quic_settings.rs

Overview

This file defines the ConfigFactory enum and its associated methods to create and configure QUIC connection settings and credentials for client and server configurations. It acts as a factory for producing Configuration objects used by the msquic library, encapsulating the creation of QUIC settings and TLS credential configurations.

The main responsibilities of this file include:

• Building QUIC Settings tailored for client or server use.

• Constructing TLS credential configurations (CredentialConfig) from provided network credentials.

• Creating fully initialized Configuration instances by combining settings, credentials, and ALPN protocols.

This file interacts primarily with the msquic crate for QUIC protocol abstractions and the crate::tls module for TLS certificate construction. It facilitates the initialization of secure QUIC connections by preparing the necessary configurations.

Entities

Enum: ConfigFactory

An enum with two variants representing the type of configuration to be created:

• Client

• Server

This enum drives the conditional logic for building appropriate settings and credentials.

Methods

build(&self, registration: &Registration, alpn: &[&str], credential: &NetCredential) -> anyhow::Result<Configuration>

Creates and returns a fully configured Configuration object based on the factory variant (client or server).

Parameters

• registration: &Registration
  A reference to an msquic registration object representing the QUIC instance registration.

• alpn: &[&str]
  A slice of string slices representing the ALPN (Application-Layer Protocol Negotiation) protocols to support.

• credential: &NetCredential
  A reference to the network credential containing TLS certificate material.

Returns

• anyhow::Result
  On success, returns a configured msquic Configuration object ready for use in QUIC connections. Returns an error if credential building or configuration opening fails.

Usage Example

let factory = ConfigFactory::Server;
let config = factory.build(&registration, &["h3"], &net_credential)?;

build_settings(&self) -> Settings

Constructs and returns a Settings instance with QUIC transport parameters pre-configured.

Behavior

• Sets server resumption level to allow 0-RTT resumption.

• Limits peer bidirectional streams to zero (disables).

• Sets peer unidirectional streams to 1024.

• Sets initial RTT estimate to 2 ms.

• Configures idle timeout and send idle timeout to zero (no timeout).

• Sets keep alive interval to 500 ms.

• Sets max ACK delay to 1 ms.

• Configures initial window packets to 100.

• Allocates stream receive window default to 256 MiB.

• Sets connection flow control window to 2 GiB.

• Enables send buffering.

This default settings profile is generic but optimized for server-like scenarios. The method is pub(crate) as it is intended for internal use.

build_credential(&self, credential: &NetCredential) -> anyhow::Result<CredentialConfig>

Creates a CredentialConfig object for TLS, including certificate and flags, customized based on whether the factory is a client or server.

Parameters

• credential: &NetCredential
  The network credential containing certificate material.

Returns

• anyhow::Result<CredentialConfig>
  Returns a configured TLS credential structure or an error if PKCS#12 construction fails.

Implementation Details

• Calls build_pkcs12(credential) (from crate::tls) to convert the credential to PKCS#12 format.

• Wraps the PKCS#12 bytes into a CertificatePkcs12.

• Combines credential flags:

  • Always includes INDICATE_CERTIFICATE_RECEIVED and USE_PORTABLE_CERTIFICATES.

  • Adds NO_CERTIFICATE_VALIDATION to disable validation (common in testing or trusted environments).

  • Adds CLIENT flag for client configurations.

  • Adds REQUIRE_CLIENT_AUTHENTICATION for server configurations.

Implementation Details and Interactions

• The file depends on the msquic crate for native QUIC protocol primitives such as Configuration, Settings, Credential, and related enums.

• TLS certificate handling is delegated to the crate::tls::build_pkcs12 function, which converts NetCredential into PKCS#12 format required by msquic.

• The build method transforms the ALPN protocols from &str into BufferRef types needed by msquic, then constructs the settings and credentials before opening the configuration.

• Flags in the credential configuration influence handshake behavior and certificate validation policies.

• The Settings object constructed here configures transport parameters that affect stream counts, flow control, timing, and buffering.

• This file enables flexible creation of different QUIC configurations depending on whether the connection acts as client or server.

Diagram

classDiagram
class ConfigFactory {
<<enum>>
+Client
+Server
+build()
+build_settings()
+build_credential()
}
class Registration
class Configuration
class Settings
class CredentialConfig
ConfigFactory --> Registration : uses
ConfigFactory --> Configuration : creates
ConfigFactory --> Settings : creates
ConfigFactory --> CredentialConfig : creates

This diagram illustrates that ConfigFactory is an enum providing three main methods. It depends on Registration to open configurations, produces Configuration objects, and internally creates Settings and CredentialConfig for configuration setup.