Merge branch 'main' into repo

* main:
  Use patched webtransport-go
  Upgrade dependencies
  face: introduce HTTP/3 WebTransport listener
  build(deps): bump golang.org/x/crypto

Author: zjkmxy

fw/cmd/yanfd.go

@@ -24,6 +24,7 @@ type YaNFD struct {
 
 	unixListener *face.UnixStreamListener
 	wsListener   *face.WebSocketListener
+	h3Listener   *face.HTTP3Listener
 	tcpListeners []*face.TCPListener
 	udpListeners []*face.UDPListener
 }
@@ -211,6 +212,26 @@ func (y *YaNFD) Start() {
 		}
 	}
 
+	// Set up HTTP/3 WebTransport listener
+	if c := core.C.Faces.HTTP3; c.Enabled {
+		cfg := face.HTTP3ListenerConfig{
+			Bind:    c.Bind,
+			Port:    c.Port,
+			TLSCert: c.TlsCert,
+			TLSKey:  c.TlsKey,
+		}
+
+		h3Listener, err := face.NewHTTP3Listener(cfg)
+		if err != nil {
+			core.Log.Error(y, "Unable to create HTTP/3 WebTransport Listener", "cfg", cfg, "err", err)
+		} else {
+			listenerCount++
+			go h3Listener.Run()
+			y.h3Listener = h3Listener
+			core.Log.Info(y, "Created HTTP/3 WebTransport listener", "uri", cfg.URL().String())
+		}
+	}
+
 	// Check if any faces were created
 	if listenerCount <= 0 {
 		core.Log.Fatal(y, "No face or listener is successfully created. Quit.")

fw/core/config.go

@@ -92,6 +92,19 @@ type Config struct {
 			// TLS private key (relative to the config file)
 			TlsKey string `json:"tls_key"`
 		} `json:"websocket"`
+
+		HTTP3 struct {
+			// Whether to enable HTTP/3 WebTransport listener
+			Enabled bool `json:"enabled"`
+			// Bind address for HTTP/3 WebTransport listener
+			Bind string `json:"bind"`
+			// Port for HTTP/3 WebTransport listener
+			Port uint16 `json:"port"`
+			// TLS certificate path (relative to the config file)
+			TlsCert string `json:"tls_cert"`
+			// TLS private key (relative to the config file)
+			TlsKey string `json:"tls_key"`
+		} `json:"http3"`
 	} `json:"faces"`
 
 	Fw struct {
@@ -189,6 +202,12 @@ func DefaultConfig() *Config {
 	c.Faces.WebSocket.TlsCert = ""
 	c.Faces.WebSocket.TlsKey = ""
 
+	c.Faces.HTTP3.Enabled = false
+	c.Faces.HTTP3.Bind = ""
+	c.Faces.HTTP3.Port = 443
+	c.Faces.HTTP3.TlsCert = ""
+	c.Faces.HTTP3.TlsKey = ""
+
 	c.Fw.Threads = 8
 	c.Fw.QueueSize = 1024
 	c.Fw.LockThreadsToCores = false

fw/defn/uri.go

@@ -10,6 +10,7 @@ package defn
 import (
 	"errors"
 	"net"
+	"net/netip"
 	"net/url"
 	"os"
 	"regexp"
@@ -38,6 +39,7 @@ const (
 	unixURI
 	wsURI
 	wsclientURI
+	quicURI
 )
 
 // URI represents a URI for a face.
@@ -147,6 +149,16 @@ func MakeWebSocketClientFaceURI(addr net.Addr) *URI {
 	}
 }
 
+// MakeQuicFaceURI constructs a URI for an HTTP/3 WebTransport endpoint.
+func MakeQuicFaceURI(addr netip.AddrPort) *URI {
+	return &URI{
+		uriType: quicURI,
+		scheme:  "quic",
+		path:    addr.Addr().String(),
+		port:    addr.Port(),
+	}
+}
+
 func DecodeURIString(str string) *URI {
 	ret := &URI{
 		uriType: unknownURI,
@@ -167,6 +179,23 @@ func DecodeURIString(str string) *URI {
 		return ret
 	}
 
+	decodeHostPort := func(uriType URIType, defaultPort uint16) {
+		ret.uriType = uriType
+
+		ret.scheme = uri.Scheme
+		ret.path = uri.Hostname()
+		if uri.Port() != "" {
+			port, _ := strconv.ParseUint(uri.Port(), 10, 16)
+			ret.port = uint16(port)
+		} else {
+			ret.port = uint16(6363) // default NDN port
+		}
+
+		if zone != "" {
+			ret.path += "%" + zone
+		}
+	}
+
 	switch uri.Scheme {
 	case "dev":
 		ret.uriType = devURI
@@ -182,26 +211,12 @@ func DecodeURIString(str string) *URI {
 	case "null":
 		ret.uriType = nullURI
 		ret.scheme = uri.Scheme
-	case "udp", "udp4", "udp6", "tcp", "tcp4", "tcp6":
-		if strings.HasPrefix(uri.Scheme, "udp") {
-			ret.uriType = udpURI
-		} else {
-			ret.uriType = tcpURI
-		}
-
-		ret.scheme = uri.Scheme
-		ret.path = uri.Hostname()
-		if uri.Port() != "" {
-			port, _ := strconv.ParseUint(uri.Port(), 10, 16)
-			ret.port = uint16(port)
-		} else {
-			ret.port = uint16(6363) // default NDN port
-		}
-
-		if zone != "" {
-			ret.path += "%" + zone
-		}
-
+	case "udp", "udp4", "udp6":
+		decodeHostPort(udpURI, 6363)
+	case "tcp", "tcp4", "tcp6":
+		decodeHostPort(tcpURI, 6363)
+	case "quic":
+		decodeHostPort(quicURI, 443)
 	case "unix":
 		ret.uriType = unixURI
 		ret.scheme = uri.Scheme
@@ -401,7 +416,7 @@ func (u *URI) String() string {
 		return "internal://"
 	case nullURI:
 		return "null://"
-	case udpURI, tcpURI, wsURI, wsclientURI:
+	case udpURI, tcpURI, wsURI, wsclientURI, quicURI:
 		return u.scheme + "://" + net.JoinHostPort(u.path, strconv.FormatUint(uint64(u.port), 10))
 	case unixURI:
 		return u.scheme + "://" + u.path

fw/defn/uri_test.go

@@ -84,6 +84,12 @@ func TestDecodeUri(t *testing.T) {
 	assert.Equal(t, "127.0.0.1", uri.PathHost())
 	assert.Equal(t, uint16(800), uri.Port())
 
+	// QUIC URI
+	uri = defn.DecodeURIString("quic://[::1]:443")
+	assert.False(t, uri.IsCanonical())
+	assert.Equal(t, "quic", uri.Scheme())
+	assert.Equal(t, uint16(443), uri.Port())
+
 	// UDP4 with zone
 	uri = defn.DecodeURIString("udp://127.0.0.1%eth0:3000")
 	assert.True(t, uri.IsCanonical())

fw/face/http3-listener.go

@@ -0,0 +1,117 @@
+//go:build !tinygo
+
+package face
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/netip"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/named-data/ndnd/fw/core"
+	"github.com/quic-go/quic-go"
+	"github.com/quic-go/quic-go/http3"
+	"github.com/quic-go/webtransport-go"
+)
+
+// HTTP3ListenerConfig contains HTTP/3 WebTransport listener configuration.
+type HTTP3ListenerConfig struct {
+	Bind    string
+	Port    uint16
+	TLSCert string
+	TLSKey  string
+}
+
+func (cfg HTTP3ListenerConfig) addr() string {
+	return net.JoinHostPort(cfg.Bind, strconv.FormatUint(uint64(cfg.Port), 10))
+}
+
+func (cfg HTTP3ListenerConfig) URL() *url.URL {
+	u := &url.URL{
+		Scheme: "https",
+		Host:   cfg.addr(),
+	}
+	return u
+}
+
+func (cfg HTTP3ListenerConfig) String() string {
+	return fmt.Sprintf("http3-listener (url=%s)", cfg.URL())
+}
+
+// HTTP3Listener listens for incoming HTTP/3 WebTransport sessions.
+type HTTP3Listener struct {
+	mux    *http.ServeMux
+	server *webtransport.Server
+}
+
+func NewHTTP3Listener(cfg HTTP3ListenerConfig) (*HTTP3Listener, error) {
+	l := &HTTP3Listener{}
+
+	cert, e := tls.LoadX509KeyPair(cfg.TLSCert, cfg.TLSKey)
+	if e != nil {
+		return nil, fmt.Errorf("tls.LoadX509KeyPair(%s %s): %w", cfg.TLSCert, cfg.TLSKey, e)
+	}
+
+	l.mux = http.NewServeMux()
+	l.mux.HandleFunc("/ndn", l.handler)
+
+	l.server = &webtransport.Server{
+		H3: http3.Server{
+			Addr: cfg.addr(),
+			TLSConfig: &tls.Config{
+				Certificates: []tls.Certificate{cert},
+				MinVersion:   tls.VersionTLS12,
+			},
+			QUICConfig: &quic.Config{
+				MaxIdleTimeout:          60 * time.Second,
+				KeepAlivePeriod:         30 * time.Second,
+				DisablePathMTUDiscovery: true,
+			},
+			Handler: l.mux,
+		},
+		CheckOrigin: func(r *http.Request) bool {
+			return true
+		},
+	}
+
+	return l, nil
+}
+
+func (l *HTTP3Listener) String() string {
+	return "HTTP/3 listener"
+}
+
+func (l *HTTP3Listener) Run() {
+	e := l.server.ListenAndServe()
+	if !errors.Is(e, http.ErrServerClosed) {
+		core.Log.Fatal(l, "Unable to start listener", "err", e)
+	}
+}
+
+func (l *HTTP3Listener) handler(rw http.ResponseWriter, r *http.Request) {
+	c, e := l.server.Upgrade(rw, r)
+	if e != nil {
+		return
+	}
+
+	remote, e := netip.ParseAddrPort(r.RemoteAddr)
+	if e != nil {
+		return
+	}
+	local, e := netip.ParseAddrPort(r.Context().Value(http.LocalAddrContextKey).(net.Addr).String())
+	if e != nil {
+		return
+	}
+
+	newTransport := NewHTTP3Transport(remote, local, c)
+	core.Log.Info(l, "Accepting new HTTP/3 WebTransport face", "remote", r.RemoteAddr)
+
+	options := MakeNDNLPLinkServiceOptions()
+	options.IsFragmentationEnabled = true
+	MakeNDNLPLinkService(newTransport, options).Run(nil)
+}

fw/face/http3-transport.go

@@ -0,0 +1,82 @@
+//go:build !tinygo
+
+package face
+
+import (
+	"fmt"
+	"net/netip"
+
+	"github.com/named-data/ndnd/fw/core"
+	defn "github.com/named-data/ndnd/fw/defn"
+	spec_mgmt "github.com/named-data/ndnd/std/ndn/mgmt_2022"
+	"github.com/quic-go/webtransport-go"
+)
+
+type HTTP3Transport struct {
+	transportBase
+	c *webtransport.Session
+}
+
+func NewHTTP3Transport(remote, local netip.AddrPort, c *webtransport.Session) (t *HTTP3Transport) {
+	t = &HTTP3Transport{c: c}
+	t.makeTransportBase(defn.MakeQuicFaceURI(remote), defn.MakeQuicFaceURI(local), spec_mgmt.PersistencyOnDemand, defn.NonLocal, defn.PointToPoint, 1000)
+	t.running.Store(true)
+	return
+}
+
+func (t *HTTP3Transport) String() string {
+	return fmt.Sprintf("http3-transport (faceid=%d remote=%s local=%s)", t.faceID, t.remoteURI, t.localURI)
+}
+
+func (t *HTTP3Transport) SetPersistency(persistency spec_mgmt.Persistency) bool {
+	return persistency == spec_mgmt.PersistencyOnDemand
+}
+
+func (t *HTTP3Transport) GetSendQueueSize() uint64 {
+	return 0
+}
+
+func (t *HTTP3Transport) sendFrame(frame []byte) {
+	if !t.running.Load() {
+		return
+	}
+
+	if len(frame) > t.MTU() {
+		core.Log.Warn(t, "Attempted to send frame larger than MTU")
+		return
+	}
+
+	e := t.c.SendDatagram(frame)
+	if e != nil {
+		core.Log.Warn(t, "Unable to send on socket - Face DOWN", "err", e)
+		t.Close()
+		return
+	}
+
+	t.nOutBytes += uint64(len(frame))
+}
+
+func (t *HTTP3Transport) runReceive() {
+	defer t.Close()
+
+	for {
+		message, err := t.c.ReceiveDatagram(t.c.Context())
+		if err != nil {
+			core.Log.Warn(t, "Unable to read from WebTransport - DROP and Face DOWN", "err", err)
+			return
+		}
+
+		if len(message) > defn.MaxNDNPacketSize {
+			core.Log.Warn(t, "Received too much data without valid TLV block")
+			continue
+		}
+
+		t.nInBytes += uint64(len(message))
+		t.linkService.handleIncomingFrame(message)
+	}
+}
+
+func (t *HTTP3Transport) Close() {
+	t.running.Store(false)
+	t.c.CloseWithError(0, "")
+}

fw/yanfd.sample.yml

@@ -63,6 +63,18 @@ faces:
     # TLS private key (relative to the config file)
     tls_key: ""
 
+  http3:
+    # Whether to enable HTTP/3 WebTransport listener
+    enabled: false
+    # Bind address for HTTP/3 WebTransport listener
+    bind: ""
+    # Port for HTTP/3 WebTransport listener
+    port: 443
+    # TLS certificate path (relative to the config file)
+    tls_cert: ""
+    # TLS private key (relative to the config file)
+    tls_key: ""
+
 fw:
   # Number of forwarding threads
   threads: 8