Summary: The existing PacketDropReason values cover many branches in the code making it impossible to isolate the reason for a PARSE_ERROR, INVALID_PACKET, CONNECTION_NOT_FOUND. This change breaks them down into more values that are each used in a single branch.
Reviewed By: mjoras
Differential Revision: D39149490
fbshipit-source-id: 28cbe1ea6c4a06cf55960058edaa48c28ed4d2ef
Summary:
- continually issuing new connection ids to peer as old connections ids are retired through RETIRE_CONN_ID frames
- add logic to parse and act on receiving RETIRE_CONN_ID frame
Reviewed By: mjoras
Differential Revision: D38443561
fbshipit-source-id: 82fb679f482fd69c7b3a3385693d2e5575e92703
Summary: Returning nullptr indicates that it cannot support making a transport at the moment, so respond with a VN as a terminal signal.
Reviewed By: kvtsoy
Differential Revision: D37014231
fbshipit-source-id: e9905a97709cfcdb75d757b11258711c110077e9
Summary: Upgrading glog from 0.4.0 to 0.5.0 broke the windows build for some time. This change skips calling LOG_EVERY_N for Windows to restore the build. It is a stop-gap measure until logging is migrated to folly XLOG.
Reviewed By: kvtsoy
Differential Revision: D38371427
fbshipit-source-id: 9711607a348f0473e3e922d7f627217b3948c45d
Summary: Although there is no flaw in this code, the static analysis does not see that the remaining variable controls the flow path and considers the use of the data after move a failure.
Reviewed By: mjoras
Differential Revision: D37321326
fbshipit-source-id: 54c147f4e9840bd7e5c7a6122495be66044c7708
Summary: This prevents the EventBase from being destroyed before the QuicServerWorker
Reviewed By: mjoras
Differential Revision: D36713788
fbshipit-source-id: b91f85de3b0bc5e16c5903c162a2f9640401a0fb
Summary: This is a pretty obvious thing to do. There's not really any reason to have the data and metadata separately since we don't need to reallocate.
Reviewed By: jbeshay
Differential Revision: D36237370
fbshipit-source-id: 093ad7fb2c54b596ea5cc327ffcc24de1748d362
Summary:
The previous implementation defined a `struct SourceIdentityKey` which was
used as input to a hashing function. Consequently, we needed to be careful about
the internal layout of the struct to ensure that it had a unique object
representation. We included some `static_assert`s to ensure this.
Platform-specific differences on `struct sockaddr_storage` made this difficult
to enforce.
This diff changes the implementation of the source identity hash to manually
build a serialized representation of the previous SourceIdentityKey. We manually
pack the structure into a byte array.
Reviewed By: mjoras
Differential Revision: D35366081
fbshipit-source-id: ee07493d115094007bed6f6519d158f4587a272d
Summary: Having it triggers clang's -Wimplicit-fallthrough warning for anyone compiling with quic and importing QuicServer.h, encapsulate it within the implementation
Reviewed By: mingtaoy
Differential Revision: D35347282
fbshipit-source-id: df9be870fb908c96e9e7d5bcc53515d95ad066dd
Summary:
In fmt 8.x the format string must be known at compile time by default.
Fixes:
```
quic/server/QuicServerWorker.cpp:1355:7: error: call to consteval function 'fmt::basic_format_string<char, std::basic_string<char>, unsigned int, unsigned int, unsigned int, unsigned int, unsigned long, unsigned int, unsigned int, unsigned int, unsigned int>::basic_format_string<std::basic_string<char>, 0>' is not a constant expression
quic/server/QuicServerWorker.cpp:1344:9: error: call to consteval function 'fmt::basic_format_string<char, std::basic_string<char>, unsigned int, unsigned int, unsigned int, unsigned int, unsigned long>::basic_format_string<std::basic_string<char>, 0>' is not a constant expression
quic/server/QuicServerWorker.cpp:1333:9: error: call to consteval function 'fmt::basic_format_string<char, std::basic_string<char>, unsigned int, unsigned int, unsigned int, unsigned int, unsigned long>::basic_format_string<std::basic_string<char>, 0>' is not a constant expression
```
Reviewed By: meyering
Differential Revision: D33985541
fbshipit-source-id: 0dd579de292f58343c95a2b439536b79deae4efc
Summary:
- Issuing NewTokenFrames to clients, allowing them to verify their address in subsequent connections by including the token.
- add NewTokenFrame struct in the union type QuicSimpleFrame.
- Issued only once when the crypto handshake is complete.
- Testing includes validating token serialization & deserialization and asserting that the NewTokenFrame is only issued once on handshake completeness.
Reviewed By: mjoras
Differential Revision: D31673160
fbshipit-source-id: 9401ab1a4b878d8b4380d55afa531ec768f5f4cd
Summary:
This implements a global (per process) limit on unfinished handshakes from unverified source addresses.
This limits the ability of an attacker to create connection state without also allocating connection state themselves. By default the limit is 1024.
Reviewed By: kvtsoy
Differential Revision: D32772165
fbshipit-source-id: 6c195169377a9f687c54bc9782cc58fe085e1275
Summary:
- Replacing VLOG with ODS counter for token decryption.
- Preparing for rollout of New Tokens
Reviewed By: lnicco
Differential Revision: D32780127
fbshipit-source-id: 6a947875e7f2d6ed88ce1e103a089fee5a295210
Summary: Revert the experimental change for the server to use an initial cwnd 30 MSS.
Reviewed By: hanidamlaj
Differential Revision: D32173456
fbshipit-source-id: 13ed4f4c1b11ab9c1dc0da1904be3eb5c564e2d8
Summary: Add global counters for QUIC stream reset and connection close
Reviewed By: lnicco
Differential Revision: D30877776
fbshipit-source-id: 4ee7c3f7c3c1cf190f464e74d616e0b5f1539d3a
Summary: Set the experimental version of Mvfst to use an initial cwnd of 30 MSS instead of 10.
Reviewed By: mjoras, lnicco
Differential Revision: D31553957
fbshipit-source-id: 8aa4f0596dbedbea0922afa13de0631c1b898f53
Summary:
Update QUIC to V1 and HTTP/3 to h3. In order to support interop, hq-interop ALPN has been added too.
This change maintains support for draft-27 and draft-29 implementations.
Reviewed By: mjoras
Differential Revision: D29714556
fbshipit-source-id: 0685928ef4bede0b5511e59572e9c86ccc867320
Summary: We should not allow initials from known service ports.
Reviewed By: lnicco
Differential Revision: D30053174
fbshipit-source-id: a102ce694dc8b3c1e38587ab6d861ebbea2e2371
Summary: It is useful to do this with a function instead of just a bool.
Reviewed By: kvtsoy
Differential Revision: D30074756
fbshipit-source-id: 7d8c477efb85179ca9410c47218456be19dd2a3e
Summary:
These are either no longer relevant, are unlikely to be done, or are spculative enough that they don't deserve code space.
Hope here is to make our search for TODOs higher signal.
Reviewed By: lnicco
Differential Revision: D29769792
fbshipit-source-id: 7cfa62cdc15e72d8b7b0cd5dbb5913ea3ca3dc5a
Summary: If we receive 0RTT packets before an Initial then we will effectively drop them all on the floor. This is not ideal. Instead, buffer them with an EvictingCacheMap per thread and process them when we do receive an Initial.
Reviewed By: lnicco
Differential Revision: D28853189
fbshipit-source-id: c2272be52d548d48a04dec71dca25c728f7801ca
Summary:
1) Allow calling QuicServer::initialize with evbs that are not yet running
2) Allow calling QuicServer::shutdown from within a worker EVB
Bonus:
Shut down the QuicServerWorker's pacing timer from shutdownAllConnections
Reviewed By: mjoras
Differential Revision: D28696428
fbshipit-source-id: 84b752caad662d2742db6948a6b8e1b8cbefe4e8
Summary: When multiple observers attached and one is removed, removal code can end up calling `observerDetach` on the wrong observer. Simplified and fixed removal logic and added new tests.
Reviewed By: yangchi
Differential Revision: D27033221
fbshipit-source-id: d200fd2243a678890758b2652b61d16887f073dd
Summary: This change is needed so that `conn.transportStats` is defined when a new congestion controller is created (so we can update cc_type counters).
Reviewed By: lnicco
Differential Revision: D27156542
fbshipit-source-id: 8dd7613c4ea1f0e70aefc4a135a8c7f1d102fee2
Summary: If the server is getting packets with retry tokens, but there is no retry token secret, then something is most likely misconfigured. This can hopefully catch issues such as S221508
Reviewed By: mjoras
Differential Revision: D26624030
fbshipit-source-id: 8d9111a5bdd7006360ea2edf104ddda7d8cab9f5
Summary: Adding QuiConnectionStats to client transport. Moving getConnectionsStats() logic from server worker into transport base class.
Reviewed By: lnicco
Differential Revision: D26316635
fbshipit-source-id: a384eee5d1bc7b23d908e0b03fafcc4ee962b0b9
Summary: If retry token was created more than a few minutes ago, drop the client initial.
Reviewed By: mjoras
Differential Revision: D25316419
fbshipit-source-id: 6661f2cd93a87e371152a476780d89cca35b0ce9
Summary: Add some preliminary stats for BBR and Copa
Reviewed By: mjoras
Differential Revision: D24642350
fbshipit-source-id: b3a2592274da1705a477d7c3935bbd501bdc849b
Summary:
If QUIC rate-limiting is configured, do the following:
1) Check if the packet has a retry token. If it doesn't, send a retry packet back to the client
2) If the packet has a retry token, then validate that the packet is valid by comparing the client IP stored in the retry token with the packet's client IP
Reviewed By: mjoras
Differential Revision: D25095743
fbshipit-source-id: 51b67bf3f942f77b7f73c21d23cdda0014792183
