envoyproxy · alyssawilk · Sep 9, 2019 · May 8, 2019 · May 9, 2019 · Jun 14, 2019
diff --git a/api/envoy/data/accesslog/v2/accesslog.proto b/api/envoy/data/accesslog/v2/accesslog.proto
@@ -44,6 +44,7 @@ message HTTPAccessLogEntry {
     HTTP10 = 1;
     HTTP11 = 2;
     HTTP2 = 3;
+    HTTP3 = 4;
   }
   HTTPVersion protocol_version = 2;
 

diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD
@@ -59,6 +59,8 @@ quiche_copt = [
     "-Wno-type-limits",
     # quic_inlined_frame.h uses offsetof() to optimize memory usage in frames.
     "-Wno-invalid-offsetof",
+    "-Wno-type-limits",
+    "-Wno-return-type",
 ]
 
 envoy_cc_test_library(
@@ -1945,6 +1947,7 @@ envoy_cc_library(
     copts = quiche_copt,
     repository = "@envoy",
     tags = ["nofips"],
+    visibility = ["//visibility:public"],
     deps = [
         ":quic_core_packets_lib",
         ":quic_platform_base",

diff --git a/include/envoy/http/protocol.h b/include/envoy/http/protocol.h
@@ -9,8 +9,8 @@ namespace Http {
  * Possible HTTP connection/request protocols. The parallel NumProtocols constant allows defining
  * fixed arrays for each protocol, but does not pollute the enum.
  */
-enum class Protocol { Http10, Http11, Http2 };
-const size_t NumProtocols = 3;
+enum class Protocol { Http10, Http11, Http2, Http3 };
+const size_t NumProtocols = 4;
 
 } // namespace Http
 } // namespace Envoy
diff --git a/include/envoy/network/connection.h b/include/envoy/network/connection.h
@@ -299,6 +299,11 @@ class Connection : public Event::DeferredDeletable, public FilterManager {
    *         occurred an empty string is returned.
    */
   virtual absl::string_view transportFailureReason() const PURE;
+
+  /**
+   * @return return true if it speaks QUIC.
+   */
+  virtual bool isQuic() const PURE;
 };
 
 using ConnectionPtr = std::unique_ptr<Connection>;

diff --git a/source/common/http/headers.h b/source/common/http/headers.h
@@ -265,6 +265,7 @@ class HeaderValues {
     const std::string Http10String{"HTTP/1.0"};
     const std::string Http11String{"HTTP/1.1"};
     const std::string Http2String{"HTTP/2"};
+    const std::string Http3String{"HTTP/3"};
   } ProtocolStrings;
 
   struct {

diff --git a/source/common/http/utility.cc b/source/common/http/utility.cc
@@ -388,6 +388,8 @@ const std::string& Utility::getProtocolString(const Protocol protocol) {
     return Headers::get().ProtocolStrings.Http11String;
   case Protocol::Http2:
     return Headers::get().ProtocolStrings.Http2String;
+  case Protocol::Http3:
+    return Headers::get().ProtocolStrings.Http3String;
   }
 
   NOT_REACHED_GCOVR_EXCL_LINE;

diff --git a/source/common/network/connection_impl.h b/source/common/network/connection_impl.h
@@ -131,6 +131,7 @@ class ConnectionImpl : public FilterManagerConnection,
     delayed_close_timeout_ = timeout;
   }
   std::chrono::milliseconds delayedCloseTimeout() const override { return delayed_close_timeout_; }
+  bool isQuic() const override { return false; }
 
 protected:
   void closeSocket(ConnectionEvent close_type);

diff --git a/source/extensions/access_loggers/grpc/http_grpc_access_log_impl.cc b/source/extensions/access_loggers/grpc/http_grpc_access_log_impl.cc
@@ -60,6 +60,9 @@ void HttpGrpcAccessLog::emitLog(const Http::HeaderMap& request_headers,
     case Http::Protocol::Http2:
       log_entry.set_protocol_version(envoy::data::accesslog::v2::HTTPAccessLogEntry::HTTP2);
       break;
+    case Http::Protocol::Http3:
+      log_entry.set_protocol_version(envoy::data::accesslog::v2::HTTPAccessLogEntry::HTTP3);
+      break;
     }
   }
 

diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD
@@ -35,6 +35,18 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "envoy_quic_connection_helper_lib",
+    hdrs = ["envoy_quic_connection_helper.h"],
+    tags = ["nofips"],
+    deps = [
+        "//source/extensions/quic_listeners/quiche/platform:envoy_quic_clock_lib",
+        "@com_googlesource_quiche//:quic_core_buffer_allocator_lib",
+        "@com_googlesource_quiche//:quic_core_connection_lib",
+        "@com_googlesource_quiche//:quic_core_crypto_random_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "envoy_quic_packet_writer_lib",
     srcs = ["envoy_quic_packet_writer.cc"],
@@ -78,9 +90,111 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "envoy_quic_stream_lib",
+    hdrs = ["envoy_quic_stream.h"],
+    tags = ["nofips"],
+    deps = [
+        "//include/envoy/http:codec_interface",
+        "//source/common/http:codec_helper_lib",
+    ],
+)
+
+envoy_cc_library(
+    name = "envoy_quic_server_stream_lib",
+    srcs = ["envoy_quic_server_stream.cc"],
+    hdrs = ["envoy_quic_server_stream.h"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_stream_lib",
+        ":envoy_quic_utils_lib",
+        "//source/common/buffer:buffer_lib",
+        "//source/common/common:assert_lib",
+        "//source/common/http:header_map_lib",
+        "@com_googlesource_quiche//:quic_core_http_spdy_session_lib",
+    ],
+)
+
+envoy_cc_library(
+    name = "codec_impl_lib",
+    srcs = ["codec_impl.cc"],
+    hdrs = ["codec_impl.h"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_server_session_lib",
+        "//include/envoy/http:codec_interface",
+        "@com_googlesource_quiche//:quic_core_http_spdy_session_lib",
+    ],
+)
+
+envoy_cc_library(
+    name = "envoy_quic_server_session_lib",
+    srcs = ["envoy_quic_server_session.cc"],
+    hdrs = ["envoy_quic_server_session.h"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_connection_lib",
+        ":envoy_quic_server_stream_lib",
+        "//include/envoy/event:dispatcher_interface",
+        "//include/envoy/network:connection_interface",
+        "//source/common/common:empty_string",
+        "//source/common/network:filter_manager_lib",
+        "//source/common/stream_info:stream_info_lib",
+        "@com_googlesource_quiche//:quic_core_http_spdy_session_lib",
+    ],
+)
+
+envoy_cc_library(
+    name = "quic_io_handle_wrapper_lib",
+    hdrs = ["quic_io_handle_wrapper.h"],
+    deps = [
+        "//include/envoy/network:io_handle_interface",
+    ],
+)
+
+envoy_cc_library(
+    name = "envoy_quic_connection_lib",
+    srcs = ["envoy_quic_connection.cc"],
+    hdrs = ["envoy_quic_connection.h"],
+    tags = ["nofips"],
+    deps = [
+        ":quic_io_handle_wrapper_lib",
+        "//include/envoy/network:connection_interface",
+        "//source/common/network:listen_socket_lib",
+        "//source/extensions/quic_listeners/quiche:envoy_quic_utils_lib",
+        "//source/server:connection_handler_lib",
+        "@com_googlesource_quiche//:quic_core_connection_lib",
+    ],
+)
+
+envoy_cc_library(
+    name = "envoy_quic_dispatcher_lib",
+    srcs = [
+        "envoy_quic_dispatcher.cc",
+    ],
+    hdrs = [
+        "envoy_quic_dispatcher.h",
+    ],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_connection_lib",
+        ":envoy_quic_proof_source_lib",
+        ":envoy_quic_server_session_lib",
+        "//include/envoy/network:listener_interface",
+        "//source/server:connection_handler_lib",
+        "@com_googlesource_quiche//:quic_core_server_lib",
+        "@com_googlesource_quiche//:quic_core_utils_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "envoy_quic_utils_lib",
     hdrs = ["envoy_quic_utils.h"],
     external_deps = ["quiche_quic_platform"],
-    deps = ["//source/common/network:address_lib"],
+    deps = [
+        "//include/envoy/http:codec_interface",
+        "//source/common/http:header_map_lib",
+        "//source/common/network:address_lib",
+        "@com_googlesource_quiche//:quic_core_http_header_list_lib",
+    ],
 )
diff --git a/source/extensions/quic_listeners/quiche/codec_impl.cc b/source/extensions/quic_listeners/quiche/codec_impl.cc
@@ -0,0 +1,23 @@
+#include "extensions/quic_listeners/quiche/codec_impl.h"
+
+namespace Envoy {
+namespace Quic {
+
+void QuicHttpConnectionImplBase::goAway() {
+  quic_session_.SendGoAway(quic::QUIC_PEER_GOING_AWAY, "server shutdown imminent");
+}
+
+bool QuicHttpConnectionImplBase::wantsToWrite() { return quic_session_.HasDataToWrite(); }
+
+// TODO(danzh): modify QUIC stack to react based on aggregated bytes across all
+// the streams. And call StreamCallbackHelper::runHighWatermarkCallbacks() for each stream.
+void QuicHttpConnectionImplBase::onUnderlyingConnectionAboveWriteBufferHighWatermark() {
+  NOT_IMPLEMENTED_GCOVR_EXCL_LINE;
+}
+
+void QuicHttpConnectionImplBase::onUnderlyingConnectionBelowWriteBufferLowWatermark() {
+  NOT_IMPLEMENTED_GCOVR_EXCL_LINE;
+}
+
+} // namespace Quic
+} // namespace Envoy
diff --git a/source/extensions/quic_listeners/quiche/codec_impl.h b/source/extensions/quic_listeners/quiche/codec_impl.h
@@ -0,0 +1,53 @@
+#include "envoy/http/codec.h"
+
+#include "common/common/assert.h"
+#include "common/common/logger.h"
+
+#include "extensions/quic_listeners/quiche/envoy_quic_server_session.h"
+
+namespace Envoy {
+namespace Quic {
+
+// QuicHttpConnectionImplBase instance is a thin QUIC codec just providing quic interface to HCM.
+// Owned by HCM and created during onNewConnection() if the network connection
+// is a QUIC connection.
+class QuicHttpConnectionImplBase : public virtual Http::Connection,
+                                   protected Logger::Loggable<Logger::Id::quic> {
+public:
+  QuicHttpConnectionImplBase(EnvoyQuicServerSession& quic_session) : quic_session_(quic_session) {}
+
+  // Http::Connection
+  void dispatch(Buffer::Instance& /*data*/) override {
+    // Bypassed. QUIC connection already hands all data to streams.
+    NOT_REACHED_GCOVR_EXCL_LINE;
+  }
+  Http::Protocol protocol() override { return Http::Protocol::Http3; }
+  void goAway() override;
+  // Returns true if the session has data to send but queued in connection or
+  // stream send buffer.
+  bool wantsToWrite() override;
+  void onUnderlyingConnectionAboveWriteBufferHighWatermark() override;
+  void onUnderlyingConnectionBelowWriteBufferLowWatermark() override;
+
+protected:
+  EnvoyQuicServerSession& quic_session_;
+};
+
+class QuicHttpServerConnectionImpl : public QuicHttpConnectionImplBase,
+                                     public Http::ServerConnection {
+public:
+  QuicHttpServerConnectionImpl(EnvoyQuicServerSession& quic_session,
+                               Http::ServerConnectionCallbacks& callbacks)
+      : QuicHttpConnectionImplBase(quic_session) {
+    quic_session.setHttpConnectionCallbacks(callbacks);
+  }
+
+  // Http::Connection
+  void shutdownNotice() override {
+    // TODO(danzh): Add double-GOAWAY support in QUIC.
+    ENVOY_CONN_LOG(error, "Shutdown notice is not propagated to QUIC.", quic_session_);
+  }
+};
+
+} // namespace Quic
+} // namespace Envoy
diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_connection.cc b/source/extensions/quic_listeners/quiche/envoy_quic_connection.cc
@@ -0,0 +1,55 @@
+#include "extensions/quic_listeners/quiche/envoy_quic_connection.h"
+
+#include "common/network/listen_socket_impl.h"
+
+#include "extensions/quic_listeners/quiche/envoy_quic_utils.h"
+#include "extensions/quic_listeners/quiche/quic_io_handle_wrapper.h"
+
+namespace Envoy {
+namespace Quic {
+
+EnvoyQuicConnection::EnvoyQuicConnection(
+    const quic::QuicConnectionId& server_connection_id,
+    quic::QuicSocketAddress initial_peer_address, quic::QuicConnectionHelperInterface& helper,
+    quic::QuicAlarmFactory& alarm_factory, quic::QuicPacketWriter& writer, bool owns_writer,
+    quic::Perspective perspective, const quic::ParsedQuicVersionVector& supported_versions,
+    Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats)
+    : quic::QuicConnection(server_connection_id, initial_peer_address, &helper, &alarm_factory,
+                           &writer, owns_writer, perspective, supported_versions),
+      listener_config_(listener_config), listener_stats_(listener_stats) {}
+
+bool EnvoyQuicConnection::OnPacketHeader(const quic::QuicPacketHeader& header) {
+  if (quic::QuicConnection::OnPacketHeader(header) && connection_socket_ == nullptr) {
+    ASSERT(self_address().IsInitialized());
+    // Self address should be initialized by now. It's time to install filters.
+    Network::Address::InstanceConstSharedPtr local_addr =
+        quicAddressToEnvoyAddressInstance(self_address());
+    Network::Address::InstanceConstSharedPtr remote_addr =
+        quicAddressToEnvoyAddressInstance(peer_address());
+    connection_socket_ = std::make_unique<Network::ConnectionSocketImpl>(
+        // Wraps the real IoHandle instance so that if this socket gets closed,
+        // the real IoHandle won't be affected.
+        std::make_unique<QuicIoHandleWrapper>(listener_config_.socket().ioHandle()),
+        std::move(local_addr), std::move(remote_addr));
+
+    filter_chain_ = listener_config_.filterChainManager().findFilterChain(*connection_socket_);
+    if (filter_chain_ == nullptr) {
+      listener_stats_.no_filter_chain_match_.inc();
+      CloseConnection(quic::QUIC_CRYPTO_INTERNAL_ERROR,
+                      "closing connection: no matching filter chain found for handshake",
+                      quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+      return false;
+    }
+    const bool empty_filter_chain = !listener_config_.filterChainFactory().createNetworkFilterChain(
+        *envoy_connection_, filter_chain_->networkFilterFactories());
+    if (empty_filter_chain) {
+      CloseConnection(quic::QUIC_NO_ERROR, "closing connection: filter chain is empty",
+                      quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+      return false;
+    }
+  }
+  return true;
+}
+
+} // namespace Quic
+} // namespace Envoy