Release Summary:

Resolved issues:

resolves #2378.

Description of changes:

I added a test to verify that S2N-QUIC can handle a client migration which uses a zero-length CID.

I add Cloudflare Quiche as one of our test dependencies to our integration tests. The test uses Quiche as a client which uses a zero-length CID. It would migrate to the a new path once the Quiche client establish a connection with a S2N-QUIC server. Once the migration is completed, it would send a Stream data, "Test Migration", from the new address to the server, and once the client received the message back from the server, it would close the connection. The Quiche client set up is taking reference from quiche/example/client.rs.

I added two event recorder to the recorders.rs: one to track the Initial packet which contains the Crypto frame, another to track all PATH_CHALLENGE status. On a successful test, there should only be one Inital packet with Crypto frame (because the server and client should only do one full handshake if the migration is successful), and the new path will be validated (the PATH_CHALLENGE sent to the old path will be abandoned per RFC requirements).

Call-outs:

• We believe that fix(s2n-quic-transport): allow migrations even when disable_active_migration is sent #2516 enables this feature. I did more testings and confirmed this.
  • I reverted that change in my personal branch. I ran the same test, and the migration failed with a reason of InsufficientConnectionIds. This was the previous behavior that when a s2n-quic endpoint receives a PATH_CHALLENGE from another endpoint with zero-length CID: the s2n-quic endpoint will drop the datagram. Commits after that PR are able to handle such connection migration.
• We can't build Cloudflare Quiche on i686-unknown-linux-gnu platform.
  • The CI failed on that build:

      --- stderr
      CMake Error at /usr/local/share/cmake-3.23/Modules/CMakeDetermineSystem.cmake:130 (message):
        Could not find toolchain file:
        /cargo/registry/src/index.crates.io-1949cf8c6b5b557f/quiche-0.24.4/deps/boringssl/src/util/32-bit-toolchain.cmake
      Call Stack (most recent call first):
        CMakeLists.txt:9 (project)
    

  • This is related to Cross compiling fails cloudflare/quiche#277. Quiche uses BoringSSL as its TLS dependency and will pin 32-bit-toolchain.cmake when Quiche is trying to compile on a 32-bit platform. However, as a rust dev dependency to the s2n-quic library, it doesn't contain such CMake file. Hence, it can't be built on i686-unknown-linux-gnu platform. I put a gate #[cfg(not(target_arch = "x86"))] on the test and Cargo.toml to indicate that we don't want to compile Quiche and don't run the zero length cid conn migration test on x86 platform.
  • I made sure that zero_length_cid_client_connection_migration_test is ran on every tests other than the one that runs on i686-unknown-linux-gnu:
    • For all tests running on other platforms:

      test tests::slow_tls::slow_tls ... ok
      test tests::tls_context::no_tls_test ... ok
      test tests::zero_length_cid_client_connection_migration::zero_length_cid_client_connection_migration_test ... ok
      test tests::mtu::mtu_probing_disabled::mutual_auth ... ok
      

    • For the one on i686-unknown-linux-gnu, the zero_length_cid_client_connection_migration_test is no found.
• Due to scheduling reason, I am planning to put the migrating all S2N-QUIC integration tests to a separate crate on hold. This issue is tracked by Move All Integration Tests to a s2n-quic-tests crate #2694.
• I did a client_conn.on_timeout in quiche. Quiche's and s2n-quic's on_timeout methods are different. I explain why I need it in https://github.com/aws/s2n-quic/pull/2697/files#r2195668049.

Testing:

This PR is to add a test. The CI will runs it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.