From a72e82c382eff9768c2e04e034a0093102dd487b Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 19 Jul 2024 17:37:52 +0200 Subject: [PATCH] MINOR: quic: delay Retry emission on quic-force-retry Currently, quic Retry packets are emitted for two different reasons after processing an Initial without token : - quic-force-retry is set on bind-line - an abnormal number of half-open connection is currently detected Previously, these two conditions were checked separately in different functions during datagram parsing. Uniformize this by moving quic-force-retry check in quic_rx_pkt_retrieve_conn() along the second condition check. The purpose of this patch is to uniformize datagram parsing stages. It is necessary to implement quic-initial rules in quic_rx_pkt_retrieve_conn() prior to any Retry emission. This prevents to emit unnecessary Retry if an Initial is subject to a reject rule. --- src/quic_rx.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/src/quic_rx.c b/src/quic_rx.c index e2dd8fbd0..fa82042a0 100644 --- a/src/quic_rx.c +++ b/src/quic_rx.c @@ -1605,8 +1605,9 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt, if (!quic_retry_token_check(pkt, dgram, l, qc, &token_odcid)) goto err; } - else if (!(l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) && + else if ((l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) || HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= global.tune.quic_retry_threshold) { + TRACE_PROTO("Initial without token, sending retry", QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version); if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) { @@ -1799,24 +1800,6 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt, goto drop; } - /* TODO Retry should be automatically activated if - * suspect network usage is detected. - */ - if (!token_len) { - if (l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) { - TRACE_PROTO("Initial without token, sending retry", - QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version); - if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) { - TRACE_PROTO("Error during Retry generation", - QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version); - goto drop_silent; - } - - HA_ATOMIC_INC(&prx_counters->retry_sent); - goto drop_silent; - } - } - pkt->token = pos; pkt->token_len = token_len; pos += pkt->token_len;