Merge remote-tracking branch 'origin/main' into datagram_priority

.clippy.toml

@@ -0,0 +1,3 @@
+disallowed-methods = [
+    { path = "std::slice::from_raw_parts", reason = "see null_safe_slice" }
+]

.codecov.yml

@@ -0,0 +1,17 @@
+# neqo has no test coverage for its example client and server
+ignore:
+  - "neqo-bin"
+
+# Do not notify until at least three results have been uploaded from the CI pipeline.
+# (This corresponds to the three main platforms we support: Linux, macOS, and Windows.)
+codecov:
+    notify:
+        after_n_builds: 3
+comment:
+    after_n_builds: 3
+
+coverage:
+  status:
+    project:
+      default:
+        threshold: 0.05%

.dockerignore

@@ -0,0 +1,10 @@
+# Ignore everything:
+*
+# Except for the following:
+!**/*.toml
+!**/*.rs
+!**/*.h
+!**/*.hpp
+!neqo-crypto/min_version.txt
+!qns
+!Cargo.lock

.github/CODEOWNERS

@@ -1,7 +1 @@
-*    @KershawChang @martinthomson
-/docker/	@martinthomson
-/hooks/    @martinthomson
-/neqo-crypto/    @martinthomson
-/neqo-http3/    @KershawChang
-/neqo-qpack/    @KershawChang
-/qns/    @martinthomson
+*    @KershawChang @martinthomson @larseggert

.github/actionlint-matcher.json

@@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}

.github/actions/nss/action.yml

@@ -0,0 +1,101 @@
+name: Fetch and build NSS
+description: Fetch and build NSS
+
+inputs:
+  type:
+    description: "Whether to do a debug or release build of NSS"
+    default: "Release"
+
+# This step might be removed if the distro included a recent enough
+# version of NSS.  Ubuntu 20.04 only has 3.49, which is far too old.
+# (neqo-crypto/build.rs would also need to query pkg-config to get the
+# right build flags rather than building NSS.)
+#
+# Also see https://github.com/mozilla/neqo/issues/1711
+
+runs:
+  using: composite
+  steps:
+    - name: Check system NSS version
+      shell: bash
+      run: |
+        if ! command -v pkg-config &> /dev/null; then
+          echo "BUILD_NSS=1" >> "$GITHUB_ENV"
+          exit 0
+        fi
+        if ! pkg-config --exists nss; then
+          echo "BUILD_NSS=1" >> "$GITHUB_ENV"
+          exit 0
+        fi
+        NSS_VERSION="$(pkg-config --modversion nss)"
+        if [ "$?" -ne 0 ]; then
+          echo "BUILD_NSS=1" >> "$GITHUB_ENV"
+          exit 0
+        fi
+        NSS_MAJOR=$(echo "$NSS_VERSION" | cut -d. -f1)
+        NSS_MINOR=$(echo "$NSS_VERSION" | cut -d. -f2)
+        REQ_NSS_MAJOR=$(cut -d. -f1 < neqo-crypto/min_version.txt)
+        REQ_NSS_MINOR=$(cut -d. -f2 < neqo-crypto/min_version.txt)
+        if [[ "$NSS_MAJOR" -lt "$REQ_NSS_MAJOR" || "$NSS_MAJOR" -eq "$REQ_NSS_MAJOR" && "$NSS_MINOR" -lt "$REQ_NSS_MINOR" ]]; then
+          echo "System NSS is too old: $NSS_VERSION"
+          echo "BUILD_NSS=1" >> "$GITHUB_ENV"
+          exit 0
+        fi
+        echo "System NSS is suitable: $NSS_VERSION"
+        echo "BUILD_NSS=0" >> "$GITHUB_ENV"
+
+    # Ideally, we'd use this. But things are sufficiently flaky that we're better off
+    # trying both hg and git. Leaving this here in case we want to re-try in the future.
+    #
+    # - name: Checkout NSPR
+    #   if: env.BUILD_NSS == '1'
+    #   uses: actions/checkout@v4
+    #   with:
+    #     repository: "nss-dev/nspr"
+    #     path: ${{ github.workspace }}/nspr
+
+    # - name: Checkout NSS
+    #   if: env.BUILD_NSS == '1'
+    #   uses: actions/checkout@v4
+    #   with:
+    #     repository: "nss-dev/nss"
+    #     path: ${{ github.workspace }}/nss
+
+    - name: Checkout NSPR
+      shell: bash
+      if: env.BUILD_NSS == '1'
+      run: |
+        hg clone https://hg.mozilla.org/projects/nspr "${{ github.workspace }}/nspr" || \
+          git clone --depth=1 https://github.com/nss-dev/nspr "${{ github.workspace }}/nspr"
+
+    - name: Checkout NSS
+      shell: bash
+      if: env.BUILD_NSS == '1'
+      run: |
+        hg clone https://hg.mozilla.org/projects/nss "${{ github.workspace }}/nss" || \
+          git clone --depth=1 https://github.com/nss-dev/nss "${{ github.workspace }}/nss"
+
+    - name: Build
+      shell: bash
+      if: env.BUILD_NSS == '1'
+      run: |
+        if [ "${{ inputs.type }}" != "Debug" ]; then
+          # We want to do an optimized build for accurate CPU profiling, but
+          # we also want debug symbols and frame pointers for that, which the normal optimized NSS
+          # build process doesn't provide.
+          OPT="-o"
+          NSS_TARGET=Release
+          [ "${{ runner.os }}" != "Windows" ] && export CFLAGS="-ggdb3 -fno-omit-frame-pointer"
+        else
+          NSS_TARGET=Debug
+        fi
+        $NSS_DIR/build.sh -g -Ddisable_tests=1 $OPT --static
+        echo "NSS_TARGET=$NSS_TARGET" >> "$GITHUB_ENV"
+        NSS_OUT="$NSS_DIR/../dist/$NSS_TARGET"
+        echo "LD_LIBRARY_PATH=$NSS_OUT/lib" >> "$GITHUB_ENV"
+        echo "DYLD_FALLBACK_LIBRARY_PATH=$NSS_OUT/lib" >> "$GITHUB_ENV"
+        echo "$NSS_OUT/lib" >> "$GITHUB_PATH"
+        echo "NSS_DIR=$NSS_DIR" >> "$GITHUB_ENV"
+      env:
+        NSS_DIR: ${{ github.workspace }}/nss
+        NSPR_DIR: ${{ github.workspace }}/nspr

.github/actions/pr-comment-data-export/action.yml

@@ -0,0 +1,37 @@
+name: 'Export data for PR comment'
+description: 'Exports the neccessary data to post a PR comment securely.'
+
+# This action might be running off of a fork and would thus not have write
+# permissions on the origin repository. In order to allow a separate
+# priviledged action to post a comment on a pull request, upload the
+# necessary metadata.
+
+inputs:
+  name:
+    description: 'A unique name for the artifact used for exporting.'
+    required: true
+  contents:
+    description: 'A filename with a comment (in Markdown) to be added to the PR.'
+    required: true
+  log-url:
+    description: 'A URL to a log to be linked from the PR comment.'
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - if: github.event_name == 'pull_request'
+      shell: bash
+      run: |
+        mkdir comment-data
+        cp "${{ inputs.contents }}" comment-data/contents
+        echo "${{ inputs.name }}" > comment-data/name
+        echo "${{ inputs.log-url }}" > comment-data/log-url
+        echo "${{ github.event.number }}" > comment-data/pr-number
+
+    - if: github.event_name == 'pull_request'
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.name }}
+        path: comment-data
+        retention-days: 1

.github/actions/pr-comment/action.yml

@@ -0,0 +1,37 @@
+name: 'Comment on PR'
+description: 'Post a PR comment securely.'
+
+inputs:
+  name:
+    description: 'Artifact name to import comment data from.'
+    required: true
+  mode:
+    description: 'Mode of operation (upsert/recreate/delete).'
+    default: 'upsert'
+  token:
+    description: 'A Github PAT'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/download-artifact@v4
+      with:
+        run-id: ${{ github.event.workflow_run.id }}
+        name: ${{ inputs.name }}
+        github-token: ${{ inputs.token }}
+
+    - id: pr-number
+      shell: bash
+      run: echo "number=$(cat pr-number)" >> "$GITHUB_OUTPUT"
+
+    - shell: bash
+      run: |
+        [ -s log-url ] && echo "" >> contents && echo "[:arrow_down: Download logs]($(cat log-url))" >> contents
+
+    - uses: thollander/actions-comment-pull-request@v2
+      with:
+        filePath: contents
+        mode: ${{ inputs.mode }}
+        pr_number: ${{ steps.pr-number.outputs.number }}
+        comment_tag: ${{ inputs.name }}-comment

.github/actions/quic-interop-runner/action.yml

@@ -0,0 +1,111 @@
+name: 'QUIC Interop Runner Action'
+description: 'Run the QUIC Interop Runner tests.'
+author: 'mxinden'
+
+inputs:
+  name:
+    description: 'Name of the QUIC implementation'
+    required: true
+  image:
+    description: 'Docker image to be tested. Needs to reside either locally, or on some registry.'
+    required: true
+  url:
+    description: 'URL of the QUIC implementation'
+    required: true
+  role:
+    description: 'client/server/both'
+    required: false
+    default: 'both'
+  client:
+    description: 'client implementations (comma-separated)'
+    required: false
+    default: ''
+  server:
+    description: 'server implementations (comma-separated)'
+    required: false
+    default: ''
+  test:
+    description: 'test cases (comma-separatated)'
+    required: false
+    default: ''
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout quic-interop/quic-interop-runner repository
+      uses: actions/checkout@v4
+      with:
+        repository: 'quic-interop/quic-interop-runner'
+        path: 'quic-interop-runner'
+
+    - name: Enable IPv6 support
+      run: sudo modprobe ip6table_filter
+      shell: bash
+
+    - name: Install dependencies
+      run: |
+        sudo add-apt-repository ppa:wireshark-dev/stable
+        sudo apt-get update
+        sudo apt-get install -y wireshark tshark jq
+      shell: bash
+
+    - uses: actions/setup-python@v5
+      with:
+        python-version: 3.8
+        cache: 'pip'
+        cache-dependency-path: 'quic-interop-runner/requirements.txt'
+
+    - name: Install Python packages
+      run: |
+        cd quic-interop-runner
+        pip install -U pip
+        pip install -r requirements.txt
+      shell: bash
+
+    - name: Run tests
+      id: test-run
+      run: |
+        cd quic-interop-runner
+        jq --arg key "${{ inputs.name }}" --argjson newEntry '{"image": "${{ inputs.image }}", "url": "${{ inputs.url }}", "role": "${{ inputs.role }}"}' '.[$key] = $newEntry' implementations.json > temp.$$ && mv temp.$$ implementations.json
+        cat implementations.json
+        ARGS="--log-dir logs --markdown --must-include ${{ inputs.name }}"
+        if [ -n "${{ inputs.client }}" ]; then
+          ARGS="$ARGS --client ${{ inputs.client }}"
+        fi
+        if [ -n "${{ inputs.server }}" ]; then
+          ARGS="$ARGS --server ${{ inputs.server }}"
+        fi
+        if [ -n "${{ inputs.test }}" ]; then
+          ARGS="$ARGS --test ${{ inputs.test }}"
+        fi
+        python run.py $ARGS 2>&1 | tee summary
+      shell: bash
+
+    - uses: actions/upload-artifact@v4
+      id: artifact-upload-step
+      if: always()
+      with:
+        name: logs
+        path: quic-interop-runner/logs
+
+    - name: Format GitHub comment
+      if: always()
+      run: |
+        echo '[**QUIC Interop Runner**](https://github.com/quic-interop/quic-interop-runner)' >> comment
+        echo '' >> comment
+        # Ignore all, but table, which starts with "|". Also reformat it to GitHub Markdown.
+        grep -E '^\|' quic-interop-runner/summary |\
+          awk '(!/^\| *:-/ || (d++ && d < 3))' |\
+          sed -E -e 's/✓/:white_check_mark:/gi' -e 's/✕/:x:/gi' -e 's/\?/:grey_question:/gi' \
+          >> comment
+        echo '' >> comment
+        echo "EXPORT_COMMENT=1" >> "$GITHUB_ENV"
+      shell: bash
+
+    - name: Export PR comment data
+      if: always()
+      uses: ./.github/actions/pr-comment-data-export
+      with:
+        name: qns
+        contents: comment
+        log-url: ${{ steps.artifact-upload-step.outputs.artifact-url }}