quiche: implement ActiveQuicListener

api/envoy/api/v2/listener/BUILD

@@ -28,3 +28,9 @@ api_proto_library_internal(
         "//envoy/api/v2/core:base",
     ],
 )
+
+api_proto_library_internal(
+    name = "quic_config",
+    srcs = ["quic_config.proto"],
+    visibility = ["//envoy/api/v2:friends"],
+)

api/envoy/api/v2/listener/quic_config.proto

@@ -0,0 +1,25 @@
+syntax = "proto3";
+
+package envoy.api.v2.listener;
+
+option java_outer_classname = "ListenerProto";
+option java_multiple_files = true;
+option java_package = "io.envoyproxy.envoy.api.v2.listener";
+option csharp_namespace = "Envoy.Api.V2.ListenerNS";
+option ruby_package = "Envoy::Api::V2::ListenerNS";
+
+// Configuration specific to the QUIC protocol.
+// Next id: 4
+message QuicConfigProto {
+  // Maximum number of streams that the client can negotiate per connection. 100
+  // if not specified.
+  int32 max_streams_per_connection = 1;
+
+  // Maximum number of milliseconds that connection will be alive when there is
+  // no network activity. 300000ms if not specified.
+  int32 idle_network_timeout_ms = 2;
+
+  // Connection timeout before the crypto handshake is finished. 20s if not
+  // specified.
+  int32 max_time_before_crypto_handshake_ms = 3;
+}

include/envoy/network/connection_handler.h

@@ -26,6 +26,16 @@ class ConnectionHandler {
    */
   virtual uint64_t numConnections() PURE;
 
+  /**
+   * Increment the return value of numConnections() by one.
+   */
+  virtual void incNumConnections() PURE;
+
+  /**
+   * Decrement the return value of numConnections() by one.
+   */
+  virtual void decNumConnections() PURE;
+
   /**
    * Adds a listener to the handler.
    * @param config listener configuration options.

include/envoy/server/active_udp_listener_config.h

@@ -2,6 +2,8 @@
 
 #include "envoy/network/connection_handler.h"
 
+#include "common/protobuf/protobuf.h"
+
 namespace Envoy {
 namespace Server {
 
@@ -13,6 +15,8 @@ class ActiveUdpListenerConfigFactory {
 public:
   virtual ~ActiveUdpListenerConfigFactory() = default;
 
+  virtual ProtobufTypes::MessagePtr createEmptyConfigProto() PURE;
+
   /**
    * Create an ActiveUdpListenerFactory object according to given message.
    */

source/extensions/quic_listeners/quiche/BUILD

@@ -190,6 +190,36 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "active_quic_listener_lib",
+    srcs = ["active_quic_listener.cc"],
+    hdrs = ["active_quic_listener.h"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_alarm_factory_lib",
+        ":envoy_quic_connection_helper_lib",
+        ":envoy_quic_dispatcher_lib",
+        ":envoy_quic_packet_writer_lib",
+        ":envoy_quic_proof_source_lib",
+        ":envoy_quic_utils_lib",
+        "//include/envoy/network:listener_interface",
+        "//source/common/network:listener_lib",
+        "//source/server:connection_handler_lib",
+        "@envoy_api//envoy/api/v2/listener:quic_config_cc",
+    ],
+)
+
+envoy_cc_library(
+    name = "active_quic_listener_config_lib",
+    srcs = ["active_quic_listener_config.cc"],
+    hdrs = ["active_quic_listener_config.h"],
+    deps = [
+        ":active_quic_listener_lib",
+        "//include/envoy/registry",
+        "//source/server:well_known_names_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "envoy_quic_utils_lib",
     srcs = ["envoy_quic_utils.cc"],

source/extensions/quic_listeners/quiche/active_quic_listener.cc

@@ -0,0 +1,76 @@
+#include "extensions/quic_listeners/quiche/active_quic_listener.h"
+
+#include "extensions/quic_listeners/quiche/envoy_quic_alarm_factory.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_connection_helper.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_dispatcher.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_fake_proof_source.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_packet_writer.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_utils.h"
+
+namespace Envoy {
+namespace Quic {
+
+ActiveQuicListener::ActiveQuicListener(Event::Dispatcher& dispatcher,
+                                       Network::ConnectionHandler& parent, spdlog::logger& logger,
+                                       Network::ListenerConfig& listener_config,
+                                       const quic::QuicConfig& quic_config)
+    : ActiveQuicListener(dispatcher, parent,
+                         dispatcher.createUdpListener(listener_config.socket(), *this), logger,
+                         listener_config, quic_config) {}
+
+ActiveQuicListener::ActiveQuicListener(Event::Dispatcher& dispatcher,
+                                       Network::ConnectionHandler& parent,
+                                       Network::ListenerPtr&& listener, spdlog::logger& logger,
+                                       Network::ListenerConfig& listener_config,
+                                       const quic::QuicConfig& quic_config)
+    : Server::ConnectionHandlerImpl::ActiveListenerImplBase(std::move(listener), listener_config),
+      logger_(logger), dispatcher_(dispatcher), version_manager_(quic::CurrentSupportedVersions()) {
+  quic::QuicRandom* const random = quic::QuicRandom::GetInstance();
+  random->RandBytes(random_seed_, sizeof(random_seed_));
+  crypto_config_ = std::make_unique<quic::QuicCryptoServerConfig>(
+      quic::QuicStringPiece(reinterpret_cast<char*>(random_seed_), sizeof(random_seed_)),
+      quic::QuicRandom::GetInstance(), std::make_unique<EnvoyQuicFakeProofSource>(),
+      quic::KeyExchangeSource::Default());
+  auto connection_helper = std::make_unique<EnvoyQuicConnectionHelper>(dispatcher_);
+  auto alarm_factory =
+      std::make_unique<EnvoyQuicAlarmFactory>(dispatcher_, *connection_helper->GetClock());
+  quic_dispatcher_ = std::make_unique<EnvoyQuicDispatcher>(
+      crypto_config_.get(), quic_config, &version_manager_, std::move(connection_helper),
+      std::move(alarm_factory), quic::kQuicDefaultConnectionIdLength, parent, config_, stats_,
+      dispatcher);
+  quic_dispatcher_->InitializeWithWriter(
+      new EnvoyQuicPacketWriter(*dynamic_cast<Network::UdpListener*>(listener_.get())));
+}
+
+void ActiveQuicListener::onListenerShutdown() {
+  ENVOY_LOG_TO_LOGGER(logger_, info, "Listener shutdown.");
+  quic_dispatcher_->Shutdown();
+}
+
+void ActiveQuicListener::onData(Network::UdpRecvData& data) {
+  quic::QuicSocketAddress peer_address(envoyAddressInstanceToQuicSocketAddress(data.peer_address_));
+  quic::QuicSocketAddress self_address(
+      envoyAddressInstanceToQuicSocketAddress(data.local_address_));
+  quic::QuicTime timestamp =
+      quic::QuicTime::Zero() +
+      quic::QuicTime::Delta::FromMilliseconds(std::chrono::duration_cast<std::chrono::milliseconds>(
+                                                  data.receive_time_.time_since_epoch())
+                                                  .count());
+  uint64_t num_slice = data.buffer_->getRawSlices(nullptr, 0);
+  ASSERT(num_slice == 1);
+  Buffer::RawSlice slice;
+  data.buffer_->getRawSlices(&slice, 1);
+  // TODO(danzh): pass in TTL and UDP header.
+  quic::QuicReceivedPacket packet(reinterpret_cast<char*>(slice.mem_), slice.len_, timestamp,
+                                  /*owns_buffer=*/false, /*ttl=*/0, /*ttl_valid=*/true,
+                                  /*packet_headers=*/nullptr, /*headers_length=*/0,
+                                  /*owns_header_buffer*/ false);
+  quic_dispatcher_->ProcessPacket(self_address, peer_address, packet);
+}
+
+void ActiveQuicListener::onWriteReady(const Network::Socket& /*socket*/) {
+  quic_dispatcher_->OnCanWrite();
+}
+
+} // namespace Quic
+} // namespace Envoy

source/extensions/quic_listeners/quiche/active_quic_listener.h

@@ -0,0 +1,98 @@
+#pragma once
+
+#include "envoy/api/v2/listener/quic_config.pb.h"
+#include "envoy/network/connection_handler.h"
+#include "envoy/network/listener.h"
+
+#include "server/connection_handler_impl.h"
+
+#include "extensions/quic_listeners/quiche/envoy_quic_dispatcher.h"
+
+namespace Envoy {
+namespace Quic {
+
+// QUIC specific UdpListenerCallbacks implemention which delegates incoming
+// packets, write signals and listener errors to QuicDispatcher.
+class ActiveQuicListener : public Network::UdpListenerCallbacks,
+                           public Server::ConnectionHandlerImpl::ActiveListenerImplBase,
+                           // Inherits below two interfaces just to have common
+                           // interfaces. Not expected to support listener
+                           // filter.
+                           public Network::UdpListenerFilterManager,
+                           public Network::UdpReadFilterCallbacks {
+public:
+  ActiveQuicListener(Event::Dispatcher& dispatcher, Network::ConnectionHandler& parent,
+                     spdlog::logger& logger, Network::ListenerConfig& listener_config,
+                     const quic::QuicConfig& quic_config);
+
+  ActiveQuicListener(Event::Dispatcher& dispatcher, Network::ConnectionHandler& parent,
+                     Network::ListenerPtr&& listener, spdlog::logger& logger,
+                     Network::ListenerConfig& listener_config, const quic::QuicConfig& quic_config);
+  // TODO(#7465): Make this a callback.
+  void onListenerShutdown();
+
+  // Network::UdpListenerCallbacks
+  void onData(Network::UdpRecvData& data) override;
+  void onWriteReady(const Network::Socket& socket) override;
+  void onReceiveError(const Network::UdpListenerCallbacks::ErrorCode& /*error_code*/,
+                      Api::IoError::IoErrorCode /*err*/) override {
+    // No-op. Quic can't do anything upon listener error.
+  }
+
+  // Network::UdpListenerFilterManager
+  void addReadFilter(Network::UdpListenerReadFilterPtr&& /*filter*/) override {
+    // QUIC doesn't support listener filter.
+    NOT_REACHED_GCOVR_EXCL_LINE;
+  }
+
+  // Network::UdpReadFilterCallbacks
+  Network::UdpListener& udpListener() override { NOT_REACHED_GCOVR_EXCL_LINE; }
+
+private:
+  friend class ActiveQuicListenerPeer;
+
+  uint8_t random_seed_[16];
+  std::unique_ptr<quic::QuicCryptoServerConfig> crypto_config_;
+  spdlog::logger& logger_;
+  Event::Dispatcher& dispatcher_;
+  quic::QuicVersionManager version_manager_;
+  std::unique_ptr<EnvoyQuicDispatcher> quic_dispatcher_;
+};
+
+using ActiveQuicListenerPtr = std::unique_ptr<ActiveQuicListener>;
+
+// A factory to create ActiveQuicListener based on given config.
+class ActiveQuicListenerFactory : public Network::ActiveUdpListenerFactory {
+public:
+  ActiveQuicListenerFactory(const envoy::api::v2::listener::QuicConfigProto& config) {
+    int32_t idle_network_timeout_ms =
+        config.idle_network_timeout_ms() == 0 ? 300000 : config.idle_network_timeout_ms();
+    quic_config_.SetIdleNetworkTimeout(
+        quic::QuicTime::Delta::FromMilliseconds(idle_network_timeout_ms),
+        quic::QuicTime::Delta::FromMilliseconds(idle_network_timeout_ms));
+    int32_t max_time_before_crypto_handshake_ms =
+        config.max_time_before_crypto_handshake_ms() == 0
+            ? 20000
+            : config.max_time_before_crypto_handshake_ms();
+    quic_config_.set_max_time_before_crypto_handshake(
+        quic::QuicTime::Delta::FromMilliseconds(max_time_before_crypto_handshake_ms));
+    int32_t max_streams =
+        config.max_streams_per_connection() == 0 ? 100 : config.max_streams_per_connection();
+    quic_config_.SetMaxIncomingBidirectionalStreamsToSend(max_streams);
+    quic_config_.SetMaxIncomingUnidirectionalStreamsToSend(max_streams);
+  }
+
+  Network::ConnectionHandler::ActiveListenerPtr
+  createActiveUdpListener(Network::ConnectionHandler& parent, Event::Dispatcher& disptacher,
+                          spdlog::logger& logger, Network::ListenerConfig& config) const override {
+    return std::make_unique<ActiveQuicListener>(disptacher, parent, logger, config, quic_config_);
+  }
+
+private:
+  friend class ActiveQuicListenerFactoryPeer;
+
+  quic::QuicConfig quic_config_;
+};
+
+} // namespace Quic
+} // namespace Envoy

source/extensions/quic_listeners/quiche/active_quic_listener_config.cc

@@ -0,0 +1,27 @@
+#include "extensions/quic_listeners/quiche/active_quic_listener_config.h"
+
+#include "envoy/api/v2/listener/quic_config.pb.h"
+
+#include "server/well_known_names.h"
+
+#include "extensions/quic_listeners/quiche/active_quic_listener.h"
+
+namespace Envoy {
+namespace Quic {
+
+ProtobufTypes::MessagePtr ActiveQuicListenerConfigFactory::createEmptyConfigProto() {
+  return std::make_unique<envoy::api::v2::listener::QuicConfigProto>();
+}
+
+Network::ActiveUdpListenerFactoryPtr
+ActiveQuicListenerConfigFactory::createActiveUdpListenerFactory(const Protobuf::Message& message) {
+  auto& config = dynamic_cast<const envoy::api::v2::listener::QuicConfigProto&>(message);
+  return std::make_unique<ActiveQuicListenerFactory>(config);
+}
+
+std::string ActiveQuicListenerConfigFactory::name() { return Server::UdpListenerNames::get().Quic; }
+
+REGISTER_FACTORY(ActiveQuicListenerConfigFactory, Server::ActiveUdpListenerConfigFactory);
+
+} // namespace Quic
+} // namespace Envoy

source/extensions/quic_listeners/quiche/active_quic_listener_config.h

@@ -0,0 +1,23 @@
+#pragma once
+
+#include "envoy/registry/registry.h"
+#include "envoy/server/active_udp_listener_config.h"
+
+namespace Envoy {
+namespace Quic {
+
+// A factory to create ActiveQuicListenerFactory based on given protobuf.
+class ActiveQuicListenerConfigFactory : public Server::ActiveUdpListenerConfigFactory {
+public:
+  ProtobufTypes::MessagePtr createEmptyConfigProto() override;
+
+  Network::ActiveUdpListenerFactoryPtr
+  createActiveUdpListenerFactory(const Protobuf::Message&) override;
+
+  std::string name() override;
+};
+
+DECLARE_FACTORY(ActiveQuicListenerConfigFactory);
+
+} // namespace Quic
+} // namespace Envoy

source/extensions/quic_listeners/quiche/envoy_quic_dispatcher.cc

@@ -6,16 +6,18 @@ namespace Envoy {
 namespace Quic {
 
 EnvoyQuicDispatcher::EnvoyQuicDispatcher(
-    const quic::QuicCryptoServerConfig* crypto_config, quic::QuicVersionManager* version_manager,
+    const quic::QuicCryptoServerConfig* crypto_config, const quic::QuicConfig& quic_config,
+    quic::QuicVersionManager* version_manager,
     std::unique_ptr<quic::QuicConnectionHelperInterface> helper,
     std::unique_ptr<quic::QuicAlarmFactory> alarm_factory,
-    uint8_t expected_server_connection_id_length, Server::ConnectionHandlerImpl& connection_handler,
-    Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats)
-    : quic::QuicDispatcher(&quic_config_, crypto_config, version_manager, std::move(helper),
+    uint8_t expected_server_connection_id_length, Network::ConnectionHandler& connection_handler,
+    Network::ListenerConfig& listener_config, Server::ListenerStats& listener_stats,
+    Event::Dispatcher& dispatcher)
+    : quic::QuicDispatcher(&quic_config, crypto_config, version_manager, std::move(helper),
                            std::make_unique<EnvoyQuicCryptoServerStreamHelper>(),
                            std::move(alarm_factory), expected_server_connection_id_length),
       connection_handler_(connection_handler), listener_config_(listener_config),
-      listener_stats_(listener_stats) {
+      listener_stats_(listener_stats), dispatcher_(dispatcher) {
   // Turn off chlo buffering in QuicDispatcher because per event loop clean
   // up is not implemented.
   // TODO(danzh): Add a per event loop callback to
@@ -29,8 +31,8 @@ void EnvoyQuicDispatcher::OnConnectionClosed(quic::QuicConnectionId connection_i
                                              const std::string& error_details,
                                              quic::ConnectionCloseSource source) {
   quic::QuicDispatcher::OnConnectionClosed(connection_id, error, error_details, source);
-  ASSERT(connection_handler_.num_connections_ > 0);
-  --connection_handler_.num_connections_;
+  ASSERT(connection_handler_.numConnections() > 0);
+  connection_handler_.decNumConnections();
 }
 
 quic::QuicSession* EnvoyQuicDispatcher::CreateQuicSession(
@@ -42,15 +44,15 @@ quic::QuicSession* EnvoyQuicDispatcher::CreateQuicSession(
       listener_config_, listener_stats_);
   auto quic_session = new EnvoyQuicServerSession(
       config(), quic::ParsedQuicVersionVector{version}, std::move(quic_connection), this,
-      session_helper(), crypto_config(), compressed_certs_cache(), connection_handler_.dispatcher_);
+      session_helper(), crypto_config(), compressed_certs_cache(), dispatcher_);
   quic_session->Initialize();
   // Filter chain can't be retrieved here as self address is unknown at this
   // point.
   // TODO(danzh): change QUIC interface to pass in self address as it is already
   // known. In this way, filter chain can be retrieved at this point. But one
   // thing to pay attention is that if the retrival fails, connection needs to
   // be closed, and it should be added to time wait list instead of session map.
-  ++connection_handler_.num_connections_;
+  connection_handler_.incNumConnections();
   return quic_session;
 }