Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Chrome/Edge 版本 >=124 无法与 XQUIC 完成握手 #428

Closed
fbwfbi opened this issue May 27, 2024 · 3 comments · Fixed by #447
Closed

[Bug]: Chrome/Edge 版本 >=124 无法与 XQUIC 完成握手 #428

fbwfbi opened this issue May 27, 2024 · 3 comments · Fixed by #447
Assignees
@Yanmei-Liu

Comments

@fbwfbi
Copy link

fbwfbi commented May 27, 2024
edited
Loading

What happened?

使用 版本大于等于 124 的 Chrome/Edge 访问配置 xquic 的服务器,能正常通过关联的 tcp https 服务访问网页,响应已添加 Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000' 头部信息,但后续请求都无法升级到 ht3 ,一致都是 http1.1

image

抓包结果:
image
image

浏览器无法跟 xquic 服务器完成握手状态,后续一直在发 ping frame,而 xquic 也一直响应 ACK,始终无法完成握手;

分析浏览器的发包特征可以发现,至少有三点特殊的地方:

  1. Packet Nubmer 从 1 开始一直递增,没有在 Initial/Handshake/Application 三个包空间隔离;
  2. 发送的所有包里面都没有 Source CID,即使是 Initial/Handshake 类型的包;
  3. 首包 Initial 类型的 Packet 太大,需要两个 Initial 包才能放下 Client Hello;key_share 包含了 X25519Kyber768Draft00 Group

Steps To Reproduce

client: Chrome/Edge Version >=124
server: tengine (3.1.0) + xquic (1.7.2)

Relevant log output

开启 xquic 日志,发现收浏览器第二个 Initial 包时,状态变成了 S_HANDSHAKE_SENT 而不是正确的 S_INIT:

[2024/05/27 17:15:48 847762] [datagrams_received] |scid:13b0404fb4881d4a0aa824b4|xqc_engine_packet_process|size:1250|
[2024/05/27 17:15:48 847768] [info] |xqc_engine_packet_process|==>|conn:000055668355D6EC|size:1250|state:S_HANDSHAKE_SENT|recv_time:1716801348847761|
[2024/05/27 17:15:48 847774] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_packet_parse_initial|packet parse|initial|
[2024/05/27 17:15:48 847780] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_packet_parse_initial|success|Length:1232|
[2024/05/27 17:15:48 847786] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_packet_decrypt|largest_pn:1|
[2024/05/27 17:15:48 847793] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_packet_decrypt_single|pkt_type:INIT|pkt_num:2|
[2024/05/27 17:15:48 847799] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_process_frames|frame_type:1|
[2024/05/27 17:15:48 847804] [frames_processed] |scid:13b0404fb4881d4a0aa824b4|xqc_parse_ping_frame|type:1|
[2024/05/27 17:15:48 847810] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_process_frames|frame_type:6|
[2024/05/27 17:15:48 847815] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_conn_check_token|token empty|
[2024/05/27 17:15:48 847821] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_process_crypto_frame|check_token fail|conn:000055668355D6EC|addr or cid not avail|
[2024/05/27 17:15:48 847827] [frames_processed] |scid:13b0404fb4881d4a0aa824b4|xqc_parse_crypto_frame|type:5|offset:1260|length:11|
......
[2024/05/27 17:15:48 849597] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_conn_on_pkt_processed|====>|conn:000055668355D6EC|path:0|size:1250|pkt_type:INIT|pkt_num:2|frame:PADDING PING CRYPTO |recv_time:1716801348847761|
[2024/05/27 17:15:48 849604] [packet_received] |scid:13b0404fb4881d4a0aa824b4|xqc_conn_process_packet|pkt_pns:0|pkt_type:0|pkt_num:2|len:1250|frame_flag:PADDING PING CRYPTO |
[2024/05/27 17:15:48 849611] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_timer_set|type:PATH_IDLE|expire:1716801408847761|now:1716801348847761|interv:60000000|
[2024/05/27 17:15:48 849616] [loss_timer_updated] |scid:13b0404fb4881d4a0aa824b4|xqc_timer_set|set|type:PATH_IDLE|expire:1716801408847761|interv:60000000|
[2024/05/27 17:15:48 849623] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_timer_set|type:CONN_IDLE|expire:1716801408847761|now:1716801348847761|interv:60000000|
[2024/05/27 17:15:48 849628] [loss_timer_updated] |scid:13b0404fb4881d4a0aa824b4|xqc_timer_set|set|type:CONN_IDLE|expire:1716801408847761|interv:60000000|
[2024/05/27 17:15:48 849634] [debug] |xqc_engine_main_logic|BEGIN|
[2024/05/27 17:15:48 849641] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_engine_process_conn|conn:000055668355D6EC|state:S_HANDSHAKE_SENT|flag:WAIT_WAKEUP TICKING DCID_OK UPPER_CONN_EXIST INIT_RECVD NEED_RUN |now:1716801348849640|
[2024/05/27 17:15:48 849648] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_conn_check_tx_key|keys are ready, can send 1rtt now|
[2024/05/27 17:15:48 849654] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_crypto_stream_on_read|encrypt_level:0|cur_state:S_HANDSHAKE_SENT|next_state:S_HANDSHAKE_SENT|
[2024/05/27 17:15:48 849661] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_process_write_streams|stream_write_notify|flag:17|stream_id:3|conn:000055668355D6EC|cnt:0|
[2024/05/27 17:15:48 849667] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_h3_stream_write_notify|stream_type:0|stream_id:3|conn:000055668355D6EC|
[2024/05/27 17:15:48 849674] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_do_send_flow_ctl|conn_flow_ctl|window:1048576|
[2024/05/27 17:15:48 849680] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_sample_check_app_limited|check_applimit|path:0|inflight:0|now_cwnd_limited:1|all_path_empty:1|sndq:1|lostq:1|ptoq:1|
[2024/05/27 17:15:48 849686] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_sample_check_app_limited|path:0|applimit:1|
[2024/05/27 17:15:48 849692] [congestion_state_updated] |scid:13b0404fb4881d4a0aa824b4|xqc_sample_check_app_limited|new_state:application_limit|
[2024/05/27 17:15:48 849707] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_send|ret:0|stream_id:3|stream_send_offset:1|pkt_type:SHORT_HEADER|buff_1rtt:0|send_data_size:1|offset:1|fin:0|stream_flag:16|conn:000055668355D6EC|conn_state:S_HANDSHAKE_
SENT|flag:WAIT_WAKEUP CAN_SEND_1RTT TICKING DCID_OK UPPER_CONN_EXIST INIT_RECVD NEED_RUN NO_DGRAM_NOTIFIED DGRAM_MSS_NOTIFY |
[2024/05/27 17:15:48 849714] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_do_send_flow_ctl|conn_flow_ctl|window:1048575|
[2024/05/27 17:15:48 849720] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_sample_check_app_limited|check_applimit|path:0|inflight:0|now_cwnd_limited:1|all_path_empty:1|sndq:0|lostq:1|ptoq:1|
[2024/05/27 17:15:48 849727] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_send|ret:0|stream_id:3|stream_send_offset:16|pkt_type:SHORT_HEADER|buff_1rtt:0|send_data_size:15|offset:15|fin:0|stream_flag:16|conn:000055668355D6EC|conn_state:S_HANDSHA
KE_SENT|flag:WAIT_WAKEUP CAN_SEND_1RTT TICKING DCID_OK UPPER_CONN_EXIST INIT_RECVD NEED_RUN NO_DGRAM_NOTIFIED DGRAM_MSS_NOTIFY |
[2024/05/27 17:15:48 849735] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_h3_stream_write_notify|xqc_h3_stream_send_buffer|success|
[2024/05/27 17:15:48 849740] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_process_write_streams|stream_write_notify|flag:17|stream_id:7|conn:000055668355D6EC|cnt:1|
[2024/05/27 17:15:48 849746] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_h3_stream_write_notify|stream_type:2|stream_id:7|conn:000055668355D6EC|
[2024/05/27 17:15:48 849752] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_do_send_flow_ctl|conn_flow_ctl|window:1048560|
[2024/05/27 17:15:48 849757] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_sample_check_app_limited|check_applimit|path:0|inflight:0|now_cwnd_limited:1|all_path_empty:1|sndq:0|lostq:1|ptoq:1|
[2024/05/27 17:15:48 849766] [info] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_send|ret:0|stream_id:7|stream_send_offset:1|pkt_type:SHORT_HEADER|buff_1rtt:0|send_data_size:1|offset:1|fin:0|stream_flag:16|conn:000055668355D6EC|conn_state:S_HANDSHAKE_
SENT|flag:WAIT_WAKEUP CAN_SEND_1RTT TICKING DCID_OK UPPER_CONN_EXIST INIT_RECVD NEED_RUN NO_DGRAM_NOTIFIED DGRAM_MSS_NOTIFY |
[2024/05/27 17:15:48 849773] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_h3_stream_write_notify|xqc_h3_stream_send_buffer|success|
[2024/05/27 17:15:48 849778] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_process_write_streams|stream_write_notify|flag:17|stream_id:11|conn:000055668355D6EC|cnt:2|
[2024/05/27 17:15:48 849784] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_h3_stream_write_notify|stream_type:3|stream_id:11|conn:000055668355D6EC|
[2024/05/27 17:15:48 849790] [debug] |scid:13b0404fb4881d4a0aa824b4|xqc_stream_do_send_flow_ctl|conn_flow_ctl|window:1048559|
@fbwfbi
Copy link
Author

fbwfbi commented May 27, 2024

在 chrome 发出两个 Initial 包组成的 Client Hello 消息后,xquic 处理有问题,处理第二个包时处于 S_HANDSHAKE_SENT 状态

image

image

而不是像处理第一个包那样继续处于 S_INIT 状态, 没有正常发出 Server Hello 包;

对比正常建连的 xquic 连接日志,处理完 Initial 包之后,可以通过 xqc_crypto_stream_send 发出 CRYPTO 帧。

image

@fbwfbi
Copy link
Author

fbwfbi commented May 27, 2024

Workaround

Chrome 在设置页面 chrome://flags 关闭 "TLS 1.3 hybridized Kyber support" 功能:
image

@fbwfbi fbwfbi changed the title [Bug]: Chrome/Edge 版本 >=124 无法连接 XQUIC [Bug]: Chrome/Edge 版本 >=124 无法与 XQUIC 完成握手 May 27, 2024
@Yanmei-Liu Yanmei-Liu self-assigned this May 30, 2024
@Yanmei-Liu Yanmei-Liu linked a pull request Aug 14, 2024 that will close this issue
[~] 修复与chrome >= 124兼容性问题,处理server接收到client发送的多个initial包时、下行状态的正确更新 #447
Merged
@Yanmei-Liu
Copy link
Collaborator

该问题已经修复,请更新到最新main分支

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yanmei-Liu Yanmei-Liu

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Yanmei-Liu @fbwfbi