MINOR: quic: delay Retry emission on quic-force-retry

Currently, quic Retry packets are emitted for two different reasons
after processing an Initial without token :
- quic-force-retry is set on bind-line
- an abnormal number of half-open connection is currently detected

Previously, these two conditions were checked separately in different
functions during datagram parsing. Uniformize this by moving
quic-force-retry check in quic_rx_pkt_retrieve_conn() along the second
condition check.

The purpose of this patch is to uniformize datagram parsing stages. It
is necessary to implement quic-initial rules in
quic_rx_pkt_retrieve_conn() prior to any Retry emission. This prevents
to emit unnecessary Retry if an Initial is subject to a reject rule.

diff --git a/src/quic_rx.c b/src/quic_rx.c
index e2dd8fbd06e68a97b80af3032d81d4569f1c9982..fa82042a0b75ac447917a962322af0bd3ead0c1f 100644 (file)
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -1605,8 +1605,9 @@ static struct quic_conn *quic_rx_pkt_retrieve_conn(struct quic_rx_packet *pkt,
                                if (!quic_retry_token_check(pkt, dgram, l, qc, &token_odcid))
                                        goto err;
                        }
-                       else if (!(l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) &&
+                       else if ((l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) ||
                                 HA_ATOMIC_LOAD(&prx_counters->half_open_conn) >= global.tune.quic_retry_threshold) {
+
                                TRACE_PROTO("Initial without token, sending retry",
                                            QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
                                if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) {
@@ -1799,24 +1800,6 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt,
                                goto drop;
                        }
 
-                       /* TODO Retry should be automatically activated if
-                        * suspect network usage is detected.
-                        */
-                       if (!token_len) {
-                               if (l->bind_conf->options & BC_O_QUIC_FORCE_RETRY) {
-                                       TRACE_PROTO("Initial without token, sending retry",
-                                                   QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
-                                       if (send_retry(l->rx.fd, &dgram->saddr, pkt, pkt->version)) {
-                                               TRACE_PROTO("Error during Retry generation",
-                                                           QUIC_EV_CONN_LPKT, NULL, NULL, NULL, pkt->version);
-                                               goto drop_silent;
-                                       }
-
-                                       HA_ATOMIC_INC(&prx_counters->retry_sent);
-                                       goto drop_silent;
-                               }
-                       }
-
                        pkt->token = pos;
                        pkt->token_len = token_len;
                        pos += pkt->token_len;