[nginx] QUIC: fixed unsent MTU probe acknowledgement.

Roman Arutyunyan arut at nginx.com
Wed Feb 14 14:11:46 UTC 2024


details:   https://hg.nginx.org/nginx/rev/2ed3f57dca0a
branches:  
changeset: 9208:2ed3f57dca0a
user:      Roman Arutyunyan <arut at nginx.com>
date:      Wed Feb 14 16:56:28 2024 +0400
description:
QUIC: fixed unsent MTU probe acknowledgement.

Previously if an MTU probe send failed early in ngx_quic_frame_sendto()
due to allocation error or congestion control, the application level packet
number was not increased, but was still saved as MTU probe packet number.
Later when a packet with this number was acknowledged, the unsent MTU probe
was acknowledged as well.  This could result in discovering a bigger MTU than
supported by the path, which could lead to EMSGSIZE (Message too long) errors
while sending further packets.

The problem existed since PMTUD was introduced in 58afcd72446f (1.25.2).
Back then only the unlikely memory allocation error could trigger it.  However
in efcdaa66df2e congestion control was added to ngx_quic_frame_sendto() which
can now trigger the issue with a higher probability.

diffstat:

 src/event/quic/ngx_event_quic_migration.c |  19 ++++++++++++-------
 1 files changed, 12 insertions(+), 7 deletions(-)

diffs (53 lines):

diff -r 73eb75bee30f -r 2ed3f57dca0a src/event/quic/ngx_event_quic_migration.c
--- a/src/event/quic/ngx_event_quic_migration.c	Tue Jan 30 19:19:26 2024 +0400
+++ b/src/event/quic/ngx_event_quic_migration.c	Wed Feb 14 16:56:28 2024 +0400
@@ -909,6 +909,7 @@ static ngx_int_t
 ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path)
 {
     size_t                  mtu;
+    uint64_t                pnum;
     ngx_int_t               rc;
     ngx_uint_t              log_error;
     ngx_quic_frame_t       *frame;
@@ -925,7 +926,7 @@ ngx_quic_send_path_mtu_probe(ngx_connect
 
     qc = ngx_quic_get_connection(c);
     ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
-    path->mtu_pnum[path->tries] = ctx->pnum;
+    pnum = ctx->pnum;
 
     ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic path seq:%uL send probe "
@@ -943,14 +944,18 @@ ngx_quic_send_path_mtu_probe(ngx_connect
     path->mtu = mtu;
     c->log_error = log_error;
 
+    if (rc == NGX_OK) {
+        path->mtu_pnum[path->tries] = pnum;
+        return NGX_OK;
+    }
+
+    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                   "quic path seq:%uL rejected mtu:%uz",
+                   path->seqnum, path->mtud);
+
     if (rc == NGX_ERROR) {
         if (c->write->error) {
             c->write->error = 0;
-
-            ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                           "quic path seq:%uL rejected mtu:%uz",
-                           path->seqnum, path->mtud);
-
             return NGX_DECLINED;
         }
 
@@ -976,7 +981,7 @@ ngx_quic_handle_path_mtu(ngx_connection_
         pnum = path->mtu_pnum[i];
 
         if (pnum == NGX_QUIC_UNSET_PN) {
-            break;
+            continue;
         }
 
         if (pnum < min || pnum > max) {


More information about the nginx-devel mailing list