IETF Logo Mail Archive

RE: Need your help: different connection IDs in the same datagram

Mike Bishop <mbishop@evequefou.be> Wed, 15 July 2020 20:42 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269C43A0FCD for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 13:42:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6zE-UrDOcXU for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 13:42:49 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2106.outbound.protection.outlook.com [40.107.223.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E50A33A0FC2 for <quic@ietf.org>; Wed, 15 Jul 2020 13:42:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g3SxjcJW3E1eqGO+vnxENu9VLoiSiXxbqRT9YsyiMfY2MzsUiOqDBTk6tqkxwNeBBRVX78yjkVAThAIqeT6vMZ2T2eh+1MDEZw3DlrXHzzkO7QWLOfa9Gm8TttXT59FV+k0JJmwvwhLNYjLN2iVhQoHMVCcbPYBVB1PkUvjRYGrv12SmaOkgBLxuTM0sCR7lVMUDiifoZWCRZy4DfLrWdr7/mDwXwtHLiFKwA/GFBg3hvGr57nnw3eaXlK7nlRJ7RhxoP50Tjf+qti9leZyPvxxzy97z80rZymzB5fagn2rNaSCJHTEP8Hhz6UM3Nc40lSUvDhtLZYWPzv+wiTn3FQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S62Q9od9rIYEaQRs9Y82CvCfWqiFyok17jWBi0sPQ50=; b=MPDg5KScq55pzTNoz0dX0pbPy/PM3R12Mpg+lr+FNDQq2Dk5yH7KA2iTvKA9di2TcJPwyQLAZoCydqPx3RZn2TRt3WuDeuNzsqWK/fovpLG7MiOjGNU/qM1P2AfBssvEO7uoh2dU7Nm0VZpNIv1kU7cbOuuE5Hinojkb0GK4F1I7CKYpaggfOXKC5m5W2Vyrccwjob3Iod1gVd+iBGTAvTAvifyVcgL7cLIhD8P2vA+CNLZKXjqbQKMzdXUZhbYlX3+huevkRbJJcdSH81ymZ5MdtWXOtRJORLa9a3oeQxVPMqDgQrXtdhTuj0ETCesNmTuNRkQvGho2SfMihcuPbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S62Q9od9rIYEaQRs9Y82CvCfWqiFyok17jWBi0sPQ50=; b=kMedKzxFSmyrq6wMtkBjEiGFpQGR5y8hL9k2iISgPvfD1gST5kQxjBY6qCH9+efZxRfslna+mT1XWA1fObDmSDX1rOTzpSPMnDbkGWclVkn7XmAxweIcZu83IBpWGp1KRaXSUygpVqSZDVAXUFGcMXE10pQyuN9P9s5khXdY+xA=
Received: from CH2PR22MB2086.namprd22.prod.outlook.com (2603:10b6:610:8c::8) by CH2PR22MB2071.namprd22.prod.outlook.com (2603:10b6:610:5d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20; Wed, 15 Jul 2020 20:42:47 +0000
Received: from CH2PR22MB2086.namprd22.prod.outlook.com ([fe80::60f5:29ae:6155:6d7e]) by CH2PR22MB2086.namprd22.prod.outlook.com ([fe80::60f5:29ae:6155:6d7e%9]) with mapi id 15.20.3195.018; Wed, 15 Jul 2020 20:42:47 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, Martin Thomson <mt@lowentropy.net>, IETF QUIC WG <quic@ietf.org>
Subject: RE: Need your help: different connection IDs in the same datagram
Thread-Topic: Need your help: different connection IDs in the same datagram
Thread-Index: AQHWWnkETiF/3SJtf026OFd9pU5BcqkI70YAgAAYswCAAAvogA==
Date: Wed, 15 Jul 2020 20:42:47 +0000
Message-ID: <CH2PR22MB20861D3BEA06EE61AA882245DA7E0@CH2PR22MB2086.namprd22.prod.outlook.com>
References: <ae21cc02-3357-40c8-a1e9-3966fdf575a5@www.fastmail.com> <20200715180231.GB9808@lubuntu> <CAKcm_gPfc3sFy0kuyTzUFk2XFMZ8NdXTd7CuNf0o0v+RXDG=xg@mail.gmail.com>
In-Reply-To: <CAKcm_gPfc3sFy0kuyTzUFk2XFMZ8NdXTd7CuNf0o0v+RXDG=xg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=evequefou.be;
x-originating-ip: [72.49.212.17]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ebfc8414-3479-4dea-234b-08d828ffa204
x-ms-traffictypediagnostic: CH2PR22MB2071:
x-microsoft-antispam-prvs: <CH2PR22MB20715DB26DFC13300F5B009EDA7E0@CH2PR22MB2071.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tsrS7Stbxu7PVtrD0lSdBZB/SjB8ClErfZrqF1g+9lDUjyZ5fHAmmwSr3kTKySf/2mACDfBwRVx4/zDuhkeoY0zOSQMs7p1E7sC8qcn+9S5fVMDV2PubxBs/7yqjBqN3zXagN6/EuzKxp/cUDoJpdK3dsezVc8HtGDv2qyfuF/uVXfPwhhNWIxGh48lBCVcdCms7/9Gkpob49FMj1fpLvf03daZwjx5i2QmU0/rpFzKuckuplAZWMFr4zhsnbQ1n5fwBwF0RkwluE1J3azpn/ETcXDT40ugcT8Wc6txD9X5Bc08KqJXMVhCqSwCm1nOtchjNBTBpkVPeh0YcSVbWZ3zpl2htIhGRtGEJ+32JhyqPBGaq8qa8OSMqHaouGWvZPwtlMSL2litfxOarUPfodYacYaRb8XgMovK64x30iyuGemQQR3mggZVKmATYSipZh2CPtLpNh718yPRHVtXXTw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR22MB2086.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(376002)(366004)(396003)(136003)(39830400003)(5660300002)(33656002)(53546011)(55016002)(83380400001)(508600001)(9686003)(6506007)(110136005)(7696005)(76116006)(66946007)(66476007)(64756008)(71200400001)(26005)(66556008)(966005)(8676002)(86362001)(52536014)(186003)(166002)(2906002)(8936002)(316002)(66446008)(151803002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: p/kKqjV8hjbA8eSPgVTgDRGLUZykrUeMMxHXVRbCLpFm3HIFzhxT95frYZQXKWPfVMmuRPS82/Y4n4J2pdBMismVbQO26A3OMM1PBLm45wQTNTM2/iEK9WfFkDmHccviN/MMtchFBXUynZu/pk/CErwOl4P5HuEPLmEBjDU3YKJ2/F78eT1HItbO/koy7Fh5YD6EOvgrX1xTc7Zzvf6qP5pIxZFXQ8BU0+fI0+JcKH9GJvALOhJl/SUgOIQYyd/Kogn2ha33poU/5pxugXK27RQ4kO4pTIKem/A9apLscQ+tev3POj3LELTCAkdcxHH/WBLjE9iuQztQ9bCwjwhRo6640JzFj498aVJGX59sKfgegy4jEOWTfCmJyJaZhZC3Z2Cc6hXMiCH7Q7N2X0q/XUUER18WoDfspMCul+kMJn7yHcBNSrrtUkjlHc56DcRXLwX+iDvrUYLtAY6FRR1YMyEeGGxFm+pRHK1AbfRRP6w=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CH2PR22MB20861D3BEA06EE61AA882245DA7E0CH2PR22MB2086namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR22MB2086.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ebfc8414-3479-4dea-234b-08d828ffa204
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2020 20:42:47.2040 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UZ+maGcetyBRo6jJZLsPzqQ09ovDgrZTY07smTMBHglE9zYpHnpTRNHpF5UcYO5W/T1tY/PufpcTGCHmcoO3xw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR22MB2071
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/quOshGzKbYQof09SQfILImAjiI8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 20:42:51 -0000

Fundamentally, I think there has to be a change, because we currently have an inconsistent mandate – mixed-CID packets are acceptable to send, but SHOULD be dropped on receipt.

First, there’s the privacy argument, in that the CIDs in the same datagram will become linked to external observers.  I think Marten has already argued convincingly why this will be rare during a typical handshake; Christian and Kazuho have argued that a privacy-sensitive implementation will need to do a CID jump once the handshake is confirmed, at which point you’re mostly not coalescing packets anyway.  So this is a mild argument for not mixing, but I don’t think it’s dispositive.

Second, the implementation arguments appear to boil down to two camps:

  *   Implementation X generates packets independently, then packages them into datagrams.  Since all packets waiting for packaging are from the same connection, there’s currently nothing to check to see whether they’re allowed in the same datagram.  Requiring the CIDs to match would require a new check and a code path for not coalescing packets in certain cases.
  *   Implementation Y consumes packets within a datagram independently, so the validation has to be done at the datagram level before doing any packet-level activities.  A requirement that can be evaluated solely on the contents of the datagram, independent of any connection state, is more efficient.

Of these two, I currently find the latter slightly more persuasive.  The first is a check that can be done between packets without needing to access any connection state, and there are already presumably code paths for handling when a waiting packet can’t go in the datagram currently being constructed (e.g. it’s too large to fit the remaining MTU).  However, I’m sure someone with such an implementation could tell me why it’s more complicated than that.  😊

Neither of the resolutions seems more technically correct than the other; we just need to pick one.

From: QUIC <quic-bounces@ietf.org> On Behalf Of Ian Swett
Sent: Wednesday, July 15, 2020 3:31 PM
To: Martin Thomson <mt@lowentropy.net>; IETF QUIC WG <quic@ietf.org>
Subject: Re: Need your help: different connection IDs in the same datagram

I don't think this change would be difficult for our implementation, but I also don't see it as necessary.  Given where we are in the process, that alone argues for not changing it I believe.

On Wed, Jul 15, 2020 at 2:02 PM Dmitri Tikhonov <dtikhonov@litespeedtech.com<mailto:dtikhonov@litespeedtech.com>> wrote:
On Wed, Jul 15, 2020 at 05:23:57PM +1000, Martin Thomson wrote:
> There has been some opposition to the proposed resolution in PR 3870.
>
> Apparently, for some, having multiple connection IDs in the same
> datagram complicates processing.  I don't understand this objection.
> It seems to me more difficult to retain state across packets than it
> is to process each atomically.  I was hoping that Christian or Nick
> can explain more about how this affects them.

I can provide an example from lsquic.  The datagram is parsed into
QUIC packets in one function, lsquic_engine_packet_in():

  https://github.com/litespeedtech/lsquic/blob/v2.18.1/src/liblsquic/lsquic_engine.c#L2781L2816

Each QUIC packet is processed by process_packet_in(), where a
connection is looked up:

  https://github.com/litespeedtech/lsquic/blob/v2.18.1/src/liblsquic/lsquic_engine.c#L1352L1360

The DCID check is performed lsquic_engine_packet_in(), before
process_packet_in() is called:

  https://github.com/litespeedtech/lsquic/blob/v2.18.1/src/liblsquic/lsquic_engine.c#L2793L2806

The DCID information is readily available in the datagram parsing
loop, while connection information is not.

For lsquic to support the proposed change, it would have to remember
the current connection and then query it whether it is indeed the
owner of the next DCID (A) or look up DCID in the global hash (B):

    conn = NULL;
    while (quic_packet = parse_udp(pointers)) {
        dcid = parse(quic_packet);
        if (conn)
        {
  #if VARIANT_A
            if (!conn_owns_scid(conn, dcid))
  #else
            if (conn != lookup_by_dcid(dcid))
  #endif
                continue;
        }
        conn = process_packet(quic_packet);
    }

Not that it could not be done, of course, but it is both extra work
to modify lsquic and a more inefficient mechanism: what was a simple
CID comparison is now a hash lookup.

That's why I argued [1] for having solid rationale behind the change
rather than a personal preference.

  - Dmitri.

1. https://github.com/quicwg/base-drafts/issues/3800#issuecomment-656851626

v2.23.0 | Report a Bug | By Email