Opened 6 weeks ago
Closed 4 weeks ago
#2532 closed defect (fixed)
Nginx close connection immeadiately when handle quic connection migration
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | http/3 | Version: | 1.25.x |
Keywords: | Cc: | xhrlog@… | |
uname -a: | |||
nginx -V: |
ginx version: nginx/1.25.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.1.1u 25 May 2023 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_realip_module --with-http_image_filter_module --with-http_sub_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_secure_link_module --with-http_stub_status_module --with-http_perl_module --with-http_slice_module --with-http_auth_request_module --with-pcre --without-pcre2 --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY__SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wno-sign-compare -DAZN_NGX_HTTP_UPSTREAM_RESOLVER -I/usr/local/include -O0 -g' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E -L/usr/local/lib -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/lib64/' |
Description (last modified by )
Hi! After patch https://hg.nginx.org/nginx/rev/f3412ec3b6d1, I found it still can return error.
The scenarios is: client send a request after some idle time(like 10s) with a new socket. And server triggered connection migration.Before validating the new path, it would validate old path first.
The problem is when server call sendmsg to send path_challeng frame,some clients would return a ICMP message which contains "Destination unreachable". And sendmsg would return NGX_ERROR and nginx close the connection immeadiately.
But in this situation, I think nginx should try to send response with new path and shouldn't close the connection.
Attachments (2)
Change History (8)
by , 6 weeks ago
Attachment: | problem.jpg added |
---|
comment:1 by , 6 weeks ago
Description: | modified (diff) |
---|
comment:2 by , 6 weeks ago
Description: | modified (diff) |
---|
comment:3 by , 5 weeks ago
by , 5 weeks ago
Attachment: | quic-old-path-validation added |
---|
comment:6 by , 4 weeks ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Normally ICMP takes some time to arrive and error is not returned by the same sendmsg(). That's why we rely on sendmsg() being always successful under normal conditions. We'll look deeper into this.