quic: support multiple ALPN negotiation

Signed-off-by: James M Snell <jasnell@gmail.com>
Assisted-by: Opencode:Opus 4.6
PR-URL: #62620
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>

Author: jasnell

doc/api/quic.md

@@ -1141,12 +1141,26 @@ added: v23.8.0
 #### `sessionOptions.alpn`
 
 <!-- YAML
-added: v23.8.0
+added: REPLACEME
 -->
 
-* Type: {string}
+* Type: {string} (client) | {string\[]} (server)
+
+The ALPN (Application-Layer Protocol Negotiation) identifier(s).
+
+For **client** sessions, this is a single string specifying the protocol
+the client wants to use (e.g. `'h3'`).
+
+For **server** sessions, this is an array of protocol names in preference
+order that the server supports (e.g. `['h3', 'h3-29']`). During the TLS
+handshake, the server selects the first protocol from its list that the
+client also supports.
+
+The negotiated ALPN determines which Application implementation is used
+for the session. `'h3'` and `'h3-*'` variants select the HTTP/3
+application; all other values select the default application.
 
-The ALPN protocol identifier.
+Default: `'h3'`
 
 #### `sessionOptions.ca` (client only)
 

lib/internal/quic/quic.js

@@ -33,7 +33,6 @@ let debug = require('internal/util/debuglog').debuglog('quic', (fn) => {
 
 const {
   Endpoint: Endpoint_,
-  Http3Application: Http3,
   setCallbacks,
 
   // The constants to be exposed to end users for various options.
@@ -118,7 +117,6 @@ const {
 const kEmptyObject = { __proto__: null };
 
 const {
-  kApplicationProvider,
   kBlocked,
   kConnect,
   kDatagram,
@@ -2222,7 +2220,7 @@ function processIdentityOptions(identity, label) {
 function processTlsOptions(tls, forServer) {
   const {
     servername,
-    protocol,
+    alpn,
     ciphers = DEFAULT_CIPHERS,
     groups = DEFAULT_GROUPS,
     keylog = false,
@@ -2240,9 +2238,6 @@ function processTlsOptions(tls, forServer) {
   if (servername !== undefined) {
     validateString(servername, 'options.servername');
   }
-  if (protocol !== undefined) {
-    validateString(protocol, 'options.protocol');
-  }
   if (ciphers !== undefined) {
     validateString(ciphers, 'options.ciphers');
   }
@@ -2253,11 +2248,42 @@ function processTlsOptions(tls, forServer) {
   validateBoolean(verifyClient, 'options.verifyClient');
   validateBoolean(tlsTrace, 'options.tlsTrace');
 
+  // Encode the ALPN option to wire format (length-prefixed protocol names).
+  // Server: array of protocol names. Client: single protocol name.
+  // If not specified, the C++ default (h3) is used.
+  let encodedAlpn;
+  if (alpn !== undefined) {
+    const protocols = forServer ?
+      (ArrayIsArray(alpn) ? alpn : [alpn]) :
+      [alpn];
+    if (!forServer) {
+      validateString(alpn, 'options.alpn');
+    }
+    let totalLen = 0;
+    for (let i = 0; i < protocols.length; i++) {
+      validateString(protocols[i], `options.alpn[${i}]`);
+      if (protocols[i].length === 0 || protocols[i].length > 255) {
+        throw new ERR_INVALID_ARG_VALUE(`options.alpn[${i}]`, protocols[i],
+                                        'must be between 1 and 255 characters');
+      }
+      totalLen += 1 + protocols[i].length;
+    }
+    // Build wire format: [len1][name1][len2][name2]...
+    const buf = Buffer.allocUnsafe(totalLen);
+    let offset = 0;
+    for (let i = 0; i < protocols.length; i++) {
+      buf[offset++] = protocols[i].length;
+      buf.write(protocols[i], offset, 'ascii');
+      offset += protocols[i].length;
+    }
+    encodedAlpn = buf.toString('latin1');
+  }
+
   // Shared TLS options (same for all identities on the endpoint).
   const shared = {
     __proto__: null,
     servername,
-    protocol,
+    alpn: encodedAlpn,
     ciphers,
     groups,
     keylog,
@@ -2360,17 +2386,12 @@ function processSessionOptions(options, config = {}) {
     maxStreamWindow,
     maxWindow,
     cc,
-    [kApplicationProvider]: provider,
   } = options;
 
   const {
     forServer = false,
   } = config;
 
-  if (provider !== undefined) {
-    validateObject(provider, 'options[kApplicationProvider]');
-  }
-
   if (cc !== undefined) {
     validateOneOf(cc, 'options.cc', [CC_ALGO_RENO, CC_ALGO_BBR, CC_ALGO_CUBIC]);
   }
@@ -2392,7 +2413,6 @@ function processSessionOptions(options, config = {}) {
     maxStreamWindow,
     maxWindow,
     sessionTicket,
-    provider,
     cc,
   };
 }
@@ -2494,7 +2514,6 @@ module.exports = {
   QuicEndpoint,
   QuicSession,
   QuicStream,
-  Http3,
   CC_ALGO_RENO,
   CC_ALGO_CUBIC,
   CC_ALGO_BBR,

lib/internal/quic/state.js

@@ -62,6 +62,7 @@ const {
   IDX_STATE_SESSION_STREAM_OPEN_ALLOWED,
   IDX_STATE_SESSION_PRIORITY_SUPPORTED,
   IDX_STATE_SESSION_WRAPPED,
+  IDX_STATE_SESSION_APPLICATION_TYPE,
   IDX_STATE_SESSION_LAST_DATAGRAM_ID,
 
   IDX_STATE_ENDPOINT_BOUND,
@@ -99,6 +100,7 @@ assert(IDX_STATE_SESSION_HANDSHAKE_CONFIRMED !== undefined);
 assert(IDX_STATE_SESSION_STREAM_OPEN_ALLOWED !== undefined);
 assert(IDX_STATE_SESSION_PRIORITY_SUPPORTED !== undefined);
 assert(IDX_STATE_SESSION_WRAPPED !== undefined);
+assert(IDX_STATE_SESSION_APPLICATION_TYPE !== undefined);
 assert(IDX_STATE_SESSION_LAST_DATAGRAM_ID !== undefined);
 assert(IDX_STATE_ENDPOINT_BOUND !== undefined);
 assert(IDX_STATE_ENDPOINT_RECEIVING !== undefined);
@@ -347,6 +349,12 @@ class QuicSessionState {
     return !!DataViewPrototypeGetUint8(this.#handle, IDX_STATE_SESSION_WRAPPED);
   }
 
+  /** @type {number} */
+  get applicationType() {
+    if (this.#handle.byteLength === 0) return undefined;
+    return DataViewPrototypeGetUint8(this.#handle, IDX_STATE_SESSION_APPLICATION_TYPE);
+  }
+
   /** @type {bigint} */
   get lastDatagramId() {
     if (this.#handle.byteLength === 0) return undefined;
@@ -407,6 +415,7 @@ class QuicSessionState {
       isStreamOpenAllowed: this.isStreamOpenAllowed,
       isPrioritySupported: this.isPrioritySupported,
       isWrapped: this.isWrapped,
+      applicationType: this.applicationType,
       lastDatagramId: this.lastDatagramId,
     }, opts)}`;
   }

lib/internal/quic/symbols.js

@@ -23,7 +23,6 @@ const {
 // Symbols used to hide various private properties and methods from the
 // public API.
 
-const kApplicationProvider = Symbol('kApplicationProvider');
 const kBlocked = Symbol('kBlocked');
 const kConnect = Symbol('kConnect');
 const kDatagram = Symbol('kDatagram');
@@ -50,7 +49,6 @@ const kWantsHeaders = Symbol('kWantsHeaders');
 const kWantsTrailers = Symbol('kWantsTrailers');
 
 module.exports = {
-  kApplicationProvider,
   kBlocked,
   kConnect,
   kDatagram,

src/quic/application.cc

@@ -464,6 +464,10 @@ class DefaultApplication final : public Session::Application {
   // of the namespace.
   using Application::Application;  // NOLINT
 
+  Session::Application::Type type() const override {
+    return Session::Application::Type::DEFAULT;
+  }
+
   error_code GetNoErrorCode() const override { return 0; }
 
   bool ReceiveStreamData(int64_t stream_id,
@@ -601,14 +605,9 @@ class DefaultApplication final : public Session::Application {
   Stream::Queue stream_queue_;
 };
 
-std::unique_ptr<Session::Application> Session::SelectApplication(
-    Session* session, const Config& config) {
-  if (config.options.application_provider) {
-    return config.options.application_provider->Create(session);
-  }
-
-  return std::make_unique<DefaultApplication>(session,
-                                              Application_Options::kDefault);
+std::unique_ptr<Session::Application> CreateDefaultApplication(
+    Session* session, const Session::Application_Options& options) {
+  return std::make_unique<DefaultApplication>(session, options);
 }
 
 }  // namespace quic

src/quic/application.h

@@ -17,9 +17,19 @@ class Session::Application : public MemoryRetainer {
  public:
   using Options = Session::Application_Options;
 
+  // The type of Application, exposed via the session state so JS
+  // can observe which Application was selected after ALPN negotiation.
+  enum class Type : uint8_t {
+    NONE = 0,     // Not yet selected (server pre-negotiation)
+    DEFAULT = 1,  // DefaultApplication (non-h3 ALPN)
+    HTTP3 = 2,    // Http3ApplicationImpl (h3 / h3-XX ALPN)
+  };
+
   Application(Session* session, const Options& options);
   DISALLOW_COPY_AND_MOVE(Application)
 
+  virtual Type type() const = 0;
+
   virtual bool Start();
 
   virtual error_code GetNoErrorCode() const = 0;
@@ -169,6 +179,10 @@ struct Session::Application::StreamData final {
   std::string ToString() const;
 };
 
+// Create a DefaultApplication for the given session.
+std::unique_ptr<Session::Application> CreateDefaultApplication(
+    Session* session, const Session::Application_Options& options);
+
 }  // namespace node::quic
 
 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

src/quic/bindingdata.h

@@ -24,7 +24,6 @@ class Packet;
 // The FunctionTemplates the BindingData will store for us.
 #define QUIC_CONSTRUCTORS(V)                                                   \
   V(endpoint)                                                                  \
-  V(http3application)                                                          \
   V(logstream)                                                                 \
   V(session)                                                                   \
   V(stream)                                                                    \
@@ -59,7 +58,7 @@ class Packet;
   V(ack_delay_exponent, "ackDelayExponent")                                    \
   V(active_connection_id_limit, "activeConnectionIDLimit")                     \
   V(address_lru_size, "addressLRUSize")                                        \
-  V(application_provider, "provider")                                          \
+  V(application, "application")                                                \
   V(bbr, "bbr")                                                                \
   V(ca, "ca")                                                                  \
   V(cc_algorithm, "cc")                                                        \
@@ -78,7 +77,6 @@ class Packet;
   V(groups, "groups")                                                          \
   V(handshake_timeout, "handshakeTimeout")                                     \
   V(http3_alpn, &NGHTTP3_ALPN_H3[1])                                           \
-  V(http3application, "Http3Application")                                      \
   V(initial_max_data, "initialMaxData")                                        \
   V(initial_max_stream_data_bidi_local, "initialMaxStreamDataBidiLocal")       \
   V(initial_max_stream_data_bidi_remote, "initialMaxStreamDataBidiRemote")     \
@@ -105,7 +103,7 @@ class Packet;
   V(max_window, "maxWindow")                                                   \
   V(min_version, "minVersion")                                                 \
   V(preferred_address_strategy, "preferredAddressPolicy")                      \
-  V(protocol, "protocol")                                                      \
+  V(alpn, "alpn")                                                              \
   V(qlog, "qlog")                                                              \
   V(qpack_blocked_streams, "qpackBlockedStreams")                              \
   V(qpack_encoder_max_dtable_capacity, "qpackEncoderMaxDTableCapacity")        \

src/quic/endpoint.cc

@@ -92,7 +92,7 @@ bool is_diagnostic_packet_loss(double probability) {
   return (static_cast<double>(c) / 255) < probability;
 }
 
-template <typename Opt, double Opt::*member>
+template <typename Opt, double Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -113,7 +113,7 @@ bool SetOption(Environment* env,
 }
 #endif  // DEBUG
 
-template <typename Opt, uint8_t Opt::*member>
+template <typename Opt, uint8_t Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -140,7 +140,7 @@ bool SetOption(Environment* env,
   return true;
 }
 
-template <typename Opt, TokenSecret Opt::*member>
+template <typename Opt, TokenSecret Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -511,7 +511,6 @@ JS_CONSTRUCTOR_IMPL(Endpoint, endpoint_constructor_template, {
 
 void Endpoint::InitPerIsolate(IsolateData* data, Local<ObjectTemplate> target) {
   // TODO(@jasnell): Implement the per-isolate state
-  Http3Application::InitPerIsolate(data, target);
 }
 
 void Endpoint::InitPerContext(Realm* realm, Local<Object> target) {
@@ -567,8 +566,6 @@ void Endpoint::InitPerContext(Realm* realm, Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, CLOSECONTEXT_SEND_FAILURE);
   NODE_DEFINE_CONSTANT(target, CLOSECONTEXT_START_FAILURE);
 
-  Http3Application::InitPerContext(realm, target);
-
   SetConstructorFunction(realm->context(),
                          target,
                          "Endpoint",