git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Thu, 18 Jul 2024 16:25:43 +0000 (18:25 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Thu, 25 Jul 2024 13:39:39 +0000 (15:39 +0200)
commit	cafe5966084099fd87cfcaccd1cd17d0c04e1299
tree	a74cdf333ba861eeeeadd70ce713675a5990478e	tree
parent	a72e82c382eff9768c2e04e034a0093102dd487b	commit \| diff

MEDIUM: quic: implement quic-initial rules

Implement a new set of rules labelled as quic-initial.

These rules as specific to QUIC. They are scheduled to be executed early
on Initial packet parsing, prior a new QUIC connection instantiation.
Contrary to tcp-request connection, this allows to reject traffic
earlier, most notably by avoiding unnecessary QUIC SSL handshake
processing.

A new module quic_rules is created. Its main function
quic_init_exec_rules() is called on Initial packet parsing in function
quic_rx_pkt_retrieve_conn().

For the moment, only "accept" and "dgram-drop" are valid actions. Both
are final. The latter drops silently the Initial packet instead of
allocating a new QUIC connection.

Makefile		diff \| blob \| blame \| history
doc/configuration.txt		diff \| blob \| blame \| history
include/haproxy/action-t.h		diff \| blob \| blame \| history
include/haproxy/cfgparse.h		diff \| blob \| blame \| history
include/haproxy/proxy-t.h		diff \| blob \| blame \| history
include/haproxy/quic_rules.h	[new file with mode: 0644]	blob
src/cfgparse-listen.c		diff \| blob \| blame \| history
src/cfgparse-quic.c		diff \| blob \| blame \| history
src/proxy.c		diff \| blob \| blame \| history
src/quic_rules.c	[new file with mode: 0644]	blob
src/quic_rx.c		diff \| blob \| blame \| history