From f645cd3c74ed07f351f9ce9cebc609a3a7d8407a Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 8 Sep 2025 14:42:26 +0200
Subject: [PATCH] MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant

The below patch fixes padding emission for small packets, which is
required to ensure that header protection removal can be performed by
the recipient.

  commit d7dea408c64c327cab6aebf4ccad93405b675565
  BUG/MINOR: quic: too short PADDING frame for too short packets

In addition to the proper fix, constant QUIC_HP_SAMPLE_LEN was removed
and replaced by QUIC_TLS_TAG_LEN. However, it still makes sense to have
a dedicated constant which represent the size of the sample used for
header protection. Thus, this patch restores it.

Special instructions for backport : above patch mentions that no
backport is needed. However, this is incorrect, as bug is introduced by
another patch scheduled for backport up to 2.6. Thus, it is first
mandatory to schedule d7dea408c64c327cab6aebf4ccad93405b675565 after it.
Then, this patch can also be used for the sake of code clarity.
---
 include/haproxy/quic_conn-t.h | 3 +++
 src/quic_tx.c                 | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h
index 4100e3061..75493915d 100644
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@@ -145,6 +145,9 @@ enum quic_pkt_type {
 #define QUIC_PACKET_PNL_BITMASK      0x03
 #define QUIC_PACKET_PN_MAXLEN        4
 
+/* TLS algo supported by QUIC uses a 16-bytes sample for HP. */
+#define QUIC_HP_SAMPLE_LEN           16
+
 /*
  *  0                   1                   2                   3
  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
diff --git a/src/quic_tx.c b/src/quic_tx.c
index 7a2da7eed..10a6c5e65 100644
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@@ -1998,8 +1998,8 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 	 * Note that from here, <len> includes <*pn_len>, the total frame lenghts,
 	 * and QUIC_TLS_TAG_LEN(16).
 	 */
-	if (len < QUIC_PACKET_PN_MAXLEN + QUIC_TLS_TAG_LEN) {
-		padding_len = QUIC_PACKET_PN_MAXLEN + QUIC_TLS_TAG_LEN - len;
+	if (len < QUIC_PACKET_PN_MAXLEN + QUIC_HP_SAMPLE_LEN) {
+		padding_len = QUIC_PACKET_PN_MAXLEN + QUIC_HP_SAMPLE_LEN - len;
 		TRACE_PRINTF(TRACE_LEVEL_DEVELOPER, QUIC_EV_CONN_PHPKTS, qc, 0, 0, 0,
 		             "adding padding pn=%llu padding_len=%zu *pn_len=%zu"
 		             " len=%zu len_frms=%zu",