feat: add HTTP/2, HTTP/3, and QUIC protocol support#26776
Open
jupilhwang wants to merge 2 commits intovlang:masterfrom
Open
feat: add HTTP/2, HTTP/3, and QUIC protocol support#26776jupilhwang wants to merge 2 commits intovlang:masterfrom
jupilhwang wants to merge 2 commits intovlang:masterfrom
Conversation
Implement complete HTTP/2 (RFC 7540/7541), HTTP/3 (RFC 9114/9204), and QUIC (RFC 9000/9001) protocol support for the V standard library. HTTP/2 (net.http.v2): - HPACK header compression with Huffman coding and O(1) static table - All 10 frame types with padding, CONTINUATION flood protection (CVE-2024-27316) - Stream multiplexing, flow control (bidirectional), stream state machine - TLS (h2) and plain TCP (h2c) server modes with h2c upgrade mechanism - Connection pooling, CONNECT tunneling, GREASE, cookie compression - Request/response validation per RFC 7540 Section 8 HTTP/3 (net.http.v3): - QPACK header compression with ring buffer dynamic table and blocked stream queueing - 17 H3 error codes, control/encoder/decoder unidirectional streams - 2-phase GOAWAY graceful shutdown, background control stream reader - Alt-Svc discovery and caching, GREASE support - Request validation, header lowercase enforcement per RFC 9114 QUIC (net.quic): - ngtcp2 C bindings with TLS 1.3 crypto (AES-128-GCM, HKDF, header protection) - Connection migration with PATH_CHALLENGE/RESPONSE and NAT rebinding - 0-RTT session resumption with anti-replay cache and ticket extraction - CONNECTION_CLOSE frames, idle timeout monitoring - CID-based packet matching, flow control exposure Integration (net.http): - Version negotiation with automatic HTTP/2/3 selection - ALPN get_alpn_selected() added to both mbedtls and OpenSSL backends - Alt-Svc header parsing and HTTP/3 endpoint discovery - 421 Misdirected Request handling Security: - CONTINUATION flood protection, max header/body size limits - Connection count limits, forbidden cipher blacklist - Thread-safe flow control, pools, caches with sync.Mutex - Never-indexed HPACK encoding for sensitive headers - Single-allocation AEAD encryption (zero-copy) Tests: 37 test files, all passing (19 HTTP/2 + 12 HTTP/3 + 5 QUIC + 1 Alt-Svc) External dependencies: ngtcp2, ngtcp2_crypto_ossl, OpenSSL 3.x
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ede3439c36
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Contributor
|
Maybe module |
Collaborator
|
Personally, I'd rather keep the single That way I don't write something that does |
Author
|
I am currently modifying it so that http, http2, and http3 can all be used with a single net.http import. |
… review fixes QUIC FIN layer: - Add NGTCP2_WRITE_STREAM_FLAG_FIN/MORE constants and flags parameter to conn_writev_stream - Register recv_stream_data and stream_close ngtcp2 callbacks with FIN detection and overflow-safe event buffering - Add send_fin(), send_with_fin(), send_with_flags() methods - Add drain_stream_events() with error propagation on overflow - Add ensure_stream(), stream_has_fin(), stream_exists() abstraction API - Auto-create stream entries for FIN events on unknown streams HTTP/3 FIN integration: - Replace non-standard empty DATA frame end-marker with proper QUIC FIN signaling per RFC 9114 §4.1 - Client sends FIN after last frame via send_frame_with_fin() - Server detects request completion via check_fin_completions() sweep after frame processing, handling separate-packet FIN and empty-body POST/PUT/PATCH - Server coalesces response FIN with last data write - Per-connection packet_mu mutex serializing QUIC state mutations - Split process_packet_frames into ingest/decode/dispatch helpers HTTP/1 hardening: - Add max_request_body_size (10MB default) to Server struct matching HTTP/2 and HTTP/3 defaults - Add parse_request_with_limit() checking Content-Length before allocation - Strict Content-Length validation rejecting negative, non-numeric, and overflow values via validate_and_parse_content_length() - Detect truncated request bodies (unexpected EOF) - Backward-compatible Handler interface with ServerHandler adapter
Contributor
|
How's that going? |
Author
I already committed the fix for single import. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement complete HTTP/2 (RFC 7540/7541), HTTP/3 (RFC 9114/9204), and QUIC (RFC 9000/9001) protocol support for the V standard library.
HTTP/2 (net.http.v2):
HTTP/3 (net.http.v3):
QUIC (net.quic):
Integration (net.http):
Security:
Tests: 37 test files, all passing (19 HTTP/2 + 12 HTTP/3 + 5 QUIC + 1 Alt-Svc)
External dependencies: ngtcp2, ngtcp2_crypto_ossl, OpenSSL 3.x