Hi,

During our tests involving Aioquic (239f99b) implementation, we identified a protocol violation in the server implementation.

Bug detail:
The server only discards the first Initial packet if it's carried in a UDP datagram with a payload size smaller than the minimum allowed maximum datagram size of 1200 bytes. If a second packet does not meet the payload size requirement, the server does not discard the second packet.

Packet sequence to replicate this behavior:

1. The client sends an Initial packet carrying a Ping frame and Padding frame
2. The client sends an Initial packet carrying a CRYPTO frame (Client Hello) without the Padding frame.

Section 14.1, RFC 9000: "A server MUST discard an Initial packet that is carried in a UDP datagram with a payload smaller than the smallest allowed maximum datagram size of 1200 bytes."

Sending a UDP datagram of this size ensures that the network path supports a reasonable Path Maximum Transmission Unit (PMTU) in both directions, as QUIC MUST NOT be employed if the network path cannot handle a maximum datagram size of at least 1200 bytes. Although this can be confirmed in the first Initial packet, checking all the Initial packets will be better. This may also ensure the client uses a Padding frame to obscure the length of packet content (add difficulty to potential traffic analysis attack).

Fix:
Discard all the Initial packets with a payload size smaller than the minimum allowed maximum datagram size of 1200 bytes.

True, do you plan to submit a PR?

Hi, sorry we do not plan to submit a PR for this.