IETF Logo Mail Archive

Re: [quicwg/base-drafts] HTTP/3 references QUIC Stream IDs directly, allowing illegal references (#3273)

Kazuho Oku <notifications@github.com> Fri, 06 December 2019 01:16 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B73212004D for <quic-issues@ietfa.amsl.com>; Thu, 5 Dec 2019 17:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ngwe1G8gTKik for <quic-issues@ietfa.amsl.com>; Thu, 5 Dec 2019 17:16:38 -0800 (PST)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BAD912004C for <quic-issues@ietf.org>; Thu, 5 Dec 2019 17:16:38 -0800 (PST)
Received: from github-lowworker-2e54e43.va3-iad.github.net (github-lowworker-2e54e43.va3-iad.github.net [10.48.17.27]) by smtp.github.com (Postfix) with ESMTP id 68FAEA04D6 for <quic-issues@ietf.org>; Thu, 5 Dec 2019 17:16:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575594997; bh=whS2iKTfqI6xcO+DBnvwQZAdmJcqKJv/7RruHllx4/o=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=vJIEnB4k3Rv9wjCZVaCwRizrVX3SCYUs+zsiRSxYMI9Hzgz1NVzmYOdSoat8mMHzZ gJaaq7Efcq2Saalgm4LztCOxJ2IOHwrSPzuhbADzAI+Oqv1MJdvyFOfSEv6Od6ZJC6 trbHMs9adEoiDLxu4vWGYDSkzhXFYT3cp8TnNrR4=
Date: Thu, 05 Dec 2019 17:16:37 -0800
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK3D6FNVTU3SVEM7ON5363PHLEVBNHHB64UA7U@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3273/562389672@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3273@github.com>
References: <quicwg/base-drafts/issues/3273@github.com>
Subject: Re: [quicwg/base-drafts] HTTP/3 references QUIC Stream IDs directly, allowing illegal references (#3273)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5de9abf5596bb_22633fe5320cd968829f5"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3RLVZgGR8hH2ICjdgN2hD7JMJ-o>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 01:16:40 -0000

@martinthomson I'm not sure if the logic is correct. It is my understanding that the server need to set GOAWAY.stream_id to the largest request stream ID it has processed, __added by 4__.

This is because the rules are:
* The GOAWAY frame indicates that client-initiated requests on lower stream IDs were or might be processed in this connection, while requests on the indicated stream ID and greater were rejected ([section 5.2](https://quicwg.org/base-drafts/draft-ietf-quic-http.html#name-connection-shutdown)).
* It carries a QUIC Stream ID for a client-initiated bidirectional stream encoded as a variable-length integer ([section 7.2.6](https://quicwg.org/base-drafts/draft-ietf-quic-http.html#name-goaway)).

@LPardue My point is that the specification requires a server to send an stream ID it has never seen, when there are no requests inflight.

I thought that it would be good to use as an example the case where no requests have ever been sent, and that the spec has to call out what should happen in that particular case is a leak.

But that might not have been the best example. Maybe I should have given the example when one request is exchanged then the server idle-timeouts. In such case, GOAWAY.stream_id is expected to be 4, which is a stream ID that the server has never seen.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3273#issuecomment-562389672

v2.23.0 | Report a Bug | By Email