1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/tools/quic/quic_dispatcher.h"
#include <utility>
#include "base/debug/stack_trace.h"
#include "base/logging.h"
#include "base/macros.h"
#include "base/stl_util.h"
#include "net/quic/quic_bug_tracker.h"
#include "net/quic/quic_flags.h"
#include "net/quic/quic_utils.h"
#include "net/tools/quic/quic_per_connection_packet_writer.h"
#include "net/tools/quic/quic_simple_server_session.h"
#include "net/tools/quic/quic_time_wait_list_manager.h"
namespace net {
using std::make_pair;
using base::StringPiece;
namespace {
// An alarm that informs the QuicDispatcher to delete old sessions.
class DeleteSessionsAlarm : public QuicAlarm::Delegate {
public:
explicit DeleteSessionsAlarm(QuicDispatcher* dispatcher)
: dispatcher_(dispatcher) {}
void OnAlarm() override { dispatcher_->DeleteSessions(); }
private:
// Not owned.
QuicDispatcher* dispatcher_;
DISALLOW_COPY_AND_ASSIGN(DeleteSessionsAlarm);
};
} // namespace
QuicDispatcher::QuicDispatcher(const QuicConfig& config,
const QuicCryptoServerConfig* crypto_config,
const QuicVersionVector& supported_versions,
QuicConnectionHelperInterface* helper)
: config_(config),
crypto_config_(crypto_config),
compressed_certs_cache_(
QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
helper_(helper),
delete_sessions_alarm_(
helper_->CreateAlarm(new DeleteSessionsAlarm(this))),
supported_versions_(supported_versions),
current_packet_(nullptr),
framer_(supported_versions,
/*unused*/ QuicTime::Zero(),
Perspective::IS_SERVER),
last_error_(QUIC_NO_ERROR) {
framer_.set_visitor(this);
}
QuicDispatcher::~QuicDispatcher() {
STLDeleteValues(&session_map_);
STLDeleteElements(&closed_session_list_);
}
void QuicDispatcher::InitializeWithWriter(QuicPacketWriter* writer) {
DCHECK(writer_ == nullptr);
writer_.reset(writer);
time_wait_list_manager_.reset(CreateQuicTimeWaitListManager());
}
void QuicDispatcher::ProcessPacket(const IPEndPoint& server_address,
const IPEndPoint& client_address,
const QuicReceivedPacket& packet) {
current_server_address_ = server_address;
current_client_address_ = client_address;
current_packet_ = &packet;
// ProcessPacket will cause the packet to be dispatched in
// OnUnauthenticatedPublicHeader, or sent to the time wait list manager
// in OnUnauthenticatedHeader.
framer_.ProcessPacket(packet);
// TODO(rjshade): Return a status describing if/why a packet was dropped,
// and log somehow. Maybe expose as a varz.
}
bool QuicDispatcher::OnUnauthenticatedPublicHeader(
const QuicPacketPublicHeader& header) {
current_connection_id_ = header.connection_id;
// Port zero is only allowed for unidirectional UDP, so is disallowed by QUIC.
// Given that we can't even send a reply rejecting the packet, just drop the
// packet.
if (current_client_address_.port() == 0) {
return false;
}
// Stopgap test: The code does not construct full-length connection IDs
// correctly from truncated connection ID fields. Prevent this from causing
// the connection ID lookup to error by dropping any packet with a short
// connection ID.
if (header.connection_id_length != PACKET_8BYTE_CONNECTION_ID) {
return false;
}
// Packets with connection IDs for active connections are processed
// immediately.
QuicConnectionId connection_id = header.connection_id;
SessionMap::iterator it = session_map_.find(connection_id);
if (it != session_map_.end()) {
it->second->ProcessUdpPacket(current_server_address_,
current_client_address_, *current_packet_);
return false;
}
// If the packet is a public reset for a connection ID that is not active,
// there is nothing we must do or can do.
if (header.reset_flag) {
return false;
}
if (time_wait_list_manager_->IsConnectionIdInTimeWait(connection_id)) {
// Set the framer's version based on the recorded version for this
// connection and continue processing for non-public-reset packets.
return HandlePacketForTimeWait(header);
}
// The packet has an unknown connection ID.
// Unless the packet provides a version, assume that we can continue
// processing using our preferred version.
QuicVersion version = supported_versions_.front();
if (header.version_flag) {
QuicVersion packet_version = header.versions.front();
if (framer_.IsSupportedVersion(packet_version)) {
version = packet_version;
} else {
if (FLAGS_quic_stateless_version_negotiation) {
if (ShouldCreateSessionForUnknownVersion(framer_.last_version_tag())) {
return true;
}
// Since the version is not supported, send a version negotiation
// packet and stop processing the current packet.
time_wait_list_manager()->SendVersionNegotiationPacket(
connection_id, supported_versions_, current_server_address_,
current_client_address_);
return false;
} else {
// Packets set to be processed but having an unsupported version will
// cause a connection to be created. The connection will handle
// sending a version negotiation packet.
// TODO(ianswett): This will malfunction if the full header of the
// packet causes a parsing error when parsed using the server's
// preferred version.
}
}
}
// Set the framer's version and continue processing.
framer_.set_version(version);
return true;
}
bool QuicDispatcher::OnUnauthenticatedHeader(const QuicPacketHeader& header) {
QuicConnectionId connection_id = header.public_header.connection_id;
if (time_wait_list_manager_->IsConnectionIdInTimeWait(
header.public_header.connection_id)) {
// This connection ID is already in time-wait state.
time_wait_list_manager_->ProcessPacket(
current_server_address_, current_client_address_,
header.public_header.connection_id, header.packet_number,
*current_packet_);
return false;
}
// Packet's connection ID is unknown.
// Apply the validity checks.
QuicPacketFate fate = ValidityChecks(header);
switch (fate) {
case kFateProcess: {
// Create a session and process the packet.
QuicServerSessionBase* session =
CreateQuicSession(connection_id, current_client_address_);
DVLOG(1) << "Created new session for " << connection_id;
session_map_.insert(std::make_pair(connection_id, session));
session->ProcessUdpPacket(current_server_address_,
current_client_address_, *current_packet_);
break;
}
case kFateTimeWait:
// Add this connection_id to the time-wait state, to safely reject
// future packets.
DVLOG(1) << "Adding connection ID " << connection_id
<< "to time-wait list.";
time_wait_list_manager_->AddConnectionIdToTimeWait(
connection_id, framer_.version(),
/*connection_rejected_statelessly=*/false, nullptr);
DCHECK(time_wait_list_manager_->IsConnectionIdInTimeWait(
header.public_header.connection_id));
time_wait_list_manager_->ProcessPacket(
current_server_address_, current_client_address_,
header.public_header.connection_id, header.packet_number,
*current_packet_);
break;
case kFateDrop:
// Do nothing with the packet.
break;
}
return false;
}
QuicDispatcher::QuicPacketFate QuicDispatcher::ValidityChecks(
const QuicPacketHeader& header) {
// To have all the checks work properly without tears, insert any new check
// into the framework of this method in the section for checks that return the
// check's fate value. The sections for checks must be ordered with the
// highest priority fate first.
// Checks that return kFateDrop.
// Checks that return kFateTimeWait.
// All packets within a connection sent by a client before receiving a
// response from the server are required to have the version negotiation flag
// set. Since this may be a client continuing a connection we lost track of
// via server restart, send a rejection to fast-fail the connection.
if (!header.public_header.version_flag) {
DVLOG(1) << "Packet without version arrived for unknown connection ID "
<< header.public_header.connection_id;
return kFateTimeWait;
}
// Check that the sequence numer is within the range that the client is
// expected to send before receiving a response from the server.
if (header.packet_number == kInvalidPacketNumber ||
header.packet_number > kMaxReasonableInitialPacketNumber) {
return kFateTimeWait;
}
return kFateProcess;
}
void QuicDispatcher::CleanUpSession(SessionMap::iterator it,
bool should_close_statelessly) {
QuicConnection* connection = it->second->connection();
write_blocked_list_.erase(connection);
if (should_close_statelessly) {
DCHECK(connection->termination_packets() != nullptr &&
!connection->termination_packets()->empty());
}
time_wait_list_manager_->AddConnectionIdToTimeWait(
it->first, connection->version(), should_close_statelessly,
connection->termination_packets());
session_map_.erase(it);
}
void QuicDispatcher::DeleteSessions() {
STLDeleteElements(&closed_session_list_);
}
void QuicDispatcher::OnCanWrite() {
// The socket is now writable.
writer_->SetWritable();
// Give all the blocked writers one chance to write, until we're blocked again
// or there's no work left.
while (!write_blocked_list_.empty() && !writer_->IsWriteBlocked()) {
QuicBlockedWriterInterface* blocked_writer =
write_blocked_list_.begin()->first;
write_blocked_list_.erase(write_blocked_list_.begin());
blocked_writer->OnCanWrite();
}
}
bool QuicDispatcher::HasPendingWrites() const {
return !write_blocked_list_.empty();
}
void QuicDispatcher::Shutdown() {
while (!session_map_.empty()) {
QuicServerSessionBase* session = session_map_.begin()->second;
session->connection()->SendConnectionCloseWithDetails(
QUIC_PEER_GOING_AWAY, "Server shutdown imminent");
// Validate that the session removes itself from the session map on close.
DCHECK(session_map_.empty() || session_map_.begin()->second != session);
}
DeleteSessions();
}
void QuicDispatcher::OnConnectionClosed(QuicConnectionId connection_id,
QuicErrorCode error) {
SessionMap::iterator it = session_map_.find(connection_id);
if (it == session_map_.end()) {
QUIC_BUG << "ConnectionId " << connection_id
<< " does not exist in the session map. Error: "
<< QuicUtils::ErrorToString(error);
QUIC_BUG << base::debug::StackTrace().ToString();
return;
}
DVLOG_IF(1, error != QUIC_NO_ERROR)
<< "Closing connection (" << connection_id
<< ") due to error: " << QuicUtils::ErrorToString(error);
if (closed_session_list_.empty()) {
delete_sessions_alarm_->Cancel();
delete_sessions_alarm_->Set(helper()->GetClock()->ApproximateNow());
}
closed_session_list_.push_back(it->second);
const bool should_close_statelessly =
(error == QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT);
CleanUpSession(it, should_close_statelessly);
}
void QuicDispatcher::OnWriteBlocked(
QuicBlockedWriterInterface* blocked_writer) {
if (!writer_->IsWriteBlocked()) {
QUIC_BUG << "QuicDispatcher::OnWriteBlocked called when the writer is "
"not blocked.";
// Return without adding the connection to the blocked list, to avoid
// infinite loops in OnCanWrite.
return;
}
write_blocked_list_.insert(std::make_pair(blocked_writer, true));
}
void QuicDispatcher::OnConnectionAddedToTimeWaitList(
QuicConnectionId connection_id) {
DVLOG(1) << "Connection " << connection_id << " added to time wait list.";
}
void QuicDispatcher::OnConnectionRemovedFromTimeWaitList(
QuicConnectionId connection_id) {
DVLOG(1) << "Connection " << connection_id << " removed from time wait list.";
}
void QuicDispatcher::OnPacket() {}
void QuicDispatcher::OnError(QuicFramer* framer) {
QuicErrorCode error = framer->error();
SetLastError(error);
DVLOG(1) << QuicUtils::ErrorToString(error);
}
bool QuicDispatcher::ShouldCreateSessionForUnknownVersion(QuicTag version_tag) {
return false;
}
bool QuicDispatcher::OnProtocolVersionMismatch(
QuicVersion /*received_version*/) {
if (FLAGS_quic_stateless_version_negotiation) {
QUIC_BUG_IF(
!time_wait_list_manager_->IsConnectionIdInTimeWait(
current_connection_id_) &&
!ShouldCreateSessionForUnknownVersion(framer_.last_version_tag()))
<< "Unexpected version mismatch: "
<< QuicUtils::TagToString(framer_.last_version_tag());
}
// Keep processing after protocol mismatch - this will be dealt with by the
// time wait list or connection that we will create.
return true;
}
void QuicDispatcher::OnPublicResetPacket(
const QuicPublicResetPacket& /*packet*/) {
DCHECK(false);
}
void QuicDispatcher::OnVersionNegotiationPacket(
const QuicVersionNegotiationPacket& /*packet*/) {
DCHECK(false);
}
void QuicDispatcher::OnDecryptedPacket(EncryptionLevel level) {
DCHECK(false);
}
bool QuicDispatcher::OnPacketHeader(const QuicPacketHeader& /*header*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnStreamFrame(const QuicStreamFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnAckFrame(const QuicAckFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnStopWaitingFrame(const QuicStopWaitingFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnPingFrame(const QuicPingFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnRstStreamFrame(const QuicRstStreamFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnConnectionCloseFrame(
const QuicConnectionCloseFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnGoAwayFrame(const QuicGoAwayFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnWindowUpdateFrame(
const QuicWindowUpdateFrame& /*frame*/) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnBlockedFrame(const QuicBlockedFrame& frame) {
DCHECK(false);
return false;
}
bool QuicDispatcher::OnPathCloseFrame(const QuicPathCloseFrame& frame) {
DCHECK(false);
return false;
}
void QuicDispatcher::OnPacketComplete() {
DCHECK(false);
}
QuicServerSessionBase* QuicDispatcher::CreateQuicSession(
QuicConnectionId connection_id,
const IPEndPoint& client_address) {
// The QuicServerSessionBase takes ownership of |connection| below.
QuicConnection* connection = new QuicConnection(
connection_id, client_address, helper_.get(), CreatePerConnectionWriter(),
/* owns_writer= */ true, Perspective::IS_SERVER, supported_versions_);
QuicServerSessionBase* session = new QuicSimpleServerSession(
config_, connection, this, crypto_config_, &compressed_certs_cache_);
session->Initialize();
return session;
}
QuicTimeWaitListManager* QuicDispatcher::CreateQuicTimeWaitListManager() {
return new QuicTimeWaitListManager(writer_.get(), this, helper_.get());
}
bool QuicDispatcher::HandlePacketForTimeWait(
const QuicPacketPublicHeader& header) {
if (header.reset_flag) {
// Public reset packets do not have packet numbers, so ignore the packet.
return false;
}
// Switch the framer to the correct version, so that the packet number can
// be parsed correctly.
framer_.set_version(time_wait_list_manager_->GetQuicVersionFromConnectionId(
header.connection_id));
// Continue parsing the packet to extract the packet number. Then
// send it to the time wait manager in OnUnathenticatedHeader.
return true;
}
QuicPacketWriter* QuicDispatcher::CreatePerConnectionWriter() {
return new QuicPerConnectionPacketWriter(writer_.get());
}
void QuicDispatcher::SetLastError(QuicErrorCode error) {
last_error_ = error;
}
} // namespace net
|
