- [FEATURE] Extensible HTTP Priorities (HTTP/3 only).
- [FEATURE] Add conn context to packet-out memory interface (PR #175).
- [BUGFIX] gQUIC proof generation: allocate buffer big enough for
signature (issue #173).
- [BUGFIX] Make library thread-safe: drop use of global variables
(issue #133, issue #167).
- [BUGFIX] Deactivate only *recent* HQ frame, not any HQ frame.
- [BUGFIX] gQUIC server: associate compressed cert with SSL_CTX,
instead of keeping them in a separate hash, potentially leading
to mismatches.
- [BUGFIX] Stream data discard infinite loop: break on FIN.
- cmake: add install target via -DCMAKE_INSTALL_PREFIX (PR #171).
- Support randomized packet number to begin a connection.
- Mini and full IETF connection size optimization.
- http_client: specify HTTP priorities based on stream conditions.
- [FEATURE] QUIC and HTTP/3 Internet Draft 31 support.
- [API] Let user generate Souce Connection IDs.
- [FEATURE] Allow building lsquic as shared library.
- [OPTIMIZATION] Receive history: use a single contiguous memory
block for everything.
- Deprecate QUIC versions ID-27 and ID-30.
- [BUGFIX] Typo in new "validate peer addr by DCID" code. It is
a benign bug (works either way), but better to fix it.
- Simplify Stream Priority Iterator (SPI).
- Minor documentation updates.
- [FEATURE] QUIC and HTTP/3 Internet Draft 30 support.
- [FEATURE] Unreliable Datagram Extension support.
- [FEATURE] Adaptive congestion controller.
- [BUGFIX] Do not send MAX_STREAM_DATA frames on crypto streams.
- [BUGFIX] Fail with CRYPTO_BUFFER_EXCEEDED when too much CRYPTO
data comes in.
- [BUFFIX] Spin bit is now strictly per path; value is reset on
DCID change.
- [BUGFIX] Check that max value of max_streams_uni and
max_streams_bidi TPs is 2^60.
- [BUGFIX] Close IETF mini conn immediately if crypto session
cannot be initialized.
- Deprecate ID-28 (no browser uses it): it's no longer in the
default versions list.
- New programs duck_server and duck_client that implement the
experimental siduck-00 protocol. They quack!
- IETF crypto streams: don't limit ourselves from sending.
- Command-line programs: turn off QL loss bits if -G is used, as
Wireshark cannot decrypt QUIC packets when this extension is used.
- Turn all h3 framing unit tests back on.
- Fix malo initialization when compiled in no-pool mode.
- [FEATURE] Add lsquic_stream_pwritev(). This function allows one to
reduce the number of system calls required to read a file from disk
by using lsquic_stream_pwritev() together with preadv(2).
- [BUGFIX] When stream is reset, it is writeable -- let user collect
the error.
- [BUGFIX] Calculate correct conn flow control if reading ends early.
- [BUGFIX] Remove stream from read and write queues on internal
shutdown. This is a regression introduced in 2.19.7.
- [BUGFIX] Swapped arguments in IETF RESET_FRAME generation.
- Turn off mini conn history when compiling with Visual Studio; this
allows the project to compile on Windows again.
- http_client: Add -3 flag to stop reading from streams early; code
cleanup.
- Don't use -Werror.
- [FEATURE] Update the timestamp extension to latest version.
- [FEATURE] Cope with appearance of ECN blackholes.
- [OPTIMIZATION] return packno offset and size when header is generated.
- [BUGFIX] ignore old ACK frames in mini conns.
- [BUGFIX] Mark initial server path as initialized.
- [BUGFIX] Do not merge ACK if ECN counts do not match.
- Turn incoming packet number history in mini conn back on.
- Record mini conn event history again when compiled in debug mode.
- IETF mini conn: log when ACK is queued.
- Clean up and refactor code in several places.
- Handle ECT-CE event: issue a loss event.
- Log the fact that we ignore SETTINGS_MAX_HEADER_LIST_SIZE.
- Use Max Push ID in GOAWAY frame to cancel promises.
- Add support for HTTP/3 CANCEL_PUSH frame.
- lsquic_stream_is_pushed: streams without headers are never pushed.
- [BUGFIX] Regression in lsquic_stream_shutdown_internal: now it shuts down.
- Improve logic whether to generate CONNECTION_CLOSE.
- [BUGFIX] Do not return an oversize MTU probe to connection twice.
- [FEATURE] Delayed Acks updated to latest draft. Still experimental.
- Minor code cleanup in IETF full connection.
- [FEATURE] DPLPMTUD support. IETF connections now search for the
maximum packet size, improving throughput.
- [DEBUG] Record event in stream history when on_close() is called
in dtor.
- [FEATURE] Implement the "QUIC bit grease" extension.
- [BUGFIX] Selecting CID used for logging on client.
- [BUGFIX] Header protection assertion.
- [BUGFIX] Server: enable SSL key logging when cert lookup callback
is not set.
- Remove some dead code.
- [API] Rename "0-RTT" to "session resumption." In IETF QUIC, "0-RTT"
always refers to early data, meaning a request that the server can
reply to in the very first return flight. A more appropriate name
for what we support on the client site is "session resumption," which
is standard TLS terminology. Later, when we add support for 0-RTT
(early data), we can use the 0-RTT terminology again, this time in
proper context.
- [BUGFIX] Do not set certificate callback if ea_lookup_cert is NULL.
- [BUGFIX] Make connection tickable when it's marked as closed.
- [BUGFIX] Fail certificate lookup if SNI is not present in HTTP mode.
- Several documentation fixes and improvements.
- Minor code cleanup.
- [FEATURE] QUIC and HTTP/3 Internet Draft 29 support.
- [BUGFIX] Check that scheduled packets are also sendable when
calculating a connection's "tickable" property.
- [BUGFIX] Don't count scheduled packets as in-flight when pacer is
checked on tick.
- gQUIC: delay calling on_new for pushed stream until headers are
available.
- Allow nested calls to lsquic_engine_connect().
- [OPTIMIZATION] Stash up to two reordered packets in IETF mini conn
instead of dropping them.
- [BUGFIX] Crash: check decrypt context before using it. This regression
was introduced in 2.16.2.
- [BUGFIX] ID-28: do not use TLS middlebox compatibility mode in
ClientHello. This change requires using a newer version of BoringSSL.
- [BUGFIX] Free connections in Advisory Tick Time Queue in engine dtor.
- [BUGFIX] IETF QUIC client: narrow migration check to a single path.
- [BUGFIX] NULL dereference: set function pointers for alarm for path
challenges 2 and 3.
- [BUGFIX] HTTP/3 headers may be followed immediately by trailers.
- [BUGFIX] Log messages when SCID changes.
- [FEATURE] Use "no-progress timeout" after which connection is closed.
- [BUGFIX] Select new SCID when current SCID is retired.
- [BUGFIX] Don't warn about dropped Initial packet sequence gaps during
mini/full handoff.
- [BUGFIX] Send correct conn error when HTTP/3 frame is truncated.
- [BUGFIX] Mini conn: consider amplification when deciding to return
TICK_SEND.
- [BUGFIX] Don't double-count tag length in amplification logic.
- [BUGFIX] Don't squeeze out lone path challenges.
- [BUGFIX] Log messages dealing with scheduled packet queue squeezing.
- [BUGFIX] don't wipe current path if no path challenge responses
come back.
- [BUGFIX] When path is reset, don't lose path_id which is used for
logging.
- Downgrade flow control violations to info log level from warnings.
- Fix connection cap extra check, avoid checks in nested calls.
- Fix some unit tests when extra checks are enabled.
- Use ls-hpack 2.2.1.
- Turn off unconditional extra checks for IETF clients.
- Extra checks: don't verify sent size of hello packets. Client
changes DCID length and this check will fail.
- [FEATURE] QUIC and HTTP/3 Internet Draft 28 support.
- [BUGFIX] Ignore Retry packets after other packets are decrypted
successfully.
- [BUGFIX] Transport parameter decoding: CID no longer has 4-byte
length minimum.
- http_client: fix and optimize lsxpack_header allocator.
- Drop support for Internet Draft 25.
- [BUGFIX] Fix amplification mitigation in 0-RTT case.
- [BUGFIX] IETF mini connection should not tickable if cannot send
a packet due to amplification.
- [BUGFIX] Fail if active_connection_id_limit TP is smaller than 2.
- [BUGFIX] Qlog server certificates for IETF QUIC connections.
- [BUGFIX] Uninitialized struct padding usage in tokgen (benign).
- [BUGFIX] Incorrect argument to shi_lookup() (benign).
- [BUGFIX] In coalesced datagram, ignore packets whose CID does not match.
- [BUGFIX] Frame reader: skip headers if target stream is not found.
- [BUGFIX] Log message in QPACK decoder handler.
- [BUGFIX] Heed es_rw_once for pushed HTTP/3 streams.
- [BUGFIX] IETF client: set correct flags on bidirectional streams.
- [BUGFIX] Generate Cancel Stream QPACK instructions for abandoned
streams.
- [BUGFIX] Do not call header callbacks after stream is closed.
- Use ls-qpack 2.1.1
- [BUGFIX] Place connections on tickable queue when sending is reenabled.
- [BUGFIX] A connection is tickable if it has unsent packets.
- [BUGFIX] Heed peer's max_packet_size transport parameter.
- [API] Use lsxpack_header structure to process incoming headers.
- [BUGFIX] Fix assertion when zero-padding Initial packet.
- [BUGFIX] Use idle timeout before we learn of peer's value.
- Use ls-hpack 2.0.0 -- has lsxpack_header changes.
- Use ls-qpack 0.14.0 -- new, common with ls-hpack, XXH seed (not used yet).
- Code cleanup: prefix exported functions with "lsquic_".
- [FEATURE] QUIC timestamps extension.
- [API] New: ea_alpn that is used when not in HTTP mode.
- [BUGFIX] SNI is mandatory only for HTTP/3 and gQUIC.
- [BUGFIX] Benign double-free -- issue #110.
- [BUGFIX] Printing of transport parameters.
- [FEATURE] QUIC and HTTP/3 Internet Draft 27 support.
- [FEATURE] Add experimental delayed ACKs extension.
- Drop support for Internet Draft 24.
- Code cleanup.
- [BUGFIX] Send HANDSHAKE_DONE only after Finished is received.
- [BUGFIX] Don't treat garbage UDP padding as library error; ignore
it instead.
- [BUGFIX] Fix compilation on FreeBSD (missing header).
- [BUGFIX] Do not delay ACKs for Initial and Handshake packets.
- [BUGFIX] Send PATH_CHALLENGE if path changed before mini conn promotion.
- Logging improvements.
- http_client: discard data faster.
- [BUGFIX] Coalesced packets could get longer than normal packet size.
- Add spin bit configuration option es_spin (-o spin=[01]).
- Disable spin bit in 1/16 of connections.
- Improve logging a bit.
- [FEATURE] QUIC and HTTP/3 Internet Draft 25 support.
- [API] Drop support for ID-23.
- [BUGFIX] Set key phase bit on outgoing packets correctly.
- Code cleanup.
- [API] Drop support for Q039.
- Improve ACK-queuing logic. Send an ACK once in a while if
peer keeps on sending non-ack-eliciting packets.
- Improve Alt-Svc string: Q050 and later are not included in
the old-style "quic" string.
- Send stateless resets if connection could not be promoted.
- Schedule MAX_DATA if needed when DATA_BLOCKED is received.
- Use ls-qpack 0.11.2 -- needed for server push optimization.
- Code cleanup: handle some error cases, improve logging.
- [BUGFIX] Use ls-qpack 0.11.1
- [OPTIMIZATION] Generate random bytes in batches.
- Change loss_bits transport parameter ID to 0x1057 following latest
draft.
- Randomize period with which PINGs are sent to elicit ACKs.
- Some refactoring and code cleanup.
- [BUGFIX] Invalid read when parsing IETF transport parameters
(this was benign).
- [OPTIMIZATION] Frame bundling when using buffered packets in
IETF QUIC: a) flush QPACK decoder stream and b) include ACKs
in opportunistic fashion.
- Fix HTTP/3 framing unit test.
- Code cleanup.
- [BUGFIX] Initial packet size check for IETF mini conn applies to
UDP payload, not QUIC packet.
- Support old and new school loss_bits transport parameter.
- Use Q run length of 64 as suggested in the loss bits Draft.
- Undo square wave count when packet is delayed.
- Code cleanup; minor fixes.
- [HTTP3] Verify number of bytes in incoming DATA frames against
content-length.
- [HTTP3] Stop issuing streams credits if peer stops opening QPACK
decoder window. This addresses a potential attack whereby client
can cause the server to keep allocating memory. See Security
Considerations in the QPACK draft.
- [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
- [BUGFIX] Init IETF connection flow controller using correct setting.
- Code cleanup and minor fixes.
- [FEATURE] Use occasional packet number gaps to detect optimistic
ACK attacks.
- [BUGFIX] Q050 client: all packet numbers are in the App PNS.
- [OPTIMIZATION] Merge multi-range ACK frames, not just single-range
ACK frames.
- IETF QUIC: use RTT estimate in ack timeout calculation.
- IETF handshake: abort conn when unexpected errors occur.
- Use PING rather than MAX_DATA frames to elicit ACKs from peer.
- Server: enforce 1200 byte Initial minimum packet size.
- [CLEANUP] Remove code to disable gQUIC crypto.
- [CLEANUP] Remove n_timestamps from ACK info struct.
- Optimize driver: reuse previous ancillary message when possible.
- [FEATURE] Add support for Q050.
- [OPTIMIZATION] Reduce mallocs in gQUIC handshake.
- [BUGFIX] Disable redo of failed STREAM frame insertion with debug
logging.
- [DEBUG] Further dedup next advisory tick messages when reason is
the same.
- [BUGFIX] Update size of `a` array in TP struct. Fixes (benign)
GitHub bug #94.
- Use Cubic by default again instead of BBR, as it delivers more
consistent performance.
- [BUGFIX] Send controller: update scheduled bytes when DCID length
changes (IETF client).
- [BUGFIX] Drop alarm check from sanity test. It no longer works now
that we use loss chains.
- [PORTABILITY] Fix build on Alpine Linux.
- [PORTABILITY] Fix build using XCode.
- Client initial DCID length: use RAND_bytes() instead of rand(3).
- Add unit tests for connection min heap.
- [DEBUG] Log CID in gQUIC handshake module
- [DEBUG] Turn on extra checks for IETF client send controller.
- [DEBUG] Dedup next advisory tick messages when reason is IDLE timer.
- [DEBUG] QPACK decoder handler: log header error code.
- [BUGFIX] client: don't call ignore_init() in middle of batch send.
ignore_init() makes an assumption that the send controller has access
to all outgoing packets. This change wraps a few IETF full connection
methods to delay calling ignore_init() until the engine returns all
outgoing packets that were batched.
- [BUGFIX] set errno to EAGAIN if sendmmsg() can't send all of them.
This needs to be done because the value of errno may be lost on
some platforms.
- [BUGFIX] Typo that set all bits in sm_qflags lead to crashes.
- [BUGFIX] Do not cancel header block processing after failure, as
QPACK releases the reference in that case.
- [CLEANUP] IETF encrypt: replace assert(0) with a warning.
- Several small improvements to the test server.
- [API, FEATURE] Close connection immediately when ea_packets_out()
fails with errno != EAGAIN. The API change is that errno is now
examined. Make sure to set it if using something other than
sendmsg() to send packets.
- [CLEANUP] Immediate close logic in IETF full conn.
- [CLEANUP] Fix bogus warning about uninitialized `pair' variable.
- [BUGFIX] set retry token on all resubmitted packets.
- Event log: log sent packet flags. In particular, this allows one
to see whether token was sent.
- Don't migrate client if es_allow_migration is false.
- [BUGFIX] Fix double-free when emptying a packet number space.
- [BUGFIX] http_server: fix md5sum handler: handle EOF correctly.
- [BUGFIX] Use random values in bits 4 and 5 of the first byte of
verneg packets (regression introduced in 2.5.0).
- [OPTIMIZATION] Don't compile in expensive attq checks by default.
- [OPTIMIZATION] http_server: compile regexes only once.
- [API] lsquic_engine_connect() can now be passed QUIC version to use.
- [OPTIMIZATION] Queue opportunistic ACKs if there is data to be sent.
- [BUGFIX] Don't evict streams from priority iterator if there is
only one queue.
- [OPTIMIZATION, BUGFIX] Several other optimizations and bug fixes.
- Use ls-qpack v0.10.7.
- [BUGFIX] IETF QUIC server: fix uninitialized variable use.
- [BUGFIX] make sure TLSv1.3 is not disabled in SSL object.
- [BUGFIX] Use issuer name and serial number to cache certs (SKID
values are not unique).
- [BUGFIX] Always set the idle alarm in IETF connection so that it
can time out.
- Add echo client and server to the distibution.
- Add MD5 client and server to the distibution.
- Fix http_client: check command-line arguments better, prevent crash.
- Fix IETF conn: can_write_ack() should only care about APP PNS.
- Client: delay stream creation until handshake succeds.
- Reset HTTP stream whose write end is closed prematurely.
- Fix tickable(): mirror behavior of tick() wrt buffered packets.
- Log reason why engine is tickable.
- Minor code cleanup and logging improvements.
- Server and client programs: include library version (e.g. 2.4.6)
into `server' and `user-agent' headers.
- [OPTIMIZATION]: flush encoder stream only when necessary.
- [BUGFIX] Use ls-qpack v0.10.2 for new API -- and for a bug fix.
- [BUGFIX] Typo in IETF conn SETTINGS writer.
- Use latest BoringSSL.
- [API] Add lsquic_alpn2ver() to aid parsing Alt-Svc header.
- [BUGFIX] NULL dereference when H3 frame header would be split.
- [BUGFIX] Do not close fixed-size H3 frame prematurely.
- [BUGFIX] Allow PING frames in IETF mini conn.
- [BUGFIX] Mini conns: don't send any packets after receiving
CONNECTION_CLOSE.
- [BUGFIX] Client migration: reserve slot for DCID from transport params.
- [BUGFIX] Allow max_early_data_size=0 -- early_data might not be there.
- [BUGFIX] Use an invalid stream number to reset BPT cache (zero is now a
valid stream number).
- [SPEC] Use FINAL_SIZE_ERROR when FIN mismatch is detected.
- [OPTIMIZATION] Closed connection only gets one chance to send packets.
- [OPTIMIZATION] Flush headers stream before packetizing stream data.
- [OPTIMIZATION] process QPACK encoder STREAM frames immediately.
- Update ls-qpack to v0.10.1.
- Add GQUIC versions to the list of h3 ALPNs for Alt-Svc header.
For example, h3-Q043. Chrome will switch to using this format at
some point in the future.
- [BUGFIX] Send correct value in max_streams_uni transport param
- [SPEC] Abort IETF QUIC connection if max_early_data_size is not set
to 0xFFFFFFFF
- [BUGFIX] H3 framing: fix zero-byte write when space is available
- [BUGFIX] Don't send STREAM frame when incoming unidirectgional stream
is closed
- [BUGFIX] Cancel all pending writes by stream reset by a GOAWAY
- [BUGFIX] Fix use-after-free in IETF full conn
- [OPTIMIZATION] Wait for session tickets for two seconds and then drop
SSL object and crypto streams.
- [BUGFIX] If FIN or RST not received, don't delay stream destruction.
- [OPTIMIZATION] Speed up HPACK encoder by using same hash value to
search static and dynamic tables.
- [BUGFIX] Ensure that Largest Observed does not decrease in ACKs we
send. ACK frames placed in packets in buffered queues (optimization
introduced in 1.17.15) can be preceded by an ACK frame generated later.
In this case, the older ACK frame should not be sent out, as Chromium-
based servers flags decrease in the ACK frame's Largest Observed value
as an error.
- [BUGFIX] Use correct public key from PUBS based on KEXS index.
- [BUGFIX] Check flags before dispatching writes, avoiding assert.
- [BUGFIX] Set :scheme to "https" (instead of "HTTP").
- [BUGFIX] Check buffer bounds when looking up version in 0-RTT blob.
- [BUGFIX] http_client: don't fetch 0-rtt info if handshake failed.
- Log number of pacer calls at DEBUG, rather than NOTICE, level.