add QUIC support

gost/client.go

@@ -127,6 +127,7 @@ type HandshakeOptions struct {
 	TLSConfig  *tls.Config
 	WSOptions  *WSOptions
 	KCPConfig  *KCPConfig
+	QUICConfig *QUICConfig
 }
 
 // HandshakeOption allows a common way to set handshake options.

gost/examples/bench/cli.go

@@ -128,6 +128,7 @@ func main() {
 			},
 		*/
 
+		/*
 			// http+ssh
 			gost.Node{
 				Addr: "127.0.0.1:12222",
@@ -136,11 +137,21 @@ func main() {
 					gost.SSHTunnelTransporter(),
 				),
 			},
+		*/
+
+		// http+quic
+		gost.Node{
+			Addr: "localhost:6121",
+			Client: gost.NewClient(
+				gost.HTTPConnector(url.UserPassword("admin", "123456")),
+				gost.QUICTransporter(nil),
+			),
+		},
 	)
 
 	total := 0
 	for total < requests {
-		if total + concurrency > requests {
+		if total+concurrency > requests {
 			concurrency = requests - total
 		}
 		startChan := make(chan struct{})

gost/examples/bench/srv.go

@@ -40,7 +40,7 @@ func main() {
 	// go sshForwardServer()
 	go sshTunnelServer()
 	// go http2Server()
-
+	go quicServer()
 	select {}
 }
 
@@ -242,6 +242,18 @@ func http2Server() {
 	log.Fatal(s.Serve(ln))
 }
 
+func quicServer() {
+	s := &gost.Server{}
+	s.Handle(gost.HTTPHandler(
+		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
+	))
+	ln, err := gost.QUICListener("localhost:6121", &gost.QUICConfig{TLSConfig: tlsConfig()})
+	if err != nil {
+		log.Fatal(err)
+	}
+	log.Fatal(s.Serve(ln))
+}
+
 var (
 	rawCert = []byte(`-----BEGIN CERTIFICATE-----
 MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw

gost/examples/quic/quicc.go

+package main
+
+import (
+	"crypto/tls"
+	"flag"
+	"log"
+
+	"github.com/ginuerzh/gost/gost"
+)
+
+var (
+	laddr, faddr string
+	quiet        bool
+)
+
+func init() {
+	log.SetFlags(log.LstdFlags | log.Lshortfile)
+
+	flag.StringVar(&laddr, "L", ":18080", "listen address")
+	flag.StringVar(&faddr, "F", ":6121", "forward address")
+	flag.BoolVar(&quiet, "q", false, "quiet mode")
+	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
+	flag.Parse()
+
+	if quiet {
+		gost.SetLogger(&gost.NopLogger{})
+	}
+}
+
+func main() {
+	chain := gost.NewChain(
+		gost.Node{
+			Protocol:  "socks5",
+			Transport: "quic",
+			Addr:      faddr,
+			Client: gost.NewClient(
+				gost.SOCKS5Connector(nil),
+				gost.QUICTransporter(nil),
+			),
+		},
+	)
+
+	s := &gost.Server{}
+	s.Handle(gost.SOCKS5Handler(
+		gost.ChainHandlerOption(chain),
+		gost.TLSConfigHandlerOption(tlsConfig()),
+	))
+	ln, err := gost.TCPListener(laddr)
+	if err != nil {
+		log.Fatal(err)
+	}
+	log.Fatal(s.Serve(ln))
+}
+
+var (
+	rawCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
+MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
+0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
+hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
+8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
+482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
+LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
+CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
+l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
+cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
+emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
+b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
+lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
+-----END CERTIFICATE-----`)
+	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
+ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
+N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
+GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
+Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
+IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
+IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
+r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
+yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
+kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
+TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
+k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
+/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
+HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
+HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
+CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
+JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
+pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
+/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
+xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
+vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
+1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
+7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
+fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
+cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
+-----END RSA PRIVATE KEY-----`)
+)
+
+func tlsConfig() *tls.Config {
+	cert, err := tls.X509KeyPair(rawCert, rawKey)
+	if err != nil {
+		panic(err)
+	}
+	return &tls.Config{Certificates: []tls.Certificate{cert}}
+}

gost/examples/quic/quics.go

+package main
+
+import (
+	"crypto/tls"
+	"flag"
+	"log"
+
+	"github.com/ginuerzh/gost/gost"
+)
+
+var (
+	laddr string
+	quiet bool
+)
+
+func init() {
+	log.SetFlags(log.LstdFlags | log.Lshortfile)
+
+	flag.StringVar(&laddr, "L", ":6121", "listen address")
+	flag.BoolVar(&quiet, "q", false, "quiet mode")
+	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
+
+	flag.Parse()
+
+	if quiet {
+		gost.SetLogger(&gost.NopLogger{})
+	}
+}
+
+func main() {
+	quicServer()
+}
+
+func quicServer() {
+	s := &gost.Server{}
+	s.Handle(
+		gost.SOCKS5Handler(gost.TLSConfigHandlerOption(tlsConfig())),
+	)
+
+	ln, err := gost.QUICListener(laddr, &gost.QUICConfig{TLSConfig: tlsConfig()})
+	if err != nil {
+		log.Fatal(err)
+	}
+	log.Println("server listen on", laddr)
+	log.Fatal(s.Serve(ln))
+}
+
+var (
+	rawCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
+MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
+0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
+hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
+8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
+482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
+LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
+CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
+l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
+cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
+emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
+b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
+lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
+-----END CERTIFICATE-----`)
+	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
+ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
+N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
+GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
+Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
+IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
+IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
+r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
+yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
+kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
+TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
+k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
+/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
+HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
+HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
+CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
+JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
+pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
+/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
+xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
+vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
+1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
+7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
+fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
+cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
+-----END RSA PRIVATE KEY-----`)
+)
+
+func tlsConfig() *tls.Config {
+	cert, err := tls.X509KeyPair(rawCert, rawKey)
+	if err != nil {
+		panic(err)
+	}
+	return &tls.Config{Certificates: []tls.Certificate{cert}}
+}

gost/kcp.go

@@ -351,18 +351,6 @@ func (l *kcpListener) listenLoop() {
 	}
 }
 
-func (l *kcpListener) Accept() (conn net.Conn, err error) {
-	var ok bool
-	select {
-	case conn = <-l.connChan:
-	case err, ok = <-l.errChan:
-		if !ok {
-			err = errors.New("accpet on closed listener")
-		}
-	}
-	return
-}
-
 func (l *kcpListener) mux(conn net.Conn) {
 	smuxConfig := smux.DefaultConfig()
 	smuxConfig.MaxReceiveBuffer = l.config.SockBuf
@@ -393,11 +381,22 @@ func (l *kcpListener) mux(conn net.Conn) {
 		select {
 		case l.connChan <- newKCPConn(conn, stream):
 		default:
-			log.Logf("[kcp] %s - %s: connection queue is full", conn.RemoteAddr(), l.Addr())
+			log.Logf("[kcp] %s - %s: connection queue is full", conn.RemoteAddr(), conn.LocalAddr())
 		}
 	}
 }
 
+func (l *kcpListener) Accept() (conn net.Conn, err error) {
+	var ok bool
+	select {
+	case conn = <-l.connChan:
+	case err, ok = <-l.errChan:
+		if !ok {
+			err = errors.New("accpet on closed listener")
+		}
+	}
+	return
+}
 func (l *kcpListener) Addr() net.Addr {
 	return l.ln.Addr()
 }

gost/quic.go

+package gost
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/go-log/log"
+	quic "github.com/lucas-clemente/quic-go"
+)
+
+type quicSession struct {
+	conn    net.Conn
+	session quic.Session
+}
+
+func (session *quicSession) GetConn() (*quicConn, error) {
+	stream, err := session.session.OpenStream()
+	if err != nil {
+		return nil, err
+	}
+	return &quicConn{
+		Stream: stream,
+		laddr:  session.session.LocalAddr(),
+		raddr:  session.session.RemoteAddr(),
+	}, nil
+}
+
+func (session *quicSession) Close() error {
+	return session.session.Close(nil)
+}
+
+type quicTransporter struct {
+	config       *QUICConfig
+	sessionMutex sync.Mutex
+	sessions     map[string]*quicSession
+}
+
+// QUICTransporter creates a Transporter that is used by QUIC proxy client.
+func QUICTransporter(config *QUICConfig) Transporter {
+	if config == nil {
+		config = &QUICConfig{}
+	}
+	return &quicTransporter{
+		config:   config,
+		sessions: make(map[string]*quicSession),
+	}
+}
+
+func (tr *quicTransporter) Dial(addr string, options ...DialOption) (conn net.Conn, err error) {
+	tr.sessionMutex.Lock()
+	defer tr.sessionMutex.Unlock()
+
+	session, ok := tr.sessions[addr]
+	if !ok {
+		conn, err = net.ListenUDP("udp", &net.UDPAddr{IP: net.IPv4zero, Port: 0})
+		if err != nil {
+			return
+		}
+		session = &quicSession{conn: conn}
+		tr.sessions[addr] = session
+	}
+	return session.conn, nil
+}
+
+func (tr *quicTransporter) Handshake(conn net.Conn, options ...HandshakeOption) (net.Conn, error) {
+	opts := &HandshakeOptions{}
+	for _, option := range options {
+		option(opts)
+	}
+	config := tr.config
+	if opts.QUICConfig != nil {
+		config = opts.QUICConfig
+	}
+	if config.TLSConfig == nil {
+		config.TLSConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
+	tr.sessionMutex.Lock()
+	defer tr.sessionMutex.Unlock()
+
+	session, ok := tr.sessions[opts.Addr]
+	if session != nil && session.conn != conn {
+		conn.Close()
+		return nil, errors.New("quic: unrecognized connection")
+	}
+	if !ok || session.session == nil {
+		s, err := tr.initSession(opts.Addr, conn, config)
+		if err != nil {
+			conn.Close()
+			delete(tr.sessions, opts.Addr)
+			return nil, err
+		}
+		session = s
+		tr.sessions[opts.Addr] = session
+	}
+	cc, err := session.GetConn()
+	if err != nil {
+		session.Close()
+		delete(tr.sessions, opts.Addr)
+		return nil, err
+	}
+
+	return cc, nil
+}
+
+func (tr *quicTransporter) initSession(addr string, conn net.Conn, config *QUICConfig) (*quicSession, error) {
+	udpConn, ok := conn.(*net.UDPConn)
+	if !ok {
+		return nil, errors.New("quic: wrong connection type")
+	}
+	udpAddr, err := net.ResolveUDPAddr("udp", addr)
+	if err != nil {
+		return nil, err
+	}
+	quicConfig := &quic.Config{
+		HandshakeTimeout: config.Timeout,
+		KeepAlive:        config.KeepAlive,
+	}
+	session, err := quic.Dial(udpConn, udpAddr, addr, config.TLSConfig, quicConfig)
+	if err != nil {
+		log.Log("quic dial", err)
+		return nil, err
+	}
+	return &quicSession{conn: conn, session: session}, nil
+}
+
+func (tr *quicTransporter) Multiplex() bool {
+	return true
+}
+
+type QUICConfig struct {
+	TLSConfig *tls.Config
+	Timeout   time.Duration
+	KeepAlive bool
+}
+
+type quicListener struct {
+	ln       quic.Listener
+	connChan chan net.Conn
+	errChan  chan error
+}
+
+// QUICListener creates a Listener for QUIC proxy server.
+func QUICListener(addr string, config *QUICConfig) (Listener, error) {
+	if config == nil {
+		config = &QUICConfig{}
+	}
+	quicConfig := &quic.Config{
+		HandshakeTimeout: config.Timeout,
+		KeepAlive:        config.KeepAlive,
+	}
+
+	ln, err := quic.ListenAddr(addr, config.TLSConfig, quicConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	l := &quicListener{
+		ln:       ln,
+		connChan: make(chan net.Conn, 1024),
+		errChan:  make(chan error, 1),
+	}
+	go l.listenLoop()
+
+	return l, nil
+}
+
+func (l *quicListener) listenLoop() {
+	for {
+		session, err := l.ln.Accept()
+		if err != nil {
+			log.Log("[quic] accept:", err)
+			l.errChan <- err
+			close(l.errChan)
+			return
+		}
+		go l.sessionLoop(session)
+	}
+}
+
+func (l *quicListener) sessionLoop(session quic.Session) {
+	log.Logf("[quic] %s <-> %s", session.RemoteAddr(), session.LocalAddr())
+	defer log.Logf("[quic] %s >-< %s", session.RemoteAddr(), session.LocalAddr())
+
+	for {
+		stream, err := session.AcceptStream()
+		if err != nil {
+			log.Log("[quic] accept stream:", err)
+			return
+		}
+		select {
+		case l.connChan <- &quicConn{Stream: stream, laddr: session.LocalAddr(), raddr: session.RemoteAddr()}:
+		default:
+			log.Logf("[quic] %s - %s: connection queue is full", session.RemoteAddr(), session.LocalAddr())
+		}
+	}
+}
+
+func (l *quicListener) Accept() (conn net.Conn, err error) {
+	var ok bool
+	select {
+	case conn = <-l.connChan:
+	case err, ok = <-l.errChan:
+		if !ok {
+			err = errors.New("accpet on closed listener")
+		}
+	}
+	return
+}
+
+func (l *quicListener) Addr() net.Addr {
+	return l.ln.Addr()
+}
+
+func (l *quicListener) Close() error {
+	return l.ln.Close()
+}
+
+type quicConn struct {
+	quic.Stream
+	laddr net.Addr
+	raddr net.Addr
+}
+
+func (c *quicConn) LocalAddr() net.Addr {
+	return c.laddr
+}
+
+func (c *quicConn) RemoteAddr() net.Addr {
+	return c.raddr
+}

gost/ssh.go

@@ -173,6 +173,7 @@ func (tr *sshTunnelTransporter) Handshake(conn net.Conn, options ...HandshakeOpt
 
 	config := ssh.ClientConfig{
 		Timeout:         opts.Timeout,
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
 	}
 	if opts.User != nil {
 		config.User = opts.User.Username()

vendor/github.com/davecgh/go-spew/LICENSE

-ISC License
-
-Copyright (c) 2012-2013 Dave Collins <dave@davec.name>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

vendor/github.com/davecgh/go-spew/spew/bypass.go

-// Copyright (c) 2015 Dave Collins <dave@davec.name>
-//
-// Permission to use, copy, modify, and distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-// NOTE: Due to the following build constraints, this file will only be compiled
-// when the code is not running on Google App Engine, compiled by GopherJS, and
-// "-tags safe" is not added to the go build command line.  The "disableunsafe"
-// tag is deprecated and thus should not be used.
-// +build !js,!appengine,!safe,!disableunsafe
-
-package spew
-
-import (
-	"reflect"
-	"unsafe"
-)
-
-const (
-	// UnsafeDisabled is a build-time constant which specifies whether or
-	// not access to the unsafe package is available.
-	UnsafeDisabled = false
-
-	// ptrSize is the size of a pointer on the current arch.
-	ptrSize = unsafe.Sizeof((*byte)(nil))
-)
-
-var (
-	// offsetPtr, offsetScalar, and offsetFlag are the offsets for the
-	// internal reflect.Value fields.  These values are valid before golang
-	// commit ecccf07e7f9d which changed the format.  The are also valid
-	// after commit 82f48826c6c7 which changed the format again to mirror
-	// the original format.  Code in the init function updates these offsets
-	// as necessary.
-	offsetPtr    = uintptr(ptrSize)
-	offsetScalar = uintptr(0)
-	offsetFlag   = uintptr(ptrSize * 2)
-
-	// flagKindWidth and flagKindShift indicate various bits that the
-	// reflect package uses internally to track kind information.
-	//
-	// flagRO indicates whether or not the value field of a reflect.Value is
-	// read-only.
-	//
-	// flagIndir indicates whether the value field of a reflect.Value is
-	// the actual data or a pointer to the data.
-	//
-	// These values are valid before golang commit 90a7c3c86944 which
-	// changed their positions.  Code in the init function updates these
-	// flags as necessary.
-	flagKindWidth = uintptr(5)
-	flagKindShift = uintptr(flagKindWidth - 1)
-	flagRO        = uintptr(1 << 0)
-	flagIndir     = uintptr(1 << 1)
-)
-
-func init() {
-	// Older versions of reflect.Value stored small integers directly in the
-	// ptr field (which is named val in the older versions).  Versions
-	// between commits ecccf07e7f9d and 82f48826c6c7 added a new field named
-	// scalar for this purpose which unfortunately came before the flag
-	// field, so the offset of the flag field is different for those
-	// versions.
-	//
-	// This code constructs a new reflect.Value from a known small integer
-	// and checks if the size of the reflect.Value struct indicates it has
-	// the scalar field. When it does, the offsets are updated accordingly.
-	vv := reflect.ValueOf(0xf00)
-	if unsafe.Sizeof(vv) == (ptrSize * 4) {
-		offsetScalar = ptrSize * 2
-		offsetFlag = ptrSize * 3
-	}
-
-	// Commit 90a7c3c86944 changed the flag positions such that the low
-	// order bits are the kind.  This code extracts the kind from the flags
-	// field and ensures it's the correct type.  When it's not, the flag
-	// order has been changed to the newer format, so the flags are updated
-	// accordingly.
-	upf := unsafe.Pointer(uintptr(unsafe.Pointer(&vv)) + offsetFlag)
-	upfv := *(*uintptr)(upf)
-	flagKindMask := uintptr((1<<flagKindWidth - 1) << flagKindShift)
-	if (upfv&flagKindMask)>>flagKindShift != uintptr(reflect.Int) {
-		flagKindShift = 0
-		flagRO = 1 << 5
-		flagIndir = 1 << 6
-
-		// Commit adf9b30e5594 modified the flags to separate the
-		// flagRO flag into two bits which specifies whether or not the
-		// field is embedded.  This causes flagIndir to move over a bit
-		// and means that flagRO is the combination of either of the
-		// original flagRO bit and the new bit.
-		//
-		// This code detects the change by extracting what used to be
-		// the indirect bit to ensure it's set.  When it's not, the flag
-		// order has been changed to the newer format, so the flags are
-		// updated accordingly.
-		if upfv&flagIndir == 0 {
-			flagRO = 3 << 5
-			flagIndir = 1 << 7
-		}
-	}
-}
-
-// unsafeReflectValue converts the passed reflect.Value into a one that bypasses
-// the typical safety restrictions preventing access to unaddressable and
-// unexported data.  It works by digging the raw pointer to the underlying
-// value out of the protected value and generating a new unprotected (unsafe)
-// reflect.Value to it.
-//
-// This allows us to check for implementations of the Stringer and error
-// interfaces to be used for pretty printing ordinarily unaddressable and
-// inaccessible values such as unexported struct fields.
-func unsafeReflectValue(v reflect.Value) (rv reflect.Value) {
-	indirects := 1
-	vt := v.Type()
-	upv := unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetPtr)
-	rvf := *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetFlag))
-	if rvf&flagIndir != 0 {
-		vt = reflect.PtrTo(v.Type())
-		indirects++
-	} else if offsetScalar != 0 {
-		// The value is in the scalar field when it's not one of the
-		// reference types.
-		switch vt.Kind() {
-		case reflect.Uintptr:
-		case reflect.Chan:
-		case reflect.Func:
-		case reflect.Map:
-		case reflect.Ptr:
-		case reflect.UnsafePointer:
-		default:
-			upv = unsafe.Pointer(uintptr(unsafe.Pointer(&v)) +
-				offsetScalar)
-		}
-	}
-
-	pv := reflect.NewAt(vt, upv)
-	rv = pv
-	for i := 0; i < indirects; i++ {
-		rv = rv.Elem()
-	}
-	return rv
-}

vendor/github.com/davecgh/go-spew/spew/bypasssafe.go

-// Copyright (c) 2015 Dave Collins <dave@davec.name>
-//
-// Permission to use, copy, modify, and distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-// NOTE: Due to the following build constraints, this file will only be compiled
-// when the code is running on Google App Engine, compiled by GopherJS, or
-// "-tags safe" is added to the go build command line.  The "disableunsafe"
-// tag is deprecated and thus should not be used.
-// +build js appengine safe disableunsafe
-
-package spew
-
-import "reflect"
-
-const (
-	// UnsafeDisabled is a build-time constant which specifies whether or
-	// not access to the unsafe package is available.
-	UnsafeDisabled = true
-)
-
-// unsafeReflectValue typically converts the passed reflect.Value into a one
-// that bypasses the typical safety restrictions preventing access to
-// unaddressable and unexported data.  However, doing this relies on access to
-// the unsafe package.  This is a stub version which simply returns the passed
-// reflect.Value when the unsafe package is not available.
-func unsafeReflectValue(v reflect.Value) reflect.Value {
-	return v
-}

vendor/github.com/davecgh/go-spew/spew/doc.go

-/*
- * Copyright (c) 2013 Dave Collins <dave@davec.name>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
-Package spew implements a deep pretty printer for Go data structures to aid in
-debugging.
-
-A quick overview of the additional features spew provides over the built-in
-printing facilities for Go data types are as follows:
-
-	* Pointers are dereferenced and followed
-	* Circular data structures are detected and handled properly
-	* Custom Stringer/error interfaces are optionally invoked, including
-	  on unexported types
-	* Custom types which only implement the Stringer/error interfaces via
-	  a pointer receiver are optionally invoked when passing non-pointer
-	  variables
-	* Byte arrays and slices are dumped like the hexdump -C command which
-	  includes offsets, byte values in hex, and ASCII output (only when using
-	  Dump style)
-
-There are two different approaches spew allows for dumping Go data structures:
-
-	* Dump style which prints with newlines, customizable indentation,
-	  and additional debug information such as types and all pointer addresses
-	  used to indirect to the final value
-	* A custom Formatter interface that integrates cleanly with the standard fmt
-	  package and replaces %v, %+v, %#v, and %#+v to provide inline printing
-	  similar to the default %v while providing the additional functionality
-	  outlined above and passing unsupported format verbs such as %x and %q
-	  along to fmt
-
-Quick Start
-
-This section demonstrates how to quickly get started with spew.  See the
-sections below for further details on formatting and configuration options.
-
-To dump a variable with full newlines, indentation, type, and pointer
-information use Dump, Fdump, or Sdump:
-	spew.Dump(myVar1, myVar2, ...)
-	spew.Fdump(someWriter, myVar1, myVar2, ...)
-	str := spew.Sdump(myVar1, myVar2, ...)
-
-Alternatively, if you would prefer to use format strings with a compacted inline
-printing style, use the convenience wrappers Printf, Fprintf, etc with
-%v (most compact), %+v (adds pointer addresses), %#v (adds types), or
-%#+v (adds types and pointer addresses):
-	spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
-	spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
-	spew.Fprintf(someWriter, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
-	spew.Fprintf(someWriter, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
-
-Configuration Options
-
-Configuration of spew is handled by fields in the ConfigState type.  For
-convenience, all of the top-level functions use a global state available
-via the spew.Config global.
-
-It is also possible to create a ConfigState instance that provides methods
-equivalent to the top-level functions.  This allows concurrent configuration
-options.  See the ConfigState documentation for more details.
-
-The following configuration options are available:
-	* Indent
-		String to use for each indentation level for Dump functions.
-		It is a single space by default.  A popular alternative is "\t".
-
-	* MaxDepth
-		Maximum number of levels to descend into nested data structures.
-		There is no limit by default.
-
-	* DisableMethods
-		Disables invocation of error and Stringer interface methods.
-		Method invocation is enabled by default.
-
-	* DisablePointerMethods
-		Disables invocation of error and Stringer interface methods on types
-		which only accept pointer receivers from non-pointer variables.
-		Pointer method invocation is enabled by default.
-
-	* ContinueOnMethod
-		Enables recursion into types after invoking error and Stringer interface
-		methods. Recursion after method invocation is disabled by default.
-
-	* SortKeys
-		Specifies map keys should be sorted before being printed. Use
-		this to have a more deterministic, diffable output.  Note that
-		only native types (bool, int, uint, floats, uintptr and string)
-		and types which implement error or Stringer interfaces are
-		supported with other types sorted according to the
-		reflect.Value.String() output which guarantees display
-		stability.  Natural map order is used by default.
-
-	* SpewKeys
-		Specifies that, as a last resort attempt, map keys should be
-		spewed to strings and sorted by those strings.  This is only
-		considered if SortKeys is true.
-
-Dump Usage
-
-Simply call spew.Dump with a list of variables you want to dump:
-
-	spew.Dump(myVar1, myVar2, ...)
-
-You may also call spew.Fdump if you would prefer to output to an arbitrary
-io.Writer.  For example, to dump to standard error:
-
-	spew.Fdump(os.Stderr, myVar1, myVar2, ...)
-
-A third option is to call spew.Sdump to get the formatted output as a string:
-
-	str := spew.Sdump(myVar1, myVar2, ...)
-
-Sample Dump Output
-
-See the Dump example for details on the setup of the types and variables being
-shown here.
-
-	(main.Foo) {
-	 unexportedField: (*main.Bar)(0xf84002e210)({
-	  flag: (main.Flag) flagTwo,
-	  data: (uintptr) <nil>
-	 }),
-	 ExportedField: (map[interface {}]interface {}) (len=1) {
-	  (string) (len=3) "one": (bool) true
-	 }
-	}
-
-Byte (and uint8) arrays and slices are displayed uniquely like the hexdump -C
-command as shown.
-	([]uint8) (len=32 cap=32) {
-	 00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20  |............... |
-	 00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30  |!"#$%&'()*+,-./0|
-	 00000020  31 32                                             |12|
-	}
-
-Custom Formatter
-
-Spew provides a custom formatter that implements the fmt.Formatter interface
-so that it integrates cleanly with standard fmt package printing functions. The
-formatter is useful for inline printing of smaller data types similar to the
-standard %v format specifier.
-
-The custom formatter only responds to the %v (most compact), %+v (adds pointer
-addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb
-combinations.  Any other verbs such as %x and %q will be sent to the the
-standard fmt package for formatting.  In addition, the custom formatter ignores
-the width and precision arguments (however they will still work on the format
-specifiers not handled by the custom formatter).
-
-Custom Formatter Usage
-
-The simplest way to make use of the spew custom formatter is to call one of the
-convenience functions such as spew.Printf, spew.Println, or spew.Printf.  The
-functions have syntax you are most likely already familiar with:
-
-	spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
-	spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
-	spew.Println(myVar, myVar2)
-	spew.Fprintf(os.Stderr, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
-	spew.Fprintf(os.Stderr, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
-
-See the Index for the full list convenience functions.
-
-Sample Formatter Output
-
-Double pointer to a uint8:
-	  %v: <**>5
-	 %+v: <**>(0xf8400420d0->0xf8400420c8)5
-	 %#v: (**uint8)5
-	%#+v: (**uint8)(0xf8400420d0->0xf8400420c8)5
-
-Pointer to circular struct with a uint8 field and a pointer to itself:
-	  %v: <*>{1 <*><shown>}
-	 %+v: <*>(0xf84003e260){ui8:1 c:<*>(0xf84003e260)<shown>}
-	 %#v: (*main.circular){ui8:(uint8)1 c:(*main.circular)<shown>}
-	%#+v: (*main.circular)(0xf84003e260){ui8:(uint8)1 c:(*main.circular)(0xf84003e260)<shown>}
-
-See the Printf example for details on the setup of variables being shown
-here.
-
-Errors
-
-Since it is possible for custom Stringer/error interfaces to panic, spew
-detects them and handles them internally by printing the panic information
-inline with the output.  Since spew is intended to provide deep pretty printing
-capabilities on structures, it intentionally does not return any errors.
-*/
-package spew

vendor/github.com/davecgh/go-spew/spew/spew.go

-/*
- * Copyright (c) 2013 Dave Collins <dave@davec.name>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-package spew
-
-import (
-	"fmt"
-	"io"
-)
-
-// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the formatted string as a value that satisfies error.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Errorf(format, spew.NewFormatter(a), spew.NewFormatter(b))
-func Errorf(format string, a ...interface{}) (err error) {
-	return fmt.Errorf(format, convertArgs(a)...)
-}
-
-// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the number of bytes written and any write error encountered.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Fprint(w, spew.NewFormatter(a), spew.NewFormatter(b))
-func Fprint(w io.Writer, a ...interface{}) (n int, err error) {
-	return fmt.Fprint(w, convertArgs(a)...)
-}
-
-// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the number of bytes written and any write error encountered.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Fprintf(w, format, spew.NewFormatter(a), spew.NewFormatter(b))
-func Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
-	return fmt.Fprintf(w, format, convertArgs(a)...)
-}
-
-// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it
-// passed with a default Formatter interface returned by NewFormatter.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Fprintln(w, spew.NewFormatter(a), spew.NewFormatter(b))
-func Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
-	return fmt.Fprintln(w, convertArgs(a)...)
-}
-
-// Print is a wrapper for fmt.Print that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the number of bytes written and any write error encountered.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Print(spew.NewFormatter(a), spew.NewFormatter(b))
-func Print(a ...interface{}) (n int, err error) {
-	return fmt.Print(convertArgs(a)...)
-}
-
-// Printf is a wrapper for fmt.Printf that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the number of bytes written and any write error encountered.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Printf(format, spew.NewFormatter(a), spew.NewFormatter(b))
-func Printf(format string, a ...interface{}) (n int, err error) {
-	return fmt.Printf(format, convertArgs(a)...)
-}
-
-// Println is a wrapper for fmt.Println that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the number of bytes written and any write error encountered.  See
-// NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Println(spew.NewFormatter(a), spew.NewFormatter(b))
-func Println(a ...interface{}) (n int, err error) {
-	return fmt.Println(convertArgs(a)...)
-}
-
-// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the resulting string.  See NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Sprint(spew.NewFormatter(a), spew.NewFormatter(b))
-func Sprint(a ...interface{}) string {
-	return fmt.Sprint(convertArgs(a)...)
-}
-
-// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were
-// passed with a default Formatter interface returned by NewFormatter.  It
-// returns the resulting string.  See NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Sprintf(format, spew.NewFormatter(a), spew.NewFormatter(b))
-func Sprintf(format string, a ...interface{}) string {
-	return fmt.Sprintf(format, convertArgs(a)...)
-}
-
-// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it
-// were passed with a default Formatter interface returned by NewFormatter.  It
-// returns the resulting string.  See NewFormatter for formatting details.
-//
-// This function is shorthand for the following syntax:
-//
-//	fmt.Sprintln(spew.NewFormatter(a), spew.NewFormatter(b))
-func Sprintln(a ...interface{}) string {
-	return fmt.Sprintln(convertArgs(a)...)
-}
-
-// convertArgs accepts a slice of arguments and returns a slice of the same
-// length with each argument converted to a default spew Formatter interface.
-func convertArgs(args []interface{}) (formatters []interface{}) {
-	formatters = make([]interface{}, len(args))
-	for index, arg := range args {
-		formatters[index] = NewFormatter(arg)
-	}
-	return formatters
-}

vendor/github.com/ginuerzh/pht/README.md

 # pht
-Pure HTTP Tunnel - Tunnel over HTTP using only GET and POST requests.
+Plain HTTP Tunnel - Tunnel over HTTP using only GET and POST requests, NO Websocket, NO CONNECT method.

vendor/github.com/golang/glog/README

@@ -5,7 +5,7 @@ Leveled execution logs for Go.
 
 This is an efficient pure Go implementation of leveled logs in the
 manner of the open source C++ package
-	http://code.google.com/p/google-glog
+	https://github.com/google/glog
 
 By binding methods to booleans it is possible to use the log package
 without paying the expense of evaluating the arguments to the log.

vendor/github.com/golang/glog/glog.go

@@ -676,7 +676,10 @@ func (l *loggingT) output(s severity, buf *buffer, file string, line int, alsoTo
 		}
 	}
 	data := buf.Bytes()
-	if l.toStderr {
+	if !flag.Parsed() {
+		os.Stderr.Write([]byte("ERROR: logging before flag.Parse: "))
+		os.Stderr.Write(data)
+	} else if l.toStderr {
 		os.Stderr.Write(data)
 	} else {
 		if alsoToStderr || l.alsoToStderr || s >= l.stderrThreshold.get() {

vendor/github.com/lucas-clemente/quic-go/Changelog.md

+# Changelog
+
+## v0.6.0 (unreleased)
+
+- Added `quic.Config` options for maximal flow control windows
+- Add a `quic.Config` option for QUIC versions
+- Add a `quic.Config` option to request truncation of the connection ID from a server
+- Add a `quic.Config` option to configure the source address validation
+- Add a `quic.Config` option to configure the handshake timeout
+- Add a `quic.Config` option to configure keep-alive
+- Implement `net.Conn`-style deadlines for streams
+- Remove the `tls.Config` from the `quic.Config`. The `tls.Config` must now be passed to the `Dial` and `Listen` functions as a separate parameter. See the [Godoc](https://godoc.org/github.com/lucas-clemente/quic-go) for details.
+- Changed the log level environment variable to only accept strings ("DEBUG", "INFO", "ERROR"), see [the wiki](https://github.com/lucas-clemente/quic-go/wiki/Logging) for more details.
+- Rename the `h2quic.QuicRoundTripper` to `h2quic.RoundTripper`
+- Changed `h2quic.Server.Serve()` to accept a `net.PacketConn`
+- Drop support for Go 1.7.
+- Various bugfixes

vendor/github.com/lucas-clemente/quic-go/README.md

-# A QUIC server implementation in pure Go
+# A QUIC implementation in pure Go
 
 <img src="docs/quic.png" width=303 height=124>
 
@@ -7,32 +7,20 @@
 [![Windows Build Status](https://img.shields.io/appveyor/ci/lucas-clemente/quic-go/master.svg?style=flat-square&label=windows+build)](https://ci.appveyor.com/project/lucas-clemente/quic-go/branch/master)
 [![Code Coverage](https://img.shields.io/codecov/c/github/lucas-clemente/quic-go/master.svg?style=flat-square)](https://codecov.io/gh/lucas-clemente/quic-go/)
 
-quic-go is an implementation of the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol in Go. While we're not far from being feature complete, there's still work to do regarding performance and security. At the moment, we do not recommend use in production systems. We appreciate any feedback :)
+quic-go is an implementation of the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol in Go.
 
 ## Roadmap
 
-Done:
-
-- Basic protocol with support for QUIC version 34-36
-- QUIC client
-- HTTP/2 support
-- Crypto (RSA / ECDSA certificates, Curve25519 for key exchange, AES-GCM or Chacha20-Poly1305 as stream cipher)
-- Loss detection and retransmission (currently fast retransmission & RTO)
-- Flow Control
-- Congestion control using cubic
-
-Major TODOs:
-
-- Security, especially DoS protections
-- Performance
-- Better packet loss detection
-- Connection migration
+quic-go is compatible with the current version(s) of Google Chrome and QUIC as deployed on Google's servers. We're actively tracking the development of the Chrome code to ensure compatibility as the protocol evolves. In that process, we're dropping support for old QUIC versions.
+As Google's QUIC versions are expected to converge towards the [IETF QUIC draft](https://github.com/quicwg/base-drafts), quic-go will eventually implement that draft.
 
 ## Guides
 
-Installing deps:
+We currently support Go 1.8+.
 
-    go get -t
+Installing and updating dependencies:
+
+    go get -t -u ./...
 
 Running tests:
 
@@ -50,9 +38,13 @@ Using Chrome:
 
     /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/chrome --no-proxy-server --enable-quic --origin-to-force-quic-on=quic.clemente.io:443 --host-resolver-rules='MAP quic.clemente.io:443 127.0.0.1:6121' https://quic.clemente.io
 
+### QUIC without HTTP/2
+
+Take a look at [this echo example](example/echo/echo.go).
+
 ### Using the example client
 
-    go run example/client/main.go https://quic.clemente.io
+    go run example/client/main.go https://clemente.io
 
 ## Usage
 
@@ -67,14 +59,14 @@ h2quic.ListenAndServeQUIC("localhost:4242", "/path/to/cert/chain.pem", "/path/to
 
 ### As a client
 
-See the [example client](example/client/main.go). Use a `QuicRoundTripper` as a `Transport` in a `http.Client`.
+See the [example client](example/client/main.go). Use a `h2quic.RoundTripper` as a `Transport` in a `http.Client`.
 
 ```go
 http.Client{
-  Transport: &h2quic.QuicRoundTripper{},
+  Transport: &h2quic.RoundTripper{},
 }
 ```
 
-## Building on Windows
+## Contributing
 
-Due to the low Windows timer resolution (see [StackOverflow question](http://stackoverflow.com/questions/37706834/high-resolution-timers-millisecond-precision-in-go-on-windows)) available with Go 1.6.x, some optimizations might not work when compiled with this version of the compiler. Please use Go 1.7 on Windows.
+We are always happy to welcome new contributors! We have a number of self-contained issues that are suitable for first-time contributors, they are tagged with [want-help](https://github.com/lucas-clemente/quic-go/issues?q=is%3Aopen+is%3Aissue+label%3Awant-help). If you have any questions, please feel free to reach out by opening an issue or leaving a comment.

vendor/github.com/lucas-clemente/quic-go/ackhandler/interfaces.go

@@ -9,21 +9,17 @@ import (
 
 // SentPacketHandler handles ACKs received for outgoing packets
 type SentPacketHandler interface {
+	// SentPacket may modify the packet
 	SentPacket(packet *Packet) error
 	ReceivedAck(ackFrame *frames.AckFrame, withPacketNumber protocol.PacketNumber, recvTime time.Time) error
 
+	SendingAllowed() bool
 	GetStopWaitingFrame(force bool) *frames.StopWaitingFrame
-
-	MaybeQueueRTOs()
 	DequeuePacketForRetransmission() (packet *Packet)
-
-	BytesInFlight() protocol.ByteCount
 	GetLeastUnacked() protocol.PacketNumber
 
-	SendingAllowed() bool
-	CheckForError() error
-
-	TimeOfFirstRTO() time.Time
+	GetAlarmTimeout() time.Time
+	OnAlarm()
 }
 
 // ReceivedPacketHandler handles ACKs needed to send for incoming packets
@@ -31,5 +27,6 @@ type ReceivedPacketHandler interface {
 	ReceivedPacket(packetNumber protocol.PacketNumber, shouldInstigateAck bool) error
 	ReceivedStopWaiting(*frames.StopWaitingFrame) error
 
+	GetAlarmTimeout() time.Time
 	GetAckFrame() *frames.AckFrame
 }

vendor/github.com/lucas-clemente/quic-go/ackhandler/packet.go

@@ -13,8 +13,7 @@ type Packet struct {
 	PacketNumber    protocol.PacketNumber
 	Frames          []frames.Frame
 	Length          protocol.ByteCount
-
-	MissingReports uint8
+	EncryptionLevel protocol.EncryptionLevel
 
 	SendTime time.Time
 }

vendor/github.com/lucas-clemente/quic-go/ackhandler/received_packet_handler.go

@@ -8,13 +8,6 @@ import (
 	"github.com/lucas-clemente/quic-go/protocol"
 )
 
-var (
-	// ErrDuplicatePacket occurres when a duplicate packet is received
-	ErrDuplicatePacket = errors.New("ReceivedPacketHandler: Duplicate Packet")
-	// ErrPacketSmallerThanLastStopWaiting occurs when a packet arrives with a packet number smaller than the largest LeastUnacked of a StopWaitingFrame. If this error occurs, the packet should be ignored
-	ErrPacketSmallerThanLastStopWaiting = errors.New("ReceivedPacketHandler: Packet number smaller than highest StopWaiting")
-)
-
 var errInvalidPacketNumber = errors.New("ReceivedPacketHandler: Invalid packet number")
 
 type receivedPacketHandler struct {
@@ -30,19 +23,13 @@ type receivedPacketHandler struct {
 	retransmittablePacketsReceivedSinceLastAck int
 	ackQueued                                  bool
 	ackAlarm                                   time.Time
-	ackAlarmResetCallback                      func(time.Time)
 	lastAck                                    *frames.AckFrame
 }
 
 // NewReceivedPacketHandler creates a new receivedPacketHandler
-func NewReceivedPacketHandler(ackAlarmResetCallback func(time.Time)) ReceivedPacketHandler {
-	// create a stopped timer, see https://github.com/golang/go/issues/12721#issuecomment-143010182
-	timer := time.NewTimer(0)
-	<-timer.C
-
+func NewReceivedPacketHandler() ReceivedPacketHandler {
 	return &receivedPacketHandler{
 		packetHistory: newReceivedPacketHistory(),
-		ackAlarmResetCallback: ackAlarmResetCallback,
 		ackSendDelay:  protocol.AckSendDelay,
 	}
 }
@@ -52,20 +39,11 @@ func (h *receivedPacketHandler) ReceivedPacket(packetNumber protocol.PacketNumbe
 		return errInvalidPacketNumber
 	}
 
-	// if the packet number is smaller than the largest LeastUnacked value of a StopWaiting we received, we cannot detect if this packet has a duplicate number
-	// the packet has to be ignored anyway
-	if packetNumber <= h.ignorePacketsBelow {
-		return ErrPacketSmallerThanLastStopWaiting
-	}
-
-	if h.packetHistory.IsDuplicate(packetNumber) {
-		return ErrDuplicatePacket
-	}
-
-	err := h.packetHistory.ReceivedPacket(packetNumber)
-	if err != nil {
+	if packetNumber > h.ignorePacketsBelow {
+		if err := h.packetHistory.ReceivedPacket(packetNumber); err != nil {
 			return err
 		}
+	}
 
 	if packetNumber > h.largestObserved {
 		h.largestObserved = packetNumber
@@ -89,7 +67,6 @@ func (h *receivedPacketHandler) ReceivedStopWaiting(f *frames.StopWaitingFrame)
 }
 
 func (h *receivedPacketHandler) maybeQueueAck(packetNumber protocol.PacketNumber, shouldInstigateAck bool) {
-	var ackAlarmSet bool
 	h.packetsReceivedSinceLastAck++
 
 	if shouldInstigateAck {
@@ -124,7 +101,6 @@ func (h *receivedPacketHandler) maybeQueueAck(packetNumber protocol.PacketNumber
 		} else {
 			if h.ackAlarm.IsZero() {
 				h.ackAlarm = time.Now().Add(h.ackSendDelay)
-				ackAlarmSet = true
 			}
 		}
 	}
@@ -132,11 +108,6 @@ func (h *receivedPacketHandler) maybeQueueAck(packetNumber protocol.PacketNumber
 	if h.ackQueued {
 		// cancel the ack alarm
 		h.ackAlarm = time.Time{}
-		ackAlarmSet = false
-	}
-
-	if ackAlarmSet {
-		h.ackAlarmResetCallback(h.ackAlarm)
 	}
 }
 
@@ -164,3 +135,5 @@ func (h *receivedPacketHandler) GetAckFrame() *frames.AckFrame {
 
 	return ack
 }
+
+func (h *receivedPacketHandler) GetAlarmTimeout() time.Time { return h.ackAlarm }

vendor/github.com/lucas-clemente/quic-go/ackhandler/received_packet_history.go

@@ -2,9 +2,9 @@ package ackhandler
 
 import (
 	"github.com/lucas-clemente/quic-go/frames"
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
 	"github.com/lucas-clemente/quic-go/qerr"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 type receivedPacketHistory struct {

vendor/github.com/lucas-clemente/quic-go/ackhandler/retransmittable.go

+package ackhandler
+
+import (
+	"github.com/lucas-clemente/quic-go/frames"
+)
+
+// Returns a new slice with all non-retransmittable frames deleted.
+func stripNonRetransmittableFrames(fs []frames.Frame) []frames.Frame {
+	res := make([]frames.Frame, 0, len(fs))
+	for _, f := range fs {
+		if IsFrameRetransmittable(f) {
+			res = append(res, f)
+		}
+	}
+	return res
+}
+
+// IsFrameRetransmittable returns true if the frame should be retransmitted.
+func IsFrameRetransmittable(f frames.Frame) bool {
+	switch f.(type) {
+	case *frames.StopWaitingFrame:
+		return false
+	case *frames.AckFrame:
+		return false
+	default:
+		return true
+	}
+}
+
+// HasRetransmittableFrames returns true if at least one frame is retransmittable.
+func HasRetransmittableFrames(fs []frames.Frame) bool {
+	for _, f := range fs {
+		if IsFrameRetransmittable(f) {
+			return true
+		}
+	}
+	return false
+}

vendor/github.com/lucas-clemente/quic-go/appveyor.yml

@@ -5,6 +5,7 @@ os: Windows Server 2012 R2
 environment:
   GOPATH: c:\gopath
   CGO_ENABLED: 0
+  TIMESCALE_FACTOR: 20
   matrix:
     - GOARCH: 386
     - GOARCH: amd64
@@ -13,8 +14,8 @@ clone_folder: c:\gopath\src\github.com\lucas-clemente\quic-go
 
 install:
   - rmdir c:\go /s /q
-  - appveyor DownloadFile https://storage.googleapis.com/golang/go1.7.5.windows-amd64.zip
-  - 7z x go1.7.5.windows-amd64.zip -y -oC:\ > NUL
+  - appveyor DownloadFile https://storage.googleapis.com/golang/go1.8.3.windows-amd64.zip
+  - 7z x go1.8.3.windows-amd64.zip -y -oC:\ > NUL
   - set PATH=%PATH%;%GOPATH%\bin\windows_%GOARCH%;%GOPATH%\bin
   - echo %PATH%
   - echo %GOPATH%
@@ -27,7 +28,8 @@ install:
 
 build_script:
   - rm -r integrationtests
-  - ginkgo -r --randomizeAllSpecs --randomizeSuites --trace --progress
+  - ginkgo -r --randomizeAllSpecs --randomizeSuites --trace --progress -skipPackage benchmark
+  - ginkgo --randomizeAllSpecs --randomizeSuites --trace --progress benchmark -- -samples=1
 
 test: off
 

vendor/github.com/lucas-clemente/quic-go/buffer_pool.go

@@ -13,7 +13,7 @@ func getPacketBuffer() []byte {
 }
 
 func putPacketBuffer(buf []byte) {
-	if cap(buf) != int(protocol.MaxPacketSize) {
+	if cap(buf) != int(protocol.MaxReceivePacketSize) {
 		panic("putPacketBuffer called with packet of wrong size!")
 	}
 	bufferPool.Put(buf[:0])
@@ -21,6 +21,6 @@ func putPacketBuffer(buf []byte) {
 
 func init() {
 	bufferPool.New = func() interface{} {
-		return make([]byte, 0, protocol.MaxPacketSize)
+		return make([]byte, 0, protocol.MaxReceivePacketSize)
 	}
 }

vendor/github.com/lucas-clemente/quic-go/codecov.yml

@@ -4,8 +4,8 @@ coverage:
     - ackhandler/packet_linkedlist.go
     - h2quic/gzipreader.go
     - h2quic/response.go
-    - utils/byteinterval_linkedlist.go
-    - utils/packetinterval_linkedlist.go
+    - internal/utils/byteinterval_linkedlist.go
+    - internal/utils/packetinterval_linkedlist.go
   status:
     project:
       default:

vendor/github.com/lucas-clemente/quic-go/congestion/bandwidth.go

@@ -12,12 +12,8 @@ type Bandwidth uint64
 const (
 	// BitsPerSecond is 1 bit per second
 	BitsPerSecond Bandwidth = 1
-	// KBitsPerSecond is 1000 bits per second
-	KBitsPerSecond = 1000 * BitsPerSecond
 	// BytesPerSecond is 1 byte per second
 	BytesPerSecond = 8 * BitsPerSecond
-	// KBytesPerSecond is 1000 bytes per second
-	KBytesPerSecond = 1000 * BytesPerSecond
 )
 
 // BandwidthFromDelta calculates the bandwidth from a number of bytes and a time delta

vendor/github.com/lucas-clemente/quic-go/congestion/congestion_vector.go

-package congestion
-
-import "github.com/lucas-clemente/quic-go/protocol"
-
-// PacketInfo combines packet number and length of a packet for congestion calculation
-type PacketInfo struct {
-	Number protocol.PacketNumber
-	Length protocol.ByteCount
-}
-
-// PacketVector is passed to the congestion algorithm
-type PacketVector []PacketInfo

vendor/github.com/lucas-clemente/quic-go/congestion/cubic.go

@@ -4,8 +4,8 @@ import (
 	"math"
 	"time"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // This cubic implementation is based on the one found in Chromiums's QUIC
@@ -184,9 +184,19 @@ func (c *Cubic) CongestionWindowAfterAck(currentCongestionWindow protocol.Packet
 	elapsedTime := int64((currentTime.Add(delayMin).Sub(c.epoch)/time.Microsecond)<<10) / 1000000
 
 	offset := int64(c.timeToOriginPoint) - elapsedTime
+	// Right-shifts of negative, signed numbers have
+	// implementation-dependent behavior.  Force the offset to be
+	// positive, similar to the kernel implementation.
+	if offset < 0 {
+		offset = -offset
+	}
 	deltaCongestionWindow := protocol.PacketNumber((cubeCongestionWindowScale * offset * offset * offset) >> cubeScale)
-	targetCongestionWindow := c.originPointCongestionWindow - deltaCongestionWindow
-
+	var targetCongestionWindow protocol.PacketNumber
+	if elapsedTime > int64(c.timeToOriginPoint) {
+		targetCongestionWindow = c.originPointCongestionWindow + deltaCongestionWindow
+	} else {
+		targetCongestionWindow = c.originPointCongestionWindow - deltaCongestionWindow
+	}
 	// With dynamic beta/alpha based on number of active streams, it is possible
 	// for the required_ack_count to become much lower than acked_packets_count_
 	// suddenly, leading to more than one iteration through the following loop.

vendor/github.com/lucas-clemente/quic-go/congestion/cubic_sender.go

@@ -3,8 +3,8 @@ package congestion
 import (
 	"time"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 const (
@@ -125,24 +125,13 @@ func (c *cubicSender) SlowstartThreshold() protocol.PacketNumber {
 	return c.slowstartThreshold
 }
 
-// OnCongestionEvent indicates an update to the congestion state, caused either by an incoming
-// ack or loss event timeout.  |rttUpdated| indicates whether a new
-// latest_rtt sample has been taken, |byte_in_flight| the bytes in flight
-// prior to the congestion event.  |ackedPackets| and |lostPackets| are
-// any packets considered acked or lost as a result of the congestion event.
-func (c *cubicSender) OnCongestionEvent(rttUpdated bool, bytesInFlight protocol.ByteCount, ackedPackets PacketVector, lostPackets PacketVector) {
-	if rttUpdated && c.InSlowStart() && c.hybridSlowStart.ShouldExitSlowStart(c.rttStats.LatestRTT(), c.rttStats.MinRTT(), c.GetCongestionWindow()/protocol.DefaultTCPMSS) {
+func (c *cubicSender) MaybeExitSlowStart() {
+	if c.InSlowStart() && c.hybridSlowStart.ShouldExitSlowStart(c.rttStats.LatestRTT(), c.rttStats.MinRTT(), c.GetCongestionWindow()/protocol.DefaultTCPMSS) {
 		c.ExitSlowstart()
 	}
-	for _, i := range lostPackets {
-		c.onPacketLost(i.Number, i.Length, bytesInFlight)
-	}
-	for _, i := range ackedPackets {
-		c.onPacketAcked(i.Number, i.Length, bytesInFlight)
-	}
 }
 
-func (c *cubicSender) onPacketAcked(ackedPacketNumber protocol.PacketNumber, ackedBytes protocol.ByteCount, bytesInFlight protocol.ByteCount) {
+func (c *cubicSender) OnPacketAcked(ackedPacketNumber protocol.PacketNumber, ackedBytes protocol.ByteCount, bytesInFlight protocol.ByteCount) {
 	c.largestAckedPacketNumber = utils.MaxPacketNumber(ackedPacketNumber, c.largestAckedPacketNumber)
 	if c.InRecovery() {
 		// PRR is used when in recovery.
@@ -155,7 +144,7 @@ func (c *cubicSender) onPacketAcked(ackedPacketNumber protocol.PacketNumber, ack
 	}
 }
 
-func (c *cubicSender) onPacketLost(packetNumber protocol.PacketNumber, lostBytes protocol.ByteCount, bytesInFlight protocol.ByteCount) {
+func (c *cubicSender) OnPacketLost(packetNumber protocol.PacketNumber, lostBytes protocol.ByteCount, bytesInFlight protocol.ByteCount) {
 	// TCP NewReno (RFC6582) says that once a loss occurs, any losses in packets
 	// already sent should be treated as a single loss event, since it's expected.
 	if packetNumber <= c.largestSentAtLastCutback {

vendor/github.com/lucas-clemente/quic-go/congestion/hybrid_slow_start.go

@@ -3,8 +3,8 @@ package congestion
 import (
 	"time"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // Note(pwestin): the magic clamping numbers come from the original code in

vendor/github.com/lucas-clemente/quic-go/congestion/interface.go

@@ -11,7 +11,9 @@ type SendAlgorithm interface {
 	TimeUntilSend(now time.Time, bytesInFlight protocol.ByteCount) time.Duration
 	OnPacketSent(sentTime time.Time, bytesInFlight protocol.ByteCount, packetNumber protocol.PacketNumber, bytes protocol.ByteCount, isRetransmittable bool) bool
 	GetCongestionWindow() protocol.ByteCount
-	OnCongestionEvent(rttUpdated bool, bytesInFlight protocol.ByteCount, ackedPackets PacketVector, lostPackets PacketVector)
+	MaybeExitSlowStart()
+	OnPacketAcked(number protocol.PacketNumber, ackedBytes protocol.ByteCount, bytesInFlight protocol.ByteCount)
+	OnPacketLost(number protocol.PacketNumber, lostBytes protocol.ByteCount, bytesInFlight protocol.ByteCount)
 	SetNumEmulatedConnections(n int)
 	OnRetransmissionTimeout(packetsRetransmitted bool)
 	OnConnectionMigration()

vendor/github.com/lucas-clemente/quic-go/congestion/prr_sender.go

@@ -3,8 +3,8 @@ package congestion
 import (
 	"time"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // PrrSender implements the Proportional Rate Reduction (PRR) per RFC 6937

vendor/github.com/lucas-clemente/quic-go/congestion/rtt_stats.go

@@ -3,7 +3,7 @@ package congestion
 import (
 	"time"
 
-	"github.com/lucas-clemente/quic-go/utils"
+	"github.com/lucas-clemente/quic-go/internal/utils"
 )
 
 const (

vendor/github.com/lucas-clemente/quic-go/conn.go

+package quic
+
+import (
+	"net"
+	"sync"
+)
+
+type connection interface {
+	Write([]byte) error
+	Read([]byte) (int, net.Addr, error)
+	Close() error
+	LocalAddr() net.Addr
+	RemoteAddr() net.Addr
+	SetCurrentRemoteAddr(net.Addr)
+}
+
+type conn struct {
+	mutex sync.RWMutex
+
+	pconn       net.PacketConn
+	currentAddr net.Addr
+}
+
+var _ connection = &conn{}
+
+func (c *conn) Write(p []byte) error {
+	_, err := c.pconn.WriteTo(p, c.currentAddr)
+	return err
+}
+
+func (c *conn) Read(p []byte) (int, net.Addr, error) {
+	return c.pconn.ReadFrom(p)
+}
+
+func (c *conn) SetCurrentRemoteAddr(addr net.Addr) {
+	c.mutex.Lock()
+	c.currentAddr = addr
+	c.mutex.Unlock()
+}
+
+func (c *conn) LocalAddr() net.Addr {
+	return c.pconn.LocalAddr()
+}
+
+func (c *conn) RemoteAddr() net.Addr {
+	c.mutex.RLock()
+	addr := c.currentAddr
+	c.mutex.RUnlock()
+	return addr
+}
+
+func (c *conn) Close() error {
+	return c.pconn.Close()
+}

vendor/github.com/lucas-clemente/quic-go/crypto/cert_chain.go

@@ -55,30 +55,59 @@ func (c *certChain) GetLeafCert(sni string) ([]byte, error) {
 	return cert.Certificate[0], nil
 }
 
-func (c *certChain) getCertForSNI(sni string) (*tls.Certificate, error) {
-	if c.config.GetCertificate != nil {
-		cert, err := c.config.GetCertificate(&tls.ClientHelloInfo{ServerName: sni})
+func (cc *certChain) getCertForSNI(sni string) (*tls.Certificate, error) {
+	c := cc.config
+	c, err := maybeGetConfigForClient(c, sni)
 	if err != nil {
 		return nil, err
 	}
-		if cert != nil {
-			return cert, nil
+	// The rest of this function is mostly copied from crypto/tls.getCertificate
+
+	if c.GetCertificate != nil {
+		cert, err := c.GetCertificate(&tls.ClientHelloInfo{ServerName: sni})
+		if cert != nil || err != nil {
+			return cert, err
+		}
+	}
+
+	if len(c.Certificates) == 0 {
+		return nil, errNoMatchingCertificate
+	}
+
+	if len(c.Certificates) == 1 || c.NameToCertificate == nil {
+		// There's only one choice, so no point doing any work.
+		return &c.Certificates[0], nil
 	}
+
+	name := strings.ToLower(sni)
+	for len(name) > 0 && name[len(name)-1] == '.' {
+		name = name[:len(name)-1]
 	}
 
-	if len(c.config.NameToCertificate) != 0 {
-		if cert, ok := c.config.NameToCertificate[sni]; ok {
+	if cert, ok := c.NameToCertificate[name]; ok {
 		return cert, nil
 	}
-		wildcardSNI := "*" + strings.TrimLeftFunc(sni, func(r rune) bool { return r != '.' })
-		if cert, ok := c.config.NameToCertificate[wildcardSNI]; ok {
+
+	// try replacing labels in the name with wildcards until we get a
+	// match.
+	labels := strings.Split(name, ".")
+	for i := range labels {
+		labels[i] = "*"
+		candidate := strings.Join(labels, ".")
+		if cert, ok := c.NameToCertificate[candidate]; ok {
 			return cert, nil
 		}
 	}
 
-	if len(c.config.Certificates) != 0 {
-		return &c.config.Certificates[0], nil
-	}
+	// If nothing matches, return the first certificate.
+	return &c.Certificates[0], nil
+}
 
-	return nil, errNoMatchingCertificate
+func maybeGetConfigForClient(c *tls.Config, sni string) (*tls.Config, error) {
+	if c.GetConfigForClient == nil {
+		return c, nil
+	}
+	return c.GetConfigForClient(&tls.ClientHelloInfo{
+		ServerName: sni,
+	})
 }

vendor/github.com/lucas-clemente/quic-go/crypto/cert_compression.go

@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"hash/fnv"
 
-	"github.com/lucas-clemente/quic-go/utils"
+	"github.com/lucas-clemente/quic-go/internal/utils"
 )
 
 type entryType uint8
@@ -142,7 +142,7 @@ func decompressChain(data []byte) ([][]byte, error) {
 	}
 
 	if numCerts == 0 {
-		return make([][]byte, 0, 0), nil
+		return make([][]byte, 0), nil
 	}
 
 	if hasCompressedCerts {
@@ -255,7 +255,7 @@ func splitHashes(hashes []byte) ([]uint64, error) {
 }
 
 func getCommonCertificateHashes() []byte {
-	ccs := make([]byte, 8*len(certSets), 8*len(certSets))
+	ccs := make([]byte, 8*len(certSets))
 	i := 0
 	for certSetHash := range certSets {
 		binary.LittleEndian.PutUint64(ccs[i*8:(i+1)*8], certSetHash)

vendor/github.com/lucas-clemente/quic-go/crypto/cert_manager.go

@@ -41,7 +41,7 @@ func (c *certManager) SetData(data []byte) error {
 		return qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid")
 	}
 
-	chain := make([]*x509.Certificate, len(byteChain), len(byteChain))
+	chain := make([]*x509.Certificate, len(byteChain))
 	for i, data := range byteChain {
 		cert, err := x509.ParseCertificate(data)
 		if err != nil {
@@ -107,15 +107,14 @@ func (c *certManager) Verify(hostname string) error {
 	var opts x509.VerifyOptions
 	if c.config != nil {
 		opts.Roots = c.config.RootCAs
-		opts.DNSName = c.config.ServerName
 		if c.config.Time == nil {
 			opts.CurrentTime = time.Now()
 		} else {
 			opts.CurrentTime = c.config.Time()
 		}
-	} else {
-		opts.DNSName = hostname
 	}
+	// we don't need to care about the tls.Config.ServerName here, since hostname has already been set to that value in the session setup
+	opts.DNSName = hostname
 
 	// the first certificate is the leaf certificate, all others are intermediates
 	if len(c.chain) > 1 {

vendor/github.com/lucas-clemente/quic-go/crypto/key_derivation.go

@@ -5,8 +5,8 @@ import (
 	"crypto/sha256"
 	"io"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 
 	"golang.org/x/crypto/hkdf"
 )

vendor/github.com/lucas-clemente/quic-go/crypto/null_aead.go

@@ -8,13 +8,24 @@ import (
 	"github.com/lucas-clemente/quic-go/protocol"
 )
 
-// NullAEAD handles not-yet encrypted packets
-type NullAEAD struct{}
+// nullAEAD handles not-yet encrypted packets
+type nullAEAD struct {
+	perspective protocol.Perspective
+	version     protocol.VersionNumber
+}
+
+var _ AEAD = &nullAEAD{}
 
-var _ AEAD = &NullAEAD{}
+// NewNullAEAD creates a NullAEAD
+func NewNullAEAD(p protocol.Perspective, v protocol.VersionNumber) AEAD {
+	return &nullAEAD{
+		perspective: p,
+		version:     v,
+	}
+}
 
 // Open and verify the ciphertext
-func (NullAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) {
+func (n *nullAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) {
 	if len(src) < 12 {
 		return nil, errors.New("NullAEAD: ciphertext cannot be less than 12 bytes long")
 	}
@@ -22,6 +33,13 @@ func (NullAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associ
 	hash := fnv128a.New()
 	hash.Write(associatedData)
 	hash.Write(src[12:])
+	if n.version >= protocol.Version37 {
+		if n.perspective == protocol.PerspectiveServer {
+			hash.Write([]byte("Client"))
+		} else {
+			hash.Write([]byte("Server"))
+		}
+	}
 	testHigh, testLow := hash.Sum128()
 
 	low := binary.LittleEndian.Uint64(src)
@@ -34,7 +52,7 @@ func (NullAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associ
 }
 
 // Seal writes hash and ciphertext to the buffer
-func (NullAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
+func (n *nullAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
 	if cap(dst) < 12+len(src) {
 		dst = make([]byte, 12+len(src))
 	} else {
@@ -44,6 +62,15 @@ func (NullAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associ
 	hash := fnv128a.New()
 	hash.Write(associatedData)
 	hash.Write(src)
+
+	if n.version >= protocol.Version37 {
+		if n.perspective == protocol.PerspectiveServer {
+			hash.Write([]byte("Server"))
+		} else {
+			hash.Write([]byte("Client"))
+		}
+	}
+
 	high, low := hash.Sum128()
 
 	copy(dst[12:], src)

vendor/github.com/lucas-clemente/quic-go/crypto/source_address_token.go

@@ -5,48 +5,18 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
-	"crypto/subtle"
-	"encoding/binary"
-	"errors"
 	"fmt"
 	"io"
-	"net"
-	"time"
-
-	"github.com/lucas-clemente/quic-go/protocol"
 
 	"golang.org/x/crypto/hkdf"
 )
 
 // StkSource is used to create and verify source address tokens
 type StkSource interface {
-	// NewToken creates a new token for a given IP address
-	NewToken(ip net.IP) ([]byte, error)
-	// VerifyToken verifies if a token matches a given IP address and is not outdated
-	VerifyToken(ip net.IP, data []byte) error
-}
-
-type sourceAddressToken struct {
-	ip net.IP
-	// unix timestamp in seconds
-	timestamp uint64
-}
-
-func (t *sourceAddressToken) serialize() []byte {
-	res := make([]byte, 8+len(t.ip))
-	binary.LittleEndian.PutUint64(res, t.timestamp)
-	copy(res[8:], t.ip)
-	return res
-}
-
-func parseToken(data []byte) (*sourceAddressToken, error) {
-	if len(data) != 8+4 && len(data) != 8+16 {
-		return nil, fmt.Errorf("invalid STK length: %d", len(data))
-	}
-	return &sourceAddressToken{
-		ip:        data[8:],
-		timestamp: binary.LittleEndian.Uint64(data),
-	}, nil
+	// NewToken creates a new token
+	NewToken([]byte) ([]byte, error)
+	// DecodeToken decodes a token
+	DecodeToken([]byte) ([]byte, error)
 }
 
 type stkSource struct {
@@ -60,7 +30,11 @@ const stkKeySize = 16
 const stkNonceSize = 16
 
 // NewStkSource creates a source for source address tokens
-func NewStkSource(secret []byte) (StkSource, error) {
+func NewStkSource() (StkSource, error) {
+	secret := make([]byte, 32)
+	if _, err := rand.Read(secret); err != nil {
+		return nil, err
+	}
 	key, err := deriveKey(secret)
 	if err != nil {
 		return nil, err
@@ -76,38 +50,20 @@ func NewStkSource(secret []byte) (StkSource, error) {
 	return &stkSource{aead: aead}, nil
 }
 
-func (s *stkSource) NewToken(ip net.IP) ([]byte, error) {
-	return encryptToken(s.aead, &sourceAddressToken{
-		ip:        ip,
-		timestamp: uint64(time.Now().Unix()),
-	})
-}
-
-func (s *stkSource) VerifyToken(ip net.IP, data []byte) error {
-	if len(data) < stkNonceSize {
-		return errors.New("STK too short")
-	}
-	nonce := data[:stkNonceSize]
-
-	res, err := s.aead.Open(nil, nonce, data[stkNonceSize:], nil)
-	if err != nil {
-		return err
-	}
-
-	token, err := parseToken(res)
-	if err != nil {
-		return err
-	}
-
-	if subtle.ConstantTimeCompare(token.ip, ip) != 1 {
-		return errors.New("invalid ip in STK")
+func (s *stkSource) NewToken(data []byte) ([]byte, error) {
+	nonce := make([]byte, stkNonceSize)
+	if _, err := rand.Read(nonce); err != nil {
+		return nil, err
 	}
+	return s.aead.Seal(nonce, nonce, data, nil), nil
+}
 
-	if time.Now().Unix() > int64(token.timestamp)+protocol.STKExpiryTimeSec {
-		return errors.New("STK expired")
+func (s *stkSource) DecodeToken(p []byte) ([]byte, error) {
+	if len(p) < stkNonceSize {
+		return nil, fmt.Errorf("STK too short: %d", len(p))
 	}
-
-	return nil
+	nonce := p[:stkNonceSize]
+	return s.aead.Open(nil, nonce, p[stkNonceSize:], nil)
 }
 
 func deriveKey(secret []byte) ([]byte, error) {
@@ -118,11 +74,3 @@ func deriveKey(secret []byte) ([]byte, error) {
 	}
 	return key, nil
 }
-
-func encryptToken(aead cipher.AEAD, token *sourceAddressToken) ([]byte, error) {
-	nonce := make([]byte, stkNonceSize)
-	if _, err := rand.Read(nonce); err != nil {
-		return nil, err
-	}
-	return aead.Seal(nonce, nonce, token.serialize(), nil), nil
-}

vendor/github.com/lucas-clemente/quic-go/flowcontrol/flow_controller.go

@@ -6,91 +6,93 @@ import (
 
 	"github.com/lucas-clemente/quic-go/congestion"
 	"github.com/lucas-clemente/quic-go/handshake"
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 type flowController struct {
 	streamID                protocol.StreamID
+	contributesToConnection bool // does the stream contribute to connection level flow control
 
 	connectionParameters handshake.ConnectionParametersManager
 	rttStats             *congestion.RTTStats
 
 	bytesSent  protocol.ByteCount
-	sendFlowControlWindow protocol.ByteCount
+	sendWindow protocol.ByteCount
 
 	lastWindowUpdateTime time.Time
 
 	bytesRead                 protocol.ByteCount
 	highestReceived           protocol.ByteCount
-	receiveFlowControlWindow             protocol.ByteCount
-	receiveFlowControlWindowIncrement    protocol.ByteCount
-	maxReceiveFlowControlWindowIncrement protocol.ByteCount
+	receiveWindow             protocol.ByteCount
+	receiveWindowIncrement    protocol.ByteCount
+	maxReceiveWindowIncrement protocol.ByteCount
 }
 
 // ErrReceivedSmallerByteOffset occurs if the ByteOffset received is smaller than a ByteOffset that was set previously
 var ErrReceivedSmallerByteOffset = errors.New("Received a smaller byte offset")
 
 // newFlowController gets a new flow controller
-func newFlowController(streamID protocol.StreamID, connectionParameters handshake.ConnectionParametersManager, rttStats *congestion.RTTStats) *flowController {
+func newFlowController(streamID protocol.StreamID, contributesToConnection bool, connectionParameters handshake.ConnectionParametersManager, rttStats *congestion.RTTStats) *flowController {
 	fc := flowController{
 		streamID:                streamID,
+		contributesToConnection: contributesToConnection,
 		connectionParameters:    connectionParameters,
 		rttStats:                rttStats,
 	}
 
 	if streamID == 0 {
-		fc.receiveFlowControlWindow = connectionParameters.GetReceiveConnectionFlowControlWindow()
-		fc.receiveFlowControlWindowIncrement = fc.receiveFlowControlWindow
-		fc.maxReceiveFlowControlWindowIncrement = connectionParameters.GetMaxReceiveConnectionFlowControlWindow()
+		fc.receiveWindow = connectionParameters.GetReceiveConnectionFlowControlWindow()
+		fc.receiveWindowIncrement = fc.receiveWindow
+		fc.maxReceiveWindowIncrement = connectionParameters.GetMaxReceiveConnectionFlowControlWindow()
 	} else {
-		fc.receiveFlowControlWindow = connectionParameters.GetReceiveStreamFlowControlWindow()
-		fc.receiveFlowControlWindowIncrement = fc.receiveFlowControlWindow
-		fc.maxReceiveFlowControlWindowIncrement = connectionParameters.GetMaxReceiveStreamFlowControlWindow()
+		fc.receiveWindow = connectionParameters.GetReceiveStreamFlowControlWindow()
+		fc.receiveWindowIncrement = fc.receiveWindow
+		fc.maxReceiveWindowIncrement = connectionParameters.GetMaxReceiveStreamFlowControlWindow()
 	}
 
 	return &fc
 }
 
-func (c *flowController) getSendFlowControlWindow() protocol.ByteCount {
-	if c.sendFlowControlWindow == 0 {
+func (c *flowController) ContributesToConnection() bool {
+	return c.contributesToConnection
+}
+
+func (c *flowController) getSendWindow() protocol.ByteCount {
+	if c.sendWindow == 0 {
 		if c.streamID == 0 {
 			return c.connectionParameters.GetSendConnectionFlowControlWindow()
 		}
 		return c.connectionParameters.GetSendStreamFlowControlWindow()
 	}
-	return c.sendFlowControlWindow
+	return c.sendWindow
 }
 
 func (c *flowController) AddBytesSent(n protocol.ByteCount) {
 	c.bytesSent += n
 }
 
-func (c *flowController) GetBytesSent() protocol.ByteCount {
-	return c.bytesSent
-}
-
 // UpdateSendWindow should be called after receiving a WindowUpdateFrame
 // it returns true if the window was actually updated
 func (c *flowController) UpdateSendWindow(newOffset protocol.ByteCount) bool {
-	if newOffset > c.sendFlowControlWindow {
-		c.sendFlowControlWindow = newOffset
+	if newOffset > c.sendWindow {
+		c.sendWindow = newOffset
 		return true
 	}
 	return false
 }
 
 func (c *flowController) SendWindowSize() protocol.ByteCount {
-	sendFlowControlWindow := c.getSendFlowControlWindow()
+	sendWindow := c.getSendWindow()
 
-	if c.bytesSent > sendFlowControlWindow { // should never happen, but make sure we don't do an underflow here
+	if c.bytesSent > sendWindow { // should never happen, but make sure we don't do an underflow here
 		return 0
 	}
-	return sendFlowControlWindow - c.bytesSent
+	return sendWindow - c.bytesSent
 }
 
 func (c *flowController) SendWindowOffset() protocol.ByteCount {
-	return c.getSendFlowControlWindow()
+	return c.getSendWindow()
 }
 
 // UpdateHighestReceived updates the highestReceived value, if the byteOffset is higher
@@ -117,28 +119,39 @@ func (c *flowController) IncrementHighestReceived(increment protocol.ByteCount)
 }
 
 func (c *flowController) AddBytesRead(n protocol.ByteCount) {
+	// pretend we sent a WindowUpdate when reading the first byte
+	// this way auto-tuning of the window increment already works for the first WindowUpdate
+	if c.bytesRead == 0 {
+		c.lastWindowUpdateTime = time.Now()
+	}
 	c.bytesRead += n
 }
 
-// MaybeTriggerWindowUpdate determines if it is necessary to send a WindowUpdate
-// if so, it returns true and the offset of the window
-func (c *flowController) MaybeTriggerWindowUpdate() (bool, protocol.ByteCount) {
-	diff := c.receiveFlowControlWindow - c.bytesRead
+// MaybeUpdateWindow updates the receive window, if necessary
+// if the receive window increment is changed, the new value is returned, otherwise a 0
+// the last return value is the new offset of the receive window
+func (c *flowController) MaybeUpdateWindow() (bool, protocol.ByteCount /* new increment */, protocol.ByteCount /* new offset */) {
+	diff := c.receiveWindow - c.bytesRead
 
 	// Chromium implements the same threshold
-	if diff < (c.receiveFlowControlWindowIncrement / 2) {
-		c.maybeAdjustWindowIncrement()
-		c.lastWindowUpdateTime = time.Now()
+	if diff < (c.receiveWindowIncrement / 2) {
+		var newWindowIncrement protocol.ByteCount
+		oldWindowIncrement := c.receiveWindowIncrement
 
-		c.receiveFlowControlWindow = c.bytesRead + c.receiveFlowControlWindowIncrement
+		c.maybeAdjustWindowIncrement()
+		if c.receiveWindowIncrement != oldWindowIncrement {
+			newWindowIncrement = c.receiveWindowIncrement
+		}
 
-		return true, c.receiveFlowControlWindow
+		c.lastWindowUpdateTime = time.Now()
+		c.receiveWindow = c.bytesRead + c.receiveWindowIncrement
+		return true, newWindowIncrement, c.receiveWindow
 	}
 
-	return false, 0
+	return false, 0, 0
 }
 
-// maybeAdjustWindowIncrement increases the receiveFlowControlWindowIncrement if we're sending WindowUpdates too often
+// maybeAdjustWindowIncrement increases the receiveWindowIncrement if we're sending WindowUpdates too often
 func (c *flowController) maybeAdjustWindowIncrement() {
 	if c.lastWindowUpdateTime.IsZero() {
 		return
@@ -149,19 +162,19 @@ func (c *flowController) maybeAdjustWindowIncrement() {
 		return
 	}
 
-	timeSinceLastWindowUpdate := time.Now().Sub(c.lastWindowUpdateTime)
+	timeSinceLastWindowUpdate := time.Since(c.lastWindowUpdateTime)
 
 	// interval between the window updates is sufficiently large, no need to increase the increment
 	if timeSinceLastWindowUpdate >= 2*rtt {
 		return
 	}
 
-	oldWindowSize := c.receiveFlowControlWindowIncrement
-	c.receiveFlowControlWindowIncrement = utils.MinByteCount(2*c.receiveFlowControlWindowIncrement, c.maxReceiveFlowControlWindowIncrement)
+	oldWindowSize := c.receiveWindowIncrement
+	c.receiveWindowIncrement = utils.MinByteCount(2*c.receiveWindowIncrement, c.maxReceiveWindowIncrement)
 
 	// debug log, if the window size was actually increased
-	if oldWindowSize < c.receiveFlowControlWindowIncrement {
-		newWindowSize := c.receiveFlowControlWindowIncrement / (1 << 10)
+	if oldWindowSize < c.receiveWindowIncrement {
+		newWindowSize := c.receiveWindowIncrement / (1 << 10)
 		if c.streamID == 0 {
 			utils.Debugf("Increasing receive flow control window for the connection to %d kB", newWindowSize)
 		} else {
@@ -170,9 +183,16 @@ func (c *flowController) maybeAdjustWindowIncrement() {
 	}
 }
 
-func (c *flowController) CheckFlowControlViolation() bool {
-	if c.highestReceived > c.receiveFlowControlWindow {
-		return true
+// EnsureMinimumWindowIncrement sets a minimum window increment
+// it is intended be used for the connection-level flow controller
+// it should make sure that the connection-level window is increased when a stream-level window grows
+func (c *flowController) EnsureMinimumWindowIncrement(inc protocol.ByteCount) {
+	if inc > c.receiveWindowIncrement {
+		c.receiveWindowIncrement = utils.MinByteCount(inc, c.maxReceiveWindowIncrement)
+		c.lastWindowUpdateTime = time.Time{} // disables autotuning for the next window update
 	}
-	return false
+}
+
+func (c *flowController) CheckFlowControlViolation() bool {
+	return c.highestReceived > c.receiveWindow
 }

vendor/github.com/lucas-clemente/quic-go/frames/ack_frame.go

@@ -5,8 +5,8 @@ import (
 	"errors"
 	"time"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 var (
@@ -222,7 +222,7 @@ func (f *AckFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error
 		utils.WriteUint48(b, uint64(f.LargestAcked))
 	}
 
-	f.DelayTime = time.Now().Sub(f.PacketReceivedTime)
+	f.DelayTime = time.Since(f.PacketReceivedTime)
 	utils.WriteUfloat16(b, uint64(f.DelayTime/time.Microsecond))
 
 	var numRanges uint64
@@ -332,8 +332,7 @@ func (f *AckFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error
 
 // MinLength of a written frame
 func (f *AckFrame) MinLength(version protocol.VersionNumber) (protocol.ByteCount, error) {
-	var length protocol.ByteCount
-	length = 1 + 2 + 1 // 1 TypeByte, 2 ACK delay time, 1 Num Timestamp
+	length := protocol.ByteCount(1 + 2 + 1) // 1 TypeByte, 2 ACK delay time, 1 Num Timestamp
 	length += protocol.ByteCount(protocol.GetPacketNumberLength(f.LargestAcked))
 
 	missingSequenceNumberDeltaLen := protocol.ByteCount(f.getMissingSequenceNumberDeltaLen())
@@ -351,10 +350,7 @@ func (f *AckFrame) MinLength(version protocol.VersionNumber) (protocol.ByteCount
 
 // HasMissingRanges returns if this frame reports any missing packets
 func (f *AckFrame) HasMissingRanges() bool {
-	if len(f.AckRanges) > 0 {
-		return true
-	}
-	return false
+	return len(f.AckRanges) > 0
 }
 
 func (f *AckFrame) validateAckRanges() bool {

vendor/github.com/lucas-clemente/quic-go/frames/blocked_frame.go

@@ -3,8 +3,8 @@ package frames
 import (
 	"bytes"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // A BlockedFrame in QUIC

vendor/github.com/lucas-clemente/quic-go/frames/connection_close_frame.go

@@ -6,9 +6,9 @@ import (
 	"io"
 	"math"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
 	"github.com/lucas-clemente/quic-go/qerr"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // A ConnectionCloseFrame in QUIC

vendor/github.com/lucas-clemente/quic-go/frames/goaway_frame.go

@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"io"
 
+	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/lucas-clemente/quic-go/protocol"
 	"github.com/lucas-clemente/quic-go/qerr"
-	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // A GoawayFrame is a GOAWAY frame