fix(s2n-quic-transport): arm PTO timer after loss timer expires #1942
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
camshaft
previously approved these changes
Aug 30, 2023
camshaft
reviewed
Aug 30, 2023
| //# threshold loss detection will expire earlier than the PTO timer in | ||
| //# most cases and is less likely to spuriously retransmit data. | ||
| self.pto.cancel(); | ||
| return; |
Contributor
There was a problem hiding this comment.
Ideally we'd be checking consistency in any of these return points. Maybe move the whole thing into a closure?
(|| {
// do logic here
})();
self.check_consistency();especially where we're cancelling the timer it's good to have a sanity check that the invariants still hold
| timer_required &= self.time_of_last_ack_eliciting_packet.is_some(); | ||
|
|
||
| if timer_required { | ||
| assert!(self.armed_timer_count() > 0); |
Contributor
There was a problem hiding this comment.
nit: might be easier to debug if you use assert_ne since that'll print the actual value
Suggested change
| assert!(self.armed_timer_count() > 0); | |
| assert_ne!(self.armed_timer_count(), 0); |
camshaft
approved these changes
Aug 31, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
QUIC-RECOVERY does not explicitly include a requirement that the Probe Timeout (PTO) timer is re-armed after the loss timer expires, but the pseudocode in QUIC-RECOVERY§A.9 does include this behavior:
Arming the PTO timer in this case is necessary, as the loss timer expiring will not necessarily cause any additional transmissions. There may still be tail packets pending; the PTO timer is needed to ensure those packets are accounted for and retransmitted as necessary. An example interop failure caused by this can be seen here
In addition, QUIC-RECOVERY§6.2.1 specifies that the acknowledgement of ack-eliciting packets should trigger a PTO update:
The pseudocode in QUIC-RECOVERY§A.7 does not make that distinction, however. This behavior is preferred, as detect_and_remove_lost_packets() will cancel the loss timer, and there may still be ack eliciting packets pending that require a PTO timer for recovery. I've removed the requirement that an acknowledged packet be ack-eliciting to more closely match the pseudocode.
Call-outs:
I refactored the max pto backoff a bit to make it easier to validate the consistency of the PTO timer within the recovery manager.
Testing:
New and updated unit tests
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.