1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
From: Shengjing Zhu <zhsj@debian.org>
Date: Wed, 23 Aug 2023 19:23:49 +0800
Subject: quic-go 0.46.0
---
listeners.go | 28 ++++++++++++++--------------
modules/caddyhttp/app.go | 4 ++--
modules/caddyhttp/server.go | 6 +++---
3 files changed, 19 insertions(+), 19 deletions(-)
--- a/listeners.go
+++ b/listeners.go
@@ -30,9 +30,10 @@
"syscall"
"time"
- "github.com/lucas-clemente/quic-go"
- "github.com/lucas-clemente/quic-go/http3"
+ "github.com/quic-go/quic-go"
+ "github.com/quic-go/quic-go/http3"
"go.uber.org/zap"
+ "golang.org/x/time/rate"
)
// NetworkAddress represents one or more network addresses.
@@ -435,19 +436,18 @@
// NOTE: This API is EXPERIMENTAL and may be changed or removed.
//
// TODO: See if we can find a more elegant solution closer to the new NetworkAddress.Listen API.
-func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) {
+func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) (http3.QUICEarlyListener, error) {
lnKey := listenerKey("quic+"+ln.LocalAddr().Network(), ln.LocalAddr().String())
sharedEarlyListener, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) {
- earlyLn, err := quic.ListenEarly(ln, http3.ConfigureTLSConfig(tlsConf), &quic.Config{
- RequireAddressValidation: func(clientAddr net.Addr) bool {
- var highLoad bool
- if activeRequests != nil {
- highLoad = atomic.LoadInt64(activeRequests) > 1000 // TODO: make tunable?
- }
- return highLoad
- },
- })
+ // Require clients to verify their source address when we're handling more than 1000 handshakes per second.
+ // TODO: make tunable?
+ limiter := rate.NewLimiter(1000, 1000)
+ tr := &quic.Transport{
+ Conn: ln,
+ VerifySourceAddress: func(addr net.Addr) bool { return !limiter.Allow() },
+ }
+ earlyLn, err := tr.ListenEarly(http3.ConfigureTLSConfig(tlsConf), &quic.Config{Allow0RTT: true})
if err != nil {
return nil, err
}
@@ -462,7 +462,7 @@
// of closes) because closing the quic.EarlyListener doesn't actually close
// the underlying PacketConn, but we need to for unix sockets since we dup
// the file descriptor and thus need to close the original; track issue:
- // https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608
+ // https://github.com/quic-go/quic-go/issues/3560#issuecomment-1258959608
var unix *unixConn
if uc, ok := ln.(*unixConn); ok {
unix = uc
@@ -485,7 +485,7 @@
// sharedQuicListener is like sharedListener, but for quic.EarlyListeners.
type sharedQuicListener struct {
- quic.EarlyListener
+ *quic.EarlyListener
key string
}
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@@ -554,7 +554,7 @@
// TODO: we have to manually close our listeners because quic-go won't
// close listeners it didn't create along with the server itself...
- // see https://github.com/lucas-clemente/quic-go/issues/3560
+ // see https://github.com/quic-go/quic-go/issues/3560
for _, el := range server.h3listeners {
if err := el.Close(); err != nil {
app.logger.Error("HTTP/3 listener close",
@@ -563,7 +563,7 @@
}
}
- // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103)
+ // TODO: CloseGracefully, once implemented upstream (see https://github.com/quic-go/quic-go/issues/2103)
if err := server.h3server.Close(); err != nil {
app.logger.Error("HTTP/3 server shutdown",
zap.Error(err),
--- a/modules/caddyhttp/server.go
+++ b/modules/caddyhttp/server.go
@@ -32,8 +32,8 @@
"github.com/caddyserver/caddy/v2/modules/caddyevents"
"github.com/caddyserver/caddy/v2/modules/caddytls"
"github.com/caddyserver/certmagic"
- "github.com/lucas-clemente/quic-go"
- "github.com/lucas-clemente/quic-go/http3"
+ "github.com/quic-go/quic-go"
+ "github.com/quic-go/quic-go/http3"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
)
@@ -195,7 +195,7 @@
defer atomic.AddInt64(&s.activeRequests, -1)
if r.ProtoMajor < 3 {
- err := s.h3server.SetQuicHeaders(w.Header())
+ err := s.h3server.SetQUICHeaders(w.Header())
if err != nil {
s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err))
}
@@ -526,8 +526,8 @@
TLSConfig: tlsCfg,
MaxHeaderBytes: s.MaxHeaderBytes,
// TODO: remove this config when draft versions are no longer supported (we have no need to support drafts)
- QuicConfig: &quic.Config{
- Versions: []quic.VersionNumber{quic.Version1, quic.Version2},
+ QUICConfig: &quic.Config{
+ Versions: []quic.Version{quic.Version1, quic.Version2},
},
}
}
|
