Commit graph

266 commits

Author SHA1 Message Date
Dmitri Tikhonov
bade9e4226 Fix crash: check decrypt context before using it
This is a regression introduced when switched to the new BoringSSL API
in.  In the new APIs, read and write secrets are installed separately
and at different times.  The previous logic that checked context
initialization can no longer be used.  The new guard differentiates
between read and write secrets.
2020-06-15 16:35:51 -04:00
Dmitri Tikhonov
39bf17a6f1 Update version to 2.12.5 2020-06-12 10:14:05 -04:00
Dmitri Tikhonov
2c252f915b Update BoringSSL to later version, need this for ID-28
In ID-28, using TLS middlebox compatibility mode is forbidden and
we need a later version of BoringSSL for it to do the right thing.
This also means we had to update our code, because BoringSSL's QUIC
API has changed.
2020-06-12 10:00:17 -04:00
Dmitri Tikhonov
6dd81c92df Fix leak: free conns in Advisory Tick Time Queue in engine dtor 2020-06-12 10:00:14 -04:00
Dmitri Tikhonov
4c27a90c3c Fix: HTTP/3 headers may be followed immediately by trailers 2020-06-12 09:53:06 -04:00
Dmitri Tikhonov
432ffd65ae Fix: select new SCID when current SCID is retired 2020-06-12 09:50:53 -04:00
Dmitri Tikhonov
583766be5f Update version to 2.12.4 2020-06-04 10:41:54 -04:00
Dmitri Tikhonov
c3c2342f79 mini conn: consider amplification when deciding to return TICK_SEND 2020-06-04 10:27:30 -04:00
Dmitri Tikhonov
ad48a114a2 Fix: don't double-count tag length in amplification logic 2020-06-04 10:27:05 -04:00
Dmitri Tikhonov
1fbdbcee1d Update version to 2.12.3 2020-05-06 10:13:53 -04:00
Dmitri Tikhonov
780fa2c574 Fix: IETF mini conn not tickable if can't send due to amplification 2020-05-06 10:04:32 -04:00
Dmitri Tikhonov
10f94146d0 Fix amplification mitigation in 0-RTT case.
From the spec:

   Prior to validating the client address, servers MUST NOT send more
   than three times as many bytes as the number of bytes they have
   received.  This limits the magnitude of any amplification attack that
   can be mounted using spoofed source addresses.  In determining this
   limit, servers only count the size of successfully processed packets.
2020-05-06 10:03:36 -04:00
Dmitri Tikhonov
652129e69b Update version to 2.12.2 2020-04-17 12:25:14 -04:00
Dmitri Tikhonov
fcac25b623 Honor max packet size on the client and when path changes 2020-04-17 12:11:57 -04:00
Dmitri Tikhonov
35fc553f01 Fix: heed peer's max_packet_size transport parameter 2020-04-17 12:11:28 -04:00
Dmitri Tikhonov
76e2cfc99a Fix: a connection is tickable if it has unsent packets 2020-04-17 12:07:22 -04:00
Dmitri Tikhonov
898664ea29 Fix: place connections on tickable queue when sending is reenabled
Because connections' tickability depends on the ability of the engine
to send packets (ENPUB_CAN_SEND is checked), this property should be
recalculated when sending is reenabled in the engine via
lsquic_engine_send_unsent_packets()
2020-04-17 12:06:48 -04:00
Dmitri Tikhonov
f4bfba069b Release 2.12.1
[BUGFIX] ACK ping-pong: TIMESTAMP frame is not to be acked.
2020-03-23 17:24:14 -04:00
Dmitri Tikhonov
aedecb458e Add tutorial.rst -- forgotten in the previous commit 2020-03-02 08:57:22 -05:00
Dmitri Tikhonov
afe3d36359 Release 2.12.0
- [FEATURE] QUIC timestamps extension.
- [API] New: ea_alpn that is used when not in HTTP mode.
- [BUGFIX] SNI is mandatory only for HTTP/3 and gQUIC.
- [BUGFIX] Benign double-free -- issue #110.
- [BUGFIX] Printing of transport parameters.
2020-03-02 08:53:41 -05:00
Dmitri Tikhonov
fa4561dcea API: add ea_alpn that is used when not in HTTP mode 2020-02-28 14:03:57 -05:00
Dmitri Tikhonov
abc972dafe Release 2.11.1: fix clang compilation 2020-02-24 12:15:23 -05:00
Dmitri Tikhonov
bc520ef752 Release 2.11.0
- [FEATURE] QUIC and HTTP/3 Internet Draft 27 support.
- [FEATURE] Add experimental delayed ACKs extension.
- Drop support for Internet Draft 24.
- Code cleanup.
2020-02-24 12:02:57 -05:00
Dmitri Tikhonov
feca77f50d Add experimental support for delayed ACKs extension 2020-02-21 14:26:25 -05:00
Dmitri Tikhonov
df25d34a5e Fail engine ctor if stream callbackes are not specified 2020-02-20 17:01:15 -05:00
Dmitri Tikhonov
83506617f9 Set lshpack include directory in the library's Makefile 2020-02-20 17:00:23 -05:00
Dmitri Tikhonov
0bd320303d Switch to readthedocs.org for hosting documentation
Add API reference.
2020-02-20 16:56:57 -05:00
Dmitri Tikhonov
b86524a470 Code cleanup. Improve comments in lsquic.h 2020-02-20 16:56:06 -05:00
Dmitri Tikhonov
aa82021170 Release 2.10.6
- [BUGFIX] HTTP/3 framing: don't misinterpret rare occurence as error.
- [BUGFIX] Send gap warning due to missing poisoned packet.
2020-02-14 09:11:22 -05:00
Dmitri Tikhonov
35ac25bb73 Add stream unit test disproving issue #106 2020-02-14 08:44:19 -05:00
Dmitri Tikhonov
1bdb91d191 Release 2.10.5
- [BUGFIX] BBR: call cci_sent() with correct arguments and at correct time.
- Refactor transport parameters module.
- Minor code cleanup.
2020-02-13 09:36:04 -05:00
Dmitri Tikhonov
e68b045258 Release 2.10.4
- [BUGFIX] Send HANDSHAKE_DONE only after Finished is received.
- [BUGFIX] Don't treat garbage UDP padding as library error; ignore
  it instead.
- [BUGFIX] Fix compilation on FreeBSD (missing header).
2020-02-11 08:53:24 -05:00
LiteSpeed Tech
45aae370f6
Merge pull request #105 from bvdberg/bb_duplicate_includes
Fix duplicate header includes
2020-02-11 08:39:26 -05:00
Bas van den Berg
f484131954 Fix duplicate header includes 2020-02-11 14:05:52 +01:00
Dmitri Tikhonov
f2a7fa84cd Release 2.10.3
- [BUGFIX] Cancel path responses and challenges on old path when
  switching to new path.
- Logging network path information.
2020-01-31 10:48:16 -05:00
Dmitri Tikhonov
8c1565cb1c Release 2.10.2
- [BUGFIX] Do not delay ACKs for Initial and Handshake packets.
- [BUGFIX] Send PATH_CHALLENGE if path changed before mini conn promotion.
- Logging improvements.
- http_client: discard data faster.
2020-01-30 17:12:47 -05:00
Dmitri Tikhonov
4ab453a184 Release 2.10.1
- [BUGFIX] Coalesced packets could get longer than normal packet size.
- Add spin bit configuration option es_spin (-o spin=[01]).
- Disable spin bit in 1/16 of connections.
- Improve logging a bit.
2020-01-29 10:34:20 -05:00
Dmitri Tikhonov
9fc120419d Release 2.10.0
- [FEATURE] QUIC and HTTP/3 Internet Draft 25 support.
- [API] Drop support for ID-23.
- [BUGFIX] Set key phase bit on outgoing packets correctly.
- Code cleanup.
2020-01-28 09:35:09 -05:00
Dmitri Tikhonov
fb96f4dd43 Release 2.9.0
- [API] Drop support for Q039.
- Improve ACK-queuing logic.  Send an ACK once in a while if
  peer keeps on sending non-ack-eliciting packets.
- Improve Alt-Svc string: Q050 and later are not included in
  the old-style "quic" string.
- Send stateless resets if connection could not be promoted.
- Schedule MAX_DATA if needed when DATA_BLOCKED is received.
- Use ls-qpack 0.11.2 -- needed for server push optimization.
- Code cleanup: handle some error cases, improve logging.
2020-01-20 09:41:37 -05:00
Dmitri Tikhonov
10c41073e4 Release 2.8.9
- [BUGFIX] Use ls-qpack 0.11.1
- [OPTIMIZATION] Generate random bytes in batches.
- Change loss_bits transport parameter ID to 0x1057 following latest
  draft.
- Randomize period with which PINGs are sent to elicit ACKs.
- Some refactoring and code cleanup.
2020-01-16 09:22:41 -05:00
Dmitri Tikhonov
a1ed99ca98 Use ls-qpack v0.11.1 2020-01-16 09:21:02 -05:00
Dmitri Tikhonov
a4f5dac3cf Release 2.8.8
- [BUGFIX] Invalid read when parsing IETF transport parameters
  (this was benign).
- [OPTIMIZATION] Frame bundling when using buffered packets in
  IETF QUIC: a) flush QPACK decoder stream and b) include ACKs
  in opportunistic fashion.
- Fix HTTP/3 framing unit test.
- Code cleanup.
2020-01-14 14:26:11 -05:00
Dmitri Tikhonov
7d09751dbb Release 2.8.7
- [BUGFIX] Initial packet size check for IETF mini conn applies to
  UDP payload, not QUIC packet.
- Support old and new school loss_bits transport parameter.
- Use Q run length of 64 as suggested in the loss bits Draft.
- Undo square wave count when packet is delayed.
- Code cleanup; minor fixes.
2020-01-09 11:52:25 -05:00
Dmitri Tikhonov
72bbf1fbee Release 2.8.5
- [BUGFIX] Fix unintended sign extension when removing header protection.
2020-01-06 11:57:25 -05:00
Dmitri Tikhonov
747be414e2 Release 2.8.4
- [HTTP3] Verify number of bytes in incoming DATA frames against
  content-length.
- [HTTP3] Stop issuing streams credits if peer stops opening QPACK
  decoder window.  This addresses a potential attack whereby client
  can cause the server to keep allocating memory.  See Security
  Considerations in the QPACK draft.
- [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
- [BUGFIX] Init IETF connection flow controller using correct setting.
- Code cleanup and minor fixes.
2020-01-06 00:47:12 -05:00
LiteSpeed Tech
3f2ab3517e
Add lsquic_parse_Q050.c 2020-01-02 10:08:11 -05:00
LiteSpeed Tech
e0b1dd95e5
Remove lsquic_buf.c 2020-01-02 09:39:20 -05:00
Dmitri Tikhonov
de46bf2f1f Release 2.8.1
- [FEATURE] Use occasional packet number gaps to detect optimistic
  ACK attacks.
- [BUGFIX] Q050 client: all packet numbers are in the App PNS.
- [OPTIMIZATION] Merge multi-range ACK frames, not just single-range
  ACK frames.
- IETF QUIC: use RTT estimate in ack timeout calculation.
- IETF handshake: abort conn when unexpected errors occur.
- Use PING rather than MAX_DATA frames to elicit ACKs from peer.
- Server: enforce 1200 byte Initial minimum packet size.
- [CLEANUP] Remove code to disable gQUIC crypto.
- [CLEANUP] Remove n_timestamps from ACK info struct.
- Optimize driver: reuse previous ancillary message when possible.
2019-12-30 11:29:05 -05:00
Dmitri Tikhonov
022d9812f3 Add lsquic_parse_ietf.h forgotten in the previous commit 2019-12-23 16:23:06 -05:00
Dmitri Tikhonov
7a8b2ece3a Release 2.8.0
- [FEATURE] Add support for Q050.
- [OPTIMIZATION] Reduce mallocs in gQUIC handshake.
- [BUGFIX] Disable redo of failed STREAM frame insertion with debug
  logging.
2019-12-23 16:14:20 -05:00