From 372508cc42d008fbf6d1016306de99f37a32fddb Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Fri, 6 May 2022 08:53:16 +0200
Subject: [PATCH] MINOR: config: Add "cluster-secret" new global keyword

It could be usefull to set a ASCII secret which could be used for different
usages. For instance, it will be used to derive QUIC stateless reset tokens.
---
 doc/configuration.txt      |  8 ++++++++
 include/haproxy/global-t.h |  1 +
 src/cfgparse-global.c      | 18 +++++++++++++++++-
 src/cfgparse.c             |  7 +++++++
 src/haproxy.c              |  1 +
 5 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 23fc72b3e9..d5283270c2 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -992,6 +992,7 @@ The following keywords are supported in the "global" section :
  * Process management and security
    - ca-base
    - chroot
+   - cluster-secret
    - crt-base
    - cpu-map
    - daemon
@@ -1161,6 +1162,13 @@ chroot <jail dir>
   with superuser privileges. It is important to ensure that <jail_dir> is both
   empty and non-writable to anyone.
 
+cluster-secret <secret>
+  Define an ASCII string secret shared between several nodes belonging to the
+  same cluster. It could be used for different usages. It is at least used to
+  derive stateless reset tokens for all the QUIC connections instantiated by
+  this process. If you do not set this parameter, the stateless reset QUIC
+  feature will be silently disabled.
+
 close-spread-time <time>
   Define a time window during which idle connections and active connections
   closing is spread in case of soft-stop. After a SIGUSR1 is received and the
diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index 7b8c2e6b82..fbbc88da33 100644
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -130,6 +130,7 @@ struct global {
 	char *log_send_hostname;   /* set hostname in syslog header */
 	char *server_state_base;   /* path to a directory where server state files can be found */
 	char *server_state_file;   /* path to the file where server states are loaded from */
+	char *cluster_secret;      /* Secret defined as ASCII string */
 	struct {
 		int maxpollevents; /* max number of poll events at once */
 		int maxaccept;     /* max number of consecutive accept() */
diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index b4dd849488..85b44df5ff 100644
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -45,7 +45,7 @@ static const char *common_kw_list[] = {
 	"log-tag", "spread-checks", "max-spread-checks", "cpu-map", "setenv",
 	"presetenv", "unsetenv", "resetenv", "strict-limits", "localpeer",
 	"numa-cpu-mapping", "defaults", "listen", "frontend", "backend",
-	"peers", "resolvers",
+	"peers", "resolvers", "cluster-secret",
 	NULL /* must be last */
 };
 
@@ -486,6 +486,22 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 			goto out;
 		}
 	}
+	else if (strcmp(args[0], "cluster-secret") == 0) {
+		if (alertif_too_many_args(1, file, linenum, args, &err_code))
+			goto out;
+		if (*args[1] == 0) {
+			ha_alert("parsing [%s:%d] : expects an ASCII string argument.\n", file, linenum);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
+		if (global.cluster_secret != NULL) {
+			ha_alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
+			err_code |= ERR_ALERT;
+			goto out;
+		}
+		ha_free(&global.cluster_secret);
+		global.cluster_secret = strdup(args[1]);
+	}
 	else if (strcmp(args[0], "uid") == 0) {
 		if (alertif_too_many_args(1, file, linenum, args, &err_code))
 			goto out;
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 48d588436f..13fda2d962 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2450,6 +2450,7 @@ int check_config_validity()
 	struct cfg_postparser *postparser;
 	struct resolvers *curr_resolvers = NULL;
 	int i;
+	int diag_no_cluster_secret = 0;
 
 	bind_conf = NULL;
 	/*
@@ -3947,6 +3948,8 @@ out_uri_auth_compat:
 #ifdef USE_QUIC
 			/* override the accept callback for QUIC listeners. */
 			if (listener->flags & LI_F_QUIC_LISTENER) {
+				if (!global.cluster_secret)
+					diag_no_cluster_secret = 1;
 				listener->accept = quic_session_accept;
 				li_init_per_thr(listener);
 			}
@@ -3987,6 +3990,10 @@ out_uri_auth_compat:
 		}
 	}
 
+	if (diag_no_cluster_secret)
+		ha_diag_warning("No cluster secret was set. The stateless reset feature"
+		                " is disabled for all QUIC bindings.\n");
+
 	/*
 	 * Recount currently required checks.
 	 */
diff --git a/src/haproxy.c b/src/haproxy.c
index 266f5552bc..d2cfbc0f30 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2664,6 +2664,7 @@ void deinit(void)
 	ha_free(&global.log_send_hostname);
 	chunk_destroy(&global.log_tag);
 	ha_free(&global.chroot);
+	ha_free(&global.cluster_secret);
 	ha_free(&global.pidfile);
 	ha_free(&global.node);
 	ha_free(&global.desc);
-- 
2.47.3