Merge pull request #1891 from nghttp2/bump-ngtcp2

Bump ngtcp2 to v0.14.0

.github/workflows/build.yml

@@ -8,9 +8,9 @@ env:
   LIBBPF_VERSION: v1.1.0
   OPENSSL1_VERSION: 1_1_1t+quic
   OPENSSL3_VERSION: 3.0.8+quic
-  BORINGSSL_VERSION: 80a243e07ef77156af66efa7d22ac35aba44c1b3
-  NGHTTP3_VERSION: v0.9.0
-  NGTCP2_VERSION: v0.13.1
+  BORINGSSL_VERSION: 74646566e93de7551bfdfc5f49de7462f13d1d05
+  NGHTTP3_VERSION: v0.10.0
+  NGTCP2_VERSION: v0.14.0
 
 jobs:
   build-cache:

README.rst

@@ -129,8 +129,8 @@ following libraries are required:
 * `OpenSSL with QUIC support
   <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1t+quic>`_; or
   `BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit
-  80a243e07ef77156af66efa7d22ac35aba44c1b3)
-* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 0.13.0
+  74646566e93de7551bfdfc5f49de7462f13d1d05)
+* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 0.14.0
 * `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 0.9.0
 
 Use ``--enable-http3`` configure option to enable HTTP/3 feature for
@@ -354,7 +354,7 @@ Build nghttp3:
 
 .. code-block:: text
 
-   $ git clone --depth 1 -b v0.9.0 https://github.com/ngtcp2/nghttp3
+   $ git clone --depth 1 -b v0.10.0 https://github.com/ngtcp2/nghttp3
    $ cd nghttp3
    $ autoreconf -i
    $ ./configure --prefix=$PWD/build --enable-lib-only
@@ -366,7 +366,7 @@ Build ngtcp2:
 
 .. code-block:: text
 
-   $ git clone --depth 1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2
+   $ git clone --depth 1 -b v0.14.0 https://github.com/ngtcp2/ngtcp2
    $ cd ngtcp2
    $ autoreconf -i
    $ ./configure --prefix=$PWD/build --enable-lib-only \

configure.ac

@@ -504,7 +504,7 @@ fi
 # ngtcp2 (for src)
 have_libngtcp2=no
 if test "x${request_libngtcp2}" != "xno"; then
-  PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.13.0], [have_libngtcp2=yes],
+  PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.14.0], [have_libngtcp2=yes],
                     [have_libngtcp2=no])
   if test "x${have_libngtcp2}" = "xno"; then
     AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS)
@@ -521,7 +521,7 @@ have_libngtcp2_crypto_openssl=no
 if test "x${have_ssl_is_quic}" = "xyes" &&
    test "x${request_libngtcp2}" != "xno"; then
   PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_OPENSSL],
-                    [libngtcp2_crypto_openssl >= 0.13.0],
+                    [libngtcp2_crypto_openssl >= 0.14.0],
                     [have_libngtcp2_crypto_openssl=yes],
                     [have_libngtcp2_crypto_openssl=no])
   if test "x${have_libngtcp2_crypto_openssl}" = "xno"; then

docker/Dockerfile

@@ -15,7 +15,7 @@ RUN git clone --depth 1 -b OpenSSL_1_1_1t+quic https://github.com/quictls/openss
     cd .. && \
     rm -rf openssl
 
-RUN git clone --depth 1 -b v0.9.0 https://github.com/ngtcp2/nghttp3 && \
+RUN git clone --depth 1 -b v0.10.0 https://github.com/ngtcp2/nghttp3 && \
     cd nghttp3 && \
     autoreconf -i && \
     ./configure --enable-lib-only && \
@@ -24,7 +24,7 @@ RUN git clone --depth 1 -b v0.9.0 https://github.com/ngtcp2/nghttp3 && \
     cd .. && \
     rm -rf nghttp3
 
-RUN git clone --depth 1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2 && \
+RUN git clone --depth 1 -b v0.14.0 https://github.com/ngtcp2/ngtcp2 && \
     cd ngtcp2 && \
     autoreconf -i && \
     ./configure --enable-lib-only \

src/shrpx_http3_upstream.cc

@@ -629,24 +629,28 @@ int Http3Upstream::init(const UpstreamAddr *faddr, const Address &remote_addr,
 
 #ifdef OPENSSL_IS_BORINGSSL
   if (quicconf.upstream.early_data) {
-    ngtcp2_transport_params early_data_params{
-        .initial_max_stream_data_bidi_local =
-            params.initial_max_stream_data_bidi_local,
-        .initial_max_stream_data_bidi_remote =
-            params.initial_max_stream_data_bidi_remote,
-        .initial_max_stream_data_uni = params.initial_max_stream_data_uni,
-        .initial_max_data = params.initial_max_data,
-        .initial_max_streams_bidi = params.initial_max_streams_bidi,
-        .initial_max_streams_uni = params.initial_max_streams_uni,
-    };
+    ngtcp2_transport_params early_data_params;
+
+    ngtcp2_transport_params_default(&early_data_params);
+
+    early_data_params.initial_max_stream_data_bidi_local =
+        params.initial_max_stream_data_bidi_local;
+    early_data_params.initial_max_stream_data_bidi_remote =
+        params.initial_max_stream_data_bidi_remote;
+    early_data_params.initial_max_stream_data_uni =
+        params.initial_max_stream_data_uni;
+    early_data_params.initial_max_data = params.initial_max_data;
+    early_data_params.initial_max_streams_bidi =
+        params.initial_max_streams_bidi;
+    early_data_params.initial_max_streams_uni = params.initial_max_streams_uni;
 
     // TODO include HTTP/3 SETTINGS
 
     std::array<uint8_t, 128> quic_early_data_ctx;
 
-    auto quic_early_data_ctxlen = ngtcp2_encode_transport_params(
+    auto quic_early_data_ctxlen = ngtcp2_transport_params_encode(
         quic_early_data_ctx.data(), quic_early_data_ctx.size(),
-        NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS, &early_data_params);
+        &early_data_params);
 
     assert(quic_early_data_ctxlen > 0);
     assert(static_cast<size_t>(quic_early_data_ctxlen) <=
@@ -669,6 +673,8 @@ int Http3Upstream::init(const UpstreamAddr *faddr, const Address &remote_addr,
     params.original_dcid = initial_hd.dcid;
   }
 
+  params.original_dcid_present = 1;
+
   rv = generate_quic_stateless_reset_token(
       params.stateless_reset_token, scid, qkm.secret.data(), qkm.secret.size());
   if (rv != 0) {

src/shrpx_quic_connection_handler.cc

@@ -319,21 +319,6 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
 
       break;
     }
-    case NGTCP2_ERR_RETRY:
-      if (worker_->get_graceful_shutdown()) {
-        send_connection_close(faddr, hd.version, hd.dcid, hd.scid, remote_addr,
-                              local_addr, NGTCP2_CONNECTION_REFUSED,
-                              datalen * 3);
-        return 0;
-      }
-
-      send_retry(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid, vc.scidlen,
-                 remote_addr, local_addr, datalen * 3);
-      return 0;
-    case NGTCP2_ERR_VERSION_NEGOTIATION:
-      send_version_negotiation(faddr, vc.version, vc.dcid, vc.dcidlen, vc.scid,
-                               vc.scidlen, remote_addr, local_addr);
-      return 0;
     default:
       if (!config->single_thread && !(data[0] & 0x80) &&
           vc.dcidlen == SHRPX_QUIC_SCIDLEN &&