feat: Option to turn off SNI slicing

[larseggert]

Wireshark can't reassemble sliced CRYPTO frames, which causes QNS tests to fail bcause it then can't parse all packets.

This PR adds an option to disable SNI slicing, and we do so by default when running in QNS.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.31%. Comparing base (d62557f) to head (4565a9d).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2387      +/-   ##
==========================================
+ Coverage   95.29%   95.31%   +0.01%     
==========================================
  Files         114      114              
  Lines       36850    36868      +18     
  Branches    36850    36868      +18     
==========================================
+ Hits        35117    35139      +22     
+ Misses       1727     1725       -2     
+ Partials        6        4       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Failed Interop Tests

QUIC Interop Runner, client vs. server, differences relative to 108fb8d.

neqo-latest as client

• neqo-latest vs. aioquic: ⚠️Z
• neqo-latest vs. go-x-net: BP BA
• neqo-latest vs. haproxy: 🚀L1 BP BA
• neqo-latest vs. kwik: BP BA
• neqo-latest vs. msquic: 🚀Z A 🚀C1
• neqo-latest vs. mvfst: A L1 C1 BP BA
• neqo-latest vs. neqo: CM
• neqo-latest vs. neqo-latest: CM
• neqo-latest vs. nginx: BP BA
• neqo-latest vs. quic-go: BP BA
• neqo-latest vs. quiche: 🚀U L1 BP BA
• neqo-latest vs. s2n-quic: 🚀BP BA CM
• neqo-latest vs. xquic: A

neqo-latest as server

• aioquic vs. neqo-latest: CM
• go-x-net vs. neqo-latest: CM
• kwik vs. neqo-latest: BP BA CM
• lsquic vs. neqo-latest: run cancelled after min
• msquic vs. neqo-latest: Z U CM
• mvfst vs. neqo-latest: run cancelled after min
• neqo vs. neqo-latest: CM
• ngtcp2 vs. neqo-latest: run cancelled after min
• picoquic vs. neqo-latest: CM
• quic-go vs. neqo-latest: run cancelled after min
• quiche vs. neqo-latest: CM
• quinn vs. neqo-latest: V2 CM
• s2n-quic vs. neqo-latest: CM
• xquic vs. neqo-latest: M CM

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: ⚠️H DC LR C20 M S R 3 B U A L1 L2 C1 C2 6 V2 BP BA
• neqo-latest vs. go-x-net: H DC LR M B U A L2 C2 6
• neqo-latest vs. haproxy: H DC LR C20 M S R Z 3 B U A ⚠️L1 L2 C1 C2 6 V2
• neqo-latest vs. kwik: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. lsquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• neqo-latest vs. msquic: H DC LR C20 M S R ⚠️Z B U L1 L2 ⚠️C1 C2 6 V2 BP BA
• neqo-latest vs. mvfst: H DC LR M R Z 3 B U L2 C2 6
• neqo-latest vs. neqo: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• neqo-latest vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• neqo-latest vs. nginx: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. ngtcp2: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 ⚠️BP BA
• neqo-latest vs. picoquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• neqo-latest vs. quic-go: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. quiche: H DC LR C20 M S R Z 3 B ⚠️U A ⚠️L1 L2 C1 C2 6
• neqo-latest vs. quinn: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 BP BA
• neqo-latest vs. s2n-quic: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6 ⚠️BP
• neqo-latest vs. xquic: H DC LR C20 M R Z 3 B U L1 L2 C1 C2 6 BP BA

neqo-latest as server

• aioquic vs. neqo-latest: H DC LR C20 M S R Z 3 B A L1 L2 C1 C2 6 V2 BP BA
• chrome vs. neqo-latest: 3
• go-x-net vs. neqo-latest: H DC LR M B U A L2 C2 6 BP BA
• kwik vs. neqo-latest: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• msquic vs. neqo-latest: H DC LR C20 M S R B A L1 L2 C1 C2 6 V2 BP BA
• neqo vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• picoquic vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• quiche vs. neqo-latest: H DC LR M S R Z 3 B A L1 L2 C1 C2 6 BP BA
• quinn vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 BP BA
• s2n-quic vs. neqo-latest: H DC LR M S R 3 B E A L1 L2 C1 C2 6 BP BA
• xquic vs. neqo-latest: H DC LR C20 S R Z 3 B U A L1 L2 C1 C2 6 BP BA

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: ⚠️E CM
• neqo-latest vs. go-x-net: C20 S R Z 3 E L1 C1 V2 CM
• neqo-latest vs. haproxy: E CM
• neqo-latest vs. kwik: E CM
• neqo-latest vs. lsquic: CM
• neqo-latest vs. msquic: 3 E CM
• neqo-latest vs. mvfst: C20 S E V2 CM
• neqo-latest vs. nginx: E V2 CM
• neqo-latest vs. ngtcp2: CM
• neqo-latest vs. picoquic: CM
• neqo-latest vs. quic-go: E V2 CM
• neqo-latest vs. quiche: E V2 CM
• neqo-latest vs. quinn: V2 CM
• neqo-latest vs. s2n-quic: Z V2
• neqo-latest vs. xquic: S E V2 CM

neqo-latest as server

• aioquic vs. neqo-latest: U E
• chrome vs. neqo-latest: H DC LR C20 M S R Z B U E A L1 L2 C1 C2 6 V2 BP BA CM
• go-x-net vs. neqo-latest: C20 S R Z 3 E L1 C1 V2
• kwik vs. neqo-latest: E
• msquic vs. neqo-latest: 3 E
• quiche vs. neqo-latest: C20 U E V2
• s2n-quic vs. neqo-latest: C20 Z U V2
• xquic vs. neqo-latest: E V2

[mxinden]

That is a bummer. Especially since this gave us a signal whether all server implementations supported the sni-slicing feature. Do you see this being an issue? Is this temporary?

[github-actions]

Benchmark results

Performance differences relative to d62557f.

decode 4096 bytes, mask ff: No change in performance detected.

       time:   [11.845 µs 11.882 µs 11.925 µs]
       change: [-0.2198% +0.5172% +1.4384%] (p = 0.34 > 0.05)
Found 16 outliers among 100 measurements (16.00%)

4 (4.00%) low severe

2 (2.00%) low mild

1 (1.00%) high mild

9 (9.00%) high severe

decode 1048576 bytes, mask ff: No change in performance detected.

       time:   [2.8843 ms 2.8935 ms 2.9043 ms]
       change: [-0.5616% -0.0814% +0.4584%] (p = 0.75 > 0.05)
Found 8 outliers among 100 measurements (8.00%)

8 (8.00%) high severe

decode 4096 bytes, mask 7f: No change in performance detected.

       time:   [19.793 µs 19.848 µs 19.907 µs]
       change: [+0.0344% +0.5925% +1.3451%] (p = 0.06 > 0.05)
Found 23 outliers among 100 measurements (23.00%)

1 (1.00%) low severe

2 (2.00%) low mild

1 (1.00%) high mild

19 (19.00%) high severe

decode 1048576 bytes, mask 7f: No change in performance detected.

       time:   [5.0712 ms 5.0824 ms 5.0951 ms]
       change: [-0.3651% -0.0370% +0.3181%] (p = 0.83 > 0.05)
Found 12 outliers among 100 measurements (12.00%)

12 (12.00%) high severe

decode 4096 bytes, mask 3f: No change in performance detected.

       time:   [6.8933 µs 6.9162 µs 6.9459 µs]
       change: [-0.2965% +0.1305% +0.6171%] (p = 0.60 > 0.05)
Found 16 outliers among 100 measurements (16.00%)

5 (5.00%) low mild

1 (1.00%) high mild

10 (10.00%) high severe

decode 1048576 bytes, mask 3f: No change in performance detected.

       time:   [1.4127 ms 1.4168 ms 1.4223 ms]
       change: [-0.5841% -0.0933% +0.3952%] (p = 0.75 > 0.05)
Found 7 outliers among 100 measurements (7.00%)

4 (4.00%) high mild

3 (3.00%) high severe

coalesce_acked_from_zero 1+1 entries: Change within noise threshold.

       time:   [99.298 ns 99.601 ns 99.908 ns]
       change: [-0.0313% +0.5313% +1.0143%] (p = 0.04 < 0.05)
Found 12 outliers among 100 measurements (12.00%)

9 (9.00%) high mild

3 (3.00%) high severe

coalesce_acked_from_zero 3+1 entries: Change within noise threshold.

       time:   [117.70 ns 118.13 ns 118.59 ns]
       change: [+0.3851% +0.8524% +1.3121%] (p = 0.00 < 0.05)
Found 19 outliers among 100 measurements (19.00%)

2 (2.00%) low mild

1 (1.00%) high mild

16 (16.00%) high severe

coalesce_acked_from_zero 10+1 entries: Change within noise threshold.

       time:   [117.38 ns 117.96 ns 118.59 ns]
       change: [+0.5106% +1.1788% +2.0322%] (p = 0.00 < 0.05)
Found 17 outliers among 100 measurements (17.00%)

5 (5.00%) low severe

1 (1.00%) low mild

1 (1.00%) high mild

10 (10.00%) high severe

coalesce_acked_from_zero 1000+1 entries: No change in performance detected.

       time:   [98.391 ns 98.535 ns 98.711 ns]
       change: [-5.0833% -0.8934% +1.7277%] (p = 0.77 > 0.05)
Found 8 outliers among 100 measurements (8.00%)

2 (2.00%) high mild

6 (6.00%) high severe

RxStreamOrderer::inbound_frame(): Change within noise threshold.

       time:   [112.55 ms 112.60 ms 112.66 ms]
       change: [+0.7750% +0.8463% +0.9171%] (p = 0.00 < 0.05)
Found 7 outliers among 100 measurements (7.00%)

5 (5.00%) low mild

2 (2.00%) high mild

SentPackets::take_ranges: No change in performance detected.

       time:   [5.3963 µs 5.4714 µs 5.5415 µs]
       change: [-3.0689% -0.6532% +1.7871%] (p = 0.60 > 0.05)
Found 3 outliers among 100 measurements (3.00%)

3 (3.00%) high severe

transfer/pacing-false/varying-seeds: Change within noise threshold.

       time:   [41.265 ms 41.338 ms 41.412 ms]
       change: [-2.2843% -2.0123% -1.7447%] (p = 0.00 < 0.05)

transfer/pacing-true/varying-seeds: Change within noise threshold.

       time:   [41.325 ms 41.404 ms 41.482 ms]
       change: [-2.5321% -2.2687% -2.0145%] (p = 0.00 < 0.05)
Found 2 outliers among 100 measurements (2.00%)

1 (1.00%) low mild

1 (1.00%) high mild

transfer/pacing-false/same-seed: Change within noise threshold.

       time:   [41.195 ms 41.257 ms 41.320 ms]
       change: [-1.2798% -1.0815% -0.8641%] (p = 0.00 < 0.05)
Found 1 outliers among 100 measurements (1.00%)

1 (1.00%) high mild

transfer/pacing-true/same-seed: Change within noise threshold.

       time:   [41.251 ms 41.318 ms 41.384 ms]
       change: [-1.6947% -1.4954% -1.2827%] (p = 0.00 < 0.05)

1-conn/1-100mb-resp/mtu-1504 (aka. Download)/client: 💚 Performance has improved.

       time:   [875.13 ms 884.81 ms 894.67 ms]
       thrpt:  [111.77 MiB/s 113.02 MiB/s 114.27 MiB/s]
change:
       time:   [-8.7811% -7.3453% -5.8344%] (p = 0.00 < 0.05)
       thrpt:  [+6.1959% +7.9276% +9.6264%]

1-conn/10_000-parallel-1b-resp/mtu-1504 (aka. RPS)/client: No change in performance detected.

       time:   [317.02 ms 319.29 ms 321.59 ms]
       thrpt:  [31.096 Kelem/s 31.320 Kelem/s 31.544 Kelem/s]
change:
       time:   [-0.8705% +0.0814% +1.0479%] (p = 0.87 > 0.05)
       thrpt:  [-1.0370% -0.0813% +0.8781%]

1-conn/1-1b-resp/mtu-1504 (aka. HPS)/client: Change within noise threshold.

       time:   [34.065 ms 34.262 ms 34.481 ms]
       thrpt:  [29.001  elem/s 29.186  elem/s 29.355  elem/s]
change:
       time:   [-1.9991% -1.1342% -0.2006%] (p = 0.01 < 0.05)
       thrpt:  [+0.2010% +1.1472% +2.0399%]
Found 7 outliers among 100 measurements (7.00%)

3 (3.00%) high mild

4 (4.00%) high severe

1-conn/1-100mb-resp/mtu-1504 (aka. Upload)/client: No change in performance detected.

       time:   [1.6884 s 1.7057 s 1.7233 s]
       thrpt:  [58.030 MiB/s 58.626 MiB/s 59.227 MiB/s]
change:
       time:   [-1.8273% -0.4583% +1.0378%] (p = 0.53 > 0.05)
       thrpt:  [-1.0272% +0.4604% +1.8613%]

Client/server transfer results

Transfer of 33554432 bytes over loopback.

Client	Server	CC	Pacing	MTU	Mean [ms]	Min [ms]	Max [ms]
gquiche	gquiche			1504	584.1 ± 98.1	525.9	809.3
neqo	gquiche	reno	on	1504	758.9 ± 10.1	743.0	775.3
neqo	gquiche	reno		1504	803.0 ± 71.2	762.4	978.6
neqo	gquiche	cubic	on	1504	766.1 ± 44.1	709.5	880.4
neqo	gquiche	cubic		1504	727.2 ± 16.8	697.7	752.7
msquic	msquic			1504	145.3 ± 85.9	93.5	408.1
neqo	msquic	reno	on	1504	246.1 ± 60.5	213.4	394.7
neqo	msquic	reno		1504	265.9 ± 91.9	204.0	436.5
neqo	msquic	cubic	on	1504	213.4 ± 11.2	198.0	229.5
neqo	msquic	cubic		1504	243.7 ± 62.1	209.6	438.8
gquiche	neqo	reno	on	1504	742.3 ± 153.1	582.0	1043.4
gquiche	neqo	reno		1504	731.1 ± 178.3	564.0	1178.4
gquiche	neqo	cubic	on	1504	687.8 ± 88.0	553.4	802.9
gquiche	neqo	cubic		1504	695.2 ± 92.0	559.8	817.0
msquic	neqo	reno	on	1504	501.6 ± 55.5	462.7	611.0
msquic	neqo	reno		1504	491.5 ± 68.3	449.9	654.3
msquic	neqo	cubic	on	1504	501.9 ± 48.3	479.5	638.5
msquic	neqo	cubic		1504	500.5 ± 36.3	477.9	598.9
neqo	neqo	reno	on	1504	465.6 ± 40.3	435.6	568.3
neqo	neqo	reno		1504	463.5 ± 47.1	430.5	591.6
neqo	neqo	cubic	on	1504	487.4 ± 47.1	451.3	576.0
neqo	neqo	cubic		1504	463.2 ± 7.7	446.1	471.8

⬇️ Download logs

[larseggert]

I'd be very surprised if major servers wouldn't support it.

We can file an issue with wireshark, but it's also kind of a feature when our connections can't be parsed :-)

[mxinden]

but it's also kind of a feature when our connections can't be parsed :-)

Haha, true.

[larseggert]

@mxinden turns out we can leave slicing on for some of the tests, so we will get alerts if some servers don't deal with it well.

[mxinden]

Good news. Thanks.