xref: /freebsd/crypto/openssl/doc/designs/quic-design/quic-overview.md (revision 4b15965daa99044daf184221b7c283bf7f2d7e66)
1QUIC Design Overview
2====================
3
4The QUIC implementation in OpenSSL is roughly described by the following
5picture.
6
7![alt_text](images/quic-overview.svg "QUIC Implementation Building Blocks")
8
9SSL API
10-------
11
12The application facing public API of the OpenSSL library.
13
14Stream Send and Read Buffers
15----------------------------
16
17Buffers for stream data to be sent or received from the peer over the
18QUIC protocol. These are necessary to support existing semantics of the
19SSL_read and SSL_write functions.
20
21They will be bypassed with a single-copy API for read and write (_not
22for MVP_).
23
24Frame in Flight Manager
25-----------------------
26
27The frame in flight manager manages the queueing of frames which may need to be
28retransmitted if the packets in which they were transmitted were lost. It is
29[discussed in more detail here.](./quic-fifm.md)
30
31Connection State Machine
32------------------------
33
34A state machine handling the state for a QUIC connection.
35
36Connection ID Cache
37-------------------
38
39A table matching Connection IDs with Connection objects represented
40via SSL objects.
41
42_In MVP there is a many-to-1 matching of Connection IDs to Connection
43objects.  Refer third paragraph in [5.1]_
44
45[5.1]: (https://datatracker.ietf.org/doc/html/rfc9000#section-5.1)
46
47Timer And Event Queue
48---------------------
49
50Queue of events that need to be handled asynchronously or at a later
51time.
52
53TLS Handshake Record Layer
54--------------------------
55
56A module that uses the Record Layer API to implement the inner TLS-1.3
57protocol handshake. It produces and parses the QUIC CRYPTO frames.
58
59TX Packetizer
60-------------
61
62This module creates frames from the application data obtained from
63the application. It also receives CRYPTO frames from the TLS Handshake
64Record Layer and ACK frames from the ACK Handling And Loss Detector
65subsystem.
66
67RX Frame Handler
68----------------
69
70Decrypted packets are split into frames here and the frames are forwarded
71either as data or as events to the subsequent modules based on the frame
72type. Flow Controller And Statistics Collector is consulted for decisions
73and to record the statistics of the received stream data.
74
75Flow Controller
76---------------
77
78This module is consulted by the TX Packetizer and RX Frame Handler for flow
79control decisions at both the stream and connection levels.
80
81Statistics Collector
82--------------------
83
84This module maintains statistics about a connection, most notably the estimated
85round trip time to the remote peer.
86
87QUIC Write Record Layer
88-----------------------
89
90Encryption of packets according to the given encryption level and with
91the appropriate negotiated algorithm happens here.
92
93Resulting packets are sent through the Datagram BIO interface to the
94network.
95
96QUIC Read Record Layer
97----------------------
98
99Decryption of packets according to the given encryption level and with
100the appropriate negotiated algorithm happens here.
101
102Packets are received from the network through the Datagram BIO interface.
103
104Congestion Controller
105---------------------
106
107This is a pluggable API that provides calls to record data relevant
108for congestion control decisions and to query for decision on whether
109more data is allowed to be sent or not.
110
111The module is called by the TX Packetizer and the ACK Handling And
112Loss Detector modules.
113
114ACK Handling And Loss Detector
115------------------------------
116
117A module that tracks packets sent to the peer and received ACK frames.
118It detects lost packets (after an ACK is not received in time). It informs
119TX packetizer that it can drop frames waiting to be ACKed when ACK is received.
120It also schedules retransmits of frames from packets that are considered
121to be lost.
122
123The module also handles the receiving side - it schedules when ACK frames should
124be sent for the received packets.
125
126Path And Conn Demultiplexer
127---------------------------
128
129On server side this module is shared between multiple SSL connection objects
130which makes it a special kind of module. It dispatches the received packets
131to the appropriate SSL Connection by consulting the Connection ID Cache.
132
133_For client side and MVP this module just checks that the received packet has
134the appropriate Connection ID and optionally schedules sending stateless
135reset for packets with other Connection IDs._
136
137Datagram BIO
138------------
139
140Implementation of BIO layer that supports `BIO_sendmmsg` and `BIO_recvmmsg`
141calls.
142