IETF Logo Mail Archive

Re: [quicwg/base-drafts] Define requirements for handling packets (#724)

Mike Bishop <notifications@github.com> Mon, 09 October 2017 17:13 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BC4113470B for <quic-issues@ietfa.amsl.com>; Mon, 9 Oct 2017 10:13:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlpGz9gblMcc for <quic-issues@ietfa.amsl.com>; Mon, 9 Oct 2017 10:13:40 -0700 (PDT)
Received: from o1.sgmail.github.com (o1.sgmail.github.com [192.254.114.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BCDC13470E for <quic-issues@ietf.org>; Mon, 9 Oct 2017 10:13:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=G1ldyO3HfrDQ7GLN0elTB+5BB6c=; b=nz/Z2w9Y8dugpU0u +mswmf7HKAAgSDMpEZOOyywE+LdM+CDkFLhf/SH07RUhBCTr9ATlDHYaB2yNLv7m g0YKPa72ebx9bf7inpGNaBeacOwSxn78UZFWxk7lK/YKIS0g8W6YZ5e8d1Noxt9u Sai2+M9lcM4WL+eM5RjDG34Sfuo=
Received: by filter1121p1mdw1.sendgrid.net with SMTP id filter1121p1mdw1-27699-59DBAE43-1C 2017-10-09 17:13:39.791692761 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0001p1iad1.sendgrid.net (SG) with ESMTP id Cgk9Tn4rRjWIH2nhreoiMw for <quic-issues@ietf.org>; Mon, 09 Oct 2017 17:13:39.732 +0000 (UTC)
Date: Mon, 09 Oct 2017 17:13:39 +0000
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab4ccf4d9b587c2abdab2efeeabc6771e0c166622d92cf0000000115f3704392a169ce0edfdc09@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/724/review/68049232@github.com>
In-Reply-To: <quicwg/base-drafts/pull/724@github.com>
References: <quicwg/base-drafts/pull/724@github.com>
Subject: Re: [quicwg/base-drafts] Define requirements for handling packets (#724)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59dbae438d541_bf53fe6e16e6f38598f5"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2BAs5pV9bcQ5UmwbvqFiqYC49GY93RKHMKTh vV/AiX7E+cPmUXdUxCfoLiQyrDaFvoM6ymZQgYwwEIL+eHLFTaBl7xP0yQtnPNT1aJd57BKslP+0Pr HnWh/e3nGMCMjH3hVMRIESoGZQ5CV8A2k02cZ/qEVm92/wDPWvTLqzoNO4BEwQk88zaV1G8PO5OZ2Q I=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3w_IB2gL0ax5vQbpJy6QohVCvHg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 17:13:43 -0000

MikeBishop commented on this pull request.

I see a few corner cases on another read-through, but it's looking good.  Let's land this soon.

> +
+Buffering ensures that data is not lost, which improves performance; conversely,
+discarding these packets could create false loss signals for the congestion
+controllers.  However, limiting the number and size of buffered packets might be
+needed to prevent exposure to denial of service.
+
+For clients, any packet that cannot be associated with an existing connection
+SHOULD be discarded if it not buffered.  Discarded packets MAY be logged for
+diagnostic or security purposes.
+
+For servers, packets that aren't associated with a connection potentially create
+a new connection.  However, only packets that use the long packet header and
+that are at least the minimum size defined for the protocol version can be
+initial packets.  Unless the server is buffering 0-RTT packets, a server MUST
+discard packets that cannot be associated with a connection if they use the
+short header form, or they are smaller than the smallest minimum size for any

Doesn't this rule out the very case Stateless Reset is intended for?  Can't be associated with an active connection, short header, but includes the Connection ID.

> +diagnostic or security purposes.
+
+For servers, packets that aren't associated with a connection potentially create
+a new connection.  However, only packets that use the long packet header and
+that are at least the minimum size defined for the protocol version can be
+initial packets.  Unless the server is buffering 0-RTT packets, a server MUST
+discard packets that cannot be associated with a connection if they use the
+short header form, or they are smaller than the smallest minimum size for any
+version that the server supports.
+
+This version of QUIC defines a minimum size for initial packets of 1200 octets.
+Versions of QUIC that define smaller minimum initial packet sizes need to be
+aware that initial packets will be discarded without action by servers that only
+support versions with larger minimums.  Clients that support multiple QUIC
+versions can avoid this problem by ensuring that they increase the size of their
+initial packets to the largest minimum size across all of the QUIC versions they

Side-note which may not require a change:  If the server and client have any overlap between versions, this will work.  If they don't have any overlap between versions, however, this potentially leads to a connection time-out rather than a VN exchange and immediate conclusion that there's no overlap.

Consider the case where the minima of the versions supported by the client are (1040,680,256), and the minima of the version supported by the server are (1280,1280,1600).  Even following this advice, the server will always ignore the client's Client Initial packets, and the client will ultimately time out.

I'm not sure we need to fix this, given that otherwise we risk spewing VN packets in response to random noise.  However, we might want to be clear that this isn't guaranteed to avoid the problem.

>  
-When the client receives a Version Negotiation packet from the server, it should
-select an acceptable protocol version.  If the server lists an acceptable
-version, the client selects that version and reattempts to create a connection
-using that version.  Though the contents of a packet might not change in
+When the client receives a Version Negotiation packet, it first checks that the
+packet number and connection ID match the values it sent in a Client Initial
+packet.  If this check fails, the packet MUST be discarded.

Another potential timing issue:  Client sends Client Initial + 0-RTT data.  Client Initial is lost in transit.  Version Negotiation comes back responding to 0-RTT packets because the server only received those.  Per the current text, it MUST ignore the server's VN packets until it has retransmitted the CI and gotten *that* VN packet.  Hopefully rare, since if you're doing 0-RTT you're unlikely to use an unsupported version -- but not impossible.

Maybe we should simply say "match the values it sent in a packet on this connection"?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/724#pullrequestreview-68049232

v2.35.0 | Report a Bug | By Email | System Status