diff --git a/CHANGELOG.md b/CHANGELOG.md index bbdc388..4e6b294 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # CHANGELOG -## 0.9.6 or 0.10.0 (Unreleased) +## 0.9.7 or 0.10.0 (Unreleased) + +## 0.9.6 + +### Improvement + +- Feat: Change the default hashing algorithm for internal hashmaps and hashsets from FxHash to aHash. This change is to improve the security against HashDos attacks for colliding domain names and paths, and to improve the speed of hash operations for string keys (c.f., [the performance comparison](https://github.com/tkaitchuck/aHash/blob/master/compare/readme.md)). +- Deps and refactor ## 0.9.5 diff --git a/Cargo.toml b/Cargo.toml index 5ccf368..ee0db6c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace.package] -version = "0.9.5" +version = "0.9.6" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy" diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index c0d473a..bd8114e 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -15,12 +15,12 @@ post-quantum = ["rustls-post-quantum"] [dependencies] url = { version = "2.5.4" } -rustc-hash = "2.1.0" -thiserror = "2.0.6" +ahash = "0.8.11" +thiserror = "2.0.9" tracing = "0.1.41" -async-trait = "0.1.83" +async-trait = "0.1.84" base64 = "0.22.1" -aws-lc-rs = { version = "1.11.1", default-features = false, features = [ +aws-lc-rs = { version = "1.12.0", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" @@ -28,7 +28,7 @@ rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", ] } -rustls-platform-verifier = { version = "0.4.0" } +rustls-platform-verifier = { version = "0.5.0" } rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, features = [ "aws-lc-rs", ] } diff --git a/rpxy-acme/src/manager.rs b/rpxy-acme/src/manager.rs index 1fe6f9e..1a4c091 100644 --- a/rpxy-acme/src/manager.rs +++ b/rpxy-acme/src/manager.rs @@ -4,7 +4,7 @@ use crate::{ error::RpxyAcmeError, log::*, }; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::ServerConfig; use rustls_acme::AcmeConfig; use std::{path::PathBuf, sync::Arc}; diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 9b22f17..16bc0d3 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -30,9 +30,9 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ ] } mimalloc = { version = "*", default-features = false } -anyhow = "1.0.94" -rustc-hash = "2.1.0" -serde = { version = "1.0.216", default-features = false, features = ["derive"] } +anyhow = "1.0.95" +ahash = "0.8.11" +serde = { version = "1.0.217", default-features = false, features = ["derive"] } tokio = { version = "1.42.0", default-features = false, features = [ "net", "rt-multi-thread", @@ -41,7 +41,7 @@ tokio = { version = "1.42.0", default-features = false, features = [ "macros", ] } tokio-util = { version = "0.7.13", default-features = false } -async-trait = "0.1.83" +async-trait = "0.1.84" futures-util = { version = "0.3.31", default-features = false } # config diff --git a/rpxy-bin/src/config/parse.rs b/rpxy-bin/src/config/parse.rs index 7292b58..fdc4b67 100644 --- a/rpxy-bin/src/config/parse.rs +++ b/rpxy-bin/src/config/parse.rs @@ -1,10 +1,10 @@ use super::toml::ConfigToml; use crate::error::{anyhow, ensure}; +use ahash::HashMap; use clap::{Arg, ArgAction}; use hot_reload::{ReloaderReceiver, ReloaderService}; use rpxy_certs::{build_cert_reloader, CryptoFileSourceBuilder, CryptoReloader, ServerCryptoBase}; use rpxy_lib::{AppConfig, AppConfigList, ProxyConfig}; -use rustc_hash::FxHashMap as HashMap; #[cfg(feature = "acme")] use rpxy_acme::{AcmeManager, ACME_DIR_URL, ACME_REGISTRY_PATH}; diff --git a/rpxy-bin/src/config/toml.rs b/rpxy-bin/src/config/toml.rs index 639f927..36eecdf 100644 --- a/rpxy-bin/src/config/toml.rs +++ b/rpxy-bin/src/config/toml.rs @@ -3,8 +3,8 @@ use crate::{ error::{anyhow, ensure}, log::warn, }; +use ahash::HashMap; use rpxy_lib::{reexports::Uri, AppConfig, ProxyConfig, ReverseProxyConfig, TlsConfig, UpstreamUri}; -use rustc_hash::FxHashMap as HashMap; use serde::Deserialize; use std::{fs, net::SocketAddr}; use tokio::time::Duration; @@ -232,7 +232,7 @@ impl ConfigToml { // Check unused fields during deserialization let t = toml::de::Deserializer::new(&config_str); - let mut unused = rustc_hash::FxHashSet::default(); + let mut unused = ahash::HashSet::default(); let res = serde_ignored::deserialize(t, |path| { unused.insert(path.to_string()); diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index 1ca8e41..f060b1a 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -16,12 +16,12 @@ post-quantum = ["rustls-post-quantum"] http3 = [] [dependencies] -rustc-hash = { version = "2.1.0" } +ahash = { version = "0.8.11" } tracing = { version = "0.1.41" } derive_builder = { version = "0.20.2" } -thiserror = { version = "2.0.6" } +thiserror = { version = "2.0.9" } hot_reload = { version = "0.1.8" } -async-trait = { version = "0.1.83" } +async-trait = { version = "0.1.84" } rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", diff --git a/rpxy-certs/src/certs.rs b/rpxy-certs/src/certs.rs index 8c8a2fb..1e8802a 100644 --- a/rpxy-certs/src/certs.rs +++ b/rpxy-certs/src/certs.rs @@ -1,5 +1,5 @@ use crate::error::*; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::{crypto::aws_lc_rs::sign::any_supported_type, pki_types, sign::CertifiedKey}; use std::sync::Arc; use x509_parser::prelude::*; diff --git a/rpxy-certs/src/lib.rs b/rpxy-certs/src/lib.rs index 43994a1..2cc29bd 100644 --- a/rpxy-certs/src/lib.rs +++ b/rpxy-certs/src/lib.rs @@ -10,8 +10,8 @@ mod log { } use crate::{error::*, log::*, reloader_service::DynCryptoSource}; +use ahash::HashMap; use hot_reload::{ReloaderReceiver, ReloaderService}; -use rustc_hash::FxHashMap as HashMap; use rustls::crypto::CryptoProvider; use std::sync::Arc; diff --git a/rpxy-certs/src/reloader_service.rs b/rpxy-certs/src/reloader_service.rs index 4d10fa1..8f2bdab 100644 --- a/rpxy-certs/src/reloader_service.rs +++ b/rpxy-certs/src/reloader_service.rs @@ -4,9 +4,9 @@ use crate::{ log::*, server_crypto::{ServerCryptoBase, ServerNameBytes}, }; +use ahash::HashMap; use async_trait::async_trait; use hot_reload::{Reload, ReloaderError}; -use rustc_hash::FxHashMap as HashMap; use std::sync::Arc; /* ------------------------------------------------ */ diff --git a/rpxy-certs/src/server_crypto.rs b/rpxy-certs/src/server_crypto.rs index 71426c8..9a15c5a 100644 --- a/rpxy-certs/src/server_crypto.rs +++ b/rpxy-certs/src/server_crypto.rs @@ -1,5 +1,5 @@ use crate::{certs::SingleServerCertsKeys, error::*, log::*}; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::{ crypto::CryptoProvider, server::{ResolvesServerCertUsingSni, WebPkiClientVerifier}, diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index e5a1806..511e177 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -37,7 +37,7 @@ post-quantum = [ [dependencies] rand = "0.8.5" -rustc-hash = "2.1.0" +ahash = "0.8.11" bytes = "1.9.0" derive_builder = "0.20.2" futures = { version = "0.3.31", features = ["alloc", "async-await"] } @@ -51,16 +51,16 @@ tokio = { version = "1.42.0", default-features = false, features = [ ] } tokio-util = { version = "0.7.13", default-features = false } pin-project-lite = "0.2.15" -async-trait = "0.1.83" +async-trait = "0.1.84" # Error handling -anyhow = "1.0.94" -thiserror = "2.0.6" +anyhow = "1.0.95" +thiserror = "2.0.9" # http for both server and client http = "1.2.0" http-body-util = "0.1.2" -hyper = { version = "1.5.1", default-features = false } +hyper = { version = "1.5.2", default-features = false } hyper-util = { version = "0.1.10", features = ["full"] } futures-util = { version = "0.3.31", default-features = false } futures-channel = { version = "0.3.31", default-features = false } @@ -70,7 +70,7 @@ hyper-tls = { version = "0.6.0", features = [ "alpn", "vendored", ], optional = true } -hyper-rustls = { version = "0.27.3", default-features = false, features = [ +hyper-rustls = { version = "0.27.5", default-features = false, features = [ "aws-lc-rs", "http1", "http2", diff --git a/rpxy-lib/src/backend/backend_main.rs b/rpxy-lib/src/backend/backend_main.rs index 0282504..1ac49cb 100644 --- a/rpxy-lib/src/backend/backend_main.rs +++ b/rpxy-lib/src/backend/backend_main.rs @@ -4,8 +4,8 @@ use crate::{ name_exp::{ByteName, ServerName}, AppConfig, AppConfigList, }; +use ahash::HashMap; use derive_builder::Builder; -use rustc_hash::FxHashMap as HashMap; use std::borrow::Cow; use super::upstream::PathManager; diff --git a/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs b/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs index d7a9795..46ac74e 100644 --- a/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs +++ b/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs @@ -4,8 +4,8 @@ use super::{ Upstream, }; use crate::{constants::STICKY_COOKIE_NAME, log::*}; +use ahash::HashMap; use derive_builder::Builder; -use rustc_hash::FxHashMap as HashMap; use std::{ borrow::Cow, sync::{ diff --git a/rpxy-lib/src/backend/upstream.rs b/rpxy-lib/src/backend/upstream.rs index 7d9d569..353db99 100644 --- a/rpxy-lib/src/backend/upstream.rs +++ b/rpxy-lib/src/backend/upstream.rs @@ -11,10 +11,10 @@ use crate::{ log::*, name_exp::{ByteName, PathName}, }; +use ahash::{HashMap, HashSet}; #[cfg(feature = "sticky-cookie")] use base64::{engine::general_purpose, Engine as _}; use derive_builder::Builder; -use rustc_hash::{FxHashMap as HashMap, FxHashSet as HashSet}; #[cfg(feature = "sticky-cookie")] use sha2::{Digest, Sha256}; use std::borrow::Cow; diff --git a/rpxy-lib/src/globals.rs b/rpxy-lib/src/globals.rs index 82d66c0..a52f066 100644 --- a/rpxy-lib/src/globals.rs +++ b/rpxy-lib/src/globals.rs @@ -20,7 +20,7 @@ pub struct Globals { #[cfg(feature = "acme")] /// ServerConfig used for only ACME challenge for ACME domains - pub server_configs_acme_challenge: std::sync::Arc>>, + pub server_configs_acme_challenge: std::sync::Arc>>, } /// Configuration parameters for proxy transport and request handlers diff --git a/rpxy-lib/src/lib.rs b/rpxy-lib/src/lib.rs index fa74d42..4cc23ab 100644 --- a/rpxy-lib/src/lib.rs +++ b/rpxy-lib/src/lib.rs @@ -48,7 +48,7 @@ pub struct RpxyOptions { #[cfg(feature = "acme")] /// ServerConfig used for only ACME challenge for ACME domains - pub server_configs_acme_challenge: Arc>>, + pub server_configs_acme_challenge: Arc>>, } /// Entrypoint that creates and spawns tasks of reverse proxy services diff --git a/rpxy-lib/src/proxy/mod.rs b/rpxy-lib/src/proxy/mod.rs index 59bfc3f..be126a8 100644 --- a/rpxy-lib/src/proxy/mod.rs +++ b/rpxy-lib/src/proxy/mod.rs @@ -14,12 +14,11 @@ use crate::{ name_exp::ServerName, }; use hyper_util::server::{self, conn::auto::Builder as ConnectionBuilder}; -use rustc_hash::FxHashMap as HashMap; use rustls::ServerConfig; use std::sync::Arc; /// SNI to ServerConfig map type -pub type SniServerCryptoMap = HashMap>; +pub type SniServerCryptoMap = std::collections::HashMap, ahash::RandomState>; pub(crate) use proxy_main::Proxy; diff --git a/rpxy-lib/src/proxy/proxy_main.rs b/rpxy-lib/src/proxy/proxy_main.rs index 3bb0aec..40e14e5 100644 --- a/rpxy-lib/src/proxy/proxy_main.rs +++ b/rpxy-lib/src/proxy/proxy_main.rs @@ -294,7 +294,7 @@ where let map = server_config.individual_config_map.clone().iter().map(|(k,v)| { let server_name = ServerName::from(k.as_slice()); (server_name, v.clone()) - }).collect::>(); + }).collect::>(); server_crypto_map = Some(Arc::new(map)); } }