From f32201abb03863cd3f03a48b180e61202a6964f4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Fri, 21 Jul 2023 18:22:38 +0200 Subject: [PATCH] MINOR: quic: Add "limited-quic" new tuning setting This setting which may be used into a "global" section, enables the QUIC listener bindings when haproxy is compiled with the OpenSSL wrapper. It has no effect when haproxy is compiled against a TLS stack with QUIC support, typically quictls. --- include/haproxy/global-t.h | 2 +- src/cfgparse-global.c | 8 +++++++- src/protocol.c | 20 ++++++++++++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h index 0bcfa577a1..3523f631fb 100644 --- a/include/haproxy/global-t.h +++ b/include/haproxy/global-t.h @@ -58,7 +58,7 @@ /* platform-specific options */ #define GTUNE_USE_SPLICE (1<<4) #define GTUNE_USE_GAI (1<<5) -/* unused: (1<<6) */ +#define GTUNE_LIMITED_QUIC (1<<6) #define GTUNE_RESOLVE_DONTFAIL (1<<7) #define GTUNE_SOCKET_TRANSFER (1<<8) diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c index 87c597066c..23f83f89db 100644 --- a/src/cfgparse-global.c +++ b/src/cfgparse-global.c @@ -47,7 +47,7 @@ static const char *common_kw_list[] = { "log-tag", "spread-checks", "max-spread-checks", "cpu-map", "setenv", "presetenv", "unsetenv", "resetenv", "strict-limits", "localpeer", "numa-cpu-mapping", "defaults", "listen", "frontend", "backend", - "peers", "resolvers", "cluster-secret", "no-quic", + "peers", "resolvers", "cluster-secret", "no-quic", "limited-quic", NULL /* must be last */ }; @@ -113,6 +113,12 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) goto out; global.tune.options &= ~GTUNE_USE_POLL; } + else if (strcmp(args[0], "limited-quic") == 0) { + if (alertif_too_many_args(0, file, linenum, args, &err_code)) + goto out; + + global.tune.options |= GTUNE_LIMITED_QUIC; + } else if (strcmp(args[0], "no-quic") == 0) { if (alertif_too_many_args(0, file, linenum, args, &err_code)) goto out; diff --git a/src/protocol.c b/src/protocol.c index c4b57c5efa..23ca7af70e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -114,6 +114,22 @@ int protocol_supports_flag(struct protocol *proto, uint flag) return 0; } +#ifdef USE_QUIC +/* Return 1 if QUIC protocol may be bound, 0 if no, depending on the tuning + * parameters. + */ +static inline int protocol_may_bind_quic(void) +{ + if (global.tune.options & GTUNE_NO_QUIC) + return 0; +#ifdef USE_QUIC_OPENSSL_COMPAT + if (!(global.tune.options & GTUNE_LIMITED_QUIC)) + return 0; +#endif + return 1; +} +#endif + /* binds all listeners of all registered protocols. Returns a composition * of ERR_NONE, ERR_RETRYABLE, ERR_FATAL. */ @@ -131,8 +147,8 @@ int protocol_bind_all(int verbose) list_for_each_entry(proto, &protocols, list) { list_for_each_entry(receiver, &proto->receivers, proto_list) { #ifdef USE_QUIC - if ((global.tune.options & GTUNE_NO_QUIC) && - (proto == &proto_quic4 || proto == &proto_quic6)) + if ((proto == &proto_quic4 || proto == &proto_quic6) && + !protocol_may_bind_quic()) continue; #endif listener = LIST_ELEM(receiver, struct listener *, rx); -- 2.47.3