| CPC H04L 69/162 (2013.01) [H04L 69/12 (2013.01); H04L 69/164 (2013.01); H04L 69/324 (2013.01); H04L 69/326 (2013.01); H04L 63/0428 (2013.01)] | 25 Claims |
|
1. A method comprising:
in software executing on a host system:
opening a Quick User Datagram Protocol (UDP) Internet Connections (QUIC) socket;
configuring QUIC packet processing by an offloader based on received configurations;
sending one or more commands to configure the offloader with multiple QUIC Security Associations (SAs);
providing a first QUIC packet to the offloader, wherein the offloader is part of a network interface device and wherein the network interface device is to transmit at least one QUIC packet;
setting up a connection with a second device based on transmission of QUIC long header packets;
configuring the offloader to provide received QUIC Short Header packets to the software executing on the host system for processing; and
offloading, to the offloader:
selecting an SA among the multiple QUIC SAs,
encrypting the first QUIC packet based on the selected SA,
tracking transmitted QUIC packets by packet numbers,
performing encryption and packet number tracking of transmitted QUIC Short Header packets, and
performing decryption and packet number tracking of receiving QUIC Short Header packets, wherein the offloader maintains a first SA table for a packet number associated with a received QUIC packet, wherein the first SA table comprises: a destination IP address, virtual local area network (VLAN) identifier (ID), cryptographic algorithm, cryptographic key, and
wherein the offloader maintains a second SA table for a packet number associated with a QUIC packet to be transmitted, wherein the second SA table comprises: destination IP address, VLAN ID, Source Connection ID, Destination Connection ID, Key Phase, indication of application of packet number encryption, cryptographic algorithm, cryptographic key, and cryptographic vector.
|