git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Wed, 22 May 2024 13:55:58 +0000 (15:55 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 24 May 2024 12:36:31 +0000 (14:36 +0200)
commit	5764bc50b5453628b02a951d7ad5f3463b95d709
tree	1a6ceb8cb28e19f00e9de742ba53951fa584e794	tree
parent	f55748a4225e55229fd8f8c9823477ac18ff5701	commit \| diff

BUG/MINOR: quic: adjust restriction for stateless reset emission

Review RFC 9000 and ensure restriction on Stateless reset are properly
enforced. After careful examination, several changes are introduced.

First, redefine minimal Stateless Reset emitted packet length to 21
bytes (5 random bytes + a token). This is the new default length used in
every case, unless received packet which triggered it is 43 bytes or
smaller.

Ensure every Stateless Reset packets emitted are at 1 byte shorter than
the received packet which triggered it. No Stateless reset will be
emitted if this falls under the above limit of 21 bytes. Thus this
should prevent looping issues.

This should be backported up to 2.6.

include/haproxy/quic_conn-t.h		diff \| blob \| blame \| history
src/quic_rx.c		diff \| blob \| blame \| history
src/quic_tx.c		diff \| blob \| blame \| history