Enforce a limit on the amount of total, uncompressed header bytes Enforcing a limit on uncompressed bytes is aligned with the RFC and is governed by `SETTINGS_MAX_HEADER_LIST_SIZE`. The amount of total uncompressed bytes was already tracked in `hpack_decoder_adapter` but was not exposed or used. We expose it here and enforce that the limit has not been exceeded in the oghttp2 OnHeader callback. Note that this means the header will be fully uncompressed before it is checked so, for very large headers that could lead to an OOM, we rely on per-header size limits which are already enforced. Since the spec is ambiguous about whether this should fail the entire connection or simply reset the offending stream, integrators of oghttp2 now have the option to do either based on their return from `OnInvalidFrame`, true resets only one stream, false will tear down the entire connection. From https://datatracker.ietf.org/doc/html/rfc9113#name-limits-on-field-block-size: ``` This advisory setting informs a peer of the maximum field section size that the sender is prepared to accept, in units of octets. The value is based on the uncompressed size of field lines, including the length of the name and value in units of octets plus an overhead of 32 octets for each field line. For any given request, a lower limit than what is advertised MAY be enforced. The initial value of this setting is unlimited. ``` Protected by new, unused oghttp2 session option which will be set in Envoy. PiperOrigin-RevId: 897302011
QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.
There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:
To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:
To contribute to QUICHE, follow instructions at CONTRIBUTING.md.
QUICHE is only supported on little-endian platforms.
QUICHE has binaries that can run on Linux platforms.
Follow the instructions to install Bazel.
sudo apt install libicu-dev clang lld cd <directory that will be the root of your quiche implmentation> git clone https://github.com/google/quiche.git cd quiche CC=clang bazel build -c opt //... ./bazel-bin/quiche/<target_name> <arguments>
There are several targets that can be built and then run. Full usage instructions are available using the --helpfull flag on any binary.
Usage: quic_packet_printer server|client <hex dump of packet>
Usage: crypto_message_printer_bin <hex of message>
Usage: quic_client <URL>
quic_server: listens forever on --port (default 6121) until halted via ctrl-c.
masque_client: tunnels to a URL via an identified proxy (See RFC 9298).
Usage: masque_client [options] <proxy-url> <urls>
Usage: masque_server
web_transport_test_server: a server that clients can connect to via WebTransport.
moqt_relay: a relay for the Media Over QUIC transport for publishers and subscribers can connect to.
Usage: moqt_relay