From 59aef1f2973123d09fb4576bf01434274f975314 Mon Sep 17 00:00:00 2001 From: Mark Rousskov Date: Wed, 20 Nov 2024 09:46:02 -0500 Subject: [PATCH] feat(s2n-quic-dc): record gap for accepted packets (#2381) --- dc/s2n-quic-dc/events/map.rs | 15 ++ dc/s2n-quic-dc/src/event/generated.rs | 107 +++++++++++ .../src/event/generated/metrics/aggregate.rs | 173 ++++++++++-------- .../src/event/generated/metrics/probe.rs | 52 +++--- dc/s2n-quic-dc/src/path/secret/map/state.rs | 15 +- 5 files changed, 264 insertions(+), 98 deletions(-) diff --git a/dc/s2n-quic-dc/events/map.rs b/dc/s2n-quic-dc/events/map.rs index 23f95b0c7..e132dbde9 100644 --- a/dc/s2n-quic-dc/events/map.rs +++ b/dc/s2n-quic-dc/events/map.rs @@ -123,6 +123,21 @@ struct UnknownPathSecretPacketDropped<'a> { credential_id: &'a [u8], } +#[event("path_secret_map:key_accepted")] +#[subject(endpoint)] +/// Emitted when a credential is accepted (i.e., post packet authentication and passes replay +/// check). +struct KeyAccepted<'a> { + #[snapshot("[HIDDEN]")] + credential_id: &'a [u8], + + key_id: u64, + + /// How far away this credential is from the leading edge of key IDs. + #[measure("gap")] + gap: u64, +} + #[event("path_secret_map:replay_definitely_detected")] #[subject(endpoint)] /// Emitted when credential replay was definitely detected diff --git a/dc/s2n-quic-dc/src/event/generated.rs b/dc/s2n-quic-dc/src/event/generated.rs index 6dc4b5e62..16ec23ee3 100644 --- a/dc/s2n-quic-dc/src/event/generated.rs +++ b/dc/s2n-quic-dc/src/event/generated.rs @@ -887,6 +887,29 @@ pub mod api { } #[derive(Clone, Debug)] #[non_exhaustive] + #[doc = " Emitted when a credential is accepted (i.e., post packet authentication and passes replay"] + #[doc = " check)."] + pub struct KeyAccepted<'a> { + pub credential_id: &'a [u8], + pub key_id: u64, + #[doc = " How far away this credential is from the leading edge of key IDs."] + pub gap: u64, + } + #[cfg(any(test, feature = "testing"))] + impl<'a> crate::event::snapshot::Fmt for KeyAccepted<'a> { + fn fmt(&self, fmt: &mut core::fmt::Formatter) -> core::fmt::Result { + let mut fmt = fmt.debug_struct("KeyAccepted"); + fmt.field("credential_id", &"[HIDDEN]"); + fmt.field("key_id", &self.key_id); + fmt.field("gap", &self.gap); + fmt.finish() + } + } + impl<'a> Event for KeyAccepted<'a> { + const NAME: &'static str = "path_secret_map:key_accepted"; + } + #[derive(Clone, Debug)] + #[non_exhaustive] #[doc = " Emitted when credential replay was definitely detected"] pub struct ReplayDefinitelyDetected<'a> { pub credential_id: &'a [u8], @@ -1589,6 +1612,16 @@ pub mod tracing { tracing :: event ! (target : "unknown_path_secret_packet_dropped" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id)); } #[inline] + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + let parent = self.parent(meta); + let api::KeyAccepted { + credential_id, + key_id, + gap, + } = event; + tracing :: event ! (target : "key_accepted" , parent : parent , tracing :: Level :: DEBUG , credential_id = tracing :: field :: debug (credential_id) , key_id = tracing :: field :: debug (key_id) , gap = tracing :: field :: debug (gap)); + } + #[inline] fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -2588,6 +2621,30 @@ pub mod builder { } } #[derive(Clone, Debug)] + #[doc = " Emitted when a credential is accepted (i.e., post packet authentication and passes replay"] + #[doc = " check)."] + pub struct KeyAccepted<'a> { + pub credential_id: &'a [u8], + pub key_id: u64, + #[doc = " How far away this credential is from the leading edge of key IDs."] + pub gap: u64, + } + impl<'a> IntoEvent> for KeyAccepted<'a> { + #[inline] + fn into_event(self) -> api::KeyAccepted<'a> { + let KeyAccepted { + credential_id, + key_id, + gap, + } = self; + api::KeyAccepted { + credential_id: credential_id.into_event(), + key_id: key_id.into_event(), + gap: gap.into_event(), + } + } + } + #[derive(Clone, Debug)] #[doc = " Emitted when credential replay was definitely detected"] pub struct ReplayDefinitelyDetected<'a> { pub credential_id: &'a [u8], @@ -3204,6 +3261,12 @@ mod traits { let _ = meta; let _ = event; } + #[doc = "Called when the `KeyAccepted` event is triggered"] + #[inline] + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + let _ = meta; + let _ = event; + } #[doc = "Called when the `ReplayDefinitelyDetected` event is triggered"] #[inline] fn on_replay_definitely_detected( @@ -3628,6 +3691,10 @@ mod traits { .on_unknown_path_secret_packet_dropped(meta, event); } #[inline] + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + self.as_ref().on_key_accepted(meta, event); + } + #[inline] fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -4050,6 +4117,11 @@ mod traits { (self.1).on_unknown_path_secret_packet_dropped(meta, event); } #[inline] + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + (self.0).on_key_accepted(meta, event); + (self.1).on_key_accepted(meta, event); + } + #[inline] fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -4265,6 +4337,8 @@ mod traits { &self, event: builder::UnknownPathSecretPacketDropped, ); + #[doc = "Publishes a `KeyAccepted` event to the publisher's subscriber"] + fn on_key_accepted(&self, event: builder::KeyAccepted); #[doc = "Publishes a `ReplayDefinitelyDetected` event to the publisher's subscriber"] fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected); #[doc = "Publishes a `ReplayPotentiallyDetected` event to the publisher's subscriber"] @@ -4547,6 +4621,12 @@ mod traits { self.subscriber.on_event(&self.meta, &event); } #[inline] + fn on_key_accepted(&self, event: builder::KeyAccepted) { + let event = event.into_event(); + self.subscriber.on_key_accepted(&self.meta, &event); + self.subscriber.on_event(&self.meta, &event); + } + #[inline] fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected) { let event = event.into_event(); self.subscriber @@ -4744,6 +4824,7 @@ pub mod testing { pub unknown_path_secret_packet_accepted: AtomicU32, pub unknown_path_secret_packet_rejected: AtomicU32, pub unknown_path_secret_packet_dropped: AtomicU32, + pub key_accepted: AtomicU32, pub replay_definitely_detected: AtomicU32, pub replay_potentially_detected: AtomicU32, pub replay_detected_packet_sent: AtomicU32, @@ -4817,6 +4898,7 @@ pub mod testing { unknown_path_secret_packet_accepted: AtomicU32::new(0), unknown_path_secret_packet_rejected: AtomicU32::new(0), unknown_path_secret_packet_dropped: AtomicU32::new(0), + key_accepted: AtomicU32::new(0), replay_definitely_detected: AtomicU32::new(0), replay_potentially_detected: AtomicU32::new(0), replay_detected_packet_sent: AtomicU32::new(0), @@ -5194,6 +5276,13 @@ pub mod testing { let out = format!("{meta:?} {event:?}"); self.output.lock().unwrap().push(out); } + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + self.key_accepted.fetch_add(1, Ordering::Relaxed); + let meta = crate::event::snapshot::Fmt::to_snapshot(meta); + let event = crate::event::snapshot::Fmt::to_snapshot(event); + let out = format!("{meta:?} {event:?}"); + self.output.lock().unwrap().push(out); + } fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -5375,6 +5464,7 @@ pub mod testing { pub unknown_path_secret_packet_accepted: AtomicU32, pub unknown_path_secret_packet_rejected: AtomicU32, pub unknown_path_secret_packet_dropped: AtomicU32, + pub key_accepted: AtomicU32, pub replay_definitely_detected: AtomicU32, pub replay_potentially_detected: AtomicU32, pub replay_detected_packet_sent: AtomicU32, @@ -5450,6 +5540,7 @@ pub mod testing { unknown_path_secret_packet_accepted: AtomicU32::new(0), unknown_path_secret_packet_rejected: AtomicU32::new(0), unknown_path_secret_packet_dropped: AtomicU32::new(0), + key_accepted: AtomicU32::new(0), replay_definitely_detected: AtomicU32::new(0), replay_potentially_detected: AtomicU32::new(0), replay_detected_packet_sent: AtomicU32::new(0), @@ -5855,6 +5946,13 @@ pub mod testing { let out = format!("{meta:?} {event:?}"); self.output.lock().unwrap().push(out); } + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + self.key_accepted.fetch_add(1, Ordering::Relaxed); + let meta = crate::event::snapshot::Fmt::to_snapshot(meta); + let event = crate::event::snapshot::Fmt::to_snapshot(event); + let out = format!("{meta:?} {event:?}"); + self.output.lock().unwrap().push(out); + } fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -6035,6 +6133,7 @@ pub mod testing { pub unknown_path_secret_packet_accepted: AtomicU32, pub unknown_path_secret_packet_rejected: AtomicU32, pub unknown_path_secret_packet_dropped: AtomicU32, + pub key_accepted: AtomicU32, pub replay_definitely_detected: AtomicU32, pub replay_potentially_detected: AtomicU32, pub replay_detected_packet_sent: AtomicU32, @@ -6100,6 +6199,7 @@ pub mod testing { unknown_path_secret_packet_accepted: AtomicU32::new(0), unknown_path_secret_packet_rejected: AtomicU32::new(0), unknown_path_secret_packet_dropped: AtomicU32::new(0), + key_accepted: AtomicU32::new(0), replay_definitely_detected: AtomicU32::new(0), replay_potentially_detected: AtomicU32::new(0), replay_detected_packet_sent: AtomicU32::new(0), @@ -6371,6 +6471,13 @@ pub mod testing { let out = format!("{event:?}"); self.output.lock().unwrap().push(out); } + fn on_key_accepted(&self, event: builder::KeyAccepted) { + self.key_accepted.fetch_add(1, Ordering::Relaxed); + let event = event.into_event(); + let event = crate::event::snapshot::Fmt::to_snapshot(&event); + let out = format!("{event:?}"); + self.output.lock().unwrap().push(out); + } fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected) { self.replay_definitely_detected .fetch_add(1, Ordering::Relaxed); diff --git a/dc/s2n-quic-dc/src/event/generated/metrics/aggregate.rs b/dc/s2n-quic-dc/src/event/generated/metrics/aggregate.rs index 1a905d2ac..c1fc41791 100644 --- a/dc/s2n-quic-dc/src/event/generated/metrics/aggregate.rs +++ b/dc/s2n-quic-dc/src/event/generated/metrics/aggregate.rs @@ -12,7 +12,7 @@ use crate::event::{ AsVariant, BoolRecorder, Info, Metric, NominalRecorder, Recorder, Registry, Units, }, }; -static INFO: &[Info; 107usize] = &[ +static INFO: &[Info; 109usize] = &[ info::Builder { id: 0usize, name: Str::new("acceptor_tcp_started\0"), @@ -519,138 +519,150 @@ static INFO: &[Info; 107usize] = &[ .build(), info::Builder { id: 84usize, - name: Str::new("replay_definitely_detected\0"), + name: Str::new("key_accepted\0"), units: Units::None, } .build(), info::Builder { id: 85usize, - name: Str::new("replay_potentially_detected\0"), + name: Str::new("key_accepted.gap\0"), units: Units::None, } .build(), info::Builder { id: 86usize, - name: Str::new("replay_potentially_detected.gap\0"), + name: Str::new("replay_definitely_detected\0"), units: Units::None, } .build(), info::Builder { id: 87usize, - name: Str::new("replay_detected_packet_sent\0"), + name: Str::new("replay_potentially_detected\0"), units: Units::None, } .build(), info::Builder { id: 88usize, - name: Str::new("replay_detected_packet_sent.peer_address.protocol\0"), + name: Str::new("replay_potentially_detected.gap\0"), units: Units::None, } .build(), info::Builder { id: 89usize, - name: Str::new("replay_detected_packet_received\0"), + name: Str::new("replay_detected_packet_sent\0"), units: Units::None, } .build(), info::Builder { id: 90usize, - name: Str::new("replay_detected_packet_received.peer_address.protocol\0"), + name: Str::new("replay_detected_packet_sent.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 91usize, - name: Str::new("replay_detected_packet_accepted\0"), + name: Str::new("replay_detected_packet_received\0"), units: Units::None, } .build(), info::Builder { id: 92usize, - name: Str::new("replay_detected_packet_accepted.peer_address.protocol\0"), + name: Str::new("replay_detected_packet_received.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 93usize, - name: Str::new("replay_detected_packet_rejected\0"), + name: Str::new("replay_detected_packet_accepted\0"), units: Units::None, } .build(), info::Builder { id: 94usize, - name: Str::new("replay_detected_packet_rejected.peer_address.protocol\0"), + name: Str::new("replay_detected_packet_accepted.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 95usize, - name: Str::new("replay_detected_packet_dropped\0"), + name: Str::new("replay_detected_packet_rejected\0"), units: Units::None, } .build(), info::Builder { id: 96usize, - name: Str::new("replay_detected_packet_dropped.peer_address.protocol\0"), + name: Str::new("replay_detected_packet_rejected.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 97usize, - name: Str::new("stale_key_packet_sent\0"), + name: Str::new("replay_detected_packet_dropped\0"), units: Units::None, } .build(), info::Builder { id: 98usize, - name: Str::new("stale_key_packet_sent.peer_address.protocol\0"), + name: Str::new("replay_detected_packet_dropped.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 99usize, - name: Str::new("stale_key_packet_received\0"), + name: Str::new("stale_key_packet_sent\0"), units: Units::None, } .build(), info::Builder { id: 100usize, - name: Str::new("stale_key_packet_received.peer_address.protocol\0"), + name: Str::new("stale_key_packet_sent.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 101usize, - name: Str::new("stale_key_packet_accepted\0"), + name: Str::new("stale_key_packet_received\0"), units: Units::None, } .build(), info::Builder { id: 102usize, - name: Str::new("stale_key_packet_accepted.peer_address.protocol\0"), + name: Str::new("stale_key_packet_received.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 103usize, - name: Str::new("stale_key_packet_rejected\0"), + name: Str::new("stale_key_packet_accepted\0"), units: Units::None, } .build(), info::Builder { id: 104usize, - name: Str::new("stale_key_packet_rejected.peer_address.protocol\0"), + name: Str::new("stale_key_packet_accepted.peer_address.protocol\0"), units: Units::None, } .build(), info::Builder { id: 105usize, - name: Str::new("stale_key_packet_dropped\0"), + name: Str::new("stale_key_packet_rejected\0"), units: Units::None, } .build(), info::Builder { id: 106usize, + name: Str::new("stale_key_packet_rejected.peer_address.protocol\0"), + units: Units::None, + } + .build(), + info::Builder { + id: 107usize, + name: Str::new("stale_key_packet_dropped\0"), + units: Units::None, + } + .build(), + info::Builder { + id: 108usize, name: Str::new("stale_key_packet_dropped.peer_address.protocol\0"), units: Units::None, } @@ -663,7 +675,7 @@ pub struct ConnectionContext { } pub struct Subscriber { #[allow(dead_code)] - counters: Box<[R::Counter; 46usize]>, + counters: Box<[R::Counter; 47usize]>, #[allow(dead_code)] bool_counters: Box<[R::BoolCounter; 8usize]>, #[allow(dead_code)] @@ -671,7 +683,7 @@ pub struct Subscriber { #[allow(dead_code)] nominal_counter_offsets: Box<[usize; 25usize]>, #[allow(dead_code)] - measures: Box<[R::Measure; 21usize]>, + measures: Box<[R::Measure; 22usize]>, #[allow(dead_code)] gauges: Box<[R::Gauge; 0usize]>, #[allow(dead_code)] @@ -698,11 +710,11 @@ impl Subscriber { #[allow(unused_mut)] #[inline] pub fn new(registry: R) -> Self { - let mut counters = Vec::with_capacity(46usize); + let mut counters = Vec::with_capacity(47usize); let mut bool_counters = Vec::with_capacity(8usize); let mut nominal_counters = Vec::with_capacity(25usize); let mut nominal_counter_offsets = Vec::with_capacity(25usize); - let mut measures = Vec::with_capacity(21usize); + let mut measures = Vec::with_capacity(22usize); let mut gauges = Vec::with_capacity(0usize); let mut timers = Vec::with_capacity(7usize); let mut nominal_timers = Vec::with_capacity(0usize); @@ -742,7 +754,7 @@ impl Subscriber { counters.push(registry.register_counter(&INFO[80usize])); counters.push(registry.register_counter(&INFO[82usize])); counters.push(registry.register_counter(&INFO[84usize])); - counters.push(registry.register_counter(&INFO[85usize])); + counters.push(registry.register_counter(&INFO[86usize])); counters.push(registry.register_counter(&INFO[87usize])); counters.push(registry.register_counter(&INFO[89usize])); counters.push(registry.register_counter(&INFO[91usize])); @@ -753,6 +765,7 @@ impl Subscriber { counters.push(registry.register_counter(&INFO[101usize])); counters.push(registry.register_counter(&INFO[103usize])); counters.push(registry.register_counter(&INFO[105usize])); + counters.push(registry.register_counter(&INFO[107usize])); bool_counters.push(registry.register_bool_counter(&INFO[19usize])); bool_counters.push(registry.register_bool_counter(&INFO[20usize])); bool_counters.push(registry.register_bool_counter(&INFO[34usize])); @@ -934,7 +947,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[88usize], variant)); + .push(registry.register_nominal_counter(&INFO[90usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -945,7 +958,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[90usize], variant)); + .push(registry.register_nominal_counter(&INFO[92usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -956,7 +969,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[92usize], variant)); + .push(registry.register_nominal_counter(&INFO[94usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -967,7 +980,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[94usize], variant)); + .push(registry.register_nominal_counter(&INFO[96usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -978,7 +991,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[96usize], variant)); + .push(registry.register_nominal_counter(&INFO[98usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -989,7 +1002,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[98usize], variant)); + .push(registry.register_nominal_counter(&INFO[100usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -1000,7 +1013,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[100usize], variant)); + .push(registry.register_nominal_counter(&INFO[102usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -1011,7 +1024,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[102usize], variant)); + .push(registry.register_nominal_counter(&INFO[104usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -1022,7 +1035,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[104usize], variant)); + .push(registry.register_nominal_counter(&INFO[106usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -1033,7 +1046,7 @@ impl Subscriber { let mut count = 0; for variant in ::VARIANTS.iter() { nominal_counters - .push(registry.register_nominal_counter(&INFO[106usize], variant)); + .push(registry.register_nominal_counter(&INFO[108usize], variant)); count += 1; } debug_assert_ne!(count, 0, "field type needs at least one variant"); @@ -1060,7 +1073,8 @@ impl Subscriber { measures.push(registry.register_measure(&INFO[63usize])); measures.push(registry.register_measure(&INFO[64usize])); measures.push(registry.register_measure(&INFO[65usize])); - measures.push(registry.register_measure(&INFO[86usize])); + measures.push(registry.register_measure(&INFO[85usize])); + measures.push(registry.register_measure(&INFO[88usize])); timers.push(registry.register_timer(&INFO[5usize])); timers.push(registry.register_timer(&INFO[15usize])); timers.push(registry.register_timer(&INFO[21usize])); @@ -1137,7 +1151,7 @@ impl Subscriber { 32usize => (&INFO[80usize], entry), 33usize => (&INFO[82usize], entry), 34usize => (&INFO[84usize], entry), - 35usize => (&INFO[85usize], entry), + 35usize => (&INFO[86usize], entry), 36usize => (&INFO[87usize], entry), 37usize => (&INFO[89usize], entry), 38usize => (&INFO[91usize], entry), @@ -1148,6 +1162,7 @@ impl Subscriber { 43usize => (&INFO[101usize], entry), 44usize => (&INFO[103usize], entry), 45usize => (&INFO[105usize], entry), + 46usize => (&INFO[107usize], entry), _ => unsafe { core::hint::unreachable_unchecked() }, }) } @@ -1287,61 +1302,61 @@ impl Subscriber { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[88usize], entries, variants) + (&INFO[90usize], entries, variants) } 16usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[90usize], entries, variants) + (&INFO[92usize], entries, variants) } 17usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[92usize], entries, variants) + (&INFO[94usize], entries, variants) } 18usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[94usize], entries, variants) + (&INFO[96usize], entries, variants) } 19usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[96usize], entries, variants) + (&INFO[98usize], entries, variants) } 20usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[98usize], entries, variants) + (&INFO[100usize], entries, variants) } 21usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[100usize], entries, variants) + (&INFO[102usize], entries, variants) } 22usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[102usize], entries, variants) + (&INFO[104usize], entries, variants) } 23usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[104usize], entries, variants) + (&INFO[106usize], entries, variants) } 24usize => { let offset = *entry; let variants = ::VARIANTS; let entries = &self.nominal_counters[offset..offset + variants.len()]; - (&INFO[106usize], entries, variants) + (&INFO[108usize], entries, variants) } _ => unsafe { core::hint::unreachable_unchecked() }, }) @@ -1381,7 +1396,8 @@ impl Subscriber { 17usize => (&INFO[63usize], entry), 18usize => (&INFO[64usize], entry), 19usize => (&INFO[65usize], entry), - 20usize => (&INFO[86usize], entry), + 20usize => (&INFO[85usize], entry), + 21usize => (&INFO[88usize], entry), _ => unsafe { core::hint::unreachable_unchecked() }, }) } @@ -1875,6 +1891,15 @@ impl event::Subscriber for Subscriber { let _ = meta; } #[inline] + fn on_key_accepted(&self, meta: &api::EndpointMeta, event: &api::KeyAccepted) { + #[allow(unused_imports)] + use api::*; + self.count(84usize, 34usize, 1usize); + self.measure(85usize, 20usize, event.gap); + let _ = event; + let _ = meta; + } + #[inline] fn on_replay_definitely_detected( &self, meta: &api::EndpointMeta, @@ -1882,7 +1907,7 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(84usize, 34usize, 1usize); + self.count(86usize, 35usize, 1usize); let _ = event; let _ = meta; } @@ -1894,8 +1919,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(85usize, 35usize, 1usize); - self.measure(86usize, 20usize, event.gap); + self.count(87usize, 36usize, 1usize); + self.measure(88usize, 21usize, event.gap); let _ = event; let _ = meta; } @@ -1907,8 +1932,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(87usize, 36usize, 1usize); - self.count_nominal(88usize, 15usize, &event.peer_address); + self.count(89usize, 37usize, 1usize); + self.count_nominal(90usize, 15usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1920,8 +1945,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(89usize, 37usize, 1usize); - self.count_nominal(90usize, 16usize, &event.peer_address); + self.count(91usize, 38usize, 1usize); + self.count_nominal(92usize, 16usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1933,8 +1958,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(91usize, 38usize, 1usize); - self.count_nominal(92usize, 17usize, &event.peer_address); + self.count(93usize, 39usize, 1usize); + self.count_nominal(94usize, 17usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1946,8 +1971,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(93usize, 39usize, 1usize); - self.count_nominal(94usize, 18usize, &event.peer_address); + self.count(95usize, 40usize, 1usize); + self.count_nominal(96usize, 18usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1959,8 +1984,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(95usize, 40usize, 1usize); - self.count_nominal(96usize, 19usize, &event.peer_address); + self.count(97usize, 41usize, 1usize); + self.count_nominal(98usize, 19usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1968,8 +1993,8 @@ impl event::Subscriber for Subscriber { fn on_stale_key_packet_sent(&self, meta: &api::EndpointMeta, event: &api::StaleKeyPacketSent) { #[allow(unused_imports)] use api::*; - self.count(97usize, 41usize, 1usize); - self.count_nominal(98usize, 20usize, &event.peer_address); + self.count(99usize, 42usize, 1usize); + self.count_nominal(100usize, 20usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1981,8 +2006,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(99usize, 42usize, 1usize); - self.count_nominal(100usize, 21usize, &event.peer_address); + self.count(101usize, 43usize, 1usize); + self.count_nominal(102usize, 21usize, &event.peer_address); let _ = event; let _ = meta; } @@ -1994,8 +2019,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(101usize, 43usize, 1usize); - self.count_nominal(102usize, 22usize, &event.peer_address); + self.count(103usize, 44usize, 1usize); + self.count_nominal(104usize, 22usize, &event.peer_address); let _ = event; let _ = meta; } @@ -2007,8 +2032,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(103usize, 44usize, 1usize); - self.count_nominal(104usize, 23usize, &event.peer_address); + self.count(105usize, 45usize, 1usize); + self.count_nominal(106usize, 23usize, &event.peer_address); let _ = event; let _ = meta; } @@ -2020,8 +2045,8 @@ impl event::Subscriber for Subscriber { ) { #[allow(unused_imports)] use api::*; - self.count(105usize, 45usize, 1usize); - self.count_nominal(106usize, 24usize, &event.peer_address); + self.count(107usize, 46usize, 1usize); + self.count_nominal(108usize, 24usize, &event.peer_address); let _ = event; let _ = meta; } diff --git a/dc/s2n-quic-dc/src/event/generated/metrics/probe.rs b/dc/s2n-quic-dc/src/event/generated/metrics/probe.rs index 250a52061..846345acb 100644 --- a/dc/s2n-quic-dc/src/event/generated/metrics/probe.rs +++ b/dc/s2n-quic-dc/src/event/generated/metrics/probe.rs @@ -51,18 +51,19 @@ mod counter { 78usize => Self(unknown_path_secret_packet_accepted), 80usize => Self(unknown_path_secret_packet_rejected), 82usize => Self(unknown_path_secret_packet_dropped), - 84usize => Self(replay_definitely_detected), - 85usize => Self(replay_potentially_detected), - 87usize => Self(replay_detected_packet_sent), - 89usize => Self(replay_detected_packet_received), - 91usize => Self(replay_detected_packet_accepted), - 93usize => Self(replay_detected_packet_rejected), - 95usize => Self(replay_detected_packet_dropped), - 97usize => Self(stale_key_packet_sent), - 99usize => Self(stale_key_packet_received), - 101usize => Self(stale_key_packet_accepted), - 103usize => Self(stale_key_packet_rejected), - 105usize => Self(stale_key_packet_dropped), + 84usize => Self(key_accepted), + 86usize => Self(replay_definitely_detected), + 87usize => Self(replay_potentially_detected), + 89usize => Self(replay_detected_packet_sent), + 91usize => Self(replay_detected_packet_received), + 93usize => Self(replay_detected_packet_accepted), + 95usize => Self(replay_detected_packet_rejected), + 97usize => Self(replay_detected_packet_dropped), + 99usize => Self(stale_key_packet_sent), + 101usize => Self(stale_key_packet_received), + 103usize => Self(stale_key_packet_accepted), + 105usize => Self(stale_key_packet_rejected), + 107usize => Self(stale_key_packet_dropped), _ => unreachable!("invalid info: {info:?}"), } } @@ -142,6 +143,8 @@ mod counter { fn unknown_path_secret_packet_rejected(value: u64); # [link_name = s2n_quic_dc__event__counter__unknown_path_secret_packet_dropped] fn unknown_path_secret_packet_dropped(value: u64); + # [link_name = s2n_quic_dc__event__counter__key_accepted] + fn key_accepted(value: u64); # [link_name = s2n_quic_dc__event__counter__replay_definitely_detected] fn replay_definitely_detected(value: u64); # [link_name = s2n_quic_dc__event__counter__replay_potentially_detected] @@ -238,16 +241,16 @@ mod counter { 79usize => Self(unknown_path_secret_packet_accepted__peer_address__protocol), 81usize => Self(unknown_path_secret_packet_rejected__peer_address__protocol), 83usize => Self(unknown_path_secret_packet_dropped__peer_address__protocol), - 88usize => Self(replay_detected_packet_sent__peer_address__protocol), - 90usize => Self(replay_detected_packet_received__peer_address__protocol), - 92usize => Self(replay_detected_packet_accepted__peer_address__protocol), - 94usize => Self(replay_detected_packet_rejected__peer_address__protocol), - 96usize => Self(replay_detected_packet_dropped__peer_address__protocol), - 98usize => Self(stale_key_packet_sent__peer_address__protocol), - 100usize => Self(stale_key_packet_received__peer_address__protocol), - 102usize => Self(stale_key_packet_accepted__peer_address__protocol), - 104usize => Self(stale_key_packet_rejected__peer_address__protocol), - 106usize => Self(stale_key_packet_dropped__peer_address__protocol), + 90usize => Self(replay_detected_packet_sent__peer_address__protocol), + 92usize => Self(replay_detected_packet_received__peer_address__protocol), + 94usize => Self(replay_detected_packet_accepted__peer_address__protocol), + 96usize => Self(replay_detected_packet_rejected__peer_address__protocol), + 98usize => Self(replay_detected_packet_dropped__peer_address__protocol), + 100usize => Self(stale_key_packet_sent__peer_address__protocol), + 102usize => Self(stale_key_packet_received__peer_address__protocol), + 104usize => Self(stale_key_packet_accepted__peer_address__protocol), + 106usize => Self(stale_key_packet_rejected__peer_address__protocol), + 108usize => Self(stale_key_packet_dropped__peer_address__protocol), _ => unreachable!("invalid info: {info:?}"), } } @@ -446,7 +449,8 @@ mod measure { 63usize => Self(path_secret_map_uninitialized__capacity), 64usize => Self(path_secret_map_uninitialized__entries), 65usize => Self(path_secret_map_uninitialized__lifetime), - 86usize => Self(replay_potentially_detected__gap), + 85usize => Self(key_accepted__gap), + 88usize => Self(replay_potentially_detected__gap), _ => unreachable!("invalid info: {info:?}"), } } @@ -498,6 +502,8 @@ mod measure { fn path_secret_map_uninitialized__entries(value: u64); # [link_name = s2n_quic_dc__event__measure__path_secret_map_uninitialized__lifetime] fn path_secret_map_uninitialized__lifetime(value: u64); + # [link_name = s2n_quic_dc__event__measure__key_accepted__gap] + fn key_accepted__gap(value: u64); # [link_name = s2n_quic_dc__event__measure__replay_potentially_detected__gap] fn replay_potentially_detected__gap(value: u64); } diff --git a/dc/s2n-quic-dc/src/path/secret/map/state.rs b/dc/s2n-quic-dc/src/path/secret/map/state.rs index 175cdfe3e..0430af623 100644 --- a/dc/s2n-quic-dc/src/path/secret/map/state.rs +++ b/dc/s2n-quic-dc/src/path/secret/map/state.rs @@ -511,7 +511,20 @@ where key_id, }; match entry.receiver().post_authentication(creds) { - Ok(()) => Ok(()), + Ok(()) => { + let gap = (*entry.receiver().minimum_unseen_key_id()) + // This should never be negative, but saturate anyway to avoid + // wildly large numbers. + .saturating_sub(*creds.key_id); + + self.subscriber() + .on_key_accepted(event::builder::KeyAccepted { + credential_id: creds.id.into_event(), + key_id: key_id.into_event(), + gap, + }); + Ok(()) + } Err(receiver::Error::AlreadyExists) => { self.send_control_error(entry, creds, receiver::Error::AlreadyExists);