diff --git a/CHANGELOG.md b/CHANGELOG.md index bbdc3884..4e6b2946 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # CHANGELOG -## 0.9.6 or 0.10.0 (Unreleased) +## 0.9.7 or 0.10.0 (Unreleased) + +## 0.9.6 + +### Improvement + +- Feat: Change the default hashing algorithm for internal hashmaps and hashsets from FxHash to aHash. This change is to improve the security against HashDos attacks for colliding domain names and paths, and to improve the speed of hash operations for string keys (c.f., [the performance comparison](https://github.com/tkaitchuck/aHash/blob/master/compare/readme.md)). +- Deps and refactor ## 0.9.5 diff --git a/Cargo.toml b/Cargo.toml index 5ccf368a..ee0db6cf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace.package] -version = "0.9.5" +version = "0.9.6" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy" diff --git a/rpxy-acme/Cargo.toml b/rpxy-acme/Cargo.toml index c0d473a3..bd8114eb 100644 --- a/rpxy-acme/Cargo.toml +++ b/rpxy-acme/Cargo.toml @@ -15,12 +15,12 @@ post-quantum = ["rustls-post-quantum"] [dependencies] url = { version = "2.5.4" } -rustc-hash = "2.1.0" -thiserror = "2.0.6" +ahash = "0.8.11" +thiserror = "2.0.9" tracing = "0.1.41" -async-trait = "0.1.83" +async-trait = "0.1.84" base64 = "0.22.1" -aws-lc-rs = { version = "1.11.1", default-features = false, features = [ +aws-lc-rs = { version = "1.12.0", default-features = false, features = [ "aws-lc-sys", ] } blocking = "1.6.1" @@ -28,7 +28,7 @@ rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", ] } -rustls-platform-verifier = { version = "0.4.0" } +rustls-platform-verifier = { version = "0.5.0" } rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, features = [ "aws-lc-rs", ] } diff --git a/rpxy-acme/src/manager.rs b/rpxy-acme/src/manager.rs index 1fe6f9e3..1a4c0918 100644 --- a/rpxy-acme/src/manager.rs +++ b/rpxy-acme/src/manager.rs @@ -4,7 +4,7 @@ use crate::{ error::RpxyAcmeError, log::*, }; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::ServerConfig; use rustls_acme::AcmeConfig; use std::{path::PathBuf, sync::Arc}; diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 9b22f17c..16bc0d30 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -30,9 +30,9 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ ] } mimalloc = { version = "*", default-features = false } -anyhow = "1.0.94" -rustc-hash = "2.1.0" -serde = { version = "1.0.216", default-features = false, features = ["derive"] } +anyhow = "1.0.95" +ahash = "0.8.11" +serde = { version = "1.0.217", default-features = false, features = ["derive"] } tokio = { version = "1.42.0", default-features = false, features = [ "net", "rt-multi-thread", @@ -41,7 +41,7 @@ tokio = { version = "1.42.0", default-features = false, features = [ "macros", ] } tokio-util = { version = "0.7.13", default-features = false } -async-trait = "0.1.83" +async-trait = "0.1.84" futures-util = { version = "0.3.31", default-features = false } # config diff --git a/rpxy-bin/src/config/parse.rs b/rpxy-bin/src/config/parse.rs index 7292b583..fdc4b677 100644 --- a/rpxy-bin/src/config/parse.rs +++ b/rpxy-bin/src/config/parse.rs @@ -1,10 +1,10 @@ use super::toml::ConfigToml; use crate::error::{anyhow, ensure}; +use ahash::HashMap; use clap::{Arg, ArgAction}; use hot_reload::{ReloaderReceiver, ReloaderService}; use rpxy_certs::{build_cert_reloader, CryptoFileSourceBuilder, CryptoReloader, ServerCryptoBase}; use rpxy_lib::{AppConfig, AppConfigList, ProxyConfig}; -use rustc_hash::FxHashMap as HashMap; #[cfg(feature = "acme")] use rpxy_acme::{AcmeManager, ACME_DIR_URL, ACME_REGISTRY_PATH}; diff --git a/rpxy-bin/src/config/toml.rs b/rpxy-bin/src/config/toml.rs index 639f927e..36eecdf1 100644 --- a/rpxy-bin/src/config/toml.rs +++ b/rpxy-bin/src/config/toml.rs @@ -3,8 +3,8 @@ use crate::{ error::{anyhow, ensure}, log::warn, }; +use ahash::HashMap; use rpxy_lib::{reexports::Uri, AppConfig, ProxyConfig, ReverseProxyConfig, TlsConfig, UpstreamUri}; -use rustc_hash::FxHashMap as HashMap; use serde::Deserialize; use std::{fs, net::SocketAddr}; use tokio::time::Duration; @@ -232,7 +232,7 @@ impl ConfigToml { // Check unused fields during deserialization let t = toml::de::Deserializer::new(&config_str); - let mut unused = rustc_hash::FxHashSet::default(); + let mut unused = ahash::HashSet::default(); let res = serde_ignored::deserialize(t, |path| { unused.insert(path.to_string()); diff --git a/rpxy-certs/Cargo.toml b/rpxy-certs/Cargo.toml index 1ca8e415..f060b1ab 100644 --- a/rpxy-certs/Cargo.toml +++ b/rpxy-certs/Cargo.toml @@ -16,12 +16,12 @@ post-quantum = ["rustls-post-quantum"] http3 = [] [dependencies] -rustc-hash = { version = "2.1.0" } +ahash = { version = "0.8.11" } tracing = { version = "0.1.41" } derive_builder = { version = "0.20.2" } -thiserror = { version = "2.0.6" } +thiserror = { version = "2.0.9" } hot_reload = { version = "0.1.8" } -async-trait = { version = "0.1.83" } +async-trait = { version = "0.1.84" } rustls = { version = "0.23.20", default-features = false, features = [ "std", "aws_lc_rs", diff --git a/rpxy-certs/src/certs.rs b/rpxy-certs/src/certs.rs index 8c8a2fb3..1e8802a7 100644 --- a/rpxy-certs/src/certs.rs +++ b/rpxy-certs/src/certs.rs @@ -1,5 +1,5 @@ use crate::error::*; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::{crypto::aws_lc_rs::sign::any_supported_type, pki_types, sign::CertifiedKey}; use std::sync::Arc; use x509_parser::prelude::*; diff --git a/rpxy-certs/src/lib.rs b/rpxy-certs/src/lib.rs index 43994a11..2cc29bd1 100644 --- a/rpxy-certs/src/lib.rs +++ b/rpxy-certs/src/lib.rs @@ -10,8 +10,8 @@ mod log { } use crate::{error::*, log::*, reloader_service::DynCryptoSource}; +use ahash::HashMap; use hot_reload::{ReloaderReceiver, ReloaderService}; -use rustc_hash::FxHashMap as HashMap; use rustls::crypto::CryptoProvider; use std::sync::Arc; diff --git a/rpxy-certs/src/reloader_service.rs b/rpxy-certs/src/reloader_service.rs index 4d10fa19..8f2bdab7 100644 --- a/rpxy-certs/src/reloader_service.rs +++ b/rpxy-certs/src/reloader_service.rs @@ -4,9 +4,9 @@ use crate::{ log::*, server_crypto::{ServerCryptoBase, ServerNameBytes}, }; +use ahash::HashMap; use async_trait::async_trait; use hot_reload::{Reload, ReloaderError}; -use rustc_hash::FxHashMap as HashMap; use std::sync::Arc; /* ------------------------------------------------ */ diff --git a/rpxy-certs/src/server_crypto.rs b/rpxy-certs/src/server_crypto.rs index 71426c8a..9a15c5ae 100644 --- a/rpxy-certs/src/server_crypto.rs +++ b/rpxy-certs/src/server_crypto.rs @@ -1,5 +1,5 @@ use crate::{certs::SingleServerCertsKeys, error::*, log::*}; -use rustc_hash::FxHashMap as HashMap; +use ahash::HashMap; use rustls::{ crypto::CryptoProvider, server::{ResolvesServerCertUsingSni, WebPkiClientVerifier}, diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index e5a18068..511e1776 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -37,7 +37,7 @@ post-quantum = [ [dependencies] rand = "0.8.5" -rustc-hash = "2.1.0" +ahash = "0.8.11" bytes = "1.9.0" derive_builder = "0.20.2" futures = { version = "0.3.31", features = ["alloc", "async-await"] } @@ -51,16 +51,16 @@ tokio = { version = "1.42.0", default-features = false, features = [ ] } tokio-util = { version = "0.7.13", default-features = false } pin-project-lite = "0.2.15" -async-trait = "0.1.83" +async-trait = "0.1.84" # Error handling -anyhow = "1.0.94" -thiserror = "2.0.6" +anyhow = "1.0.95" +thiserror = "2.0.9" # http for both server and client http = "1.2.0" http-body-util = "0.1.2" -hyper = { version = "1.5.1", default-features = false } +hyper = { version = "1.5.2", default-features = false } hyper-util = { version = "0.1.10", features = ["full"] } futures-util = { version = "0.3.31", default-features = false } futures-channel = { version = "0.3.31", default-features = false } @@ -70,7 +70,7 @@ hyper-tls = { version = "0.6.0", features = [ "alpn", "vendored", ], optional = true } -hyper-rustls = { version = "0.27.3", default-features = false, features = [ +hyper-rustls = { version = "0.27.5", default-features = false, features = [ "aws-lc-rs", "http1", "http2", diff --git a/rpxy-lib/src/backend/backend_main.rs b/rpxy-lib/src/backend/backend_main.rs index 0282504f..1ac49cbc 100644 --- a/rpxy-lib/src/backend/backend_main.rs +++ b/rpxy-lib/src/backend/backend_main.rs @@ -4,8 +4,8 @@ use crate::{ name_exp::{ByteName, ServerName}, AppConfig, AppConfigList, }; +use ahash::HashMap; use derive_builder::Builder; -use rustc_hash::FxHashMap as HashMap; use std::borrow::Cow; use super::upstream::PathManager; diff --git a/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs b/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs index d7a97953..46ac74e5 100644 --- a/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs +++ b/rpxy-lib/src/backend/load_balance/load_balance_sticky.rs @@ -4,8 +4,8 @@ use super::{ Upstream, }; use crate::{constants::STICKY_COOKIE_NAME, log::*}; +use ahash::HashMap; use derive_builder::Builder; -use rustc_hash::FxHashMap as HashMap; use std::{ borrow::Cow, sync::{ diff --git a/rpxy-lib/src/backend/upstream.rs b/rpxy-lib/src/backend/upstream.rs index 7d9d569f..353db990 100644 --- a/rpxy-lib/src/backend/upstream.rs +++ b/rpxy-lib/src/backend/upstream.rs @@ -11,10 +11,10 @@ use crate::{ log::*, name_exp::{ByteName, PathName}, }; +use ahash::{HashMap, HashSet}; #[cfg(feature = "sticky-cookie")] use base64::{engine::general_purpose, Engine as _}; use derive_builder::Builder; -use rustc_hash::{FxHashMap as HashMap, FxHashSet as HashSet}; #[cfg(feature = "sticky-cookie")] use sha2::{Digest, Sha256}; use std::borrow::Cow; diff --git a/rpxy-lib/src/globals.rs b/rpxy-lib/src/globals.rs index 82d66c0d..a52f066d 100644 --- a/rpxy-lib/src/globals.rs +++ b/rpxy-lib/src/globals.rs @@ -20,7 +20,7 @@ pub struct Globals { #[cfg(feature = "acme")] /// ServerConfig used for only ACME challenge for ACME domains - pub server_configs_acme_challenge: std::sync::Arc>>, + pub server_configs_acme_challenge: std::sync::Arc>>, } /// Configuration parameters for proxy transport and request handlers diff --git a/rpxy-lib/src/lib.rs b/rpxy-lib/src/lib.rs index fa74d42d..4cc23abf 100644 --- a/rpxy-lib/src/lib.rs +++ b/rpxy-lib/src/lib.rs @@ -48,7 +48,7 @@ pub struct RpxyOptions { #[cfg(feature = "acme")] /// ServerConfig used for only ACME challenge for ACME domains - pub server_configs_acme_challenge: Arc>>, + pub server_configs_acme_challenge: Arc>>, } /// Entrypoint that creates and spawns tasks of reverse proxy services diff --git a/rpxy-lib/src/proxy/mod.rs b/rpxy-lib/src/proxy/mod.rs index 59bfc3ff..be126a8d 100644 --- a/rpxy-lib/src/proxy/mod.rs +++ b/rpxy-lib/src/proxy/mod.rs @@ -14,12 +14,11 @@ use crate::{ name_exp::ServerName, }; use hyper_util::server::{self, conn::auto::Builder as ConnectionBuilder}; -use rustc_hash::FxHashMap as HashMap; use rustls::ServerConfig; use std::sync::Arc; /// SNI to ServerConfig map type -pub type SniServerCryptoMap = HashMap>; +pub type SniServerCryptoMap = std::collections::HashMap, ahash::RandomState>; pub(crate) use proxy_main::Proxy; diff --git a/rpxy-lib/src/proxy/proxy_main.rs b/rpxy-lib/src/proxy/proxy_main.rs index 3bb0aeca..40e14e5b 100644 --- a/rpxy-lib/src/proxy/proxy_main.rs +++ b/rpxy-lib/src/proxy/proxy_main.rs @@ -294,7 +294,7 @@ where let map = server_config.individual_config_map.clone().iter().map(|(k,v)| { let server_name = ServerName::from(k.as_slice()); (server_name, v.clone()) - }).collect::>(); + }).collect::>(); server_crypto_map = Some(Arc::new(map)); } }