MINOR: quic: rename retry-threshold setting

A QUIC global tune setting is defined to be able to force Retry emission
prior to handshake. By definition, this ability is only supported by
QUIC servers, hence it is a frontend option only.

Rename the option to use "fe" prefix. The old option name is deprecated
and will be removed in 3.5

doc/configuration.txt

@@ -1904,6 +1904,7 @@ The following keywords are supported in the "global" section :
    - tune.quic.fe.cc.max-frame-loss
    - tune.quic.fe.cc.reorder-ratio
    - tune.quic.fe.sec.glitches-threshold
+   - tune.quic.fe.sec.retry-threshold
    - tune.quic.fe.tx.pacing
    - tune.quic.fe.tx.udp-gso
    - tune.quic.frontend.max-data-size
@@ -1916,7 +1917,7 @@ The following keywords are supported in the "global" section :
    - tune.quic.max-frame-loss (deprecated)
    - tune.quic.mem.tx-max
    - tune.quic.reorder-ratio (deprecated)
-   - tune.quic.retry-threshold
+   - tune.quic.retry-threshold (deprecated)
    - tune.quic.socket-owner
    - tune.quic.zero-copy-fwd-send
    - tune.renice.runtime
@@ -4781,6 +4782,25 @@ tune.quic.frontend.glitches-threshold <number> (deprecated)
   part of the streamlining process apply on QUIC configuration. If used, this
   setting will only be applied on frontend connections.
 
+tune.quic.fe.sec.retry-threshold <number>
+  Dynamically enables the Retry feature for all the configured QUIC listeners
+  as soon as this number of half open connections is reached. A half open
+  connection is a connection whose handshake has not already successfully
+  completed or failed. To be functional this setting needs a cluster secret to
+  be set, if not it will be silently ignored (see "cluster-secret" setting).
+  This setting will be also silently ignored if the use of QUIC Retry was
+  forced (see "quic-force-retry").
+
+  The default value is 100.
+
+  See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more
+  information about QUIC retry.
+
+tune.quic.retry-threshold <number> (deprecated)
+  This keyword has been deprecated in 3.3 and will be removed in 3.5. It is
+  part of the streamlining process apply on QUIC configuration. If used, this
+  setting will only be applied on frontend connections.
+
 tune.quic.be.tx.pacing { on | off }
 tune.quic.fe.tx.pacing { on | off }
   Enables ('on') or disables ('off') pacing support for QUIC emission. By
@@ -4809,7 +4829,6 @@ tune.quic.disable-udp-gso (deprecated)
   This keyword has been deprecated in 3.3 and will be removed in 3.5. It is
   part of the streamlining process apply on QUIC configuration. If used, this
   setting will only be applied on frontend connections.
-
 tune.quic.frontend.max-data-size <size>
   This setting is the hard limit for the number of data bytes in flight over a
   QUIC frontend connection. It is reused as the value for the initial_max_data
@@ -4906,20 +4925,6 @@ tune.quic.frontend.max-tx-mem <size> (deprecated)
   part of the streamlining process apply on QUIC configuration. If used, this
   setting will only be applied on frontend connections.
 
-tune.quic.retry-threshold <number>
-  Dynamically enables the Retry feature for all the configured QUIC listeners
-  as soon as this number of half open connections is reached. A half open
-  connection is a connection whose handshake has not already successfully
-  completed or failed. To be functional this setting needs a cluster secret to
-  be set, if not it will be silently ignored (see "cluster-secret" setting).
-  This setting will be also silently ignored if the use of QUIC Retry was
-  forced (see "quic-force-retry").
-
-  The default value is 100.
-
-  See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more
-  information about QUIC retry.
-
 tune.quic.socket-owner { connection | listener }
   Specifies globally how QUIC connections will use socket for receive/send
   operations. Connections can share listener socket or each connection can
@@ -17165,7 +17170,7 @@ quic-force-retry
   contains a token. This token must be sent back to the Retry packet sender,
   this latter being the only one to be able to validate the token. Note that QUIC
   Retry will always be used even if a Retry threshold was set (see
-  "tune.quic.retry-threshold" setting).
+  "tune.quic.fe.sec.retry-threshold" setting).
 
   This setting requires the cluster secret to be set or else an error will be
   reported on startup (see "cluster-secret").

include/haproxy/global-t.h

@@ -221,7 +221,6 @@ struct global {
 		unsigned int quic_frontend_max_streams_bidi;
 		size_t quic_frontend_max_window_size;
 		unsigned int quic_frontend_stream_data_ratio;
-		unsigned int quic_retry_threshold;
 #endif /* USE_QUIC */
 	} tune;
 	struct {

include/haproxy/quic_conn-t.h

@@ -91,8 +91,6 @@ typedef unsigned long long ull;
 #define  QUIC_TOKEN_FMT_NEW  0xb7
 /* Retry token duration */
 #define QUIC_RETRY_DURATION_SEC       10
-/* Default Retry threshold */
-#define QUIC_DFLT_RETRY_THRESHOLD     100 /* in connection openings */
 /* Default congestion window size. 480 kB, equivalent to the legacy value which was 30*bufsize */
 #define QUIC_DFLT_MAX_WINDOW_SIZE  491520
 

include/haproxy/quic_tune-t.h

@@ -11,6 +11,8 @@
 #define QUIC_DFLT_CC_MAX_FRAME_LOSS       10
 /* Default ratio value applied to a dynamic Packet reorder threshold. */
 #define QUIC_DFLT_CC_REORDER_RATIO        50 /* in percent */
+/* Default Retry threshold */
+#define QUIC_DFLT_SEC_RETRY_THRESHOLD     100 /* in connection openings */
 
 
 #define QUIC_TUNE_FE_LISTEN_OFF    0x00000001
@@ -27,6 +29,7 @@ struct quic_tune {
 		uint cc_max_frame_loss;
 		uint cc_reorder_ratio;
 		uint sec_glitches_threshold;
+		uint sec_retry_threshold;
 		uint opts;    /* QUIC_TUNE_FE_* options specific to FE side */
 		uint fb_opts; /* QUIC_TUNE_FB_* options shared by both side */
 	} fe;

src/cfgparse-quic.c

@@ -27,6 +27,7 @@ struct quic_tune quic_tune = {
 	.fe = {
 		.cc_max_frame_loss = QUIC_DFLT_CC_MAX_FRAME_LOSS,
 		.cc_reorder_ratio  = QUIC_DFLT_CC_REORDER_RATIO,
+		.sec_retry_threshold = QUIC_DFLT_SEC_RETRY_THRESHOLD,
 		.fb_opts = QUIC_TUNE_FB_TX_PACING|QUIC_TUNE_FB_TX_UDP_GSO,
 	},
 	.be = {
@@ -345,6 +346,9 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type,
 		                                 &quic_tune.fe.sec_glitches_threshold;
 		*ptr = arg;
 	}
+	else if (strcmp(suffix, "fe.sec.retry-threshold") == 0) {
+		quic_tune.fe.sec_retry_threshold = arg;
+	}
 	else if (strcmp(suffix, "frontend.max-data-size") == 0) {
 		if ((errptr = parse_size_err(args[1], &arg))) {
 			memprintf(err, "'%s': unexpected character '%c' in size argument '%s'.",
@@ -377,8 +381,6 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type,
 		}
 		global.tune.quic_frontend_stream_data_ratio = arg;
 	}
-	else if (strcmp(suffix, "retry-threshold") == 0)
-		global.tune.quic_retry_threshold = arg;
 
 	/* legacy options */
 	else if (strcmp(suffix, "cc.cubic.min-losses") == 0) {
@@ -425,6 +427,12 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type,
 		quic_tune.fe.cc_reorder_ratio = arg;
 		ret = 1;
 	}
+	else if (strcmp(suffix, "retry-threshold") == 0) {
+		memprintf(err, "'%s' is deprecated in 3.3 and will be removed in 3.5. "
+		               "Please use the newer keyword syntax 'tune.quic.fe.sec.retry-threshold'.", args[0]);
+		quic_tune.fe.sec_retry_threshold = arg;
+		ret = 1;
+	}
 	else {
 		memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
 		return -1;
@@ -550,7 +558,6 @@ static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "tune.quic.frontend.max-idle-timeout", cfg_parse_quic_time },
 	{ CFG_GLOBAL, "tune.quic.frontend.default-max-window-size", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.frontend.stream-data-ratio", cfg_parse_quic_tune_setting },
-	{ CFG_GLOBAL, "tune.quic.retry-threshold", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.zero-copy-fwd-send", cfg_parse_quic_tune_on_off },
 
 	{ CFG_GLOBAL, "tune.quic.fe.cc.cubic-min-losses", cfg_parse_quic_tune_setting },
@@ -558,6 +565,7 @@ static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "tune.quic.fe.cc.max-frame-loss", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.fe.cc.reorder-ratio", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.fe.sec.glitches-threshold", cfg_parse_quic_tune_setting },
+	{ CFG_GLOBAL, "tune.quic.fe.sec.retry-threshold", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.fe.tx.pacing", cfg_parse_quic_tune_on_off },
 	{ CFG_GLOBAL, "tune.quic.fe.tx.udp-gso", cfg_parse_quic_tune_on_off },
 
@@ -578,6 +586,7 @@ static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "tune.quic.frontend.max-tx-mem", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.max-frame-loss", cfg_parse_quic_tune_setting },
 	{ CFG_GLOBAL, "tune.quic.reorder-ratio", cfg_parse_quic_tune_setting },
+	{ CFG_GLOBAL, "tune.quic.retry-threshold", cfg_parse_quic_tune_setting },
 
 	{ 0, NULL, NULL }
 }};

src/haproxy.c

@@ -205,7 +205,6 @@ struct global global = {
 		.quic_frontend_max_streams_bidi = QUIC_TP_DFLT_FRONT_MAX_STREAMS_BIDI,
 		.quic_frontend_max_window_size = QUIC_DFLT_MAX_WINDOW_SIZE,
 		.quic_frontend_stream_data_ratio = QUIC_DFLT_FRONT_STREAM_DATA_RATIO,
-		.quic_retry_threshold = QUIC_DFLT_RETRY_THRESHOLD,
 #endif /* USE_QUIC */
 	},
 #ifdef USE_OPENSSL

src/quic_rx.c

@@ -1703,7 +1703,7 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt,
 			/* No need to emit Retry if connection is refused. */
 			if (!pkt->token_len && !(dgram->flags & QUIC_DGRAM_FL_REJECT)) {
 				if ((l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) ||
-				    HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= global.tune.quic_retry_threshold ||
+				    HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= quic_tune.fe.sec_retry_threshold ||
 				    (dgram->flags & QUIC_DGRAM_FL_SEND_RETRY)) {
 
 					TRACE_PROTO("Initial without token, sending retry",