IETF Logo Mail Archive

Re: Small size of core QUIC library to replace TCP for embedded system

Paul Vixie <paul@redbarn.org> Tue, 21 July 2020 17:02 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 152683A0C1C for <quic@ietfa.amsl.com>; Tue, 21 Jul 2020 10:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HxJIYtCayWF1 for <quic@ietfa.amsl.com>; Tue, 21 Jul 2020 10:02:55 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 977E43A0C17 for <quic@ietf.org>; Tue, 21 Jul 2020 10:02:55 -0700 (PDT)
Received: from linux-9daj.localnet (dhcp-183.access.rits.tisf.net [24.104.150.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (1024 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 713B8C3F16 for <quic@ietf.org>; Tue, 21 Jul 2020 17:02:55 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: quic@ietf.org
Subject: Re: Small size of core QUIC library to replace TCP for embedded system
Date: Tue, 21 Jul 2020 17:02:54 +0000
Message-ID: <2499749.AO4zfZtjs8@linux-9daj>
Organization: none
In-Reply-To: <CAA=hcWQ60GH2TnjvqBEGvVQ1whxNYwEWjQ+b9FW948GKvN570Q@mail.gmail.com>
References: <CAA=hcWS0V8ipsoAEFK3ejdA++Vzi+czth37=ntP4mnt8d=mtRg@mail.gmail.com> <F384B33C-70F8-45EF-AB5C-30D0A145659A@eggert.org> <CAA=hcWQ60GH2TnjvqBEGvVQ1whxNYwEWjQ+b9FW948GKvN570Q@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nuhCas8szvz1w-6z-43A7aoJCxQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 17:02:57 -0000

On Tuesday, 21 July 2020 10:56:22 UTC Jupiter wrote:
> Hi Lars,
> 
> On 7/21/20, Lars Eggert <lars@eggert.org> wrote:
> > ...
> > https://github.com/quicwg/base-drafts/wiki/Implementations)
> > ...
> 
> Sorry for not being clear, I should say Linux embedded system at the
> beginning. Although I would say the time for embedded systems with 8M
> Flash and 64KRAM has been long gone :-), I still have to manage the
> resources for meaning full network stacks and applications.

i realize that this has been declared off-topic, but you've raised a question 
that your /quicwg/ URI above does not answer.

for privilege separation reasons, sockets have been kernel objects. this has 
facilitated logging and filtering for regulatory, policy, ad-blocking, malware 
filtering, and so on. user mode code has not historically been able to form a 
connection without a "connect" system call, where policy could be enforced by 
the kernel. as an example, "raw" sockets necessary to implement user-mode TCP 
have historically been restricted to processes running with elevated 
privilege.

in some environments this will be an invariant, and UDP sockets will be made 
to require elevated privileges, precisely so as to give the kernel a chance to 
log and filter connection attempts according to local policy. in that 
environment, a kernel-resident QUIC implementation will be needed, so that 
something like a "connect" system call can still exist. i do not expect this 
to save memory, because shared libraries are equal in size to kernel modules. 
but as a place to put an ad-blocker or other edge-device connection policy, a 
kernel-resident QUIC implementation is going to be required in some places.

my question is, has any QUIC implementor been thinking along these lines? i 
believe that the parameters to a QUIC "connect" syscall would be larger and 
more numerous than for a TCP or SCTP or UDP "connect" syscall, for example.

-- 
Paul

v2.23.0 | Report a Bug | By Email