quiche: implement QUIC specific TransportSocketFactory for TLS context

[danzh2010]

Implement TransportSocketFactory for QUIC which carries Ssl::ContextConfig. The Ssl::ContextConfig instance is created based on envoy::api::v2::auth::DownstreamTlsContext in envoy::api::v2::listener::FilterChain::transport_socket.

QuicServer|ClientTransportSocketFactory has new interface server|clientContextConfig() to provide access toTLS context in addition to inherited TransportSocketFactory interface. QuicTransportSocketFactory::createTransportSocket() shouldn't be called in current implementation because QUICHE stack already does all the transport layer work.

When listener config socket type is Datagram and udp_listener_config.udp_listener_name is "quiche_quic_listener", envoy::api::v2::listener::FilterChain::transport_socket has to be configured with envoy::api::v2::auth::DownstreamTlsContext or envoy::api::v2::auth::UpstreamTlsContext.

ListenerImpl() will create a QuicTransportSocketFactory instance as part of filter chain in the same way as creating other transport socket factories.

Risk Level: medium, a bad config can hit RELEASE_ASSERT.
Testing: added unit tests for ListenerManagerImpl
Part of #2557

[danzh2010]

/assign @alyssawilk

[lambdai]

It seems the quic filter chain is quite different...

[lambdai]

nit: move into if (!is_quic_)

[danzh2010]

done

[lambdai]

My impression is that TCPListenerFilterChainFactoryBuilder and QUIC one has nothing shared... Why not derived QUIC one from FilterChainFactoryBuilder?

[danzh2010]

both of them access ListenerImpl and TransportSocketFactoryContextImpl. I made QuicListenerFilterChainFactoryBuilder a stand alone class deriving from ListenerFilterChainFactoryBuilder.

[lambdai]

nit: is_quic = config.has_udp_listener_config() && config.udp_listener_config().udp_listener_name() == UdpListenerNames::get().Quic;

Also you can create const ref of udp_listener_config here and declare listener_name const

const auto & udp_config = config.has_udp_listener_config() ? config.udp_listener_config() : envoy::api::v2::listener::UdpListenerConfig();
const auto listener_name = udp_config.udp_listener_name().empty() ? udp_config.udp_listener_name() : "";

The idea is to figure out the final listener_name at one place

[danzh2010]

done

[lambdai]

Where is this one used?

[danzh2010]

not used yet. Will be used to create EnvoyQuicProofSource which is a fake one now.

[mattklein123]

Can this return a const reference or just a reference?

[danzh2010]

Yes

[mattklein123]

@danzh2010 friendly request to please update the PR description to something more descriptive. I will take a look when the review is a bit further along. Thank you!

/wait

[danzh2010]

/retest

[repokitteh-read-only]

🔨 rebuilding ci/circleci: asan (failed build)

🐱

Caused by: a #8091 (comment) was created by @danzh2010.

see: more, trace.

[danzh2010]

I updated PR description. It's good for another around of review.

[lambdai]

Thank you for the update!

[danzh2010]

/assign @goaway

[alyssawilk]

I think envoy standard might be using optional, but I'm a fan of pointers so we'll see what Matt says ;-)

[mattklein123]

an optional reference wrapper is "nicer" but I'm fine either way.

[alyssawilk]

listener

[mattklein123]

Can you add a TODO to make this a proper config check?

[danzh2010]

This won't be a config error, we will create UdpListenerFactory anyway in ListenerImpl(). If not specified in config, we create the raw UDP listener factory.

[mattklein123]

I think you can remove this assert then? It would crash in an obvious way on the next line.

[danzh2010]

done

[alyssawilk]

I think you didn't remove it, just converted it. Would it actually fail under createActiveUdpListener or is this assert required?

[danzh2010]

ListenerConfig.udpListenerFactory() is populated to default RawUdp listener if not specified in config. So this ASSERT is to check we actually have logic to do this before reaching here. Otherwise below config.udpListenerFactory()->createActiveUdpListener(*this, dispatcher_, logger_, config); would crash because of accessing members of nullptr.

[alyssawilk]

Gotcha. If we plan to keep it in, let's at least change
listner -> listener

[danzh2010]

done

[alyssawilk]

Thanks for adding details here.

maybe -> "failed to close fd: response code " ?
since right now it looks like you're printing the fd, not the error code.

[danzh2010]

done

[alyssawilk]

if I'm not lost in braces, we'll now do work for raw UDP that we didn't used to. Is that correct, and is it intentional?

[danzh2010]

Yes, we are initializing network filters for raw UDP too. I think it doesn't hurt as long as they don't config any network filters but leave them unused.

[mattklein123]

Flushing out a few questions/comments from a first pass. Thank you!

/wait

[mattklein123]

an optional reference wrapper is "nicer" but I'm fine either way.

[mattklein123]

It's a little strange to create a transport socket factory context when making an SSL context. Should we just define whatever context we need in this file and then have TransportSocketFactoryContext derive from that if needed?

[mattklein123]

nit: Tls/TLS here and elsewhere in comments.

[danzh2010]

done

[mattklein123]

If we universally do a dynamic_cast here why not just pass this type as a parameter?

[danzh2010]

createSslContextConfig() is public interface which will also be used on client side which should downcast message to UpstreamTlsContext.

[mattklein123]

@lizan any thoughts on this one? I would need to sit down and page in all of this code but something seems off here. Maybe this is related to your other comment.

[lizan]

at interface level this seems fine, though at higher level I think this should just be a TransportSocketConfigFactory

[mattklein123]

Can you add a TODO to make this a proper config check?

[mattklein123]

Can this return a const reference or just a reference?

[mattklein123]

const EnvoyException&

[danzh2010]

done

[mattklein123]

I'm confused. Why do we need/want this fallback?

[danzh2010]

Just because we don't have QuicListenerFactoryConfig registered yet. Once PR #7896 gets in, this is not needed.

[mattklein123]

Can we just assert this then or wait until the other one is merged?

[danzh2010]

I'll wait for the other PR merge first and change this line. It is as such now to make listener mgr test pass in a meaningful way.

[mattklein123]

Should this be a config error?

[danzh2010]

Yes. Is it okay to lead to connection close? Or what's the best way of handling such error?

[mattklein123]

We should check this during config load and fail the config, it should be an assert at this point IMO.

[danzh2010]

With removal of QuicFilterChain, this builder can be unified with tcp one too. This check no longer apply.

[mattklein123]

"downstream_tls_context" should be a constant somewhere.

Can you talk a bit more about why we need to load the factory on this way vs. just directly instantiating it? It's a little confusing. I suppose this is due to pluggable TLS implementations?

[danzh2010]

Yes, all the registered class work in this PR is just to make envoy core code not depends on TLS extensions.

[alyssawilk]

super nitty but /** .. */ style comments
Also maybe
"if the protocol above UDP doesn't form a connection." -> "If the UDP passing through listener doesn't form stateful connections" ?

might even be nicer to invert and have isStatefulConnection() but maybe that's just me.

[danzh2010]

done

[alyssawilk]

I think you didn't remove it, just converted it. Would it actually fail under createActiveUdpListener or is this assert required?

[mattklein123]

Let's merge master and then we can get back to reviewing this one.

/wait

[danzh2010]

Let's merge master and then we can get back to reviewing this one.

/wait

Done. PTAL

[alyssawilk]

Looking good. just one nit left on my end.

[alyssawilk]

Gotcha. If we plan to keep it in, let's at least change
listner -> listener

[mattklein123]

Thanks, LGTM with some small comments.

/wait

[mattklein123]

nit: delete

[danzh2010]

done

[mattklein123]

nit: const here and below

[mattklein123]

nit: delete

[danzh2010]

done

[mattklein123]

The previous conversation was lost, but this should never happen due to being checked via config elsewhere, right? If so can we make this a normal ASSERT?

[danzh2010]

Early on ListenerImpl() will always create some sort of ActiveUdpListener, if not configured, ActiveRawUdpListener will be created. So yes here ASSERT is sufficient.

[mattklein123]

I'm a little confused by this. If the underlying filter chain builder implementation requires a transport socket (like for QUIC) can't it just fail in that code? IMO that would be more clear? WDYT?

[danzh2010]

filter chain builder doesn't know if this listener is UDP or TCP, nor does it know about if it's connectionless or not. For non-Quic listener, it's empty transport_socket is allowed, and in that case a factory for RawBufferSocket will be created..

[mattklein123]

revert?

[danzh2010]

done

[alyssawilk]

LGTM, modulo Matt's comments

[danzh2010]

Ping?

[mattklein123]

Let's ship and iterate! Well done. :)