From: Willy Tarreau Date: Tue, 13 Jan 2026 07:42:36 +0000 (+0100) Subject: BUG/MINOR: net_helper: fix IPv6 header length processing X-Git-Tag: v3.4-dev3~61 X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=37057feb80bf6ab5c3a120a023a3ad6eeaa5ffec;p=haproxy.git BUG/MINOR: net_helper: fix IPv6 header length processing The IPv6 header contains a payload length that excludes the 40 bytes of IPv6 packet header, which differs from IPv4's total length which includes it. As a result, the parser was wrong and would only see the IP part and not the TCP one unless sufficient options were present tocover it. This issue came in 3.4-dev2 with recent commit e88e03a6e4 ("MINOR: net_helper: add ip.fp() to build a simplified fingerprint of a SYN"), so no backport is needed. --- diff --git a/src/net_helper.c b/src/net_helper.c index 19cea3a6d..c2cbde5a6 100644 --- a/src/net_helper.c +++ b/src/net_helper.c @@ -706,7 +706,7 @@ static int sample_conv_ip_fp(const struct arg *arg_p, struct sample *smp, void * if (smp->data.u.str.data < 40) return 0; - pktlen = read_n16(smp->data.u.str.area + 4); + pktlen = 40 + read_n16(smp->data.u.str.area + 4); // extension/next proto => ext present if !tcp && !udp ipext = smp->data.u.str.area[6]; ipext = ipext != 6 && ipext != 17;