Fix connect attempt retries

[masaori335]

Summary

We have three configs of connect attempt retry. However, prior to the change, none of them are implemented correctly. This PR makes the retry path honor the HostDBInfo state across the board.

• connect_attempts_max_retries
• connect_attempts_max_retries_down_server
• connect_attempts_rr_retries

Changes

• New helper HttpTransact::origin_server_connect_attempts_max_retries(State*) returns the retry limit based on the active HostDBInfo::State :

  • UP → connect_attempts_max_retries
  • SUSPECT → connect_attempts_max_retries_down_server
  • DOWN → 0

• HttpTransact::handle_response_from_server is refactored and retry logic is fixed.

• Fix round-robin logic in ResolveInfo::select_next_rr(now, fail_window)

• HttpSM::mark_host_failure now uses origin_server_connect_attempts_max_retries(s) + 1 as the DOWN threshold (was incorrectly using connect_attempts_rr_retries).

• HttpSM::do_hostdb_update_if_necessary records failure time via ts_clock::now() instead of client_request_time so multiple connect attempts in one transaction get distinct timestamps.

Tests

1. New connect_attempts_single_max_retries.replay.yaml exercises connect_attempts_max_retries and connect_attempts_max_retries_down_server for single DNS Record (no round-robin case)
2. Updated connect_attempts_rr_retries.replay.yaml and gold files to reflect the corrected RR + SUSPECT behavior.
3. Updated connect_attempts_rr_max_retries gold to match the new state-aware fail-count threshold.

Dependency

This PR is in draft until below PRs are merged.

• Cleanup serving stale while origin server down #13083 (update: this dependency is gone)
• Clarify HostDBInfo state #13092

[masaori335]

Now this PR is ready. I removed dependency of #13083. We can do it independently.

[Copilot]

Pull request overview

This PR fixes origin connect-attempt retry behavior so it consistently honors the active HostDBInfo health state (UP / SUSPECT / DOWN), and updates AuTest replay coverage to validate the corrected single-host and round-robin behavior.

Changes:

• Add HttpTransact::origin_server_connect_attempts_max_retries(State*) and refactor server connect failure handling to use state-aware retry limits.
• Fix round-robin selection to skip DOWN targets while allowing SUSPECT targets (ResolveInfo::select_next_rr(now, fail_window)), and update HostDB failure timestamping.
• Add/adjust gold tests to cover single-record and RR retry behavior and updated failure-count thresholds.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
src/proxy/http/HttpTransact.cc	Adds state-aware retry helper; refactors retry path and RR switching logic.
include/proxy/http/HttpTransact.h	Declares new helper and updates retry helper signature.
src/proxy/http/HttpSM.cc	Updates HostDB failure timestamping (ts_clock::now()), adjusts DOWN threshold logic.
src/proxy/http/HttpConfig.cc	Adds a config Warning related to RR + down-server retry configuration.
src/iocore/hostdb/HostDB.cc	Updates RR selection to be time/window aware and skip DOWN targets.
include/iocore/hostdb/HostDBProcessor.h	Updates ResolveInfo::select_next_rr signature to accept (now, fail_window).
tests/gold_tests/dns/replay/connect_attempts_single_max_retries.replay.yaml	New replay to cover single-DNS-record retry/down-server behavior.
tests/gold_tests/dns/replay/connect_attempts_rr_retries.replay.yaml	Updates RR retry scenario to match corrected behavior.
tests/gold_tests/dns/gold/connect_attempts_single_max_retries_error_log.gold	New gold output for the single-record replay.
tests/gold_tests/dns/gold/connect_attempts_rr_retries_error_log.gold	Updates gold output to reflect corrected RR behavior.
tests/gold_tests/dns/gold/connect_attempts_rr_max_retries_error_log.gold	Updates gold output for new fail-count threshold.
tests/gold_tests/dns/connect_attempts.test.py	Registers the new replay test.
tests/gold_tests/autest-site/verifier_client.test.ext	Adds poll_timeout support to verifier-client process config for replays.

[Copilot]

origin_server_connect_attempts_max_retries() returns uint8_t, but the underlying configs (txn_conf->connect_attempts_max_retries* are MgmtInt). Implicitly converting can truncate/wrap values >255, changing retry behavior silently. Consider clamping to [0, UINT8_MAX] (and optionally emitting a Warning when clamped) or changing the helper to return a wider type and only clamp at the HostDBInfo API boundary.

[Copilot]

The retry cap here is initialized from connect_attempts_max_retries unconditionally, but the PR description says retry limits should be state-aware (UP/SUSPECT/DOWN). Using the UP config for the early bailout check can allow extra retries (or plugin/client-address re-resolution retries) beyond the intended per-host cap when the active HostDBInfo is SUSPECT/DOWN. Consider initializing max_connect_retries using origin_server_connect_attempts_max_retries(s) (with a deliberate fallback for non-HostDB targets, if needed).

[Copilot]

When connect_attempts_rr_retries triggers a round-robin switch, this treats select_next_rr()==false as “no targets available” and gives up. But select_next_rr() can also return false simply because there is no alternate non-DOWN target (e.g., other RR members are DOWN) even though retrying the current target is still allowed. This can prematurely stop retries. Consider continuing with the current active target when select_next_rr() returns false, and only giving up when the overall retry budget is exhausted / there are truly no viable targets.

Suggested change

	if (!s->dns_info.select_next_rr(ts_clock::now(), s->txn_conf->down_server_timeout)) {
	TxnDbg(dbg_ctl_http_trans, "No round-robin targets available. Giving up");
	SET_VIA_STRING(VIA_DETAIL_SERVER_CONNECT, VIA_DETAIL_SERVER_FAILURE);
	handle_server_connection_not_open(s);
	break;
	}
	// select_next_rr() only updates dns_info.active; change the dst_addr too.
	s->dns_info.addr.assign(s->dns_info.active->data.ip);
	s->server_info.dst_addr.assign(s->dns_info.active->data.ip, s->server_info.dst_addr.network_order_port());
	if (dbg_ctl_http_trans.on()) {
	ip_port_text_buffer addrbuf;
	TxnDbg(dbg_ctl_http_trans, "switched to next round-robin upstream addr=%s",
	ats_ip_nptop(&s->server_info.dst_addr.sa, addrbuf, sizeof(addrbuf)));
	}
	if (s->dns_info.select_next_rr(ts_clock::now(), s->txn_conf->down_server_timeout)) {
	// select_next_rr() only updates dns_info.active; change the dst_addr too.
	s->dns_info.addr.assign(s->dns_info.active->data.ip);
	s->server_info.dst_addr.assign(s->dns_info.active->data.ip, s->server_info.dst_addr.network_order_port());
	if (dbg_ctl_http_trans.on()) {
	ip_port_text_buffer addrbuf;
	TxnDbg(dbg_ctl_http_trans, "switched to next round-robin upstream addr=%s",
	ats_ip_nptop(&s->server_info.dst_addr.sa, addrbuf, sizeof(addrbuf)));
	}
	} else {
	TxnDbg(dbg_ctl_http_trans, "No alternate round-robin target available, retrying current upstream");
	}

[Copilot]

max_connect_retries is a uint8_t and is used as max_connect_retries + 1 for the attempt budget. If max_connect_retries is 255 (or has already wrapped due to narrowing), + 1 overflows back to 0, which would make the down-threshold computation incorrect. Consider computing the attempt budget in a wider integer type and saturating/clamping to UINT8_MAX before passing it to increment_fail_count().

[Copilot]

This Warning message is misleading: connect_attempts_max_retries_down_server=0 doesn’t inherently “skip probing” SUSPECT origins; it mainly reduces the retry budget (potentially to just a single probe attempt). Also the phrasing is grammatically off (“set … is recommended”) and it would be clearer to reference the full record name (proxy.config.http.connect_attempts_max_retries_down_server). Please update the message (and/or the logic) so it accurately reflects the actual behavior.

Suggested change

	Warning("connect_attempts_max_retries_down_server=0 with round-robin enabled skips probing recovering (SUSPECT) origins; "
	"set connect_attempts_max_retries_down_server >= 1 is recommended");
	Warning("proxy.config.http.connect_attempts_max_retries_down_server=0 with round-robin enabled leaves no retry budget "
	"for down or recovering (SUSPECT) origins beyond the initial attempt; setting "
	"proxy.config.http.connect_attempts_max_retries_down_server >= 1 is recommended");

[Copilot]

Typo in comment: “reties” → “retries”.

[Copilot]

Typo in comment: “reties” → “retries”.

[Copilot]

Typo in comment: “Forth request” → “Fourth request”.

Suggested change

	# Forth request: within down_server.cache_time=3s so the server is still marked down.
	# Fourth request: within down_server.cache_time=3s so the server is still marked down.