Opened 10 months ago
Closed 10 months ago
#2516 closed defect (invalid)
Connection is not getting closed when ngtcp2 is sending multiple settings frames
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | http/3 | Version: | 1.25.x |
| Keywords: | Cc: | ||
| uname -a: |
root@ubuntu:/tmp# uname -a
Linux ubuntu 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux |
||
| nginx -V: |
root@ubuntu:/tmp# nginx -V
nginx version: nginx/1.25.1 built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.1/debian/debuild-base/nginx-1.25.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' root@ubuntu:/tmp# |
||
Description
i am trying to run ngtcp2 and nginx server.
I am anaylzing pcap and i have noticed multiple settings frames in pcap which is sent by ngtcp2 client to nginx server but nginx not closing the connection.
As per RFC
"SETTINGS frames always apply to an entire HTTP/3 connection, never a
single stream. A SETTINGS frame MUST be sent as the first frame of
each control stream (see Section 6.2.1) by each peer, and it MUST NOT
be sent subsequently. If an endpoint receives a second SETTINGS
frame on the control stream, the endpoint MUST respond with a
connection error of type H3_FRAME_UNEXPECTED."
RFC link https://datatracker.ietf.org/doc/rfc9114/
Attached pcaps
Attachments (5)
Change History (12)
by , 10 months ago
| Attachment: | nginx_quic_seett.jpg added |
|---|
by , 10 months ago
| Attachment: | ngtcp2_client_eth2.pcap added |
|---|
by , 10 months ago
| Attachment: | ngtcp2_client_keys_eth2.log added |
|---|
by , 10 months ago
| Attachment: | nginx_server_eth2.pcap added |
|---|
comment:2 by , 10 months ago
What makes you think nginx experiences such behaviour?
Please send the relevant debug log.
comment:3 by , 10 months ago
| Priority: | critical → minor |
|---|
comment:4 by , 10 months ago
please check the pcaps and image i have attached
you might get some info
Open pcap ngtcp2_client_eth2.pcap and load ngtcp2_client_keys_eth2
in wireshark search with (quic) and (http3.frame_type == 0x0000000000000004) this filter.
you will notice packet 67,68 and 83,84 are the settings frames
as per RFC
SETTINGS frames always apply to an entire HTTP/3 connection, never a
single stream. A SETTINGS frame MUST be sent as the first frame of
each control stream (see Section 6.2.1) by each peer, and it MUST NOT
be sent subsequently. If an endpoint receives a second SETTINGS
frame on the control stream, the endpoint MUST respond with a
connection error of type H3_FRAME_UNEXPECTED.
comment:5 by , 10 months ago
We have analyzed the logs. It looks like there was a packet loss (which is normal), after which the first 18 bytes of control stream containing the SETTINGS HTTP/3 frame were retransmitted a few times. So while several UDP datagrams contain the same 18 bytes, they are only processed once.
Here's the relevant line in log:
*7 quic frame rx app STREAM id:0x2 len:18
comment:6 by , 10 months ago
oh,sorry guys
my bad.
I would have checked this log before opening a ticket here.
anyway Thank you for checking and letting me know.
Please feel free to close the ticket
comment:7 by , 10 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
ngtcp2 command i have used
/home/vagrant/quic_services/ngtcp2/examples/client --download=/tmp/ --exit-on-all-streams-close --disable-early-data 172.16.3.2 8443 https://172.16.3.2:8443/test.pdf