TUN-8449: Add flag to control QUIC connection-level flow control limit and increase default to 30MB

cmd/cloudflared/tunnel/cmd.go

@@ -89,6 +89,8 @@ const (
 	// Note that this may result in packet drops for UDP proxying, since we expect being able to send at least 1280 bytes of inner packets.
 	quicDisablePathMTUDiscovery = "quic-disable-pmtu-discovery"
 
+	quicConnLevelFlowControlLimit = "quic-connection-level-flow-control-limit"
+
 	// uiFlag is to enable launching cloudflared in interactive UI mode
 	uiFlag = "ui"
 
@@ -718,6 +720,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Value:   false,
 			Hidden:  true,
 		}),
+		altsrc.NewIntFlag(&cli.IntFlag{
+			Name:    quicConnLevelFlowControlLimit,
+			EnvVars: []string{"TUNNEL_QUIC_CONN_LEVEL_FLOW_CONTROL_LIMIT"},
+			Usage:   "Use this option to change the connection-level flow control limit for QUIC transport.",
+			Value:   30 * (1 << 20), // 30 MB
+			Hidden:  true,
+		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:  connectorLabelFlag,
 			Usage: "Use this option to give a meaningful label to a specific connector. When a tunnel starts up, a connector id unique to the tunnel is generated. This is a uuid. To make it easier to identify a connector, we will use the hostname of the machine the tunnel is running on along with the connector ID. This option exists if one wants to have more control over what their individual connectors are called.",

cmd/cloudflared/tunnel/configuration.go

@@ -239,16 +239,17 @@ func prepareTunnelConfig(
 		Observer:        observer,
 		ReportedVersion: info.Version(),
 		// Note TUN-3758 , we use Int because UInt is not supported with altsrc
-		Retries:                     uint(c.Int("retries")),
+		Retries:                             uint(c.Int("retries")),
-		RunFromTerminal:             isRunningFromTerminal(),
+		RunFromTerminal:                     isRunningFromTerminal(),
-		NamedTunnel:                 namedTunnel,
+		NamedTunnel:                         namedTunnel,
-		ProtocolSelector:            protocolSelector,
+		ProtocolSelector:                    protocolSelector,
-		EdgeTLSConfigs:              edgeTLSConfigs,
+		EdgeTLSConfigs:                      edgeTLSConfigs,
-		FeatureSelector:             featureSelector,
+		FeatureSelector:                     featureSelector,
-		MaxEdgeAddrRetries:          uint8(c.Int("max-edge-addr-retries")),
+		MaxEdgeAddrRetries:                  uint8(c.Int("max-edge-addr-retries")),
-		RPCTimeout:                  c.Duration(rpcTimeout),
+		RPCTimeout:                          c.Duration(rpcTimeout),
-		WriteStreamTimeout:          c.Duration(writeStreamTimeout),
+		WriteStreamTimeout:                  c.Duration(writeStreamTimeout),
-		DisableQUICPathMTUDiscovery: c.Bool(quicDisablePathMTUDiscovery),
+		DisableQUICPathMTUDiscovery:         c.Bool(quicDisablePathMTUDiscovery),
+		QUICConnectionLevelFlowControlLimit: c.Uint64(quicConnLevelFlowControlLimit),
 	}
 	packetConfig, err := newPacketConfig(c, log)
 	if err != nil {

supervisor/tunnel.go

@@ -66,7 +66,8 @@ type TunnelConfig struct {
 	RPCTimeout         time.Duration
 	WriteStreamTimeout time.Duration
 
-	DisableQUICPathMTUDiscovery bool
+	DisableQUICPathMTUDiscovery         bool
+	QUICConnectionLevelFlowControlLimit uint64
 
 	FeatureSelector *features.FeatureSelector
 }
@@ -568,14 +569,15 @@ func (e *EdgeTunnelServer) serveQUIC(
 	tlsConfig.CurvePreferences = curvePref
 
 	quicConfig := &quic.Config{
-		HandshakeIdleTimeout:    quicpogs.HandshakeIdleTimeout,
+		HandshakeIdleTimeout:       quicpogs.HandshakeIdleTimeout,
-		MaxIdleTimeout:          quicpogs.MaxIdleTimeout,
+		MaxIdleTimeout:             quicpogs.MaxIdleTimeout,
-		KeepAlivePeriod:         quicpogs.MaxIdlePingPeriod,
+		KeepAlivePeriod:            quicpogs.MaxIdlePingPeriod,
-		MaxIncomingStreams:      quicpogs.MaxIncomingStreams,
+		MaxIncomingStreams:         quicpogs.MaxIncomingStreams,
-		MaxIncomingUniStreams:   quicpogs.MaxIncomingStreams,
+		MaxIncomingUniStreams:      quicpogs.MaxIncomingStreams,
-		EnableDatagrams:         true,
+		EnableDatagrams:            true,
-		Tracer:                  quicpogs.NewClientTracer(connLogger.Logger(), connIndex),
+		Tracer:                     quicpogs.NewClientTracer(connLogger.Logger(), connIndex),
-		DisablePathMTUDiscovery: e.config.DisableQUICPathMTUDiscovery,
+		DisablePathMTUDiscovery:    e.config.DisableQUICPathMTUDiscovery,
+		MaxConnectionReceiveWindow: e.config.QUICConnectionLevelFlowControlLimit,
 	}
 
 	quicConn, err := connection.NewQUICConnection(