gm_quic

Struct QuicListenersBuilder

Source 
pub struct QuicListenersBuilder<T> { /* private fields */ }
Expand description

The builder for the quic listeners.

Implementations§

Source§

impl<T> QuicListenersBuilder<T>

Source

pub fn with_supported_versions( self, versions: impl IntoIterator<Item = u32>, ) -> Self

(WIP)Specify the supported quic versions.

If you call this multiple times, only the last call will take effect.

Source

pub fn with_token_provider(self, token_provider: Arc<dyn TokenProvider>) -> Self

Specify how server to create and verify the client’s Token in [address verification].

If you call this multiple times, only the last token_provider will be used.

address verification

Source

pub fn with_streams_concurrency_strategy( self, strategy_factory: impl ProductStreamsConcurrencyController + 'static, ) -> Self

Specify the factory which product the streams concurrency strategy controller for the server.

The streams controller is used to control the concurrency of data streams. Take a look of ControlStreamsConcurrency for more information.

If you call this multiple times, only the last controller will be used.

Source

pub fn defer_idle_timeout(self, duration: Duration) -> Self

Provide an option to defer an idle timeout.

This facility could be used when the application wishes to avoid losing state that has been associated with an open connection but does not expect to exchange application data for some time.

See Deferring Idle Timeout of RFC 9000 for more information.

Source

pub fn with_parameters(self, parameters: ServerParameters) -> Self

Specify the [transport parameters] for the server connections.

If you call this multiple times, only the last parameters will be used.

Usually, you don’t need to call this method, because the server will use a set of default parameters.

transport parameters

Source

pub fn with_iface_factory(self, factory: impl ProductQuicIO + 'static) -> Self

Specify how hosts bind to the interface.

If you call this multiple times, only the last factory will be used.

The default quic interface is provided by handy::DEFAULT_QUIC_IO_FACTORY. For Unix and Windows targets, this is a high performance UDP library supporting GSO and GRO provided by qudp crate. For other platforms, please specify you own factory.

Source

pub fn with_qlog(self, logger: Arc<dyn Log + Send + Sync>) -> Self

Specify qlog collector for server connections.

If you call this multiple times, only the last logger will be used.

Pre-implemented loggers:

  • LegacySeqLogger: Generates qlog files compatible with qvis visualization.

    • LegacySeqLogger::new(PathBuf::from("/dir")): Write to files {connection_id}_{role}.sqlog in dir
    • LegacySeqLogger::new(tokio::io::stdout()): Stream to stdout
    • LegacySeqLogger::new(tokio::io::stderr()): Stream to stderr

    Output format: JSON-SEQ (RFC7464), one JSON event per line.

  • NoopLogger: Ignores all qlog events (default, recommended for production).

Source

pub fn enable_anti_port_scan(self) -> Self

Enable anti-port scanning protection.

When anti-port scanning protection is enabled, the server will silently drop connections that fail validation (e.g., invalid ClientHello, authentication failures) without sending any response packets.

This security feature provides the following benefits:

  • Prevents attackers from detecting server presence through port scanning
  • Reduces the attack surface by not revealing server configuration details
  • Protects against network reconnaissance and probing attacks
  • Makes the server appear “offline” to unauthorized connection attempts

Security Note: This feature should be used carefully as it may make debugging connection issues more difficult. Consider using it in production environments where security is prioritized over observability.

Tip: For enhanced security, combine this with with_client_auther to implement custom authentication logic while maintaining stealth behavior for failed connections.

Default: disabled

Source

pub fn with_client_auther( self, client_auther: impl AuthClient + 'static, ) -> Self

Specify custom client authentication handlers for the server.

Client authers are used to perform additional validation beyond standard TLS certificate verification. They can verify server names, client parameters, and client certificates according to custom business logic.

Each AuthClient implementation provides three verification methods:

  • verify_server_name(): Validates the requested server name (SNI)
  • verify_client_params(): Validates client QUIC transport parameters
  • verify_client_certs(): Validates client certificate chains

All provided authers must approve the connection for it to be accepted. If any auther rejects the connection, it will be dropped.

If you call this multiple times, only the last client_auther will be used.

Security Enhancement: When combined with enable_anti_port_scan, failed authentication attempts will be silently dropped without any response, providing enhanced security against reconnaissance attacks.

TLS Protocol Note: Certificate verification failures during the TLS handshake will still send error responses to clients, as the server has already sent its ServerHello message at that point. The stealth behavior only applies to earlier validation failures that occur before the TLS handshake begins.

Built-in Validation: The server automatically verifies that the interface receiving the client connection is configured to listen for the requested server name (SNI). This built-in validation ensures proper routing of connections to their intended hosts.

Default: empty (only built-in host and interface validation)

Source§

impl QuicListenersBuilder<ConfigBuilder<ServerConfig, WantsVerifier>>

Source

pub fn with_client_cert_verifier( self, client_cert_verifier: Arc<dyn ClientCertVerifier>, ) -> QuicListenersBuilder<TlsServerConfig>

Choose how to verify client certificates.

Source

pub fn without_client_cert_verifier( self, ) -> QuicListenersBuilder<TlsServerConfig>

Disable client authentication.

Source§

impl QuicListenersBuilder<ServerConfig>

Source

pub fn with_alpns( self, alpn: impl IntoIterator<Item = impl Into<Vec<u8>>>, ) -> Self

Specify the [alpn-protocol-ids] that the server supports.

If you call this multiple times, all the alpn_protocol will be used.

If you never call this method, we will not do ALPN with the client.

alpn-protocol-ids

Source

pub fn enable_0rtt(self) -> Self

Source

pub fn listen(self, backlog: usize) -> Arc<QuicListeners>

Start listening for incoming connections.

The backlog parameter has the same meaning as the backlog parameter of the UNIX listen function, which is the maximum number of pending connections that can be queued. If the queue is full, new initial packets may be dropped.

Panic if backlog is 0.

Auto Trait Implementations§

§

impl<T> Freeze for QuicListenersBuilder<T>
where T: Freeze,

§

impl<T> !RefUnwindSafe for QuicListenersBuilder<T>

§

impl<T> Send for QuicListenersBuilder<T>
where T: Send,

§

impl<T> Sync for QuicListenersBuilder<T>
where T: Sync,

§

impl<T> Unpin for QuicListenersBuilder<T>
where T: Unpin,

§

impl<T> !UnwindSafe for QuicListenersBuilder<T>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more