From 3ccea6d276659504aa043f7416bc263ea417937e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 23 May 2022 22:54:54 +0200 Subject: [PATCH] MINOIR: quic_stats: add QUIC connection errors counters Add statistical counters for all the transport level connection errrors. --- include/haproxy/quic_stats-t.h | 57 ++++++++++++++ include/haproxy/quic_stats.h | 14 ++++ src/quic_stats.c | 139 +++++++++++++++++++++++++++++---- src/xprt_quic.c | 14 +++- 4 files changed, 207 insertions(+), 17 deletions(-) create mode 100644 include/haproxy/quic_stats.h diff --git a/include/haproxy/quic_stats-t.h b/include/haproxy/quic_stats-t.h index 7baed42b8..7a8b8085e 100644 --- a/include/haproxy/quic_stats-t.h +++ b/include/haproxy/quic_stats-t.h @@ -8,13 +8,70 @@ extern struct stats_module quic_stats_module; +enum { + QUIC_ST_DROPPED_PACKETS, + QUIC_ST_TOO_SHORT_INITIAL_DGRAM, + QUIC_ST_RETRY_SENT, + QUIC_ST_RETRY_VALIDATED, + QUIC_ST_RETRY_ERRORS, + QUIC_ST_CONN_OPENINGS, + QUIC_ST_HDSHK_FAILS, + /* Transport errors */ + QUIC_ST_TRANSP_ERR_NO_ERROR, + QUIC_ST_TRANSP_ERR_INTERNAL_ERROR, + QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED, + QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR, + QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR, + QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR, + QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR, + QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR, + QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR, + QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR, + QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION, + QUIC_ST_TRANSP_ERR_INVALID_TOKEN, + QUIC_ST_TRANSP_ERR_APPLICATION_ERROR, + QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED, + QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR, + QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED, + QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH, + QUIC_ST_TRANSP_ERR_CRYPTO_ERROR, + QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR, + /* Stream related counters */ + QUIC_ST_DATA_BLOCKED, + QUIC_ST_STREAM_DATA_BLOCKED, + QUIC_ST_STREAMS_DATA_BLOCKED_BIDI, + QUIC_ST_STREAMS_DATA_BLOCKED_UNI, + QUIC_STATS_COUNT /* must be the last */ +}; + struct quic_counters { long long dropped_pkt; /* total number of dropped packets */ + long long too_short_initial_dgram; /* total number of too short datagrams with Initial packets */ long long retry_sent; /* total number of Retry sent */ long long retry_validated; /* total number of validated Retry tokens */ long long retry_error; /* total number of Retry token errors */ long long conn_opening; /* total number of connection openings */ long long hdshk_fail; /* total number of handshake failures */ + /* Transport errors */ + long long quic_transp_err_no_error; /* total number of NO_ERROR connection errors */ + long long quic_transp_err_internal_error; /* total number of INTERNAL_ERROR connection errors */ + long long quic_transp_err_connection_refused; /* total number of CONNECTION_REFUSED connection errors */ + long long quic_transp_err_flow_control_error; /* total number of FLOW_CONTROL_ERROR connection errors */ + long long quic_transp_err_stream_limit_error; /* total number of STREAM_LIMIT_ERROR connection errors */ + long long quic_transp_err_stream_state_error; /* total number of STREAM_STATE_ERROR connection errors */ + long long quic_transp_err_final_size_error; /* total number of FINAL_SIZE_ERROR connection errors */ + long long quic_transp_err_frame_encoding_error; /* total number of FRAME_ENCODING_ERROR connection errors */ + long long quic_transp_err_transport_parameter_error; /* total number of TRANSPORT_PARAMETER_ERROR connection errors */ + long long quic_transp_err_connection_id_limit; /* total number of CONNECTION_ID_LIMIT_ERROR connection errors */ + long long quic_transp_err_protocol_violation; /* total number of PROTOCOL_VIOLATION connection errors */ + long long quic_transp_err_invalid_token; /* total number of INVALID_TOKEN connection errors */ + long long quic_transp_err_application_error; /* total number of APPLICATION_ERROR connection errors */ + long long quic_transp_err_crypto_buffer_exceeded; /* total number of CRYPTO_BUFFER_EXCEEDED connection errors */ + long long quic_transp_err_key_update_error; /* total number of KEY_UPDATE_ERROR connection errors */ + long long quic_transp_err_aead_limit_reached; /* total number of AEAD_LIMIT_REACHED connection errors */ + long long quic_transp_err_no_viable_path; /* total number of NO_VIABLE_PATH connection errors */ + long long quic_transp_err_crypto_error; /* total number of CRYPTO_ERROR connection errors */ + long long quic_transp_err_unknown_error; /* total number of UNKNOWN_ERROR connection errors */ /* Streams related counters */ long long data_blocked; /* total number of times DATA_BLOCKED frame was received */ long long stream_data_blocked; /* total number of times STEAM_DATA_BLOCKED frame was received */ diff --git a/include/haproxy/quic_stats.h b/include/haproxy/quic_stats.h new file mode 100644 index 000000000..b2a8dec73 --- /dev/null +++ b/include/haproxy/quic_stats.h @@ -0,0 +1,14 @@ +#ifndef _HAPROXY_QUIC_STATS_H +#define _HAPROXY_QUIC_STATS_H + +#ifdef USE_QUIC +#ifndef USE_OPENSSL +#error "Must define USE_OPENSSL" +#endif + +#include + +void quic_stats_transp_err_count_inc(struct quic_counters *ctrs, int error_code); + +#endif /* USE_QUIC */ +#endif /* _HAPROXY_QUIC_STATS_H */ diff --git a/src/quic_stats.c b/src/quic_stats.c index adc166799..cc81924b9 100644 --- a/src/quic_stats.c +++ b/src/quic_stats.c @@ -1,24 +1,11 @@ #include #include -enum { - QUIC_ST_DROPPED_PACKETS, - QUIC_ST_RETRY_SENT, - QUIC_ST_RETRY_VALIDATED, - QUIC_ST_RETRY_ERRORS, - QUIC_ST_CONN_OPENINGS, - QUIC_ST_HDSHK_FAILS, - /* Stream related counters */ - QUIC_ST_DATA_BLOCKED, - QUIC_ST_STREAM_DATA_BLOCKED, - QUIC_ST_STREAMS_DATA_BLOCKED_BIDI, - QUIC_ST_STREAMS_DATA_BLOCKED_UNI, - QUIC_STATS_COUNT /* must be the last */ -}; - static struct name_desc quic_stats[] = { [QUIC_ST_DROPPED_PACKETS] = { .name = "quic_dropped_pkt", .desc = "Total number of dropped packets" }, + [QUIC_ST_TOO_SHORT_INITIAL_DGRAM] = { .name = "quic_too_short_dgram", + .desc = "Total number of too short dgrams with Initial packets" }, [QUIC_ST_RETRY_SENT] = { .name = "quic_retry_sent", .desc = "Total number of Retry sent" }, [QUIC_ST_RETRY_VALIDATED] = { .name = "quic_retry_validated", @@ -29,6 +16,45 @@ static struct name_desc quic_stats[] = { .desc = "Total number of connection openings" }, [QUIC_ST_HDSHK_FAILS] = { .name = "quic_hdshk_fail", .desc = "Total number of handshake failures" }, + /* Transport errors */ + [QUIC_ST_TRANSP_ERR_NO_ERROR] = { .name = "quic_transp_err_no_error", + .desc = "Total number of NO_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_INTERNAL_ERROR] = { .name = "quic_transp_err_internal_error", + .desc = "Total number of INTERNAL_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED] = { .name = "quic_transp_err_connection_refused", + .desc = "Total number of CONNECTION_REFUSED errors received" }, + [QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR] = { .name = "quic_transp_err_flow_control_error", + .desc = "Total number of FLOW_CONTROL_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR] = { .name = "quic_transp_err_stream_limit_error", + .desc = "Total number of STREAM_LIMIT_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR] = { .name = "quic_transp_err_stream_state_error", + .desc = "Total number of STREAM_STATE_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR] = { .name = "quic_transp_err_final_size_error", + .desc = "Total number of FINAL_SIZE_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR] = { .name = "quic_transp_err_frame_encoding_error", + .desc = "Total number of FRAME_ENCODING_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR] = { .name = "quic_transp_err_transport_parameter_error", + .desc = "Total number of TRANSPORT_PARAMETER_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR] = { .name = "quic_transp_err_connection_id_limit", + .desc = "Total number of CONNECTION_ID_LIMIT_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION] = { .name = "quic_transp_err_protocol_violation_error", + .desc = "Total number of PROTOCOL_VIOLATION errors received" }, + [QUIC_ST_TRANSP_ERR_INVALID_TOKEN] = { .name = "quic_transp_err_invalid_token", + .desc = "Total number of INVALID_TOKEN errors received" }, + [QUIC_ST_TRANSP_ERR_APPLICATION_ERROR] = { .name = "quic_transp_err_application_error", + .desc = "Total number of APPLICATION_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED] = { .name = "quic_transp_err_crypto_buffer_exceeded", + .desc = "Total number of CRYPTO_BUFFER_EXCEEDED errors received" }, + [QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR] = { .name = "quic_transp_err_key_update_error", + .desc = "Total number of KEY_UPDATE_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED] = { .name = "quic_transp_err_aead_limit_reached", + .desc = "Total number of AEAD_LIMIT_REACHED errors received" }, + [QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH] = { .name = "quic_transp_err_no_viable_path", + .desc = "Total number of NO_VIABLE_PATH errors received" }, + [QUIC_ST_TRANSP_ERR_CRYPTO_ERROR] = { .name = "quic_transp_err_crypto_error", + .desc = "Total number of CRYPTO_ERROR errors received" }, + [QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR] = { .name = "quic_transp_err_unknown_error", + .desc = "Total number of UNKNOWN_ERROR errors received" }, /* Streams related counters */ [QUIC_ST_DATA_BLOCKED] = { .name = "quic_data_blocked", .desc = "Total number of times DATA_BLOCKED frame was received" }, @@ -47,11 +73,32 @@ static void quic_fill_stats(void *data, struct field *stats) struct quic_counters *counters = data; stats[QUIC_ST_DROPPED_PACKETS] = mkf_u64(FN_COUNTER, counters->dropped_pkt); + stats[QUIC_ST_TOO_SHORT_INITIAL_DGRAM] = mkf_u64(FN_COUNTER, counters->too_short_initial_dgram); stats[QUIC_ST_RETRY_SENT] = mkf_u64(FN_COUNTER, counters->retry_sent); stats[QUIC_ST_RETRY_VALIDATED] = mkf_u64(FN_COUNTER, counters->retry_validated); stats[QUIC_ST_RETRY_ERRORS] = mkf_u64(FN_COUNTER, counters->retry_error); stats[QUIC_ST_CONN_OPENINGS] = mkf_u64(FN_GAUGE, counters->conn_opening); stats[QUIC_ST_HDSHK_FAILS] = mkf_u64(FN_COUNTER, counters->hdshk_fail); + /* Transport errors */ + stats[QUIC_ST_TRANSP_ERR_NO_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_no_error); + stats[QUIC_ST_TRANSP_ERR_INTERNAL_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_internal_error); + stats[QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED] = mkf_u64(FN_COUNTER, counters->quic_transp_err_connection_refused); + stats[QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_flow_control_error); + stats[QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_stream_limit_error); + stats[QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_stream_state_error); + stats[QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_final_size_error); + stats[QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_frame_encoding_error); + stats[QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_transport_parameter_error); + stats[QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_connection_id_limit); + stats[QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION] = mkf_u64(FN_COUNTER, counters->quic_transp_err_protocol_violation); + stats[QUIC_ST_TRANSP_ERR_INVALID_TOKEN] = mkf_u64(FN_COUNTER, counters->quic_transp_err_invalid_token); + stats[QUIC_ST_TRANSP_ERR_APPLICATION_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_application_error); + stats[QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED] = mkf_u64(FN_COUNTER, counters->quic_transp_err_crypto_buffer_exceeded); + stats[QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_key_update_error); + stats[QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED] = mkf_u64(FN_COUNTER, counters->quic_transp_err_aead_limit_reached); + stats[QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH] = mkf_u64(FN_COUNTER, counters->quic_transp_err_no_viable_path); + stats[QUIC_ST_TRANSP_ERR_CRYPTO_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_crypto_error); + stats[QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_unknown_error); /* Streams related counters */ stats[QUIC_ST_DATA_BLOCKED] = mkf_u64(FN_COUNTER, counters->data_blocked); stats[QUIC_ST_STREAM_DATA_BLOCKED] = mkf_u64(FN_COUNTER, counters->stream_data_blocked); @@ -71,3 +118,65 @@ struct stats_module quic_stats_module = { }; INITCALL1(STG_REGISTER, stats_register_module, &quic_stats_module); + +void quic_stats_transp_err_count_inc(struct quic_counters *ctrs, int error_code) +{ + switch (error_code) { + case QC_ERR_NO_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_no_error); + break; + case QC_ERR_INTERNAL_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_internal_error); + break; + case QC_ERR_CONNECTION_REFUSED: + HA_ATOMIC_INC(&ctrs->quic_transp_err_connection_refused); + break; + case QC_ERR_FLOW_CONTROL_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_flow_control_error); + break; + case QC_ERR_STREAM_LIMIT_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_stream_limit_error); + break; + case QC_ERR_STREAM_STATE_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_stream_state_error); + break; + case QC_ERR_FINAL_SIZE_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_final_size_error); + break; + case QC_ERR_FRAME_ENCODING_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_frame_encoding_error); + break; + case QC_ERR_TRANSPORT_PARAMETER_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_transport_parameter_error); + break; + case QC_ERR_CONNECTION_ID_LIMIT_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_connection_id_limit); + break; + case QC_ERR_PROTOCOL_VIOLATION: + HA_ATOMIC_INC(&ctrs->quic_transp_err_protocol_violation); + break; + case QC_ERR_INVALID_TOKEN: + HA_ATOMIC_INC(&ctrs->quic_transp_err_invalid_token); + break; + case QC_ERR_APPLICATION_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_application_error); + break; + case QC_ERR_CRYPTO_BUFFER_EXCEEDED: + HA_ATOMIC_INC(&ctrs->quic_transp_err_crypto_buffer_exceeded); + break; + case QC_ERR_KEY_UPDATE_ERROR: + HA_ATOMIC_INC(&ctrs->quic_transp_err_key_update_error); + break; + case QC_ERR_AEAD_LIMIT_REACHED: + HA_ATOMIC_INC(&ctrs->quic_transp_err_aead_limit_reached); + break; + case QC_ERR_NO_VIABLE_PATH: + HA_ATOMIC_INC(&ctrs->quic_transp_err_no_viable_path); + break; + default: + if (error_code >= 0x100 && error_code <= 0x1ff) + HA_ATOMIC_INC(&ctrs->quic_transp_err_crypto_error); + else + HA_ATOMIC_INC(&ctrs->quic_transp_err_unknown_error); + } +} diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 6df7df604..de65b7f65 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -45,7 +45,7 @@ #include #include #include -#include +#include #include #include #include @@ -2367,6 +2367,15 @@ static void qc_prep_hdshk_fast_retrans(struct quic_conn *qc, LIST_SPLICE(hfrms, &htmp); } +static void qc_cc_err_count_inc(struct quic_counters *ctrs, + enum quic_frame_type frm_type, unsigned int error_code) +{ + if (frm_type == QUIC_FT_CONNECTION_CLOSE) + quic_stats_transp_err_count_inc(ctrs, error_code); + else if (frm_type == QUIC_FT_CONNECTION_CLOSE_APP) + return; +} + /* Parse all the frames of QUIC packet for QUIC connection with * as I/O handler context and as encryption level. * Returns 1 if succeeded, 0 if failed. @@ -2552,6 +2561,7 @@ static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ct break; case QUIC_FT_CONNECTION_CLOSE: case QUIC_FT_CONNECTION_CLOSE_APP: + qc_cc_err_count_inc(qc->prx_counters, frm.type, frm.connection_close.error_code); if (!(qc->flags & QUIC_FL_CONN_DRAINING)) { /* If the connection did not reached the handshake complete state, * the counter was not decremented. Note that if @@ -5203,7 +5213,7 @@ static void qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end, else if (pkt->type == QUIC_PACKET_TYPE_INITIAL && dgram->len < QUIC_INITIAL_PACKET_MINLEN) { TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT, qc); - drop_no_conn = 1; + HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram); } /* When multiple QUIC packets are coalesced on the same UDP datagram,