Re: qlog, AckFrame, and ack_delay

[Lucas Pardue <lucaspardue.24.7@gmail.com>]

Thanks.

The other examples that co?e to mind is in pcap dissection of HTTP/2 and
HTTP/3. The header conpression is stateful and requires access to the full
capture from start to finish (to cover all dynamic table updates). The
fallback mode for those is to display the raw bytes.

In qlog, each PacketReceived event has a `raw` field that can do the
equivalent. It seems possible that that tooling could detect omission
`ack_delay` and prescense of `raw` as a signal to decode the value of the
field as received. The downside is that the full packet bytes are recorded.
A compromise might be to make the raw bytes of frames available, so that
applications can apply finer granularity e.g., log control frame data but
omit application frame data that is more sensitive.

On Fri, 10 Nov 2023, 18:50 Damien Neil, <dneil@google.com> wrote:

> I believe the ACK Delay field is unique in the QUIC wire protocol in being
> a field which can't be interpreted without information from a separate
> protocol layer. I don't think this change leads to anything else.
>
> More precisely: Viewed as an integer, ACK Delay can be interpreted by
> considering the ACK frame alone. Viewed as a duration, it requires
> additional information exchanged in the TLS handshake. ACK Delay is the
> only field I know of which has this duality.
>
> I can write a function which takes a QUIC packet payload and outputs a
> list of qlog $QuicFrames, with the sole exception of the ACK Delay field
> which requires access to the ack_delay_exponent. And as the
> ack_delay_exponent is not known early in the handshake, it's currently
> impossible to fully log early ACK frames. (Probably the right choice under
> the current design is to not emit the ack_delay field in this case.)
>
> On Fri, Nov 10, 2023 at 9:20 AM Lucas Pardue <lucaspardue.24.7@gmail.com>
> wrote:
>
>> These use cases seem like they are more general than just one field in
>> one frame type.
>>
>> I don't want to commit to doing 1 thing if it's the start of a string of
>> work that updates many other events.
>>
>> Would you be willing to survey all current events (modulo qpack, which we
>> are removing) in order understand the full scope of change?
>>
>> Cheers
>> Lucas
>>
>> On Fri, 10 Nov 2023, 17:31 Damien Neil, <dneil=
>> 40google.com@dmarc.ietf.org> wrote:
>>
>>> Consider an endpoint processing an ACK frame in an Initial packet
>>> received before transport parameters have been received. This can happen
>>> when, for example, a client's Initial CRYPTO flight is too large to fit in
>>> a single datagram; the server will send an ACK for the first Initial packet
>>> before it has the ability to send transport parameters in the Handshake
>>> flight. Or even in the case where the client Initial CRYPTO flight fits in
>>> one datagram, the server may respond with an ACK in an Initial packet prior
>>> to sending a Handshake packet.
>>>
>>> In this case, the client is processing an ACK frame that may contain a
>>> non-zero ACK Delay value, but has no ability to interpret it because it
>>> doesn't know the peer's ack_delay_exponent. I forget whether it's permitted
>>> for an endpoint to send a non-zero ACK Delay in an Initial packet, but even
>>> if it isn't, the recipient may want to log the value.
>>>
>>> Or one could imagine a tool which converts a pcap packet capture to a
>>> qlog file; in this case, the tool may have access to a key log to permit it
>>> to decrypt packets, but may be processing a section of the log that does
>>> not include the handshake.
>>>
>>> On Fri, Nov 10, 2023 at 12:48 AM Marten Seemann <martenseemann@gmail.com>
>>> wrote:
>>>
>>>> There's a tradeoff here: Giving writers of qlog files more flexibility
>>>> comes at a cost to consumers of qlog files, who now need to support
>>>> multiple representations. There's a lot of value in having only a single
>>>> way to log something.
>>>>
>>>> I'm not sure the proposal for unscaled_ack_delay strikes the right
>>>> balance here. For a consumer of a qlog file, I can't think of a single
>>>> scenario where the unscaled_ack_delay would provide any advantage over the
>>>> actual value, so introducing this option would purely to make the writer's
>>>> life easier. And I'm struggling to see why logging the ack_delay would
>>>> place a big burden on the writer, since a QUIC stack will need to decode
>>>> this field at some point anyway.
>>>>
>>>> On Thu, 9 Nov 2023 at 22:44, Damien Neil <dneil=
>>>> 40google.com@dmarc.ietf.org> wrote:
>>>>
>>>>> The qlog AckFrame type includes the ack delay as a float32 number of
>>>>> milliseconds:
>>>>>
>>>>> AckFrame = {
>>>>>     frame_type: "ack"
>>>>>
>>>>>     ; in ms
>>>>>     ? ack_delay: float32
>>>>>     ; ...
>>>>> }
>>>>>
>>>>>
>>>>> https://www.ietf.org/archive/id/draft-ietf-quic-qlog-quic-events-06.html#section-8.12.3
>>>>>
>>>>> Given a serialized ack frame, determining the delay as a duration
>>>>> requires knowing the ack_delay_exponent. In some cases, the logging
>>>>> endpoint may not have this available (if receiving an ack before transport
>>>>> parameters have been received). Even when available, it may not be easily
>>>>> accessible at the point of logging. For example, in my own implementation,
>>>>> I'd like to be able to convert a packet payload to a series of qlog event
>>>>> frames without needing to reference persistent connection state.
>>>>>
>>>>> I think there should be an alternative to log the raw value of the ACK
>>>>> Delay field:
>>>>>
>>>>> AckFrame = {
>>>>>     frame_type: "ack"
>>>>>
>>>>>     ; in ms
>>>>>     ? ack_delay: float32
>>>>>
>>>>>     ; integer value of the ACK Delay field, not scaled by the
>>>>> ack_delay_exponent
>>>>>     ? unscaled_ack_delay: uint64
>>>>>
>>>>>     ; ...
>>>>> }
>>>>>
>>>>> - Damien
>>>>>
>>>>