From the spec:
Prior to validating the client address, servers MUST NOT send more
than three times as many bytes as the number of bytes they have
received. This limits the magnitude of any amplification attack that
can be mounted using spoofed source addresses. In determining this
limit, servers only count the size of successfully processed packets.
Because connections' tickability depends on the ability of the engine
to send packets (ENPUB_CAN_SEND is checked), this property should be
recalculated when sending is reenabled in the engine via
lsquic_engine_send_unsent_packets()
- [FEATURE] QUIC timestamps extension.
- [API] New: ea_alpn that is used when not in HTTP mode.
- [BUGFIX] SNI is mandatory only for HTTP/3 and gQUIC.
- [BUGFIX] Benign double-free -- issue #110.
- [BUGFIX] Printing of transport parameters.
- [FEATURE] QUIC and HTTP/3 Internet Draft 27 support.
- [FEATURE] Add experimental delayed ACKs extension.
- Drop support for Internet Draft 24.
- Code cleanup.
- [BUGFIX] Send HANDSHAKE_DONE only after Finished is received.
- [BUGFIX] Don't treat garbage UDP padding as library error; ignore
it instead.
- [BUGFIX] Fix compilation on FreeBSD (missing header).
- [BUGFIX] Do not delay ACKs for Initial and Handshake packets.
- [BUGFIX] Send PATH_CHALLENGE if path changed before mini conn promotion.
- Logging improvements.
- http_client: discard data faster.
- [BUGFIX] Coalesced packets could get longer than normal packet size.
- Add spin bit configuration option es_spin (-o spin=[01]).
- Disable spin bit in 1/16 of connections.
- Improve logging a bit.
- [FEATURE] QUIC and HTTP/3 Internet Draft 25 support.
- [API] Drop support for ID-23.
- [BUGFIX] Set key phase bit on outgoing packets correctly.
- Code cleanup.
- [API] Drop support for Q039.
- Improve ACK-queuing logic. Send an ACK once in a while if
peer keeps on sending non-ack-eliciting packets.
- Improve Alt-Svc string: Q050 and later are not included in
the old-style "quic" string.
- Send stateless resets if connection could not be promoted.
- Schedule MAX_DATA if needed when DATA_BLOCKED is received.
- Use ls-qpack 0.11.2 -- needed for server push optimization.
- Code cleanup: handle some error cases, improve logging.
- [BUGFIX] Use ls-qpack 0.11.1
- [OPTIMIZATION] Generate random bytes in batches.
- Change loss_bits transport parameter ID to 0x1057 following latest
draft.
- Randomize period with which PINGs are sent to elicit ACKs.
- Some refactoring and code cleanup.
- [BUGFIX] Invalid read when parsing IETF transport parameters
(this was benign).
- [OPTIMIZATION] Frame bundling when using buffered packets in
IETF QUIC: a) flush QPACK decoder stream and b) include ACKs
in opportunistic fashion.
- Fix HTTP/3 framing unit test.
- Code cleanup.
- [BUGFIX] Initial packet size check for IETF mini conn applies to
UDP payload, not QUIC packet.
- Support old and new school loss_bits transport parameter.
- Use Q run length of 64 as suggested in the loss bits Draft.
- Undo square wave count when packet is delayed.
- Code cleanup; minor fixes.
- [HTTP3] Verify number of bytes in incoming DATA frames against
content-length.
- [HTTP3] Stop issuing streams credits if peer stops opening QPACK
decoder window. This addresses a potential attack whereby client
can cause the server to keep allocating memory. See Security
Considerations in the QPACK draft.
- [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
- [BUGFIX] Init IETF connection flow controller using correct setting.
- Code cleanup and minor fixes.
- [FEATURE] Use occasional packet number gaps to detect optimistic
ACK attacks.
- [BUGFIX] Q050 client: all packet numbers are in the App PNS.
- [OPTIMIZATION] Merge multi-range ACK frames, not just single-range
ACK frames.
- IETF QUIC: use RTT estimate in ack timeout calculation.
- IETF handshake: abort conn when unexpected errors occur.
- Use PING rather than MAX_DATA frames to elicit ACKs from peer.
- Server: enforce 1200 byte Initial minimum packet size.
- [CLEANUP] Remove code to disable gQUIC crypto.
- [CLEANUP] Remove n_timestamps from ACK info struct.
- Optimize driver: reuse previous ancillary message when possible.
- [FEATURE] Add support for Q050.
- [OPTIMIZATION] Reduce mallocs in gQUIC handshake.
- [BUGFIX] Disable redo of failed STREAM frame insertion with debug
logging.
- [DEBUG] Further dedup next advisory tick messages when reason is
the same.
- [BUGFIX] Update size of `a` array in TP struct. Fixes (benign)
GitHub bug #94.
- Use Cubic by default again instead of BBR, as it delivers more
consistent performance.
- [BUGFIX] Send controller: update scheduled bytes when DCID length
changes (IETF client).
- [BUGFIX] Drop alarm check from sanity test. It no longer works now
that we use loss chains.
- [PORTABILITY] Fix build on Alpine Linux.
- [PORTABILITY] Fix build using XCode.
- Client initial DCID length: use RAND_bytes() instead of rand(3).
- Add unit tests for connection min heap.
- [DEBUG] Log CID in gQUIC handshake module
- [DEBUG] Turn on extra checks for IETF client send controller.
- [DEBUG] Dedup next advisory tick messages when reason is IDLE timer.
- [DEBUG] QPACK decoder handler: log header error code.
- [BUGFIX] client: don't call ignore_init() in middle of batch send.
ignore_init() makes an assumption that the send controller has access
to all outgoing packets. This change wraps a few IETF full connection
methods to delay calling ignore_init() until the engine returns all
outgoing packets that were batched.
- [BUGFIX] set errno to EAGAIN if sendmmsg() can't send all of them.
This needs to be done because the value of errno may be lost on
some platforms.
- [BUGFIX] Typo that set all bits in sm_qflags lead to crashes.
- [BUGFIX] Do not cancel header block processing after failure, as
QPACK releases the reference in that case.
- [CLEANUP] IETF encrypt: replace assert(0) with a warning.
- Several small improvements to the test server.
- [API, FEATURE] Close connection immediately when ea_packets_out()
fails with errno != EAGAIN. The API change is that errno is now
examined. Make sure to set it if using something other than
sendmsg() to send packets.
- [CLEANUP] Immediate close logic in IETF full conn.
- [CLEANUP] Fix bogus warning about uninitialized `pair' variable.
