Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quiche: make quic proof source and crypto stream pluggable #16658

Merged
merged 43 commits into from
Jun 10, 2021
Merged

quiche: make quic proof source and crypto stream pluggable #16658

merged 43 commits into from
Jun 10, 2021

Conversation

danzh2010
Copy link
Contributor

Commit Message: make quic proof source and crypto streams extensions. Add config for default ones. If not specified in config, the default ones will be used.

Risk Level: low
Testing: existing tests passed
Part of #2557

danzh1989 added 9 commits May 14, 2021 17:05
@danzh1989
build no handshake stuff
4570f2d 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
build dispatcher
b5821a0 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
build listener
e772105 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
making tests pass
5a83a9c 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
revert debug logging
587facd 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
Merge branch 'master' into quiche_fuzz
108700c 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
add client crypto stream factory
75c569f 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
add proof source factory
547e36b 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
rename some classes
cef927c 
Signed-off-by: Dan Zhang <danzh@google.com>
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
envoyproxy/api-shepherds assignee is @htuch
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #16658 was opened by danzh2010.

see: more, trace.

@danzh1989
Merge branch 'master' into quiche_fuzz
d2c7eb5 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh2010
Copy link
Contributor Author

/assign @alyssawilk

danzh1989 added 2 commits May 25, 2021 15:22
@danzh1989
Merge branch 'master' into quiche_fuzz
653a451 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
use absl::optional
150befd 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
modify docs
083daee 
Signed-off-by: Dan Zhang <danzh@google.com>
danzh1989 added 2 commits May 27, 2021 11:48
@danzh1989
Merge branch 'master' into quiche_fuzz
55c023c 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
fix extension status
8b38134 
Signed-off-by: Dan Zhang <danzh@google.com>
danzh1989 added 2 commits May 27, 2021 12:30
@danzh1989
fix toctree reference
22137cc 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
fix docs cross reference
563ca96 
Signed-off-by: Dan Zhang <danzh@google.com>
RyanTheOptimist
RyanTheOptimist reviewed May 27, 2021
View reviewed changes
api/envoy/config/listener/v3/quic_config.proto Outdated
@@ -48,4 +63,12 @@ message QuicProtocolOptions {
// bound by 6000, regardless of this field or how many connections there are.
google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
[(validate.rules).uint32 = {gte: 1}];

// The crypto server stream implementation used for this listener.
// If not specified the :ref:`QUICHE defaul one<envoy_v3_api_field_extensions.quic.v3.CryptoServerStreamConfig>` will be used.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: should this say "default" instead of "defaul"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

api/envoy/config/listener/v3/quic_config.proto Outdated Show resolved Hide resolved
api/envoy/config/listener/v3/quic_config.proto Outdated
@@ -48,4 +63,12 @@ message QuicProtocolOptions {
// bound by 6000, regardless of this field or how many connections there are.
google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
[(validate.rules).uint32 = {gte: 1}];

// The crypto server stream implementation used for this listener.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the C++ name of a class, or something else?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, added quic class names instead.

@danzh1989
fix CI
467a808 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
fix doc reference
d2164a0 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh2010 danzh2010 changed the title quiche: extend quic proof source and crypto streams quiche: make quic proof source and crypto stream pluggable Jun 8, 2021
@danzh1989
fix crypto_stream doc reference
d6f6647 
Signed-off-by: Dan Zhang <danzh@google.com>
adisuissa
adisuissa reviewed Jun 9, 2021
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API looks good, but one question to verify that this is intentional:
Why do you set the extension name to be different than the extension path in both extensions (e.g., you use envoy.quic.server.crypto_stream.quiche instead of envoy.quic.crypto_stream)?

@danzh2010
Copy link
Contributor Author

API looks good, but one question to verify that this is intentional:
Why do you set the extension name to be different than the extension path in both extensions (e.g., you use envoy.quic.server.crypto_stream.quiche instead of envoy.quic.crypto_stream)?

Yes, that's intentional. "server" and "quiche" is the unique to this extensions. We might add client or non-quiche-default extensions in the future.

@danzh2010
Copy link
Contributor Author

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #16658 (comment) was created by @danzh2010.

see: more, trace.

@danzh1989
Merge branch 'master' into quiche_fuzz
0471c5c 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh2010
Copy link
Contributor Author

API looks good, but one question to verify that this is intentional:
Why do you set the extension name to be different than the extension path in both extensions (e.g., you use envoy.quic.server.crypto_stream.quiche instead of envoy.quic.crypto_stream)?

Yes, that's intentional. "server" and "quiche" is the unique to this extensions. We might add client or non-quiche-default extensions in the future.

And I will fix their ordering as a follow up.

adisuissa
adisuissa reviewed Jun 9, 2021
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@repokitteh-read-only repokitteh-read-only bot removed the api label Jun 9, 2021
@danzh2010
Copy link
Contributor Author

Can this be merged?

phlax
phlax reviewed Jun 9, 2021
View reviewed changes
api/envoy/config/listener/v3/quic_config.proto Outdated
import "envoy/config/core/v3/protocol.proto";

import "google/protobuf/any.proto";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is unused - could you remove it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed

phlax
phlax previously requested changes Jun 9, 2021
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@danzh2010 ive added a couple of docs nits

api/envoy/config/listener/v3/quic_config.proto Outdated
@@ -48,4 +50,14 @@ message QuicProtocolOptions {
// bound by 6000, regardless of this field or how many connections there are.
google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
[(validate.rules).uint32 = {gte: 1}];

// Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener.
Copy link
Member

@phlax phlax Jun 9, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you surround quic::QuicCryptoClientStreamBase with `` as its a literal

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

api/envoy/config/listener/v3/quic_config.proto Outdated
// [#extension-category: envoy.quic.server.crypto_stream]
core.v3.TypedExtensionConfig crypto_stream_config = 6;

// Configure which implementation of quic::ProofSource to be used for this listener.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please make quic::ProofSource a literal also

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

htuch
htuch reviewed Jun 9, 2021
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@danzh1989
address comments
58441b8 
Signed-off-by: Dan Zhang <danzh@google.com>
danzh1989 added 2 commits June 9, 2021 19:34
@danzh1989
Merge branch 'master' into quiche_fuzz
9c95845 
Signed-off-by: Dan Zhang <danzh@google.com>
@danzh1989
format
7465ec6 
Signed-off-by: Dan Zhang <danzh@google.com>
@phlax phlax dismissed their stale review June 10, 2021 06:52

nits addressed - thanks @danzh2010

@adisuissa
Copy link
Contributor

/lgtm api

alyssawilk
alyssawilk approved these changes Jun 10, 2021
View reviewed changes
Copy link
Contributor

@alyssawilk alyssawilk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Looks like CI flaked though - I'll kick off another run but feel free to ping me if you notice it's green before I do :-)

@alyssawilk alyssawilk merged commit beb5a93 into envoyproxy:main Jun 10, 2021
leyao-daily pushed a commit to leyao-daily/envoy that referenced this pull request Sep 30, 2021
@danzh2010
quiche: make quic proof source and crypto stream pluggable (envoyprox…
3e27ed0 
…y#16658)

Commit Message: make quic proof source and crypto streams extensions. Add config for default ones. If not specified in config, the default ones will be used.

Risk Level: low
Testing: existing tests passed
Part of envoyproxy#2557
Co-authored-by: Dan Zhang <danzh@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@htuch htuch htuch left review comments

@adisuissa adisuissa adisuissa left review comments

@alyssawilk alyssawilk alyssawilk approved these changes

@RyanTheOptimist RyanTheOptimist RyanTheOptimist left review comments

@phlax phlax phlax left review comments

Assignees

@adisuissa adisuissa

@alyssawilk alyssawilk

@RyanTheOptimist RyanTheOptimist

@wu-bin wu-bin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@danzh2010 @htuch @adisuissa @phlax @alyssawilk @RyanTheOptimist @wu-bin @danzh1989