feat: In-place crypto #2385
feat: In-place crypto #2385
Conversation
Only in-place encryption so far, and only for the main data path. Fixes mozilla#2246 (eventually)
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2385 +/- ##
==========================================
+ Coverage 95.31% 95.33% +0.01%
==========================================
Files 114 114
Lines 36869 36983 +114
Branches 36869 36983 +114
==========================================
+ Hits 35142 35257 +115
+ Misses 1721 1720 -1
Partials 6 6 ☔ View full report in Codecov by Sentry. |
Failed Interop TestsQUIC Interop Runner, client vs. server, differences relative to 108fb8d. neqo-latest as client
neqo-latest as server
All resultsSucceeded Interop TestsQUIC Interop Runner, client vs. server neqo-latest as client
neqo-latest as server
Unsupported Interop TestsQUIC Interop Runner, client vs. server neqo-latest as client
neqo-latest as server
|
Benchmark resultsPerformance differences relative to 1090de3. decode 4096 bytes, mask ff: 💚 Performance has improved. time: [11.192 µs 11.236 µs 11.285 µs]
change: [-6.4112% -5.8161% -5.3446%] (p = 0.00 < 0.05)
decode 1048576 bytes, mask ff: 💔 Performance has regressed. time: [3.0966 ms 3.1058 ms 3.1167 ms]
change: [+6.8020% +7.3059% +7.7777%] (p = 0.00 < 0.05)
decode 4096 bytes, mask 7f: Change within noise threshold. time: [19.552 µs 19.599 µs 19.654 µs]
change: [-1.6966% -1.2868% -0.9060%] (p = 0.00 < 0.05)
decode 1048576 bytes, mask 7f: 💔 Performance has regressed. time: [5.1618 ms 5.1729 ms 5.1856 ms]
change: [+1.2926% +1.6611% +2.0116%] (p = 0.00 < 0.05)
decode 4096 bytes, mask 3f: 💚 Performance has improved. time: [5.5324 µs 5.6030 µs 5.7263 µs]
change: [-20.936% -19.851% -18.476%] (p = 0.00 < 0.05)
decode 1048576 bytes, mask 3f: 💔 Performance has regressed. time: [1.7584 ms 1.7613 ms 1.7655 ms]
change: [+23.482% +24.084% +24.625%] (p = 0.00 < 0.05)
coalesce_acked_from_zero 1+1 entries: No change in performance detected. time: [99.163 ns 99.488 ns 99.826 ns]
change: [+0.0081% +0.5022% +1.0990%] (p = 0.06 > 0.05)
coalesce_acked_from_zero 3+1 entries: No change in performance detected. time: [116.81 ns 117.21 ns 117.64 ns]
change: [-0.4451% +0.0312% +0.5722%] (p = 0.90 > 0.05)
coalesce_acked_from_zero 10+1 entries: No change in performance detected. time: [116.43 ns 116.82 ns 117.33 ns]
change: [-0.1348% +0.2142% +0.5851%] (p = 0.24 > 0.05)
coalesce_acked_from_zero 1000+1 entries: No change in performance detected. time: [97.244 ns 97.384 ns 97.537 ns]
change: [-0.8469% -0.0665% +0.6640%] (p = 0.87 > 0.05)
RxStreamOrderer::inbound_frame(): Change within noise threshold. time: [111.39 ms 111.44 ms 111.50 ms]
change: [+0.0987% +0.1647% +0.2283%] (p = 0.00 < 0.05)
SentPackets::take_ranges: No change in performance detected. time: [5.4731 µs 5.6223 µs 5.7810 µs]
change: [-2.0929% +0.4847% +3.1445%] (p = 0.72 > 0.05)
transfer/pacing-false/varying-seeds: 💚 Performance has improved. time: [38.890 ms 38.978 ms 39.074 ms]
change: [-5.6621% -5.3655% -5.0577%] (p = 0.00 < 0.05)
transfer/pacing-true/varying-seeds: 💚 Performance has improved. time: [38.850 ms 38.932 ms 39.015 ms]
change: [-6.6408% -6.3655% -6.0914%] (p = 0.00 < 0.05)
transfer/pacing-false/same-seed: 💚 Performance has improved. time: [38.804 ms 38.879 ms 38.960 ms]
change: [-6.5180% -6.2381% -5.9577%] (p = 0.00 < 0.05)
transfer/pacing-true/same-seed: 💚 Performance has improved. time: [39.185 ms 39.261 ms 39.347 ms]
change: [-6.5829% -6.3280% -6.0593%] (p = 0.00 < 0.05)
1-conn/1-100mb-resp/mtu-1504 (aka. Download)/client: 💚 Performance has improved. time: [841.97 ms 852.80 ms 863.79 ms]
thrpt: [115.77 MiB/s 117.26 MiB/s 118.77 MiB/s]
change:
time: [-6.4469% -4.8621% -3.2645%] (p = 0.00 < 0.05)
thrpt: [+3.3747% +5.1106% +6.8912%]
1-conn/10_000-parallel-1b-resp/mtu-1504 (aka. RPS)/client: No change in performance detected. time: [316.49 ms 318.85 ms 321.25 ms]
thrpt: [31.128 Kelem/s 31.363 Kelem/s 31.597 Kelem/s]
change:
time: [-1.5344% -0.5007% +0.5358%] (p = 0.35 > 0.05)
thrpt: [-0.5330% +0.5032% +1.5583%]
1-conn/1-1b-resp/mtu-1504 (aka. HPS)/client: No change in performance detected. time: [34.243 ms 34.425 ms 34.620 ms]
thrpt: [28.885 elem/s 29.048 elem/s 29.203 elem/s]
change:
time: [-0.5670% +0.2295% +0.9740%] (p = 0.57 > 0.05)
thrpt: [-0.9646% -0.2290% +0.5702%]
1-conn/1-100mb-resp/mtu-1504 (aka. Upload)/client: Change within noise threshold. time: [1.5788 s 1.5948 s 1.6111 s]
thrpt: [62.070 MiB/s 62.703 MiB/s 63.341 MiB/s]
change:
time: [-3.2723% -1.8347% -0.2694%] (p = 0.02 < 0.05)
thrpt: [+0.2701% +1.8690% +3.3830%]
Client/server transfer resultsTransfer of 33554432 bytes over loopback.
|
|
@mxinden when you have a moment, would you take a look at the borrow-checker issue in |
|
Took a quick look. let dcid = Self::opt(dcid_decoder.decode_cid(&mut decoder))?;
if decoder.remaining() < SAMPLE_OFFSET + SAMPLE_SIZE {
return Err(Error::InvalidPacket);
}
let header_len = decoder.offset();
return Ok((
Self {
packet_type: PacketType::Short,
dcid,
scid: None,
token: &[],
header_len,
version: None,
data,
},
&[],
&mut [],
));
I can take a deeper look and try to fix it. |
|
Thanks for the analysis! Wonder if we can make |
|
Ah, never seen this before. That would be error prone as the bytes within the range in |
|
The above described issue, namely that of diff --git a/neqo-transport/src/packet/mod.rs b/neqo-transport/src/packet/mod.rs
index 73b47bcc..779ca72b 100644
--- a/neqo-transport/src/packet/mod.rs
+++ b/neqo-transport/src/packet/mod.rs
@@ -563,7 +563,7 @@ pub struct PublicPacket<'a> {
/// The packet type.
packet_type: PacketType,
/// The recovered destination connection ID.
- dcid: ConnectionIdRef<'a>,
+ dcid: ConnectionId,
/// The source connection ID, if this is a long header packet.
scid: Option<ConnectionIdRef<'a>>,
/// Any token that is included in the packet (Retry always has a token; Initial sometimesThat leaves us with another issue, namely rustc not being able to infer that early returns of |
|
Okay, I got it. Let's take a look at /// `PublicPacket` holds information from packets that is public only. This allows for
/// processing of packets prior to decryption.
pub struct PublicPacket<'a> {
/// The packet type.
packet_type: PacketType,
/// The recovered destination connection ID.
dcid: ConnectionIdRef<'a>,
/// The source connection ID, if this is a long header packet.
scid: Option<ConnectionIdRef<'a>>,
/// Any token that is included in the packet (Retry always has a token; Initial sometimes
/// does). This is empty when there is no token.
token: &'a [u8],
/// The size of the header, not including the packet number.
header_len: usize,
/// Protocol version, if present in header.
version: Option<WireVersion>,
/// A reference to the entire packet, including the header.
data: &'a [u8],
}
This pull request introduces the following change: @@ -564,7 +574,7 @@ pub struct PublicPacket<'a> {
/// Protocol version, if present in header.
version: Option<WireVersion>,
/// A reference to the entire packet, including the header.
- data: &'a [u8],
+ data: &'a mut [u8],
}While An easy fix would be to make diff --git a/neqo-transport/src/packet/mod.rs b/neqo-transport/src/packet/mod.rs
index 73b47bcc..dc85bbd0 100644
--- a/neqo-transport/src/packet/mod.rs
+++ b/neqo-transport/src/packet/mod.rs
@@ -563,12 +563,12 @@ pub struct PublicPacket<'a> {
/// The packet type.
packet_type: PacketType,
/// The recovered destination connection ID.
- dcid: ConnectionIdRef<'a>,
+ dcid: ConnectionId,
/// The source connection ID, if this is a long header packet.
- scid: Option<ConnectionIdRef<'a>>,
+ scid: Option<ConnectionId>,
/// Any token that is included in the packet (Retry always has a token; Initial sometimes
/// does). This is empty when there is no token.
- token: &'a [u8],
+ token: Vec<u8>,
/// The size of the header, not including the packet number.
header_len: usize,
/// Protocol version, if present in header.The above, plus a couple of smaller lifetime changes resolve the borrow checker issues. I will propose a commit with my local changes. |
|
@larseggert let me know what you think of larseggert#34. Note that it only addresses the borrow-checker issues in Happy to look at the |
|
FWIW, I looked at the |
larseggert
force-pushed
the
feat-inplace-crypto
branch
from
39c0445 to
5c9bc3e
Compare
I actually think they might? Our API after the last round of changes is very similar. (Or I'm missing something.) |
|
The challenge I see is twofold:
The latter is worse for us because we're passing in a mutable slice, which can't be resized in that way (we might do something with |
There was a problem hiding this comment.
I have a few gotchas here, but I like how this is shaping up.
The real question I have is: does this really make it go faster? The benchmarks show some improvements. Are those consistent enough for you to be happy? I see that the improvements aren't 100% consistent.
neqo-transport/src/packet/mod.rs
Outdated
| let mut decoder = Decoder::new(data); | ||
| let first = Self::opt(decoder.decode_uint::<u8>())?; | ||
| let first = PublicPacket::opt(decoder.decode_uint::<u8>())?; |
There was a problem hiding this comment.
Am I to guess that this needs to be PublicPacket and not Self because the lifetimes are different? Subtle shit like that is where rust loses points in my book.
There was a problem hiding this comment.
I was able to revert all but one of those changes. Reverting the one that is left makes the borrow checker freak out.
Co-authored-by: Martin Thomson <[email protected]> Signed-off-by: Lars Eggert <[email protected]>
Co-authored-by: Martin Thomson <[email protected]> Signed-off-by: Lars Eggert <[email protected]>
Co-authored-by: Martin Thomson <[email protected]> Signed-off-by: Lars Eggert <[email protected]>
Co-authored-by: Martin Thomson <[email protected]> Signed-off-by: Lars Eggert <[email protected]>
Signed-off-by: Lars Eggert <[email protected]>
Fixes #2246 (eventually)