target = "https://www.rfc-editor.org/rfc/rfc9000#section-12.3" # 12.3. Packet Numbers # # The packet number is an integer in the range 0 to 2^62-1. This # number is used in determining the cryptographic nonce for packet # protection. Each endpoint maintains a separate packet number for # sending and receiving. # # Packet numbers are limited to this range because they need to be # representable in whole in the Largest Acknowledged field of an ACK # frame (Section 19.3). When present in a long or short header, # however, packet numbers are reduced and encoded in 1 to 4 bytes; see # Section 17.1. # # Version Negotiation (Section 17.2.1) and Retry (Section 17.2.5) # packets do not include a packet number. # # Packet numbers are divided into three spaces in QUIC: # # Initial space: All Initial packets (Section 17.2.2) are in this # space. # # Handshake space: All Handshake packets (Section 17.2.4) are in this # space. # # Application data space: All 0-RTT (Section 17.2.3) and 1-RTT # (Section 17.3.1) packets are in this space. # # As described in [QUIC-TLS], each packet type uses different # protection keys. # # Conceptually, a packet number space is the context in which a packet # can be processed and acknowledged. Initial packets can only be sent # with Initial packet protection keys and acknowledged in packets that # are also Initial packets. Similarly, Handshake packets are sent at # the Handshake encryption level and can only be acknowledged in # Handshake packets. # # This enforces cryptographic separation between the data sent in the # different packet number spaces. Packet numbers in each space start # at packet number 0. Subsequent packets sent in the same packet # number space MUST increase the packet number by at least one. # # 0-RTT and 1-RTT data exist in the same packet number space to make # loss recovery algorithms easier to implement between the two packet # types. # # A QUIC endpoint MUST NOT reuse a packet number within the same packet # number space in one connection. If the packet number for sending # reaches 2^62-1, the sender MUST close the connection without sending # a CONNECTION_CLOSE frame or any further packets; an endpoint MAY send # a Stateless Reset (Section 10.3) in response to further packets that # it receives. # # A receiver MUST discard a newly unprotected packet unless it is # certain that it has not processed another packet with the same packet # number from the same packet number space. Duplicate suppression MUST # happen after removing packet protection for the reasons described in # Section 9.5 of [QUIC-TLS]. # # Endpoints that track all individual packets for the purposes of # detecting duplicates are at risk of accumulating excessive state. # The data required for detecting duplicates can be limited by # maintaining a minimum packet number below which all packets are # immediately dropped. Any minimum needs to account for large # variations in round-trip time, which includes the possibility that a # peer might probe network paths with much larger round-trip times; see # Section 9. # # Packet number encoding at a sender and decoding at a receiver are # described in Section 17.1. [[spec]] level = "MUST" quote = ''' Subsequent packets sent in the same packet number space MUST increase the packet number by at least one. ''' [[spec]] level = "MUST" quote = ''' A QUIC endpoint MUST NOT reuse a packet number within the same packet number space in one connection. ''' [[spec]] level = "MUST" quote = ''' If the packet number for sending reaches 2^62-1, the sender MUST close the connection without sending a CONNECTION_CLOSE frame or any further packets; an endpoint MAY send a Stateless Reset (Section 10.3) in response to further packets that it receives. ''' [[spec]] level = "MUST" quote = ''' A receiver MUST discard a newly unprotected packet unless it is certain that it has not processed another packet with the same packet number from the same packet number space. ''' [[spec]] level = "MUST" quote = ''' Duplicate suppression MUST happen after removing packet protection for the reasons described in Section 9.5 of [QUIC-TLS]. '''