Skip to content

Releases: quic-go/quic-go

v0.37.2

04 Aug 00:40
@marten-seemann marten-seemann
v0.37.2
a0a2e5f
Compare
Choose a tag to compare
v0.37.2

This patch release

  • contains a backport of the fix that triggered the Go 1.20.7 / 1.19.12 patch release (golang/go@2350afd): #4012
  • sets a net.Conn with the correct addresses on the tls.ClientHelloInfo used in tls.Config.GetCertificate: #4015

Note that in order to be protected against the DoS attack making use of large RSA keys, it's necessary to update to this patch release (for Go 1.20). For Go 1.21, please update the Go compiler.

Full Changelog: v0.37.1...v0.37.2

Assets 2

v0.36.3

02 Aug 23:51
@marten-seemann marten-seemann
v0.36.3
2659e13
Compare
Choose a tag to compare
v0.36.3

This patch release contains a backport of the fix that triggered the Go 1.20.7 / 1.19.12 patch release (golang/go@2350afd).

Full Changelog: v0.36.2...v0.36.3

Assets 2

v0.37.1

31 Jul 21:41
@marten-seemann marten-seemann
v0.37.1
f3a0ce1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.37.1

This is a patch release fixing two regressions introduced in the v0.37.0 release:

  • http3: fix check for content length of the response by @imroc in #3998
  • set a net.Conn with the correct addresses on the tls.ClientHelloInfo by @marten-seemann in #4001

New Contributors

Full Changelog: v0.37.0...v0.37.1

Contributors

marten-seemann and imroc
Assets 2

v0.37.0

21 Jul 18:19
@marten-seemann marten-seemann
v0.37.0
469a615
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.37.0

crypto/tls changes

With the upcoming Go 1.21 release, we're now able to rely on the Go standard library's TLS implementation's QUIC support.

If you're curious, here are the discussions that happened in the Go project's GitHub:

Special thanks to @FiloSottile and @neild for the constructive discussions around the new API, and for making this happen!

Using this new API required major changes to the way quic-go interacts with the TLS stack (#3860 and #3939), but ultimately, the new API is a lot cleaner than what we had before.

This means that starting with Go 1.21, we won't have to fork crypto/tls anymore, resolving a longstanding issue (#2727). This also resolves a major pain point for the community, since quic-go now doesn't have to enforce a specific compiler version any longer.
Note that this release still supports Go 1.20 (in line with our policy to always support the two most recent Go versions), which still uses (a completely rewritten) fork of crypto/tls. We're looking forward to dropping support for Go 1.20 once Go 1.22 is released next year.

Other Notable Changes

  • We dropped support for the QUIC draft-29. This draft version was somewhat widely deployed on the internet before RFC 9000 was finalized, but has been phased out since then. quic-go now supports QUIC version 1 (RFC 9000) and version 2 (RFC 9369).
  • Connection.ReceiveMessage now takes a context.Context, allowing the caller to make the call return, even if no message is received: #3926. Thanks to @Glonee for the implementation!
  • A long list of added validations (as required by RFC 9114 and RFC 9110) for request and response parsing in the http3 package, mostly around the processing of headers. Thanks to @Mephue for finding one of the missing checks, and to @WeidiDeng for finding and fixing multiple of them!
  • quic-go now sets the DF bit on packets sent on macOS (as we've done for a long time on Linux already). This allows us to do DPLPMTUD (Path MTU discovery): #3946. Thanks to @sukunrt for implementing!
  • The stream and the connection errors are now surfaced via the contexts exposed by Stream.Context and Connection.Context, and can be accessed by calling context.Cause (#3961 and #3970). Thanks to @fholzer for suggesting and implementing this change!
  • OptimizeConn was removed in favor of a new WriteTo method on the Transport, which allows sending of (non-QUIC) packets on the net.PacketConn passed to the Transport (#3957). Thanks to @MarcoPolo for helpful feedback on the API!

Changelog

New Contributors

Full Changelog: v0.36.0...v0.37.0

Contributors

neild, MarcoPolo, and 9 other contributors
Assets 2

v0.36.2

12 Jul 18:07
@marten-seemann marten-seemann
v0.36.2
7c1df91
Compare
Choose a tag to compare
v0.36.2

This patch release contains (the backport of) 2 fixes:

  • http3: validate Host header before sending (#3948)
  • perform send / receive buffer increases when setting up the connection (#3949)

Full Changelog: v0.36.1...v0.36.2

Assets 2

v0.36.1

01 Jul 18:23
@marten-seemann marten-seemann
v0.36.1
4384df1
Compare
Choose a tag to compare
v0.36.1

This patch release disables GSO support (#3934), unless explicitly enabled using an environment variable (QUIC_GO_ENABLE_GSO=true). We discovered that GSO fails with some NICs and in some containerized environments. See #3911 for a detailed discussion.

From the user's perspective, GSO should "just work". Once we have a fix that correctly detects GSO support under all circumstances we'll re-enable GSO by default.

Assets 2

v0.36.0

21 Jun 10:39
@marten-seemann marten-seemann
v0.36.0
da298d0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.36.0

Generic Segmentation Offload (GSO)

This release enables GSO (Generic Segmentation Offload) in the send path, drastically increasing the packet send rate. Without GSO, quic-go had to use a single (sendmsg) syscall for every UDP datagram sent. GSO allows us to pass one giant (up to 64k) datagram to the sendmsg syscall, and have the kernel chop it into MTU sized (~1300 bytes) datagrams before sending them out on the wire. For more details on syscall optimizations, CloudFlare published an excellent blog post about this a while ago. GSO is currently only available on Linux (and with kernels >4.18).

Users who are using the same net.PacketConn for QUIC and to send out non-QUIC packets now need to call the newly introduced OptimizeConn function before passing the connection to the Transport. Otherwise, calls to WriteTo will fail after GSO support was enabled. Users who are not using the same net.PacketConn in this way don't need to change anything.

We also continued our effort to further reduce allocations during data transfers (#3526). Work on improving performance even further will continue in future releases.

Other Notable Changes

  • http3: The server now returns http.ErrServerClosed instead of quic.ErrServerClosed (#3900)
  • quic-go now correctly deals with super-short idle timeouts (#3909)
  • uint62 overflows are now correctly handled in the Config (#3866)
  • only run DPLPMTUD (RFC 8899) on connections that support setting the DF bit (#3879)
  • switch to the packet number length derivation logic described in the RFC (#3885)
  • fix panics when closing an uninitialized Transport (#3908)

Full Changelog

New Contributors

Full Changelog: v0.35.1...v0.36.0

Contributors

marten-seemann, birneee, and 3 other contributors
Assets 2

v0.35.1

01 Jun 08:08
@marten-seemann marten-seemann
v0.35.1
9237dbb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.35.1

This patch release fixes a regression in the HTTP/3 roundtripper introduced in the v0.35.0 release.

Thanks to @kgersen for reporting and to @Glonee for contributing the fixes!

What's Changed

  • http3: set tls.Config.ServerName for outgoing requests, if unset by @Glonee in #3867
  • http3: correctly use the quic.Transport by @Glonee in #3869
  • http3: close the connection when closing the roundtripper by @Glonee in #3873

Full Changelog: v0.35.0...v0.35.1

Contributors

kgersen and Glonee
Assets 2

v0.35.0

30 May 07:15
@marten-seemann marten-seemann
v0.35.0
fce0261
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.35.0

Modernizing the quic-go connection API

In this release, we've completely revamped our connection establishment API, following an engaging discussion with the quic-go community (#3727).

Key modifications are as follows:

  • The context variants of the dial functions, including DialContext, have been removed. In their place, Dial now incorporates a context. This development stems from our drive to modernize the API, given that context.Context wasn't in existence when quic-go was launched eight years ago.
  • quic.Listener and quic.EarlyListener have transitioned from interfaces to structs.
  • We've introduced a quic.Transport. More about that below.

Introducing the Transport

The QUIC protocols demultiplexes connections based on the QUIC Connection IDs. This has interesting implications, first and foremost that multiple QUIC connections can run on the same UDP socket (and even connect to the same remote QUIC server). Interestingly, it's feasible to run a QUIC server on the same socket as outgoing QUIC connections. In fact, that's a really useful thing to do when using QUIC for holepunching through NATs.

Previously, it was possible to utilize this feature, but the API lacked clarity. When the same net.PacketConn was passed to sequential Listen and Dial calls, quic-go would identify this and multiplex several QUIC connections on that net.PacketConn. This behavior was not obvious and, additionally, it demanded that certain values of the Config matched.

We've now made multiplexing explicit with the Transport introduction. A Transport manages a single net.PacketConn. The usage is as follows:

laddr, err := net.ResolveUDPAddr("udp4", "0.0.0.0:443")
// handle err
conn, err := net.ListenUDP("udp4", laddr)
// handle err
tr := quic.Transport{
	Conn:              conn,
	StatelessResetKey: <a key that survives reboots>,
}
// start listening for incoming QUIC connection
ln, err := tr.Listen(<tls.Config>, &quic.Config{})
// handle err
go func() {
	conn, err := ln.Accept(context.Background())
	if err != nil {
		return
	}
	// handle accepted QUIC connection...
}()

// establish QUIC connections to remote nodes, on the same UDP socket
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel
conn, err := tr.Dial(ctx, <remote addr>, <tls.Config>, <quic.Config>)
// handle err
// handle dialed QUIC connection

This modification enables us to shift several configuration options logically tied to the UDP sockets from the Config. Specifically, ConnectionIDLength / ConnectionIDGenerator and StatelessResetKey are now configured on the Transport.

Migration Guide

To update to the new version, applications might need to:

  1. Substitute calls to DialContext with calls to Dial.
  2. Replace all instances of Listener with *Listener (and similarly for EarlyListener).

Other Notable Changes

  • The HTTP/3 response writer is now compatible with the http.ResponseController introduced in the Go 1.20 release (#3790). Thanks @dunglas!
  • The http3.RoundTripper now implements CloseIdleConnections method, allowing the use of http.Client.CloseIdleConnections. Thanks @Glonee!
  • DoS resiliency was improved by only using a single Go routine to send stateless reset, version negotiation and INVALID_TOKEN error packets (#3842 and #3854). Thanks @sukunrt!
  • We now use the SO_RCVBUFFORCE syscall to attempt to increase the UDP receive buffer. Increasing the receive buffer is absolutely crucial for QUIC performance, and quic-go will print a log message if increasing the buffer size fails. Unfortunately, due to small default buffer sizes in most Linux distributions, this happened quite frequently and required manual configuration(https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size). Using SO_RCVBUFFORCE call will only succeed when the process has CAP_NET_ADMIN permissions, but in these cases no manual configuration will be necessary any more. Thanks to @MarcoPolo!

Full Changelog

New Contributors

Full Changelog: v0.34.0...v0.35.0

Contributors

dunglas, MarcoPolo, and 4 other contributors
Assets 2

v0.34.0

20 Apr 09:55
@marten-seemann marten-seemann
v0.34.0
4a2a574
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.0

Breaking Changes

  • Connection.HandshakeComplete now returns a channels instead of a context.Context

Other notable Changes

  • The QUIC version in use is now attached to the context returned from ClientHelloInfo.Context() in tls.Config.GetConfigForClient (#3721)
  • The http3.RoundTripper now multiplexes all connections on a single UDPConn (#3720)

What's Changed

New Contributors

Full Changelog: v0.33.0...v0.34.0

Contributors

marten-seemann, dependabot, and 2 other contributors
Assets 2