mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-05 05:07:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

set the QUIC version for integration tests using a command line flag

Browse source
This commit is contained in:
Marten Seemann 2023-04-22 12:29:26 +02:00
parent 0dbe595d9f
commit 2b0a03a988
21 changed files with 2471 additions and 2595 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/integration.yml vendored
View file

@ -20,19 +20,24 @@ jobs:
- run: go version - run: go version
- name: set qlogger - name: set qlogger
if: env.DEBUG == 'true' if: env.DEBUG == 'true'
run: echo "QLOGFLAG=-- -qlog" >> $GITHUB_ENV run: echo "QLOGFLAG= -qlog" >> $GITHUB_ENV
- name: Run tests - name: Run other tests
run: | run: |
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace -skip-package self,versionnegotiation integrationtests go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace -skip-package self,versionnegotiation integrationtests
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/versionnegotiation ${{ env.QLOGFLAG }} go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/versionnegotiation -- ${{ env.QLOGFLAG }}
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self ${{ env.QLOGFLAG }} - name: Run self tests, using draft-29
run: go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self -- -version=draft29 ${{ env.QLOGFLAG }}
- name: Run self tests, using QUIC v1
run: go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self -- -version=1 ${{ env.QLOGFLAG }}
- name: Run self tests, using QUIC v2
run: go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self -- -version=2 ${{ env.QLOGFLAG }}
- name: Run tests (32 bit) - name: Run tests (32 bit)
env: env:
GOARCH: 386 GOARCH: 386
run: | run: |
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace -skip-package self,versionnegotiation integrationtests go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace -skip-package self,versionnegotiation integrationtests
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/versionnegotiation ${{ env.QLOGFLAG }} go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/versionnegotiation -- ${{ env.QLOGFLAG }}
go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self ${{ env.QLOGFLAG }} go run github.com/onsi/ginkgo/v2/ginkgo -r -v -randomize-all -randomize-suites -trace integrationtests/self -- ${{ env.QLOGFLAG }}
- name: save qlogs - name: save qlogs
if: ${{ always() && env.DEBUG == 'true' }} if: ${{ always() && env.DEBUG == 'true' }}
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2

6
http3/client.go
View file

@ -33,7 +33,6 @@ const (
var defaultQuicConfig = &quic.Config{ var defaultQuicConfig = &quic.Config{
MaxIncomingStreams: -1, // don't allow the server to create bidirectional streams MaxIncomingStreams: -1, // don't allow the server to create bidirectional streams
KeepAlivePeriod: 10 * time.Second, KeepAlivePeriod: 10 * time.Second,
Versions: []protocol.VersionNumber{protocol.Version1},
} }
type dialFunc func(ctx context.Context, addr string, tlsCfg *tls.Config, cfg *quic.Config) (quic.EarlyConnection, error) type dialFunc func(ctx context.Context, addr string, tlsCfg *tls.Config, cfg *quic.Config) (quic.EarlyConnection, error)
@ -74,9 +73,10 @@ var _ roundTripCloser = &client{}
func newClient(hostname string, tlsConf *tls.Config, opts *roundTripperOpts, conf *quic.Config, dialer dialFunc) (roundTripCloser, error) { func newClient(hostname string, tlsConf *tls.Config, opts *roundTripperOpts, conf *quic.Config, dialer dialFunc) (roundTripCloser, error) {
if conf == nil { if conf == nil {
conf = defaultQuicConfig.Clone() conf = defaultQuicConfig.Clone()
} else if len(conf.Versions) == 0 { }
if len(conf.Versions) == 0 {
conf = conf.Clone() conf = conf.Clone()
conf.Versions = []quic.VersionNumber{defaultQuicConfig.Versions[0]} conf.Versions = []quic.VersionNumber{protocol.SupportedVersions[0]}
} }
if len(conf.Versions) != 1 { if len(conf.Versions) != 1 {
return nil, errors.New("can only use a single QUIC version for dialing a HTTP/3 connection") return nil, errors.New("can only use a single QUIC version for dialing a HTTP/3 connection")

2
http3/client_test.go
View file

@ -65,7 +65,7 @@ var _ = Describe("Client", func() {
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
var dialAddrCalled bool var dialAddrCalled bool
dialAddr = func(_ context.Context, _ string, tlsConf *tls.Config, quicConf *quic.Config) (quic.EarlyConnection, error) { dialAddr = func(_ context.Context, _ string, tlsConf *tls.Config, quicConf *quic.Config) (quic.EarlyConnection, error) {
Expect(quicConf).To(Equal(defaultQuicConfig)) Expect(quicConf.MaxIncomingStreams).To(Equal(defaultQuicConfig.MaxIncomingStreams))
Expect(tlsConf.NextProtos).To(Equal([]string{NextProtoH3})) Expect(tlsConf.NextProtos).To(Equal([]string{NextProtoH3}))
Expect(quicConf.Versions).To(Equal([]protocol.VersionNumber{protocol.Version1})) Expect(quicConf.Versions).To(Equal([]protocol.VersionNumber{protocol.Version1}))
dialAddrCalled = true dialAddrCalled = true

115
integrationtests/self/close_test.go
View file

@ -9,74 +9,67 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
) )
var _ = Describe("Connection ID lengths tests", func() { var _ = Describe("Connection ID lengths tests", func() {
for _, v := range protocol.SupportedVersions { It("retransmits the CONNECTION_CLOSE packet", func() {
version := v server, err := quic.ListenAddr(
"localhost:0",
getTLSConfig(),
getQuicConfig(&quic.Config{
DisablePathMTUDiscovery: true,
}),
)
Expect(err).ToNot(HaveOccurred())
Context(fmt.Sprintf("with QUIC version %s", version), func() { var drop atomic.Bool
It("retransmits the CONNECTION_CLOSE packet", func() { dropped := make(chan []byte, 100)
server, err := quic.ListenAddr( proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
"localhost:0", RemoteAddr: fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
getTLSConfig(), DelayPacket: func(dir quicproxy.Direction, _ []byte) time.Duration {
getQuicConfig(&quic.Config{ return 5 * time.Millisecond // 10ms RTT
DisablePathMTUDiscovery: true, },
}), DropPacket: func(dir quicproxy.Direction, b []byte) bool {
) if drop := drop.Load(); drop && dir == quicproxy.DirectionOutgoing {
Expect(err).ToNot(HaveOccurred()) dropped <- b
return true
var drop atomic.Bool
dropped := make(chan []byte, 100)
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
DelayPacket: func(dir quicproxy.Direction, _ []byte) time.Duration {
return 5 * time.Millisecond // 10ms RTT
},
DropPacket: func(dir quicproxy.Direction, b []byte) bool {
if drop := drop.Load(); drop && dir == quicproxy.DirectionOutgoing {
dropped <- b
return true
}
return false
},
})
Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
sconn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
time.Sleep(100 * time.Millisecond)
drop.Store(true)
sconn.CloseWithError(1337, "closing")
// send 100 packets
for i := 0; i < 100; i++ {
str, err := conn.OpenStream()
Expect(err).ToNot(HaveOccurred())
_, err = str.Write([]byte("foobar"))
Expect(err).ToNot(HaveOccurred())
time.Sleep(time.Millisecond)
} }
// Expect retransmissions of the CONNECTION_CLOSE for the return false
// 1st, 2nd, 4th, 8th, 16th, 32th, 64th packet: 7 in total (+1 for the original packet) },
Eventually(dropped).Should(HaveLen(8))
first := <-dropped
for len(dropped) > 0 {
Expect(<-dropped).To(Equal(first)) // these packets are all identical
}
})
}) })
} Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
sconn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
time.Sleep(100 * time.Millisecond)
drop.Store(true)
sconn.CloseWithError(1337, "closing")
// send 100 packets
for i := 0; i < 100; i++ {
str, err := conn.OpenStream()
Expect(err).ToNot(HaveOccurred())
_, err = str.Write([]byte("foobar"))
Expect(err).ToNot(HaveOccurred())
time.Sleep(time.Millisecond)
}
// Expect retransmissions of the CONNECTION_CLOSE for the
// 1st, 2nd, 4th, 8th, 16th, 32th, 64th packet: 7 in total (+1 for the original packet)
Eventually(dropped).Should(HaveLen(8))
first := <-dropped
for len(dropped) > 0 {
Expect(<-dropped).To(Equal(first)) // these packets are all identical
}
})
}) })

32
integrationtests/self/conn_id_test.go
View file

@ -32,9 +32,7 @@ func (c *connIDGenerator) ConnectionIDLen() int {
} }
var _ = Describe("Connection ID lengths tests", func() { var _ = Describe("Connection ID lengths tests", func() {
randomConnIDLen := func() int { randomConnIDLen := func() int { return 4 + int(mrand.Int31n(15)) }
return 4 + int(mrand.Int31n(15))
}
runServer := func(conf *quic.Config) quic.Listener { runServer := func(conf *quic.Config) quic.Listener {
GinkgoWriter.Write([]byte(fmt.Sprintf("Using %d byte connection ID for the server\n", conf.ConnectionIDLength))) GinkgoWriter.Write([]byte(fmt.Sprintf("Using %d byte connection ID for the server\n", conf.ConnectionIDLength)))
@ -77,46 +75,32 @@ var _ = Describe("Connection ID lengths tests", func() {
} }
It("downloads a file using a 0-byte connection ID for the client", func() { It("downloads a file using a 0-byte connection ID for the client", func() {
serverConf := getQuicConfig(&quic.Config{ serverConf := getQuicConfig(&quic.Config{ConnectionIDLength: randomConnIDLen()})
ConnectionIDLength: randomConnIDLen(),
Versions: []protocol.VersionNumber{protocol.Version1},
})
clientConf := getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{protocol.Version1},
})
ln := runServer(serverConf) ln := runServer(serverConf)
defer ln.Close() defer ln.Close()
runClient(ln.Addr(), clientConf)
runClient(ln.Addr(), getQuicConfig(nil))
}) })
It("downloads a file when both client and server use a random connection ID length", func() { It("downloads a file when both client and server use a random connection ID length", func() {
serverConf := getQuicConfig(&quic.Config{ serverConf := getQuicConfig(&quic.Config{ConnectionIDLength: randomConnIDLen()})
ConnectionIDLength: randomConnIDLen(),
Versions: []protocol.VersionNumber{protocol.Version1},
})
clientConf := getQuicConfig(&quic.Config{
ConnectionIDLength: randomConnIDLen(),
Versions: []protocol.VersionNumber{protocol.Version1},
})
ln := runServer(serverConf) ln := runServer(serverConf)
defer ln.Close() defer ln.Close()
runClient(ln.Addr(), clientConf)
runClient(ln.Addr(), getQuicConfig(nil))
}) })
It("downloads a file when both client and server use a custom connection ID generator", func() { It("downloads a file when both client and server use a custom connection ID generator", func() {
serverConf := getQuicConfig(&quic.Config{ serverConf := getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{protocol.Version1},
ConnectionIDGenerator: &connIDGenerator{length: randomConnIDLen()}, ConnectionIDGenerator: &connIDGenerator{length: randomConnIDLen()},
}) })
clientConf := getQuicConfig(&quic.Config{ clientConf := getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{protocol.Version1},
ConnectionIDGenerator: &connIDGenerator{length: randomConnIDLen()}, ConnectionIDGenerator: &connIDGenerator{length: randomConnIDLen()},
}) })
ln := runServer(serverConf) ln := runServer(serverConf)
defer ln.Close() defer ln.Close()
runClient(ln.Addr(), clientConf) runClient(ln.Addr(), clientConf)
}) })
}) })

303
integrationtests/self/datagram_test.go
View file

@ -12,7 +12,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/wire" "github.com/quic-go/quic-go/internal/wire"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
@ -20,175 +19,157 @@ import (
) )
var _ = Describe("Datagram test", func() { var _ = Describe("Datagram test", func() {
for _, v := range protocol.SupportedVersions { const num = 100
version := v
Context(fmt.Sprintf("with QUIC version %s", version), func() { var (
const num = 100 proxy *quicproxy.QuicProxy
serverConn, clientConn *net.UDPConn
dropped, total int32
)
var ( startServerAndProxy := func(enableDatagram, expectDatagramSupport bool) {
proxy *quicproxy.QuicProxy addr, err := net.ResolveUDPAddr("udp", "localhost:0")
serverConn, clientConn *net.UDPConn Expect(err).ToNot(HaveOccurred())
dropped, total int32 serverConn, err = net.ListenUDP("udp", addr)
) Expect(err).ToNot(HaveOccurred())
ln, err := quic.Listen(
serverConn,
getTLSConfig(),
getQuicConfig(&quic.Config{EnableDatagrams: enableDatagram}),
)
Expect(err).ToNot(HaveOccurred())
startServerAndProxy := func(enableDatagram, expectDatagramSupport bool) { go func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0") defer GinkgoRecover()
Expect(err).ToNot(HaveOccurred()) conn, err := ln.Accept(context.Background())
serverConn, err = net.ListenUDP("udp", addr) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred())
ln, err := quic.Listen(
serverConn,
getTLSConfig(),
getQuicConfig(&quic.Config{
EnableDatagrams: enableDatagram,
Versions: []protocol.VersionNumber{version},
}),
)
Expect(err).ToNot(HaveOccurred())
go func() { if expectDatagramSupport {
defer GinkgoRecover()
conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
if expectDatagramSupport {
Expect(conn.ConnectionState().SupportsDatagrams).To(BeTrue())
if enableDatagram {
var wg sync.WaitGroup
wg.Add(num)
for i := 0; i < num; i++ {
go func(i int) {
defer GinkgoRecover()
defer wg.Done()
b := make([]byte, 8)
binary.BigEndian.PutUint64(b, uint64(i))
Expect(conn.SendMessage(b)).To(Succeed())
}(i)
}
wg.Wait()
}
} else {
Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse())
}
}()
serverPort := ln.Addr().(*net.UDPAddr).Port
proxy, err = quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
// drop 10% of Short Header packets sent from the server
DropPacket: func(dir quicproxy.Direction, packet []byte) bool {
if dir == quicproxy.DirectionIncoming {
return false
}
// don't drop Long Header packets
if wire.IsLongHeaderPacket(packet[0]) {
return false
}
drop := mrand.Int()%10 == 0
if drop {
atomic.AddInt32(&dropped, 1)
}
atomic.AddInt32(&total, 1)
return drop
},
})
Expect(err).ToNot(HaveOccurred())
}
BeforeEach(func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
clientConn, err = net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
})
AfterEach(func() {
Expect(proxy.Close()).To(Succeed())
})
It("sends datagrams", func() {
startServerAndProxy(true, true)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort()))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientConn,
raddr,
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
EnableDatagrams: true,
Versions: []protocol.VersionNumber{version},
}),
)
Expect(err).ToNot(HaveOccurred())
Expect(conn.ConnectionState().SupportsDatagrams).To(BeTrue()) Expect(conn.ConnectionState().SupportsDatagrams).To(BeTrue())
var counter int
for { if enableDatagram {
// Close the connection if no message is received for 100 ms. var wg sync.WaitGroup
timer := time.AfterFunc(scaleDuration(100*time.Millisecond), func() { wg.Add(num)
conn.CloseWithError(0, "") for i := 0; i < num; i++ {
}) go func(i int) {
if _, err := conn.ReceiveMessage(); err != nil { defer GinkgoRecover()
break defer wg.Done()
b := make([]byte, 8)
binary.BigEndian.PutUint64(b, uint64(i))
Expect(conn.SendMessage(b)).To(Succeed())
}(i)
} }
timer.Stop() wg.Wait()
counter++
} }
} else {
numDropped := int(atomic.LoadInt32(&dropped))
expVal := num - numDropped
fmt.Fprintf(GinkgoWriter, "Dropped %d out of %d packets.\n", numDropped, atomic.LoadInt32(&total))
fmt.Fprintf(GinkgoWriter, "Received %d out of %d sent datagrams.\n", counter, num)
Expect(counter).To(And(
BeNumerically(">", expVal*9/10),
BeNumerically("<", num),
))
})
It("server can disable datagram", func() {
startServerAndProxy(false, true)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort()))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientConn,
raddr,
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
EnableDatagrams: true,
Versions: []protocol.VersionNumber{version},
}),
)
Expect(err).ToNot(HaveOccurred())
Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse()) Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse())
}
}()
conn.CloseWithError(0, "") serverPort := ln.Addr().(*net.UDPAddr).Port
<-time.After(10 * time.Millisecond) proxy, err = quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
}) RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
// drop 10% of Short Header packets sent from the server
It("client can disable datagram", func() { DropPacket: func(dir quicproxy.Direction, packet []byte) bool {
startServerAndProxy(false, true) if dir == quicproxy.DirectionIncoming {
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort())) return false
Expect(err).ToNot(HaveOccurred()) }
conn, err := quic.Dial( // don't drop Long Header packets
clientConn, if wire.IsLongHeaderPacket(packet[0]) {
raddr, return false
fmt.Sprintf("localhost:%d", proxy.LocalPort()), }
getTLSClientConfig(), drop := mrand.Int()%10 == 0
getQuicConfig(&quic.Config{ if drop {
EnableDatagrams: true, atomic.AddInt32(&dropped, 1)
Versions: []protocol.VersionNumber{version}, }
}), atomic.AddInt32(&total, 1)
) return drop
Expect(err).ToNot(HaveOccurred()) },
Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse())
Expect(conn.SendMessage([]byte{0})).To(HaveOccurred())
conn.CloseWithError(0, "")
<-time.After(10 * time.Millisecond)
})
}) })
Expect(err).ToNot(HaveOccurred())
} }
BeforeEach(func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
clientConn, err = net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
})
AfterEach(func() {
Expect(proxy.Close()).To(Succeed())
})
It("sends datagrams", func() {
startServerAndProxy(true, true)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort()))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientConn,
raddr,
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{EnableDatagrams: true}),
)
Expect(err).ToNot(HaveOccurred())
Expect(conn.ConnectionState().SupportsDatagrams).To(BeTrue())
var counter int
for {
// Close the connection if no message is received for 100 ms.
timer := time.AfterFunc(scaleDuration(100*time.Millisecond), func() {
conn.CloseWithError(0, "")
})
if _, err := conn.ReceiveMessage(); err != nil {
break
}
timer.Stop()
counter++
}
numDropped := int(atomic.LoadInt32(&dropped))
expVal := num - numDropped
fmt.Fprintf(GinkgoWriter, "Dropped %d out of %d packets.\n", numDropped, atomic.LoadInt32(&total))
fmt.Fprintf(GinkgoWriter, "Received %d out of %d sent datagrams.\n", counter, num)
Expect(counter).To(And(
BeNumerically(">", expVal*9/10),
BeNumerically("<", num),
))
})
It("server can disable datagram", func() {
startServerAndProxy(false, true)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort()))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientConn,
raddr,
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{EnableDatagrams: true}),
)
Expect(err).ToNot(HaveOccurred())
Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse())
conn.CloseWithError(0, "")
<-time.After(10 * time.Millisecond)
})
It("client can disable datagram", func() {
startServerAndProxy(false, true)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxy.LocalPort()))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientConn,
raddr,
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{EnableDatagrams: true}),
)
Expect(err).ToNot(HaveOccurred())
Expect(conn.ConnectionState().SupportsDatagrams).To(BeFalse())
Expect(conn.SendMessage([]byte{0})).To(HaveOccurred())
conn.CloseWithError(0, "")
<-time.After(10 * time.Millisecond)
})
}) })

135
integrationtests/self/drop_test.go
View file

@ -10,7 +10,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -26,12 +25,12 @@ var _ = Describe("Drop Tests", func() {
ln quic.Listener ln quic.Listener
) )
startListenerAndProxy := func(dropCallback quicproxy.DropCallback, version protocol.VersionNumber) { startListenerAndProxy := func(dropCallback quicproxy.DropCallback) {
var err error var err error
ln, err = quic.ListenAddr( ln, err = quic.ListenAddr(
"localhost:0", "localhost:0",
getTLSConfig(), getTLSConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}), getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
serverPort := ln.Addr().(*net.UDPAddr).Port serverPort := ln.Addr().(*net.UDPAddr).Port
@ -51,79 +50,73 @@ var _ = Describe("Drop Tests", func() {
Expect(ln.Close()).To(Succeed()) Expect(ln.Close()).To(Succeed())
}) })
for _, v := range protocol.SupportedVersions { for _, d := range directions {
version := v direction := d
Context(fmt.Sprintf("with QUIC version %s", version), func() { // The purpose of this test is to create a lot of tails, by sending 1 byte messages.
for _, d := range directions { // The interval, the length of the drop period, and the time when the drop period starts are randomized.
direction := d // To cover different scenarios, repeat this test a few times.
for rep := 0; rep < 3; rep++ {
It(fmt.Sprintf("sends short messages, dropping packets in %s direction", direction), func() {
const numMessages = 15
// The purpose of this test is to create a lot of tails, by sending 1 byte messages. messageInterval := randomDuration(10*time.Millisecond, 100*time.Millisecond)
// The interval, the length of the drop period, and the time when the drop period starts are randomized. dropDuration := randomDuration(messageInterval*3/2, 2*time.Second)
// To cover different scenarios, repeat this test a few times. dropDelay := randomDuration(25*time.Millisecond, numMessages*messageInterval/2) // makes sure we don't interfere with the handshake
for rep := 0; rep < 3; rep++ { fmt.Fprintf(GinkgoWriter, "Sending a message every %s, %d times.\n", messageInterval, numMessages)
It(fmt.Sprintf("sends short messages, dropping packets in %s direction", direction), func() { fmt.Fprintf(GinkgoWriter, "Dropping packets for %s, after a delay of %s\n", dropDuration, dropDelay)
const numMessages = 15 startTime := time.Now()
messageInterval := randomDuration(10*time.Millisecond, 100*time.Millisecond) var numDroppedPackets int32
dropDuration := randomDuration(messageInterval*3/2, 2*time.Second) startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool {
dropDelay := randomDuration(25*time.Millisecond, numMessages*messageInterval/2) // makes sure we don't interfere with the handshake if !d.Is(direction) {
fmt.Fprintf(GinkgoWriter, "Sending a message every %s, %d times.\n", messageInterval, numMessages) return false
fmt.Fprintf(GinkgoWriter, "Dropping packets for %s, after a delay of %s\n", dropDuration, dropDelay) }
startTime := time.Now() drop := time.Now().After(startTime.Add(dropDelay)) && time.Now().Before(startTime.Add(dropDelay).Add(dropDuration))
if drop {
atomic.AddInt32(&numDroppedPackets, 1)
}
return drop
})
var numDroppedPackets int32 done := make(chan struct{})
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool { go func() {
if !d.Is(direction) { defer GinkgoRecover()
return false conn, err := ln.Accept(context.Background())
} Expect(err).ToNot(HaveOccurred())
drop := time.Now().After(startTime.Add(dropDelay)) && time.Now().Before(startTime.Add(dropDelay).Add(dropDuration)) str, err := conn.OpenStream()
if drop { Expect(err).ToNot(HaveOccurred())
atomic.AddInt32(&numDroppedPackets, 1) for i := uint8(1); i <= numMessages; i++ {
} n, err := str.Write([]byte{i})
return drop
}, version)
done := make(chan struct{})
go func() {
defer GinkgoRecover()
conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
str, err := conn.OpenStream()
Expect(err).ToNot(HaveOccurred())
for i := uint8(1); i <= numMessages; i++ {
n, err := str.Write([]byte{i})
Expect(err).ToNot(HaveOccurred())
Expect(n).To(Equal(1))
time.Sleep(messageInterval)
}
<-done
Expect(conn.CloseWithError(0, "")).To(Succeed())
}()
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
defer conn.CloseWithError(0, "") Expect(n).To(Equal(1))
str, err := conn.AcceptStream(context.Background()) time.Sleep(messageInterval)
Expect(err).ToNot(HaveOccurred()) }
for i := uint8(1); i <= numMessages; i++ { <-done
b := []byte{0} Expect(conn.CloseWithError(0, "")).To(Succeed())
n, err := str.Read(b) }()
Expect(err).ToNot(HaveOccurred())
Expect(n).To(Equal(1)) conn, err := quic.DialAddr(
Expect(b[0]).To(Equal(i)) fmt.Sprintf("localhost:%d", proxy.LocalPort()),
} getTLSClientConfig(),
close(done) getQuicConfig(nil),
numDropped := atomic.LoadInt32(&numDroppedPackets) )
fmt.Fprintf(GinkgoWriter, "Dropped %d packets.\n", numDropped) Expect(err).ToNot(HaveOccurred())
Expect(numDropped).To(BeNumerically(">", 0)) defer conn.CloseWithError(0, "")
}) str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
for i := uint8(1); i <= numMessages; i++ {
b := []byte{0}
n, err := str.Read(b)
Expect(err).ToNot(HaveOccurred())
Expect(n).To(Equal(1))
Expect(b[0]).To(Equal(i))
} }
} close(done)
}) numDropped := atomic.LoadInt32(&numDroppedPackets)
fmt.Fprintf(GinkgoWriter, "Dropped %d packets.\n", numDropped)
Expect(numDropped).To(BeNumerically(">", 0))
})
}
} }
}) })

96
integrationtests/self/early_data_test.go
View file

@ -9,7 +9,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -17,56 +16,51 @@ import (
var _ = Describe("early data", func() { var _ = Describe("early data", func() {
const rtt = 80 * time.Millisecond const rtt = 80 * time.Millisecond
for _, v := range protocol.SupportedVersions {
version := v
Context(fmt.Sprintf("with QUIC version %s", version), func() { It("sends 0.5-RTT data", func() {
It("sends 0.5-RTT data", func() { ln, err := quic.ListenAddrEarly(
ln, err := quic.ListenAddrEarly( "localhost:0",
"localhost:0", getTLSConfig(),
getTLSConfig(), getQuicConfig(nil),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}), )
) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) done := make(chan struct{})
done := make(chan struct{}) go func() {
go func() { defer GinkgoRecover()
defer GinkgoRecover() defer close(done)
defer close(done) conn, err := ln.Accept(context.Background())
conn, err := ln.Accept(context.Background()) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) str, err := conn.OpenUniStream()
str, err := conn.OpenUniStream() Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) _, err = str.Write([]byte("early data"))
_, err = str.Write([]byte("early data")) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) Expect(str.Close()).To(Succeed())
Expect(str.Close()).To(Succeed()) // make sure the Write finished before the handshake completed
// make sure the Write finished before the handshake completed Expect(conn.HandshakeComplete()).ToNot(BeClosed())
Expect(conn.HandshakeComplete()).ToNot(BeClosed()) Eventually(conn.Context().Done()).Should(BeClosed())
Eventually(conn.Context().Done()).Should(BeClosed()) }()
}() serverPort := ln.Addr().(*net.UDPAddr).Port
serverPort := ln.Addr().(*net.UDPAddr).Port proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{ RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort), DelayPacket: func(quicproxy.Direction, []byte) time.Duration {
DelayPacket: func(quicproxy.Direction, []byte) time.Duration { return rtt / 2
return rtt / 2 },
},
})
Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal([]byte("early data")))
conn.CloseWithError(0, "")
Eventually(done).Should(BeClosed())
})
}) })
} Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal([]byte("early data")))
conn.CloseWithError(0, "")
Eventually(done).Should(BeClosed())
})
}) })

191
integrationtests/self/handshake_drop_test.go
View file

@ -15,7 +15,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/wire" "github.com/quic-go/quic-go/internal/wire"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
@ -27,7 +26,7 @@ var directions = []quicproxy.Direction{quicproxy.DirectionIncoming, quicproxy.Di
type applicationProtocol struct { type applicationProtocol struct {
name string name string
run func(protocol.VersionNumber) run func()
} }
var _ = Describe("Handshake drop tests", func() { var _ = Describe("Handshake drop tests", func() {
@ -39,11 +38,10 @@ var _ = Describe("Handshake drop tests", func() {
data := GeneratePRData(5000) data := GeneratePRData(5000)
const timeout = 2 * time.Minute const timeout = 2 * time.Minute
startListenerAndProxy := func(dropCallback quicproxy.DropCallback, doRetry bool, longCertChain bool, version protocol.VersionNumber) { startListenerAndProxy := func(dropCallback quicproxy.DropCallback, doRetry bool, longCertChain bool) {
conf := getQuicConfig(&quic.Config{ conf := getQuicConfig(&quic.Config{
MaxIdleTimeout: timeout, MaxIdleTimeout: timeout,
HandshakeIdleTimeout: timeout, HandshakeIdleTimeout: timeout,
Versions: []protocol.VersionNumber{version},
RequireAddressValidation: func(net.Addr) bool { return doRetry }, RequireAddressValidation: func(net.Addr) bool { return doRetry },
}) })
var tlsConf *tls.Config var tlsConf *tls.Config
@ -68,7 +66,7 @@ var _ = Describe("Handshake drop tests", func() {
clientSpeaksFirst := &applicationProtocol{ clientSpeaksFirst := &applicationProtocol{
name: "client speaks first", name: "client speaks first",
run: func(version protocol.VersionNumber) { run: func() {
serverConnChan := make(chan quic.Connection) serverConnChan := make(chan quic.Connection)
go func() { go func() {
defer GinkgoRecover() defer GinkgoRecover()
@ -88,7 +86,6 @@ var _ = Describe("Handshake drop tests", func() {
getQuicConfig(&quic.Config{ getQuicConfig(&quic.Config{
MaxIdleTimeout: timeout, MaxIdleTimeout: timeout,
HandshakeIdleTimeout: timeout, HandshakeIdleTimeout: timeout,
Versions: []protocol.VersionNumber{version},
}), }),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -107,7 +104,7 @@ var _ = Describe("Handshake drop tests", func() {
serverSpeaksFirst := &applicationProtocol{ serverSpeaksFirst := &applicationProtocol{
name: "server speaks first", name: "server speaks first",
run: func(version protocol.VersionNumber) { run: func() {
serverConnChan := make(chan quic.Connection) serverConnChan := make(chan quic.Connection)
go func() { go func() {
defer GinkgoRecover() defer GinkgoRecover()
@ -126,7 +123,6 @@ var _ = Describe("Handshake drop tests", func() {
getQuicConfig(&quic.Config{ getQuicConfig(&quic.Config{
MaxIdleTimeout: timeout, MaxIdleTimeout: timeout,
HandshakeIdleTimeout: timeout, HandshakeIdleTimeout: timeout,
Versions: []protocol.VersionNumber{version},
}), }),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -145,7 +141,7 @@ var _ = Describe("Handshake drop tests", func() {
nobodySpeaks := &applicationProtocol{ nobodySpeaks := &applicationProtocol{
name: "nobody speaks", name: "nobody speaks",
run: func(version protocol.VersionNumber) { run: func() {
serverConnChan := make(chan quic.Connection) serverConnChan := make(chan quic.Connection)
go func() { go func() {
defer GinkgoRecover() defer GinkgoRecover()
@ -159,7 +155,6 @@ var _ = Describe("Handshake drop tests", func() {
getQuicConfig(&quic.Config{ getQuicConfig(&quic.Config{
MaxIdleTimeout: timeout, MaxIdleTimeout: timeout,
HandshakeIdleTimeout: timeout, HandshakeIdleTimeout: timeout,
Versions: []protocol.VersionNumber{version},
}), }),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -176,106 +171,100 @@ var _ = Describe("Handshake drop tests", func() {
Expect(proxy.Close()).To(Succeed()) Expect(proxy.Close()).To(Succeed())
}) })
for _, v := range protocol.SupportedVersions { for _, d := range directions {
version := v direction := d
Context(fmt.Sprintf("with QUIC version %s", version), func() { for _, dr := range []bool{true, false} {
for _, d := range directions { doRetry := dr
direction := d desc := "when using Retry"
if !dr {
desc = "when not using Retry"
}
for _, dr := range []bool{true, false} { Context(desc, func() {
doRetry := dr for _, lcc := range []bool{false, true} {
desc := "when using Retry" longCertChain := lcc
if !dr {
desc = "when not using Retry"
}
Context(desc, func() { Context(fmt.Sprintf("using a long certificate chain: %t", longCertChain), func() {
for _, lcc := range []bool{false, true} { for _, a := range []*applicationProtocol{clientSpeaksFirst, serverSpeaksFirst, nobodySpeaks} {
longCertChain := lcc app := a
Context(fmt.Sprintf("using a long certificate chain: %t", longCertChain), func() { Context(app.name, func() {
for _, a := range []*applicationProtocol{clientSpeaksFirst, serverSpeaksFirst, nobodySpeaks} { It(fmt.Sprintf("establishes a connection when the first packet is lost in %s direction", direction), func() {
app := a var incoming, outgoing int32
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool {
var p int32
//nolint:exhaustive
switch d {
case quicproxy.DirectionIncoming:
p = atomic.AddInt32(&incoming, 1)
case quicproxy.DirectionOutgoing:
p = atomic.AddInt32(&outgoing, 1)
}
return p == 1 && d.Is(direction)
}, doRetry, longCertChain)
app.run()
})
Context(app.name, func() { It(fmt.Sprintf("establishes a connection when the second packet is lost in %s direction", direction), func() {
It(fmt.Sprintf("establishes a connection when the first packet is lost in %s direction", direction), func() { var incoming, outgoing int32
var incoming, outgoing int32 startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool {
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool { var p int32
var p int32 //nolint:exhaustive
//nolint:exhaustive switch d {
switch d { case quicproxy.DirectionIncoming:
case quicproxy.DirectionIncoming: p = atomic.AddInt32(&incoming, 1)
p = atomic.AddInt32(&incoming, 1) case quicproxy.DirectionOutgoing:
case quicproxy.DirectionOutgoing: p = atomic.AddInt32(&outgoing, 1)
p = atomic.AddInt32(&outgoing, 1) }
return p == 2 && d.Is(direction)
}, doRetry, longCertChain)
app.run()
})
It(fmt.Sprintf("establishes a connection when 1/3 of the packets are lost in %s direction", direction), func() {
const maxSequentiallyDropped = 10
var mx sync.Mutex
var incoming, outgoing int
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool {
drop := mrand.Int63n(int64(3)) == 0
mx.Lock()
defer mx.Unlock()
// never drop more than 10 consecutive packets
if d.Is(quicproxy.DirectionIncoming) {
if drop {
incoming++
if incoming > maxSequentiallyDropped {
drop = false
} }
return p == 1 && d.Is(direction) }
}, doRetry, longCertChain, version) if !drop {
app.run(version) incoming = 0
}) }
}
It(fmt.Sprintf("establishes a connection when the second packet is lost in %s direction", direction), func() { if d.Is(quicproxy.DirectionOutgoing) {
var incoming, outgoing int32 if drop {
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool { outgoing++
var p int32 if outgoing > maxSequentiallyDropped {
//nolint:exhaustive drop = false
switch d {
case quicproxy.DirectionIncoming:
p = atomic.AddInt32(&incoming, 1)
case quicproxy.DirectionOutgoing:
p = atomic.AddInt32(&outgoing, 1)
} }
return p == 2 && d.Is(direction) }
}, doRetry, longCertChain, version) if !drop {
app.run(version) outgoing = 0
}) }
}
It(fmt.Sprintf("establishes a connection when 1/3 of the packets are lost in %s direction", direction), func() { return drop
const maxSequentiallyDropped = 10 }, doRetry, longCertChain)
var mx sync.Mutex app.run()
var incoming, outgoing int })
startListenerAndProxy(func(d quicproxy.Direction, _ []byte) bool {
drop := mrand.Int63n(int64(3)) == 0
mx.Lock()
defer mx.Unlock()
// never drop more than 10 consecutive packets
if d.Is(quicproxy.DirectionIncoming) {
if drop {
incoming++
if incoming > maxSequentiallyDropped {
drop = false
}
}
if !drop {
incoming = 0
}
}
if d.Is(quicproxy.DirectionOutgoing) {
if drop {
outgoing++
if outgoing > maxSequentiallyDropped {
drop = false
}
}
if !drop {
outgoing = 0
}
}
return drop
}, doRetry, longCertChain, version)
app.run(version)
})
})
}
}) })
} }
}) })
} }
} })
}) }
It("establishes a connection when the ClientHello is larger than 1 MTU (e.g. post-quantum)", func() { It("establishes a connection when the ClientHello is larger than 1 MTU (e.g. post-quantum)", func() {
origAdditionalTransportParametersClient := wire.AdditionalTransportParametersClient origAdditionalTransportParametersClient := wire.AdditionalTransportParametersClient
@ -294,8 +283,8 @@ var _ = Describe("Handshake drop tests", func() {
return false return false
} }
return mrand.Intn(3) == 0 return mrand.Intn(3) == 0
}, false, false, version) }, false, false)
clientSpeaksFirst.run(version) clientSpeaksFirst.run()
}) })
} }
}) })

42
integrationtests/self/handshake_rtt_test.go
View file

@ -10,7 +10,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -53,35 +52,6 @@ var _ = Describe("Handshake RTT tests", func() {
)) ))
} }
It("fails when there's no matching version, after 1 RTT", func() {
if len(protocol.SupportedVersions) == 1 {
Skip("Test requires at least 2 supported versions.")
}
serverConfig.Versions = protocol.SupportedVersions[:1]
ln, err := quic.ListenAddr("localhost:0", serverTLSConfig, serverConfig)
Expect(err).ToNot(HaveOccurred())
defer ln.Close()
runProxy(ln.Addr())
startTime := time.Now()
_, err = quic.DialAddr(
proxy.LocalAddr().String(),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: protocol.SupportedVersions[1:2]}),
)
Expect(err).To(HaveOccurred())
expectDurationInRTTs(startTime, 1)
})
var clientConfig *quic.Config
BeforeEach(func() {
serverConfig.Versions = []protocol.VersionNumber{protocol.Version1}
clientConfig = getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{protocol.Version1}})
clientConfig := getTLSClientConfig()
clientConfig.InsecureSkipVerify = true
})
// 1 RTT for verifying the source address // 1 RTT for verifying the source address
// 1 RTT for the TLS handshake // 1 RTT for the TLS handshake
It("is forward-secure after 2 RTTs", func() { It("is forward-secure after 2 RTTs", func() {
@ -95,7 +65,7 @@ var _ = Describe("Handshake RTT tests", func() {
_, err = quic.DialAddr( _, err = quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port), fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(), getTLSClientConfig(),
clientConfig, getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
expectDurationInRTTs(startTime, 2) expectDurationInRTTs(startTime, 2)
@ -111,7 +81,7 @@ var _ = Describe("Handshake RTT tests", func() {
_, err = quic.DialAddr( _, err = quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port), fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(), getTLSClientConfig(),
clientConfig, getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
expectDurationInRTTs(startTime, 1) expectDurationInRTTs(startTime, 1)
@ -128,7 +98,7 @@ var _ = Describe("Handshake RTT tests", func() {
_, err = quic.DialAddr( _, err = quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port), fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(), getTLSClientConfig(),
clientConfig, getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
expectDurationInRTTs(startTime, 2) expectDurationInRTTs(startTime, 2)
@ -138,6 +108,7 @@ var _ = Describe("Handshake RTT tests", func() {
ln, err := quic.ListenAddr("localhost:0", serverTLSConfig, serverConfig) ln, err := quic.ListenAddr("localhost:0", serverTLSConfig, serverConfig)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
go func() { go func() {
defer GinkgoRecover()
conn, err := ln.Accept(context.Background()) conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
str, err := conn.OpenUniStream() str, err := conn.OpenUniStream()
@ -153,7 +124,7 @@ var _ = Describe("Handshake RTT tests", func() {
conn, err := quic.DialAddr( conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port), fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(), getTLSClientConfig(),
clientConfig, getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background()) str, err := conn.AcceptUniStream(context.Background())
@ -168,6 +139,7 @@ var _ = Describe("Handshake RTT tests", func() {
ln, err := quic.ListenAddrEarly("localhost:0", serverTLSConfig, serverConfig) ln, err := quic.ListenAddrEarly("localhost:0", serverTLSConfig, serverConfig)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
go func() { go func() {
defer GinkgoRecover()
conn, err := ln.Accept(context.Background()) conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
// Check the ALPN now. This is probably what an application would do. // Check the ALPN now. This is probably what an application would do.
@ -186,7 +158,7 @@ var _ = Describe("Handshake RTT tests", func() {
conn, err := quic.DialAddr( conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port), fmt.Sprintf("localhost:%d", proxy.LocalAddr().(*net.UDPAddr).Port),
getTLSClientConfig(), getTLSClientConfig(),
clientConfig, getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background()) str, err := conn.AcceptUniStream(context.Background())

167
integrationtests/self/handshake_test.go
View file

@ -128,101 +128,88 @@ var _ = Describe("Handshake tests", func() {
}) })
Context("Certificate validation", func() { Context("Certificate validation", func() {
for _, v := range protocol.SupportedVersions { It("accepts the certificate", func() {
version := v runServer(getTLSConfig())
_, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
})
Context(fmt.Sprintf("using %s", version), func() { It("works with a long certificate chain", func() {
var clientConfig *quic.Config runServer(getTLSConfigWithLongCertChain())
_, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
})
BeforeEach(func() { It("errors if the server name doesn't match", func() {
serverConfig.Versions = []protocol.VersionNumber{version} runServer(getTLSConfig())
clientConfig = getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}) conn, err := net.ListenUDP("udp", nil)
}) Expect(err).ToNot(HaveOccurred())
_, err = quic.Dial(
conn,
server.Addr(),
"foo.bar",
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue())
Expect(transportErr.Error()).To(ContainSubstring("x509: certificate is valid for localhost, not foo.bar"))
})
It("accepts the certificate", func() { It("fails the handshake if the client fails to provide the requested client cert", func() {
runServer(getTLSConfig()) tlsConf := getTLSConfig()
_, err := quic.DialAddr( tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port), runServer(tlsConf)
getTLSClientConfig(),
clientConfig,
)
Expect(err).ToNot(HaveOccurred())
})
It("works with a long certificate chain", func() { conn, err := quic.DialAddr(
runServer(getTLSConfigWithLongCertChain()) fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
_, err := quic.DialAddr( getTLSClientConfig(),
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port), getQuicConfig(nil),
getTLSClientConfig(), )
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}), // Usually, the error will occur after the client already finished the handshake.
) // However, there's a race condition here. The server's CONNECTION_CLOSE might be
Expect(err).ToNot(HaveOccurred()) // received before the connection is returned, so we might already get the error while dialing.
}) if err == nil {
errChan := make(chan error)
go func() {
defer GinkgoRecover()
_, err := conn.AcceptStream(context.Background())
errChan <- err
}()
Eventually(errChan).Should(Receive(&err))
}
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue())
Expect(transportErr.Error()).To(ContainSubstring("tls: bad certificate"))
})
It("errors if the server name doesn't match", func() { It("uses the ServerName in the tls.Config", func() {
runServer(getTLSConfig()) runServer(getTLSConfig())
conn, err := net.ListenUDP("udp", nil) tlsConf := getTLSClientConfig()
Expect(err).ToNot(HaveOccurred()) tlsConf.ServerName = "foo.bar"
_, err = quic.Dial( _, err := quic.DialAddr(
conn, fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
server.Addr(), tlsConf,
"foo.bar", getQuicConfig(nil),
getTLSClientConfig(), )
clientConfig, Expect(err).To(HaveOccurred())
) var transportErr *quic.TransportError
Expect(err).To(HaveOccurred()) Expect(errors.As(err, &transportErr)).To(BeTrue())
var transportErr *quic.TransportError Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue())
Expect(errors.As(err, &transportErr)).To(BeTrue()) Expect(transportErr.Error()).To(ContainSubstring("x509: certificate is valid for localhost, not foo.bar"))
Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue()) })
Expect(transportErr.Error()).To(ContainSubstring("x509: certificate is valid for localhost, not foo.bar"))
})
It("fails the handshake if the client fails to provide the requested client cert", func() {
tlsConf := getTLSConfig()
tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
runServer(tlsConf)
conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
getTLSClientConfig(),
clientConfig,
)
// Usually, the error will occur after the client already finished the handshake.
// However, there's a race condition here. The server's CONNECTION_CLOSE might be
// received before the connection is returned, so we might already get the error while dialing.
if err == nil {
errChan := make(chan error)
go func() {
defer GinkgoRecover()
_, err := conn.AcceptStream(context.Background())
errChan <- err
}()
Eventually(errChan).Should(Receive(&err))
}
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue())
Expect(transportErr.Error()).To(ContainSubstring("tls: bad certificate"))
})
It("uses the ServerName in the tls.Config", func() {
runServer(getTLSConfig())
tlsConf := getTLSClientConfig()
tlsConf.ServerName = "foo.bar"
_, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
tlsConf,
clientConfig,
)
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode.IsCryptoError()).To(BeTrue())
Expect(transportErr.Error()).To(ContainSubstring("x509: certificate is valid for localhost, not foo.bar"))
})
})
}
}) })
Context("rate limiting", func() { Context("rate limiting", func() {

135
integrationtests/self/hotswap_test.go
View file

@ -3,7 +3,6 @@ package self_test
import ( import (
"context" "context"
"crypto/tls" "crypto/tls"
"fmt"
"io" "io"
"net" "net"
"net/http" "net/http"
@ -13,7 +12,6 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
"github.com/quic-go/quic-go/http3" "github.com/quic-go/quic-go/http3"
"github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/testdata" "github.com/quic-go/quic-go/internal/testdata"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
@ -71,8 +69,6 @@ var _ = Describe("HTTP3 Server hotswap test", func() {
port string port string
) )
versions := protocol.SupportedVersions
BeforeEach(func() { BeforeEach(func() {
mux1 = http.NewServeMux() mux1 = http.NewServeMux()
mux1.HandleFunc("/hello1", func(w http.ResponseWriter, r *http.Request) { mux1.HandleFunc("/hello1", func(w http.ResponseWriter, r *http.Request) {
@ -89,17 +85,17 @@ var _ = Describe("HTTP3 Server hotswap test", func() {
server1 = &http3.Server{ server1 = &http3.Server{
Handler: mux1, Handler: mux1,
TLSConfig: testdata.GetTLSConfig(), TLSConfig: testdata.GetTLSConfig(),
QuicConfig: getQuicConfig(&quic.Config{Versions: versions}), QuicConfig: getQuicConfig(nil),
} }
server2 = &http3.Server{ server2 = &http3.Server{
Handler: mux2, Handler: mux2,
TLSConfig: testdata.GetTLSConfig(), TLSConfig: testdata.GetTLSConfig(),
QuicConfig: getQuicConfig(&quic.Config{Versions: versions}), QuicConfig: getQuicConfig(nil),
} }
tlsConf := http3.ConfigureTLSConfig(testdata.GetTLSConfig()) tlsConf := http3.ConfigureTLSConfig(testdata.GetTLSConfig())
quicln, err := quic.ListenAddrEarly("0.0.0.0:0", tlsConf, getQuicConfig(&quic.Config{Versions: versions})) quicln, err := quic.ListenAddrEarly("0.0.0.0:0", tlsConf, getQuicConfig(nil))
ln = &listenerWrapper{EarlyListener: quicln} ln = &listenerWrapper{EarlyListener: quicln}
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
port = strconv.Itoa(ln.Addr().(*net.UDPAddr).Port) port = strconv.Itoa(ln.Addr().(*net.UDPAddr).Port)
@ -109,78 +105,69 @@ var _ = Describe("HTTP3 Server hotswap test", func() {
Expect(ln.Close()).NotTo(HaveOccurred()) Expect(ln.Close()).NotTo(HaveOccurred())
}) })
for _, v := range versions { BeforeEach(func() {
version := v client = &http.Client{
Transport: &http3.RoundTripper{
TLSClientConfig: &tls.Config{
RootCAs: testdata.GetRootCA(),
},
DisableCompression: true,
QuicConfig: getQuicConfig(&quic.Config{MaxIdleTimeout: 10 * time.Second}),
},
}
})
Context(fmt.Sprintf("with QUIC version %s", version), func() { It("hotswap works", func() {
BeforeEach(func() { // open first server and make single request to it
client = &http.Client{ fake1 := ln.Faker()
Transport: &http3.RoundTripper{ stoppedServing1 := make(chan struct{})
TLSClientConfig: &tls.Config{ go func() {
RootCAs: testdata.GetRootCA(), defer GinkgoRecover()
}, server1.ServeListener(fake1)
DisableCompression: true, close(stoppedServing1)
QuicConfig: getQuicConfig(&quic.Config{ }()
Versions: []protocol.VersionNumber{version},
MaxIdleTimeout: 10 * time.Second,
}),
},
}
})
It("hotswap works", func() { resp, err := client.Get("https://localhost:" + port + "/hello1")
// open first server and make single request to it Expect(err).ToNot(HaveOccurred())
fake1 := ln.Faker() Expect(resp.StatusCode).To(Equal(200))
stoppedServing1 := make(chan struct{}) body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
go func() { Expect(err).ToNot(HaveOccurred())
defer GinkgoRecover() Expect(string(body)).To(Equal("Hello, World 1!\n"))
server1.ServeListener(fake1)
close(stoppedServing1)
}()
resp, err := client.Get("https://localhost:" + port + "/hello1") // open second server with same underlying listener,
Expect(err).ToNot(HaveOccurred()) // make sure it opened and both servers are currently running
Expect(resp.StatusCode).To(Equal(200)) fake2 := ln.Faker()
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second)) stoppedServing2 := make(chan struct{})
Expect(err).ToNot(HaveOccurred()) go func() {
Expect(string(body)).To(Equal("Hello, World 1!\n")) defer GinkgoRecover()
server2.ServeListener(fake2)
close(stoppedServing2)
}()
// open second server with same underlying listener, Consistently(stoppedServing1).ShouldNot(BeClosed())
// make sure it opened and both servers are currently running Consistently(stoppedServing2).ShouldNot(BeClosed())
fake2 := ln.Faker()
stoppedServing2 := make(chan struct{})
go func() {
defer GinkgoRecover()
server2.ServeListener(fake2)
close(stoppedServing2)
}()
Consistently(stoppedServing1).ShouldNot(BeClosed()) // now close first server, no errors should occur here
Consistently(stoppedServing2).ShouldNot(BeClosed()) // and only the fake listener should be closed
Expect(server1.Close()).NotTo(HaveOccurred())
Eventually(stoppedServing1).Should(BeClosed())
Expect(fake1.closed).To(Equal(int32(1)))
Expect(fake2.closed).To(Equal(int32(0)))
Expect(ln.listenerClosed).ToNot(BeTrue())
Expect(client.Transport.(*http3.RoundTripper).Close()).NotTo(HaveOccurred())
// now close first server, no errors should occur here // verify that new connections are being initiated from the second server now
// and only the fake listener should be closed resp, err = client.Get("https://localhost:" + port + "/hello2")
Expect(server1.Close()).NotTo(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Eventually(stoppedServing1).Should(BeClosed()) Expect(resp.StatusCode).To(Equal(200))
Expect(fake1.closed).To(Equal(int32(1))) body, err = io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(fake2.closed).To(Equal(int32(0))) Expect(err).ToNot(HaveOccurred())
Expect(ln.listenerClosed).ToNot(BeTrue()) Expect(string(body)).To(Equal("Hello, World 2!\n"))
Expect(client.Transport.(*http3.RoundTripper).Close()).NotTo(HaveOccurred())
// verify that new connections are being initiated from the second server now // close the other server - both the fake and the actual listeners must close now
resp, err = client.Get("https://localhost:" + port + "/hello2") Expect(server2.Close()).NotTo(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) Eventually(stoppedServing2).Should(BeClosed())
Expect(resp.StatusCode).To(Equal(200)) Expect(fake2.closed).To(Equal(int32(1)))
body, err = io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second)) Expect(ln.listenerClosed).To(BeTrue())
Expect(err).ToNot(HaveOccurred()) })
Expect(string(body)).To(Equal("Hello, World 2!\n"))
// close the other server - both the fake and the actual listeners must close now
Expect(server2.Close()).NotTo(HaveOccurred())
Eventually(stoppedServing2).Should(BeClosed())
Expect(fake2.closed).To(Equal(int32(1)))
Expect(ln.listenerClosed).To(BeTrue())
})
})
}
}) })

686
integrationtests/self/http_test.go
View file

@ -46,8 +46,6 @@ var _ = Describe("HTTP tests", func() {
port string port string
) )
versions := protocol.SupportedVersions
BeforeEach(func() { BeforeEach(func() {
mux = http.NewServeMux() mux = http.NewServeMux()
mux.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
@ -83,7 +81,7 @@ var _ = Describe("HTTP tests", func() {
server = &http3.Server{ server = &http3.Server{
Handler: mux, Handler: mux,
TLSConfig: testdata.GetTLSConfig(), TLSConfig: testdata.GetTLSConfig(),
QuicConfig: getQuicConfig(&quic.Config{Versions: versions}), QuicConfig: getQuicConfig(nil),
} }
addr, err := net.ResolveUDPAddr("udp", "0.0.0.0:0") addr, err := net.ResolveUDPAddr("udp", "0.0.0.0:0")
@ -106,362 +104,354 @@ var _ = Describe("HTTP tests", func() {
Eventually(stoppedServing).Should(BeClosed()) Eventually(stoppedServing).Should(BeClosed())
}) })
for _, v := range versions { BeforeEach(func() {
version := v client = &http.Client{
Transport: &http3.RoundTripper{
TLSClientConfig: &tls.Config{
RootCAs: testdata.GetRootCA(),
},
DisableCompression: true,
QuicConfig: getQuicConfig(&quic.Config{MaxIdleTimeout: 10 * time.Second}),
},
}
})
Context(fmt.Sprintf("with QUIC version %s", version), func() { It("downloads a hello", func() {
BeforeEach(func() { resp, err := client.Get("https://localhost:" + port + "/hello")
client = &http.Client{ Expect(err).ToNot(HaveOccurred())
Transport: &http3.RoundTripper{ Expect(resp.StatusCode).To(Equal(200))
TLSClientConfig: &tls.Config{ body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
RootCAs: testdata.GetRootCA(), Expect(err).ToNot(HaveOccurred())
}, Expect(string(body)).To(Equal("Hello, World!\n"))
DisableCompression: true, })
QuicConfig: getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{version},
MaxIdleTimeout: 10 * time.Second,
}),
},
}
})
It("downloads a hello", func() { It("downloads concurrently", func() {
resp, err := client.Get("https://localhost:" + port + "/hello") group, ctx := errgroup.WithContext(context.Background())
for i := 0; i < 2; i++ {
group.Go(func() error {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://localhost:"+port+"/hello", nil)
Expect(err).ToNot(HaveOccurred())
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200)) Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second)) body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n")) Expect(string(body)).To(Equal("Hello, World!\n"))
return nil
}) })
}
It("downloads concurrently", func() { err := group.Wait()
group, ctx := errgroup.WithContext(context.Background()) Expect(err).ToNot(HaveOccurred())
for i := 0; i < 2; i++ { })
group.Go(func() error {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://localhost:"+port+"/hello", nil)
Expect(err).ToNot(HaveOccurred())
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n"))
return nil It("sets and gets request headers", func() {
}) handlerCalled := make(chan struct{})
mux.HandleFunc("/headers/request", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
Expect(r.Header.Get("foo")).To(Equal("bar"))
Expect(r.Header.Get("lorem")).To(Equal("ipsum"))
close(handlerCalled)
})
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/headers/request", nil)
Expect(err).ToNot(HaveOccurred())
req.Header.Set("foo", "bar")
req.Header.Set("lorem", "ipsum")
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Eventually(handlerCalled).Should(BeClosed())
})
It("sets and gets response headers", func() {
mux.HandleFunc("/headers/response", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
w.Header().Set("foo", "bar")
w.Header().Set("lorem", "ipsum")
})
resp, err := client.Get("https://localhost:" + port + "/headers/response")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Header.Get("foo")).To(Equal("bar"))
Expect(resp.Header.Get("lorem")).To(Equal("ipsum"))
})
It("downloads a small file", func() {
resp, err := client.Get("https://localhost:" + port + "/prdata")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRData))
})
It("downloads a large file", func() {
resp, err := client.Get("https://localhost:" + port + "/prdatalong")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 20*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRDataLong))
})
It("downloads many hellos", func() {
const num = 150
for i := 0; i < num; i++ {
resp, err := client.Get("https://localhost:" + port + "/hello")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n"))
}
})
It("downloads many files, if the response is not read", func() {
const num = 150
for i := 0; i < num; i++ {
resp, err := client.Get("https://localhost:" + port + "/prdata")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Body.Close()).To(Succeed())
}
})
It("posts a small message", func() {
resp, err := client.Post(
"https://localhost:"+port+"/echo",
"text/plain",
bytes.NewReader([]byte("Hello, world!")),
)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal([]byte("Hello, world!")))
})
It("uploads a file", func() {
resp, err := client.Post(
"https://localhost:"+port+"/echo",
"text/plain",
bytes.NewReader(PRData),
)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRData))
})
It("uses gzip compression", func() {
mux.HandleFunc("/gzipped/hello", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
Expect(r.Header.Get("Accept-Encoding")).To(Equal("gzip"))
w.Header().Set("Content-Encoding", "gzip")
w.Header().Set("foo", "bar")
gw := gzip.NewWriter(w)
defer gw.Close()
gw.Write([]byte("Hello, World!\n"))
})
client.Transport.(*http3.RoundTripper).DisableCompression = false
resp, err := client.Get("https://localhost:" + port + "/gzipped/hello")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Uncompressed).To(BeTrue())
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n"))
})
It("cancels requests", func() {
handlerCalled := make(chan struct{})
mux.HandleFunc("/cancel", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
defer close(handlerCalled)
for {
if _, err := w.Write([]byte("foobar")); err != nil {
Expect(r.Context().Done()).To(BeClosed())
var strErr *quic.StreamError
Expect(errors.As(err, &strErr)).To(BeTrue())
Expect(strErr.ErrorCode).To(Equal(quic.StreamErrorCode(0x10c)))
return
} }
err := group.Wait()
Expect(err).ToNot(HaveOccurred())
})
It("sets and gets request headers", func() {
handlerCalled := make(chan struct{})
mux.HandleFunc("/headers/request", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
Expect(r.Header.Get("foo")).To(Equal("bar"))
Expect(r.Header.Get("lorem")).To(Equal("ipsum"))
close(handlerCalled)
})
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/headers/request", nil)
Expect(err).ToNot(HaveOccurred())
req.Header.Set("foo", "bar")
req.Header.Set("lorem", "ipsum")
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Eventually(handlerCalled).Should(BeClosed())
})
It("sets and gets response headers", func() {
mux.HandleFunc("/headers/response", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
w.Header().Set("foo", "bar")
w.Header().Set("lorem", "ipsum")
})
resp, err := client.Get("https://localhost:" + port + "/headers/response")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Header.Get("foo")).To(Equal("bar"))
Expect(resp.Header.Get("lorem")).To(Equal("ipsum"))
})
It("downloads a small file", func() {
resp, err := client.Get("https://localhost:" + port + "/prdata")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRData))
})
It("downloads a large file", func() {
resp, err := client.Get("https://localhost:" + port + "/prdatalong")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 20*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRDataLong))
})
It("downloads many hellos", func() {
const num = 150
for i := 0; i < num; i++ {
resp, err := client.Get("https://localhost:" + port + "/hello")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n"))
}
})
It("downloads many files, if the response is not read", func() {
const num = 150
for i := 0; i < num; i++ {
resp, err := client.Get("https://localhost:" + port + "/prdata")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Body.Close()).To(Succeed())
}
})
It("posts a small message", func() {
resp, err := client.Post(
"https://localhost:"+port+"/echo",
"text/plain",
bytes.NewReader([]byte("Hello, world!")),
)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal([]byte("Hello, world!")))
})
It("uploads a file", func() {
resp, err := client.Post(
"https://localhost:"+port+"/echo",
"text/plain",
bytes.NewReader(PRData),
)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(body).To(Equal(PRData))
})
It("uses gzip compression", func() {
mux.HandleFunc("/gzipped/hello", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
Expect(r.Header.Get("Accept-Encoding")).To(Equal("gzip"))
w.Header().Set("Content-Encoding", "gzip")
w.Header().Set("foo", "bar")
gw := gzip.NewWriter(w)
defer gw.Close()
gw.Write([]byte("Hello, World!\n"))
})
client.Transport.(*http3.RoundTripper).DisableCompression = false
resp, err := client.Get("https://localhost:" + port + "/gzipped/hello")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
Expect(resp.Uncompressed).To(BeTrue())
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second))
Expect(err).ToNot(HaveOccurred())
Expect(string(body)).To(Equal("Hello, World!\n"))
})
It("cancels requests", func() {
handlerCalled := make(chan struct{})
mux.HandleFunc("/cancel", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
defer close(handlerCalled)
for {
if _, err := w.Write([]byte("foobar")); err != nil {
Expect(r.Context().Done()).To(BeClosed())
var strErr *quic.StreamError
Expect(errors.As(err, &strErr)).To(BeTrue())
Expect(strErr.ErrorCode).To(Equal(quic.StreamErrorCode(0x10c)))
return
}
}
})
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/cancel", nil)
Expect(err).ToNot(HaveOccurred())
ctx, cancel := context.WithCancel(context.Background())
req = req.WithContext(ctx)
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
cancel()
Eventually(handlerCalled).Should(BeClosed())
_, err = resp.Body.Read([]byte{0})
Expect(err).To(HaveOccurred())
})
It("allows streamed HTTP requests", func() {
done := make(chan struct{})
mux.HandleFunc("/echoline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
defer close(done)
w.WriteHeader(200)
w.(http.Flusher).Flush()
reader := bufio.NewReader(r.Body)
for {
msg, err := reader.ReadString('\n')
if err != nil {
return
}
_, err = w.Write([]byte(msg))
Expect(err).ToNot(HaveOccurred())
w.(http.Flusher).Flush()
}
})
r, w := io.Pipe()
req, err := http.NewRequest("PUT", "https://localhost:"+port+"/echoline", r)
Expect(err).ToNot(HaveOccurred())
rsp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(200))
reader := bufio.NewReader(rsp.Body)
for i := 0; i < 5; i++ {
msg := fmt.Sprintf("Hello world, %d!\n", i)
fmt.Fprint(w, msg)
msgRcvd, err := reader.ReadString('\n')
Expect(err).ToNot(HaveOccurred())
Expect(msgRcvd).To(Equal(msg))
}
Expect(req.Body.Close()).To(Succeed())
Eventually(done).Should(BeClosed())
})
It("allows taking over the stream", func() {
mux.HandleFunc("/httpstreamer", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
w.WriteHeader(200)
w.(http.Flusher).Flush()
str := r.Body.(http3.HTTPStreamer).HTTPStream()
str.Write([]byte("foobar"))
// Do this in a Go routine, so that the handler returns early.
// This way, we can also check that the HTTP/3 doesn't close the stream.
go func() {
defer GinkgoRecover()
_, err := io.Copy(str, str)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
})
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/httpstreamer", nil)
Expect(err).ToNot(HaveOccurred())
rsp, err := client.Transport.(*http3.RoundTripper).RoundTripOpt(req, http3.RoundTripOpt{DontCloseRequestStream: true})
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(200))
str := rsp.Body.(http3.HTTPStreamer).HTTPStream()
b := make([]byte, 6)
_, err = io.ReadFull(str, b)
Expect(err).ToNot(HaveOccurred())
Expect(b).To(Equal([]byte("foobar")))
data := GeneratePRData(8 * 1024)
_, err = str.Write(data)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
repl, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(repl).To(Equal(data))
})
It("supports read deadlines", func() {
if !go120 {
Skip("This test requires Go 1.20+")
}
mux.HandleFunc("/read-deadline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
err := setReadDeadline(w, time.Now().Add(deadlineDelay))
Expect(err).ToNot(HaveOccurred())
body, err := io.ReadAll(r.Body)
Expect(err).To(MatchError(os.ErrDeadlineExceeded))
Expect(body).To(ContainSubstring("aa"))
w.Write([]byte("ok"))
})
expectedEnd := time.Now().Add(deadlineDelay)
resp, err := client.Post("https://localhost:"+port+"/read-deadline", "text/plain", neverEnding('a'))
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 2*deadlineDelay))
Expect(err).ToNot(HaveOccurred())
Expect(time.Now().After(expectedEnd)).To(BeTrue())
Expect(string(body)).To(Equal("ok"))
})
It("supports write deadlines", func() {
if !go120 {
Skip("This test requires Go 1.20+")
}
mux.HandleFunc("/write-deadline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
err := setWriteDeadline(w, time.Now().Add(deadlineDelay))
Expect(err).ToNot(HaveOccurred())
_, err = io.Copy(w, neverEnding('a'))
Expect(err).To(MatchError(os.ErrDeadlineExceeded))
})
expectedEnd := time.Now().Add(deadlineDelay)
resp, err := client.Get("https://localhost:" + port + "/write-deadline")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 2*deadlineDelay))
Expect(err).ToNot(HaveOccurred())
Expect(time.Now().After(expectedEnd)).To(BeTrue())
Expect(string(body)).To(ContainSubstring("aa"))
})
if version != protocol.VersionDraft29 {
It("serves other QUIC connections", func() {
tlsConf := testdata.GetTLSConfig()
tlsConf.NextProtos = []string{"h3"}
ln, err := quic.ListenAddr("localhost:0", tlsConf, nil)
Expect(err).ToNot(HaveOccurred())
done := make(chan struct{})
go func() {
defer GinkgoRecover()
defer close(done)
conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
Expect(server.ServeQUICConn(conn)).To(Succeed())
}()
resp, err := client.Get(fmt.Sprintf("https://localhost:%d/hello", ln.Addr().(*net.UDPAddr).Port))
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(http.StatusOK))
client.Transport.(io.Closer).Close()
Eventually(done).Should(BeClosed())
})
} }
}) })
}
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/cancel", nil)
Expect(err).ToNot(HaveOccurred())
ctx, cancel := context.WithCancel(context.Background())
req = req.WithContext(ctx)
resp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
cancel()
Eventually(handlerCalled).Should(BeClosed())
_, err = resp.Body.Read([]byte{0})
Expect(err).To(HaveOccurred())
})
It("allows streamed HTTP requests", func() {
done := make(chan struct{})
mux.HandleFunc("/echoline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
defer close(done)
w.WriteHeader(200)
w.(http.Flusher).Flush()
reader := bufio.NewReader(r.Body)
for {
msg, err := reader.ReadString('\n')
if err != nil {
return
}
_, err = w.Write([]byte(msg))
Expect(err).ToNot(HaveOccurred())
w.(http.Flusher).Flush()
}
})
r, w := io.Pipe()
req, err := http.NewRequest("PUT", "https://localhost:"+port+"/echoline", r)
Expect(err).ToNot(HaveOccurred())
rsp, err := client.Do(req)
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(200))
reader := bufio.NewReader(rsp.Body)
for i := 0; i < 5; i++ {
msg := fmt.Sprintf("Hello world, %d!\n", i)
fmt.Fprint(w, msg)
msgRcvd, err := reader.ReadString('\n')
Expect(err).ToNot(HaveOccurred())
Expect(msgRcvd).To(Equal(msg))
}
Expect(req.Body.Close()).To(Succeed())
Eventually(done).Should(BeClosed())
})
It("allows taking over the stream", func() {
mux.HandleFunc("/httpstreamer", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
w.WriteHeader(200)
w.(http.Flusher).Flush()
str := r.Body.(http3.HTTPStreamer).HTTPStream()
str.Write([]byte("foobar"))
// Do this in a Go routine, so that the handler returns early.
// This way, we can also check that the HTTP/3 doesn't close the stream.
go func() {
defer GinkgoRecover()
_, err := io.Copy(str, str)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
})
req, err := http.NewRequest(http.MethodGet, "https://localhost:"+port+"/httpstreamer", nil)
Expect(err).ToNot(HaveOccurred())
rsp, err := client.Transport.(*http3.RoundTripper).RoundTripOpt(req, http3.RoundTripOpt{DontCloseRequestStream: true})
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(200))
str := rsp.Body.(http3.HTTPStreamer).HTTPStream()
b := make([]byte, 6)
_, err = io.ReadFull(str, b)
Expect(err).ToNot(HaveOccurred())
Expect(b).To(Equal([]byte("foobar")))
data := GeneratePRData(8 * 1024)
_, err = str.Write(data)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
repl, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(repl).To(Equal(data))
})
It("serves other QUIC connections", func() {
if version == protocol.VersionDraft29 {
Skip("This test only works on RFC versions")
}
tlsConf := testdata.GetTLSConfig()
tlsConf.NextProtos = []string{"h3"}
ln, err := quic.ListenAddr("localhost:0", tlsConf, nil)
Expect(err).ToNot(HaveOccurred())
done := make(chan struct{})
go func() {
defer GinkgoRecover()
defer close(done)
conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
Expect(server.ServeQUICConn(conn)).To(Succeed())
}()
resp, err := client.Get(fmt.Sprintf("https://localhost:%d/hello", ln.Addr().(*net.UDPAddr).Port))
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(http.StatusOK))
client.Transport.(io.Closer).Close()
Eventually(done).Should(BeClosed())
})
It("supports read deadlines", func() {
if !go120 {
Skip("This test requires Go 1.20+")
}
mux.HandleFunc("/read-deadline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
err := setReadDeadline(w, time.Now().Add(deadlineDelay))
Expect(err).ToNot(HaveOccurred())
body, err := io.ReadAll(r.Body)
Expect(err).To(MatchError(os.ErrDeadlineExceeded))
Expect(body).To(ContainSubstring("aa"))
w.Write([]byte("ok"))
})
expectedEnd := time.Now().Add(deadlineDelay)
resp, err := client.Post("https://localhost:"+port+"/read-deadline", "text/plain", neverEnding('a'))
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 2*deadlineDelay))
Expect(err).ToNot(HaveOccurred())
Expect(time.Now().After(expectedEnd)).To(BeTrue())
Expect(string(body)).To(Equal("ok"))
})
It("supports write deadlines", func() {
if !go120 {
Skip("This test requires Go 1.20+")
}
mux.HandleFunc("/write-deadline", func(w http.ResponseWriter, r *http.Request) {
defer GinkgoRecover()
err := setWriteDeadline(w, time.Now().Add(deadlineDelay))
Expect(err).ToNot(HaveOccurred())
_, err = io.Copy(w, neverEnding('a'))
Expect(err).To(MatchError(os.ErrDeadlineExceeded))
})
expectedEnd := time.Now().Add(deadlineDelay)
resp, err := client.Get("https://localhost:" + port + "/write-deadline")
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(200))
body, err := io.ReadAll(gbytes.TimeoutReader(resp.Body, 2*deadlineDelay))
Expect(err).ToNot(HaveOccurred())
Expect(time.Now().After(expectedEnd)).To(BeTrue())
Expect(string(body)).To(ContainSubstring("aa"))
})
}) })

840
integrationtests/self/mitm_test.go
View file

@ -22,451 +22,435 @@ import (
) )
var _ = Describe("MITM test", func() { var _ = Describe("MITM test", func() {
for _, v := range protocol.SupportedVersions { const connIDLen = 6 // explicitly set the connection ID length, so the proxy can parse it
version := v
Context(fmt.Sprintf("with QUIC version %s", version), func() { var (
const connIDLen = 6 // explicitly set the connection ID length, so the proxy can parse it serverUDPConn, clientUDPConn *net.UDPConn
serverConn quic.Connection
serverConfig *quic.Config
)
var ( startServerAndProxy := func(delayCb quicproxy.DelayCallback, dropCb quicproxy.DropCallback) (proxyPort int, closeFn func()) {
serverUDPConn, clientUDPConn *net.UDPConn addr, err := net.ResolveUDPAddr("udp", "localhost:0")
serverConn quic.Connection Expect(err).ToNot(HaveOccurred())
serverConfig *quic.Config serverUDPConn, err = net.ListenUDP("udp", addr)
) Expect(err).ToNot(HaveOccurred())
ln, err := quic.Listen(serverUDPConn, getTLSConfig(), serverConfig)
Expect(err).ToNot(HaveOccurred())
done := make(chan struct{})
go func() {
defer GinkgoRecover()
defer close(done)
var err error
serverConn, err = ln.Accept(context.Background())
if err != nil {
return
}
str, err := serverConn.OpenUniStream()
Expect(err).ToNot(HaveOccurred())
_, err = str.Write(PRData)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
serverPort := ln.Addr().(*net.UDPAddr).Port
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
DelayPacket: delayCb,
DropPacket: dropCb,
})
Expect(err).ToNot(HaveOccurred())
return proxy.LocalPort(), func() {
proxy.Close()
ln.Close()
serverUDPConn.Close()
<-done
}
}
startServerAndProxy := func(delayCb quicproxy.DelayCallback, dropCb quicproxy.DropCallback) (proxyPort int, closeFn func()) { BeforeEach(func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0") serverConfig = getQuicConfig(&quic.Config{ConnectionIDLength: connIDLen})
Expect(err).ToNot(HaveOccurred()) addr, err := net.ResolveUDPAddr("udp", "localhost:0")
serverUDPConn, err = net.ListenUDP("udp", addr) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) clientUDPConn, err = net.ListenUDP("udp", addr)
ln, err := quic.Listen(serverUDPConn, getTLSConfig(), serverConfig) Expect(err).ToNot(HaveOccurred())
Expect(err).ToNot(HaveOccurred()) })
done := make(chan struct{})
go func() { Context("unsuccessful attacks", func() {
defer GinkgoRecover() AfterEach(func() {
defer close(done) Eventually(serverConn.Context().Done()).Should(BeClosed())
var err error // Test shutdown is tricky due to the proxy. Just wait for a bit.
serverConn, err = ln.Accept(context.Background()) time.Sleep(50 * time.Millisecond)
if err != nil { Expect(clientUDPConn.Close()).To(Succeed())
return })
Context("injecting invalid packets", func() {
const rtt = 20 * time.Millisecond
sendRandomPacketsOfSameType := func(conn net.PacketConn, remoteAddr net.Addr, raw []byte) {
defer GinkgoRecover()
const numPackets = 10
ticker := time.NewTicker(rtt / numPackets)
defer ticker.Stop()
if wire.IsLongHeaderPacket(raw[0]) {
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
replyHdr := &wire.ExtendedHeader{
Header: wire.Header{
DestConnectionID: hdr.DestConnectionID,
SrcConnectionID: hdr.SrcConnectionID,
Type: hdr.Type,
Version: hdr.Version,
},
PacketNumber: protocol.PacketNumber(mrand.Int31n(math.MaxInt32 / 4)),
PacketNumberLen: protocol.PacketNumberLen(mrand.Int31n(4) + 1),
} }
str, err := serverConn.OpenUniStream()
for i := 0; i < numPackets; i++ {
payloadLen := mrand.Int31n(100)
replyHdr.Length = protocol.ByteCount(mrand.Int31n(payloadLen + 1))
b, err := replyHdr.Append(nil, hdr.Version)
Expect(err).ToNot(HaveOccurred())
r := make([]byte, payloadLen)
mrand.Read(r)
b = append(b, r...)
if _, err := conn.WriteTo(b, remoteAddr); err != nil {
return
}
<-ticker.C
}
} else {
connID, err := wire.ParseConnectionID(raw, connIDLen)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
_, err = str.Write(PRData) _, pn, pnLen, _, err := wire.ParseShortHeader(raw, connIDLen)
Expect(err).ToNot(HaveOccurred()) if err != nil { // normally, ParseShortHeader is called after decrypting the header
Expect(str.Close()).To(Succeed()) Expect(err).To(MatchError(wire.ErrInvalidReservedBits))
}() }
serverPort := ln.Addr().(*net.UDPAddr).Port for i := 0; i < numPackets; i++ {
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{ b, err := wire.AppendShortHeader(nil, connID, pn, pnLen, protocol.KeyPhaseBit(mrand.Intn(2)))
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort), Expect(err).ToNot(HaveOccurred())
DelayPacket: delayCb, payloadLen := mrand.Int31n(100)
DropPacket: dropCb, r := make([]byte, payloadLen)
}) mrand.Read(r)
Expect(err).ToNot(HaveOccurred()) b = append(b, r...)
return proxy.LocalPort(), func() { if _, err := conn.WriteTo(b, remoteAddr); err != nil {
proxy.Close() return
ln.Close() }
serverUDPConn.Close() <-ticker.C
<-done }
} }
} }
BeforeEach(func() { runTest := func(delayCb quicproxy.DelayCallback) {
serverConfig = getQuicConfig(&quic.Config{ proxyPort, closeFn := startServerAndProxy(delayCb, nil)
Versions: []protocol.VersionNumber{version}, defer closeFn()
ConnectionIDLength: connIDLen, raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
})
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
clientUDPConn, err = net.ListenUDP("udp", addr) conn, err := quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{ConnectionIDLength: connIDLen}),
)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
}) str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
Expect(conn.CloseWithError(0, "")).To(Succeed())
}
Context("unsuccessful attacks", func() { It("downloads a message when the packets are injected towards the server", func() {
AfterEach(func() { delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
Eventually(serverConn.Context().Done()).Should(BeClosed()) if dir == quicproxy.DirectionIncoming {
// Test shutdown is tricky due to the proxy. Just wait for a bit.
time.Sleep(50 * time.Millisecond)
Expect(clientUDPConn.Close()).To(Succeed())
})
Context("injecting invalid packets", func() {
const rtt = 20 * time.Millisecond
sendRandomPacketsOfSameType := func(conn net.PacketConn, remoteAddr net.Addr, raw []byte) {
defer GinkgoRecover() defer GinkgoRecover()
const numPackets = 10 go sendRandomPacketsOfSameType(clientUDPConn, serverUDPConn.LocalAddr(), raw)
ticker := time.NewTicker(rtt / numPackets)
defer ticker.Stop()
if wire.IsLongHeaderPacket(raw[0]) {
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
replyHdr := &wire.ExtendedHeader{
Header: wire.Header{
DestConnectionID: hdr.DestConnectionID,
SrcConnectionID: hdr.SrcConnectionID,
Type: hdr.Type,
Version: hdr.Version,
},
PacketNumber: protocol.PacketNumber(mrand.Int31n(math.MaxInt32 / 4)),
PacketNumberLen: protocol.PacketNumberLen(mrand.Int31n(4) + 1),
}
for i := 0; i < numPackets; i++ {
payloadLen := mrand.Int31n(100)
replyHdr.Length = protocol.ByteCount(mrand.Int31n(payloadLen + 1))
b, err := replyHdr.Append(nil, version)
Expect(err).ToNot(HaveOccurred())
r := make([]byte, payloadLen)
mrand.Read(r)
b = append(b, r...)
if _, err := conn.WriteTo(b, remoteAddr); err != nil {
return
}
<-ticker.C
}
} else {
connID, err := wire.ParseConnectionID(raw, connIDLen)
Expect(err).ToNot(HaveOccurred())
_, pn, pnLen, _, err := wire.ParseShortHeader(raw, connIDLen)
if err != nil { // normally, ParseShortHeader is called after decrypting the header
Expect(err).To(MatchError(wire.ErrInvalidReservedBits))
}
for i := 0; i < numPackets; i++ {
b, err := wire.AppendShortHeader(nil, connID, pn, pnLen, protocol.KeyPhaseBit(mrand.Intn(2)))
Expect(err).ToNot(HaveOccurred())
payloadLen := mrand.Int31n(100)
r := make([]byte, payloadLen)
mrand.Read(r)
b = append(b, r...)
if _, err := conn.WriteTo(b, remoteAddr); err != nil {
return
}
<-ticker.C
}
}
} }
return rtt / 2
runTest := func(delayCb quicproxy.DelayCallback) {
proxyPort, closeFn := startServerAndProxy(delayCb, nil)
defer closeFn()
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{version},
ConnectionIDLength: connIDLen,
}),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
Expect(conn.CloseWithError(0, "")).To(Succeed())
}
It("downloads a message when the packets are injected towards the server", func() {
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
go sendRandomPacketsOfSameType(clientUDPConn, serverUDPConn.LocalAddr(), raw)
}
return rtt / 2
}
runTest(delayCb)
})
It("downloads a message when the packets are injected towards the client", func() {
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionOutgoing {
defer GinkgoRecover()
go sendRandomPacketsOfSameType(serverUDPConn, clientUDPConn.LocalAddr(), raw)
}
return rtt / 2
}
runTest(delayCb)
})
})
runTest := func(dropCb quicproxy.DropCallback) {
proxyPort, closeFn := startServerAndProxy(nil, dropCb)
defer closeFn()
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{version},
ConnectionIDLength: connIDLen,
}),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
Expect(conn.CloseWithError(0, "")).To(Succeed())
} }
runTest(delayCb)
Context("duplicating packets", func() {
It("downloads a message when packets are duplicated towards the server", func() {
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionIncoming {
_, err := clientUDPConn.WriteTo(raw, serverUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return false
}
runTest(dropCb)
})
It("downloads a message when packets are duplicated towards the client", func() {
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionOutgoing {
_, err := serverUDPConn.WriteTo(raw, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return false
}
runTest(dropCb)
})
})
Context("corrupting packets", func() {
const idleTimeout = time.Second
var numCorrupted, numPackets int32
BeforeEach(func() {
numCorrupted = 0
numPackets = 0
serverConfig.MaxIdleTimeout = idleTimeout
})
AfterEach(func() {
num := atomic.LoadInt32(&numCorrupted)
fmt.Fprintf(GinkgoWriter, "Corrupted %d of %d packets.", num, atomic.LoadInt32(&numPackets))
Expect(num).To(BeNumerically(">=", 1))
// If the packet containing the CONNECTION_CLOSE is corrupted,
// we have to wait for the connection to time out.
Eventually(serverConn.Context().Done(), 3*idleTimeout).Should(BeClosed())
})
It("downloads a message when packet are corrupted towards the server", func() {
const interval = 4 // corrupt every 4th packet (stochastically)
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionIncoming {
atomic.AddInt32(&numPackets, 1)
if mrand.Intn(interval) == 0 {
pos := mrand.Intn(len(raw))
raw[pos] = byte(mrand.Intn(256))
_, err := clientUDPConn.WriteTo(raw, serverUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
atomic.AddInt32(&numCorrupted, 1)
return true
}
}
return false
}
runTest(dropCb)
})
It("downloads a message when packet are corrupted towards the client", func() {
const interval = 10 // corrupt every 10th packet (stochastically)
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionOutgoing {
atomic.AddInt32(&numPackets, 1)
if mrand.Intn(interval) == 0 {
pos := mrand.Intn(len(raw))
raw[pos] = byte(mrand.Intn(256))
_, err := serverUDPConn.WriteTo(raw, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
atomic.AddInt32(&numCorrupted, 1)
return true
}
}
return false
}
runTest(dropCb)
})
})
}) })
Context("successful injection attacks", func() { It("downloads a message when the packets are injected towards the client", func() {
// These tests demonstrate that the QUIC protocol is vulnerable to injection attacks before the handshake delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
// finishes. In particular, an adversary who can intercept packets coming from one endpoint and send a reply if dir == quicproxy.DirectionOutgoing {
// that arrives before the real reply can tear down the connection in multiple ways. defer GinkgoRecover()
go sendRandomPacketsOfSameType(serverUDPConn, clientUDPConn.LocalAddr(), raw)
const rtt = 20 * time.Millisecond }
return rtt / 2
runTest := func(delayCb quicproxy.DelayCallback) (closeFn func(), err error) {
proxyPort, closeFn := startServerAndProxy(delayCb, nil)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
Expect(err).ToNot(HaveOccurred())
_, err = quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
Versions: []protocol.VersionNumber{version},
ConnectionIDLength: connIDLen,
HandshakeIdleTimeout: 2 * time.Second,
}),
)
return closeFn, err
} }
runTest(delayCb)
// fails immediately because client connection closes when it can't find compatible version
It("fails when a forged version negotiation packet is sent to client", func() {
done := make(chan struct{})
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial {
return 0
}
// Create fake version negotiation packet with no supported versions
versions := []protocol.VersionNumber{}
packet := wire.ComposeVersionNegotiation(
protocol.ArbitraryLenConnectionID(hdr.SrcConnectionID.Bytes()),
protocol.ArbitraryLenConnectionID(hdr.DestConnectionID.Bytes()),
versions,
)
// Send the packet
_, err = serverUDPConn.WriteTo(packet, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
close(done)
}
return rtt / 2
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
vnErr := &quic.VersionNegotiationError{}
Expect(errors.As(err, &vnErr)).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// times out, because client doesn't accept subsequent real retry packets from server
// as it has already accepted a retry.
// TODO: determine behavior when server does not send Retry packets
It("fails when a forged Retry packet with modified srcConnID is sent to client", func() {
serverConfig.RequireAddressValidation = func(net.Addr) bool { return true }
var initialPacketIntercepted bool
done := make(chan struct{})
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming && !initialPacketIntercepted {
defer GinkgoRecover()
defer close(done)
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial {
return 0
}
initialPacketIntercepted = true
fakeSrcConnID := protocol.ParseConnectionID([]byte{0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x12})
retryPacket := testutils.ComposeRetryPacket(fakeSrcConnID, hdr.SrcConnectionID, hdr.DestConnectionID, []byte("token"), hdr.Version)
_, err = serverUDPConn.WriteTo(retryPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt / 2
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
Expect(err.(net.Error).Timeout()).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// times out, because client doesn't accept real retry packets from server because
// it has already accepted an initial.
// TODO: determine behavior when server does not send Retry packets
It("fails when a forged initial packet is sent to client", func() {
done := make(chan struct{})
var injected bool
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial || injected {
return 0
}
defer close(done)
injected = true
initialPacket := testutils.ComposeInitialPacket(hdr.DestConnectionID, hdr.SrcConnectionID, hdr.Version, hdr.DestConnectionID, nil)
_, err = serverUDPConn.WriteTo(initialPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
Expect(err.(net.Error).Timeout()).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// client connection closes immediately on receiving ack for unsent packet
It("fails when a forged initial packet with ack for unsent packet is sent to client", func() {
done := make(chan struct{})
var injected bool
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial || injected {
return 0
}
defer close(done)
injected = true
// Fake Initial with ACK for packet 2 (unsent)
ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}}
initialPacket := testutils.ComposeInitialPacket(hdr.DestConnectionID, hdr.SrcConnectionID, hdr.Version, hdr.DestConnectionID, []wire.Frame{ack})
_, err = serverUDPConn.WriteTo(initialPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode).To(Equal(quic.ProtocolViolation))
Expect(transportErr.ErrorMessage).To(ContainSubstring("received ACK for an unsent packet"))
Eventually(done).Should(BeClosed())
})
}) })
}) })
}
runTest := func(dropCb quicproxy.DropCallback) {
proxyPort, closeFn := startServerAndProxy(nil, dropCb)
defer closeFn()
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
Expect(err).ToNot(HaveOccurred())
conn, err := quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{ConnectionIDLength: connIDLen}),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptUniStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
Expect(conn.CloseWithError(0, "")).To(Succeed())
}
Context("duplicating packets", func() {
It("downloads a message when packets are duplicated towards the server", func() {
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionIncoming {
_, err := clientUDPConn.WriteTo(raw, serverUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return false
}
runTest(dropCb)
})
It("downloads a message when packets are duplicated towards the client", func() {
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionOutgoing {
_, err := serverUDPConn.WriteTo(raw, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return false
}
runTest(dropCb)
})
})
Context("corrupting packets", func() {
const idleTimeout = time.Second
var numCorrupted, numPackets int32
BeforeEach(func() {
numCorrupted = 0
numPackets = 0
serverConfig.MaxIdleTimeout = idleTimeout
})
AfterEach(func() {
num := atomic.LoadInt32(&numCorrupted)
fmt.Fprintf(GinkgoWriter, "Corrupted %d of %d packets.", num, atomic.LoadInt32(&numPackets))
Expect(num).To(BeNumerically(">=", 1))
// If the packet containing the CONNECTION_CLOSE is corrupted,
// we have to wait for the connection to time out.
Eventually(serverConn.Context().Done(), 3*idleTimeout).Should(BeClosed())
})
It("downloads a message when packet are corrupted towards the server", func() {
const interval = 4 // corrupt every 4th packet (stochastically)
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionIncoming {
atomic.AddInt32(&numPackets, 1)
if mrand.Intn(interval) == 0 {
pos := mrand.Intn(len(raw))
raw[pos] = byte(mrand.Intn(256))
_, err := clientUDPConn.WriteTo(raw, serverUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
atomic.AddInt32(&numCorrupted, 1)
return true
}
}
return false
}
runTest(dropCb)
})
It("downloads a message when packet are corrupted towards the client", func() {
const interval = 10 // corrupt every 10th packet (stochastically)
dropCb := func(dir quicproxy.Direction, raw []byte) bool {
defer GinkgoRecover()
if dir == quicproxy.DirectionOutgoing {
atomic.AddInt32(&numPackets, 1)
if mrand.Intn(interval) == 0 {
pos := mrand.Intn(len(raw))
raw[pos] = byte(mrand.Intn(256))
_, err := serverUDPConn.WriteTo(raw, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
atomic.AddInt32(&numCorrupted, 1)
return true
}
}
return false
}
runTest(dropCb)
})
})
})
Context("successful injection attacks", func() {
// These tests demonstrate that the QUIC protocol is vulnerable to injection attacks before the handshake
// finishes. In particular, an adversary who can intercept packets coming from one endpoint and send a reply
// that arrives before the real reply can tear down the connection in multiple ways.
const rtt = 20 * time.Millisecond
runTest := func(delayCb quicproxy.DelayCallback) (closeFn func(), err error) {
proxyPort, closeFn := startServerAndProxy(delayCb, nil)
raddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("localhost:%d", proxyPort))
Expect(err).ToNot(HaveOccurred())
_, err = quic.Dial(
clientUDPConn,
raddr,
fmt.Sprintf("localhost:%d", proxyPort),
getTLSClientConfig(),
getQuicConfig(&quic.Config{
ConnectionIDLength: connIDLen,
HandshakeIdleTimeout: 2 * time.Second,
}),
)
return closeFn, err
}
// fails immediately because client connection closes when it can't find compatible version
It("fails when a forged version negotiation packet is sent to client", func() {
done := make(chan struct{})
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial {
return 0
}
// Create fake version negotiation packet with no supported versions
versions := []protocol.VersionNumber{}
packet := wire.ComposeVersionNegotiation(
protocol.ArbitraryLenConnectionID(hdr.SrcConnectionID.Bytes()),
protocol.ArbitraryLenConnectionID(hdr.DestConnectionID.Bytes()),
versions,
)
// Send the packet
_, err = serverUDPConn.WriteTo(packet, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
close(done)
}
return rtt / 2
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
vnErr := &quic.VersionNegotiationError{}
Expect(errors.As(err, &vnErr)).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// times out, because client doesn't accept subsequent real retry packets from server
// as it has already accepted a retry.
// TODO: determine behavior when server does not send Retry packets
It("fails when a forged Retry packet with modified srcConnID is sent to client", func() {
serverConfig.RequireAddressValidation = func(net.Addr) bool { return true }
var initialPacketIntercepted bool
done := make(chan struct{})
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming && !initialPacketIntercepted {
defer GinkgoRecover()
defer close(done)
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial {
return 0
}
initialPacketIntercepted = true
fakeSrcConnID := protocol.ParseConnectionID([]byte{0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x12})
retryPacket := testutils.ComposeRetryPacket(fakeSrcConnID, hdr.SrcConnectionID, hdr.DestConnectionID, []byte("token"), hdr.Version)
_, err = serverUDPConn.WriteTo(retryPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt / 2
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
Expect(err.(net.Error).Timeout()).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// times out, because client doesn't accept real retry packets from server because
// it has already accepted an initial.
// TODO: determine behavior when server does not send Retry packets
It("fails when a forged initial packet is sent to client", func() {
done := make(chan struct{})
var injected bool
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial || injected {
return 0
}
defer close(done)
injected = true
initialPacket := testutils.ComposeInitialPacket(hdr.DestConnectionID, hdr.SrcConnectionID, hdr.Version, hdr.DestConnectionID, nil)
_, err = serverUDPConn.WriteTo(initialPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
Expect(err.(net.Error).Timeout()).To(BeTrue())
Eventually(done).Should(BeClosed())
})
// client connection closes immediately on receiving ack for unsent packet
It("fails when a forged initial packet with ack for unsent packet is sent to client", func() {
done := make(chan struct{})
var injected bool
delayCb := func(dir quicproxy.Direction, raw []byte) time.Duration {
if dir == quicproxy.DirectionIncoming {
defer GinkgoRecover()
hdr, _, _, err := wire.ParsePacket(raw)
Expect(err).ToNot(HaveOccurred())
if hdr.Type != protocol.PacketTypeInitial || injected {
return 0
}
defer close(done)
injected = true
// Fake Initial with ACK for packet 2 (unsent)
ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}}
initialPacket := testutils.ComposeInitialPacket(hdr.DestConnectionID, hdr.SrcConnectionID, hdr.Version, hdr.DestConnectionID, []wire.Frame{ack})
_, err = serverUDPConn.WriteTo(initialPacket, clientUDPConn.LocalAddr())
Expect(err).ToNot(HaveOccurred())
}
return rtt
}
closeFn, err := runTest(delayCb)
defer closeFn()
Expect(err).To(HaveOccurred())
var transportErr *quic.TransportError
Expect(errors.As(err, &transportErr)).To(BeTrue())
Expect(transportErr.ErrorCode).To(Equal(quic.ProtocolViolation))
Expect(transportErr.ErrorMessage).To(ContainSubstring("received ACK for an unsent packet"))
Eventually(done).Should(BeClosed())
})
})
}) })

389
integrationtests/self/multiplex_test.go
View file

@ -9,213 +9,206 @@ import (
"time" "time"
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
) )
var _ = Describe("Multiplexing", func() { var _ = Describe("Multiplexing", func() {
for _, v := range protocol.SupportedVersions { runServer := func(ln quic.Listener) {
version := v go func() {
defer GinkgoRecover()
Context(fmt.Sprintf("with QUIC version %s", version), func() { for {
runServer := func(ln quic.Listener) { conn, err := ln.Accept(context.Background())
if err != nil {
return
}
go func() { go func() {
defer GinkgoRecover() defer GinkgoRecover()
for { str, err := conn.OpenStream()
conn, err := ln.Accept(context.Background()) Expect(err).ToNot(HaveOccurred())
if err != nil { defer str.Close()
return _, err = str.Write(PRData)
} Expect(err).ToNot(HaveOccurred())
go func() {
defer GinkgoRecover()
str, err := conn.OpenStream()
Expect(err).ToNot(HaveOccurred())
defer str.Close()
_, err = str.Write(PRData)
Expect(err).ToNot(HaveOccurred())
}()
}
}() }()
} }
}()
dial := func(pconn net.PacketConn, addr net.Addr) {
conn, err := quic.Dial(
pconn,
addr,
fmt.Sprintf("localhost:%d", addr.(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
defer conn.CloseWithError(0, "")
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
}
Context("multiplexing clients on the same conn", func() {
getListener := func() quic.Listener {
ln, err := quic.ListenAddr(
"localhost:0",
getTLSConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
return ln
}
It("multiplexes connections to the same server", func() {
server := getListener()
runServer(server)
defer server.Close()
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
It("multiplexes connections to different servers", func() {
server1 := getListener()
runServer(server1)
defer server1.Close()
server2 := getListener()
runServer(server2)
defer server2.Close()
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server1.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn, server2.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
})
Context("multiplexing server and client on the same conn", func() {
It("connects to itself", func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
server, err := quic.Listen(
conn,
getTLSConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
runServer(server)
done := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done, timeout).Should(BeClosed())
})
It("runs a server and client on the same conn", func() {
if runtime.GOOS == "linux" {
Skip("This test would require setting of iptables rules, see https://stackoverflow.com/questions/23859164/linux-udp-socket-sendto-operation-not-permitted.")
}
addr1, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn1, err := net.ListenUDP("udp", addr1)
Expect(err).ToNot(HaveOccurred())
defer conn1.Close()
addr2, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn2, err := net.ListenUDP("udp", addr2)
Expect(err).ToNot(HaveOccurred())
defer conn2.Close()
server1, err := quic.Listen(
conn1,
getTLSConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
runServer(server1)
defer server1.Close()
server2, err := quic.Listen(
conn2,
getTLSConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
runServer(server2)
defer server2.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn2, server1.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn1, server2.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
})
})
} }
dial := func(pconn net.PacketConn, addr net.Addr) {
conn, err := quic.Dial(
pconn,
addr,
fmt.Sprintf("localhost:%d", addr.(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
defer conn.CloseWithError(0, "")
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
}
Context("multiplexing clients on the same conn", func() {
getListener := func() quic.Listener {
ln, err := quic.ListenAddr(
"localhost:0",
getTLSConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
return ln
}
It("multiplexes connections to the same server", func() {
server := getListener()
runServer(server)
defer server.Close()
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
It("multiplexes connections to different servers", func() {
server1 := getListener()
runServer(server1)
defer server1.Close()
server2 := getListener()
runServer(server2)
defer server2.Close()
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server1.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn, server2.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
})
Context("multiplexing server and client on the same conn", func() {
It("connects to itself", func() {
addr, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn, err := net.ListenUDP("udp", addr)
Expect(err).ToNot(HaveOccurred())
defer conn.Close()
server, err := quic.Listen(
conn,
getTLSConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
runServer(server)
done := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn, server.Addr())
close(done)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done, timeout).Should(BeClosed())
})
It("runs a server and client on the same conn", func() {
if runtime.GOOS == "linux" {
Skip("This test would require setting of iptables rules, see https://stackoverflow.com/questions/23859164/linux-udp-socket-sendto-operation-not-permitted.")
}
addr1, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn1, err := net.ListenUDP("udp", addr1)
Expect(err).ToNot(HaveOccurred())
defer conn1.Close()
addr2, err := net.ResolveUDPAddr("udp", "localhost:0")
Expect(err).ToNot(HaveOccurred())
conn2, err := net.ListenUDP("udp", addr2)
Expect(err).ToNot(HaveOccurred())
defer conn2.Close()
server1, err := quic.Listen(
conn1,
getTLSConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
runServer(server1)
defer server1.Close()
server2, err := quic.Listen(
conn2,
getTLSConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
runServer(server2)
defer server2.Close()
done1 := make(chan struct{})
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
dial(conn2, server1.Addr())
close(done1)
}()
go func() {
defer GinkgoRecover()
dial(conn1, server2.Addr())
close(done2)
}()
timeout := 30 * time.Second
if debugLog() {
timeout = time.Minute
}
Eventually(done1, timeout).Should(BeClosed())
Eventually(done2, timeout).Should(BeClosed())
})
})
}) })

159
integrationtests/self/rtt_test.go
View file

@ -9,41 +9,72 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy" quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
) )
var _ = Describe("non-zero RTT", func() { var _ = Describe("non-zero RTT", func() {
for _, v := range protocol.SupportedVersions { runServer := func() quic.Listener {
version := v ln, err := quic.ListenAddr(
"localhost:0",
runServer := func() quic.Listener { getTLSConfig(),
ln, err := quic.ListenAddr( getQuicConfig(nil),
"localhost:0", )
getTLSConfig(), Expect(err).ToNot(HaveOccurred())
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}), go func() {
) defer GinkgoRecover()
conn, err := ln.Accept(context.Background())
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
go func() { str, err := conn.OpenStream()
defer GinkgoRecover() Expect(err).ToNot(HaveOccurred())
conn, err := ln.Accept(context.Background()) _, err = str.Write(PRData)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
str, err := conn.OpenStream() str.Close()
Expect(err).ToNot(HaveOccurred()) }()
_, err = str.Write(PRData) return ln
Expect(err).ToNot(HaveOccurred()) }
str.Close()
}() downloadFile := func(port int) {
return ln conn, err := quic.DialAddr(
} fmt.Sprintf("localhost:%d", port),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
conn.CloseWithError(0, "")
}
for _, r := range [...]time.Duration{
10 * time.Millisecond,
50 * time.Millisecond,
100 * time.Millisecond,
200 * time.Millisecond,
} {
rtt := r
It(fmt.Sprintf("downloads a message with %s RTT", rtt), func() {
ln := runServer()
defer ln.Close()
serverPort := ln.Addr().(*net.UDPAddr).Port
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
DelayPacket: func(quicproxy.Direction, []byte) time.Duration {
return rtt / 2
},
})
Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
downloadFile := func(port int) {
conn, err := quic.DialAddr( conn, err := quic.DialAddr(
fmt.Sprintf("localhost:%d", port), fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(), getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}), getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptStream(context.Background()) str, err := conn.AcceptStream(context.Background())
@ -52,67 +83,29 @@ var _ = Describe("non-zero RTT", func() {
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData)) Expect(data).To(Equal(PRData))
conn.CloseWithError(0, "") conn.CloseWithError(0, "")
} })
}
Context(fmt.Sprintf("with QUIC version %s", version), func() { for _, r := range [...]time.Duration{
for _, r := range [...]time.Duration{ 10 * time.Millisecond,
10 * time.Millisecond, 40 * time.Millisecond,
50 * time.Millisecond, } {
100 * time.Millisecond, rtt := r
200 * time.Millisecond,
} {
rtt := r
It(fmt.Sprintf("downloads a message with %s RTT", rtt), func() { It(fmt.Sprintf("downloads a message with %s RTT, with reordering", rtt), func() {
ln := runServer() ln := runServer()
defer ln.Close() defer ln.Close()
serverPort := ln.Addr().(*net.UDPAddr).Port serverPort := ln.Addr().(*net.UDPAddr).Port
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{ proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort), RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
DelayPacket: func(quicproxy.Direction, []byte) time.Duration { DelayPacket: func(quicproxy.Direction, []byte) time.Duration {
return rtt / 2 return randomDuration(rtt/2, rtt*3/2) / 2
}, },
}) })
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
defer proxy.Close() defer proxy.Close()
conn, err := quic.DialAddr( downloadFile(proxy.LocalPort())
fmt.Sprintf("localhost:%d", proxy.LocalPort()),
getTLSClientConfig(),
getQuicConfig(&quic.Config{Versions: []protocol.VersionNumber{version}}),
)
Expect(err).ToNot(HaveOccurred())
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(data).To(Equal(PRData))
conn.CloseWithError(0, "")
})
}
for _, r := range [...]time.Duration{
10 * time.Millisecond,
40 * time.Millisecond,
} {
rtt := r
It(fmt.Sprintf("downloads a message with %s RTT, with reordering", rtt), func() {
ln := runServer()
defer ln.Close()
serverPort := ln.Addr().(*net.UDPAddr).Port
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: fmt.Sprintf("localhost:%d", serverPort),
DelayPacket: func(quicproxy.Direction, []byte) time.Duration {
return randomDuration(rtt/2, rtt*3/2) / 2
},
})
Expect(err).ToNot(HaveOccurred())
defer proxy.Close()
downloadFile(proxy.LocalPort())
})
}
}) })
} }
}) })

23
integrationtests/self/self_suite_test.go
View file

@ -6,6 +6,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"flag" "flag"
"fmt"
"log" "log"
mrand "math/rand" mrand "math/rand"
"os" "os"
@ -18,6 +19,7 @@ import (
"github.com/quic-go/quic-go" "github.com/quic-go/quic-go"
"github.com/quic-go/quic-go/integrationtests/tools" "github.com/quic-go/quic-go/integrationtests/tools"
"github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/utils" "github.com/quic-go/quic-go/internal/utils"
"github.com/quic-go/quic-go/internal/wire" "github.com/quic-go/quic-go/internal/wire"
"github.com/quic-go/quic-go/logging" "github.com/quic-go/quic-go/logging"
@ -80,13 +82,15 @@ func (b *syncedBuffer) Reset() {
} }
var ( var (
logFileName string // the log file set in the ginkgo flags logFileName string // the log file set in the ginkgo flags
logBufOnce sync.Once logBufOnce sync.Once
logBuf *syncedBuffer logBuf *syncedBuffer
versionParam string
qlogTracer logging.Tracer qlogTracer logging.Tracer
enableQlog bool enableQlog bool
version quic.VersionNumber
tlsConfig *tls.Config tlsConfig *tls.Config
tlsConfigLongChain *tls.Config tlsConfigLongChain *tls.Config
tlsClientConfig *tls.Config tlsClientConfig *tls.Config
@ -96,6 +100,7 @@ var (
// to set call ginkgo -- -logfile=log.txt // to set call ginkgo -- -logfile=log.txt
func init() { func init() {
flag.StringVar(&logFileName, "logfile", "", "log file") flag.StringVar(&logFileName, "logfile", "", "log file")
flag.StringVar(&versionParam, "version", "1", "QUIC version")
flag.BoolVar(&enableQlog, "qlog", false, "enable qlog") flag.BoolVar(&enableQlog, "qlog", false, "enable qlog")
ca, caPrivateKey, err := tools.GenerateCA() ca, caPrivateKey, err := tools.GenerateCA()
@ -133,6 +138,18 @@ var _ = BeforeSuite(func() {
if enableQlog { if enableQlog {
qlogTracer = tools.NewQlogger(GinkgoWriter) qlogTracer = tools.NewQlogger(GinkgoWriter)
} }
switch versionParam {
case "1":
version = quic.Version1
case "2":
version = quic.Version2
case "draft29":
version = quic.VersionDraft29
default:
Fail(fmt.Sprintf("unknown QUIC version: %s", versionParam))
}
fmt.Printf("Using QUIC version: %s\n", version)
protocol.SupportedVersions = []quic.VersionNumber{version}
}) })
func getTLSConfig() *tls.Config { func getTLSConfig() *tls.Config {

261
integrationtests/self/stream_test.go
View file

@ -7,11 +7,9 @@ import (
"net" "net"
"sync" "sync"
"github.com/quic-go/quic-go"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
"github.com/quic-go/quic-go"
) )
var _ = Describe("Bidirectional streams", func() { var _ = Describe("Bidirectional streams", func() {
@ -20,144 +18,133 @@ var _ = Describe("Bidirectional streams", func() {
var ( var (
server quic.Listener server quic.Listener
serverAddr string serverAddr string
qconf *quic.Config
) )
for _, v := range []protocol.VersionNumber{protocol.Version1} { BeforeEach(func() {
version := v var err error
server, err = quic.ListenAddr("localhost:0", getTLSConfig(), getQuicConfig(nil))
Expect(err).ToNot(HaveOccurred())
serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port)
})
Context(fmt.Sprintf("with QUIC %s", version), func() { AfterEach(func() {
BeforeEach(func() { server.Close()
var err error })
qconf = &quic.Config{
Versions: []protocol.VersionNumber{version}, runSendingPeer := func(conn quic.Connection) {
MaxIncomingStreams: 0, var wg sync.WaitGroup
} wg.Add(numStreams)
server, err = quic.ListenAddr("localhost:0", getTLSConfig(), getQuicConfig(qconf)) for i := 0; i < numStreams; i++ {
str, err := conn.OpenStreamSync(context.Background())
Expect(err).ToNot(HaveOccurred())
data := GeneratePRData(25 * i)
go func() {
defer GinkgoRecover()
_, err := str.Write(data)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port) Expect(str.Close()).To(Succeed())
}) }()
go func() {
AfterEach(func() { defer GinkgoRecover()
server.Close() defer wg.Done()
}) dataRead, err := io.ReadAll(str)
runSendingPeer := func(conn quic.Connection) {
var wg sync.WaitGroup
wg.Add(numStreams)
for i := 0; i < numStreams; i++ {
str, err := conn.OpenStreamSync(context.Background())
Expect(err).ToNot(HaveOccurred())
data := GeneratePRData(25 * i)
go func() {
defer GinkgoRecover()
_, err := str.Write(data)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
go func() {
defer GinkgoRecover()
defer wg.Done()
dataRead, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
Expect(dataRead).To(Equal(data))
}()
}
wg.Wait()
}
runReceivingPeer := func(conn quic.Connection) {
var wg sync.WaitGroup
wg.Add(numStreams)
for i := 0; i < numStreams; i++ {
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
go func() {
defer GinkgoRecover()
defer wg.Done()
// shouldn't use io.Copy here
// we should read from the stream as early as possible, to free flow control credit
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
_, err = str.Write(data)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
}
wg.Wait()
}
It(fmt.Sprintf("client opening %d streams to a server", numStreams), func() {
var conn quic.Connection
go func() {
defer GinkgoRecover()
var err error
conn, err = server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
runReceivingPeer(conn)
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(qconf),
)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
runSendingPeer(client) Expect(dataRead).To(Equal(data))
}) }()
}
It(fmt.Sprintf("server opening %d streams to a client", numStreams), func() { wg.Wait()
go func() {
defer GinkgoRecover()
conn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
runSendingPeer(conn)
conn.CloseWithError(0, "")
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(qconf),
)
Expect(err).ToNot(HaveOccurred())
runReceivingPeer(client)
Eventually(client.Context().Done()).Should(BeClosed())
})
It(fmt.Sprintf("client and server opening %d each and sending data to the peer", numStreams), func() {
done1 := make(chan struct{})
go func() {
defer GinkgoRecover()
conn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
done := make(chan struct{})
go func() {
defer GinkgoRecover()
runReceivingPeer(conn)
close(done)
}()
runSendingPeer(conn)
<-done
close(done1)
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(qconf),
)
Expect(err).ToNot(HaveOccurred())
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
runSendingPeer(client)
close(done2)
}()
runReceivingPeer(client)
<-done1
<-done2
})
})
} }
runReceivingPeer := func(conn quic.Connection) {
var wg sync.WaitGroup
wg.Add(numStreams)
for i := 0; i < numStreams; i++ {
str, err := conn.AcceptStream(context.Background())
Expect(err).ToNot(HaveOccurred())
go func() {
defer GinkgoRecover()
defer wg.Done()
// shouldn't use io.Copy here
// we should read from the stream as early as possible, to free flow control credit
data, err := io.ReadAll(str)
Expect(err).ToNot(HaveOccurred())
_, err = str.Write(data)
Expect(err).ToNot(HaveOccurred())
Expect(str.Close()).To(Succeed())
}()
}
wg.Wait()
}
It(fmt.Sprintf("client opening %d streams to a server", numStreams), func() {
var conn quic.Connection
go func() {
defer GinkgoRecover()
var err error
conn, err = server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
runReceivingPeer(conn)
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
runSendingPeer(client)
})
It(fmt.Sprintf("server opening %d streams to a client", numStreams), func() {
go func() {
defer GinkgoRecover()
conn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
runSendingPeer(conn)
conn.CloseWithError(0, "")
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
runReceivingPeer(client)
Eventually(client.Context().Done()).Should(BeClosed())
})
It(fmt.Sprintf("client and server opening %d each and sending data to the peer", numStreams), func() {
done1 := make(chan struct{})
go func() {
defer GinkgoRecover()
conn, err := server.Accept(context.Background())
Expect(err).ToNot(HaveOccurred())
done := make(chan struct{})
go func() {
defer GinkgoRecover()
runReceivingPeer(conn)
close(done)
}()
runSendingPeer(conn)
<-done
close(done1)
}()
client, err := quic.DialAddr(
serverAddr,
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
done2 := make(chan struct{})
go func() {
defer GinkgoRecover()
runSendingPeer(client)
close(done2)
}()
runReceivingPeer(client)
<-done1
<-done2
})
}) })

10
integrationtests/self/uni_stream_test.go
View file

@ -20,13 +20,11 @@ var _ = Describe("Unidirectional Streams", func() {
var ( var (
server quic.Listener server quic.Listener
serverAddr string serverAddr string
qconf *quic.Config
) )
BeforeEach(func() { BeforeEach(func() {
var err error var err error
qconf = &quic.Config{Versions: []protocol.VersionNumber{protocol.Version1}} server, err = quic.ListenAddr("localhost:0", getTLSConfig(), getQuicConfig(nil))
server, err = quic.ListenAddr("localhost:0", getTLSConfig(), getQuicConfig(qconf))
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port) serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port)
}) })
@ -81,7 +79,7 @@ var _ = Describe("Unidirectional Streams", func() {
client, err := quic.DialAddr( client, err := quic.DialAddr(
serverAddr, serverAddr,
getTLSClientConfig(), getTLSClientConfig(),
getQuicConfig(qconf), getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
runSendingPeer(client) runSendingPeer(client)
@ -99,7 +97,7 @@ var _ = Describe("Unidirectional Streams", func() {
client, err := quic.DialAddr( client, err := quic.DialAddr(
serverAddr, serverAddr,
getTLSClientConfig(), getTLSClientConfig(),
getQuicConfig(qconf), getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
runReceivingPeer(client) runReceivingPeer(client)
@ -125,7 +123,7 @@ var _ = Describe("Unidirectional Streams", func() {
client, err := quic.DialAddr( client, err := quic.DialAddr(
serverAddr, serverAddr,
getTLSClientConfig(), getTLSClientConfig(),
getQuicConfig(qconf), getQuicConfig(nil),
) )
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
done2 := make(chan struct{}) done2 := make(chan struct{})

1404
integrationtests/self/zero_rtt_test.go
View file

File diff suppressed because it is too large Load diff

53
integrationtests/versionnegotiation/rtt_test.go Normal file
View file

@ -0,0 +1,53 @@
package versionnegotiation
import (
"time"
"github.com/quic-go/quic-go"
quicproxy "github.com/quic-go/quic-go/integrationtests/tools/proxy"
"github.com/quic-go/quic-go/internal/protocol"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)
var _ = Describe("Handshake RTT tests", func() {
const rtt = 400 * time.Millisecond
expectDurationInRTTs := func(startTime time.Time, num int) {
testDuration := time.Since(startTime)
rtts := float32(testDuration) / float32(rtt)
Expect(rtts).To(SatisfyAll(
BeNumerically(">=", num),
BeNumerically("<", num+1),
))
}
It("fails when there's no matching version, after 1 RTT", func() {
if len(protocol.SupportedVersions) == 1 {
Skip("Test requires at least 2 supported versions.")
}
serverConfig := &quic.Config{}
serverConfig.Versions = protocol.SupportedVersions[:1]
ln, err := quic.ListenAddr("localhost:0", getTLSConfig(), serverConfig)
Expect(err).ToNot(HaveOccurred())
defer ln.Close()
// start the proxy
proxy, err := quicproxy.NewQuicProxy("localhost:0", &quicproxy.Opts{
RemoteAddr: ln.Addr().String(),
DelayPacket: func(_ quicproxy.Direction, _ []byte) time.Duration { return rtt / 2 },
})
Expect(err).ToNot(HaveOccurred())
startTime := time.Now()
_, err = quic.DialAddr(
proxy.LocalAddr().String(),
getTLSClientConfig(),
maybeAddQlogTracer(&quic.Config{Versions: protocol.SupportedVersions[1:2]}),
)
Expect(err).To(HaveOccurred())
expectDurationInRTTs(startTime, 1)
})
})