
MsQuic – QUIC Implementation from Microsoft - mjsabby
https://github.com/Microsoft/msquic
======
slowstart
Please fire away any questions you may have! I lead the team that built this
library.

This blog has details on current development status and adoption within
Microsoft: [https://techcommunity.microsoft.com/t5/networking-
blog/msqui...](https://techcommunity.microsoft.com/t5/networking-blog/msquic-
is-open-source/ba-p/1345441)

~~~
profquail
Have you considered implementing any parts of this in F* (so they can be
verified) and extracting back to C, as is being done for TLS?

[https://project-everest.github.io/](https://project-everest.github.io/)

~~~
catalin_hritcu
Some work on verifying QUIC packet encryption using F* is happening at
Microsoft Research: [https://github.com/project-everest/everquic-
crypto](https://github.com/project-everest/everquic-crypto)

~~~
protz
Just to build on Catalin's answer. We are actively working on an
implementation of QUIC's transport layer (i.e. packet encryption and
decryption), along with a proof of cryptographic security. This is what
Catalin linked to ([https://github.com/project-everest/everquic-
crypto](https://github.com/project-everest/everquic-crypto)). EverQuic-Crypto
builds upon two previous projects: EverParse, a library of verified low-level
parsers and serializers which we apply to the QUIC network formats, and
EverCrypt, a cryptographic provider with agility and multiplexing, which we
use for all the cryptography, e.g. packet number encryption, AEAD, etc.

This is not yet a full QUIC implementation, but we have plans for extending
this codebase to cover more of the QUIC protocol.

------
simonw
MIT licensed cross-platform C. Ten years ago I wouldn't have believed it.
Today it's not even surprising.

I really like this version of Microsoft.

~~~
battery_cowboy
I'm with you, and I'm happy that it seems like they are trying to become a
good steward in the software industry. I am impressed by the quality of
Windows 10, up to about a year ago I used Linux daily because it was a better
experience than Windows 98 through 8.1, until recently. Lately, I find it's
way easier to run Windows 10 with WSL rather than screw around with Linux
trying to get things to work correctly that I just plug in to Windows.

I hope they start giving more control to us, though, because I'm tired of
having to firewall block telemetry and forced to have Cortana installed or
whatever other garbage. If Microsoft allowed me to install Windows like I do
Debian, where I can pick my packages and leave out what I don't want, and they
also allowed for replacement APIs, so I could swap explorer.exe for my own
version for example, I'd never use Linux again. But that'll never happen, so
I'll just use tools to block that stuff for now and hope the Linux experience
catches up.

~~~
vorpalhex
Even during the evil days Microsoft occasionally produced great software like
Microsoft Money.

Like any large corporation, MS is not a single cohesive entity and I suspect
the Win10 group pushing metrics and Cortana is not the same folks writing
nifty quic implementations.

~~~
battery_cowboy
Exactly! I loved Microsoft money, BTW, I wish it was still a thing.

~~~
cosmie
While not quite the same, they're releasing an Excel feature/template called
"Money in Excel" soon[1], that uses a Plaid integration to pull live financial
data into Excel to work with.

[1] [https://support.office.com/en-us/article/what-is-money-in-
ex...](https://support.office.com/en-us/article/what-is-money-in-
excel-0fb4710d-169e-45a7-ad60-ca98103d4e6a)

------
heycam
Nice. For comparison, here is Mozilla's implementation in Rust, which is
integrated into Firefox:
[https://github.com/mozilla/neqo](https://github.com/mozilla/neqo)

------
AndrewDucker
Great to see that SMB-over-QUIC is being trialled. I'd love to see more
applications using QUIC as a transport - particularly if they're going to be
on mobile - or switching back and forth between WiFi and mobile signals
(which, on TCP, means dropping the connection and creating a new one).

------
akmittal
Why everyone is making their own QUIC implementations. There are so many
already
[https://en.wikipedia.org/wiki/QUIC#Source_code](https://en.wikipedia.org/wiki/QUIC#Source_code)

~~~
beagle3
Likely for the same reason everyone tries making their own web browser, even
though the other guys' are all gratis (and many of them libre): When something
is a platform, you are either a landlord or a tenant.

Google and Apple have seen what happens to Microsoft's tenants, so they
decided to be landlords. Microsoft knows how awful a landlord it had been (and
after decades of landlord-only status, suffered abuse as a tenant at Google's
gmail and youtube platforms), so it also tries to be a landlord in every way
it can; It couldn't attract it's own tenants to Windows Phone, IE11 and its
own Edge, so it has to offer subleases on Android, iOS and Blink(=Edgium)
these days.

QUIC looks more "behind the scenes" as a platform right now, but building your
own is a very cheap hedge against ceding complete control of what could become
a potentially fundamental platform to your competitors. So everyone does that.

I'm no fan of Microsoft, and I believe that Microsoft has been "beaten to
submission" rather than "left the dark side", so to speak. But regardless of
the overall technical quality or moral/values one assigns to Microsoft - they
are a smart, politically and business oriented and savvy corporation. This is
a "staying relevant and in control" move.

------
PudgePacket
See here for other QUIC implementations:
[https://en.wikipedia.org/wiki/QUIC#Source_code](https://en.wikipedia.org/wiki/QUIC#Source_code)

Maybe this one can be added to the list.

------
elitistphoenix
I'm glad the support linux straight out of the box

------
legulere
> MsQuic is shipped in-box in the Windows kernel in the form of the msquic.sys
> driver

Does that mean that a HTTP.SYS Webserver will also Support QUIC?

~~~
ComodoHacker
You mean IIS? HTTP.SYS isn't a webserver.

~~~
legulere
The kernel module HTTP.SYS contains a HTTP server. It's used by IIS, but you
can also use its API directly.

~~~
ComodoHacker
Wow, didn't know that.

API for the curious: [https://docs.microsoft.com/en-
us/windows/win32/http/http-api...](https://docs.microsoft.com/en-
us/windows/win32/http/http-api-start-page)

------
fulafel
In the FAQ it says this is going into the Windows kernel. Is there a sockets
api emerging for QUIC or will each impl have its own api?

~~~
slowstart
There is currently no standardization for QUIC APIs. You can check out the
MsQuic API here:
[https://github.com/microsoft/msquic/blob/master/docs/API.md](https://github.com/microsoft/msquic/blob/master/docs/API.md)

------
modeless
The feature I most want in a new network protocol is multipath to enable
seamless and automatic connection migration between wifi and cellular. I
haven't been following QUIC standardization, is that feature in now or
postponed to the future?

~~~
slowstart
Connection migration is part of the current Internet-Drafts. The generalized
support for multi-path (i.e. usage of more than one path at the same time) is
postponed to a future version of the protocol. You can follow the standards
work here: [https://quicwg.org/](https://quicwg.org/)

~~~
modeless
Good to hear, but it seems like using both paths at the same time would be
necessary for connection migration to work well, as you're often not sure
which connection is actually better. If you have to wait until you're
completely sure one connection is gone before switching wholesale to the
other, that removes a lot of the benefit of connection migration.

------
maallooc
Wow, I noticed it was a Microsoft code. I think I would have noticed it
without the information. Is there a Microsoft style guideline when writing C?

------
est
Will there be a Python binding?

------
tyrion
Networking code written in C! I wonder what can go wrong?

~~~
tandr
Just like whole Linux, *BSD, Windows network stack, all these drivers for
embedded systems... smh

------
sally1620
"cross-platform" software that only runs on Linux and Windows.

~~~
saagarjha
Cross-platform means it runs on more than one platform, and you mentioned two.
Those two are conveniently fairly popular as well.

