From 6d59f185cbc68fa85c157f918d7e53cb591a81cb Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 10:48:55 +0900 Subject: [PATCH 1/8] endpoint MAY discard, MUST NOT close when receiving a datagram that does not meet the padding requirements --- draft-ietf-quic-transport.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 63d4f24469..a0833c05a9 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4085,6 +4085,12 @@ UDP datagrams MUST NOT be fragmented at the IP layer. In IPv4 ({{!IPv4=RFC0791}}), the DF bit MUST be set if possible, to prevent fragmentation on the path. +Even though datagrams with certain properties are required to be padded, the +size of the datagram is not authenticated, and endpoints might send coalesced +packets after the handshake is confirmed. Therefore, an endpoint MUST NOT close +a connection when it receives a datagram that does not meet the padding +requirements, though the endpoint MAY discard such datagrams. + ## Initial Datagram Size {#initial-size} @@ -4106,9 +4112,7 @@ A server MUST discard an Initial packet that is carried in a UDP datagram with a payload that is smaller than the smallest allowed maximum datagram size of 1200 bytes. A server MAY also immediately close the connection by sending a CONNECTION_CLOSE frame with an error code of PROTOCOL_VIOLATION; see -{{immediate-close-hs}}. When a client receives an ack-eliciting Initial packet -that is carried in a UDP datagram with a payload that is less than 1200 bytes, -that client MAY close the connection by sending a CONNECTION_CLOSE frame. +{{immediate-close-hs}}. The server MUST also limit the number of bytes it sends before validating the address of the client; see {{address-validation}}. From a364f7d638459ca0c3b0b35fb6a57aecfc4f733d Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 10:53:06 +0900 Subject: [PATCH 2/8] add ref --- draft-ietf-quic-transport.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index a0833c05a9..b94f679194 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4087,9 +4087,10 @@ fragmentation on the path. Even though datagrams with certain properties are required to be padded, the size of the datagram is not authenticated, and endpoints might send coalesced -packets after the handshake is confirmed. Therefore, an endpoint MUST NOT close -a connection when it receives a datagram that does not meet the padding -requirements, though the endpoint MAY discard such datagrams. +packets after the handshake is confirmed (see {{packet-coalesce}}). Therefore, +an endpoint MUST NOT close a connection when it receives a datagram that does +not meet the padding requirements, though the endpoint MAY discard such +datagrams. ## Initial Datagram Size {#initial-size} From 3fce52c3e6633f9b231c76bc8b88fecaf6842461 Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 17:09:39 +0900 Subject: [PATCH 3/8] Update draft-ietf-quic-transport.md Co-authored-by: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index b94f679194..6f2ba6f26d 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4087,7 +4087,7 @@ fragmentation on the path. Even though datagrams with certain properties are required to be padded, the size of the datagram is not authenticated, and endpoints might send coalesced -packets after the handshake is confirmed (see {{packet-coalesce}}). Therefore, +packets after the handshake is confirmed; see {{packet-coalesce}}. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does not meet the padding requirements, though the endpoint MAY discard such datagrams. From 49585a13f953f35d08b53e46d2f272b34e5efb18 Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 17:10:10 +0900 Subject: [PATCH 4/8] Update draft-ietf-quic-transport.md Co-authored-by: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 6f2ba6f26d..fcaea6086c 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4085,7 +4085,7 @@ UDP datagrams MUST NOT be fragmented at the IP layer. In IPv4 ({{!IPv4=RFC0791}}), the DF bit MUST be set if possible, to prevent fragmentation on the path. -Even though datagrams with certain properties are required to be padded, the +Datagrams are required to be padded under some conditions. However, the size of the datagram is not authenticated, and endpoints might send coalesced packets after the handshake is confirmed; see {{packet-coalesce}}. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does From db0065748b54228ac2ca98401331f936c1e90919 Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 17:10:25 +0900 Subject: [PATCH 5/8] Update draft-ietf-quic-transport.md Co-authored-by: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index fcaea6086c..9b0a7f654c 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4089,7 +4089,7 @@ Datagrams are required to be padded under some conditions. However, the size of the datagram is not authenticated, and endpoints might send coalesced packets after the handshake is confirmed; see {{packet-coalesce}}. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does -not meet the padding requirements, though the endpoint MAY discard such +not meet size constraints, though the endpoint MAY discard such datagrams. From 353747da54f98792413e2b913f2859251ab13122 Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Tue, 20 Oct 2020 17:13:28 +0900 Subject: [PATCH 6/8] drop reference to packet coalescing, as suggested by @martinthomson --- draft-ietf-quic-transport.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 9b0a7f654c..823977f309 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4086,11 +4086,9 @@ UDP datagrams MUST NOT be fragmented at the IP layer. In IPv4 fragmentation on the path. Datagrams are required to be padded under some conditions. However, the -size of the datagram is not authenticated, and endpoints might send coalesced -packets after the handshake is confirmed; see {{packet-coalesce}}. Therefore, -an endpoint MUST NOT close a connection when it receives a datagram that does -not meet size constraints, though the endpoint MAY discard such -datagrams. +size of the datagram is not authenticated. Therefore, an endpoint MUST NOT +close a connection when it receives a datagram that does not meet size +constraints, though the endpoint MAY discard such datagrams. ## Initial Datagram Size {#initial-size} From f4e391a879586cb26d6f571558efa6d3a9fdade2 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 21 Oct 2020 01:31:47 +1100 Subject: [PATCH 7/8] minimumumum Co-authored-by: ianswett --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 823977f309..9a72a27aaa 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4085,7 +4085,7 @@ UDP datagrams MUST NOT be fragmented at the IP layer. In IPv4 ({{!IPv4=RFC0791}}), the DF bit MUST be set if possible, to prevent fragmentation on the path. -Datagrams are required to be padded under some conditions. However, the +Datagrams are required to be a minimum size under some conditions. However, the size of the datagram is not authenticated. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does not meet size constraints, though the endpoint MAY discard such datagrams. From bbb245b5a3ed4567f052caa413e7c4cfc296d91a Mon Sep 17 00:00:00 2001 From: Jana Iyengar Date: Tue, 20 Oct 2020 12:37:30 -0700 Subject: [PATCH 8/8] Update draft-ietf-quic-transport.md --- draft-ietf-quic-transport.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 9a72a27aaa..8a5ecc3dd0 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4085,8 +4085,8 @@ UDP datagrams MUST NOT be fragmented at the IP layer. In IPv4 ({{!IPv4=RFC0791}}), the DF bit MUST be set if possible, to prevent fragmentation on the path. -Datagrams are required to be a minimum size under some conditions. However, the -size of the datagram is not authenticated. Therefore, an endpoint MUST NOT +Datagrams are required to be of a minimum size under some conditions. However, +the size of the datagram is not authenticated. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does not meet size constraints, though the endpoint MAY discard such datagrams.