Session

QUIC (RFC 9000) is now widely used for modern secure networking, combining encrypted transport, multiplexed streams, and low-latency connection setup over UDP. While it has become the default transport for many user-space applications, QUIC is still not part of the Linux kernel networking stack. This limits its integration with kernel subsystems and reduces opportunities for reuse in components such as SMB and NFS.

This talk presents a Linux kernel implementation of QUIC that introduces it as a native transport using a new IPPROTO_QUIC socket type. It starts with the motivation for moving QUIC into the kernel and the practical benefits this enables, including direct use by kernel subsystems, POSIX-style socket APIs, ALPN-based connection dispatching, and reduced overhead through in-kernel processing.

The design and architecture of the implementation are covered in detail. The kernel handles the full QUIC transport logic, including stream management, congestion control, loss recovery, packet handling, connection migration, and flow control. TLS handshake processing remains in user space. For kernel consumers, the existing net/handshake framework together with the tlshd user-space service is used to coordinate handshake processing while keeping a clear and minimal boundary between kernel and user space.

The socket API follows familiar POSIX patterns, exposing connect(), accept(), sendmsg(), and recvmsg() for both applications and kernel consumers. In addition, the API is extended to support a broader set of use cases, including ALPN-based routing, transport parameter configuration, stream life cycle control, and connection-level operations needed by in-kernel and user-space consumers. Real-world usage examples include Samba integration, ongoing NFS work, curl HTTP/3 support, and performance tooling such as NetPerfMeter.

Testing and validation include interoperability testing against major QUIC implementations, syzkaller fuzzing, and performance benchmarking on high-speed networks, showing that the implementation is already usable beyond a prototype stage.

The talk concludes with future work, including upstreaming efforts across the kernel and GnuTLS ecosystems, NIC crypto offloading support, and continued evolution of the API to cover additional deployment scenarios and workload requirements.