analyzer: quic: some optimizations

analyzer/udp/quic.go

@@ -45,6 +45,8 @@ type quicStream struct {
 	frames       map[int64][]byte
 	maxEnd       int64
 	connIDs      [][]byte
+	lastHint     quic.DecryptSuccessHint
+	hasLastHint  bool
 }
 
 func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done bool) {
@@ -59,10 +61,19 @@ func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done b
 		s.rememberConnID(hdr.DestConnectionID)
 		s.rememberConnID(hdr.SrcConnectionID)
 	}
-	frs, err := quic.ReadCryptoFramesWithOptions(data, &quic.ReadCryptoFramesOptions{
+	hint := quic.DecryptSuccessHint{}
+	opts := &quic.ReadCryptoFramesOptions{
 		AdditionalConnectionIDs: s.connIDs,
 		TryServerSecret:         true,
-	})
+		SuccessHint:             &hint,
+	}
+	if s.hasLastHint {
+		opts.PreferredConnectionID = append([]byte(nil), s.lastHint.ConnectionID...)
+		opts.PreferredSecretLabel = s.lastHint.SecretLabel
+		opts.PreferredPNMax = s.lastHint.PacketNumberMax
+		opts.HasPreferredPNMax = true
+	}
+	frs, err := quic.ReadCryptoFramesWithOptions(data, opts)
 	if err != nil {
 		if errors.Is(err, quic.ErrNotInitialPacket) {
 			return nil, false
@@ -86,6 +97,11 @@ func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done b
 		s.invalidCount++
 		return nil, s.invalidCount >= quicInvalidCountThreshold
 	}
+	if len(hint.ConnectionID) > 0 {
+		s.lastHint = hint
+		s.hasLastHint = true
+		s.rememberConnID(hint.ConnectionID)
+	}
 	if len(frs) == 0 {
 		s.invalidCount++
 		return nil, s.invalidCount >= quicInvalidCountThreshold