mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-11-30 15:21:04 +01:00
f2c24ae7f1
The below patch had simplified INITIAL padding on emission by ensuring that it relies solely on <padding> argument of qc_do_build_pkt(). Thus, qc_prep_pkts() is responsible to activate padding or not for this case. However, qc_do_build_pkt() may still generate padding frames for another case. This is used to ensure that a packet is big enough so that header protection decryption can be performed by the peer. This process is performed by extracting a sample from the ciphered packet, starting 4 bytes after PN offset. Sample length is 16 bytes, as defined by TLS algos used by QUIC. Thus, a QUIC sender must ensures that every packets use a packet number and payload fields which are at least 4 bytes. This is enough given that each packet is completed by a 16 bytes AEAD tag which can be part of the HP sample. This patch simplifies qc_do_build_pkt() by centralizing padding for this case in a single location. This is performed at the end of the function after payload is completed. The code is thus simpler. This is not a bug. However, it may be interesting to backport this patch up to 2.6, as qc_do_build_pkt() is a tedious function, in particular when dealing with padding generation, thus it may benefit greatly from simplification.