From 22e8b1cae9a2614c72b2b58337b09a359f49c5ab Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 7 Nov 2019 09:08:28 +0700 Subject: [PATCH 1/9] forbid exceeding the peer's active_connection_id_limit --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index f49cbf85b5..90324463e5 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -999,7 +999,7 @@ retired are considered active; any active connection ID can be used. An endpoint SHOULD ensure that its peer has a sufficient number of available and unused connection IDs. Endpoints store received connection IDs for future use and advertise the number of connection IDs they are willing to store with the -active_connection_id_limit transport parameter. An endpoint SHOULD NOT provide +active_connection_id_limit transport parameter. An endpoint MUST NOT provide more connection IDs than the peer's limit. An endpoint SHOULD supply a new connection ID when it receives a packet with a From 1e286a042ef691a58f38c6b63b6339fdf9b9d14b Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 7 Nov 2019 09:15:20 +0700 Subject: [PATCH 2/9] add an error code for exceeding the connection ID limit --- draft-ietf-quic-transport.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 90324463e5..1a3db3b341 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1000,7 +1000,9 @@ An endpoint SHOULD ensure that its peer has a sufficient number of available and unused connection IDs. Endpoints store received connection IDs for future use and advertise the number of connection IDs they are willing to store with the active_connection_id_limit transport parameter. An endpoint MUST NOT provide -more connection IDs than the peer's limit. +more connection IDs than the peer's limit. An endpoint that receives more +connection IDs than its advertised active_connection_id_limit MUST close the +connection with an error of type CONNECTION_ID_LIMIT_ERROR. An endpoint SHOULD supply a new connection ID when it receives a packet with a previously unused connection ID or when the peer retires one, unless providing @@ -5629,6 +5631,11 @@ TRANSPORT_PARAMETER_ERROR (0x8): an invalid value, was absent even though it is mandatory, was present though it is forbidden, or is otherwise in error. +CONNECTION_ID_LIMIT_ERROR (0x9): + +: The number of connection IDs provided by the peer exceeds the advertised + active_connection_id_limit. + PROTOCOL_VIOLATION (0xA): : An endpoint detected an error with protocol compliance that was not covered by @@ -6028,6 +6035,7 @@ The initial contents of this registry are shown in {{iana-error-table}}. | 0x6 | FINAL_SIZE_ERROR | Change to final size | {{error-codes}} | | 0x7 | FRAME_ENCODING_ERROR | Frame encoding error | {{error-codes}} | | 0x8 | TRANSPORT_PARAMETER_ERROR | Error in transport parameters | {{error-codes}} | +| 0x9 | CONNECTION_ID_LIMIT_ERROR | Too many connection IDs received | {{error-codes}} | | 0xA | PROTOCOL_VIOLATION | Generic protocol violation | {{error-codes}} | | 0xD | CRYPTO_BUFFER_EXCEEDED | CRYPTO data buffer overflowed | {{error-codes}} | {: #iana-error-table title="Initial QUIC Transport Error Codes Entries"} From 8ed69b0c6393dca4a876ee73c866b69a7a2a3e75 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 8 Nov 2019 10:34:22 +0700 Subject: [PATCH 3/9] set a default and minimum value for active_connection_id_limit --- draft-ietf-quic-transport.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 1a3db3b341..a4b0bed9a5 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4593,7 +4593,8 @@ active_connection_id_limit (0x000e): : The maximum number of connection IDs from the peer that an endpoint is willing to store. This value includes only connection IDs sent in NEW_CONNECTION_ID - frames. If this parameter is absent, a default of 0 is assumed. + frames. If this parameter is absent, a default of 2 is assumed. Values below 2 + are invalid. If present, transport parameters that set initial flow control limits (initial_max_stream_data_bidi_local, initial_max_stream_data_bidi_remote, and From 8354804a2a30580fd1b7deadb19f3baf3ad68fd8 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 8 Nov 2019 14:54:53 +0700 Subject: [PATCH 4/9] mandate the processing order of NEW_CONNECTION_ID frame fields --- draft-ietf-quic-transport.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index a4b0bed9a5..7f8e655e97 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1035,11 +1035,12 @@ longer plans to use that address. An endpoint can cause its peer to retire connection IDs by sending a NEW_CONNECTION_ID frame with an increased Retire Prior To field. Upon receipt, -the peer MUST retire the corresponding connection IDs and send corresponding -RETIRE_CONNECTION_ID frames. Failing to retire the connection IDs within -approximately one PTO can cause packets to be delayed, lost, or cause the -original endpoint to send a stateless reset in response to a connection ID it -can no longer route correctly. +the peer MUST first retire the corresponding connection IDs and then add the +newly provided connection ID to the set of active connection IDs. The peer MUST +send RETIRE_CONNECTION_ID frames for all active Connection IDs that it retired. +Failing to retire the connection IDs within approximately one PTO can cause +packets to be delayed, lost, or cause the original endpoint to send a stateless +reset in response to a connection ID it can no longer route correctly. An endpoint MAY discard a connection ID for which retirement has been requested once an interval of no less than 3 PTO has elapsed since an acknowledgement is From 912634dbeddd6dbe910a05694828db4b2fc67b3a Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 17 Nov 2019 12:10:45 +0800 Subject: [PATCH 5/9] include the handshake and SPA CIDs in the connection ID limit --- draft-ietf-quic-transport.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 7f8e655e97..3aa3e5e362 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4593,9 +4593,11 @@ preferred_address (0x000d): active_connection_id_limit (0x000e): : The maximum number of connection IDs from the peer that an endpoint is willing - to store. This value includes only connection IDs sent in NEW_CONNECTION_ID - frames. If this parameter is absent, a default of 2 is assumed. Values below 2 - are invalid. + to store. This value includes connection IDs sent in NEW_CONNECTION_ID frames, + the connection ID used during the handshake as well as the connection ID + provided in the preferred_address transport parameter. + If the active_connection_id_limit parameter is absent, a default of 2 is + assumed. Values below 2 are invalid. If present, transport parameters that set initial flow control limits (initial_max_stream_data_bidi_local, initial_max_stream_data_bidi_remote, and From a11afffde6f7d8a1663baf21877b1b87449c2f41 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 17 Nov 2019 13:12:59 +0800 Subject: [PATCH 6/9] rephrase when to supply new CIDs --- draft-ietf-quic-transport.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 3aa3e5e362..78ea442d20 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1004,9 +1004,10 @@ more connection IDs than the peer's limit. An endpoint that receives more connection IDs than its advertised active_connection_id_limit MUST close the connection with an error of type CONNECTION_ID_LIMIT_ERROR. -An endpoint SHOULD supply a new connection ID when it receives a packet with a -previously unused connection ID or when the peer retires one, unless providing -the new connection ID would exceed the peer's limit. An endpoint MAY limit the +An endpoint SHOULD supply a new connection ID when the peer retires a connection +ID. If an endpoint provided fewer connection IDs than the peer's +active_connection_id_limit, it MAY supply a new connection ID when it receives +a packet with a previously unused connection ID. An endpoint MAY limit the frequency or the total number of connection IDs issued for each connection to avoid the risk of running out of connection IDs; see {{reset-token}}. From 750caeac14e33b7bfa362d54d4804f6e2be69e5b Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Mon, 18 Nov 2019 15:59:36 +0800 Subject: [PATCH 7/9] no active_connection_id_limit when using zero-length CIDs --- draft-ietf-quic-transport.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index db675ee970..2a241c8391 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4598,8 +4598,11 @@ active_connection_id_limit (0x000e): to store. This value includes connection IDs sent in NEW_CONNECTION_ID frames, the connection ID used during the handshake as well as the connection ID provided in the preferred_address transport parameter. - If the active_connection_id_limit parameter is absent, a default of 2 is - assumed. Values below 2 are invalid. + Unless a zero-length connection ID is being used, the value of the + active_connection_id_limit parameter MUST be no less than 2. If this + transport parameter is absent, a default of 2 is assumed. + When a zero-length connection ID is being used, the active_connection_id_limit + parameter MUST NOT be sent. If present, transport parameters that set initial flow control limits (initial_max_stream_data_bidi_local, initial_max_stream_data_bidi_remote, and From 569b660eb85bf55bf7a226037da73057afd86ddf Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Mon, 18 Nov 2019 17:37:32 +0800 Subject: [PATCH 8/9] Update draft-ietf-quic-transport.md Co-Authored-By: Jana Iyengar --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 2a241c8391..fada68dc0f 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1037,7 +1037,7 @@ longer plans to use that address. An endpoint can cause its peer to retire connection IDs by sending a NEW_CONNECTION_ID frame with an increased Retire Prior To field. Upon receipt, the peer MUST first retire the corresponding connection IDs using -NEW_CONNECTION_ID frames and then add the newly provided connection ID to the +RETIRE_CONNECTION_ID frames and then add the newly provided connection ID to the set of active connection IDs. Failure to retire the connection IDs within approximately one PTO can cause packets to be delayed, lost, or cause the original endpoint to send a stateless reset in response to a connection ID it From e60e94e5aafe83d4e64bb8d86a1ae68e81eff4ad Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Tue, 19 Nov 2019 15:45:13 +0800 Subject: [PATCH 9/9] apply Jana's suggestion --- draft-ietf-quic-transport.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index fada68dc0f..0b836acd97 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4595,9 +4595,9 @@ preferred_address (0x000d): active_connection_id_limit (0x000e): : The maximum number of connection IDs from the peer that an endpoint is willing - to store. This value includes connection IDs sent in NEW_CONNECTION_ID frames, - the connection ID used during the handshake as well as the connection ID - provided in the preferred_address transport parameter. + to store. This value includes the connection ID received during the handshake, + that received in the preferred_address transport parameter, and those received + in NEW_CONNECTION_ID frames. Unless a zero-length connection ID is being used, the value of the active_connection_id_limit parameter MUST be no less than 2. If this transport parameter is absent, a default of 2 is assumed.