Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session Establishment sequence and timeouts #459

Open
TimEvens opened this issue Jun 6, 2024 · 2 comments · May be fixed by #619
Open

Session Establishment sequence and timeouts #459

TimEvens opened this issue Jun 6, 2024 · 2 comments · May be fixed by #619
Assignees
@afrind
Labels
Handshake QUIC vs WebTransport, SETUP Message Needs PR

Comments

@TimEvens
Copy link

TimEvens commented Jun 6, 2024

Section 3.3 and 6.2 do not clearly identify that CLIENT_SETUP is the first message over the control stream, sent by the client, and that the server will wait till that arrives so that it can respond to it via a SERVER_SETUP. In section 6.2.1 under versions, it does indicate that the server responds to the client supported version list with a selected "client" version, which means that SERVER_SETUP is a response message to a CLIENT_SETUP.

For example...

sequenceDiagram
    participant client
    participant server
client ->>+server:QUIC connection
server -->>-client:QUIC established 
client ->>+server:Create bi-dir stream
client ->>server:CLIENT_SETUP
server -->>-client:SERVER_SETUP
Loading

How long should/must the server wait for the CLIENT_SETUP message? QUIC level keep alives will keep the connection alive and the server will be stuck in lingering state for a CLIENT_SETUP message. The client should also have some expected wait time for a SERVER_SETUP response message.
@afrind
Copy link
Collaborator

afrind commented Jun 14, 2024

Individual Comment:

I don't think the draft should specify explicit timeouts for the peer to send a message, each implementation or application will define its own reasonable limits. Perhaps we could mention the usefulness of timeouts in general in the security section?

@TimEvens
Copy link
Author

TimEvens commented Jun 29, 2024
edited
Loading

@afrind , At a minimum, yes... update the security section with the need to have timeouts because the lack of timeout enables DoS exploits.

Regarding what the draft should indicate in terms of timeout... I believe timeouts will be implemented by every production implementation of MOQT relay. Clients may get away without implementing a timeout ,but likely every production client will also have a timeout. Negotiating this timeout, such as via a CLIENT_SETUP/SERVER_SETUP would help to avoid error recovery responses to fast reconnect only to result in the same situation. IMO, the MOQT draft MUST at minimum define a new termination reason code (Section 3.5) for the following:

  • Receive Control Message Timeout - Timeout while processing the control message
  • Receive Object Header Timeout - Timeout while receiving the object datagram header, stream per object header, stream per track header, stream per group header, and the object data header in the case of stream per group or track.
  • Received Object Payload Timeout - Timeout specifically relating to receiving the payload data per the object payload length

@afrind afrind added the Handshake QUIC vs WebTransport, SETUP Message label Jul 24, 2024
afrind added a commit that referenced this issue Nov 15, 2024
@afrind
Add session errors for control and data timeout
7198b1d 
Fixes: #459
@afrind afrind linked a pull request Nov 15, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afrind afrind

Labels
Handshake QUIC vs WebTransport, SETUP Message Needs PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add session errors for control and data timeout moq-wg/moq-transport
3 participants
@TimEvens @afrind @ianswett