fix: cherry-pick of #3573 for Neqo v0.26.1 by mxinden · Pull Request #3574 · mozilla/neqo

mxinden · 2026-04-24T12:56:17Z

Cherry-pick of #3573 for Neqo v0.26.1 to be landed into Firefox 151 (currently Firefox Beta).

Note that this pull request targets the v0.26 Git branch, branched off of the v0.26.1 Git tag.

The `scone` connection parameter (off by default since mozilla#3492) only gated advertisement of the SCONE transport parameter. The Initial- packet SCONE indication (`0xc8 0x13`) was still emitted unconditionally, so every default-config client was signaling SCONE on the wire without actually negotiating it. This is suspected — not yet confirmed — to be the cause of a Firefox 150 regression where Facebook's edge reacts to the indicator and Bitdefender's HTTP/3 inspection then trips on the altered server-side frames (bug 2034178). The QUIC handshake still completes, so the H3->H2 fallback never kicks in. Gate both the build-time reservation and the pad-time indicator on `scone_enabled()`; when disabled, pad Initials with zeros as before SCONE was introduced.

codecov · 2026-04-24T13:01:18Z

Codecov Report

❌ Patch coverage is 76.92308% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.53%. Comparing base (7c0b85f) to head (0eb6238).
⚠️ Report is 2 commits behind head on v0.26.

Additional details and impacted files

@@           Coverage Diff           @@
##            v0.26    #3574   +/-   ##
=======================================
  Coverage   94.53%   94.53%           
=======================================
  Files         127      127           
  Lines       39627    39632    +5     
  Branches    39627    39632    +5     
=======================================
+ Hits        37462    37468    +6     
+ Misses       1328     1327    -1     
  Partials      837      837

Flag	Coverage Δ
linux	`94.49% <76.92%> (-0.01%)`	⬇️
macos	`94.45% <76.92%> (-0.01%)`	⬇️
windows	`94.49% <76.92%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
neqo-common	`98.61% <ø> (ø)`
neqo-crypto	`87.08% <ø> (ø)`
neqo-http3	`93.92% <ø> (ø)`
neqo-qpack	`95.14% <ø> (ø)`
neqo-transport	`95.57% <76.92%> (+<0.01%)`	⬆️
neqo-udp	`84.90% <ø> (ø)`
mtu	`86.61% <ø> (ø)`

codspeed-hq · 2026-04-24T13:06:17Z

Merging this PR will degrade performance by 5.71%

⚠️

Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

❌ 4 regressed benchmarks
✅ 20 untouched benchmarks
⏩ 27 skipped benchmarks¹

⚠️ Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Mode	Benchmark	`BASE`	`HEAD`	Efficiency
❌	Simulation	`coalesce_acked_from_zero 10+1 entries`	3.1 µs	3.2 µs	-3.68%
❌	Simulation	`coalesce_acked_from_zero 1000+1 entries`	2.6 µs	2.7 µs	-4.34%
❌	Simulation	`coalesce_acked_from_zero 3+1 entries`	3.1 µs	3.2 µs	-3.68%
❌	Simulation	`coalesce_acked_from_zero 1+1 entries`	2.9 µs	3.1 µs	-5.71%

_{Comparing mxinden:v0.26-disable-scone-padding (0eb6238) with main (faa1437)²}

27 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩
No successful run was found on v0.26 (7c0b85f) during the generation of this report, so main (faa1437) was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

github-actions · 2026-04-24T13:20:30Z

Benchmark results

Significant performance differences relative to 7c0b85f.

streams/walltime/1000-streams/each-1000-bytes: 💚 Performance has improved by -2.7700%.

       time:   [44.342 ms 44.424 ms 44.538 ms]
       change: [-2.9709% -2.7700% -2.5557] (p = 0.00 < 0.05)
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
1 (1.00%) high mild
1 (1.00%) high severe

All results

transfer/1-conn/1-100mb-resp (aka. Download)/mtu-1504: No change in performance detected.

       time:   [207.86 ms 208.27 ms 208.79 ms]
       thrpt:  [478.96 MiB/s 480.13 MiB/s 481.10 MiB/s]
change:
       time:   [-0.3399% -0.0789% +0.2138] (p = 0.58 > 0.05)
       thrpt:  [-0.2134% +0.0790% +0.3410]
       No change in performance detected.
Found 4 outliers among 100 measurements (4.00%)
2 (2.00%) high mild
2 (2.00%) high severe

transfer/1-conn/10_000-parallel-1b-resp (aka. RPS)/mtu-1504: No change in performance detected.

       time:   [283.61 ms 285.57 ms 287.58 ms]
       thrpt:  [34.773 Kelem/s 35.017 Kelem/s 35.260 Kelem/s]
change:
       time:   [-0.7936% +0.1327% +1.0635] (p = 0.79 > 0.05)
       thrpt:  [-1.0523% -0.1326% +0.8000]
       No change in performance detected.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

transfer/1-conn/1-1b-resp (aka. HPS)/mtu-1504: Change within noise threshold.

       time:   [38.801 ms 38.981 ms 39.178 ms]
       thrpt:  [25.525   B/s 25.653   B/s 25.772   B/s]
change:
       time:   [+0.1492% +0.8027% +1.4976] (p = 0.02 < 0.05)
       thrpt:  [-1.4755% -0.7963% -0.1490]
       Change within noise threshold.
Found 14 outliers among 100 measurements (14.00%)
4 (4.00%) high mild
10 (10.00%) high severe

transfer/1-conn/1-100mb-req (aka. Upload)/mtu-1504: Change within noise threshold.

       time:   [208.34 ms 208.68 ms 209.03 ms]
       thrpt:  [478.40 MiB/s 479.21 MiB/s 479.98 MiB/s]
change:
       time:   [-0.6873% -0.4142% -0.1606] (p = 0.00 < 0.05)
       thrpt:  [+0.1608% +0.4159% +0.6920]
       Change within noise threshold.
Found 2 outliers among 100 measurements (2.00%)
1 (1.00%) high mild
1 (1.00%) high severe

streams/walltime/1-streams/each-1000-bytes: Change within noise threshold.

       time:   [585.77 µs 587.79 µs 590.12 µs]
       change: [-1.2614% -0.7057% -0.1433] (p = 0.01 < 0.05)
       Change within noise threshold.
Found 10 outliers among 100 measurements (10.00%)
2 (2.00%) high mild
8 (8.00%) high severe

streams/walltime/1000-streams/each-1-bytes: Change within noise threshold.

       time:   [12.315 ms 12.332 ms 12.348 ms]
       change: [-1.2941% -1.0751% -0.8687] (p = 0.00 < 0.05)
       Change within noise threshold.

streams/walltime/1000-streams/each-1000-bytes: 💚 Performance has improved by -2.7700%.

       time:   [44.342 ms 44.424 ms 44.538 ms]
       change: [-2.9709% -2.7700% -2.5557] (p = 0.00 < 0.05)
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
1 (1.00%) high mild
1 (1.00%) high severe

transfer/walltime/pacing-false/varying-seeds: Change within noise threshold.

       time:   [80.013 ms 80.071 ms 80.129 ms]
       change: [-2.2837% -2.0832% -1.9319] (p = 0.00 < 0.05)
       Change within noise threshold.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

transfer/walltime/pacing-true/varying-seeds: Change within noise threshold.

       time:   [81.388 ms 81.440 ms 81.494 ms]
       change: [-2.1614% -2.0366% -1.9273] (p = 0.00 < 0.05)
       Change within noise threshold.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

transfer/walltime/pacing-false/same-seed: Change within noise threshold.

       time:   [79.778 ms 79.827 ms 79.878 ms]
       change: [-2.2498% -2.0836% -1.9537] (p = 0.00 < 0.05)
       Change within noise threshold.
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high mild

transfer/walltime/pacing-true/same-seed: Change within noise threshold.

       time:   [81.514 ms 81.577 ms 81.647 ms]
       change: [-2.3417% -2.1562% -2.0092] (p = 0.00 < 0.05)
       Change within noise threshold.
Found 3 outliers among 100 measurements (3.00%)
2 (2.00%) high mild
1 (1.00%) high severe

Download data for profiler.firefox.com or download performance comparison data.

Copilot

Pull request overview

This PR cherry-picks the fix from #3573 onto the v0.26 release branch to ensure the SCONE Initial padding indicator is only emitted when the scone connection parameter is enabled, avoiding unintended on-the-wire signaling in default configurations (relevant to Firefox Beta uplift for the reported regression).

Changes:

Gate Initial SCONE padding reservation and SCONE indication emission on conn_params.scone_enabled(), and pad with zeros when SCONE is disabled.
Update the corrupted_initial handshake test to align with zero-padding behavior when SCONE is disabled.
Bump workspace version to 0.26.1 and update Cargo.lock package versions accordingly.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
`neqo-transport/src/connection/mod.rs`	Only reserve/emit SCONE Initial indication when `scone_enabled()`; otherwise pad Initials with zeros.
`neqo-transport/src/connection/tests/handshake.rs`	Adjust test logic for finding a corruption target now that default padding is zeros.
`Cargo.toml`	Workspace version bump to `0.26.1`.
`Cargo.lock`	Lockfile updated to reflect `0.26.1` workspace crate versions.

github-actions · 2026-04-24T13:35:44Z

Client/server transfer results

Performance differences relative to 7c0b85f.

Transfer of 33554432 bytes over loopback, min. 100 runs. All unit-less numbers are in milliseconds.

Client vs. server (params)	Mean ± σ	Min	Max	MiB/s ± σ	Δ `baseline`	Δ `baseline`
neqo-neqo-newreno-nopacing	94.3 ± 4.0	87.8	104.1	339.5 ± 8.0	💚 -2.4	-2.4%
neqo-s2n-cubic	221.3 ± 3.4	212.8	228.7	144.6 ± 9.4	💔 2.4	1.1%
quiche-neqo-cubic	180.3 ± 5.9	166.4	210.7	177.5 ± 5.4	💔 1.6	0.9%
s2n-neqo-cubic	221.2 ± 4.3	215.1	240.0	144.7 ± 7.4	💚 -1.5	-0.7%

Table above only shows statistically significant changes. See all results below.

All results

Transfer of 33554432 bytes over loopback, min. 100 runs. All unit-less numbers are in milliseconds.

Client vs. server (params)	Mean ± σ	Min	Max	MiB/s ± σ	Δ `baseline`	Δ `baseline`
google-google-nopacing	457.3 ± 4.7	449.2	468.5	70.0 ± 6.8
google-neqo-cubic	271.8 ± 4.5	261.9	291.2	117.7 ± 7.1	-0.4	-0.2%
msquic-msquic-nopacing	162.9 ± 40.7	134.3	420.4	196.5 ± 0.8
msquic-neqo-cubic	185.9 ± 40.9	146.4	438.0	172.1 ± 0.8	5.2	2.9%
neqo-google-cubic	752.7 ± 5.1	742.8	771.9	42.5 ± 6.3	0.4	0.1%
neqo-msquic-cubic	158.7 ± 4.1	150.4	166.4	201.7 ± 7.8	0.1	0.1%
neqo-neqo-cubic	96.6 ± 4.0	88.2	104.5	331.3 ± 8.0	0.1	0.1%
neqo-neqo-cubic-nopacing	95.8 ± 3.8	86.9	104.4	334.2 ± 8.4	-0.8	-0.8%
neqo-neqo-newreno	96.6 ± 4.4	85.4	104.6	331.3 ± 7.3	0.3	0.3%
neqo-neqo-newreno-nopacing	94.3 ± 4.0	87.8	104.1	339.5 ± 8.0	💚 -2.4	-2.4%
neqo-quiche-cubic	191.7 ± 3.7	186.3	201.0	167.0 ± 8.6	-0.8	-0.4%
neqo-s2n-cubic	221.3 ± 3.4	212.8	228.7	144.6 ± 9.4	💔 2.4	1.1%
quiche-neqo-cubic	180.3 ± 5.9	166.4	210.7	177.5 ± 5.4	💔 1.6	0.9%
quiche-quiche-nopacing	139.7 ± 4.4	134.2	153.3	229.1 ± 7.3
s2n-neqo-cubic	221.2 ± 4.3	215.1	240.0	144.7 ± 7.4	💚 -1.5	-0.7%
s2n-s2n-nopacing	296.0 ± 24.0	280.0	393.6	108.1 ± 1.3

Download data for profiler.firefox.com or download performance comparison data.

github-actions · 2026-04-24T13:47:43Z

Failed Interop Tests

QUIC Interop Runner, client vs. server, differences relative to v0.26 at 7c0b85f.

neqo-pr as client	neqo-pr as server
neqo-pr vs. go-x-net: BP BA neqo-pr vs. haproxy: BP BA neqo-pr vs. kwik: 🚀C1 BP BA neqo-pr vs. lsquic: run cancelled after 20 min neqo-pr vs. msquic: A L1 C1 neqo-pr vs. mvfst: A BP BA neqo-pr vs. neqo: A neqo-pr vs. nginx: BP BA neqo-pr vs. ngtcp2: CM neqo-pr vs. picoquic: A 🚀~~BP BA~~ neqo-pr vs. quic-go: A neqo-pr vs. quiche: BP BA neqo-pr vs. s2n-quic: BP BA CM neqo-pr vs. tquic: S BP BA neqo-pr vs. xquic: A 🚀C1	aioquic vs. neqo-pr: Z ⚠️C1 CM go-x-net vs. neqo-pr: CM kwik vs. neqo-pr: Z BP BA CM lsquic vs. neqo-pr: Z msquic vs. neqo-pr: Z ⚠️L1 CM mvfst vs. neqo-pr: Z A L1 C1 CM neqo vs. neqo-pr: Z A openssl vs. neqo-pr: LR M A CM picoquic vs. neqo-pr: Z quic-go vs. neqo-pr: CM quiche vs. neqo-pr: Z 🚀C1 CM quinn vs. neqo-pr: Z V2 CM s2n-quic vs. neqo-pr: 🚀L1 CM tquic vs. neqo-pr: Z CM xquic vs. neqo-pr: M CM

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

neqo-pr as client

neqo-pr vs. aioquic: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2 BP BA
neqo-pr vs. go-x-net: H DC LR M B U A L2 C2 6
neqo-pr vs. haproxy: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
neqo-pr vs. kwik: H DC LR C20 M S R Z 3 B U A L1 L2 🚀C1 C2 6 V2
neqo-pr vs. linuxquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
neqo-pr vs. msquic: H DC LR C20 M S R Z B U L2 C2 6 V2 BP BA
neqo-pr vs. mvfst: H DC LR M R Z 3 B U L1 L2 C1 C2 6
neqo-pr vs. neqo: H DC LR C20 M S R Z 3 B U E L1 L2 C1 C2 6 V2 BP BA CM
neqo-pr vs. nginx: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
neqo-pr vs. ngtcp2: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
neqo-pr vs. picoquic: H DC LR C20 M S R Z 3 B U E L1 L2 C1 C2 6 V2 🚀~~BP BA~~ CM
neqo-pr vs. quic-go: H DC LR C20 M S R Z 3 B U L1 L2 C1 C2 6 BP BA
neqo-pr vs. quiche: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
neqo-pr vs. quinn: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 BP BA
neqo-pr vs. s2n-quic: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6
neqo-pr vs. tquic: H DC LR C20 M R Z 3 B U A L1 L2 C1 C2 6
neqo-pr vs. xquic: H DC LR C20 M S R Z 3 B U L1 L2 🚀C1 C2 6 BP BA

neqo-pr as server

aioquic vs. neqo-pr: H DC LR C20 M S R 3 B U A L1 L2 ⚠️C1 C2 6 V2 BP BA
chrome vs. neqo-pr: 3
go-x-net vs. neqo-pr: H DC LR M B U A L2 C2 6 BP BA
kwik vs. neqo-pr: H DC LR C20 M S R 3 B U A L1 L2 C1 C2 6 V2
linuxquic vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
lsquic vs. neqo-pr: H DC LR C20 M S R 3 B E A L1 L2 C1 C2 6 V2 BP BA CM
msquic vs. neqo-pr: H DC LR C20 M S R B U A ⚠️L1 L2 C1 C2 6 V2 BP BA
mvfst vs. neqo-pr: H DC LR M 3 B L2 C2 6 BP BA
neqo vs. neqo-pr: H DC LR C20 M S R 3 B U E L1 L2 C1 C2 6 V2 BP BA CM
ngtcp2 vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
openssl vs. neqo-pr: H DC C20 S R 3 B L2 C2 6 BP BA
picoquic vs. neqo-pr: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
quic-go vs. neqo-pr: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 BP BA
quiche vs. neqo-pr: H DC LR M S R 3 B A L1 L2 🚀C1 C2 6 BP BA
quinn vs. neqo-pr: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6 BP BA
s2n-quic vs. neqo-pr: H DC LR M S R 3 B E A 🚀L1 L2 C1 C2 6 BP BA
tquic vs. neqo-pr: H DC LR M S R 3 B A L1 L2 C1 C2 6 BP BA
xquic vs. neqo-pr: H DC LR C20 S R Z 3 B U A L1 L2 C1 C2 6 BP BA

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

neqo-pr as client

neqo-pr vs. aioquic: E CM
neqo-pr vs. go-x-net: C20 S R Z 3 E L1 C1 V2 CM
neqo-pr vs. haproxy: E CM
neqo-pr vs. kwik: E CM
neqo-pr vs. msquic: 3 E CM
neqo-pr vs. mvfst: C20 S E V2 CM
neqo-pr vs. nginx: E V2 CM
neqo-pr vs. quic-go: E V2 CM
neqo-pr vs. quiche: E V2 CM
neqo-pr vs. quinn: V2 CM
neqo-pr vs. s2n-quic: Z V2
neqo-pr vs. tquic: E V2 CM
neqo-pr vs. xquic: E V2 CM

neqo-pr as server

aioquic vs. neqo-pr: E
chrome vs. neqo-pr: H DC LR C20 M S R Z B U E A L1 L2 C1 C2 6 V2 BP BA CM
go-x-net vs. neqo-pr: C20 S R Z 3 E L1 C1 V2
kwik vs. neqo-pr: E
lsquic vs. neqo-pr: U
msquic vs. neqo-pr: 3 E
mvfst vs. neqo-pr: C20 S R U E V2
openssl vs. neqo-pr: Z U E L1 C1 V2
quic-go vs. neqo-pr: E V2
quiche vs. neqo-pr: C20 U E V2
s2n-quic vs. neqo-pr: C20 Z U V2
tquic vs. neqo-pr: C20 U E V2
xquic vs. neqo-pr: E V2

mxinden added 2 commits April 24, 2026 14:51

chore(Cargo.toml): prepare v0.26.1 release

0eb6238

mxinden marked this pull request as ready for review April 24, 2026 13:21

mxinden requested a review from KershawChang as a code owner April 24, 2026 13:21

Copilot AI review requested due to automatic review settings April 24, 2026 13:21

mxinden requested review from larseggert and martinthomson as code owners April 24, 2026 13:21

Copilot started reviewing on behalf of mxinden April 24, 2026 13:22 View session

larseggert approved these changes Apr 24, 2026

View reviewed changes

Copilot AI reviewed Apr 24, 2026

View reviewed changes

mxinden merged commit 0eb6238 into mozilla:v0.26 Apr 24, 2026
249 of 261 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: cherry-pick of #3573 for Neqo v0.26.1#3574

fix: cherry-pick of #3573 for Neqo v0.26.1#3574
mxinden merged 2 commits intomozilla:v0.26from
mxinden:v0.26-disable-scone-padding

mxinden commented Apr 24, 2026

Uh oh!

codecov Bot commented Apr 24, 2026 •

edited

Loading

Uh oh!

codspeed-hq Bot commented Apr 24, 2026

Uh oh!

github-actions Bot commented Apr 24, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

github-actions Bot commented Apr 24, 2026

Uh oh!

github-actions Bot commented Apr 24, 2026

Succeeded Interop Tests

neqo-pr as client

neqo-pr as server

Unsupported Interop Tests

neqo-pr as client

neqo-pr as server

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

mxinden commented Apr 24, 2026

Uh oh!

codecov Bot commented Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

codspeed-hq Bot commented Apr 24, 2026

Merging this PR will degrade performance by 5.71%

Performance Changes

Footnotes

Uh oh!

github-actions Bot commented Apr 24, 2026

Benchmark results

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

github-actions Bot commented Apr 24, 2026

Client/server transfer results

Uh oh!

github-actions Bot commented Apr 24, 2026

Failed Interop Tests

Succeeded Interop Tests

neqo-pr as client

neqo-pr as server

Unsupported Interop Tests

neqo-pr as client

neqo-pr as server

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov Bot commented Apr 24, 2026 •

edited

Loading