#2516 closed defect (invalid)

Connection is not getting closed when ngtcp2 is sending multiple settings frames

Reported by: Karthikdasari0423@… Owned by:
Priority: minor Milestone:
Component: http/3 Version: 1.25.x
Keywords: Cc:
uname -a: root@ubuntu:/tmp# uname -a
Linux ubuntu 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: root@ubuntu:/tmp# nginx -V
nginx version: nginx/1.25.1
built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.1/debian/debuild-base/nginx-1.25.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
root@ubuntu:/tmp#

Description

i am trying to run ngtcp2 and nginx server.

I am anaylzing pcap and i have noticed multiple settings frames in pcap which is sent by ngtcp2 client to nginx server but nginx not closing the connection.
As per RFC
"SETTINGS frames always apply to an entire HTTP/3 connection, never a

single stream. A SETTINGS frame MUST be sent as the first frame of
each control stream (see Section 6.2.1) by each peer, and it MUST NOT
be sent subsequently. If an endpoint receives a second SETTINGS
frame on the control stream, the endpoint MUST respond with a
connection error of type H3_FRAME_UNEXPECTED."

RFC link https://datatracker.ietf.org/doc/rfc9114/

Attached pcaps

Attachments (5)

nginx_quic_seett.jpg (287.3 KB ) - added by Karthikdasari0423@… 17 months ago.
ngtcp2_client_eth2.pcap (628.4 KB ) - added by Karthikdasari0423@… 17 months ago.
ngtcp2_client_keys_eth2.log (760 bytes ) - added by Karthikdasari0423@… 17 months ago.
nginx_server_eth2.pcap (628.3 KB ) - added by Karthikdasari0423@… 17 months ago.
nginx_logs (723.8 KB ) - added by Karthikdasari0423@… 17 months ago.
logs

Change History (12)

by Karthikdasari0423@…, 17 months ago

Attachment: nginx_quic_seett.jpg added

comment:1 by Karthikdasari0423@…, 17 months ago

ngtcp2 command i have used
/home/vagrant/quic_services/ngtcp2/examples/client --download=/tmp/ --exit-on-all-streams-close --disable-early-data 172.16.3.2 8443 https://172.16.3.2:8443/test.pdf

Last edited 17 months ago by Karthikdasari0423@… (previous) (diff)

by Karthikdasari0423@…, 17 months ago

Attachment: ngtcp2_client_eth2.pcap added

by Karthikdasari0423@…, 17 months ago

Attachment: ngtcp2_client_keys_eth2.log added

by Karthikdasari0423@…, 17 months ago

Attachment: nginx_server_eth2.pcap added

comment:2 by Sergey Kandaurov, 17 months ago

What makes you think nginx experiences such behaviour?
Please send the relevant debug log.

comment:3 by Sergey Kandaurov, 17 months ago

Priority: criticalminor

comment:4 by Karthikdasari0423@…, 17 months ago

please check the pcaps and image i have attached
you might get some info

Open pcap ngtcp2_client_eth2.pcap and load ngtcp2_client_keys_eth2
in wireshark search with (quic) and (http3.frame_type == 0x0000000000000004) this filter.

you will notice packet 67,68 and 83,84 are the settings frames

as per RFC

SETTINGS frames always apply to an entire HTTP/3 connection, never a

single stream. A SETTINGS frame MUST be sent as the first frame of
each control stream (see Section 6.2.1) by each peer, and it MUST NOT
be sent subsequently. If an endpoint receives a second SETTINGS
frame on the control stream, the endpoint MUST respond with a
connection error of type H3_FRAME_UNEXPECTED.

by Karthikdasari0423@…, 17 months ago

Attachment: nginx_logs added

logs

comment:5 by Roman Arutyunyan, 17 months ago

We have analyzed the logs. It looks like there was a packet loss (which is normal), after which the first 18 bytes of control stream containing the SETTINGS HTTP/3 frame were retransmitted a few times. So while several UDP datagrams contain the same 18 bytes, they are only processed once.

Here's the relevant line in log:

*7 quic frame rx app STREAM id:0x2 len:18

comment:6 by Karthikdasari0423@…, 17 months ago

oh,sorry guys
my bad.
I would have checked this log before opening a ticket here.
anyway Thank you for checking and letting me know.
Please feel free to close the ticket

comment:7 by Roman Arutyunyan, 17 months ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.