A QUIC implementation in pure Go
With this release, we're launching a new documentation site for the quic-go projects (quic-go itself, HTTP/3, webtransport-go, and soon, masque-go): quic-go.net.
The documentation site aims to explain QUIC concepts and how they are made accessible using quic-go's API. This site replaces the wiki, and the ever-growing README files.
A lot of work has gone into the documentation already, but we're by no means done yet. The entire source is public in https://github.com/quic-go/docs/, and we're happy about community contributions.
This release adds support for HTTP Datagrams (RFC 9297), both on the client and on the server side (#4452). HTTP Datagrams are used in WebTransport in CONNECT-UDP (RFC 9298), among others.
The new API for HTTP Datagrams is described on the new documentation page: HTTP Datagrams. The integration of HTTP Datagram support necessitated a comprehensive refactor of the HTTP/3 package, resulting in several breaking API changes listed below.
int
instead the internal protocol.ByteCount
(#4365)Server.SetQuicHeaders
was renamed to SetQUICHeaders
(#4377)Server.QuicConfig
was renamed to QUICConfig
(#4384)RoundTripper.QuicConfig
was renamed to QUICConfig
(#4385)RoundTripOpt.CheckSettings
was removed (#4416). Use the newSingleDestinationRoundTripper
API instead.HTTPStreamer
interface is now implemented by the http.ResponseWriter
(and not the http.Request.Body
) (#4469)DatagramTooLargeError
(#4470)slog.Logger
(#4449)RoundTrip
errors due to a cancelled context (#4448). Thanks to @GeorgeMac!Context
exposed on the quic.Stream
is now derived from the connection's context (#4414)After a long and fruitful discussion (#4404), we decided to clarify that calling CancelWrite
after Close
on a SendStream
(or a bidirectional stream) should cause a state transition from the "Data Sent" to the "Reset Sent" state, as described in section 3.1 of RFC 9000. This matches the current behavior of quic-go, however, it didn't match the API documentation (fixed in #4419).
This means that stream data will not be delivered reliably if CancelWrite
is called, and that this applies even if Close
was called before.
This release also changes the way streams are garbage-collected (and the peer is granted additional limit to open a new stream), once they're not needed anymore, in a subtle way:
Thanks to @sukunrt for extremely thorough and helpful reviews on both these PRs!
Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.42.0...v0.43.0
ClientHelloInfo.AddrVerified
field: #4360VerifySourceAddress
) to the Transport
: #4253 and #4362RoundTripOpt.CheckSettings
callback to check the server's SETTINGS: #4355quic.Config
to enable QUIC datagram support: #4340Listener
and Transport
: #4332key_discarded
event for Handshake packets: #4274Full Changelog: https://github.com/quic-go/quic-go/compare/v0.41.0...v0.42.0
quic.Connection.SendDatagram
, we now queue up to 32 DATAGRAMs before blocking this method: #4222. This should lead to significant performance improvements for applications that send a lot of datagrams.net.Addr
) can now be obtained from the HTTP/3 request context using the http3.RemoteAddrContextKey
: #4208. Thanks to @oncilla!http.Handler
panics, the stream is now reset: #4181. Thanks to @WeidiDeng!http3.Server
now has a ConnContext
function, working analogously to http.Server.ConnContext
: #4230. Thanks to @rthellend!logging.ConnectionTracer.ChoseALPN
: #4216. Thanks to @birneee!quic.Config.ConnectionTracer
callback that reads the QLOGDIR environment variable, and writes qlogs to that directory. Thanks to @birneee!DroppedPacket
callback on the logging.ConnectionTracer
now contains the packet number of the dropped packet, allowing for better logging of duplicate packets: #4171RoundTrip
: #4203AdditionalSettings
for on HTTP/3 requests: #4156Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.40.0...v0.41.0
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.40.0...v0.40.1
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.39.3...v0.39.4
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.38.1...v0.38.2
This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7
Connection.{Send,Receive}Message
was renamed to {Send,Receive}Datagram
: #4116Listener
created from a Transport
doesn't close already established QUIC connections: #4072ResponseWriter
now automatically discards the response body for HEAD requests: #4115Dial
(not DialEarly
) now doesn't perform 0-RTT handshake, even if the session ticket allows 0-RTT: #4125Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.39.0...v0.40.0
This patch contains two fixes:
tls.Config
returned by GetConfigForClient
is now cloned before quic-go modifies it: https://github.com/quic-go/quic-go/pull/4133
MinVersion
on the tlsConfig
returned by GetConfigForClient
is not set to TLS 1.3, making sure that the TLS stack doesn't negotiate a TLS version older than 1.3: https://github.com/quic-go/quic-go/pull/4134
Full Changelog: https://github.com/quic-go/quic-go/compare/v0.39.2...v0.39.3
This patch release fixes the control message length for the ECN control message on Linux systems (https://github.com/quic-go/quic-go/pull/4127), which lead to sendmsg: invalid argument errors
on some platforms.