Opened 8 months ago
Closed 8 months ago
#2532 closed defect (fixed)
Nginx close connection immeadiately when handle quic connection migration
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | http/3 | Version: | 1.25.x |
| Keywords: | Cc: | xhrlog@… | |
| uname -a: | |||
| nginx -V: |
ginx version: nginx/1.25.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.1.1u 25 May 2023 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_realip_module --with-http_image_filter_module --with-http_sub_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_secure_link_module --with-http_stub_status_module --with-http_perl_module --with-http_slice_module --with-http_auth_request_module --with-pcre --without-pcre2 --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY__SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wno-sign-compare -DAZN_NGX_HTTP_UPSTREAM_RESOLVER -I/usr/local/include -O0 -g' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E -L/usr/local/lib -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/lib64/' |
||
Description (last modified by )
Hi! After patch https://hg.nginx.org/nginx/rev/f3412ec3b6d1, I found it still can return error.
The scenarios is: client send a request after some idle time(like 10s) with a new socket. And server triggered connection migration.Before validating the new path, it would validate old path first.
The problem is when server call sendmsg to send path_challeng frame,some clients would return a ICMP message which contains "Destination unreachable". And sendmsg would return NGX_ERROR and nginx close the connection immeadiately.
But in this situation, I think nginx should try to send response with new path and shouldn't close the connection.
Attachments (2)
Change History (8)
by , 8 months ago
| Attachment: | problem.jpg added |
|---|
comment:1 by , 8 months ago
| Description: | modified (diff) |
|---|
comment:2 by , 8 months ago
| Description: | modified (diff) |
|---|
comment:3 by , 8 months ago
by , 8 months ago
| Attachment: | quic-old-path-validation added |
|---|
comment:6 by , 8 months ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Normally ICMP takes some time to arrive and error is not returned by the same sendmsg(). That's why we rely on sendmsg() being always successful under normal conditions. We'll look deeper into this.