Update QUICHE from c2576eff3 to 3743c9285

bazel/external/quiche.BUILD

@@ -1748,24 +1748,50 @@ envoy_cc_test_library(
 
 envoy_cc_library(
     name = "quic_platform_ip_address_family",
-    srcs = ["quiche/quic/platform/api/quic_ip_address_family.cc"],
     hdrs = ["quiche/quic/platform/api/quic_ip_address_family.h"],
     repository = "@envoy",
     tags = ["nofips"],
     visibility = ["//visibility:public"],
+    deps = [
+        ":quic_platform_bug_tracker",
+        ":quiche_common_ip_address_family",
+    ],
+)
+
+envoy_cc_library(
+    name = "quiche_common_ip_address_family",
+    srcs = ["quiche/common/quiche_ip_address_family.cc"],
+    hdrs = ["quiche/common/quiche_ip_address_family.h"],
+    repository = "@envoy",
+    tags = ["nofips"],
+    visibility = ["//visibility:public"],
     deps = [
         ":quic_platform_bug_tracker",
     ],
 )
 
 envoy_cc_library(
     name = "quic_platform_ip_address",
-    srcs = ["quiche/quic/platform/api/quic_ip_address.cc"],
     hdrs = ["quiche/quic/platform/api/quic_ip_address.h"],
     copts = quiche_copts,
     repository = "@envoy",
     tags = ["nofips"],
     visibility = ["//visibility:public"],
+    deps = [
+        ":quic_platform_base",
+        ":quic_platform_export",
+        ":quiche_common_ip_address",
+    ],
+)
+
+envoy_cc_library(
+    name = "quiche_common_ip_address",
+    srcs = ["quiche/common/quiche_ip_address.cc"],
+    hdrs = ["quiche/common/quiche_ip_address.h"],
+    copts = quiche_copts,
+    repository = "@envoy",
+    tags = ["nofips"],
+    visibility = ["//visibility:public"],
     deps = [
         ":quic_platform_base",
         ":quic_platform_export",
@@ -2410,6 +2436,7 @@ envoy_cc_library(
     deps = [
         ":quic_platform_export",
         ":quiche_common_platform",
+        ":quiche_common_text_utils_lib",
     ],
 )
 
@@ -2424,6 +2451,7 @@ envoy_cc_library(
         ":quic_core_alarm_factory_lib",
         ":quic_core_alarm_lib",
         ":quic_core_clock_lib",
+        ":quic_core_connection_id_generator_interface_lib",
         ":quic_core_frames_frames_lib",
         ":quic_core_interval_set_lib",
         ":quic_core_types_lib",
@@ -2445,6 +2473,7 @@ cc_library(
     name = "quic_core_deterministic_connection_id_generator_lib",
     srcs = ["quiche/quic/core/deterministic_connection_id_generator.cc"],
     hdrs = ["quiche/quic/core/deterministic_connection_id_generator.h"],
+    visibility = ["//visibility:public"],
     deps = [
         ":quic_core_connection_id_generator_interface_lib",
         ":quic_core_utils_lib",
@@ -2523,6 +2552,26 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "quiche_crypto_logging",
+    srcs = [
+        "quiche/common/quiche_crypto_logging.cc",
+    ],
+    hdrs = [
+        "quiche/common/quiche_crypto_logging.h",
+    ],
+    copts = quiche_copts,
+    external_deps = ["ssl"],
+    repository = "@envoy",
+    tags = ["nofips"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":quiche_common_platform_logging",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
 envoy_cc_library(
     name = "quic_core_crypto_crypto_handshake_lib",
     srcs = [
@@ -2694,6 +2743,7 @@ envoy_cc_library(
         ":quic_core_types_lib",
         ":quic_core_utils_lib",
         ":quic_platform_base",
+        ":quiche_crypto_logging",
     ],
 )
 
@@ -2920,6 +2970,7 @@ envoy_cc_library(
         ":quic_core_versions_lib",
         ":quic_platform_base",
         ":quiche_common_text_utils_lib",
+        "@com_google_absl//absl/cleanup",
     ],
 )
 
@@ -3325,9 +3376,9 @@ envoy_cc_library(
         "//conditions:default": ["quiche/quic/core/io/socket_posix.cc"],
     }),
     hdrs = [
+        "quiche/quic/core/io/connecting_client_socket.h",
         "quiche/quic/core/io/socket.h",
         "quiche/quic/core/io/socket_factory.h",
-        "quiche/quic/core/io/stream_client_socket.h",
     ],
     copts = quiche_copts,
     repository = "@envoy",
@@ -4542,7 +4593,10 @@ envoy_cc_test_library(
     copts = quiche_copts,
     repository = "@envoy",
     tags = ["nofips"],
-    deps = [":quic_core_crypto_random_lib"],
+    deps = [
+        ":quic_core_crypto_random_lib",
+        ":quic_platform_test",
+    ],
 )
 
 envoy_cc_test_library(
@@ -4673,6 +4727,7 @@ envoy_cc_test_library(
     ],
     hdrs = [
         "quiche/quic/test_tools/crypto_test_utils.h",
+        "quiche/quic/test_tools/mock_connection_id_generator.h",
         "quiche/quic/test_tools/mock_quic_session_visitor.h",
         "quiche/quic/test_tools/mock_quic_time_wait_list_manager.h",
         "quiche/quic/test_tools/quic_buffered_packet_store_peer.h",

bazel/repository_locations.bzl

@@ -1095,12 +1095,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "QUICHE",
         project_desc = "QUICHE (QUIC, HTTP/2, Etc) is Google‘s implementation of QUIC and related protocols",
         project_url = "https://github.com/google/quiche",
-        version = "c2576eff37476b17ae780a366ad4e401ce3827f1",
-        sha256 = "81d63edca36951dfb9b17813bde66331e4c2b215efcec1d3839c5c7b55292ce1",
+        version = "3743c9285beaa0898f1eab9127202b253a717a39",
+        sha256 = "86789c6facaacbce1b7dd4acdadad0dbb9c2486fbe01fc0e598970f3c89c3e55",
         urls = ["https://github.com/google/quiche/archive/{version}.tar.gz"],
         strip_prefix = "quiche-{version}",
         use_category = ["dataplane_core"],
-        release_date = "2022-08-29",
+        release_date = "2022-09-13",
         cpe = "N/A",
         license = "BSD-3-Clause",
         license_url = "https://github.com/google/quiche/blob/{version}/LICENSE",

source/common/http/http3/conn_pool.cc

@@ -132,9 +132,10 @@ Http3ConnPoolImpl::createClientConnection(Quic::QuicStatNames& quic_stat_names,
   }
   Network::ConnectionSocket::OptionsSharedPtr socket_options =
       Upstream::combineConnectionSocketOptions(host()->cluster(), socketOptions());
-  return Quic::createQuicNetworkConnection(
-      quic_info_, std::move(crypto_config), server_id_, dispatcher(), host()->address(),
-      source_address, quic_stat_names, rtt_cache, scope, socket_options, transportSocketOptions());
+  return Quic::createQuicNetworkConnection(quic_info_, std::move(crypto_config), server_id_,
+                                           dispatcher(), host()->address(), source_address,
+                                           quic_stat_names, rtt_cache, scope, socket_options,
+                                           transportSocketOptions(), connection_id_generator_);
 }
 
 std::unique_ptr<Http3ConnPoolImpl>

source/common/http/http3/conn_pool.h

@@ -14,6 +14,7 @@
 #include "source/common/quic/client_connection_factory_impl.h"
 #include "source/common/quic/envoy_quic_utils.h"
 #include "source/common/quic/quic_transport_socket_factory.h"
+#include "quiche/quic/core/deterministic_connection_id_generator.h"
 #else
 #error "http3 conn pool should not be built with QUIC disabled"
 #endif
@@ -174,6 +175,9 @@ class Http3ConnPoolImpl : public FixedHttpConnPoolImpl {
   quic::QuicServerId server_id_;
   // If not nullopt, called when the handshake state changes.
   OptRef<PoolConnectResultCallback> connect_callback_;
+
+  quic::DeterministicConnectionIdGenerator connection_id_generator_{
+      quic::kQuicDefaultConnectionIdLength};
 };
 
 std::unique_ptr<Http3ConnPoolImpl>

source/common/quic/BUILD

@@ -185,6 +185,17 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "envoy_deterministic_connection_id_generator_lib",
+    srcs = ["envoy_deterministic_connection_id_generator.cc"],
+    hdrs = ["envoy_deterministic_connection_id_generator.h"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_utils_lib",
+        "@com_github_google_quiche//:quic_core_deterministic_connection_id_generator_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "codec_lib",
     srcs = ["codec_impl.cc"],
@@ -370,6 +381,7 @@ envoy_cc_library(
     hdrs = ["active_quic_listener.h"],
     tags = ["nofips"],
     deps = [
+        ":envoy_deterministic_connection_id_generator_lib",
         ":envoy_quic_alarm_factory_lib",
         ":envoy_quic_connection_helper_lib",
         ":envoy_quic_dispatcher_lib",

source/common/quic/active_quic_listener.cc

@@ -43,7 +43,7 @@ ActiveQuicListener::ActiveQuicListener(
       packets_to_read_to_connection_count_ratio_(packets_to_read_to_connection_count_ratio),
       crypto_server_stream_factory_(crypto_server_stream_factory),
       connection_id_generator_(quic::kQuicDefaultConnectionIdLength) {
-  ASSERT(!GetQuicFlag(FLAGS_quic_header_size_limit_includes_overhead));
+  ASSERT(!GetQuicFlag(quic_header_size_limit_includes_overhead));
 
   enabled_.emplace(Runtime::FeatureFlag(enabled, runtime));
 

source/common/quic/active_quic_listener.h

@@ -7,14 +7,13 @@
 #include "envoy/runtime/runtime.h"
 
 #include "source/common/protobuf/utility.h"
+#include "source/common/quic/envoy_deterministic_connection_id_generator.h"
 #include "source/common/quic/envoy_quic_dispatcher.h"
 #include "source/common/quic/envoy_quic_proof_source_factory_interface.h"
 #include "source/common/runtime/runtime_protos.h"
 #include "source/server/active_udp_listener.h"
 #include "source/server/connection_handler_impl.h"
 
-#include "quiche/quic/core/deterministic_connection_id_generator.h"
-
 #if defined(__linux__)
 #include <linux/filter.h>
 #endif
@@ -86,7 +85,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase,
   uint64_t event_loops_with_buffered_chlo_for_test_{0};
   uint32_t packets_to_read_to_connection_count_ratio_;
   EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory_;
-  quic::DeterministicConnectionIdGenerator connection_id_generator_;
+  EnvoyDeterministicConnectionIdGenerator connection_id_generator_;
 };
 
 using ActiveQuicListenerPtr = std::unique_ptr<ActiveQuicListener>;

source/common/quic/client_connection_factory_impl.cc

@@ -40,7 +40,8 @@ std::unique_ptr<Network::ClientConnection> createQuicNetworkConnection(
     Network::Address::InstanceConstSharedPtr local_addr, QuicStatNames& quic_stat_names,
     OptRef<Http::HttpServerPropertiesCache> rtt_cache, Stats::Scope& scope,
     const Network::ConnectionSocket::OptionsSharedPtr& options,
-    const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options) {
+    const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options,
+    quic::ConnectionIdGeneratorInterface& generator) {
   // TODO: Quic should take into account the set_local_interface_name_on_upstream_connections config
   // and call maybeSetInterfaceName based on that upon acquiring a local socket.
   // Similar to what is done in ClientConnectionImpl::onConnected().
@@ -50,7 +51,7 @@ std::unique_ptr<Network::ClientConnection> createQuicNetworkConnection(
   ASSERT(!quic_versions.empty());
   auto connection = std::make_unique<EnvoyQuicClientConnection>(
       quic::QuicUtils::CreateRandomConnectionId(), server_addr, info_impl->conn_helper_,
-      info_impl->alarm_factory_, quic_versions, local_addr, dispatcher, options);
+      info_impl->alarm_factory_, quic_versions, local_addr, dispatcher, options, generator);
 
   // TODO (danzh) move this temporary config and initial RTT configuration to h3 pool.
   quic::QuicConfig config = info_impl->quic_config_;

source/common/quic/client_connection_factory_impl.h

@@ -47,7 +47,8 @@ std::unique_ptr<Network::ClientConnection> createQuicNetworkConnection(
     Network::Address::InstanceConstSharedPtr local_addr, QuicStatNames& quic_stat_names,
     OptRef<Http::HttpServerPropertiesCache> rtt_cache, Stats::Scope& scope,
     const Network::ConnectionSocket::OptionsSharedPtr& options,
-    const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options);
+    const Network::TransportSocketOptionsConstSharedPtr& transport_socket_options,
+    quic::ConnectionIdGeneratorInterface& generator);
 
 } // namespace Quic
 } // namespace Envoy

source/common/quic/envoy_deterministic_connection_id_generator.cc

@@ -0,0 +1,29 @@
+#include "source/common/quic/envoy_deterministic_connection_id_generator.h"
+
+#include "source/common/quic/envoy_quic_utils.h"
+
+namespace Envoy {
+namespace Quic {
+
+absl::optional<quic::QuicConnectionId>
+EnvoyDeterministicConnectionIdGenerator::GenerateNextConnectionId(
+    const quic::QuicConnectionId& original) {
+  auto new_cid = DeterministicConnectionIdGenerator::GenerateNextConnectionId(original);
+  if (new_cid.has_value()) {
+    adjustNewConnectionIdForRoutine(new_cid.value(), original);
+  }
+  return new_cid;
+}
+
+absl::optional<quic::QuicConnectionId>
+EnvoyDeterministicConnectionIdGenerator::MaybeReplaceConnectionId(
+    const quic::QuicConnectionId& original, const quic::ParsedQuicVersion& version) {
+  auto new_cid = DeterministicConnectionIdGenerator::MaybeReplaceConnectionId(original, version);
+  if (new_cid.has_value()) {
+    adjustNewConnectionIdForRoutine(new_cid.value(), original);
+  }
+  return new_cid;
+}
+
+} // namespace Quic
+} // namespace Envoy

source/common/quic/envoy_deterministic_connection_id_generator.h

@@ -0,0 +1,25 @@
+#pragma once
+
+#include "quiche/quic/core/deterministic_connection_id_generator.h"
+
+namespace Envoy {
+namespace Quic {
+
+// This class modifies connection ids that are too long in an Envoy fashion.
+class EnvoyDeterministicConnectionIdGenerator : public quic::DeterministicConnectionIdGenerator {
+
+  using DeterministicConnectionIdGenerator::DeterministicConnectionIdGenerator;
+
+public:
+  // Hashes |original| to create a new connection ID in Envoy fashion.
+  absl::optional<quic::QuicConnectionId>
+  GenerateNextConnectionId(const quic::QuicConnectionId& original) override;
+  // Replace the connection ID if and only if |original| is not of the expected
+  // length in Envoy fashion.
+  absl::optional<quic::QuicConnectionId>
+  MaybeReplaceConnectionId(const quic::QuicConnectionId& original,
+                           const quic::ParsedQuicVersion& version) override;
+};
+
+} // namespace Quic
+} // namespace Envoy

source/common/quic/envoy_quic_client_connection.cc

@@ -18,32 +18,35 @@ EnvoyQuicClientConnection::EnvoyQuicClientConnection(
     quic::QuicConnectionHelperInterface& helper, quic::QuicAlarmFactory& alarm_factory,
     const quic::ParsedQuicVersionVector& supported_versions,
     Network::Address::InstanceConstSharedPtr local_addr, Event::Dispatcher& dispatcher,
-    const Network::ConnectionSocket::OptionsSharedPtr& options)
-    : EnvoyQuicClientConnection(server_connection_id, helper, alarm_factory, supported_versions,
-                                dispatcher,
-                                createConnectionSocket(initial_peer_address, local_addr, options)) {
-}
+    const Network::ConnectionSocket::OptionsSharedPtr& options,
+    quic::ConnectionIdGeneratorInterface& generator)
+    : EnvoyQuicClientConnection(
+          server_connection_id, helper, alarm_factory, supported_versions, dispatcher,
+          createConnectionSocket(initial_peer_address, local_addr, options), generator) {}
 
 EnvoyQuicClientConnection::EnvoyQuicClientConnection(
     const quic::QuicConnectionId& server_connection_id, quic::QuicConnectionHelperInterface& helper,
     quic::QuicAlarmFactory& alarm_factory, const quic::ParsedQuicVersionVector& supported_versions,
-    Event::Dispatcher& dispatcher, Network::ConnectionSocketPtr&& connection_socket)
+    Event::Dispatcher& dispatcher, Network::ConnectionSocketPtr&& connection_socket,
+    quic::ConnectionIdGeneratorInterface& generator)
     : EnvoyQuicClientConnection(
           server_connection_id, helper, alarm_factory,
           new EnvoyQuicPacketWriter(
               std::make_unique<Network::UdpDefaultWriter>(connection_socket->ioHandle())),
-          /*owns_writer=*/true, supported_versions, dispatcher, std::move(connection_socket)) {}
+          /*owns_writer=*/true, supported_versions, dispatcher, std::move(connection_socket),
+          generator) {}
 
 EnvoyQuicClientConnection::EnvoyQuicClientConnection(
     const quic::QuicConnectionId& server_connection_id, quic::QuicConnectionHelperInterface& helper,
     quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter* writer, bool owns_writer,
     const quic::ParsedQuicVersionVector& supported_versions, Event::Dispatcher& dispatcher,
-    Network::ConnectionSocketPtr&& connection_socket)
+    Network::ConnectionSocketPtr&& connection_socket,
+    quic::ConnectionIdGeneratorInterface& generator)
     : quic::QuicConnection(server_connection_id, quic::QuicSocketAddress(),
                            envoyIpAddressToQuicSocketAddress(
                                connection_socket->connectionInfoProvider().remoteAddress()->ip()),
                            &helper, &alarm_factory, writer, owns_writer,
-                           quic::Perspective::IS_CLIENT, supported_versions),
+                           quic::Perspective::IS_CLIENT, supported_versions, generator),
       QuicNetworkConnection(std::move(connection_socket)), dispatcher_(dispatcher) {}
 
 void EnvoyQuicClientConnection::processPacket(
@@ -175,7 +178,7 @@ void EnvoyQuicClientConnection::onPathValidationFailure(
     std::unique_ptr<quic::QuicPathValidationContext> /*context*/) {
   // Note that the probing socket and probing writer will be deleted once context goes out of
   // scope.
-  OnPathValidationFailureAtClient();
+  OnPathValidationFailureAtClient(/*is_multi_port=*/false);
 }
 
 void EnvoyQuicClientConnection::onFileEvent(uint32_t events,