#2289 closed defect (fixed)
QUIC: RETIRE_CONNECTION_ID with invalid DestinationConnectionId
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | http/3 | Version: | 1.19.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: | nginx/1.21.4 (8703:aae8b91e0280) | ||
Description
While testing nginx QUIC functionality, nginx sent a RETIRE_CONNECTION_ID frame with Sequence: 0, using the Destination Connection ID referred to by Sequence ID 0. This is prohibited by RFC 9000 §19.16:
The sequence number specified in a RETIRE_CONNECTION_ID frame MUST NOT refer to the Destination Connection ID field of the packet in which the frame is contained.
The invalid RETIRE_CONNECTION_ID frame was received in response to the server sending two NEW_CONNECTION_ID frames, each with Retire Prior To set to 1.
QUIC Short Header DCID=0000000000000008a1d253f480c1d8e8dd75e0c0 PKN=2
Destination Connection ID: 0000000000000008a1d253f480c1d8e8dd75e0c0
Packet Number: 2
NEW_CONNECTION_ID
Frame Type: NEW_CONNECTION_ID (0x0000000000000018)
Sequence: 1
Retire Prior To: 1
Connection ID Length: 16
Connection ID: 1aa096604a4a5c26f51a9ebb38965ee7
Stateless Reset Token: d4dde1412056fbd92b1158c6502cae29
NEW_CONNECTION_ID
Frame Type: NEW_CONNECTION_ID (0x0000000000000018)
Sequence: 2
Retire Prior To: 1
Connection ID Length: 16
Connection ID: 007061a58f6a2518b98f5a5c4ad39994
Stateless Reset Token: 3c5a67af0edc63d2451994942ab932ca
nginx responds with:
QUIC Short Header DCID=98376dec4bb617de72b3ce5062d58a66 PKN=2
Destination Connection ID: 98376dec4bb617de72b3ce5062d58a66
Packet Number: 2
RETIRE_CONNECTION_ID
Frame Type: RETIRE_CONNECTION_ID (0x0000000000000019)
Sequence: 0
Since Destination Connection ID: 98376dec4bb617de72b3ce5062d58a66 is the connection ID referred to by Sequence: 0, this is not valid. The Destination Connection should be either 1aa096604a4a5c26f51a9ebb38965ee7 or 007061a58f6a2518b98f5a5c4ad39994
Here is the nginx version information:
nginx version: nginx/1.21.4 (8703:aae8b91e0280)
built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --build=8703:aae8b91e0280 --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-debug --with-http_ssl_module --with-http_v2_module --with-http_quic_module --with-stream_quic_module --with-http_v3_module --with-cc-opt='-I/boringssl/include -O0 -fno-common -fno-omit-frame-pointer -DNGX_QUIC_DRAFT_VERSION=29' --with-ld-opt='-L/boringssl/build/ssl -L/boringssl/build/crypto'
Thanks for considering this issue and let me know if you need any further information!
Change History (7)
comment:1 by , 3 years ago
| Status: | new → accepted |
|---|
comment:3 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Thanks for reporting this.
Should be fixed now by https://hg.nginx.org/nginx-quic/rev/9680f0badc95
comment:4 by , 3 years ago
| Component: | documentation → http/3 |
|---|
comment:5 by , 3 years ago
Great! Can you update https://registry.hub.docker.com/r/nginx/nginx-quic-qns?
Yes indeed, we don't check if retired id matches currently used.
What is the client?