On the Internet, speed and security are eternal pursuits. How powerful is the QUIC protocol written in Rust?

Hello everyone, I am a fisherman.

Today we are sharing the topic of Cloudflare's open source Quiche as an implementation of QUIC and HTTP/3. It provides the underlying API for processing QUIC packets and connection state management, allowing developers to integrate QUIC and HTTP/3 functions into their applications.

What is Quiche

Quiche is an open source project developed by Cloudflare. It is an implementation of the QUIC protocol written in Rust.

QUIC is a new network transmission protocol developed by Google to improve the security and performance of network traffic. The QUIC protocol is encrypted by default to reduce latency in data transmission and provide faster connection establishment time.

Features of Quiche

• Minimal and intuitive API: quiche has designed a simple and intuitive API that allows applications to easily integrate the QUIC protocol while keeping control over the underlying complexity.
• Compatibility with existing technologies: Quiche is able to integrate with existing network stacks and cryptographic libraries (such as BoringSSL enabled by default), which allows it to be embedded into different network applications, including Cloudflare's own services.
• Performance and security: Using Rust's ring library, quiche implements fast and secure cryptographic primitives, which are critical to the performance of the QUIC protocol.
• ffi: Builds a C language FFI API to facilitate integration of quiche in C/C++ programs.
• qlog: Enable qlog log format support for network protocol analysis.

Who uses Quiche?

• Cloudflare: Quiche powers HTTP/3 support on Cloudflare's edge network.
• Android: Android's DNS resolver implements DNS over HTTP/3 using Quiche.
• curl: Quiche can be integrated into curl to provide support for HTTP/3.
• NGINX (unofficial): Quiche can be integrated into NGINX to provide support for HTTP/3 using an unofficial patch.

Quiche Current and Future

Although Quiche is a newer QUIC implementation, it is already able to interoperate with other more mature implementations and demonstrates many of the features of QUIC. Both Quiche and QUIC itself are still being improved. As QUIC is more widely deployed on the Internet, bugs will continue to be discovered and fixed, new features will be implemented, and learning and progress will be made in practice. Stay tuned.

Getting Started

The first step in establishing a QUIC connection using quiche is to create a Config object:

 let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION)?; config.set_application_protos(&[b"example-proto"]);

The Config object controls important aspects of the QUIC connection, such as the QUIC version, ALPN ID, flow control, congestion control, idle timeout, and other properties or features. Config also holds the TLS configuration. This can be changed via mutators on an existing object, or by manually building a TLS context and using with_boring_ssl_ctx_builder(). Configuration objects can be shared between multiple connections.

Connection Settings

On the client side, the connect() utility function can be used to create a new connection, while accept() is used on the server side:

 // Client connection. let conn = quiche::connect(Some(&server_name), &scid, local, peer, &mut config)?; // Server connection. let conn = quiche::accept(&scid, None, local, peer, &mut config)?;

In both cases, the application is responsible for generating a new source connection ID, which will be used to identify the new connection.

The application also needs to pass the address of the remote peer of the connection: for the client, this is the address of the server it is trying to connect to, for the server, this is the address of the client initiating the connection.

Processing incoming packets

Using the recv() method of a connection, you can process incoming packets from the network belonging to that connection:

 let to = socket.local_addr().unwrap(); loop { let (read, from) = socket.recv_from(&mut buf).unwrap(); let recv_info = quiche::RecvInfo { from, to }; let read = match conn.recv(&mut buf[..read], recv_info) { Ok(v) => v, Err(quiche::Error::Done) => { // Done reading. break; }, Err(e) => { // An error occurred, handle it. break; }, }; }

Generate outgoing packets

Outgoing packets are generated using the connection's send() method.

 loop { let (write, send_info) = match conn.send(&mut out) { Ok(v) => v, Err(quiche::Error::Done) => { // Done writing. break; }, Err(e) => { // An error occurred, handle it. break; }, }; socket.send_to(&out[..write], &send_info.to).unwrap(); }

When sending packets, the application is responsible for maintaining a timer to react to time-based connection events. The timer expiration time can be obtained using the connection's timeout() method.

 let timeout = conn.timeout();

The application is responsible for providing a timer implementation, which can be specific to the operating system or network framework being used. When the timer expires, the on_timeout() method of the connection should be called, after which additional packets may need to be sent over the network.

 // Timeout expired, handle it. conn.on_timeout(); // Send more packets as needed after timeout. loop { let (write, send_info) = match conn.send(&mut out) { Ok(v) => v, Err(quiche::Error::Done) => { // Done writing. break; }, Err(e) => { // An error occurred, handle it. break; }, }; socket.send_to(&out[..write], &send_info.to).unwrap(); }

For more usage, you can go to the official website to check the rich documentation.