4 ? IPV6_TO_IPV4_CHANGE : IPV6_TO_IPV6_CHANGE;
+  }
+
+  // TODO(rtenneti): Implement better way to test SubnetMask length of 24 bits.
+  IPAddressNumber peer_address_bytes = peer_address_.address().bytes();
+  IPAddressNumber last_peer_address_bytes = last_peer_address.address().bytes();
+  if (peer_address_bytes[0] == last_peer_address_bytes[0] &&
+      peer_address_bytes[1] == last_peer_address_bytes[1] &&
+      peer_address_bytes[2] == last_peer_address_bytes[2]) {
+    // Subnet part does not change (here, we use /24), which is considered to be
+    // caused by NATs.
+    return IPV4_SUBNET_CHANGE;
+  }
+
+  return UNSPECIFIED_CHANGE;
+}
+
+void QuicConnection::MaybeMigrateConnectionToNewPeerAddress() {
+  PeerAddressChangeType peer_address_change_type =
+      DeterminePeerAddressChangeType();
+  // TODO(fayang): Currently, all peer address change type are allowed. Need to
+  // add a method ShouldAllowPeerAddressChange(PeerAddressChangeType type) to
+  // determine whehter |type| is allowed.
+  if (FLAGS_check_peer_address_change_after_decryption) {
+    if (peer_address_change_type == NO_CHANGE) {
+      return;
+    }
+
+    IPEndPoint old_peer_address = peer_address_;
+    peer_address_ = last_packet_source_address_;
+
+    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
+             << old_peer_address.ToString() << " to "
+             << peer_address_.ToString() << ", migrating connection.";
+
+    visitor_->OnConnectionMigration();
+    sent_packet_manager_.OnConnectionMigration(peer_address_change_type);
+
+    return;
+  }
+
+  if (peer_ip_changed_ || peer_port_changed_) {
+    IPEndPoint old_peer_address = peer_address_;
+    peer_address_ = IPEndPoint(
+        peer_ip_changed_ ? migrating_peer_ip_ : peer_address_.address().bytes(),
+        peer_port_changed_ ? migrating_peer_port_ : peer_address_.port());
+
+    DVLOG(1) << ENDPOINT << "Peer's ip:port changed from "
+             << old_peer_address.ToString() << " to "
+             << peer_address_.ToString() << ", migrating connection.";
+
+    visitor_->OnConnectionMigration();
+    DCHECK_NE(peer_address_change_type, NO_CHANGE);
+    sent_packet_manager_.OnConnectionMigration(peer_address_change_type);
+  }
+}
+
 void QuicConnection::OnPathClosed(QuicPathId path_id) {
   // Stop receiving packets on this path.
   framer_.OnPathClosed(path_id);
 }
 
 bool QuicConnection::ack_frame_updated() const {
   return received_packet_manager_.ack_frame_updated();
 }
 
 }  // namespace net