From b20cd5933aa9ba90f6299e6c2cbb59733434636e Mon Sep 17 00:00:00 2001 From: Damien Neil Date: Thu, 2 May 2024 13:32:03 -0400 Subject: [PATCH] quic: initiate key rotation earlier in connections The QUIC interop runner "keyrotate" test requires that the client initiate a key rotation early in the connection. With our current ack frequency, it seems that we need to rotate within the first 300-400 packets for the test to pass. Reduce the initial key rotation from 1000 to 100 packets. Rotating earlier shouldn't have any real downsides (rotation is cheap and generally done once per connection, except for very long-lived connections), and this is simpler than providing a way to tune the rotation interval in one specific test. For golang/go#67138 Change-Id: I33d47ea35ed39f0a13c171adb2b0698f8c93050e Reviewed-on: https://go-review.googlesource.com/c/net/+/582855 LUCI-TryBot-Result: Go LUCI Reviewed-by: Jonathan Amsterdam --- quic/packet_protection.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/quic/packet_protection.go b/quic/packet_protection.go index 1f939f491..fe48c14c5 100644 --- a/quic/packet_protection.go +++ b/quic/packet_protection.go @@ -351,7 +351,13 @@ func (k *updatingKeyPair) init() { // We perform the first key update early in the connection so a peer // which does not support key updates will fail rapidly, // rather than after the connection has been long established. - k.updateAfter = 1000 + // + // The QUIC interop runner "keyupdate" test requires that the client + // initiate a key rotation early in the connection. Increasing this + // value may cause interop test failures; if we do want to increase it, + // we should either skip the keyupdate test or provide a way to override + // the setting in interop tests. + k.updateAfter = 100 } func (k *updatingKeyPair) canRead() bool {