From: Christopher Faulet Date: Fri, 10 Oct 2025 09:01:19 +0000 (+0200) Subject: BUG/MEDIUM: stconn: Properly forward kip to the opposite SE descriptor X-Git-Tag: v3.3-dev10~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4145a611019b3137618b8a533831419bfdcf1800;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: stconn: Properly forward kip to the opposite SE descriptor By refactoring the HTX to remove the extra field, a bug was introduced in the stream-connector part. The (known input payload) value of a sedesc was moved to (knwon output payload) using the same sedesc. Of course, this is totally wrong. value of a sedesc must be forwarded to the opposite side. In addition, the operation is performed in sc_conn_send(). In this function, we manipulate the stream-connectors. So se_fwd_kip() function was changed to use the stream-connectors directely. Now, the function sc_ep_fwd_kip() is now called with the both stream-connectors to properly forward from on side to the opposite side. The bug is 3.3-specific. No backport needed. --- diff --git a/include/haproxy/stconn.h b/include/haproxy/stconn.h index 3897db6c1..61ce17c39 100644 --- a/include/haproxy/stconn.h +++ b/include/haproxy/stconn.h @@ -148,13 +148,14 @@ static inline struct sedesc *se_opposite(struct sedesc *se) return seo; } -static inline void se_fwd_kip(struct sedesc *se) +/* stream connector version */ +static inline void sc_ep_fwd_kip(struct stconn *sc_in, struct stconn *sc_out) { - se->kop += se->kip; - se->kip = 0; + BUG_ON(sc_in == NULL || sc_out == NULL); + sc_out->sedesc->kop += sc_in->sedesc->kip; + sc_in->sedesc->kip = 0; } -/* stream connector version */ static forceinline void sc_ep_zero(struct stconn *sc) { se_fl_zero(sc->sedesc); diff --git a/src/stconn.c b/src/stconn.c index ed5f94e1d..a899648f0 100644 --- a/src/stconn.c +++ b/src/stconn.c @@ -1643,7 +1643,7 @@ int sc_conn_send(struct stconn *sc) if (!conn->mux) return 0; - se_fwd_kip(sc->sedesc); + sc_ep_fwd_kip(sco, sc); if (sc_ep_have_ff_data(sc)) { unsigned int send_flag = 0;