c7b8007ce7
Two receive-path findings from the networking audit: 1. The anti-replay window (4096 seqs) silently re-tightened the "late ≠ lost" fix: at 1 Gbps (~125k pkt/s) it spans only ~33 ms, so a Wi-Fi-retry-delayed shard the reassembler's 120 ms loss window would still use was dropped HERE first as "older than the window" — recreating the false-loss → recovery-IDR churn the time-based loss window was built to kill, exactly on the high-rate links punktfunk targets. Widened to 32768 (covers 120 ms up to ~270k pkt/s, ≈2 Gbps+); the bitmap costs 4 KiB per session and the replay-hiding bound stays finite. 2. Every received datagram still paid one Vec allocation in the AES-GCM open (and a to_vec on the plaintext probe path) — ~125k allocs/s of cross-thread allocator churn at line rate, the same class of overhead that was the documented single-core wall on the macOS receive path. New `SessionCrypto::open_in_place` (mirror of seal_in_place; GCM verifies the tag BEFORE decrypting, so a forged packet never yields plaintext) lets `poll_frame` decrypt inside the recv ring and hand the reassembler a slice. Byte-identical semantics, unit-tested against `open` incl. tamper/runt cases; criterion entry added next to seal_in_place. Tests: 94 core unit + loopback/c_abi suites green; clippy clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
117 lines
4.8 KiB
Rust
117 lines
4.8 KiB
Rust
//! Tier-1 microbenchmarks for the punktfunk/1 hot path — GPU-free, so they run in normal CI.
|
|
//!
|
|
//! Two layers:
|
|
//! - `crypto/*` — the isolated AES-128-GCM primitives on one ~MTU shard.
|
|
//! - `pipeline/*`— a whole frame through the real per-frame path end to end over the in-process
|
|
//! loopback transport: FEC encode → AES-GCM seal → packetize → (loopback) → reassemble →
|
|
//! FEC decode → open. This is what a throughput/latency regression in the core would show up in.
|
|
//!
|
|
//! The GPU capture/NVENC encode path is deliberately out of scope here (no GPU in CI) — that's the
|
|
//! Tier-3 stream benchmark on a self-hosted GPU runner. Run locally with `cargo bench -p punktfunk-core`.
|
|
|
|
use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion, Throughput};
|
|
use punktfunk_core::config::{Config, FecConfig, FecScheme, ProtocolPhase, Role};
|
|
use punktfunk_core::crypto::SessionCrypto;
|
|
use punktfunk_core::session::Session;
|
|
use punktfunk_core::transport::loopback_pair;
|
|
|
|
const TAG_LEN: usize = 16; // AES-GCM authentication tag
|
|
const SHARD: usize = punktfunk_core::config::mtu1500_shard_payload(); // one MTU-safe data shard
|
|
|
|
fn cfg(role: Role, scheme: FecScheme) -> Config {
|
|
Config {
|
|
role,
|
|
phase: match scheme {
|
|
FecScheme::Gf8 => ProtocolPhase::P1GameStream,
|
|
FecScheme::Gf16 => ProtocolPhase::P2Punktfunk,
|
|
},
|
|
fec: FecConfig {
|
|
scheme,
|
|
fec_percent: 25,
|
|
// GF(2^8) is capped at ≤255 shards/block (Moonlight-compatible); GF(2^16) Leopard goes
|
|
// far higher. Use a realistic, valid block size for each.
|
|
max_data_per_block: match scheme {
|
|
FecScheme::Gf8 => 128,
|
|
FecScheme::Gf16 => 4096,
|
|
},
|
|
},
|
|
shard_payload: SHARD,
|
|
max_frame_bytes: 8 * 1024 * 1024,
|
|
encrypt: true, // bench the real path — crypto is always on for punktfunk/1
|
|
key: [7u8; 16],
|
|
salt: [1, 2, 3, 4],
|
|
loopback_drop_period: 0, // throughput run: no induced loss (loss-harness covers recovery)
|
|
}
|
|
}
|
|
|
|
fn bench_crypto(c: &mut Criterion) {
|
|
let host = SessionCrypto::new(&[7u8; 16], [1, 2, 3, 4], Role::Host);
|
|
let client = SessionCrypto::new(&[7u8; 16], [1, 2, 3, 4], Role::Client);
|
|
let payload = vec![0xABu8; SHARD];
|
|
let sealed = host.seal(0, &payload).unwrap();
|
|
|
|
let mut g = c.benchmark_group("crypto");
|
|
g.throughput(Throughput::Bytes(SHARD as u64));
|
|
g.bench_function("seal", |b| {
|
|
let mut seq = 0u64;
|
|
b.iter(|| {
|
|
let ct = host.seal(seq, black_box(&payload)).unwrap();
|
|
seq += 1;
|
|
black_box(ct)
|
|
})
|
|
});
|
|
g.bench_function("seal_in_place", |b| {
|
|
let mut seq = 0u64;
|
|
let mut buf = vec![0xABu8; SHARD + TAG_LEN];
|
|
b.iter(|| {
|
|
host.seal_in_place(seq, black_box(&mut buf)).unwrap();
|
|
seq += 1;
|
|
})
|
|
});
|
|
g.bench_function("open", |b| {
|
|
b.iter(|| black_box(client.open(0, black_box(&sealed)).unwrap()))
|
|
});
|
|
g.bench_function("open_in_place", |b| {
|
|
// In-place open consumes the buffer, so each iteration restores the ciphertext first —
|
|
// one memcpy, mirroring what the recv ring does when the next datagram lands in the slot.
|
|
let mut buf = sealed.clone();
|
|
b.iter(|| {
|
|
buf.copy_from_slice(black_box(&sealed));
|
|
black_box(client.open_in_place(0, &mut buf).unwrap());
|
|
})
|
|
});
|
|
g.finish();
|
|
}
|
|
|
|
fn bench_pipeline(c: &mut Criterion) {
|
|
let mut g = c.benchmark_group("pipeline");
|
|
// 64 KB ≈ a steady-state P-frame; 1 MB ≈ a keyframe/scene-cut. Both FEC schemes (GF(2^8)
|
|
// GameStream-compat vs GF(2^16) Leopard, the wall-breaker).
|
|
for scheme in [FecScheme::Gf8, FecScheme::Gf16] {
|
|
let label = match scheme {
|
|
FecScheme::Gf8 => "gf8",
|
|
FecScheme::Gf16 => "gf16",
|
|
};
|
|
for &size in &[64 * 1024usize, 1024 * 1024] {
|
|
g.throughput(Throughput::Bytes(size as u64));
|
|
g.bench_with_input(BenchmarkId::new(label, size), &size, |b, &size| {
|
|
let (h, cl) = loopback_pair(0, 0);
|
|
let mut host = Session::new(cfg(Role::Host, scheme), Box::new(h)).unwrap();
|
|
let mut client = Session::new(cfg(Role::Client, scheme), Box::new(cl)).unwrap();
|
|
let frame = vec![0x5Au8; size];
|
|
let mut seq = 0u64;
|
|
b.iter(|| {
|
|
host.submit_frame(black_box(&frame), seq, 0).unwrap();
|
|
let f = client.poll_frame().unwrap();
|
|
seq += 1;
|
|
black_box(f)
|
|
})
|
|
});
|
|
}
|
|
}
|
|
g.finish();
|
|
}
|
|
|
|
criterion_group!(benches, bench_crypto, bench_pipeline);
|
|
criterion_main!(benches);
|