Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server is not required to send PATH_CHALLENGE in response to a packet on new path. #424

Open
tatsuhiro-t opened this issue Feb 3, 2025 · 2 comments
Open

Server is not required to send PATH_CHALLENGE in response to a packet on new path. #424

tatsuhiro-t opened this issue Feb 3, 2025 · 2 comments

Comments

@tatsuhiro-t
Copy link
Contributor

tatsuhiro-t commented Feb 3, 2025
edited
Loading

2025-02-03 19:39:53,325 First server packet on new path (('fd00:cafe:cafe:100::100', 4433), ('fd00:cafe:cafe::100', 60060)) did not contain a PATH_CHALLENGE frame

Actually, the first packet that server received contained PATH_CHALLENGE and PADDING. Server just responded to it with PATH_RESPONSE in its first packet to the new path. And test failed with this.
The condition "First server packet on new path must contain PATH_CHALLENGE" should be deleted because nothing in RFC requires it.
@marten-seemann
Copy link
Collaborator

I think it does. You’re not supposed to use a new path without probing it first, are you?

@tatsuhiro-t tatsuhiro-t changed the title Server is not required to send PATH_CHALLENGE in response to a patch on new path. Server is not required to send PATH_CHALLENGE in response to a packet on new path. Feb 4, 2025
@tatsuhiro-t
Copy link
Contributor Author

https://datatracker.ietf.org/doc/html/rfc9000#name-servers-preferred-address says:

A server might receive a packet addressed to its preferred IP address at any time after it accepts a connection. If this packet contains a PATH_CHALLENGE frame, the server sends a packet containing a PATH_RESPONSE frame as per Section 8.2. The server MUST send non-probing packets from its original address until it receives a non-probing packet from the client at its preferred address and until the server has validated the new path.

It does not say the first packet server sends to the new path MUST contain PATH_CHALLENGE.

In the particular CM testcase between client(neqo) and server(ngtcp2), neqo sent PATH_CHALLENGE and PADDING in the first packet on new path. ngtcp2 sent PATH_RESPONSE in response to it.

https://datatracker.ietf.org/doc/html/rfc9000#section-8.2.2

On receiving a PATH_CHALLENGE frame, an endpoint MUST respond by echoing the data contained in the PATH_CHALLENGE frame in a PATH_RESPONSE frame. An endpoint MUST NOT delay transmission of a packet containing a PATH_RESPONSE frame unless constrained by congestion control.

RFC does not say server must include PATH_CHALLENGE when responding to PATH_CHALLENGE.

https://datatracker.ietf.org/doc/html/rfc9000#section-9.2

An endpoint MAY defer path validation until after a peer sends the next non-probing frame to its new address.

ngtcp2 sends PATH_CHALLENGE when it receives non-probing frames from neqo.

If I understand them correctly, these facts suggest that requiring PATH_CHALLENGE in the first packet that server sends to the new path is not correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tatsuhiro-t @marten-seemann