From: Frédéric Lécaille Date: Thu, 26 Jan 2023 14:07:39 +0000 (+0100) Subject: BUG/MINOR: quic: Possible stream truncations under heavy loss X-Git-Tag: v2.8-dev3~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dd419461eff5395b369f5497fef703dc383577bb;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Possible stream truncations under heavy loss This may happen during retransmission of frames which can be splitted (CRYPTO, or STREAM frames). One may have to split a frame to be retransmitted due to the QUIC protocol properties (packet size limitation and packet field encoding sizes). The remaining part of a frame which cannot be retransmitted must be detached from the original frame it is copied from. If not, when the really sent part will be acknowledged the remaining part will be acknowledged too but not sent! Must be backported to 2.7 and 2.6. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 9d167cc8a0..8fa28ba2fa 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6730,6 +6730,9 @@ static inline int qc_build_frms(struct list *outlist, struct list *inlist, /* This frame was duplicated */ LIST_APPEND(&cf->origin->reflist, &new_cf->ref); new_cf->origin = cf->origin; + /* Detach the remaining CRYPTO frame from its original frame */ + LIST_DEL_INIT(&cf->ref); + cf->origin = NULL; } LIST_APPEND(outlist, &new_cf->list); /* Consume bytes of the current frame. */ @@ -6842,6 +6845,9 @@ static inline int qc_build_frms(struct list *outlist, struct list *inlist, /* This frame was duplicated */ LIST_APPEND(&cf->origin->reflist, &new_cf->ref); new_cf->origin = cf->origin; + /* Detach this STREAM frame from its origin */ + LIST_DEL_INIT(&cf->ref); + cf->origin = NULL; } LIST_APPEND(outlist, &new_cf->list); cf->type |= QUIC_STREAM_FRAME_TYPE_OFF_BIT;