From 80d73a27ad68561df1cb9d2ebfadcc7792689b5d Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Thu, 10 Jun 2021 15:37:48 +0000
Subject: [PATCH] quiche: make quic proof source and crypto stream pluggable
 (#16658)

Commit Message: make quic proof source and crypto streams extensions. Add config for default ones. If not specified in config, the default ones will be used.

Risk Level: low
Testing: existing tests passed
Part of #2557
Co-authored-by: Dan Zhang <danzh@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ beb5a93b08bd0c48a2a7dd2f40ca13bcdb0ed40e
---
 BUILD                                           |  3 ++-
 envoy/config/listener/v3/quic_config.proto      | 13 ++++++++++++-
 envoy/config/listener/v4alpha/quic_config.proto | 13 ++++++++++++-
 envoy/extensions/quic/crypto_stream/v3/BUILD    |  9 +++++++++
 .../quic/crypto_stream/v3/crypto_stream.proto   | 17 +++++++++++++++++
 envoy/extensions/quic/proof_source/v3/BUILD     |  9 +++++++++
 .../quic/proof_source/v3/proof_source.proto     | 17 +++++++++++++++++
 versioning/BUILD                                |  2 ++
 8 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 envoy/extensions/quic/crypto_stream/v3/BUILD
 create mode 100644 envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto
 create mode 100644 envoy/extensions/quic/proof_source/v3/BUILD
 create mode 100644 envoy/extensions/quic/proof_source/v3/proof_source.proto

diff --git a/BUILD b/BUILD
index 1e093ea0..179af01c 100644
--- a/BUILD
+++ b/BUILD
@@ -54,7 +54,6 @@ proto_library(
         "//envoy/config/filter/http/rate_limit/v2:pkg",
         "//envoy/config/filter/http/rbac/v2:pkg",
         "//envoy/config/filter/http/router/v2:pkg",
-        "//envoy/config/filter/http/squash/v2:pkg",
         "//envoy/config/filter/http/tap/v2alpha:pkg",
         "//envoy/config/filter/http/transcoder/v2:pkg",
         "//envoy/config/filter/listener/http_inspector/v2:pkg",
@@ -256,6 +255,8 @@ proto_library(
         "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg",
         "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg",
         "//envoy/extensions/network/socket_interface/v3:pkg",
+        "//envoy/extensions/quic/crypto_stream/v3:pkg",
+        "//envoy/extensions/quic/proof_source/v3:pkg",
         "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg",
         "//envoy/extensions/request_id/uuid/v3:pkg",
         "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg",
diff --git a/envoy/config/listener/v3/quic_config.proto b/envoy/config/listener/v3/quic_config.proto
index d1e62cda..1432e191 100644
--- a/envoy/config/listener/v3/quic_config.proto
+++ b/envoy/config/listener/v3/quic_config.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.config.listener.v3;
 
 import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/protocol.proto";
 
 import "google/protobuf/duration.proto";
@@ -20,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: QUIC listener config]
 
 // Configuration specific to the UDP QUIC listener.
-// [#next-free-field: 6]
+// [#next-free-field: 8]
 message QuicProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.listener.QuicProtocolOptions";
@@ -48,4 +49,14 @@ message QuicProtocolOptions {
   // bound by 6000, regardless of this field or how many connections there are.
   google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
       [(validate.rules).uint32 = {gte: 1}];
+
+  // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener.
+  // If not specified the :ref:`QUICHE default one configured by <envoy_v3_api_msg_extensions.quic.crypto_stream.v3.CryptoServerStreamConfig>` will be used.
+  // [#extension-category: envoy.quic.server.crypto_stream]
+  core.v3.TypedExtensionConfig crypto_stream_config = 6;
+
+  // Configure which implementation of `quic::ProofSource` to be used for this listener.
+  // If not specified the :ref:`default one configured by <envoy_v3_api_msg_extensions.quic.proof_source.v3.ProofSourceConfig>` will be used.
+  // [#extension-category: envoy.quic.proof_source]
+  core.v3.TypedExtensionConfig proof_source_config = 7;
 }
diff --git a/envoy/config/listener/v4alpha/quic_config.proto b/envoy/config/listener/v4alpha/quic_config.proto
index 6d0f5e51..0b6d6bd7 100644
--- a/envoy/config/listener/v4alpha/quic_config.proto
+++ b/envoy/config/listener/v4alpha/quic_config.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.config.listener.v4alpha;
 
 import "envoy/config/core/v4alpha/base.proto";
+import "envoy/config/core/v4alpha/extension.proto";
 import "envoy/config/core/v4alpha/protocol.proto";
 
 import "google/protobuf/duration.proto";
@@ -20,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
 // [#protodoc-title: QUIC listener config]
 
 // Configuration specific to the UDP QUIC listener.
-// [#next-free-field: 6]
+// [#next-free-field: 8]
 message QuicProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.listener.v3.QuicProtocolOptions";
@@ -48,4 +49,14 @@ message QuicProtocolOptions {
   // bound by 6000, regardless of this field or how many connections there are.
   google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
       [(validate.rules).uint32 = {gte: 1}];
+
+  // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener.
+  // If not specified the :ref:`QUICHE default one configured by <envoy_v3_api_msg_extensions.quic.crypto_stream.v3.CryptoServerStreamConfig>` will be used.
+  // [#extension-category: envoy.quic.server.crypto_stream]
+  core.v4alpha.TypedExtensionConfig crypto_stream_config = 6;
+
+  // Configure which implementation of `quic::ProofSource` to be used for this listener.
+  // If not specified the :ref:`default one configured by <envoy_v3_api_msg_extensions.quic.proof_source.v3.ProofSourceConfig>` will be used.
+  // [#extension-category: envoy.quic.proof_source]
+  core.v4alpha.TypedExtensionConfig proof_source_config = 7;
 }
diff --git a/envoy/extensions/quic/crypto_stream/v3/BUILD b/envoy/extensions/quic/crypto_stream/v3/BUILD
new file mode 100644
index 00000000..ee92fb65
--- /dev/null
+++ b/envoy/extensions/quic/crypto_stream/v3/BUILD
@@ -0,0 +1,9 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"],
+)
diff --git a/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto b/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto
new file mode 100644
index 00000000..6313f798
--- /dev/null
+++ b/envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package envoy.extensions.quic.crypto_stream.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.quic.crypto_stream.v3";
+option java_outer_classname = "CryptoStreamProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: QUIC server crypto stream config]
+// [#extension: envoy.quic.crypto_stream.server.quiche]
+
+// Configuration for the default QUIC server crypto stream provided by QUICHE.
+message CryptoServerStreamConfig {
+}
diff --git a/envoy/extensions/quic/proof_source/v3/BUILD b/envoy/extensions/quic/proof_source/v3/BUILD
new file mode 100644
index 00000000..ee92fb65
--- /dev/null
+++ b/envoy/extensions/quic/proof_source/v3/BUILD
@@ -0,0 +1,9 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"],
+)
diff --git a/envoy/extensions/quic/proof_source/v3/proof_source.proto b/envoy/extensions/quic/proof_source/v3/proof_source.proto
new file mode 100644
index 00000000..1459142d
--- /dev/null
+++ b/envoy/extensions/quic/proof_source/v3/proof_source.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package envoy.extensions.quic.proof_source.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.quic.proof_source.v3";
+option java_outer_classname = "ProofSourceProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: QUIC proof source config]
+// [#extension: envoy.quic.proof_source.filter_chain]
+
+// Configuration for the default QUIC proof source.
+message ProofSourceConfig {
+}
diff --git a/versioning/BUILD b/versioning/BUILD
index 96da35be..867fe05e 100644
--- a/versioning/BUILD
+++ b/versioning/BUILD
@@ -139,6 +139,8 @@ proto_library(
         "//envoy/extensions/matching/common_inputs/environment_variable/v3:pkg",
         "//envoy/extensions/matching/input_matchers/consistent_hashing/v3:pkg",
         "//envoy/extensions/network/socket_interface/v3:pkg",
+        "//envoy/extensions/quic/crypto_stream/v3:pkg",
+        "//envoy/extensions/quic/proof_source/v3:pkg",
         "//envoy/extensions/rate_limit_descriptors/expr/v3:pkg",
         "//envoy/extensions/request_id/uuid/v3:pkg",
         "//envoy/extensions/resource_monitors/fixed_heap/v3:pkg",