From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 14 Nov 2022 15:17:13 +0000 (+0100)
Subject: MINOR: quic: report error if force-retry without cluster-secret
X-Git-Tag: v2.7-dev10~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=996ca7d0fa6a01ef6f4e5c6a9fc511cdcf06afe2;p=thirdparty%2Fhaproxy.git

MINOR: quic: report error if force-retry without cluster-secret

QUIC Retry generation relies on global cluster-secret to produce token
valid even after a process restart and across several LBs instances.

Before this patch, Retry is automatically deactivated if no
cluster-secret is provided. This is the case even if a user has
configured a QUIC listener with quic-force-retry. Change this behavior
by now returning an error during configuration parsing. The user must
provide a cluster-secret if quic-force-retry is used.

This shoud be backported up to 2.6.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 36d7386374..46f49bf5c7 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -14586,9 +14586,10 @@ quic-force-retry
   contains a token. This token must be sent back to the Retry packet sender,
   this latter being the only one to be able to validate the token. Note that QUIC
   Retry will always be used even if a Retry threshold was set (see
-  "tune.quic.retry-threshold" setting). To be functional this setting needs a
-  cluster secret to be set, if not it will be silently ignored (see "cluster-secret"
-  setting).
+  "tune.quic.retry-threshold" setting).
+
+  This setting requires the cluster secret to be set or else an error will be
+  reported on startup (see "cluster-secret").
 
   See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more
   information about QUIC retry.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 998afcd5e6..5a5744c21c 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4317,8 +4317,13 @@ init_proxies_list_stage2:
 #ifdef USE_QUIC
 			/* override the accept callback for QUIC listeners. */
 			if (listener->flags & LI_F_QUIC_LISTENER) {
-				if (!global.cluster_secret)
+				if (!global.cluster_secret) {
 					diag_no_cluster_secret = 1;
+					if (listener->bind_conf->options & BC_O_QUIC_FORCE_RETRY) {
+						ha_alert("QUIC listener with quic-force-retry requires global cluster-secret to be set.\n");
+						cfgerr++;
+					}
+				}
 
 				li_init_per_thr(listener);
 			}