lsquic

• [HTTP3] Verify number of bytes in incoming DATA frames against content-length.
• [HTTP3] Stop issuing streams credits if peer stops opening QPACK decoder window. This addresses a potential attack whereby client can cause the server to keep allocating memory. See Security Considerations in the QPACK draft.
• [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
• [BUGFIX] Init IETF connection flow controller using correct setting.
• [BUGFIX] Fix unintended sign extension when removing header protection.
• Code cleanup and minor fixes.

• [FEATURE] Use occasional packet number gaps to detect optimistic ACK attacks.
• [BUGFIX] Q050 client: all packet numbers are in the App PNS.
• [OPTIMIZATION] Merge multi-range ACK frames, not just single-range ACK frames.
• IETF QUIC: use RTT estimate in ack timeout calculation.
• IETF handshake: abort conn when unexpected errors occur.
• Use PING rather than MAX_DATA frames to elicit ACKs from peer.
• Server: enforce 1200 byte Initial minimum packet size.
• [CLEANUP] Remove code to disable gQUIC crypto.
• [CLEANUP] Remove n_timestamps from ACK info struct.
• Optimize driver: reuse previous ancillary message when possible.

• [FEATURE] Add support for Q050.
• [OPTIMIZATION] Reduce mallocs in gQUIC handshake.
• [BUGFIX] Disable redo of failed STREAM frame insertion with debug logging.

• [DEBUG] Further dedup next advisory tick messages when reason is the same.
• [BUGFIX] Update size of a array in TP struct. Fixes (benign) bug #94.
• Use Cubic by default again instead of BBR, as it delivers more consistent performance.

• [BUGFIX] Send controller: update scheduled bytes when DCID length changes (IETF client).
• [BUGFIX] Drop alarm check from sanity test. It no longer works now that we use loss chains.
• [PORTABILITY] Fix build on Alpine Linux.
• [PORTABILITY] Fix build using XCode.
• Client initial DCID length: use RAND_bytes() instead of rand(3).
• Add unit tests for connection min heap.
• [DEBUG] Log CID in gQUIC handshake module
• [DEBUG] Turn on extra checks for IETF client send controller.
• [DEBUG] Dedup next advisory tick messages when reason is IDLE timer.
• [DEBUG] QPACK decoder handler: log header error code.

• [BUGFIX] client: don't call ignore_init() in middle of batch send. ignore_init() makes an assumption that the send controller has access to all outgoing packets. This change wraps a few IETF full connection methods to delay calling ignore_init() until the engine returns all outgoing packets that were batched.
• [BUGFIX] set errno to EAGAIN if sendmmsg() can't send all of them. This needs to be done because the value of errno may be lost on some platforms.
• [BUGFIX] Typo that set all bits in sm_qflags lead to crashes.
• [BUGFIX] Do not cancel header block processing after failure, as QPACK releases the reference in that case.
• [CLEANUP] IETF encrypt: replace assert(0) with a warning.
• Several small improvements to the test server.

• [API, FEATURE] Close connection immediately when ea_packets_out() fails with errno != EAGAIN. The API change is that errno is now examined. Make sure to set it if using something other than sendmsg() to send packets.
• [CLEANUP] Immediate close logic in IETF full conn.
• [CLEANUP] Fix bogus warning about uninitialized `pair' variable.

• [FEATURE] Implement the QL extension (offered by default).
• [BUGFIX] Abort when encountering unexpected HTTP/3 frames.
• [BUGFIX] Acknowledge (QPACK) HTTP/3 trailers correctly.
• [DEBUG] Turn on debug message for next advisory tick.

• [BUGFIX] Using HTTP/3 to HTTP/1.x converter.
• [BUGFIX] Truncate log messages instead of throwing them away.

• [BUGFIX] High priority buffered packet queue length.
• [BUGFIX] Rain time calculation: max_ack_delay is in milliseconds.

• [BUGFIX] Close DATA frames with empty payload correctly.

• [BUGFIX] SCID!=ODCID rule applies to Retry packets, not regular packets.
• [BUGFIX] Zero-RTT: BoringSSL no longer flips read/write secrets.
• [BUGFIX] Truncate ACK frame rather instead of aborting IETF connection.
• [BUGFIX] Client: don't send duplicate reset tokens.
• [BUGFIX] Remove invalid assertion in H3 framing code.
• Silence a warning in send ctl by restructuring switch() statement.

• [BUGFIX] set retry token on all resubmitted packets.
• Event log: log sent packet flags. In particular, this allows one to see whether token was sent.
• Don't migrate client if es_allow_migration is false.

Internet Draft 23 is also supported, as well as Q039, Q043, and Q046

• [BUGFIX] argument order to gQUIC client constructor. Regression introduced in 2.5.0.
• [BUGFIX] split buffered packet error recovery: destroy the correct packet.

• [BUGFIX] Fix double-free when emptying a packet number space.
• [BUGFIX] http_server: fix md5sum handler: handle EOF correctly.
• [BUGFIX] Use random values in bits 4 and 5 of the first byte of verneg packets (regression introduced in 2.5.0).
• [OPTIMIZATION] Don't compile in expensive attq checks by default.
• [OPTIMIZATION] http_server: compile regexes only once.

• [API] lsquic_engine_connect() can now be passed QUIC version to use.
• [OPTIMIZATION] Queue opportunistic ACKs if there is data to be sent.
• [BUGFIX] Don't evict streams from priority iterator if there is only one queue.
• [OPTIMIZATION, BUGFIX] Several other optimizations and bug fixes.
• Use ls-qpack v0.10.7.

• [BUGFIX] IETF QUIC server: fix uninitialized variable use.
• [BUGFIX] make sure TLSv1.3 is not disabled in SSL object.
• [BUGFIX] Use issuer name and serial number to cache certs (SKID values are not unique).
• [BUGFIX] Always set the idle alarm in IETF connection so that it can time out.
• Use ls-qpack v0.10.6, as it silences some warnings.