git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Wed, 27 Aug 2025 12:18:25 +0000 (14:18 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Wed, 27 Aug 2025 14:14:19 +0000 (16:14 +0200)
commit	d753f24096dafdef227fe66621513086c2c663c1
tree	8e4dd94925d03aa999266d95eafffcbc25f3afef	tree \| snapshot
parent	729196fbedad7bcc906a34a144a5fa4ffd2464dc	commit \| diff

BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets

This issue impacts the QUIC listeners. It is the same as the one fixed by this
commit:

BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO

As chrome, ngtcp2 client decided to fragment its CRYPTO frames but in a much
more agressive way. This could be fixed with a list local to qc_parse_pkt_frms()
to please chrome thanks to the commit above. But this is not sufficient for
ngtcp2 which often splits its ClientHello message into more than 10 fragments
with very small ones. This leads the packet parser to interrupt the CRYPTO frames
parsing due to the ncbuf gap size limit.

To fix this, this patch approximatively proceeds the same way but with an
ebtree to reorder the CRYPTO by their offsets. These frames are directly
inserted into a local ebtree. Then this ebtree is reused to provide the
reordered CRYPTO data to the underlying ncbuf (non contiguous buffer). This way
there are very few less chances for the ncbufs used to store CRYPTO data
to reach a too much fragmented state.

Must be backported as far as 2.6.

include/haproxy/quic_frame-t.h		diff \| blob \| blame \| history
src/quic_rx.c		diff \| blob \| blame \| history