all: upd dnsproxy

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/jessevdk/go-flags v1.5.0
 	github.com/miekg/dns v1.1.50
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/quic-go/quic-go v0.33.0
+	github.com/quic-go/quic-go v0.35.1
 	github.com/stretchr/testify v1.8.2
 	golang.org/x/exp v0.0.0-20230306221820-f0f767cdffd6
 	golang.org/x/net v0.8.0
@@ -31,8 +31,8 @@ require (
 	github.com/onsi/ginkgo/v2 v2.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.2.1 // indirect
-	github.com/quic-go/qtls-go1-20 v0.1.1 // indirect
+	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
+	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
 	golang.org/x/crypto v0.5.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/text v0.8.0 // indirect

go.sum

@@ -44,12 +44,12 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A=
-github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk=
-github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
-github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA=
+github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
+github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
+github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
+github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
+github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo=
+github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

proxy/proxy.go

@@ -69,17 +69,17 @@ type Proxy struct {
 	// Listeners
 	// --
 
-	udpListen         []*net.UDPConn       // UDP listen connections
-	tcpListen         []net.Listener       // TCP listeners
-	tlsListen         []net.Listener       // TLS listeners
-	quicListen        []quic.EarlyListener // QUIC listeners
-	httpsListen       []net.Listener       // HTTPS listeners
-	httpsServer       *http.Server         // HTTPS server instance
-	h3Listen          []quic.EarlyListener // HTTP/3 listeners
-	h3Server          *http3.Server        // HTTP/3 server instance
-	dnsCryptUDPListen []*net.UDPConn       // UDP listen connections for DNSCrypt
-	dnsCryptTCPListen []net.Listener       // TCP listeners for DNSCrypt
-	dnsCryptServer    *dnscrypt.Server     // DNSCrypt server instance
+	udpListen         []*net.UDPConn        // UDP listen connections
+	tcpListen         []net.Listener        // TCP listeners
+	tlsListen         []net.Listener        // TLS listeners
+	quicListen        []*quic.EarlyListener // QUIC listeners
+	httpsListen       []net.Listener        // HTTPS listeners
+	httpsServer       *http.Server          // HTTPS server instance
+	h3Listen          []*quic.EarlyListener // HTTP/3 listeners
+	h3Server          *http3.Server         // HTTP/3 server instance
+	dnsCryptUDPListen []*net.UDPConn        // UDP listen connections for DNSCrypt
+	dnsCryptTCPListen []net.Listener        // TCP listeners for DNSCrypt
+	dnsCryptServer    *dnscrypt.Server      // DNSCrypt server instance
 
 	// Upstream
 	// --

proxy/server.go

@@ -60,7 +60,7 @@ func (p *Proxy) startListeners(ctx context.Context) error {
 	}
 
 	for _, l := range p.h3Listen {
-		go func(l quic.EarlyListener) { _ = p.h3Server.ServeListener(l) }(l)
+		go func(l *quic.EarlyListener) { _ = p.h3Server.ServeListener(l) }(l)
 	}
 
 	for _, l := range p.quicListen {

proxy/server_https_test.go

@@ -387,7 +387,7 @@ func createTestHTTPClient(dnsProxy *Proxy, caPem []byte, http3Enabled bool) (cli
 				cfg *quic.Config,
 			) (quic.EarlyConnection, error) {
 				addr := dnsProxy.Addr(ProtoHTTPS).String()
-				return quic.DialAddrEarlyContext(ctx, addr, tlsCfg, cfg)
+				return quic.DialAddrEarly(ctx, addr, tlsCfg, cfg)
 			},
 			TLSClientConfig:    tlsClientConfig,
 			QuicConfig:         &quic.Config{},

proxy/server_quic.go

@@ -82,7 +82,7 @@ func (p *Proxy) createQUICListeners() error {
 // quicPacketLoop listens for incoming QUIC packets.
 //
 // See also the comment on Proxy.requestGoroutinesSema.
-func (p *Proxy) quicPacketLoop(l quic.EarlyListener, requestGoroutinesSema semaphore) {
+func (p *Proxy) quicPacketLoop(l *quic.EarlyListener, requestGoroutinesSema semaphore) {
 	log.Info("Entering the DNS-over-QUIC listener loop on %s", l.Addr())
 	for {
 		conn, err := l.Accept(context.Background())
@@ -374,9 +374,7 @@ func newServerQUICConfig() (conf *quic.Config) {
 		MaxIncomingUniStreams:    math.MaxUint16,
 		RequireAddressValidation: v.requiresValidation,
 		// Enable 0-RTT by default for all connections on the server-side.
-		Allow0RTT: func(net.Addr) (ok bool) {
-			return true
-		},
+		Allow0RTT: true,
 	}
 }
 

proxy/server_quic_test.go

@@ -38,7 +38,7 @@ func TestQuicProxy(t *testing.T) {
 	addr := dnsProxy.Addr(ProtoQUIC)
 
 	// Open a QUIC connection.
-	conn, err := quic.DialAddrEarly(addr.String(), tlsConfig, nil)
+	conn, err := quic.DialAddrEarly(context.Background(), addr.String(), tlsConfig, nil)
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, func() (err error) {
 		return conn.CloseWithError(DoQCodeNoError, "")
@@ -95,7 +95,7 @@ func TestQuicProxy_largePackets(t *testing.T) {
 	addr := dnsProxy.Addr(ProtoQUIC)
 
 	// Open a QUIC connection.
-	conn, err := quic.DialAddrEarly(addr.String(), tlsConfig, nil)
+	conn, err := quic.DialAddrEarly(context.Background(), addr.String(), tlsConfig, nil)
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, func() (err error) {
 		return conn.CloseWithError(DoQCodeNoError, "")

upstream/upstream.go

@@ -3,6 +3,7 @@
 package upstream
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
@@ -21,6 +22,7 @@ import (
 	"github.com/ameshkov/dnscrypt/v2"
 	"github.com/ameshkov/dnsstamps"
 	"github.com/miekg/dns"
+	"github.com/quic-go/quic-go"
 	"github.com/quic-go/quic-go/logging"
 )
 
@@ -74,7 +76,7 @@ type Options struct {
 
 	// QUICTracer is an optional object that allows tracing every QUIC
 	// connection and logging every packet that goes through.
-	QUICTracer logging.Tracer
+	QUICTracer func(context.Context, logging.Perspective, quic.ConnectionID) logging.ConnectionTracer
 
 	// InsecureSkipVerify disables verifying the server's certificate.
 	InsecureSkipVerify bool

upstream/upstream_doh.go

@@ -539,7 +539,7 @@ func (p *dnsOverHTTPS) createTransportH3(
 			tlsCfg *tls.Config,
 			cfg *quic.Config,
 		) (c quic.EarlyConnection, err error) {
-			c, err = quic.DialAddrEarlyContext(ctx, addr, tlsCfg, cfg)
+			c, err = quic.DialAddrEarly(ctx, addr, tlsCfg, cfg)
 			return c, err
 		},
 		DisableCompression: true,
@@ -630,7 +630,7 @@ func (p *dnsOverHTTPS) probeQUIC(addr string, tlsConfig *tls.Config, ch chan err
 	ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(timeout))
 	defer cancel()
 
-	conn, err := quic.DialAddrEarlyContext(ctx, addr, tlsConfig, p.getQUICConfig())
+	conn, err := quic.DialAddrEarly(ctx, addr, tlsConfig, p.getQUICConfig())
 	if err != nil {
 		ch <- fmt.Errorf("opening QUIC connection to %s: %w", p.addr, err)
 		return

upstream/upstream_doh_test.go

@@ -277,7 +277,7 @@ func TestUpstreamDoH_0RTT(t *testing.T) {
 	address := fmt.Sprintf("h3://%s/dns-query", srv.addr)
 	u, err := AddressToUpstream(address, &Options{
 		InsecureSkipVerify: true,
-		QUICTracer:         tracer,
+		QUICTracer:         tracer.TracerForConnection,
 	})
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, u.Close)
@@ -344,7 +344,7 @@ type testDoHServer struct {
 	serverH3 *http3.Server
 
 	// listenerH3 that's used to serve HTTP/3.
-	listenerH3 quic.EarlyListener
+	listenerH3 *quic.EarlyListener
 }
 
 // Shutdown stops the DoH server.
@@ -407,7 +407,7 @@ func startDoHServer(
 	tcpAddr = tcpListen.Addr().(*net.TCPAddr)
 
 	var serverH3 *http3.Server
-	var listenerH3 quic.EarlyListener
+	var listenerH3 *quic.EarlyListener
 
 	if opts.http3Enabled {
 		tlsConfigH3 := tlsConfig.Clone()
@@ -433,9 +433,7 @@ func startDoHServer(
 			RequireAddressValidation: func(net.Addr) (ok bool) {
 				return true
 			},
-			Allow0RTT: func(net.Addr) (ok bool) {
-				return true
-			},
+			Allow0RTT: true,
 		}
 		listenerH3, err = quic.ListenAddrEarly(udpAddr.String(), tlsConfigH3, quicConfig)
 		require.NoError(t, err)

upstream/upstream_quic.go

@@ -358,7 +358,7 @@ func (p *dnsOverQUIC) openConnection() (conn quic.Connection, err error) {
 	ctx, cancel := p.withDeadline(context.Background())
 	defer cancel()
 
-	conn, err = quic.DialAddrEarlyContext(ctx, addr, p.tlsConf.Clone(), p.getQUICConfig())
+	conn, err = quic.DialAddrEarly(ctx, addr, p.tlsConf.Clone(), p.getQUICConfig())
 	if err != nil {
 		return nil, fmt.Errorf("opening quic connection to %s: %w", p.addr, err)
 	}

upstream/upstream_quic_test.go

@@ -124,7 +124,7 @@ func TestUpstreamDoQ_0RTT(t *testing.T) {
 	address := fmt.Sprintf("quic://%s", srv.addr)
 	u, err := AddressToUpstream(address, &Options{
 		InsecureSkipVerify: true,
-		QUICTracer:         tracer,
+		QUICTracer:         tracer.TracerForConnection,
 	})
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, u.Close)
@@ -176,7 +176,7 @@ type testDoQServer struct {
 	rootCAs *x509.CertPool
 
 	// listener is the QUIC connections listener.
-	listener quic.EarlyListener
+	listener *quic.EarlyListener
 }
 
 // Shutdown stops the test server.
@@ -264,9 +264,7 @@ func startDoQServer(t *testing.T, port int) (s *testDoQServer) {
 			RequireAddressValidation: func(net.Addr) (ok bool) {
 				return false
 			},
-			Allow0RTT: func(net.Addr) (ok bool) {
-				return true
-			},
+			Allow0RTT: true,
 		},
 	)
 	require.NoError(t, err)