recheck connection ID for 3 times for some implementations with broken HW PRNG

frontend/udp/connection_id.go

@@ -121,7 +121,7 @@ func (g *ConnectionIDGenerator) Generate(ip netip.Addr, now time.Time) (out []by
 	g.connID[0], g.connID[1], g.connID[2] = g.buff[0], g.buff[7], g.buff[8]
 	copy(g.connID[connIDLen-hmacLen:], g.scratch[:hmacLen])
 
-	log.Debug().
+	log.Trace().
 		Stringer("ip", ip).
 		Hex("connID", g.connID).
 		Msg("generated connection ID")
@@ -145,7 +145,7 @@ func (g *ConnectionIDGenerator) Validate(connectionID []byte, ip netip.Addr, now
 	// ts-skew < now < ts+ttl+skew
 	res = ts-g.maxClockSkew < nowTS && res
 	res = nowTS < ts+ttl+g.maxClockSkew && res
-	log.Debug().
+	log.Trace().
 		Stringer("ip", ip).
 		Hex("connID", connectionID).
 		Bool("result", res).

frontend/udp/connection_id_test.go

@@ -1,6 +1,7 @@
 package udp
 
 import (
+	"bytes"
 	"crypto/hmac"
 	"encoding/binary"
 	"fmt"
@@ -12,8 +13,9 @@ import (
 	"time"
 
 	"github.com/cespare/xxhash/v2"
-	"github.com/sot-tech/mochi/pkg/log"
 	"github.com/stretchr/testify/require"
+
+	"github.com/sot-tech/mochi/pkg/log"
 )
 
 var golden = []struct {
@@ -99,10 +101,13 @@ func TestReuseGeneratorGenerate(t *testing.T) {
 
 			gen := NewConnectionIDGenerator(tt.key, 0)
 
+			eq := true
 			for i := 0; i < 3; i++ {
 				connID := gen.Generate(netip.MustParseAddr(tt.ip), time.Unix(tt.createdAt, 0))
-				require.NotEqual(t, cid, connID) // IDs should NOT be equal because of salt
+				eq = eq && bytes.Equal(cid, connID)
 			}
+			// at least one of generated IDs should NOT be equal because of salt. 3 attempts to check collisions
+			require.Equal(t, eq, false)
 		})
 	}
 }