MINOIR: quic_stats: add QUIC connection errors counters

Add statistical counters for all the transport level connection errrors.

diff --git a/include/haproxy/quic_stats-t.h b/include/haproxy/quic_stats-t.h
index 7baed42b830658331d97b2ec1ca266353bcc0006..7a8b8085effa81eeae4458464d171a6b4eb974e7 100644 (file)
--- a/include/haproxy/quic_stats-t.h
+++ b/include/haproxy/quic_stats-t.h
@@ -8,13 +8,70 @@
 
 extern struct stats_module quic_stats_module;
 
+enum {
+       QUIC_ST_DROPPED_PACKETS,
+       QUIC_ST_TOO_SHORT_INITIAL_DGRAM,
+       QUIC_ST_RETRY_SENT,
+       QUIC_ST_RETRY_VALIDATED,
+       QUIC_ST_RETRY_ERRORS,
+       QUIC_ST_CONN_OPENINGS,
+       QUIC_ST_HDSHK_FAILS,
+       /* Transport errors */
+       QUIC_ST_TRANSP_ERR_NO_ERROR,
+       QUIC_ST_TRANSP_ERR_INTERNAL_ERROR,
+       QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED,
+       QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR,
+       QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR,
+       QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR,
+       QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR,
+       QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR,
+       QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR,
+       QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR,
+       QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION,
+       QUIC_ST_TRANSP_ERR_INVALID_TOKEN,
+       QUIC_ST_TRANSP_ERR_APPLICATION_ERROR,
+       QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED,
+       QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR,
+       QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED,
+       QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH,
+       QUIC_ST_TRANSP_ERR_CRYPTO_ERROR,
+       QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR,
+       /* Stream related counters */
+       QUIC_ST_DATA_BLOCKED,
+       QUIC_ST_STREAM_DATA_BLOCKED,
+       QUIC_ST_STREAMS_DATA_BLOCKED_BIDI,
+       QUIC_ST_STREAMS_DATA_BLOCKED_UNI,
+       QUIC_STATS_COUNT /* must be the last */
+};
+
 struct quic_counters {
        long long dropped_pkt;       /* total number of dropped packets */
+       long long too_short_initial_dgram; /* total number of too short datagrams with Initial packets */
        long long retry_sent;        /* total number of Retry sent */
        long long retry_validated;   /* total number of validated Retry tokens */
        long long retry_error;       /* total number of Retry token errors */
        long long conn_opening;      /* total number of connection openings */
        long long hdshk_fail;        /* total number of handshake failures */
+       /* Transport errors */
+       long long quic_transp_err_no_error; /* total number of NO_ERROR connection errors */
+       long long quic_transp_err_internal_error; /* total number of INTERNAL_ERROR connection errors */
+       long long quic_transp_err_connection_refused; /* total number of CONNECTION_REFUSED connection errors */
+       long long quic_transp_err_flow_control_error; /* total number of FLOW_CONTROL_ERROR connection errors */
+       long long quic_transp_err_stream_limit_error; /* total number of STREAM_LIMIT_ERROR connection errors */
+       long long quic_transp_err_stream_state_error; /* total number of STREAM_STATE_ERROR connection errors */
+       long long quic_transp_err_final_size_error;          /* total number of FINAL_SIZE_ERROR connection errors */
+       long long quic_transp_err_frame_encoding_error;      /* total number of FRAME_ENCODING_ERROR connection errors */
+       long long quic_transp_err_transport_parameter_error; /* total number of TRANSPORT_PARAMETER_ERROR connection errors */
+       long long quic_transp_err_connection_id_limit;       /* total number of CONNECTION_ID_LIMIT_ERROR connection errors */
+       long long quic_transp_err_protocol_violation;        /* total number of PROTOCOL_VIOLATION connection errors */
+       long long quic_transp_err_invalid_token;             /* total number of INVALID_TOKEN connection errors */
+       long long quic_transp_err_application_error;         /* total number of APPLICATION_ERROR connection errors */
+       long long quic_transp_err_crypto_buffer_exceeded;    /* total number of CRYPTO_BUFFER_EXCEEDED connection errors */
+       long long quic_transp_err_key_update_error;   /* total number of KEY_UPDATE_ERROR connection errors */
+       long long quic_transp_err_aead_limit_reached; /* total number of AEAD_LIMIT_REACHED connection errors */
+       long long quic_transp_err_no_viable_path;     /* total number of NO_VIABLE_PATH connection errors */
+       long long quic_transp_err_crypto_error;       /* total number of CRYPTO_ERROR connection errors */
+       long long quic_transp_err_unknown_error;      /* total number of UNKNOWN_ERROR connection errors */
        /* Streams related counters */
        long long data_blocked;              /* total number of times DATA_BLOCKED frame was received */
        long long stream_data_blocked;       /* total number of times STEAM_DATA_BLOCKED frame was received */

diff --git a/include/haproxy/quic_stats.h b/include/haproxy/quic_stats.h
new file mode 100644 (file)
index 0000000..b2a8dec
--- /dev/null
+++ b/include/haproxy/quic_stats.h
@@ -0,0 +1,14 @@
+#ifndef _HAPROXY_QUIC_STATS_H
+#define _HAPROXY_QUIC_STATS_H
+
+#ifdef USE_QUIC
+#ifndef USE_OPENSSL
+#error "Must define USE_OPENSSL"
+#endif
+
+#include <haproxy/quic_stats-t.h>
+
+void quic_stats_transp_err_count_inc(struct quic_counters *ctrs, int error_code);
+
+#endif /* USE_QUIC */
+#endif /* _HAPROXY_QUIC_STATS_H */

diff --git a/src/quic_stats.c b/src/quic_stats.c
index adc166799b46f627ad11ef07806ea6beb70d6885..cc81924b9f5c006dc530311f805bc993f80272c8 100644 (file)
--- a/src/quic_stats.c
+++ b/src/quic_stats.c
@@ -1,24 +1,11 @@
 #include <haproxy/quic_stats-t.h>
 #include <haproxy/stats.h>
 
-enum {
-       QUIC_ST_DROPPED_PACKETS,
-       QUIC_ST_RETRY_SENT,
-       QUIC_ST_RETRY_VALIDATED,
-       QUIC_ST_RETRY_ERRORS,
-       QUIC_ST_CONN_OPENINGS,
-       QUIC_ST_HDSHK_FAILS,
-       /* Stream related counters */
-       QUIC_ST_DATA_BLOCKED,
-       QUIC_ST_STREAM_DATA_BLOCKED,
-       QUIC_ST_STREAMS_DATA_BLOCKED_BIDI,
-       QUIC_ST_STREAMS_DATA_BLOCKED_UNI,
-       QUIC_STATS_COUNT /* must be the last */
-};
-
 static struct name_desc quic_stats[] = {
        [QUIC_ST_DROPPED_PACKETS]     = { .name = "quic_dropped_pkt",
                                          .desc = "Total number of dropped packets" },
+       [QUIC_ST_TOO_SHORT_INITIAL_DGRAM] = { .name = "quic_too_short_dgram",
+                                         .desc = "Total number of too short dgrams with Initial packets" },
        [QUIC_ST_RETRY_SENT]          = { .name = "quic_retry_sent",
                                          .desc = "Total number of Retry sent" },
        [QUIC_ST_RETRY_VALIDATED]     = { .name = "quic_retry_validated",
@@ -29,6 +16,45 @@ static struct name_desc quic_stats[] = {
                                          .desc = "Total number of connection openings" },
        [QUIC_ST_HDSHK_FAILS]         = { .name = "quic_hdshk_fail",
                                          .desc = "Total number of handshake failures" },
+       /* Transport errors */
+       [QUIC_ST_TRANSP_ERR_NO_ERROR] = { .name = "quic_transp_err_no_error",
+                                         .desc = "Total number of NO_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_INTERNAL_ERROR]     = { .name = "quic_transp_err_internal_error",
+                                                   .desc = "Total number of INTERNAL_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED] = { .name = "quic_transp_err_connection_refused",
+                                                   .desc = "Total number of CONNECTION_REFUSED errors received" },
+       [QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR] = { .name = "quic_transp_err_flow_control_error",
+                                                   .desc = "Total number of FLOW_CONTROL_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR] = { .name = "quic_transp_err_stream_limit_error",
+                                                   .desc = "Total number of STREAM_LIMIT_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR] = { .name = "quic_transp_err_stream_state_error",
+                                                   .desc = "Total number of STREAM_STATE_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR]   = { .name = "quic_transp_err_final_size_error",
+                                                   .desc = "Total number of FINAL_SIZE_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR]      = { .name = "quic_transp_err_frame_encoding_error",
+                                                          .desc = "Total number of FRAME_ENCODING_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR] = { .name = "quic_transp_err_transport_parameter_error",
+                                                          .desc = "Total number of TRANSPORT_PARAMETER_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR] = { .name = "quic_transp_err_connection_id_limit",
+                                                          .desc = "Total number of CONNECTION_ID_LIMIT_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION]        = { .name = "quic_transp_err_protocol_violation_error",
+                                                          .desc = "Total number of PROTOCOL_VIOLATION errors received" },
+       [QUIC_ST_TRANSP_ERR_INVALID_TOKEN]          = { .name = "quic_transp_err_invalid_token",
+                                                       .desc = "Total number of INVALID_TOKEN errors received" },
+       [QUIC_ST_TRANSP_ERR_APPLICATION_ERROR]      = { .name = "quic_transp_err_application_error",
+                                                       .desc = "Total number of APPLICATION_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED] = { .name = "quic_transp_err_crypto_buffer_exceeded",
+                                                       .desc = "Total number of CRYPTO_BUFFER_EXCEEDED errors received" },
+       [QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR]       = { .name = "quic_transp_err_key_update_error",
+                                                       .desc = "Total number of KEY_UPDATE_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED]     = { .name = "quic_transp_err_aead_limit_reached",
+                                                       .desc = "Total number of AEAD_LIMIT_REACHED errors received" },
+       [QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH] = { .name = "quic_transp_err_no_viable_path",
+                                               .desc = "Total number of NO_VIABLE_PATH errors received" },
+       [QUIC_ST_TRANSP_ERR_CRYPTO_ERROR]   = { .name = "quic_transp_err_crypto_error",
+                                               .desc = "Total number of CRYPTO_ERROR errors received" },
+       [QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR]  = { .name = "quic_transp_err_unknown_error",
+                                               .desc = "Total number of UNKNOWN_ERROR errors received" },
        /* Streams related counters */
        [QUIC_ST_DATA_BLOCKED]              = { .name = "quic_data_blocked",
                                                .desc = "Total number of times DATA_BLOCKED frame was received" },
@@ -47,11 +73,32 @@ static void quic_fill_stats(void *data, struct field *stats)
        struct quic_counters *counters = data;
 
        stats[QUIC_ST_DROPPED_PACKETS]   = mkf_u64(FN_COUNTER, counters->dropped_pkt);
+       stats[QUIC_ST_TOO_SHORT_INITIAL_DGRAM] = mkf_u64(FN_COUNTER, counters->too_short_initial_dgram);
        stats[QUIC_ST_RETRY_SENT]        = mkf_u64(FN_COUNTER, counters->retry_sent);
        stats[QUIC_ST_RETRY_VALIDATED]   = mkf_u64(FN_COUNTER, counters->retry_validated);
        stats[QUIC_ST_RETRY_ERRORS]      = mkf_u64(FN_COUNTER, counters->retry_error);
        stats[QUIC_ST_CONN_OPENINGS]     = mkf_u64(FN_GAUGE, counters->conn_opening);
        stats[QUIC_ST_HDSHK_FAILS]       = mkf_u64(FN_COUNTER, counters->hdshk_fail);
+       /* Transport errors */
+       stats[QUIC_ST_TRANSP_ERR_NO_ERROR]           = mkf_u64(FN_COUNTER, counters->quic_transp_err_no_error);
+       stats[QUIC_ST_TRANSP_ERR_INTERNAL_ERROR]     = mkf_u64(FN_COUNTER, counters->quic_transp_err_internal_error);
+       stats[QUIC_ST_TRANSP_ERR_CONNECTION_REFUSED] = mkf_u64(FN_COUNTER, counters->quic_transp_err_connection_refused);
+       stats[QUIC_ST_TRANSP_ERR_FLOW_CONTROL_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_flow_control_error);
+       stats[QUIC_ST_TRANSP_ERR_STREAM_LIMIT_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_stream_limit_error);
+       stats[QUIC_ST_TRANSP_ERR_STREAM_STATE_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_stream_state_error);
+       stats[QUIC_ST_TRANSP_ERR_FINAL_SIZE_ERROR]   = mkf_u64(FN_COUNTER, counters->quic_transp_err_final_size_error);
+       stats[QUIC_ST_TRANSP_ERR_FRAME_ENCODING_ERROR]      = mkf_u64(FN_COUNTER, counters->quic_transp_err_frame_encoding_error);
+       stats[QUIC_ST_TRANSP_ERR_TRANSPORT_PARAMETER_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_transport_parameter_error);
+       stats[QUIC_ST_TRANSP_ERR_CONNECTION_ID_LIMIT_ERROR] = mkf_u64(FN_COUNTER, counters->quic_transp_err_connection_id_limit);
+       stats[QUIC_ST_TRANSP_ERR_PROTOCOL_VIOLATION]     = mkf_u64(FN_COUNTER, counters->quic_transp_err_protocol_violation);
+       stats[QUIC_ST_TRANSP_ERR_INVALID_TOKEN]          = mkf_u64(FN_COUNTER, counters->quic_transp_err_invalid_token);
+       stats[QUIC_ST_TRANSP_ERR_APPLICATION_ERROR]      = mkf_u64(FN_COUNTER, counters->quic_transp_err_application_error);
+       stats[QUIC_ST_TRANSP_ERR_CRYPTO_BUFFER_EXCEEDED] = mkf_u64(FN_COUNTER, counters->quic_transp_err_crypto_buffer_exceeded);
+       stats[QUIC_ST_TRANSP_ERR_KEY_UPDATE_ERROR]       = mkf_u64(FN_COUNTER, counters->quic_transp_err_key_update_error);
+       stats[QUIC_ST_TRANSP_ERR_AEAD_LIMIT_REACHED]     = mkf_u64(FN_COUNTER, counters->quic_transp_err_aead_limit_reached);
+       stats[QUIC_ST_TRANSP_ERR_NO_VIABLE_PATH]         = mkf_u64(FN_COUNTER, counters->quic_transp_err_no_viable_path);
+       stats[QUIC_ST_TRANSP_ERR_CRYPTO_ERROR]           = mkf_u64(FN_COUNTER, counters->quic_transp_err_crypto_error);
+       stats[QUIC_ST_TRANSP_ERR_UNKNOWN_ERROR]          = mkf_u64(FN_COUNTER, counters->quic_transp_err_unknown_error);
        /* Streams related counters */
        stats[QUIC_ST_DATA_BLOCKED]              = mkf_u64(FN_COUNTER, counters->data_blocked);
        stats[QUIC_ST_STREAM_DATA_BLOCKED]       = mkf_u64(FN_COUNTER, counters->stream_data_blocked);
@@ -71,3 +118,65 @@ struct stats_module quic_stats_module = {
 };
 
 INITCALL1(STG_REGISTER, stats_register_module, &quic_stats_module);
+
+void quic_stats_transp_err_count_inc(struct quic_counters *ctrs, int error_code)
+{
+       switch (error_code) {
+       case QC_ERR_NO_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_no_error);
+               break;
+       case QC_ERR_INTERNAL_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_internal_error);
+               break;
+       case QC_ERR_CONNECTION_REFUSED:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_connection_refused);
+               break;
+       case QC_ERR_FLOW_CONTROL_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_flow_control_error);
+               break;
+       case QC_ERR_STREAM_LIMIT_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_stream_limit_error);
+               break;
+       case QC_ERR_STREAM_STATE_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_stream_state_error);
+               break;
+       case QC_ERR_FINAL_SIZE_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_final_size_error);
+               break;
+       case QC_ERR_FRAME_ENCODING_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_frame_encoding_error);
+               break;
+       case QC_ERR_TRANSPORT_PARAMETER_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_transport_parameter_error);
+               break;
+       case QC_ERR_CONNECTION_ID_LIMIT_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_connection_id_limit);
+               break;
+       case QC_ERR_PROTOCOL_VIOLATION:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_protocol_violation);
+               break;
+       case QC_ERR_INVALID_TOKEN:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_invalid_token);
+               break;
+       case QC_ERR_APPLICATION_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_application_error);
+               break;
+       case QC_ERR_CRYPTO_BUFFER_EXCEEDED:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_crypto_buffer_exceeded);
+               break;
+       case QC_ERR_KEY_UPDATE_ERROR:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_key_update_error);
+               break;
+       case QC_ERR_AEAD_LIMIT_REACHED:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_aead_limit_reached);
+               break;
+       case QC_ERR_NO_VIABLE_PATH:
+               HA_ATOMIC_INC(&ctrs->quic_transp_err_no_viable_path);
+               break;
+       default:
+               if (error_code >= 0x100 && error_code <= 0x1ff)
+                       HA_ATOMIC_INC(&ctrs->quic_transp_err_crypto_error);
+               else
+                       HA_ATOMIC_INC(&ctrs->quic_transp_err_unknown_error);
+       }
+}

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 6df7df604a5616aba1f31da474b7f63e399d872f..de65b7f656681b891789502a8ad7778781ebe24d 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -45,7 +45,7 @@
 #include <haproxy/quic_frame.h>
 #include <haproxy/quic_loss.h>
 #include <haproxy/quic_sock.h>
-#include <haproxy/quic_stats-t.h>
+#include <haproxy/quic_stats.h>
 #include <haproxy/quic_stream.h>
 #include <haproxy/quic_tp.h>
 #include <haproxy/cbuf.h>
@@ -2367,6 +2367,15 @@ static void qc_prep_hdshk_fast_retrans(struct quic_conn *qc,
        LIST_SPLICE(hfrms, &htmp);
 }
 
+static void qc_cc_err_count_inc(struct quic_counters *ctrs,
+                                enum quic_frame_type frm_type, unsigned int error_code)
+{
+       if (frm_type == QUIC_FT_CONNECTION_CLOSE)
+               quic_stats_transp_err_count_inc(ctrs, error_code);
+       else if (frm_type == QUIC_FT_CONNECTION_CLOSE_APP)
+               return;
+}
+
 /* Parse all the frames of <pkt> QUIC packet for QUIC connection with <ctx>
  * as I/O handler context and <qel> as encryption level.
  * Returns 1 if succeeded, 0 if failed.
@@ -2552,6 +2561,7 @@ static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ct
                        break;
                case QUIC_FT_CONNECTION_CLOSE:
                case QUIC_FT_CONNECTION_CLOSE_APP:
+                       qc_cc_err_count_inc(qc->prx_counters, frm.type, frm.connection_close.error_code);
                        if (!(qc->flags & QUIC_FL_CONN_DRAINING)) {
                                /* If the connection did not reached the handshake complete state,
                                 * the <conn_opening> counter was not decremented. Note that if
@@ -5203,7 +5213,7 @@ static void qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end,
                else if (pkt->type == QUIC_PACKET_TYPE_INITIAL &&
                         dgram->len < QUIC_INITIAL_PACKET_MINLEN) {
                        TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT, qc);
-                       drop_no_conn = 1;
+                       HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram);
                }
 
                /* When multiple QUIC packets are coalesced on the same UDP datagram,