Documentation
¶
Index ¶
Constants ¶
const ( Version35 VersionNumber = 35 + iota Version36 VersionWhatever = 0 // for when the version doesn't matter VersionUnsupported = -1 )
The version numbers, making grepping easier
const AckSendDelay = 25 * time.Millisecond
AckSendDelay is the maximum delay that can be applied to an ACK for a retransmittable packet This is the value Chromium is using
const ClientHelloMinimumSize = 1024
ClientHelloMinimumSize is the minimum size the server expects an inchoate CHLO to have.
const ClosedSessionDeleteTimeout = time.Minute
ClosedSessionDeleteTimeout the server ignores packets arriving on a connection that is already closed after this time all information about the old connection will be deleted
const ConnectionFlowControlMultiplier = 1.5
ConnectionFlowControlMultiplier determines how much larger the connection flow control windows needs to be relative to any stream's flow control window This is the value that Chromium is using
const CryptoMaxParams = 128
CryptoMaxParams is the upper limit for the number of parameters in a crypto message. Value taken from Chrome.
const CryptoParameterMaxLength = 4000
CryptoParameterMaxLength is the upper limit for the length of a parameter in a crypto message.
const DefaultIdleTimeout = 30 * time.Second
DefaultIdleTimeout is the default idle timeout, for the server
const DefaultMaxCongestionWindow = 1000
DefaultMaxCongestionWindow is the default for the max congestion window
const EphermalKeyLifetime = time.Minute
EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX.
const InitialCongestionWindow = 32
InitialCongestionWindow is the initial congestion window in QUIC packets
const InitialIdleTimeout = 5 * time.Second
InitialIdleTimeout is the timeout before the handshake succeeds.
const MaxByteCount = math.MaxUint64
MaxByteCount is the maximum value of a ByteCount
const MaxClientHellos = 3
MaxClientHellos is the maximum number of times we'll send a client hello The value 3 accounts for: * one failure due to an incorrect or missing source-address token * one failure due the server's certificate chain being unavailible and the server being unwilling to send it without a valid source-address token
const MaxFrameAndPublicHeaderSize = MaxPacketSize - 12 /*crypto signature*/
MaxFrameAndPublicHeaderSize is the maximum size of a QUIC frame plus PublicHeader
const MaxIdleTimeoutClient = 2 * time.Minute
MaxIdleTimeoutClient is the idle timeout that the client suggests to the server
const MaxIdleTimeoutServer = 1 * time.Minute
MaxIdleTimeoutServer is the maximum idle timeout that can be negotiated, for the server
const MaxIncomingDynamicStreamsPerConnection = 100
MaxIncomingDynamicStreamsPerConnection is the maximum value accepted for the incoming number of dynamic streams per connection
const MaxNewStreamIDDelta = 4 * MaxStreamsPerConnection
MaxNewStreamIDDelta is the maximum difference between and a newly opened Stream and the highest StreamID that a client has ever opened note that the number of streams is half this value, since the client can only open streams with open StreamID
const MaxPacketsReceivedBeforeAckSend = 20
MaxPacketsReceivedBeforeAckSend is the number of packets that can be received before an ACK frame is sent
const MaxSessionUnprocessedPackets = DefaultMaxCongestionWindow
MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed.
const MaxStreamFrameSorterGaps = 1000
MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames prevents DoS attacks against the streamFrameSorter
const MaxStreamsMinimumIncrement = 10
MaxStreamsMinimumIncrement is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this absolute increment and the procentual increase specified by MaxStreamsMultiplier is used.
const MaxStreamsMultiplier = 1.1
MaxStreamsMultiplier is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this procentual increase and the absolute increment specified by MaxStreamsMinimumIncrement is used.
const MaxStreamsPerConnection = 100
MaxStreamsPerConnection is the maximum value accepted for the number of streams per connection
const MaxTimeForCryptoHandshake = 10 * time.Second
MaxTimeForCryptoHandshake is the default timeout for a connection until the crypto handshake succeeds.
const MaxTrackedReceivedAckRanges = DefaultMaxCongestionWindow
MaxTrackedReceivedAckRanges is the maximum number of ACK ranges tracked
const MaxTrackedReceivedPackets = 2 * DefaultMaxCongestionWindow
MaxTrackedReceivedPackets is the maximum number of received packets saved for doing the entropy calculations
const MaxTrackedSentPackets = 2 * DefaultMaxCongestionWindow
MaxTrackedSentPackets is maximum number of sent packets saved for either later retransmission or entropy calculation
const MaxTrackedSkippedPackets = 10
MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
const MaxUndecryptablePackets = 10
MaxUndecryptablePackets limits the number of undecryptable packets that a session queues for later until it sends a public reset.
const NonForwardSecurePacketSizeReduction = 50
NonForwardSecurePacketSizeReduction is the number of bytes a non forward-secure packet has to be smaller than a forward-secure packet This makes sure that those packets can always be retransmitted without splitting the contained StreamFrames
const NumCachedCertificates = 128
NumCachedCertificates is the number of cached compressed certificate chains, each taking ~1K space
const PublicResetTimeout = 500 * time.Millisecond
PublicResetTimeout is the time to wait before sending a Public Reset when receiving too many undecryptable packets during the handshake This timeout allows the Go scheduler to switch to the Go rountine that reads the crypto stream and to escalate the crypto
const RetransmittablePacketsBeforeAck = 2
RetransmittablePacketsBeforeAck is the number of retransmittable that an ACK is sent for
const STKExpiryTimeSec = 24 * 60 * 60
STKExpiryTimeSec is the valid time of a source address token in seconds
Variables ¶
var SupportedVersions = []VersionNumber{ Version35, Version36, }
SupportedVersions lists the versions that the server supports must be in sorted order
var SupportedVersionsAsString string
SupportedVersionsAsString is needed for the Alt-Scv HTTP header
var SupportedVersionsAsTags []byte
SupportedVersionsAsTags is needed for the SHLO crypto message
Functions ¶
func IsSupportedVersion ¶
func IsSupportedVersion(v VersionNumber) bool
IsSupportedVersion returns true if the server supports this version
func VersionNumberToTag ¶
func VersionNumberToTag(vn VersionNumber) uint32
VersionNumberToTag maps version numbers ('32') to tags ('Q032')
Types ¶
type ByteCount ¶
type ByteCount uint64
A ByteCount in QUIC
const DefaultTCPMSS ByteCount = 1460
DefaultTCPMSS is the default maximum packet size used in the Linux TCP implementation. Used in QUIC for congestion window computations in bytes.
const InitialConnectionFlowControlWindow ByteCount = (1 << 14) // 16 kB
InitialConnectionFlowControlWindow is the initial connection-level flow control window for sending
const InitialStreamFlowControlWindow ByteCount = (1 << 14) // 16 kB
InitialStreamFlowControlWindow is the initial stream-level flow control window for sending
const MaxPacketSize ByteCount = 1350
MaxPacketSize is the maximum packet size, including the public header, that we use for sending packets This is the value used by Chromium for a QUIC packet sent using IPv6 (for IPv4 it would be 1370)
const MaxReceiveConnectionFlowControlWindowClient ByteCount = 15 * (1 << 20) // 15 MB
MaxReceiveConnectionFlowControlWindowClient is the connection-level flow control window for receiving data, for the server This is the value that Google servers are using
const MaxReceiveConnectionFlowControlWindowServer ByteCount = 1.5 * (1 << 20) // 1.5 MB
MaxReceiveConnectionFlowControlWindowServer is the connection-level flow control window for receiving data This is the value that Google servers are using
const MaxReceivePacketSize ByteCount = 1452
MaxReceivePacketSize maximum packet size of any QUIC packet, based on ethernet's max size, minus the IP and UDP headers. IPv6 has a 40 byte header, UDP adds an additional 8 bytes. This is a total overhead of 48 bytes. Ethernet's max packet size is 1500 bytes, 1500 - 48 = 1452.
const MaxReceiveStreamFlowControlWindowClient ByteCount = 6 * (1 << 20) // 6 MB
MaxReceiveStreamFlowControlWindowClient is the maximum stream-level flow control window for receiving data, for the client This is the value that Chromium is using
const MaxReceiveStreamFlowControlWindowServer ByteCount = 1 * (1 << 20) // 1 MB
MaxReceiveStreamFlowControlWindowServer is the maximum stream-level flow control window for receiving data This is the value that Google servers are using
const ReceiveConnectionFlowControlWindow ByteCount = (1 << 10) * 48 // 48 kB
ReceiveConnectionFlowControlWindow is the connection-level flow control window for receiving data This is the value that Google servers are using
const ReceiveStreamFlowControlWindow ByteCount = (1 << 10) * 32 // 32 kB
ReceiveStreamFlowControlWindow is the stream-level flow control window for receiving data This is the value that Google servers are using
type EncryptionLevel ¶
type EncryptionLevel int
EncryptionLevel is the encryption level Default value is Unencrypted
const ( // EncryptionUnspecified is a not specified encryption level EncryptionUnspecified EncryptionLevel = iota // EncryptionUnencrypted is not encrypted EncryptionUnencrypted // EncryptionSecure is encrypted, but not forward secure EncryptionSecure // EncryptionForwardSecure is forward secure EncryptionForwardSecure )
func (EncryptionLevel) String ¶
func (e EncryptionLevel) String() string
type PacketNumber ¶
type PacketNumber uint64
A PacketNumber in QUIC
const SkipPacketAveragePeriodLength PacketNumber = 500
SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
func InferPacketNumber ¶
func InferPacketNumber(packetNumberLength PacketNumberLen, lastPacketNumber PacketNumber, wirePacketNumber PacketNumber) PacketNumber
InferPacketNumber calculates the packet number based on the received packet number, its length and the last seen packet number
type PacketNumberLen ¶
type PacketNumberLen uint8
PacketNumberLen is the length of the packet number in bytes
const ( // PacketNumberLenInvalid is the default value and not a valid length for a packet number PacketNumberLenInvalid PacketNumberLen = 0 // PacketNumberLen1 is a packet number length of 1 byte PacketNumberLen1 PacketNumberLen = 1 // PacketNumberLen2 is a packet number length of 2 bytes PacketNumberLen2 PacketNumberLen = 2 // PacketNumberLen4 is a packet number length of 4 bytes PacketNumberLen4 PacketNumberLen = 4 // PacketNumberLen6 is a packet number length of 6 bytes PacketNumberLen6 PacketNumberLen = 6 )
func GetPacketNumberLength ¶
func GetPacketNumberLength(packetNumber PacketNumber) PacketNumberLen
GetPacketNumberLength gets the minimum length needed to fully represent the packet number
func GetPacketNumberLengthForPublicHeader ¶
func GetPacketNumberLengthForPublicHeader(packetNumber PacketNumber, leastUnacked PacketNumber) PacketNumberLen
GetPacketNumberLengthForPublicHeader gets the length of the packet number for the public header it never chooses a PacketNumberLen of 1 byte, since this is too short under certain circumstances
type Perspective ¶
type Perspective int
Perspective determines if we're acting as a server or a client
const ( PerspectiveServer Perspective = 1 PerspectiveClient Perspective = 2 )
the perspectives
type VersionNumber ¶
type VersionNumber int
VersionNumber is a version number as int
func HighestSupportedVersion ¶
func HighestSupportedVersion(other []VersionNumber) (bool, VersionNumber)
HighestSupportedVersion finds the highest version number that is both present in other and in SupportedVersions the versions in other do not need to be ordered it returns true and the version number, if there is one, otherwise false
func VersionTagToNumber ¶
func VersionTagToNumber(v uint32) VersionNumber
VersionTagToNumber is built from VersionNumberToTag in init()
Source Files