8bc339a6ad
A QUIC datagram that contains an INITIAL packet must be padded to 1.200 bytes to prevent any deadlock due to anti-amplification protection. This is implemented by encoding a PADDING frame on the last packet of the datagram if necessary. Previously, qc_prep_pkts() was responsible to activate padding when calling qc_do_build_pkt(), as it knows which packet is the last to encode. However, this has the side-effect of preventing PING emission for probing with no data as this case was handled in an else-if branch after padding. This was fixed by the below commit 217e467e89d15f3c22e11fe144458afbf718c8a8 BUG/MINOR: quic: fix malformed probing packet building Above logic was altered to fix the PING case : padding was set to false explicitely in qc_prep_pkts(). Padding was then added in a specific block dedicated to the PING case in qc_do_build_pkt() itself for INITIAL packets. However, the fix is incorrect if the last QEL used to built a packet is not the initial one and probing is used with PING frame only. In this case, specific block in qc_do_build_pkt() does not add padding. This causes a BUG_ON() crash in qc_txb_store() which catches these packets as irregularly formed. To fix this while also properly handling PING emission, revert to the original padding logic : qc_prep_pkts() is responsible to activate INITIAL padding. To not interfere with PING emission, qc_do_build_pkt() body is adjusted so that PING block is moved up in the function and detached from the padding condition. The main benefit from this patch is that INITIAL padding decision in qc_prep_pkts() is clearer now. Note that padding can also be activated by qc_do_build_pkt(), as packets should be big enough for header protection decipher. However, this case is different from INITIAL padding, so it is not covered by this patch. This should be backported up to 2.6.
HAProxy
HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
Installation
The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.
Getting help
The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.
The issue tracker is only for bug reports or feature requests.
Documentation
The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.
Please refer to the following files depending on what you're looking for:
- INSTALL for instructions on how to build and install HAProxy
- BRANCHES to understand the project's life cycle and what version to use
- LICENSE for the project's license
- CONTRIBUTING for the process to follow to submit contributions
The more detailed documentation is located into the doc/ directory:
- doc/intro.txt for a quick introduction on HAProxy
- doc/configuration.txt for the configuration's reference manual
- doc/lua.txt for the Lua's reference manual
- doc/SPOE.txt for how to use the SPOE engine
- doc/network-namespaces.txt for how to use network namespaces under Linux
- doc/management.txt for the management guide
- doc/regression-testing.txt for how to use the regression testing suite
- doc/peers.txt for the peers protocol reference
- doc/coding-style.txt for how to adopt HAProxy's coding style
- doc/internals for developer-specific documentation (not all up to date)
License
HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.