diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD index 215c37ce5a2ce..ed51c6e6e51b0 100644 --- a/bazel/external/quiche.BUILD +++ b/bazel/external/quiche.BUILD @@ -1748,11 +1748,23 @@ envoy_cc_test_library( envoy_cc_library( name = "quic_platform_ip_address_family", - srcs = ["quiche/quic/platform/api/quic_ip_address_family.cc"], hdrs = ["quiche/quic/platform/api/quic_ip_address_family.h"], repository = "@envoy", tags = ["nofips"], visibility = ["//visibility:public"], + deps = [ + ":quic_platform_bug_tracker", + ":quiche_common_ip_address_family", + ], +) + +envoy_cc_library( + name = "quiche_common_ip_address_family", + srcs = ["quiche/common/quiche_ip_address_family.cc"], + hdrs = ["quiche/common/quiche_ip_address_family.h"], + repository = "@envoy", + tags = ["nofips"], + visibility = ["//visibility:public"], deps = [ ":quic_platform_bug_tracker", ], @@ -1760,12 +1772,26 @@ envoy_cc_library( envoy_cc_library( name = "quic_platform_ip_address", - srcs = ["quiche/quic/platform/api/quic_ip_address.cc"], hdrs = ["quiche/quic/platform/api/quic_ip_address.h"], copts = quiche_copts, repository = "@envoy", tags = ["nofips"], visibility = ["//visibility:public"], + deps = [ + ":quic_platform_base", + ":quic_platform_export", + ":quiche_common_ip_address", + ], +) + +envoy_cc_library( + name = "quiche_common_ip_address", + srcs = ["quiche/common/quiche_ip_address.cc"], + hdrs = ["quiche/common/quiche_ip_address.h"], + copts = quiche_copts, + repository = "@envoy", + tags = ["nofips"], + visibility = ["//visibility:public"], deps = [ ":quic_platform_base", ":quic_platform_export", @@ -2410,6 +2436,7 @@ envoy_cc_library( deps = [ ":quic_platform_export", ":quiche_common_platform", + ":quiche_common_text_utils_lib", ], ) @@ -2424,6 +2451,7 @@ envoy_cc_library( ":quic_core_alarm_factory_lib", ":quic_core_alarm_lib", ":quic_core_clock_lib", + ":quic_core_connection_id_generator_interface_lib", ":quic_core_frames_frames_lib", ":quic_core_interval_set_lib", ":quic_core_types_lib", @@ -2445,6 +2473,7 @@ cc_library( name = "quic_core_deterministic_connection_id_generator_lib", srcs = ["quiche/quic/core/deterministic_connection_id_generator.cc"], hdrs = ["quiche/quic/core/deterministic_connection_id_generator.h"], + visibility = ["//visibility:public"], deps = [ ":quic_core_connection_id_generator_interface_lib", ":quic_core_utils_lib", @@ -2523,6 +2552,26 @@ envoy_cc_library( ], ) +envoy_cc_library( + name = "quiche_crypto_logging", + srcs = [ + "quiche/common/quiche_crypto_logging.cc", + ], + hdrs = [ + "quiche/common/quiche_crypto_logging.h", + ], + copts = quiche_copts, + external_deps = ["ssl"], + repository = "@envoy", + tags = ["nofips"], + visibility = ["//visibility:public"], + deps = [ + ":quiche_common_platform_logging", + "@com_google_absl//absl/status", + "@com_google_absl//absl/strings", + ], +) + envoy_cc_library( name = "quic_core_crypto_crypto_handshake_lib", srcs = [ @@ -2694,6 +2743,7 @@ envoy_cc_library( ":quic_core_types_lib", ":quic_core_utils_lib", ":quic_platform_base", + ":quiche_crypto_logging", ], ) @@ -2920,6 +2970,7 @@ envoy_cc_library( ":quic_core_versions_lib", ":quic_platform_base", ":quiche_common_text_utils_lib", + "@com_google_absl//absl/cleanup", ], ) @@ -3325,9 +3376,9 @@ envoy_cc_library( "//conditions:default": ["quiche/quic/core/io/socket_posix.cc"], }), hdrs = [ + "quiche/quic/core/io/connecting_client_socket.h", "quiche/quic/core/io/socket.h", "quiche/quic/core/io/socket_factory.h", - "quiche/quic/core/io/stream_client_socket.h", ], copts = quiche_copts, repository = "@envoy", @@ -4542,7 +4593,10 @@ envoy_cc_test_library( copts = quiche_copts, repository = "@envoy", tags = ["nofips"], - deps = [":quic_core_crypto_random_lib"], + deps = [ + ":quic_core_crypto_random_lib", + ":quic_platform_test", + ], ) envoy_cc_test_library( @@ -4673,6 +4727,7 @@ envoy_cc_test_library( ], hdrs = [ "quiche/quic/test_tools/crypto_test_utils.h", + "quiche/quic/test_tools/mock_connection_id_generator.h", "quiche/quic/test_tools/mock_quic_session_visitor.h", "quiche/quic/test_tools/mock_quic_time_wait_list_manager.h", "quiche/quic/test_tools/quic_buffered_packet_store_peer.h", diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index 2eab2eb7864ad..3d9fb9d14ae24 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -1095,12 +1095,12 @@ REPOSITORY_LOCATIONS_SPEC = dict( project_name = "QUICHE", project_desc = "QUICHE (QUIC, HTTP/2, Etc) is Google‘s implementation of QUIC and related protocols", project_url = "https://github.com/google/quiche", - version = "c2576eff37476b17ae780a366ad4e401ce3827f1", - sha256 = "81d63edca36951dfb9b17813bde66331e4c2b215efcec1d3839c5c7b55292ce1", + version = "3743c9285beaa0898f1eab9127202b253a717a39", + sha256 = "86789c6facaacbce1b7dd4acdadad0dbb9c2486fbe01fc0e598970f3c89c3e55", urls = ["https://github.com/google/quiche/archive/{version}.tar.gz"], strip_prefix = "quiche-{version}", use_category = ["dataplane_core"], - release_date = "2022-08-29", + release_date = "2022-09-13", cpe = "N/A", license = "BSD-3-Clause", license_url = "https://github.com/google/quiche/blob/{version}/LICENSE", diff --git a/source/common/http/http3/conn_pool.cc b/source/common/http/http3/conn_pool.cc index 2eef184b9862b..e0c47ee19ef4a 100644 --- a/source/common/http/http3/conn_pool.cc +++ b/source/common/http/http3/conn_pool.cc @@ -132,9 +132,10 @@ Http3ConnPoolImpl::createClientConnection(Quic::QuicStatNames& quic_stat_names, } Network::ConnectionSocket::OptionsSharedPtr socket_options = Upstream::combineConnectionSocketOptions(host()->cluster(), socketOptions()); - return Quic::createQuicNetworkConnection( - quic_info_, std::move(crypto_config), server_id_, dispatcher(), host()->address(), - source_address, quic_stat_names, rtt_cache, scope, socket_options, transportSocketOptions()); + return Quic::createQuicNetworkConnection(quic_info_, std::move(crypto_config), server_id_, + dispatcher(), host()->address(), source_address, + quic_stat_names, rtt_cache, scope, socket_options, + transportSocketOptions(), connection_id_generator_); } std::unique_ptr diff --git a/source/common/http/http3/conn_pool.h b/source/common/http/http3/conn_pool.h index 5e6ee683fc1d4..29d3b81e579bb 100644 --- a/source/common/http/http3/conn_pool.h +++ b/source/common/http/http3/conn_pool.h @@ -14,6 +14,7 @@ #include "source/common/quic/client_connection_factory_impl.h" #include "source/common/quic/envoy_quic_utils.h" #include "source/common/quic/quic_transport_socket_factory.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" #else #error "http3 conn pool should not be built with QUIC disabled" #endif @@ -174,6 +175,9 @@ class Http3ConnPoolImpl : public FixedHttpConnPoolImpl { quic::QuicServerId server_id_; // If not nullopt, called when the handshake state changes. OptRef connect_callback_; + + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; }; std::unique_ptr diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 4ebb1ad8853ac..2ea32f15eb46d 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -185,6 +185,17 @@ envoy_cc_library( ], ) +envoy_cc_library( + name = "envoy_deterministic_connection_id_generator_lib", + srcs = ["envoy_deterministic_connection_id_generator.cc"], + hdrs = ["envoy_deterministic_connection_id_generator.h"], + tags = ["nofips"], + deps = [ + ":envoy_quic_utils_lib", + "@com_github_google_quiche//:quic_core_deterministic_connection_id_generator_lib", + ], +) + envoy_cc_library( name = "codec_lib", srcs = ["codec_impl.cc"], @@ -370,6 +381,7 @@ envoy_cc_library( hdrs = ["active_quic_listener.h"], tags = ["nofips"], deps = [ + ":envoy_deterministic_connection_id_generator_lib", ":envoy_quic_alarm_factory_lib", ":envoy_quic_connection_helper_lib", ":envoy_quic_dispatcher_lib", diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index 2cd0e6c916252..f55d34b591d70 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -43,7 +43,7 @@ ActiveQuicListener::ActiveQuicListener( packets_to_read_to_connection_count_ratio_(packets_to_read_to_connection_count_ratio), crypto_server_stream_factory_(crypto_server_stream_factory), connection_id_generator_(quic::kQuicDefaultConnectionIdLength) { - ASSERT(!GetQuicFlag(FLAGS_quic_header_size_limit_includes_overhead)); + ASSERT(!GetQuicFlag(quic_header_size_limit_includes_overhead)); enabled_.emplace(Runtime::FeatureFlag(enabled, runtime)); diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index 75538258efa3c..651b811bba799 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -7,14 +7,13 @@ #include "envoy/runtime/runtime.h" #include "source/common/protobuf/utility.h" +#include "source/common/quic/envoy_deterministic_connection_id_generator.h" #include "source/common/quic/envoy_quic_dispatcher.h" #include "source/common/quic/envoy_quic_proof_source_factory_interface.h" #include "source/common/runtime/runtime_protos.h" #include "source/server/active_udp_listener.h" #include "source/server/connection_handler_impl.h" -#include "quiche/quic/core/deterministic_connection_id_generator.h" - #if defined(__linux__) #include #endif @@ -86,7 +85,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, uint64_t event_loops_with_buffered_chlo_for_test_{0}; uint32_t packets_to_read_to_connection_count_ratio_; EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory_; - quic::DeterministicConnectionIdGenerator connection_id_generator_; + EnvoyDeterministicConnectionIdGenerator connection_id_generator_; }; using ActiveQuicListenerPtr = std::unique_ptr; diff --git a/source/common/quic/client_connection_factory_impl.cc b/source/common/quic/client_connection_factory_impl.cc index 40f427471adb2..67f4fc1037316 100644 --- a/source/common/quic/client_connection_factory_impl.cc +++ b/source/common/quic/client_connection_factory_impl.cc @@ -40,7 +40,8 @@ std::unique_ptr createQuicNetworkConnection( Network::Address::InstanceConstSharedPtr local_addr, QuicStatNames& quic_stat_names, OptRef rtt_cache, Stats::Scope& scope, const Network::ConnectionSocket::OptionsSharedPtr& options, - const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options) { + const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options, + quic::ConnectionIdGeneratorInterface& generator) { // TODO: Quic should take into account the set_local_interface_name_on_upstream_connections config // and call maybeSetInterfaceName based on that upon acquiring a local socket. // Similar to what is done in ClientConnectionImpl::onConnected(). @@ -50,7 +51,7 @@ std::unique_ptr createQuicNetworkConnection( ASSERT(!quic_versions.empty()); auto connection = std::make_unique( quic::QuicUtils::CreateRandomConnectionId(), server_addr, info_impl->conn_helper_, - info_impl->alarm_factory_, quic_versions, local_addr, dispatcher, options); + info_impl->alarm_factory_, quic_versions, local_addr, dispatcher, options, generator); // TODO (danzh) move this temporary config and initial RTT configuration to h3 pool. quic::QuicConfig config = info_impl->quic_config_; diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index 8b55748e5c0af..4f21edb3038b1 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -47,7 +47,8 @@ std::unique_ptr createQuicNetworkConnection( Network::Address::InstanceConstSharedPtr local_addr, QuicStatNames& quic_stat_names, OptRef rtt_cache, Stats::Scope& scope, const Network::ConnectionSocket::OptionsSharedPtr& options, - const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options); + const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options, + quic::ConnectionIdGeneratorInterface& generator); } // namespace Quic } // namespace Envoy diff --git a/source/common/quic/envoy_deterministic_connection_id_generator.cc b/source/common/quic/envoy_deterministic_connection_id_generator.cc new file mode 100644 index 0000000000000..6313b6335d361 --- /dev/null +++ b/source/common/quic/envoy_deterministic_connection_id_generator.cc @@ -0,0 +1,29 @@ +#include "source/common/quic/envoy_deterministic_connection_id_generator.h" + +#include "source/common/quic/envoy_quic_utils.h" + +namespace Envoy { +namespace Quic { + +absl::optional +EnvoyDeterministicConnectionIdGenerator::GenerateNextConnectionId( + const quic::QuicConnectionId& original) { + auto new_cid = DeterministicConnectionIdGenerator::GenerateNextConnectionId(original); + if (new_cid.has_value()) { + adjustNewConnectionIdForRoutine(new_cid.value(), original); + } + return new_cid; +} + +absl::optional +EnvoyDeterministicConnectionIdGenerator::MaybeReplaceConnectionId( + const quic::QuicConnectionId& original, const quic::ParsedQuicVersion& version) { + auto new_cid = DeterministicConnectionIdGenerator::MaybeReplaceConnectionId(original, version); + if (new_cid.has_value()) { + adjustNewConnectionIdForRoutine(new_cid.value(), original); + } + return new_cid; +} + +} // namespace Quic +} // namespace Envoy diff --git a/source/common/quic/envoy_deterministic_connection_id_generator.h b/source/common/quic/envoy_deterministic_connection_id_generator.h new file mode 100644 index 0000000000000..87f206ceb05bf --- /dev/null +++ b/source/common/quic/envoy_deterministic_connection_id_generator.h @@ -0,0 +1,25 @@ +#pragma once + +#include "quiche/quic/core/deterministic_connection_id_generator.h" + +namespace Envoy { +namespace Quic { + +// This class modifies connection ids that are too long in an Envoy fashion. +class EnvoyDeterministicConnectionIdGenerator : public quic::DeterministicConnectionIdGenerator { + + using DeterministicConnectionIdGenerator::DeterministicConnectionIdGenerator; + +public: + // Hashes |original| to create a new connection ID in Envoy fashion. + absl::optional + GenerateNextConnectionId(const quic::QuicConnectionId& original) override; + // Replace the connection ID if and only if |original| is not of the expected + // length in Envoy fashion. + absl::optional + MaybeReplaceConnectionId(const quic::QuicConnectionId& original, + const quic::ParsedQuicVersion& version) override; +}; + +} // namespace Quic +} // namespace Envoy diff --git a/source/common/quic/envoy_quic_client_connection.cc b/source/common/quic/envoy_quic_client_connection.cc index c598764dc87f9..06aeba21026c3 100644 --- a/source/common/quic/envoy_quic_client_connection.cc +++ b/source/common/quic/envoy_quic_client_connection.cc @@ -18,32 +18,35 @@ EnvoyQuicClientConnection::EnvoyQuicClientConnection( quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory, const quic::ParsedQuicVersionVector& supported_versions, Network::Address::InstanceConstSharedPtr local_addr, Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) - : EnvoyQuicClientConnection(server_connection_id, helper, alarm_factory, supported_versions, - dispatcher, - createConnectionSocket(initial_peer_address, local_addr, options)) { -} + const Network::ConnectionSocket::OptionsSharedPtr& options, + quic::ConnectionIdGeneratorInterface& generator) + : EnvoyQuicClientConnection( + server_connection_id, helper, alarm_factory, supported_versions, dispatcher, + createConnectionSocket(initial_peer_address, local_addr, options), generator) {} EnvoyQuicClientConnection::EnvoyQuicClientConnection( const quic::QuicConnectionId& server_connection_id, quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory, const quic::ParsedQuicVersionVector& supported_versions, - Event::Dispatcher& dispatcher, Network::ConnectionSocketPtr&& connection_socket) + Event::Dispatcher& dispatcher, Network::ConnectionSocketPtr&& connection_socket, + quic::ConnectionIdGeneratorInterface& generator) : EnvoyQuicClientConnection( server_connection_id, helper, alarm_factory, new EnvoyQuicPacketWriter( std::make_unique(connection_socket->ioHandle())), - /*owns_writer=*/true, supported_versions, dispatcher, std::move(connection_socket)) {} + /*owns_writer=*/true, supported_versions, dispatcher, std::move(connection_socket), + generator) {} EnvoyQuicClientConnection::EnvoyQuicClientConnection( const quic::QuicConnectionId& server_connection_id, quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter* writer, bool owns_writer, const quic::ParsedQuicVersionVector& supported_versions, Event::Dispatcher& dispatcher, - Network::ConnectionSocketPtr&& connection_socket) + Network::ConnectionSocketPtr&& connection_socket, + quic::ConnectionIdGeneratorInterface& generator) : quic::QuicConnection(server_connection_id, quic::QuicSocketAddress(), envoyIpAddressToQuicSocketAddress( connection_socket->connectionInfoProvider().remoteAddress()->ip()), &helper, &alarm_factory, writer, owns_writer, - quic::Perspective::IS_CLIENT, supported_versions), + quic::Perspective::IS_CLIENT, supported_versions, generator), QuicNetworkConnection(std::move(connection_socket)), dispatcher_(dispatcher) {} void EnvoyQuicClientConnection::processPacket( @@ -175,7 +178,7 @@ void EnvoyQuicClientConnection::onPathValidationFailure( std::unique_ptr /*context*/) { // Note that the probing socket and probing writer will be deleted once context goes out of // scope. - OnPathValidationFailureAtClient(); + OnPathValidationFailureAtClient(/*is_multi_port=*/false); } void EnvoyQuicClientConnection::onFileEvent(uint32_t events, diff --git a/source/common/quic/envoy_quic_client_connection.h b/source/common/quic/envoy_quic_client_connection.h index 5b25461443501..a043ab701a4c6 100644 --- a/source/common/quic/envoy_quic_client_connection.h +++ b/source/common/quic/envoy_quic_client_connection.h @@ -33,7 +33,8 @@ class EnvoyQuicClientConnection : public quic::QuicConnection, const quic::ParsedQuicVersionVector& supported_versions, Network::Address::InstanceConstSharedPtr local_addr, Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options); + const Network::ConnectionSocket::OptionsSharedPtr& options, + quic::ConnectionIdGeneratorInterface& generator); EnvoyQuicClientConnection(const quic::QuicConnectionId& server_connection_id, quic::QuicConnectionHelperInterface& helper, @@ -41,7 +42,8 @@ class EnvoyQuicClientConnection : public quic::QuicConnection, bool owns_writer, const quic::ParsedQuicVersionVector& supported_versions, Event::Dispatcher& dispatcher, - Network::ConnectionSocketPtr&& connection_socket); + Network::ConnectionSocketPtr&& connection_socket, + quic::ConnectionIdGeneratorInterface& generator); // Network::UdpPacketProcessor void processPacket(Network::Address::InstanceConstSharedPtr local_address, @@ -120,7 +122,8 @@ class EnvoyQuicClientConnection : public quic::QuicConnection, quic::QuicAlarmFactory& alarm_factory, const quic::ParsedQuicVersionVector& supported_versions, Event::Dispatcher& dispatcher, - Network::ConnectionSocketPtr&& connection_socket); + Network::ConnectionSocketPtr&& connection_socket, + quic::ConnectionIdGeneratorInterface& generator); void onFileEvent(uint32_t events, Network::ConnectionSocket& connection_socket); diff --git a/source/common/quic/envoy_quic_dispatcher.cc b/source/common/quic/envoy_quic_dispatcher.cc index ad10ef7f2627c..1c8b89e4a15a1 100644 --- a/source/common/quic/envoy_quic_dispatcher.cc +++ b/source/common/quic/envoy_quic_dispatcher.cc @@ -93,7 +93,8 @@ std::unique_ptr EnvoyQuicDispatcher::CreateQuicSession( auto quic_connection = std::make_unique( server_connection_id, self_address, peer_address, *helper(), *alarm_factory(), writer(), - /*owns_writer=*/false, quic::ParsedQuicVersionVector{version}, std::move(connection_socket)); + /*owns_writer=*/false, quic::ParsedQuicVersionVector{version}, std::move(connection_socket), + connection_id_generator()); auto quic_session = std::make_unique( quic_config, quic::ParsedQuicVersionVector{version}, std::move(quic_connection), this, session_helper(), crypto_config(), compressed_certs_cache(), dispatcher_, diff --git a/source/common/quic/envoy_quic_server_connection.cc b/source/common/quic/envoy_quic_server_connection.cc index 53763b6948576..51bf4a5bea0db 100644 --- a/source/common/quic/envoy_quic_server_connection.cc +++ b/source/common/quic/envoy_quic_server_connection.cc @@ -13,10 +13,10 @@ EnvoyQuicServerConnection::EnvoyQuicServerConnection( quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter* writer, bool owns_writer, const quic::ParsedQuicVersionVector& supported_versions, - Network::ConnectionSocketPtr connection_socket) + Network::ConnectionSocketPtr connection_socket, quic::ConnectionIdGeneratorInterface& generator) : quic::QuicConnection(server_connection_id, initial_self_address, initial_peer_address, &helper, &alarm_factory, writer, owns_writer, - quic::Perspective::IS_SERVER, supported_versions), + quic::Perspective::IS_SERVER, supported_versions, generator), QuicNetworkConnection(std::move(connection_socket)), defer_send_(Runtime::runtimeFeatureEnabled( "envoy.reloadable_features.quic_defer_send_in_response_to_packet")) { @@ -26,7 +26,7 @@ EnvoyQuicServerConnection::EnvoyQuicServerConnection( // UDP GSO sendmsg efficiency. But this optimization causes some test failures under Windows, // and Windows doesn't support GSO, do not apply this optimization on Windows. // TODO(#22976) Figure out if this is needed on Windows. - set_defer_send_in_response_to_packets(GetQuicFlag(FLAGS_quic_defer_send_in_response)); + set_defer_send_in_response_to_packets(GetQuicFlag(quic_defer_send_in_response)); } #endif } @@ -51,7 +51,7 @@ std::unique_ptr EnvoyQuicServerConnection::MakeSelfIssuedConnectionIdManager() { return std::make_unique( quic::kMinNumOfActiveConnectionIds, connection_id(), clock(), alarm_factory(), this, - context()); + context(), connection_id_generator()); } quic::QuicConnectionId EnvoyQuicSelfIssuedConnectionIdManager::GenerateNewConnectionId( diff --git a/source/common/quic/envoy_quic_server_connection.h b/source/common/quic/envoy_quic_server_connection.h index 06c2037e31f6c..5c72bae67f8c7 100644 --- a/source/common/quic/envoy_quic_server_connection.h +++ b/source/common/quic/envoy_quic_server_connection.h @@ -20,7 +20,8 @@ class EnvoyQuicServerConnection : public quic::QuicConnection, public QuicNetwor quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter* writer, bool owns_writer, const quic::ParsedQuicVersionVector& supported_versions, - Network::ConnectionSocketPtr connection_socket); + Network::ConnectionSocketPtr connection_socket, + quic::ConnectionIdGeneratorInterface& generator); // quic::QuicConnection // Overridden to set connection_socket_ with initialized self address and retrieve filter chain. diff --git a/source/common/quic/envoy_quic_utils.cc b/source/common/quic/envoy_quic_utils.cc index 7ee1071f87540..e27a0cacac0f6 100644 --- a/source/common/quic/envoy_quic_utils.cc +++ b/source/common/quic/envoy_quic_utils.cc @@ -19,7 +19,7 @@ quicAddressToEnvoyAddressInstance(const quic::QuicSocketAddress& quic_address) { return quic_address.IsInitialized() ? Network::Address::addressFromSockAddrOrDie(quic_address.generic_address(), quic_address.host().address_family() == - quic::IpAddressFamily::IP_V4 + quiche::IpAddressFamily::IP_V4 ? sizeof(sockaddr_in) : sizeof(sockaddr_in6), -1, false) diff --git a/source/common/quic/platform/quiche_flags_impl.h b/source/common/quic/platform/quiche_flags_impl.h index 427e161482ea3..9c16b79694393 100644 --- a/source/common/quic/platform/quiche_flags_impl.h +++ b/source/common/quic/platform/quiche_flags_impl.h @@ -67,9 +67,9 @@ QUIC_FLAG(quic_restart_flag_http2_testonly_default_true, true) // NOLINT namespace quiche { -#define GetQuicheFlagImpl(flag) absl::GetFlag(flag) +#define GetQuicheFlagImpl(flag) absl::GetFlag(FLAGS_##flag) -#define SetQuicheFlagImpl(flag, value) absl::SetFlag(&flag, value) +#define SetQuicheFlagImpl(flag, value) absl::SetFlag(&FLAGS_##flag, value) #define GetQuicheReloadableFlagImpl(module, flag) absl::GetFlag(FLAGS_quic_reloadable_flag_##flag) diff --git a/test/common/quic/client_connection_factory_impl_test.cc b/test/common/quic/client_connection_factory_impl_test.cc index 7f94aa99a295a..b8f104376d229 100644 --- a/test/common/quic/client_connection_factory_impl_test.cc +++ b/test/common/quic/client_connection_factory_impl_test.cc @@ -16,6 +16,7 @@ #include "test/test_common/simulated_time_system.h" #include "quiche/quic/core/crypto/quic_client_session_cache.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" using testing::Return; @@ -71,6 +72,8 @@ class QuicNetworkConnectionTest : public Event::TestUsingSimulatedTime, std::shared_ptr crypto_config_; Stats::IsolatedStoreImpl store_; QuicStatNames quic_stat_names_{store_.symbolTable()}; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; }; TEST_P(QuicNetworkConnectionTest, BufferLimits) { @@ -80,7 +83,8 @@ TEST_P(QuicNetworkConnectionTest, BufferLimits) { std::unique_ptr client_connection = createQuicNetworkConnection( *quic_info_, crypto_config_, quic::QuicServerId{factory_->clientContextConfig().serverNameIndication(), port, false}, - dispatcher_, test_address_, test_address_, quic_stat_names_, {}, store_, nullptr, nullptr); + dispatcher_, test_address_, test_address_, quic_stat_names_, {}, store_, nullptr, nullptr, + connection_id_generator_); EnvoyQuicClientSession* session = static_cast(client_connection.get()); session->Initialize(); client_connection->connect(); @@ -107,7 +111,7 @@ TEST_P(QuicNetworkConnectionTest, SocketOptions) { *quic_info_, crypto_config_, quic::QuicServerId{factory_->clientContextConfig().serverNameIndication(), port, false}, dispatcher_, test_address_, test_address_, quic_stat_names_, {}, store_, socket_options, - nullptr); + nullptr, connection_id_generator_); EnvoyQuicClientSession* session = static_cast(client_connection.get()); session->Initialize(); client_connection->connect(); @@ -127,7 +131,7 @@ TEST_P(QuicNetworkConnectionTest, Srtt) { info, crypto_config_, quic::QuicServerId{factory_->clientContextConfig().serverNameIndication(), port, false}, dispatcher_, test_address_, test_address_, quic_stat_names_, rtt_cache, store_, nullptr, - nullptr); + nullptr, connection_id_generator_); EnvoyQuicClientSession* session = static_cast(client_connection.get()); diff --git a/test/common/quic/envoy_quic_client_session_test.cc b/test/common/quic/envoy_quic_client_session_test.cc index 56f310a986990..f31b43d18a5c6 100644 --- a/test/common/quic/envoy_quic_client_session_test.cc +++ b/test/common/quic/envoy_quic_client_session_test.cc @@ -21,6 +21,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "quiche/quic/core/crypto/null_encrypter.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" #include "quiche/quic/test_tools/crypto_test_utils.h" #include "quiche/quic/test_tools/quic_session_peer.h" #include "quiche/quic/test_tools/quic_test_utils.h" @@ -40,9 +41,11 @@ class TestEnvoyQuicClientConnection : public EnvoyQuicClientConnection { quic::QuicPacketWriter& writer, const quic::ParsedQuicVersionVector& supported_versions, Event::Dispatcher& dispatcher, - Network::ConnectionSocketPtr&& connection_socket) + Network::ConnectionSocketPtr&& connection_socket, + quic::ConnectionIdGeneratorInterface& generator) : EnvoyQuicClientConnection(server_connection_id, helper, alarm_factory, &writer, false, - supported_versions, dispatcher, std::move(connection_socket)) { + supported_versions, dispatcher, std::move(connection_socket), + generator) { SetEncrypter(quic::ENCRYPTION_FORWARD_SECURE, std::make_unique(quic::Perspective::IS_CLIENT)); SetDefaultEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); @@ -68,7 +71,8 @@ class EnvoyQuicClientSessionTest : public testing::TestWithParam( quic::test::crypto_test_utils::ProofVerifierForTesting())), quic_stat_names_(store_.symbolTable()), @@ -135,6 +139,8 @@ class EnvoyQuicClientSessionTest : public testing::TestWithParam writer_; Network::Address::InstanceConstSharedPtr peer_addr_; Network::Address::InstanceConstSharedPtr self_addr_; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; TestEnvoyQuicClientConnection* quic_connection_; quic::QuicConfig quic_config_; std::shared_ptr crypto_config_; diff --git a/test/common/quic/envoy_quic_client_stream_test.cc b/test/common/quic/envoy_quic_client_stream_test.cc index f35e61e88455d..3e8894e81017d 100644 --- a/test/common/quic/envoy_quic_client_stream_test.cc +++ b/test/common/quic/envoy_quic_client_stream_test.cc @@ -13,6 +13,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "quiche/quic/core/crypto/null_encrypter.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" namespace Envoy { namespace Quic { @@ -39,7 +40,7 @@ class EnvoyQuicClientStreamTest : public testing::Test { quic_connection_(new EnvoyQuicClientConnection( quic::test::TestConnectionId(), connection_helper_, alarm_factory_, &writer_, /*owns_writer=*/false, {quic_version_}, *dispatcher_, - createConnectionSocket(peer_addr_, self_addr_, nullptr))), + createConnectionSocket(peer_addr_, self_addr_, nullptr), connection_id_generator_)), quic_session_(quic_config_, {quic_version_}, std::unique_ptr(quic_connection_), *dispatcher_, quic_config_.GetInitialStreamFlowControlWindowToSend() * 2, @@ -134,6 +135,8 @@ class EnvoyQuicClientStreamTest : public testing::Test { Network::Address::InstanceConstSharedPtr peer_addr_; Network::Address::InstanceConstSharedPtr self_addr_; MockDelegate delegate_; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; EnvoyQuicClientConnection* quic_connection_; TestQuicCryptoClientStreamFactory crypto_stream_factory_; MockEnvoyQuicClientSession quic_session_; diff --git a/test/common/quic/envoy_quic_server_session_test.cc b/test/common/quic/envoy_quic_server_session_test.cc index f33cf847058e7..0067ffe2a79e5 100644 --- a/test/common/quic/envoy_quic_server_session_test.cc +++ b/test/common/quic/envoy_quic_server_session_test.cc @@ -27,6 +27,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "quiche/quic/core/crypto/null_encrypter.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" #include "quiche/quic/core/quic_crypto_server_stream.h" #include "quiche/quic/core/quic_utils.h" #include "quiche/quic/core/quic_versions.h" @@ -147,7 +148,8 @@ class EnvoyQuicServerSessionTest : public testing::Test { quic_version_({[]() { return quic::CurrentSupportedHttp3Versions()[0]; }()}), quic_stat_names_(listener_config_.listenerScope().symbolTable()), quic_connection_(new MockEnvoyQuicServerConnection( - connection_helper_, alarm_factory_, writer_, quic_version_, *listener_config_.socket_)), + connection_helper_, alarm_factory_, writer_, quic_version_, *listener_config_.socket_, + connection_id_generator_)), crypto_config_(quic::QuicCryptoServerConfig::TESTING, quic::QuicRandom::GetInstance(), std::make_unique(), quic::KeyExchangeSource::Default()), envoy_quic_session_(quic_config_, quic_version_, @@ -248,6 +250,8 @@ class EnvoyQuicServerSessionTest : public testing::Test { testing::NiceMock writer_; testing::NiceMock listener_config_; QuicStatNames quic_stat_names_; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; MockEnvoyQuicServerConnection* quic_connection_; quic::QuicConfig quic_config_; quic::QuicCryptoServerConfig crypto_config_; diff --git a/test/common/quic/envoy_quic_server_stream_test.cc b/test/common/quic/envoy_quic_server_stream_test.cc index 09bc00e68663b..64f2473ab5d88 100644 --- a/test/common/quic/envoy_quic_server_stream_test.cc +++ b/test/common/quic/envoy_quic_server_stream_test.cc @@ -19,6 +19,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "quiche/quic/core/crypto/null_encrypter.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" #include "quiche/quic/test_tools/quic_connection_peer.h" #include "quiche/quic/test_tools/quic_session_peer.h" @@ -39,10 +40,10 @@ class EnvoyQuicServerStreamTest : public testing::Test { POOL_GAUGE(listener_config_.listenerScope()), POOL_HISTOGRAM(listener_config_.listenerScope()))}), quic_connection_(connection_helper_, alarm_factory_, writer_, - quic::ParsedQuicVersionVector{quic_version_}, *listener_config_.socket_), + quic::ParsedQuicVersionVector{quic_version_}, *listener_config_.socket_, + connection_id_generator_), quic_session_(quic_config_, {quic_version_}, &quic_connection_, *dispatcher_, quic_config_.GetInitialStreamFlowControlWindowToSend() * 2), - stream_id_(4u), stats_( {ALL_HTTP3_CODEC_STATS(POOL_COUNTER_PREFIX(listener_config_.listenerScope(), "http3."), POOL_GAUGE_PREFIX(listener_config_.listenerScope(), "http3."))}), @@ -172,9 +173,11 @@ class EnvoyQuicServerStreamTest : public testing::Test { quic::QuicConfig quic_config_; testing::NiceMock listener_config_; Server::ListenerStats listener_stats_; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; testing::NiceMock quic_connection_; MockEnvoyQuicSession quic_session_; - quic::QuicStreamId stream_id_; + quic::QuicStreamId stream_id_{4u}; Http::Http3::CodecStats stats_; envoy::config::core::v3::Http3ProtocolOptions http3_options_; EnvoyQuicServerStream* quic_stream_; diff --git a/test/common/quic/platform/quic_platform_test.cc b/test/common/quic/platform/quic_platform_test.cc index 4d27357e614f7..dd6f29299f4b6 100644 --- a/test/common/quic/platform/quic_platform_test.cc +++ b/test/common/quic/platform/quic_platform_test.cc @@ -477,8 +477,8 @@ TEST_F(QuicPlatformTest, QuicFlags) { // Test that the flags which envoy explicitly overrides have the right value. EXPECT_TRUE(GetQuicReloadableFlag(quic_disable_version_draft_29)); EXPECT_TRUE(GetQuicReloadableFlag(quic_default_to_bbr)); - EXPECT_FALSE(GetQuicFlag(FLAGS_quic_header_size_limit_includes_overhead)); - EXPECT_EQ(512 * 1024 * 1024, GetQuicFlag(FLAGS_quic_buffered_data_threshold)); + EXPECT_FALSE(GetQuicFlag(quic_header_size_limit_includes_overhead)); + EXPECT_EQ(512 * 1024 * 1024, GetQuicFlag(quic_buffered_data_threshold)); { quiche::test::QuicheFlagSaver saver; EXPECT_FALSE(GetQuicReloadableFlag(quic_testonly_default_false)); @@ -491,20 +491,20 @@ TEST_F(QuicPlatformTest, QuicFlags) { SetQuicRestartFlag(quic_testonly_default_false, true); EXPECT_TRUE(GetQuicRestartFlag(quic_testonly_default_false)); - EXPECT_FALSE(GetQuicheFlag(FLAGS_quiche_oghttp2_debug_trace)); - SetQuicheFlag(FLAGS_quiche_oghttp2_debug_trace, true); - EXPECT_TRUE(GetQuicheFlag(FLAGS_quiche_oghttp2_debug_trace)); + EXPECT_FALSE(GetQuicheFlag(quiche_oghttp2_debug_trace)); + SetQuicheFlag(quiche_oghttp2_debug_trace, true); + EXPECT_TRUE(GetQuicheFlag(quiche_oghttp2_debug_trace)); - EXPECT_EQ(200, GetQuicFlag(FLAGS_quic_time_wait_list_seconds)); - SetQuicFlag(FLAGS_quic_time_wait_list_seconds, 100); - EXPECT_EQ(100, GetQuicFlag(FLAGS_quic_time_wait_list_seconds)); + EXPECT_EQ(200, GetQuicFlag(quic_time_wait_list_seconds)); + SetQuicFlag(quic_time_wait_list_seconds, 100); + EXPECT_EQ(100, GetQuicFlag(quic_time_wait_list_seconds)); } // Verify that the saver reset all the flags to their previous values. EXPECT_FALSE(GetQuicReloadableFlag(quic_testonly_default_false)); EXPECT_FALSE(GetQuicRestartFlag(quic_testonly_default_false)); - EXPECT_EQ(200, GetQuicFlag(FLAGS_quic_time_wait_list_seconds)); - EXPECT_FALSE(GetQuicheFlag(FLAGS_quiche_oghttp2_debug_trace)); + EXPECT_EQ(200, GetQuicFlag(quic_time_wait_list_seconds)); + EXPECT_FALSE(GetQuicheFlag(quiche_oghttp2_debug_trace)); } TEST_F(QuicPlatformTest, UpdateReloadableFlags) { diff --git a/test/common/quic/test_utils.h b/test/common/quic/test_utils.h index 4f927ec6495f3..b081d9a52cd8e 100644 --- a/test/common/quic/test_utils.h +++ b/test/common/quic/test_utils.h @@ -30,25 +30,25 @@ class MockEnvoyQuicServerConnection : public EnvoyQuicServerConnection { quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter& writer, const quic::ParsedQuicVersionVector& supported_versions, - Network::Socket& listen_socket) + Network::Socket& listen_socket, + quic::ConnectionIdGeneratorInterface& generator) : MockEnvoyQuicServerConnection( helper, alarm_factory, writer, quic::QuicSocketAddress(quic::QuicIpAddress::Any4(), 12345), quic::QuicSocketAddress(quic::QuicIpAddress::Loopback4(), 12345), supported_versions, - listen_socket) {} + listen_socket, generator) {} - MockEnvoyQuicServerConnection(quic::QuicConnectionHelperInterface& helper, - quic::QuicAlarmFactory& alarm_factory, - quic::QuicPacketWriter& writer, - quic::QuicSocketAddress self_address, - quic::QuicSocketAddress peer_address, - const quic::ParsedQuicVersionVector& supported_versions, - Network::Socket& listen_socket) + MockEnvoyQuicServerConnection( + quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory, + quic::QuicPacketWriter& writer, quic::QuicSocketAddress self_address, + quic::QuicSocketAddress peer_address, const quic::ParsedQuicVersionVector& supported_versions, + Network::Socket& listen_socket, quic::ConnectionIdGeneratorInterface& generator) : EnvoyQuicServerConnection( quic::test::TestConnectionId(), self_address, peer_address, helper, alarm_factory, &writer, /*owns_writer=*/false, supported_versions, createServerConnectionSocket(listen_socket.ioHandle(), self_address, peer_address, - "example.com", "h3-29")) {} + "example.com", "h3-29"), + generator) {} Network::Connection::ConnectionStats& connectionStats() const { return QuicNetworkConnection::connectionStats(); diff --git a/test/integration/http_integration.cc b/test/integration/http_integration.cc index fb9634077d1a0..b754afde2646d 100644 --- a/test/integration/http_integration.cc +++ b/test/integration/http_integration.cc @@ -252,7 +252,8 @@ Network::ClientConnectionPtr HttpIntegrationTest::makeClientConnectionWithOption quic::QuicServerId( quic_transport_socket_factory_ref.clientContextConfig().serverNameIndication(), static_cast(port)), - *dispatcher_, server_addr, local_addr, quic_stat_names_, {}, stats_store_, options, nullptr); + *dispatcher_, server_addr, local_addr, quic_stat_names_, {}, stats_store_, options, nullptr, + connection_id_generator_); #else ASSERT(false, "running a QUIC integration test without compiling QUIC"); return nullptr; diff --git a/test/integration/http_integration.h b/test/integration/http_integration.h index a13fdb5f100d3..6cf568d197313 100644 --- a/test/integration/http_integration.h +++ b/test/integration/http_integration.h @@ -12,6 +12,10 @@ #include "test/integration/utility.h" #include "test/test_common/printers.h" +#ifdef ENVOY_ENABLE_QUIC +#include "quiche/quic/core/deterministic_connection_id_generator.h" +#endif + namespace Envoy { using ::Envoy::Http::Http2::Http2Frame; @@ -345,6 +349,10 @@ class HttpIntegrationTest : public BaseIntegrationTest { Quic::QuicStatNames quic_stat_names_; std::string san_to_match_{"spiffe://lyft.com/backend-team"}; bool enable_quic_early_data_{true}; +#ifdef ENVOY_ENABLE_QUIC + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; +#endif }; // Helper class for integration tests using raw HTTP/2 frames diff --git a/test/integration/quic_http_integration_test.cc b/test/integration/quic_http_integration_test.cc index 4e15dd7144acc..8c934b704d941 100644 --- a/test/integration/quic_http_integration_test.cc +++ b/test/integration/quic_http_integration_test.cc @@ -66,9 +66,10 @@ class TestEnvoyQuicClientConnection : public EnvoyQuicClientConnection { Network::Address::InstanceConstSharedPtr local_addr, Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - bool validation_failure_on_path_response) + bool validation_failure_on_path_response, + quic::ConnectionIdGeneratorInterface& generator) : EnvoyQuicClientConnection(server_connection_id, initial_peer_address, helper, alarm_factory, - supported_versions, local_addr, dispatcher, options), + supported_versions, local_addr, dispatcher, options, generator), dispatcher_(dispatcher), validation_failure_on_path_response_(validation_failure_on_path_response) {} @@ -173,7 +174,7 @@ class QuicHttpIntegrationTestBase : public HttpIntegrationTest { auto connection = std::make_unique( getNextConnectionId(), server_addr_, conn_helper_, alarm_factory_, quic::ParsedQuicVersionVector{supported_versions_[0]}, local_addr, *dispatcher_, options, - validation_failure_on_path_response_); + validation_failure_on_path_response_, connection_id_generator_); quic_connection_ = connection.get(); ASSERT(quic_connection_persistent_info_ != nullptr); auto& persistent_info = static_cast(*quic_connection_persistent_info_); @@ -366,6 +367,8 @@ class QuicHttpIntegrationTestBase : public HttpIntegrationTest { Ssl::ClientSslTransportOptions ssl_client_option_; std::unique_ptr transport_socket_factory_; bool validation_failure_on_path_response_{false}; + quic::DeterministicConnectionIdGenerator connection_id_generator_{ + quic::kQuicDefaultConnectionIdLength}; }; class QuicHttpIntegrationTest : public QuicHttpIntegrationTestBase, diff --git a/test/integration/utility.cc b/test/integration/utility.cc index 2a984f5dad340..d43b4d54f3917 100644 --- a/test/integration/utility.cc +++ b/test/integration/utility.cc @@ -25,6 +25,7 @@ #ifdef ENVOY_ENABLE_QUIC #include "source/common/quic/client_connection_factory_impl.h" #include "source/common/quic/quic_transport_socket_factory.h" +#include "quiche/quic/core/deterministic_connection_id_generator.h" #endif #include "test/common/upstream/utility.h" @@ -226,11 +227,13 @@ IntegrationUtil::makeSingleRequest(const Network::Address::InstanceConstSharedPt // Docker only works with loopback v6 address. local_address = std::make_shared("::1"); } + quic::DeterministicConnectionIdGenerator generator(quic::kQuicDefaultConnectionIdLength); Network::ClientConnectionPtr connection = Quic::createQuicNetworkConnection( *persistent_info, quic_transport_socket_factory.getCryptoConfig(), quic::QuicServerId(quic_transport_socket_factory.clientContextConfig().serverNameIndication(), static_cast(addr->ip()->port())), - *dispatcher, addr, local_address, quic_stat_names, {}, mock_stats_store, nullptr, nullptr); + *dispatcher, addr, local_address, quic_stat_names, {}, mock_stats_store, nullptr, nullptr, + generator); connection->addConnectionCallbacks(connection_callbacks); Http::CodecClientProd client(type, std::move(connection), host_description, *dispatcher, random, options); diff --git a/test/per_file_coverage.sh b/test/per_file_coverage.sh index 27c060a409771..653bcf6790671 100755 --- a/test/per_file_coverage.sh +++ b/test/per_file_coverage.sh @@ -20,7 +20,7 @@ declare -a KNOWN_LOW_COVERAGE=( "source/common/network:94.4" # Flaky, `activateFileEvents`, `startSecureTransport` and `ioctl`, listener_socket do not always report LCOV "source/common/network/dns_resolver:90.7" # A few lines of MacOS code not tested in linux scripts. Tested in MacOS scripts "source/common/protobuf:94.8" -"source/common/quic:91.8" +"source/common/quic:91.6" "source/common/router:95.8" # Bump to 96.3 after 22879 is addressed "source/common/runtime:96.4" "source/common/secret:94.9"