RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-05-16 22:58:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: delay Retry emission on quic-force-retry

Browse Source 
Currently, quic Retry packets are emitted for two different reasons
after processing an Initial without token :
- quic-force-retry is set on bind-line
- an abnormal number of half-open connection is currently detected

Previously, these two conditions were checked separately in different
functions during datagram parsing. Uniformize this by moving
quic-force-retry check in quic_rx_pkt_retrieve_conn() along the second
condition check.

The purpose of this patch is to uniformize datagram parsing stages. It
is necessary to implement quic-initial rules in
quic_rx_pkt_retrieve_conn() prior to any Retry emission. This prevents
to emit unnecessary Retry if an Initial is subject to a reject rule.
This commit is contained in:
Amaury Denoyelle 2024-07-19 17:37:52 +02:00
parent e328056ddc
commit a72e82c382
1 changed files with 2 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/quic_rx.c
View File

@ -1605,8 +1605,9 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt,
if (!quic_retry_token_check(pkt, dgram, l, qc, &token_odcid))
goto err;
}
else if (!(l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) &&
else if ((l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) ||
HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= global.tune.quic_retry_threshold) {
TRACE_PROTO("Initial without token, sending retry",
QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) {
@ -1799,24 +1800,6 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt,
goto drop;
}
/* TODO Retry should be automatically activated if
* suspect network usage is detected.
*/
if (!token_len) {
if (l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) {
TRACE_PROTO("Initial without token, sending retry",
QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) {
TRACE_PROTO("Error during Retry generation",
QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
goto drop_silent;
}
HA_ATOMIC_INC(&prx_counters->retry_sent);
goto drop_silent;
}
}
pkt->token = pos;
pkt->token_len = token_len;
pos += pkt->token_len;