Opened 16 months ago
Closed 16 months ago
#2532 closed defect (fixed)
Nginx close connection immeadiately when handle quic connection migration
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | http/3 | Version: | 1.25.x |
Keywords: | Cc: | xhrlog@… | |
uname -a: | |||
nginx -V: |
ginx version: nginx/1.25.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.1.1u 25 May 2023 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_realip_module --with-http_image_filter_module --with-http_sub_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_secure_link_module --with-http_stub_status_module --with-http_perl_module --with-http_slice_module --with-http_auth_request_module --with-pcre --without-pcre2 --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY__SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wno-sign-compare -DAZN_NGX_HTTP_UPSTREAM_RESOLVER -I/usr/local/include -O0 -g' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E -L/usr/local/lib -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/lib64/' |
Description (last modified by )
Hi! After patch https://hg.nginx.org/nginx/rev/f3412ec3b6d1, I found it still can return error.
The scenarios is: client send a request after some idle time(like 10s) with a new socket. And server triggered connection migration.Before validating the new path, it would validate old path first.
The problem is when server call sendmsg to send path_challeng frame,some clients would return a ICMP message which contains "Destination unreachable". And sendmsg would return NGX_ERROR and nginx close the connection immeadiately.
But in this situation, I think nginx should try to send response with new path and shouldn't close the connection.
Attachments (2)
Change History (8)
by , 16 months ago
Attachment: | problem.jpg added |
---|
comment:1 by , 16 months ago
Description: | modified (diff) |
---|
comment:2 by , 16 months ago
Description: | modified (diff) |
---|
comment:3 by , 16 months ago
by , 16 months ago
Attachment: | quic-old-path-validation added |
---|
comment:6 by , 16 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Normally ICMP takes some time to arrive and error is not returned by the same sendmsg(). That's why we rely on sendmsg() being always successful under normal conditions. We'll look deeper into this.