lsquic
ssldump
lsquic | ssldump | |
---|---|---|
5 | 2 | |
1,453 | 228 | |
- | - | |
7.2 | 7.5 | |
about 2 months ago | 4 days ago | |
C | C | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lsquic
-
Avoiding HTTP/3 (for a while) as a pragmatic default
I referred to sockets as an API design, not to express an opinion on whether you should place your protocol implementations inside or outside the kernel. (Although that’s undeniably an interesting question that by all rights should have been settled by now, but isn’t.)
Even then, I didn’t mean you should reproduce the Berkeley socket API verbatim (ZeroMQ-style); multiple streams per connection does not sound like a particularly good fit to it (although apparently people have managed to fit SCTP into it[1]?). I only meant that with the current mainstream libraries[2,3,4], establishing a QUIC connection and transmitting bytestreams or datagrams over it seems quite a bit more involved than performing the equivalent TCP actions using sockets.
[1] https://datatracker.ietf.org/doc/html/rfc6458
[2] https://quiche.googlesource.com/quiche
[3] https://github.com/microsoft/msquic
[4] https://github.com/litespeedtech/lsquic
- The Illustrated QUIC Connection
-
LiteSpeed QUIC (LSQUIC) is an open-source implementation of QUIC and HTTP/3
> the word "thread" does not appear anywhere.
because it doesn't use threads? The library is intended to be used inside an eventloop. I think the same also applies for other typical transport libraries - e.g. HTTP/2 or TLS ones.
> Not sure why one would choose this over QUICHE.
I think there are certainly reasons. lsquic seems a lot more optimized than quiche and most other libraries out there. It makes use of some pretty clever datastructures (e.g. https://github.com/litespeedtech/lsquic/blob/master/src/libl...), and likely has a drastically lower rate of heap allocations than other implementations. Some of those things - like the use of intrusive linked lists - are unfortunately not that easy to apply in Rust.
I wouldn't be suprised if lsquic outperforms various other implementations - and if that's important to users it might be a reason to choose it (but as always: measure for your use-case).
I personally also think Rust is the way to go for system level code. But I wouldn't dismiss a project for not using Rust. And this one at least has a fair set of unit-tests, so it looks to me a lot more sane than a lot of other C based projects.
ssldump
-
Tracing HTTP Requests with Tcpflow
I recall seeing a thread somewhere saying tcpflow would not add this capability and they point people to ssldump [1][2] and even that has some limitations.
[1] - https://github.com/adulau/ssldump
[2] - https://linux.die.net/man/1/ssldump
- Ssldump v1.3 – Many bugs fixed including memory leaks and a new JSON export
What are some alternatives?
msquic - Cross-platform, C implementation of the IETF QUIC protocol, exposed to C, C++, C# and Rust.
ecapture - Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.
starlink-coverage - Calculating some statistics about Starlink satellites
haproxy - HAProxy Load Balancer's development branch (mirror of git.haproxy.org)
mvfst - An implementation of the QUIC transport protocol.
wolfssl - The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
netty-incubator-codec-quic
SoftEther - Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
ENet-CSharp - Reliable UDP networking library
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
yojimbo - A network library for client/server games written in C++
tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )