Error code cleanup
Martin Thomson <martin.thomson@gmail.com> Mon, 24 April 2017 04:41 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B13E126CF6 for <quic@ietfa.amsl.com>; Sun, 23 Apr 2017 21:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33yHGa7rXowg for <quic@ietfa.amsl.com>; Sun, 23 Apr 2017 21:41:33 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 509EA126BF0 for <quic@ietf.org>; Sun, 23 Apr 2017 21:41:33 -0700 (PDT)
Received: by mail-lf0-x22e.google.com with SMTP id c80so67287209lfh.3 for <quic@ietf.org>; Sun, 23 Apr 2017 21:41:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=rrCRAtC/+6bi3BpxaZ6x9f+swNq5wQuTFU2SYBeFU3s=; b=lpiLVSk9LbYUMAgTNApJjRlDD2hbcrQP3HkVc4ohBTz45G/pXV4SdCg/pZqUqTJq/N 2iRlbe78oQsSqjDtKcVqeN4+uu77QBZ5CifmSIXfwN0qgSWPsZGSCa8EtKyMwPB05FbC K7OECM7SWujDllrKyfu9FFFbzqXlqtH0lJodZP2BnCiQI+2HgpDyEb8IVn9+6KiVWJcb 5a8anP4rY9y1bVk/pQeos54MfAh7cr59eUNY8wPDrHop3/KyjWHmnfNfh40DfyEXDGpD 7D2Fvyb/bmXqiwO/EsZ/ME+fG+U7qnlCdLYGUja8rXf5YB1CVthmUsNRVIss6dzsrkeE iHYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rrCRAtC/+6bi3BpxaZ6x9f+swNq5wQuTFU2SYBeFU3s=; b=anrr6E9TRg35OyvVrIhHDYYLT3w32sL3nq95pZdnSeSdfrv+oUQJjOtBooSwuwGRP2 bWXDxtan6O9JWTFbcQ0kErZ57Oh3VjHu4tfHtls/Uhmt+hNOi2qQmjTIiDkIuQuVJqHr 9URkBwiYxfY6oiaAbl3zmLRX+JEJakUaETZmJH+2GZ0WXZOF/wwXn1xvhzPkLNX3EAmp o0dCfkqses2nHFFr9MyXT0k4x6MAbsufJ4JkoruLE6SW21ubtsbbapcpp/EaEGjQZ7Cy VFcojKoHU0S47OOHt2JZRpgBVKxd1bBELooYEoZKhoXioLT22Rn6K3Jb03Zdz6yywWEd C/iQ==
X-Gm-Message-State: AN3rC/7S8Y8nXlpdX2MkPbuFm36iYOjJRzRJZSM2ZWlFNQfCbtOckI8u oDg3PlJRso0iLerIa64gZqduC7/JMBHq+Yk=
X-Received: by 10.46.75.2 with SMTP id y2mr8736740lja.103.1493008891252; Sun, 23 Apr 2017 21:41:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.83.2 with HTTP; Sun, 23 Apr 2017 21:41:30 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 24 Apr 2017 14:41:30 +1000
Message-ID: <CABkgnnXKrqPv58paGS2AoNs7vkSG0mXVCNdffh7EFJB-EeVh3g@mail.gmail.com>
Subject: Error code cleanup
To: QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/xJ5Rr1_N6JI1DT1S7z77G0nZG2Y>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 04:41:35 -0000
The TLS and HTTP drafts now have some nice error code lists. And by nice I mean short and precise. Each error code is justified and most either point to a distinct reaction or a distinct cause (the latter I'm less enthusiastic about with HTTP, but that is just a quibble). I've been working on fixing error codes for the transport. Here's what I'm going to propose for the breakdown of error codes in the transport piece. I won't name these yet, there are reasons to parallel codes in the HTTP spec. Some of these might be broken down finer into codes that identify specific causes, but I might push back on doing that too aggressively. I have 13 codes here. TLS has 3, HTTP has 17 (which I think is too high, but what do I know). We might want to discuss reducing the size of the error code space a little at some point. I went through the existing codes and all are either invalid or covered here - as far as I can see. Clearly, this is still early enough that there might be new codes added, but I think that the above list is close enough. I plan to write this up during this week. I'm sharing this in the hopes that someone might help by correcting any mistakes that I've made. # internal errors * this error was my fault, probably a bug or resource issue on my end that means I can't continue I don't think that we want to highlight the difference between different internal errors here lest we provide instructions on how to trigger DoS or bugs. Having just one code in this category seems right. # errors that aren't errors * this isn't an error (in case we use one of the error messages to signal close) * this isn't an error, you asked me to generate this error (for the case where RST_STREAM causes RST_STREAM to be sent, or for the proposed DISINTEREST frame) * this isn't an error, I just don't want this stream any more (the general form of the cancellation request) # errors that are protocol violations * you did something wrong, but nothing specific was appropriate (this is a general catch-all error code for use when other protocol violations aren't appropriate) * you send me more data than I allowed (flow control) * you opened a stream before I said you could use it (streams) * you sent a frame on a stream that was in a state that doesn't allow that * you sent data on a stream past the final data offset, or you seem to have moved the final offset * you sent a badly-formatted frame (this includes things that have bad lengths primarily; I think that includes an empty STREAM with no FIN flag; the range of errors here doesn't really seem to justify an error code per frame type) * your transport parameters were invalid * the version negotiation fields in your transport parameters don't match with my understanding of what we did during version negotiation, IT'S AN ATTACK! (this could have been part of transport parameter validation, but the fact that this is an attack rather than just a screwup is a good reason to use a different code) # errors that aren't protocol issues violations, but they need a signal anyway * enhance your calm (this is the name we used in h2 to signal all sorts of cases where an endpoint could tell the other side to cool off a little, this usually includes activity that might look like a DoS attack, but it might also be sent to clients who are behaving themselves if the server is feeling under the weather) # errors that I don't think need codes (yet) * receiving a packet that contains no payload, even if it can be authenticated (implementations should just discard these without even trying to decrypt them) * an attempt to close stream 0 (use the generic code) * receiving a packet that is too big (we haven't actually got any text imposing limits on packet size; in theory the maximum size remains at the UDP maximum; we do have issue #383 which we to add a code if we decide to do anything)
- Error code cleanup Martin Thomson
- Re: Error code cleanup Roy T. Fielding
- Re: Error code cleanup Martin Thomson
- Re: Error code cleanup Martin Thomson