[!] Minor fixes (alibaba#124)

CONTRIBUTING.md

@@ -208,5 +208,9 @@ In no particular order, thanks to these excellent individuals who contributed co
 * @flx413
 * @robinhzp
 * @contrun
+* @eltociear
+* @happyomg
+* @driventokill
+* @chenzhanfeng
 
 This list will be continuously updated. Contributions are welcome!

README.md

@@ -34,52 +34,52 @@ To run test cases, you need
 
 XQUIC supports both BabaSSL and BoringSSL.
 
-### Build with BabaSSL
+### Build with BoringSSL
 
 ```bash
 # get XQUIC source code
 git clone [email protected]:alibaba/xquic.git
 cd xquic
 
-# get and build BabaSSL
-git clone [email protected]:BabaSSL/BabaSSL.git ./third_party/babassl
-cd ./third_party/babassl/
-./config --prefix=/usr/local/babassl
-make -j
-SSL_TYPE_STR="babassl"
+# get and build BoringSSL
+git clone [email protected]:google/boringssl.git ./third_party/boringssl
+cd ./third_party/boringssl
+mkdir -p build && cd build
+cmake -DBUILD_SHARED_LIBS=0 -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC" ..
+make ssl crypto
+cd ..
+SSL_TYPE_STR="boringssl"
 SSL_PATH_STR="${PWD}"
 SSL_INC_PATH_STR="${PWD}/include"
-SSL_LIB_PATH_STR="${PWD}/libssl.a;${PWD}/libcrypto.a"
-cd -
+SSL_LIB_PATH_STR="${PWD}/build/ssl/libssl.a;${PWD}/build/crypto/libcrypto.a"
+cd ../..
 
-# build XQUIC with BabaSSL
+# build XQUIC with BoringSSL
 git submodule update --init --recursive
 mkdir -p build; cd build
 cmake -DGCOV=on -DCMAKE_BUILD_TYPE=Debug -DXQC_ENABLE_TESTING=1 -DXQC_SUPPORT_SENDMMSG_BUILD=1 -DXQC_ENABLE_EVENT_LOG=1 -DXQC_ENABLE_BBR2=1 -DXQC_DISABLE_RENO=0 -DSSL_TYPE=${SSL_TYPE_STR} -DSSL_PATH=${SSL_PATH_STR} -DSSL_INC_PATH=${SSL_INC_PATH_STR} -DSSL_LIB_PATH=${SSL_LIB_PATH_STR} ..
 make -j
 ```
 
-### Build with BoringSSL
+### Build with BabaSSL
 
 ```bash
 # get XQUIC source code
 git clone [email protected]:alibaba/xquic.git
 cd xquic
 
-# get and build BoringSSL
-git clone [email protected]:google/boringssl.git ./third_party/boringssl
-cd ./third_party/boringssl
-mkdir -p build && cd build
-cmake -DBUILD_SHARED_LIBS=0 -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC" ..
-make ssl crypto
-cd ..
-SSL_TYPE_STR="boringssl"
+# get and build BabaSSL
+git clone [email protected]:BabaSSL/BabaSSL.git ./third_party/babassl
+cd ./third_party/babassl/
+./config --prefix=/usr/local/babassl
+make -j
+SSL_TYPE_STR="babassl"
 SSL_PATH_STR="${PWD}"
 SSL_INC_PATH_STR="${PWD}/include"
-SSL_LIB_PATH_STR="${PWD}/build/ssl/libssl.a;${PWD}/build/crypto/libcrypto.a"
-cd ../..
+SSL_LIB_PATH_STR="${PWD}/libssl.a;${PWD}/libcrypto.a"
+cd -
 
-# build XQUIC with BoringSSL
+# build XQUIC with BabaSSL
 git submodule update --init --recursive
 mkdir -p build; cd build
 cmake -DGCOV=on -DCMAKE_BUILD_TYPE=Debug -DXQC_ENABLE_TESTING=1 -DXQC_SUPPORT_SENDMMSG_BUILD=1 -DXQC_ENABLE_EVENT_LOG=1 -DXQC_ENABLE_BBR2=1 -DXQC_DISABLE_RENO=0 -DSSL_TYPE=${SSL_TYPE_STR} -DSSL_PATH=${SSL_PATH_STR} -DSSL_INC_PATH=${SSL_INC_PATH_STR} -DSSL_LIB_PATH=${SSL_LIB_PATH_STR} ..
@@ -99,7 +99,7 @@ sh ../scripts/xquic_test.sh
 * For Chinese Simplified (zh-CN) translation of the IETF QUIC Protocol, see the Translation docs.
     - The following translation is based on draft-34 and RFC Translation is Working In Progress.
     - [draft-ietf-quic-invariants-13-zh](./docs/translation/draft-ietf-quic-invariants-13-zh.md)
-    - [draft-ietf-quic-transport-34-zh](./docs/translation/draft-ietf-quic-transport-34-zh.md)
+    - [RFC9000-transport-zh](./docs/translation/rfc9000-transport-zh.md)
     - [draft-ietf-quic-recovery-34-zh](./docs/translation/draft-ietf-quic-recovery-34-zh.md)
     - [draft-ietf-quic-tls-34-zh](./docs/translation/draft-ietf-quic-tls-34-zh.md)
     - [draft-ietf-quic-http-34-zh](./docs/translation/draft-ietf-quic-http-34-zh.md)

demo/xqc_hq_conn.c

@@ -115,7 +115,8 @@ xqc_hq_conn_get_peer_addr(xqc_hq_conn_t *hqc, struct sockaddr *addr, socklen_t a
 }
 
 xqc_int_t
-xqc_hq_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *conn_user_data)
+xqc_hq_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid,
+    void *conn_user_data, void *conn_proto_data)
 {
     /* here conn_user_data is the app-layer user_data */
     xqc_hq_conn_t *hqc = xqc_hq_conn_create(conn, cid, conn_user_data);
@@ -136,11 +137,12 @@ xqc_hq_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *co
 }
 
 xqc_int_t
-xqc_hq_conn_close_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *conn_user_data)
+xqc_hq_conn_close_notify(xqc_connection_t *conn, const xqc_cid_t *cid,
+    void *conn_user_data, void *conn_proto_data)
 {
     xqc_int_t ret = XQC_OK;
 
-    xqc_hq_conn_t *hqc = (xqc_hq_conn_t *)conn_user_data;
+    xqc_hq_conn_t *hqc = (xqc_hq_conn_t *)conn_proto_data;
     if (hqc->hqc_cbs->conn_close_notify) {
         ret = hqc->hqc_cbs->conn_close_notify(hqc, cid, hqc->user_data);
         if (ret != XQC_OK) {
@@ -155,7 +157,8 @@ xqc_hq_conn_close_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *con
 
 
 void
-xqc_hq_conn_handshake_finished(xqc_connection_t *conn, void *conn_user_data)
+xqc_hq_conn_handshake_finished(xqc_connection_t *conn, void *conn_user_data,
+    void *conn_proto_data)
 {
     return;
 }

include/xquic/xqc_http3.h

@@ -499,6 +499,13 @@ void *xqc_h3_get_conn_user_data_by_request(xqc_h3_request_t *h3_request);
 XQC_EXPORT_PUBLIC_API
 xqc_stream_id_t xqc_h3_stream_id(xqc_h3_request_t *h3_request);
 
+/**
+ * @brief Get QUIC Transport connection handler
+ */
+XQC_EXPORT_PUBLIC_API
+xqc_connection_t *xqc_h3_conn_get_xqc_conn(xqc_h3_conn_t *h3_conn);
+
+
 #ifdef __cplusplus
 }
 #endif

include/xquic/xquic.h

@@ -164,9 +164,14 @@ typedef ssize_t (*xqc_stateless_reset_pt)(const unsigned char *buf, size_t size,
 
 /**
  * @brief general callback function definition for connection create and close
+ * 
+ * @param conn_user_data the user_data which will be used in callback functions
+ * between xquic transport connection and application
+ * @param conn_proto_data the user_data which will be used in callback functions
+ * between xquic transport connection and application-layer-protocol
  */
 typedef int (*xqc_conn_notify_pt)(xqc_connection_t *conn, const xqc_cid_t *cid,
-    void *conn_user_data);
+    void *conn_user_data, void *conn_proto_data);
 
 /**
  * @brief QUIC connection token callback. REQUIRED for client.
@@ -209,7 +214,8 @@ typedef xqc_save_string_pt xqc_save_trans_param_pt;
  * this will be trigger when the QUIC connection handshake is completed, that is, when the TLS
  * stack has both sent a Finished message and verified the peer's Finished message
  */
-typedef void (*xqc_handshake_finished_pt)(xqc_connection_t *conn, void *conn_user_data);
+typedef void (*xqc_handshake_finished_pt)(xqc_connection_t *conn, void *conn_user_data,
+    void *conn_proto_data);
 
 /**
  * @brief PING acked callback function.
@@ -220,7 +226,7 @@ typedef void (*xqc_handshake_finished_pt)(xqc_connection_t *conn, void *conn_use
  * xquic might send PING frames  will not trigger this callback
  */
 typedef void (*xqc_conn_ping_ack_notify_pt)(xqc_connection_t *conn, const xqc_cid_t *cid,
-    void *ping_user_data, void *conn_user_data);
+    void *ping_user_data, void *conn_user_data, void *conn_proto_data);
 
 /**
  * @brief cid update callback function.
@@ -984,7 +990,7 @@ void xqc_conn_set_transport_user_data(xqc_connection_t *conn, void *user_data);
  * xqc_conn_callbacks_t
  */
 XQC_EXPORT_PUBLIC_API
-void xqc_conn_set_alp_user_data(xqc_connection_t *conn, void *app_proto_user_data);
+void xqc_conn_set_alp_user_data(xqc_connection_t *conn, void *proto_data);
 
 
 /**

src/congestion_control/xqc_cubic.c

@@ -100,6 +100,14 @@ xqc_cubic_update(void *cong_ctl, uint32_t acked_bytes, xqc_usec_t now)
     cubic->cwnd = bic_target;
 }
 
+/* https://datatracker.ietf.org/doc/html/rfc9002#appendix-B.5 */
+static int
+xqc_cubic_in_congestion_recovery(void *cong_ctl, xqc_usec_t sent_time)
+{
+    xqc_cubic_t *cubic = (xqc_cubic_t*)(cong_ctl);
+    return sent_time <= cubic->congestion_recovery_start_time;
+}
+
 size_t
 xqc_cubic_size()
 {
@@ -115,6 +123,7 @@ xqc_cubic_init(void *cong_ctl, xqc_send_ctl_t *ctl_ctx, xqc_cc_params_t cc_param
     cubic->tcp_cwnd = XQC_CUBIC_INIT_WIN;
     cubic->last_max_cwnd = XQC_CUBIC_INIT_WIN;
     cubic->ssthresh = XQC_CUBIC_MAX_SSTHRESH;
+    cubic->congestion_recovery_start_time = 0;
 
     if (cc_params.customize_on) {
         cc_params.init_cwnd *= XQC_CUBIC_MSS;
@@ -130,6 +139,12 @@ xqc_cubic_on_lost(void *cong_ctl, xqc_usec_t lost_sent_time)
 {
     xqc_cubic_t *cubic = (xqc_cubic_t*)(cong_ctl);
 
+    /* No reaction if already in a recovery period. */
+    if (xqc_cubic_in_congestion_recovery(cong_ctl, lost_sent_time)) {
+        return;
+    }
+
+    cubic->congestion_recovery_start_time = xqc_monotonic_timestamp();
     cubic->epoch_start = 0;
 
     /* should we make room for others */
@@ -162,6 +177,11 @@ xqc_cubic_on_ack(void *cong_ctl, xqc_packet_out_t *po, xqc_usec_t now)
         cubic->min_rtt = rtt;
     }
 
+    /* Do not increase congestion window in recovery period. */
+    if (xqc_cubic_in_congestion_recovery(cong_ctl, po->po_sent_time)) {
+        return;
+    }
+
     if (cubic->cwnd < cubic->ssthresh) {
         /* slow start */
         cubic->tcp_cwnd += acked_bytes;

src/congestion_control/xqc_cubic.h

@@ -20,6 +20,7 @@ typedef struct {
     uint64_t        bic_K;              /* time period from W growth to Wmax */
     xqc_usec_t      epoch_start;        /* the moment when congestion switchover begins, in microseconds */
     xqc_usec_t      min_rtt;
+    xqc_usec_t      congestion_recovery_start_time;
 } xqc_cubic_t;
 
 extern const xqc_cong_ctrl_callback_t xqc_cubic_cb;

src/http3/xqc_h3_conn.c

@@ -603,13 +603,13 @@ xqc_h3_conn_process_blocked_stream(xqc_h3_conn_t *h3c)
     return XQC_OK;
 }
 
-
 xqc_int_t
-xqc_h3_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *user_data)
+xqc_h3_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid,
+    void *conn_user_data, void *conn_proto_data)
 {
     xqc_int_t ret;
     xqc_h3_conn_t *h3c;
-    h3c = xqc_h3_conn_create(conn, user_data);
+    h3c = xqc_h3_conn_create(conn, conn_user_data);
     if (!h3c) {
         xqc_log(conn->log, XQC_LOG_ERROR, "|xqc_h3_conn_create error|");
         return -XQC_H3_ECREATE_CONN;
@@ -649,19 +649,21 @@ xqc_h3_conn_create_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *us
 
 
 xqc_int_t
-xqc_h3_conn_close_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *user_data)
+xqc_h3_conn_close_notify(xqc_connection_t *conn, const xqc_cid_t *cid,
+    void *conn_user_data, void *conn_proto_data)
 {
-    xqc_h3_conn_t *h3c = (xqc_h3_conn_t*)user_data;
+    xqc_h3_conn_t *h3c = (xqc_h3_conn_t*)conn_proto_data;
     xqc_h3_conn_destroy(h3c);
     xqc_log(conn->log, XQC_LOG_DEBUG, "|destroy h3 conn success|");
     return XQC_OK;
 }
 
 
 void
-xqc_h3_conn_handshake_finished(xqc_connection_t *conn, void *user_data)
+xqc_h3_conn_handshake_finished(xqc_connection_t *conn,
+    void *conn_user_data, void *conn_proto_data)
 {
-    xqc_h3_conn_t *h3c = (xqc_h3_conn_t*)user_data;
+    xqc_h3_conn_t *h3c = (xqc_h3_conn_t *)conn_proto_data;
     if (h3c->h3_conn_callbacks.h3_conn_handshake_finished) {
         xqc_log(conn->log, XQC_LOG_DEBUG, "|HANDSHAKE_COMPLETED notify|");
 
@@ -671,9 +673,9 @@ xqc_h3_conn_handshake_finished(xqc_connection_t *conn, void *user_data)
 
 void
 xqc_h3_conn_ping_acked_notify(xqc_connection_t *conn, const xqc_cid_t *cid, void *ping_user_data,
-    void *user_data)
+    void *conn_user_data, void *conn_proto_data)
 {
-    xqc_h3_conn_t *h3c = (xqc_h3_conn_t*)user_data;
+    xqc_h3_conn_t *h3c = (xqc_h3_conn_t*)conn_proto_data;
 
     if (h3c->h3_conn_callbacks.h3_conn_ping_acked) {
         xqc_log(conn->log, XQC_LOG_DEBUG, "|Ping acked notify|");

src/http3/xqc_h3_request.c

@@ -24,7 +24,7 @@ xqc_h3_request_create(xqc_engine_t *engine, const xqc_cid_t *cid, void *user_dat
         return NULL;
     }
 
-    h3_conn = (xqc_h3_conn_t*)stream->stream_conn->app_proto_user_data;
+    h3_conn = (xqc_h3_conn_t*)stream->stream_conn->proto_data;
 
     h3_stream = xqc_h3_stream_create(h3_conn, stream, XQC_H3_STREAM_TYPE_REQUEST, user_data);
     if (!h3_stream) {

src/http3/xqc_h3_stream.c

@@ -1162,7 +1162,7 @@ xqc_h3_stream_process_data(xqc_stream_t *stream, xqc_h3_stream_t *h3s, xqc_bool_
 {
     xqc_int_t       ret;
     ssize_t         read;
-    xqc_h3_conn_t  *h3c = (xqc_h3_conn_t *)stream->stream_conn->app_proto_user_data;
+    xqc_h3_conn_t  *h3c = (xqc_h3_conn_t *)stream->stream_conn->proto_data;
     unsigned char   buff[XQC_DATA_BUF_SIZE_4K];
     size_t          buff_size = XQC_DATA_BUF_SIZE_4K;
     uint64_t        insert_cnt = xqc_qpack_get_dec_insert_count(h3s->qpack);
@@ -1290,7 +1290,7 @@ xqc_h3_stream_read_notify(xqc_stream_t *stream, void *user_data)
     xqc_int_t ret;
 
     xqc_h3_stream_t *h3s;
-    xqc_h3_conn_t   *h3c = (xqc_h3_conn_t *)stream->stream_conn->app_proto_user_data;
+    xqc_h3_conn_t   *h3c = (xqc_h3_conn_t *)stream->stream_conn->proto_data;
 
     /* server h3_stream might not be created yet */
     if (!user_data) {

src/tls/boringssl/xqc_ssl_if.c

@@ -52,36 +52,18 @@ xqc_int_t
 xqc_ssl_get_certs_array(SSL *ssl, X509_STORE_CTX *store_ctx, unsigned char **certs_array,
     size_t array_cap, size_t *certs_array_len, size_t *certs_len)
 {
-    unsigned char *cert_buf = NULL;
-    X509 *cert = NULL;
-    int cert_size = 0;
+    const STACK_OF(CRYPTO_BUFFER) *chain = SSL_get0_peer_certificates(ssl);
 
-    const STACK_OF(X509) *chain = X509_STORE_CTX_get0_chain(store_ctx);
-    *certs_array_len = sk_X509_num(chain);
-    if (*certs_array_len > XQC_MAX_VERIFY_DEPTH) { /* impossible */
+    *certs_array_len = sk_CRYPTO_BUFFER_num(chain);
+    if (*certs_array_len > XQC_MAX_VERIFY_DEPTH) {
         X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG);
         return -XQC_TLS_INTERNAL;
     }
 
     for (int i = 0; i < *certs_array_len; i++) {
-        /* get the size of cert */
-        cert = sk_X509_value(chain, i);
-        cert_size = i2d_X509(cert, NULL);
-        if (cert_size <= 0) {
-            return -XQC_TLS_INTERNAL;
-        }
-
-        /* malloc memory for copy cert */
-        certs_array[i] = xqc_malloc(cert_size);
-        if (certs_array[i] == NULL) {
-            return -XQC_TLS_NOMEM;
-        }
-
-        /* copy cert */
-        certs_len[i] = i2d_X509(cert, &certs_array[i]);
-        if (certs_len[i] <= 0) {
-            return -XQC_TLS_INTERNAL;
-        }
+        CRYPTO_BUFFER * buffer = sk_CRYPTO_BUFFER_value(chain, i);
+        certs_array[i] = (unsigned char *)CRYPTO_BUFFER_data(buffer);
+        certs_len[i] = (size_t)CRYPTO_BUFFER_len(buffer);
     }
 
     return XQC_OK;

src/transport/xqc_client.c

@@ -67,7 +67,7 @@ xqc_client_connect(xqc_engine_t *engine, const xqc_conn_settings_t *conn_setting
 
     /* conn_create callback */
     if (xc->app_proto_cbs.conn_cbs.conn_create_notify) {
-        if (xc->app_proto_cbs.conn_cbs.conn_create_notify(xc, &xc->scid_set.user_scid, user_data)) {
+        if (xc->app_proto_cbs.conn_cbs.conn_create_notify(xc, &xc->scid_set.user_scid, user_data, NULL)) {
             xqc_conn_destroy(xc);
             return NULL;
         }