Compare commits
14 Commits
db46273b9b
...
ab3a2fb769
| Author | SHA1 | Date |
|---|---|---|
pepe
|
ab3a2fb769 | |
|
pepe
|
cf6cd5dbdc | |
Tristan
|
74413985ff | |
|
Tristan
|
ddfffa7c85 | |
|
Tristan
|
64b52d553f | |
|
Tristan
|
11147d1221 | |
|
Tristan
|
5c47064a60 | |
|
Tristan
|
6fa58b1fce | |
|
Tristan
|
6dc6132cdb | |
|
Tristan
|
58735255ff | |
|
Tristan
|
8fea6b3b41 | |
|
Tristan
|
774b7e96e6 | |
|
Tristan
|
961296131c | |
|
Tristan
|
fc02fa874c |
|
|
@ -34,14 +34,16 @@ variables: &default-variables
|
|||
.haproxy_stable: &haproxy-stable
|
||||
HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-2.7.git"
|
||||
HAPROXY_VERSION: 2.7-stable
|
||||
# https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=d28541d1fa946adb74510c969bd50b06c27bbad7
|
||||
HAPROXY_GITREF: "d28541d1fa946adb74510c969bd50b06c27bbad7"
|
||||
# https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=4dadaaafb20106619510fd3fc6f2819f47777729
|
||||
HAPROXY_GITREF: "4dadaaafb20106619510fd3fc6f2819f47777729"
|
||||
BUILD_PATCHES_DIR: "patches-stable"
|
||||
|
||||
.haproxy_dev: &haproxy-dev
|
||||
HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy.git"
|
||||
HAPROXY_VERSION: 2.8-dev
|
||||
# https://git.haproxy.org/?p=haproxy.git;a=commit;h=fc0ad29c292eb07496d29fd4375ba010e876bbf2
|
||||
HAPROXY_GITREF: "fc0ad29c292eb07496d29fd4375ba010e876bbf2"
|
||||
# https://git.haproxy.org/?p=haproxy.git;a=commit;h=9c317b1d35efe7f957ad101d902168aa77fa9117
|
||||
HAPROXY_GITREF: "9c317b1d35efe7f957ad101d902168aa77fa9117"
|
||||
BUILD_PATCHES_DIR: "patches-dev"
|
||||
|
||||
.build-job: &build-job
|
||||
image: registry.gitlab.com/mangadex-pub/debuilder/buster:main
|
||||
|
|
@ -119,7 +121,7 @@ vtest:
|
|||
- mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz
|
||||
- mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz
|
||||
- mkdir deps/quictls/dist && tar -C deps/quictls/dist -xf deps/quictls/quictls-dist.tar.gz
|
||||
- make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF"
|
||||
- make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR"
|
||||
needs: *needs-dependencies
|
||||
artifacts:
|
||||
expire_in: 7 days
|
||||
|
|
@ -133,7 +135,7 @@ vtest:
|
|||
- mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz
|
||||
- mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz
|
||||
- mkdir deps/quictls/dist && tar -C deps/quictls/dist -xf deps/quictls/quictls-dist.tar.gz
|
||||
- make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" build test
|
||||
- make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" build test
|
||||
needs:
|
||||
- *needs-dependencies
|
||||
- job: vtest
|
||||
|
|
@ -148,7 +150,7 @@ vtest:
|
|||
- mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz
|
||||
- mkdir deps/quictls/dist && tar -C deps/quictls/dist -xf deps/quictls/quictls-dist.tar.gz
|
||||
- export BUILD_MESSAGE="$CI_COMMIT_MESSAGE"
|
||||
- make -C haproxy dist-deb HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF"
|
||||
- make -C haproxy dist-deb HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR"
|
||||
- |
|
||||
set -euo pipefail
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ LUA_ARCHIVE = lua-dist.tar.gz
|
|||
all: build $(LUA_DESTDIR) $(LUA_ARCHIVE)
|
||||
|
||||
$(LUA_TARBALL):
|
||||
curl -fsSL -o "$(LUA_TARBALL)" "$(LUA_SOURCES)"
|
||||
xbps-fetch -o "$(LUA_TARBALL)" "$(LUA_SOURCES)"
|
||||
|
||||
$(LUA_BUILDIR): $(LUA_TARBALL)
|
||||
@if ! [ -d "$(LUA_BUILDIR)" ]; then mkdir -v "$(LUA_BUILDIR)"; fi
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ PCRE2_ARCHIVE = pcre2-dist.tar.gz
|
|||
all: build $(PCRE2_DESTDIR) $(PCRE2_ARCHIVE)
|
||||
|
||||
$(PCRE2_TARBALL):
|
||||
curl -fsSL -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)"
|
||||
xbps-fetch -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)"
|
||||
|
||||
$(PCRE2_BUILDIR): $(PCRE2_TARBALL)
|
||||
@if ! [ -d "$(PCRE2_BUILDIR)" ]; then mkdir -v "$(PCRE2_BUILDIR)"; fi
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
OPENSSL_VERSION = 1.1.1t
|
||||
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
|
||||
QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA)
|
||||
QUICTLS_TAG = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))-quic1
|
||||
|
||||
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_TAG)
|
||||
|
|
@ -13,16 +12,15 @@ QUICTLS_ARCHIVE = quictls-dist.tar.gz
|
|||
all: build $(QUICTLS_DESTDIR) $(QUICTLS_ARCHIVE)
|
||||
|
||||
$(QUICTLS_TARBALL):
|
||||
curl -sfS -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)"
|
||||
xbps-fetch -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)"
|
||||
|
||||
$(QUICTLS_BUILDIR): $(QUICTLS_TARBALL)
|
||||
@if ! [ -d "$(QUICTLS_BUILDIR)" ]; then mkdir -v "$(QUICTLS_BUILDIR)"; fi
|
||||
tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)"
|
||||
|
||||
build: $(QUICTLS_BUILDIR)
|
||||
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(OPENSSL_VERSION)+$(QUICTLS_BUILD_VERSION) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h"
|
||||
cd "$(QUICTLS_BUILDIR)" && CC=cc ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" no-shared
|
||||
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
|
||||
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)"
|
||||
"$(QUICTLS_BUILDIR)/apps/openssl" version
|
||||
$(MAKE) buildinfo_$(shell uname -s)
|
||||
|
||||
|
|
@ -42,7 +40,7 @@ $(QUICTLS_DESTDIR): build
|
|||
$(QUICTLS_DESTDIR_ABS)/opt/quictls/bin/openssl version
|
||||
|
||||
$(QUICTLS_ARCHIVE): $(QUICTLS_DESTDIR)
|
||||
tar -C "$(QUICTLS_DESTDIR)" -cjf "$(QUICTLS_ARCHIVE)" "opt"
|
||||
tar -C "$(QUICTLS_DESTDIR)" --owner=root:0 --group=root:0 -czf "$(QUICTLS_ARCHIVE)" "opt"
|
||||
|
||||
clean:
|
||||
rm -fv "$(QUICTLS_TARBALL)"
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ VTEST_DESTDIR = dist
|
|||
all: build $(VTEST_DESTDIR) $(VTEST_DESTDIR)
|
||||
|
||||
$(VTEST_TARBALL):
|
||||
curl -sfS -o "$(VTEST_TARBALL)" "$(VTEST_SOURCES)"
|
||||
xbps-fetch -o "$(VTEST_TARBALL)" "$(VTEST_SOURCES)"
|
||||
|
||||
$(VTEST_BUILDIR): $(VTEST_TARBALL)
|
||||
@if ! [ -d "$(VTEST_BUILDIR)" ]; then mkdir -v "$(VTEST_BUILDIR)"; fi
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
HAPROXY_GITREPO = https://git.haproxy.org/?p=haproxy-2.7.git
|
||||
HAPROXY_VERSION = 2.7-stable
|
||||
HAPROXY_GITREF = 1065b10007f4622f2af70fb114594a63af9c8c76
|
||||
HAPROXY_GITREF = 4dadaaafb20106619510fd3fc6f2819f47777729
|
||||
HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || echo "$(HAPROXY_GITREF)")
|
||||
HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)
|
||||
|
||||
|
|
@ -19,7 +19,7 @@ DEP_DIST_ROOT_VTEST = $(shell realpath ../deps/vtest/dist)
|
|||
|
||||
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
|
||||
|
||||
BUILD_PATCHES_DIR = $(shell realpath patches)
|
||||
BUILD_PATCHES_DIR = $(shell realpath patches-stable)
|
||||
BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR))
|
||||
DEBIAN_PATCHES_DIR = "$(HAPROXY_BUILDIR)/debian/patches"
|
||||
|
||||
|
|
@ -27,11 +27,9 @@ DEBUG_CFLAGS = -ggdb3 -gdwarf-4
|
|||
|
||||
MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \
|
||||
DEBUG_CFLAGS="$(DEBUG_CFLAGS)"\
|
||||
DEFINE="-DMAX_SESS_STKCTR=5" \
|
||||
IGNOREGIT=true \
|
||||
ADDLIB="-Wl,-rpath,/opt/quictls/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
EXTRAVERSION="+mangadex-$(BUILD_VERSION_REPOSHA)" \
|
||||
VERDATE="$(shell date -u -I'minutes')" \
|
||||
USE_LIBCRYPT=1 \
|
||||
USE_LUA=1 \
|
||||
|
|
@ -54,7 +52,6 @@ MAKEARGS_LINUX = $(MAKEARGS) \
|
|||
USE_PCRE2_JIT=1 \
|
||||
USE_STATIC_PCRE2=1 \
|
||||
USE_NS=1 \
|
||||
USE_SYSTEMD=1 \
|
||||
TARGET=linux-glibc
|
||||
|
||||
MAKEARGS_DARWIN = $(MAKEARGS) \
|
||||
|
|
@ -68,7 +65,7 @@ dist-bin: build $(HAPROXY_DESTDIR) $(HAPROXY_ARCHIVE)
|
|||
dist-deb: build-deb
|
||||
|
||||
$(HAPROXY_TARBALL):
|
||||
curl -sfS -o "$(HAPROXY_TARBALL)" "$(HAPROXY_SOURCES)"
|
||||
xbps-fetch -o "$(HAPROXY_TARBALL)" "$(HAPROXY_SOURCES)"
|
||||
|
||||
$(HAPROXY_BUILDIR): $(HAPROXY_TARBALL)
|
||||
@if ! [ -d "$(HAPROXY_BUILDIR)" ]; then mkdir -v "$(HAPROXY_BUILDIR)"; fi
|
||||
|
|
@ -105,7 +102,7 @@ $(HAPROXY_DESTDIR):
|
|||
$(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haproxy -vv
|
||||
|
||||
$(HAPROXY_ARCHIVE): $(HAPROXY_DESTDIR)
|
||||
tar -C "$(HAPROXY_DESTDIR)" -cjf "$(HAPROXY_ARCHIVE)" "usr"
|
||||
tar -C "$(HAPROXY_DESTDIR)" --owner=root:0 --group=root:0 -czf "$(HAPROXY_ARCHIVE)" "usr"
|
||||
|
||||
$(HAPROXY_DEBORIG): $(HAPROXY_TARBALL)
|
||||
cp -fv "$(HAPROXY_TARBALL)" "$(HAPROXY_DEBORIG)"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
From 9c317b1d35efe7f957ad101d902168aa77fa9117 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
|
||||
Date: Tue, 28 Mar 2023 15:39:11 +0200
|
||||
Subject: [PATCH] BUG/MINOR: quic: Missing padding in very short probe packets
|
||||
|
||||
This bug arrived with this commit:
|
||||
MINOR: quic: Send PING frames when probing Initial packet number space
|
||||
|
||||
This may happen when haproxy needs to probe the peer with very short packets
|
||||
(only one PING frame). In this case, the packet must be padded. There was clearly
|
||||
a case which was removed by the mentionned commit above. That said, there was
|
||||
an extra byte which was added to the PADDING frame before the mentionned commit
|
||||
above. This is no more the case with this patch.
|
||||
|
||||
Thank you to @tatsuhiro-t (ngtcp2 manager) for having reported this issue which
|
||||
was revealed by the keyupdate test (on client side).
|
||||
|
||||
Must be backported to 2.7 and 2.6.
|
||||
---
|
||||
src/quic_conn.c | 15 +++++++++++----
|
||||
1 file changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/quic_conn.c b/src/quic_conn.c
|
||||
index 25ece803909d..e512490cdcbb 100644
|
||||
--- a/src/quic_conn.c
|
||||
+++ b/src/quic_conn.c
|
||||
@@ -7659,10 +7659,17 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
|
||||
* is not coalesced to an Handshake packet. We must directly
|
||||
* pad the datragram.
|
||||
*/
|
||||
- if (pkt->type == QUIC_PACKET_TYPE_INITIAL && dglen < QUIC_INITIAL_PACKET_MINLEN) {
|
||||
- padding_len = QUIC_INITIAL_PACKET_MINLEN - dglen;
|
||||
- padding_len -= quic_int_getsize(len + padding_len) - len_sz;
|
||||
- len += padding_len;
|
||||
+ if (pkt->type == QUIC_PACKET_TYPE_INITIAL) {
|
||||
+ if (dglen < QUIC_INITIAL_PACKET_MINLEN) {
|
||||
+ padding_len = QUIC_INITIAL_PACKET_MINLEN - dglen;
|
||||
+ padding_len -= quic_int_getsize(len + padding_len) - len_sz;
|
||||
+ len += padding_len;
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ /* Note that +1 is for the PING frame */
|
||||
+ if (*pn_len + 1 < QUIC_PACKET_PN_MAXLEN)
|
||||
+ len += padding_len = QUIC_PACKET_PN_MAXLEN - *pn_len - 1;
|
||||
}
|
||||
}
|
||||
else {
|
||||
Loading…
Reference in New Issue