From 4570f2debf6405b69e76655a816c0dd7de047732 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Fri, 14 May 2021 17:05:21 -0400 Subject: [PATCH 01/33] build no handshake stuff Signed-off-by: Dan Zhang --- bazel/external/quiche.BUILD | 1 + source/common/quic/BUILD | 9 +++++++++ test/common/quic/BUILD | 12 ++++++++++++ 3 files changed, 22 insertions(+) diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD index 54e123b0def2..a1b690347dac 100644 --- a/bazel/external/quiche.BUILD +++ b/bazel/external/quiche.BUILD @@ -2080,6 +2080,7 @@ envoy_cc_library( external_deps = ["ssl"], repository = "@envoy", tags = ["nofips"], + visibility = ["//visibility:public"], deps = [ ":quic_core_crypto_hkdf_lib", ":quic_core_data_lib", diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index be256eccbf6b..1534bad226ef 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -453,3 +453,12 @@ envoy_cc_library( "@com_googlesource_quiche//:quic_core_session_lib", ], ) + +envoy_cc_library( + name = "envoy_quic_crypto_stream_factory_lib", + hdrs = ["envoy_quic_crypto_stream_factory.h"], + deps = [ + "//include/envoy/config:typed_config_interface", + "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", + ], + ) diff --git a/test/common/quic/BUILD b/test/common/quic/BUILD index f187dc762949..c89dfaac6e0f 100644 --- a/test/common/quic/BUILD +++ b/test/common/quic/BUILD @@ -295,3 +295,15 @@ envoy_cc_test_library( "@com_googlesource_quiche//:quic_test_tools_qpack_qpack_encoder_test_utils_lib", ], ) + +envoy_cc_test_library( + name = "envoy_quic_no_handshake_crypto_server_stream_lib", + srcs = ["envoy_quic_no_handshake_crypto_server_stream.cc"], + hdrs = ["envoy_quic_no_handshake_crypto_server_stream.h"], + tags = ["nofips"], + deps = [ + "//source/common/quic:envoy_quic_crypto_stream_factory_lib", + "@com_googlesource_quiche//:quic_core_crypto_encryption_lib", + "@com_googlesource_quiche//:quic_core_session_lib", + ], +) From b5821a00b5a3769ffaf6858080b23938a50f3758 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 18 May 2021 19:31:47 -0400 Subject: [PATCH 02/33] build dispatcher Signed-off-by: Dan Zhang --- .../config/listener/v3/quic_config.proto | 10 ++ .../extensions/quic/v3/crypto_stream.proto | 8 ++ source/common/quic/BUILD | 2 + source/common/quic/active_quic_listener.cc | 24 +++-- source/common/quic/active_quic_listener.h | 6 +- .../quic/envoy_quic_crypto_stream_factory.h | 34 +++++++ source/common/quic/envoy_quic_dispatcher.cc | 9 +- source/common/quic/envoy_quic_dispatcher.h | 5 +- .../common/quic/envoy_quic_server_session.cc | 7 +- .../common/quic/envoy_quic_server_session.h | 5 +- source/extensions/quic/BUILD | 23 +++++ .../quic/envoy_quic_crypto_server_stream.h | 29 ++++++ ..._quic_no_handshake_crypto_server_stream.cc | 96 +++++++++++++++++++ ...y_quic_no_handshake_crypto_server_stream.h | 68 +++++++++++++ 14 files changed, 309 insertions(+), 17 deletions(-) create mode 100644 api/envoy/extensions/quic/v3/crypto_stream.proto create mode 100644 source/common/quic/envoy_quic_crypto_stream_factory.h create mode 100644 source/extensions/quic/BUILD create mode 100644 source/extensions/quic/envoy_quic_crypto_server_stream.h create mode 100644 test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc create mode 100644 test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 69df722c6fbb..1f492db8c482 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -6,9 +6,11 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/protocol.proto"; import "google/protobuf/duration.proto"; +import "google/protobuf/any.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "QuicConfigProto"; @@ -17,6 +19,12 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] +message QuicCryptoStream { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = @@ -35,4 +43,6 @@ message QuicProtocolOptions { // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults // to enabled. core.v3.RuntimeFeatureFlag enabled = 4; + + QuicCryptoStream crypto_stream = 5; } diff --git a/api/envoy/extensions/quic/v3/crypto_stream.proto b/api/envoy/extensions/quic/v3/crypto_stream.proto new file mode 100644 index 000000000000..55dd8de6a3dc --- /dev/null +++ b/api/envoy/extensions/quic/v3/crypto_stream.proto @@ -0,0 +1,8 @@ +syntax = "proto3"; + +package envoy.extensions.quic.v3; + +// [#protodoc-title: QUIC server crypto stream config] + +// Configuration specific to the QUIC server crypto stream. +message CryptoServerStreamConfig {} diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 1534bad226ef..353c2acc42eb 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -225,6 +225,7 @@ envoy_cc_library( ":envoy_quic_stream_lib", ":envoy_quic_utils_lib", ":quic_filter_manager_connection_lib", + ":envoy_quic_crypto_stream_factory_lib", "//source/common/buffer:buffer_lib", "//source/common/common:assert_lib", "//source/common/http:header_map_lib", @@ -319,6 +320,7 @@ envoy_cc_library( ":envoy_quic_proof_source_lib", ":envoy_quic_server_connection_lib", ":envoy_quic_server_session_lib", + ":envoy_quic_crypto_stream_factory_lib", "//include/envoy/network:listener_interface", "//source/server:connection_handler_lib", "@com_googlesource_quiche//:quic_core_server_lib", diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index 2421b70e168b..dcf94f2ae90e 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -25,17 +25,17 @@ ActiveQuicListener::ActiveQuicListener( uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, - bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled) + bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : ActiveQuicListener(worker_index, concurrency, dispatcher, parent, listener_config.listenSocketFactory().getListenSocket(), listener_config, - quic_config, std::move(options), kernel_worker_routing, enabled) {} + quic_config, std::move(options), kernel_worker_routing, enabled, crypto_server_stream_factory) {} ActiveQuicListener::ActiveQuicListener( uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::SocketSharedPtr listen_socket, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled) + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : Server::ActiveUdpListenerBase( worker_index, concurrency, parent, *listen_socket, dispatcher.createUdpListener( @@ -43,7 +43,8 @@ ActiveQuicListener::ActiveQuicListener( listener_config.udpListenerConfig()->config().downstream_socket_config()), &listener_config), dispatcher_(dispatcher), version_manager_(quic::CurrentSupportedVersions()), - kernel_worker_routing_(kernel_worker_routing) { + kernel_worker_routing_(kernel_worker_routing), + crypto_server_stream_factory_(crypto_server_stream_factory) { // This flag fix a QUICHE issue which may crash Envoy during connection close. SetQuicReloadableFlag(quic_single_ack_in_packet2, true); // Do not include 32-byte per-entry overhead while counting header size. @@ -81,7 +82,7 @@ ActiveQuicListener::ActiveQuicListener( quic_dispatcher_ = std::make_unique( crypto_config_.get(), quic_config, &version_manager_, std::move(connection_helper), std::move(alarm_factory), quic::kQuicDefaultConnectionIdLength, parent, *config_, stats_, - per_worker_stats_, dispatcher, listen_socket_); + per_worker_stats_, dispatcher, listen_socket_, crypto_server_stream_factory_); // Create udp_packet_writer Network::UdpPacketWriterPtr udp_packet_writer = @@ -233,6 +234,15 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( quic_config_.SetMaxBidirectionalStreamsToSend(max_streams); quic_config_.SetMaxUnidirectionalStreamsToSend(max_streams); configQuicInitialFlowControlWindow(config.quic_protocol_options(), quic_config_); + + if (!config.has_crypto_stream()) { + // If not specified, use the quic crypto stream created by QUICHE. + envoy::config::listener::v3::QuicCryptoStream* crypto_stream = config.mutable_crypto_stream(); + crypto_stream->set_name("quic.quiche_crypto_server_stream"); + envoy::extensions::quic::v3::CryptoServerStreamConfig crypto_stream_config; + crypto_stream->mutable_typed_config()->PackFrom(crypto_stream_config); + } + crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory(config.crypto_stream()); } Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::createActiveUdpListener( @@ -301,8 +311,8 @@ Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::crea return std::make_unique(worker_index, concurrency_, disptacher, parent, config, quic_config_, std::move(options), - kernel_worker_routing, enabled_); -} // namespace Quic + kernel_worker_routing, enabled_, crypto_server_stream_factory_); +} } // namespace Quic } // namespace Envoy diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index a923afe09acb..9d6076e2abe4 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -28,13 +28,13 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled); + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ActiveQuicListener(uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::SocketSharedPtr listen_socket, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled); + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ~ActiveQuicListener() override; @@ -73,6 +73,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, // The number of runs of the event loop in which at least one CHLO was buffered. // TODO(ggreenway): Consider making this a published stat, or some variation of this information. uint64_t event_loops_with_buffered_chlo_for_test_{0}; + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; }; using ActiveQuicListenerPtr = std::unique_ptr; @@ -93,6 +94,7 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, private: friend class ActiveQuicListenerFactoryPeer; + EnvoyQuicCryptoServerStreamFactory crypto_server_stream_factory_; quic::QuicConfig quic_config_; const uint32_t concurrency_; absl::once_flag install_bpf_once_; diff --git a/source/common/quic/envoy_quic_crypto_stream_factory.h b/source/common/quic/envoy_quic_crypto_stream_factory.h new file mode 100644 index 000000000000..78dea5809382 --- /dev/null +++ b/source/common/quic/envoy_quic_crypto_stream_factory.h @@ -0,0 +1,34 @@ +#pragma once + +#include "envoy/config/typed_config.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" +#pragma GCC diagnostic ignored "-Winvalid-offsetof" +#endif + +#include "quiche/quic/core/quic_crypto_server_stream_base.h" +#include "quiche/quic/core/crypto/quic_crypto_server_config.h" +#include "quiche/quic/core/tls_server_handshaker.h" +#include "quiche/quic/core/quic_session.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + +namespace Envoy { +namespace Quic { + +class EnvoyQuicCryptoServerStreamFactory : public Config::TypedFactory { + public: + std::string category() const override { return "quic.server.crypto_stream"; } + + // Return an Envoy specific quic crypto server stream object. + virtual std::unique_ptr createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, quic::QuicCryptoServerStreamBase::Helper* helper) PURE; +}; + +} // namespace Quic +} // namespace Envoy diff --git a/source/common/quic/envoy_quic_dispatcher.cc b/source/common/quic/envoy_quic_dispatcher.cc index 4191e80d4d79..36c1bd9ce985 100644 --- a/source/common/quic/envoy_quic_dispatcher.cc +++ b/source/common/quic/envoy_quic_dispatcher.cc @@ -6,6 +6,8 @@ #include "common/quic/envoy_quic_server_session.h" #include "common/quic/envoy_quic_utils.h" +#include + namespace Envoy { namespace Quic { @@ -17,13 +19,14 @@ EnvoyQuicDispatcher::EnvoyQuicDispatcher( uint8_t expected_server_connection_id_length, Network::ConnectionHandler& connection_handler, Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats, Server::PerHandlerListenerStats& per_worker_stats, Event::Dispatcher& dispatcher, - Network::Socket& listen_socket) + Network::Socket& listen_socket, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : quic::QuicDispatcher(&quic_config, crypto_config, version_manager, std::move(helper), std::make_unique(), std::move(alarm_factory), expected_server_connection_id_length), connection_handler_(connection_handler), listener_config_(listener_config), listener_stats_(listener_stats), per_worker_stats_(per_worker_stats), dispatcher_(dispatcher), - listen_socket_(listen_socket) { + listen_socket_(listen_socket), + crypto_server_stream_factory_(crypto_server_stream_factory) { // Set send buffer twice of max flow control window to ensure that stream send // buffer always takes all the data. // The max amount of data buffered is the per-stream high watermark + the max @@ -64,7 +67,7 @@ std::unique_ptr EnvoyQuicDispatcher::CreateQuicSession( auto quic_session = std::make_unique( quic_config, quic::ParsedQuicVersionVector{version}, std::move(quic_connection), this, session_helper(), crypto_config(), compressed_certs_cache(), dispatcher_, - listener_config_.perConnectionBufferLimitBytes()); + listener_config_.perConnectionBufferLimitBytes(), crypto_server_stream_factory_); if (filter_chain != nullptr) { const bool has_filter_initialized = listener_config_.filterChainFactory().createNetworkFilterChain( diff --git a/source/common/quic/envoy_quic_dispatcher.h b/source/common/quic/envoy_quic_dispatcher.h index 987dd2b45065..af39a2d3f779 100644 --- a/source/common/quic/envoy_quic_dispatcher.h +++ b/source/common/quic/envoy_quic_dispatcher.h @@ -19,6 +19,7 @@ #include "envoy/network/listener.h" #include "server/connection_handler_impl.h" #include "server/active_listener_base.h" +#include "common/quic/envoy_quic_crypto_stream_factory.h" namespace Envoy { namespace Quic { @@ -53,7 +54,8 @@ class EnvoyQuicDispatcher : public quic::QuicDispatcher { Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats, Server::PerHandlerListenerStats& per_worker_stats, - Event::Dispatcher& dispatcher, Network::Socket& listen_socket); + Event::Dispatcher& dispatcher, Network::Socket& listen_socket, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); void OnConnectionClosed(quic::QuicConnectionId connection_id, quic::QuicErrorCode error, const std::string& error_details, @@ -81,6 +83,7 @@ class EnvoyQuicDispatcher : public quic::QuicDispatcher { Server::PerHandlerListenerStats& per_worker_stats_; Event::Dispatcher& dispatcher_; Network::Socket& listen_socket_; + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; }; } // namespace Quic diff --git a/source/common/quic/envoy_quic_server_session.cc b/source/common/quic/envoy_quic_server_session.cc index 44208d4fb3f3..c1cf67b61af7 100644 --- a/source/common/quic/envoy_quic_server_session.cc +++ b/source/common/quic/envoy_quic_server_session.cc @@ -14,12 +14,13 @@ EnvoyQuicServerSession::EnvoyQuicServerSession( std::unique_ptr connection, quic::QuicSession::Visitor* visitor, quic::QuicCryptoServerStream::Helper* helper, const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, Event::Dispatcher& dispatcher, - uint32_t send_buffer_limit) + uint32_t send_buffer_limit, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : quic::QuicServerSessionBase(config, supported_versions, connection.get(), visitor, helper, crypto_config, compressed_certs_cache), QuicFilterManagerConnectionImpl(*connection, connection->connection_id(), dispatcher, send_buffer_limit), - quic_connection_(std::move(connection)) {} + quic_connection_(std::move(connection)), + crypto_server_stream_factory_(crypto_server_stream_factory) {} EnvoyQuicServerSession::~EnvoyQuicServerSession() { ASSERT(!quic_connection_->connected()); @@ -34,7 +35,7 @@ std::unique_ptr EnvoyQuicServerSession::CreateQuicCryptoServerStream( const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache) { - return CreateCryptoServerStream(crypto_config, compressed_certs_cache, this, stream_helper()); + return crypto_server_stream_factory_.createEnvoyQuicCryptoServerStream(crypto_config, compressed_certs_cache, this, stream_helper()); } quic::QuicSpdyStream* EnvoyQuicServerSession::CreateIncomingStream(quic::QuicStreamId id) { diff --git a/source/common/quic/envoy_quic_server_session.h b/source/common/quic/envoy_quic_server_session.h index 1e4900e5632a..4b1e8ed81b9b 100644 --- a/source/common/quic/envoy_quic_server_session.h +++ b/source/common/quic/envoy_quic_server_session.h @@ -21,6 +21,7 @@ #include "common/quic/quic_filter_manager_connection_impl.h" #include "common/quic/envoy_quic_server_connection.h" #include "common/quic/envoy_quic_server_stream.h" +#include "common/quic/envoy_quic_crypto_stream_factory.h" namespace Envoy { namespace Quic { @@ -39,7 +40,8 @@ class EnvoyQuicServerSession : public quic::QuicServerSessionBase, quic::QuicCryptoServerStreamBase::Helper* helper, const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, - Event::Dispatcher& dispatcher, uint32_t send_buffer_limit); + Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ~EnvoyQuicServerSession() override; @@ -101,6 +103,7 @@ class EnvoyQuicServerSession : public quic::QuicServerSessionBase, envoy::config::core::v3::HttpProtocolOptions::HeadersWithUnderscoresAction headers_with_underscores_action_; + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; }; } // namespace Quic diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD new file mode 100644 index 000000000000..414eb8115f40 --- /dev/null +++ b/source/extensions/quic/BUILD @@ -0,0 +1,23 @@ +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_extension_package", +) + +licenses(["notice"]) # Apache 2 + +# Extensions of various QUIC objects. + +envoy_extension_package() + +envoy_cc_extension( + name = "envoy_quic_crypto_server_stream_factory", + srcs = ["envoy_quic_crypto_server_stream.cc"], + hdrs = ["envoy_quic_crypto_server_stream.h"], + category = "quic.server.crypto_stream", + security_posture = "unknown", + deps = [ + "//source/common/quic:envoy_quic_crypto_stream_factory_lib", + "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", + ], +) diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/envoy_quic_crypto_server_stream.h new file mode 100644 index 000000000000..d6176663a393 --- /dev/null +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.h @@ -0,0 +1,29 @@ +#pragma + +#include "envoy/extensions/quic/v3/crypto_stream.pb.h" + +#include "common/quic/envoy_quic_crypto_stream_factory.h" + +namespace Envoy { +namespace Quic { + +class RealEnvoyQuicCryptoServerStreamFactory : EnvoyQuicCryptoServerStreamFactory { +public: + ProtobufTypes::MessagePtr createEmptyConfigProto() override { + return std::make_unique(); + } + std::string name() const override { return "quic.quiche_crypto_server_stream"; } + + std::unique_ptr + createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) override { + return quic::CreateCryptoServerStream(crypto_config, compressed_certs_cache, session, helper); + } +}; + +REGISTER_FACTORY(RealEnvoyQuicCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); + +} // namespace Quic +} // namespace Envoy diff --git a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc new file mode 100644 index 000000000000..8ce267ad4df3 --- /dev/null +++ b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc @@ -0,0 +1,96 @@ +#include "test/common/quic/envoy_quic_no_handshake_crypto_server_stream.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" +#pragma GCC diagnostic ignored "-Winvalid-offsetof" +#endif + +#include "quiche/quic/core/crypto/null_encrypter.h" +#include "quiche/quic/core/crypto/null_decrypter.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + +namespace Envoy { +namespace Quic { + +std::unique_ptr +EnvoyQuicNoHandshakeCryptoServerStreamFactory::createEnvoyQuicCryptoServerStream( + const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) { + switch (session->connection()->version().handshake_protocol) { + case quic::PROTOCOL_QUIC_CRYPTO: + return std::make_unique( + crypto_config, compressed_certs_cache, session, helper); + case quic::PROTOCOL_TLS1_3: + return std::make_unique(session, crypto_config); + case quic::PROTOCOL_UNSUPPORTED: + ASSERT(false, "Unknown handshake protocol"); + return nullptr; + } +} + +REGISTER_FACTORY(EnvoyQuicNoHandshakeCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); + +void EnvoyQuicNoHandshakeCryptoServerStream::OnHandshakeMessage( + const quic::CryptoHandshakeMessage& message) { + quic::QuicConfig* config = session()->config(); + // Skip handshake. + OverrideQuicConfigDefaults(config); + + std::string process_error_details; + const quic::QuicErrorCode process_error = + config->ProcessPeerHello(message, quic::CLIENT, &process_error_details); + if (process_error != quic::QUIC_NO_ERROR) { + session()->connection()->CloseConnection( + process_error, process_error_details, + quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; + } + ASSERT(config->negotiated()); + + session()->OnConfigNegotiated(); + + // Use NullEncrypter/Decrypter to make it possible to mutate payload while + // fuzzing. + session()->connection()->SetEncrypter( + quic::ENCRYPTION_FORWARD_SECURE, + std::make_unique(quic::Perspective::IS_SERVER)); + if (session()->connection()->version().KnowsWhichDecrypterToUse()) { + session()->connection()->InstallDecrypter( + quic::ENCRYPTION_FORWARD_SECURE, + std::make_unique(quic::Perspective::IS_SERVER)); + session()->connection()->RemoveDecrypter(quic::ENCRYPTION_INITIAL); + } else { + session()->connection()->SetDecrypter( + quic::ENCRYPTION_FORWARD_SECURE, + std::make_unique(quic::Perspective::IS_SERVER)); + } + set_encryption_established(true); + set_one_rtt_keys_available(true); + session()->SetDefaultEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + session()->DiscardOldEncryptionKey(quic::ENCRYPTION_INITIAL); + session()->connection()->OnDecryptedPacket(0, quic::ENCRYPTION_FORWARD_SECURE); +} + +void EnvoyQuicNoHandshakeTlsServerStream::SetWriteSecret(quic::EncryptionLevel level, + const SSL_CIPHER* cipher, + const std::vector& write_secret) { + quic::TlsServerHandshaker::SetWriteSecret(level, cipher, write_secret); + session()->connection()->SetEncrypter( + level, std::make_unique(quic::Perspective::IS_SERVER)); +} + +bool EnvoyQuicNoHandshakeTlsServerStream::SetReadSecret( + quic::EncryptionLevel level, const SSL_CIPHER* /*cipher*/, + const std::vector& /*read_secret*/) { + session()->connection()->InstallDecrypter( + level, std::make_unique(quic::Perspective::IS_SERVER)); + return true; +} + +} // namespace Quic +} // namespace Envoy diff --git a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h new file mode 100644 index 000000000000..41755dde350f --- /dev/null +++ b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h @@ -0,0 +1,68 @@ +#pragma once + +#include "envoy/registry/registry.h" + +#include "common/quic/envoy_quic_crypto_stream_factory.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" +#pragma GCC diagnostic ignored "-Winvalid-offsetof" +#endif + +#include "quiche/quic/core/quic_crypto_server_stream.h" +#include "quiche/quic/core/tls_server_handshaker.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + +namespace Envoy { +namespace Quic { + +class EnvoyQuicNoHandshakeCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { +public: + EnvoyQuicNoHandshakeCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactory() {} + + ProtobufTypes::MessagePtr createEmptyConfigProto() override { return nullptr; } + std::string name() const override { return "quic.no_handshake_crypto_server_stream"; } + + std::unique_ptr + createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) override; +}; + +DECLARE_FACTORY(EnvoyQuicNoHandshakeCryptoServerStreamFactory); + +// A Google quic crypto stream which bypasses handshakes. +class EnvoyQuicNoHandshakeCryptoServerStream : public quic::QuicCryptoServerStream { +public: + EnvoyQuicNoHandshakeCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) + : quic::QuicCryptoServerStream(crypto_config, compressed_certs_cache, session, helper) {} + + void OnHandshakeMessage(const quic::CryptoHandshakeMessage& message) override; +}; + +// A TLS quic crypto stream which bypasses handshakes. +class EnvoyQuicNoHandshakeTlsServerStream : public quic::TlsServerHandshaker { +public: + EnvoyQuicNoHandshakeTlsServerStream(quic::QuicSession* session, + const quic::QuicCryptoServerConfig* crypto_config) + : quic::TlsServerHandshaker(session, crypto_config) {} + + void ProcessAdditionalTransportParameters(const quic::TransportParameters& params) override; + +private: + void SetWriteSecret(quic::EncryptionLevel level, const SSL_CIPHER* cipher, + const std::vector& write_secret) override; + bool SetReadSecret(quic::EncryptionLevel level, const SSL_CIPHER* cipher, + const std::vector& read_secret) override; +}; + +} // namespace Quic +} // namespace Envoy From e772105732b1482a9397464f031c79e4cbb4c25c Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 19 May 2021 12:10:32 -0400 Subject: [PATCH 03/33] build listener Signed-off-by: Dan Zhang --- api/BUILD | 1 + api/envoy/config/listener/v3/quic_config.proto | 7 ++++--- .../config/listener/v4alpha/quic_config.proto | 14 ++++++++++++++ api/envoy/extensions/quic/v3/BUILD | 9 +++++++++ api/envoy/extensions/quic/v3/crypto_stream.proto | 10 +++++++++- api/versioning/BUILD | 1 + generated_api_shadow/BUILD | 1 + .../envoy/config/listener/v3/quic_config.proto | 11 +++++++++++ .../config/listener/v4alpha/quic_config.proto | 14 ++++++++++++++ .../envoy/extensions/quic/v3/BUILD | 9 +++++++++ .../envoy/extensions/quic/v3/crypto_stream.proto | 16 ++++++++++++++++ source/common/quic/BUILD | 1 + source/common/quic/active_quic_listener.cc | 15 ++++++++++----- source/common/quic/active_quic_listener.h | 4 +++- source/extensions/quic/BUILD | 2 +- 15 files changed, 104 insertions(+), 11 deletions(-) create mode 100644 api/envoy/extensions/quic/v3/BUILD create mode 100644 generated_api_shadow/envoy/extensions/quic/v3/BUILD create mode 100644 generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto diff --git a/api/BUILD b/api/BUILD index 7a6671dd681f..39cd226a87ed 100644 --- a/api/BUILD +++ b/api/BUILD @@ -251,6 +251,7 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", + "//envoy/extensions/quic/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 1f492db8c482..a6d1a4af9bad 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -5,8 +5,8 @@ package envoy.config.listener.v3; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/protocol.proto"; -import "google/protobuf/duration.proto"; import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -20,12 +20,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] message QuicCryptoStream { - string name = 1 [(validate.rules).string = {min_len: 1}]; + string name = 1 [(validate.rules).string = {min_len: 1}]; - google.protobuf.Any typed_config = 2; + google.protobuf.Any typed_config = 2; } // Configuration specific to the UDP QUIC listener. +// [#next-free-field: 6] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.QuicProtocolOptions"; diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index c9e218137ae2..0b6dfa989892 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -5,10 +5,12 @@ package envoy.config.listener.v4alpha; import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/protocol.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v4alpha"; option java_outer_classname = "QuicConfigProto"; @@ -17,7 +19,17 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] +message QuicCryptoStream { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.listener.v3.QuicCryptoStream"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. +// [#next-free-field: 6] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicProtocolOptions"; @@ -35,4 +47,6 @@ message QuicProtocolOptions { // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults // to enabled. core.v4alpha.RuntimeFeatureFlag enabled = 4; + + QuicCryptoStream crypto_stream = 5; } diff --git a/api/envoy/extensions/quic/v3/BUILD b/api/envoy/extensions/quic/v3/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/api/envoy/extensions/quic/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/api/envoy/extensions/quic/v3/crypto_stream.proto b/api/envoy/extensions/quic/v3/crypto_stream.proto index 55dd8de6a3dc..1dd9cd76e701 100644 --- a/api/envoy/extensions/quic/v3/crypto_stream.proto +++ b/api/envoy/extensions/quic/v3/crypto_stream.proto @@ -2,7 +2,15 @@ syntax = "proto3"; package envoy.extensions.quic.v3; +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_outer_classname = "CryptoStreamProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + // [#protodoc-title: QUIC server crypto stream config] // Configuration specific to the QUIC server crypto stream. -message CryptoServerStreamConfig {} +message CryptoServerStreamConfig { +} diff --git a/api/versioning/BUILD b/api/versioning/BUILD index 338a8cdb80f2..0d363d6cc98e 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -134,6 +134,7 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", + "//envoy/extensions/quic/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/generated_api_shadow/BUILD b/generated_api_shadow/BUILD index 7a6671dd681f..39cd226a87ed 100644 --- a/generated_api_shadow/BUILD +++ b/generated_api_shadow/BUILD @@ -251,6 +251,7 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", + "//envoy/extensions/quic/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 69df722c6fbb..a6d1a4af9bad 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -5,10 +5,12 @@ package envoy.config.listener.v3; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/protocol.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "QuicConfigProto"; @@ -17,7 +19,14 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] +message QuicCryptoStream { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. +// [#next-free-field: 6] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.QuicProtocolOptions"; @@ -35,4 +44,6 @@ message QuicProtocolOptions { // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults // to enabled. core.v3.RuntimeFeatureFlag enabled = 4; + + QuicCryptoStream crypto_stream = 5; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index c9e218137ae2..0b6dfa989892 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -5,10 +5,12 @@ package envoy.config.listener.v4alpha; import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/protocol.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v4alpha"; option java_outer_classname = "QuicConfigProto"; @@ -17,7 +19,17 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] +message QuicCryptoStream { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.listener.v3.QuicCryptoStream"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. +// [#next-free-field: 6] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicProtocolOptions"; @@ -35,4 +47,6 @@ message QuicProtocolOptions { // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults // to enabled. core.v4alpha.RuntimeFeatureFlag enabled = 4; + + QuicCryptoStream crypto_stream = 5; } diff --git a/generated_api_shadow/envoy/extensions/quic/v3/BUILD b/generated_api_shadow/envoy/extensions/quic/v3/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/quic/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto new file mode 100644 index 000000000000..1dd9cd76e701 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package envoy.extensions.quic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_outer_classname = "CryptoStreamProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: QUIC server crypto stream config] + +// Configuration specific to the QUIC server crypto stream. +message CryptoServerStreamConfig { +} diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 353c2acc42eb..4cfc92954103 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -352,6 +352,7 @@ envoy_cc_library( "//source/common/runtime:runtime_lib", "//source/server:connection_handler_lib", "@envoy_api//envoy/config/listener/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", ], ) diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index dcf94f2ae90e..ac63fc50bfad 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -17,6 +17,8 @@ #include "common/quic/envoy_quic_utils.h" #include "common/quic/envoy_quic_packet_writer.h" #include "common/quic/envoy_quic_utils.h" +#include "envoy/extensions/quic/v3/crypto_stream.pb.h" +#include "common/config/utility.h" namespace Envoy { namespace Quic { @@ -235,14 +237,16 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( quic_config_.SetMaxUnidirectionalStreamsToSend(max_streams); configQuicInitialFlowControlWindow(config.quic_protocol_options(), quic_config_); + envoy::config::listener::v3::QuicCryptoStream crypto_stream; if (!config.has_crypto_stream()) { // If not specified, use the quic crypto stream created by QUICHE. - envoy::config::listener::v3::QuicCryptoStream* crypto_stream = config.mutable_crypto_stream(); - crypto_stream->set_name("quic.quiche_crypto_server_stream"); + crypto_stream.set_name("quic.quiche_crypto_server_stream"); envoy::extensions::quic::v3::CryptoServerStreamConfig crypto_stream_config; - crypto_stream->mutable_typed_config()->PackFrom(crypto_stream_config); + crypto_stream.mutable_typed_config()->PackFrom(crypto_stream_config); + } else { + crypto_stream = config.crypto_stream(); } - crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory(config.crypto_stream()); + crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory(crypto_stream); } Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::createActiveUdpListener( @@ -309,9 +313,10 @@ Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::crea } #endif + ASSERT(crypto_server_stream_factory_.has_value()); return std::make_unique(worker_index, concurrency_, disptacher, parent, config, quic_config_, std::move(options), - kernel_worker_routing, enabled_, crypto_server_stream_factory_); + kernel_worker_routing, enabled_, crypto_server_stream_factory_.value()); } } // namespace Quic diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index 9d6076e2abe4..51f1222e90aa 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -1,5 +1,7 @@ #pragma once +#include + #include "envoy/config/listener/v3/quic_config.pb.h" #include "envoy/network/connection_handler.h" #include "envoy/network/listener.h" @@ -94,7 +96,7 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, private: friend class ActiveQuicListenerFactoryPeer; - EnvoyQuicCryptoServerStreamFactory crypto_server_stream_factory_; + std::optional> crypto_server_stream_factory_; quic::QuicConfig quic_config_; const uint32_t concurrency_; absl::once_flag install_bpf_once_; diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 414eb8115f40..587eb5499383 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -11,7 +11,7 @@ licenses(["notice"]) # Apache 2 envoy_extension_package() envoy_cc_extension( - name = "envoy_quic_crypto_server_stream_factory", + name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], category = "quic.server.crypto_stream", From 5a83a9c2dfde5a9e8e37201b06c06ca3af050a4e Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 19 May 2021 18:14:05 -0400 Subject: [PATCH 04/33] making tests pass Signed-off-by: Dan Zhang --- bazel/envoy_library.bzl | 1 + bazel/external/quiche.BUILD | 2 +- include/envoy/registry/registry.h | 10 +++++ source/common/quic/BUILD | 13 +++--- source/common/quic/active_quic_listener.cc | 26 ++++++----- source/common/quic/active_quic_listener.h | 9 ++-- .../quic/envoy_quic_crypto_stream_factory.h | 16 ++++--- source/common/quic/envoy_quic_dispatcher.cc | 10 ++--- .../common/quic/envoy_quic_server_session.cc | 3 +- .../common/quic/envoy_quic_server_session.h | 2 +- source/extensions/quic/BUILD | 7 ++- .../quic/envoy_quic_crypto_server_stream.cc | 17 +++++++ .../quic/envoy_quic_crypto_server_stream.h | 12 +++-- test/common/quic/BUILD | 14 +----- test/common/quic/active_quic_listener_test.cc | 20 ++++++--- .../common/quic/envoy_quic_dispatcher_test.cc | 5 ++- .../quic/envoy_quic_server_session_test.cc | 45 ++++++++++++------- test/extensions/quic/BUILD | 28 ++++++++++++ test/integration/BUILD | 7 +-- 19 files changed, 164 insertions(+), 83 deletions(-) create mode 100644 source/extensions/quic/envoy_quic_crypto_server_stream.cc create mode 100644 test/extensions/quic/BUILD diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 7f9b745a504b..458c86a772be 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -86,6 +86,7 @@ EXTENSION_CATEGORIES = [ "envoy.io_socket", "envoy.matching.common_inputs", "envoy.matching.input_matchers", + "envoy.quic.server.crypto_stream", "envoy.rate_limit_descriptors", "envoy.request_id", "envoy.resource_monitors", diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD index a1b690347dac..f77e493882f5 100644 --- a/bazel/external/quiche.BUILD +++ b/bazel/external/quiche.BUILD @@ -2080,7 +2080,7 @@ envoy_cc_library( external_deps = ["ssl"], repository = "@envoy", tags = ["nofips"], - visibility = ["//visibility:public"], + visibility = ["//visibility:public"], deps = [ ":quic_core_crypto_hkdf_lib", ":quic_core_data_lib", diff --git a/include/envoy/registry/registry.h b/include/envoy/registry/registry.h index b90e86ca52f3..90865f10e90a 100644 --- a/include/envoy/registry/registry.h +++ b/include/envoy/registry/registry.h @@ -278,14 +278,24 @@ template class FactoryRegistry : public Logger::Loggablename() << "\n"; + } return nullptr; } if (!checkDeprecated(name)) { + std::cerr << "============ Fail to find " << name << " which is deprecated\n"; return nullptr; } + ASSERT(it->second != nullptr, "========= find it to be nullptr"); + std::cerr << "======= return " << it->second << "\n"; return it->second; } diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 4cfc92954103..4451f233001a 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -220,12 +220,12 @@ envoy_cc_library( ], tags = ["nofips"], deps = [ + ":envoy_quic_crypto_stream_factory_lib", ":envoy_quic_proof_source_lib", ":envoy_quic_server_connection_lib", ":envoy_quic_stream_lib", ":envoy_quic_utils_lib", ":quic_filter_manager_connection_lib", - ":envoy_quic_crypto_stream_factory_lib", "//source/common/buffer:buffer_lib", "//source/common/common:assert_lib", "//source/common/http:header_map_lib", @@ -317,10 +317,10 @@ envoy_cc_library( hdrs = ["envoy_quic_dispatcher.h"], tags = ["nofips"], deps = [ + ":envoy_quic_crypto_stream_factory_lib", ":envoy_quic_proof_source_lib", ":envoy_quic_server_connection_lib", ":envoy_quic_server_session_lib", - ":envoy_quic_crypto_stream_factory_lib", "//include/envoy/network:listener_interface", "//source/server:connection_handler_lib", "@com_googlesource_quiche//:quic_core_server_lib", @@ -412,6 +412,7 @@ envoy_cc_library( "//conditions:default": [ ":codec_lib", ":quic_transport_socket_factory_lib", + "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", ], }), ) @@ -461,7 +462,7 @@ envoy_cc_library( name = "envoy_quic_crypto_stream_factory_lib", hdrs = ["envoy_quic_crypto_stream_factory.h"], deps = [ - "//include/envoy/config:typed_config_interface", - "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", - ], - ) + "//include/envoy/config:typed_config_interface", + "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", + ], +) diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index ac63fc50bfad..25c0fe3c72d4 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -27,17 +27,20 @@ ActiveQuicListener::ActiveQuicListener( uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, - bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : ActiveQuicListener(worker_index, concurrency, dispatcher, parent, listener_config.listenSocketFactory().getListenSocket(), listener_config, - quic_config, std::move(options), kernel_worker_routing, enabled, crypto_server_stream_factory) {} + quic_config, std::move(options), kernel_worker_routing, enabled, + crypto_server_stream_factory) {} ActiveQuicListener::ActiveQuicListener( uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::SocketSharedPtr listen_socket, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : Server::ActiveUdpListenerBase( worker_index, concurrency, parent, *listen_socket, dispatcher.createUdpListener( @@ -240,13 +243,14 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( envoy::config::listener::v3::QuicCryptoStream crypto_stream; if (!config.has_crypto_stream()) { // If not specified, use the quic crypto stream created by QUICHE. - crypto_stream.set_name("quic.quiche_crypto_server_stream"); - envoy::extensions::quic::v3::CryptoServerStreamConfig crypto_stream_config; - crypto_stream.mutable_typed_config()->PackFrom(crypto_stream_config); + crypto_stream.set_name("quic.quiche_crypto_server_stream"); + envoy::extensions::quic::v3::CryptoServerStreamConfig crypto_stream_config; + crypto_stream.mutable_typed_config()->PackFrom(crypto_stream_config); } else { - crypto_stream = config.crypto_stream(); + crypto_stream = config.crypto_stream(); } - crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory(crypto_stream); + crypto_server_stream_factory_ = + Config::Utility::getAndCheckFactory(crypto_stream); } Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::createActiveUdpListener( @@ -314,9 +318,9 @@ Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::crea #endif ASSERT(crypto_server_stream_factory_.has_value()); - return std::make_unique(worker_index, concurrency_, disptacher, parent, - config, quic_config_, std::move(options), - kernel_worker_routing, enabled_, crypto_server_stream_factory_.value()); + return std::make_unique( + worker_index, concurrency_, disptacher, parent, config, quic_config_, std::move(options), + kernel_worker_routing, enabled_, crypto_server_stream_factory_.value()); } } // namespace Quic diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index 51f1222e90aa..ede123f7401f 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -30,13 +30,15 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ActiveQuicListener(uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::SocketSharedPtr listen_socket, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, - const envoy::config::core::v3::RuntimeFeatureFlag& enabled, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + const envoy::config::core::v3::RuntimeFeatureFlag& enabled, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ~ActiveQuicListener() override; @@ -96,7 +98,8 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, private: friend class ActiveQuicListenerFactoryPeer; - std::optional> crypto_server_stream_factory_; + std::optional> + crypto_server_stream_factory_; quic::QuicConfig quic_config_; const uint32_t concurrency_; absl::once_flag install_bpf_once_; diff --git a/source/common/quic/envoy_quic_crypto_stream_factory.h b/source/common/quic/envoy_quic_crypto_stream_factory.h index 78dea5809382..7a15ae55841d 100644 --- a/source/common/quic/envoy_quic_crypto_stream_factory.h +++ b/source/common/quic/envoy_quic_crypto_stream_factory.h @@ -21,14 +21,16 @@ namespace Envoy { namespace Quic { class EnvoyQuicCryptoServerStreamFactory : public Config::TypedFactory { - public: - std::string category() const override { return "quic.server.crypto_stream"; } +public: + std::string category() const override { return "envoy.quic.server.crypto_stream"; } // Return an Envoy specific quic crypto server stream object. - virtual std::unique_ptr createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, - quic::QuicCompressedCertsCache* compressed_certs_cache, - quic::QuicSession* session, quic::QuicCryptoServerStreamBase::Helper* helper) PURE; + virtual std::unique_ptr + createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) PURE; }; -} // namespace Quic -} // namespace Envoy +} // namespace Quic +} // namespace Envoy diff --git a/source/common/quic/envoy_quic_dispatcher.cc b/source/common/quic/envoy_quic_dispatcher.cc index 36c1bd9ce985..80bd0c6d26ea 100644 --- a/source/common/quic/envoy_quic_dispatcher.cc +++ b/source/common/quic/envoy_quic_dispatcher.cc @@ -1,13 +1,13 @@ #include "common/quic/envoy_quic_dispatcher.h" +#include + #include "common/common/safe_memcpy.h" #include "common/http/utility.h" #include "common/quic/envoy_quic_server_connection.h" #include "common/quic/envoy_quic_server_session.h" #include "common/quic/envoy_quic_utils.h" -#include - namespace Envoy { namespace Quic { @@ -19,14 +19,14 @@ EnvoyQuicDispatcher::EnvoyQuicDispatcher( uint8_t expected_server_connection_id_length, Network::ConnectionHandler& connection_handler, Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats, Server::PerHandlerListenerStats& per_worker_stats, Event::Dispatcher& dispatcher, - Network::Socket& listen_socket, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + Network::Socket& listen_socket, + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) : quic::QuicDispatcher(&quic_config, crypto_config, version_manager, std::move(helper), std::make_unique(), std::move(alarm_factory), expected_server_connection_id_length), connection_handler_(connection_handler), listener_config_(listener_config), listener_stats_(listener_stats), per_worker_stats_(per_worker_stats), dispatcher_(dispatcher), - listen_socket_(listen_socket), - crypto_server_stream_factory_(crypto_server_stream_factory) { + listen_socket_(listen_socket), crypto_server_stream_factory_(crypto_server_stream_factory) { // Set send buffer twice of max flow control window to ensure that stream send // buffer always takes all the data. // The max amount of data buffered is the per-stream high watermark + the max diff --git a/source/common/quic/envoy_quic_server_session.cc b/source/common/quic/envoy_quic_server_session.cc index c1cf67b61af7..66afd96ae595 100644 --- a/source/common/quic/envoy_quic_server_session.cc +++ b/source/common/quic/envoy_quic_server_session.cc @@ -35,7 +35,8 @@ std::unique_ptr EnvoyQuicServerSession::CreateQuicCryptoServerStream( const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache) { - return crypto_server_stream_factory_.createEnvoyQuicCryptoServerStream(crypto_config, compressed_certs_cache, this, stream_helper()); + return crypto_server_stream_factory_.createEnvoyQuicCryptoServerStream( + crypto_config, compressed_certs_cache, this, stream_helper()); } quic::QuicSpdyStream* EnvoyQuicServerSession::CreateIncomingStream(quic::QuicStreamId id) { diff --git a/source/common/quic/envoy_quic_server_session.h b/source/common/quic/envoy_quic_server_session.h index 4b1e8ed81b9b..b3be0dc2e8ed 100644 --- a/source/common/quic/envoy_quic_server_session.h +++ b/source/common/quic/envoy_quic_server_session.h @@ -40,7 +40,7 @@ class EnvoyQuicServerSession : public quic::QuicServerSessionBase, quic::QuicCryptoServerStreamBase::Helper* helper, const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, - Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, + Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); ~EnvoyQuicServerSession() override; diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 587eb5499383..d0fef805fb9d 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -14,8 +14,13 @@ envoy_cc_extension( name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], - category = "quic.server.crypto_stream", + category = "envoy.quic.server.crypto_stream", + extra_visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], security_posture = "unknown", + tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_crypto_stream_factory_lib", "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.cc b/source/extensions/quic/envoy_quic_crypto_server_stream.cc new file mode 100644 index 000000000000..d7b9c57f8623 --- /dev/null +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.cc @@ -0,0 +1,17 @@ +#include "extensions/quic/envoy_quic_crypto_server_stream.h" + +namespace Envoy { +namespace Quic { + +std::unique_ptr +RealEnvoyQuicCryptoServerStreamFactory::createEnvoyQuicCryptoServerStream( + const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) { + return quic::CreateCryptoServerStream(crypto_config, compressed_certs_cache, session, helper); +} + +DECLARE_FACTORY(RealEnvoyQuicCryptoServerStreamFactory); + +} // namespace Quic +} // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/envoy_quic_crypto_server_stream.h index d6176663a393..91b516e70bf8 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.h @@ -1,26 +1,24 @@ -#pragma +#pragma once #include "envoy/extensions/quic/v3/crypto_stream.pb.h" +#include "envoy/registry/registry.h" #include "common/quic/envoy_quic_crypto_stream_factory.h" namespace Envoy { namespace Quic { -class RealEnvoyQuicCryptoServerStreamFactory : EnvoyQuicCryptoServerStreamFactory { +class RealEnvoyQuicCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { public: ProtobufTypes::MessagePtr createEmptyConfigProto() override { - return std::make_unique(); + return std::make_unique(); } std::string name() const override { return "quic.quiche_crypto_server_stream"; } - std::unique_ptr createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, quic::QuicSession* session, - quic::QuicCryptoServerStreamBase::Helper* helper) override { - return quic::CreateCryptoServerStream(crypto_config, compressed_certs_cache, session, helper); - } + quic::QuicCryptoServerStreamBase::Helper* helper) override; }; REGISTER_FACTORY(RealEnvoyQuicCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); diff --git a/test/common/quic/BUILD b/test/common/quic/BUILD index c89dfaac6e0f..b67f5e502236 100644 --- a/test/common/quic/BUILD +++ b/test/common/quic/BUILD @@ -184,6 +184,7 @@ envoy_cc_test( "//source/common/quic:active_quic_listener_lib", "//source/common/quic:envoy_quic_utils_lib", "//source/common/quic:udp_gso_batch_writer_lib", + "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//source/server:configuration_lib", "//test/mocks/network:network_mocks", "//test/mocks/server:instance_mocks", @@ -208,6 +209,7 @@ envoy_cc_test( "//source/common/quic:envoy_quic_dispatcher_lib", "//source/common/quic:envoy_quic_proof_source_lib", "//source/common/quic:envoy_quic_server_session_lib", + "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//source/server:configuration_lib", "//test/mocks/event:event_mocks", "//test/mocks/http:http_mocks", @@ -295,15 +297,3 @@ envoy_cc_test_library( "@com_googlesource_quiche//:quic_test_tools_qpack_qpack_encoder_test_utils_lib", ], ) - -envoy_cc_test_library( - name = "envoy_quic_no_handshake_crypto_server_stream_lib", - srcs = ["envoy_quic_no_handshake_crypto_server_stream.cc"], - hdrs = ["envoy_quic_no_handshake_crypto_server_stream.h"], - tags = ["nofips"], - deps = [ - "//source/common/quic:envoy_quic_crypto_stream_factory_lib", - "@com_googlesource_quiche//:quic_core_crypto_encryption_lib", - "@com_googlesource_quiche//:quic_core_session_lib", - ], -) diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index b9df504e88a4..5165aff21a6a 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -43,6 +43,7 @@ #include "common/quic/platform/envoy_quic_clock.h" #include "common/quic/envoy_quic_utils.h" #include "common/quic/udp_gso_batch_writer.h" +#include "extensions/quic/envoy_quic_crypto_server_stream.h" using testing::Return; using testing::ReturnRef; @@ -267,6 +268,10 @@ class ActiveQuicListenerTest : public QuicMultiVersionTest { enabled: default_value: true runtime_key: quic.enabled + crypto_stream: + name: "envoy.quic.quiche_crypto_server_stream" + typed_config: + "@type": type.googleapis.com/envoy.extensions.quic.v3.CryptoServerStreamConfig )EOF", connection_window_size_, stream_window_size_); } @@ -323,13 +328,14 @@ TEST_P(ActiveQuicListenerTest, FailSocketOptionUponCreation) { auto options = std::make_shared>(); options->emplace_back(std::move(option)); quic_listener_.reset(); - EXPECT_THROW_WITH_REGEX( - (void)std::make_unique( - 0, 1, *dispatcher_, connection_handler_, listen_socket_, listener_config_, quic_config_, - options, false, - ActiveQuicListenerFactoryPeer::runtimeEnabled( - static_cast(listener_factory_.get()))), - Network::CreateListenerException, "Failed to apply socket options."); + RealEnvoyQuicCryptoServerStreamFactory crypto_stream_factory; + EXPECT_THROW_WITH_REGEX((void)std::make_unique( + 0, 1, *dispatcher_, connection_handler_, listen_socket_, + listener_config_, quic_config_, options, false, + ActiveQuicListenerFactoryPeer::runtimeEnabled( + static_cast(listener_factory_.get())), + crypto_stream_factory), + Network::CreateListenerException, "Failed to apply socket options."); } TEST_P(ActiveQuicListenerTest, ReceiveCHLO) { diff --git a/test/common/quic/envoy_quic_dispatcher_test.cc b/test/common/quic/envoy_quic_dispatcher_test.cc index 5b4f7b4b76b6..f5cbe246b96d 100644 --- a/test/common/quic/envoy_quic_dispatcher_test.cc +++ b/test/common/quic/envoy_quic_dispatcher_test.cc @@ -34,6 +34,7 @@ #include "common/quic/envoy_quic_alarm_factory.h" #include "common/quic/envoy_quic_utils.h" #include "extensions/transport_sockets/well_known_names.h" +#include "extensions/quic/envoy_quic_crypto_server_stream.h" #include "server/configuration_impl.h" #include "gmock/gmock.h" #include "gtest/gtest.h" @@ -83,7 +84,8 @@ class EnvoyQuicDispatcherTest : public QuicMultiVersionTest, std::make_unique(*dispatcher_), std::make_unique(*dispatcher_, *connection_helper_.GetClock()), quic::kQuicDefaultConnectionIdLength, connection_handler_, listener_config_, - listener_stats_, per_worker_stats_, *dispatcher_, *listen_socket_), + listener_stats_, per_worker_stats_, *dispatcher_, *listen_socket_, + crypto_stream_factory_), connection_id_(quic::test::TestConnectionId(1)) { auto writer = new testing::NiceMock(); envoy_quic_dispatcher_.InitializeWithWriter(writer); @@ -254,6 +256,7 @@ class EnvoyQuicDispatcherTest : public QuicMultiVersionTest, Server::ListenerStats listener_stats_; Server::PerHandlerListenerStats per_worker_stats_; Server::ConnectionHandlerImpl connection_handler_; + RealEnvoyQuicCryptoServerStreamFactory crypto_stream_factory_; EnvoyQuicDispatcher envoy_quic_dispatcher_; const quic::QuicConnectionId connection_id_; }; diff --git a/test/common/quic/envoy_quic_server_session_test.cc b/test/common/quic/envoy_quic_server_session_test.cc index 415b5c609823..1aa0abb0e432 100644 --- a/test/common/quic/envoy_quic_server_session_test.cc +++ b/test/common/quic/envoy_quic_server_session_test.cc @@ -123,6 +123,31 @@ class TestEnvoyQuicTlsServerHandshaker : public quic::TlsServerHandshaker, quic::QuicReferenceCountedPointer params_; }; +class EnvoyQuicTestCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { +public: + EnvoyQuicTestCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactory() {} + + ProtobufTypes::MessagePtr createEmptyConfigProto() override { return nullptr; } + std::string name() const override { return "quic.test_crypto_server_stream"; } + + std::unique_ptr + createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, + quic::QuicCompressedCertsCache* compressed_certs_cache, + quic::QuicSession* session, + quic::QuicCryptoServerStreamBase::Helper* helper) override { + switch (session->connection()->version().handshake_protocol) { + case quic::PROTOCOL_QUIC_CRYPTO: + return std::make_unique(crypto_config, compressed_certs_cache, + session, helper); + case quic::PROTOCOL_TLS1_3: + return std::make_unique(session, *crypto_config); + case quic::PROTOCOL_UNSUPPORTED: + ASSERT(false, "Unknown handshake protocol"); + return nullptr; + } + } +}; + class EnvoyQuicServerSessionTest : public testing::TestWithParam { public: EnvoyQuicServerSessionTest() @@ -140,7 +165,8 @@ class EnvoyQuicServerSessionTest : public testing::TestWithParam { std::unique_ptr(quic_connection_), /*visitor=*/nullptr, &crypto_stream_helper_, &crypto_config_, &compressed_certs_cache_, *dispatcher_, - /*send_buffer_limit*/ quic::kDefaultFlowControlSendWindow * 1.5), + /*send_buffer_limit*/ quic::kDefaultFlowControlSendWindow * 1.5, + crypto_stream_factory_), stats_({ALL_HTTP3_CODEC_STATS( POOL_COUNTER_PREFIX(listener_config_.listenerScope(), "http3."), POOL_GAUGE_PREFIX(listener_config_.listenerScope(), "http3."))}) { @@ -168,21 +194,6 @@ class EnvoyQuicServerSessionTest : public testing::TestWithParam { envoy_quic_session_.OnConfigNegotiated(); quic::test::QuicConfigPeer::SetNegotiated(envoy_quic_session_.config(), true); quic::test::QuicConnectionPeer::SetAddressValidated(quic_connection_); - // Switch to a encryption forward secure crypto stream. - quic::test::QuicServerSessionBasePeer::SetCryptoStream(&envoy_quic_session_, nullptr); - quic::QuicCryptoServerStreamBase* crypto_stream = nullptr; - if (quic_version_[0].handshake_protocol == quic::PROTOCOL_QUIC_CRYPTO) { - auto test_crypto_stream = new TestQuicCryptoServerStream( - &crypto_config_, &compressed_certs_cache_, &envoy_quic_session_, &crypto_stream_helper_); - crypto_stream = test_crypto_stream; - crypto_stream_ = test_crypto_stream; - } else { - auto test_crypto_stream = - new TestEnvoyQuicTlsServerHandshaker(&envoy_quic_session_, crypto_config_); - crypto_stream = test_crypto_stream; - crypto_stream_ = test_crypto_stream; - } - quic::test::QuicServerSessionBasePeer::SetCryptoStream(&envoy_quic_session_, crypto_stream); quic_connection_->SetEncrypter( quic::ENCRYPTION_FORWARD_SECURE, std::make_unique(quic::Perspective::IS_SERVER)); @@ -251,7 +262,7 @@ class EnvoyQuicServerSessionTest : public testing::TestWithParam { quic::QuicConfig quic_config_; quic::QuicCryptoServerConfig crypto_config_; testing::NiceMock crypto_stream_helper_; - ProofSourceDetailsSetter* crypto_stream_; + EnvoyQuicTestCryptoServerStreamFactory crypto_stream_factory_; TestEnvoyQuicServerSession envoy_quic_session_; quic::QuicCompressedCertsCache compressed_certs_cache_{100}; std::shared_ptr read_filter_; diff --git a/test/extensions/quic/BUILD b/test/extensions/quic/BUILD new file mode 100644 index 000000000000..dbf4fd0b6a80 --- /dev/null +++ b/test/extensions/quic/BUILD @@ -0,0 +1,28 @@ +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_extension_package", + "envoy_package", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() + +# Test-only extensions of various QUIC objects. + +envoy_extension_package() + +envoy_cc_extension( + name = "envoy_quic_no_handshake_crypto_server_stream_lib", + srcs = ["envoy_quic_no_handshake_crypto_server_stream.cc"], + hdrs = ["envoy_quic_no_handshake_crypto_server_stream.h"], + category = "envoy.quic.server.crypto_stream", + security_posture = "unknown", + tags = ["nofips"], + deps = [ + "//source/common/quic:envoy_quic_crypto_stream_factory_lib", + "@com_googlesource_quiche//:quic_core_crypto_encryption_lib", + "@com_googlesource_quiche//:quic_core_session_lib", + ], +) diff --git a/test/integration/BUILD b/test/integration/BUILD index 014e08b26d0e..91c24816781c 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -681,7 +681,7 @@ envoy_cc_test_library( "@envoy_api//envoy/config/listener/v3:pkg_cc_proto", ] + envoy_select_enable_http3([ "//source/common/quic:active_quic_listener_lib", - "//source/common/quic:codec_lib", + "//source/common/quic:quic_factory_lib", ]), ) @@ -1681,6 +1681,7 @@ envoy_cc_test( ], deps = envoy_select_enable_http3([ ":protocol_integration_test_lib", + "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//source/common/quic:active_quic_listener_lib", "//source/common/quic:client_connection_factory_lib", "//source/common/quic:quic_factory_lib", @@ -1712,13 +1713,13 @@ envoy_cc_test( deps = envoy_select_enable_http3([ ":http_integration_lib", "//source/common/quic:client_connection_factory_lib", - "//source/common/quic:codec_lib", "//source/common/quic:envoy_quic_client_connection_lib", "//source/common/quic:envoy_quic_client_session_lib", "//source/common/quic:envoy_quic_connection_helper_lib", "//source/common/quic:envoy_quic_proof_verifier_lib", - "//source/common/quic:quic_transport_socket_factory_lib", + "//source/common/quic:quic_factory_lib", "//source/extensions/resource_monitors/injected_resource:config", + "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//test/common/quic:quic_test_utils_for_envoy_lib", "//test/common/quic:test_utils_lib", "//test/integration/filters:encoder_decoder_buffer_filter_lib", From 587facd5ad33e849cef93cd37297a4e555f406a2 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 19 May 2021 18:15:22 -0400 Subject: [PATCH 05/33] revert debug logging Signed-off-by: Dan Zhang --- include/envoy/registry/registry.h | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/include/envoy/registry/registry.h b/include/envoy/registry/registry.h index 90865f10e90a..b90e86ca52f3 100644 --- a/include/envoy/registry/registry.h +++ b/include/envoy/registry/registry.h @@ -278,24 +278,14 @@ template class FactoryRegistry : public Logger::Loggablename() << "\n"; - } return nullptr; } if (!checkDeprecated(name)) { - std::cerr << "============ Fail to find " << name << " which is deprecated\n"; return nullptr; } - ASSERT(it->second != nullptr, "========= find it to be nullptr"); - std::cerr << "======= return " << it->second << "\n"; return it->second; } From 75c569f8642119dfcb450f6db75f111c6b09bb75 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Mon, 24 May 2021 16:58:53 -0400 Subject: [PATCH 06/33] add client crypto stream factory Signed-off-by: Dan Zhang --- .../config/listener/v3/quic_config.proto | 3 ++ .../extensions/quic/v3/crypto_stream.proto | 3 +- source/common/quic/BUILD | 2 ++ .../quic/client_connection_factory_impl.cc | 2 +- .../quic/client_connection_factory_impl.h | 3 ++ .../common/quic/envoy_quic_client_session.cc | 12 +++++-- .../common/quic/envoy_quic_client_session.h | 7 +++- .../quic/envoy_quic_crypto_stream_factory.h | 15 +++++++++ source/extensions/quic/BUILD | 15 +++++++++ .../quic/envoy_quic_crypto_client_stream.cc | 17 ++++++++++ .../quic/envoy_quic_crypto_client_stream.h | 20 ++++++++++++ .../quic/envoy_quic_crypto_server_stream.cc | 2 +- .../quic/envoy_quic_crypto_server_stream.h | 2 +- test/common/quic/BUILD | 1 + .../quic/envoy_quic_client_session_test.cc | 32 +++++++++---------- .../integration/quic_http_integration_test.cc | 3 +- 16 files changed, 115 insertions(+), 24 deletions(-) create mode 100644 source/extensions/quic/envoy_quic_crypto_client_stream.cc create mode 100644 source/extensions/quic/envoy_quic_crypto_client_stream.h diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index a6d1a4af9bad..0a6fca0786ca 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -19,6 +19,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] +// Configuration specific to QUIC crypto stream. message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; @@ -45,5 +46,7 @@ message QuicProtocolOptions { // to enabled. core.v3.RuntimeFeatureFlag enabled = 4; + // The crypto server stream implementation used for this listener. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 5; } diff --git a/api/envoy/extensions/quic/v3/crypto_stream.proto b/api/envoy/extensions/quic/v3/crypto_stream.proto index 1dd9cd76e701..e4c378f4781e 100644 --- a/api/envoy/extensions/quic/v3/crypto_stream.proto +++ b/api/envoy/extensions/quic/v3/crypto_stream.proto @@ -10,7 +10,8 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] +// [#extension: quic.quiche_crypto_server_stream] -// Configuration specific to the QUIC server crypto stream. +// Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { } diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 04e9212bb29b..7e4a6d8095bd 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -166,6 +166,7 @@ envoy_cc_library( "//include/envoy/registry", "//source/common/http/http3:quic_client_connection_factory_lib", "//source/extensions/transport_sockets/tls:ssl_socket_lib", + "//source/extensions/quic:envoy_quic_crypto_client_stream_lib", "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", ], ) @@ -246,6 +247,7 @@ envoy_cc_library( tags = ["nofips"], deps = [ ":envoy_quic_client_connection_lib", + ":envoy_quic_crypto_stream_factory_lib", ":envoy_quic_stream_lib", ":envoy_quic_utils_lib", ":quic_filter_manager_connection_lib", diff --git a/source/common/quic/client_connection_factory_impl.cc b/source/common/quic/client_connection_factory_impl.cc index 9dcda4745520..aa9f98a54b50 100644 --- a/source/common/quic/client_connection_factory_impl.cc +++ b/source/common/quic/client_connection_factory_impl.cc @@ -86,7 +86,7 @@ createQuicNetworkConnection(Http::PersistentQuicInfo& info, Event::Dispatcher& d auto ret = std::make_unique( info_impl->quic_config_, info_impl->supported_versions_, std::move(connection), info_impl->server_id_, std::move(config), &static_info.push_promise_index_, dispatcher, - /*send_buffer_limit=*/0); + /*send_buffer_limit=*/0, info_impl->crypto_stream_factory_); return ret; } diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index bf56a95f3e84..029925fc0c09 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -8,6 +8,7 @@ #include "common/quic/envoy_quic_utils.h" #include "extensions/transport_sockets/tls/ssl_socket.h" +#include "extensions/quic/envoy_quic_crypto_client_stream.h" #include "quiche/quic/core/http/quic_client_push_promise_index.h" #include "quiche/quic/core/quic_utils.h" @@ -42,6 +43,8 @@ struct PersistentQuicInfoImpl : public Http::PersistentQuicInfo { const quic::ParsedQuicVersionVector supported_versions_{quic::CurrentSupportedVersions()}; // TODO(alyssawilk) actually set this up properly. quic::QuicConfig quic_config_; + // Hard code with real crypto stream for now. + RealEnvoyQuicCryptoClientStreamFactory crypto_stream_factory_; }; std::unique_ptr diff --git a/source/common/quic/envoy_quic_client_session.cc b/source/common/quic/envoy_quic_client_session.cc index 0763a5f00932..1a065fd92d18 100644 --- a/source/common/quic/envoy_quic_client_session.cc +++ b/source/common/quic/envoy_quic_client_session.cc @@ -10,12 +10,12 @@ EnvoyQuicClientSession::EnvoyQuicClientSession( std::unique_ptr connection, const quic::QuicServerId& server_id, std::shared_ptr crypto_config, quic::QuicClientPushPromiseIndex* push_promise_index, Event::Dispatcher& dispatcher, - uint32_t send_buffer_limit) + uint32_t send_buffer_limit, EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory) : QuicFilterManagerConnectionImpl(*connection, connection->connection_id(), dispatcher, send_buffer_limit), quic::QuicSpdyClientSession(config, supported_versions, connection.release(), server_id, crypto_config.get(), push_promise_index), - host_name_(server_id.host()), crypto_config_(crypto_config) {} + host_name_(server_id.host()), crypto_config_(crypto_config), crypto_stream_factory_(crypto_stream_factory) {} EnvoyQuicClientSession::~EnvoyQuicClientSession() { ASSERT(!connection()->connected()); @@ -129,5 +129,13 @@ size_t EnvoyQuicClientSession::WriteHeadersOnHeadersStream( precedence, ack_listener); } +std::unique_ptr EnvoyQuicClientSession::CreateQuicCryptoStream() { + return crypto_stream_factory_.createEnvoyQuicCryptoClientStream( + server_id(), this, + crypto_config()->proof_verifier()->CreateDefaultContext(), crypto_config(), + this, /*has_application_state = */ version().UsesHttp3()); + +} + } // namespace Quic } // namespace Envoy diff --git a/source/common/quic/envoy_quic_client_session.h b/source/common/quic/envoy_quic_client_session.h index c4fe12ffd706..aff5f1d03599 100644 --- a/source/common/quic/envoy_quic_client_session.h +++ b/source/common/quic/envoy_quic_client_session.h @@ -16,6 +16,7 @@ #include "common/quic/envoy_quic_client_stream.h" #include "common/quic/envoy_quic_client_connection.h" #include "common/quic/quic_filter_manager_connection_impl.h" +#include "common/quic/envoy_quic_crypto_stream_factory.h" namespace Envoy { namespace Quic { @@ -35,7 +36,8 @@ class EnvoyQuicClientSession : public QuicFilterManagerConnectionImpl, const quic::QuicServerId& server_id, std::shared_ptr crypto_config, quic::QuicClientPushPromiseIndex* push_promise_index, - Event::Dispatcher& dispatcher, uint32_t send_buffer_limit); + Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, + EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory); ~EnvoyQuicClientSession() override; @@ -77,6 +79,8 @@ class EnvoyQuicClientSession : public QuicFilterManagerConnectionImpl, // quic::QuicSpdySession quic::QuicSpdyStream* CreateIncomingStream(quic::QuicStreamId id) override; quic::QuicSpdyStream* CreateIncomingStream(quic::PendingStream* pending) override; + std::unique_ptr CreateQuicCryptoStream() + override; // QuicFilterManagerConnectionImpl bool hasDataToWrite() override; @@ -90,6 +94,7 @@ class EnvoyQuicClientSession : public QuicFilterManagerConnectionImpl, Http::ConnectionCallbacks* http_connection_callbacks_{nullptr}; const absl::string_view host_name_; std::shared_ptr crypto_config_; + EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory_; }; } // namespace Quic diff --git a/source/common/quic/envoy_quic_crypto_stream_factory.h b/source/common/quic/envoy_quic_crypto_stream_factory.h index 7a15ae55841d..9fd1040c8bf8 100644 --- a/source/common/quic/envoy_quic_crypto_stream_factory.h +++ b/source/common/quic/envoy_quic_crypto_stream_factory.h @@ -12,6 +12,7 @@ #include "quiche/quic/core/crypto/quic_crypto_server_config.h" #include "quiche/quic/core/tls_server_handshaker.h" #include "quiche/quic/core/quic_session.h" +#include "quiche/quic/core/quic_crypto_client_stream.h" #if defined(__GNUC__) #pragma GCC diagnostic pop @@ -32,5 +33,19 @@ class EnvoyQuicCryptoServerStreamFactory : public Config::TypedFactory { quic::QuicCryptoServerStreamBase::Helper* helper) PURE; }; +class EnvoyQuicCryptoClientStreamFactory { +public: + virtual ~EnvoyQuicCryptoClientStreamFactory() {} + + // Return an Envoy specific quic crypto client stream object. + virtual std::unique_ptr + createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, + quic::QuicSession* session, + std::unique_ptr verify_context, + quic::QuicCryptoClientConfig* crypto_config, + quic::QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state) PURE; +}; + } // namespace Quic } // namespace Envoy diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index d0fef805fb9d..eef72924e2c8 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -1,6 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", + "envoy_cc_library", "envoy_extension_package", ) @@ -26,3 +27,17 @@ envoy_cc_extension( "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", ], ) + +envoy_cc_library( + name = "envoy_quic_crypto_client_stream_lib", + srcs = ["envoy_quic_crypto_client_stream.cc"], + hdrs = ["envoy_quic_crypto_client_stream.h"], + tags = ["nofips"], + visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + deps = [ + "//source/common/quic:envoy_quic_crypto_stream_factory_lib", + ], +) diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.cc b/source/extensions/quic/envoy_quic_crypto_client_stream.cc new file mode 100644 index 000000000000..e74750969710 --- /dev/null +++ b/source/extensions/quic/envoy_quic_crypto_client_stream.cc @@ -0,0 +1,17 @@ +#include "extensions/quic/envoy_quic_crypto_client_stream.h" + +namespace Envoy { +namespace Quic { + +std::unique_ptr +RealEnvoyQuicCryptoClientStreamFactory::createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, + quic::QuicSession* session, + std::unique_ptr verify_context, + quic::QuicCryptoClientConfig* crypto_config, + quic::QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state) { + return std::make_unique(server_id, session, std::move(verify_context), crypto_config, proof_handler, has_application_state); +}; + +} // namespace Quic +} // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.h b/source/extensions/quic/envoy_quic_crypto_client_stream.h new file mode 100644 index 000000000000..dc6c25a5f2e3 --- /dev/null +++ b/source/extensions/quic/envoy_quic_crypto_client_stream.h @@ -0,0 +1,20 @@ +#pragma once + +#include "common/quic/envoy_quic_crypto_stream_factory.h" + +namespace Envoy { +namespace Quic { + +class RealEnvoyQuicCryptoClientStreamFactory : public EnvoyQuicCryptoClientStreamFactory { +public: + std::unique_ptr + createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, + quic::QuicSession* session, + std::unique_ptr verify_context, + quic::QuicCryptoClientConfig* crypto_config, + quic::QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state) override; +}; + +} // namespace Quic +} // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.cc b/source/extensions/quic/envoy_quic_crypto_server_stream.cc index d7b9c57f8623..fce77292480e 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.cc +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.cc @@ -11,7 +11,7 @@ RealEnvoyQuicCryptoServerStreamFactory::createEnvoyQuicCryptoServerStream( return quic::CreateCryptoServerStream(crypto_config, compressed_certs_cache, session, helper); } -DECLARE_FACTORY(RealEnvoyQuicCryptoServerStreamFactory); +REGISTER_FACTORY(RealEnvoyQuicCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); } // namespace Quic } // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/envoy_quic_crypto_server_stream.h index 91b516e70bf8..4654f0af84b1 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.h @@ -21,7 +21,7 @@ class RealEnvoyQuicCryptoServerStreamFactory : public EnvoyQuicCryptoServerStrea quic::QuicCryptoServerStreamBase::Helper* helper) override; }; -REGISTER_FACTORY(RealEnvoyQuicCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); +DECLARE_FACTORY(RealEnvoyQuicCryptoServerStreamFactory); } // namespace Quic } // namespace Envoy diff --git a/test/common/quic/BUILD b/test/common/quic/BUILD index b67f5e502236..3372f60aeaf9 100644 --- a/test/common/quic/BUILD +++ b/test/common/quic/BUILD @@ -163,6 +163,7 @@ envoy_cc_test( "//source/common/quic:envoy_quic_client_connection_lib", "//source/common/quic:envoy_quic_client_session_lib", "//source/common/quic:envoy_quic_connection_helper_lib", + "//source/extensions/quic:envoy_quic_crypto_client_stream_lib", "//test/mocks/http:http_mocks", "//test/mocks/http:stream_decoder_mock", "//test/mocks/network:network_mocks", diff --git a/test/common/quic/envoy_quic_client_session_test.cc b/test/common/quic/envoy_quic_client_session_test.cc index fbcc51df8c5c..ac75f3b791dc 100644 --- a/test/common/quic/envoy_quic_client_session_test.cc +++ b/test/common/quic/envoy_quic_client_session_test.cc @@ -18,6 +18,9 @@ #include "common/quic/envoy_quic_connection_helper.h" #include "common/quic/envoy_quic_alarm_factory.h" #include "common/quic/envoy_quic_utils.h" + +#include "extensions/quic/envoy_quic_crypto_client_stream.h" + #include "test/common/quic/test_utils.h" #include "envoy/stats/stats_macros.h" @@ -74,22 +77,17 @@ class TestQuicCryptoClientStream : public quic::QuicCryptoClientStream { bool encryption_established() const override { return true; } }; -class TestEnvoyQuicClientSession : public EnvoyQuicClientSession { +class TestQuicCryptoClientStreamFactory : public EnvoyQuicCryptoClientStreamFactory { public: - TestEnvoyQuicClientSession(const quic::QuicConfig& config, - const quic::ParsedQuicVersionVector& supported_versions, - std::unique_ptr connection, - const quic::QuicServerId& server_id, - std::shared_ptr crypto_config, - quic::QuicClientPushPromiseIndex* push_promise_index, - Event::Dispatcher& dispatcher, uint32_t send_buffer_limit) - : EnvoyQuicClientSession(config, supported_versions, std::move(connection), server_id, - crypto_config, push_promise_index, dispatcher, send_buffer_limit) {} - - std::unique_ptr CreateQuicCryptoStream() override { + std::unique_ptr createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, + quic::QuicSession* session, + std::unique_ptr verify_context, + quic::QuicCryptoClientConfig* crypto_config, + quic::QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state) override { return std::make_unique( - server_id(), this, crypto_config()->proof_verifier()->CreateDefaultContext(), - crypto_config(), this, true); + server_id, session, std::move(verify_context), + crypto_config, proof_handler, has_application_state); } }; @@ -115,7 +113,8 @@ class EnvoyQuicClientSessionTest : public testing::TestWithParam { std::unique_ptr(quic_connection_), quic::QuicServerId("example.com", 443, false), crypto_config_, nullptr, *dispatcher_, - /*send_buffer_limit*/ 1024 * 1024), + /*send_buffer_limit*/ 1024 * 1024, + crypto_stream_factory_), stats_({ALL_HTTP3_CODEC_STATS(POOL_COUNTER_PREFIX(scope_, "http3."), POOL_GAUGE_PREFIX(scope_, "http3."))}), http_connection_(envoy_quic_session_, http_connection_callbacks_, stats_, http3_options_, @@ -175,7 +174,8 @@ class EnvoyQuicClientSessionTest : public testing::TestWithParam { TestEnvoyQuicClientConnection* quic_connection_; quic::QuicConfig quic_config_; std::shared_ptr crypto_config_; - TestEnvoyQuicClientSession envoy_quic_session_; + TestQuicCryptoClientStreamFactory crypto_stream_factory_; + EnvoyQuicClientSession envoy_quic_session_; Network::MockConnectionCallbacks network_connection_callbacks_; Http::MockServerConnectionCallbacks http_connection_callbacks_; testing::StrictMock read_total_; diff --git a/test/integration/quic_http_integration_test.cc b/test/integration/quic_http_integration_test.cc index 8f6ce0c4bc69..f0f3dd0e0ae1 100644 --- a/test/integration/quic_http_integration_test.cc +++ b/test/integration/quic_http_integration_test.cc @@ -117,7 +117,8 @@ class QuicHttpIntegrationTest : public HttpIntegrationTest, public QuicMultiVers *dispatcher_, // Use smaller window than the default one to have test coverage of client codec buffer // exceeding high watermark. - /*send_buffer_limit=*/2 * Http2::Utility::OptionsLimits::MIN_INITIAL_STREAM_WINDOW_SIZE); + /*send_buffer_limit=*/2 * Http2::Utility::OptionsLimits::MIN_INITIAL_STREAM_WINDOW_SIZE, + persistent_info.crypto_stream_factory_); return session; } From 547e36b3639d1413549a964538201f2c426e5937 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Mon, 24 May 2021 21:06:38 -0400 Subject: [PATCH 07/33] add proof source factory Signed-off-by: Dan Zhang --- .../config/listener/v3/quic_config.proto | 13 ++++++- .../config/listener/v4alpha/quic_config.proto | 19 +++++++++- .../extensions/quic/v3/proof_source.proto | 17 +++++++++ bazel/envoy_library.bzl | 1 + .../config/listener/v3/quic_config.proto | 16 +++++++- .../config/listener/v4alpha/quic_config.proto | 19 +++++++++- .../extensions/quic/v3/crypto_stream.proto | 3 +- .../extensions/quic/v3/proof_source.proto | 17 +++++++++ source/common/quic/BUILD | 12 ++++++ source/common/quic/active_quic_listener.cc | 23 +++++++++--- source/common/quic/active_quic_listener.h | 9 ++++- ...nvoy_quic_proof_source_factory_interface.h | 37 +++++++++++++++++++ source/extensions/quic/BUILD | 18 +++++++++ .../envoy_quic_proof_source_factory_impl.cc | 15 ++++++++ .../envoy_quic_proof_source_factory_impl.h | 29 +++++++++++++++ test/common/quic/BUILD | 1 + test/common/quic/active_quic_listener_test.cc | 8 +++- 17 files changed, 244 insertions(+), 13 deletions(-) create mode 100644 api/envoy/extensions/quic/v3/proof_source.proto create mode 100644 generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto create mode 100644 source/common/quic/envoy_quic_proof_source_factory_interface.h create mode 100644 source/extensions/quic/envoy_quic_proof_source_factory_impl.cc create mode 100644 source/extensions/quic/envoy_quic_proof_source_factory_impl.h diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 0a6fca0786ca..cbd7957e1dae 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -26,8 +26,15 @@ message QuicCryptoStream { google.protobuf.Any typed_config = 2; } +// Configuration specific to QUIC proof source. +message QuicProofSource { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. -// [#next-free-field: 6] +// [#next-free-field: 7] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.QuicProtocolOptions"; @@ -49,4 +56,8 @@ message QuicProtocolOptions { // The crypto server stream implementation used for this listener. // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 5; + + // The proof source implementation used for this listener. + // If not specified the :ref:`defaul one` will be used. + QuicProofSource proof_source = 6; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 0b6dfa989892..72e5f61b13cf 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -19,6 +19,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] +// Configuration specific to QUIC crypto stream. message QuicCryptoStream { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicCryptoStream"; @@ -28,8 +29,18 @@ message QuicCryptoStream { google.protobuf.Any typed_config = 2; } +// Configuration specific to QUIC proof source. +message QuicProofSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.listener.v3.QuicProofSource"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. -// [#next-free-field: 6] +// [#next-free-field: 7] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicProtocolOptions"; @@ -48,5 +59,11 @@ message QuicProtocolOptions { // to enabled. core.v4alpha.RuntimeFeatureFlag enabled = 4; + // The crypto server stream implementation used for this listener. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 5; + + // The proof source implementation used for this listener. + // If not specified the :ref:`defaul one` will be used. + QuicProofSource proof_source = 6; } diff --git a/api/envoy/extensions/quic/v3/proof_source.proto b/api/envoy/extensions/quic/v3/proof_source.proto new file mode 100644 index 000000000000..64f7d33146fa --- /dev/null +++ b/api/envoy/extensions/quic/v3/proof_source.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.quic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_outer_classname = "ProofSourceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: QUIC proof source config] +// [#extension: envoy.quic.filter_chain_proof_source] + +// Configuration for the default QUIC proof source. +message ProofSourceConfig { +} diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index fd35b1cb3c8c..9ad2d96acc6f 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -88,6 +88,7 @@ EXTENSION_CATEGORIES = [ "envoy.matching.common_inputs", "envoy.matching.input_matchers", "envoy.quic.server.crypto_stream", + "envoy.quic.proof_source", "envoy.rate_limit_descriptors", "envoy.request_id", "envoy.resource_monitors", diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index a6d1a4af9bad..cbd7957e1dae 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -19,14 +19,22 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] +// Configuration specific to QUIC crypto stream. message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; google.protobuf.Any typed_config = 2; } +// Configuration specific to QUIC proof source. +message QuicProofSource { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. -// [#next-free-field: 6] +// [#next-free-field: 7] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.QuicProtocolOptions"; @@ -45,5 +53,11 @@ message QuicProtocolOptions { // to enabled. core.v3.RuntimeFeatureFlag enabled = 4; + // The crypto server stream implementation used for this listener. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 5; + + // The proof source implementation used for this listener. + // If not specified the :ref:`defaul one` will be used. + QuicProofSource proof_source = 6; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 0b6dfa989892..72e5f61b13cf 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -19,6 +19,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] +// Configuration specific to QUIC crypto stream. message QuicCryptoStream { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicCryptoStream"; @@ -28,8 +29,18 @@ message QuicCryptoStream { google.protobuf.Any typed_config = 2; } +// Configuration specific to QUIC proof source. +message QuicProofSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.listener.v3.QuicProofSource"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + google.protobuf.Any typed_config = 2; +} + // Configuration specific to the UDP QUIC listener. -// [#next-free-field: 6] +// [#next-free-field: 7] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.QuicProtocolOptions"; @@ -48,5 +59,11 @@ message QuicProtocolOptions { // to enabled. core.v4alpha.RuntimeFeatureFlag enabled = 4; + // The crypto server stream implementation used for this listener. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 5; + + // The proof source implementation used for this listener. + // If not specified the :ref:`defaul one` will be used. + QuicProofSource proof_source = 6; } diff --git a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto index 1dd9cd76e701..e4c378f4781e 100644 --- a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto +++ b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto @@ -10,7 +10,8 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] +// [#extension: quic.quiche_crypto_server_stream] -// Configuration specific to the QUIC server crypto stream. +// Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { } diff --git a/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto b/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto new file mode 100644 index 000000000000..64f7d33146fa --- /dev/null +++ b/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.quic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_outer_classname = "ProofSourceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: QUIC proof source config] +// [#extension: envoy.quic.filter_chain_proof_source] + +// Configuration for the default QUIC proof source. +message ProofSourceConfig { +} diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 7e4a6d8095bd..3b683dc06a49 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -346,6 +346,7 @@ envoy_cc_library( ":envoy_quic_packet_writer_lib", ":envoy_quic_proof_source_lib", ":envoy_quic_utils_lib", + ":envoy_quic_proof_source_factory_interface", "//include/envoy/network:listener_interface", "//source/common/network:listener_lib", "//source/common/protobuf:utility_lib", @@ -411,6 +412,7 @@ envoy_cc_library( ":codec_lib", ":quic_transport_socket_factory_lib", "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", + "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", ], }), ) @@ -464,3 +466,13 @@ envoy_cc_library( "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", ], ) + +envoy_cc_library( + name = "envoy_quic_proof_source_factory_interface", + hdrs = ["envoy_quic_proof_source_factory_interface.h"], + deps = [ + "//source/server:connection_handler_lib", + "//include/envoy/config:typed_config_interface", + "@com_googlesource_quiche//:quic_core_crypto_proof_source_lib", + ], +) diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index 975e22cedbf9..5605958e1a5b 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -20,6 +20,7 @@ #include "common/config/utility.h" #include "common/runtime/runtime_features.h" #include "envoy/extensions/quic/v3/crypto_stream.pb.h" +#include "envoy/extensions/quic/v3/proof_source.pb.h" namespace Envoy { namespace Quic { @@ -29,11 +30,11 @@ ActiveQuicListener::ActiveQuicListener( Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) : ActiveQuicListener(worker_index, concurrency, dispatcher, parent, listener_config.listenSocketFactory().getListenSocket(), listener_config, quic_config, std::move(options), kernel_worker_routing, enabled, - crypto_server_stream_factory) {} + crypto_server_stream_factory, proof_source_factory) {} ActiveQuicListener::ActiveQuicListener( uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, @@ -41,7 +42,7 @@ ActiveQuicListener::ActiveQuicListener( Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) : Server::ActiveUdpListenerBase( worker_index, concurrency, parent, *listen_socket, dispatcher.createUdpListener( @@ -77,7 +78,7 @@ ActiveQuicListener::ActiveQuicListener( crypto_config_ = std::make_unique( absl::string_view(reinterpret_cast(random_seed_), sizeof(random_seed_)), quic::QuicRandom::GetInstance(), - std::make_unique(listen_socket_, listener_config.filterChainManager(), + proof_source_factory.createQuicProofSource(listen_socket_, listener_config.filterChainManager(), stats_), quic::KeyExchangeSource::Default()); auto connection_helper = std::make_unique(dispatcher_); @@ -241,6 +242,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( quic_config_.SetMaxUnidirectionalStreamsToSend(max_streams); configQuicInitialFlowControlWindow(config.quic_protocol_options(), quic_config_); + // Initialize crypto stream factory. envoy::config::listener::v3::QuicCryptoStream crypto_stream; if (!config.has_crypto_stream()) { // If not specified, use the quic crypto stream created by QUICHE. @@ -252,6 +254,17 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( } crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory(crypto_stream); + + // Initialize proof source factory. + envoy::config::listener::v3::QuicProofSource proof_source; + if (!config.has_proof_source()) { + proof_source.set_name("envoy.quic.filter_chain_proof_source"); +envoy::extensions::quic::v3::ProofSourceConfig proof_source_config; +proof_source.mutable_typed_config()->PackFrom(proof_source_config); + } else { + proof_source = config.proof_source(); + } + proof_source_factory_ = Config::Utility::getAndCheckFactory(proof_source); } Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::createActiveUdpListener( @@ -321,7 +334,7 @@ Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::crea ASSERT(crypto_server_stream_factory_.has_value()); return std::make_unique( worker_index, concurrency_, disptacher, parent, config, quic_config_, std::move(options), - kernel_worker_routing, enabled_, crypto_server_stream_factory_.value()); + kernel_worker_routing, enabled_, crypto_server_stream_factory_.value(), proof_source_factory_.value()); } } // namespace Quic diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index b34d91a0af75..33417737df0b 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -10,6 +10,7 @@ #include "common/protobuf/utility.h" #include "common/quic/envoy_quic_dispatcher.h" +#include "common/quic/envoy_quic_proof_source_factory_interface.h" #include "common/runtime/runtime_protos.h" #include "server/active_udp_listener.h" @@ -31,14 +32,16 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, + EnvoyQuicProofSourceFactoryInterface& proof_source_factory); ActiveQuicListener(uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, Network::UdpConnectionHandler& parent, Network::SocketSharedPtr listen_socket, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, + EnvoyQuicProofSourceFactoryInterface& proof_source_factory); ~ActiveQuicListener() override; @@ -100,6 +103,8 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, std::optional> crypto_server_stream_factory_; + std::optional> + proof_source_factory_; quic::QuicConfig quic_config_; const uint32_t concurrency_; absl::once_flag install_bpf_once_; diff --git a/source/common/quic/envoy_quic_proof_source_factory_interface.h b/source/common/quic/envoy_quic_proof_source_factory_interface.h new file mode 100644 index 000000000000..fa757b2b5995 --- /dev/null +++ b/source/common/quic/envoy_quic_proof_source_factory_interface.h @@ -0,0 +1,37 @@ +#pragma once + +#include "envoy/config/typed_config.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" +#pragma GCC diagnostic ignored "-Winvalid-offsetof" +#endif + +#include "quiche/quic/core/crypto/proof_source.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + +#include "envoy/network/socket.h" +#include "envoy/network/filter.h" +#include "server/active_listener_base.h" + +namespace Envoy { +namespace Quic { + +// A factory interface to provide quic::ProofSource. +class EnvoyQuicProofSourceFactoryInterface : public Config::TypedFactory { +public: + virtual ~EnvoyQuicProofSourceFactoryInterface() = default; + + std::string category() const override { return "envoy.quic.proof_source";} + + virtual std::unique_ptr createQuicProofSource(Network::Socket& listen_socket, + Network::FilterChainManager& filter_chain_manager, + Server::ListenerStats& listener_stats) PURE; +}; + +} // namespace Quic +} // namespace Envoy diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index eef72924e2c8..0ba9176a112f 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -41,3 +41,21 @@ envoy_cc_library( "//source/common/quic:envoy_quic_crypto_stream_factory_lib", ], ) + +envoy_cc_extension( + name = "envoy_quic_proof_source_factory_impl_lib", + srcs = ["envoy_quic_proof_source_factory_impl.cc"], + hdrs = ["envoy_quic_proof_source_factory_impl.h"], + category = "envoy.quic.proof_source", + extra_visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + security_posture = "unknown", + tags = ["nofips"], + deps = [ + "//source/common/quic:envoy_quic_proof_source_factory_interface", + "//source/common/quic:envoy_quic_proof_source_lib", + "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", + ], +) diff --git a/source/extensions/quic/envoy_quic_proof_source_factory_impl.cc b/source/extensions/quic/envoy_quic_proof_source_factory_impl.cc new file mode 100644 index 000000000000..fcaeda024150 --- /dev/null +++ b/source/extensions/quic/envoy_quic_proof_source_factory_impl.cc @@ -0,0 +1,15 @@ +#include "extensions/quic/envoy_quic_proof_source_factory_impl.h" + +namespace Envoy { +namespace Quic { + +std::unique_ptr EnvoyQuicProofSourceFactoryImpl::createQuicProofSource(Network::Socket& listen_socket, + Network::FilterChainManager& filter_chain_manager, + Server::ListenerStats& listener_stats) { + return std::make_unique(listen_socket, filter_chain_manager, listener_stats); +} + +REGISTER_FACTORY(EnvoyQuicProofSourceFactoryImpl, EnvoyQuicProofSourceFactoryInterface); + +} // namespace Quic +} // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_proof_source_factory_impl.h b/source/extensions/quic/envoy_quic_proof_source_factory_impl.h new file mode 100644 index 000000000000..443f579d13fd --- /dev/null +++ b/source/extensions/quic/envoy_quic_proof_source_factory_impl.h @@ -0,0 +1,29 @@ +#include "common/quic/envoy_quic_proof_source_factory_interface.h" + +#include "common/quic/envoy_quic_proof_source.h" +#include "envoy/registry/registry.h" + +#include "envoy/extensions/quic/v3/proof_source.pb.h" + +namespace Envoy { +namespace Quic { + +// Provides a ProofSource implementation which gets certs from filter chain. +class EnvoyQuicProofSourceFactoryImpl : public EnvoyQuicProofSourceFactoryInterface { +public: + + ProtobufTypes::MessagePtr createEmptyConfigProto() override { + return std::make_unique(); + } + + std::string name() const override { return "envoy.quic.filter_chain_proof_source";} + + std::unique_ptr createQuicProofSource(Network::Socket& listen_socket, + Network::FilterChainManager& filter_chain_manager, + Server::ListenerStats& listener_stats) override; +}; + +DECLARE_FACTORY(EnvoyQuicProofSourceFactoryImpl); + +} // namespace Quic +} // namespace Envoy diff --git a/test/common/quic/BUILD b/test/common/quic/BUILD index 3372f60aeaf9..2877e52b82ec 100644 --- a/test/common/quic/BUILD +++ b/test/common/quic/BUILD @@ -186,6 +186,7 @@ envoy_cc_test( "//source/common/quic:envoy_quic_utils_lib", "//source/common/quic:udp_gso_batch_writer_lib", "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", + "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", "//source/server:configuration_lib", "//test/mocks/network:network_mocks", "//test/mocks/server:instance_mocks", diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index 5165aff21a6a..23be7e86cafd 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -44,6 +44,7 @@ #include "common/quic/envoy_quic_utils.h" #include "common/quic/udp_gso_batch_writer.h" #include "extensions/quic/envoy_quic_crypto_server_stream.h" +#include "extensions/quic/envoy_quic_proof_source_factory_impl.h" using testing::Return; using testing::ReturnRef; @@ -272,6 +273,10 @@ class ActiveQuicListenerTest : public QuicMultiVersionTest { name: "envoy.quic.quiche_crypto_server_stream" typed_config: "@type": type.googleapis.com/envoy.extensions.quic.v3.CryptoServerStreamConfig + proof_source: + name: "envoy.quic.filter_chain_proof_source" + typed_config: + "@type": type.googleapis.com/envoy.extensions.quic.v3.ProofSourceConfig )EOF", connection_window_size_, stream_window_size_); } @@ -329,12 +334,13 @@ TEST_P(ActiveQuicListenerTest, FailSocketOptionUponCreation) { options->emplace_back(std::move(option)); quic_listener_.reset(); RealEnvoyQuicCryptoServerStreamFactory crypto_stream_factory; + EnvoyQuicProofSourceFactoryImpl proof_source_factory; EXPECT_THROW_WITH_REGEX((void)std::make_unique( 0, 1, *dispatcher_, connection_handler_, listen_socket_, listener_config_, quic_config_, options, false, ActiveQuicListenerFactoryPeer::runtimeEnabled( static_cast(listener_factory_.get())), - crypto_stream_factory), + crypto_stream_factory, proof_source_factory), Network::CreateListenerException, "Failed to apply socket options."); } From cef927cd5e602e921d3d5c60e4f44ac76a1ab205 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 25 May 2021 10:42:38 -0400 Subject: [PATCH 08/33] rename some classes Signed-off-by: Dan Zhang --- source/common/quic/active_quic_listener.cc | 6 +- source/common/quic/active_quic_listener.h | 8 +- .../quic/client_connection_factory_impl.h | 2 +- .../common/quic/envoy_quic_client_session.cc | 2 +- .../common/quic/envoy_quic_client_session.h | 4 +- .../quic/envoy_quic_crypto_stream_factory.h | 6 +- source/common/quic/envoy_quic_dispatcher.cc | 2 +- source/common/quic/envoy_quic_dispatcher.h | 4 +- .../common/quic/envoy_quic_server_session.cc | 2 +- .../common/quic/envoy_quic_server_session.h | 4 +- .../quic/envoy_quic_crypto_client_stream.cc | 2 +- .../quic/envoy_quic_crypto_client_stream.h | 2 +- .../quic/envoy_quic_crypto_server_stream.cc | 4 +- .../quic/envoy_quic_crypto_server_stream.h | 4 +- test/common/quic/active_quic_listener_test.cc | 2 +- .../quic/envoy_quic_client_session_test.cc | 2 +- .../common/quic/envoy_quic_dispatcher_test.cc | 2 +- .../quic/envoy_quic_server_session_test.cc | 4 +- test/extensions/quic/BUILD | 28 ------ ..._quic_no_handshake_crypto_server_stream.cc | 96 ------------------- ...y_quic_no_handshake_crypto_server_stream.h | 68 ------------- 21 files changed, 31 insertions(+), 223 deletions(-) delete mode 100644 test/extensions/quic/BUILD delete mode 100644 test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc delete mode 100644 test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index 5605958e1a5b..970ead57ab93 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -30,7 +30,7 @@ ActiveQuicListener::ActiveQuicListener( Network::UdpConnectionHandler& parent, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) : ActiveQuicListener(worker_index, concurrency, dispatcher, parent, listener_config.listenSocketFactory().getListenSocket(), listener_config, quic_config, std::move(options), kernel_worker_routing, enabled, @@ -42,7 +42,7 @@ ActiveQuicListener::ActiveQuicListener( Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory) : Server::ActiveUdpListenerBase( worker_index, concurrency, parent, *listen_socket, dispatcher.createUdpListener( @@ -253,7 +253,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( crypto_stream = config.crypto_stream(); } crypto_server_stream_factory_ = - Config::Utility::getAndCheckFactory(crypto_stream); + Config::Utility::getAndCheckFactory(crypto_stream); // Initialize proof source factory. envoy::config::listener::v3::QuicProofSource proof_source; diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index 33417737df0b..8aa832e9eaef 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -32,7 +32,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory); ActiveQuicListener(uint32_t worker_index, uint32_t concurrency, Event::Dispatcher& dispatcher, @@ -40,7 +40,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config, Network::Socket::OptionsSharedPtr options, bool kernel_worker_routing, const envoy::config::core::v3::RuntimeFeatureFlag& enabled, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory, + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory, EnvoyQuicProofSourceFactoryInterface& proof_source_factory); ~ActiveQuicListener() override; @@ -80,7 +80,7 @@ class ActiveQuicListener : public Envoy::Server::ActiveUdpListenerBase, // The number of runs of the event loop in which at least one CHLO was buffered. // TODO(ggreenway): Consider making this a published stat, or some variation of this information. uint64_t event_loops_with_buffered_chlo_for_test_{0}; - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory_; }; using ActiveQuicListenerPtr = std::unique_ptr; @@ -101,7 +101,7 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, private: friend class ActiveQuicListenerFactoryPeer; - std::optional> + std::optional> crypto_server_stream_factory_; std::optional> proof_source_factory_; diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index 029925fc0c09..cfa0d32c54c4 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -44,7 +44,7 @@ struct PersistentQuicInfoImpl : public Http::PersistentQuicInfo { // TODO(alyssawilk) actually set this up properly. quic::QuicConfig quic_config_; // Hard code with real crypto stream for now. - RealEnvoyQuicCryptoClientStreamFactory crypto_stream_factory_; + EnvoyQuicCryptoClientStreamFactoryImpl crypto_stream_factory_; }; std::unique_ptr diff --git a/source/common/quic/envoy_quic_client_session.cc b/source/common/quic/envoy_quic_client_session.cc index 1a065fd92d18..e8c62fa4943a 100644 --- a/source/common/quic/envoy_quic_client_session.cc +++ b/source/common/quic/envoy_quic_client_session.cc @@ -10,7 +10,7 @@ EnvoyQuicClientSession::EnvoyQuicClientSession( std::unique_ptr connection, const quic::QuicServerId& server_id, std::shared_ptr crypto_config, quic::QuicClientPushPromiseIndex* push_promise_index, Event::Dispatcher& dispatcher, - uint32_t send_buffer_limit, EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory) + uint32_t send_buffer_limit, EnvoyQuicCryptoClientStreamFactoryInterface& crypto_stream_factory) : QuicFilterManagerConnectionImpl(*connection, connection->connection_id(), dispatcher, send_buffer_limit), quic::QuicSpdyClientSession(config, supported_versions, connection.release(), server_id, diff --git a/source/common/quic/envoy_quic_client_session.h b/source/common/quic/envoy_quic_client_session.h index aff5f1d03599..3deb2d888874 100644 --- a/source/common/quic/envoy_quic_client_session.h +++ b/source/common/quic/envoy_quic_client_session.h @@ -37,7 +37,7 @@ class EnvoyQuicClientSession : public QuicFilterManagerConnectionImpl, std::shared_ptr crypto_config, quic::QuicClientPushPromiseIndex* push_promise_index, Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, - EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory); + EnvoyQuicCryptoClientStreamFactoryInterface& crypto_stream_factory); ~EnvoyQuicClientSession() override; @@ -94,7 +94,7 @@ class EnvoyQuicClientSession : public QuicFilterManagerConnectionImpl, Http::ConnectionCallbacks* http_connection_callbacks_{nullptr}; const absl::string_view host_name_; std::shared_ptr crypto_config_; - EnvoyQuicCryptoClientStreamFactory& crypto_stream_factory_; + EnvoyQuicCryptoClientStreamFactoryInterface& crypto_stream_factory_; }; } // namespace Quic diff --git a/source/common/quic/envoy_quic_crypto_stream_factory.h b/source/common/quic/envoy_quic_crypto_stream_factory.h index 9fd1040c8bf8..fc534526c159 100644 --- a/source/common/quic/envoy_quic_crypto_stream_factory.h +++ b/source/common/quic/envoy_quic_crypto_stream_factory.h @@ -21,7 +21,7 @@ namespace Envoy { namespace Quic { -class EnvoyQuicCryptoServerStreamFactory : public Config::TypedFactory { +class EnvoyQuicCryptoServerStreamFactoryInterface : public Config::TypedFactory { public: std::string category() const override { return "envoy.quic.server.crypto_stream"; } @@ -33,9 +33,9 @@ class EnvoyQuicCryptoServerStreamFactory : public Config::TypedFactory { quic::QuicCryptoServerStreamBase::Helper* helper) PURE; }; -class EnvoyQuicCryptoClientStreamFactory { +class EnvoyQuicCryptoClientStreamFactoryInterface { public: - virtual ~EnvoyQuicCryptoClientStreamFactory() {} + virtual ~EnvoyQuicCryptoClientStreamFactoryInterface() {} // Return an Envoy specific quic crypto client stream object. virtual std::unique_ptr diff --git a/source/common/quic/envoy_quic_dispatcher.cc b/source/common/quic/envoy_quic_dispatcher.cc index 80bd0c6d26ea..543441e39588 100644 --- a/source/common/quic/envoy_quic_dispatcher.cc +++ b/source/common/quic/envoy_quic_dispatcher.cc @@ -20,7 +20,7 @@ EnvoyQuicDispatcher::EnvoyQuicDispatcher( Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats, Server::PerHandlerListenerStats& per_worker_stats, Event::Dispatcher& dispatcher, Network::Socket& listen_socket, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory) : quic::QuicDispatcher(&quic_config, crypto_config, version_manager, std::move(helper), std::make_unique(), std::move(alarm_factory), expected_server_connection_id_length), diff --git a/source/common/quic/envoy_quic_dispatcher.h b/source/common/quic/envoy_quic_dispatcher.h index af39a2d3f779..f44ce34a48aa 100644 --- a/source/common/quic/envoy_quic_dispatcher.h +++ b/source/common/quic/envoy_quic_dispatcher.h @@ -55,7 +55,7 @@ class EnvoyQuicDispatcher : public quic::QuicDispatcher { Server::ListenerStats& listener_stats, Server::PerHandlerListenerStats& per_worker_stats, Event::Dispatcher& dispatcher, Network::Socket& listen_socket, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory); void OnConnectionClosed(quic::QuicConnectionId connection_id, quic::QuicErrorCode error, const std::string& error_details, @@ -83,7 +83,7 @@ class EnvoyQuicDispatcher : public quic::QuicDispatcher { Server::PerHandlerListenerStats& per_worker_stats_; Event::Dispatcher& dispatcher_; Network::Socket& listen_socket_; - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory_; }; } // namespace Quic diff --git a/source/common/quic/envoy_quic_server_session.cc b/source/common/quic/envoy_quic_server_session.cc index 66afd96ae595..e2b3524a66a9 100644 --- a/source/common/quic/envoy_quic_server_session.cc +++ b/source/common/quic/envoy_quic_server_session.cc @@ -14,7 +14,7 @@ EnvoyQuicServerSession::EnvoyQuicServerSession( std::unique_ptr connection, quic::QuicSession::Visitor* visitor, quic::QuicCryptoServerStream::Helper* helper, const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, Event::Dispatcher& dispatcher, - uint32_t send_buffer_limit, EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory) + uint32_t send_buffer_limit, EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory) : quic::QuicServerSessionBase(config, supported_versions, connection.get(), visitor, helper, crypto_config, compressed_certs_cache), QuicFilterManagerConnectionImpl(*connection, connection->connection_id(), dispatcher, diff --git a/source/common/quic/envoy_quic_server_session.h b/source/common/quic/envoy_quic_server_session.h index 2ce3aa604eb4..c5bdac7b504c 100644 --- a/source/common/quic/envoy_quic_server_session.h +++ b/source/common/quic/envoy_quic_server_session.h @@ -43,7 +43,7 @@ class EnvoyQuicServerSession : public quic::QuicServerSessionBase, const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, Event::Dispatcher& dispatcher, uint32_t send_buffer_limit, - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory); + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory); ~EnvoyQuicServerSession() override; @@ -108,7 +108,7 @@ class EnvoyQuicServerSession : public quic::QuicServerSessionBase, envoy::config::core::v3::HttpProtocolOptions::HeadersWithUnderscoresAction headers_with_underscores_action_; - EnvoyQuicCryptoServerStreamFactory& crypto_server_stream_factory_; + EnvoyQuicCryptoServerStreamFactoryInterface& crypto_server_stream_factory_; }; } // namespace Quic diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.cc b/source/extensions/quic/envoy_quic_crypto_client_stream.cc index e74750969710..0f46df6646bd 100644 --- a/source/extensions/quic/envoy_quic_crypto_client_stream.cc +++ b/source/extensions/quic/envoy_quic_crypto_client_stream.cc @@ -4,7 +4,7 @@ namespace Envoy { namespace Quic { std::unique_ptr -RealEnvoyQuicCryptoClientStreamFactory::createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, +EnvoyQuicCryptoClientStreamFactoryImpl::createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, quic::QuicSession* session, std::unique_ptr verify_context, quic::QuicCryptoClientConfig* crypto_config, diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.h b/source/extensions/quic/envoy_quic_crypto_client_stream.h index dc6c25a5f2e3..179695e426b5 100644 --- a/source/extensions/quic/envoy_quic_crypto_client_stream.h +++ b/source/extensions/quic/envoy_quic_crypto_client_stream.h @@ -5,7 +5,7 @@ namespace Envoy { namespace Quic { -class RealEnvoyQuicCryptoClientStreamFactory : public EnvoyQuicCryptoClientStreamFactory { +class EnvoyQuicCryptoClientStreamFactoryImpl : public EnvoyQuicCryptoClientStreamFactoryInterface { public: std::unique_ptr createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.cc b/source/extensions/quic/envoy_quic_crypto_server_stream.cc index fce77292480e..e8617f18cb3a 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.cc +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.cc @@ -4,14 +4,14 @@ namespace Envoy { namespace Quic { std::unique_ptr -RealEnvoyQuicCryptoServerStreamFactory::createEnvoyQuicCryptoServerStream( +EnvoyQuicCryptoServerStreamFactoryImpl::createEnvoyQuicCryptoServerStream( const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, quic::QuicSession* session, quic::QuicCryptoServerStreamBase::Helper* helper) { return quic::CreateCryptoServerStream(crypto_config, compressed_certs_cache, session, helper); } -REGISTER_FACTORY(RealEnvoyQuicCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); +REGISTER_FACTORY(EnvoyQuicCryptoServerStreamFactoryImpl, EnvoyQuicCryptoServerStreamFactoryInterface); } // namespace Quic } // namespace Envoy diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/envoy_quic_crypto_server_stream.h index 4654f0af84b1..74be8f7a880c 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.h @@ -8,7 +8,7 @@ namespace Envoy { namespace Quic { -class RealEnvoyQuicCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { +class EnvoyQuicCryptoServerStreamFactoryImpl : public EnvoyQuicCryptoServerStreamFactoryInterface { public: ProtobufTypes::MessagePtr createEmptyConfigProto() override { return std::make_unique(); @@ -21,7 +21,7 @@ class RealEnvoyQuicCryptoServerStreamFactory : public EnvoyQuicCryptoServerStrea quic::QuicCryptoServerStreamBase::Helper* helper) override; }; -DECLARE_FACTORY(RealEnvoyQuicCryptoServerStreamFactory); +DECLARE_FACTORY(EnvoyQuicCryptoServerStreamFactoryImpl); } // namespace Quic } // namespace Envoy diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index 23be7e86cafd..0e0abd92e7c6 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -333,7 +333,7 @@ TEST_P(ActiveQuicListenerTest, FailSocketOptionUponCreation) { auto options = std::make_shared>(); options->emplace_back(std::move(option)); quic_listener_.reset(); - RealEnvoyQuicCryptoServerStreamFactory crypto_stream_factory; + EnvoyQuicCryptoServerStreamFactoryImpl crypto_stream_factory; EnvoyQuicProofSourceFactoryImpl proof_source_factory; EXPECT_THROW_WITH_REGEX((void)std::make_unique( 0, 1, *dispatcher_, connection_handler_, listen_socket_, diff --git a/test/common/quic/envoy_quic_client_session_test.cc b/test/common/quic/envoy_quic_client_session_test.cc index ac75f3b791dc..9cb94ae853c8 100644 --- a/test/common/quic/envoy_quic_client_session_test.cc +++ b/test/common/quic/envoy_quic_client_session_test.cc @@ -77,7 +77,7 @@ class TestQuicCryptoClientStream : public quic::QuicCryptoClientStream { bool encryption_established() const override { return true; } }; -class TestQuicCryptoClientStreamFactory : public EnvoyQuicCryptoClientStreamFactory { +class TestQuicCryptoClientStreamFactory : public EnvoyQuicCryptoClientStreamFactoryInterface { public: std::unique_ptr createEnvoyQuicCryptoClientStream(const quic::QuicServerId& server_id, quic::QuicSession* session, diff --git a/test/common/quic/envoy_quic_dispatcher_test.cc b/test/common/quic/envoy_quic_dispatcher_test.cc index 1ebeb628ce3e..414e7854df90 100644 --- a/test/common/quic/envoy_quic_dispatcher_test.cc +++ b/test/common/quic/envoy_quic_dispatcher_test.cc @@ -255,7 +255,7 @@ class EnvoyQuicDispatcherTest : public QuicMultiVersionTest, Server::ListenerStats listener_stats_; Server::PerHandlerListenerStats per_worker_stats_; Server::ConnectionHandlerImpl connection_handler_; - RealEnvoyQuicCryptoServerStreamFactory crypto_stream_factory_; + EnvoyQuicCryptoServerStreamFactoryImpl crypto_stream_factory_; EnvoyQuicDispatcher envoy_quic_dispatcher_; const quic::QuicConnectionId connection_id_; }; diff --git a/test/common/quic/envoy_quic_server_session_test.cc b/test/common/quic/envoy_quic_server_session_test.cc index 44e68dce0e85..f6ae5031d7b4 100644 --- a/test/common/quic/envoy_quic_server_session_test.cc +++ b/test/common/quic/envoy_quic_server_session_test.cc @@ -122,9 +122,9 @@ class TestEnvoyQuicTlsServerHandshaker : public quic::TlsServerHandshaker, quic::QuicReferenceCountedPointer params_; }; -class EnvoyQuicTestCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { +class EnvoyQuicTestCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactoryInterface { public: - EnvoyQuicTestCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactory() {} + EnvoyQuicTestCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactoryInterface() {} ProtobufTypes::MessagePtr createEmptyConfigProto() override { return nullptr; } std::string name() const override { return "quic.test_crypto_server_stream"; } diff --git a/test/extensions/quic/BUILD b/test/extensions/quic/BUILD deleted file mode 100644 index dbf4fd0b6a80..000000000000 --- a/test/extensions/quic/BUILD +++ /dev/null @@ -1,28 +0,0 @@ -load( - "//bazel:envoy_build_system.bzl", - "envoy_cc_extension", - "envoy_extension_package", - "envoy_package", -) - -licenses(["notice"]) # Apache 2 - -envoy_package() - -# Test-only extensions of various QUIC objects. - -envoy_extension_package() - -envoy_cc_extension( - name = "envoy_quic_no_handshake_crypto_server_stream_lib", - srcs = ["envoy_quic_no_handshake_crypto_server_stream.cc"], - hdrs = ["envoy_quic_no_handshake_crypto_server_stream.h"], - category = "envoy.quic.server.crypto_stream", - security_posture = "unknown", - tags = ["nofips"], - deps = [ - "//source/common/quic:envoy_quic_crypto_stream_factory_lib", - "@com_googlesource_quiche//:quic_core_crypto_encryption_lib", - "@com_googlesource_quiche//:quic_core_session_lib", - ], -) diff --git a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc deleted file mode 100644 index 8ce267ad4df3..000000000000 --- a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.cc +++ /dev/null @@ -1,96 +0,0 @@ -#include "test/common/quic/envoy_quic_no_handshake_crypto_server_stream.h" - -#if defined(__GNUC__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-parameter" -#pragma GCC diagnostic ignored "-Winvalid-offsetof" -#endif - -#include "quiche/quic/core/crypto/null_encrypter.h" -#include "quiche/quic/core/crypto/null_decrypter.h" - -#if defined(__GNUC__) -#pragma GCC diagnostic pop -#endif - -namespace Envoy { -namespace Quic { - -std::unique_ptr -EnvoyQuicNoHandshakeCryptoServerStreamFactory::createEnvoyQuicCryptoServerStream( - const quic::QuicCryptoServerConfig* crypto_config, - quic::QuicCompressedCertsCache* compressed_certs_cache, quic::QuicSession* session, - quic::QuicCryptoServerStreamBase::Helper* helper) { - switch (session->connection()->version().handshake_protocol) { - case quic::PROTOCOL_QUIC_CRYPTO: - return std::make_unique( - crypto_config, compressed_certs_cache, session, helper); - case quic::PROTOCOL_TLS1_3: - return std::make_unique(session, crypto_config); - case quic::PROTOCOL_UNSUPPORTED: - ASSERT(false, "Unknown handshake protocol"); - return nullptr; - } -} - -REGISTER_FACTORY(EnvoyQuicNoHandshakeCryptoServerStreamFactory, EnvoyQuicCryptoServerStreamFactory); - -void EnvoyQuicNoHandshakeCryptoServerStream::OnHandshakeMessage( - const quic::CryptoHandshakeMessage& message) { - quic::QuicConfig* config = session()->config(); - // Skip handshake. - OverrideQuicConfigDefaults(config); - - std::string process_error_details; - const quic::QuicErrorCode process_error = - config->ProcessPeerHello(message, quic::CLIENT, &process_error_details); - if (process_error != quic::QUIC_NO_ERROR) { - session()->connection()->CloseConnection( - process_error, process_error_details, - quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); - return; - } - ASSERT(config->negotiated()); - - session()->OnConfigNegotiated(); - - // Use NullEncrypter/Decrypter to make it possible to mutate payload while - // fuzzing. - session()->connection()->SetEncrypter( - quic::ENCRYPTION_FORWARD_SECURE, - std::make_unique(quic::Perspective::IS_SERVER)); - if (session()->connection()->version().KnowsWhichDecrypterToUse()) { - session()->connection()->InstallDecrypter( - quic::ENCRYPTION_FORWARD_SECURE, - std::make_unique(quic::Perspective::IS_SERVER)); - session()->connection()->RemoveDecrypter(quic::ENCRYPTION_INITIAL); - } else { - session()->connection()->SetDecrypter( - quic::ENCRYPTION_FORWARD_SECURE, - std::make_unique(quic::Perspective::IS_SERVER)); - } - set_encryption_established(true); - set_one_rtt_keys_available(true); - session()->SetDefaultEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - session()->DiscardOldEncryptionKey(quic::ENCRYPTION_INITIAL); - session()->connection()->OnDecryptedPacket(0, quic::ENCRYPTION_FORWARD_SECURE); -} - -void EnvoyQuicNoHandshakeTlsServerStream::SetWriteSecret(quic::EncryptionLevel level, - const SSL_CIPHER* cipher, - const std::vector& write_secret) { - quic::TlsServerHandshaker::SetWriteSecret(level, cipher, write_secret); - session()->connection()->SetEncrypter( - level, std::make_unique(quic::Perspective::IS_SERVER)); -} - -bool EnvoyQuicNoHandshakeTlsServerStream::SetReadSecret( - quic::EncryptionLevel level, const SSL_CIPHER* /*cipher*/, - const std::vector& /*read_secret*/) { - session()->connection()->InstallDecrypter( - level, std::make_unique(quic::Perspective::IS_SERVER)); - return true; -} - -} // namespace Quic -} // namespace Envoy diff --git a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h b/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h deleted file mode 100644 index 41755dde350f..000000000000 --- a/test/extensions/quic/envoy_quic_no_handshake_crypto_server_stream.h +++ /dev/null @@ -1,68 +0,0 @@ -#pragma once - -#include "envoy/registry/registry.h" - -#include "common/quic/envoy_quic_crypto_stream_factory.h" - -#if defined(__GNUC__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-parameter" -#pragma GCC diagnostic ignored "-Winvalid-offsetof" -#endif - -#include "quiche/quic/core/quic_crypto_server_stream.h" -#include "quiche/quic/core/tls_server_handshaker.h" - -#if defined(__GNUC__) -#pragma GCC diagnostic pop -#endif - -namespace Envoy { -namespace Quic { - -class EnvoyQuicNoHandshakeCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactory { -public: - EnvoyQuicNoHandshakeCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactory() {} - - ProtobufTypes::MessagePtr createEmptyConfigProto() override { return nullptr; } - std::string name() const override { return "quic.no_handshake_crypto_server_stream"; } - - std::unique_ptr - createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, - quic::QuicCompressedCertsCache* compressed_certs_cache, - quic::QuicSession* session, - quic::QuicCryptoServerStreamBase::Helper* helper) override; -}; - -DECLARE_FACTORY(EnvoyQuicNoHandshakeCryptoServerStreamFactory); - -// A Google quic crypto stream which bypasses handshakes. -class EnvoyQuicNoHandshakeCryptoServerStream : public quic::QuicCryptoServerStream { -public: - EnvoyQuicNoHandshakeCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, - quic::QuicCompressedCertsCache* compressed_certs_cache, - quic::QuicSession* session, - quic::QuicCryptoServerStreamBase::Helper* helper) - : quic::QuicCryptoServerStream(crypto_config, compressed_certs_cache, session, helper) {} - - void OnHandshakeMessage(const quic::CryptoHandshakeMessage& message) override; -}; - -// A TLS quic crypto stream which bypasses handshakes. -class EnvoyQuicNoHandshakeTlsServerStream : public quic::TlsServerHandshaker { -public: - EnvoyQuicNoHandshakeTlsServerStream(quic::QuicSession* session, - const quic::QuicCryptoServerConfig* crypto_config) - : quic::TlsServerHandshaker(session, crypto_config) {} - - void ProcessAdditionalTransportParameters(const quic::TransportParameters& params) override; - -private: - void SetWriteSecret(quic::EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector& write_secret) override; - bool SetReadSecret(quic::EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector& read_secret) override; -}; - -} // namespace Quic -} // namespace Envoy From 150befda8218f1a51a311f6211d565d26b861128 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 25 May 2021 15:22:39 -0400 Subject: [PATCH 09/33] use absl::optional Signed-off-by: Dan Zhang --- source/common/quic/active_quic_listener.h | 7 +++---- source/extensions/extensions_build_config.bzl | 7 +++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/source/common/quic/active_quic_listener.h b/source/common/quic/active_quic_listener.h index 560a90c2b9c8..d3680faf8321 100644 --- a/source/common/quic/active_quic_listener.h +++ b/source/common/quic/active_quic_listener.h @@ -1,7 +1,5 @@ #pragma once -#include - #include "envoy/config/listener/v3/quic_config.pb.h" #include "envoy/network/connection_handler.h" #include "envoy/network/listener.h" @@ -105,9 +103,10 @@ class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory, private: friend class ActiveQuicListenerFactoryPeer; - std::optional> + absl::optional> crypto_server_stream_factory_; - std::optional> proof_source_factory_; + absl::optional> + proof_source_factory_; quic::QuicConfig quic_config_; const uint32_t concurrency_; absl::once_flag install_bpf_once_; diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index d64a97928582..dd36e7076324 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -279,6 +279,13 @@ EXTENSIONS = { "envoy.http.original_ip_detection.custom_header": "//source/extensions/http/original_ip_detection/custom_header:config", "envoy.http.original_ip_detection.xff": "//source/extensions/http/original_ip_detection/xff:config", + # + # Quic listener + # + + "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", + "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", + } # These can be changed to ["//visibility:public"], for downstream builds which From 083daeef9e64e45de2ca53827ca80958d3472c9b Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 11:19:58 -0400 Subject: [PATCH 10/33] modify docs Signed-off-by: Dan Zhang --- docs/root/api-v3/config/config.rst | 1 + docs/root/api-v3/config/quic/quic_extensions.rst | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 docs/root/api-v3/config/quic/quic_extensions.rst diff --git a/docs/root/api-v3/config/config.rst b/docs/root/api-v3/config/config.rst index 712ed03fa278..e555fd8cbc95 100644 --- a/docs/root/api-v3/config/config.rst +++ b/docs/root/api-v3/config/config.rst @@ -28,3 +28,4 @@ Extensions request_id/request_id http/header_formatters http/original_ip_detection + quic diff --git a/docs/root/api-v3/config/quic/quic_extensions.rst b/docs/root/api-v3/config/quic/quic_extensions.rst new file mode 100644 index 000000000000..4f212401af06 --- /dev/null +++ b/docs/root/api-v3/config/quic/quic_extensions.rst @@ -0,0 +1,8 @@ +Quic Extensions +================= + +.. toctree:: + :glob: + :maxdepth: 2 + + ../../extensions/quic/v3/* From 8b38134fa67902b50443fb8cc4933b1952a8a995 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 11:58:52 -0400 Subject: [PATCH 11/33] fix extension status Signed-off-by: Dan Zhang --- source/extensions/quic/BUILD | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index fa30180f1384..2a798bb79a41 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( "//test:__subpackages__", ], security_posture = "robust_to_untrusted_downstream", + status = "alpha", tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_crypto_stream_factory_lib", @@ -52,6 +53,7 @@ envoy_cc_extension( "//test:__subpackages__", ], security_posture = "robust_to_untrusted_downstream", + status = "alpha", tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_proof_source_factory_interface", From 22137ccf932046838220bfcf2b5e62e3ba95ca7f Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 12:30:58 -0400 Subject: [PATCH 12/33] fix toctree reference Signed-off-by: Dan Zhang --- docs/root/api-v3/config/config.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/api-v3/config/config.rst b/docs/root/api-v3/config/config.rst index e555fd8cbc95..16a562963760 100644 --- a/docs/root/api-v3/config/config.rst +++ b/docs/root/api-v3/config/config.rst @@ -28,4 +28,4 @@ Extensions request_id/request_id http/header_formatters http/original_ip_detection - quic + quic/quic_extensions From 563ca967ea8ef478b7edd7de01dd8b6761e93773 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 13:25:31 -0400 Subject: [PATCH 13/33] fix docs cross reference Signed-off-by: Dan Zhang --- api/envoy/config/listener/v3/quic_config.proto | 6 ++++-- api/envoy/config/listener/v4alpha/quic_config.proto | 6 ++++-- .../envoy/config/listener/v3/quic_config.proto | 6 ++++-- .../envoy/config/listener/v4alpha/quic_config.proto | 6 ++++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index a936e41611fc..81d6f6e2cf41 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -24,6 +24,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.server.crypto_stream] google.protobuf.Any typed_config = 2; } @@ -31,6 +32,7 @@ message QuicCryptoStream { message QuicProofSource { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.proof_source] google.protobuf.Any typed_config = 2; } @@ -65,10 +67,10 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 6; // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // If not specified the :ref:`defaul one` will be used. QuicProofSource proof_source = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 0a9d9e275ada..1c2b48fb5e63 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -27,6 +27,7 @@ message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.server.crypto_stream] google.protobuf.Any typed_config = 2; } @@ -37,6 +38,7 @@ message QuicProofSource { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.proof_source] google.protobuf.Any typed_config = 2; } @@ -71,10 +73,10 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 6; // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // If not specified the :ref:`defaul one` will be used. QuicProofSource proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index a936e41611fc..81d6f6e2cf41 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -24,6 +24,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.server.crypto_stream] google.protobuf.Any typed_config = 2; } @@ -31,6 +32,7 @@ message QuicCryptoStream { message QuicProofSource { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.proof_source] google.protobuf.Any typed_config = 2; } @@ -65,10 +67,10 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 6; // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // If not specified the :ref:`defaul one` will be used. QuicProofSource proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 0a9d9e275ada..1c2b48fb5e63 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -27,6 +27,7 @@ message QuicCryptoStream { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.server.crypto_stream] google.protobuf.Any typed_config = 2; } @@ -37,6 +38,7 @@ message QuicProofSource { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.quic.proof_source] google.protobuf.Any typed_config = 2; } @@ -71,10 +73,10 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // If not specified the :ref:`QUICHE defaul one` will be used. QuicCryptoStream crypto_stream = 6; // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // If not specified the :ref:`defaul one` will be used. QuicProofSource proof_source = 7; } From 467a8083f9f5f5faa14ce721f6f78698cc42be40 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 16:04:15 -0400 Subject: [PATCH 14/33] fix CI Signed-off-by: Dan Zhang --- api/envoy/config/listener/v3/quic_config.proto | 8 ++++---- api/envoy/config/listener/v4alpha/quic_config.proto | 8 ++++---- .../envoy/config/listener/v3/quic_config.proto | 8 ++++---- .../envoy/config/listener/v4alpha/quic_config.proto | 8 ++++---- source/common/quic/BUILD | 2 ++ test/common/quic/envoy_quic_server_session_test.cc | 4 +--- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 81d6f6e2cf41..f83cbcac2bb7 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -66,11 +66,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // The implementation of quic::QuicCryptoClientStreamBase used for this listener. + // If not specified the :ref:`QUICHE default one` will be used. QuicCryptoStream crypto_stream = 6; - // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // The implementation of quic::ProofSource used for this listener. + // If not specified the :ref:`default one` will be used. QuicProofSource proof_source = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 1c2b48fb5e63..d212c2b38735 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -72,11 +72,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // The implementation of quic::QuicCryptoClientStreamBase used for this listener. + // If not specified the :ref:`QUICHE default one` will be used. QuicCryptoStream crypto_stream = 6; - // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // The implementation of quic::ProofSource used for this listener. + // If not specified the :ref:`default one` will be used. QuicProofSource proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 81d6f6e2cf41..f83cbcac2bb7 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -66,11 +66,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // The implementation of quic::QuicCryptoClientStreamBase used for this listener. + // If not specified the :ref:`QUICHE default one` will be used. QuicCryptoStream crypto_stream = 6; - // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // The implementation of quic::ProofSource used for this listener. + // If not specified the :ref:`default one` will be used. QuicProofSource proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 1c2b48fb5e63..d212c2b38735 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -72,11 +72,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The crypto server stream implementation used for this listener. - // If not specified the :ref:`QUICHE defaul one` will be used. + // The implementation of quic::QuicCryptoClientStreamBase used for this listener. + // If not specified the :ref:`QUICHE default one` will be used. QuicCryptoStream crypto_stream = 6; - // The proof source implementation used for this listener. - // If not specified the :ref:`defaul one` will be used. + // The implementation of quic::ProofSource used for this listener. + // If not specified the :ref:`default one` will be used. QuicProofSource proof_source = 7; } diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 15efe4a03ada..71b695dc06f0 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -461,6 +461,7 @@ envoy_cc_library( envoy_cc_library( name = "envoy_quic_crypto_stream_factory_lib", hdrs = ["envoy_quic_crypto_stream_factory.h"], + tags = ["nofips"], deps = [ "//include/envoy/config:typed_config_interface", "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", @@ -470,6 +471,7 @@ envoy_cc_library( envoy_cc_library( name = "envoy_quic_proof_source_factory_interface", hdrs = ["envoy_quic_proof_source_factory_interface.h"], + tags = ["nofips"], deps = [ "//include/envoy/config:typed_config_interface", "//source/server:connection_handler_lib", diff --git a/test/common/quic/envoy_quic_server_session_test.cc b/test/common/quic/envoy_quic_server_session_test.cc index f6ae5031d7b4..4ff7fce58ad6 100644 --- a/test/common/quic/envoy_quic_server_session_test.cc +++ b/test/common/quic/envoy_quic_server_session_test.cc @@ -124,8 +124,6 @@ class TestEnvoyQuicTlsServerHandshaker : public quic::TlsServerHandshaker, class EnvoyQuicTestCryptoServerStreamFactory : public EnvoyQuicCryptoServerStreamFactoryInterface { public: - EnvoyQuicTestCryptoServerStreamFactory() : EnvoyQuicCryptoServerStreamFactoryInterface() {} - ProtobufTypes::MessagePtr createEmptyConfigProto() override { return nullptr; } std::string name() const override { return "quic.test_crypto_server_stream"; } @@ -142,8 +140,8 @@ class EnvoyQuicTestCryptoServerStreamFactory : public EnvoyQuicCryptoServerStrea return std::make_unique(session, *crypto_config); case quic::PROTOCOL_UNSUPPORTED: ASSERT(false, "Unknown handshake protocol"); - return nullptr; } + return nullptr; } }; From 755072bac0651ef18d926998721fa397c7cd7bfc Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 27 May 2021 17:14:11 -0400 Subject: [PATCH 15/33] fix clang-tidy Signed-off-by: Dan Zhang --- source/common/quic/envoy_quic_crypto_stream_factory.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/quic/envoy_quic_crypto_stream_factory.h b/source/common/quic/envoy_quic_crypto_stream_factory.h index 52b5331e6076..30ba1710751e 100644 --- a/source/common/quic/envoy_quic_crypto_stream_factory.h +++ b/source/common/quic/envoy_quic_crypto_stream_factory.h @@ -35,7 +35,7 @@ class EnvoyQuicCryptoServerStreamFactoryInterface : public Config::TypedFactory class EnvoyQuicCryptoClientStreamFactoryInterface { public: - virtual ~EnvoyQuicCryptoClientStreamFactoryInterface() {} + virtual ~EnvoyQuicCryptoClientStreamFactoryInterface() = default; // Return an Envoy specific quic crypto client stream object. virtual std::unique_ptr From 4afa433c869ad687c87c96453340d64c1d3d69cf Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 1 Jun 2021 13:18:17 -0400 Subject: [PATCH 16/33] address comments Signed-off-by: Dan Zhang --- .../config/listener/v3/quic_config.proto | 29 ++++----------- .../config/listener/v4alpha/quic_config.proto | 35 ++++--------------- .../config/listener/v3/quic_config.proto | 29 ++++----------- .../config/listener/v4alpha/quic_config.proto | 35 ++++--------------- source/common/quic/active_quic_listener.cc | 4 +-- ...nvoy_quic_proof_source_factory_interface.h | 2 +- test/integration/BUILD | 1 - 7 files changed, 31 insertions(+), 104 deletions(-) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index f83cbcac2bb7..44758c5a3c2b 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package envoy.config.listener.v3; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; import "google/protobuf/any.proto"; @@ -20,22 +21,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] -// Configuration specific to QUIC crypto stream. -message QuicCryptoStream { - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.server.crypto_stream] - google.protobuf.Any typed_config = 2; -} - -// Configuration specific to QUIC proof source. -message QuicProofSource { - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.proof_source] - google.protobuf.Any typed_config = 2; -} - // Configuration specific to the UDP QUIC listener. // [#next-free-field: 8] message QuicProtocolOptions { @@ -66,11 +51,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The implementation of quic::QuicCryptoClientStreamBase used for this listener. - // If not specified the :ref:`QUICHE default one` will be used. - QuicCryptoStream crypto_stream = 6; + // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // If not specified the :ref:`QUICHE default one configured by ` will be used. + core.v3.TypedExtensionConfig crypto_stream = 6; - // The implementation of quic::ProofSource used for this listener. - // If not specified the :ref:`default one` will be used. - QuicProofSource proof_source = 7; + // Configure which implementation of quic::ProofSource to be used for this listener. + // If not specified the :ref:`default one configured by ` will be used. + core.v3.TypedExtensionConfig proof_source = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index d212c2b38735..44dc3552ecd8 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package envoy.config.listener.v4alpha; import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/protocol.proto"; import "google/protobuf/any.proto"; @@ -20,28 +21,6 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] -// Configuration specific to QUIC crypto stream. -message QuicCryptoStream { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.listener.v3.QuicCryptoStream"; - - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.server.crypto_stream] - google.protobuf.Any typed_config = 2; -} - -// Configuration specific to QUIC proof source. -message QuicProofSource { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.listener.v3.QuicProofSource"; - - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.proof_source] - google.protobuf.Any typed_config = 2; -} - // Configuration specific to the UDP QUIC listener. // [#next-free-field: 8] message QuicProtocolOptions { @@ -72,11 +51,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The implementation of quic::QuicCryptoClientStreamBase used for this listener. - // If not specified the :ref:`QUICHE default one` will be used. - QuicCryptoStream crypto_stream = 6; + // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // If not specified the :ref:`QUICHE default one configured by ` will be used. + core.v4alpha.TypedExtensionConfig crypto_stream = 6; - // The implementation of quic::ProofSource used for this listener. - // If not specified the :ref:`default one` will be used. - QuicProofSource proof_source = 7; + // Configure which implementation of quic::ProofSource to be used for this listener. + // If not specified the :ref:`default one configured by ` will be used. + core.v4alpha.TypedExtensionConfig proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index f83cbcac2bb7..44758c5a3c2b 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package envoy.config.listener.v3; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; import "google/protobuf/any.proto"; @@ -20,22 +21,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] -// Configuration specific to QUIC crypto stream. -message QuicCryptoStream { - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.server.crypto_stream] - google.protobuf.Any typed_config = 2; -} - -// Configuration specific to QUIC proof source. -message QuicProofSource { - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.proof_source] - google.protobuf.Any typed_config = 2; -} - // Configuration specific to the UDP QUIC listener. // [#next-free-field: 8] message QuicProtocolOptions { @@ -66,11 +51,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The implementation of quic::QuicCryptoClientStreamBase used for this listener. - // If not specified the :ref:`QUICHE default one` will be used. - QuicCryptoStream crypto_stream = 6; + // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // If not specified the :ref:`QUICHE default one configured by ` will be used. + core.v3.TypedExtensionConfig crypto_stream = 6; - // The implementation of quic::ProofSource used for this listener. - // If not specified the :ref:`default one` will be used. - QuicProofSource proof_source = 7; + // Configure which implementation of quic::ProofSource to be used for this listener. + // If not specified the :ref:`default one configured by ` will be used. + core.v3.TypedExtensionConfig proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index d212c2b38735..44dc3552ecd8 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package envoy.config.listener.v4alpha; import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/protocol.proto"; import "google/protobuf/any.proto"; @@ -20,28 +21,6 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: QUIC listener config] -// Configuration specific to QUIC crypto stream. -message QuicCryptoStream { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.listener.v3.QuicCryptoStream"; - - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.server.crypto_stream] - google.protobuf.Any typed_config = 2; -} - -// Configuration specific to QUIC proof source. -message QuicProofSource { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.listener.v3.QuicProofSource"; - - string name = 1 [(validate.rules).string = {min_len: 1}]; - - // [#extension-category: envoy.quic.proof_source] - google.protobuf.Any typed_config = 2; -} - // Configuration specific to the UDP QUIC listener. // [#next-free-field: 8] message QuicProtocolOptions { @@ -72,11 +51,11 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // The implementation of quic::QuicCryptoClientStreamBase used for this listener. - // If not specified the :ref:`QUICHE default one` will be used. - QuicCryptoStream crypto_stream = 6; + // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // If not specified the :ref:`QUICHE default one configured by ` will be used. + core.v4alpha.TypedExtensionConfig crypto_stream = 6; - // The implementation of quic::ProofSource used for this listener. - // If not specified the :ref:`default one` will be used. - QuicProofSource proof_source = 7; + // Configure which implementation of quic::ProofSource to be used for this listener. + // If not specified the :ref:`default one configured by ` will be used. + core.v4alpha.TypedExtensionConfig proof_source = 7; } diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index f3be58c87296..fca2171c3f06 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -259,7 +259,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( configQuicInitialFlowControlWindow(config.quic_protocol_options(), quic_config_); // Initialize crypto stream factory. - envoy::config::listener::v3::QuicCryptoStream crypto_stream; + envoy::config::core::v3::TypedExtensionConfig crypto_stream; if (!config.has_crypto_stream()) { // If not specified, use the quic crypto stream created by QUICHE. crypto_stream.set_name("quic.quiche_crypto_server_stream"); @@ -273,7 +273,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( crypto_stream); // Initialize proof source factory. - envoy::config::listener::v3::QuicProofSource proof_source; + envoy::config::core::v3::TypedExtensionConfig proof_source; if (!config.has_proof_source()) { proof_source.set_name("envoy.quic.filter_chain_proof_source"); envoy::extensions::quic::v3::ProofSourceConfig proof_source_config; diff --git a/source/common/quic/envoy_quic_proof_source_factory_interface.h b/source/common/quic/envoy_quic_proof_source_factory_interface.h index 217fef7e8af5..695fd606b1ca 100644 --- a/source/common/quic/envoy_quic_proof_source_factory_interface.h +++ b/source/common/quic/envoy_quic_proof_source_factory_interface.h @@ -24,7 +24,7 @@ namespace Quic { // A factory interface to provide quic::ProofSource. class EnvoyQuicProofSourceFactoryInterface : public Config::TypedFactory { public: - virtual ~EnvoyQuicProofSourceFactoryInterface() = default; + ~EnvoyQuicProofSourceFactoryInterface() override = default; std::string category() const override { return "envoy.quic.proof_source"; } diff --git a/test/integration/BUILD b/test/integration/BUILD index 3f603a63e402..0c023e3d85a6 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -1721,7 +1721,6 @@ envoy_cc_test( "//source/common/quic:envoy_quic_proof_verifier_lib", "//source/common/quic:quic_factory_lib", "//source/extensions/resource_monitors/injected_resource:config", - "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//test/common/quic:quic_test_utils_for_envoy_lib", "//test/common/quic:test_utils_lib", "//test/integration/filters:encoder_decoder_buffer_filter_lib", From e7532be132a5df7d008fc39e6b47978fe0272ae5 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 1 Jun 2021 13:32:11 -0400 Subject: [PATCH 17/33] fix extension libraries Signed-off-by: Dan Zhang --- source/extensions/quic/BUILD | 6 ------ 1 file changed, 6 deletions(-) diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 2a798bb79a41..7f5e2b4253c8 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -15,13 +15,10 @@ envoy_cc_extension( name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], - category = "envoy.quic.server.crypto_stream", extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", - status = "alpha", tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_crypto_stream_factory_lib", @@ -47,13 +44,10 @@ envoy_cc_extension( name = "envoy_quic_proof_source_factory_impl_lib", srcs = ["envoy_quic_proof_source_factory_impl.cc"], hdrs = ["envoy_quic_proof_source_factory_impl.h"], - category = "envoy.quic.proof_source", extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", - status = "alpha", tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_proof_source_factory_interface", From 2ddbd65308e696b9f1b94c8188e9cae1f12cbf9d Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 1 Jun 2021 15:22:25 -0400 Subject: [PATCH 18/33] fix doc reference Signed-off-by: Dan Zhang --- api/envoy/config/listener/v3/quic_config.proto | 2 ++ api/envoy/config/listener/v4alpha/quic_config.proto | 2 ++ generated_api_shadow/envoy/config/listener/v3/quic_config.proto | 2 ++ .../envoy/config/listener/v4alpha/quic_config.proto | 2 ++ 4 files changed, 8 insertions(+) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 44758c5a3c2b..d9537251ce37 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -53,9 +53,11 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. + // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. + // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 44dc3552ecd8..3fe9bace577c 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -53,9 +53,11 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. + // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. + // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 44758c5a3c2b..d9537251ce37 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -53,9 +53,11 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. + // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. + // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 44dc3552ecd8..3fe9bace577c 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -53,9 +53,11 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. + // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. + // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source = 7; } From 91ff970a51cf3e98f9d4994a904f30706f3db24c Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 1 Jun 2021 17:54:56 -0400 Subject: [PATCH 19/33] try to fix compile option Signed-off-by: Dan Zhang --- bazel/envoy_library.bzl | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 30d5106edb8e..0c118500df21 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -62,6 +62,7 @@ def envoy_cc_extension( ) cc_library( name = ext_name, + tags = tags, deps = select({ ":is_enabled": [":" + name], "//conditions:default": [], From d8aa1c37ec1c3038b45af8f36c4d31f8d097f01b Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 12:14:12 -0400 Subject: [PATCH 20/33] remove extension Signed-off-by: Dan Zhang --- source/extensions/quic/BUILD | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 7f5e2b4253c8..bc0c47b9f762 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -3,19 +3,20 @@ load( "envoy_cc_extension", "envoy_cc_library", "envoy_extension_package", + "envoy_package", ) licenses(["notice"]) # Apache 2 # Extensions of various QUIC objects. -envoy_extension_package() +envoy_package() -envoy_cc_extension( +envoy_cc_library( name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], - extra_visibility = [ + visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], @@ -40,11 +41,11 @@ envoy_cc_library( ], ) -envoy_cc_extension( +envoy_cc_library( name = "envoy_quic_proof_source_factory_impl_lib", srcs = ["envoy_quic_proof_source_factory_impl.cc"], hdrs = ["envoy_quic_proof_source_factory_impl.h"], - extra_visibility = [ + visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], From ec0302c68074b95e77bd9da5651d5981e0bc6b32 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 12:35:34 -0400 Subject: [PATCH 21/33] remove from extension BUILD Signed-off-by: Dan Zhang --- source/extensions/extensions_build_config.bzl | 7 ------- 1 file changed, 7 deletions(-) diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 9090afc538b2..a5b1a8bb9aae 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -280,13 +280,6 @@ EXTENSIONS = { "envoy.http.original_ip_detection.custom_header": "//source/extensions/http/original_ip_detection/custom_header:config", "envoy.http.original_ip_detection.xff": "//source/extensions/http/original_ip_detection/xff:config", - # - # Quic listener - # - - "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", - "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", - } # These can be changed to ["//visibility:public"], for downstream builds which From b7a09c25a473edf6f4332fe229d7c61d6039277c Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 14:04:07 -0400 Subject: [PATCH 22/33] Revert "remove from extension BUILD" This reverts commit ec0302c68074b95e77bd9da5651d5981e0bc6b32. Signed-off-by: Dan Zhang --- source/extensions/extensions_build_config.bzl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index a5b1a8bb9aae..9090afc538b2 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -280,6 +280,13 @@ EXTENSIONS = { "envoy.http.original_ip_detection.custom_header": "//source/extensions/http/original_ip_detection/custom_header:config", "envoy.http.original_ip_detection.xff": "//source/extensions/http/original_ip_detection/xff:config", + # + # Quic listener + # + + "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", + "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", + } # These can be changed to ["//visibility:public"], for downstream builds which From a5d29b1d8e58efeb790ce713f8091b5a77f961fc Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 14:04:33 -0400 Subject: [PATCH 23/33] Revert "remove extension" This reverts commit d8aa1c37ec1c3038b45af8f36c4d31f8d097f01b. Signed-off-by: Dan Zhang --- source/extensions/quic/BUILD | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index bc0c47b9f762..7f5e2b4253c8 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -3,20 +3,19 @@ load( "envoy_cc_extension", "envoy_cc_library", "envoy_extension_package", - "envoy_package", ) licenses(["notice"]) # Apache 2 # Extensions of various QUIC objects. -envoy_package() +envoy_extension_package() -envoy_cc_library( +envoy_cc_extension( name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], - visibility = [ + extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], @@ -41,11 +40,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "envoy_quic_proof_source_factory_impl_lib", srcs = ["envoy_quic_proof_source_factory_impl.cc"], hdrs = ["envoy_quic_proof_source_factory_impl.h"], - visibility = [ + extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], From b392d623ad8c596c9200a14608aaf7e2f7c85820 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 15:08:31 -0400 Subject: [PATCH 24/33] another try of fixing compile option build Signed-off-by: Dan Zhang --- source/extensions/quic/BUILD | 48 +++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 7f5e2b4253c8..4549931ce01d 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -11,21 +11,39 @@ licenses(["notice"]) # Apache 2 envoy_extension_package() -envoy_cc_extension( +envoy_cc_library( name = "envoy_quic_crypto_server_stream_lib", srcs = ["envoy_quic_crypto_server_stream.cc"], hdrs = ["envoy_quic_crypto_server_stream.h"], - extra_visibility = [ + tags = ["nofips"], + visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], - tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_crypto_stream_factory_lib", "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", ], ) +envoy_cc_extension( + name = "envoy_quic_default_crypto_server_stream_extension", + extra_visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + tags = ["nofips"], + deps = select( + { + "//bazel:boringssl_fips": [], + "//bazel:boringssl_disabled": [], + "//conditions:default": [ + ":envoy_quic_crypto_server_stream_lib", + ], + }, + ), +) + envoy_cc_library( name = "envoy_quic_crypto_client_stream_lib", srcs = ["envoy_quic_crypto_client_stream.cc"], @@ -40,18 +58,36 @@ envoy_cc_library( ], ) -envoy_cc_extension( +envoy_cc_library( name = "envoy_quic_proof_source_factory_impl_lib", srcs = ["envoy_quic_proof_source_factory_impl.cc"], hdrs = ["envoy_quic_proof_source_factory_impl.h"], - extra_visibility = [ + tags = ["nofips"], + visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", ], - tags = ["nofips"], deps = [ "//source/common/quic:envoy_quic_proof_source_factory_interface", "//source/common/quic:envoy_quic_proof_source_lib", "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", ], ) + +envoy_cc_extension( + name = "envoy_quic_default_proof_source_extension", + extra_visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + tags = ["nofips"], + deps = select( + { + "//bazel:boringssl_fips": [], + "//bazel:boringssl_disabled": [], + "//conditions:default": [ + ":envoy_quic_proof_source_factory_impl_lib", + ], + }, + ), +) From db8e0f88b48448de37141f627a1920bb939fb5f8 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 2 Jun 2021 15:21:05 -0400 Subject: [PATCH 25/33] fix extension name Signed-off-by: Dan Zhang --- source/extensions/extensions_build_config.bzl | 6 +++--- source/extensions/quic/BUILD | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 9090afc538b2..df8d3394035d 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -281,11 +281,11 @@ EXTENSIONS = { "envoy.http.original_ip_detection.xff": "//source/extensions/http/original_ip_detection/xff:config", # - # Quic listener + # Quic extensions # - "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", - "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", + "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_default_crypto_server_stream", + "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_default_proof_source", } diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/BUILD index 4549931ce01d..a040d3e3ff96 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/BUILD @@ -27,7 +27,7 @@ envoy_cc_library( ) envoy_cc_extension( - name = "envoy_quic_default_crypto_server_stream_extension", + name = "envoy_quic_default_crypto_server_stream", extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", @@ -75,7 +75,7 @@ envoy_cc_library( ) envoy_cc_extension( - name = "envoy_quic_default_proof_source_extension", + name = "envoy_quic_default_proof_source", extra_visibility = [ "//source/common/quic:__subpackages__", "//test:__subpackages__", From 8b89c589cdd383c06acd271bd29393cdf092a438 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Thu, 3 Jun 2021 15:01:19 -0400 Subject: [PATCH 26/33] comment Signed-off-by: Dan Zhang --- source/common/quic/client_connection_factory_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index 3fee6c1f5821..68682ea8e0e4 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -49,7 +49,7 @@ struct PersistentQuicInfoImpl : public Http::PersistentQuicInfo { // This arguably should not be shared across connections but as Envoy doesn't // support push promise it's really moot point. quic::QuicClientPushPromiseIndex push_promise_index_; - // Hard code with real crypto stream for now. + // Hard code with the default crypto stream as there's no pluggable crypto for upstream Envoy. EnvoyQuicCryptoClientStreamFactoryImpl crypto_stream_factory_; }; From b352b81c1c8d4701f5fbecd37bbc5a6619bdd63c Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Fri, 4 Jun 2021 14:29:11 -0400 Subject: [PATCH 27/33] address api comment Signed-off-by: Dan Zhang --- .../config/listener/v3/quic_config.proto | 4 +-- .../config/listener/v4alpha/quic_config.proto | 4 +-- .../extensions/quic/v3/crypto_stream.proto | 2 +- .../extensions/quic/v3/proof_source.proto | 2 +- .../config/listener/v3/quic_config.proto | 4 +-- .../config/listener/v4alpha/quic_config.proto | 4 +-- .../extensions/quic/v3/crypto_stream.proto | 2 +- .../extensions/quic/v3/proof_source.proto | 2 +- source/common/quic/active_quic_listener.cc | 30 +++++++++---------- .../quic/client_connection_factory_impl.h | 1 - source/extensions/extensions_build_config.bzl | 4 +-- source/extensions/extensions_metadata.yaml | 4 +-- .../quic/envoy_quic_crypto_server_stream.h | 2 +- .../envoy_quic_proof_source_factory_impl.h | 2 +- test/common/quic/active_quic_listener_test.cc | 8 ++--- 15 files changed, 37 insertions(+), 38 deletions(-) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index d9537251ce37..636ac7a441e8 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -54,10 +54,10 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] - core.v3.TypedExtensionConfig crypto_stream = 6; + core.v3.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] - core.v3.TypedExtensionConfig proof_source = 7; + core.v3.TypedExtensionConfig proof_source_config = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 3fe9bace577c..0780c6620330 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -54,10 +54,10 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] - core.v4alpha.TypedExtensionConfig crypto_stream = 6; + core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] - core.v4alpha.TypedExtensionConfig proof_source = 7; + core.v4alpha.TypedExtensionConfig proof_source_config = 7; } diff --git a/api/envoy/extensions/quic/v3/crypto_stream.proto b/api/envoy/extensions/quic/v3/crypto_stream.proto index e4c378f4781e..43acb62f6379 100644 --- a/api/envoy/extensions/quic/v3/crypto_stream.proto +++ b/api/envoy/extensions/quic/v3/crypto_stream.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] -// [#extension: quic.quiche_crypto_server_stream] +// [#extension: envoy.quic.server.crypto_stream.quiche] // Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { diff --git a/api/envoy/extensions/quic/v3/proof_source.proto b/api/envoy/extensions/quic/v3/proof_source.proto index 64f7d33146fa..9af318648475 100644 --- a/api/envoy/extensions/quic/v3/proof_source.proto +++ b/api/envoy/extensions/quic/v3/proof_source.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC proof source config] -// [#extension: envoy.quic.filter_chain_proof_source] +// [#extension: envoy.quic.proof_source.filter_chain] // Configuration for the default QUIC proof source. message ProofSourceConfig { diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index d9537251ce37..636ac7a441e8 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -54,10 +54,10 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] - core.v3.TypedExtensionConfig crypto_stream = 6; + core.v3.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] - core.v3.TypedExtensionConfig proof_source = 7; + core.v3.TypedExtensionConfig proof_source_config = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 3fe9bace577c..0780c6620330 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -54,10 +54,10 @@ message QuicProtocolOptions { // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] - core.v4alpha.TypedExtensionConfig crypto_stream = 6; + core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] - core.v4alpha.TypedExtensionConfig proof_source = 7; + core.v4alpha.TypedExtensionConfig proof_source_config = 7; } diff --git a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto index e4c378f4781e..43acb62f6379 100644 --- a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto +++ b/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] -// [#extension: quic.quiche_crypto_server_stream] +// [#extension: envoy.quic.server.crypto_stream.quiche] // Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { diff --git a/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto b/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto index 64f7d33146fa..9af318648475 100644 --- a/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto +++ b/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC proof source config] -// [#extension: envoy.quic.filter_chain_proof_source] +// [#extension: envoy.quic.proof_source.filter_chain] // Configuration for the default QUIC proof source. message ProofSourceConfig { diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index d5f0e069e8dc..3facb64660b1 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -261,30 +261,30 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( configQuicInitialFlowControlWindow(config.quic_protocol_options(), quic_config_); // Initialize crypto stream factory. - envoy::config::core::v3::TypedExtensionConfig crypto_stream; - if (!config.has_crypto_stream()) { + envoy::config::core::v3::TypedExtensionConfig crypto_stream_config; + if (!config.has_crypto_stream_config()) { // If not specified, use the quic crypto stream created by QUICHE. - crypto_stream.set_name("quic.quiche_crypto_server_stream"); - envoy::extensions::quic::v3::CryptoServerStreamConfig crypto_stream_config; - crypto_stream.mutable_typed_config()->PackFrom(crypto_stream_config); + crypto_stream_config.set_name("envoy.quic.server.crypto_stream.quiche"); + envoy::extensions::quic::v3::CryptoServerStreamConfig empty_crypto_stream_config; + crypto_stream_config.mutable_typed_config()->PackFrom(empty_crypto_stream_config); } else { - crypto_stream = config.crypto_stream(); + crypto_stream_config = config.crypto_stream_config(); } crypto_server_stream_factory_ = Config::Utility::getAndCheckFactory( - crypto_stream); + crypto_stream_config); // Initialize proof source factory. - envoy::config::core::v3::TypedExtensionConfig proof_source; - if (!config.has_proof_source()) { - proof_source.set_name("envoy.quic.filter_chain_proof_source"); - envoy::extensions::quic::v3::ProofSourceConfig proof_source_config; - proof_source.mutable_typed_config()->PackFrom(proof_source_config); + envoy::config::core::v3::TypedExtensionConfig proof_source_config; + if (!config.has_proof_source_config()) { + proof_source_config.set_name("envoy.quic.proof_source.filter_chain"); + envoy::extensions::quic::v3::ProofSourceConfig empty_proof_source_config; + proof_source_config.mutable_typed_config()->PackFrom(empty_proof_source_config); } else { - proof_source = config.proof_source(); + proof_source_config = config.proof_source_config(); } - proof_source_factory_ = - Config::Utility::getAndCheckFactory(proof_source); + proof_source_factory_ = Config::Utility::getAndCheckFactory( + proof_source_config); } Network::ConnectionHandler::ActiveUdpListenerPtr ActiveQuicListenerFactory::createActiveUdpListener( diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index 55284f818f7b..69e6336c2e75 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -6,7 +6,6 @@ #include "source/common/quic/envoy_quic_connection_helper.h" #include "source/common/quic/envoy_quic_proof_verifier.h" #include "source/common/quic/envoy_quic_utils.h" - #include "source/extensions/quic/envoy_quic_crypto_client_stream.h" #include "source/extensions/transport_sockets/tls/ssl_socket.h" diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index df8d3394035d..45e99975a777 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -284,8 +284,8 @@ EXTENSIONS = { # Quic extensions # - "quic.quiche_crypto_server_stream": "//source/extensions/quic:envoy_quic_default_crypto_server_stream", - "envoy.quic.filter_chain_proof_source": "//source/extensions/quic:envoy_quic_default_proof_source", + "envoy.quic.server.crypto_stream.quiche": "//source/extensions/quic:envoy_quic_default_crypto_server_stream", + "envoy.quic.proof_source.filter_chain": "//source/extensions/quic:envoy_quic_default_proof_source", } diff --git a/source/extensions/extensions_metadata.yaml b/source/extensions/extensions_metadata.yaml index cf3325d53254..4821e8b022ad 100644 --- a/source/extensions/extensions_metadata.yaml +++ b/source/extensions/extensions_metadata.yaml @@ -489,12 +489,12 @@ envoy.matching.input_matchers.consistent_hashing: - envoy.matching.input_matchers security_posture: robust_to_untrusted_downstream status: stable -envoy.quic.filter_chain_proof_source: +envoy.quic.proof_source.filter_chain: categories: - envoy.quic.proof_source security_posture: robust_to_untrusted_downstream status: alpha -quic.quiche_crypto_server_stream: +envoy.quic.server.crypto_stream.quiche: categories: - envoy.quic.server.crypto_stream security_posture: robust_to_untrusted_downstream diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/envoy_quic_crypto_server_stream.h index 8ad944fe7f41..2ca5cbee5573 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/envoy_quic_crypto_server_stream.h @@ -13,7 +13,7 @@ class EnvoyQuicCryptoServerStreamFactoryImpl : public EnvoyQuicCryptoServerStrea ProtobufTypes::MessagePtr createEmptyConfigProto() override { return std::make_unique(); } - std::string name() const override { return "quic.quiche_crypto_server_stream"; } + std::string name() const override { return "envoy.quic.server.crypto_stream.quiche"; } std::unique_ptr createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, diff --git a/source/extensions/quic/envoy_quic_proof_source_factory_impl.h b/source/extensions/quic/envoy_quic_proof_source_factory_impl.h index b0ee8458de3c..2371a3deccee 100644 --- a/source/extensions/quic/envoy_quic_proof_source_factory_impl.h +++ b/source/extensions/quic/envoy_quic_proof_source_factory_impl.h @@ -14,7 +14,7 @@ class EnvoyQuicProofSourceFactoryImpl : public EnvoyQuicProofSourceFactoryInterf return std::make_unique(); } - std::string name() const override { return "envoy.quic.filter_chain_proof_source"; } + std::string name() const override { return "envoy.quic.proof_source.filter_chain"; } std::unique_ptr createQuicProofSource(Network::Socket& listen_socket, diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index 7aaa412786b4..70462ea2ae28 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -272,12 +272,12 @@ class ActiveQuicListenerTest : public QuicMultiVersionTest { default_value: true runtime_key: quic.enabled packets_to_read_to_connection_count_ratio: 50 - crypto_stream: - name: "envoy.quic.quiche_crypto_server_stream" + crypto_stream_config: + name: "envoy.quic.server.crypto_stream.quiche" typed_config: "@type": type.googleapis.com/envoy.extensions.quic.v3.CryptoServerStreamConfig - proof_source: - name: "envoy.quic.filter_chain_proof_source" + proof_source_config: + name: "envoy.quic.proof_source.filter_chain" typed_config: "@type": type.googleapis.com/envoy.extensions.quic.v3.ProofSourceConfig )EOF", From 52afe14de116f62f84fc3a2f990e24e92eba5411 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 8 Jun 2021 12:10:37 -0400 Subject: [PATCH 28/33] move around extensions Signed-off-by: Dan Zhang --- api/BUILD | 3 +- .../quic/{ => crypto_stream}/v3/BUILD | 0 .../v3/crypto_stream.proto | 4 +- .../extensions/quic/proof_source}/v3/BUILD | 0 .../{ => proof_source}/v3/proof_source.proto | 4 +- api/versioning/BUILD | 3 +- .../api-v3/config/quic/quic_extensions.rst | 3 +- generated_api_shadow/BUILD | 3 +- .../extensions/quic/crypto_stream/v3/BUILD | 9 ++++ .../v3/crypto_stream.proto | 4 +- .../extensions/quic/proof_source/v3/BUILD | 9 ++++ .../{ => proof_source}/v3/proof_source.proto | 4 +- source/common/quic/BUILD | 9 ++-- source/common/quic/active_quic_listener.cc | 8 ++-- .../quic/client_connection_factory_impl.h | 2 +- .../extensions/quic/{ => crypto_stream}/BUILD | 38 +-------------- .../envoy_quic_crypto_client_stream.cc | 2 +- .../envoy_quic_crypto_client_stream.h | 0 .../envoy_quic_crypto_server_stream.cc | 2 +- .../envoy_quic_crypto_server_stream.h | 4 +- source/extensions/quic/proof_source/BUILD | 46 +++++++++++++++++++ .../envoy_quic_proof_source_factory_impl.cc | 2 +- .../envoy_quic_proof_source_factory_impl.h | 4 +- test/common/quic/BUILD | 8 ++-- test/common/quic/active_quic_listener_test.cc | 8 ++-- .../quic/envoy_quic_client_session_test.cc | 2 +- .../common/quic/envoy_quic_dispatcher_test.cc | 2 +- test/integration/BUILD | 1 - 28 files changed, 109 insertions(+), 75 deletions(-) rename api/envoy/extensions/quic/{ => crypto_stream}/v3/BUILD (100%) rename api/envoy/extensions/quic/{ => crypto_stream}/v3/crypto_stream.proto (78%) rename {generated_api_shadow/envoy/extensions/quic => api/envoy/extensions/quic/proof_source}/v3/BUILD (100%) rename api/envoy/extensions/quic/{ => proof_source}/v3/proof_source.proto (76%) create mode 100644 generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/BUILD rename generated_api_shadow/envoy/extensions/quic/{ => crypto_stream}/v3/crypto_stream.proto (78%) create mode 100644 generated_api_shadow/envoy/extensions/quic/proof_source/v3/BUILD rename generated_api_shadow/envoy/extensions/quic/{ => proof_source}/v3/proof_source.proto (76%) rename source/extensions/quic/{ => crypto_stream}/BUILD (56%) rename source/extensions/quic/{ => crypto_stream}/envoy_quic_crypto_client_stream.cc (90%) rename source/extensions/quic/{ => crypto_stream}/envoy_quic_crypto_client_stream.h (100%) rename source/extensions/quic/{ => crypto_stream}/envoy_quic_crypto_server_stream.cc (88%) rename source/extensions/quic/{ => crypto_stream}/envoy_quic_crypto_server_stream.h (84%) create mode 100644 source/extensions/quic/proof_source/BUILD rename source/extensions/quic/{ => proof_source}/envoy_quic_proof_source_factory_impl.cc (86%) rename source/extensions/quic/{ => proof_source}/envoy_quic_proof_source_factory_impl.h (84%) diff --git a/api/BUILD b/api/BUILD index d6ba48e43310..c55fd1006e91 100644 --- a/api/BUILD +++ b/api/BUILD @@ -255,7 +255,8 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", - "//envoy/extensions/quic/v3:pkg", + "//envoy/extensions/quic/crypto_stream/v3:pkg", + "//envoy/extensions/quic/proof_source/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/api/envoy/extensions/quic/v3/BUILD b/api/envoy/extensions/quic/crypto_stream/v3/BUILD similarity index 100% rename from api/envoy/extensions/quic/v3/BUILD rename to api/envoy/extensions/quic/crypto_stream/v3/BUILD diff --git a/api/envoy/extensions/quic/v3/crypto_stream.proto b/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto similarity index 78% rename from api/envoy/extensions/quic/v3/crypto_stream.proto rename to api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto index 43acb62f6379..71c5caa226b9 100644 --- a/api/envoy/extensions/quic/v3/crypto_stream.proto +++ b/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto @@ -1,10 +1,10 @@ syntax = "proto3"; -package envoy.extensions.quic.v3; +package envoy.extensions.quic.crypto_stream.v3; import "udpa/annotations/status.proto"; -option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_package = "io.envoyproxy.envoy.extensions.quic.crypto_stream.v3"; option java_outer_classname = "CryptoStreamProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/generated_api_shadow/envoy/extensions/quic/v3/BUILD b/api/envoy/extensions/quic/proof_source/v3/BUILD similarity index 100% rename from generated_api_shadow/envoy/extensions/quic/v3/BUILD rename to api/envoy/extensions/quic/proof_source/v3/BUILD diff --git a/api/envoy/extensions/quic/v3/proof_source.proto b/api/envoy/extensions/quic/proof_source/v3/proof_source.proto similarity index 76% rename from api/envoy/extensions/quic/v3/proof_source.proto rename to api/envoy/extensions/quic/proof_source/v3/proof_source.proto index 9af318648475..1459142d4091 100644 --- a/api/envoy/extensions/quic/v3/proof_source.proto +++ b/api/envoy/extensions/quic/proof_source/v3/proof_source.proto @@ -1,10 +1,10 @@ syntax = "proto3"; -package envoy.extensions.quic.v3; +package envoy.extensions.quic.proof_source.v3; import "udpa/annotations/status.proto"; -option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_package = "io.envoyproxy.envoy.extensions.quic.proof_source.v3"; option java_outer_classname = "ProofSourceProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/api/versioning/BUILD b/api/versioning/BUILD index ef7fd31f451f..73d621f20b66 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -138,7 +138,8 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", - "//envoy/extensions/quic/v3:pkg", + "//envoy/extensions/quic/crypto_stream/v3:pkg", + "//envoy/extensions/quic/proof_source/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/docs/root/api-v3/config/quic/quic_extensions.rst b/docs/root/api-v3/config/quic/quic_extensions.rst index 4f212401af06..4f3ab247bb6d 100644 --- a/docs/root/api-v3/config/quic/quic_extensions.rst +++ b/docs/root/api-v3/config/quic/quic_extensions.rst @@ -5,4 +5,5 @@ Quic Extensions :glob: :maxdepth: 2 - ../../extensions/quic/v3/* + ../../extensions/quic/crypto_stream/v3/* + ../../extensions/quic/proof_source/v3/* diff --git a/generated_api_shadow/BUILD b/generated_api_shadow/BUILD index d6ba48e43310..c55fd1006e91 100644 --- a/generated_api_shadow/BUILD +++ b/generated_api_shadow/BUILD @@ -255,7 +255,8 @@ proto_library( "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg", "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg", "//envoy/extensions/network/socket_interface/v3:pkg", - "//envoy/extensions/quic/v3:pkg", + "//envoy/extensions/quic/crypto_stream/v3:pkg", + "//envoy/extensions/quic/proof_source/v3:pkg", "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg", "//envoy/extensions/request_id/uuid/v3:pkg", "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg", diff --git a/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/BUILD b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto similarity index 78% rename from generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto rename to generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto index 43acb62f6379..71c5caa226b9 100644 --- a/generated_api_shadow/envoy/extensions/quic/v3/crypto_stream.proto +++ b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto @@ -1,10 +1,10 @@ syntax = "proto3"; -package envoy.extensions.quic.v3; +package envoy.extensions.quic.crypto_stream.v3; import "udpa/annotations/status.proto"; -option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_package = "io.envoyproxy.envoy.extensions.quic.crypto_stream.v3"; option java_outer_classname = "CryptoStreamProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/generated_api_shadow/envoy/extensions/quic/proof_source/v3/BUILD b/generated_api_shadow/envoy/extensions/quic/proof_source/v3/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/quic/proof_source/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto b/generated_api_shadow/envoy/extensions/quic/proof_source/v3/proof_source.proto similarity index 76% rename from generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto rename to generated_api_shadow/envoy/extensions/quic/proof_source/v3/proof_source.proto index 9af318648475..1459142d4091 100644 --- a/generated_api_shadow/envoy/extensions/quic/v3/proof_source.proto +++ b/generated_api_shadow/envoy/extensions/quic/proof_source/v3/proof_source.proto @@ -1,10 +1,10 @@ syntax = "proto3"; -package envoy.extensions.quic.v3; +package envoy.extensions.quic.proof_source.v3; import "udpa/annotations/status.proto"; -option java_package = "io.envoyproxy.envoy.extensions.quic.v3"; +option java_package = "io.envoyproxy.envoy.extensions.quic.proof_source.v3"; option java_outer_classname = "ProofSourceProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD index 12d26cd4715c..f0aa7b33040b 100644 --- a/source/common/quic/BUILD +++ b/source/common/quic/BUILD @@ -178,7 +178,7 @@ envoy_cc_library( "//envoy/http:codec_interface", "//envoy/registry", "//source/common/http/http3:quic_client_connection_factory_lib", - "//source/extensions/quic:envoy_quic_crypto_client_stream_lib", + "//source/extensions/quic/crypto_stream:envoy_quic_crypto_client_stream_lib", "//source/extensions/transport_sockets/tls:ssl_socket_lib", "@com_googlesource_quiche//:quic_core_http_spdy_session_lib", ], @@ -367,7 +367,8 @@ envoy_cc_library( "//source/common/runtime:runtime_lib", "//source/server:connection_handler_lib", "@envoy_api//envoy/config/listener/v3:pkg_cc_proto", - "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/quic/crypto_stream/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/quic/proof_source/v3:pkg_cc_proto", ], ) @@ -425,8 +426,8 @@ envoy_cc_library( "//conditions:default": [ ":codec_lib", ":quic_transport_socket_factory_lib", - "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", - "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", + "//source/extensions/quic/crypto_stream:envoy_quic_crypto_server_stream_lib", + "//source/extensions/quic/proof_source:envoy_quic_proof_source_factory_impl_lib", ], }), ) diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index 3facb64660b1..da68e73530ee 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -20,8 +20,8 @@ #include "source/common/config/utility.h" #include "source/common/quic/quic_network_connection.h" #include "source/common/runtime/runtime_features.h" -#include "envoy/extensions/quic/v3/crypto_stream.pb.h" -#include "envoy/extensions/quic/v3/proof_source.pb.h" +#include "envoy/extensions/quic/crypto_stream/v3/crypto_stream.pb.h" +#include "envoy/extensions/quic/proof_source/v3/proof_source.pb.h" namespace Envoy { namespace Quic { @@ -265,7 +265,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( if (!config.has_crypto_stream_config()) { // If not specified, use the quic crypto stream created by QUICHE. crypto_stream_config.set_name("envoy.quic.server.crypto_stream.quiche"); - envoy::extensions::quic::v3::CryptoServerStreamConfig empty_crypto_stream_config; + envoy::extensions::quic::crypto_stream::v3::CryptoServerStreamConfig empty_crypto_stream_config; crypto_stream_config.mutable_typed_config()->PackFrom(empty_crypto_stream_config); } else { crypto_stream_config = config.crypto_stream_config(); @@ -278,7 +278,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( envoy::config::core::v3::TypedExtensionConfig proof_source_config; if (!config.has_proof_source_config()) { proof_source_config.set_name("envoy.quic.proof_source.filter_chain"); - envoy::extensions::quic::v3::ProofSourceConfig empty_proof_source_config; + envoy::extensions::quic::proof_source::v3::ProofSourceConfig empty_proof_source_config; proof_source_config.mutable_typed_config()->PackFrom(empty_proof_source_config); } else { proof_source_config = config.proof_source_config(); diff --git a/source/common/quic/client_connection_factory_impl.h b/source/common/quic/client_connection_factory_impl.h index 69e6336c2e75..8ec1038bf147 100644 --- a/source/common/quic/client_connection_factory_impl.h +++ b/source/common/quic/client_connection_factory_impl.h @@ -6,7 +6,7 @@ #include "source/common/quic/envoy_quic_connection_helper.h" #include "source/common/quic/envoy_quic_proof_verifier.h" #include "source/common/quic/envoy_quic_utils.h" -#include "source/extensions/quic/envoy_quic_crypto_client_stream.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.h" #include "source/extensions/transport_sockets/tls/ssl_socket.h" #include "quiche/quic/core/http/quic_client_push_promise_index.h" diff --git a/source/extensions/quic/BUILD b/source/extensions/quic/crypto_stream/BUILD similarity index 56% rename from source/extensions/quic/BUILD rename to source/extensions/quic/crypto_stream/BUILD index a040d3e3ff96..8c919379f2c3 100644 --- a/source/extensions/quic/BUILD +++ b/source/extensions/quic/crypto_stream/BUILD @@ -7,7 +7,7 @@ load( licenses(["notice"]) # Apache 2 -# Extensions of various QUIC objects. +# Extensions of QUIC crypto stream. envoy_extension_package() @@ -22,7 +22,7 @@ envoy_cc_library( ], deps = [ "//source/common/quic:envoy_quic_crypto_stream_factory_lib", - "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/quic/crypto_stream/v3:pkg_cc_proto", ], ) @@ -57,37 +57,3 @@ envoy_cc_library( "//source/common/quic:envoy_quic_crypto_stream_factory_lib", ], ) - -envoy_cc_library( - name = "envoy_quic_proof_source_factory_impl_lib", - srcs = ["envoy_quic_proof_source_factory_impl.cc"], - hdrs = ["envoy_quic_proof_source_factory_impl.h"], - tags = ["nofips"], - visibility = [ - "//source/common/quic:__subpackages__", - "//test:__subpackages__", - ], - deps = [ - "//source/common/quic:envoy_quic_proof_source_factory_interface", - "//source/common/quic:envoy_quic_proof_source_lib", - "@envoy_api//envoy/extensions/quic/v3:pkg_cc_proto", - ], -) - -envoy_cc_extension( - name = "envoy_quic_default_proof_source", - extra_visibility = [ - "//source/common/quic:__subpackages__", - "//test:__subpackages__", - ], - tags = ["nofips"], - deps = select( - { - "//bazel:boringssl_fips": [], - "//bazel:boringssl_disabled": [], - "//conditions:default": [ - ":envoy_quic_proof_source_factory_impl_lib", - ], - }, - ), -) diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.cc b/source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.cc similarity index 90% rename from source/extensions/quic/envoy_quic_crypto_client_stream.cc rename to source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.cc index 03d8eafda970..da458db20eb2 100644 --- a/source/extensions/quic/envoy_quic_crypto_client_stream.cc +++ b/source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.cc @@ -1,4 +1,4 @@ -#include "source/extensions/quic/envoy_quic_crypto_client_stream.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.h" namespace Envoy { namespace Quic { diff --git a/source/extensions/quic/envoy_quic_crypto_client_stream.h b/source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.h similarity index 100% rename from source/extensions/quic/envoy_quic_crypto_client_stream.h rename to source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.h diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.cc b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.cc similarity index 88% rename from source/extensions/quic/envoy_quic_crypto_server_stream.cc rename to source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.cc index 1b659897b34a..282a5ad4d5bc 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.cc +++ b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.cc @@ -1,4 +1,4 @@ -#include "source/extensions/quic/envoy_quic_crypto_server_stream.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h" namespace Envoy { namespace Quic { diff --git a/source/extensions/quic/envoy_quic_crypto_server_stream.h b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h similarity index 84% rename from source/extensions/quic/envoy_quic_crypto_server_stream.h rename to source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h index 2ca5cbee5573..6837c2e51404 100644 --- a/source/extensions/quic/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h @@ -1,6 +1,6 @@ #pragma once -#include "envoy/extensions/quic/v3/crypto_stream.pb.h" +#include "envoy/extensions/quic/crypto_stream/v3/crypto_stream.pb.h" #include "envoy/registry/registry.h" #include "source/common/quic/envoy_quic_crypto_stream_factory.h" @@ -11,7 +11,7 @@ namespace Quic { class EnvoyQuicCryptoServerStreamFactoryImpl : public EnvoyQuicCryptoServerStreamFactoryInterface { public: ProtobufTypes::MessagePtr createEmptyConfigProto() override { - return std::make_unique(); + return std::make_unique(); } std::string name() const override { return "envoy.quic.server.crypto_stream.quiche"; } std::unique_ptr diff --git a/source/extensions/quic/proof_source/BUILD b/source/extensions/quic/proof_source/BUILD new file mode 100644 index 000000000000..87dfd8b6023b --- /dev/null +++ b/source/extensions/quic/proof_source/BUILD @@ -0,0 +1,46 @@ +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_cc_library", + "envoy_extension_package", +) + +licenses(["notice"]) # Apache 2 + +# Extensions of QUIC proof source. + +envoy_extension_package() + +envoy_cc_library( + name = "envoy_quic_proof_source_factory_impl_lib", + srcs = ["envoy_quic_proof_source_factory_impl.cc"], + hdrs = ["envoy_quic_proof_source_factory_impl.h"], + tags = ["nofips"], + visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + deps = [ + "//source/common/quic:envoy_quic_proof_source_factory_interface", + "//source/common/quic:envoy_quic_proof_source_lib", + "@envoy_api//envoy/extensions/quic/proof_source/v3:pkg_cc_proto", + ], +) + +envoy_cc_extension( + name = "envoy_quic_default_proof_source", + extra_visibility = [ + "//source/common/quic:__subpackages__", + "//test:__subpackages__", + ], + tags = ["nofips"], + deps = select( + { + "//bazel:boringssl_fips": [], + "//bazel:boringssl_disabled": [], + "//conditions:default": [ + ":envoy_quic_proof_source_factory_impl_lib", + ], + }, + ), +) diff --git a/source/extensions/quic/envoy_quic_proof_source_factory_impl.cc b/source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.cc similarity index 86% rename from source/extensions/quic/envoy_quic_proof_source_factory_impl.cc rename to source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.cc index e20d132ebb3a..3b459c4ca341 100644 --- a/source/extensions/quic/envoy_quic_proof_source_factory_impl.cc +++ b/source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.cc @@ -1,4 +1,4 @@ -#include "source/extensions/quic/envoy_quic_proof_source_factory_impl.h" +#include "source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.h" namespace Envoy { namespace Quic { diff --git a/source/extensions/quic/envoy_quic_proof_source_factory_impl.h b/source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.h similarity index 84% rename from source/extensions/quic/envoy_quic_proof_source_factory_impl.h rename to source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.h index 2371a3deccee..39384fcfbc8f 100644 --- a/source/extensions/quic/envoy_quic_proof_source_factory_impl.h +++ b/source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.h @@ -1,4 +1,4 @@ -#include "envoy/extensions/quic/v3/proof_source.pb.h" +#include "envoy/extensions/quic/proof_source/v3/proof_source.pb.h" #include "envoy/registry/registry.h" #include "source/common/quic/envoy_quic_proof_source.h" @@ -11,7 +11,7 @@ namespace Quic { class EnvoyQuicProofSourceFactoryImpl : public EnvoyQuicProofSourceFactoryInterface { public: ProtobufTypes::MessagePtr createEmptyConfigProto() override { - return std::make_unique(); + return std::make_unique(); } std::string name() const override { return "envoy.quic.proof_source.filter_chain"; } diff --git a/test/common/quic/BUILD b/test/common/quic/BUILD index 40575d9921d5..943fd4b24147 100644 --- a/test/common/quic/BUILD +++ b/test/common/quic/BUILD @@ -175,7 +175,7 @@ envoy_cc_test( "//source/common/quic:envoy_quic_client_connection_lib", "//source/common/quic:envoy_quic_client_session_lib", "//source/common/quic:envoy_quic_connection_helper_lib", - "//source/extensions/quic:envoy_quic_crypto_client_stream_lib", + "//source/extensions/quic/crypto_stream:envoy_quic_crypto_client_stream_lib", "//test/mocks/http:http_mocks", "//test/mocks/http:stream_decoder_mock", "//test/mocks/network:network_mocks", @@ -197,8 +197,8 @@ envoy_cc_test( "//source/common/quic:active_quic_listener_lib", "//source/common/quic:envoy_quic_utils_lib", "//source/common/quic:udp_gso_batch_writer_lib", - "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", - "//source/extensions/quic:envoy_quic_proof_source_factory_impl_lib", + "//source/extensions/quic/crypto_stream:envoy_quic_crypto_server_stream_lib", + "//source/extensions/quic/proof_source:envoy_quic_proof_source_factory_impl_lib", "//source/server:configuration_lib", "//test/mocks/network:network_mocks", "//test/mocks/server:instance_mocks", @@ -223,7 +223,7 @@ envoy_cc_test( "//source/common/quic:envoy_quic_dispatcher_lib", "//source/common/quic:envoy_quic_proof_source_lib", "//source/common/quic:envoy_quic_server_session_lib", - "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", + "//source/extensions/quic/crypto_stream:envoy_quic_crypto_server_stream_lib", "//source/server:configuration_lib", "//test/mocks/event:event_mocks", "//test/mocks/http:http_mocks", diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index 70462ea2ae28..a289644e25bf 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -43,8 +43,8 @@ #include "source/common/quic/platform/envoy_quic_clock.h" #include "source/common/quic/envoy_quic_utils.h" #include "source/common/quic/udp_gso_batch_writer.h" -#include "source/extensions/quic/envoy_quic_crypto_server_stream.h" -#include "source/extensions/quic/envoy_quic_proof_source_factory_impl.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h" +#include "source/extensions/quic/proof_source/envoy_quic_proof_source_factory_impl.h" using testing::Return; using testing::ReturnRef; @@ -275,11 +275,11 @@ class ActiveQuicListenerTest : public QuicMultiVersionTest { crypto_stream_config: name: "envoy.quic.server.crypto_stream.quiche" typed_config: - "@type": type.googleapis.com/envoy.extensions.quic.v3.CryptoServerStreamConfig + "@type": type.googleapis.com/envoy.extensions.quic.crypto_stream.v3.CryptoServerStreamConfig proof_source_config: name: "envoy.quic.proof_source.filter_chain" typed_config: - "@type": type.googleapis.com/envoy.extensions.quic.v3.ProofSourceConfig + "@type": type.googleapis.com/envoy.extensions.quic.proof_source.v3.ProofSourceConfig )EOF", connection_window_size_, stream_window_size_); } diff --git a/test/common/quic/envoy_quic_client_session_test.cc b/test/common/quic/envoy_quic_client_session_test.cc index c916d0c393e2..4a0684d02c27 100644 --- a/test/common/quic/envoy_quic_client_session_test.cc +++ b/test/common/quic/envoy_quic_client_session_test.cc @@ -18,7 +18,7 @@ #include "source/common/quic/envoy_quic_connection_helper.h" #include "source/common/quic/envoy_quic_alarm_factory.h" #include "source/common/quic/envoy_quic_utils.h" -#include "source/extensions/quic/envoy_quic_crypto_client_stream.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_client_stream.h" #include "test/common/quic/test_utils.h" diff --git a/test/common/quic/envoy_quic_dispatcher_test.cc b/test/common/quic/envoy_quic_dispatcher_test.cc index d92505c07f2b..dc8e64efbbac 100644 --- a/test/common/quic/envoy_quic_dispatcher_test.cc +++ b/test/common/quic/envoy_quic_dispatcher_test.cc @@ -33,7 +33,7 @@ #include "test/common/quic/test_utils.h" #include "source/common/quic/envoy_quic_alarm_factory.h" #include "source/common/quic/envoy_quic_utils.h" -#include "source/extensions/quic/envoy_quic_crypto_server_stream.h" +#include "source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h" #include "source/server/configuration_impl.h" #include "gmock/gmock.h" #include "gtest/gtest.h" diff --git a/test/integration/BUILD b/test/integration/BUILD index ee2db9f1fdcd..5d4083e23c05 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -1715,7 +1715,6 @@ envoy_cc_test( ], deps = envoy_select_enable_http3([ ":protocol_integration_test_lib", - "//source/extensions/quic:envoy_quic_crypto_server_stream_lib", "//source/common/quic:active_quic_listener_lib", "//source/common/quic:client_connection_factory_lib", "//source/common/quic:quic_factory_lib", From 257fd652fa00590307b053dd160319a5341355c2 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 8 Jun 2021 12:12:15 -0400 Subject: [PATCH 29/33] fix extension build config Signed-off-by: Dan Zhang --- source/extensions/extensions_build_config.bzl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 45e99975a777..7a1567e3f4ab 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -284,8 +284,8 @@ EXTENSIONS = { # Quic extensions # - "envoy.quic.server.crypto_stream.quiche": "//source/extensions/quic:envoy_quic_default_crypto_server_stream", - "envoy.quic.proof_source.filter_chain": "//source/extensions/quic:envoy_quic_default_proof_source", + "envoy.quic.server.crypto_stream.quiche": "//source/extensions/quic/crypto_stream:envoy_quic_default_crypto_server_stream", + "envoy.quic.proof_source.filter_chain": "//source/extensions/quic/proof_source:envoy_quic_default_proof_source", } From d2164a0b19bc5a56af6a6d7f513d12bf9935f77e Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 8 Jun 2021 13:21:53 -0400 Subject: [PATCH 30/33] fix doc reference Signed-off-by: Dan Zhang --- api/envoy/config/listener/v3/quic_config.proto | 4 ++-- api/envoy/config/listener/v4alpha/quic_config.proto | 4 ++-- .../envoy/config/listener/v3/quic_config.proto | 4 ++-- .../envoy/config/listener/v4alpha/quic_config.proto | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 636ac7a441e8..aea1ed2f4592 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -52,12 +52,12 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. - // If not specified the :ref:`default one configured by ` will be used. + // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source_config = 7; } diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 0780c6620330..2086ba81f933 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -52,12 +52,12 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. - // If not specified the :ref:`default one configured by ` will be used. + // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source_config = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 636ac7a441e8..aea1ed2f4592 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -52,12 +52,12 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. - // If not specified the :ref:`default one configured by ` will be used. + // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source_config = 7; } diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 0780c6620330..2086ba81f933 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -52,12 +52,12 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; // Configure which implementation of quic::ProofSource to be used for this listener. - // If not specified the :ref:`default one configured by ` will be used. + // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source_config = 7; } From d6f6647aa98566b75f232b4349a591551a58bacb Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Tue, 8 Jun 2021 14:52:16 -0400 Subject: [PATCH 31/33] fix crypto_stream doc reference Signed-off-by: Dan Zhang --- CODEOWNERS | 2 +- api/envoy/config/listener/v3/quic_config.proto | 2 +- api/envoy/config/listener/v4alpha/quic_config.proto | 2 +- generated_api_shadow/envoy/config/listener/v3/quic_config.proto | 2 +- .../envoy/config/listener/v4alpha/quic_config.proto | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 2fc70c0398b7..884010aa43c0 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -65,7 +65,7 @@ extensions/filters/common/original_src @snowp @klarose # postgres_proxy extension /*/extensions/filters/network/postgres_proxy @fabriziomello @cpakulski @dio # quic extension -/*/extensions/quic_listeners/ @alyssawilk @danzh2010 @mattklein123 @mpwarres @wu-bin @ggreenway +/*/extensions/quic/ @alyssawilk @danzh2010 @mattklein123 @mpwarres @wu-bin @ggreenway # zookeeper_proxy extension /*/extensions/filters/network/zookeeper_proxy @rgs1 @snowp # redis cluster extension diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index aea1ed2f4592..90822b8cfa5c 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -52,7 +52,7 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 2086ba81f933..01564e410d92 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -52,7 +52,7 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index aea1ed2f4592..90822b8cfa5c 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -52,7 +52,7 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 2086ba81f933..01564e410d92 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -52,7 +52,7 @@ message QuicProtocolOptions { [(validate.rules).uint32 = {gte: 1}]; // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. - // If not specified the :ref:`QUICHE default one configured by ` will be used. + // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; From 58441b8831be7095447621022aba86bac1ba6fc8 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 9 Jun 2021 19:24:41 -0400 Subject: [PATCH 32/33] address comments Signed-off-by: Dan Zhang --- api/BUILD | 1 - api/envoy/config/listener/v3/quic_config.proto | 5 ++--- api/envoy/config/listener/v4alpha/quic_config.proto | 5 ++--- .../extensions/quic/crypto_stream/v3/crypto_stream.proto | 2 +- generated_api_shadow/BUILD | 1 - .../envoy/config/listener/v3/quic_config.proto | 5 ++--- .../envoy/config/listener/v4alpha/quic_config.proto | 5 ++--- .../extensions/quic/crypto_stream/v3/crypto_stream.proto | 2 +- source/common/quic/active_quic_listener.cc | 2 +- source/extensions/extensions_build_config.bzl | 2 +- source/extensions/extensions_metadata.yaml | 2 +- .../quic/crypto_stream/envoy_quic_crypto_server_stream.h | 2 +- test/common/quic/active_quic_listener_test.cc | 2 +- 13 files changed, 15 insertions(+), 21 deletions(-) diff --git a/api/BUILD b/api/BUILD index 69401f63e08d..179af01ca9ef 100644 --- a/api/BUILD +++ b/api/BUILD @@ -54,7 +54,6 @@ proto_library( "//envoy/config/filter/http/rate_limit/v2:pkg", "//envoy/config/filter/http/rbac/v2:pkg", "//envoy/config/filter/http/router/v2:pkg", - "//envoy/config/filter/http/squash/v2:pkg", "//envoy/config/filter/http/tap/v2alpha:pkg", "//envoy/config/filter/http/transcoder/v2:pkg", "//envoy/config/filter/listener/http_inspector/v2:pkg", diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 90822b8cfa5c..1432e1911b5d 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; -import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -51,12 +50,12 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; - // Configure which implementation of quic::ProofSource to be used for this listener. + // Configure which implementation of `quic::ProofSource` to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source_config = 7; diff --git a/api/envoy/config/listener/v4alpha/quic_config.proto b/api/envoy/config/listener/v4alpha/quic_config.proto index 01564e410d92..0b6d6bd7584c 100644 --- a/api/envoy/config/listener/v4alpha/quic_config.proto +++ b/api/envoy/config/listener/v4alpha/quic_config.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/protocol.proto"; -import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -51,12 +50,12 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; - // Configure which implementation of quic::ProofSource to be used for this listener. + // Configure which implementation of `quic::ProofSource` to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source_config = 7; diff --git a/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto b/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto index 71c5caa226b9..6313f79861e8 100644 --- a/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto +++ b/api/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] -// [#extension: envoy.quic.server.crypto_stream.quiche] +// [#extension: envoy.quic.crypto_stream.server.quiche] // Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { diff --git a/generated_api_shadow/BUILD b/generated_api_shadow/BUILD index 69401f63e08d..179af01ca9ef 100644 --- a/generated_api_shadow/BUILD +++ b/generated_api_shadow/BUILD @@ -54,7 +54,6 @@ proto_library( "//envoy/config/filter/http/rate_limit/v2:pkg", "//envoy/config/filter/http/rbac/v2:pkg", "//envoy/config/filter/http/router/v2:pkg", - "//envoy/config/filter/http/squash/v2:pkg", "//envoy/config/filter/http/tap/v2alpha:pkg", "//envoy/config/filter/http/transcoder/v2:pkg", "//envoy/config/filter/listener/http_inspector/v2:pkg", diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 90822b8cfa5c..1432e1911b5d 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; -import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -51,12 +50,12 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v3.TypedExtensionConfig crypto_stream_config = 6; - // Configure which implementation of quic::ProofSource to be used for this listener. + // Configure which implementation of `quic::ProofSource` to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v3.TypedExtensionConfig proof_source_config = 7; diff --git a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto index 01564e410d92..0b6d6bd7584c 100644 --- a/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v4alpha/quic_config.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/protocol.proto"; -import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -51,12 +50,12 @@ message QuicProtocolOptions { google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 [(validate.rules).uint32 = {gte: 1}]; - // Configure which implementation of quic::QuicCryptoClientStreamBase to be used for this listener. + // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener. // If not specified the :ref:`QUICHE default one configured by ` will be used. // [#extension-category: envoy.quic.server.crypto_stream] core.v4alpha.TypedExtensionConfig crypto_stream_config = 6; - // Configure which implementation of quic::ProofSource to be used for this listener. + // Configure which implementation of `quic::ProofSource` to be used for this listener. // If not specified the :ref:`default one configured by ` will be used. // [#extension-category: envoy.quic.proof_source] core.v4alpha.TypedExtensionConfig proof_source_config = 7; diff --git a/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto index 71c5caa226b9..6313f79861e8 100644 --- a/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto +++ b/generated_api_shadow/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto @@ -10,7 +10,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC server crypto stream config] -// [#extension: envoy.quic.server.crypto_stream.quiche] +// [#extension: envoy.quic.crypto_stream.server.quiche] // Configuration for the default QUIC server crypto stream provided by QUICHE. message CryptoServerStreamConfig { diff --git a/source/common/quic/active_quic_listener.cc b/source/common/quic/active_quic_listener.cc index da68e73530ee..f8389c5a54b6 100644 --- a/source/common/quic/active_quic_listener.cc +++ b/source/common/quic/active_quic_listener.cc @@ -264,7 +264,7 @@ ActiveQuicListenerFactory::ActiveQuicListenerFactory( envoy::config::core::v3::TypedExtensionConfig crypto_stream_config; if (!config.has_crypto_stream_config()) { // If not specified, use the quic crypto stream created by QUICHE. - crypto_stream_config.set_name("envoy.quic.server.crypto_stream.quiche"); + crypto_stream_config.set_name("envoy.quic.crypto_stream.server.quiche"); envoy::extensions::quic::crypto_stream::v3::CryptoServerStreamConfig empty_crypto_stream_config; crypto_stream_config.mutable_typed_config()->PackFrom(empty_crypto_stream_config); } else { diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 4efeb126ab77..67c9d263f00c 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -284,7 +284,7 @@ EXTENSIONS = { # Quic extensions # - "envoy.quic.server.crypto_stream.quiche": "//source/extensions/quic/crypto_stream:envoy_quic_default_crypto_server_stream", + "envoy.quic.crypto_stream.server.quiche": "//source/extensions/quic/crypto_stream:envoy_quic_default_crypto_server_stream", "envoy.quic.proof_source.filter_chain": "//source/extensions/quic/proof_source:envoy_quic_default_proof_source", } diff --git a/source/extensions/extensions_metadata.yaml b/source/extensions/extensions_metadata.yaml index 3c2e49fd9226..2500e09a957d 100644 --- a/source/extensions/extensions_metadata.yaml +++ b/source/extensions/extensions_metadata.yaml @@ -494,7 +494,7 @@ envoy.quic.proof_source.filter_chain: - envoy.quic.proof_source security_posture: robust_to_untrusted_downstream status: alpha -envoy.quic.server.crypto_stream.quiche: +envoy.quic.crypto_stream.server.quiche: categories: - envoy.quic.server.crypto_stream security_posture: robust_to_untrusted_downstream diff --git a/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h index 6837c2e51404..1cf35b5c01c8 100644 --- a/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h +++ b/source/extensions/quic/crypto_stream/envoy_quic_crypto_server_stream.h @@ -13,7 +13,7 @@ class EnvoyQuicCryptoServerStreamFactoryImpl : public EnvoyQuicCryptoServerStrea ProtobufTypes::MessagePtr createEmptyConfigProto() override { return std::make_unique(); } - std::string name() const override { return "envoy.quic.server.crypto_stream.quiche"; } + std::string name() const override { return "envoy.quic.crypto_stream.server.quiche"; } std::unique_ptr createEnvoyQuicCryptoServerStream(const quic::QuicCryptoServerConfig* crypto_config, quic::QuicCompressedCertsCache* compressed_certs_cache, diff --git a/test/common/quic/active_quic_listener_test.cc b/test/common/quic/active_quic_listener_test.cc index 33afdbfb0435..e495f07b78b6 100644 --- a/test/common/quic/active_quic_listener_test.cc +++ b/test/common/quic/active_quic_listener_test.cc @@ -274,7 +274,7 @@ class ActiveQuicListenerTest : public QuicMultiVersionTest { runtime_key: quic.enabled packets_to_read_to_connection_count_ratio: 50 crypto_stream_config: - name: "envoy.quic.server.crypto_stream.quiche" + name: "envoy.quic.crypto_stream.server.quiche" typed_config: "@type": type.googleapis.com/envoy.extensions.quic.crypto_stream.v3.CryptoServerStreamConfig proof_source_config: From 7465ec6eb7e73edb691ca171420a8ab8fe3cf5f6 Mon Sep 17 00:00:00 2001 From: Dan Zhang Date: Wed, 9 Jun 2021 23:43:58 -0400 Subject: [PATCH 33/33] format Signed-off-by: Dan Zhang --- tools/extensions/extensions_check.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/extensions/extensions_check.py b/tools/extensions/extensions_check.py index 6cf9d8c66326..fde5752799b2 100644 --- a/tools/extensions/extensions_check.py +++ b/tools/extensions/extensions_check.py @@ -49,10 +49,12 @@ "envoy.grpc_credentials", "envoy.guarddog_actions", "envoy.health_checkers", "envoy.http.stateful_header_formatters", "envoy.internal_redirect_predicates", "envoy.io_socket", "envoy.http.original_ip_detection", "envoy.matching.common_inputs", - "envoy.matching.input_matchers", "envoy.quic.proof_source", "envoy.quic.server.crypto_stream", "envoy.rate_limit_descriptors", "envoy.request_id", "envoy.resource_monitors", "envoy.retry_host_predicates", "envoy.retry_priorities", - "envoy.stats_sinks", "envoy.thrift_proxy.filters", "envoy.tracers", - "envoy.transport_sockets.downstream", "envoy.transport_sockets.upstream", - "envoy.tls.cert_validator", "envoy.upstreams", "envoy.wasm.runtime") + "envoy.matching.input_matchers", "envoy.quic.proof_source", "envoy.quic.server.crypto_stream", + "envoy.rate_limit_descriptors", "envoy.request_id", "envoy.resource_monitors", + "envoy.retry_host_predicates", "envoy.retry_priorities", "envoy.stats_sinks", + "envoy.thrift_proxy.filters", "envoy.tracers", "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", "envoy.tls.cert_validator", "envoy.upstreams", + "envoy.wasm.runtime") EXTENSION_STATUS_VALUES = ( # This extension is stable and is expected to be production usable.