This covers hpack, quic, h3, map, acl, pattern, tcpchecks, clienthello.
Only comments were touched, 100% harmless, no need to backport.
goto fail;
/* basic encoding of the status code */
- out->area[len - 5] = 0x48; // indexed name -- name=":status" (idx 8)
+ out->area[len - 5] = 0x48; // literal with incremental indexing, name=":status" (idx 8)
out->area[len - 4] = 0x03; // 3 bytes status
out->area[len - 3] = '0' + status / 100;
out->area[len - 2] = '0' + status / 10 % 10;
struct quic_arngs {
/* ebtree of ACK ranges organized by their first value. */
struct eb_root root;
- /* The number of ACK ranges is this tree */
+ /* The number of ACK ranges in this tree */
size_t sz;
/* The number of bytes required to encode this ACK ranges lists. */
size_t enc_sz;
int64_t last;
};
-/* Structure to hold a range of ACKs to be store as a node in a tree of
+/* Structure to hold a range of ACKs to be stored as a node in a tree of
* ACK ranges.
*/
struct quic_arng_node {
/* Flag the packet number space as needing probing */
#define QUIC_FL_PKTNS_PROBE_NEEDED (1UL << 2)
/* Flag the packet number space as having received a packet with a new largest
- * packet number, to be acknowledege
+ * packet number, to be acknowledged
*/
#define QUIC_FL_PKTNS_NEW_LARGEST_PN (1UL << 3)
/* Returns enough log2 of first powers of two to encode QUIC variable length
* integers.
- * Returns -1 if <val> if out of the range of lengths supported by QUIC.
+ * Returns -1 if <val> is out of the range of lengths supported by QUIC.
*/
static inline int quic_log2(unsigned int val)
{
* Note that the result is a 64-bits integer but with the less significant
* 62 bits as relevant information. The most significant 2 remaining bits encode
* the length of the integer.
- * Returns 1 if succeeded there was enough data in <buf>), 0 if not.
+ * Returns 1 if succeeded (there was enough data in <buf>), 0 if not.
*/
static inline int quic_dec_int(uint64_t *val,
const unsigned char **buf,
* the length of the integer.
* Note that this function update <b> buffer when a variable-length integer
* has successfully been parsed.
- * Returns 1 and if succeeded (there was enough data in <buf>), 0 if not.
+ * Returns 1 if succeeded (there was enough data in <buf>), 0 if not.
* If <retlen> is not null, increment <*retlen> by the number of bytes consumed to decode
* the varint.
*/
/* Encode a QUIC variable-length integer from <val> into <buf> buffer with <end> as first
* byte address after the end of this buffer.
- * Returns 1 if succeeded (there was enough room in buf), 0 if not.
+ * Returns 1 if succeeded (there was enough room in <buf>), 0 if not.
*/
static inline int quic_enc_int(unsigned char **buf, const unsigned char *end, uint64_t val)
{
char *pos;
int save_width, len;
- /* width can only by 0, 1, 2, 4 or 8 */
+ /* width can only be 0, 1, 2, 4 or 8 */
BUG_ON(width && (width > 8 || atleast2(width)));
len = quic_int_getsize(val);
* Returns the value usable as Length field, or 0 if <room> is too small.
*
* Here are examples of the output returned by the function. For each inputs
- * between charets, returned value is written associated with its implicit
+ * between brackets, returned value is written associated with its implicit
* variable-length integer size :
*
* [64] => 63(1) [65] => 63(1) [66] => 64(2)
arg = *args;
/* Compatibility layer. Each pattern can parse only one string per pattern,
- * but the pat_parser_int() and pat_parse_dotted_ver() parsers were need
+ * but the pat_parse_int() and pat_parse_dotted_ver() parsers need
* optionally two operators. The first operator is the match method: eq,
* le, lt, ge and gt. pat_parse_int() and pat_parse_dotted_ver() functions
* can have a compatibility syntax based on ranges:
}
}
- /* Add sample to the reference, and try to compile it fior each pattern
+ /* Add sample to the reference, and try to compile it for each pattern
* using this value.
*/
if (!pat_ref_add(ref, arg, NULL, err))
return 0;
}
-/* parse "quic-cc-algo" bind keyword */
+/* parse "quic-cc-algo" server keyword */
static int srv_parse_quic_cc_algo(char **args, int *cur_arg, struct proxy *px,
struct server *srv, char **err)
{
break;
default:
- /* draft-ietf-quic-http34 9. Extensions to HTTP/3
+ /* RFC 9114 Section 9. Extensions to HTTP/3
*
- * Implementations MUST [...] abort reading on unidirectional
+ * Implementations MUST abort reading on unidirectional
* streams that have unknown or unsupported types.
*/
TRACE_STATE("abort reading on unknown uni stream type", H3_EV_H3S_NEW, qcs->qcc->conn, qcs);
h3_debug_printf(stderr, "%s id: %llu value: %llu\n",
__func__, (unsigned long long)id, (unsigned long long)value);
- /* draft-ietf-quic-http34 7.2.4. SETTINGS
+ /* RFC 9114 Section 7.2.4. SETTINGS
*
* The same setting identifier MUST NOT occur more than once in the
* SETTINGS frame. A receiver MAY treat the presence of duplicate
case H3_SETTINGS_RESERVED_3:
case H3_SETTINGS_RESERVED_4:
case H3_SETTINGS_RESERVED_5:
- /* draft-ietf-quic-http34 7.2.4.1. Defined SETTINGS Parameters
+ /* RFC 9114 Section 7.2.4.1. Defined SETTINGS Parameters
*
- * Setting identifiers which were defined in [HTTP2] where there is no
+ * Setting identifiers which were defined in [HTTP/2] where there is no
* corresponding HTTP/3 setting have also been reserved
* (Section 11.2.2). These reserved settings MUST NOT be sent, and
* their receipt MUST be treated as a connection error of type
h3c->flags |= H3_CF_SETTINGS_RECV;
break;
default:
- /* draft-ietf-quic-http34 9. Extensions to HTTP/3
+ /* RFC 9114 Section 9. Extensions to HTTP/3
*
* Implementations MUST discard frames [...] that have unknown
* or unsupported types.
/*
- * HPACK decompressor (RFC7541)
+ * HPACK compressor (RFC7541)
*
* Copyright (C) 2014-2017 Willy Tarreau <willy@haproxy.org>
* Copyright (C) 2017 HAProxy Technologies
if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) {
- /* Convert the DigestSign output to an ECDSA_SIG (R and S parameters concatenatedi,
+ /* Convert the DigestSign output to an ECDSA_SIG (R and S parameters concatenated,
* see section 3.4 of RFC7518), and output R and S padded.
*/
ECDSA_SIG *sig = NULL;
}
/*
- * Convert a JWT ECDSA signature (R and S parameters concatenatedi, see section
+ * Convert a JWT ECDSA signature (R and S parameters concatenated, see section
* 3.4 of RFC7518) into an ECDSA_SIG that can be fed back into OpenSSL's digest
* verification functions.
* Returns 0 in case of success.
return 1;
}
-/* This crete and initialize map descriptor.
+/* This creates and initializes map descriptor.
* Return NULL if out of memory error
*/
static struct map_descriptor *map_create_descriptor(struct sample_conv *conv)
return 1;
}
-/* Parse a string. It is allocated and duplicated. */
+/* Parse a string. The text is used directly without allocation. */
int pat_parse_str(const char *text, struct pattern *pattern, int mflags, char **err)
{
pattern->type = SMP_T_STR;
return 1;
}
-/* Parse a binary written in hexa. It is allocated. */
+/* Parse a binary written in hexa. The data is stored in the trash chunk. */
int pat_parse_bin(const char *text, struct pattern *pattern, int mflags, char **err)
{
struct buffer *trash;
return !!parse_binary(text, &pattern->ptr.str, &pattern->len, err);
}
-/* Parse a regex. It is allocated. */
+/* Parse a regex. The text is used directly without allocation. */
int pat_parse_reg(const char *text, struct pattern *pattern, int mflags, char **err)
{
pattern->ptr.str = (char *)text;
*
*/
-/* always return false */
+/* returns a match when the sample's integer value is non-zero, otherwise returns NULL */
struct pattern *pat_match_nothing(struct sample *smp, struct pattern_expr *expr, int fill)
{
if (smp->data.u.sint) {
}
/* Checks that the pattern is included inside the tested string, but enclosed
- * between the delmiters '/', '?', '.' or ":" or at the beginning or end of
+ * between the delimiters '/', '?', '.' or ":" or at the beginning or end of
* the string. Delimiters at the beginning or end of the pattern are ignored.
*/
struct pattern *pat_match_dom(struct sample *smp, struct pattern_expr *expr, int fill)
if (ext_len > hs_len - 4) /* Extension too long */
goto not_ssl_hello;
- /* SesstionTicket extension */
+ /* SessionTicket extension */
if (ext_type == 35) {
smp->data.type = SMP_T_SINT;
/* SessionTicket also present */
case 425: idx = 70; break;
case 500: idx = 71; break;
- /* status code not in QPACK static table, idx is null. */
+ /* status code not in QPACK static table, idx is 0. */
default: break;
}
/* literal field line with literal name
* | 0 | 0 | 1 | N | H | . | . | . |
- * N :(allow an intermediary to add the header in a dynamic table)
+ * N: allow an intermediary to add the header in a dynamic table
* H: huffman encoded
* name len
*/
TRACE_LEAVE(QUIC_EV_CONN_TXPKT, qc);
}
-/* Insert <ar> ack range into <argns> tree of ack ranges.
+/* Insert <ar> ack range into <arngs> tree of ack ranges.
* Returns the ack range node which has been inserted if succeeded, NULL if not.
*/
static inline
if (!bbr->bw_probe_samples)
return; /* not a packet sent while probing bandwidth */
- /* Only ->tx_in_fligth, ->lost and ->is_app_limited <rs> member
+ /* Only ->tx_in_flight, ->lost and ->is_app_limited <rs> member
* initializations are needed.
*/
rs.tx_in_flight = pkt->rs.tx_in_flight; /* inflight at transmit */
BUG_ON(bbr->drs.lost + pkt->len < lost);
- /* bbr->rst->lost is not yet incremented */
+ /* bbr->drs.lost is not yet incremented */
rs.lost = bbr->drs.lost + pkt->len - lost; /* data lost since transmit */
rs.is_app_limited = pkt->rs.is_app_limited;
if (is_inflight_too_high(&rs)) {
* to allow the new flow some room for growth if the existing flows have
* been using all the network bandwidth. To speed up this bandwidth release
* by existing flows, the following fast convergence mechanism SHOULD be
- * implemented.With fast convergence, when a congestion event occurs, Wmax
+ * implemented. With fast convergence, when a congestion event occurs, Wmax
* is updated as follows, before the window reduction described in Section
* 4.6.
*
- * if cwnd < Wmax and fast convergence enabled, further reduce Wax:
+ * if cwnd < Wmax and fast convergence enabled, further reduce Wmax:
* Wmax = cwnd * (1 + beta_cubic)
- * otherwise, remember cwn before reduction:
+ * otherwise, remember cwnd before reduction:
* Wmax = cwnd
*/
if (path->cwnd < c->last_w_max) {
/* *** QUIC CID handling general principles
*
* . CID global storage
- * CIDs generated by haproxy and reuse by the peer as DCID are stored in a
+ * CIDs generated by haproxy and reused by the peer as DCID are stored in a
* global tree. Tree access must only be done under lock protection. Separate
* trees are used on frontend and backend sides.
*
/* Retrieve the thread ID associated to QUIC connection ID <cid> of length
* <cid_len>. CID may be not found on the CID tree because it is an ODCID. In
- * this case, it will derived using client address <cli_addr> as hash
+ * this case, it will be derived using client address <cli_addr> as hash
* parameter. However, this is done only if <pos> points to an INITIAL or 0RTT
* packet of length <len>.
*
int fields;
};
-#define QC_CLI_FL_SHOW_ALL 0x0001 /* show closing/draining connections */
-#define QC_CLI_FL_SHOW_CLO 0x0002 /* show closing/draining connections */
-#define QC_CLI_FL_SHOW_BE 0x0004 /* show closing/draining connections */
+#define QC_CLI_FL_SHOW_ALL 0x0001 /* show all connections including closing ones */
+#define QC_CLI_FL_SHOW_CLO 0x0002 /* show closing connections */
+#define QC_CLI_FL_SHOW_BE 0x0004 /* show backend connections */
/* Returns the output format for show quic. If specified explicitly use it as
* set. Else format depends if filtering on a single connection instance. If
quic_build_post_handshake_frames(qc, &qc->ael->pktns->tx.frms);
}
- /* Retranmissions */
+ /* Retransmissions */
if (qc->flags & QUIC_FL_CONN_RETRANS_NEEDED) {
TRACE_STATE("retransmission needed", QUIC_EV_CONN_IO_CB, qc);
qc->flags &= ~QUIC_FL_CONN_RETRANS_NEEDED;
goto out;
}
- /* Retranmissions */
+ /* Retransmissions */
if (qc->flags & QUIC_FL_CONN_RETRANS_NEEDED) {
TRACE_DEVEL("retransmission needed", QUIC_EV_CONN_PHPKTS, qc);
qc->flags &= ~QUIC_FL_CONN_RETRANS_NEEDED;
* waiting for HP removal AFTER the successful handshake completion.
* Indeed a successful handshake completion implicitly valids
* the peer address. In this case, one wants to process
- * these ORTT packets AFTER the successful handshake completion.
+ * these 0RTT packets AFTER the successful handshake completion.
*
* On the contrary, when a token for address validation was received,
* release 0RTT packets still waiting for HP removal. These
return ret;
}
-/* Rearm the idle timer or the ack timer (if not already armde) for <qc> QUIC
+/* Rearm the idle timer or the ack timer (if not already armed) for <qc> QUIC
* connection. */
void qc_idle_timer_do_rearm(struct quic_conn *qc, int arm_ack)
{
return quic_enc_int(pos, end, ms_frm->max_streams);
}
-/* Parse a MAX_STREAMS frame for undirectional streams at <pos> buffer position with <end>
+/* Parse a MAX_STREAMS frame for un
idirectional streams at <pos> buffer position with <end>
* as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
return 1;
}
-/* Parse a CONNECTION_CLOSE frame at
QUIC layer at <pos> buffer position with <end> as end into <frm> frame.
+/* Parse a CONNECTION_CLOSE frame at
application layer at <pos> buffer position with <end> as end into <frm> frame.
* Note there exist two types of CONNECTION_CLOSE frame, one for the application layer
* and another at QUIC layer.
* Return 1 if succeeded (enough room at <pos> buffer position to parse this frame), 0 if not.
struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
/* The local transport parameters are stored into the quic_conn object.
* There is no need to add an intermediary to store pointers to these
- * transport paraemters.
+ * transport parameters.
*/
TRACE_ENTER(QUIC_EV_CONN_SSL_COMPAT, qc);
TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc);
TRACE_LEAVE(QUIC_EV_CONN_PRSAFRM, qc);
}
-/* Boolean function which return 1 if <pkt> TX packet is only made of
- * already acknowledged frame.
+/* Boolean function which return
s 1 if <pkt> TX packet is only made of
+ * already acknowledged frames.
*/
static inline int qc_pkt_with_only_acked_frms(struct quic_tx_packet *pkt)
{
/* Prepare a fast retransmission during a handshake after a client
* has resent Initial packets. According to the RFC a server may retransmit
- * Initial packets send them coalescing with others (Handshake here).
+ * Initial packets, sending them coalesced with others (Handshake here).
* (Listener only function).
*/
void qc_prep_hdshk_fast_retrans(struct quic_conn *qc,
qel->pktns->tx.pto_probe += 1;
- /* No risk to loop here, #packet per datagram is bounded */
+ /* No risk to loop here, #packets per datagram is bounded */
requeue:
TRACE_PROTO("duplicating packet", QUIC_EV_CONN_PRSAFRM, qc, NULL, &pkt->pn_node.key);
qc_dup_pkt_frms(qc, &pkt->frms, tmp);
px = li->bind_conf->frontend;
/* Initialize session elements specific to the current datagram. All
- * others members are set to 0 thanks to static storage class.
+ * other members are set to 0 thanks to the static storage class.
*/
rule_sess.fe = px;
rule_sess.listener = li;
act_add_list(&quic_init_actions_list.list, kw_list);
}
-/* Return the struct quic-initial action associated to a keyword. */
+/* Return the action keyword associated with <kw> from the registered
+ * quic-initial action keywords, or NULL if not found.
+ */
struct action_kw *action_quic_init_custom(const char *kw)
{
return action_lookup(&quic_init_actions_list.list, kw);
ret = qcc_recv(qc->qcc, strm_frm->id, strm_frm->len,
strm_frm->offset, fin, (char *)strm_frm->data);
- /* frame rejected - packet must not be acknowledeged */
+ /* frame rejected - packet must not be acknowledged */
TRACE_LEAVE(QUIC_EV_CONN_PRSFRM, qc);
return !ret;
}
if (ack->offset_node.key > stream->ack_offset)
break;
- /* For released buf, room count is decremented on buffered ACK consumption. */
+ /* For the active buf, room count is decremented on buffered ACK
+ * consumption.
+ */
if (stream_buf == stream->buf)
stream_buf->room = MAX((int64_t)(stream_buf->room - ack->len), 0);
*/
struct buffer *qc_stream_buf_realloc(struct qc_stream_desc *stream)
{
- /* This function is reserved to convert a big buffer to a smaller one. */
+ /* This function is reserved to convert a small buffer to a standard one. */
BUG_ON(!stream->buf || !stream->buf->sbuf);
/* This function can only be used if targeted buffer is empty. */
&extension_data, &extension_len))
#endif
{
- /* This is not redundant. It we only return 0 without setting
+ /* This is not redundant. If we only return 0 without setting
* <*al>, this has as side effect to generate another TLS alert
* which would be set after calling quic_set_tls_alert().
*/
}
sni_lookup:
- /* we need to transform this a NULL-ended string in lowecase */
+ /* we need to transform this into a NULL-terminated string in lowercase */
for (i = 0; i < trash.size && i < servername_len; i++)
trash.area[i] = tolower((unsigned char)servername[i]);
trash.area[i] = 0;
/* Look for the QUIC transport parameters. */
SSL_get_peer_quic_transport_params(ssl, &extension_data, &extension_len);
if (extension_len == 0) {
- /* This is not redundant. It we only return 0 without setting
+ /* This is not redundant. If we only return 0 without setting
* <*al>, this has as side effect to generate another TLS alert
* which would be set after calling quic_set_tls_alert().
*/
#endif /* (!) OPENSSL_IS_BORINGSSL */
#if defined(USE_OPENSSL_WOLFSSL)
-/* This implement the equivalent of the clientHello Callback but using the cert_cb.
- * WolfSSL is able to extract the sigalgs and ciphers of the client byt using the API
+/* This implements the equivalent of the clientHello Callback but using the cert_cb.
+ * WolfSSL is able to extract the sigalgs and ciphers of the client by using the API
* provided in https://github.com/wolfSSL/wolfssl/pull/6963
*
* Not activated for now since the PR is not merged.
sni_lookup:
- /* we need to transform this into a NULL-ended string in lowecase */
+ /* we need to transform this into a NULL-terminated string in lowercase */
for (i = 0; i < trash.size && servername[i] != '\0'; i++)
trash.area[i] = tolower((unsigned char)servername[i]);
trash.area[i] = 0;
/* Follows these step to produce the info message:
* 1. if info field is already provided, copy it
- * 2. if the expect rule provides an onsucces log-format string,
+ * 2. if the expect rule provides an onsuccess log-format string,
* use it to produce the message
* 3. the expect rule is part of a protocol check (http, redis, mysql...), do nothing
* 4. Otherwise produce the generic tcp-check info message
struct tcpcheck_rule *r;
/* the implicit send rule coming from an "option httpchk" line must be
- * merged with the first explici http-check send rule, if
+ * merged with the first explicit http-check send rule, if
* any. Depending on the declaration order some tests are required.
*
* Some tests are also required for other kinds of http-check rules to be
}
}
else {
- /* Tries to add an explicit http-check rule. First of all we check the typefo the
+ /* Tries to add an explicit http-check rule. First of all we check the type of the
* last inserted rule to be sure it is valid. Then for send rule, we try to merge it
* with an existing implicit send rule, if any. At the end, if there is no error,
* the rule is appended to the list.
}
/* Now, back again on HTTP ruleset. Try to resolve the sni log-format
- * string if necessary, but onlu for implicit connect rules, by getting
+ * string if necessary, but only for implicit connect rules, by getting
* it from the following send rule.
*/
if ((rs->flags & TCPCHK_RULES_PROTO_CHK) == TCPCHK_RULES_HTTP_CHK) {
list_for_each_entry(chk, &rs->rules, list) {
if (chk->action == TCPCHK_ACT_CONNECT && !chk->connect.sni &&
(chk->connect.options & TCPCHK_OPT_IMPLICIT)) {
- /* Only eval connect rule with no explici SNI */
+ /* Only eval connect rule with no explicit SNI */
connect = &chk->connect;
}
else if (connect && chk->action == TCPCHK_ACT_SEND) {
projects / haproxy.git / commitdiff