[PATCH 4 of 5] QUIC: fixed probe-congestion deadlock

Sergey Kandaurov pluknet at nginx.com
Sun Aug 13 20:18:48 UTC 2023 

> On 1 Aug 2023, at 11:45, Roman Arutyunyan <arut at nginx.com> wrote:
> 
> # HG changeset patch
> # User Roman Arutyunyan <arut at nginx.com>
> # Date 1690873324 -14400
> #      Tue Aug 01 11:02:04 2023 +0400
> # Node ID cd0ef56b0f1afaa54d7d2756dad2182628445e04
> # Parent  741deb8ff8257914312ab134f3a0b69256c661f4
> QUIC: fixed probe-congestion deadlock.
> 
> When probe timeout expired while congestion window was exhausted, probe PINGs
> could not be sent.  As a result, lost packets could not be declared lost and
> congestion window could not be freed for new packets.  This deadlock
> continued until connection idle timeout expiration.
> 
> Now PINGs are sent separately from the frame queue without congestion control.

Which is supported by this clause in RFC 9002, section 7:

An endpoint MUST NOT send a packet if it would cause bytes_in_flight (see
Appendix B.2) to be larger than the congestion window, unless the packet
is sent on a PTO timer expiration

> 
> diff --git a/src/event/quic/ngx_event_quic_ack.c b/src/event/quic/ngx_event_quic_ack.c
> --- a/src/event/quic/ngx_event_quic_ack.c
> +++ b/src/event/quic/ngx_event_quic_ack.c
> @@ -820,9 +820,9 @@ ngx_quic_pto_handler(ngx_event_t *ev)
> {
>     ngx_uint_t              i;
>     ngx_msec_t              now;
> -    ngx_queue_t            *q, *next;
> +    ngx_queue_t            *q;
>     ngx_connection_t       *c;
> -    ngx_quic_frame_t       *f;
> +    ngx_quic_frame_t       *f, frame;
>     ngx_quic_send_ctx_t    *ctx;
>     ngx_quic_connection_t  *qc;
> 
> @@ -859,63 +859,23 @@ ngx_quic_pto_handler(ngx_event_t *ev)
>                        "quic pto %s pto_count:%ui",
>                        ngx_quic_level_name(ctx->level), qc->pto_count);
> 
> -        for (q = ngx_queue_head(&ctx->frames);
> -             q != ngx_queue_sentinel(&ctx->frames);
> -             /* void */)
> -        {
> -            next = ngx_queue_next(q);
> -            f = ngx_queue_data(q, ngx_quic_frame_t, queue);
> +        ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
> 
> -            if (f->type == NGX_QUIC_FT_PING) {
> -                ngx_queue_remove(q);
> -                ngx_quic_free_frame(c, f);
> -            }
> -
> -            q = next;
> -        }
> -
> -        for (q = ngx_queue_head(&ctx->sent);
> -             q != ngx_queue_sentinel(&ctx->sent);
> -             /* void */)
> -        {
> -            next = ngx_queue_next(q);
> -            f = ngx_queue_data(q, ngx_quic_frame_t, queue);
> +        frame.level = ctx->level;
> +        frame.type = NGX_QUIC_FT_PING;
> 
> -            if (f->type == NGX_QUIC_FT_PING) {
> -                ngx_quic_congestion_lost(c, f);
> -                ngx_queue_remove(q);
> -                ngx_quic_free_frame(c, f);
> -            }
> -
> -            q = next;
> -        }

Removing of handling PING frames in at least ctx->sent looks premature.
Consider PTO happened after sending PING in response to PATH_CHALLENGE
on an active path, as part of RFC 9000, 9.3.3.  In this case, such PING
won't be considered lost, which means we won't enter recovery period.

> -
> -        /* enforce 2 udp datagrams */

The comment is removed, though it's obvious now and should go probably.

> -
> -        f = ngx_quic_alloc_frame(c);
> -        if (f == NULL) {
> -            break;
> +        if (ngx_quic_frame_sendto(c, &frame, 0, qc->path) != NGX_OK
> +            || ngx_quic_frame_sendto(c, &frame, 0, qc->path) != NGX_OK)
> +        {
> +            ngx_quic_close_connection(c, NGX_ERROR);
> +            return;
>         }
> -
> -        f->level = ctx->level;
> -        f->type = NGX_QUIC_FT_PING;
> -        f->flush = 1;
> -
> -        ngx_quic_queue_frame(qc, f);
> -
> -        f = ngx_quic_alloc_frame(c);
> -        if (f == NULL) {
> -            break;
> -        }
> -
> -        f->level = ctx->level;
> -        f->type = NGX_QUIC_FT_PING;
> -
> -        ngx_quic_queue_frame(qc, f);
>     }
> 
>     qc->pto_count++;
> 
> +    ngx_quic_set_lost_timer(c);
> +
>     ngx_quic_connstate_dbg(c);
> }
> 
> diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
> --- a/src/event/quic/ngx_event_quic_output.c
> +++ b/src/event/quic/ngx_event_quic_output.c
> @@ -645,10 +645,6 @@ ngx_quic_output_packet(ngx_connection_t 
>         f->plen = 0;
> 
>         nframes++;
> -
> -        if (f->flush) {
> -            break;
> -        }
>     }
> 
>     if (nframes == 0) {
> diff --git a/src/event/quic/ngx_event_quic_transport.h b/src/event/quic/ngx_event_quic_transport.h
> --- a/src/event/quic/ngx_event_quic_transport.h
> +++ b/src/event/quic/ngx_event_quic_transport.h
> @@ -271,7 +271,6 @@ struct ngx_quic_frame_s {
>     ssize_t                                     len;
>     unsigned                                    need_ack:1;
>     unsigned                                    pkt_need_ack:1;
> -    unsigned                                    flush:1;
> 
>     ngx_chain_t                                *data;
>     union {

Otherwise, looks good.

-- 
Sergey Kandaurov

More information about the nginx-devel mailing list