quiche: update QUICHE and boringSSL dependency#15181
quiche: update QUICHE and boringSSL dependency#15181alyssawilk merged 14 commits intoenvoyproxy:mainfrom
Conversation
Signed-off-by: Dan Zhang <[email protected]>
danzh2010
requested review from
alyssawilk,
ggreenway and
mattklein123
as code owners
repokitteh-read-only
bot
added
the
deps
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
|
/assign @wu-bin @alyssawilk |
|
/lgtm deps |
repokitteh-read-only
bot
removed
the
deps
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
bazel/external/quiche.BUILD
Outdated
| deps = | ||
| [ | ||
| ":quic_platform_export", | ||
| ":quiche_common_platform_export", | ||
| ], |
| // Only call watermark callbacks on non QUIC static streams which are | ||
| // crypto stream and Google QUIC headers stream. |
There was a problem hiding this comment.
Comment is obsolete.
This function was useful previously because it encaps the looping logic, but we have PerformActionOnActiveStreams now, this function does not seem to useful anymore. I'm inclined to remove it, and call the callbacks directly from onUnderlyingConnectionAboveWriteBufferHighWatermark and onUnderlyingConnectionBelowWriteBufferLowWatermark.
| // of propagating original reset reason. In QUICHE if a stream stops reading | ||
| // before FIN or RESET received, it resets the steam with QUIC_STREAM_NO_ERROR. | ||
| StopReading(); | ||
| runResetCallbacks(Http::StreamResetReason::LocalReset); |
There was a problem hiding this comment.
Is this a new callback, or did we miss it previously? Does it have test coverage?
There was a problem hiding this comment.
StopReading() stopped calling Reset() but calling session to send reset directly. So the callback in Reset() stopped from being triggered. It caused unit tests failure before adding this callback.
| : fragment_(std::make_unique<Envoy::Buffer::BufferFragmentImpl>( | ||
| buffer.release(), length, | ||
| [](const void* p, size_t, const Envoy::Buffer::BufferFragmentImpl*) { | ||
| delete[] static_cast<const char*>(p); | ||
| buffer.get(), length, | ||
| [allocator = buffer.get_deleter().allocator()](const void* p, size_t, | ||
| const Envoy::Buffer::BufferFragmentImpl*) { | ||
| quic::QuicBufferDeleter deleter(allocator); | ||
| deleter(const_cast<char*>(static_cast<const char*>(p))); | ||
| })) { | ||
| buffer.release(); |
There was a problem hiding this comment.
How about use a function to initialize fragment_?
std::unique_ptr<Envoy::Buffer::BufferFragmentImpl> ConvertToBufferFragment(
QuicUniqueBufferPtr buffer, size_t length) {
const void* p = buffer.get();
return std::make_unique<Envoy::Buffer::BufferFragmentImpl>(p, length, [buf = std::move(buffer)](
const void*, size_t, const Envoy::Buffer::BufferFragmentImpl*) {};
}
QuicMemSliceImpl::QuicMemSliceImpl(QuicUniqueBufferPtr buffer, size_t length)
: fragment_(ConvertToBufferFragment(std::move(buffer), length))
You don't need the buffer.release() this way.
You can also change ConvertToBufferFragment to be templated on the buffer type, such that it can be used by the other constructor too(the one accepts a std::unique_ptr<char[]>).
There was a problem hiding this comment.
BufferFragmentImpl constructor take a function referece and copy it over. So with unique_ptr in the capture, the lambda here is not copiable.
There was a problem hiding this comment.
I see, it seems BufferFragmentImpl should take the releasor by value and std::move() into its member field. But feel free to do it in the separate change, or just add a TODO.
There was a problem hiding this comment.
Added TODO for it.
|
|
||
| MOCK_METHOD(void, SendConnectionClosePacket, (quic::QuicErrorCode, const std::string&)); | ||
| MOCK_METHOD(void, SendConnectionClosePacket, | ||
| (quic::QuicErrorCode, quic::QuicIetfTransportErrorCodes ietf_error, |
There was a problem hiding this comment.
Nit: Please be consistent here, either always have the argument name spelled, or always not spelled.
| if (quic::VersionUsesHttp3(quic_version_.transport_version)) { | ||
| EXPECT_CALL(quic_session_, MaybeSendStopSendingFrame(_, _)); | ||
| } else { | ||
| EXPECT_CALL(quic_session_, MaybeSendRstStreamFrame(_, _, _)); | ||
| } |
There was a problem hiding this comment.
In other tests in this file, we always expect MaybeSendRstStreamFrame, and also expect a MaybeSendStopSendingFrame for h3. This test expects only one of them to happen. Is it intended?
There was a problem hiding this comment.
Yes, in early response case, FIN is ready sent before resetting, so IETF quic will not send RST_STREAM again but only STOP_SENDING.
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
repokitteh-read-only
bot
added
the
deps
|
/retest |
|
Retrying Azure Pipelines: |
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
| : fragment_(std::make_unique<Envoy::Buffer::BufferFragmentImpl>( | ||
| buffer.release(), length, | ||
| [](const void* p, size_t, const Envoy::Buffer::BufferFragmentImpl*) { | ||
| delete[] static_cast<const char*>(p); | ||
| buffer.get(), length, | ||
| [allocator = buffer.get_deleter().allocator()](const void* p, size_t, | ||
| const Envoy::Buffer::BufferFragmentImpl*) { | ||
| quic::QuicBufferDeleter deleter(allocator); | ||
| deleter(const_cast<char*>(static_cast<const char*>(p))); | ||
| })) { | ||
| buffer.release(); |
There was a problem hiding this comment.
I see, it seems BufferFragmentImpl should take the releasor by value and std::move() into its member field. But feel free to do it in the separate change, or just add a TODO.
| if (quic::VersionUsesHttp3(quic_version_.transport_version)) { | ||
| EXPECT_CALL(quic_session_, MaybeSendStopSendingFrame(_, _)); | ||
| } else { | ||
| EXPECT_CALL(quic_session_, MaybeSendRstStreamFrame(_, _, _)); | ||
| } |
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
|
/retest |
|
Retrying Azure Pipelines: |
|
@envoyproxy/dependency-shepherds |
|
/lgtm deps |
repokitteh-read-only
bot
removed
the
deps
|
The deps look OK from a deps hygiene point of view but copying TLS codeowners @lizan @asraa @ggreenway as this is a little unusual as it is pulling in a BoringSSL version from Chrome dev channel vs. the normal stable channel. /cc @htuch |
|
@danzh1989 can you comment on:
? |
As noted in PR description the latest QUICHE depends on a new TLS interface from commit https://boringssl.googlesource.com/boringssl/+/3d8b8c3df27cc780a49607be6a27f2c518f5c082. This commit is not in chrome stable yet. We had similar issue before and discussed with @PiotrSikora that in such case bumping the boring SSL version is fine. |
|
Sure, trying to help @moderation here with understanding the implications of working on the linux/dev branch. What are the properties that differ from stable? Do we lose any security coverage etc? |
AFAIK, chrome dev channel is used by a smaller percentage of users for a shorter period. These two channels differ in terms of robustness. But in terms of security, dev channel also went through release and security review. @PiotrSikora may be able to comment more about security aspect. |
|
If we have concerns about the boringssl pull @davidben could probably address as well. |
|
Review-wise, BoringSSL CLs are reviewed before check-in. We do generally aim for HEAD to be usable at any point and generally track HEAD in most of our repositories. "Live at HEAD" and all that. The repositories aren't updated continuously (weekly, biweekly, monthly, etc.), but this is less out of stability and more the time to assemble the update, run everyone's tests, etc. Mistakes may happen, but unit tests and each projects' release cycles tend to work well to catch this stuff. |
|
/lgtm deps |
| testing::ValuesIn(generateTestParam()), testParamsToString); | ||
|
|
||
| TEST_P(EnvoyQuicDispatcherTest, CreateNewConnectionUponCHLO) { | ||
| quic::SetVerbosityLogThreshold(1); |
There was a problem hiding this comment.
was this for test debug, or something we want on permanently?
There was a problem hiding this comment.
It was for debugging, removed now.
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
LGTM, but holding merge on the verbosity question
Signed-off-by: Dan Zhang <[email protected]>
Signed-off-by: Dan Zhang <[email protected]>
)" This reverts commit 80a88a8. Signed-off-by: Alyssa Wilk <[email protected]>
7 participants
Signed-off-by: Dan Zhang [email protected]
Commit Message: update QUICHE to commit 6fec8e97a1ab1a945b86bd6b7252666294448ddb and boring SSL commit b049eae83d25977661556dcd913b35fbafb3a93a.
Additional Description: the latest QUICHE commit depends on broingSSL commit: https://boringssl.googlesource.com/boringssl/+/3d8b8c3df27cc780a49607be6a27f2c518f5c082 which is in chrome dev channel.
Risk Level: low
Testing: existing tests passed