git.kaiwu.me - haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Tue, 12 Aug 2025 08:40:06 +0000 (10:40 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Mon, 25 Aug 2025 06:48:24 +0000 (08:48 +0200)
commit	1529ec1a25cc216f7613517e5e8c936852d18007
tree	7363d92306203af23f63684bc75e9bd7e668926d	tree \| snapshot
parent	7d554ca6295033cbf1b82a15980ae8c0a0c94ec3	commit \| diff

MINOR: quic: centralize padding for HP sampling on packet building

The below patch has simplified INITIAL padding on emission. Now,
qc_prep_pkts() is responsible to activate padding for this case, and
there is no more special case in qc_do_build_pkt() needed.

commit 8bc339a6ad4702f2c39b2a78aaaff665d85c762b
BUG/MAJOR: quic: fix INITIAL padding with probing packet only

However, qc_do_build_pkt() may still activate padding on its own, to
ensure that a packet is big enough so that header protection decryption
can be performed by the peer. HP decryption is performed by extracting a
sample from the ciphered packet, starting 4 bytes after PN offset.
Sample length is 16 bytes as defined by TLS algos used by QUIC. Thus, a
QUIC sender must ensures that length of packet number plus payload
fields to be at least 4 bytes long. This is enough given that each
packet is completed by a 16 bytes AEAD tag which can be part of the HP
sample.

This patch simplifies qc_do_build_pkt() by centralizing padding for this
case in a single location. This is performed at the end of the function
after payload is completed. The code is thus simpler.

This is not a bug. However, it may be interesting to backport this patch
up to 2.6, as qc_do_build_pkt() is a tedious function, in particular
when dealing with padding generation, thus it may benefit greatly from
simplification.

include/haproxy/quic_conn-t.h		diff \| blob \| history
src/quic_tx.c		diff \| blob \| history