MINOR: quic: Add "limited-quic" new tuning setting

This setting which may be used into a "global" section, enables the QUIC listener
bindings when haproxy is compiled with the OpenSSL wrapper. It has no effect
when haproxy is compiled against a TLS stack with QUIC support, typically quictls.

diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index 0bcfa577a167913802720d1bc8338b06a584a871..3523f631fb6386b9d4c5bfd1bbd12fd963917d87 100644 (file)
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -58,7 +58,7 @@
 /* platform-specific options */
 #define GTUNE_USE_SPLICE         (1<<4)
 #define GTUNE_USE_GAI            (1<<5)
-/* unused: (1<<6) */
+#define GTUNE_LIMITED_QUIC       (1<<6)
 #define GTUNE_RESOLVE_DONTFAIL   (1<<7)
 
 #define GTUNE_SOCKET_TRANSFER   (1<<8)

diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index 87c597066c8008c5b5e3c936cc0f9ca16ce62e0d..23f83f89dba8aa135c64963366dc26a9d5c68905 100644 (file)
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -47,7 +47,7 @@ static const char *common_kw_list[] = {
        "log-tag", "spread-checks", "max-spread-checks", "cpu-map", "setenv",
        "presetenv", "unsetenv", "resetenv", "strict-limits", "localpeer",
        "numa-cpu-mapping", "defaults", "listen", "frontend", "backend",
-       "peers", "resolvers", "cluster-secret", "no-quic",
+       "peers", "resolvers", "cluster-secret", "no-quic", "limited-quic",
        NULL /* must be last */
 };
 
@@ -113,6 +113,12 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
                        goto out;
                global.tune.options &= ~GTUNE_USE_POLL;
        }
+       else if (strcmp(args[0], "limited-quic") == 0) {
+               if (alertif_too_many_args(0, file, linenum, args, &err_code))
+                       goto out;
+
+               global.tune.options |= GTUNE_LIMITED_QUIC;
+       }
        else if (strcmp(args[0], "no-quic") == 0) {
                if (alertif_too_many_args(0, file, linenum, args, &err_code))
                        goto out;

diff --git a/src/protocol.c b/src/protocol.c
index c4b57c5efa1a4d0edaa9a1849d40b35f12525351..23ca7af70e3bce321983029ada8db12f20fed6a9 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -114,6 +114,22 @@ int protocol_supports_flag(struct protocol *proto, uint flag)
        return 0;
 }
 
+#ifdef USE_QUIC
+/* Return 1 if QUIC protocol may be bound, 0 if no, depending on the tuning
+ * parameters.
+ */
+static inline int protocol_may_bind_quic(void)
+{
+       if (global.tune.options & GTUNE_NO_QUIC)
+               return 0;
+#ifdef USE_QUIC_OPENSSL_COMPAT
+       if (!(global.tune.options & GTUNE_LIMITED_QUIC))
+               return 0;
+#endif
+       return 1;
+}
+#endif
+
 /* binds all listeners of all registered protocols. Returns a composition
  * of ERR_NONE, ERR_RETRYABLE, ERR_FATAL.
  */
@@ -131,8 +147,8 @@ int protocol_bind_all(int verbose)
        list_for_each_entry(proto, &protocols, list) {
                list_for_each_entry(receiver, &proto->receivers, proto_list) {
 #ifdef USE_QUIC
-                       if ((global.tune.options & GTUNE_NO_QUIC) &&
-                           (proto == &proto_quic4 || proto == &proto_quic6))
+                       if ((proto == &proto_quic4 || proto == &proto_quic6) &&
+                           !protocol_may_bind_quic())
                                continue;
 #endif
                        listener = LIST_ELEM(receiver, struct listener *, rx);