Documentation ¶
Index ¶
- Constants
- Variables
- func IsSupportedVersion(supported []VersionNumber, v VersionNumber) bool
- func IsValidVersion(v VersionNumber) bool
- type ApplicationErrorCode
- type ByteCount
- type ConnectionID
- type EncryptionLevel
- type PacketNumber
- type PacketNumberLen
- type PacketType
- type Perspective
- type StreamID
- type VersionNumber
- func (vn VersionNumber) CryptoStreamID() StreamID
- func (vn VersionNumber) StreamContributesToConnectionFlowControl(id StreamID) bool
- func (vn VersionNumber) String() string
- func (vn VersionNumber) ToAltSvc() string
- func (vn VersionNumber) UsesIETFFrameFormat() bool
- func (vn VersionNumber) UsesIETFHeaderFormat() bool
- func (vn VersionNumber) UsesLengthInHeader() bool
- func (vn VersionNumber) UsesStopWaitingFrames() bool
- func (vn VersionNumber) UsesTLS() bool
- func (vn VersionNumber) UsesTokenInHeader() bool
- func (vn VersionNumber) UsesVarintPacketNumbers() bool
Constants ¶
const ClosedSessionDeleteTimeout = time.Minute
ClosedSessionDeleteTimeout the server ignores packets arriving on a connection that is already closed after this time all information about the old connection will be deleted
const ConnectionFlowControlMultiplier = 1.5
ConnectionFlowControlMultiplier determines how much larger the connection flow control windows needs to be relative to any stream's flow control window This is the value that Chromium is using
const ConnectionIDLenGQUIC = 8
ConnectionIDLenGQUIC is the length of the source Connection ID used on gQUIC QUIC packets.
const CookieExpiryTime = 24 * time.Hour
CookieExpiryTime is the valid time of a cookie
const CryptoMaxParams = 128
CryptoMaxParams is the upper limit for the number of parameters in a crypto message. Value taken from Chrome.
const CryptoParameterMaxLength = 4000
CryptoParameterMaxLength is the upper limit for the length of a parameter in a crypto message.
const DefaultConnectionIDLength = 4
DefaultConnectionIDLength is the connection ID length that is used for multiplexed connections if no other value is configured.
const DefaultHandshakeTimeout = 10 * time.Second
DefaultHandshakeTimeout is the default timeout for a connection until the crypto handshake succeeds.
const DefaultIdleTimeout = 30 * time.Second
DefaultIdleTimeout is the default idle timeout
const DefaultMaxIncomingStreams = 100
DefaultMaxIncomingStreams is the maximum number of streams that a peer may open
const DefaultMaxIncomingUniStreams = 100
DefaultMaxIncomingUniStreams is the maximum number of unidirectional streams that a peer may open
const DefaultMaxReceiveConnectionFlowControlWindowClient = 15 * (1 << 20) // 15 MB
DefaultMaxReceiveConnectionFlowControlWindowClient is the default connection-level flow control window for receiving data, for the client This is the value that Google servers are using
const DefaultMaxReceiveConnectionFlowControlWindowServer = 1.5 * (1 << 20) // 1.5 MB
DefaultMaxReceiveConnectionFlowControlWindowServer is the default connection-level flow control window for receiving data, for the server This is the value that Google servers are using
const DefaultMaxReceiveStreamFlowControlWindowClient = 6 * (1 << 20) // 6 MB
DefaultMaxReceiveStreamFlowControlWindowClient is the default maximum stream-level flow control window for receiving data, for the client This is the value that Chromium is using
const DefaultMaxReceiveStreamFlowControlWindowServer = 1 * (1 << 20) // 1 MB
DefaultMaxReceiveStreamFlowControlWindowServer is the default maximum stream-level flow control window for receiving data, for the server This is the value that Google servers are using
const EphermalKeyLifetime = time.Minute
EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX.
const MaxByteCount = ByteCount(1<<62 - 1)
MaxByteCount is the maximum value of a ByteCount
const MaxClientHellos = 3
MaxClientHellos is the maximum number of times we'll send a client hello The value 3 accounts for: * one failure due to an incorrect or missing source-address token * one failure due the server's certificate chain being unavailable and the server being unwilling to send it without a valid source-address token
const MaxNonRetransmittableAcks = 19
MaxNonRetransmittableAcks is the maximum number of packets containing an ACK, but no retransmittable frames, that we send in a row
const MaxOutstandingSentPackets = 2 * defaultMaxCongestionWindowPackets
MaxOutstandingSentPackets is maximum number of packets saved for retransmission. When reached, it imposes a soft limit on sending new packets: Sending ACKs and retransmission is still allowed, but now new regular packets can be sent.
const MaxPacketSizeIPv4 = 1252
MaxPacketSizeIPv4 is the maximum packet size that we use for sending IPv4 packets.
const MaxPacketSizeIPv6 = 1232
MaxPacketSizeIPv6 is the maximum packet size that we use for sending IPv6 packets.
const MaxSessionUnprocessedPackets = defaultMaxCongestionWindowPackets
MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed.
const MaxStreamFrameSorterGaps = 1000
MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames prevents DoS attacks against the streamFrameSorter
const MaxStreamsMinimumIncrement = 10
MaxStreamsMinimumIncrement is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this absolute increment and the procentual increase specified by MaxStreamsMultiplier is used.
const MaxStreamsMultiplier = 1.1
MaxStreamsMultiplier is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this procentual increase and the absolute increment specified by MaxStreamsMinimumIncrement is used.
const MaxTrackedReceivedAckRanges = defaultMaxCongestionWindowPackets
MaxTrackedReceivedAckRanges is the maximum number of ACK ranges tracked
const MaxTrackedSentPackets = MaxOutstandingSentPackets * 5 / 4
MaxTrackedSentPackets is maximum number of sent packets saved for retransmission. When reached, no more packets will be sent. This value *must* be larger than MaxOutstandingSentPackets.
const MaxTrackedSkippedPackets = 10
MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
const MaxUndecryptablePackets = 10
MaxUndecryptablePackets limits the number of undecryptable packets that a session queues for later until it sends a public reset.
const MinClientHelloSize = 1024
MinClientHelloSize is the minimum size the server expects an inchoate CHLO to have (in gQUIC)
const MinConnectionIDLenInitial = 8
MinConnectionIDLenInitial is the minimum length of the destination connection ID on an Initial packet.
const MinInitialPacketSize = 1200
MinInitialPacketSize is the minimum size an Initial packet (in IETF QUIC) is required to have.
const MinPacingDelay time.Duration = 100 * time.Microsecond
MinPacingDelay is the minimum duration that is used for packet pacing If the packet packing frequency is higher, multiple packets might be sent at once. Example: For a packet pacing delay of 20 microseconds, we would send 5 packets at once, wait for 100 microseconds, and so forth.
const MinRemoteIdleTimeout = 5 * time.Second
MinRemoteIdleTimeout is the minimum value that we accept for the remote idle timeout
const NonForwardSecurePacketSizeReduction = 50
NonForwardSecurePacketSizeReduction is the number of bytes a non forward-secure packet has to be smaller than a forward-secure packet This makes sure that those packets can always be retransmitted without splitting the contained StreamFrames
const NumCachedCertificates = 128
NumCachedCertificates is the number of cached compressed certificate chains, each taking ~1K space
const PublicResetTimeout = 500 * time.Millisecond
PublicResetTimeout is the time to wait before sending a Public Reset when receiving too many undecryptable packets during the handshake This timeout allows the Go scheduler to switch to the Go rountine that reads the crypto stream and to escalate the crypto
const ReceiveConnectionFlowControlWindow = (1 << 10) * 48 // 48 kB
ReceiveConnectionFlowControlWindow is the connection-level flow control window for receiving data This is the value that Google servers are using
const ReceiveStreamFlowControlWindow = (1 << 10) * 32 // 32 kB
ReceiveStreamFlowControlWindow is the stream-level flow control window for receiving data This is the value that Google servers are using
const WindowUpdateThreshold = 0.25
WindowUpdateThreshold is the fraction of the receive window that has to be consumed before an higher offset is advertised to the client
Variables ¶
var SupportedVersions = []VersionNumber{ Version44, Version43, Version39, }
SupportedVersions lists the versions that the server supports must be in sorted descending order
Functions ¶
func IsSupportedVersion ¶
func IsSupportedVersion(supported []VersionNumber, v VersionNumber) bool
IsSupportedVersion returns true if the server supports this version
func IsValidVersion ¶
func IsValidVersion(v VersionNumber) bool
IsValidVersion says if the version is known to quic-go
Types ¶
type ApplicationErrorCode ¶
type ApplicationErrorCode uint16
An ApplicationErrorCode is an application-defined error code.
type ByteCount ¶
type ByteCount uint64
A ByteCount in QUIC
const DefaultMaxCongestionWindow ByteCount = defaultMaxCongestionWindowPackets * DefaultTCPMSS
DefaultMaxCongestionWindow is the default for the max congestion window
const DefaultTCPMSS ByteCount = 1460
DefaultTCPMSS is the default maximum packet size used in the Linux TCP implementation. Used in QUIC for congestion window computations in bytes.
const InitialCongestionWindow ByteCount = 32 * DefaultTCPMSS
InitialCongestionWindow is the initial congestion window in QUIC packets
const MaxAckFrameSize ByteCount = 1000
MaxAckFrameSize is the maximum size for an (IETF QUIC) ACK frame that we write Due to the varint encoding, ACK frames can grow (almost) indefinitely large. The MaxAckFrameSize should be large enough to encode many ACK range, but must ensure that a maximum size ACK frame fits into one packet.
const MaxReceivePacketSize ByteCount = 1452
MaxReceivePacketSize maximum packet size of any QUIC packet, based on ethernet's max size, minus the IP and UDP headers. IPv6 has a 40 byte header, UDP adds an additional 8 bytes. This is a total overhead of 48 bytes. Ethernet's max packet size is 1500 bytes, 1500 - 48 = 1452.
const MinStreamFrameSize ByteCount = 128
MinStreamFrameSize is the minimum size that has to be left in a packet, so that we add another STREAM frame. This avoids splitting up STREAM frames into small pieces, which has 2 advantages: 1. it reduces the framing overhead 2. it reduces the head-of-line blocking, when a packet is lost
type ConnectionID ¶
type ConnectionID []byte
A ConnectionID in QUIC
func GenerateConnectionID ¶
func GenerateConnectionID(len int) (ConnectionID, error)
GenerateConnectionID generates a connection ID using cryptographic random
func GenerateConnectionIDForInitial ¶
func GenerateConnectionIDForInitial() (ConnectionID, error)
GenerateConnectionIDForInitial generates a connection ID for the Initial packet. It uses a length randomly chosen between 8 and 18 bytes.
func ReadConnectionID ¶
func ReadConnectionID(r io.Reader, len int) (ConnectionID, error)
ReadConnectionID reads a connection ID of length len from the given io.Reader. It returns io.EOF if there are not enough bytes to read.
func (ConnectionID) Bytes ¶
func (c ConnectionID) Bytes() []byte
Bytes returns the byte representation
func (ConnectionID) Equal ¶
func (c ConnectionID) Equal(other ConnectionID) bool
Equal says if two connection IDs are equal
func (ConnectionID) Len ¶
func (c ConnectionID) Len() int
Len returns the length of the connection ID in bytes
func (ConnectionID) String ¶
func (c ConnectionID) String() string
type EncryptionLevel ¶
type EncryptionLevel int
EncryptionLevel is the encryption level Default value is Unencrypted
const ( // EncryptionUnspecified is a not specified encryption level EncryptionUnspecified EncryptionLevel = iota // EncryptionUnencrypted is not encrypted EncryptionUnencrypted // EncryptionSecure is encrypted, but not forward secure EncryptionSecure // EncryptionForwardSecure is forward secure EncryptionForwardSecure )
func (EncryptionLevel) String ¶
func (e EncryptionLevel) String() string
type PacketNumber ¶
type PacketNumber uint64
A PacketNumber in QUIC
const SkipPacketAveragePeriodLength PacketNumber = 500
SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
func InferPacketNumber ¶
func InferPacketNumber( packetNumberLength PacketNumberLen, lastPacketNumber PacketNumber, wirePacketNumber PacketNumber, version VersionNumber, ) PacketNumber
InferPacketNumber calculates the packet number based on the received packet number, its length and the last seen packet number
type PacketNumberLen ¶
type PacketNumberLen uint8
PacketNumberLen is the length of the packet number in bytes
const ( // PacketNumberLenInvalid is the default value and not a valid length for a packet number PacketNumberLenInvalid PacketNumberLen = 0 // PacketNumberLen1 is a packet number length of 1 byte PacketNumberLen1 PacketNumberLen = 1 // PacketNumberLen2 is a packet number length of 2 bytes PacketNumberLen2 PacketNumberLen = 2 // PacketNumberLen4 is a packet number length of 4 bytes PacketNumberLen4 PacketNumberLen = 4 // PacketNumberLen6 is a packet number length of 6 bytes PacketNumberLen6 PacketNumberLen = 6 )
func GetPacketNumberLength ¶
func GetPacketNumberLength(packetNumber PacketNumber) PacketNumberLen
GetPacketNumberLength gets the minimum length needed to fully represent the packet number
func GetPacketNumberLengthForHeader ¶
func GetPacketNumberLengthForHeader(packetNumber, leastUnacked PacketNumber, version VersionNumber) PacketNumberLen
GetPacketNumberLengthForHeader gets the length of the packet number for the public header it never chooses a PacketNumberLen of 1 byte, since this is too short under certain circumstances
type PacketType ¶
type PacketType uint8
The PacketType is the Long Header Type (only used for the IETF draft header format)
const ( // PacketTypeInitial is the packet type of an Initial packet PacketTypeInitial PacketType = 0x7f // PacketTypeRetry is the packet type of a Retry packet PacketTypeRetry PacketType = 0x7e // PacketTypeHandshake is the packet type of a Handshake packet PacketTypeHandshake PacketType = 0x7d // PacketType0RTT is the packet type of a 0-RTT packet PacketType0RTT PacketType = 0x7c )
func (PacketType) String ¶
func (t PacketType) String() string
type Perspective ¶
type Perspective int
Perspective determines if we're acting as a server or a client
const ( PerspectiveServer Perspective = 1 PerspectiveClient Perspective = 2 )
the perspectives
func (Perspective) Opposite ¶
func (p Perspective) Opposite() Perspective
Opposite returns the perspective of the peer
func (Perspective) String ¶
func (p Perspective) String() string
type StreamID ¶
type StreamID uint64
A StreamID in QUIC
func MaxBidiStreamID ¶
func MaxBidiStreamID(numStreams int, pers Perspective) StreamID
MaxBidiStreamID is the highest stream ID that the peer is allowed to open, when it is allowed to open numStreams bidirectional streams. It is only valid for IETF QUIC.
func MaxUniStreamID ¶
func MaxUniStreamID(numStreams int, pers Perspective) StreamID
MaxUniStreamID is the highest stream ID that the peer is allowed to open, when it is allowed to open numStreams unidirectional streams. It is only valid for IETF QUIC.
type VersionNumber ¶
type VersionNumber uint32
VersionNumber is a version number as int
const ( Version39 VersionNumber = gquicVersion0 + 3*0x100 + 0x9 Version43 VersionNumber = gquicVersion0 + 4*0x100 + 0x3 Version44 VersionNumber = gquicVersion0 + 4*0x100 + 0x4 VersionTLS VersionNumber = 101 VersionWhatever VersionNumber = 0 // for when the version doesn't matter VersionUnknown VersionNumber = math.MaxUint32 )
The version numbers, making grepping easier
func ChooseSupportedVersion ¶
func ChooseSupportedVersion(ours, theirs []VersionNumber) (VersionNumber, bool)
ChooseSupportedVersion finds the best version in the overlap of ours and theirs ours is a slice of versions that we support, sorted by our preference (descending) theirs is a slice of versions offered by the peer. The order does not matter. The bool returned indicates if a matching version was found.
func GetGreasedVersions ¶
func GetGreasedVersions(supported []VersionNumber) []VersionNumber
GetGreasedVersions adds one reserved version number to a slice of version numbers, at a random position
func StripGreasedVersions ¶
func StripGreasedVersions(versions []VersionNumber) []VersionNumber
StripGreasedVersions strips all greased versions from a slice of versions
func (VersionNumber) CryptoStreamID ¶
func (vn VersionNumber) CryptoStreamID() StreamID
CryptoStreamID gets the Stream ID of the crypto stream
func (VersionNumber) StreamContributesToConnectionFlowControl ¶
func (vn VersionNumber) StreamContributesToConnectionFlowControl(id StreamID) bool
StreamContributesToConnectionFlowControl says if a stream contributes to connection-level flow control
func (VersionNumber) String ¶
func (vn VersionNumber) String() string
func (VersionNumber) ToAltSvc ¶
func (vn VersionNumber) ToAltSvc() string
ToAltSvc returns the representation of the version for the H2 Alt-Svc parameters
func (VersionNumber) UsesIETFFrameFormat ¶
func (vn VersionNumber) UsesIETFFrameFormat() bool
UsesIETFFrameFormat tells if this version uses the IETF frame format
func (VersionNumber) UsesIETFHeaderFormat ¶
func (vn VersionNumber) UsesIETFHeaderFormat() bool
UsesIETFHeaderFormat tells if this version uses the IETF header format
func (VersionNumber) UsesLengthInHeader ¶
func (vn VersionNumber) UsesLengthInHeader() bool
UsesLengthInHeader tells if this version uses the Length field in the IETF header
func (VersionNumber) UsesStopWaitingFrames ¶
func (vn VersionNumber) UsesStopWaitingFrames() bool
UsesStopWaitingFrames tells if this version uses STOP_WAITING frames
func (VersionNumber) UsesTLS ¶
func (vn VersionNumber) UsesTLS() bool
UsesTLS says if this QUIC version uses TLS 1.3 for the handshake
func (VersionNumber) UsesTokenInHeader ¶
func (vn VersionNumber) UsesTokenInHeader() bool
UsesTokenInHeader tells if this version uses the Token field in the IETF header
func (VersionNumber) UsesVarintPacketNumbers ¶
func (vn VersionNumber) UsesVarintPacketNumbers() bool
UsesVarintPacketNumbers tells if this version uses 7/14/30 bit packet numbers