lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ada89946-b0c2-4679-9918-1c89cf2be0c6@redhat.com>
Date: Thu, 25 Sep 2025 17:53:18 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>, quic@...ts.linux.dev,
 davem@...emloft.net, kuba@...nel.org, Eric Dumazet <edumazet@...gle.com>,
 Simon Horman <horms@...nel.org>, Stefan Metzmacher <metze@...ba.org>,
 Moritz Buhl <mbuhl@...nbsd.org>, Tyler Fanelli <tfanelli@...hat.com>,
 Pengtao He <hepengtao@...omi.com>, linux-cifs@...r.kernel.org,
 Steve French <smfrench@...il.com>, Namjae Jeon <linkinjeon@...nel.org>,
 Paulo Alcantara <pc@...guebit.com>, Tom Talpey <tom@...pey.com>,
 kernel-tls-handshake@...ts.linux.dev, Chuck Lever <chuck.lever@...cle.com>,
 Jeff Layton <jlayton@...nel.org>, Benjamin Coddington <bcodding@...hat.com>,
 Steve Dickson <steved@...hat.com>, Hannes Reinecke <hare@...e.de>,
 Alexander Aring <aahringo@...hat.com>, David Howells <dhowells@...hat.com>,
 Matthieu Baerts <matttbe@...nel.org>, John Ericson <mail@...nericson.me>,
 Cong Wang <xiyou.wangcong@...il.com>, "D . Wythe"
 <alibuda@...ux.alibaba.com>, Jason Baron <jbaron@...mai.com>,
 illiliti <illiliti@...tonmail.com>, Sabrina Dubroca <sd@...asysnail.net>,
 Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
 Daniel Stenberg <daniel@...x.se>,
 Andy Gospodarek <andrew.gospodarek@...adcom.com>
Subject: Re: [PATCH net-next v3 02/15] net: build socket infrastructure for
 QUIC protocol

On 9/23/25 5:47 PM, Xin Long wrote:
> On Tue, Sep 23, 2025 at 7:07 AM Paolo Abeni <pabeni@...hat.com> wrote:
>>
>> On 9/19/25 12:34 AM, Xin Long wrote:
>>> This patch lays the groundwork for QUIC socket support in the kernel.
>>> It defines the core structures and protocol hooks needed to create
>>> QUIC sockets, without implementing any protocol behavior at this stage.
>>>
>>> Basic integration is included to allow building the module via
>>> CONFIG_IP_QUIC=m.
>>>
>>> This provides the scaffolding necessary for adding actual QUIC socket
>>> behavior in follow-up patches.
>>>
>>> Signed-off-by: Pengtao He <hepengtao@...omi.com>
>>> Signed-off-by: Xin Long <lucien.xin@...il.com>
>>> ---
>>> v3:
>>>   - Kconfig: add 'default n' for IP_QUIC (reported by Paolo).
>>>   - quic_disconnect(): return -EOPNOTSUPP (suggested by Paolo).
>>>   - quic_init/destroy_sock(): drop local_bh_disable/enable() calls (noted
>>>     by Paolo).
>>>   - sysctl: add alpn_demux option to en/disable ALPN-based demux.
>>>   - SNMP: remove SNMP_MIB_SENTINEL, switch to
>>>     snmp_get_cpu_field_batch_cnt() to align with latest net-next changes.
>>> ---
>>>  net/Kconfig         |   1 +
>>>  net/Makefile        |   1 +
>>>  net/quic/Kconfig    |  36 +++++
>>>  net/quic/Makefile   |   8 +
>>>  net/quic/protocol.c | 379 ++++++++++++++++++++++++++++++++++++++++++++
>>>  net/quic/protocol.h |  56 +++++++
>>>  net/quic/socket.c   | 207 ++++++++++++++++++++++++
>>>  net/quic/socket.h   |  79 +++++++++
>>>  8 files changed, 767 insertions(+)
>>>  create mode 100644 net/quic/Kconfig
>>>  create mode 100644 net/quic/Makefile
>>>  create mode 100644 net/quic/protocol.c
>>>  create mode 100644 net/quic/protocol.h
>>>  create mode 100644 net/quic/socket.c
>>>  create mode 100644 net/quic/socket.h
>>>
>>> diff --git a/net/Kconfig b/net/Kconfig
>>> index d5865cf19799..1205f5b7cf59 100644
>>> --- a/net/Kconfig
>>> +++ b/net/Kconfig
>>> @@ -249,6 +249,7 @@ source "net/bridge/netfilter/Kconfig"
>>>
>>>  endif # if NETFILTER
>>>
>>> +source "net/quic/Kconfig"
>>>  source "net/sctp/Kconfig"
>>>  source "net/rds/Kconfig"
>>>  source "net/tipc/Kconfig"
>>> diff --git a/net/Makefile b/net/Makefile
>>> index aac960c41db6..7c6de28e9aa5 100644
>>> --- a/net/Makefile
>>> +++ b/net/Makefile
>>> @@ -42,6 +42,7 @@ obj-$(CONFIG_PHONET)                += phonet/
>>>  ifneq ($(CONFIG_VLAN_8021Q),)
>>>  obj-y                                += 8021q/
>>>  endif
>>> +obj-$(CONFIG_IP_QUIC)                += quic/
>>>  obj-$(CONFIG_IP_SCTP)                += sctp/
>>>  obj-$(CONFIG_RDS)            += rds/
>>>  obj-$(CONFIG_WIRELESS)               += wireless/
>>> diff --git a/net/quic/Kconfig b/net/quic/Kconfig
>>> new file mode 100644
>>> index 000000000000..1f10a452b3a1
>>> --- /dev/null
>>> +++ b/net/quic/Kconfig
>>> @@ -0,0 +1,36 @@
>>> +# SPDX-License-Identifier: GPL-2.0-or-later
>>> +#
>>> +# QUIC configuration
>>> +#
>>> +
>>> +menuconfig IP_QUIC
>>> +     tristate "QUIC: A UDP-Based Multiplexed and Secure Transport (Experimental)"
>>> +     depends on INET
>>> +     depends on IPV6
>>> +     select CRYPTO
>>> +     select CRYPTO_HMAC
>>> +     select CRYPTO_HKDF
>>> +     select CRYPTO_AES
>>> +     select CRYPTO_GCM
>>> +     select CRYPTO_CCM
>>> +     select CRYPTO_CHACHA20POLY1305
>>> +     select NET_UDP_TUNNEL
>>> +     default n
>>> +     help
>>> +       QUIC: A UDP-Based Multiplexed and Secure Transport
>>> +
>>> +       From rfc9000 <https://www.rfc-editor.org/rfc/rfc9000.html>.
>>> +
>>> +       QUIC provides applications with flow-controlled streams for structured
>>> +       communication, low-latency connection establishment, and network path
>>> +       migration.  QUIC includes security measures that ensure
>>> +       confidentiality, integrity, and availability in a range of deployment
>>> +       circumstances.  Accompanying documents describe the integration of
>>> +       TLS for key negotiation, loss detection, and an exemplary congestion
>>> +       control algorithm.
>>> +
>>> +       To compile this protocol support as a module, choose M here: the
>>> +       module will be called quic. Debug messages are handled by the
>>> +       kernel's dynamic debugging framework.
>>> +
>>> +       If in doubt, say N.
>>> diff --git a/net/quic/Makefile b/net/quic/Makefile
>>> new file mode 100644
>>> index 000000000000..020e4dd133d8
>>> --- /dev/null
>>> +++ b/net/quic/Makefile
>>> @@ -0,0 +1,8 @@
>>> +# SPDX-License-Identifier: GPL-2.0-or-later
>>> +#
>>> +# Makefile for QUIC support code.
>>> +#
>>> +
>>> +obj-$(CONFIG_IP_QUIC) += quic.o
>>> +
>>> +quic-y := protocol.o socket.o
>>> diff --git a/net/quic/protocol.c b/net/quic/protocol.c
>>> new file mode 100644
>>> index 000000000000..f79f43f0c17f
>>> --- /dev/null
>>> +++ b/net/quic/protocol.c
>>> @@ -0,0 +1,379 @@
>>> +// SPDX-License-Identifier: GPL-2.0-or-later
>>> +/* QUIC kernel implementation
>>> + * (C) Copyright Red Hat Corp. 2023
>>> + *
>>> + * This file is part of the QUIC kernel implementation
>>> + *
>>> + * Initialization/cleanup for QUIC protocol support.
>>> + *
>>> + * Written or modified by:
>>> + *    Xin Long <lucien.xin@...il.com>
>>> + */
>>> +
>>> +#include <net/inet_common.h>
>>> +#include <linux/proc_fs.h>
>>> +#include <net/protocol.h>
>>> +#include <net/rps.h>
>>> +#include <net/tls.h>
>>> +
>>> +#include "socket.h"
>>> +
>>> +static unsigned int quic_net_id __read_mostly;
>>> +
>>> +struct percpu_counter quic_sockets_allocated;
>>> +
>>> +long sysctl_quic_mem[3];
>>> +int sysctl_quic_rmem[3];
>>> +int sysctl_quic_wmem[3];
>>> +int sysctl_quic_alpn_demux;
>>> +
>>> +static int quic_inet_connect(struct socket *sock, struct sockaddr *addr, int addr_len, int flags)
>>> +{
>>> +     struct sock *sk = sock->sk;
>>> +     const struct proto *prot;
>>> +
>>> +     if (addr_len < (int)sizeof(addr->sa_family))
>>> +             return -EINVAL;
>>> +
>>> +     prot = READ_ONCE(sk->sk_prot);
>>
>> Is the above _ONCE() annotation for ADDRFORM's sake? If so it should not
>> be needed (only UDP and TCP sockets are affected).
> I will delete it.
> 
>>
>>> diff --git a/net/quic/socket.h b/net/quic/socket.h
>>> new file mode 100644
>>> index 000000000000..ded8eb2e6a9c
>>> --- /dev/null
>>> +++ b/net/quic/socket.h
>>> @@ -0,0 +1,79 @@
>>> +/* SPDX-License-Identifier: GPL-2.0-or-later */
>>> +/* QUIC kernel implementation
>>> + * (C) Copyright Red Hat Corp. 2023
>>> + *
>>> + * This file is part of the QUIC kernel implementation
>>> + *
>>> + * Written or modified by:
>>> + *    Xin Long <lucien.xin@...il.com>
>>> + */
>>> +
>>> +#include <net/udp_tunnel.h>
>>> +
>>> +#include "protocol.h"
>>> +
>>> +extern struct proto quic_prot;
>>> +extern struct proto quicv6_prot;
>>> +
>>> +enum quic_state {
>>> +     QUIC_SS_CLOSED          = TCP_CLOSE,
>>> +     QUIC_SS_LISTENING       = TCP_LISTEN,
>>> +     QUIC_SS_ESTABLISHING    = TCP_SYN_RECV,
>>> +     QUIC_SS_ESTABLISHED     = TCP_ESTABLISHED,
>>> +};
>>
>> Any special reason to define protocol-specific states? I guess you could
>> re-use the TCP ones, as other protocols already do.
>>
> I know TIPC and SCTP define the states like this:
> 
> enum {
>         TIPC_LISTEN = TCP_LISTEN,
>         TIPC_ESTABLISHED = TCP_ESTABLISHED,
>         TIPC_OPEN = TCP_CLOSE,
>         TIPC_DISCONNECTING = TCP_CLOSE_WAIT,
>         TIPC_CONNECTING = TCP_SYN_SENT,
> };
> 
> and
> 
> enum sctp_sock_state {
>         SCTP_SS_CLOSED         = TCP_CLOSE,
>         SCTP_SS_LISTENING      = TCP_LISTEN,
>         SCTP_SS_ESTABLISHING   = TCP_SYN_SENT,
>         SCTP_SS_ESTABLISHED    = TCP_ESTABLISHED,
>         SCTP_SS_CLOSING        = TCP_CLOSE_WAIT,
> };
> 
> It should be fine to keep as is, or you have more and better
> examples from other protocols.

IMHO the cost/benfit ratio to re-define the socket state value is in not
enough to justify the additional LoC. I guess it's subjective, but the
patch series is big and anything shrinking it is IMHO a good thing.

/P

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ