feat(s2n-quic-transport): discard client initial keys when we have handshake keys #3478
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| name: qns | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_RETRY: 10 | |
| RUSTUP_MAX_RETRIES: 10 | |
| RUST_BACKTRACE: 1 | |
| # This kept breaking builds so we're pinning for now. We should do our best to keep | |
| # up with the changes, though. | |
| INTEROP_RUNNER_REF: e73ec56cdf5423fa6b1576a2b5fec5eb2171ec5d | |
| # This should be updated when updating wesleyrosenblum/quic-network-simulator | |
| NETWORK_SIMULATOR_REF: sha256:20abe0bed8c0e39e1d8750507b24295f7c978bdd7e05fa6f3a5afed4b76dc191 | |
| IPERF_ENDPOINT_REF: sha256:cb50cc8019d45d9cad5faecbe46a3c21dd5e871949819a5175423755a9045106 | |
| WIRESHARK_VERSION: 3.7.1 | |
| CDN: https://dnglbrstg7yg.cloudfront.net | |
| LOG_URL: logs/latest/SERVER_CLIENT/TEST/index.html | |
| H3_SPEC_VERSION: v0.1.8 | |
| QUINN_REF: 6e4bcbb2fcb57ced2ef261c9662521c5baf37f3c | |
| # enable unstable features for testing | |
| S2N_UNSTABLE_CRYPTO_OPT_TX: 100 | |
| S2N_UNSTABLE_CRYPTO_OPT_RX: 100 | |
| # By default depandabot only receives read permissions. Explicitly give it write | |
| # permissions which is needed by the ouzi-dev/commit-status-updater task. | |
| # | |
| # Updating status is relatively safe (doesnt modify source code) and caution | |
| # should we taken before adding more permissions. | |
| permissions: | |
| statuses: write | |
| jobs: | |
| env: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.implementations.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: s2n-quic | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: marten-seemann/quic-interop-runner | |
| ref: ${{ env.INTEROP_RUNNER_REF }} | |
| path: quic-interop-runner | |
| - name: Patch quic-interop-runner | |
| working-directory: quic-interop-runner | |
| run: | | |
| git apply --3way ../s2n-quic/.github/interop/runner.patch | |
| - name: Define implementations | |
| id: implementations | |
| working-directory: quic-interop-runner | |
| run: | | |
| CLIENTS=$(cat implementations.json \ | |
| | jq -c '[. | to_entries[] | select(.value.role == "both" or .value.role == "client") | {"client": .key, "server": "s2n-quic"}] | sort' | |
| ) | |
| echo "Clients: $CLIENTS" | |
| SERVERS=$(cat implementations.json \ | |
| | jq -c '[. | to_entries[] | select(.value.role == "both" or .value.role == "server") | {"client": "s2n-quic", "server": .key}] | sort' | |
| ) | |
| echo "Servers: $SERVERS" | |
| MATRIX=$(echo "[$CLIENTS, $SERVERS]" | jq -c '{"include": . | flatten | sort | unique}') | |
| echo "Matrix: $MATRIX" | |
| echo "::set-output name=matrix::$MATRIX" | |
| s2n-quic-qns: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| mode: ["debug", "release"] | |
| # enable debug information | |
| env: | |
| RUSTFLAGS: "-g --cfg s2n_internal_dev --cfg s2n_quic_dump_on_panic" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| override: true | |
| - uses: camshaft/rust-cache@v1 | |
| with: | |
| key: ${{ matrix.mode }}-${{ env.RUSTFLAGS }} | |
| # apply patch to use forked version of the webpki crate | |
| # see https://github.com/aws/s2n-quic/issues/1836 | |
| - name: Patch webpki | |
| run: | | |
| git apply --3way quic/s2n-quic-qns/etc/webpki.patch | |
| - name: Run cargo build | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: build | |
| args: --bin s2n-quic-qns ${{ matrix.mode == 'release' && '--release' || '' }} | |
| - name: Prepare artifact | |
| run: | | |
| mkdir -p s2n-quic-qns | |
| cp target/${{ matrix.mode }}/s2n-quic-qns s2n-quic-qns/s2n-quic-qns-${{ matrix.mode }} | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-${{ matrix.mode }} | |
| path: s2n-quic-qns/ | |
| quinn: | |
| runs-on: ubuntu-20.04 | |
| # enable debug information | |
| env: | |
| RUSTFLAGS: "-g" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: quinn-rs/quinn | |
| ref: ${{ env.QUINN_REF }} | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| override: true | |
| - uses: camshaft/rust-cache@v1 | |
| - name: Cache quinn | |
| id: cache | |
| uses: actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| path: | | |
| target/release/perf_client | |
| target/release/perf_server | |
| key: ${{ runner.os }}-${{ steps.toolchain.outputs.rustc_hash }}-${{ github.job }}-quinn-${{ hashFiles('**/Cargo.*') }}-${{ hashFiles('**/*.rs') }} | |
| - name: Build quinn | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: cargo build --bin perf_client --bin perf_server --release | |
| - name: Prepare artifact | |
| run: | | |
| mkdir -p quinn | |
| cp target/release/perf_client quinn/perf_client | |
| cp target/release/perf_server quinn/perf_server | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: quinn | |
| path: quinn/ | |
| interop: | |
| runs-on: ubuntu-latest | |
| needs: [env, s2n-quic-qns] | |
| strategy: | |
| matrix: ${{ fromJson(needs.env.outputs.matrix) }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: s2n-quic | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-debug | |
| path: s2n-quic-qns/ | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-release | |
| path: s2n-quic-qns/ | |
| - name: Setup dockerfile | |
| working-directory: s2n-quic-qns | |
| run: | | |
| cp ../s2n-quic/.github/interop/Dockerfile . | |
| cp ../s2n-quic/quic/s2n-quic-qns/etc/run_endpoint.sh . | |
| - name: Run docker build | |
| working-directory: s2n-quic-qns | |
| run: | | |
| docker build . --file Dockerfile --tag aws/s2n-quic-qns --build-arg tls=s2n-tls | |
| docker build . --file Dockerfile --tag aws/s2n-quic-qns-rustls --build-arg tls=rustls | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: marten-seemann/quic-interop-runner | |
| ref: ${{ env.INTEROP_RUNNER_REF }} | |
| path: quic-interop-runner | |
| - name: Patch quic-interop-runner | |
| working-directory: quic-interop-runner | |
| run: | | |
| git apply --3way ../s2n-quic/.github/interop/runner.patch | |
| - name: Run docker pull | |
| working-directory: quic-interop-runner | |
| run: | | |
| docker pull "wesleyrosenblum/quic-network-simulator@$NETWORK_SIMULATOR_REF" | |
| docker pull "martenseemann/quic-interop-iperf-endpoint@$IPERF_ENDPOINT_REF" | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.7 | |
| - name: Install tshark | |
| run: | | |
| wget --no-verbose https://dnglbrstg7yg.cloudfront.net/tshark/v$WIRESHARK_VERSION/tshark | |
| chmod +x tshark | |
| sudo mv tshark /usr/bin | |
| /usr/bin/tshark -v | |
| - name: Install dependencies | |
| working-directory: quic-interop-runner | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| pip3 install wheel | |
| pip3 install --upgrade -r requirements.txt | |
| - name: Run quic-interop-runner | |
| working-directory: quic-interop-runner | |
| run: | | |
| # enable IPv6 support | |
| sudo modprobe ip6table_filter | |
| python3 run.py --client ${{ matrix.client }} --server ${{ matrix.server }} --json results/result.json --debug --log-dir results/logs | |
| mkdir -p results/logs | |
| - name: Prepare artifacts | |
| working-directory: quic-interop-runner | |
| run: | | |
| ls -al results | |
| # clean up invalid path characters | |
| find results -name '*:*' | while read from; do | |
| echo "Invalid filename: $from" | |
| to=$(echo $from | sed 's/:/_/g') | |
| mv $from $to | |
| done | |
| # remove files we don't do anything with to reduce the artifact size | |
| find results -name '*.qlog' -exec rm {} \; | |
| # remove cross traffic and goodput packet captures as they are large and not useful | |
| find results -maxdepth 7 -type d -path "**/crosstraffic/*/sim" | xargs rm -rf \; | |
| find results -maxdepth 7 -type d -path "**/goodput/*/sim" | xargs rm -rf \; | |
| # Add index files for easy browsing | |
| find results -maxdepth 3 -type d -path "*/logs/*/*" | while read from; do | |
| tree -H "." \ | |
| -h \ | |
| -L 3 \ | |
| -I 'index.html' \ | |
| -T "${{ matrix.client }} client / ${{ matrix.server }} server - $(basename $from)" \ | |
| --noreport \ | |
| --charset utf-8 \ | |
| -o $from/index.html \ | |
| $from | |
| done | |
| - uses: aws-actions/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Upload to S3 | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| id: s3 | |
| working-directory: quic-interop-runner | |
| run: | | |
| TARGET="${{ github.sha }}/interop/logs/latest" | |
| aws s3 sync results/logs "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: interop-${{ matrix.client }}-client-${{ matrix.server }}-server | |
| path: quic-interop-runner/results/result.json | |
| - name: Assert no crashes | |
| working-directory: quic-interop-runner | |
| run: | | |
| ! grep -Rq 'The s2n-quic-qns application shut down unexpectedly' results | |
| interop-report: | |
| runs-on: ubuntu-latest | |
| needs: [interop] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| path: results/ | |
| - name: Download latest results | |
| id: download | |
| run: | | |
| rm -f result.json | |
| INTEROP_BASE_URL="https://interop.seemann.io/logs/" | |
| wget ${INTEROP_BASE_URL}latest/result.json || echo '{}' > result.json | |
| mv result.json latest.json | |
| INTEROP_LOG_URL=${INTEROP_BASE_URL}$(jq --raw-output '.log_dir' latest.json)/SERVER_CLIENT/TEST/ | |
| echo "::set-output name=INTEROP_LOG_URL::$INTEROP_LOG_URL" | |
| - name: Get latest successful interop commit SHA on main branch | |
| id: mainsha | |
| if: github.event.pull_request | |
| run: | | |
| curl \ | |
| --url "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/workflows/qns.yml/runs?branch=main&status=success&per_page=1" \ | |
| --header "Accept: application/vnd.github.v3+json" > latest_workflow_run.json | |
| MAIN_SHA=$(jq --raw-output '.workflow_runs[0] | .head_sha' latest_workflow_run.json) | |
| rm -f latest_workflow_run.json | |
| echo "::set-output name=MAIN_SHA::$MAIN_SHA" | |
| - name: Download latest main interop result | |
| if: github.event.pull_request | |
| run: | | |
| rm -f prev_result.json | |
| wget $CDN/${{ steps.mainsha.outputs.MAIN_SHA }}/interop/logs/latest/result.json || echo '{}' > result.json | |
| mv result.json prev_result.json | |
| - name: Generate report for pull request | |
| if: github.event.pull_request | |
| run: | | |
| mkdir -p web/logs/latest | |
| MAIN_SHA=${{ steps.mainsha.outputs.MAIN_SHA }} | |
| python3 .github/interop/merge.py \ | |
| --prev_version prev_result.json \ | |
| --new_version_suffix "pr${{github.event.pull_request.number}}" \ | |
| --new_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/${{github.event.pull_request.number}}" \ | |
| --new_version_log_url "$LOG_URL" \ | |
| --prev_version_log_url "$CDN/$MAIN_SHA/interop/$LOG_URL" \ | |
| --prev_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$MAIN_SHA" \ | |
| --interop_log_url "${{ steps.download.outputs.INTEROP_LOG_URL }}" \ | |
| latest.json \ | |
| results/**/result.json > \ | |
| web/logs/latest/result.json | |
| - name: Generate report for push to main | |
| if: github.event_name == 'push' | |
| run: | | |
| mkdir -p web/logs/latest | |
| python3 .github/interop/merge.py \ | |
| --new_version_log_url "$LOG_URL" \ | |
| --new_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$GITHUB_SHA" \ | |
| --interop_log_url "${{ steps.download.outputs.INTEROP_LOG_URL }}" \ | |
| latest.json \ | |
| results/**/result.json > \ | |
| web/logs/latest/result.json | |
| - uses: aws-actions/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Upload to S3 | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| id: s3 | |
| run: | | |
| cp .github/interop/*.html web/ | |
| cp .github/interop/*.js web/ | |
| TARGET="${{ github.sha }}/interop" | |
| aws s3 sync web "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
| URL="$CDN/$TARGET/index.html" | |
| echo "::set-output name=URL::$URL" | |
| - uses: ouzi-dev/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| name: "interop / report" | |
| status: "success" | |
| url: "${{ steps.s3.outputs.URL }}" | |
| - name: Check for regressions | |
| run: | | |
| python3 .github/interop/check.py \ | |
| --required .github/interop/required.json \ | |
| web/logs/latest/result.json | |
| bench: | |
| runs-on: ubuntu-20.04 | |
| needs: [env, s2n-quic-qns] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - uses: camshaft/rust-cache@v1 | |
| - name: Install tshark | |
| run: | | |
| wget --no-verbose https://dnglbrstg7yg.cloudfront.net/tshark/v$WIRESHARK_VERSION/tshark | |
| chmod +x tshark | |
| sudo mv tshark /usr/bin | |
| /usr/bin/tshark -v | |
| - name: Install gnuplot | |
| run: | | |
| sudo apt-get -o Acquire::Retries=3 update | |
| sudo apt-get -o Acquire::Retries=3 install -y gnuplot | |
| # authenticate pull to avoid hitting pull quota | |
| - name: Login to Amazon Elastic Container Registry Public | |
| if: github.repository == github.event.pull_request.head.repo.full_name | |
| uses: docker/[email protected] | |
| with: | |
| registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Pull s2n-quic-qns:main | |
| if: github.event.pull_request | |
| run: docker pull public.ecr.aws/s2n/s2n-quic-qns:main | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-debug | |
| path: s2n-quic-qns-build/ | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-release | |
| path: s2n-quic-qns-build/ | |
| - name: Setup dockerfile | |
| working-directory: s2n-quic-qns-build | |
| run: | | |
| cp ../.github/interop/Dockerfile . | |
| cp ../quic/s2n-quic-qns/etc/run_endpoint.sh . | |
| - name: Run docker build | |
| working-directory: s2n-quic-qns-build | |
| run: | | |
| docker build . --file Dockerfile --tag aws/s2n-quic-qns | |
| - name: Run script for pull request | |
| if: github.event.pull_request | |
| run: sudo env "PATH=$PATH" "BUILD_S2N_QUIC=false" "COMPARE_TO_MAIN=true" ./scripts/benchmark/run-all | |
| - name: Run script for push to main | |
| if: github.event_name == 'push' | |
| run: sudo env "PATH=$PATH" "BUILD_S2N_QUIC=false" ./scripts/benchmark/run-all | |
| - uses: aws-actions/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Upload results | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| id: s3 | |
| run: | | |
| TARGET="${{ github.sha }}/bench" | |
| aws s3 sync target/benchmark/results "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
| URL="$CDN/$TARGET/index.html" | |
| echo "::set-output name=URL::$URL" | |
| - uses: ouzi-dev/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| name: "bench / report" | |
| status: "success" | |
| url: "${{ steps.s3.outputs.URL }}" | |
| - name: Assert no crashes | |
| run: | | |
| ! grep -Rq 'The s2n-quic-qns application shut down unexpectedly' target/benchmark/results | |
| h3spec: | |
| runs-on: ubuntu-20.04 | |
| needs: [s2n-quic-qns] | |
| strategy: | |
| matrix: | |
| tls: ["s2n-tls", "rustls"] | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-debug | |
| - name: Install h3spec | |
| run: | | |
| curl -L -o h3spec https://github.com/kazu-yamamoto/h3spec/releases/download/$H3_SPEC_VERSION/h3spec-linux-x86_64 | |
| chmod +x h3spec | |
| chmod +x s2n-quic-qns-debug | |
| - name: Run test (${{ matrix.tls }}) | |
| # the skipped tests here require modifications to the TLS library | |
| # TODO remove the skips once these are fixed | |
| # https://github.com/aws/s2n-quic/issues/858 | |
| # https://github.com/aws/s2n-quic/issues/859 | |
| if: ${{ matrix.tls == 'rustls' }} | |
| run: | | |
| ./s2n-quic-qns-debug interop server --port 4433 --tls ${{ matrix.tls }} & | |
| # wait for the server to boot | |
| sleep 3 | |
| ./h3spec localhost 4433 \ | |
| ` h3spec appends the KeyUpdate message to the end of the valid Handshake data. `\ | |
| ` s2n-quic considers the handshake "done" before it receives the bad message, `\ | |
| ` and instead fails because the bad message is considered leftover data. See: `\ | |
| ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/space/crypto_stream.rs#L64-L73 `\ | |
| --skip "MUST send unexpected_message TLS alert if KeyUpdate in Handshake is received [TLS 6]" \ | |
| \ | |
| ` s2n-quic chooses to ignore CRYPTO frames in application data. See: `\ | |
| ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/space/application.rs#L625-L630 `\ | |
| --skip "MUST send unexpected_message TLS alert if KeyUpdate in 1-RTT is received [TLS 6]" \ | |
| \ | |
| ` The quic_transport_parameters are part of the ClientHello. `\ | |
| ` s2n-quic currently does not respond to malformed ClientHellos. See: `\ | |
| ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/endpoint/mod.rs#L725 `\ | |
| --skip "MUST send missing_extension TLS alert if the quic_transport_parameters extension does not included [TLS 8.2]" \ | |
| \ | |
| ` RUSTLS specific failures. `\ | |
| ` The quic_transport_parameters are part of the ClientHello. `\ | |
| ` s2n-quic currently does not respond to malformed ClientHellos. See: `\ | |
| ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/endpoint/mod.rs#L725 `\ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if initial_source_connection_id is missing [Transport 7.3]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if original_destination_connection_id is received [Transport 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if preferred_address, is received [Transport 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if retry_source_connection_id is received [Transport 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if stateless_reset_token is received [Transport 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if max_udp_payload_size < 1200 [Transport 7.4 and 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if ack_delay_exponen > 20 [Transport 7.4 and 18.2]" \ | |
| --skip "MUST send TRANSPORT_PARAMETER_ERROR if max_ack_delay >= 2^14 [Transport 7.4 and 18.2]" \ | |
| --skip "MUST send no_application_protocol TLS alert if no application protocols are supported [TLS 8.1]" \ | |
| perf: | |
| runs-on: ubuntu-20.04 | |
| needs: [quinn, s2n-quic-qns] | |
| strategy: | |
| matrix: | |
| include: | |
| - client: "quinn" | |
| server: "s2n-quic" | |
| - client: "s2n-quic" | |
| server: "s2n-quic" | |
| - client: "s2n-quic-null" | |
| server: "s2n-quic-null" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| override: true | |
| - uses: camshaft/[email protected] | |
| - name: Install inferno | |
| uses: camshaft/install@v1 | |
| with: | |
| crate: inferno | |
| bins: inferno-collapse-perf,inferno-flamegraph | |
| - name: Install ultraman | |
| uses: camshaft/install@v1 | |
| with: | |
| crate: ultraman | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-release | |
| path: target/release/ | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: quinn | |
| path: target/perf/quinn/bin/ | |
| - name: Setup artifacts | |
| run: | | |
| mv target/release/s2n-quic-qns-release target/release/s2n-quic-qns | |
| chmod +x target/release/s2n-quic-qns | |
| chmod +x target/perf/quinn/bin/perf_client | |
| chmod +x target/perf/quinn/bin/perf_server | |
| - name: Run script | |
| env: | |
| # ultraman wants a SHELL var to spawn tasks | |
| SHELL: /bin/bash | |
| run: | | |
| set -e | |
| # set larger socket buffers | |
| sudo sysctl -w net.core.wmem_default=2000000 | |
| sudo sysctl -w net.core.rmem_default=2000000 | |
| mkdir -p target/perf/results | |
| sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 10000 0 ${{ matrix.server }} ${{ matrix.client }} | |
| sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 7500 2500 ${{ matrix.server }} ${{ matrix.client }} | |
| sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 5000 5000 ${{ matrix.server }} ${{ matrix.client }} | |
| sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 2500 7500 ${{ matrix.server }} ${{ matrix.client }} | |
| sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 0 10000 ${{ matrix.server }} ${{ matrix.client }} | |
| sudo chown -R $(whoami) target/perf/results | |
| - name: Prepare artifacts | |
| run: | | |
| cd ./target/perf/results | |
| zip perf.zip **/*.script | |
| rm -rf **/*.script | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: perf-results-${{ matrix.server }}-${{ matrix.client }} | |
| path: target/perf/results | |
| perf-report: | |
| runs-on: ubuntu-latest | |
| needs: [perf] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # add any additional perf tests here | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: perf-results-s2n-quic-quinn | |
| path: perf-results/ | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: perf-results-s2n-quic-s2n-quic | |
| path: perf-results/ | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: perf-results-s2n-quic-null-s2n-quic-null | |
| path: perf-results/ | |
| - name: Generate report | |
| run: | | |
| cd perf-results | |
| tree -H "." -T "Performance Results" --noreport --charset utf-8 > index.html | |
| - uses: aws-actions/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Upload results | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| id: s3 | |
| run: | | |
| TARGET="${{ github.sha }}/perf" | |
| aws s3 sync perf-results "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
| URL="$CDN/$TARGET/index.html" | |
| echo "::set-output name=URL::$URL" | |
| - uses: ouzi-dev/[email protected] | |
| if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
| with: | |
| name: "perf / report" | |
| status: "success" | |
| url: "${{ steps.s3.outputs.URL }}" | |
| attack: | |
| runs-on: ubuntu-latest | |
| needs: [s2n-quic-qns] | |
| strategy: | |
| matrix: | |
| attack: ["udp"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| override: true | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: s2n-quic-qns-debug | |
| - name: Run cargo build | |
| working-directory: tools/${{ matrix.attack }}-attack | |
| run: cargo build --release | |
| - name: Start client | |
| working-directory: tools/${{ matrix.attack }}-attack | |
| run: | | |
| ./target/release/${{ matrix.attack }}-attack localhost:4433 & | |
| - name: Start server | |
| shell: bash | |
| run: | | |
| chmod +x ./s2n-quic-qns-debug | |
| # disable exiting on errors to capture the timeout status | |
| set +e | |
| timeout 5m ./s2n-quic-qns-debug interop server --port 4433 | |
| EXIT_CODE="$?" | |
| set -e | |
| # `timeout` exits with `124` if the time limit was reached | |
| [[ "$EXIT_CODE" == "124" ]] || exit $EXIT_CODE |