MAJOR: proxy: enable abortonclose by default on HTTP proxies

As discussed on https://github.com/orgs/haproxy/discussions/3146 and on
the mailing list, there's a marked preference for having abortonclose
enabled by default when relevant. The point being that with todays'
internet, the large majority of requests sent with a closed input
channel are aborted requests, and that it's pointless to waste resources
processing them.

This patch now considers both "option abortonclose" and its opposite
"no option abortonclose" to figure whether abortonclose is enabled or
disabled in a backend. When neither are set (thus not even inherited
from a defaults section), then it considers the proxy's mode, and HTTP
mode implies abortonclose by default.

This may make some legacy services fail starting with 3.3. In this case
it will be sufficient to add "no option abortonclose" in either the
affected backend or the defaults section it derives from. But for
internet-facing proxies it's better to stay with the option enabled.

doc/configuration.txt

@@ -9089,11 +9089,14 @@ no option abortonclose
       pending in the queue or when trying to connect). If the request is
       already being served by a server, then the connection to the server is
       in turn switched to half-close to indicate the same condition to the
-      server, which will then decide how to proceed.
+      server, which will then decide how to proceed. This is the default for
+      HTTP-mode backends.
 
   The recommendation is to enable this option on internet-facing TLS endpoints
   and HTTP services, and to disable it for pure TCP ones as well as unexposed
-  legacy environments.
+  legacy environments. It is enabled by default in HTTP backends, and may be
+  forcefully disabled by prepending the "no" keyword before it, either in the
+  backend section itself, or in the "defaults" section it inherits from.
 
   If this option has been enabled in a "defaults" section, it can be disabled
   in a specific instance by prepending the "no" keyword before it.

include/haproxy/proxy.h

@@ -141,10 +141,18 @@ static inline void proxy_reset_timeouts(struct proxy *proxy)
 	proxy->timeout.tunnel = TICK_ETERNITY;
 }
 
-/* return proxy's abortonclose status: 0=off, non-zero=on */
+/* return proxy's abortonclose status: 0=off, non-zero=on.
+ * Considers the proxy's mode when neither on/off was set,
+ * and HTTP mode defaults to on.
+ */
 static inline int proxy_abrt_close(const struct proxy *px)
 {
-	return !!(px->options & PR_O_ABRT_CLOSE);
+	if (px->options & PR_O_ABRT_CLOSE)
+		return 1;
+	else if (px->no_options & PR_O_ABRT_CLOSE)
+		return 0;
+	/* When unset: 1 for HTTP, 0 for TCP */
+	return px->mode == PR_MODE_HTTP;
 }
 
 /* increase the number of cumulated connections received on the designated frontend */

reg-tests/http-messaging/http_abortonclose.vtc

@@ -126,6 +126,7 @@ haproxy h2 -conf {
 
     defaults
         mode http
+        no option abortonclose
         retries 1
         timeout client  10s
         timeout server  10s