As shown in this thread, being too picky with transport parameters leads to interop issues;
Normalement, les tests devraient marcher maintenant.
J'aimerai plus de détails pour l'intégration avec unbound -- pour déployer ça sur mon serveur "test.privateoctopus.com".
On 11/27/2020 6:57 AM, Stephane Bortzmeyer wrote:
Bonjour,
J'essaie de faire communiquer quicdoq et aoiquic. En HTTP/3, pas de
problèmes, picoquic et aoiquic peuvent échanger.
En DoQ, ça ne va plus. Un serveur quicdoq et un client aoiquic
n'interopèrent pas.
Le serveur quicdoq voit :
% ./quicdoq_app -p 7844 -d 192.168.2.254 -l '-'
Starting the quicdoq server on port 7844, back end UDP server 192.168.2.254
75e4bdaece6ddeec: Receiving 1280 bytes from [0:0:0:0:0:0:0:1]:54930 at T=0.000000 (5b517bdb3d063)
75e4bdaece6ddeec: Receiving packet type: 2 (initial), S0, Q1, Version ff000020,
75e4bdaece6ddeec: <75e4bdaece6ddeec>, , Seq: 0, pl: 1254
75e4bdaece6ddeec: Token length: 0
75e4bdaece6ddeec: Decrypted 1236 bytes
75e4bdaece6ddeec: Crypto HS frame, offset 0, length 360: 0100016403032c3c...
75e4bdaece6ddeec: padding, 872 bytes
75e4bdaece6ddeec: ALPN[0] matches default alpn (doq-i00)
75e4bdaece6ddeec: Received ALPN list (1): doq-i00
75e4bdaece6ddeec: Received transport parameter TLS extension (63 bytes):
75e4bdaece6ddeec: Extension list (63 bytes):
75e4bdaece6ddeec: Extension type: 1 (idle_timeout), length 4, 8000ea60
75e4bdaece6ddeec: Extension type: 4 (initial_max_data), length 4, 80100000
75e4bdaece6ddeec: Extension type: 5 (max_stream_data_bidi_local), length 4, 80100000
75e4bdaece6ddeec: Extension type: 6 (max_stream_data_bidi_remote), length 4, 80100000
75e4bdaece6ddeec: Extension type: 7 (max_stream_data_uni), length 4, 80100000
75e4bdaece6ddeec: Extension type: 8 (max_streams_bidi), length 2, 4080
75e4bdaece6ddeec: Extension type: 9 (max_streams_uni), length 2, 4080
75e4bdaece6ddeec: Extension type: 10 (ack_delay_exponent), length 1, 03
75e4bdaece6ddeec: Extension type: 11 (max_ack_delay), length 1, 19
75e4bdaece6ddeec: Extension type: 14 (active_connection_id_limit), length 1, 08
75e4bdaece6ddeec: Extension type: 15 (hcid), length 8, ca2fc575e6c8aa0e
75e4bdaece6ddeec: Extension type: 32 (max_datagram_frame_size), length 4, 80010000
75e4bdaece6ddeec: Sending transport parameter TLS extension (77 bytes):
75e4bdaece6ddeec: Extension list (77 bytes):
75e4bdaece6ddeec: Extension type: 5 (max_stream_data_bidi_local), length 1, 00
75e4bdaece6ddeec: Extension type: 4 (initial_max_data), length 4, 80010000
75e4bdaece6ddeec: Extension type: 8 (max_streams_bidi), length 2, 4041
75e4bdaece6ddeec: Extension type: 1 (idle_timeout), length 4, 80004e20
75e4bdaece6ddeec: Extension type: 3 (max_packet_size), length 2, 44d0
75e4bdaece6ddeec: Extension type: 6 (max_stream_data_bidi_remote), length 4, 8000ffff
75e4bdaece6ddeec: Extension type: 14 (active_connection_id_limit), length 1, 03
75e4bdaece6ddeec: Extension type: 11 (max_ack_delay), length 1, 0a
75e4bdaece6ddeec: Extension type: 15 (hcid), length 8, c02eeb19e95d19e7
75e4bdaece6ddeec: Extension type: 0 (ocid), length 8, 75e4bdaece6ddeec
75e4bdaece6ddeec: Extension type: 2 (stateless_reset_token), length 16, 7592582700c81b8b8fca52e8442b405f
75e4bdaece6ddeec: Extension type: 32 (max_datagram_frame_size), length 2, 4600
75e4bdaece6ddeec: Sending packet type: 2 (initial), S0, Q1, Version ff000020,
75e4bdaece6ddeec: , , Seq: 0, pl: 153
75e4bdaece6ddeec: Token length: 0
75e4bdaece6ddeec: Prepared 133 bytes
75e4bdaece6ddeec: ACK (nb=0), 0
75e4bdaece6ddeec: Crypto HS frame, offset 0, length 123: 020000770303cc39...
75e4bdaece6ddeec: Sending packet type: 4 (handshake), S0, Q1, Version ff000020,
75e4bdaece6ddeec: , , Seq: 0, pl: 1028
75e4bdaece6ddeec: Prepared 1008 bytes
75e4bdaece6ddeec: Crypto HS frame, offset 0, length 1004: 0800006500630000...
75e4bdaece6ddeec: Sending 1232 bytes to [0:0:0:0:0:0:0:1]:54930 at T=0.001783 (5b517bdb3d75a)
75e4bdaece6ddeec: Quicdoq: Invalid transport parameters
The spec says, section 4.6:
The maximum size of messages is controlled in QUIC by the transport parameters:
o initial_max_stream_data_bidi_local: when set by the client,
specifies the amount of data that servers can send on a "response"
stream without waiting for a MAX_STREAM_DATA frame.
o initial_max_stream_data_bidi_remote: when set by the server,
specifies the amount of data that clients can send on a "query"
stream without waiting for a MAX_STREAM_DATA frame.
Clients and servers MUST set these two parameters to the value 65535.
If they receive a different value, they SHOULD close the QUIC
connection with an application error "Invalid Parameter".
The client (aioquic) sent:
75e4bdaece6ddeec: Extension type: 5 (max_stream_data_bidi_local), length 4, 80100000
75e4bdaece6ddeec: Extension type: 6 (max_stream_data_bidi_remote), length 4, 80100000
This is technically a violation of the spec -- max size 0x100000 instead of 0xFFFF.
The server sent:
75e4bdaece6ddeec: Extension type: 6 (max_stream_data_bidi_remote), length 4, 8000ffff
Which is the expected value. But the server does not set "max_stream_data_bidi_local", because it does not expect to create streams.
75e4bdaece6ddeec: Sending packet type: 4 (handshake), S0, Q1, Version ff000020,
75e4bdaece6ddeec: , , Seq: 1, pl: 270
75e4bdaece6ddeec: Prepared 250 bytes
75e4bdaece6ddeec: Crypto HS frame, offset 1004, length 245: 872aca323d89c6fc...
75e4bdaece6ddeec: Sending packet type: 6 (1rtt protected), S0, Q1,
75e4bdaece6ddeec: , Seq: 0 (0), Phi: 0,
75e4bdaece6ddeec: Prepared 3 bytes
75e4bdaece6ddeec: application_close, Error 0x0000, Reason length 0
The reason code should be DOQ_TRANSPORT_PARAMETER_ERROR (0x02)! This looks like a bug in QuicDoq
75e4bdaece6ddeec: Sending 324 bytes to [0:0:0:0:0:0:0:1]:54930 at T=0.001892 (5b517bdb3d7c7)
75e4bdaece6ddeec: Receiving 99 bytes from [0:0:0:0:0:0:0:1]:54930 at T=0.004501 (5b517bdb3e1f8)
75e4bdaece6ddeec: Receiving packet type: 2 (initial), S0, Q1, Version ff000020,
75e4bdaece6ddeec: , , Seq: 0, pl: 24
75e4bdaece6ddeec: Token length: 0
75e4bdaece6ddeec: Header or encryption error: 408.
75e4bdaece6ddeec: Closed. Retrans= 0, spurious= 0, max sp gap = 0, max sp delay = 0, dg-coal: 1.000000
Et le client aoiquic voit :
% python3 ./doq_client.py --port 7844 -v --insecure --query www.bortzmeyer.org --dns_type AAAA
2020-11-27 14:47:35,098 DEBUG client No session ticket defined...
2020-11-27 14:47:35,098 DEBUG asyncio Using selector: EpollSelector
2020-11-27 14:47:35,098 DEBUG client Connecting to localhost:7844
2020-11-27 14:47:35,106 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_HANDSHAKE_START -> State.CLIENT_EXPECT_SERVER_HELLO
2020-11-27 14:47:35,108 DEBUG quic [75e4bdaece6ddeec] QuicConnectionState.FIRSTFLIGHT -> QuicConnectionState.CONNECTED
2020-11-27 14:47:35,109 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_EXPECT_SERVER_HELLO -> State.CLIENT_EXPECT_ENCRYPTED_EXTENSIONS
2020-11-27 14:47:35,110 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_EXPECT_ENCRYPTED_EXTENSIONS -> State.CLIENT_EXPECT_CERTIFICATE_REQUEST_OR_CERTIFICATE
2020-11-27 14:47:35,110 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_EXPECT_CERTIFICATE_REQUEST_OR_CERTIFICATE -> State.CLIENT_EXPECT_CERTIFICATE_VERIFY
2020-11-27 14:47:35,110 DEBUG quic [75e4bdaece6ddeec] Discarding epoch Epoch.INITIAL
2020-11-27 14:47:35,111 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_EXPECT_CERTIFICATE_VERIFY -> State.CLIENT_EXPECT_FINISHED
2020-11-27 14:47:35,112 DEBUG quic [75e4bdaece6ddeec] TLS State.CLIENT_EXPECT_FINISHED -> State.CLIENT_POST_HANDSHAKE
2020-11-27 14:47:35,112 INFO quic [75e4bdaece6ddeec] ALPN negotiated protocol doq-i00
2020-11-27 14:47:35,112 INFO quic [75e4bdaece6ddeec] Connection close code 0x0, reason
2020-11-27 14:47:35,113 DEBUG quic [75e4bdaece6ddeec] QuicConnectionState.CONNECTED -> QuicConnectionState.DRAINING
2020-11-27 14:47:35,113 DEBUG client Sending DNS query www.bortzmeyer.org/AAAA
2020-11-27 14:47:35,113 DEBUG client Stream ID: 0
2020-11-27 14:47:35,161 DEBUG quic [75e4bdaece6ddeec] Discarding epoch Epoch.HANDSHAKE
2020-11-27 14:47:35,161 DEBUG quic [75e4bdaece6ddeec] Discarding epoch Epoch.ONE_RTT
2020-11-27 14:47:35,162 DEBUG quic [75e4bdaece6ddeec] QuicConnectionState.DRAINING -> QuicConnectionState.TERMINATED
Ce qui m'inquiète, c'est le "application_close, Error 0x0000, Reason
length 0" côté serveur. Le serveur décide de fermer mais pourquoi ?
Une idée ?
Voir ci-dessus. Deux solutions possibles:
-
Corriger l’implémentation AIOQUIC
-
Changer la spécification.
Je penche vers "changer la spec" pour deux raisons. La première est que cette restriction n'affecte que les performances, puisque les implémentations peuvent toujours renégocier le paramètre en cours de connexion s'il est trop petit. La deuxième est que le stack QUIC est souvent commun a plusieurs protocoles, par exemple DoQ et H3, et qu'on peut envisager des implémentations qui négocient l'ALPN durant la connection, et donc qui ne peuvent pas utiliser des paramètres spécifiques par application.
Mais si on ne spécifie pas la valeur des messages là, on devra discuter que faire si serveur ou client envoient des messages trop long, plus de 65635 octets.
-- Christian Huitema