diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3c11ddeb46..28ee465e3b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -59,6 +59,8 @@ commits will only be responded to with best effort, and may not be seen. ## Resolving Issues +The `open` issues in the issues list are those that we are currently or plan to discuss. When an issue is `closed`, it implies that the group has consensus and it is reflected in the draft(s). If substantive new information is brought to our attention, issues can be reopened by the Chairs. + Issues will be labeled by the Chairs as either `editorial` or `design`. * **Design** issues require discussion and consensus in the Working Group. This discussion can happen both in the issue and on the [Working Group mailing list](https://www.ietf.org/mailman/listinfo/quic), as outlined below. @@ -73,10 +75,17 @@ Consensus for the resolution of a design issue can be established in a few diffe The editors can also propose resolutions for the group's consideration by incorporating them into the draft(s); when doing so, the issue should not be closed until consensus is declared. -Issues that have consensus will be labelled as `editor-ready`. After the editor has incorporated a resolution into the specification, the issue can be closed. +Issues that have consensus but which aren't yet reflected in text will be labelled as `editor-ready`. After the editors have incorporated a resolution into the specification, the issue can be closed. + +When a new draft is published, the design issues that have been closed since the last draft will be highlighted on the mailing list, to aid reviewers. + +### Discretionary Design Issue Labels -When a new draft is published, the design issues that have been closed since the last draft will be highlighted on the mailing list, to aid reviewers. If substantive new information is brought to our attention, issues can be reopened by the Chairs. +We also use the following labels to help understand the state of our design issues: +* **Needs Discussion**: The issue needs significant Working Group discussion before it can progress. +* **Confirm Consensus**: There is a resolution that the proponents believe reflects a consensus position, needs to be confirmed with the WG. +* **Notify Consensus**: The WG has achieved consensus in a meeting, needs to be confirmed on the mailing list. ## Pull Requests diff --git a/README.md b/README.md index 1688a0d482..9d8253c3f1 100644 --- a/README.md +++ b/README.md @@ -41,74 +41,5 @@ instructions](https://github.com/martinthomson/i-d-template/blob/master/doc/SETU ## Contributing -Before submitting feedback, please familiarize yourself with our current issues -list and review the [working group -documents](https://datatracker.ietf.org/wg/quic/documents/) and [mailing -list discussion](https://mailarchive.ietf.org/arch/browse/quic/). If you're -new to this, you may also want to read the [Tao of the -IETF](https://www.ietf.org/tao.html). - -Be aware that all contributions to the specification fall under the "NOTE WELL" -terms outlined below. - -1. The best way to provide feedback (editorial or design) and ask questions is -sending an e-mail to our mailing list -([info](https://www.ietf.org/mailman/listinfo/quic)). This will ensure that -the entire Working Group sees your input in a timely fashion. - -2. If you have **editorial** suggestions (i.e., those that do not change the -meaning of the specification), you can either: - - a) Fork this repository and submit a pull request; this is the lowest - friction way to get editorial changes in. - - b) Submit a new issue to Github, and mention that you believe it is editorial - in the issue body. It is not necessary to notify the mailing list for - editorial issues. - - c) Make comments on individual commits in Github. Note that this feedback is - processed only with best effort by the editors, so it should only be used for - quick editorial suggestions or questions. - -3. For non-editorial (i.e., **design**) issues, you can also create an issue on -Github. However, you **must notify the mailing list** when creating such issues, -providing a link to the issue in the message body. - - Note that **github issues are not for substantial discussions**; the only - appropriate place to discuss design issues is on the mailing list itself. - - -## NOTE WELL - -Any submission to the [IETF](https://www.ietf.org/) intended by the Contributor -for publication as all or part of an IETF Internet-Draft or RFC and any -statement made within the context of an IETF activity is considered an "IETF -Contribution". Such statements include oral statements in IETF sessions, as -well as written and electronic communications made at any time or place, which -are addressed to: - - * The IETF plenary session - * The IESG, or any member thereof on behalf of the IESG - * Any IETF mailing list, including the IETF list itself, any working group - or design team list, or any other list functioning under IETF auspices - * Any IETF working group or portion thereof - * Any Birds of a Feather (BOF) session - * The IAB or any member thereof on behalf of the IAB - * The RFC Editor or the Internet-Drafts function - * All IETF Contributions are subject to the rules of - [RFC 5378](https://tools.ietf.org/html/rfc5378) and - [RFC 3979](https://tools.ietf.org/html/rfc3979) - (updated by [RFC 4879](https://tools.ietf.org/html/rfc4879)). - -Statements made outside of an IETF session, mailing list or other function, -that are clearly not intended to be input to an IETF activity, group or -function, are not IETF Contributions in the context of this notice. - -Please consult [RFC 5378](https://tools.ietf.org/html/rfc5378) and [RFC -3979](https://tools.ietf.org/html/rfc3979) for details. - -A participant in any IETF activity is deemed to accept all IETF rules of -process, as documented in Best Current Practices RFCs and IESG Statements. - -A participant in any IETF activity acknowledges that written, audio and video -records of meetings may be made and may be available to the public. +See our +[guidelines for contribution](https://github.com/quicwg/base-drafts/blob/master/CONTRIBUTING.md). diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 152719dc29..7d70a5b7c4 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -198,8 +198,7 @@ This amounts to the second least-significant bit differentiating the two streams in a request. The lower-numbered stream is called the message control stream and carries -frames related to the request/response, including HEADERS. All request control -streams are exempt from connection-level flow control. The higher-numbered +frames related to the request/response, including HEADERS. The higher-numbered stream is the data stream and carries the request/response body with no additional framing. Note that a request or response without a body will cause this stream to be half-closed in the corresponding direction without @@ -229,29 +228,30 @@ HTTP response on the same streams as the request. An HTTP message (request or response) consists of: -1. for a response only, zero or more header blocks (a sequence of HEADERS frames - with End Header Block set on the last) on the control stream containing the - message headers of informational (1xx) HTTP responses (see {{!RFC7230}}, - Section 3.2 and {{!RFC7231}}, Section 6.2), +1. one header block (see {{frame-headers}}) on the control stream containing the + message headers (see {{!RFC7230}}, Section 3.2), -2. one header block on the control stream containing the message headers (see - {{!RFC7230}}, Section 3.2), +2. the payload body (see {{!RFC7230}}, Section 3.3), sent on the data stream, -3. the payload body (see {{!RFC7230}}, Section 3.3), sent on the data stream, - -4. optionally, one header block on the control stream containing the +3. optionally, one header block on the control stream containing the trailer-part, if present (see {{!RFC7230}}, Section 4.1.2). +In addition, prior to sending the message header block indicated above, a +response may contain zero or more header blocks on the control stream containing +the message headers of informational (1xx) HTTP responses (see {{!RFC7230}}, +Section 3.2 and {{!RFC7231}}, Section 6.2). + The data stream MUST be half-closed immediately after the transfer of the body. If the message does not contain a body, the corresponding data stream MUST still be half-closed without transferring any data. The "chunked" transfer encoding defined in Section 4.1 of {{!RFC7230}} MUST NOT be used. -Trailing header fields are carried in a header block following the body. Such a -header block is a sequence of HEADERS frames with End Header Block set on the -last frame. Header blocks after the first but before the end of the stream are -invalid. These MUST be decoded to maintain HPACK decoder state, but the -resulting output MUST be discarded. +Trailing header fields are carried in an additional header block on the message +control stream. Such a header block is a sequence of HEADERS frames with End +Header Block set on the last frame. Senders MUST send only one header block in +the trailers section; receivers MUST decode any subsequent header blocks in +order to maintain HPACK decoder state, but the resulting output MUST be +discarded. An HTTP request/response exchange fully consumes a pair of streams. After sending a request, a client closes the streams for sending; after sending a @@ -732,31 +732,6 @@ TODOs: field in this case. - No CONTINUATION -- HEADERS have EHB; do we need it here? - -### PING - -PING frames do not exist, since QUIC provides equivalent functionality. Frame -type 0x6 is reserved. - - -### GOAWAY frame - -GOAWAY frames do not exist, since QUIC provides equivalent functionality. Frame -type 0x7 is reserved. - - -### WINDOW_UPDATE frame - -WINDOW_UPDATE frames do not exist, since QUIC provides equivalent functionality. -Frame type 0x8 is reserved. - - -### CONTINUATION frame - -CONTINUATION frames do not exist, since larger supported HEADERS/PUSH_PROMISE -frames provide equivalent functionality. Frame type 0x9 is reserved. - - ### SETTINGS_ACK Frame {#frame-settings-ack} The SETTINGS_ACK frame (id = 0x0b) acknowledges receipt and application @@ -800,6 +775,30 @@ On the connection control stream, the SETTINGS_ACK frame MUST have a length which is a multiple of two octets. A SETTINGS_ACK frame of any other length MUST be treated as a connection error of type HTTP_MALFORMED_SETTINGS_ACK. +### PING + +PING frames do not exist, since QUIC provides equivalent functionality. Frame +type 0x6 is reserved. + + +### GOAWAY frame + +GOAWAY frames do not exist, since QUIC provides equivalent functionality. Frame +type 0x7 is reserved. + + +### WINDOW_UPDATE frame + +WINDOW_UPDATE frames do not exist, since QUIC provides equivalent functionality. +Frame type 0x8 is reserved. + + +### CONTINUATION frame + +CONTINUATION frames do not exist, since larger supported HEADERS/PUSH_PROMISE +frames provide equivalent functionality. Frame type 0x9 is reserved. + + # Error Handling {#errors} @@ -849,16 +848,16 @@ HTTP_MALFORMED_HEADERS (0x09): : A HEADERS frame has been received with an invalid format. HTTP_MALFORMED_PRIORITY (0x0A): -: A HEADERS frame has been received with an invalid format. +: A PRIORITY frame has been received with an invalid format. HTTP_MALFORMED_SETTINGS (0x0B): -: A HEADERS frame has been received with an invalid format. +: A SETTINGS frame has been received with an invalid format. HTTP_MALFORMED_PUSH_PROMISE (0x0C): -: A HEADERS frame has been received with an invalid format. +: A PUSH_PROMISE frame has been received with an invalid format. HTTP_MALFORMED_SETTINGS_ACK (0x0D): -: A HEADERS frame has been received with an invalid format. +: A SETTINGS_ACK frame has been received with an invalid format. HTTP_INTERRUPTED_HEADERS (0x0E): : A HEADERS frame without the End Header Block flag was followed by a frame diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index e2b416375c..de99121988 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -236,9 +236,6 @@ A simplified TLS 1.3 handshake with 0-RTT application data is shown in (0-RTT Application Data) --------> ServerHello {EncryptedExtensions} - {ServerConfiguration} - {Certificate} - {CertificateVerify} {Finished} <-------- [Application Data] (EndOfEarlyData) @@ -424,8 +421,8 @@ the first handshake octets, the TLS stack might signal that 0-RTT keys are ready. On the server, after receiving handshake octets that contain a ClientHello message, a TLS server might signal that 0-RTT keys are available. -1-RTT keys are used for both sending and receiving packets. 0-RTT keys are only -used to protect packets that the client sends. +1-RTT keys are used for packets in both directions. 0-RTT keys are only +used to protect packets sent by the client. ### Secret Export @@ -501,7 +498,7 @@ on the system used in TLS {{!I-D.ietf-tls-tls13}}. The secrets that QUIC uses as the basis of its key schedule are obtained using TLS exporters (see Section 7.3.3 of {{!I-D.ietf-tls-tls13}}). -QUIC uses the Pseudo-Random Function (PRF) hash function negotiated by TLS for +QUIC uses HKDF with the same hash function negotiated by TLS for key derivation. For example, if TLS is using the TLS_AES_128_GCM_SHA256, the SHA-256 hash function is used. @@ -904,7 +901,7 @@ key update until all of its handshake messages have been acknowledged by the server. -# Pre-handshake QUIC Messages {#pre-handshake} +# Pre-handshake QUIC Messages {#pre-hs} Implementations MUST NOT exchange data on any stream other than stream 1 without packet protection. QUIC requires the use of several types of frame for managing @@ -938,12 +935,12 @@ proposes that all strategies are possible depending on the type of message. the TLS handshake (see {{quic_parameters}}). * Most unprotected messages are treated as fatal errors when received except for the small number necessary to permit the handshake to complete (see - {{pre-handshake-unprotected}}). + {{pre-hs-unprotected}}). * Protected packets can either be discarded or saved and later used (see - {{pre-handshake-protected}}). + {{pre-hs-protected}}). -## Unprotected Packets Prior to Handshake Completion {#pre-handshake-unprotected} +## Unprotected Packets Prior to Handshake Completion {#pre-hs-unprotected} This section describes the handling of messages that are sent and received prior to the completion of the TLS handshake. @@ -996,7 +993,7 @@ sources can be discarded. `WINDOW_UPDATE` frames MUST NOT be sent unprotected. -Though data is exchanged on stream 1, the initial flow control window is is +Though data is exchanged on stream 1, the initial flow control window is sufficiently large to allow the TLS handshake to complete. This limits the maximum size of the TLS handshake and would prevent a server or client from using an abnormally large certificate chain. @@ -1058,7 +1055,7 @@ that 0-RTT data has been rejected. A server MUST NOT use 0-RTT keys to protect packets. -## Protected Packets Prior to Handshake Completion {#pre-handshake-protected} +## Protected Packets Prior to Handshake Completion {#pre-hs-protected} Due to reordering and loss, protected packets might be received by an endpoint before the final handshake messages are received. If these can be decrypted @@ -1234,86 +1231,87 @@ packets as indicative of an attack. # Error codes {#errors} The portion of the QUIC error code space allocated for the crypto handshake is -0xB000-0xFFFF. The following error codes are defined when TLS is used for the +0xC0000000-0xFFFFFFFF. The following error codes are defined when TLS is used for the crypto handshake: -TLS_HANDSHAKE_FAILED (0xB01c): +TLS_HANDSHAKE_FAILED (0xC000001C): : Crypto errors. Handshake failed. -TLS_MESSAGE_OUT_OF_ORDER (0xB01d): +TLS_MESSAGE_OUT_OF_ORDER (0xC000001D): : Handshake message received out of order. -TLS_TOO_MANY_ENTRIES (0xB01e): +TLS_TOO_MANY_ENTRIES (0xC000001E): : Handshake message contained too many entries. -TLS_INVALID_VALUE_LENGTH (0xB01f): +TLS_INVALID_VALUE_LENGTH (0xC000001F): : Handshake message contained an invalid value length. -TLS_MESSAGE_AFTER_HANDSHAKE_COMPLETE (0xB020): +TLS_MESSAGE_AFTER_HANDSHAKE_COMPLETE (0xC0000020): : A handshake message was received after the handshake was complete. -TLS_INVALID_RECORD_TYPE (0xB021): +TLS_INVALID_RECORD_TYPE (0xC0000021): : A handshake message was received with an illegal record type. -TLS_INVALID_PARAMETER (0xB022): +TLS_INVALID_PARAMETER (0xC0000022): : A handshake message was received with an illegal parameter. -TLS_INVALID_CHANNEL_ID_SIGNATURE (0xB034): +TLS_INVALID_CHANNEL_ID_SIGNATURE (0xC0000034): : An invalid channel id signature was supplied. -TLS_MESSAGE_PARAMETER_NOT_FOUND (0xB023): +TLS_MESSAGE_PARAMETER_NOT_FOUND (0xC0000023): : A handshake message was received with a mandatory parameter missing. -TLS_MESSAGE_PARAMETER_NO_OVERLAP (0xB024): +TLS_MESSAGE_PARAMETER_NO_OVERLAP (0xC0000024): : A handshake message was received with a parameter that has no overlap with the local parameter. -TLS_MESSAGE_INDEX_NOT_FOUND (0xB025): -: A handshake message was received that contained a parameter with too few values. +TLS_MESSAGE_INDEX_NOT_FOUND (0xC0000025): +: A handshake message was received that contained a parameter with too few + values. -TLS_UNSUPPORTED_PROOF_DEMAND (0xB05e): +TLS_UNSUPPORTED_PROOF_DEMAND (0xC000005E): : A demand for an unsupported proof type was received. -TLS_INTERNAL_ERROR (0xB026): +TLS_INTERNAL_ERROR (0xC0000026): : An internal error occured in handshake processing. -TLS_VERSION_NOT_SUPPORTED (0xB027): +TLS_VERSION_NOT_SUPPORTED (0xC0000027): : A handshake handshake message specified an unsupported version. -TLS_HANDSHAKE_STATELESS_REJECT (0xB048): +TLS_HANDSHAKE_STATELESS_REJECT (0xC0000048): : A handshake handshake message resulted in a stateless reject. -TLS_NO_SUPPORT (0xB028): +TLS_NO_SUPPORT (0xC0000028): : There was no intersection between the crypto primitives supported by the peer and ourselves. -TLS_TOO_MANY_REJECTS (0xB029): +TLS_TOO_MANY_REJECTS (0xC0000029): : The server rejected our client hello messages too many times. -TLS_PROOF_INVALID (0xB02a): +TLS_PROOF_INVALID (0xC000002A): : The client rejected the server's certificate chain or signature. -TLS_DUPLICATE_TAG (0xB02b): +TLS_DUPLICATE_TAG (0xC000002B): : A handshake message was received with a duplicate tag. -TLS_ENCRYPTION_LEVEL_INCORRECT (0xB02c): +TLS_ENCRYPTION_LEVEL_INCORRECT (0xC000002C): : A handshake message was received with the wrong encryption level (i.e. it should have been encrypted but was not.) -TLS_SERVER_CONFIG_EXPIRED (0xB02d): +TLS_SERVER_CONFIG_EXPIRED (0xC000002D): : The server config for a server has expired. -TLS_SYMMETRIC_KEY_SETUP_FAILED (0xB035): +TLS_SYMMETRIC_KEY_SETUP_FAILED (0xC0000035): : We failed to set up the symmetric keys for a connection. -TLS_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO (0xB036): +TLS_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO (0xC0000036): : A handshake message arrived, but we are still validating the previous handshake message. -TLS_UPDATE_BEFORE_HANDSHAKE_COMPLETE (0xB041): +TLS_UPDATE_BEFORE_HANDSHAKE_COMPLETE (0xC0000041): : A server config update arrived before the handshake is complete. -TLS_CLIENT_HELLO_TOO_LARGE (0xB05a): +TLS_CLIENT_HELLO_TOO_LARGE (0xC000005A): : ClientHello cannot fit in one packet. diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 1b359565c6..3fd18944df 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -176,12 +176,15 @@ with the following additional conventions: \{x\} : Indicates that x is encrypted -x (*) ... -: Indicates that x is variable-length +x (A) +: Indicates that x is A bits long x (A/B/C) ... : Indicates that x is one of A, B, or C bits long +x (*) ... +: Indicates that x is variable-length + # A QUIC Overview This section briefly describes QUIC's key mechanisms and benefits. Key @@ -314,7 +317,8 @@ Version numbers used to identify IETF drafts are created by adding the draft number to 0xff000000. For example, draft-ietf-quic-transport-13 would be identified as 0xff00000D. -Versions of QUIC that are used for experimentation are coordinated on the +Implementors are encouraged to register version numbers of QUIC that they +are using for private experimentation on the [github wiki](https://github.com/quicwg/base-drafts/wiki/QUIC-Versions). @@ -666,7 +670,7 @@ establishment latency. QUIC provides a dedicated stream (Stream ID 1) to be used for performing a combined connection and security handshake (streams are described in detail in {{streams}}). The crypto handshake protocol encapsulates and delivers QUIC's transport handshake to the peer on the crypto stream. The -first QUIC packet from the client to the server MUST carry handshake information +first QUIC packet sent by client to the server MUST carry handshake information as data on Stream ID 1. ### Transport Parameters and Options @@ -677,7 +681,7 @@ the document. The transport component of the handshake is responsible for exchanging and negotiating the following parameters for a QUIC connection. Not all parameters -are negotiated, some are parameters sent in just one direction. These +are negotiated; some parameters are sent in just one direction. These parameters and options are encoded and handed off to the crypto handshake protocol to be transmitted to the peer. @@ -798,11 +802,12 @@ cryptographically verified by the crypto handshake protocol: ## Connection Migration {#migration} QUIC connections are identified by their 64-bit Connection ID. QUIC's -consistent connection ID allows connections to survive changes to the client's -IP and/or port, such as those caused by client or server migrating to a new -network. QUIC also provides automatic cryptographic verification of a rebound -client, since the client continues to use the same session key for encrypting -and decrypting packets. +consistent connection ID allows connections to survive changes to the +client's IP and/or port, such as those caused by client or server +migrating to a new network. QUIC also provides automatic +cryptographic verification of a client which has changed its IP +address because the client continues to use the same session key for +encrypting and decrypting packets. DISCUSS: Simultaneous migration. Is this reasonable? @@ -989,7 +994,7 @@ The fields in the ACK frame are as follows: number the peer is acking in this packet (typically the largest that the peer has seen thus far.) -* Ack Delay: Time from when the largest acked, as indicated in the Largest Acked +* Ack Delay: Time from when the largest acked packet, as indicated in the Largest Acked field, was received by this peer to when this ack was sent. * Num Blocks (opt): An optional 8-bit unsigned value specifying the number of @@ -1057,7 +1062,7 @@ receive times relative to the beginning of the connection. +-+-+-+-+-+-+-+-+ | [Delta LA (8)]| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| [First Timestamp (32)] | +| [First Timestamp (32)] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |[Delta LA 1(8)]| [Time Since Previous 1 (16)] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -1394,7 +1399,7 @@ discussed in more detail in {{QUIC-RECOVERY}}. Streams in QUIC provide a lightweight, ordered, and bidirectional byte-stream abstraction. Streams can be created either by the client or the server, can concurrently send data interleaved with other streams, and can be cancelled. -QUIC's stream lifetime is modeled closely after HTTP/2's {{!RFC7540}}. Streams +QUIC's stream lifetime is modeled closely after HTTP/2's {{?RFC7540}}. Streams are independent of each other in delivery order. That is, data that is received on a stream is delivered in order within that stream, but there is no particular delivery order across streams. Transmit ordering among streams is left to the @@ -1412,7 +1417,7 @@ more appealing description for some applications. ## Life of a Stream The semantics of QUIC streams is based on HTTP/2 streams, and the lifecycle of a -QUIC stream therefore closely follows that of an HTTP/2 stream {{!RFC7540}}, +QUIC stream therefore closely follows that of an HTTP/2 stream {{?RFC7540}}, with some differences to accommodate the possibility of out-of-order delivery due to the use of multiple streams in QUIC. The lifecycle of a QUIC stream is shown in the following figure and described below. @@ -1647,16 +1652,10 @@ as an ordered byte-stream. Data received out of order MUST be buffered for later delivery, as long as it is not in violation of the receiver's flow control limits. -An endpoint MUST NOT send any stream data without consulting the congestion -controller and the flow controller, with the following two exceptions. - -* The crypto handshake stream, Stream 1, MUST NOT be subject to congestion - control or connection-level flow control, but MUST be subject to stream-level - flow control. - -* An application MAY exclude specific stream IDs from connection-level flow - control. If so, these streams MUST NOT be subject to connection-level flow - control. +The crypto handshake stream, Stream 1, MUST NOT be subject to congestion control +or connection-level flow control, but MUST be subject to stream-level flow +control. An endpoint MUST NOT send data on any other stream without consulting +the congestion controller and the flow controller. Flow control is described in detail in {{flow-control}}, and congestion control is described in the companion document {{QUIC-RECOVERY}}. @@ -1670,7 +1669,7 @@ or to prevent a malicious sender from consuming significant resources at a receiver. This section describes QUIC's flow-control mechanisms. QUIC employs a credit-based flow-control scheme similar to HTTP/2's flow control -{{!RFC7540}}. A receiver advertises the number of octets it is prepared to +{{?RFC7540}}. A receiver advertises the number of octets it is prepared to receive on a given stream and for the entire connection. This leads to two levels of flow control in QUIC: (i) Connection flow control, which prevents senders from exceeding a receiver's buffer capacity for the connection, and (ii) @@ -1780,18 +1779,18 @@ to get blocked. Error codes are 32 bits long, with the first two bits indicating the source of the error code: -0x0000-0x3FFF: +0x00000000-0x3FFFFFFF: : Application-specific error codes. Defined by each application-layer protocol. -0x4000-0x7FFF: +0x40000000-0x7FFFFFFF: : Reserved for host-local error codes. These codes MUST NOT be sent to a peer, but MAY be used in API return codes and logs. -0x8000-0xAFFF: +0x80000000-0xBFFFFFFF: : QUIC transport error codes, including packet protection errors. Applicable to all uses of QUIC. -0xB000-0xFFFF: +0xC0000000-0xFFFFFFFF: : Cryptographic error codes. Defined by the crypto handshake protocol in use. This section lists the defined QUIC transport error codes that may be used in a @@ -1799,169 +1798,169 @@ CONNECTION_CLOSE or RST_STREAM frame. Error codes share a common code space. Some error codes apply only to either streams or the entire connection and have no defined semantics in the other context. -QUIC_INTERNAL_ERROR (0x8001): +QUIC_INTERNAL_ERROR (0x80000001): : Connection has reached an invalid state. -QUIC_STREAM_DATA_AFTER_TERMINATION (0x8002): +QUIC_STREAM_DATA_AFTER_TERMINATION (0x80000002): : There were data frames after the a fin or reset. -QUIC_INVALID_PACKET_HEADER (0x8003): +QUIC_INVALID_PACKET_HEADER (0x80000003): : Control frame is malformed. -QUIC_INVALID_FRAME_DATA (0x8004): +QUIC_INVALID_FRAME_DATA (0x80000004): : Frame data is malformed. -QUIC_RECEIVED_RST (0x8005): +QUIC_RECEIVED_RST (0x80000005): : Terminating stream because peer sent a RST_STREAM or REQUEST_RST. -QUIC_MISSING_PAYLOAD (0x8030): +QUIC_MISSING_PAYLOAD (0x80000030): : The packet contained no payload. -QUIC_INVALID_STREAM_DATA (0x802e): +QUIC_INVALID_STREAM_DATA (0x8000002E): : STREAM frame data is malformed. -QUIC_OVERLAPPING_STREAM_DATA (0x8057): +QUIC_OVERLAPPING_STREAM_DATA (0x80000057): : STREAM frame data overlaps with buffered data. -QUIC_UNENCRYPTED_STREAM_DATA (0x803d): +QUIC_UNENCRYPTED_STREAM_DATA (0x8000003D): : Received STREAM frame data is not encrypted. -QUIC_MAYBE_CORRUPTED_MEMORY (0x8059): +QUIC_MAYBE_CORRUPTED_MEMORY (0x80000059): : Received a frame which is likely the result of memory corruption. -QUIC_INVALID_RST_STREAM_DATA (0x8006): +QUIC_INVALID_RST_STREAM_DATA (0x80000006): : RST_STREAM frame data is malformed. -QUIC_INVALID_CONNECTION_CLOSE_DATA (0x8007): +QUIC_INVALID_CONNECTION_CLOSE_DATA (0x80000007): : CONNECTION_CLOSE frame data is malformed. -QUIC_INVALID_GOAWAY_DATA (0x8008): +QUIC_INVALID_GOAWAY_DATA (0x80000008): : GOAWAY frame data is malformed. -QUIC_INVALID_WINDOW_UPDATE_DATA (0x8039): +QUIC_INVALID_WINDOW_UPDATE_DATA (0x80000039): : WINDOW_UPDATE frame data is malformed. -QUIC_INVALID_BLOCKED_DATA (0x803a): +QUIC_INVALID_BLOCKED_DATA (0x8000003A): : BLOCKED frame data is malformed. -QUIC_INVALID_STOP_WAITING_DATA (0x803c): +QUIC_INVALID_STOP_WAITING_DATA (0x8000003C): : STOP_WAITING frame data is malformed. -QUIC_INVALID_PATH_CLOSE_DATA (0x804e): +QUIC_INVALID_PATH_CLOSE_DATA (0x8000004E): : PATH_CLOSE frame data is malformed. -QUIC_INVALID_ACK_DATA (0x8009): +QUIC_INVALID_ACK_DATA (0x80000009): : ACK frame data is malformed. -QUIC_INVALID_VERSION_NEGOTIATION_PACKET (0x800a): +QUIC_INVALID_VERSION_NEGOTIATION_PACKET (0x8000000A): : Version negotiation packet is malformed. -QUIC_INVALID_PUBLIC_RST_PACKET (0x800b): +QUIC_INVALID_PUBLIC_RST_PACKET (0x8000000b): : Public RST packet is malformed. -QUIC_DECRYPTION_FAILURE (0x800c): +QUIC_DECRYPTION_FAILURE (0x8000000c): : There was an error decrypting. -QUIC_ENCRYPTION_FAILURE (0x800d): +QUIC_ENCRYPTION_FAILURE (0x8000000d): : There was an error encrypting. -QUIC_PACKET_TOO_LARGE (0x800e): +QUIC_PACKET_TOO_LARGE (0x8000000e): : The packet exceeded kMaxPacketSize. -QUIC_PEER_GOING_AWAY (0x8010): +QUIC_PEER_GOING_AWAY (0x80000010): : The peer is going away. May be a client or server. -QUIC_INVALID_STREAM_ID (0x8011): +QUIC_INVALID_STREAM_ID (0x80000011): : A stream ID was invalid. -QUIC_INVALID_PRIORITY (0x8031): +QUIC_INVALID_PRIORITY (0x80000031): : A priority was invalid. -QUIC_TOO_MANY_OPEN_STREAMS (0x8012): +QUIC_TOO_MANY_OPEN_STREAMS (0x80000012): : Too many streams already open. -QUIC_TOO_MANY_AVAILABLE_STREAMS (0x804c): +QUIC_TOO_MANY_AVAILABLE_STREAMS (0x8000004c): : The peer created too many available streams. -QUIC_PUBLIC_RESET (0x8013): +QUIC_PUBLIC_RESET (0x80000013): : Received public reset for this connection. -QUIC_INVALID_VERSION (0x8014): +QUIC_INVALID_VERSION (0x80000014): : Invalid protocol version. -QUIC_INVALID_HEADER_ID (0x8016): +QUIC_INVALID_HEADER_ID (0x80000016): : The Header ID for a stream was too far from the previous. -QUIC_INVALID_NEGOTIATED_VALUE (0x8017): +QUIC_INVALID_NEGOTIATED_VALUE (0x80000017): : Negotiable parameter received during handshake had invalid value. -QUIC_DECOMPRESSION_FAILURE (0x8018): +QUIC_DECOMPRESSION_FAILURE (0x80000018): : There was an error decompressing data. -QUIC_NETWORK_IDLE_TIMEOUT (0x8019): +QUIC_NETWORK_IDLE_TIMEOUT (0x80000019): : The connection timed out due to no network activity. -QUIC_HANDSHAKE_TIMEOUT (0x8043): +QUIC_HANDSHAKE_TIMEOUT (0x80000043): : The connection timed out waiting for the handshake to complete. -QUIC_ERROR_MIGRATING_ADDRESS (0x801a): +QUIC_ERROR_MIGRATING_ADDRESS (0x8000001a): : There was an error encountered migrating addresses. -QUIC_ERROR_MIGRATING_PORT (0x8056): +QUIC_ERROR_MIGRATING_PORT (0x80000056): : There was an error encountered migrating port only. -QUIC_EMPTY_STREAM_FRAME_NO_FIN (0x8032): +QUIC_EMPTY_STREAM_FRAME_NO_FIN (0x80000032): : We received a STREAM_FRAME with no data and no fin flag set. -QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA (0x803b): +QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA (0x8000003b): : The peer received too much data, violating flow control. -QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA (0x803f): +QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA (0x8000003f): : The peer sent too much data, violating flow control. -QUIC_FLOW_CONTROL_INVALID_WINDOW (0x8040): +QUIC_FLOW_CONTROL_INVALID_WINDOW (0x80000040): : The peer received an invalid flow control window. -QUIC_CONNECTION_IP_POOLED (0x803e): +QUIC_CONNECTION_IP_POOLED (0x8000003e): : The connection has been IP pooled into an existing connection. -QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS (0x8044): +QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS (0x80000044): : The connection has too many outstanding sent packets. -QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS (0x8045): +QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS (0x80000045): : The connection has too many outstanding received packets. -QUIC_CONNECTION_CANCELLED (0x8046): +QUIC_CONNECTION_CANCELLED (0x80000046): : The QUIC connection has been cancelled. -QUIC_BAD_PACKET_LOSS_RATE (0x8047): +QUIC_BAD_PACKET_LOSS_RATE (0x80000047): : Disabled QUIC because of high packet loss rate. -QUIC_PUBLIC_RESETS_POST_HANDSHAKE (0x8049): +QUIC_PUBLIC_RESETS_POST_HANDSHAKE (0x80000049): : Disabled QUIC because of too many PUBLIC_RESETs post handshake. -QUIC_TIMEOUTS_WITH_OPEN_STREAMS (0x804a): +QUIC_TIMEOUTS_WITH_OPEN_STREAMS (0x8000004a): : Disabled QUIC because of too many timeouts with streams open. -QUIC_TOO_MANY_RTOS (0x8055): +QUIC_TOO_MANY_RTOS (0x80000055): : QUIC timed out after too many RTOs. -QUIC_ENCRYPTION_LEVEL_INCORRECT (0x802c): +QUIC_ENCRYPTION_LEVEL_INCORRECT (0x8000002c): : A packet was received with the wrong encryption level (i.e. it should have been encrypted but was not.) -QUIC_VERSION_NEGOTIATION_MISMATCH (0x8037): +QUIC_VERSION_NEGOTIATION_MISMATCH (0x80000037): : This connection involved a version negotiation which appears to have been tampered with. -QUIC_IP_ADDRESS_CHANGED (0x8050): +QUIC_IP_ADDRESS_CHANGED (0x80000050): : IP address changed causing connection close. -QUIC_TOO_MANY_FRAME_GAPS (0x805d): +QUIC_TOO_MANY_FRAME_GAPS (0x8000005d): : Stream frames arrived too discontiguously so that stream sequencer buffer maintains too many gaps. -QUIC_TOO_MANY_SESSIONS_ON_SERVER (0x8060): +QUIC_TOO_MANY_SESSIONS_ON_SERVER (0x80000060): : Connection closed because server hit max number of sessions allowed.