Re: Use of zero-length connection IDs and NAT rebinding resilience
Christian Huitema <huitema@huitema.net> Sun, 04 August 2024 23:34 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7998BC14F609; Sun, 4 Aug 2024 16:34:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.904
X-Spam-Level:
X-Spam-Status: No, score=-6.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4KR1_V1FyFei; Sun, 4 Aug 2024 16:34:46 -0700 (PDT)
Received: from semf10.mfg.siteprotect.com (semf10.mfg.siteprotect.com [64.26.60.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83BE3C14F605; Sun, 4 Aug 2024 16:34:43 -0700 (PDT)
Received: from smtpauth01.mfg.siteprotect.com ([64.26.60.150]) by se03.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1sakkH-004iYq-5Q; Sun, 04 Aug 2024 19:34:41 -0400
Received: from [192.168.1.104] (unknown [172.56.168.245]) (Authenticated sender: huitema@huitema.net) by smtpauth01.mfg.siteprotect.com (Postfix) with ESMTPSA id 4WcbWb67BKz1627GL; Sun, 4 Aug 2024 19:34:35 -0400 (EDT)
Message-ID: <13977c9e-3539-4bf9-a268-e45c8e92a404@huitema.net>
Date: Sun, 04 Aug 2024 16:34:35 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Use of zero-length connection IDs and NAT rebinding resilience
To: Cameron Steel <ietfquic=40tugzrida.xyz@dmarc.ietf.org>, quic@ietf.org
References: <bef28311-83d0-4aff-bce2-81fc14e58a20@app.fastmail.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <bef28311-83d0-4aff-bce2-81fc14e58a20@app.fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.150
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.32)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9KwwvX2Z7FbF9dvrOs/5S1PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x22GFHx6EINOfz/cYcn1xQRve7GGTjY6/LByMRA9ldd8we zNAtHeV2uihR9qZ4QThyeqmTlV4XfFHiQXqJXBG1QaXPwIlI4yu/PH1NWDdGRX50dV0WJMH+BFIQ 7m2cdwhTtObPqIqeRAv2CqzEPfjvYZRcURVBmcDYlDOKFkMqq/yII65Z0XIOMUrLa2CcyZBxW3P/ IMWFowfjK3QRBO8rgVH8WDMxz39bK4QKZJBENfF+Ml+kJYLinvX3sBSsNYV8K4EgtgsN2Ij6q4Ui 0HC+e8vSsjIbPnUTgpxdKljNk5ejYL7xBX4fzVCeo0ak3t+RqlQE9b1hXhIRJ1bJW0V1UYfuzJ1m 8O31zlHQ8Dw4NmzfO6ib3rryOBZGk86Mee08mLcalnjSTRoh876kadMCdA4PSvr8BodmIS11My0y WKmWFZRUl3tsaRRXJC7m84uImeWQPPXGnwKsTPlbyc2/5YE5enyccp7RH4WQio3uGc8BIbNdzKx5 H/rlOeifE9nhP++RWF4IPExN6RiIqObDnevugAfZhKUV+b8uu1sA43oSKlHMxVnkurBPHtW+f1JA YOMrzJ+TAQHcCbm2q4v4TkL+yglBKSP/PNDczCP29BSKBT8lqBfDyevJx7W+x6O3NL4CgvAHjOTW 0i82fIBoB5hQ6nsDvccjqgmDvD9Wh4gcssnzWKvOncORXmmqZ8q6VE3QZJCaewo7xkix14kmQif5 NiaPmZ+LPXFiVmtBqljeE78lfb4KWMWZ5X6IibCcnauEVCZnh/vLvnLbVkcUK2MFAP07uspFFclo xsOwD1XvGhuag7ndEFRMxvugNQu0qrvKASxJ2TukQm+mEuK0l9UvxdUuxhgy1UgE7lWmoz+Yd/wu 8Swd9g8mAWxBwrHDqcigOvSxdRnthmhn8Zn6FpKQ483wl8TA/w4b2gQew3wrgSC2Cw3YiPqrhSLQ cL7c0/kZ0pqO708O+kZI8ghbs6sY0pavFEI00iqY1vuAosQzN6sl9Br1QBgqyARXyn5M3CX+EMng eOWzKGDI8fge0+QBPq9LIQ2BaG34/hqZrUe3eAlqUrf7Jv4GIZjXCEg=
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Message-ID-Hash: XTFYIPNW5RT2HURZD3TBLM3IBBDRRDMR
X-Message-ID-Hash: XTFYIPNW5RT2HURZD3TBLM3IBBDRRDMR
X-MailFrom: huitema@huitema.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-quic.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/C7Oxszbcm6KqJP4BZjiItWxhhac>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Owner: <mailto:quic-owner@ietf.org>
List-Post: <mailto:quic@ietf.org>
List-Subscribe: <mailto:quic-join@ietf.org>
List-Unsubscribe: <mailto:quic-leave@ietf.org>
On 8/4/2024 3:37 PM, Cameron Steel wrote: > Hi QUIC experts, > > I've just completed a writeup of an issue I was experiencing with websites using QUIC through my ISP's CGNAT. In short, the issue was due to the CGNAT having a rather short UDP timeout of 20 seconds, in combination with the fact that Google Chrome seems to use zero-length connection IDs, which prevents connection migration. > > In the process of checking the behaviour I was observing against the QUIC RFCs, I came across a few oddities that I'd like to bring up: > > Both RFC 9000 and 9308 fairly plainly state that connections using zero-length IDs will not be resilient to NAT rebinding, however RFC 9000 section 5.1.1 does have this passage which vaguely implies that multiple network paths are possible with zero-length IDs: > >> An endpoint that selects a zero-length connection ID during the handshake cannot issue a new connection ID. A zero-length Destination Connection ID field is used in all packets sent toward such an endpoint over any network path. > > As this is only implied the once that I can find, I'm assuming it's just ambiguous wording and that the intended behaviour is what I observed, that connection migration is not permitted when using a zero-length connection ID. It is a bit more complicated than that. First, let's get the naming right. "Connection migration" describes a voluntary action in which the client tries to reach the server using a different 5-tuple and a different connection ID. What you are encountering here is "NAT Rebinding", i.e., the effect of an uncoordinated decision by the NAT to forget the binding between the 5-tuple used by the client and the "external" 5-tuple. After the NAT rebinding, all packets sent by the server to the old 5-tuple will be lost: there is no mapping for that and packet are dropped by the NAT, or maybe the mapping has been reused for a new client and packet are dropped by that client because they cannot be decrypted. The solution is for the server to somehow learn the new value of the client's 5-tuple. It can only do that by receiving packets from the client. All the packets sent after the NAT rebinding and before a new packet is received by the client will be lost, whether connection IDs are used or not. For example, if the application pattern is to send a request, then wait some long time before the server replies, the long wait will increase the risk of NAT rebinding, and the eventual response of the server will be lost. If the traffic is series of HTTP GET triggering immediate responses, there is hope. The server could learn the new 5-tuple when receiving the GET command. But it needs to associate the arriving packet with the old connection, and it can only do that if the old packet carries a connection ID. > > Given that, I'd be very curious to hear any insight into why Chrome has chosen not to use connection IDs. NAT Traversal will work if connection IDs are used in the client to server direction. I was under the impression that Chrome uses 0-length CID in the server to client direction, but Google servers use 8 bytes CID in the client to server direction. If that's the case, NAT rebinding should work. > If anyone is interested in reading my full writeup, you can find it here: https://blog.tugzrida.xyz/2024/08/04/too-quic-for-chrome-troubleshooting-udp-nat-rebinding/ Can you attach some kind of packet log so we can see what is really happening? QLOG would be great. -- Christian Huitema
- Use of zero-length connection IDs and NAT rebindi… Cameron Steel
- Re: Use of zero-length connection IDs and NAT reb… Christian Huitema
- Re: Use of zero-length connection IDs and NAT reb… Martin Duke