Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UDP/QUIC/Http3 quiche::h3 Server/Listener integration #514

Open
wants to merge 26 commits into
base: main
Choose a base branch
from
Open

UDP/QUIC/Http3 quiche::h3 Server/Listener integration #514

wants to merge 26 commits into from

Conversation

hargut
Copy link
Contributor

@hargut hargut commented Jan 16, 2025

Overview

The PR integrates Quiche/Http3 with pingora-core for the server side.

The viable options for the QUIC integration (#95) looked to be:

  • a hyper-h3 based approach with quiche as Quic layer
  • natively integrating quiche incl. the Http3 layer

Comparing the two prototypes it seems that the second approach is favourable from some performance aspects.

This PR provides a partial solution to what is required for QUIC support in pingora.

Any feedback on the solution and technical details is highly appreciated. In case desirable please feel free to get in touch via mail.

Status

The Listener side is implemented in pingora-core and requests are successfully handled using h3i, curl and nighthawk.
The Connector is currently not implemented, integrations and tests within pingora-proxy are not covered.

The documented MSRV of 1.72 is not compiling successful, the minimum working version is 1.74.

TLS

The PR only builds successfully using the feature boringssl or the features rustls,quic-boringssl.
Explicit activation of quic-boringssl is required when using rustls to build successfully.

Rustls is not supported directly by quiche, but can be used in combination with quiche and BoringSSL. The pingora-core then contains both TLS libraries and uses Rustls for Http1/Http2 and BoringSSL for Http3.

OpenSSL is only supported through QuicTLS in quiche, but QuicTLS is not integrated with the openssl crates which are being used in pingora-core. Further it looks like the whole concept of implementing Quic within OpenSSL is different from the approach within BoringSSL.

Building with OpenSSL for Http1/Http2 and BoringSSL for Http3 does not work as it leads to duplicated symbols during linking.

Open Points

  • further integration in pingora, especially a Connector & pingora-proxy integration
  • additional tests including H1/H2/H3 proxy tests
  • multiple TODOs need to be resolved to support non-implemented protocol features (e.g. path probes, priority updates)
  • mTLS integration, in case supported
  • Rustls integration in quiche to fully support the currently available TLS features of pingora
  • OpenSSL support as Quiche only supports QuicTLS (OpenSSL fork) which is not supported in the openssl crates
  • possibly integration / testing with the Quic Interop Runner

I wish you all a happy new year and plenty of the best for 2025. 😀

Kind regards,
Harald

hargut added 26 commits January 2, 2025 12:18
@hargut
add UdpSocket, Quic listener and basic Quic connection
bc26ff1
@hargut
add HTTP3 server session, Quic TLS handshake preparations
f3a40f0 
currently add quiche dependency only on boringssl feature
quiche does not link correctly with the openssl feature
rustls is currently not supported in quiche

the QUIC/HTTP3 change affects lots of modules and files
therefore currently not using a compile-time feature
@hargut
import helpers from cloudflare/quiche@0570ab83
1ed9ff7 
sources
cloudflare/quiche@0570ab83/apps/src/bin/quiche-server.rs
cloudflare/quiche@0570ab83/apps/src/sendto.rs

adjust for tokio::net::UdpSocket
@hargut
add initial Quic TLS handshake and connection state transition logic
7e5d62b 
refactor quic.rs to into a module to enhance structure

quic::Listener maintains a map with ConnectionIds => ConnectionHandles
ConnectionHandles correspond to Connections, both having states like `Incoming` & `Established`

the ConnectionHandles are used to forward UDP datagrams to the according quic::Connection

while the connection is in the `Incoming` state the data is sent through mpcs::channels,
once `Established` the data is directly received on the quiche::Connection

possible enhancements:
use type state pattern during quic::tls_handshake
move tls_handshake to protocols::l4::tls::quic
@hargut
import helpers from cloudflare/quiche@0570ab83
7912480 
sources
cloudflare/quiche@0570ab83/quiche/src/stream/mod.rs
@hargut
add Quic ConnectionTx task, HTTP3 handshake and HTTP3 session
af61e2f
@hargut
successful curl HTTP3 requests/responses
dfcbebd
@hargut
detect socket settings during Quic listener creation
5cc981a 
enhance Quic handshake:
- loop send & receive
- error handling, logging

read multiple body chunks in EchoApp
@hargut
H3 session housekeeping, stream capacity enhancements
dcbaebe
@hargut
H3 connection shutdown, goaway &
63d1ff9 
H3 session trailers, idle
@hargut
IO enhancements & handshake fixes
20bacd4
@hargut
enhance TLS handshake robustness & timeouts
de6dcc0
@hargut
fix send issue/packet creation
26cb062
@hargut
use VecDeque for connection & session drop
6f7a0ce
@hargut
send on end and capacity required
c3d44d4
@hargut
remove mutex on listener connections
8f5dd4e
@hargut
move tls_handshake to protocols::tls::quic
1d43682
@hargut
msrv 1.72 changes
a729986
@hargut
cargo fmt & clippy
3f062bc
@hargut
revert changes that are no longer required
9976d7a 
to keep diff concise
@hargut
add Quic/Http3 test using quiche/h3i
cb93a55
@hargut
add timeout test, fix timeout handling
e95cdc7
@hargut
refactor Quic & Http3 config handling, enable user provided configs
5f28c37
@hargut
allow building using rustls & quic-boringssl features
28773f5 
add some documentations
move socket to socket_details
remove HandshakeResponse::Rejected
@hargut
bump MSRV in workflow to 1.74
ee077b8
@hargut
fix tx loop continue write reset
3d368f6
@gumpt gumpt added enhancement New feature or request Long Term Goal Feature that we plan to support but not likely in the near future labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request Long Term Goal Feature that we plan to support but not likely in the near future
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hargut @gumpt