kelmenhorst
commented
2 years ago Thank you so much for this comment! I have not thought about this variant of QUIC Ping before and it indeed seems like a really good approach to find out if a given censorship filter is packet-type specific, i.e. whether it is only applied to long header packets.
Regarding the guarantee of receiving a response from the server: In practice, there were no issues with servers not responding to the "QUIC Ping" requests when using a QUIC version for the Initial packet that follows the pattern 0x?a?a?a?a. Version numbers with this pattern are reserved for use in forcing version negotiation to be exercised.
huitema
QUIC separate packet types between those using a long header (initial, handshake, 0RTT) and those using a short header (1RTT) -- the key being the first bit set to 1 for long headers. The "QUIC Ping" is based on long headers, and tests whether an initial packet makes it all the way to the server. There are however usages of QUIC in which the first packet seen on a path is a short header packet -- for example, when probing a new path before migration or multipath establishment. I think it would be interesting to test whether networks would carry such "1RTT" packets.
Many QUIC servers implement the "stateless reset" function. When they receive a 1RTT with a destination CID that they don't understand, they respond with a "stateless reset" -- a 1RTT packet ending with the reset signature associated with the CID. That function might be used in a variant of "QUIC Ping" that sends 1RTT packet. Of course, there is no guarantee that servers send such resets -- but there is also no guarantee that servers send a version negotiation packet in response to a handshake packet. It might be interesting to try.