196 lines
9.6 KiB
Go
196 lines
9.6 KiB
Go
package protocol
|
|
|
|
import "time"
|
|
|
|
// DesiredReceiveBufferSize is the kernel UDP receive buffer size that we'd like to use.
|
|
const DesiredReceiveBufferSize = (1 << 20) * 2 // 2 MB
|
|
|
|
// InitialPacketSizeIPv4 is the maximum packet size that we use for sending IPv4 packets.
|
|
const InitialPacketSizeIPv4 = 1252
|
|
|
|
// InitialPacketSizeIPv6 is the maximum packet size that we use for sending IPv6 packets.
|
|
const InitialPacketSizeIPv6 = 1232
|
|
|
|
// MaxCongestionWindowPackets is the maximum congestion window in packet.
|
|
const MaxCongestionWindowPackets = 10000
|
|
|
|
// MaxUndecryptablePackets limits the number of undecryptable packets that are queued in the session.
|
|
const MaxUndecryptablePackets = 32
|
|
|
|
// ConnectionFlowControlMultiplier determines how much larger the connection flow control windows needs to be relative to any stream's flow control window
|
|
// This is the value that Chromium is using
|
|
const ConnectionFlowControlMultiplier = 1.5
|
|
|
|
// DefaultInitialMaxStreamData is the default initial stream-level flow control window for receiving data
|
|
const DefaultInitialMaxStreamData = (1 << 10) * 512 // 512 kb
|
|
|
|
// DefaultInitialMaxData is the connection-level flow control window for receiving data
|
|
const DefaultInitialMaxData = ConnectionFlowControlMultiplier * DefaultInitialMaxStreamData
|
|
|
|
// DefaultMaxReceiveStreamFlowControlWindow is the default maximum stream-level flow control window for receiving data
|
|
const DefaultMaxReceiveStreamFlowControlWindow = 6 * (1 << 20) // 6 MB
|
|
|
|
// DefaultMaxReceiveConnectionFlowControlWindow is the default connection-level flow control window for receiving data
|
|
const DefaultMaxReceiveConnectionFlowControlWindow = 15 * (1 << 20) // 15 MB
|
|
|
|
// WindowUpdateThreshold is the fraction of the receive window that has to be consumed before an higher offset is advertised to the client
|
|
const WindowUpdateThreshold = 0.25
|
|
|
|
// DefaultMaxIncomingStreams is the maximum number of streams that a peer may open
|
|
const DefaultMaxIncomingStreams = 100
|
|
|
|
// DefaultMaxIncomingUniStreams is the maximum number of unidirectional streams that a peer may open
|
|
const DefaultMaxIncomingUniStreams = 100
|
|
|
|
// MaxServerUnprocessedPackets is the max number of packets stored in the server that are not yet processed.
|
|
const MaxServerUnprocessedPackets = 1024
|
|
|
|
// MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed.
|
|
const MaxSessionUnprocessedPackets = 256
|
|
|
|
// SkipPacketInitialPeriod is the initial period length used for packet number skipping to prevent an Optimistic ACK attack.
|
|
// Every time a packet number is skipped, the period is doubled, up to SkipPacketMaxPeriod.
|
|
const SkipPacketInitialPeriod PacketNumber = 256
|
|
|
|
// SkipPacketMaxPeriod is the maximum period length used for packet number skipping.
|
|
const SkipPacketMaxPeriod PacketNumber = 128 * 1024
|
|
|
|
// MaxAcceptQueueSize is the maximum number of sessions that the server queues for accepting.
|
|
// If the queue is full, new connection attempts will be rejected.
|
|
const MaxAcceptQueueSize = 32
|
|
|
|
// TokenValidity is the duration that a (non-retry) token is considered valid
|
|
const TokenValidity = 24 * time.Hour
|
|
|
|
// RetryTokenValidity is the duration that a retry token is considered valid
|
|
const RetryTokenValidity = 10 * time.Second
|
|
|
|
// MaxOutstandingSentPackets is maximum number of packets saved for retransmission.
|
|
// When reached, it imposes a soft limit on sending new packets:
|
|
// Sending ACKs and retransmission is still allowed, but now new regular packets can be sent.
|
|
const MaxOutstandingSentPackets = 2 * MaxCongestionWindowPackets
|
|
|
|
// MaxTrackedSentPackets is maximum number of sent packets saved for retransmission.
|
|
// When reached, no more packets will be sent.
|
|
// This value *must* be larger than MaxOutstandingSentPackets.
|
|
const MaxTrackedSentPackets = MaxOutstandingSentPackets * 5 / 4
|
|
|
|
// MaxNonAckElicitingAcks is the maximum number of packets containing an ACK,
|
|
// but no ack-eliciting frames, that we send in a row
|
|
const MaxNonAckElicitingAcks = 19
|
|
|
|
// MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames
|
|
// prevents DoS attacks against the streamFrameSorter
|
|
const MaxStreamFrameSorterGaps = 1000
|
|
|
|
// MinStreamFrameBufferSize is the minimum data length of a received STREAM frame
|
|
// that we use the buffer for. This protects against a DoS where an attacker would send us
|
|
// very small STREAM frames to consume a lot of memory.
|
|
const MinStreamFrameBufferSize = 128
|
|
|
|
// MinCoalescedPacketSize is the minimum size of a coalesced packet that we pack.
|
|
// If a packet has less than this number of bytes, we won't coalesce any more packets onto it.
|
|
const MinCoalescedPacketSize = 128
|
|
|
|
// MaxCryptoStreamOffset is the maximum offset allowed on any of the crypto streams.
|
|
// This limits the size of the ClientHello and Certificates that can be received.
|
|
const MaxCryptoStreamOffset = 16 * (1 << 10)
|
|
|
|
// MinRemoteIdleTimeout is the minimum value that we accept for the remote idle timeout
|
|
const MinRemoteIdleTimeout = 5 * time.Second
|
|
|
|
// DefaultIdleTimeout is the default idle timeout
|
|
const DefaultIdleTimeout = 30 * time.Second
|
|
|
|
// DefaultHandshakeIdleTimeout is the default idle timeout used before handshake completion.
|
|
const DefaultHandshakeIdleTimeout = 5 * time.Second
|
|
|
|
// DefaultHandshakeTimeout is the default timeout for a connection until the crypto handshake succeeds.
|
|
const DefaultHandshakeTimeout = 10 * time.Second
|
|
|
|
// MaxKeepAliveInterval is the maximum time until we send a packet to keep a connection alive.
|
|
// It should be shorter than the time that NATs clear their mapping.
|
|
const MaxKeepAliveInterval = 20 * time.Second
|
|
|
|
// RetiredConnectionIDDeleteTimeout is the time we keep closed sessions around in order to retransmit the CONNECTION_CLOSE.
|
|
// after this time all information about the old connection will be deleted
|
|
const RetiredConnectionIDDeleteTimeout = 5 * time.Second
|
|
|
|
// MinStreamFrameSize is the minimum size that has to be left in a packet, so that we add another STREAM frame.
|
|
// This avoids splitting up STREAM frames into small pieces, which has 2 advantages:
|
|
// 1. it reduces the framing overhead
|
|
// 2. it reduces the head-of-line blocking, when a packet is lost
|
|
const MinStreamFrameSize ByteCount = 128
|
|
|
|
// MaxPostHandshakeCryptoFrameSize is the maximum size of CRYPTO frames
|
|
// we send after the handshake completes.
|
|
const MaxPostHandshakeCryptoFrameSize = 1000
|
|
|
|
// MaxAckFrameSize is the maximum size for an ACK frame that we write
|
|
// Due to the varint encoding, ACK frames can grow (almost) indefinitely large.
|
|
// The MaxAckFrameSize should be large enough to encode many ACK range,
|
|
// but must ensure that a maximum size ACK frame fits into one packet.
|
|
const MaxAckFrameSize ByteCount = 1000
|
|
|
|
// DefaultMaxDatagramFrameSize is the maximum size of a DATAGRAM frame as defined in
|
|
// https://datatracker.ietf.org/doc/draft-pauly-quic-datagram/.
|
|
// The size is chosen such that a DATAGRAM frame fits into a QUIC packet.
|
|
const DefaultMaxDatagramFrameSize ByteCount = 1220
|
|
|
|
// DatagramRcvQueueLen is the length of the receive queue for DATAGRAM frames.
|
|
// See https://datatracker.ietf.org/doc/draft-pauly-quic-datagram/.
|
|
const DatagramRcvQueueLen = 128
|
|
|
|
// MaxNumAckRanges is the maximum number of ACK ranges that we send in an ACK frame.
|
|
// It also serves as a limit for the packet history.
|
|
// If at any point we keep track of more ranges, old ranges are discarded.
|
|
const MaxNumAckRanges = 32
|
|
|
|
// MinPacingDelay is the minimum duration that is used for packet pacing
|
|
// If the packet packing frequency is higher, multiple packets might be sent at once.
|
|
// Example: For a packet pacing delay of 200μs, we would send 5 packets at once, wait for 1ms, and so forth.
|
|
const MinPacingDelay = time.Millisecond
|
|
|
|
// DefaultConnectionIDLength is the connection ID length that is used for multiplexed connections
|
|
// if no other value is configured.
|
|
const DefaultConnectionIDLength = 4
|
|
|
|
// MaxActiveConnectionIDs is the number of connection IDs that we're storing.
|
|
const MaxActiveConnectionIDs = 4
|
|
|
|
// MaxIssuedConnectionIDs is the maximum number of connection IDs that we're issuing at the same time.
|
|
const MaxIssuedConnectionIDs = 6
|
|
|
|
// PacketsPerConnectionID is the number of packets we send using one connection ID.
|
|
// If the peer provices us with enough new connection IDs, we switch to a new connection ID.
|
|
const PacketsPerConnectionID = 10000
|
|
|
|
// AckDelayExponent is the ack delay exponent used when sending ACKs.
|
|
const AckDelayExponent = 3
|
|
|
|
// Estimated timer granularity.
|
|
// The loss detection timer will not be set to a value smaller than granularity.
|
|
const TimerGranularity = time.Millisecond
|
|
|
|
// MaxAckDelay is the maximum time by which we delay sending ACKs.
|
|
const MaxAckDelay = 25 * time.Millisecond
|
|
|
|
// MaxAckDelayInclGranularity is the max_ack_delay including the timer granularity.
|
|
// This is the value that should be advertised to the peer.
|
|
const MaxAckDelayInclGranularity = MaxAckDelay + TimerGranularity
|
|
|
|
// KeyUpdateInterval is the maximum number of packets we send or receive before initiating a key update.
|
|
const KeyUpdateInterval = 100 * 1000
|
|
|
|
// Max0RTTQueueingDuration is the maximum time that we store 0-RTT packets in order to wait for the corresponding Initial to be received.
|
|
const Max0RTTQueueingDuration = 100 * time.Millisecond
|
|
|
|
// Max0RTTQueues is the maximum number of connections that we buffer 0-RTT packets for.
|
|
const Max0RTTQueues = 32
|
|
|
|
// Max0RTTQueueLen is the maximum number of 0-RTT packets that we buffer for each connection.
|
|
// When a new session is created, all buffered packets are passed to the session immediately.
|
|
// To avoid blocking, this value has to be smaller than MaxSessionUnprocessedPackets.
|
|
// To avoid packets being dropped as undecryptable by the session, this value has to be smaller than MaxUndecryptablePackets.
|
|
const Max0RTTQueueLen = 31
|