Hi Wietse,

I have a good news for you. While fixing the bug and auditing all of
its extent, I noticed that the PROXY protocol doesn't use the CRC32
but CRC32c (the Castagnoli variant), which is *not* affected by the
signedness bug :

    crc = (crc >> 8) ^ crctable[(crc ^ (*buf++)) & 0xff];

I suspect that during your tests you might have used the hash_crc32()
function to emit your TLV field and that it does not match the one
checked by haproxy using hash_crc32c().

Thus you can freely continue to develop support for emitting the CRC32c
TLV header on your side without having to worry about my fix to propagate
through distro channels as it must work with any version supporting it
(unless there's a different bug in it but that's then a different story).

Thanks anyway for catching this ugly bug which I'm currently addressing!


Reply via email to