g3tiles: add s2n-tls proxy server

bytedance · Sep 13, 2024 · d83cf69 · d83cf69
1 parent 5a3470e
commit d83cf69
Show file tree

Hide file tree

Showing 22 changed files with 1,740 additions and 35 deletions.
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -29,45 +29,45 @@ jobs:
     strategy:
       matrix:
         rust:
-        - stable
-        - beta
-        - nightly
+          - stable
+          - beta
+          - nightly
     steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Install ${{ matrix.rust }} toolchain
-      uses: dtolnay/rust-toolchain@master
-      with:
-        toolchain: ${{ matrix.rust }}
-    - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install capnproto libc-ares-dev libssl-dev liblua5.4-dev
-    - name: Cargo build
-      run: cargo build
-    - name: Cargo test
-      run: cargo test --workspace --lib --examples
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install ${{ matrix.rust }} toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install capnproto libc-ares-dev libssl-dev liblua5.4-dev
+      - name: Cargo build
+        run: cargo build
+      - name: Cargo test
+        run: cargo test --workspace --lib --examples
 
   clippy:
     name: Clippy
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Install stable toolchain
-      uses: dtolnay/rust-toolchain@stable
-      with:
-        components: clippy
-    - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install capnproto libc-ares-dev libssl-dev liblua5.4-dev
-    - name: Cargo clippy
-      run: cargo clippy --tests -- --deny warnings
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install capnproto libc-ares-dev libssl-dev liblua5.4-dev
+      - name: Cargo clippy
+        run: cargo clippy --tests -- --deny warnings
 
   build-vendored:
     name: Build vendored
@@ -89,6 +89,8 @@ jobs:
         include:
           - feature: vendored-c-ares
             component: g3proxy
+          - feature: s2n-tls
+            component: g3tiles
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -158,6 +158,9 @@ openssl = { package = "variant-ssl", version = "0.15.1" }
 openssl-sys = { package = "variant-ssl-sys", version = "0.15.1" }
 openssl-probe = "0.1"
 #
+s2n-tls = "0.3"
+s2n-tls-tokio = "0.3"
+#
 flume = { version = "0.11", default-features = false }
 #
 c-ares = { version = "11.0", default-features = false }

diff --git a/g3tiles/Cargo.toml b/g3tiles/Cargo.toml
@@ -32,6 +32,8 @@ openssl.workspace = true
 openssl-probe = { workspace = true, optional = true }
 rustls.workspace = true
 rustls-pki-types.workspace = true
+s2n-tls = { workspace = true, optional = true }
+s2n-tls-tokio = { workspace = true, optional = true }
 quinn = { workspace = true, optional = true, features = ["rustls"] }
 tokio-rustls.workspace = true
 governor = { workspace = true, features = ["std", "jitter"] }
@@ -57,8 +59,10 @@ g3-build-env.workspace = true
 [features]
 default = ["quic"]
 quic = ["g3-daemon/quic", "g3-yaml/quinn", "g3-types/quinn", "dep:quinn"]
+s2n-tls = ["dep:s2n-tls", "dep:s2n-tls-tokio", "vendored-aws-lc"]
 rustls-aws-lc = ["rustls/aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-yaml/tongsuo", "g3-types/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-openssl/aws-lc"]
 vendored-boringssl = ["openssl/boringssl", "openssl-probe", "g3-types/boringssl", "g3-openssl/boringssl"]
+
diff --git a/g3tiles/examples/benchmark/server.d/s2n-tls.yaml b/g3tiles/examples/benchmark/server.d/s2n-tls.yaml
@@ -0,0 +1,17 @@
+---
+
+name: s2n-tls
+type: S2nTlsProxy
+listen:
+  address: "[::]:9097"
+listen_in_worker: true
+
+virtual_hosts:
+  name: bench
+  exact_match: bench.example.net
+  use_session_ticket: true
+  cert_pairs:
+    certificate: bench.example.net-ec256.crt
+    private_key: bench.example.net-ec256.key
+  backends:
+    - http
diff --git a/g3tiles/src/config/server/mod.rs b/g3tiles/src/config/server/mod.rs
@@ -36,6 +36,8 @@ pub(crate) mod plain_tcp_port;
 pub(crate) mod keyless_proxy;
 pub(crate) mod openssl_proxy;
 pub(crate) mod rustls_proxy;
+#[cfg(feature = "s2n-tls")]
+pub(crate) mod s2n_tls_proxy;
 
 mod registry;
 
@@ -86,6 +88,8 @@ pub(crate) enum AnyServerConfig {
     PlainQuicPort(plain_quic_port::PlainQuicPortConfig),
     OpensslProxy(openssl_proxy::OpensslProxyServerConfig),
     RustlsProxy(rustls_proxy::RustlsProxyServerConfig),
+    #[cfg(feature = "s2n-tls")]
+    S2nTlsProxy(s2n_tls_proxy::S2nTlsProxyServerConfig),
     KeylessProxy(keyless_proxy::KeylessProxyServerConfig),
 }
 
@@ -99,6 +103,8 @@ macro_rules! impl_transparent0 {
                 AnyServerConfig::PlainQuicPort(s) => s.$f(),
                 AnyServerConfig::OpensslProxy(s) => s.$f(),
                 AnyServerConfig::RustlsProxy(s) => s.$f(),
+                #[cfg(feature = "s2n-tls")]
+                AnyServerConfig::S2nTlsProxy(s) => s.$f(),
                 AnyServerConfig::KeylessProxy(s) => s.$f(),
             }
         }
@@ -115,6 +121,8 @@ macro_rules! impl_transparent1 {
                 AnyServerConfig::PlainQuicPort(s) => s.$f(p),
                 AnyServerConfig::OpensslProxy(s) => s.$f(p),
                 AnyServerConfig::RustlsProxy(s) => s.$f(p),
+                #[cfg(feature = "s2n-tls")]
+                AnyServerConfig::S2nTlsProxy(s) => s.$f(p),
                 AnyServerConfig::KeylessProxy(s) => s.$f(p),
             }
         }
@@ -184,6 +192,12 @@ fn load_server(
                 .context("failed to load this RustlsProxy server")?;
             Ok(AnyServerConfig::RustlsProxy(server))
         }
+        #[cfg(feature = "s2n-tls")]
+        "s2n_tls_proxy" | "s2ntlsproxy" => {
+            let server = s2n_tls_proxy::S2nTlsProxyServerConfig::parse(map, position)
+                .context("failed to load this S2nTlsProxy server")?;
+            Ok(AnyServerConfig::S2nTlsProxy(server))
+        }
         "keyless_proxy" | "keylessproxy" => {
             let server = keyless_proxy::KeylessProxyServerConfig::parse(map, position)
                 .context("failed to load this KeylessProxy server")?;