The first issue was reported in ticket #2488. The second and third issues were observed while working on the first one.
The issues manifest themselves best when migrating to another IP address. When testing migration with ngtcp2 --change-local-addr, only the port is changed. I had to patch ngtcp2 client to make it migrate to a new IP address, which has to be bigger in text representation to trigger the length issues. However, while doing that, it became clear that nginx does not handle well this kind of migrations. I observed the following issues: - After address validation completes, in_flight counter is reset, but in-flight packets which contributed to the old value of the counter are not ignored. This resulted in in_flight counter underflow, followed by a connection stall. The counter reset does not happen if the IP address stays the same. - While congestion controller is reset on successful address validation, RTT estimator is not. According to RFC 900, both should be reset. - While address validation is in progress, nginx sends packets using the new path. This is something allowed by RFC 9000. However, it's not clear which congestion/RTT/PTO/loss detection to use during that period. The safest solution is to block all output until PATH_RESPONSE is received or validation timeout expires. These issues were partially addressed in this patchset by Sergey: https://mailman.nginx.org/pipermail/nginx-devel/2022-December/IMZ7IUAF67OO6OVFHQHTFMUODV6OA73M.html The series is not yet commited. Hopefully we'll get back to it shortly. -- Roman Arutyunyan _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel