feat: Shuffle the client Initial crypto data

[larseggert]

Reorder data into chunks roughly delimited by the midpoints of ASCII "LDHD" (letters, digits, hyphens, dots) sequences.

Look for the n longest ranges of ASCII "LDHD" characters in data. Create split points halfway into each range. Chunk the data based on those split points, shuffle the chunks and return them.

CC @martinthomson @dennisjackson

[github-actions]

Failed Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: Z C1
• neqo-latest vs. haproxy: C1 L1
• neqo-latest vs. msquic: Z A L1
• neqo-latest vs. mvfst: A L1 C1
• neqo-latest vs. nginx: L1
• neqo-latest vs. quiche: L1
• neqo-latest vs. xquic: A

neqo-latest as server

• chrome vs. neqo-latest: 3
• lsquic vs. neqo-latest: run cancelled after 20 min
• msquic vs. neqo-latest: Z U
• mvfst vs. neqo-latest: Z A L1 C1
• quinn vs. neqo-latest: V2
• xquic vs. neqo-latest: M

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: H DC LR C20 M S R 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. go-x-net: H DC LR M B U A L2 C2 6
• neqo-latest vs. haproxy: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. kwik: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. lsquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. msquic: H DC LR C20 M S R Z B U L1 L2 C1 C2 6 V2
• neqo-latest vs. mvfst: H DC LR M R Z 3 B U L2 C1 C2 6
• neqo-latest vs. neqo: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. nginx: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. ngtcp2: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. picoquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. quic-go: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. quiche: H DC LR C20 M S R Z 3 B U A L2 C1 C2 6
• neqo-latest vs. quinn: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6
• neqo-latest vs. s2n-quic: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6
• neqo-latest vs. xquic: H DC LR C20 M R Z 3 B U L1 L2 C1 C2 6

neqo-latest as server

• aioquic vs. neqo-latest: H DC LR C20 M S R Z 3 B A L1 L2 C1 C2 6 V2
• go-x-net vs. neqo-latest: H DC LR M B U A L2 C2 6
• kwik vs. neqo-latest: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• msquic vs. neqo-latest: H DC LR C20 M S R B U A L1 L2 C1 C2 6 V2
• mvfst vs. neqo-latest: H DC LR M 3 B L2 C2 6
• neqo vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• ngtcp2 vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• picoquic vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• quic-go vs. neqo-latest: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• quiche vs. neqo-latest: H DC LR M S R Z 3 B A L1 L2 C1 C2 6
• quinn vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6
• s2n-quic vs. neqo-latest: H DC LR M S R 3 B E A L1 L2 C1 C2 6
• xquic vs. neqo-latest: H DC LR C20 S R Z 3 B U A L1 L2 C1 C2 6

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: E
• neqo-latest vs. go-x-net: C20 S R Z 3 E L1 C1 V2
• neqo-latest vs. haproxy: E
• neqo-latest vs. kwik: E
• neqo-latest vs. msquic: 3 E
• neqo-latest vs. mvfst: C20 S E V2
• neqo-latest vs. nginx: E V2
• neqo-latest vs. quic-go: E V2
• neqo-latest vs. quiche: E V2
• neqo-latest vs. quinn: V2
• neqo-latest vs. s2n-quic: Z V2
• neqo-latest vs. xquic: S E V2

neqo-latest as server

• aioquic vs. neqo-latest: U E
• chrome vs. neqo-latest: H DC LR C20 M S R Z B U E A L1 L2 C1 C2 6 V2
• go-x-net vs. neqo-latest: C20 S R Z 3 E L1 C1 V2
• kwik vs. neqo-latest: E
• msquic vs. neqo-latest: 3 E
• mvfst vs. neqo-latest: C20 S R U E V2
• quic-go vs. neqo-latest: E V2
• quiche vs. neqo-latest: C20 U E V2
• s2n-quic vs. neqo-latest: C20 Z U V2
• xquic vs. neqo-latest: E V2

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.40%. Comparing base (f3d0191) to head (cb63418).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2228      +/-   ##
==========================================
+ Coverage   95.37%   95.40%   +0.02%     
==========================================
  Files         112      113       +1     
  Lines       36569    36750     +181     
==========================================
+ Hits        34879    35061     +182     
+ Misses       1690     1689       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests

[github-actions]

Benchmark results

Performance differences relative to f3d0191.

coalesce_acked_from_zero 1+1 entries: 💔 Performance has regressed.

       time:   [104.93 ns 105.27 ns 105.62 ns]
       change: [+17.767% +18.446% +19.100%] (p = 0.00 < 0.05)
Found 14 outliers among 100 measurements (14.00%)

11 (11.00%) high mild

3 (3.00%) high severe

coalesce_acked_from_zero 3+1 entries: 💔 Performance has regressed.

       time:   [120.56 ns 120.88 ns 121.23 ns]
       change: [+20.871% +21.601% +22.224%] (p = 0.00 < 0.05)
Found 16 outliers among 100 measurements (16.00%)

1 (1.00%) low severe

1 (1.00%) low mild

4 (4.00%) high mild

10 (10.00%) high severe

coalesce_acked_from_zero 10+1 entries: 💔 Performance has regressed.

       time:   [120.50 ns 121.13 ns 121.85 ns]
       change: [+22.039% +22.577% +23.126%] (p = 0.00 < 0.05)
Found 19 outliers among 100 measurements (19.00%)

2 (2.00%) low severe

7 (7.00%) low mild

1 (1.00%) high mild

9 (9.00%) high severe

coalesce_acked_from_zero 1000+1 entries: 💔 Performance has regressed.

       time:   [100.08 ns 100.22 ns 100.39 ns]
       change: [+21.662% +23.086% +24.354%] (p = 0.00 < 0.05)
Found 8 outliers among 100 measurements (8.00%)

4 (4.00%) high mild

4 (4.00%) high severe

RxStreamOrderer::inbound_frame(): Change within noise threshold.

       time:   [111.40 ms 111.46 ms 111.52 ms]
       change: [+0.0818% +0.1568% +0.2254%] (p = 0.00 < 0.05)
Found 10 outliers among 100 measurements (10.00%)

9 (9.00%) low mild

1 (1.00%) high mild

transfer/pacing-false/varying-seeds: No change in performance detected.

       time:   [27.305 ms 28.462 ms 29.636 ms]
       change: [-2.2698% +3.2180% +8.9672%] (p = 0.26 > 0.05)

transfer/pacing-true/varying-seeds: No change in performance detected.

       time:   [35.271 ms 37.145 ms 39.046 ms]
       change: [-2.6502% +3.9287% +11.367%] (p = 0.28 > 0.05)
Found 4 outliers among 100 measurements (4.00%)

1 (1.00%) low mild

3 (3.00%) high mild

transfer/pacing-false/same-seed: No change in performance detected.

       time:   [25.636 ms 26.461 ms 27.287 ms]
       change: [-3.7859% +0.7352% +5.6287%] (p = 0.76 > 0.05)

transfer/pacing-true/same-seed: No change in performance detected.

       time:   [40.711 ms 42.642 ms 44.591 ms]
       change: [-5.7983% +0.2364% +7.0996%] (p = 0.95 > 0.05)

1-conn/1-100mb-resp/mtu-1504 (aka. Download)/client: No change in performance detected.

       time:   [920.00 ms 929.07 ms 938.27 ms]
       thrpt:  [106.58 MiB/s 107.63 MiB/s 108.70 MiB/s]
change:
       time:   [-1.6896% -0.2539% +1.1341%] (p = 0.73 > 0.05)
       thrpt:  [-1.1214% +0.2545% +1.7187%]

1-conn/10_000-parallel-1b-resp/mtu-1504 (aka. RPS)/client: No change in performance detected.

       time:   [321.10 ms 324.14 ms 327.33 ms]
       thrpt:  [30.550 Kelem/s 30.851 Kelem/s 31.143 Kelem/s]
change:
       time:   [-0.3991% +0.9753% +2.3411%] (p = 0.16 > 0.05)
       thrpt:  [-2.2876% -0.9659% +0.4007%]
Found 3 outliers among 100 measurements (3.00%)

2 (2.00%) high mild

1 (1.00%) high severe

1-conn/1-1b-resp/mtu-1504 (aka. HPS)/client: Change within noise threshold.

       time:   [33.846 ms 34.084 ms 34.345 ms]
       thrpt:  [29.116  elem/s 29.340  elem/s 29.546  elem/s]
change:
       time:   [+0.2959% +1.1950% +2.1887%] (p = 0.01 < 0.05)
       thrpt:  [-2.1418% -1.1809% -0.2950%]
Found 10 outliers among 100 measurements (10.00%)

2 (2.00%) low mild

5 (5.00%) high mild

3 (3.00%) high severe

1-conn/1-100mb-resp/mtu-1504 (aka. Upload)/client: Change within noise threshold.

       time:   [1.6421 s 1.6602 s 1.6785 s]
       thrpt:  [59.577 MiB/s 60.234 MiB/s 60.899 MiB/s]
change:
       time:   [+0.4478% +2.2664% +4.0194%] (p = 0.01 < 0.05)
       thrpt:  [-3.8641% -2.2162% -0.4458%]
Found 1 outliers among 100 measurements (1.00%)

1 (1.00%) high mild

Client/server transfer results

Transfer of 33554432 bytes over loopback.

Client	Server	CC	Pacing	MTU	Mean [ms]	Min [ms]	Max [ms]
gquiche	gquiche			1504	581.9 ± 136.6	501.0	933.6
neqo	gquiche	reno	on	1504	803.9 ± 83.8	745.4	1011.3
neqo	gquiche	reno		1504	790.3 ± 37.9	755.9	887.7
neqo	gquiche	cubic	on	1504	819.9 ± 156.5	731.5	1248.3
neqo	gquiche	cubic		1504	843.4 ± 127.1	767.2	1186.8
msquic	msquic			1504	194.0 ± 121.4	101.7	554.3
neqo	msquic	reno	on	1504	305.2 ± 104.0	211.4	505.8
neqo	msquic	reno		1504	249.1 ± 64.0	204.7	451.5
neqo	msquic	cubic	on	1504	253.9 ± 81.0	204.6	466.7
neqo	msquic	cubic		1504	338.1 ± 148.2	211.6	689.8
gquiche	neqo	reno	on	1504	755.0 ± 112.0	599.4	923.4
gquiche	neqo	reno		1504	750.3 ± 114.2	570.9	888.3
gquiche	neqo	cubic	on	1504	821.4 ± 146.1	611.7	1144.0
gquiche	neqo	cubic		1504	769.2 ± 146.4	614.0	1133.6
msquic	neqo	reno	on	1504	693.7 ± 17.8	658.8	719.6
msquic	neqo	reno		1504	723.7 ± 25.4	704.0	787.5
msquic	neqo	cubic	on	1504	736.3 ± 76.6	678.9	901.5
msquic	neqo	cubic		1504	732.1 ± 36.8	692.0	826.0
neqo	neqo	reno	on	1504	682.4 ± 72.0	601.0	861.5
neqo	neqo	reno		1504	647.8 ± 58.3	494.0	720.8
neqo	neqo	cubic	on	1504	732.1 ± 182.4	634.8	1095.6
neqo	neqo	cubic		1504	632.4 ± 26.8	605.9	698.6

⬇️ Download logs

[martinthomson]

I spent a few minutes writing some code that might be a good replacement for this if you only care about splitting at a useful point. This would be used by drawing a random value in the range (r.start + 1..end - 1) to split on. It's a lot less code...

/// Finds the range where the SNI extension lives.
/// If this isn't a ClientHello, then return the whole message.
fn find_sni_split(mut buf: &[u8]) -> Range<usize> {
    fn read_len(buf: &[u8]) -> usize {
        let mut len = 0;
        for v in buf {
            len = len << 8 & usize::from(v);
        }
        len
    }
    fn skip_vec<const N: usize>(i: usize, buf: &[u8]) -> usize {
        i + N + read_len(&buf[i..i + N])
    }

    // ClientHello == 1
    if buf[0] == 1 {
        let mut i = 1 + 3 + 2 + 32; // msg_type, length, version, random
        i = skip_vec::<1>(i, buf); // session_id
        i = skip_vec::<2>(i, buf); // cipher_suites
        i = skip_vec::<1>(i, buf); // compression_methods
        i += 2; // extensions length
        while i < buf.len() {
            if buf[i] == 0 || buf[i + 1] == 0 {
                // SNI!
                return i..i + 4 + read_len(buf[i + 2..i + 4]);
            }
        }
    }
    0..buf.len()
}

[martinthomson]

I'm still not that enthusiastic about this approach, but here's a way to improve it some.

Change the signature to fn ascii_sequences<const N: usize>(data: &[u8]) -> impl Interator....

Then collect the value into an array ([_; N]) for sorting rather than a Vec. You might have to unwrap, but that's not so bad.

[larseggert]

I did this in e9f3b58.

[larseggert]

But I don't think I can collect into an array, because there might be fewer than N ranges. I could collect into an array with Option<Range<usize>> and have some of them be None in that case - is that worth it?

[larseggert]

I spent a few minutes writing some code that might be a good replacement for this if you only care about splitting at a useful point.

Thanks for this, but I think it needs more work? I don't think this handles invalid crypto data well, skip_vec seems to easily read beyond the end of the buffer.

[martinthomson]

Fair. It was only a few minutes of work. Adding bounds checks will complicate it a little, but not overmuch. Of course, you could take the attitude I did, which is that the TLS stack should not be producing invalid messages, so panicking in that case is justified.

[larseggert]

I am nervous about making assumptions about the input. But let me play with it and see how much complexity bounds checking adds.

[larseggert]

@martinthomson is your code taking SSL_ENABLE_CH_EXTENSION_PERMUTATION into account? Because the range it returns isn't the SNI...