From: Kevin Ludwig Date: Wed, 13 May 2026 14:53:58 +0000 (+0200) Subject: DOC: proxy-protocol: clarify UDP usage X-Git-Tag: v3.4-dev12~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6e9b9196bd092d1d115a344e917f72b7dd7249cb;p=thirdparty%2Fhaproxy.git DOC: proxy-protocol: clarify UDP usage the proxy protocol spec didn't specify UDP and therefore most implementations treat it as a TCP connection and re-use the last send information for a ip/port pair. This change makes it more clear. --- diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt index 18d7031d5..7387faaa2 100644 --- a/doc/proxy-protocol.txt +++ b/doc/proxy-protocol.txt @@ -1,4 +1,4 @@ -2020/03/05 Willy Tarreau +2026/04/27 Willy Tarreau HAProxy Technologies The PROXY protocol Versions 1 & 2 @@ -31,6 +31,7 @@ Revision history 2025/09/09 - added SSL-related TLVs for key exchange group and signature scheme (Steven Collison) 2026/01/15 - added SSL client certificate TLV (Simon Ser) + 2026/04/27 - clarified UDP usage (Valaphee) 1. Background @@ -175,6 +176,11 @@ The receiver may apply a short timeout and decide to abort the connection if the protocol header is not seen within a few seconds (at least 3 seconds to cover a TCP retransmit). +For UDP, the PROXY protocol header and the proxied UDP payload MUST be sent in +the same datagram. The sender MUST NOT split the PROXY protocol header across +multiple UDP datagrams, and the receiver MUST parse the header independently +for each received datagram. + The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. This means that the protocol explicitly prevents port sharing between