New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad Edge Case in Recovery Draft #1964
Comments
Thanks for writing this up, I think this points out that the crypto timer should be enabled when there's crypto data to send, not when crypto packets are in flight. However, there's an exception to that, which is if there's no crypto data to send on the client side because all Initial packets have been acked, but the client didn't receive the server's Handshake, then you can hit the Anti-amplification attack limit, as you discovered in New York. This might be awkward to writeup, but I'll give it a try, unless you'd like to? |
Well, in the scenario above the sender sets the crypto timer when there is still unacked data. One could change OnPacketAcked() to cancel the LD timer if there's nothing left in the send queues, I suppose. But I would recommend exactly the two changes listed above. Yeah the amplification thing is gross. I am not sure when I'll have time to generate a PR., so please feel free to give it a crack. |
* Don't arm the handshake timer if there's no data Fixes the portion of #1964 not fixed in #2281 * MUST send * Martin and Marten's comments * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md * Martin and Ian's comments * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md Don't set the crypto retransmission timer if the time threshold timer is set * Jana's comments * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md Co-Authored-By: ianswett <ianswett@users.noreply.github.com> * Update draft-ietf-quic-recovery.md Co-Authored-By: ianswett <ianswett@users.noreply.github.com> * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md * Update draft-ietf-quic-recovery.md
This was fixed by #2590 |
In OnLossDetectionTimeout():
if (crypto packets are outstanding):
// Crypto retransmission timeout.
RetransmitUnackedCryptoData()
crypto_count++
The literal interpretation is a little loopy. In the case where crypto data is retransmitted and then the acks arrive for the original packets, we have outstanding crypto packets but no unacked crypto data. This pseudocode will result in sending nothing, and then (not shown) starting the Loss Detection timer even though there is nothing in flight, which seems bad.
Two improvements to make here:
The text was updated successfully, but these errors were encountered: