Documentation ¶
Index ¶
Constants ¶
const AckSendDelay = 25 * time.Millisecond
AckSendDelay is the maximum delay that can be applied to an ACK for a retransmittable packet This is the value Chromium is using
const ClientHelloMinimumSize = 1024
ClientHelloMinimumSize is the minimum size the server expects an inchoate CHLO to have.
const ClosedSessionDeleteTimeout = time.Minute
ClosedSessionDeleteTimeout the server ignores packets arriving on a connection that is already closed after this time all information about the old connection will be deleted
const ConnectionFlowControlMultiplier = 1.5
ConnectionFlowControlMultiplier determines how much larger the connection flow control windows needs to be relative to any stream's flow control window This is the value that Chromium is using
const CookieExpiryTime = 24 * time.Hour
CookieExpiryTime is the valid time of a cookie
const CryptoMaxParams = 128
CryptoMaxParams is the upper limit for the number of parameters in a crypto message. Value taken from Chrome.
const CryptoParameterMaxLength = 4000
CryptoParameterMaxLength is the upper limit for the length of a parameter in a crypto message.
const DefaultHandshakeTimeout = 10 * time.Second
DefaultHandshakeTimeout is the default timeout for a connection until the crypto handshake succeeds.
const DefaultIdleTimeout = 30 * time.Second
DefaultIdleTimeout is the default idle timeout
const DefaultMaxCongestionWindow = 2500
DefaultMaxCongestionWindow is the default for the max congestion window XXX (QDC): with large bandwidth networks, this can be a limiting factor Seems reasonable, around 3.5MB in flight
const DefaultMaxReceiveConnectionFlowControlWindowClient = 24 * (1 << 20) // 24 MB
DefaultMaxReceiveConnectionFlowControlWindowClient is the default connection-level flow control window for receiving data, for the client This is the value that Google servers are using
const DefaultMaxReceiveConnectionFlowControlWindowServer = 1.5 * (1 << 20) // 1.5 MB
DefaultMaxReceiveConnectionFlowControlWindowServer is the default connection-level flow control window for receiving data, for the server This is the value that Google servers are using
const DefaultMaxReceiveStreamFlowControlWindowClient = 16 * (1 << 20) // 16 MB
DefaultMaxReceiveStreamFlowControlWindowClient is the default maximum stream-level flow control window for receiving data, for the client This is the value that Chromium is using
const DefaultMaxReceiveStreamFlowControlWindowServer = 1 * (1 << 20) // 1 MB
DefaultMaxReceiveStreamFlowControlWindowServer is the default maximum stream-level flow control window for receiving data, for the server This is the value that Google servers are using
const EphermalKeyLifetime = time.Minute
EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX.
const InitialCongestionWindow = 32
InitialCongestionWindow is the initial congestion window in QUIC packets
const InitialPathID = 0
Initial PathID
const MaxByteCount = ByteCount(math.MaxUint64)
MaxByteCount is the maximum value of a ByteCount
const MaxClientHellos = 3
MaxClientHellos is the maximum number of times we'll send a client hello The value 3 accounts for: * one failure due to an incorrect or missing source-address token * one failure due the server's certificate chain being unavailible and the server being unwilling to send it without a valid source-address token
const MaxIncomingDynamicStreamsPerConnection = 100
MaxIncomingDynamicStreamsPerConnection is the maximum value accepted for the incoming number of dynamic streams per connection
const MaxNewStreamIDDelta = 4 * MaxStreamsPerConnection
MaxNewStreamIDDelta is the maximum difference between and a newly opened Stream and the highest StreamID that a client has ever opened note that the number of streams is half this value, since the client can only open streams with open StreamID
const MaxNonRetransmittablePackets = 19
MaxNonRetransmittablePackets is the maximum number of non-retransmittable packets that we send in a row
const MaxPacketsReceivedBeforeAckSend = 20
MaxPacketsReceivedBeforeAckSend is the number of packets that can be received before an ACK frame is sent
const MaxSessionUnprocessedPackets = DefaultMaxCongestionWindow
MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed.
const MaxStreamFrameSorterGaps = 2500
MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames prevents DoS attacks against the streamFrameSorter XXX (QDC): needs to be compliant with the maximal congestion window
const MaxStreamsMinimumIncrement = 10
MaxStreamsMinimumIncrement is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this absolute increment and the procentual increase specified by MaxStreamsMultiplier is used.
const MaxStreamsMultiplier = 1.1
MaxStreamsMultiplier is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this procentual increase and the absolute increment specified by MaxStreamsMinimumIncrement is used.
const MaxStreamsPerConnection = 100
MaxStreamsPerConnection is the maximum value accepted for the number of streams per connection
const MaxTrackedReceivedAckRanges = DefaultMaxCongestionWindow
MaxTrackedReceivedAckRanges is the maximum number of ACK ranges tracked
const MaxTrackedSentPackets = 2 * DefaultMaxCongestionWindow
MaxTrackedSentPackets is maximum number of sent packets saved for either later retransmission or entropy calculation
const MaxTrackedSkippedPackets = 10
MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
const MaxUndecryptablePackets = 10
MaxUndecryptablePackets limits the number of undecryptable packets that a session queues for later until it sends a public reset.
const NonForwardSecurePacketSizeReduction = 50
NonForwardSecurePacketSizeReduction is the number of bytes a non forward-secure packet has to be smaller than a forward-secure packet This makes sure that those packets can always be retransmitted without splitting the contained StreamFrames
const NumCachedCertificates = 128
NumCachedCertificates is the number of cached compressed certificate chains, each taking ~1K space
const PublicResetTimeout = 500 * time.Millisecond
PublicResetTimeout is the time to wait before sending a Public Reset when receiving too many undecryptable packets during the handshake This timeout allows the Go scheduler to switch to the Go rountine that reads the crypto stream and to escalate the crypto
const ReceiveConnectionFlowControlWindow = (1 << 10) * 48 // 48 kB
ReceiveConnectionFlowControlWindow is the connection-level flow control window for receiving data This is the value that Google servers are using
const ReceiveStreamFlowControlWindow = (1 << 10) * 32 // 32 kB
ReceiveStreamFlowControlWindow is the stream-level flow control window for receiving data This is the value that Google servers are using
const RetransmittablePacketsBeforeAck = 2
RetransmittablePacketsBeforeAck is the number of retransmittable that an ACK is sent for
Variables ¶
var SupportedVersions = []VersionNumber{ VersionMP, Version39, Version38, Version37, }
SupportedVersions lists the versions that the server supports must be in sorted descending order
Functions ¶
func IsSupportedVersion ¶
func IsSupportedVersion(supported []VersionNumber, v VersionNumber) bool
IsSupportedVersion returns true if the server supports this version
func VersionNumberToTag ¶
func VersionNumberToTag(vn VersionNumber) uint32
VersionNumberToTag maps version numbers ('32') to tags ('Q032')
Types ¶
type ByteCount ¶
type ByteCount uint64
A ByteCount in QUIC
const DefaultTCPMSS ByteCount = 1460
DefaultTCPMSS is the default maximum packet size used in the Linux TCP implementation. Used in QUIC for congestion window computations in bytes.
const InitialConnectionFlowControlWindow ByteCount = (1 << 14) // 16 kB
InitialConnectionFlowControlWindow is the initial connection-level flow control window for sending
const InitialStreamFlowControlWindow ByteCount = (1 << 14) // 16 kB
InitialStreamFlowControlWindow is the initial stream-level flow control window for sending
const MaxPacketSize ByteCount = 1350
MaxPacketSize is the maximum packet size, including the public header, that we use for sending packets This is the value used by Chromium for a QUIC packet sent using IPv6 (for IPv4 it would be 1370)
const MaxReceivePacketSize ByteCount = 1452
MaxReceivePacketSize maximum packet size of any QUIC packet, based on ethernet's max size, minus the IP and UDP headers. IPv6 has a 40 byte header, UDP adds an additional 8 bytes. This is a total overhead of 48 bytes. Ethernet's max packet size is 1500 bytes, 1500 - 48 = 1452.
type EncryptionLevel ¶
type EncryptionLevel int
EncryptionLevel is the encryption level Default value is Unencrypted
const ( // EncryptionUnspecified is a not specified encryption level EncryptionUnspecified EncryptionLevel = iota // EncryptionUnencrypted is not encrypted EncryptionUnencrypted // EncryptionSecure is encrypted, but not forward secure EncryptionSecure // EncryptionForwardSecure is forward secure EncryptionForwardSecure )
func (EncryptionLevel) String ¶
func (e EncryptionLevel) String() string
type PacketNumber ¶
type PacketNumber uint64
A PacketNumber in QUIC
const SkipPacketAveragePeriodLength PacketNumber = 500
SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
func InferPacketNumber ¶
func InferPacketNumber(packetNumberLength PacketNumberLen, lastPacketNumber PacketNumber, wirePacketNumber PacketNumber) PacketNumber
InferPacketNumber calculates the packet number based on the received packet number, its length and the last seen packet number
type PacketNumberLen ¶
type PacketNumberLen uint8
PacketNumberLen is the length of the packet number in bytes
const ( // PacketNumberLenInvalid is the default value and not a valid length for a packet number PacketNumberLenInvalid PacketNumberLen = 0 // PacketNumberLen1 is a packet number length of 1 byte PacketNumberLen1 PacketNumberLen = 1 // PacketNumberLen2 is a packet number length of 2 bytes PacketNumberLen2 PacketNumberLen = 2 // PacketNumberLen4 is a packet number length of 4 bytes PacketNumberLen4 PacketNumberLen = 4 // PacketNumberLen6 is a packet number length of 6 bytes PacketNumberLen6 PacketNumberLen = 6 )
func GetPacketNumberLength ¶
func GetPacketNumberLength(packetNumber PacketNumber) PacketNumberLen
GetPacketNumberLength gets the minimum length needed to fully represent the packet number
func GetPacketNumberLengthForPublicHeader ¶
func GetPacketNumberLengthForPublicHeader(packetNumber PacketNumber, leastUnacked PacketNumber) PacketNumberLen
GetPacketNumberLengthForPublicHeader gets the length of the packet number for the public header it never chooses a PacketNumberLen of 1 byte, since this is too short under certain circumstances
type Perspective ¶
type Perspective int
Perspective determines if we're acting as a server or a client
const ( PerspectiveServer Perspective = 1 PerspectiveClient Perspective = 2 )
the perspectives
type VersionNumber ¶
type VersionNumber int
VersionNumber is a version number as int
const ( Version37 VersionNumber = 37 + iota Version38 Version39 VersionTLS VersionNumber = 101 VersionWhatever VersionNumber = 0 // for when the version doesn't matter VersionUnsupported VersionNumber = -1 VersionUnknown VersionNumber = -2 VersionMP VersionNumber = 512 )
The version numbers, making grepping easier
func ChooseSupportedVersion ¶
func ChooseSupportedVersion(ours, theirs []VersionNumber) VersionNumber
ChooseSupportedVersion finds the best version in the overlap of ours and theirs ours is a slice of versions that we support, sorted by our preference (descending) theirs is a slice of versions offered by the peer. The order does not matter if no suitable version is found, it returns VersionUnsupported
func VersionTagToNumber ¶
func VersionTagToNumber(v uint32) VersionNumber
VersionTagToNumber is built from VersionNumberToTag in init()
func (VersionNumber) String ¶
func (vn VersionNumber) String() string
func (VersionNumber) UsesTLS ¶
func (vn VersionNumber) UsesTLS() bool
UsesTLS says if this QUIC version uses TLS 1.3 for the handshake