Skip to content

Commit 275b6e4

Browse files
marcel2012marcel2012
committed
HTTP/3 add more module parameters and tests
1 parent a2b9929 commit 275b6e4

File tree

5 files changed

+154
-0
lines changed

5 files changed

+154
-0
lines changed

charts/ingress-nginx/tests/controller-daemonset_test.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ tests:
208208
- equal:
209209
path: spec.template.spec.runtimeClassName
210210
value: myClass
211+
211212
- it: should create a DaemonSet with a custom UDP container port if `controller.containerUdpPort.quic` is set
212213
set:
213214
controller.kind: DaemonSet

docs/user-guide/nginx-configuration/configmap.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,13 @@ The following table shows a configuration option's name, type, and the default v
5959
| [http2-max-header-size](#http2-max-header-size) | string | "" | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
6060
| [http2-max-requests](#http2-max-requests) | int | 0 | DEPRECATED in favour of [keepalive_requests](#keepalive-requests) |
6161
| [http2-max-concurrent-streams](#http2-max-concurrent-streams) | int | 128 | |
62+
| [http3-hq](#http3-hq) | bool | "false" | |
6263
| [http3-max-concurrent-streams](#http3-max-concurrent-streams) | int | 128 | |
6364
| [http3-stream-buffer-size](#http3-stream-buffer-size) | string | "64k" | |
65+
| [quic-active-connection-id-limit](#quic-active-connection-id-limit) | int | 2 | |
66+
| [quic-bpf](#quic-bpf) | bool | "false" | |
67+
| [quic-gso](#quic-gso) | bool | "false" | |
68+
| [quic-retry](#quic-retry) | bool | "false" | |
6469
| [hsts](#hsts) | bool | "true" | |
6570
| [hsts-include-subdomains](#hsts-include-subdomains) | bool | "true" | |
6671
| [hsts-max-age](#hsts-max-age) | string | "31536000" | |
@@ -443,6 +448,13 @@ Sets the maximum number of concurrent HTTP/2 streams in a connection.
443448
_References:_
444449
[https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams)
445450

451+
## http3-hq
452+
453+
Enables HTTP/0.9 protocol negotiation used in [QUIC interoperability tests](https://github.com/marten-seemann/quic-interop-runner).
454+
455+
_References:_
456+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_hq](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_hq)
457+
446458
## http3-max-concurrent-streams
447459

448460
Sets the maximum number of concurrent HTTP/3 request streams in a connection.
@@ -457,6 +469,34 @@ Sets the size of the buffer used for reading and writing of the QUIC streams.
457469
_References:_
458470
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size)
459471

472+
## quic-active-connection-id-limit
473+
474+
Sets the QUIC `active_connection_id_limit` transport parameter value. This is the maximum number of client connection IDs which can be stored on the server.
475+
476+
_References:_
477+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_active_connection_id_limit](https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_active_connection_id_limit)
478+
479+
## quic-bpf
480+
481+
Enables routing of QUIC packets using [eBPF](https://ebpf.io/). When enabled, this allows supporting QUIC connection migration.
482+
483+
_References:_
484+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_bpf](https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_bpf)
485+
486+
## quic-gso
487+
488+
Enables sending in optimized batch mode using segmentation offloading.
489+
490+
_References:_
491+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_gso](https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_gso)
492+
493+
## quic-retry
494+
495+
Enables the [QUIC Address Validation](https://datatracker.ietf.org/doc/html/rfc9000#name-address-validation) feature. This includes sending a new token in a `Retry` packet or a `NEW_TOKEN` frame and validating a token received in the `Initial` packet.
496+
497+
_References:_
498+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_retry](https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_retry)
499+
460500
## hsts
461501

462502
Enables or disables the header HSTS in servers running SSL.

internal/ingress/controller/config/config.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,10 @@ type Configuration struct {
244244
// Sets the maximum number of concurrent HTTP/2 streams in a connection.
245245
HTTP2MaxConcurrentStreams int `json:"http2-max-concurrent-streams,omitempty"`
246246

247+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_hq
248+
// Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
249+
HTTP3HQ bool `json:"http3-hq,omitempty"`
250+
247251
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams
248252
// Sets the maximum number of concurrent HTTP/3 request streams in a connection.
249253
HTTP3MaxConcurrentStreams int `json:"http3-max-concurrent-streams,omitempty"`
@@ -252,6 +256,22 @@ type Configuration struct {
252256
// Sets the size of the buffer used for reading and writing of the QUIC streams.
253257
HTTP3StreamBufferSize string `json:"http3-stream-buffer-size,omitempty"`
254258

259+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_active_connection_id_limit
260+
// Sets the QUIC active_connection_id_limit transport parameter value. This is the maximum number of client connection IDs which can be stored on the server.
261+
QUICActiveConnectionIDLimit int `json:"quic-active-connection-id-limit,omitempty"`
262+
263+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_bpf
264+
// Enables routing of QUIC packets using eBPF. When enabled, this allows supporting QUIC connection migration.
265+
QUICBPF bool `json:"quic-bpf,omitempty"`
266+
267+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_gso
268+
// Enables sending in optimized batch mode using segmentation offloading.
269+
QUICGSO bool `json:"quic-gso,omitempty"`
270+
271+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#quic_retry
272+
// Enables the QUIC Address Validation feature. This includes sending a new token in a Retry packet or a NEW_TOKEN frame and validating a token received in the Initial packet.
273+
QUICRetry bool `json:"quic-retry,omitempty"`
274+
255275
// Enables or disables the header HSTS in servers running SSL
256276
HSTS bool `json:"hsts,omitempty"`
257277

@@ -805,8 +825,13 @@ func NewDefault() Configuration {
805825
HTTP2MaxHeaderSize: "",
806826
HTTP2MaxRequests: 0,
807827
HTTP2MaxConcurrentStreams: 128,
828+
HTTP3HQ: false,
808829
HTTP3MaxConcurrentStreams: 128,
809830
HTTP3StreamBufferSize: "64k",
831+
QUICActiveConnectionIDLimit: 2,
832+
QUICBPF: false,
833+
QUICGSO: false,
834+
QUICRetry: false,
810835
HTTPRedirectCode: 308,
811836
HSTS: true,
812837
HSTSIncludeSubdomains: true,

rootfs/etc/nginx/template/nginx.tmpl

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,10 @@ worker_rlimit_nofile {{ $cfg.MaxWorkerOpenFiles }};
4747
{{/* avoid waiting too long during a reload */}}
4848
worker_shutdown_timeout {{ $cfg.WorkerShutdownTimeout }} ;
4949

50+
{{ if $IsQUICEnabled }}
51+
quic_bpf {{ if $cfg.QUICBPF }}on{{ else }}off{{ end }};
52+
{{ end }}
53+
5054
{{ if not (empty $cfg.MainSnippet) }}
5155
{{ $cfg.MainSnippet }}
5256
{{ end }}
@@ -290,8 +294,12 @@ http {
290294
http2_max_concurrent_streams {{ $cfg.HTTP2MaxConcurrentStreams }};
291295

292296
{{ if $IsQUICEnabled }}
297+
http3_hq {{ if $cfg.HTTP3HQ }}on{{ else }}off{{ end }};
293298
http3_max_concurrent_streams {{ $cfg.HTTP3MaxConcurrentStreams }};
294299
http3_stream_buffer_size {{ $cfg.HTTP3StreamBufferSize }};
300+
quic_active_connection_id_limit {{ $cfg.QUICActiveConnectionIDLimit }};
301+
quic_gso {{ if $cfg.QUICGSO }}on{{ else }}off{{ end }};
302+
quic_retry {{ if $cfg.QUICRetry }}on{{ else }}off{{ end }};
295303
{{ end }}
296304

297305
types_hash_max_size 2048;

test/e2e/settings/http3.go

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,11 @@ var _ = framework.DescribeSetting("http3", func() {
4646
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
4747
f.EnsureIngress(ing)
4848

49+
f.WaitForNginxServer("_",
50+
func(server string) bool {
51+
return strings.Contains(server, "listen 443 default_server reuseport quic;")
52+
})
53+
4954
f.WaitForNginxServer(host,
5055
func(server string) bool {
5156
return strings.Contains(server, "listen 443 quic;")
@@ -62,12 +67,31 @@ var _ = framework.DescribeSetting("http3", func() {
6267
})
6368
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
6469

70+
f.WaitForNginxServer("_",
71+
func(server string) bool {
72+
return strings.Contains(server, "listen 4321 default_server reuseport quic;")
73+
})
74+
6575
f.WaitForNginxServer(host,
6676
func(server string) bool {
6777
return strings.Contains(server, "listen 4321 quic;")
6878
})
6979
})
7080

81+
ginkgo.It("should have default http3_hq value", func() {
82+
f.WaitForNginxConfiguration(func(cfg string) bool {
83+
return strings.Contains(cfg, "http3_hq off;")
84+
})
85+
})
86+
87+
ginkgo.It("should set http3_hq value", func() {
88+
f.UpdateNginxConfigMapData("http3-hq", "true")
89+
90+
f.WaitForNginxConfiguration(func(cfg string) bool {
91+
return strings.Contains(cfg, "http3_hq on;")
92+
})
93+
})
94+
7195
ginkgo.It("should have default http3_max_concurrent_streams value", func() {
7296
f.WaitForNginxConfiguration(func(cfg string) bool {
7397
return strings.Contains(cfg, "http3_max_concurrent_streams 128;")
@@ -95,4 +119,60 @@ var _ = framework.DescribeSetting("http3", func() {
95119
return strings.Contains(cfg, "http3_stream_buffer_size 128k;")
96120
})
97121
})
122+
123+
ginkgo.It("should have default quic_active_connection_id_limit value", func() {
124+
f.WaitForNginxConfiguration(func(cfg string) bool {
125+
return strings.Contains(cfg, "quic_active_connection_id_limit 2;")
126+
})
127+
})
128+
129+
ginkgo.It("should set quic_active_connection_id_limit value", func() {
130+
f.UpdateNginxConfigMapData("quic-active-connection-id-limit", "16")
131+
132+
f.WaitForNginxConfiguration(func(cfg string) bool {
133+
return strings.Contains(cfg, "quic_active_connection_id_limit 16;")
134+
})
135+
})
136+
137+
ginkgo.It("should have default quic_bpf value", func() {
138+
f.WaitForNginxConfiguration(func(cfg string) bool {
139+
return strings.Contains(cfg, "quic_bpf off;")
140+
})
141+
})
142+
143+
ginkgo.It("should set quic_bpf value", func() {
144+
f.UpdateNginxConfigMapData("quic-bpf", "true")
145+
146+
f.WaitForNginxConfiguration(func(cfg string) bool {
147+
return strings.Contains(cfg, "quic_bpf on;")
148+
})
149+
})
150+
151+
ginkgo.It("should have default quic_gso value", func() {
152+
f.WaitForNginxConfiguration(func(cfg string) bool {
153+
return strings.Contains(cfg, "quic_gso off;")
154+
})
155+
})
156+
157+
ginkgo.It("should set quic_gso value", func() {
158+
f.UpdateNginxConfigMapData("quic-gso", "true")
159+
160+
f.WaitForNginxConfiguration(func(cfg string) bool {
161+
return strings.Contains(cfg, "quic_gso on;")
162+
})
163+
})
164+
165+
ginkgo.It("should have default quic_retry value", func() {
166+
f.WaitForNginxConfiguration(func(cfg string) bool {
167+
return strings.Contains(cfg, "quic_retry off;")
168+
})
169+
})
170+
171+
ginkgo.It("should set quic_retry value", func() {
172+
f.UpdateNginxConfigMapData("quic-retry", "true")
173+
174+
f.WaitForNginxConfiguration(func(cfg string) bool {
175+
return strings.Contains(cfg, "quic_retry on;")
176+
})
177+
})
98178
})

0 commit comments

Comments
 (0)