walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Bump ngtcp2 and nghttp3

This commit is contained in:
Tatsuhiro Tsujikawa 2022-08-21 18:25:08 +09:00
parent 42394e3342
commit 1aa97d5d2c
7 changed files with 54 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build.yml vendored
View File

@ -148,7 +148,7 @@ jobs:
- name: Build nghttp3 - name: Build nghttp3
if: matrix.http3 == 'http3' if: matrix.http3 == 'http3'
run: | run: |
git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3
cd nghttp3 cd nghttp3
autoreconf -i autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only ./configure --prefix=$PWD/build --enable-lib-only
@ -157,7 +157,7 @@ jobs:
- name: Build ngtcp2 - name: Build ngtcp2
if: matrix.http3 == 'http3' if: matrix.http3 == 'http3'
run: | run: |
git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2
cd ngtcp2 cd ngtcp2
autoreconf -i autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only PKG_CONFIG_PATH="../openssl/build/lib/pkgconfig" $EXTRA_NGTCP2_OPTS ./configure --prefix=$PWD/build --enable-lib-only PKG_CONFIG_PATH="../openssl/build/lib/pkgconfig" $EXTRA_NGTCP2_OPTS

8
README.rst
View File

@ -151,8 +151,8 @@ following libraries are required:
<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1q+quic>`_; or <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1q+quic>`_; or
`BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit `BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit
a6d321b11fa80496b7c8ae6405468c212d4f5c87) a6d321b11fa80496b7c8ae6405468c212d4f5c87)
* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 0.7.0 * `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 0.8.0
* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 0.6.0 * `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 0.7.0
Use ``--enable-http3`` configure option to enable HTTP/3 feature for Use ``--enable-http3`` configure option to enable HTTP/3 feature for
h2load and nghttpx. h2load and nghttpx.
@ -363,7 +363,7 @@ Build nghttp3:
.. code-block:: text .. code-block:: text
$ git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 $ git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3
$ cd nghttp3 $ cd nghttp3
$ autoreconf -i $ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only $ ./configure --prefix=$PWD/build --enable-lib-only
@ -375,7 +375,7 @@ Build ngtcp2:
.. code-block:: text .. code-block:: text
$ git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 $ git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2 $ cd ngtcp2
$ autoreconf -i $ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only \ $ ./configure --prefix=$PWD/build --enable-lib-only \

6
configure.ac
View File

@ -540,7 +540,7 @@ fi
# ngtcp2 (for src) # ngtcp2 (for src)
have_libngtcp2=no have_libngtcp2=no
if test "x${request_libngtcp2}" != "xno"; then if test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.7.0], [have_libngtcp2=yes], PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.8.0], [have_libngtcp2=yes],
[have_libngtcp2=no]) [have_libngtcp2=no])
if test "x${have_libngtcp2}" = "xno"; then if test "x${have_libngtcp2}" = "xno"; then
AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS) AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS)
@ -557,7 +557,7 @@ have_libngtcp2_crypto_openssl=no
if test "x${have_ssl_is_quic}" = "xyes" && if test "x${have_ssl_is_quic}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_OPENSSL], PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_OPENSSL],
[libngtcp2_crypto_openssl >= 0.7.0], [libngtcp2_crypto_openssl >= 0.8.0],
[have_libngtcp2_crypto_openssl=yes], [have_libngtcp2_crypto_openssl=yes],
[have_libngtcp2_crypto_openssl=no]) [have_libngtcp2_crypto_openssl=no])
if test "x${have_libngtcp2_crypto_openssl}" = "xno"; then if test "x${have_libngtcp2_crypto_openssl}" = "xno"; then
@ -599,7 +599,7 @@ fi
# nghttp3 (for src) # nghttp3 (for src)
have_libnghttp3=no have_libnghttp3=no
if test "x${request_libnghttp3}" != "xno"; then if test "x${request_libnghttp3}" != "xno"; then
PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 0.6.0], [have_libnghttp3=yes], PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 0.7.0], [have_libnghttp3=yes],
[have_libnghttp3=no]) [have_libnghttp3=no])
if test "x${have_libnghttp3}" = "xno"; then if test "x${have_libnghttp3}" = "xno"; then
AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS) AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS)

4
docker/Dockerfile
View File

@ -15,7 +15,7 @@ RUN git clone --depth 1 -b OpenSSL_1_1_1q+quic https://github.com/quictls/openss
cd .. && \ cd .. && \
rm -rf openssl rm -rf openssl
RUN git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 && \ RUN git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/nghttp3 && \
cd nghttp3 && \ cd nghttp3 && \
autoreconf -i && \ autoreconf -i && \
./configure --enable-lib-only && \ ./configure --enable-lib-only && \
@ -24,7 +24,7 @@ RUN git clone --depth 1 -b v0.6.0 https://github.com/ngtcp2/nghttp3 && \
cd .. && \ cd .. && \
rm -rf nghttp3 rm -rf nghttp3
RUN git clone --depth 1 -b v0.7.0 https://github.com/ngtcp2/ngtcp2 && \ RUN git clone --depth 1 -b v0.8.0 https://github.com/ngtcp2/ngtcp2 && \
cd ngtcp2 && \ cd ngtcp2 && \
autoreconf -i && \ autoreconf -i && \
./configure --enable-lib-only \ ./configure --enable-lib-only \

14
src/shrpx_connection_handler.cc
View File

@ -1252,22 +1252,16 @@ int ConnectionHandler::quic_ipc_read() {
// At the moment, UpstreamAddr index is unknown. // At the moment, UpstreamAddr index is unknown.
pkt->upstream_addr_index = static_cast<size_t>(-1); pkt->upstream_addr_index = static_cast<size_t>(-1);
uint32_t version; ngtcp2_version_cid vc;
const uint8_t *dcid;
size_t dcidlen;
const uint8_t *scid;
size_t scidlen;
auto rv = auto rv = ngtcp2_pkt_decode_version_cid(&vc, p, datalen, SHRPX_QUIC_SCIDLEN);
ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, &scidlen,
p, datalen, SHRPX_QUIC_SCIDLEN);
if (rv < 0) { if (rv < 0) {
LOG(ERROR) << "ngtcp2_pkt_decode_version_cid: " << ngtcp2_strerror(rv); LOG(ERROR) << "ngtcp2_pkt_decode_version_cid: " << ngtcp2_strerror(rv);
return -1; return -1;
} }
if (dcidlen != SHRPX_QUIC_SCIDLEN) { if (vc.dcidlen != SHRPX_QUIC_SCIDLEN) {
LOG(ERROR) << "DCID length is invalid"; LOG(ERROR) << "DCID length is invalid";
return -1; return -1;
} }
@ -1295,7 +1289,7 @@ int ConnectionHandler::quic_ipc_read() {
std::array<uint8_t, SHRPX_QUIC_DECRYPTED_DCIDLEN> decrypted_dcid; std::array<uint8_t, SHRPX_QUIC_DECRYPTED_DCIDLEN> decrypted_dcid;
if (decrypt_quic_connection_id(decrypted_dcid.data(), if (decrypt_quic_connection_id(decrypted_dcid.data(),
dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET,
qkm.cid_encryption_key.data()) != 0) { qkm.cid_encryption_key.data()) != 0) {
return -1; return -1;
} }

21
src/shrpx_http3_upstream.cc
View File

@ -1773,13 +1773,10 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr,
auto worker = handler_->get_worker(); auto worker = handler_->get_worker();
auto quic_conn_handler = worker->get_quic_connection_handler(); auto quic_conn_handler = worker->get_quic_connection_handler();
uint32_t version; ngtcp2_version_cid vc;
const uint8_t *dcid, *scid;
size_t dcidlen, scidlen;
rv = ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, rv =
&scidlen, data, datalen, ngtcp2_pkt_decode_version_cid(&vc, data, datalen, SHRPX_QUIC_SCIDLEN);
SHRPX_QUIC_SCIDLEN);
if (rv != 0) { if (rv != 0) {
return -1; return -1;
} }
@ -1787,11 +1784,11 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr,
if (worker->get_graceful_shutdown()) { if (worker->get_graceful_shutdown()) {
ngtcp2_cid ini_dcid, ini_scid; ngtcp2_cid ini_dcid, ini_scid;
ngtcp2_cid_init(&ini_dcid, dcid, dcidlen); ngtcp2_cid_init(&ini_dcid, vc.dcid, vc.dcidlen);
ngtcp2_cid_init(&ini_scid, scid, scidlen); ngtcp2_cid_init(&ini_scid, vc.scid, vc.scidlen);
quic_conn_handler->send_connection_close( quic_conn_handler->send_connection_close(
faddr, version, ini_dcid, ini_scid, remote_addr, local_addr, faddr, vc.version, ini_dcid, ini_scid, remote_addr, local_addr,
NGTCP2_CONNECTION_REFUSED, datalen * 3); NGTCP2_CONNECTION_REFUSED, datalen * 3);
return -1; return -1;
@ -1799,9 +1796,9 @@ int Http3Upstream::on_read(const UpstreamAddr *faddr,
retry_close_ = true; retry_close_ = true;
quic_conn_handler->send_retry(handler_->get_upstream_addr(), version, quic_conn_handler->send_retry(handler_->get_upstream_addr(), vc.version,
dcid, dcidlen, scid, scidlen, remote_addr, vc.dcid, vc.dcidlen, vc.scid, vc.scidlen,
local_addr, datalen * 3); remote_addr, local_addr, datalen * 3);
return -1; return -1;
} }

61
src/shrpx_quic_connection_handler.cc
View File

@ -64,18 +64,15 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
const ngtcp2_pkt_info &pi, const ngtcp2_pkt_info &pi,
const uint8_t *data, size_t datalen) { const uint8_t *data, size_t datalen) {
int rv; int rv;
uint32_t version; ngtcp2_version_cid vc;
const uint8_t *dcid, *scid;
size_t dcidlen, scidlen;
rv = ngtcp2_pkt_decode_version_cid(&version, &dcid, &dcidlen, &scid, &scidlen, rv = ngtcp2_pkt_decode_version_cid(&vc, data, datalen, SHRPX_QUIC_SCIDLEN);
data, datalen, SHRPX_QUIC_SCIDLEN);
switch (rv) { switch (rv) {
case 0: case 0:
break; break;
case NGTCP2_ERR_VERSION_NEGOTIATION: case NGTCP2_ERR_VERSION_NEGOTIATION:
send_version_negotiation(faddr, version, dcid, dcidlen, scid, scidlen, send_version_negotiation(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
remote_addr, local_addr); vc.scidlen, remote_addr, local_addr);
return 0; return 0;
default: default:
@ -85,7 +82,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
auto config = get_config(); auto config = get_config();
ngtcp2_cid dcid_key; ngtcp2_cid dcid_key;
ngtcp2_cid_init(&dcid_key, dcid, dcidlen); ngtcp2_cid_init(&dcid_key, vc.dcid, vc.dcidlen);
auto conn_handler = worker_->get_connection_handler(); auto conn_handler = worker_->get_connection_handler();
@ -130,11 +127,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
auto &qkms = conn_handler->get_quic_keying_materials(); auto &qkms = conn_handler->get_quic_keying_materials();
const QUICKeyingMaterial *qkm = nullptr; const QUICKeyingMaterial *qkm = nullptr;
if (dcidlen == SHRPX_QUIC_SCIDLEN) { if (vc.dcidlen == SHRPX_QUIC_SCIDLEN) {
qkm = select_quic_keying_material(*qkms.get(), dcid); qkm = select_quic_keying_material(*qkms.get(), vc.dcid);
if (decrypt_quic_connection_id(decrypted_dcid.data(), if (decrypt_quic_connection_id(decrypted_dcid.data(),
dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET,
qkm->cid_encryption_key.data()) != 0) { qkm->cid_encryption_key.data()) != 0) {
return 0; return 0;
} }
@ -180,12 +177,12 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
// If we get Initial and it has the CID prefix of this worker, // If we get Initial and it has the CID prefix of this worker,
// it is likely that client is intentionally use the prefix. // it is likely that client is intentionally use the prefix.
// Just drop it. // Just drop it.
if (dcidlen == SHRPX_QUIC_SCIDLEN) { if (vc.dcidlen == SHRPX_QUIC_SCIDLEN) {
if (qkm != &qkms->keying_materials.front()) { if (qkm != &qkms->keying_materials.front()) {
qkm = &qkms->keying_materials.front(); qkm = &qkms->keying_materials.front();
if (decrypt_quic_connection_id(decrypted_dcid.data(), if (decrypt_quic_connection_id(decrypted_dcid.data(),
dcid + SHRPX_QUIC_CID_PREFIX_OFFSET, vc.dcid + SHRPX_QUIC_CID_PREFIX_OFFSET,
qkm->cid_encryption_key.data()) != 0) { qkm->cid_encryption_key.data()) != 0) {
return 0; return 0;
} }
@ -199,7 +196,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
} }
if (worker_->get_graceful_shutdown()) { if (worker_->get_graceful_shutdown()) {
send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, send_connection_close(faddr, hd.version, hd.dcid, hd.scid, remote_addr,
local_addr, NGTCP2_CONNECTION_REFUSED, local_addr, NGTCP2_CONNECTION_REFUSED,
datalen * 3); datalen * 3);
return 0; return 0;
@ -207,8 +204,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
if (hd.token.len == 0) { if (hd.token.len == 0) {
if (quicconf.upstream.require_token) { if (quicconf.upstream.require_token) {
send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
local_addr, datalen * 3); vc.scidlen, remote_addr, local_addr, datalen * 3);
return 0; return 0;
} }
@ -216,12 +213,12 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
break; break;
} }
if (dcidlen != SHRPX_QUIC_SCIDLEN) { if (vc.dcidlen != SHRPX_QUIC_SCIDLEN) {
// Initial packets with token must have DCID chosen by server. // Initial packets with token must have DCID chosen by server.
return 0; return 0;
} }
auto qkm = select_quic_keying_material(*qkms.get(), dcid); auto qkm = select_quic_keying_material(*qkms.get(), vc.dcid);
switch (hd.token.base[0]) { switch (hd.token.base[0]) {
case NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY: case NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY:
@ -235,8 +232,9 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
// 2nd Retry packet is not allowed, so send CONNECTION_CLOSE // 2nd Retry packet is not allowed, so send CONNECTION_CLOSE
// with INVALID_TOKEN. // with INVALID_TOKEN.
send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, send_connection_close(faddr, hd.version, hd.dcid, hd.scid,
local_addr, NGTCP2_INVALID_TOKEN, datalen * 3); remote_addr, local_addr, NGTCP2_INVALID_TOKEN,
datalen * 3);
return 0; return 0;
} }
@ -260,8 +258,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
} }
if (quicconf.upstream.require_token) { if (quicconf.upstream.require_token) {
send_retry(faddr, version, dcid, dcidlen, scid, scidlen, send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
remote_addr, local_addr, datalen * 3); vc.scidlen, remote_addr, local_addr, datalen * 3);
return 0; return 0;
} }
@ -280,8 +278,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
break; break;
default: default:
if (quicconf.upstream.require_token) { if (quicconf.upstream.require_token) {
send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
local_addr, datalen * 3); vc.scidlen, remote_addr, local_addr, datalen * 3);
return 0; return 0;
} }
@ -293,22 +291,22 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
} }
case NGTCP2_ERR_RETRY: case NGTCP2_ERR_RETRY:
if (worker_->get_graceful_shutdown()) { if (worker_->get_graceful_shutdown()) {
send_connection_close(faddr, version, hd.dcid, hd.scid, remote_addr, send_connection_close(faddr, hd.version, hd.dcid, hd.scid, remote_addr,
local_addr, NGTCP2_CONNECTION_REFUSED, local_addr, NGTCP2_CONNECTION_REFUSED,
datalen * 3); datalen * 3);
return 0; return 0;
} }
send_retry(faddr, version, dcid, dcidlen, scid, scidlen, remote_addr, send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, vc.scidlen,
local_addr, datalen * 3); remote_addr, local_addr, datalen * 3);
return 0; return 0;
case NGTCP2_ERR_VERSION_NEGOTIATION: case NGTCP2_ERR_VERSION_NEGOTIATION:
send_version_negotiation(faddr, version, dcid, dcidlen, scid, scidlen, send_version_negotiation(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
remote_addr, local_addr); vc.scidlen, remote_addr, local_addr);
return 0; return 0;
default: default:
if (!config->single_thread && !(data[0] & 0x80) && if (!config->single_thread && !(data[0] & 0x80) &&
dcidlen == SHRPX_QUIC_SCIDLEN && vc.dcidlen == SHRPX_QUIC_SCIDLEN &&
!std::equal(std::begin(decrypted_dcid), !std::equal(std::begin(decrypted_dcid),
std::begin(decrypted_dcid) + SHRPX_QUIC_CID_PREFIXLEN, std::begin(decrypted_dcid) + SHRPX_QUIC_CID_PREFIXLEN,
worker_->get_cid_prefix())) { worker_->get_cid_prefix())) {
@ -321,7 +319,8 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
if (!(data[0] & 0x80)) { if (!(data[0] & 0x80)) {
// TODO Must be rate limited // TODO Must be rate limited
send_stateless_reset(faddr, dcid, dcidlen, remote_addr, local_addr); send_stateless_reset(faddr, vc.dcid, vc.dcidlen, remote_addr,
local_addr);
} }
return 0; return 0;