lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADvbK_dxOHmDycm1D3-Ga4YSP7E2S91SQD1bdL+u2s-f+=Bkxg@mail.gmail.com>
Date: Tue, 23 Sep 2025 11:47:05 -0400
From: Xin Long <lucien.xin@...il.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: network dev <netdev@...r.kernel.org>, quic@...ts.linux.dev, davem@...emloft.net, 
	kuba@...nel.org, Eric Dumazet <edumazet@...gle.com>, Simon Horman <horms@...nel.org>, 
	Stefan Metzmacher <metze@...ba.org>, Moritz Buhl <mbuhl@...nbsd.org>, Tyler Fanelli <tfanelli@...hat.com>, 
	Pengtao He <hepengtao@...omi.com>, linux-cifs@...r.kernel.org, 
	Steve French <smfrench@...il.com>, Namjae Jeon <linkinjeon@...nel.org>, 
	Paulo Alcantara <pc@...guebit.com>, Tom Talpey <tom@...pey.com>, kernel-tls-handshake@...ts.linux.dev, 
	Chuck Lever <chuck.lever@...cle.com>, Jeff Layton <jlayton@...nel.org>, 
	Benjamin Coddington <bcodding@...hat.com>, Steve Dickson <steved@...hat.com>, Hannes Reinecke <hare@...e.de>, 
	Alexander Aring <aahringo@...hat.com>, David Howells <dhowells@...hat.com>, 
	Matthieu Baerts <matttbe@...nel.org>, John Ericson <mail@...nericson.me>, 
	Cong Wang <xiyou.wangcong@...il.com>, "D . Wythe" <alibuda@...ux.alibaba.com>, 
	Jason Baron <jbaron@...mai.com>, illiliti <illiliti@...tonmail.com>, 
	Sabrina Dubroca <sd@...asysnail.net>, Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, 
	Daniel Stenberg <daniel@...x.se>, Andy Gospodarek <andrew.gospodarek@...adcom.com>
Subject: Re: [PATCH net-next v3 02/15] net: build socket infrastructure for
 QUIC protocol

On Tue, Sep 23, 2025 at 7:07 AM Paolo Abeni <pabeni@...hat.com> wrote:
>
> On 9/19/25 12:34 AM, Xin Long wrote:
> > This patch lays the groundwork for QUIC socket support in the kernel.
> > It defines the core structures and protocol hooks needed to create
> > QUIC sockets, without implementing any protocol behavior at this stage.
> >
> > Basic integration is included to allow building the module via
> > CONFIG_IP_QUIC=m.
> >
> > This provides the scaffolding necessary for adding actual QUIC socket
> > behavior in follow-up patches.
> >
> > Signed-off-by: Pengtao He <hepengtao@...omi.com>
> > Signed-off-by: Xin Long <lucien.xin@...il.com>
> > ---
> > v3:
> >   - Kconfig: add 'default n' for IP_QUIC (reported by Paolo).
> >   - quic_disconnect(): return -EOPNOTSUPP (suggested by Paolo).
> >   - quic_init/destroy_sock(): drop local_bh_disable/enable() calls (noted
> >     by Paolo).
> >   - sysctl: add alpn_demux option to en/disable ALPN-based demux.
> >   - SNMP: remove SNMP_MIB_SENTINEL, switch to
> >     snmp_get_cpu_field_batch_cnt() to align with latest net-next changes.
> > ---
> >  net/Kconfig         |   1 +
> >  net/Makefile        |   1 +
> >  net/quic/Kconfig    |  36 +++++
> >  net/quic/Makefile   |   8 +
> >  net/quic/protocol.c | 379 ++++++++++++++++++++++++++++++++++++++++++++
> >  net/quic/protocol.h |  56 +++++++
> >  net/quic/socket.c   | 207 ++++++++++++++++++++++++
> >  net/quic/socket.h   |  79 +++++++++
> >  8 files changed, 767 insertions(+)
> >  create mode 100644 net/quic/Kconfig
> >  create mode 100644 net/quic/Makefile
> >  create mode 100644 net/quic/protocol.c
> >  create mode 100644 net/quic/protocol.h
> >  create mode 100644 net/quic/socket.c
> >  create mode 100644 net/quic/socket.h
> >
> > diff --git a/net/Kconfig b/net/Kconfig
> > index d5865cf19799..1205f5b7cf59 100644
> > --- a/net/Kconfig
> > +++ b/net/Kconfig
> > @@ -249,6 +249,7 @@ source "net/bridge/netfilter/Kconfig"
> >
> >  endif # if NETFILTER
> >
> > +source "net/quic/Kconfig"
> >  source "net/sctp/Kconfig"
> >  source "net/rds/Kconfig"
> >  source "net/tipc/Kconfig"
> > diff --git a/net/Makefile b/net/Makefile
> > index aac960c41db6..7c6de28e9aa5 100644
> > --- a/net/Makefile
> > +++ b/net/Makefile
> > @@ -42,6 +42,7 @@ obj-$(CONFIG_PHONET)                += phonet/
> >  ifneq ($(CONFIG_VLAN_8021Q),)
> >  obj-y                                += 8021q/
> >  endif
> > +obj-$(CONFIG_IP_QUIC)                += quic/
> >  obj-$(CONFIG_IP_SCTP)                += sctp/
> >  obj-$(CONFIG_RDS)            += rds/
> >  obj-$(CONFIG_WIRELESS)               += wireless/
> > diff --git a/net/quic/Kconfig b/net/quic/Kconfig
> > new file mode 100644
> > index 000000000000..1f10a452b3a1
> > --- /dev/null
> > +++ b/net/quic/Kconfig
> > @@ -0,0 +1,36 @@
> > +# SPDX-License-Identifier: GPL-2.0-or-later
> > +#
> > +# QUIC configuration
> > +#
> > +
> > +menuconfig IP_QUIC
> > +     tristate "QUIC: A UDP-Based Multiplexed and Secure Transport (Experimental)"
> > +     depends on INET
> > +     depends on IPV6
> > +     select CRYPTO
> > +     select CRYPTO_HMAC
> > +     select CRYPTO_HKDF
> > +     select CRYPTO_AES
> > +     select CRYPTO_GCM
> > +     select CRYPTO_CCM
> > +     select CRYPTO_CHACHA20POLY1305
> > +     select NET_UDP_TUNNEL
> > +     default n
> > +     help
> > +       QUIC: A UDP-Based Multiplexed and Secure Transport
> > +
> > +       From rfc9000 <https://www.rfc-editor.org/rfc/rfc9000.html>.
> > +
> > +       QUIC provides applications with flow-controlled streams for structured
> > +       communication, low-latency connection establishment, and network path
> > +       migration.  QUIC includes security measures that ensure
> > +       confidentiality, integrity, and availability in a range of deployment
> > +       circumstances.  Accompanying documents describe the integration of
> > +       TLS for key negotiation, loss detection, and an exemplary congestion
> > +       control algorithm.
> > +
> > +       To compile this protocol support as a module, choose M here: the
> > +       module will be called quic. Debug messages are handled by the
> > +       kernel's dynamic debugging framework.
> > +
> > +       If in doubt, say N.
> > diff --git a/net/quic/Makefile b/net/quic/Makefile
> > new file mode 100644
> > index 000000000000..020e4dd133d8
> > --- /dev/null
> > +++ b/net/quic/Makefile
> > @@ -0,0 +1,8 @@
> > +# SPDX-License-Identifier: GPL-2.0-or-later
> > +#
> > +# Makefile for QUIC support code.
> > +#
> > +
> > +obj-$(CONFIG_IP_QUIC) += quic.o
> > +
> > +quic-y := protocol.o socket.o
> > diff --git a/net/quic/protocol.c b/net/quic/protocol.c
> > new file mode 100644
> > index 000000000000..f79f43f0c17f
> > --- /dev/null
> > +++ b/net/quic/protocol.c
> > @@ -0,0 +1,379 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/* QUIC kernel implementation
> > + * (C) Copyright Red Hat Corp. 2023
> > + *
> > + * This file is part of the QUIC kernel implementation
> > + *
> > + * Initialization/cleanup for QUIC protocol support.
> > + *
> > + * Written or modified by:
> > + *    Xin Long <lucien.xin@...il.com>
> > + */
> > +
> > +#include <net/inet_common.h>
> > +#include <linux/proc_fs.h>
> > +#include <net/protocol.h>
> > +#include <net/rps.h>
> > +#include <net/tls.h>
> > +
> > +#include "socket.h"
> > +
> > +static unsigned int quic_net_id __read_mostly;
> > +
> > +struct percpu_counter quic_sockets_allocated;
> > +
> > +long sysctl_quic_mem[3];
> > +int sysctl_quic_rmem[3];
> > +int sysctl_quic_wmem[3];
> > +int sysctl_quic_alpn_demux;
> > +
> > +static int quic_inet_connect(struct socket *sock, struct sockaddr *addr, int addr_len, int flags)
> > +{
> > +     struct sock *sk = sock->sk;
> > +     const struct proto *prot;
> > +
> > +     if (addr_len < (int)sizeof(addr->sa_family))
> > +             return -EINVAL;
> > +
> > +     prot = READ_ONCE(sk->sk_prot);
>
> Is the above _ONCE() annotation for ADDRFORM's sake? If so it should not
> be needed (only UDP and TCP sockets are affected).
I will delete it.

>
> > diff --git a/net/quic/socket.h b/net/quic/socket.h
> > new file mode 100644
> > index 000000000000..ded8eb2e6a9c
> > --- /dev/null
> > +++ b/net/quic/socket.h
> > @@ -0,0 +1,79 @@
> > +/* SPDX-License-Identifier: GPL-2.0-or-later */
> > +/* QUIC kernel implementation
> > + * (C) Copyright Red Hat Corp. 2023
> > + *
> > + * This file is part of the QUIC kernel implementation
> > + *
> > + * Written or modified by:
> > + *    Xin Long <lucien.xin@...il.com>
> > + */
> > +
> > +#include <net/udp_tunnel.h>
> > +
> > +#include "protocol.h"
> > +
> > +extern struct proto quic_prot;
> > +extern struct proto quicv6_prot;
> > +
> > +enum quic_state {
> > +     QUIC_SS_CLOSED          = TCP_CLOSE,
> > +     QUIC_SS_LISTENING       = TCP_LISTEN,
> > +     QUIC_SS_ESTABLISHING    = TCP_SYN_RECV,
> > +     QUIC_SS_ESTABLISHED     = TCP_ESTABLISHED,
> > +};
>
> Any special reason to define protocol-specific states? I guess you could
> re-use the TCP ones, as other protocols already do.
>
I know TIPC and SCTP define the states like this:

enum {
        TIPC_LISTEN = TCP_LISTEN,
        TIPC_ESTABLISHED = TCP_ESTABLISHED,
        TIPC_OPEN = TCP_CLOSE,
        TIPC_DISCONNECTING = TCP_CLOSE_WAIT,
        TIPC_CONNECTING = TCP_SYN_SENT,
};

and

enum sctp_sock_state {
        SCTP_SS_CLOSED         = TCP_CLOSE,
        SCTP_SS_LISTENING      = TCP_LISTEN,
        SCTP_SS_ESTABLISHING   = TCP_SYN_SENT,
        SCTP_SS_ESTABLISHED    = TCP_ESTABLISHED,
        SCTP_SS_CLOSING        = TCP_CLOSE_WAIT,
};

It should be fine to keep as is, or you have more and better
examples from other protocols.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ