The branch, master has been updated
via 09c44603f58 s3:selftest: run smb2.{bench,connect,credits,ioctl,rw}
over quic-ngtcp2
via 2cab318e26f s3:libsmb: add support for userspace quic support using
ngtcp2
via 20e42cbbfef s4:lib/tls: add tstream_tls_ngtcp2_connect_send/recv
via a8c20805330 lib/tsocket: optimize tdgram_recvfrom_done() into
tdgram_recvfrom_send()
via 354b534fe03 s3:selftest: run smb2.{bench,connect,credits,ioctl,rw}
over quic_ko_wrapper
via 66a1112a826 selftest: let 'fileserver' support quic
via d45ea578b70 selftest: use quic_ko_wrapper if available
via aa84dee9227 third_party: add quic_ko_wrapper to simulate
IPPROTO_QUIC sockets
via 3082a45e10f third_party: import ngtcp2 v1.13.0 from
https://github.com/ngtcp2/ngtcp2.git
via b52e1fd306c s3:libsmb: add support for SMB_TRANSPORT_TYPE_QUIC
via ded5ac15b67 s3:smbd: add support for SMB_TRANSPORT_TYPE_QUIC
via 9c9364cf741 s4:lib/tls: add
tstream_tls_params_quic_{prepare,enabled() and
tstream_tls_quic_handshake[_{send,recv}]()
via 02bb288d08f third_party: import quic from
https://github.com/lxin/quic.git
via bd786a1e638 system_gnutls: print the found gnutls version and
detected features
via f309c7381ed lib/param: allow smb_transport[s]_parse() to handle
'quic'
via 82685568ebf libcli/smb: define SMB_TRANSPORT_TYPE_QUIC
from 44ee31c0258 Add check for the GPO link to have at least two
attributes separated by semicolumn. Allows to handle empty links.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 09c44603f588a4436d467983f650aee4fd0a71ff
Author: Stefan Metzmacher <[email protected]>
Date: Mon May 19 14:56:14 2025 +0200
s3:selftest: run smb2.{bench,connect,credits,ioctl,rw} over quic-ngtcp2
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Thu Jul 17 10:00:51 UTC 2025 on atb-devel-224
commit 2cab318e26f3378a956f43eb85e382be802d958c
Author: Stefan Metzmacher <[email protected]>
Date: Tue May 6 11:32:43 2025 +0200
s3:libsmb: add support for userspace quic support using ngtcp2
By default we fallback to ngtcp2 if the kernel has no quic.ko
support.
To force it the following option can be used:
client smb transport:force_ngtcp2_quic=yes
To disable it the following option can be used:
client smb transport:allow_ngtcp2_quic=no
From within libsmbclient.so we can't use it at all
as there's no way monitor the connection in order
to handle acked and keep alive pings.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 20e42cbbfefed95ae3764f86ab03c04b49934bae
Author: Stefan Metzmacher <[email protected]>
Date: Sun May 4 18:20:56 2025 +0200
s4:lib/tls: add tstream_tls_ngtcp2_connect_send/recv
This implemented a tstream_context for a single QUIC
stream using libngtcp2 over an udp socket.
This will allow us to support the SMB over QUIC protocol
on the client side even without quic.ko kernel support.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit a8c208053306aa26c0faf1713bfcbc49d2825eda
Author: Stefan Metzmacher <[email protected]>
Date: Fri May 16 16:29:19 2025 +0200
lib/tsocket: optimize tdgram_recvfrom_done() into tdgram_recvfrom_send()
For callers using tdgram_bsd_optimize_recvfrom() it is every useful
to know it data was already waiting in the socket.
In that case the result from tdgram_bsd_recvfrom_send() would
already report tevent_req_is_in_progress() as false.
But the result of tdgram_recvfrom_send() available to the
caller would see tevent_req_is_in_progress() reporting true.
With this change also the result of tdgram_recvfrom_send()
would report tevent_req_is_in_progress() as false,
which will be useful for callers, which would otherwise
set a timeout on the request.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 354b534fe03ae7e3f01b63da7dc5ee14220efa46
Author: Stefan Metzmacher <[email protected]>
Date: Tue Apr 29 16:20:35 2025 +0200
s3:selftest: run smb2.{bench,connect,credits,ioctl,rw} over quic_ko_wrapper
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 66a1112a82668267755f3f589832a100d4869343
Author: Stefan Metzmacher <[email protected]>
Date: Fri May 2 12:48:21 2025 +0200
selftest: let 'fileserver' support quic
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit d45ea578b70f64ddd9c9d3a08096642b85400455
Author: Stefan Metzmacher <[email protected]>
Date: Tue Apr 22 12:26:19 2025 +0200
selftest: use quic_ko_wrapper if available
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit aa84dee922718cbb40ab2663a9442df726515312
Author: Stefan Metzmacher <[email protected]>
Date: Fri May 2 14:44:42 2025 +0200
third_party: add quic_ko_wrapper to simulate IPPROTO_QUIC sockets
For now this is only part of Samba, so no real third_party,
but in future we may decide have a standalone repository
or move it to https://github.com/lxin/quic.git
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 3082a45e10f38df52fa1ee5966363305a97b3974
Author: Stefan Metzmacher <[email protected]>
Date: Fri May 2 14:32:11 2025 +0200
third_party: import ngtcp2 v1.13.0 from https://github.com/ngtcp2/ngtcp2.git
This imports commit 7dd482f949f145632c482d01af2184954b471795.
It will be used to implement a quic_ko_wrapper, but also
used as userspace client too.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit b52e1fd306c97337c48664d3843065dd221777e0
Author: Stefan Metzmacher <[email protected]>
Date: Fri Apr 4 01:17:19 2025 +0200
s3:libsmb: add support for SMB_TRANSPORT_TYPE_QUIC
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'client smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls ca directories'
'tls trust system cas'
'tls cafile'
'tls crlfile'
'tls verify peer'
Note that tools like smbclient are able to take
--option='client smb transports = quic" --option='tls verify peer=no_check'
in order to test it without changing smb.conf,
You may not want to use 'tls verify peer=no_check' for
production, it would make the transport as unprotected
as a tcp connection.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit ded5ac15b6707c359b6e84d1e85577b00b1f582d
Author: Stefan Metzmacher <[email protected]>
Date: Thu Apr 3 17:32:58 2025 +0200
s3:smbd: add support for SMB_TRANSPORT_TYPE_QUIC
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'server smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls cafile'
'tls certfile'
'tls keyfile'
If the files pointed to by 'tls cafile', 'tls certfile' and
'tls keyfile' all don't exist, self-signed tls certificates are
generated automatically at startup.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 9c9364cf741016f81019cf85922bb4577e97d078
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 7 13:46:23 2025 +0200
s4:lib/tls: add tstream_tls_params_quic_{prepare,enabled() and
tstream_tls_quic_handshake[_{send,recv}]()
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 02bb288d08f0a975aeba2932aac1536cad67a692
Author: Stefan Metzmacher <[email protected]>
Date: Tue Apr 15 11:00:17 2025 +0200
third_party: import quic from https://github.com/lxin/quic.git
For now the VERSION argument to third_party/quic/update.sh
is ignored as there are no versions yet. For now we require
version 1.1 (not releases) for a system library, in order to make sure
it is recent enough.
This import is based on commit 846dddb24f007c8356ce3c19c74445160a8d94f7.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit bd786a1e63849ba2f081dfa2fc0d52a6f249cb87
Author: Stefan Metzmacher <[email protected]>
Date: Wed Apr 16 20:15:07 2025 +0200
system_gnutls: print the found gnutls version and detected features
This makes it easier to analyze build failures.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit f309c7381eda3107e7716958acd4f31119e0f7fd
Author: Stefan Metzmacher <[email protected]>
Date: Thu Apr 3 17:04:13 2025 +0200
lib/param: allow smb_transport[s]_parse() to handle 'quic'
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 82685568ebfb6458a7b3399a2eb3dde99ff3dd76
Author: Stefan Metzmacher <[email protected]>
Date: Thu Apr 3 17:03:57 2025 +0200
libcli/smb: define SMB_TRANSPORT_TYPE_QUIC
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_third_party.py | 17 +
.../smbdotconf/protocol/clientsmbtransports.xml | 21 +
.../smbdotconf/protocol/serversmbtransports.xml | 23 +
lib/param/loadparm.c | 3 +
lib/tsocket/tsocket.c | 16 +
libcli/smb/smb_util.h | 1 +
script/autobuild.py | 4 +-
script/compare_cc_results.py | 1 +
selftest/flapping.d/smb-over-quic | 5 +
selftest/selftest.pl | 16 +
selftest/target/Samba3.pm | 5 +
selftest/wscript | 4 +
source3/libsmb/libsmb_context.c | 8 +
source3/libsmb/smbsock_connect.c | 450 +
source3/libsmb/smbsock_connect.h | 2 +
source3/selftest/tests.py | 31 +
source3/smbd/server.c | 207 +-
source3/smbd/smb2_process.c | 2 +
source3/utils/status_json.c | 3 +
source3/wscript_build | 1 +
source4/lib/tls/tls.h | 34 +
source4/lib/tls/tls_tstream.c | 2380 +++-
source4/lib/tls/wscript_build | 3 +
source4/smb_server/smb_server.c | 5 +
third_party/ngtcp2/crypto/CMakeLists.txt | 62 +
third_party/ngtcp2/crypto/Makefile.am | 53 +
third_party/ngtcp2/crypto/boringssl/.gitignore | 2 +
third_party/ngtcp2/crypto/boringssl/CMakeLists.txt | 64 +
third_party/ngtcp2/crypto/boringssl/Makefile.am | 39 +
third_party/ngtcp2/crypto/boringssl/boringssl.c | 666 +
.../boringssl/libngtcp2_crypto_boringssl.pc.in | 33 +
third_party/ngtcp2/crypto/gnutls/.gitignore | 1 +
third_party/ngtcp2/crypto/gnutls/CMakeLists.txt | 86 +
third_party/ngtcp2/crypto/gnutls/Makefile.am | 43 +
third_party/ngtcp2/crypto/gnutls/gnutls.c | 674 +
.../crypto/gnutls/libngtcp2_crypto_gnutls.pc.in | 33 +
third_party/ngtcp2/crypto/includes/CMakeLists.txt | 62 +
third_party/ngtcp2/crypto/includes/Makefile.am | 49 +
.../ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h | 963 ++
.../includes/ngtcp2/ngtcp2_crypto_boringssl.h | 104 +
.../crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h | 108 +
.../crypto/includes/ngtcp2/ngtcp2_crypto_ossl.h | 198 +
.../crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h | 246 +
.../crypto/includes/ngtcp2/ngtcp2_crypto_quictls.h | 147 +
.../crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h | 106 +
third_party/ngtcp2/crypto/ossl/.gitignore | 1 +
third_party/ngtcp2/crypto/ossl/CMakeLists.txt | 86 +
third_party/ngtcp2/crypto/ossl/Makefile.am | 43 +
.../ngtcp2/crypto/ossl/libngtcp2_crypto_ossl.pc.in | 33 +
third_party/ngtcp2/crypto/ossl/ossl.c | 1191 ++
third_party/ngtcp2/crypto/picotls/.gitignore | 2 +
third_party/ngtcp2/crypto/picotls/CMakeLists.txt | 65 +
third_party/ngtcp2/crypto/picotls/Makefile.am | 39 +
.../crypto/picotls/libngtcp2_crypto_picotls.pc.in | 33 +
third_party/ngtcp2/crypto/picotls/picotls.c | 714 +
third_party/ngtcp2/crypto/quictls/.gitignore | 1 +
third_party/ngtcp2/crypto/quictls/CMakeLists.txt | 86 +
third_party/ngtcp2/crypto/quictls/Makefile.am | 43 +
.../crypto/quictls/libngtcp2_crypto_quictls.pc.in | 33 +
third_party/ngtcp2/crypto/quictls/quictls.c | 1013 ++
third_party/ngtcp2/crypto/shared.c | 1650 +++
third_party/ngtcp2/crypto/shared.h | 397 +
third_party/ngtcp2/crypto/wolfssl/.gitignore | 1 +
third_party/ngtcp2/crypto/wolfssl/CMakeLists.txt | 84 +
third_party/ngtcp2/crypto/wolfssl/Makefile.am | 43 +
.../crypto/wolfssl/libngtcp2_crypto_wolfssl.pc.in | 33 +
third_party/ngtcp2/crypto/wolfssl/wolfssl.c | 545 +
third_party/ngtcp2/lib/.gitignore | 2 +
third_party/ngtcp2/lib/CMakeLists.txt | 146 +
third_party/ngtcp2/lib/Makefile.am | 130 +
third_party/ngtcp2/lib/config.cmake.in | 3 +
third_party/ngtcp2/lib/includes/CMakeLists.txt | 4 +
third_party/ngtcp2/lib/includes/Makefile.am | 25 +
third_party/ngtcp2/lib/includes/ngtcp2/ngtcp2.h | 5969 ++++++++
.../ngtcp2/lib/includes/ngtcp2/version.h.in | 51 +
third_party/ngtcp2/lib/libngtcp2.pc.in | 33 +
third_party/ngtcp2/lib/ngtcp2_acktr.c | 439 +
third_party/ngtcp2/lib/ngtcp2_acktr.h | 258 +
third_party/ngtcp2/lib/ngtcp2_addr.c | 118 +
third_party/ngtcp2/lib/ngtcp2_addr.h | 77 +
third_party/ngtcp2/lib/ngtcp2_balloc.c | 90 +
third_party/ngtcp2/lib/ngtcp2_balloc.h | 94 +
third_party/ngtcp2/lib/ngtcp2_bbr.c | 1421 ++
third_party/ngtcp2/lib/ngtcp2_bbr.h | 142 +
third_party/ngtcp2/lib/ngtcp2_buf.c | 56 +
third_party/ngtcp2/lib/ngtcp2_buf.h | 108 +
third_party/ngtcp2/lib/ngtcp2_cc.c | 493 +
third_party/ngtcp2/lib/ngtcp2_cc.h | 395 +
third_party/ngtcp2/lib/ngtcp2_cid.c | 157 +
third_party/ngtcp2/lib/ngtcp2_cid.h | 199 +
third_party/ngtcp2/lib/ngtcp2_conn.c | 13526 +++++++++++++++++++
third_party/ngtcp2/lib/ngtcp2_conn.h | 1121 ++
third_party/ngtcp2/lib/ngtcp2_conn_stat.h | 133 +
third_party/ngtcp2/lib/ngtcp2_conv.c | 222 +
third_party/ngtcp2/lib/ngtcp2_conv.h | 162 +
third_party/ngtcp2/lib/ngtcp2_crypto.c | 112 +
third_party/ngtcp2/lib/ngtcp2_crypto.h | 102 +
third_party/ngtcp2/lib/ngtcp2_dcidtr.c | 485 +
third_party/ngtcp2/lib/ngtcp2_dcidtr.h | 343 +
third_party/ngtcp2/lib/ngtcp2_err.c | 157 +
third_party/ngtcp2/lib/ngtcp2_err.h | 34 +
third_party/ngtcp2/lib/ngtcp2_frame_chain.c | 203 +
third_party/ngtcp2/lib/ngtcp2_frame_chain.h | 188 +
third_party/ngtcp2/lib/ngtcp2_gaptr.c | 178 +
third_party/ngtcp2/lib/ngtcp2_gaptr.h | 98 +
third_party/ngtcp2/lib/ngtcp2_idtr.c | 66 +
third_party/ngtcp2/lib/ngtcp2_idtr.h | 76 +
third_party/ngtcp2/lib/ngtcp2_ksl.c | 856 ++
third_party/ngtcp2/lib/ngtcp2_ksl.h | 425 +
third_party/ngtcp2/lib/ngtcp2_log.c | 834 ++
third_party/ngtcp2/lib/ngtcp2_log.h | 132 +
third_party/ngtcp2/lib/ngtcp2_macro.h | 81 +
third_party/ngtcp2/lib/ngtcp2_map.c | 306 +
third_party/ngtcp2/lib/ngtcp2_map.h | 128 +
third_party/ngtcp2/lib/ngtcp2_mem.c | 117 +
third_party/ngtcp2/lib/ngtcp2_mem.h | 72 +
third_party/ngtcp2/lib/ngtcp2_net.h | 141 +
third_party/ngtcp2/lib/ngtcp2_objalloc.c | 40 +
third_party/ngtcp2/lib/ngtcp2_objalloc.h | 147 +
third_party/ngtcp2/lib/ngtcp2_opl.c | 46 +
third_party/ngtcp2/lib/ngtcp2_opl.h | 65 +
third_party/ngtcp2/lib/ngtcp2_path.c | 77 +
third_party/ngtcp2/lib/ngtcp2_path.h | 49 +
third_party/ngtcp2/lib/ngtcp2_pkt.c | 2573 ++++
third_party/ngtcp2/lib/ngtcp2_pkt.h | 1230 ++
third_party/ngtcp2/lib/ngtcp2_pktns_id.h | 62 +
third_party/ngtcp2/lib/ngtcp2_pmtud.c | 167 +
third_party/ngtcp2/lib/ngtcp2_pmtud.h | 132 +
third_party/ngtcp2/lib/ngtcp2_ppe.c | 243 +
third_party/ngtcp2/lib/ngtcp2_ppe.h | 157 +
third_party/ngtcp2/lib/ngtcp2_pq.c | 163 +
third_party/ngtcp2/lib/ngtcp2_pq.h | 118 +
third_party/ngtcp2/lib/ngtcp2_pv.c | 179 +
third_party/ngtcp2/lib/ngtcp2_pv.h | 202 +
third_party/ngtcp2/lib/ngtcp2_qlog.c | 1223 ++
third_party/ngtcp2/lib/ngtcp2_qlog.h | 161 +
third_party/ngtcp2/lib/ngtcp2_range.c | 63 +
third_party/ngtcp2/lib/ngtcp2_range.h | 80 +
third_party/ngtcp2/lib/ngtcp2_rcvry.h | 40 +
third_party/ngtcp2/lib/ngtcp2_ringbuf.c | 127 +
third_party/ngtcp2/lib/ngtcp2_ringbuf.h | 132 +
third_party/ngtcp2/lib/ngtcp2_rob.c | 339 +
third_party/ngtcp2/lib/ngtcp2_rob.h | 191 +
third_party/ngtcp2/lib/ngtcp2_rst.c | 140 +
third_party/ngtcp2/lib/ngtcp2_rst.h | 94 +
third_party/ngtcp2/lib/ngtcp2_rtb.c | 1495 ++
third_party/ngtcp2/lib/ngtcp2_rtb.h | 321 +
third_party/ngtcp2/lib/ngtcp2_settings.c | 91 +
third_party/ngtcp2/lib/ngtcp2_settings.h | 73 +
third_party/ngtcp2/lib/ngtcp2_str.c | 233 +
third_party/ngtcp2/lib/ngtcp2_str.h | 94 +
third_party/ngtcp2/lib/ngtcp2_strm.c | 775 ++
third_party/ngtcp2/lib/ngtcp2_strm.h | 361 +
third_party/ngtcp2/lib/ngtcp2_transport_params.c | 889 ++
third_party/ngtcp2/lib/ngtcp2_transport_params.h | 118 +
third_party/ngtcp2/lib/ngtcp2_tstamp.h | 68 +
third_party/ngtcp2/lib/ngtcp2_unreachable.c | 74 +
third_party/ngtcp2/lib/ngtcp2_unreachable.h | 52 +
third_party/ngtcp2/lib/ngtcp2_vec.c | 219 +
third_party/ngtcp2/lib/ngtcp2_vec.h | 106 +
third_party/ngtcp2/lib/ngtcp2_version.c | 39 +
third_party/ngtcp2/lib/ngtcp2_window_filter.c | 116 +
third_party/ngtcp2/lib/ngtcp2_window_filter.h | 65 +
third_party/ngtcp2/update.sh | 78 +
third_party/ngtcp2/wscript | 131 +
third_party/quic/COPYING | 37 +
third_party/quic/libquic/Makefile.am | 24 +
third_party/quic/libquic/client.c | 227 +
third_party/quic/libquic/handshake.c | 1085 ++
third_party/quic/libquic/libquic.pc.in | 10 +
third_party/quic/libquic/netinet/quic.h | 95 +
third_party/quic/libquic/quic.man | 1462 ++
third_party/quic/libquic/server.c | 148 +
third_party/quic/modules/include/uapi/linux/quic.h | 245 +
third_party/quic/update.sh | 80 +
third_party/quic/wscript | 58 +
third_party/quic_ko_wrapper/quic_ko_wrapper.c | 5552 ++++++++
third_party/quic_ko_wrapper/quic_ko_wrapper.h | 89 +
third_party/quic_ko_wrapper/wscript | 124 +
third_party/wscript | 7 +
wscript_configure_system_gnutls | 3 +
181 files changed, 66701 insertions(+), 8 deletions(-)
create mode 100644 selftest/flapping.d/smb-over-quic
create mode 100644 third_party/ngtcp2/crypto/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/Makefile.am
create mode 100644 third_party/ngtcp2/crypto/boringssl/.gitignore
create mode 100644 third_party/ngtcp2/crypto/boringssl/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/boringssl/Makefile.am
create mode 100644 third_party/ngtcp2/crypto/boringssl/boringssl.c
create mode 100644
third_party/ngtcp2/crypto/boringssl/libngtcp2_crypto_boringssl.pc.in
create mode 100644 third_party/ngtcp2/crypto/gnutls/.gitignore
create mode 100644 third_party/ngtcp2/crypto/gnutls/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/gnutls/Makefile.am
create mode 100644 third_party/ngtcp2/crypto/gnutls/gnutls.c
create mode 100644
third_party/ngtcp2/crypto/gnutls/libngtcp2_crypto_gnutls.pc.in
create mode 100644 third_party/ngtcp2/crypto/includes/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/includes/Makefile.am
create mode 100644 third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_boringssl.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_ossl.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_quictls.h
create mode 100644
third_party/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h
create mode 100644 third_party/ngtcp2/crypto/ossl/.gitignore
create mode 100644 third_party/ngtcp2/crypto/ossl/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/ossl/Makefile.am
create mode 100644 third_party/ngtcp2/crypto/ossl/libngtcp2_crypto_ossl.pc.in
create mode 100644 third_party/ngtcp2/crypto/ossl/ossl.c
create mode 100644 third_party/ngtcp2/crypto/picotls/.gitignore
create mode 100644 third_party/ngtcp2/crypto/picotls/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/picotls/Makefile.am
create mode 100644
third_party/ngtcp2/crypto/picotls/libngtcp2_crypto_picotls.pc.in
create mode 100644 third_party/ngtcp2/crypto/picotls/picotls.c
create mode 100644 third_party/ngtcp2/crypto/quictls/.gitignore
create mode 100644 third_party/ngtcp2/crypto/quictls/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/quictls/Makefile.am
create mode 100644
third_party/ngtcp2/crypto/quictls/libngtcp2_crypto_quictls.pc.in
create mode 100644 third_party/ngtcp2/crypto/quictls/quictls.c
create mode 100644 third_party/ngtcp2/crypto/shared.c
create mode 100644 third_party/ngtcp2/crypto/shared.h
create mode 100644 third_party/ngtcp2/crypto/wolfssl/.gitignore
create mode 100644 third_party/ngtcp2/crypto/wolfssl/CMakeLists.txt
create mode 100644 third_party/ngtcp2/crypto/wolfssl/Makefile.am
create mode 100644
third_party/ngtcp2/crypto/wolfssl/libngtcp2_crypto_wolfssl.pc.in
create mode 100644 third_party/ngtcp2/crypto/wolfssl/wolfssl.c
create mode 100644 third_party/ngtcp2/lib/.gitignore
create mode 100644 third_party/ngtcp2/lib/CMakeLists.txt
create mode 100644 third_party/ngtcp2/lib/Makefile.am
create mode 100644 third_party/ngtcp2/lib/config.cmake.in
create mode 100644 third_party/ngtcp2/lib/includes/CMakeLists.txt
create mode 100644 third_party/ngtcp2/lib/includes/Makefile.am
create mode 100644 third_party/ngtcp2/lib/includes/ngtcp2/ngtcp2.h
create mode 100644 third_party/ngtcp2/lib/includes/ngtcp2/version.h.in
create mode 100644 third_party/ngtcp2/lib/libngtcp2.pc.in
create mode 100644 third_party/ngtcp2/lib/ngtcp2_acktr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_acktr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_addr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_addr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_balloc.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_balloc.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_bbr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_bbr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_buf.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_buf.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_cc.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_cc.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_cid.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_cid.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_conn.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_conn.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_conn_stat.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_conv.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_conv.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_crypto.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_crypto.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_dcidtr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_dcidtr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_err.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_err.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_frame_chain.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_frame_chain.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_gaptr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_gaptr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_idtr.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_idtr.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ksl.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ksl.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_log.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_log.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_macro.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_map.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_map.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_mem.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_mem.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_net.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_objalloc.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_objalloc.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_opl.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_opl.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_path.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_path.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pkt.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pkt.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pktns_id.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pmtud.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pmtud.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ppe.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ppe.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pq.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pq.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pv.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_pv.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_qlog.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_qlog.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_range.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_range.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rcvry.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ringbuf.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_ringbuf.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rob.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rob.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rst.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rst.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rtb.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_rtb.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_settings.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_settings.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_str.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_str.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_strm.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_strm.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_transport_params.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_transport_params.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_tstamp.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_unreachable.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_unreachable.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_vec.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_vec.h
create mode 100644 third_party/ngtcp2/lib/ngtcp2_version.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_window_filter.c
create mode 100644 third_party/ngtcp2/lib/ngtcp2_window_filter.h
create mode 100755 third_party/ngtcp2/update.sh
create mode 100644 third_party/ngtcp2/wscript
create mode 100644 third_party/quic/COPYING
create mode 100644 third_party/quic/libquic/Makefile.am
create mode 100644 third_party/quic/libquic/client.c
create mode 100644 third_party/quic/libquic/handshake.c
create mode 100644 third_party/quic/libquic/libquic.pc.in
create mode 100644 third_party/quic/libquic/netinet/quic.h
create mode 100644 third_party/quic/libquic/quic.man
create mode 100644 third_party/quic/libquic/server.c
create mode 100644 third_party/quic/modules/include/uapi/linux/quic.h
create mode 100755 third_party/quic/update.sh
create mode 100644 third_party/quic/wscript
create mode 100644 third_party/quic_ko_wrapper/quic_ko_wrapper.c
create mode 100644 third_party/quic_ko_wrapper/quic_ko_wrapper.h
create mode 100644 third_party/quic_ko_wrapper/wscript
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_third_party.py
b/buildtools/wafsamba/samba_third_party.py
index a3c45775a4b..b6c5ad60964 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -46,3 +46,20 @@ Build.BuildContext.CHECK_UID_WRAPPER = CHECK_UID_WRAPPER
def CHECK_PAM_WRAPPER(conf):
return conf.CHECK_BUNDLED_SYSTEM_PKG('pam_wrapper', minversion='1.1.8')
Build.BuildContext.CHECK_PAM_WRAPPER = CHECK_PAM_WRAPPER
+
+@conf
+def CHECK_LIBQUIC(conf):
+ return conf.CHECK_BUNDLED_SYSTEM_PKG('libquic', minversion='1.1')
+Build.BuildContext.CHECK_LIBQUIC = CHECK_LIBQUIC
+
+@conf
+def CHECK_LIBNGTCP2(conf):
+ minversion = '1.12.0'
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('libngtcp2_crypto_gnutls',
+ minversion=minversion):
+ return False
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('libngtcp2',
+ minversion=minversion):
+ return False
+ return True
+Build.BuildContext.CHECK_LIBNGTCP2 = CHECK_LIBNGTCP2
diff --git a/docs-xml/smbdotconf/protocol/clientsmbtransports.xml
b/docs-xml/smbdotconf/protocol/clientsmbtransports.xml
index 18adad501d6..94835e3d298 100644
--- a/docs-xml/smbdotconf/protocol/clientsmbtransports.xml
+++ b/docs-xml/smbdotconf/protocol/clientsmbtransports.xml
@@ -18,6 +18,25 @@
after ':', e.g. 'nbt:1139'.
</para>
+ <para>The transport 'quic' uses the quic protocol on top of udp.
+ The default port for 'quic' is 443. Other ports can be specified by
adding it
+ after ':', e.g. 'quic:1443'.
+ The following options are also relevant:
+ <smbconfoption name="tls enabled"/>,
+ <smbconfoption name="tls ca directories"/>,
+ <smbconfoption name="tls trust system cas"/>,
+ <smbconfoption name="tls cafile"/>,
+ <smbconfoption name="tls certfile"/>,
+ <smbconfoption name="tls keyfile"/> and
+ <smbconfoption name="tls verify peer"/>.
+ </para>
+
+ <para>
+ Note: 'quic' requires the quic.ko kernel module for Linux from
+ https://github.com/lxin/quic (tested with Linux 6.14). Future
+ Linux versions may support it natively.
+ </para>
+
<para>Numerical ports are handled as 'tcp' except port '139' is handled
as 'nbt'.
</para>
@@ -28,6 +47,8 @@
<value type="example">445</value>
<value type="example">tcp, tcp:1445</value>
<value type="example">8000, nbt:1139</value>
+<value type="example">tcp, quic, nbt</value>
+<value type="example">+quic</value>
<value type="default">tcp, nbt</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/serversmbtransports.xml
b/docs-xml/smbdotconf/protocol/serversmbtransports.xml
index 83a4c62ddc0..f506e4e862a 100644
--- a/docs-xml/smbdotconf/protocol/serversmbtransports.xml
+++ b/docs-xml/smbdotconf/protocol/serversmbtransports.xml
@@ -19,6 +19,27 @@
after ':', e.g. 'nbt:1139'.
</para>
+ <para>The transport 'quic' uses the quic protocol on top of udp.
+ The default port for 'quic' is 443. Other ports can be specified by
adding it
+ after ':', e.g. 'quic:1443'.
+ The following options are also relevant:
+ <smbconfoption name="tls enabled"/>,
+ <smbconfoption name="tls cafile"/>,
+ <smbconfoption name="tls certfile"/> and
+ <smbconfoption name="tls keyfile"/>.
+ If the files pointed to by
+ <smbconfoption name="tls cafile"/>,
+ <smbconfoption name="tls certfile"/> and
+ <smbconfoption name="tls keyfile"/> all do not exist,
+ a self-signed tls certificate is generated automatically at startup.
+ </para>
+
+ <para>
+ Note: 'quic' requires the quic.ko kernel module for Linux from
+ https://github.com/lxin/quic (tested with Linux 6.14). Future
+ Linux versions may support it natively.
+ </para>
+
<para>Numerical ports are handled as 'tcp' except port '139' is handled
as 'nbt'.
</para>
@@ -29,6 +50,8 @@
<value type="example">445</value>
<value type="example">tcp, tcp:1445</value>
<value type="example">8000, nbt:1139</value>
+<value type="example">tcp, quic, nbt</value>
+<value type="example">+quic</value>
<value type="default">tcp, nbt</value>
</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 35a718441de..d6553d89011 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1368,6 +1368,9 @@ bool smb_transport_parse(const char *_value, struct
smb_transport *_t)
} else if (strcmp("nbt", value) == 0) {
t.type = SMB_TRANSPORT_TYPE_NBT;
t.port = 139;
+ } else if (strcmp("quic", value) == 0) {
+ t.type = SMB_TRANSPORT_TYPE_QUIC;
+ t.port = 443;
} else if (vparam != NULL) {
/*
* a port number should not have
diff --git a/lib/tsocket/tsocket.c b/lib/tsocket/tsocket.c
index 68fdb6c3b40..3e62aac4f6b 100644
--- a/lib/tsocket/tsocket.c
+++ b/lib/tsocket/tsocket.c
@@ -214,6 +214,22 @@ struct tevent_req *tdgram_recvfrom_send(TALLOC_CTX
*mem_ctx,
goto post;
}
tevent_req_set_callback(subreq, tdgram_recvfrom_done, req);
+ if (!tevent_req_is_in_progress(subreq)) {
+ /*
+ * Allow the caller of
+ * tdgram_recvfrom_send() to
+ * see tevent_req_is_in_progress()
+ * reporting false too.
+ *
+ * Useful for callers using
+ * tdgram_bsd_optimize_recvfrom(true)
+ * in order to check if data
+ * was already waiting in the
+ * receice buffer.
+ */
+ tdgram_recvfrom_done(subreq);
+ goto post;
+ }
return req;
diff --git a/libcli/smb/smb_util.h b/libcli/smb/smb_util.h
index 6ec48625f05..c3533a2d2e1 100644
--- a/libcli/smb/smb_util.h
+++ b/libcli/smb/smb_util.h
@@ -61,6 +61,7 @@ enum smb_transport_type {
SMB_TRANSPORT_TYPE_UNKNOWN = 0,
SMB_TRANSPORT_TYPE_NBT,
SMB_TRANSPORT_TYPE_TCP,
+ SMB_TRANSPORT_TYPE_QUIC,
};
struct smb_transport {
diff --git a/script/autobuild.py b/script/autobuild.py
index 30ad08ca04d..8acf6cdc854 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -1088,7 +1088,7 @@ tasks = {
("allprivate-def-configure", "./configure.developer " +
samba_configure_params + " --private-libraries=ALL"),
("allprivate-def-make", "nice -n 19 make -j 2"),
# note wrapper libraries need to be public
- ("allprivate-def-no-public", "ls ./bin/shared | egrep -v
'^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so'
| wc -l | grep -q '^0'"),
+ ("allprivate-def-no-public", "ls ./bin/shared | egrep -v
'^private$|lib[npqrsu][saueoi][smiscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so'
| wc -l | grep -q '^0'"),
("allprivate-def-only-private-ext", "ls ./bin/shared/private |
egrep 'private-samba' | wc -l | grep -q '^0' && exit 1; exit 0"),
("allprivate-def-no-non-private-ext", "ls ./bin/shared/private |
egrep -v 'private-samba|^libpypamtest.so$' | wc -l | grep -q '^0'"),
("allprivate-def-test",
make_test(TESTS="samba3.smb2.create.*nt4_dc")),
@@ -1102,7 +1102,7 @@ tasks = {
("allprivate-ext-configure", "./configure.developer " +
samba_configure_params + " --private-libraries=ALL
--private-library-extension=private-library
--private-extension-exception=pac,ndr"),
("allprivate-ext-make", "nice -n 19 make -j 2"),
# note wrapper libraries need to be public
- ("allprivate-ext-no-public", "ls ./bin/shared | egrep -v
'^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so'
| wc -l | grep -q '^0'"),
+ ("allprivate-ext-no-public", "ls ./bin/shared | egrep -v
'^private$|lib[npqrsu][saueoi][smiscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so'
| wc -l | grep -q '^0'"),
("allprivate-ext-no-private-default-ext", "ls ./bin/shared/private
| grep 'private-samba' | wc -l | grep -q '^0'"),
("allprivate-ext-has-private-ext", "ls ./bin/shared/private | grep
'private-library' | wc -l | grep -q '^0' && exit 1; exit 0"),
("allprivate-ext-libndr-no-private-ext", "ls ./bin/shared/private
| grep -v 'private-library' | grep 'libndr' | wc -l | grep -q '^1'"),
diff --git a/script/compare_cc_results.py b/script/compare_cc_results.py
index d97050c1870..031f6163441 100755
--- a/script/compare_cc_results.py
+++ b/script/compare_cc_results.py
@@ -19,6 +19,7 @@ exceptions = [
'PAM_MATRIX_SO_PATH',
'LIBUID_WRAPPER_SO_PATH',
'LIBRESOLV_WRAPPER_SO_PATH',
+ 'LIBQUIC_KO_WRAPPER_SO_PATH',
]
if len(sys.argv) < 3:
diff --git a/selftest/flapping.d/smb-over-quic
b/selftest/flapping.d/smb-over-quic
new file mode 100644
index 00000000000..c6b9fe8cb46
--- /dev/null
+++ b/selftest/flapping.d/smb-over-quic
@@ -0,0 +1,5 @@
+#
+# quic_ko_wrapper is not 100% reliable, it would need
+# helper threads in order to do background keepalives...
+#
+^samba3.smb2.bench.smb-over-quic-ko-bsd.oplock1.fileserver
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 5f0daf7de68..11065dd51d9 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -43,6 +43,7 @@ if ($@) {
my $opt_help = 0;
my $opt_target = "samba";
my $opt_quick = 0;
+my $opt_quic_ko_wrapper = 0;
my $opt_socket_wrapper = 0;
my $opt_socket_wrapper_pcap = undef;
my $opt_socket_wrapper_keep_pcap = undef;
@@ -58,6 +59,7 @@ my $opt_mitkrb5 = 0;
my $opt_default_ldb_backend = "mdb";
my $opt_resetup_env = undef;
my $opt_load_list = undef;
+my $opt_libquic_ko_wrapper_so_path = "";
my $opt_libnss_wrapper_so_path = "";
my $opt_libresolv_wrapper_so_path = "";
my $opt_libsocket_wrapper_so_path = "";
@@ -234,6 +236,7 @@ my $result = GetOptions (
'help|h|?' => \$opt_help,
'target=s' => \$opt_target,
'prefix=s' => \$prefix,
+ 'quic-ko-wrapper' => \$opt_quic_ko_wrapper,
'socket-wrapper' => \$opt_socket_wrapper,
'socket-wrapper-pcap' => \$opt_socket_wrapper_pcap,
'socket-wrapper-keep-pcap' => \$opt_socket_wrapper_keep_pcap,
@@ -253,6 +256,7 @@ my $result = GetOptions (
'testlist=s' => \@testlists,
'random-order' => \$opt_random_order,
'load-list=s' => \$opt_load_list,
+ 'quic_ko_wrapper_so_path=s' => \$opt_libquic_ko_wrapper_so_path,
'nss_wrapper_so_path=s' => \$opt_libnss_wrapper_so_path,
'resolv_wrapper_so_path=s' => \$opt_libresolv_wrapper_so_path,
'socket_wrapper_so_path=s' => \$opt_libsocket_wrapper_so_path,
@@ -373,6 +377,14 @@ if ($opt_libasan_so_path) {
}
}
+if ($opt_libquic_ko_wrapper_so_path) {
+ if ($ld_preload) {
+ $ld_preload = "$ld_preload:$opt_libquic_ko_wrapper_so_path";
+ } else {
+ $ld_preload = "$opt_libquic_ko_wrapper_so_path";
+ }
+}
+
if ($opt_libnss_wrapper_so_path) {
if ($ld_preload) {
$ld_preload = "$ld_preload:$opt_libnss_wrapper_so_path";
@@ -432,6 +444,10 @@ $ENV{UID_WRAPPER} = 1;
# We are already hitting the limit, so double it.
$ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200;
+if ($opt_quic_ko_wrapper) {
+ $ENV{QUIC_KO_WRAPPER} = 1;
+}
+
my $socket_wrapper_dir;
if ($opt_socket_wrapper) {
$socket_wrapper_dir = SocketWrapper::setup_dir("$prefix/w",
$opt_socket_wrapper_pcap);
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 077f3000935..a9efd07b0e4 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1954,6 +1954,8 @@ sub setup_fileserver
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
+ server smb transports = +quic
+
smb3 unix extensions = yes
kernel change notify = yes
spotlight backend = elasticsearch
@@ -2679,6 +2681,9 @@ sub provision($$)
my $privatedir="$prefix/private";
push(@dirs,$privatedir);
+ my $tlsdir="$privatedir/tls";
+ push(@dirs, $tlsdir);
+
my $cachedir = "$prefix/cachedir";
push(@dirs, $cachedir);
diff --git a/selftest/wscript b/selftest/wscript
index 95e70706e63..4a7eee42712 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -259,6 +259,8 @@ def cmd_testonly(opt):
# selftest can optionally use kernel namespaces instead of socket-wrapper
if os.environ.get('USE_NAMESPACES') is None:
env.OPTIONS += " --socket_wrapper_so_path=" + CONFIG_GET(opt,
'LIBSOCKET_WRAPPER_SO_PATH')
+ if CONFIG_SET(opt, 'QUIC_KO_WRAPPER'):
+ env.OPTIONS += " --quic_ko_wrapper_so_path=" + CONFIG_GET(opt,
'LIBQUIC_KO_WRAPPER_SO_PATH')
if not CONFIG_SET(opt, 'HAVE_RESOLV_CONF_SUPPORT'):
env.OPTIONS += " --use-dns-faking"
@@ -357,6 +359,8 @@ def cmd_testonly(opt):
if Options.options.LIST:
cmd = '${CORE_COMMAND} --list'
else:
+ if CONFIG_SET(opt, 'QUIC_KO_WRAPPER'):
+ env.OPTIONS += ' --quic-ko-wrapper'
env.OPTIONS += ' --socket-wrapper'
cmd = '(${CORE_COMMAND} && touch ${SELFTEST_PREFIX}/st_done) |
${FILTER_OPTIONS}'
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index 8e9fc615521..42082a0d94b 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -27,6 +27,7 @@
#include "source3/libsmb/proto.h"
#include "libsmbclient.h"
#include "libsmb_internal.h"
+#include "libsmb/smbsock_connect.h"
#include "secrets.h"
#include "../libcli/smb/smbXcli_base.h"
#include "auth/credentials/credentials.h"
@@ -52,6 +53,13 @@ SMBC_module_init(void * punused)
char *home = NULL;
TALLOC_CTX *frame = talloc_stackframe();
+ /*
+ * We can't rely on periodic connection
+ * monitoring, so we can't use
+ * the ngtcp2 over udp quic support.
+ */
+ smbsock_connect_require_bsd_socket = true;
+
setup_logging("libsmbclient", DEBUG_STDOUT);
/* Here we would open the smb.conf file if needed ... */
diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c
index 482f9d89613..5e7587ae314 100644
--- a/source3/libsmb/smbsock_connect.c
+++ b/source3/libsmb/smbsock_connect.c
@@ -22,12 +22,18 @@
#include "../lib/async_req/async_sock.h"
#include "../lib/util/tevent_ntstatus.h"
#include "../lib/util/tevent_unix.h"
+#include "../lib/tsocket/tsocket.h"
#include "client.h"
#include "../libcli/smb/smbXcli_base.h"
#include "async_smb.h"
#include "../libcli/smb/read_smb.h"
#include "libsmb/nmblib.h"
#include "libsmb/smbsock_connect.h"
+#include "../source4/lib/tls/tls.h"
+
+#ifdef HAVE_LIBQUIC
+#include <netinet/quic.h>
+#endif
struct cli_session_request_state {
struct tevent_context *ev;
@@ -367,21 +373,29 @@ struct smb_transports
smbsock_transports_from_port(uint16_t port)
return ts;
}
+bool smbsock_connect_require_bsd_socket;
+
struct smbsock_connect_substate {
struct tevent_req *req;
size_t idx;
struct smb_transport transport;
struct tevent_req *subreq;
int sockfd;
+ struct samba_sockaddr laddr;
+ struct samba_sockaddr raddr;
};
struct smbsock_connect_state {
struct tevent_context *ev;
const struct sockaddr_storage *addr;
+ const char *target_name;
const char *called_name;
uint8_t called_type;
const char *calling_name;
uint8_t calling_type;
+ struct tstream_tls_params *quic_tlsp;
+ bool allow_ngtcp2;
+ bool force_ngtcp2;
struct tevent_req *wake_subreq;
uint8_t num_substates;
uint8_t submit_idx;
@@ -400,6 +414,19 @@ static bool smbsock_connect_submit_next(struct tevent_req
*req);
static void smbsock_connect_waited(struct tevent_req *subreq);
static void smbsock_connect_nbt_connected(struct tevent_req *subreq);
static void smbsock_connect_tcp_connected(struct tevent_req *subreq);
+#ifdef HAVE_LIBQUIC
+static void smbsock_connect_quic_connected(struct tevent_req *subreq);
+static void smbsock_connect_quic_ready(struct tevent_req *subreq);
+#endif /* HAVE_LIBQUIC */
+#ifdef HAVE_LIBNGTCP2
+static NTSTATUS smbsock_connect_ngtcp2_udp_sock(
+ const struct sockaddr_storage *addr,
+ uint16_t port,
+ int *_sockfd,
+ struct samba_sockaddr *laddr,
+ struct samba_sockaddr *raddr);
+static void smbsock_connect_ngtcp2_ready(struct tevent_req *subreq);
+#endif /* HAVE_LIBNGTCP2 */
struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -418,6 +445,8 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx,
struct smb_transports ts = *transports;
uint8_t ti;
bool ok;
+ bool request_quic = false;
+ bool try_quic = false;
req = tevent_req_create(mem_ctx, &state, struct smbsock_connect_state);
if (req == NULL) {
@@ -425,6 +454,7 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx,
}
state->ev = ev;
state->addr = addr;
+ state->target_name = called_name;
state->called_name =
(called_name != NULL) ? called_name : "*SMBSERVER";
state->called_type =
@@ -449,6 +479,59 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX
*mem_ctx,
SMB_ASSERT(ts.num_transports <= ARRAY_SIZE(state->substates));
+ for (ti = 0; ti < ts.num_transports; ti++) {
+ const struct smb_transport *t = &ts.transports[ti];
+
+ if (t->type != SMB_TRANSPORT_TYPE_QUIC) {
+ continue;
+ }
+
+ if (state->target_name != NULL) {
+ request_quic = true;
+ break;
+ }
+ }
+
+ if (request_quic) {
+ NTSTATUS status;
+
+ status = tstream_tls_params_client_lpcfg(state,
+ lp_ctx,
+ state->target_name,
+ &state->quic_tlsp);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = tstream_tls_params_quic_prepare(state->quic_tlsp);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ try_quic = tstream_tls_params_quic_enabled(state->quic_tlsp);
+
+ state->allow_ngtcp2 = lpcfg_parm_bool(lp_ctx,
+ NULL,
+ "client smb transport",
+ "allow_ngtcp2_quic",
+ try_quic);
+ state->force_ngtcp2 = lpcfg_parm_bool(lp_ctx,
+ NULL,
+ "client smb transport",
+ "force_ngtcp2_quic",
+ false);
+ }
+
+ if (smbsock_connect_require_bsd_socket) {
+ /*
+ * This is libsmbclient in use
+ * there's no periodic connection
+ * monitoring, so we can't use
+ * the ngtcp2 over udp quic support.
+ */
+ state->allow_ngtcp2 = false;
+ }
+
for (ti = 0; ti < ts.num_transports; ti++) {
const struct smb_transport *t = &ts.transports[ti];
struct smbsock_connect_substate *s =
@@ -469,6 +552,17 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX
*mem_ctx,
break;
case SMB_TRANSPORT_TYPE_TCP:
break;
+ case SMB_TRANSPORT_TYPE_QUIC:
+ if (try_quic) {
+ break;
+ }
+
+ /*
+ * Not supported yet or no
+ * called_name as peer name
+ * available.
+ */
--
Samba Shared Repository
