diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 657cfeb4af..d561342baa 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -363,6 +363,9 @@ Padding MUST NOT be used. The flags defined are: Reserved (0x20): : Reserved for HTTP/2 compatibility. +A HEADERS frame with the Reserved bits set MUST be treated as a connection error +of type HTTP_MALFORMED_HEADERS. + ~~~~~~~~~~ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -381,9 +384,9 @@ The HEADERS frame payload has the following fields: The next frame on the same stream after a HEADERS frame without the EHB flag set MUST be another HEADERS frame. A receiver MUST treat the receipt of any other -type of frame as a stream error. (Note that QUIC can intersperse data from other -streams between frames, or even during transmission of frames, so multiplexing -is not blocked by this requirement.) +type of frame as a stream error of type HTTP_INTERRUPTED_HEADERS. (Note that +QUIC can intersperse data from other streams between frames, or even during +transmission of frames, so multiplexing is not blocked by this requirement.) A full header block is contained in a sequence of zero or more HEADERS frames without EHB set, followed by a HEADERS frame with EHB set. @@ -435,6 +438,10 @@ The HEADERS frame payload has the following fields: stream (see {{!RFC7540}} Section 5.3). Add one to the value to obtain a weight between 1 and 256. +A PRIORITY frame MUST have a payload length of nine octets. A PRIORITY frame +of any other length MUST be treated as a connection error of type +HTTP_MALFORMED_PRIORITY. + ### RST_STREAM RST_STREAM frames do not exist, since QUIC provides stream lifecycle management. @@ -505,11 +512,12 @@ it does not understand. SETTINGS frames always apply to a connection, never a single stream, and MUST only be sent on the connection control stream (Stream 3). If an endpoint receives an SETTINGS frame whose stream identifier field is anything other than -0x0, the endpoint MUST respond with a connection error. +0x0, the endpoint MUST respond with a connection error of type +HTTP_SETTINGS_ON_WRONG_STREAM. The SETTINGS frame affects connection state. A badly formed or incomplete SETTINGS frame MUST be treated as a connection error (Section 5.4.1) of type -PROTOCOL_ERROR. +HTTP_MALFORMED_SETTINGS. #### Integer encoding @@ -585,7 +593,7 @@ of that stream. If the sender of a SETTINGS frame with the REQUEST_ACK flag set does not receive full acknowledgement within a reasonable amount of time, it MAY issue a -connection error ([RFC7540] Section 5.4.1) of type SETTINGS_TIMEOUT. A full +connection error ({{errors}}) of type HTTP_SETTINGS_TIMEOUT. A full acknowledgement has occurred when: - All previous SETTINGS frames have been fully acknowledged, @@ -631,6 +639,7 @@ TODOs: field in this case. - No CONTINUATION -- HEADERS have EHB; do we need it here? + ### PING PING frames do not exist, since QUIC provides equivalent functionality. Frame @@ -690,55 +699,132 @@ following payload: On message control streams, the SETTINGS_ACK frame carries no payload, and is strictly a synchronization marker for settings application. See -{{settings-synchronization}} for more detail. +{{settings-synchronization}} for more detail. A SETTINGS_ACK frame with a +non-zero length MUST be treated as a connection error of type +HTTP_MALFORMED_SETTINGS_ACK. + +On the connection control stream, the SETTINGS_ACK frame MUST have a length +which is a multiple of two octets. A SETTINGS_ACK frame of any other length MUST +be treated as a connection error of type HTTP_MALFORMED_SETTINGS_ACK. + # Error Handling {#errors} +This section describes the specific error codes defined by HTTP and the mapping +of HTTP/2 error codes into the QUIC error code space. + +## HTTP-Defined QUIC Error Codes {#http-error-codes} + +QUIC allocates error codes 0xB000-0xFFFF to application protocol definition. +The following error codes are defined by HTTP for use in QUIC RST_STREAM, +GOAWAY, and CONNECTION_CLOSE frames. + +HTTP_SETTINGS_TIMEOUT (0xB000): +: After sending a SETTINGS frame which requested acknowledgement, the + acknowledgement was not completed (see {{settings-synchronization}}) in a + timely manner. + +HTTP_PUSH_REFUSED (0xB001): +: The server has attempted to push content which the client will not accept + on this connection. + +HTTP_INTERNAL_ERROR (0xB002): +: An internal error has occurred in the HTTP stack. + +HTTP_PUSH_ALREADY_IN_CACHE (0xB003): +: The server has attempted to push content which the client has cached. + +HTTP_REQUEST_CANCELLED (0xB004): +: The client no longer needs the requested data. + +HTTP_HPACK_DECOMPRESSION_FAILED (0xB005): +: HPACK failed to decompress a frame and cannot continue. + +HTTP_CONNECT_ERROR (0xB006): +: The connection established in response to a CONNECT request was reset or + abnormally closed. + +HTTP_EXCESSIVE_LOAD (0xB007): +: The endpoint detected that its peer is exhibiting a behavior that might be + generating excessive load. + +HTTP_VERSION_FALLBACK (0xB008): +: The requested operation cannot be served over HTTP/QUIC. The peer should + retry over HTTP/2. + +HTTP_MALFORMED_HEADERS (0xB009): +: A HEADERS frame has been received with an invalid format. + +HTTP_MALFORMED_PRIORITY (0xB00A): +: A HEADERS frame has been received with an invalid format. + +HTTP_MALFORMED_SETTINGS (0xB00B): +: A HEADERS frame has been received with an invalid format. + +HTTP_MALFORMED_PUSH_PROMISE (0xB00C): +: A HEADERS frame has been received with an invalid format. + +HTTP_MALFORMED_SETTINGS_ACK (0xB00D): +: A HEADERS frame has been received with an invalid format. + +HTTP_INTERRUPTED_HEADERS (0xB00E): +: A HEADERS frame without the End Header Block flag was followed by a frame + other than HEADERS. + +HTTP_SETTINGS_ON_WRONG_STREAM (0xB00F): +: A SETTINGS frame was received on a request control stream. + +## Mapping HTTP/2 Error Codes + The HTTP/2 error codes defined in Section 7 of {{!RFC7540}} map to QUIC error codes as follows: NO_ERROR (0x0): -: Maps to QUIC_NO_ERROR +: QUIC_NO_ERROR PROTOCOL_ERROR (0x1): -: No single mapping? +: No single mapping. See new HTTP_MALFORMED_* error codes defined in + {{http-error-codes}}. INTERNAL_ERROR (0x2) -: QUIC_INTERNAL_ERROR? (not currently defined in core protocol spec) +: HTTP_INTERNAL_ERROR in {{http-error-codes}}. FLOW_CONTROL_ERROR (0x3): -: QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA? (not currently defined in core - protocol spec) +: Not applicable, since QUIC handles flow control. Would provoke a + QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA from the QUIC layer. SETTINGS_TIMEOUT (0x4): -: (depends on whether we support SETTINGS acks) +: HTTP_SETTINGS_TIMEOUT in {{http-error-codes}}. STREAM_CLOSED (0x5): -: QUIC_STREAM_DATA_AFTER_TERMINATION +: Not applicable, since QUIC handles stream management. Would provoke a + QUIC_STREAM_DATA_AFTER_TERMINATION from the QUIC layer. FRAME_SIZE_ERROR (0x6) -: QUIC_INVALID_FRAME_DATA +: No single mapping. See new error codes defined in {{http-error-codes}}. REFUSED_STREAM (0x7): -: ? +: Not applicable, since QUIC handles stream management. Would provoke a + QUIC_TOO_MANY_OPEN_STREAMS from the QUIC layer. CANCEL (0x8): -: ? +: HTTP_REQUEST_CANCELLED in {{http-error-codes}}. COMPRESSION_ERROR (0x9): -: QUIC_DECOMPRESSION_FAILURE (not currently defined in core spec) +: HTTP_HPACK_DECOMPRESSION_FAILEDin {{http-error-codes}}. CONNECT_ERROR (0xa): -: ? (depends whether we decide to support CONNECT) +: HTTP_CONNECT_ERROR in {{http-error-codes}}. ENHANCE_YOUR_CALM (0xb): -: ? +: HTTP_EXCESSIVE_LOAD in {{http-error-codes}}. INADEQUATE_SECURITY (0xc): -: QUIC_HANDSHAKE_FAILED, QUIC_CRYPTO_NO_SUPPORT +: Not applicable, since QUIC is assumed to provide sufficient security on all + connections. HTTP_1_1_REQUIRED (0xd): -: ? +: HTTP_VERSION_FALLBACK in {{http-error-codes}}. TODO: fill in missing error code mappings. diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 03a076a59c..2c7582faa6 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -1229,6 +1229,94 @@ SHOULD track redundant packets and treat excessive volumes of any non-productive packets as indicative of an attack. +# Error codes {#errors} + +The portion of the QUIC error code space allocated for the crypto handshake is +0x4000-0x7FFF. The following error codes are defined when TLS is used for the +crypto handshake: + +TLS_HANDSHAKE_FAILED (0x401c): +: Crypto errors. Handshake failed. + +TLS_MESSAGE_OUT_OF_ORDER (0x401d): +: Handshake message received out of order. + +TLS_TOO_MANY_ENTRIES (0x401e): +: Handshake message contained too many entries. + +TLS_INVALID_VALUE_LENGTH (0x401f): +: Handshake message contained an invalid value length. + +TLS_MESSAGE_AFTER_HANDSHAKE_COMPLETE (0x4020): +: A handshake message was received after the handshake was complete. + +TLS_INVALID_RECORD_TYPE (0x4021): +: A handshake message was received with an illegal record type. + +TLS_INVALID_PARAMETER (0x4022): +: A handshake message was received with an illegal parameter. + +TLS_INVALID_CHANNEL_ID_SIGNATURE (0x4034): +: An invalid channel id signature was supplied. + +TLS_MESSAGE_PARAMETER_NOT_FOUND (0x4023): +: A handshake message was received with a mandatory parameter missing. + +TLS_MESSAGE_PARAMETER_NO_OVERLAP (0x4024): +: A handshake message was received with a parameter that has no overlap with the + local parameter. + +TLS_MESSAGE_INDEX_NOT_FOUND (0x4025): +: A handshake message was received that contained a parameter with too few values. + +TLS_UNSUPPORTED_PROOF_DEMAND (0x405e): +: A demand for an unsupported proof type was received. + +TLS_INTERNAL_ERROR (0x4026): +: An internal error occured in handshake processing. + +TLS_VERSION_NOT_SUPPORTED (0x4027): +: A handshake handshake message specified an unsupported version. + +TLS_HANDSHAKE_STATELESS_REJECT (0x4048): +: A handshake handshake message resulted in a stateless reject. + +TLS_NO_SUPPORT (0x4028): +: There was no intersection between the crypto primitives supported by the peer + and ourselves. + +TLS_TOO_MANY_REJECTS (0x4029): +: The server rejected our client hello messages too many times. + +TLS_PROOF_INVALID (0x402a): +: The client rejected the server's certificate chain or signature. + +TLS_DUPLICATE_TAG (0x402b): +: A handshake message was received with a duplicate tag. + +TLS_ENCRYPTION_LEVEL_INCORRECT (0x402c): +: A handshake message was received with the wrong encryption level (i.e. it + should have been encrypted but was not.) + +TLS_SERVER_CONFIG_EXPIRED (0x402d): +: The server config for a server has expired. + +TLS_SYMMETRIC_KEY_SETUP_FAILED (0x4035): +: We failed to set up the symmetric keys for a connection. + +TLS_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO (0x4036): +: A handshake message arrived, but we are still validating the previous + handshake message. + +TLS_UPDATE_BEFORE_HANDSHAKE_COMPLETE (0x4041): +: A server config update arrived before the handshake is complete. + +TLS_CLIENT_HELLO_TOO_LARGE (0x405a): +: ClientHello cannot fit in one packet. + + + + # IANA Considerations This document has no IANA actions. Yet. diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 711b941034..644bda74c6 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1639,245 +1639,190 @@ to get blocked. # Error Codes {#error-handling} -This section lists all the QUIC error codes that may be used in a -CONNECTION_CLOSE frame. TODO: Trim list and group errors for readabiity. +Error codes are 32 bits long, with the first two bits indicating the source of +the error code: -TODO: Discuss error handling beyond just listing error codes. +0x0000-0x3FFF: +: QUIC transport error codes, including packet protection errors. Applicable to + all uses of QUIC. -* 0x01: QUIC_INTERNAL_ERROR. (Connection has reached an invalid state.) +0x4000-0x7FFF: +: Cryptographic error codes. Defined by the crypto handshake protocol in use. -* 0x02: QUIC_STREAM_DATA_AFTER_TERMINATION. (There were data frames after the a - fin or reset.) +0x8000-0xAFFF: +: Loss-detection and congestion control error codes. Defined by the + loss-detection and congestion control algorithm currently in use. -* 0x03: QUIC_INVALID_PACKET_HEADER. (Control frame is malformed.) +0xB000-0xFFFF: +: Application-specific error codes. Defined by each application-layer protocol. -* 0x04: QUIC_INVALID_FRAME_DATA. (Frame data is malformed.) +This section lists the defined QUIC transport error codes that may be used in a +CONNECTION_CLOSE or RST_STREAM frame. Error codes share a common code space. +Some error codes apply only to either streams or the entire connection and have +no defined semantics in the other context. -* 0x30: QUIC_MISSING_PAYLOAD. (The packet contained no payload.) +QUIC_INTERNAL_ERROR (0x01): +: Connection has reached an invalid state. -* 0x2e: QUIC_INVALID_STREAM_DATA. (STREAM frame data is malformed.) +QUIC_STREAM_DATA_AFTER_TERMINATION (0x02): +: There were data frames after the a fin or reset. -* 0x57: QUIC_OVERLAPPING_STREAM_DATA. (STREAM frame data overlaps with buffered - data.) +QUIC_INVALID_PACKET_HEADER (0x03): +: Control frame is malformed. -* 0x3d: QUIC_UNENCRYPTED_STREAM_DATA. (Received STREAM frame data is not - encrypted.) +QUIC_INVALID_FRAME_DATA (0x04): +: Frame data is malformed. -* 0x58: QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA. (Attempt to send - unencrypted STREAM frame. Not sent on the wire, used for local logging.) +QUIC_MISSING_PAYLOAD (0x30): +: The packet contained no payload. -* 0x59: QUIC_MAYBE_CORRUPTED_MEMORY. (Received a frame which is likely the - result of memory corruption.) +QUIC_INVALID_STREAM_DATA (0x2e): +: STREAM frame data is malformed. -* 0x06: QUIC_INVALID_RST_STREAM_DATA. (RST_STREAM frame data is malformed.) +QUIC_OVERLAPPING_STREAM_DATA (0x57): +: STREAM frame data overlaps with buffered data. -* 0x07: QUIC_INVALID_CONNECTION_CLOSE_DATA. (CONNECTION_CLOSE frame data is - malformed.) +QUIC_UNENCRYPTED_STREAM_DATA (0x3d): +: Received STREAM frame data is not encrypted. -* 0x08: QUIC_INVALID_GOAWAY_DATA. (GOAWAY frame data is malformed.) +QUIC_MAYBE_CORRUPTED_MEMORY (0x59): +: Received a frame which is likely the result of memory corruption. -* 0x39: QUIC_INVALID_WINDOW_UPDATE_DATA. (WINDOW_UPDATE frame data is - malformed.) +QUIC_INVALID_RST_STREAM_DATA (0x06): +: RST_STREAM frame data is malformed. -* 0x3a: QUIC_INVALID_BLOCKED_DATA. (BLOCKED frame data is malformed.) +QUIC_INVALID_CONNECTION_CLOSE_DATA (0x07): +: CONNECTION_CLOSE frame data is malformed. -* 0x3c: QUIC_INVALID_STOP_WAITING_DATA. (STOP_WAITING frame data is malformed.) +QUIC_INVALID_GOAWAY_DATA (0x08): +: GOAWAY frame data is malformed. -* 0x4e: QUIC_INVALID_PATH_CLOSE_DATA. (PATH_CLOSE frame data is malformed.) +QUIC_INVALID_WINDOW_UPDATE_DATA (0x39): +: WINDOW_UPDATE frame data is malformed. -* 0x09: QUIC_INVALID_ACK_DATA. (ACK frame data is malformed.) +QUIC_INVALID_BLOCKED_DATA (0x3a): +: BLOCKED frame data is malformed. -* 0x0a: QUIC_INVALID_VERSION_NEGOTIATION_PACKET. (Version negotiation packet is - malformed.) +QUIC_INVALID_STOP_WAITING_DATA (0x3c): +: STOP_WAITING frame data is malformed. -* 0x0b: QUIC_INVALID_PUBLIC_RST_PACKET. (Public RST packet is malformed.) +QUIC_INVALID_PATH_CLOSE_DATA (0x4e): +: PATH_CLOSE frame data is malformed. -* 0x0c: QUIC_DECRYPTION_FAILURE. (There was an error decrypting.) +QUIC_INVALID_ACK_DATA (0x09): +: ACK frame data is malformed. -* 0x0d: QUIC_ENCRYPTION_FAILURE. (There was an error encrypting.) +QUIC_INVALID_VERSION_NEGOTIATION_PACKET (0x0a): +: Version negotiation packet is malformed. -* 0x0e: QUIC_PACKET_TOO_LARGE. (The packet exceeded kMaxPacketSize.) +QUIC_INVALID_PUBLIC_RST_PACKET (0x0b): +: Public RST packet is malformed. -* 0x10: QUIC_PEER_GOING_AWAY. (The peer is going away. May be a client or - server.) +QUIC_DECRYPTION_FAILURE (0x0c): +: There was an error decrypting. -* 0x11: QUIC_INVALID_STREAM_ID. (A stream ID was invalid.) +QUIC_ENCRYPTION_FAILURE (0x0d): +: There was an error encrypting. -* 0x31: QUIC_INVALID_PRIORITY. (A priority was invalid.) +QUIC_PACKET_TOO_LARGE (0x0e): +: The packet exceeded kMaxPacketSize. -* 0x12: QUIC_TOO_MANY_OPEN_STREAMS. (Too many streams already open.) +QUIC_PEER_GOING_AWAY (0x10): +: The peer is going away. May be a client or server. -* 0x4c: QUIC_TOO_MANY_AVAILABLE_STREAMS. (The peer created too many available - streams.) +QUIC_INVALID_STREAM_ID (0x11): +: A stream ID was invalid. -* 0x13: QUIC_PUBLIC_RESET. (Received public reset for this connection.) +QUIC_INVALID_PRIORITY (0x31): +: A priority was invalid. -* 0x14: QUIC_INVALID_VERSION. (Invalid protocol version.) +QUIC_TOO_MANY_OPEN_STREAMS (0x12): +: Too many streams already open. -* 0x16: QUIC_INVALID_HEADER_ID. (The Header ID for a stream was too far from - the previous.) +QUIC_TOO_MANY_AVAILABLE_STREAMS (0x4c): +: The peer created too many available streams. -* 0x17: QUIC_INVALID_NEGOTIATED_VALUE. (Negotiable parameter received during - handshake had invalid value.) +QUIC_PUBLIC_RESET (0x13): +: Received public reset for this connection. -* 0x18: QUIC_DECOMPRESSION_FAILURE. (There was an error decompressing data.) +QUIC_INVALID_VERSION (0x14): +: Invalid protocol version. -* 0x19: QUIC_NETWORK_IDLE_TIMEOUT. (The connection timed out due to no network - activity.) +QUIC_INVALID_HEADER_ID (0x16): +: The Header ID for a stream was too far from the previous. -* 0x43: QUIC_HANDSHAKE_TIMEOUT. (The connection timed out waiting for the - handshake to complete.) +QUIC_INVALID_NEGOTIATED_VALUE (0x17): +: Negotiable parameter received during handshake had invalid value. -* 0x1a: QUIC_ERROR_MIGRATING_ADDRESS. (There was an error encountered migrating - addresses.) +QUIC_DECOMPRESSION_FAILURE (0x18): +: There was an error decompressing data. -* 0x56: QUIC_ERROR_MIGRATING_PORT. (There was an error encountered migrating - port only.) +QUIC_NETWORK_IDLE_TIMEOUT (0x19): +: The connection timed out due to no network activity. -* 0x1b: QUIC_PACKET_WRITE_ERROR. (There was an error while writing to the - socket.) +QUIC_HANDSHAKE_TIMEOUT (0x43): +: The connection timed out waiting for the handshake to complete. -* 0x33: QUIC_PACKET_READ_ERROR. (There was an error while reading from the - socket.) +QUIC_ERROR_MIGRATING_ADDRESS (0x1a): +: There was an error encountered migrating addresses. -* 0x32: QUIC_EMPTY_STREAM_FRAME_NO_FIN. (We received a STREAM_FRAME with no - data and no fin flag set.) +QUIC_ERROR_MIGRATING_PORT (0x56): +: There was an error encountered migrating port only. -* 0x38: QUIC_INVALID_HEADERS_STREAM_DATA. (We received invalid data on the - headers stream.) +QUIC_EMPTY_STREAM_FRAME_NO_FIN (0x32): +: We received a STREAM_FRAME with no data and no fin flag set. -* 0x3b: QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA. (The peer received too much - data, violating flow control.) +QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA (0x3b): +: The peer received too much data, violating flow control. -* 0x3f: QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA. (The peer sent too much data, - violating flow control.) +QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA (0x3f): +: The peer sent too much data, violating flow control. -* 0x40: QUIC_FLOW_CONTROL_INVALID_WINDOW. (The peer received an invalid flow - control window.) +QUIC_FLOW_CONTROL_INVALID_WINDOW (0x40): +: The peer received an invalid flow control window. -* 0x3e: QUIC_CONNECTION_IP_POOLED. (The connection has been IP pooled into an - existing connection.) +QUIC_CONNECTION_IP_POOLED (0x3e): +: The connection has been IP pooled into an existing connection. -* 0x44: QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS. (The connection has too many - outstanding sent packets.) +QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS (0x44): +: The connection has too many outstanding sent packets. -* 0x45: QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS. (The connection has too - many outstanding received packets.) +QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS (0x45): +: The connection has too many outstanding received packets. -* 0x46: QUIC_CONNECTION_CANCELLED. (The quic connection has been cancelled.) +QUIC_CONNECTION_CANCELLED (0x46): +: The QUIC connection has been cancelled. -* 0x47: QUIC_BAD_PACKET_LOSS_RATE. (Disabled QUIC because of high packet loss - rate.) +QUIC_BAD_PACKET_LOSS_RATE (0x47): +: Disabled QUIC because of high packet loss rate. -* 0x49: QUIC_PUBLIC_RESETS_POST_HANDSHAKE. (Disabled QUIC because of too many - PUBLIC_RESETs post handshake.) +QUIC_PUBLIC_RESETS_POST_HANDSHAKE (0x49): +: Disabled QUIC because of too many PUBLIC_RESETs post handshake. -* 0x4a: QUIC_TIMEOUTS_WITH_OPEN_STREAMS. (Disabled QUIC because of too many - timeouts with streams open.) +QUIC_TIMEOUTS_WITH_OPEN_STREAMS (0x4a): +: Disabled QUIC because of too many timeouts with streams open. -* 0x4b: QUIC_FAILED_TO_SERIALIZE_PACKET. (Closed because we failed to serialize - a packet.) +QUIC_TOO_MANY_RTOS (0x55): +: QUIC timed out after too many RTOs. -* 0x55: QUIC_TOO_MANY_RTOS. (QUIC timed out after too many RTOs.) x1c: -QUIC_HANDSHAKE_FAILED. (Crypto errors.Hanshake failed.) +QUIC_ENCRYPTION_LEVEL_INCORRECT (0x2c): +: A packet was received with the wrong encryption level (i.e. it should + have been encrypted but was not.) -* 0x1d: QUIC_CRYPTO_TAGS_OUT_OF_ORDER. (Handshake message contained out of - order tags.) +QUIC_VERSION_NEGOTIATION_MISMATCH (0x37): +: This connection involved a version negotiation which appears to have been + tampered with. -* 0x1e: QUIC_CRYPTO_TOO_MANY_ENTRIES. (Handshake message contained too many - entries.) +QUIC_IP_ADDRESS_CHANGED (0x50): +: IP address changed causing connection close. -* 0x1f: QUIC_CRYPTO_INVALID_VALUE_LENGTH. (Handshake message contained an - invalid value length.) +QUIC_TOO_MANY_FRAME_GAPS (0x5d): +: Stream frames arrived too discontiguously so that stream sequencer buffer + maintains too many gaps. -* 0x20: QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE. (A crypto message was - received after the handshake was complete.) +QUIC_TOO_MANY_SESSIONS_ON_SERVER (0x60): +: Connection closed because server hit max number of sessions allowed. -* 0x21: QUIC_INVALID_CRYPTO_MESSAGE_TYPE. (A crypto message was received with - an illegal message tag.) - -* 0x22: QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. (A crypto message was received - with an illegal parameter.) - -* 0x34: QUIC_INVALID_CHANNEL_ID_SIGNATURE. (An invalid channel id signature was - supplied.) - -* 0x23: QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND. (A crypto message was received - with a mandatory parameter missing.) - -* 0x24: QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP. (A crypto message was - received with a parameter that has no overlapwith the local parameter.) - -* 0x25: QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND. (A crypto message was received - that contained a parameter with too fewvalues.) - -* 0x5e: QUIC_UNSUPPORTED_PROOF_DEMAND. (A demand for an unsupport proof type - was received.) - -* 0x26: QUIC_CRYPTO_INTERNAL_ERROR. (An internal error occured in crypto - processing.) - -* 0x27: QUIC_CRYPTO_VERSION_NOT_SUPPORTED. (A crypto handshake message - specified an unsupported version.) - -* 0x48: QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT. (A crypto handshake message - resulted in a stateless reject.) - -* 0x28: QUIC_CRYPTO_NO_SUPPORT. (There was no intersection between the crypto - primitives supported by thepeer and ourselves.) - -* 0x29: QUIC_CRYPTO_TOO_MANY_REJECTS. (The server rejected our client hello - messages too many times.) - -* 0x2a: QUIC_PROOF_INVALID. (The client rejected the server's certificate chain - or signature.) - -* 0x2b: QUIC_CRYPTO_DUPLICATE_TAG. (A crypto message was received with a - duplicate tag.) - -* 0x2c: QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT. (A crypto message was received - with the wrong encryption level (i.e. itshould have been encrypted but was - not.)) - -* 0x2d: QUIC_CRYPTO_SERVER_CONFIG_EXPIRED. (The server config for a server has - expired.) - -* 0x35: QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED. (We failed to setup the - symmetric keys for a connection.) - -* 0x36: QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO. (A handshake message - arrived, but we are still validating theprevious handshake message.) - -* 0x41: QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE. (A server config update - arrived before the handshake is complete.) - -* 0x5a: QUIC_CRYPTO_CHLO_TOO_LARGE. (CHLO cannot fit in one packet.) - -* 0x37: QUIC_VERSION_NEGOTIATION_MISMATCH. (This connection involved a version - negotiation which appears to have beentampered with.) - -* 0x50: QUIC_IP_ADDRESS_CHANGED. (IP address changed causing connection close.) - -* 0x51: QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS. (Connection migration - errors.Network changed, but connection had no migratable streams.) - -* 0x52: QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES. (Connection changed - networks too many times.) - -* 0x53: QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK. (Connection migration was - attempted, but there was no new network tomigrate to.) - -* 0x54: QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM. (Network changed, but - connection had one or more non-migratable streams.) - -* 0x5d: QUIC_TOO_MANY_FRAME_GAPS. (Stream frames arrived too discontiguously so - that stream sequencer buffermaintains too many gaps.) - -* 0x5f: QUIC_STREAM_SEQUENCER_INVALID_STATE. (Sequencer buffer gets into weird - state where continuing read/write will lead to crash.) - -* 0x60: QUIC_TOO_MANY_SESSIONS_ON_SERVER. (Connection closed because of server - hits max number of sessions allowed. # Security and Privacy Considerations