From e0b1899e97153179bfbefd8e110533a1c6736d91 Mon Sep 17 00:00:00 2001
From: chungthuang <chungting@cloudflare.com>
Date: Wed, 5 Jun 2024 16:09:42 -0500
Subject: [PATCH] TUN-8449: Add flag to control QUIC connection-level flow
 control limit and increase default to 30MB

---
 cmd/cloudflared/tunnel/cmd.go           |  9 +++++++++
 cmd/cloudflared/tunnel/configuration.go | 21 +++++++++++----------
 supervisor/tunnel.go                    | 20 +++++++++++---------
 3 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 07c171b6..a72b2fe4 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -89,6 +89,8 @@ const (
 	// Note that this may result in packet drops for UDP proxying, since we expect being able to send at least 1280 bytes of inner packets.
 	quicDisablePathMTUDiscovery = "quic-disable-pmtu-discovery"
 
+	quicConnLevelFlowControlLimit = "quic-connection-level-flow-control-limit"
+
 	// uiFlag is to enable launching cloudflared in interactive UI mode
 	uiFlag = "ui"
 
@@ -718,6 +720,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Value:   false,
 			Hidden:  true,
 		}),
+		altsrc.NewIntFlag(&cli.IntFlag{
+			Name:    quicConnLevelFlowControlLimit,
+			EnvVars: []string{"TUNNEL_QUIC_CONN_LEVEL_FLOW_CONTROL_LIMIT"},
+			Usage:   "Use this option to change the connection-level flow control limit for QUIC transport.",
+			Value:   30 * (1 << 20), // 30 MB
+			Hidden:  true,
+		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:  connectorLabelFlag,
 			Usage: "Use this option to give a meaningful label to a specific connector. When a tunnel starts up, a connector id unique to the tunnel is generated. This is a uuid. To make it easier to identify a connector, we will use the hostname of the machine the tunnel is running on along with the connector ID. This option exists if one wants to have more control over what their individual connectors are called.",
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 01833e01..610cfeb6 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -239,16 +239,17 @@ func prepareTunnelConfig(
 		Observer:        observer,
 		ReportedVersion: info.Version(),
 		// Note TUN-3758 , we use Int because UInt is not supported with altsrc
-		Retries:                     uint(c.Int("retries")),
-		RunFromTerminal:             isRunningFromTerminal(),
-		NamedTunnel:                 namedTunnel,
-		ProtocolSelector:            protocolSelector,
-		EdgeTLSConfigs:              edgeTLSConfigs,
-		FeatureSelector:             featureSelector,
-		MaxEdgeAddrRetries:          uint8(c.Int("max-edge-addr-retries")),
-		RPCTimeout:                  c.Duration(rpcTimeout),
-		WriteStreamTimeout:          c.Duration(writeStreamTimeout),
-		DisableQUICPathMTUDiscovery: c.Bool(quicDisablePathMTUDiscovery),
+		Retries:                             uint(c.Int("retries")),
+		RunFromTerminal:                     isRunningFromTerminal(),
+		NamedTunnel:                         namedTunnel,
+		ProtocolSelector:                    protocolSelector,
+		EdgeTLSConfigs:                      edgeTLSConfigs,
+		FeatureSelector:                     featureSelector,
+		MaxEdgeAddrRetries:                  uint8(c.Int("max-edge-addr-retries")),
+		RPCTimeout:                          c.Duration(rpcTimeout),
+		WriteStreamTimeout:                  c.Duration(writeStreamTimeout),
+		DisableQUICPathMTUDiscovery:         c.Bool(quicDisablePathMTUDiscovery),
+		QUICConnectionLevelFlowControlLimit: c.Uint64(quicConnLevelFlowControlLimit),
 	}
 	packetConfig, err := newPacketConfig(c, log)
 	if err != nil {
diff --git a/supervisor/tunnel.go b/supervisor/tunnel.go
index 687acce6..60928840 100644
--- a/supervisor/tunnel.go
+++ b/supervisor/tunnel.go
@@ -66,7 +66,8 @@ type TunnelConfig struct {
 	RPCTimeout         time.Duration
 	WriteStreamTimeout time.Duration
 
-	DisableQUICPathMTUDiscovery bool
+	DisableQUICPathMTUDiscovery         bool
+	QUICConnectionLevelFlowControlLimit uint64
 
 	FeatureSelector *features.FeatureSelector
 }
@@ -568,14 +569,15 @@ func (e *EdgeTunnelServer) serveQUIC(
 	tlsConfig.CurvePreferences = curvePref
 
 	quicConfig := &quic.Config{
-		HandshakeIdleTimeout:    quicpogs.HandshakeIdleTimeout,
-		MaxIdleTimeout:          quicpogs.MaxIdleTimeout,
-		KeepAlivePeriod:         quicpogs.MaxIdlePingPeriod,
-		MaxIncomingStreams:      quicpogs.MaxIncomingStreams,
-		MaxIncomingUniStreams:   quicpogs.MaxIncomingStreams,
-		EnableDatagrams:         true,
-		Tracer:                  quicpogs.NewClientTracer(connLogger.Logger(), connIndex),
-		DisablePathMTUDiscovery: e.config.DisableQUICPathMTUDiscovery,
+		HandshakeIdleTimeout:       quicpogs.HandshakeIdleTimeout,
+		MaxIdleTimeout:             quicpogs.MaxIdleTimeout,
+		KeepAlivePeriod:            quicpogs.MaxIdlePingPeriod,
+		MaxIncomingStreams:         quicpogs.MaxIncomingStreams,
+		MaxIncomingUniStreams:      quicpogs.MaxIncomingStreams,
+		EnableDatagrams:            true,
+		Tracer:                     quicpogs.NewClientTracer(connLogger.Logger(), connIndex),
+		DisablePathMTUDiscovery:    e.config.DisableQUICPathMTUDiscovery,
+		MaxConnectionReceiveWindow: e.config.QUICConnectionLevelFlowControlLimit,
 	}
 
 	quicConn, err := connection.NewQUICConnection(