QuantumGate::SecurityParameters
QuantumGate::SecurityParameters is a struct used to change or retrieve the security settings of a QuantumGate instance. Use the QuantumGate::Local::GetSecurityParameters() function to get the current security parameters for the local instance, and (after changing them) use the QuantumGate::Local::SetSecurityLevel() function to set the security parameters using the QuantumGate::SecurityLevel::Custom security level. For more information see QuantumGate Security Levels.
struct SecurityParameters
{
struct
{
std::chrono::seconds ConnectTimeout{ 0 };
std::chrono::seconds SuspendTimeout{ 0 };
std::chrono::seconds MaxSuspendDuration{ 0 };
std::chrono::milliseconds MaxHandshakeDelay{ 0 };
std::chrono::seconds MaxHandshakeDuration{ 0 };
std::chrono::seconds AddressReputationImprovementInterval{ 0 };
struct
{
Size MaxPerInterval{ 0 };
std::chrono::seconds Interval{ 0 };
} ConnectionAttempts;
} General;
struct
{
std::chrono::seconds MinInterval{ 0 };
std::chrono::seconds MaxInterval{ 0 };
std::chrono::seconds MaxDuration{ 0 };
Size RequireAfterNumProcessedBytes{ 0 };
} KeyUpdate;
struct
{
std::chrono::seconds ConnectTimeout{ 0 };
std::chrono::seconds GracePeriod{ 0 };
std::chrono::seconds MaxSuspendDuration{ 0 };
struct
{
Size MaxPerInterval{ 0 };
std::chrono::seconds Interval{ 0 };
} ConnectionAttempts;
} Relay;
struct
{
Size ConnectCookieRequirementThreshold{ 0 };
std::chrono::seconds CookieExpirationInterval{ 0 };
std::chrono::milliseconds MaxMTUDiscoveryDelay{ 0 };
Size MaxNumDecoyMessages{ 0 };
std::chrono::milliseconds MaxDecoyMessageInterval{ 0 };
} UDP;
struct
{
std::chrono::seconds AgeTolerance{ 0 };
std::chrono::seconds ExtenderGracePeriod{ 0 };
Size MinRandomDataPrefixSize{ 0 };
Size MaxRandomDataPrefixSize{ 0 };
Size MinInternalRandomDataSize{ 0 };
Size MaxInternalRandomDataSize{ 0 };
} Message;
struct
{
bool Enabled{ false };
std::chrono::seconds TimeInterval{ 0 };
Size MinMessagesPerInterval{ 0 };
Size MaxMessagesPerInterval{ 0 };
Size MinMessageSize{ 0 };
Size MaxMessageSize{ 0 };
} Noise;
};| Name | Description |
|---|---|
General::ConnectTimeout |
The maximum number of seconds to wait for a connection to be established. |
General::SuspendTimeout |
The maximum number of seconds of inactivity after which a connection gets suspended (only for endpoints that support suspending connections, such as those using the UDP protocol). |
General::MaxSuspendDuration |
The maximum number of seconds that a connection may be in the suspended state before the peer is disconnected (only for endpoints that support suspending connections, such as those using the UDP protocol). |
General::MaxHandshakeDelay |
The maximum number of milliseconds to delay a handshake. This should be smaller than the handshake duration. |
General::MaxHandshakeDuration |
The maximum number of seconds a handshake may last after connecting before the peer is disconnected. This should be larger than the handshake delay. |
General::AddressReputationImprovementInterval |
The period of time in seconds after which the reputation of an address gets slightly improved. |
General::ConnectionAttempts::MaxPerInterval |
The maximum number of allowed connection attempts per interval before the peer gets blocked. |
General::ConnectionAttempts::Interval |
The period of time in seconds after which the connection attempts are reset to 0 for a peer. |
| Name | Description |
|---|---|
KeyUpdate::MinInterval |
Minimum number of seconds to wait before initiating an encryption key update. |
KeyUpdate::MaxInterval |
Maximum number of seconds to wait before initiating an encryption key update. |
KeyUpdate::MaxDuration |
Maximum number of seconds that a key update may last after initiation. If a key update doesn't complete in time the connection is closed. |
KeyUpdate::RequireAfterNumProcessedBytes |
Number of bytes that may be encrypted/decrypted using a single symmetric key after which to require a key update. Should be larger than 10485760 (10MB). |
| Name | Description |
|---|---|
Relay::ConnectTimeout |
The maximum number of seconds to wait for a relay link to be established. |
Relay::GracePeriod |
The number of seconds after a relay is closed to still silently accept messages for that relay link. |
Relay::MaxSuspendDuration |
The maximum number of seconds that a relay link may be suspended before it is closed/removed. |
Relay::ConnectionAttempts::MaxPerInterval |
The maximum number of allowed relay connection attempts per interval before a peer gets blocked |
Relay::ConnectionAttempts::Interval |
The period of time in seconds after which the relay connection attempts are reset to 0 for a peer |
| Name | Description |
|---|---|
UDP::ConnectCookieRequirementThreshold |
The number of incoming connections that may be in the process of being established (connection handshake) after which a cookie is required for new incoming connections. |
UDP::CookieExpirationInterval |
The number of seconds after which a cookie expires. |
UDP::MaxMTUDiscoveryDelay |
The maximum number of milliseconds to wait before starting MTU discovery after connecting to a peer. |
UDP::MaxNumDecoyMessages |
The maximum number of decoy messages to send during the connection handshake. |
UDP::MaxDecoyMessageInterval |
The maximum time interval in milliseconds for sending decoy messages during the connection handshake. The UDP::MaxNumDecoyMessages are randomly spread out and sent within this interval. |
| Name | Description |
|---|---|
Message::AgeTolerance |
The maximum age of a message in seconds before it's not accepted. |
Message::ExtenderGracePeriod |
The number of seconds after an extender is removed to still silently accept messages for that extender. |
Message::MinRandomDataPrefixSize |
The minimum size in bytes of the random data prefix sent with messages. This is used for message padding in order to mask the actual length of a message. |
Message::MaxRandomDataPrefixSize |
The maximum size in bytes of the random data prefix sent with messages. This is used for message padding in order to mask the actual length of a message. |
Message::MinInternalRandomDataSize |
The minimum size in bytes of random data sent with each message. This is used for message padding in order to mask the actual length of a message. |
Message::MaxInternalRandomDataSize |
The maximum size in bytes of random data sent with each message. This is used for message padding in order to mask the actual length of a message. |
For every message transport sent, QuantumGate will add a prefix of random data, the size of which is randomly chosen between the specified minimum and maximum values. However, there is a special case: when a global shared secret is being used, the first message transport being sent by both peers in a connection will always contain a prefix of random data, the length of which depends on the global shared secret being used.
Also for every message transport sent, QuantumGate will add random data internally, the size of which is also randomly chosen between the specified minimum and maximum values.
| Name | Description |
|---|---|
Noise::Enabled |
Whether sending of noise messages is enabled. |
Noise::TimeInterval |
Noise time interval in seconds. |
Noise::MinMessagesPerInterval |
The minimum number of noise messages to send in given time interval. |
Noise::MaxMessagesPerInterval |
The maximum number of noise messages to send in given time interval. |
Noise::MinMessageSize |
The minimum size of a noise message in bytes. |
Noise::MaxMessageSize |
The maximum size of a noise message in bytes. |
These member variables can be used to configure noise settings. You can control how frequent noise messages are sent and what their sizes are in bytes. QuantumGate will randomly choose a value between the minimum and maximum specified.
For example, if you specify a TimeInterval of 30 seconds, and a MinMessagesPerInterval of 10 and MaxMessagesPerInterval of 60, QuantumGate will randomly choose a number of messages between the minimum and maximum, say 25, for the next 30 seconds. After 30 seconds, QuantumGate randomly chooses a new value between the minimum and maximum as the number of messages to send in the next 30 seconds.
In addition, for each of the messages being sent, QuantumGate will determine its size by randomly selecting a value between the MinMessageSize and MaxMessageSize specified.