From 1aa97d5d2c0539ca37b67921c805ef9981026cfb Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Sun, 21 Aug 2022 18:25:08 +0900 Subject: [PATCH] Bump ngtcp2 and nghttp3 --- .github/workflows/build.yml | 4 +- README.rst | 8 ++-- configure.ac | 6 +-- docker/Dockerfile | 4 +- src/shrpx_connection_handler.cc | 14 ++----- src/shrpx_http3_upstream.cc | 21 ++++------ src/shrpx_quic_connection_handler.cc | 61 ++++++++++++++-------------- 7 files changed, 54 insertions(+), 64 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7596be4b..fb1d74ce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -148,7 +148,7 @@ jobs: - name: Build nghttp3 if: matrix.http3 == 'http3' run: | - git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 + git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3 cd nghttp3 autoreconf -i ./configure --prefix=$PWD/build --enable-lib-only @@ -157,7 +157,7 @@ jobs: - name: Build ngtcp2 if: matrix.http3 == 'http3' run: | - git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 + git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2 cd ngtcp2 autoreconf -i ./configure --prefix=$PWD/build --enable-lib-only PKG_CONFIG_PATH="../openssl/build/lib/pkgconfig" $EXTRA_NGTCP2_OPTS diff --git a/README.rst b/README.rst index 510d641d..3e40f9d1 100644 --- a/README.rst +++ b/README.rst @@ -151,8 +151,8 @@ following libraries are required: `_; or `BoringSSL `_ (commit a6d321b11fa80496b7c8ae6405468c212d4f5c87) -* `ngtcp2 `_ >= 0.7.0 -* `nghttp3 `_ >= 0.6.0 +* `ngtcp2 `_ >= 0.8.0 +* `nghttp3 `_ >= 0.7.0 Use ``--enable-http3`` configure option to enable HTTP/3 feature for h2load and nghttpx. @@ -363,7 +363,7 @@ Build nghttp3: .. code-block:: text - $ git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 + $ git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3 $ cd nghttp3 $ autoreconf -i $ ./configure --prefix=$PWD/build --enable-lib-only @@ -375,7 +375,7 @@ Build ngtcp2: .. code-block:: text - $ git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 + $ git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2 $ cd ngtcp2 $ autoreconf -i $ ./configure --prefix=$PWD/build --enable-lib-only \ diff --git a/configure.ac b/configure.ac index f6cbe1d0..dee5d63a 100644 --- a/configure.ac +++ b/configure.ac @@ -540,7 +540,7 @@ fi # ngtcp2 (for src) have_libngtcp2=no if test "x${request_libngtcp2}" != "xno"; then - PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.7.0], [have_libngtcp2=yes], + PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.8.0], [have_libngtcp2=yes], [have_libngtcp2=no]) if test "x${have_libngtcp2}" = "xno"; then AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS) @@ -557,7 +557,7 @@ have_libngtcp2_crypto_openssl=no if test "x${have_ssl_is_quic}" = "xyes" && test "x${request_libngtcp2}" != "xno"; then PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_OPENSSL], - [libngtcp2_crypto_openssl >= 0.7.0], + [libngtcp2_crypto_openssl >= 0.8.0], [have_libngtcp2_crypto_openssl=yes], [have_libngtcp2_crypto_openssl=no]) if test "x${have_libngtcp2_crypto_openssl}" = "xno"; then @@ -599,7 +599,7 @@ fi # nghttp3 (for src) have_libnghttp3=no if test "x${request_libnghttp3}" != "xno"; then - PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 0.6.0], [have_libnghttp3=yes], + PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 0.7.0], [have_libnghttp3=yes], [have_libnghttp3=no]) if test "x${have_libnghttp3}" = "xno"; then AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS) diff --git a/docker/Dockerfile b/docker/Dockerfile index f1e0e430..0e724eb2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -15,7 +15,7 @@ RUN git clone --depth 1 -b OpenSSL_1_1_1q+quic https://github.com/quictls/openss cd .. && \ rm -rf openssl -RUN git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 && \ +RUN git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3 && \ cd nghttp3 && \ autoreconf -i && \ ./configure --enable-lib-only && \ @@ -24,7 +24,7 @@ RUN git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 && \ cd .. && \ rm -rf nghttp3 -RUN git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 && \ +RUN git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2 && \ cd ngtcp2 && \ autoreconf -i && \ ./configure --enable-lib-only \ diff --git a/src/shrpx_connection_handler.cc b/src/shrpx_connection_handler.cc index e2600a1f..be6645df 100644 --- a/src/shrpx_connection_handler.cc +++ b/src/shrpx_connection_handler.cc @@ -1252,22 +1252,16 @@ int ConnectionHandler::quic_ipc_read() { // At the moment, UpstreamAddr index is unknown. pkt->upstream_addr_index = static_cast(-1); - uint32_t version; - const uint8_t *dcid; - size_t dcidlen; - const uint8_t *scid; - size_t scidlen; + ngtcp2_version_cid vc; - auto rv = - ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, &scidlen, - p, datalen, SHRPX_QUIC_SCIDLEN); + auto rv = ngtcp2_pkt_decode_version_cid(&vc, p, datalen, SHRPX_QUIC_SCIDLEN); if (rv < 0) { LOG(ERROR) << "ngtcp2_pkt_decode_version_cid: " << ngtcp2_strerror(rv); return -1; } - if (dcidlen != SHRPX_QUIC_SCIDLEN) { + if (vc.dcidlen != SHRPX_QUIC_SCIDLEN) { LOG(ERROR) << "DCID length is invalid"; return -1; } @@ -1295,7 +1289,7 @@ int ConnectionHandler::quic_ipc_read() { std::array decrypted_dcid; if (decrypt_quic_connection_id(decrypted_dcid.data(), - dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, + vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, qkm.cid_encryption_key.data()) != 0) { return -1; } diff --git a/src/shrpx_http3_upstream.cc b/src/shrpx_http3_upstream.cc index d4045ddd..29274c73 100644 --- a/src/shrpx_http3_upstream.cc +++ b/src/shrpx_http3_upstream.cc @@ -1773,13 +1773,10 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr, auto worker = handler_->get_worker(); auto quic_conn_handler = worker->get_quic_connection_handler(); - uint32_t version; - const uint8_t *dcid, *scid; - size_t dcidlen, scidlen; + ngtcp2_version_cid vc; - rv = ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, - &scidlen, data, datalen, - SHRPX_QUIC_SCIDLEN); + rv = + ngtcp2_pkt_decode_version_cid(&vc, data, datalen, SHRPX_QUIC_SCIDLEN); if (rv != 0) { return -1; } @@ -1787,11 +1784,11 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr, if (worker->get_graceful_shutdown()) { ngtcp2_cid ini_dcid, ini_scid; - ngtcp2_cid_init(&ini_dcid, dcid, dcidlen); - ngtcp2_cid_init(&ini_scid, scid, scidlen); + ngtcp2_cid_init(&ini_dcid, vc.dcid, vc.dcidlen); + ngtcp2_cid_init(&ini_scid, vc.scid, vc.scidlen); quic_conn_handler->send_connection_close( - faddr, version, ini_dcid, ini_scid, remote_addr, local_addr, + faddr, vc.version, ini_dcid, ini_scid, remote_addr, local_addr, NGTCP2_CONNECTION_REFUSED, datalen * 3); return -1; @@ -1799,9 +1796,9 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr, retry_close_ = true; - quic_conn_handler->send_retry(handler_->get_upstream_addr(), version, - dcid, dcidlen, scid, scidlen, remote_addr, - local_addr, datalen * 3); + quic_conn_handler->send_retry(handler_->get_upstream_addr(), vc.version, + vc.dcid, vc.dcidlen, vc.scid, vc.scidlen, + remote_addr, local_addr, datalen * 3); return -1; } diff --git a/src/shrpx_quic_connection_handler.cc b/src/shrpx_quic_connection_handler.cc index a1d78e94..4b5d42dd 100644 --- a/src/shrpx_quic_connection_handler.cc +++ b/src/shrpx_quic_connection_handler.cc @@ -64,18 +64,15 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, const ngtcp2_pkt_info &pi, const uint8_t *data, size_t datalen) { int rv; - uint32_t version; - const uint8_t *dcid, *scid; - size_t dcidlen, scidlen; + ngtcp2_version_cid vc; - rv = ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, &scidlen, - data, datalen, SHRPX_QUIC_SCIDLEN); + rv = ngtcp2_pkt_decode_version_cid(&vc, data, datalen, SHRPX_QUIC_SCIDLEN); switch (rv) { case 0: break; case NGTCP2_ERR_VERSION_NEGOTIATION: - send_version_negotiation(faddr, version, dcid, dcidlen, scid, scidlen, - remote_addr, local_addr); + send_version_negotiation(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, + vc.scidlen, remote_addr, local_addr); return 0; default: @@ -85,7 +82,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, auto config = get_config(); ngtcp2_cid dcid_key; - ngtcp2_cid_init(&dcid_key, dcid, dcidlen); + ngtcp2_cid_init(&dcid_key, vc.dcid, vc.dcidlen); auto conn_handler = worker_->get_connection_handler(); @@ -130,11 +127,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, auto &qkms = conn_handler->get_quic_keying_materials(); const QUICKeyingMaterial *qkm = nullptr; - if (dcidlen == SHRPX_QUIC_SCIDLEN) { - qkm = select_quic_keying_material(*qkms.get(), dcid); + if (vc.dcidlen == SHRPX_QUIC_SCIDLEN) { + qkm = select_quic_keying_material(*qkms.get(), vc.dcid); if (decrypt_quic_connection_id(decrypted_dcid.data(), - dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, + vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, qkm->cid_encryption_key.data()) != 0) { return 0; } @@ -180,12 +177,12 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, // If we get Initial and it has the CID prefix of this worker, // it is likely that client is intentionally use the prefix. // Just drop it. - if (dcidlen == SHRPX_QUIC_SCIDLEN) { + if (vc.dcidlen == SHRPX_QUIC_SCIDLEN) { if (qkm != &qkms->keying_materials.front()) { qkm = &qkms->keying_materials.front(); if (decrypt_quic_connection_id(decrypted_dcid.data(), - dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, + vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, qkm->cid_encryption_key.data()) != 0) { return 0; } @@ -199,7 +196,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, } if (worker_->get_graceful_shutdown()) { - send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, + send_connection_close(faddr, hd.version, hd.dcid, hd.scid, remote_addr, local_addr, NGTCP2_CONNECTION_REFUSED, datalen * 3); return 0; @@ -207,8 +204,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, if (hd.token.len == 0) { if (quicconf.upstream.require_token) { - send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, - local_addr, datalen * 3); + send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, + vc.scidlen, remote_addr, local_addr, datalen * 3); return 0; } @@ -216,12 +213,12 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, break; } - if (dcidlen != SHRPX_QUIC_SCIDLEN) { + if (vc.dcidlen != SHRPX_QUIC_SCIDLEN) { // Initial packets with token must have DCID chosen by server. return 0; } - auto qkm = select_quic_keying_material(*qkms.get(), dcid); + auto qkm = select_quic_keying_material(*qkms.get(), vc.dcid); switch (hd.token.base[0]) { case NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY: @@ -235,8 +232,9 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, // 2nd Retry packet is not allowed, so send CONNECTION_CLOSE // with INVALID_TOKEN. - send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, - local_addr, NGTCP2_INVALID_TOKEN, datalen * 3); + send_connection_close(faddr, hd.version, hd.dcid, hd.scid, + remote_addr, local_addr, NGTCP2_INVALID_TOKEN, + datalen * 3); return 0; } @@ -260,8 +258,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, } if (quicconf.upstream.require_token) { - send_retry(faddr, version, dcid, dcidlen, scid, scidlen, - remote_addr, local_addr, datalen * 3); + send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, + vc.scidlen, remote_addr, local_addr, datalen * 3); return 0; } @@ -280,8 +278,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, break; default: if (quicconf.upstream.require_token) { - send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, - local_addr, datalen * 3); + send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, + vc.scidlen, remote_addr, local_addr, datalen * 3); return 0; } @@ -293,22 +291,22 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, } case NGTCP2_ERR_RETRY: if (worker_->get_graceful_shutdown()) { - send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, + send_connection_close(faddr, hd.version, hd.dcid, hd.scid, remote_addr, local_addr, NGTCP2_CONNECTION_REFUSED, datalen * 3); return 0; } - send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, - local_addr, datalen * 3); + send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, vc.scidlen, + remote_addr, local_addr, datalen * 3); return 0; case NGTCP2_ERR_VERSION_NEGOTIATION: - send_version_negotiation(faddr, version, dcid, dcidlen, scid, scidlen, - remote_addr, local_addr); + send_version_negotiation(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, + vc.scidlen, remote_addr, local_addr); return 0; default: if (!config->single_thread && !(data[0] & 0x80) && - dcidlen == SHRPX_QUIC_SCIDLEN && + vc.dcidlen == SHRPX_QUIC_SCIDLEN && !std::equal(std::begin(decrypted_dcid), std::begin(decrypted_dcid) + SHRPX_QUIC_CID_PREFIXLEN, worker_->get_cid_prefix())) { @@ -321,7 +319,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, if (!(data[0] & 0x80)) { // TODO Must be rate limited - send_stateless_reset(faddr, dcid, dcidlen, remote_addr, local_addr); + send_stateless_reset(faddr, vc.dcid, vc.dcidlen, remote_addr, + local_addr); } return 0;