The HTTP/3 layer will involve use of nghttp3 and an additional set of specializations for the native QuicSession/QuicClientSession/QuicServerSession/QuicStream classes. Work on this will begin in early September.

This repo is dedicated to working on a QUIC implementation for Node.js core. I am still getting the fundamentals pulled together so won't be landing any PRs yet, but wanted to at least get things bootstrapped.

I will be creating a quic team. Please comment here if you'd like to be included on that.

There are several prerequisites that need to be looked at before we can really get moving:

1. Integrating ngtcp2 for all supported Node.js platforms
2. Our version of OpenSSL needs modifications to support QUIC. We would need to float those changes as it's not clear if they can be merged upstream. It's also not yet clear if those changes would affect non-QUIC OpenSSL uses. Will be investigating. QUIC requires TLS 1.3.
3. The existing UDPWrap needs to be modified to allow it to more easily be used directly from the native side, including writing and reading data.

Please add any additional thoughts you may have to this thread.

Ok, so the implementation is in a state where things are basically working but there is still a ton of work to do in order to get it complete. There's one major PR that I'll get landed later on today. The next big piece will be nailing down the implementation of QuicBuffer so the data flow from JS to C++ and back, with as little memcpy'ing as possible, works and is as efficient as possible. I have a few other things to work on over the next couple of days but I'll be working sporadically on the QuicBuffer implementation over the coming days and would love input on it.

The basic break down is this:

QuicSocket wraps the uv_udp_t handle and deals with sending packets. Unlike traditional UDP, QUIC includes error handling that requires packets to be re-transmitted until they are acknowledged by the peer. This means we cannot simply fire and forget a uv_buf_t and free it when the libuv callback is triggered. We have to keep the ub_buf_t around until ngtcp2 receives and processes the acknowledgement.

Data is sent at multiple places: 1) by QuicSocket itselr (e.g. version negotiation, close, errors, etc) ... 2) by QuicSession (and the QuicServerSession and QuicClientSession specializations) during TLS handshake and regular stream management, and 3) by QuicStream.

There are multiple data buffers at play. TLS handshake has it's own outgoing buffer, every QuicStream has it's own outgoing buffer. There are several places in the code where more transient buffers are used. It's fairly complicated but the bottom-line is that we cannot free buffers as soon as the libuv callback is triggered because we may need to retransmit those multiple times.

The current QuicBuffer implementation is modeled after the example code in ngtcp2, and it works reasonably well for what it does right now but it does not really do what we need it to do, particularly with regards to proper Stream API support callbacks when we can actually free data. It also depends heavily on memcpy at several places making it quite inefficient. It needs a better implementation.

It will likely be a few days before I can really dig in but I would love to open this bit up to others who may have some good ideas on how to handle the data flow here (ahem, @addaleax :-D .. since I love what you did with http2's internal data flow).

If someone wanted to start poking around with those bits, I'm happy to answer questions or help point in the right direction :-)

QuicSession::HandleError needs to be revisited. On Ubuntu, it can randomly segfault. Reason is not immediately obvious.

Within the past week or so, ngtcp2 updated to use a new version of the patched openssl library with a whole new set of APIs based on Boring (details here: openssl/openssl#8797).

These represent what will ultimately be the official openssl APIs so we need to switch. Unfortunately, the implementation appears to be based on Openssl 3 so it's going to need to be backported with floated patches until we can upgrade to a version of OpenSSL that has these built in (the PR that adds them hasn't even landed yet so .....)

The good news is once we land this, ngtcp2 provides utility APIs that greatly reduce what we need to implement and maintain within Node.js (over half of the code in node_quic_crypto.h goes away and handshake/crypto logic becomes much easier.)

I'm investigating what we need to do to port the changes.

My current plan is to open a PR on nodejs/node adding QUIC support as experimental in early to mid September

When a QuicSession is closed with a received CONNECTION_CLOSE, make sure the connection close error code is transmitted out to the JavaScript side so the user can know why the connection was closed.

One of the long standing todos I've had is to separate the TLS Handshake logic from the QuicSession for a couple of reasons:

1. We won't know the alpn identifier until the handshake completes, so we won't really know if we're creating a HTTP3 session or a generic QUIC session

2. Separating out the handshake allows us to perform that part with less overhead... that is, committing fewer resources until the handshake is completed. This will mean the timing of the on('session') event will change.

3. Separating out the handshake allows us to experiment with alternative handshake protocols. While QUIC currently requires TLS 1.3, there is at least one other handshake pattern being looked at.

I've been putting off making the change because it's going to be fairly disruptive, but it's time to get started on it before progressing too much further on the http3 bits.

In the javascript API, alpn identifier is not being set properly in the QuicSession/QuicServerSession/QuicClientSession objects.

 const quic = require('quic');
 const s = quic.createSocket();
 const r = s.connect({alpn: 'zzz'})
 console.log(r.alpnProtocol); // undefined

An interface to send QUIC ping frames would be really handy for long lived connections. It's also common in the existing QUIC prototype libraries that exist for javascript.

QuicStream ... Implement test verifying that "A stream ID that is used out of order results in all streams of that type with lower-numbered stream IDs also being opened."

Type: test
Priority: high

Need to verify that QUIC session and crypto error codes are being handled correctly.

Older versions of g++ are unable to compile this project due to an issue with Malloc. I have not troubleshooted beyond that.

Debian Jessie (yes - unsupported by Debian) is one such example.

I'm not sure this needs to be resolved for now, just a FYI. Debian Stretch (current distribution) has no problems.

This will allow received packet headers to be intercepted and forwarded on to a separate QuicSocket instance or endpoint, allowing a Node.js instance to be used as a QUIC passthrough.

OpenSSL 1.1.1 has landed, and with it the TLS 1.3 support we need... however, there are two patches we need to bring in to make this work correctly:

• tatsuhiro-t/openssl@920a331
• tatsuhiro-t/openssl@33efa52

Just leaving this here as a heads up. I'll be bringing these in next week but need to do some other testing to make sure they don't break anything else in core.

A QuicSession is limited to a fixed maximum number of packets that may be sent. Once this number is exhausted, the connection must be torn down. We should likely handle this case in a special way that lets the user attempt to recover by quickly opening a new session if they want.

Also need to figure out how to test this.

Right now the structure of the quic exports is this:

createSocket.createSocket = createSocket;
module.exports = createSocket;

I would strongly recommend just doing module.exports = { createSocket };, as we know from experience with buffer and eventemitter that setting module.exports itself as an exported value is undesirable.

Currently, sending a fin for a QuicStream will most often require an empty stream frame. Attempt to optimize.

Unlike HTTP/2, QUIC/HTTP3 does not provide a built in priority mechanism. Instead, it relies on the application to provide prioritization. ngtcp2 essentially leaves this entirely up to us. Currently, we send data in the order streams were created, rather than in any priority order. At some point, we might look into implementing a priority queue for data that is pending to be sent.

Type: functionality/test

When the client receives a server preferred address, it needs to be validated and optionally used by the client. The basic mechanism for this is in place but needs to be fully verified and tested.

Description: session.address returns the socket's address
Direction: Client->Server on Server

console.log(clientSession.address)

{ address: '0.0.0.0', family: 'IPv4', port: 1443 }

When a connection is being migrated to a new connection, the path needs to be validated. Some of the mechanism for this is already in place. It needs to be completed and verified that it is working correctly.

Currently waiting on support for NEW_TOKEN frames to be implemented by ngtcp2. Once implemented, we need an API to allow an endpoint to explicitly use it.

Stateless reset support is going to be a bit tricky. An endpoint sends a stateless reset when it does not have access to connection state any longer, but that means we need to keep track of CIDs and their correspnding stateless reset tokens in a way that can survive a crash (which is ironic to say the least). Need to figure out how to implement this protocol feature.

QuicSocket/QuicSession ... Implement a maximum retransmission limit. Currently, a QuicSession will attempt retransmission an unlimited number of times. This should be constrained by some user-specific limit with a reasonable default. The retransmission here is used to handle loss packets.

Type: functionality/test
Priority: high

Just wanted to drop some implementation notes into this since there are some others looking at pitching in. Will be updating this as we go.

The UDP and TLS mechanisms need to happen entirely at the native layer. The implementation here is not building on the existing dgram or tls modules that exist in core. The UDP socket, TLS context, and interaction with the ngtcp2 APIs will happen entirely at the native layer.

More to come...

Just to give folks an idea of the full list of things still being worked on:

Procedural

• Convert this checklist into a project board
• Open PR on nodejs/node adding initial QUIC implementation behind the configure switch

Functional

• Build
  • Implement configure build switch to optionally enable building QUIC support
• Error Handling
  • QuicSession HandleError is broken in some scenarios. Causes a segfault. Need to investigate where and when
  • Connection timeout #39
  • Ensure proper handling and use of QUIC session and crypto error codes
  • When out of packet numbers error occurs, we may want implement a special error for this so that this case can be detected.
  • Need to figure out how to test various error edge cases (such as out of packet number errors)
• Memory
  • Fill out memory tracking
  • Use stack allocated packet buffers rather than malloced if possible
• Socket/Session/Stream Lifecycle
• Protocol
  • Ensure that retransmission is occurring properly. In general, packets are being retransmitted but dropped packets having a fairly significant cost currently. Retransmission can be more efficient and needs to be looked at in detail.
  • Ensure that path validation is occurring correctly and is tested
  • Implement ability to optionally send stateless reset. This is going to be a bit tricky. An endpoint sends a stateless reset when it does not have access to connection state any longer, but that means we need to keep track of CID's and their corresponding stateless reset tokens in way that can survive a crash. But we don't want to keep them around forever.
  • Ensure that moving to a server preferred address and migration to a new connection can actually happen simultaneously
  • Complete support for server preferred address. Upon receiving and validating a server preferred address, client should migrate to the preferred address automatically.
  • Currently, in most cases, setting stream fin requires an empty stream frame with fin bit set. See if we can optimize that further
  • Make use of final size parameter when known (at the very least, there should be a getter on the QuicStream)
  • Wait for NEW_TOKEN support to be implemented by ngtcp2
  • The basic API for sending SERVER_BUSY responses is in place but ngtcp2 does not yet fully support sending CONNECTION_CLOSE frames in Initial packets. Until that is implemented, the SERVER_BUSY implementation is disabled and the test is not yet completely implemented. (Update: I believe landing #54 will provide the necessary support for sending CONNECTION_CLOSE in an initial packet)
• Security
  • Implement various slow loris style DOS mitigations
  • Verify amplification attack mitigations
• Performance Tracking
  • Implement the JavaScript side of the perf tracking histograms
• Features
  • Implement QuicSocket proxy mode. This will allow received packet headers to be intercepted and forwarded on to a separate QuicSocket instance, allowing a Node.js instance to be used as a QUIC passthrough.

Optional/Lower Priority

• Eventually, we will want to implement support for receiving and validating ICMP packet too big messages as a mechanism for detecting failures in QUIC packet transmission due to MTU packet size.
• Determine whether we want to support zero-length connection IDs. This is optional by the specification. It's not yet clear how ngtcp2 supports zero-length connection IDs. Need to test.
• Revisit the flow control / backpressure strategy. We may want to allow multiple flow control strategies to allow performance to be tuned.
• openStream() API ... specifically, ability to specify an initial chunk of data to include when opening the stream.

Completed:

• Connection migration test is currently broken, need to verify that it's working and ensure completed implementation PR: #50
• Ensure that all C++ objects can be destroyed immediately in the current callstack without requiring nextTick or setImmediate deferral.
• Ensure application close on QuicSessions
• Ensure that close and destroy are re-entrant tolerant
• Catch out of packet numbers error. The code will do a SilentClose.
• Only prefer address validation once per connection per address? Make this configurable https://github.com/nodejs/quic/pull/48/files
• Verify that retransmissions are happening correctly. Update: regular stream retransmissions are happening as necessary but handshake is still iffy.
• Verify that STREAM_RESET and STOP_SENDING are handled appropriately
• Improve handling of configuration and transport params
• Implement exponential backoff on the sending of CONNECTION_CLOSE frames during closing period.
• Ensure that STOP_SENDING is not sent after receiving a STREAM_RESET from the peer
• Ensure that only CONNECTION_CLOSE frames are sent in the closing state, Ensure that absolutely no frames in the draining state.
• Verify how sending of version negotiation packets is handled. e.g. are they sent for 0RTT packets?
• Ensure that crypto handshake buffer protections are working
• Implement handling when valid stateless reset is received
• QUIC recommends using path maximum transmission unit discovery but libuv and Node.js currently provide no way of implementing this. We should revisit this at some point later but for now, we cannot support PMTUD.
• Determine if we want to support latency spin bit in any way? ngtcp2 currently does not expose an API for dealing with the spin bit. Nor does it expose the necessary information we need to implement it properly ourselves. Therefore, until ngtcp2 supports it, we won't support it.
• Determine how and if we ever want to support multiple QUIC protocol versions. Update: for now, we're only going to support one QUIC protocol version at a time because that's what ngtcp2 is limited to.
• Ensure that a server completely ignores invalid or unexpected frames
• alpn is absolutely required so ensure that it's always there. Error if not provided
• Verify stream commitment attack mitigations
• Avoid stream commitment attacks. Verify that implicitly opened streams do not commit resources unless data is actually sent.
• We need an API to trigger a key update
• Implementing a pool of connection IDs to make generation more efficient Determined there's no performance advantage realized by this relative to the cost of implementation
• Determine if there's any reason to expose an API for ping frames. Determine how we could ever support responses. For the time being, there's no reason for us to support PING frames directly. ngtcp2 uses them as it determines it is necessary and there are ways we can monitor the aliveness and round trip times without a dedicated ping API.
• Determine if there's any way to support extension frames with ngtcp2. ngtcp2 currently does not expose any API we can use to encode or decode extension frames. Until it does, there's nothing we can really do to support them.
• Determine whether we want to expose an API to force a QuicSession to use a new connection ID. Changing the CID is permitted by the specification, we just need to decide whether to expose an API for it. Use of such an API won't be common but there is an argument to be made about having it available for privacy/security reasons. ngtcp2 currently does not provide an API for supporting this. So until it does, there's nothing to do.
• Determine api for supporting extension transport parameters ngtcp2 currently does not support the ability to use extension transport params. So until it does, there's nothing to do.
• Verify ngtcp2 support for ECN libuv currently does not provide access to the ECN bit for UDP, making it impossible for us to support use of ECN at the current time.
• Determine whether we should allow disabling the idle timeout at all. There are many reasons why we shouldn't allow disabling it. We're not going to allow disabling the idle timeout at the current time. There are too many reasons to have it there. A user who really wants to can set the timeout to a very large value.

Need to begin a concerted effort around tests test and more tests.

Need to make a decision on how to support zero-length CIDs. This is optional by the specification but receiving endpoints should be able to handle them

The basic mechanism for SERVER_BUSY is in place but needs to be finished pending completed support for sending CONNECTION_CLOSE in an initial packet.

Retransmission is generally working as of PR #34 ... there is an issue when handshake frames are dropped, however, and there are some cases where transmissions stalls due to lost frames. Need to investigate further.

There is an intermittent segfault happening in QuicSession::Destroy when running the test-quic-serverbusy.js test in #85. Happens once every 10-15 runs. Seeing it primarily on Windows but occasionally happens on Linux. Need to investigate.

The memory tracking logic for QuicStream, QuicSession, and QuicSocket needs to be completed

Mitigations:

• Limit the number of connections per remote IP address
• Ability to manually toggle SERVER_BUSY status
• Data Rate Monitoring (via Rate & Size Histograms
• HTTP Header Reception Timeout (Http3Application and QuicStream level)) - This can be implemented by setting a timer in JavaScript that is cleared when one of the header events is triggered.
• Configurable Limit on the total number of connections per QuicSession (PR: #299)
• Handshake Completion Timeout (QuicSession level)

Currently, only the statically linked option has been enabled / tested. Need to verify that shared_ngtcp2 is possible

When packets are lost, they need to be retransmitted. The logic for this is already in place but needs to be optimized and verified that it is working correctly/efficiently

When the final size of a QuicStream is known, it should be exposed to the JavaScript side. Likewise, we are currently not exposing any bytes written/received/queued statistics for the QuicStream

Implement an API similar to http2 that allows sending a file entirely at the native layer, bypassing the streams API and avoiding bringing any data into the javascript layer

Implement temporary configure build switch to optionally enable building QUIC support.

Windows:

vcbuild projgen experimental-quic

POSIX:

./configure --experimental-quic

EDIT: updated enable-experimental-quic to experimental-quic as explained in PR #83 (comment)

@danbev ... I'm seeing the following when I attempt to build...

In file included from ../deps/ngtcp2/lib/ngtcp2_acktr.h:32:0,
                 from ../deps/ngtcp2/lib/ngtcp2_acktr.c:25:
../deps/ngtcp2/lib/includes/ngtcp2/ngtcp2.h:51:10: fatal error: ngtcp2/version.h: No such file or directory
 #include <ngtcp2/version.h>
          ^~~~~~~~~~~~~~~~~~
compilation terminated.
In file included from ../deps/ngtcp2/lib/ngtcp2_buf.h:32:0,
                 from ../deps/ngtcp2/lib/ngtcp2_buf.c:25:
../deps/ngtcp2/lib/includes/ngtcp2/ngtcp2.h:51:10: fatal error: ngtcp2/version.h: No such file or directory
 #include <ngtcp2/version.h>
          ^~~~~~~~~~~~~~~~~~

Hey @nodejs/quic

The implementation is getting to the point where we need tests, lots of tests. If you'd like to find a way of jumping in to help with the implementation, that's probably the one area that would be the most valuable right now...

Heads up @nodejs/quic (@danbev and @addaleax in particular)... I'm going to be rebasing nodejs/quic master and squashing a large number of the quic specific commits down in order to make further rebasing easier. As it stands now, we're a couple hundred commits ahead which makes rebasing quite a bit more difficult. I'll squash first, then rebase.

Next ticks being called? Promises draining?

QuicSession ... Implement test verifying that flow control is working correctly.

Spec reference:
https://tools.ietf.org/html/draft-ietf-quic-transport-20#section-2

Type: test
Priority: high

Direction: Client -> Server
Description: Connection timeout not yet implemented