build: update quic-go version (#4385)

Update the quic-go version.

If you are using the squic.ConnDialer, make sure that the SCMP errors are not propagated up the stack to the quic-go transport.

WORKSPACE

@@ -72,7 +72,21 @@ http_archive(
     ],
 )
 
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
+load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
+
+# Explictly override golang.org/x/sys. Our github.com/quic-go/quic-go cannot
+# compile without at least golang.org/x/[email protected]. The rules_go version that
+# we use (v0.34.0) imports an older version. A recent enough version was only introduced
+# in v0.36.0. See: https://github.com/bazelbuild/rules_go/commit/64b9226a3bca997866b8831889ffb9de87405a0d
+#
+# This version should be kept in sync with the go_deps.bzl file. We can remove it
+# once we update the rules_go version.
+go_repository(
+    name = "org_golang_x_sys",
+    importpath = "golang.org/x/sys",
+    sum = "h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=",
+    version = "v0.8.0",
+)
 
 go_rules_dependencies()
 

gateway/BUILD.bazel

@@ -38,9 +38,9 @@ go_library(
         "//private/service:go_default_library",
         "//private/svc:go_default_library",
         "//private/worker:go_default_library",
-        "@com_github_lucas_clemente_quic_go//:go_default_library",
         "@com_github_prometheus_client_golang//prometheus:go_default_library",
         "@com_github_prometheus_client_golang//prometheus/promauto:go_default_library",
+        "@com_github_quic_go_quic_go//:go_default_library",
         "@org_golang_google_grpc//:go_default_library",
     ],
 )

gateway/gateway.go

@@ -24,8 +24,8 @@ import (
 	"strconv"
 	"time"
 
-	quic "github.com/lucas-clemente/quic-go"
 	"github.com/prometheus/client_golang/prometheus"
+	quic "github.com/quic-go/quic-go"
 	"google.golang.org/grpc"
 
 	"github.com/scionproto/scion/gateway/control"
@@ -140,16 +140,6 @@ func (rtf RoutingTableFactory) New(
 	return dataplane.NewRoutingTable(routingChains), nil
 }
 
-// ignoreSCMP ignores all received SCMP packets.
-//
-// XXX(scrye): This is needed such that the QUIC server does not shut down when
-// receiving a SCMP error. DO NOT REMOVE!
-type ignoreSCMP struct{}
-
-func (ignoreSCMP) Handle(pkt *snet.Packet) error {
-	return nil
-}
-
 // SelectAdvertisedRoutes computes the networks that should be advertised
 // depending on the state of the last published routing policy file.
 type SelectAdvertisedRoutes struct {
@@ -448,17 +438,21 @@ func (g *Gateway) Run(ctx context.Context) error {
 		return serrors.WrapStr("unable to generate TLS config", err)
 	}
 
-	// scionNetwork is the network for all SCION connections, with the exception of the QUIC server
-	// connection.
-	scionNetwork := &snet.SCIONNetwork{
+	// scionNetworkNoSCMP is the network for the QUIC server connection. Because SCMP errors
+	// will cause the server's accepts to fail, we ignore SCMP.
+	scionNetworkNoSCMP := &snet.SCIONNetwork{
 		LocalIA: localIA,
 		Dispatcher: &snet.DefaultPacketDispatcherService{
 			// Enable transparent reconnections to the dispatcher
 			Dispatcher: reconnectingDispatcher,
-			// Forward revocations to Daemon
-			SCMPHandler: snet.DefaultSCMPHandler{
-				RevocationHandler: revocationHandler,
-				SCMPErrors:        g.Metrics.SCMPErrors,
+			// Discard all SCMP propagation, to avoid accept/read errors on the
+			// QUIC server/client.
+			SCMPHandler: snet.SCMPPropagationStopper{
+				Handler: snet.DefaultSCMPHandler{
+					RevocationHandler: revocationHandler,
+					SCMPErrors:        g.Metrics.SCMPErrors,
+				},
+				Log: log.FromCtx(ctx).Debug,
 			},
 			SCIONPacketConnMetrics: g.Metrics.SCIONPacketConnMetrics,
 		},
@@ -467,7 +461,7 @@ func (g *Gateway) Run(ctx context.Context) error {
 
 	// Initialize the UDP/SCION QUIC conn for outgoing Gateway Discovery RPCs and outgoing Prefix
 	// Fetching. Open up a random high port for this.
-	clientConn, err := scionNetwork.Listen(
+	clientConn, err := scionNetworkNoSCMP.Listen(
 		context.TODO(),
 		"udp",
 		&net.UDPAddr{IP: g.ControlClientIP},
@@ -480,7 +474,9 @@ func (g *Gateway) Run(ctx context.Context) error {
 		"local_addr", clientConn.LocalAddr())
 
 	quicClientDialer := &squic.ConnDialer{
-		Conn:      clientConn,
+		Transport: &quic.Transport{
+			Conn: clientConn,
+		},
 		TLSConfig: ephemeralTLSConfig,
 	}
 
@@ -509,6 +505,23 @@ func (g *Gateway) Run(ctx context.Context) error {
 				"remote_isd_as", ia.String())
 		}
 	}
+
+	// scionNetwork is the network for all SCION connections, with the exception of the QUIC server
+	// and client connection.
+	scionNetwork := &snet.SCIONNetwork{
+		LocalIA: localIA,
+		Dispatcher: &snet.DefaultPacketDispatcherService{
+			// Enable transparent reconnections to the dispatcher
+			Dispatcher: reconnectingDispatcher,
+			// Forward revocations to Daemon
+			SCMPHandler: snet.DefaultSCMPHandler{
+				RevocationHandler: revocationHandler,
+				SCMPErrors:        g.Metrics.SCMPErrors,
+			},
+			SCIONPacketConnMetrics: g.Metrics.SCIONPacketConnMetrics,
+		},
+		Metrics: g.Metrics.SCIONNetworkMetrics,
+	}
 	remoteMonitor := &control.RemoteMonitor{
 		IAs:                   remoteIAsChannel,
 		RemotesMonitored:      rmMetric,
@@ -548,19 +561,6 @@ func (g *Gateway) Run(ctx context.Context) error {
 	}()
 	logger.Debug("Remote monitor started.")
 
-	// scionNetworkNoSCMP is the network for the QUIC server connection. Because SCMP errors
-	// will cause the server's accepts to fail, we ignore SCMP.
-	scionNetworkNoSCMP := &snet.SCIONNetwork{
-		LocalIA: localIA,
-		Dispatcher: &snet.DefaultPacketDispatcherService{
-			// Enable transparent reconnections to the dispatcher
-			Dispatcher: reconnectingDispatcher,
-			// Discard all SCMP, to avoid accept errors on the QUIC server.
-			SCMPHandler:            ignoreSCMP{},
-			SCIONPacketConnMetrics: g.Metrics.SCIONPacketConnMetrics,
-		},
-		Metrics: g.Metrics.SCIONNetworkMetrics,
-	}
 	serverConn, err := scionNetworkNoSCMP.Listen(
 		context.TODO(),
 		"udp",

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/go-chi/cors v1.2.1
 	github.com/golang/mock v1.6.0
-	github.com/golang/protobuf v1.5.2
+	github.com/golang/protobuf v1.5.3
 	github.com/google/go-cmp v0.5.9
 	github.com/google/go-containerregistry v0.13.0
 	github.com/google/gopacket v1.1.19
@@ -21,7 +21,6 @@ require (
 	github.com/hashicorp/golang-lru v0.6.0
 	github.com/iancoleman/strcase v0.2.0
 	github.com/lestrrat-go/jwx v1.2.25
-	github.com/lucas-clemente/quic-go v0.29.1
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-sqlite3 v1.14.17
 	github.com/olekukonko/tablewriter v0.0.5
@@ -30,6 +29,7 @@ require (
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.14.0
+	github.com/quic-go/quic-go v0.36.3
 	github.com/sergi/go-diff v1.3.1
 	github.com/smartystreets/goconvey v1.7.2
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
@@ -43,9 +43,9 @@ require (
 	go.uber.org/zap v1.24.0
 	go4.org/netipx v0.0.0-20230125063823-8449b0a6169f
 	golang.org/x/crypto v0.6.0
-	golang.org/x/net v0.7.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/tools v0.6.0
+	golang.org/x/net v0.10.0
+	golang.org/x/sync v0.2.0
+	golang.org/x/tools v0.9.1
 	google.golang.org/grpc v1.53.0
 	google.golang.org/grpc/examples v0.0.0-20230222033013-5353eaa44095
 	google.golang.org/protobuf v1.28.1
@@ -67,9 +67,10 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/swag v0.21.1 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/goccy/go-json v0.9.11 // indirect
 	github.com/google/go-querystring v1.0.1-0.20190318165438-c8c88dbee036 // indirect
+	github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -85,21 +86,20 @@ require (
 	github.com/lestrrat-go/option v1.0.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect
-	github.com/marten-seemann/qtls-go1-19 v0.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
-	github.com/onsi/ginkgo v1.16.4 // indirect
+	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/perimeterx/marshmallow v1.1.4 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/quic-go/qtls-go1-19 v0.3.3 // indirect
+	github.com/quic-go/qtls-go1-20 v0.2.3 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/smartystreets/assertions v1.2.0 // indirect
@@ -111,13 +111,12 @@ require (
 	github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
 	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/uint128 v1.2.0 // indirect
 	modernc.org/cc/v3 v3.40.0 // indirect