- Documentation: describe lsquic internals ("guts").
- Two more fixes to compliance issues found by h3spec.
- Truncate, don't abort, SCIDs larger than 16 bytes (PR #244).
- Several small internal improvements and space optimizations.
- [FEATURE] QUIC and HTTP/3 Internet Draft 34 support and v1 support.
The latter is turned off by default.
- Drop support for ID-28 and ID-32.
- [BUGFIX] IETF QUIC mini conn receive history (trechist): allow
unlimited inserts by dropping smallest elements.
- [BUGFIX] gQUIC: set STTL to correct value, issue #226.
- [BUGFIX] Account for poison packet gap when MTU probe was too large.
- [API] lsquic_ssl_sess_to_resume_info() is the new way to get
session info.
- [API] Add user pointer to ea_generate_scid callback.
- [API] Add lsquic_dcid_from_packet() -- a fast function to parse
out DCID.
- [API] Add es_max_batch_size to control outgoing packet batch size.
- [BUGFIX] Disallow sending of header while promise is being written.
- [BUGFIX] Flush stream when buffered bytes exhaust stream cap.
- [BUGFIX] Deactivate HQ frame if writing push promise fails.
- Perform sanity check on peer transport parameters and fail the
handshake if some flow control limits are too low. This can be
turned off, see es_check_tp_sanity.
- http_server: fix how requests are read in "hq" mode.
- [API] New knob to set outgoing packet batch size.
- Aborted connection now become tickable immediately.
- Abort connection when HTTP/3 frame cannot be opened (can only happen
when malloc fails).
- [FEATURE] QUIC and HTTP/3 Internet Draft 31 support. Drop ID-30
and ID-31 support.
- [BUGFIX] Divide-by-zero in newly enabled conn stats code when no
packets were sent.
- [BUGFIX] Memory leak in gQUIC client when server hello cannot be
parsed.
- [BUGFIX] Server Initial packet size calculation.
- Log user-agent and CONN_CLOSE reason when peer reports error.
- Example programs: Specify ALPN for echo and md5 clients and servers
(issue #184).
- Example programs: Don't add "QUIC_" prefix to lines in keylog file
(issue #185).
- http_server: Fix fd leak in preadv mode; fix preadv() usage when
reading from disk.
- [FEATURE] IETF Client 0-RTT support.
- [BUGFIX] Do not schedule MTU probe on first tick.
- [BUGFIX] Parsing DATAGRAM frame.
- [BUGFIX] If push promise fails, do not invoke hset destructor.
- [BUGFIX] Client: When connections are IDed by port number, check DCID.
Fixes issue #176.
- Revert the 2.22.1 lsquic_is_valid_hs_packet change. All that was
necessary is a change to the way we call it in lsquic_engine. No
change to the function itself is required.
- [FEATURE] Extensible HTTP Priorities (HTTP/3 only).
- [FEATURE] Add conn context to packet-out memory interface (PR #175).
- [BUGFIX] gQUIC proof generation: allocate buffer big enough for
signature (issue #173).
- [BUGFIX] Make library thread-safe: drop use of global variables
(issue #133, issue #167).
- [BUGFIX] Deactivate only *recent* HQ frame, not any HQ frame.
- [BUGFIX] gQUIC server: associate compressed cert with SSL_CTX,
instead of keeping them in a separate hash, potentially leading
to mismatches.
- [BUGFIX] Stream data discard infinite loop: break on FIN.
- cmake: add install target via -DCMAKE_INSTALL_PREFIX (PR #171).
- Support randomized packet number to begin a connection.
- Mini and full IETF connection size optimization.
- http_client: specify HTTP priorities based on stream conditions.
- [FEATURE] QUIC and HTTP/3 Internet Draft 31 support.
- [API] Let user generate Souce Connection IDs.
- [FEATURE] Allow building lsquic as shared library.
- [OPTIMIZATION] Receive history: use a single contiguous memory
block for everything.
- Deprecate QUIC versions ID-27 and ID-30.
- [BUGFIX] Typo in new "validate peer addr by DCID" code. It is
a benign bug (works either way), but better to fix it.
- Simplify Stream Priority Iterator (SPI).
- Minor documentation updates.
- [FEATURE] QUIC and HTTP/3 Internet Draft 30 support.
- [FEATURE] Unreliable Datagram Extension support.
- [FEATURE] Adaptive congestion controller.
- [BUGFIX] Do not send MAX_STREAM_DATA frames on crypto streams.
- [BUGFIX] Fail with CRYPTO_BUFFER_EXCEEDED when too much CRYPTO
data comes in.
- [BUFFIX] Spin bit is now strictly per path; value is reset on
DCID change.
- [BUGFIX] Check that max value of max_streams_uni and
max_streams_bidi TPs is 2^60.
- [BUGFIX] Close IETF mini conn immediately if crypto session
cannot be initialized.
- Deprecate ID-28 (no browser uses it): it's no longer in the
default versions list.
- New programs duck_server and duck_client that implement the
experimental siduck-00 protocol. They quack!
- IETF crypto streams: don't limit ourselves from sending.
- Command-line programs: turn off QL loss bits if -G is used, as
Wireshark cannot decrypt QUIC packets when this extension is used.
- Turn all h3 framing unit tests back on.
- Fix malo initialization when compiled in no-pool mode.
- [FEATURE] Update the timestamp extension to latest version.
- [FEATURE] Cope with appearance of ECN blackholes.
- [OPTIMIZATION] return packno offset and size when header is generated.
- [BUGFIX] ignore old ACK frames in mini conns.
- [BUGFIX] Mark initial server path as initialized.
- [BUGFIX] Do not merge ACK if ECN counts do not match.
- Turn incoming packet number history in mini conn back on.
- Record mini conn event history again when compiled in debug mode.
- IETF mini conn: log when ACK is queued.
- Clean up and refactor code in several places.
- [FEATURE] DPLPMTUD support. IETF connections now search for the
maximum packet size, improving throughput.
- [DEBUG] Record event in stream history when on_close() is called
in dtor.
- [API] Rename "0-RTT" to "session resumption." In IETF QUIC, "0-RTT"
always refers to early data, meaning a request that the server can
reply to in the very first return flight. A more appropriate name
for what we support on the client site is "session resumption," which
is standard TLS terminology. Later, when we add support for 0-RTT
(early data), we can use the 0-RTT terminology again, this time in
proper context.
- [BUGFIX] Do not set certificate callback if ea_lookup_cert is NULL.
- [BUGFIX] Make connection tickable when it's marked as closed.
- [BUGFIX] Fail certificate lookup if SNI is not present in HTTP mode.
- Several documentation fixes and improvements.
- Minor code cleanup.
- [FEATURE] QUIC and HTTP/3 Internet Draft 29 support.
- [BUGFIX] Check that scheduled packets are also sendable when
calculating a connection's "tickable" property.
- [BUGFIX] Don't count scheduled packets as in-flight when pacer is
checked on tick.
- gQUIC: delay calling on_new for pushed stream until headers are
available.
- Allow nested calls to lsquic_engine_connect().
- [OPTIMIZATION] Stash up to two reordered packets in IETF mini conn
instead of dropping them.
- [BUGFIX] Crash: check decrypt context before using it. This regression
was introduced in 2.16.2.
- [FEATURE] Use "no-progress timeout" after which connection is closed.
- [BUGFIX] Select new SCID when current SCID is retired.
- [BUGFIX] Don't warn about dropped Initial packet sequence gaps during
mini/full handoff.
- [BUGFIX] Send correct conn error when HTTP/3 frame is truncated.
- [BUGFIX] Mini conn: consider amplification when deciding to return
TICK_SEND.
- [BUGFIX] Don't double-count tag length in amplification logic.
- [BUGFIX] Don't squeeze out lone path challenges.
- [BUGFIX] Log messages dealing with scheduled packet queue squeezing.
- [BUGFIX] don't wipe current path if no path challenge responses
come back.
- [BUGFIX] When path is reset, don't lose path_id which is used for
logging.
- Downgrade flow control violations to info log level from warnings.
- Fix connection cap extra check, avoid checks in nested calls.
- Fix some unit tests when extra checks are enabled.
- Use ls-hpack 2.2.1.
- Turn off unconditional extra checks for IETF clients.
- Extra checks: don't verify sent size of hello packets. Client
changes DCID length and this check will fail.
- [FEATURE] QUIC and HTTP/3 Internet Draft 28 support.
- [BUGFIX] Ignore Retry packets after other packets are decrypted
successfully.
- [BUGFIX] Transport parameter decoding: CID no longer has 4-byte
length minimum.
- http_client: fix and optimize lsxpack_header allocator.
- Drop support for Internet Draft 25.
- [BUGFIX] Fix amplification mitigation in 0-RTT case.
- [BUGFIX] IETF mini connection should not tickable if cannot send
a packet due to amplification.
- [BUGFIX] Fail if active_connection_id_limit TP is smaller than 2.
- [BUGFIX] Qlog server certificates for IETF QUIC connections.
- [BUGFIX] Uninitialized struct padding usage in tokgen (benign).
- [BUGFIX] Incorrect argument to shi_lookup() (benign).
- [BUGFIX] Place connections on tickable queue when sending is reenabled.
- [BUGFIX] A connection is tickable if it has unsent packets.
- [BUGFIX] Heed peer's max_packet_size transport parameter.
- [FEATURE] QUIC timestamps extension.
- [API] New: ea_alpn that is used when not in HTTP mode.
- [BUGFIX] SNI is mandatory only for HTTP/3 and gQUIC.
- [BUGFIX] Benign double-free -- issue #110.
- [BUGFIX] Printing of transport parameters.
- [FEATURE] QUIC and HTTP/3 Internet Draft 27 support.
- [FEATURE] Add experimental delayed ACKs extension.
- Drop support for Internet Draft 24.
- Code cleanup.
- [BUGFIX] Send HANDSHAKE_DONE only after Finished is received.
- [BUGFIX] Don't treat garbage UDP padding as library error; ignore
it instead.
- [BUGFIX] Fix compilation on FreeBSD (missing header).
- [BUGFIX] Do not delay ACKs for Initial and Handshake packets.
- [BUGFIX] Send PATH_CHALLENGE if path changed before mini conn promotion.
- Logging improvements.
- http_client: discard data faster.
- [FEATURE] QUIC and HTTP/3 Internet Draft 25 support.
- [API] Drop support for ID-23.
- [BUGFIX] Set key phase bit on outgoing packets correctly.
- Code cleanup.
- [BUGFIX] Initial packet size check for IETF mini conn applies to
UDP payload, not QUIC packet.
- Support old and new school loss_bits transport parameter.
- Use Q run length of 64 as suggested in the loss bits Draft.
- Undo square wave count when packet is delayed.
- Code cleanup; minor fixes.
- [HTTP3] Verify number of bytes in incoming DATA frames against
content-length.
- [HTTP3] Stop issuing streams credits if peer stops opening QPACK
decoder window. This addresses a potential attack whereby client
can cause the server to keep allocating memory. See Security
Considerations in the QPACK draft.
- [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
- [BUGFIX] Init IETF connection flow controller using correct setting.
- Code cleanup and minor fixes.
- [FEATURE] Use occasional packet number gaps to detect optimistic
ACK attacks.
- [BUGFIX] Q050 client: all packet numbers are in the App PNS.
- [OPTIMIZATION] Merge multi-range ACK frames, not just single-range
ACK frames.
- IETF QUIC: use RTT estimate in ack timeout calculation.
- IETF handshake: abort conn when unexpected errors occur.
- Use PING rather than MAX_DATA frames to elicit ACKs from peer.
- Server: enforce 1200 byte Initial minimum packet size.
- [CLEANUP] Remove code to disable gQUIC crypto.
- [CLEANUP] Remove n_timestamps from ACK info struct.
- Optimize driver: reuse previous ancillary message when possible.
- [FEATURE] Add support for Q050.
- [OPTIMIZATION] Reduce mallocs in gQUIC handshake.
- [BUGFIX] Disable redo of failed STREAM frame insertion with debug
logging.
- [BUGFIX] Send controller: update scheduled bytes when DCID length
changes (IETF client).
- [BUGFIX] Drop alarm check from sanity test. It no longer works now
that we use loss chains.
- [PORTABILITY] Fix build on Alpine Linux.
- [PORTABILITY] Fix build using XCode.
- Client initial DCID length: use RAND_bytes() instead of rand(3).
- Add unit tests for connection min heap.
- [DEBUG] Log CID in gQUIC handshake module
- [DEBUG] Turn on extra checks for IETF client send controller.
- [DEBUG] Dedup next advisory tick messages when reason is IDLE timer.
- [DEBUG] QPACK decoder handler: log header error code.
- Add echo client and server to the distibution.
- Add MD5 client and server to the distibution.
- Fix http_client: check command-line arguments better, prevent crash.
- Fix IETF conn: can_write_ack() should only care about APP PNS.
- Client: delay stream creation until handshake succeds.
- Reset HTTP stream whose write end is closed prematurely.
- Fix tickable(): mirror behavior of tick() wrt buffered packets.
- Log reason why engine is tickable.
- [API] Add lsquic_alpn2ver() to aid parsing Alt-Svc header.
- [BUGFIX] NULL dereference when H3 frame header would be split.
- [BUGFIX] Do not close fixed-size H3 frame prematurely.
- [BUGFIX] Allow PING frames in IETF mini conn.
- [BUGFIX] Mini conns: don't send any packets after receiving
CONNECTION_CLOSE.
- [BUGFIX] Client migration: reserve slot for DCID from transport params.
- [BUGFIX] Allow max_early_data_size=0 -- early_data might not be there.
- [BUGFIX] Use an invalid stream number to reset BPT cache (zero is now a
valid stream number).
- [SPEC] Use FINAL_SIZE_ERROR when FIN mismatch is detected.
- [OPTIMIZATION] Closed connection only gets one chance to send packets.
- [OPTIMIZATION] Flush headers stream before packetizing stream data.
- [OPTIMIZATION] process QPACK encoder STREAM frames immediately.
- Update ls-qpack to v0.10.1.
Dmitri Tikhonov
Victor Stewart
LiteSpeed Tech