Google Git
Sign in
quiche / quiche / 4f6d4cd5f49110afdfa62238d089646148472dc7
commit4f6d4cd5f49110afdfa62238d089646148472dc7[log] [tgz]
authorjprat <jprat@google.com>Fri Oct 31 07:35:58 2025 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Oct 31 07:36:46 2025 -0700
tree3e04feb8e769cabc2f44428c44721d69d8087496
parenta504af3e50bf541c61b57bc6ce6e6cb1e7935c21 [diff]
Detect and close connections on invalid acks received by the QUIC dispatcher.

With this change, the QUIC dispatcher will track the largest packet number among the packets it has sent. When processing incoming packets, the `TlsChloExtractor` will check if any ACK frames in the received packet, acknowledge packet numbers that were not sent by the dispatcher. If such an "invalid ack" is found, the connection is considered to be in violation of the protocol and is statelessly closed by adding the connection ID to the time-wait list.

Protected by quic_restart_flag_quic_dispatcher_close_connection_on_invalid_ack.

PiperOrigin-RevId: 826482880
11 files changed
tree: 3e04feb8e769cabc2f44428c44721d69d8087496
  1. build/
  2. depstool/
  3. quiche/
  4. .bazelrc
  5. .bazelversion
  6. BUILD.bazel
  7. CONTRIBUTING.md
  8. LICENSE
  9. MODULE.bazel
  10. MODULE.bazel.lock
  11. README.md
  12. WHITESPACE
README.md

QUICHE

QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at CONTRIBUTING.md.

QUICHE is only supported on little-endian platforms.

Build and run standalone QUICHE

QUICHE has binaries that can run on Linux platforms.

Follow the instructions to install Bazel.

sudo apt install libicu-dev clang lld
cd <directory that will be the root of your quiche implmentation>
git clone https://github.com/google/quiche.git
cd quiche
CC=clang bazel build -c opt //...
./bazel-bin/quiche/<target_name> <arguments>

There are several targets that can be built and then run. Full usage instructions are available using the --helpfull flag on any binary.

  • quic_packet_printer: from a provided packet, parses and prints out the contents that are accessible without decryption.

Usage: quic_packet_printer server|client <hex dump of packet>

  • crypto_message_printer: dumps the contents of a QUIC crypto handshake message in a human readable format.

Usage: crypto_message_printer_bin <hex of message>

  • quic_client: connects to a host using QUIC and HTTP/3, sends a request to the provided URL, and displays the response.

Usage: quic_client <URL>

  • quic_server: listens forever on --port (default 6121) until halted via ctrl-c.

  • masque_client: tunnels to a URL via an identified proxy (See RFC 9298).

Usage: masque_client [options] <proxy-url> <urls>

  • masque_server: a MASQUE tunnel proxy that defaults to port 9661.

Usage: masque_server

  • web_transport_test_server: a server that clients can connect to via WebTransport.

  • moqt_relay: a relay for the Media Over QUIC transport for publishers and subscribers can connect to.

Usage: moqt_relay