From: Xin Long <lucien.xin@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: network dev <netdev@vger.kernel.org>,
davem@davemloft.net, kuba@kernel.org,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Stefan Metzmacher <metze@samba.org>,
Moritz Buhl <mbuhl@openbsd.org>,
Tyler Fanelli <tfanelli@redhat.com>,
Pengtao He <hepengtao@xiaomi.com>,
linux-cifs@vger.kernel.org, Steve French <smfrench@gmail.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Paulo Alcantara <pc@manguebit.com>, Tom Talpey <tom@talpey.com>,
kernel-tls-handshake@lists.linux.dev,
Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>,
Benjamin Coddington <bcodding@redhat.com>,
Steve Dickson <steved@redhat.com>, Hannes Reinecke <hare@suse.de>,
Alexander Aring <aahringo@redhat.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
"D . Wythe" <alibuda@linux.alibaba.com>,
Jason Baron <jbaron@akamai.com>,
illiliti <illiliti@protonmail.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Daniel Stenberg <daniel@haxx.se>,
Andy Gospodarek <andrew.gospodarek@broadcom.com>
Subject: Re: [PATCH net-next 00/15] net: introduce QUIC infrastructure and core subcomponents
Date: Mon, 7 Jul 2025 10:54:02 -0400 [thread overview]
Message-ID: <CADvbK_cR9RCeZo5d3--h7iTBfHszpmdDS7+0kfCUsViOamwR5Q@mail.gmail.com> (raw)
In-Reply-To: <2334439.1751877644@warthog.procyon.org.uk>
On Mon, Jul 7, 2025 at 4:41 AM David Howells <dhowells@redhat.com> wrote:
>
>
> Xin Long <lucien.xin@gmail.com> wrote:
>
> > Introduction
> > ============
> >
> > The QUIC protocol, as defined in RFC9000, offers a UDP-based, secure
> > transport with flow-controlled streams for efficient communication,
> > low-latency connection setup, and network path migration, ensuring
> > confidentiality, integrity, and availability across various deployments.
> >
> > This implementation introduces QUIC support in Linux Kernel, offering
> > several key advantages:
> >
> > - Seamless Integration for Kernel Subsystems: Kernel subsystems such as
> > SMB and NFS can operate over QUIC seamlessly after the handshake,
> > leveraging the net/handshake APIs.
> >
> > - Standardized Socket APIs for QUIC: This implementation standardizes the
> > socket APIs for QUIC, covering essential operations like listen, accept,
> > connect, sendmsg, recvmsg, close, get/setsockopt, and getsock/peername().
> >
> > - Efficient ALPN Routing: It incorporates ALPN routing within the kernel,
> > efficiently directing incoming requests to the appropriate applications
> > across different processes based on ALPN.
> >
> > - Performance Enhancements: By minimizing data duplication through
> > zero-copy techniques such as sendfile(), and paving the way for crypto
> > offloading in NICs, this implementation enhances performance and prepares
> > for future optimizations.
> >
> > This implementation offers fundamental support for the following RFCs:
> >
> > - RFC9000 - QUIC: A UDP-Based Multiplexed and Secure Transport
> > - RFC9001 - Using TLS to Secure QUIC
> > - RFC9002 - QUIC Loss Detection and Congestion Control
> > - RFC9221 - An Unreliable Datagram Extension to QUIC
> > - RFC9287 - Greasing the QUIC Bit
> > - RFC9368 - Compatible Version Negotiation for QUIC
> > - RFC9369 - QUIC Version 2
> >
> > The socket APIs for QUIC follow the RFC draft [1]:
> >
> > - The Sockets API Extensions for In-kernel QUIC Implementations
> >
> > Implementation
> > ==============
> >
> > The core idea is to implement QUIC within the kernel, using a userspace
> > handshake approach.
> >
> > Only the processing and creation of raw TLS Handshake Messages are handled
> > in userspace, facilitated by a TLS library like GnuTLS. These messages are
> > exchanged between kernel and userspace via sendmsg() and recvmsg(), with
> > cryptographic details conveyed through control messages (cmsg).
> >
> > The entire QUIC protocol, aside from the TLS Handshake Messages processing
> > and creation, is managed within the kernel. Rather than using a Upper Layer
> > Protocol (ULP) layer, this implementation establishes a socket of type
> > IPPROTO_QUIC (similar to IPPROTO_MPTCP), operating over UDP tunnels.
> >
> > For kernel consumers, they can initiate a handshake request from the kernel
> > to userspace using the existing net/handshake netlink. The userspace
> > component, such as tlshd service [2], then manages the processing
> > of the QUIC handshake request.
> >
> > - Handshake Architecture:
> >
> > ┌──────┐ ┌──────┐
> > │ APP1 │ │ APP2 │ ...
> > └──────┘ └──────┘
> > ┌──────────────────────────────────────────┐
> > │ {quic_client/server_handshake()} │<─────────────┐
> > └──────────────────────────────────────────┘ ┌─────────────┐
> > {send/recvmsg()} {set/getsockopt()} │ tlshd │
> > [CMSG handshake_info] [SOCKOPT_CRYPTO_SECRET] └─────────────┘
> > [SOCKOPT_TRANSPORT_PARAM_EXT] │ ^
> > │ ^ │ ^ │ │
> > Userspace │ │ │ │ │ │
> > ──────────────│─│──────────────────│─│──────────────────│───│───────
> > Kernel │ │ │ │ │ │
> > v │ v │ v │
> > ┌──────────────────┬───────────────────────┐ ┌─────────────┐
> > │ protocol, timer, │ socket (IPPROTO_QUIC) │<──┐ │ handshake │
> > │ ├───────────────────────┤ │ │netlink APIs │
> > │ common, family, │ outqueue | inqueue │ │ └─────────────┘
> > │ ├───────────────────────┤ │ │ │
> > │ stream, connid, │ frame │ │ ┌─────┐ ┌─────┐
> > │ ├───────────────────────┤ │ │ │ │ │
> > │ path, pnspace, │ packet │ │───│ SMB │ │ NFS │...
> > │ ├───────────────────────┤ │ │ │ │ │
> > │ cong, crypto │ UDP tunnels │ │ └─────┘ └─────┘
> > └──────────────────┴───────────────────────┘ └──────┴───────┘
> >
> > - User Data Architecture:
> >
> > ┌──────┐ ┌──────┐
> > │ APP1 │ │ APP2 │ ...
> > └──────┘ └──────┘
> > {send/recvmsg()} {set/getsockopt()} {recvmsg()}
> > [CMSG stream_info] [SOCKOPT_KEY_UPDATE] [EVENT conn update]
> > [SOCKOPT_CONNECTION_MIGRATION] [EVENT stream update]
> > [SOCKOPT_STREAM_OPEN/RESET/STOP]
> > │ ^ │ ^ ^
> > Userspace │ │ │ │ │
> > ──────────────│─│───────────────│─│─────────────────────│───────────
> > Kernel │ │ │ │ │
> > v │ v │ ┌──────────────────┘
> > ┌──────────────────┬───────────────────────┐
> > │ protocol, timer, │ socket (IPPROTO_QUIC) │<──┐{kernel_send/recvmsg()}
> > │ ├───────────────────────┤ │{kernel_set/getsockopt()}
> > │ common, family, │ outqueue | inqueue │ │{kernel_recvmsg()}
> > │ ├───────────────────────┤ │
> > │ stream, connid, │ frame │ │ ┌─────┐ ┌─────┐
> > │ ├───────────────────────┤ │ │ │ │ │
> > │ path, pnspace, │ packet │ │───│ SMB │ │ NFS │...
> > │ ├───────────────────────┤ │ │ │ │ │
> > │ cong, crypto │ UDP tunnels │ │ └─────┘ └─────┘
> > └──────────────────┴───────────────────────┘ └──────┴───────┘
> >
> > Interface
> > =========
> >
> > This implementation supports a mapping of QUIC into sockets APIs. Similar
> > to TCP and SCTP, a typical Server and Client use the following system call
> > sequence to communicate:
> >
> > Client Server
> > ──────────────────────────────────────────────────────────────────────
> > sockfd = socket(IPPROTO_QUIC) listenfd = socket(IPPROTO_QUIC)
> > bind(sockfd) bind(listenfd)
> > listen(listenfd)
> > connect(sockfd)
> > quic_client_handshake(sockfd)
> > sockfd = accecpt(listenfd)
> > quic_server_handshake(sockfd, cert)
> >
> > sendmsg(sockfd) recvmsg(sockfd)
> > close(sockfd) close(sockfd)
> > close(listenfd)
> >
> > Please note that quic_client_handshake() and quic_server_handshake()
> > functions are currently sourced from libquic [3]. These functions are
> > responsible for receiving and processing the raw TLS handshake messages
> > until the completion of the handshake process.
> >
> > For utilization by kernel consumers, it is essential to have tlshd
> > service [2] installed and running in userspace. This service receives
> > and manages kernel handshake requests for kernel sockets. In the kernel,
> > the APIs closely resemble those used in userspace:
> >
> > Client Server
> > ────────────────────────────────────────────────────────────────────────
> > __sock_create(IPPROTO_QUIC, &sock) __sock_create(IPPROTO_QUIC, &sock)
> > kernel_bind(sock) kernel_bind(sock)
> > kernel_listen(sock)
> > kernel_connect(sock)
> > tls_client_hello_x509(args:{sock})
> > kernel_accept(sock, &newsock)
> > tls_server_hello_x509(args:{newsock})
> >
> > kernel_sendmsg(sock) kernel_recvmsg(newsock)
> > sock_release(sock) sock_release(newsock)
> > sock_release(sock)
> >
> > Please be aware that tls_client_hello_x509() and tls_server_hello_x509()
> > are APIs from net/handshake/. They are used to dispatch the handshake
> > request to the userspace tlshd service and subsequently block until the
> > handshake process is completed.
>
> Can you please put this (or something like this) into Documentation/
> somewhere?
>
Yes, there is a patch that adds Documentation/networking/quic.rst in the
subsequent patchset, which I’ll post after this one. It addresses exactly
what you pointed out:
https://github.com/lxin/net-next/commit/9f978448531b958f859bbd48dce8a703b256b25a
Thanks.
Thanks.
next prev parent reply other threads:[~2025-07-07 14:54 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-05 19:31 [PATCH net-next 00/15] net: introduce QUIC infrastructure and core subcomponents Xin Long
2025-07-05 19:31 ` [PATCH net-next 01/15] net: define IPPROTO_QUIC and SOL_QUIC constants Xin Long
2025-07-05 19:31 ` [PATCH net-next 02/15] net: build socket infrastructure for QUIC protocol Xin Long
2025-07-05 19:31 ` [PATCH net-next 03/15] quic: provide common utilities and data structures Xin Long
2025-07-05 19:31 ` [PATCH net-next 04/15] quic: provide family ops for address and protocol Xin Long
2025-07-05 19:31 ` [PATCH net-next 05/15] quic: provide quic.h header files for kernel and userspace Xin Long
2025-07-08 14:34 ` Jakub Kicinski
2025-07-09 14:52 ` Xin Long
2025-07-05 19:31 ` [PATCH net-next 06/15] quic: add stream management Xin Long
2025-07-05 19:31 ` [PATCH net-next 07/15] quic: add connection id management Xin Long
2025-07-05 19:31 ` [PATCH net-next 08/15] quic: add path management Xin Long
2025-07-05 19:31 ` [PATCH net-next 09/15] quic: add congestion control Xin Long
2025-07-05 19:31 ` [PATCH net-next 10/15] quic: add packet number space Xin Long
2025-07-05 19:31 ` [PATCH net-next 11/15] quic: add crypto key derivation and installation Xin Long
2025-07-05 19:31 ` [PATCH net-next 12/15] quic: add crypto packet encryption and decryption Xin Long
2025-07-05 19:31 ` [PATCH net-next 13/15] quic: add timer management Xin Long
2025-07-05 19:31 ` [PATCH net-next 14/15] quic: add frame encoder and decoder base Xin Long
2025-07-05 19:31 ` [PATCH net-next 15/15] quic: add packet builder and parser base Xin Long
2025-07-07 8:40 ` [PATCH net-next 00/15] net: introduce QUIC infrastructure and core subcomponents David Howells
2025-07-07 14:54 ` Xin Long [this message]
2025-07-08 9:08 ` David Howells
2025-07-08 16:33 ` [PATCH net-next 05/15] quic: provide quic.h header files for kernel and userspace David Howells
2025-07-09 17:05 ` Xin Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADvbK_cR9RCeZo5d3--h7iTBfHszpmdDS7+0kfCUsViOamwR5Q@mail.gmail.com \
--to=lucien.xin@gmail.com \
--cc=aahringo@redhat.com \
--cc=alibuda@linux.alibaba.com \
--cc=andrew.gospodarek@broadcom.com \
--cc=bcodding@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=daniel@haxx.se \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=hare@suse.de \
--cc=hepengtao@xiaomi.com \
--cc=horms@kernel.org \
--cc=illiliti@protonmail.com \
--cc=jbaron@akamai.com \
--cc=jlayton@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=mbuhl@openbsd.org \
--cc=metze@samba.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pc@manguebit.com \
--cc=sd@queasysnail.net \
--cc=smfrench@gmail.com \
--cc=steved@redhat.com \
--cc=tfanelli@redhat.com \
--cc=tom@talpey.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).