Skip to content

Allow RETIRE_CONNECTION_ID to be sent in 0-RTT packets #5188

New issue
New issue
Open
Bug
Open
Allow RETIRE_CONNECTION_ID to be sent in 0-RTT packets#5188
Bug
Labels
Area: CoreRelated to the shared, core protocol logicBug: CoreA code bug in the Core MsQuic code
@t-minzheng

Description

@t-minzheng
t-minzheng
opened on Jun 27, 2025

Description
RFC 9000 12.5. Frames and Number Spaces forbids RETIRE_CONNECTION_ID in 0-RTT packets:

"Note that it is not possible to send the following frames in 0-RTT packets for various reasons: HANDSHAKE_DONE, .. RETIRE_CONNECTION_ID."

The QuicSendWriteFrames function correctly excludes HANDSHAKE_DONE from 0-RTT packets:

msquic/src/core/send.c

Lines 648 to 649 in 31d2b73

if (Builder->Metadata->Flags.KeyType == QUIC_PACKET_KEY_1_RTT &&
Send->SendFlags & QUIC_CONN_SEND_FLAG_HANDSHAKE_DONE) {

However, it does not perform a similar check for RETIRE_CONNECTION_ID:

msquic/src/core/send.c

Lines 859 to 895 in 31d2b73

if ((Send->SendFlags & QUIC_CONN_SEND_FLAG_RETIRE_CONNECTION_ID)) {
BOOLEAN HasMoreCidsToSend = FALSE;
BOOLEAN MaxFrameLimitHit = FALSE;
for (CXPLAT_LIST_ENTRY* Entry = Connection->DestCids.Flink;
Entry != &Connection->DestCids;
Entry = Entry->Flink) {
QUIC_CID_LIST_ENTRY* DestCid =
CXPLAT_CONTAINING_RECORD(
Entry,
QUIC_CID_LIST_ENTRY,
Link);
if (!DestCid->CID.NeedsToSend) {
continue;
}
CXPLAT_DBG_ASSERT(DestCid->CID.Retired);
if (MaxFrameLimitHit) {
HasMoreCidsToSend = TRUE;
break;
}
QUIC_RETIRE_CONNECTION_ID_EX Frame = {
DestCid->CID.SequenceNumber
};
if (QuicRetireConnectionIDFrameEncode(
&Frame,
&Builder->DatagramLength,
AvailableBufferLength,
Builder->Datagram->Buffer)) {
DestCid->CID.NeedsToSend = FALSE;
Builder->Metadata->Frames[
Builder->Metadata->FrameCount].RETIRE_CONNECTION_ID.Sequence =
DestCid->CID.SequenceNumber;
MaxFrameLimitHit =
QuicPacketBuilderAddFrame(
Builder, QUIC_FRAME_RETIRE_CONNECTION_ID, TRUE);

As a result, RETIRE_CONNECTION_ID frames may be incorrectly included in 0-RTT packets, violating the QUIC transport specification.

Suggested Fix

Insert a conditional check in line 859 to restrict the emission of RETIRE_CONNECTION_ID frames to 1-RTT packets only: if (Builder->Metadata->Flags.KeyType == QUIC_PACKET_KEY_1_RTT &&.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area: CoreRelated to the shared, core protocol logicBug: CoreA code bug in the Core MsQuic code

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions