diff --git a/doc/configuration.txt b/doc/configuration.txt index 682cb0a56..2ef28c8fd 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1904,6 +1904,7 @@ The following keywords are supported in the "global" section : - tune.quic.fe.cc.max-frame-loss - tune.quic.fe.cc.reorder-ratio - tune.quic.fe.sec.glitches-threshold + - tune.quic.fe.sec.retry-threshold - tune.quic.fe.tx.pacing - tune.quic.fe.tx.udp-gso - tune.quic.frontend.max-data-size @@ -1916,7 +1917,7 @@ The following keywords are supported in the "global" section : - tune.quic.max-frame-loss (deprecated) - tune.quic.mem.tx-max - tune.quic.reorder-ratio (deprecated) - - tune.quic.retry-threshold + - tune.quic.retry-threshold (deprecated) - tune.quic.socket-owner - tune.quic.zero-copy-fwd-send - tune.renice.runtime @@ -4781,6 +4782,25 @@ tune.quic.frontend.glitches-threshold (deprecated) part of the streamlining process apply on QUIC configuration. If used, this setting will only be applied on frontend connections. +tune.quic.fe.sec.retry-threshold + Dynamically enables the Retry feature for all the configured QUIC listeners + as soon as this number of half open connections is reached. A half open + connection is a connection whose handshake has not already successfully + completed or failed. To be functional this setting needs a cluster secret to + be set, if not it will be silently ignored (see "cluster-secret" setting). + This setting will be also silently ignored if the use of QUIC Retry was + forced (see "quic-force-retry"). + + The default value is 100. + + See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more + information about QUIC retry. + +tune.quic.retry-threshold (deprecated) + This keyword has been deprecated in 3.3 and will be removed in 3.5. It is + part of the streamlining process apply on QUIC configuration. If used, this + setting will only be applied on frontend connections. + tune.quic.be.tx.pacing { on | off } tune.quic.fe.tx.pacing { on | off } Enables ('on') or disables ('off') pacing support for QUIC emission. By @@ -4809,7 +4829,6 @@ tune.quic.disable-udp-gso (deprecated) This keyword has been deprecated in 3.3 and will be removed in 3.5. It is part of the streamlining process apply on QUIC configuration. If used, this setting will only be applied on frontend connections. - tune.quic.frontend.max-data-size This setting is the hard limit for the number of data bytes in flight over a QUIC frontend connection. It is reused as the value for the initial_max_data @@ -4906,20 +4925,6 @@ tune.quic.frontend.max-tx-mem (deprecated) part of the streamlining process apply on QUIC configuration. If used, this setting will only be applied on frontend connections. -tune.quic.retry-threshold - Dynamically enables the Retry feature for all the configured QUIC listeners - as soon as this number of half open connections is reached. A half open - connection is a connection whose handshake has not already successfully - completed or failed. To be functional this setting needs a cluster secret to - be set, if not it will be silently ignored (see "cluster-secret" setting). - This setting will be also silently ignored if the use of QUIC Retry was - forced (see "quic-force-retry"). - - The default value is 100. - - See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more - information about QUIC retry. - tune.quic.socket-owner { connection | listener } Specifies globally how QUIC connections will use socket for receive/send operations. Connections can share listener socket or each connection can @@ -17165,7 +17170,7 @@ quic-force-retry contains a token. This token must be sent back to the Retry packet sender, this latter being the only one to be able to validate the token. Note that QUIC Retry will always be used even if a Retry threshold was set (see - "tune.quic.retry-threshold" setting). + "tune.quic.fe.sec.retry-threshold" setting). This setting requires the cluster secret to be set or else an error will be reported on startup (see "cluster-secret"). diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h index d0a817023..e44cacda5 100644 --- a/include/haproxy/global-t.h +++ b/include/haproxy/global-t.h @@ -221,7 +221,6 @@ struct global { unsigned int quic_frontend_max_streams_bidi; size_t quic_frontend_max_window_size; unsigned int quic_frontend_stream_data_ratio; - unsigned int quic_retry_threshold; #endif /* USE_QUIC */ } tune; struct { diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h index cb80d3e73..3dad90434 100644 --- a/include/haproxy/quic_conn-t.h +++ b/include/haproxy/quic_conn-t.h @@ -91,8 +91,6 @@ typedef unsigned long long ull; #define QUIC_TOKEN_FMT_NEW 0xb7 /* Retry token duration */ #define QUIC_RETRY_DURATION_SEC 10 -/* Default Retry threshold */ -#define QUIC_DFLT_RETRY_THRESHOLD 100 /* in connection openings */ /* Default congestion window size. 480 kB, equivalent to the legacy value which was 30*bufsize */ #define QUIC_DFLT_MAX_WINDOW_SIZE 491520 diff --git a/include/haproxy/quic_tune-t.h b/include/haproxy/quic_tune-t.h index a12902e1c..2db1e7e8c 100644 --- a/include/haproxy/quic_tune-t.h +++ b/include/haproxy/quic_tune-t.h @@ -11,6 +11,8 @@ #define QUIC_DFLT_CC_MAX_FRAME_LOSS 10 /* Default ratio value applied to a dynamic Packet reorder threshold. */ #define QUIC_DFLT_CC_REORDER_RATIO 50 /* in percent */ +/* Default Retry threshold */ +#define QUIC_DFLT_SEC_RETRY_THRESHOLD 100 /* in connection openings */ #define QUIC_TUNE_FE_LISTEN_OFF 0x00000001 @@ -27,6 +29,7 @@ struct quic_tune { uint cc_max_frame_loss; uint cc_reorder_ratio; uint sec_glitches_threshold; + uint sec_retry_threshold; uint opts; /* QUIC_TUNE_FE_* options specific to FE side */ uint fb_opts; /* QUIC_TUNE_FB_* options shared by both side */ } fe; diff --git a/src/cfgparse-quic.c b/src/cfgparse-quic.c index ccfe0aae0..58fcf3c82 100644 --- a/src/cfgparse-quic.c +++ b/src/cfgparse-quic.c @@ -27,6 +27,7 @@ struct quic_tune quic_tune = { .fe = { .cc_max_frame_loss = QUIC_DFLT_CC_MAX_FRAME_LOSS, .cc_reorder_ratio = QUIC_DFLT_CC_REORDER_RATIO, + .sec_retry_threshold = QUIC_DFLT_SEC_RETRY_THRESHOLD, .fb_opts = QUIC_TUNE_FB_TX_PACING|QUIC_TUNE_FB_TX_UDP_GSO, }, .be = { @@ -345,6 +346,9 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type, &quic_tune.fe.sec_glitches_threshold; *ptr = arg; } + else if (strcmp(suffix, "fe.sec.retry-threshold") == 0) { + quic_tune.fe.sec_retry_threshold = arg; + } else if (strcmp(suffix, "frontend.max-data-size") == 0) { if ((errptr = parse_size_err(args[1], &arg))) { memprintf(err, "'%s': unexpected character '%c' in size argument '%s'.", @@ -377,8 +381,6 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type, } global.tune.quic_frontend_stream_data_ratio = arg; } - else if (strcmp(suffix, "retry-threshold") == 0) - global.tune.quic_retry_threshold = arg; /* legacy options */ else if (strcmp(suffix, "cc.cubic.min-losses") == 0) { @@ -425,6 +427,12 @@ static int cfg_parse_quic_tune_setting(char **args, int section_type, quic_tune.fe.cc_reorder_ratio = arg; ret = 1; } + else if (strcmp(suffix, "retry-threshold") == 0) { + memprintf(err, "'%s' is deprecated in 3.3 and will be removed in 3.5. " + "Please use the newer keyword syntax 'tune.quic.fe.sec.retry-threshold'.", args[0]); + quic_tune.fe.sec_retry_threshold = arg; + ret = 1; + } else { memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]); return -1; @@ -550,7 +558,6 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "tune.quic.frontend.max-idle-timeout", cfg_parse_quic_time }, { CFG_GLOBAL, "tune.quic.frontend.default-max-window-size", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.frontend.stream-data-ratio", cfg_parse_quic_tune_setting }, - { CFG_GLOBAL, "tune.quic.retry-threshold", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.zero-copy-fwd-send", cfg_parse_quic_tune_on_off }, { CFG_GLOBAL, "tune.quic.fe.cc.cubic-min-losses", cfg_parse_quic_tune_setting }, @@ -558,6 +565,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "tune.quic.fe.cc.max-frame-loss", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.fe.cc.reorder-ratio", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.fe.sec.glitches-threshold", cfg_parse_quic_tune_setting }, + { CFG_GLOBAL, "tune.quic.fe.sec.retry-threshold", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.fe.tx.pacing", cfg_parse_quic_tune_on_off }, { CFG_GLOBAL, "tune.quic.fe.tx.udp-gso", cfg_parse_quic_tune_on_off }, @@ -578,6 +586,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "tune.quic.frontend.max-tx-mem", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.max-frame-loss", cfg_parse_quic_tune_setting }, { CFG_GLOBAL, "tune.quic.reorder-ratio", cfg_parse_quic_tune_setting }, + { CFG_GLOBAL, "tune.quic.retry-threshold", cfg_parse_quic_tune_setting }, { 0, NULL, NULL } }}; diff --git a/src/haproxy.c b/src/haproxy.c index ad57ce865..5a0523487 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -205,7 +205,6 @@ struct global global = { .quic_frontend_max_streams_bidi = QUIC_TP_DFLT_FRONT_MAX_STREAMS_BIDI, .quic_frontend_max_window_size = QUIC_DFLT_MAX_WINDOW_SIZE, .quic_frontend_stream_data_ratio = QUIC_DFLT_FRONT_STREAM_DATA_RATIO, - .quic_retry_threshold = QUIC_DFLT_RETRY_THRESHOLD, #endif /* USE_QUIC */ }, #ifdef USE_OPENSSL diff --git a/src/quic_rx.c b/src/quic_rx.c index 1200d04e6..56078b6ce 100644 --- a/src/quic_rx.c +++ b/src/quic_rx.c @@ -1703,7 +1703,7 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt, /* No need to emit Retry if connection is refused. */ if (!pkt->token_len && !(dgram->flags & QUIC_DGRAM_FL_REJECT)) { if ((l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) || - HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= global.tune.quic_retry_threshold || + HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= quic_tune.fe.sec_retry_threshold || (dgram->flags & QUIC_DGRAM_FL_SEND_RETRY)) { TRACE_PROTO("Initial without token, sending retry",