mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-21 13:02:55 +00:00
haproxy public development tree
301425b880
At this time haproxy supported only incompatible version negotiation feature which consists in sending a Version Negotiation packet after having received a long packet without compatible value in its version field. This version value is the version use to build the current packet. This patch does not modify this behavior. This patch adds the support for compatible version negotiation feature which allows endpoints to negotiate during the first flight or packets sent by the client the QUIC version to use for the connection (or after the first flight). This is done thanks to "version_information" parameter sent by both endpoints. To be short, the client offers a list of supported versions by preference order. The server (or haproxy listener) chooses the first version it also supported as negotiated version. This implementation has an impact on the tranport parameters handling (in both direcetions). Indeed, the server must sent its version information, but only after received and parsed the client transport parameters). So we cannot encode these parameters at the same time we instantiated a new connection. Add QUIC_TP_DRAFT_VERSION_INFORMATION(0xff73db) new transport parameter. Add tp_version_information new C struct to handle this new parameter. Implement quic_transport_param_enc_version_info() (resp. quic_transport_param_dec_version_info()) to encode (resp. decode) this parameter. Add qc_conn_finalize() which encodes the transport parameters and configure the TLS stack to send them. Add ->negotiated_ictx quic_conn C struct new member to store the Initial QUIC TLS context for the negotiated version. The Initial secrets derivation is version dependent. Rename ->version to ->original_version and add ->negotiated_version to this C struct to reflect the QUIC-VN RFC denomination. Modify most of the QUIC TLS API functions to pass a version as parameter. Export the QUIC version definitions to be reused at least from quic_tp.c (transport parameters. Move the token check after the QUIC connection lookup. As this is the original version which is sent into a Retry packet, and because this original version is stored into the connection, we must check the token after having retreived this connection. Add packet version to traces. See https://datatracker.ietf.org/doc/html/draft-ietf-quic-version-negotiation-08 for more information about this new feature. |
||
|---|---|---|
| .github | ||
| addons | ||
| admin | ||
| dev | ||
| doc | ||
| examples | ||
| include | ||
| reg-tests | ||
| scripts | ||
| src | ||
| tests | ||
| .cirrus.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| BRANCHES | ||
| CHANGELOG | ||
| CONTRIBUTING | ||
| INSTALL | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
| SUBVERS | ||
| VERDATE | ||
| VERSION | ||
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)