Skip to content

quinn-proto: drop Initials silently when saturated#2683

Merged
djc merged 1 commit into
quinn-rs:mainfrom
stablebits:respond-to-rejected-initials
Jun 15, 2026
Merged

quinn-proto: drop Initials silently when saturated#2683
djc merged 1 commit into
quinn-rs:mainfrom
stablebits:respond-to-rejected-initials

Conversation

@stablebits

@stablebits stablebits commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

When the max_incoming queue is full (or CIDs are exhausted), quinn replied to each Initial with CONNECTION_REFUSED. Building that reply derives the packet's initial keys, which is computationally expensive.
A flood of Initials then forces the endpoint's packet-processing task to do per-Initial crypto work, leaving it less time for legitimate packets and degrading already-established connections.

So drop Initials silently when saturated.

@djc

djc commented Jun 12, 2026

Copy link
Copy Markdown
Member

Don't we already have ignore() for this?

@alexpyattaev

alexpyattaev commented Jun 12, 2026

Copy link
Copy Markdown

Don't we already have ignore() for this?

.ignore operates after Endpoint has spent the CPU time processing the initial_keys in Incoming packets.

@stablebits

stablebits commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

Don't we already have ignore() for this?

.ignore operates after Endpoint has spent the CPU time processing the initial_keys in Incoming packets.

A user app would need to get incoming from endpoint.accept() in order to call ignore(), wouldn't it? But this won't happen if the endpoint's incomings queue is full...

@Ralith

Ralith commented Jun 12, 2026

Copy link
Copy Markdown
Collaborator

Perhaps silently dropping unrecognized packets when max_incoming is saturated should be the default/only behavior? That condition should only arise under heavy load, after all.

@djc

djc commented Jun 12, 2026

Copy link
Copy Markdown
Member

Perhaps silently dropping unrecognized packets when max_incoming is saturated should be the default/only behavior? That condition should only arise under heavy load, after all.

Seems reasonable to me.

@stablebits stablebits force-pushed the respond-to-rejected-initials branch from 3933584 to 3b8d770 Compare June 13, 2026 06:56
@stablebits stablebits marked this pull request as ready for review June 13, 2026 06:56
@stablebits

stablebits commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Perhaps silently dropping unrecognized packets when max_incoming is saturated should be the default/only behavior? That condition should only arise under heavy load, after all.

Seems reasonable to me.

Made it default/only-behaviour under saturation

@stablebits stablebits changed the title quinn-proto: add ServerConfig::respond_to_rejected_initials quinn-proto: drop Initials silently when saturated Jun 13, 2026
Ralith
Ralith approved these changes Jun 13, 2026
View reviewed changes

@Ralith Ralith left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, some nits.

Comment thread quinn-proto/src/endpoint.rs Outdated
Comment thread quinn-proto/src/endpoint.rs
Comment thread quinn-proto/src/endpoint.rs
@gregcusack gregcusack mentioned this pull request Jun 15, 2026
Open
@stablebits
quinn-proto: drop Initials silently when saturated
9408ac2 
When the `max_incoming` queue is full (or CIDs are exhausted), quinn
replied to each Initial with CONNECTION_REFUSED. Building that reply
derives the packet's initial keys, which is computationally expensive.
A flood of Initials then forces the endpoint's packet-processing task
to do per-Initial crypto work, leaving it less time for legitimate
packets and degrading already-established connections.
@stablebits stablebits force-pushed the respond-to-rejected-initials branch from 3b8d770 to 9408ac2 Compare June 15, 2026 13:34
djc
djc approved these changes Jun 15, 2026
View reviewed changes

@djc djc left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Feel free to backport.

@djc djc added this pull request to the merge queue Jun 15, 2026
Merged via the queue into quinn-rs:main with commit d4fc3ef Jun 15, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ralith Ralith Ralith approved these changes

@djc djc djc approved these changes

@gretchenfrage gretchenfrage Awaiting requested review from gretchenfrage gretchenfrage is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stablebits @djc @alexpyattaev @Ralith