Re-ordered, and removed the last phrase.
diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
index 18d7031d5..7387faaa2 100644
--- a/doc/proxy-protocol.txt
+++ b/doc/proxy-protocol.txt
@@ -1,4 +1,4 @@
-2020/03/05 Willy
Tarreau
+2026/04/27 Willy
Tarreau
HAProxy
Technologies
The PROXY protocol
Versions 1 & 2
@@ -31,6 +31,7 @@ Revision history
2025/09/09 - added SSL-related TLVs for key exchange group and signature
scheme (Steven Collison)
2026/01/15 - added SSL client certificate TLV (Simon Ser)
+ 2026/04/27 - clarified UDP usage (Valaphee)
1. Background
@@ -175,6 +176,11 @@ The receiver may apply a short timeout and decide to
abort the connection if
the protocol header is not seen within a few seconds (at least 3 seconds to
cover a TCP retransmit).
+For UDP, the PROXY protocol header and the proxied UDP payload MUST be
sent in
+the same datagram. The sender MUST NOT split the PROXY protocol header
across
+multiple UDP datagrams, and the receiver MUST parse the header
independently
+for each received datagram.
+
The receiver MUST be configured to only receive the protocol described in
this
specification and MUST not try to guess whether the protocol header is
present
or not. This means that the protocol explicitly prevents port sharing
between
Am Mo., 27. Apr. 2026 um 15:13 Uhr schrieb Kevin Ludwig <[email protected]
>:
> Hi,
>
> the proxy protocol spec didn't specify UDP and therefore most
> implementations treat it as a TCP connection and re-use the last send
> information for a ip/port pair.
>
> This change makes it more clear.
>
> diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
> index 18d7031d5..12b40c677 100644
> --- a/doc/proxy-protocol.txt
> +++ b/doc/proxy-protocol.txt
> @@ -1,4 +1,4 @@
> -2020/03/05 Willy
> Tarreau
> +2026/04/27 Willy
> Tarreau
> HAProxy
> Technologies
> The PROXY protocol
> Versions 1 & 2
> @@ -31,6 +31,7 @@ Revision history
> 2025/09/09 - added SSL-related TLVs for key exchange group and
> signature
> scheme (Steven Collison)
> 2026/01/15 - added SSL client certificate TLV (Simon Ser)
> + 2026/04/27 - clarified UDP usage (Valaphee)
>
> 1. Background
>
> @@ -168,6 +169,13 @@ the receiver. But due to the places where such a
> protocol is used, the above
> simplification generally is acceptable because the risk of crossing such a
> device handling one byte at a time is close to zero.
>
> +For UDP, the PROXY protocol header and the proxied UDP payload MUST be
> sent in
> +the same datagram. The sender MUST NOT split the PROXY protocol header
> across
> +multiple UDP datagrams, and the receiver MUST parse the header
> independently
> +for each received datagram. A UDP datagram without a complete and valid
> PROXY
> +protocol header MUST NOT be processed as proxied traffic unless explicitly
> +permitted by local configuration.
> +
> The receiver MUST NOT start processing the connection before it receives a
> complete and valid PROXY protocol header. This is particularly important
> for
> protocols where the receiver is expected to speak first (eg: SMTP, FTP or
> SSH).
>
> --
> Have a nice day!
> Valaphee
>
