use go 1.12

Signed-off-by: hongming <talonwan@yunify.com>

vendor/github.com/lucas-clemente/quic-go/internal/protocol/connection_id.go

@@ -0,0 +1,69 @@
+package protocol
+
+import (
+	"bytes"
+	"crypto/rand"
+	"fmt"
+	"io"
+)
+
+// A ConnectionID in QUIC
+type ConnectionID []byte
+
+const maxConnectionIDLen = 18
+
+// GenerateConnectionID generates a connection ID using cryptographic random
+func GenerateConnectionID(len int) (ConnectionID, error) {
+	b := make([]byte, len)
+	if _, err := rand.Read(b); err != nil {
+		return nil, err
+	}
+	return ConnectionID(b), nil
+}
+
+// GenerateConnectionIDForInitial generates a connection ID for the Initial packet.
+// It uses a length randomly chosen between 8 and 18 bytes.
+func GenerateConnectionIDForInitial() (ConnectionID, error) {
+	r := make([]byte, 1)
+	if _, err := rand.Read(r); err != nil {
+		return nil, err
+	}
+	len := MinConnectionIDLenInitial + int(r[0])%(maxConnectionIDLen-MinConnectionIDLenInitial+1)
+	return GenerateConnectionID(len)
+}
+
+// ReadConnectionID reads a connection ID of length len from the given io.Reader.
+// It returns io.EOF if there are not enough bytes to read.
+func ReadConnectionID(r io.Reader, len int) (ConnectionID, error) {
+	if len == 0 {
+		return nil, nil
+	}
+	c := make(ConnectionID, len)
+	_, err := io.ReadFull(r, c)
+	if err == io.ErrUnexpectedEOF {
+		return nil, io.EOF
+	}
+	return c, err
+}
+
+// Equal says if two connection IDs are equal
+func (c ConnectionID) Equal(other ConnectionID) bool {
+	return bytes.Equal(c, other)
+}
+
+// Len returns the length of the connection ID in bytes
+func (c ConnectionID) Len() int {
+	return len(c)
+}
+
+// Bytes returns the byte representation
+func (c ConnectionID) Bytes() []byte {
+	return []byte(c)
+}
+
+func (c ConnectionID) String() string {
+	if c.Len() == 0 {
+		return "(empty)"
+	}
+	return fmt.Sprintf("%#x", c.Bytes())
+}

vendor/github.com/lucas-clemente/quic-go/internal/protocol/encryption_level.go

@@ -0,0 +1,28 @@
+package protocol
+
+// EncryptionLevel is the encryption level
+// Default value is Unencrypted
+type EncryptionLevel int
+
+const (
+	// EncryptionUnspecified is a not specified encryption level
+	EncryptionUnspecified EncryptionLevel = iota
+	// EncryptionUnencrypted is not encrypted
+	EncryptionUnencrypted
+	// EncryptionSecure is encrypted, but not forward secure
+	EncryptionSecure
+	// EncryptionForwardSecure is forward secure
+	EncryptionForwardSecure
+)
+
+func (e EncryptionLevel) String() string {
+	switch e {
+	case EncryptionUnencrypted:
+		return "unencrypted"
+	case EncryptionSecure:
+		return "encrypted (not forward-secure)"
+	case EncryptionForwardSecure:
+		return "forward-secure"
+	}
+	return "unknown"
+}

vendor/github.com/lucas-clemente/quic-go/internal/protocol/packet_number.go

@@ -0,0 +1,70 @@
+package protocol
+
+// InferPacketNumber calculates the packet number based on the received packet number, its length and the last seen packet number
+func InferPacketNumber(
+	packetNumberLength PacketNumberLen,
+	lastPacketNumber PacketNumber,
+	wirePacketNumber PacketNumber,
+	version VersionNumber,
+) PacketNumber {
+	var epochDelta PacketNumber
+	if version.UsesVarintPacketNumbers() {
+		switch packetNumberLength {
+		case PacketNumberLen1:
+			epochDelta = PacketNumber(1) << 7
+		case PacketNumberLen2:
+			epochDelta = PacketNumber(1) << 14
+		case PacketNumberLen4:
+			epochDelta = PacketNumber(1) << 30
+		}
+	} else {
+		epochDelta = PacketNumber(1) << (uint8(packetNumberLength) * 8)
+	}
+	epoch := lastPacketNumber & ^(epochDelta - 1)
+	prevEpochBegin := epoch - epochDelta
+	nextEpochBegin := epoch + epochDelta
+	return closestTo(
+		lastPacketNumber+1,
+		epoch+wirePacketNumber,
+		closestTo(lastPacketNumber+1, prevEpochBegin+wirePacketNumber, nextEpochBegin+wirePacketNumber),
+	)
+}
+
+func closestTo(target, a, b PacketNumber) PacketNumber {
+	if delta(target, a) < delta(target, b) {
+		return a
+	}
+	return b
+}
+
+func delta(a, b PacketNumber) PacketNumber {
+	if a < b {
+		return b - a
+	}
+	return a - b
+}
+
+// GetPacketNumberLengthForHeader gets the length of the packet number for the public header
+// it never chooses a PacketNumberLen of 1 byte, since this is too short under certain circumstances
+func GetPacketNumberLengthForHeader(packetNumber, leastUnacked PacketNumber, version VersionNumber) PacketNumberLen {
+	diff := uint64(packetNumber - leastUnacked)
+	if version.UsesVarintPacketNumbers() && diff < (1<<(14-1)) ||
+		!version.UsesVarintPacketNumbers() && diff < (1<<(16-1)) {
+		return PacketNumberLen2
+	}
+	return PacketNumberLen4
+}
+
+// GetPacketNumberLength gets the minimum length needed to fully represent the packet number
+func GetPacketNumberLength(packetNumber PacketNumber) PacketNumberLen {
+	if packetNumber < (1 << (uint8(PacketNumberLen1) * 8)) {
+		return PacketNumberLen1
+	}
+	if packetNumber < (1 << (uint8(PacketNumberLen2) * 8)) {
+		return PacketNumberLen2
+	}
+	if packetNumber < (1 << (uint8(PacketNumberLen4) * 8)) {
+		return PacketNumberLen4
+	}
+	return PacketNumberLen6
+}

vendor/github.com/lucas-clemente/quic-go/internal/protocol/perspective.go

@@ -0,0 +1,26 @@
+package protocol
+
+// Perspective determines if we're acting as a server or a client
+type Perspective int
+
+// the perspectives
+const (
+	PerspectiveServer Perspective = 1
+	PerspectiveClient Perspective = 2
+)
+
+// Opposite returns the perspective of the peer
+func (p Perspective) Opposite() Perspective {
+	return 3 - p
+}
+
+func (p Perspective) String() string {
+	switch p {
+	case PerspectiveServer:
+		return "Server"
+	case PerspectiveClient:
+		return "Client"
+	default:
+		return "invalid perspective"
+	}
+}

vendor/github.com/lucas-clemente/quic-go/internal/protocol/protocol.go

@@ -0,0 +1,90 @@
+package protocol
+
+import (
+	"fmt"
+)
+
+// A PacketNumber in QUIC
+type PacketNumber uint64
+
+// PacketNumberLen is the length of the packet number in bytes
+type PacketNumberLen uint8
+
+const (
+	// PacketNumberLenInvalid is the default value and not a valid length for a packet number
+	PacketNumberLenInvalid PacketNumberLen = 0
+	// PacketNumberLen1 is a packet number length of 1 byte
+	PacketNumberLen1 PacketNumberLen = 1
+	// PacketNumberLen2 is a packet number length of 2 bytes
+	PacketNumberLen2 PacketNumberLen = 2
+	// PacketNumberLen4 is a packet number length of 4 bytes
+	PacketNumberLen4 PacketNumberLen = 4
+	// PacketNumberLen6 is a packet number length of 6 bytes
+	PacketNumberLen6 PacketNumberLen = 6
+)
+
+// The PacketType is the Long Header Type (only used for the IETF draft header format)
+type PacketType uint8
+
+const (
+	// PacketTypeInitial is the packet type of an Initial packet
+	PacketTypeInitial PacketType = 0x7f
+	// PacketTypeRetry is the packet type of a Retry packet
+	PacketTypeRetry PacketType = 0x7e
+	// PacketTypeHandshake is the packet type of a Handshake packet
+	PacketTypeHandshake PacketType = 0x7d
+	// PacketType0RTT is the packet type of a 0-RTT packet
+	PacketType0RTT PacketType = 0x7c
+)
+
+func (t PacketType) String() string {
+	switch t {
+	case PacketTypeInitial:
+		return "Initial"
+	case PacketTypeRetry:
+		return "Retry"
+	case PacketTypeHandshake:
+		return "Handshake"
+	case PacketType0RTT:
+		return "0-RTT Protected"
+	default:
+		return fmt.Sprintf("unknown packet type: %d", t)
+	}
+}
+
+// A ByteCount in QUIC
+type ByteCount uint64
+
+// MaxByteCount is the maximum value of a ByteCount
+const MaxByteCount = ByteCount(1<<62 - 1)
+
+// An ApplicationErrorCode is an application-defined error code.
+type ApplicationErrorCode uint16
+
+// MaxReceivePacketSize maximum packet size of any QUIC packet, based on
+// ethernet's max size, minus the IP and UDP headers. IPv6 has a 40 byte header,
+// UDP adds an additional 8 bytes.  This is a total overhead of 48 bytes.
+// Ethernet's max packet size is 1500 bytes,  1500 - 48 = 1452.
+const MaxReceivePacketSize ByteCount = 1452
+
+// DefaultTCPMSS is the default maximum packet size used in the Linux TCP implementation.
+// Used in QUIC for congestion window computations in bytes.
+const DefaultTCPMSS ByteCount = 1460
+
+// MinClientHelloSize is the minimum size the server expects an inchoate CHLO to have (in gQUIC)
+const MinClientHelloSize = 1024
+
+// MinInitialPacketSize is the minimum size an Initial packet (in IETF QUIC) is required to have.
+const MinInitialPacketSize = 1200
+
+// MaxClientHellos is the maximum number of times we'll send a client hello
+// The value 3 accounts for:
+// * one failure due to an incorrect or missing source-address token
+// * one failure due the server's certificate chain being unavailable and the server being unwilling to send it without a valid source-address token
+const MaxClientHellos = 3
+
+// ConnectionIDLenGQUIC is the length of the source Connection ID used on gQUIC QUIC packets.
+const ConnectionIDLenGQUIC = 8
+
+// MinConnectionIDLenInitial is the minimum length of the destination connection ID on an Initial packet.
+const MinConnectionIDLenInitial = 8

vendor/github.com/lucas-clemente/quic-go/internal/protocol/server_parameters.go

@@ -0,0 +1,151 @@
+package protocol
+
+import "time"
+
+// MaxPacketSizeIPv4 is the maximum packet size that we use for sending IPv4 packets.
+const MaxPacketSizeIPv4 = 1252
+
+// MaxPacketSizeIPv6 is the maximum packet size that we use for sending IPv6 packets.
+const MaxPacketSizeIPv6 = 1232
+
+// NonForwardSecurePacketSizeReduction is the number of bytes a non forward-secure packet has to be smaller than a forward-secure packet
+// This makes sure that those packets can always be retransmitted without splitting the contained StreamFrames
+const NonForwardSecurePacketSizeReduction = 50
+
+const defaultMaxCongestionWindowPackets = 1000
+
+// DefaultMaxCongestionWindow is the default for the max congestion window
+const DefaultMaxCongestionWindow ByteCount = defaultMaxCongestionWindowPackets * DefaultTCPMSS
+
+// InitialCongestionWindow is the initial congestion window in QUIC packets
+const InitialCongestionWindow ByteCount = 32 * DefaultTCPMSS
+
+// MaxUndecryptablePackets limits the number of undecryptable packets that a
+// session queues for later until it sends a public reset.
+const MaxUndecryptablePackets = 10
+
+// PublicResetTimeout is the time to wait before sending a Public Reset when receiving too many undecryptable packets during the handshake
+// This timeout allows the Go scheduler to switch to the Go rountine that reads the crypto stream and to escalate the crypto
+const PublicResetTimeout = 500 * time.Millisecond
+
+// ReceiveStreamFlowControlWindow is the stream-level flow control window for receiving data
+// This is the value that Google servers are using
+const ReceiveStreamFlowControlWindow = (1 << 10) * 32 // 32 kB
+
+// ReceiveConnectionFlowControlWindow is the connection-level flow control window for receiving data
+// This is the value that Google servers are using
+const ReceiveConnectionFlowControlWindow = (1 << 10) * 48 // 48 kB
+
+// DefaultMaxReceiveStreamFlowControlWindowServer is the default maximum stream-level flow control window for receiving data, for the server
+// This is the value that Google servers are using
+const DefaultMaxReceiveStreamFlowControlWindowServer = 1 * (1 << 20) // 1 MB
+
+// DefaultMaxReceiveConnectionFlowControlWindowServer is the default connection-level flow control window for receiving data, for the server
+// This is the value that Google servers are using
+const DefaultMaxReceiveConnectionFlowControlWindowServer = 1.5 * (1 << 20) // 1.5 MB
+
+// DefaultMaxReceiveStreamFlowControlWindowClient is the default maximum stream-level flow control window for receiving data, for the client
+// This is the value that Chromium is using
+const DefaultMaxReceiveStreamFlowControlWindowClient = 6 * (1 << 20) // 6 MB
+
+// DefaultMaxReceiveConnectionFlowControlWindowClient is the default connection-level flow control window for receiving data, for the client
+// This is the value that Google servers are using
+const DefaultMaxReceiveConnectionFlowControlWindowClient = 15 * (1 << 20) // 15 MB
+
+// ConnectionFlowControlMultiplier determines how much larger the connection flow control windows needs to be relative to any stream's flow control window
+// This is the value that Chromium is using
+const ConnectionFlowControlMultiplier = 1.5
+
+// WindowUpdateThreshold is the fraction of the receive window that has to be consumed before an higher offset is advertised to the client
+const WindowUpdateThreshold = 0.25
+
+// DefaultMaxIncomingStreams is the maximum number of streams that a peer may open
+const DefaultMaxIncomingStreams = 100
+
+// DefaultMaxIncomingUniStreams is the maximum number of unidirectional streams that a peer may open
+const DefaultMaxIncomingUniStreams = 100
+
+// MaxStreamsMultiplier is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this procentual increase and the absolute increment specified by MaxStreamsMinimumIncrement is used.
+const MaxStreamsMultiplier = 1.1
+
+// MaxStreamsMinimumIncrement is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this absolute increment and the procentual increase specified by MaxStreamsMultiplier is used.
+const MaxStreamsMinimumIncrement = 10
+
+// MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed.
+const MaxSessionUnprocessedPackets = defaultMaxCongestionWindowPackets
+
+// SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
+const SkipPacketAveragePeriodLength PacketNumber = 500
+
+// MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
+const MaxTrackedSkippedPackets = 10
+
+// CookieExpiryTime is the valid time of a cookie
+const CookieExpiryTime = 24 * time.Hour
+
+// MaxOutstandingSentPackets is maximum number of packets saved for retransmission.
+// When reached, it imposes a soft limit on sending new packets:
+// Sending ACKs and retransmission is still allowed, but now new regular packets can be sent.
+const MaxOutstandingSentPackets = 2 * defaultMaxCongestionWindowPackets
+
+// MaxTrackedSentPackets is maximum number of sent packets saved for retransmission.
+// When reached, no more packets will be sent.
+// This value *must* be larger than MaxOutstandingSentPackets.
+const MaxTrackedSentPackets = MaxOutstandingSentPackets * 5 / 4
+
+// MaxTrackedReceivedAckRanges is the maximum number of ACK ranges tracked
+const MaxTrackedReceivedAckRanges = defaultMaxCongestionWindowPackets
+
+// MaxNonRetransmittableAcks is the maximum number of packets containing an ACK, but no retransmittable frames, that we send in a row
+const MaxNonRetransmittableAcks = 19
+
+// MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames
+// prevents DoS attacks against the streamFrameSorter
+const MaxStreamFrameSorterGaps = 1000
+
+// CryptoMaxParams is the upper limit for the number of parameters in a crypto message.
+// Value taken from Chrome.
+const CryptoMaxParams = 128
+
+// CryptoParameterMaxLength is the upper limit for the length of a parameter in a crypto message.
+const CryptoParameterMaxLength = 4000
+
+// EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX.
+const EphermalKeyLifetime = time.Minute
+
+// MinRemoteIdleTimeout is the minimum value that we accept for the remote idle timeout
+const MinRemoteIdleTimeout = 5 * time.Second
+
+// DefaultIdleTimeout is the default idle timeout
+const DefaultIdleTimeout = 30 * time.Second
+
+// DefaultHandshakeTimeout is the default timeout for a connection until the crypto handshake succeeds.
+const DefaultHandshakeTimeout = 10 * time.Second
+
+// ClosedSessionDeleteTimeout the server ignores packets arriving on a connection that is already closed
+// after this time all information about the old connection will be deleted
+const ClosedSessionDeleteTimeout = time.Minute
+
+// NumCachedCertificates is the number of cached compressed certificate chains, each taking ~1K space
+const NumCachedCertificates = 128
+
+// MinStreamFrameSize is the minimum size that has to be left in a packet, so that we add another STREAM frame.
+// This avoids splitting up STREAM frames into small pieces, which has 2 advantages:
+// 1. it reduces the framing overhead
+// 2. it reduces the head-of-line blocking, when a packet is lost
+const MinStreamFrameSize ByteCount = 128
+
+// MaxAckFrameSize is the maximum size for an (IETF QUIC) ACK frame that we write
+// Due to the varint encoding, ACK frames can grow (almost) indefinitely large.
+// The MaxAckFrameSize should be large enough to encode many ACK range,
+// but must ensure that a maximum size ACK frame fits into one packet.
+const MaxAckFrameSize ByteCount = 1000
+
+// MinPacingDelay is the minimum duration that is used for packet pacing
+// If the packet packing frequency is higher, multiple packets might be sent at once.
+// Example: For a packet pacing delay of 20 microseconds, we would send 5 packets at once, wait for 100 microseconds, and so forth.
+const MinPacingDelay time.Duration = 100 * time.Microsecond
+
+// DefaultConnectionIDLength is the connection ID length that is used for multiplexed connections
+// if no other value is configured.
+const DefaultConnectionIDLength = 4

vendor/github.com/lucas-clemente/quic-go/internal/protocol/stream_id.go

@@ -0,0 +1,36 @@
+package protocol
+
+// A StreamID in QUIC
+type StreamID uint64
+
+// MaxBidiStreamID is the highest stream ID that the peer is allowed to open,
+// when it is allowed to open numStreams bidirectional streams.
+// It is only valid for IETF QUIC.
+func MaxBidiStreamID(numStreams int, pers Perspective) StreamID {
+	if numStreams == 0 {
+		return 0
+	}
+	var first StreamID
+	if pers == PerspectiveClient {
+		first = 1
+	} else {
+		first = 4
+	}
+	return first + 4*StreamID(numStreams-1)
+}
+
+// MaxUniStreamID is the highest stream ID that the peer is allowed to open,
+// when it is allowed to open numStreams unidirectional streams.
+// It is only valid for IETF QUIC.
+func MaxUniStreamID(numStreams int, pers Perspective) StreamID {
+	if numStreams == 0 {
+		return 0
+	}
+	var first StreamID
+	if pers == PerspectiveClient {
+		first = 3
+	} else {
+		first = 2
+	}
+	return first + 4*StreamID(numStreams-1)
+}

vendor/github.com/lucas-clemente/quic-go/internal/protocol/version.go

@@ -0,0 +1,181 @@
+package protocol
+
+import (
+	"crypto/rand"
+	"encoding/binary"
+	"fmt"
+	"math"
+)
+
+// VersionNumber is a version number as int
+type VersionNumber uint32
+
+// gQUIC version range as defined in the wiki: https://github.com/quicwg/base-drafts/wiki/QUIC-Versions
+const (
+	gquicVersion0   = 0x51303030
+	maxGquicVersion = 0x51303439
+)
+
+// The version numbers, making grepping easier
+const (
+	Version39       VersionNumber = gquicVersion0 + 3*0x100 + 0x9
+	Version43       VersionNumber = gquicVersion0 + 4*0x100 + 0x3
+	Version44       VersionNumber = gquicVersion0 + 4*0x100 + 0x4
+	VersionTLS      VersionNumber = 101
+	VersionWhatever VersionNumber = 0 // for when the version doesn't matter
+	VersionUnknown  VersionNumber = math.MaxUint32
+)
+
+// SupportedVersions lists the versions that the server supports
+// must be in sorted descending order
+var SupportedVersions = []VersionNumber{
+	Version44,
+	Version43,
+	Version39,
+}
+
+// IsValidVersion says if the version is known to quic-go
+func IsValidVersion(v VersionNumber) bool {
+	return v == VersionTLS || IsSupportedVersion(SupportedVersions, v)
+}
+
+// UsesTLS says if this QUIC version uses TLS 1.3 for the handshake
+func (vn VersionNumber) UsesTLS() bool {
+	return !vn.isGQUIC()
+}
+
+func (vn VersionNumber) String() string {
+	switch vn {
+	case VersionWhatever:
+		return "whatever"
+	case VersionUnknown:
+		return "unknown"
+	case VersionTLS:
+		return "TLS dev version (WIP)"
+	default:
+		if vn.isGQUIC() {
+			return fmt.Sprintf("gQUIC %d", vn.toGQUICVersion())
+		}
+		return fmt.Sprintf("%#x", uint32(vn))
+	}
+}
+
+// ToAltSvc returns the representation of the version for the H2 Alt-Svc parameters
+func (vn VersionNumber) ToAltSvc() string {
+	if vn.isGQUIC() {
+		return fmt.Sprintf("%d", vn.toGQUICVersion())
+	}
+	return fmt.Sprintf("%d", vn)
+}
+
+// CryptoStreamID gets the Stream ID of the crypto stream
+func (vn VersionNumber) CryptoStreamID() StreamID {
+	if vn.isGQUIC() {
+		return 1
+	}
+	return 0
+}
+
+// UsesIETFFrameFormat tells if this version uses the IETF frame format
+func (vn VersionNumber) UsesIETFFrameFormat() bool {
+	return !vn.isGQUIC()
+}
+
+// UsesIETFHeaderFormat tells if this version uses the IETF header format
+func (vn VersionNumber) UsesIETFHeaderFormat() bool {
+	return !vn.isGQUIC() || vn >= Version44
+}
+
+// UsesLengthInHeader tells if this version uses the Length field in the IETF header
+func (vn VersionNumber) UsesLengthInHeader() bool {
+	return !vn.isGQUIC()
+}
+
+// UsesTokenInHeader tells if this version uses the Token field in the IETF header
+func (vn VersionNumber) UsesTokenInHeader() bool {
+	return !vn.isGQUIC()
+}
+
+// UsesStopWaitingFrames tells if this version uses STOP_WAITING frames
+func (vn VersionNumber) UsesStopWaitingFrames() bool {
+	return vn.isGQUIC() && vn <= Version43
+}
+
+// UsesVarintPacketNumbers tells if this version uses 7/14/30 bit packet numbers
+func (vn VersionNumber) UsesVarintPacketNumbers() bool {
+	return !vn.isGQUIC()
+}
+
+// StreamContributesToConnectionFlowControl says if a stream contributes to connection-level flow control
+func (vn VersionNumber) StreamContributesToConnectionFlowControl(id StreamID) bool {
+	if id == vn.CryptoStreamID() {
+		return false
+	}
+	if vn.isGQUIC() && id == 3 {
+		return false
+	}
+	return true
+}
+
+func (vn VersionNumber) isGQUIC() bool {
+	return vn > gquicVersion0 && vn <= maxGquicVersion
+}
+
+func (vn VersionNumber) toGQUICVersion() int {
+	return int(10*(vn-gquicVersion0)/0x100) + int(vn%0x10)
+}
+
+// IsSupportedVersion returns true if the server supports this version
+func IsSupportedVersion(supported []VersionNumber, v VersionNumber) bool {
+	for _, t := range supported {
+		if t == v {
+			return true
+		}
+	}
+	return false
+}
+
+// ChooseSupportedVersion finds the best version in the overlap of ours and theirs
+// ours is a slice of versions that we support, sorted by our preference (descending)
+// theirs is a slice of versions offered by the peer. The order does not matter.
+// The bool returned indicates if a matching version was found.
+func ChooseSupportedVersion(ours, theirs []VersionNumber) (VersionNumber, bool) {
+	for _, ourVer := range ours {
+		for _, theirVer := range theirs {
+			if ourVer == theirVer {
+				return ourVer, true
+			}
+		}
+	}
+	return 0, false
+}
+
+// generateReservedVersion generates a reserved version number (v & 0x0f0f0f0f == 0x0a0a0a0a)
+func generateReservedVersion() VersionNumber {
+	b := make([]byte, 4)
+	_, _ = rand.Read(b) // ignore the error here. Failure to read random data doesn't break anything
+	return VersionNumber((binary.BigEndian.Uint32(b) | 0x0a0a0a0a) & 0xfafafafa)
+}
+
+// GetGreasedVersions adds one reserved version number to a slice of version numbers, at a random position
+func GetGreasedVersions(supported []VersionNumber) []VersionNumber {
+	b := make([]byte, 1)
+	_, _ = rand.Read(b) // ignore the error here. Failure to read random data doesn't break anything
+	randPos := int(b[0]) % (len(supported) + 1)
+	greased := make([]VersionNumber, len(supported)+1)
+	copy(greased, supported[:randPos])
+	greased[randPos] = generateReservedVersion()
+	copy(greased[randPos+1:], supported[randPos:])
+	return greased
+}
+
+// StripGreasedVersions strips all greased versions from a slice of versions
+func StripGreasedVersions(versions []VersionNumber) []VersionNumber {
+	realVersions := make([]VersionNumber, 0, len(versions))
+	for _, v := range versions {
+		if v&0x0f0f0f0f != 0x0a0a0a0a {
+			realVersions = append(realVersions, v)
+		}
+	}
+	return realVersions
+}