use the dynamic table #33
Comments
|
Hello, I'm looking for an HTTP/3 client that supports QPACK dynamic table compression, quic-go doesn't support dynamic tables right now right? |
|
That's correct. Can you tell us a bit about your use case? We could add support, but so far we haven't seen a lot of interest. |
|
We try to test that attacker can exploit QPACK to launch the Denial of Service attack in this senario.(Client<--> CDN/Reverse Proxy <-->Origin) We think that it works by the client sending an QPACK compressed HTTP requests(dynamic table), then CDN decompressed HTTP requests and forwarding it to Origin.(Client<-Compressed HTTP requests-HTTP/3->CDN<-Decompressed HTTP requests-HTTP/1->Origin) We have confirmed that attackers can exploit QPACK(static tables) launch the Denial of Service attak. But it have limited amplification factors. I am a researcher focusing on CDN security and protocol security and will not exploit this vulnerability for malicious attacks. I just want to report this vulnerability to CDN vendors and Reverse Proxy developers after confirming it. Refer to https://www.ndss-symposium.org/wp-content/uploads/24411-slides.pdf |
Interesting read. I'd expect your attack to work exactly as the HTTP/2 version. For the application, HPACK and QPACK are quite similar. Implementation-wise, QPACK is a lot more complex, since it has to deal with reordering between requests. |
|
Yes, QPACK is more complicated, so I've searched a lot of QPACK libraries that don't implement dynamic tables. Looking forward that quic-go can support dynamic tables. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
No. qpack dynamic table support is NOT required for establishing a WebTransport session. Dynamic table usage is negotiated via HTTP/3 SETTINGS frames. If peers don't support the dynamic table, encoding will be less efficient, but there's no case where this could lead to a connection failure. |
|
WebTransport Connection was successful. I was trying to decode the headers that was sent in the Request using the QPACK Decoder. That's when I was getting that error. So you suggest to disable the Dynamic Table Usage in Settings Frame and everything should work fine? |
quic-go does the right thing, it doesn't advertise dynamic table support. If you're using a different HTTP/3 implementation with this library, then yes, you need to make sure to not advertise dynamic table support. |
|
Yes, I am using a custom HTTP/3 implementation. It worked after I disabled the Dynamic Table Support. Thanks a lot. |
|
@marten-seemann It turns out, the issue was actually due to the setting of When I encode that packet I set the The condition I flipped the 'N' bit to 0 and that solved the issue. PR Reference for the QPACK that I use: PR |
The current QPACK implementation only uses the minimal feature set of QPACK (i.e. Huffman-encoding and static table). This guarantees interoperability with other QPACK implementations. However, it's not very efficient, since we'll never be able to compress headers that are sent repeatedly. This is where using the dynamic table would lead to significant savings.
See quic-go/quic-go#2424 for the quic-go tracking issue.
The text was updated successfully, but these errors were encountered: