From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 7 Jul 2025 09:42:25 +0000 (+0200)
Subject: MINOR: server: support QUIC for dynamic servers
X-Git-Tag: v3.3-dev3~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=42365f53e830200638759d0b94b730257830ca3b;p=thirdparty%2Fhaproxy.git

MINOR: server: support QUIC for dynamic servers

To properly support QUIC for dynamic servers, it is required to extend
add server CLI handler :
* ensure conformity between server address and proto
* automatically set proto to QUIC if not specified
* prepare_srv callback must be called to initialize required SSL context

Prior to this patch, crashes may occur when trying to use QUIC with
dynamic servers.

Also, destroy_srv callback must be called when a dynamic server is
deallocated. This ensures that there is no memory leak due to SSL
context.

No need to backport.
---

diff --git a/src/server.c b/src/server.c
index 8a0ba8c85..6d74a3f19 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3131,6 +3131,8 @@ void srv_free_params(struct server *srv)
 
 	if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
 		xprt_get(XPRT_SSL)->destroy_srv(srv);
+	else if (xprt_get(XPRT_QUIC) && xprt_get(XPRT_QUIC)->destroy_srv)
+		xprt_get(XPRT_QUIC)->destroy_srv(srv);
 
 	while (!LIST_ISEMPTY(&srv->pp_tlvs)) {
 		srv_tlv = LIST_ELEM(srv->pp_tlvs.n, struct srv_pp_tlv_list *, list);
@@ -6070,6 +6072,14 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
 	 */
 	srv->init_addr_methods = SRV_IADDR_NONE;
 
+	if (!srv->mux_proto && srv_is_quic(srv)) {
+		/* Force QUIC as mux-proto on server with quic addresses.
+		 * Incompatibilities with TCP proxy mode will be catch by the
+		 * next code block.
+		 */
+		srv->mux_proto = get_mux_proto(ist("quic"));
+	}
+
 	if (srv->mux_proto) {
 		int proto_mode = conn_pr_mode_to_proto_mode(be->mode);
 		const struct mux_proto_list *mux_ent;
@@ -6080,6 +6090,16 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
 			ha_alert("MUX protocol is not usable for server.\n");
 			goto out;
 		}
+		else {
+			if ((mux_ent->mux->flags & MX_FL_FRAMED) && !srv_is_quic(srv)) {
+				ha_alert("MUX protocol is incompatible with stream transport used by server.\n");
+				goto out;
+			}
+			else if (!(mux_ent->mux->flags & MX_FL_FRAMED) && srv_is_quic(srv)) {
+				ha_alert("MUX protocol is incompatible with framed transport used by server.\n");
+				goto out;
+			}
+		}
 	}
 
 	if (!srv_alloc_lb(srv, be)) {
@@ -6103,6 +6123,10 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
 			if (xprt_get(XPRT_SSL)->prepare_srv(srv))
 				goto out;
 		}
+		else if (xprt_get(XPRT_QUIC) && xprt_get(XPRT_QUIC)->prepare_srv) {
+			if (xprt_get(XPRT_QUIC)->prepare_srv(srv))
+				goto out;
+		}
 	}
 
 	if (srv->trackit) {