-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Some protocol violations or bugs in VerneMQ #2283
Comments
According to the specification of MQTTv5.0:
Nevertheless, in transmitting such a packet to VerneMQ, it ought to reject the packet yet paradoxically forward a CONNACK message to the client, which intriguingly includes a success code.
|
According to the specification of MQTTv5.0:
Same situation as above.
|
According to the specification of MQTTv5.0:
However, if we send such a packet including Connect and Publish:
|
According to the specification of MQTTv5.0:
Send such a packet (user name contains non-UTF-8 encoded strings):
|
According to the specification of MQTTv5.0:
Send such a Publish packet ([MQTT-3.3.2-1]):
Send such a Subscribe packet ([MQTT-3.8.3-1]):
The subject of the above two packets (containing illegal UTF-8 encoding) is the same, and thus can constitute a message transfer between two clients. Also
Send such an Unsubscribe packet:
|
According to the specification of MQTTv5.0:
Send the following packet:
|
According to the specification of MQTTv3.1.1:
We send the following packet (Connect: Qos 1, Publish: Packet Id 0):
The expectation was that such a request would be denied, but unfortunately it was received and processed. |
@songxpu Thank you for reporting protocol issues/breaking points to VerneMQ and other brokers! 🥇 👍 👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq |
@ioolkos : This one is interesting. I can reproduce, but it seems that the publish is never executed. I can see valid MQTT in Wireshark... |
@mths1 yeah, the spec is relatively clear that it's a protocol error. So, I guess we should close the connection. 👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq |
@ioolkos : It means a subscribe on # won't show anything and I set a debug message on the "publish" frame which never seems to be executed. |
I want to know how you replay the publish packet. then I send the following packets respectively:
The subscribe client successfully received such publish. |
@ioolkos : Regarding the Packet Identifier > 0 problem, would be easy to fix but another check on each publish. I am honestly not sure why the spec does not allow 0 :-) (other than philosophical discussions about if 0 is a number or not) |
@songxpu : Yeah, I should have been more detailed here. When I do two requests it works as expected (or not expected :-) ). I was not sure what the correct behaviour is in the "all at once" case. |
Hello @ioolkos : All mentioned issues should be addressed by the pull requests. Comments are welcome, otherwise I will move from draft to final :-) |
I think it's related to the fact that the tests here don't use an MQTT client state machine. Clients wait to get a CONNACK from the server before they send messages. Although.... technically clients are allowed to send PUBLISH's to the server right away, that is: before getting a CONNACK (at their own risk because the messages will be lost if the client gets rejected). I need to verify whether Verne accepts PUBLISHs at all before sending out a CONNACK and have the MQTT session fully in connected state but I don't think Verne accepts this. Note that the problem with supporting that is that the server has to "hold back" processing the PUBLISHs until it has confirmed he connection; otherwise it would have processed messages from an unauthorized client. 👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq |
@songxpu : Thanks for the report. All issues should be addressed by the linked pull requests. Feel free to test them if you want. May I ask what is the background of you performing all those tests? (feel free to do more, though :-) ) |
Hi @mths1, I performed those tests for the purpose of course work. By the way, I would like to ask Vernemq how to clear or reset persistent data? |
@songxpu to fully remove any state on a VerneMQ node (for example between test runs), you can 👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq |
Environment
Current Behavior
VerneMQ receives such a request and returns a successful response message or processes and saves it normally
Expected behaviour
In these scenarios, VerneMQ receives such a request with the expectation that it should abort the connection or reject the message
Configuration, logs, error output, etc.
Code of Conduct
The text was updated successfully, but these errors were encountered: