upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-26 00:27:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
haproxy/include/haproxy/session.h

324 lines
9.4 KiB
C
Raw Normal View History

MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
/*
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
* include/haproxy/session.h
* This file contains functions used to manage sessions.
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
*
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#ifndef _HAPROXY_SESSION_H
#define _HAPROXY_SESSION_H
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
#include <haproxy/connection.h>
REORG: include: split global.h into haproxy/global{,-t}.h global.h was one of the messiest files, it has accumulated tons of implicit dependencies and declares many globals that make almost all other file include it. It managed to silence a dependency loop between server.h and proxy.h by being well placed to pre-define the required structs, forcing struct proxy and struct server to be forward-declared in a significant number of files. It was split in to, one which is the global struct definition and the few macros and flags, and the rest containing the functions prototypes. The UNIX_MAX_PATH definition was moved to compat.h.
2020-06-04 11:05:57 -04:00
#include <haproxy/global-t.h>
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#include <haproxy/obj_type-t.h>
#include <haproxy/pool.h>
REORG: include: move server.h to haproxy/server{,-t}.h extern struct dict server_name_dict was moved from the type file to the main file. A handful of inlined functions were moved at the bottom of the file. Call places were updated to use server-t.h when relevant, or to simply drop the entry when not needed.
2020-06-04 17:20:13 -04:00
#include <haproxy/server.h>
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#include <haproxy/session-t.h>
REORG: include: move stick_table.h to haproxy/stick_table{,-t}.h The stktable_types[] array declaration was moved to the main file as it had nothing to do in the types. A few declarations were reordered in the types file so that defines were before the structs. Thread-t was added since there are a few __decl_thread(). The loss of peers.h revealed that cfgparse-listen needed it.
2020-06-04 12:46:44 -04:00
#include <haproxy/stick_table.h>
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
extern struct pool_head *pool_head_session;
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
extern struct pool_head *pool_head_sess_srv_list;
MINOR: session: introduce session_new() This one creates a new session and does the minimum initialization.
2015-04-04 18:38:48 -04:00
struct session *session_new(struct proxy *fe, struct listener *li, enum obj_type *origin);
MINOR: session: implement session_free() and use it everywhere We want to call this one everywhere we have to kill a session so that future parts we move to the session can be released from there.
2015-04-04 09:54:03 -04:00
void session_free(struct session *sess);
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 11:37:17 -04:00
int session_accept_fd(struct connection *cli_conn);
MEDIUM: connections: Get ride of the xprt_done callback. The xprt_done_cb callback was used to defer some connection initialization until we're connected and the handshake are done. As it mostly consists of creating the mux, instead of using the callback, introduce a conn_create_mux() function, that will just call conn_complete_session() for frontend, and create the mux for backend. In h2_wake(), make sure we call the wake method of the stream_interface, as we no longer wakeup the stream task.
2020-01-22 12:08:48 -05:00
int conn_complete_session(struct connection *conn);
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 10:09:26 -05:00
struct task *session_expire_embryonic(struct task *t, void *context, unsigned int state);
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
/* Remove the refcount from the session to the tracked counters, and clear the
* pointer to ensure this is only performed once. The caller is responsible for
* ensuring that the pointer is valid first.
*/
static inline void session_store_counters(struct session *sess)
{
void *ptr;
int i;
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
struct stksess *ts;
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
for (i = 0; i < MAX_SESS_STKCTR; i++) {
struct stkctr *stkctr = &sess->stkctr[i];
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
ts = stkctr_entry(stkctr);
if (!ts)
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
continue;
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_CONN_CUR);
if (ptr) {
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
MINOR: stick-table: make skttable_data_cast to use only std types This patch replaces all advanced data type aliases on stktable_data_cast calls by standard types. This way we could call the same stktable_data_cast regardless of the used advanced data type as long they are using the same std type. It also removes all the advanced data type aliases.
2021-06-30 11:18:28 -04:00
if (stktable_data_cast(ptr, std_t_uint) > 0)
stktable_data_cast(ptr, std_t_uint)--;
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
BUG/MEDIUM: peers: fix some track counter rules dont register entries for sync. This BUG was introduced with: 'MEDIUM: threads/stick-tables: handle multithreads on stick tables' The API was reviewed to handle stick table entry updates asynchronously and the caller must now call a 'stkable_touch_*' function each time the content of an entry is modified to register the entry to be synced. There was missing call to stktable_touch_* resulting in not propagated entries to remote peers (or local one during reload)
2017-11-29 10:15:07 -05:00
/* If data was modified, we need to touch to re-schedule sync */
stktable_touch_local(stkctr->table, ts, 0);
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
}
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
stkctr_set_entry(stkctr, NULL);
MEDIUM: threads/stick-tables: handle multithreads on stick tables The stick table API was slightly reworked: A global spin lock on stick table was added to perform lookup and insert in a thread safe way. The handling of refcount on entries is now handled directly by stick tables functions under protection of this lock and was removed from the code of callers. The "stktable_store" function is no more externalized and users should now use "stktable_set_entry" in any case of insertion. This last one performs a lookup followed by a store if not found. So the code using "stktable_store" was re-worked. Lookup, and set_entry functions automatically increase the refcount of the returned/stored entry. The function "sticktable_touch" was renamed "sticktable_touch_local" and is now able to decrease the refcount if last arg is set to true. It is allowing to release the entry without taking the lock twice. A new function "sticktable_touch_remote" is now used to insert entries coming from remote peers at the right place in the update tree. The code of peer update was re-worked to use this new function. This function is also able to decrease the refcount if wanted. The function "stksess_kill" also handle a parameter to decrease the refcount on the entry. A read/write lock is added on each entry to protect the data content updates of the entry.
2017-06-13 13:37:32 -04:00
stksess_kill_if_expired(stkctr->table, ts, 1);
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
}
}
MINOR: session: Add functions to increase http values of tracked counters cumulative numbers of http request and http errors of counters tracked at the session level and their rates can now be updated at the session level thanks to two new functions. These functions are not used for now, but it will be called to keep tracked counters up-to-date if an error occurs before the stream creation.
2020-10-06 08:23:34 -04:00
/* Increase the number of cumulated HTTP requests in the tracked counters */
static inline void session_inc_http_req_ctr(struct session *sess)
{
int i;
for (i = 0; i < MAX_SESS_STKCTR; i++)
stkctr_inc_http_req_ctr(&sess->stkctr[i]);
}
/* Increase the number of cumulated failed HTTP requests in the tracked
* counters. Only 4xx requests should be counted here so that we can
* distinguish between errors caused by client behaviour and other ones.
* Note that even 404 are interesting because they're generally caused by
* vulnerability scans.
*/
static inline void session_inc_http_err_ctr(struct session *sess)
{
int i;
for (i = 0; i < MAX_SESS_STKCTR; i++)
stkctr_inc_http_err_ctr(&sess->stkctr[i]);
}
MINOR: stick-tables/counters: add http_fail_cnt and http_fail_rate data types Historically we've been counting lots of client-triggered events in stick tables to help detect misbehaving ones, but we've been missing the same on the server side, and there's been repeated requests for being able to count the server errors per URL in order to precisely monitor the quality of service or even to avoid routing requests to certain dead services, which is also called "circuit breaking" nowadays. This commit introduces http_fail_cnt and http_fail_rate, which work like http_err_cnt and http_err_rate in that they respectively count events and their frequency, but they only consider server-side issues such as network errors, unparsable and truncated responses, and 5xx status codes other than 501 and 505 (since these ones are usually triggered by the client). Note that retryable errors are purposely not accounted for, so that only what the client really sees is considered. With this it becomes very simple to put some protective measures in place to perform a redirect or return an excuse page when the error rate goes beyond a certain threshold for a given URL, and give more chances to the server to recover from this condition. Typically it could look like this to bypass a URL causing more than 10 requests per second: stick-table type string len 80 size 4k expire 1m store http_fail_rate(1m) http-request track-sc0 base # track host+path, ignore query string http-request return status 503 content-type text/html \ lf-file excuse.html if { sc0_http_fail_rate gt 10 } A more advanced mechanism using gpt0 could even implement high/low rates to disable/enable the service. Reg-test converteers_ref_cnt_never_dec.vtc was updated to test it.
2021-02-10 06:07:15 -05:00
/* Increase the number of cumulated failed HTTP responses in the tracked
* counters. Only some 5xx responses should be counted here so that we can
* distinguish between server failures and errors triggered by the client
* (i.e. 501 and 505 may be triggered and must be ignored).
*/
static inline void session_inc_http_fail_ctr(struct session *sess)
{
int i;
for (i = 0; i < MAX_SESS_STKCTR; i++)
stkctr_inc_http_fail_ctr(&sess->stkctr[i]);
}
MINOR: session: Add functions to increase http values of tracked counters cumulative numbers of http request and http errors of counters tracked at the session level and their rates can now be updated at the session level thanks to two new functions. These functions are not used for now, but it will be called to keep tracked counters up-to-date if an error occurs before the stream creation.
2020-10-06 08:23:34 -04:00
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
/* Remove the connection from the session list, and destroy the srv_list if it's now empty */
static inline void session_unown_conn(struct session *sess, struct connection *conn)
MAJOR: sessions: Store multiple outgoing connections in the session. Instead of just storing the last connection in the session, store all of the connections, for at most MAX_SRV_LIST (currently 5) targets. That way we can do keepalive on more than 1 outgoing connection when the client uses HTTP/2.
2018-11-30 11:24:55 -05:00
{
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
struct sess_srv_list *srv_list = NULL;
MINOR: session: Take care to decrement idle_conns counter in session_unown_conn So conn_free() only calls session_unown_conn() if necessary. The details are now fully handled by session_unown_conn().
2020-07-02 09:56:23 -04:00
MINOR: connection: move session_list member in a union Move the session_list attach point in an anonymous union. This member is only used for backend connections. This commit is in preparation for the support of stopping frontend idling connections which will add another member to the union. This change means that a special care must be taken to be sure that only backend connections manipulate the session_list. A few BUG_ON has been added as special guard to prevent from misuse.
2021-05-03 08:28:30 -04:00
BUG_ON(objt_listener(conn->target));
BUG/MAJOR: connection: reset conn->owner when detaching from session list Baptiste reported a new crash affecting 2.3 which can be triggered when using H2 on the backend, with http-reuse always and with a tens of clients doing close only. There are a few combined cases which cause this to happen, but each time the issue is the same, an already freed session is dereferenced in session_unown_conn(). Two cases were identified to cause this: - a connection referencing a session as its owner, which is detached from the session's list and is destroyed after this session ends. The test on conn->owner before calling session_unown_conn() is not sufficent as the pointer is not null but is not valid anymore. - a connection that never goes idle and that gets killed form the mux, where session_free() is called first, then conn_free() calls session_unown_conn() which scans the just freed session for older connections. This one is only triggered with DEBUG_UAF The reason for this session to be present here is that it's needed during the connection setup, to be passed to conn_install_mux_be() to mux->init() as the owning session, but it's never deleted aftrewards. Furthermore, even conn_session_free() doesn't delete this pointer after freeing the session that lies there. Both do definitely result in a use-after-free that's more easily triggered under DEBUG_UAF. This patch makes sure that the owner is always deleted after detaching or killing the session. However it is currently not possible to clear the owner right after a synchronous init because the proxy protocol apparently needs it (a reg test checks this), and if we leave it past the connection setup with the session not attached anywhere, it's hard to catch the right moment to detach it. This means that the session may remain in conn->owner as long as the connection has never been added to nor removed from the session's idle list. Given that this patch needs to remain simple enough to be backported, instead it adds a workaround in session_unown_conn() to detect that the element is already not attached anywhere. This fix absolutely requires previous patch "CLEANUP: connection: do not use conn->owner when the session is known" otherwise the situation will be even worse, as some places used to rely on conn->owner instead of the session. The fix could theorically be backported as far as 1.8. However, the code in this area has significantly changed along versions and there are more risks of breaking working stuff than fixing real issues there. The issue was really woken up in two steps during 2.3-dev when slightly reworking the idle conns with commit 08016ab82 ("MEDIUM: connection: Add private connections synchronously in session server list") and when adding support for storing used H2 connections in the session and adding the necessary call to session_unown_conn() in the muxes. But the same test managed to crash 2.2 when built in DEBUG_UAF and patched like this, proving that we used to already leave dangling pointers behind us: | diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h | index f8f235c1a..dd30b5f80 100644 | --- a/include/haproxy/connection.h | +++ b/include/haproxy/connection.h | @@ -458,6 +458,10 @@ static inline void conn_free(struct connection *conn) | sess->idle_conns--; | session_unown_conn(sess, conn); | } | + else { | + struct session *sess = conn->owner; | + BUG_ON(sess && sess->origin != &conn->obj_type); | + } | | sockaddr_free(&conn->src); | sockaddr_free(&conn->dst); It's uncertain whether an existing code path there can lead to dereferencing conn->owner when it's bad, though certain suspicious memory corruption bugs make one think it's a likely candidate. The patch should not be hard to adapt there. Backports to 2.1 and older are left to the appreciation of the person doing the backport. A reproducer consists in this: global nbthread 1 listen l bind :9000 mode http http-reuse always server s 127.0.0.1:8999 proto h2 frontend f bind :8999 proto h2 mode http http-request return status 200 Then this will make it crash within 2-3 seconds: $ h1load -e -r 1 -c 10 http://0:9000/ If it does not, it might be that DEBUG_UAF was not used (it's harder then) and it might be useful to restart.
2020-11-20 11:22:44 -05:00
/* WT: this currently is a workaround for an inconsistency between
* the link status of the connection in the session list and the
* connection's owner. This should be removed as soon as all this
* is addressed. Right now it's possible to enter here with a non-null
* conn->owner that points to a dead session, but in this case the
* element is not linked.
*/
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
if (!LIST_INLIST(&conn->session_list))
BUG/MAJOR: connection: reset conn->owner when detaching from session list Baptiste reported a new crash affecting 2.3 which can be triggered when using H2 on the backend, with http-reuse always and with a tens of clients doing close only. There are a few combined cases which cause this to happen, but each time the issue is the same, an already freed session is dereferenced in session_unown_conn(). Two cases were identified to cause this: - a connection referencing a session as its owner, which is detached from the session's list and is destroyed after this session ends. The test on conn->owner before calling session_unown_conn() is not sufficent as the pointer is not null but is not valid anymore. - a connection that never goes idle and that gets killed form the mux, where session_free() is called first, then conn_free() calls session_unown_conn() which scans the just freed session for older connections. This one is only triggered with DEBUG_UAF The reason for this session to be present here is that it's needed during the connection setup, to be passed to conn_install_mux_be() to mux->init() as the owning session, but it's never deleted aftrewards. Furthermore, even conn_session_free() doesn't delete this pointer after freeing the session that lies there. Both do definitely result in a use-after-free that's more easily triggered under DEBUG_UAF. This patch makes sure that the owner is always deleted after detaching or killing the session. However it is currently not possible to clear the owner right after a synchronous init because the proxy protocol apparently needs it (a reg test checks this), and if we leave it past the connection setup with the session not attached anywhere, it's hard to catch the right moment to detach it. This means that the session may remain in conn->owner as long as the connection has never been added to nor removed from the session's idle list. Given that this patch needs to remain simple enough to be backported, instead it adds a workaround in session_unown_conn() to detect that the element is already not attached anywhere. This fix absolutely requires previous patch "CLEANUP: connection: do not use conn->owner when the session is known" otherwise the situation will be even worse, as some places used to rely on conn->owner instead of the session. The fix could theorically be backported as far as 1.8. However, the code in this area has significantly changed along versions and there are more risks of breaking working stuff than fixing real issues there. The issue was really woken up in two steps during 2.3-dev when slightly reworking the idle conns with commit 08016ab82 ("MEDIUM: connection: Add private connections synchronously in session server list") and when adding support for storing used H2 connections in the session and adding the necessary call to session_unown_conn() in the muxes. But the same test managed to crash 2.2 when built in DEBUG_UAF and patched like this, proving that we used to already leave dangling pointers behind us: | diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h | index f8f235c1a..dd30b5f80 100644 | --- a/include/haproxy/connection.h | +++ b/include/haproxy/connection.h | @@ -458,6 +458,10 @@ static inline void conn_free(struct connection *conn) | sess->idle_conns--; | session_unown_conn(sess, conn); | } | + else { | + struct session *sess = conn->owner; | + BUG_ON(sess && sess->origin != &conn->obj_type); | + } | | sockaddr_free(&conn->src); | sockaddr_free(&conn->dst); It's uncertain whether an existing code path there can lead to dereferencing conn->owner when it's bad, though certain suspicious memory corruption bugs make one think it's a likely candidate. The patch should not be hard to adapt there. Backports to 2.1 and older are left to the appreciation of the person doing the backport. A reproducer consists in this: global nbthread 1 listen l bind :9000 mode http http-reuse always server s 127.0.0.1:8999 proto h2 frontend f bind :8999 proto h2 mode http http-request return status 200 Then this will make it crash within 2-3 seconds: $ h1load -e -r 1 -c 10 http://0:9000/ If it does not, it might be that DEBUG_UAF was not used (it's harder then) and it might be useful to restart.
2020-11-20 11:22:44 -05:00
return;
MINOR: session: Take care to decrement idle_conns counter in session_unown_conn So conn_free() only calls session_unown_conn() if necessary. The details are now fully handled by session_unown_conn().
2020-07-02 09:56:23 -04:00
if (conn->flags & CO_FL_SESS_IDLE)
sess->idle_conns--;
MINOR: connection: improve list api usage Replace !LIST_ISEMPTY by LIST_ADDED and LIST_DEL+LIST_INIT by LIST_DEL_INIT for connection session list.
2020-10-14 12:17:05 -04:00
LIST_DEL_INIT(&conn->session_list);
BUG/MAJOR: connection: reset conn->owner when detaching from session list Baptiste reported a new crash affecting 2.3 which can be triggered when using H2 on the backend, with http-reuse always and with a tens of clients doing close only. There are a few combined cases which cause this to happen, but each time the issue is the same, an already freed session is dereferenced in session_unown_conn(). Two cases were identified to cause this: - a connection referencing a session as its owner, which is detached from the session's list and is destroyed after this session ends. The test on conn->owner before calling session_unown_conn() is not sufficent as the pointer is not null but is not valid anymore. - a connection that never goes idle and that gets killed form the mux, where session_free() is called first, then conn_free() calls session_unown_conn() which scans the just freed session for older connections. This one is only triggered with DEBUG_UAF The reason for this session to be present here is that it's needed during the connection setup, to be passed to conn_install_mux_be() to mux->init() as the owning session, but it's never deleted aftrewards. Furthermore, even conn_session_free() doesn't delete this pointer after freeing the session that lies there. Both do definitely result in a use-after-free that's more easily triggered under DEBUG_UAF. This patch makes sure that the owner is always deleted after detaching or killing the session. However it is currently not possible to clear the owner right after a synchronous init because the proxy protocol apparently needs it (a reg test checks this), and if we leave it past the connection setup with the session not attached anywhere, it's hard to catch the right moment to detach it. This means that the session may remain in conn->owner as long as the connection has never been added to nor removed from the session's idle list. Given that this patch needs to remain simple enough to be backported, instead it adds a workaround in session_unown_conn() to detect that the element is already not attached anywhere. This fix absolutely requires previous patch "CLEANUP: connection: do not use conn->owner when the session is known" otherwise the situation will be even worse, as some places used to rely on conn->owner instead of the session. The fix could theorically be backported as far as 1.8. However, the code in this area has significantly changed along versions and there are more risks of breaking working stuff than fixing real issues there. The issue was really woken up in two steps during 2.3-dev when slightly reworking the idle conns with commit 08016ab82 ("MEDIUM: connection: Add private connections synchronously in session server list") and when adding support for storing used H2 connections in the session and adding the necessary call to session_unown_conn() in the muxes. But the same test managed to crash 2.2 when built in DEBUG_UAF and patched like this, proving that we used to already leave dangling pointers behind us: | diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h | index f8f235c1a..dd30b5f80 100644 | --- a/include/haproxy/connection.h | +++ b/include/haproxy/connection.h | @@ -458,6 +458,10 @@ static inline void conn_free(struct connection *conn) | sess->idle_conns--; | session_unown_conn(sess, conn); | } | + else { | + struct session *sess = conn->owner; | + BUG_ON(sess && sess->origin != &conn->obj_type); | + } | | sockaddr_free(&conn->src); | sockaddr_free(&conn->dst); It's uncertain whether an existing code path there can lead to dereferencing conn->owner when it's bad, though certain suspicious memory corruption bugs make one think it's a likely candidate. The patch should not be hard to adapt there. Backports to 2.1 and older are left to the appreciation of the person doing the backport. A reproducer consists in this: global nbthread 1 listen l bind :9000 mode http http-reuse always server s 127.0.0.1:8999 proto h2 frontend f bind :8999 proto h2 mode http http-request return status 200 Then this will make it crash within 2-3 seconds: $ h1load -e -r 1 -c 10 http://0:9000/ If it does not, it might be that DEBUG_UAF was not used (it's harder then) and it might be useful to restart.
2020-11-20 11:22:44 -05:00
conn->owner = NULL;
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == conn->target) {
if (LIST_ISEMPTY(&srv_list->conn_list)) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&srv_list->srv_list);
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
pool_free(pool_head_sess_srv_list, srv_list);
}
MAJOR: sessions: Store multiple outgoing connections in the session. Instead of just storing the last connection in the session, store all of the connections, for at most MAX_SRV_LIST (currently 5) targets. That way we can do keepalive on more than 1 outgoing connection when the client uses HTTP/2.
2018-11-30 11:24:55 -05:00
break;
}
}
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
}
MEDIUM: connection: Add private connections synchronously in session server list When a connection is marked as private, it is now added in the session server list. We don't wait a stream is detached from the mux to do so. When the connection is created, this happens after the mux creation. Otherwise, it is performed when the connection is marked as private. To allow that, when a connection is created, the session is systematically set as the connectin owner. Thus, a backend connection has always a owner during its creation. And a private connection has always a owner until its death. Note that outside the detach() callback, if the call to session_add_conn() failed, the error is ignored. In this situation, we retry to add the connection into the session server list in the detach() callback. If this fails at this step, the multiplexer is destroyed and the connection is closed.
2020-07-01 10:10:06 -04:00
/* Add the connection <conn> to the server list of the session <sess>. This
* function is called only if the connection is private. Nothing is performed if
* the connection is already in the session sever list or if the session does
* not own the connection.
*/
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
static inline int session_add_conn(struct session *sess, struct connection *conn, void *target)
{
struct sess_srv_list *srv_list = NULL;
int found = 0;
MAJOR: sessions: Store multiple outgoing connections in the session. Instead of just storing the last connection in the session, store all of the connections, for at most MAX_SRV_LIST (currently 5) targets. That way we can do keepalive on more than 1 outgoing connection when the client uses HTTP/2.
2018-11-30 11:24:55 -05:00
MINOR: connection: move session_list member in a union Move the session_list attach point in an anonymous union. This member is only used for backend connections. This commit is in preparation for the support of stopping frontend idling connections which will add another member to the union. This change means that a special care must be taken to be sure that only backend connections manipulate the session_list. A few BUG_ON has been added as special guard to prevent from misuse.
2021-05-03 08:28:30 -04:00
BUG_ON(objt_listener(conn->target));
MEDIUM: connection: Add private connections synchronously in session server list When a connection is marked as private, it is now added in the session server list. We don't wait a stream is detached from the mux to do so. When the connection is created, this happens after the mux creation. Otherwise, it is performed when the connection is marked as private. To allow that, when a connection is created, the session is systematically set as the connectin owner. Thus, a backend connection has always a owner during its creation. And a private connection has always a owner until its death. Note that outside the detach() callback, if the call to session_add_conn() failed, the error is ignored. In this situation, we retry to add the connection into the session server list in the detach() callback. If this fails at this step, the multiplexer is destroyed and the connection is closed.
2020-07-01 10:10:06 -04:00
/* Already attach to the session or not the connection owner */
CLEANUP: connection: do not use conn->owner when the session is known At a few places we used to rely on conn->owner to retrieve the session while the session is already known. This is not correct because at some of these points the reason the connection's owner was still the session (instead of NULL) is a mistake. At one place a comparison is even made between the session and conn->owner assuming it's valid without checking if it's NULL. Let's clean this up to use the session all the time. Note that this will be needed for a forthcoming fix and will have to be backported.
2020-11-20 11:08:15 -05:00
if (!LIST_ISEMPTY(&conn->session_list) || (conn->owner && conn->owner != sess))
MEDIUM: connection: Add private connections synchronously in session server list When a connection is marked as private, it is now added in the session server list. We don't wait a stream is detached from the mux to do so. When the connection is created, this happens after the mux creation. Otherwise, it is performed when the connection is marked as private. To allow that, when a connection is created, the session is systematically set as the connectin owner. Thus, a backend connection has always a owner during its creation. And a private connection has always a owner until its death. Note that outside the detach() callback, if the call to session_add_conn() failed, the error is ignored. In this situation, we retry to add the connection into the session server list in the detach() callback. If this fails at this step, the multiplexer is destroyed and the connection is closed.
2020-07-01 10:10:06 -04:00
return 1;
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == target) {
found = 1;
break;
}
}
if (!found) {
/* The session has no connection for the server, create a new entry */
srv_list = pool_alloc(pool_head_sess_srv_list);
if (!srv_list)
return 0;
srv_list->target = target;
LIST_INIT(&srv_list->conn_list);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&sess->srv_list, &srv_list->srv_list);
MAJOR: sessions: Store multiple outgoing connections in the session. Instead of just storing the last connection in the session, store all of the connections, for at most MAX_SRV_LIST (currently 5) targets. That way we can do keepalive on more than 1 outgoing connection when the client uses HTTP/2.
2018-11-30 11:24:55 -05:00
}
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&srv_list->conn_list, &conn->session_list);
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
return 1;
MAJOR: sessions: Store multiple outgoing connections in the session. Instead of just storing the last connection in the session, store all of the connections, for at most MAX_SRV_LIST (currently 5) targets. That way we can do keepalive on more than 1 outgoing connection when the client uses HTTP/2.
2018-11-30 11:24:55 -05:00
}
MEDIUM: connection: Add private connections synchronously in session server list When a connection is marked as private, it is now added in the session server list. We don't wait a stream is detached from the mux to do so. When the connection is created, this happens after the mux creation. Otherwise, it is performed when the connection is marked as private. To allow that, when a connection is created, the session is systematically set as the connectin owner. Thus, a backend connection has always a owner during its creation. And a private connection has always a owner until its death. Note that outside the detach() callback, if the call to session_add_conn() failed, the error is ignored. In this situation, we retry to add the connection into the session server list in the detach() callback. If this fails at this step, the multiplexer is destroyed and the connection is closed.
2020-07-01 10:10:06 -04:00
/* Returns 0 if the session can keep the idle conn, -1 if it was destroyed. The
* connection must be private.
*/
MEDIUM: sessions: Don't keep an infinite number of idling connections. In session, don't keep an infinite number of connection that can idle. Add a new frontend parameter, "max-session-srv-conns" to set a max number, with a default value of 5.
2018-12-14 13:27:06 -05:00
static inline int session_check_idle_conn(struct session *sess, struct connection *conn)
{
MEDIUM: connection: Add private connections synchronously in session server list When a connection is marked as private, it is now added in the session server list. We don't wait a stream is detached from the mux to do so. When the connection is created, this happens after the mux creation. Otherwise, it is performed when the connection is marked as private. To allow that, when a connection is created, the session is systematically set as the connectin owner. Thus, a backend connection has always a owner during its creation. And a private connection has always a owner until its death. Note that outside the detach() callback, if the call to session_add_conn() failed, the error is ignored. In this situation, we retry to add the connection into the session server list in the detach() callback. If this fails at this step, the multiplexer is destroyed and the connection is closed.
2020-07-01 10:10:06 -04:00
/* Another session owns this connection */
if (conn->owner != sess)
return 0;
if (sess->idle_conns >= sess->fe->max_out_conns) {
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. When a session adds a connection to its connection list, we used to remove connections for an another server if there were not enough room for our server. This can't work, because those lists are now the list of connections we're responsible for, not just the idle connections. To fix this, allow for an unlimited number of servers, instead of using an array, we're now using a linked list.
2018-12-27 11:20:54 -05:00
session_unown_conn(sess, conn);
MEDIUM: sessions: Don't keep an infinite number of idling connections. In session, don't keep an infinite number of connection that can idle. Add a new frontend parameter, "max-session-srv-conns" to set a max number, with a default value of 5.
2018-12-14 13:27:06 -05:00
conn->owner = NULL;
BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown. When for some reason the session is not the owner of the connection anymore, make sure we remove CO_FL_SESS_IDLE, even if we're about to call conn->mux->destroy(), as the destroy may not destroy the connection immediately if it's still in use. This should be backported to 1.9. u
2019-05-02 06:04:15 -04:00
conn->flags &= ~CO_FL_SESS_IDLE;
BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy a mux This bug was introduced by the commit 2444aa5b ("MEDIUM: sessions: Don't be responsible for connections anymore."). In session_check_idle_conn(), when the mux is destroyed, its context must be passed as argument instead of the connection. It is de 2.2-dev bug. No need to backport.
2020-04-27 09:53:41 -04:00
conn->mux->destroy(conn->ctx);
MEDIUM: sessions: Don't be responsible for connections anymore. Make it so sessions are not responsible for connection anymore, except for connections that are private, and thus can't be shared, otherwise, as soon as a request is done, the session will just add the connection to the orphan connections pool. This will break http-reuse safe, but it is expected to be fixed later.
2020-01-20 07:56:01 -05:00
return -1;
MEDIUM: sessions: Keep track of which connections are idle. Instead of keeping track of the number of connections we're responsible for, keep track of the number of connections we're responsible for that we are currently considering idling (ie that we are not using, they may be in use by other sessions), that way we can actually reuse connections when we have more connections than the max configured.
2018-12-28 12:50:57 -05:00
} else {
conn->flags |= CO_FL_SESS_IDLE;
sess->idle_conns++;
MEDIUM: sessions: Don't keep an infinite number of idling connections. In session, don't keep an infinite number of connection that can idle. Add a new frontend parameter, "max-session-srv-conns" to set a max number, with a default value of 5.
2018-12-14 13:27:06 -05:00
}
return 0;
}
MEDIUM: session: update the session's stick counters upon session_free() Whenever session_free() is called, any possible stick counter stored in the session will be synchronized.
2015-04-04 10:31:16 -04:00
MINOR: connection: Use a dedicated function to look for a session's connection The session_get_conn() must now be used to look for an available connection matching a specific target for a given session. This simplifies a bit the connect_server() function.
2020-07-01 10:36:51 -04:00
/* Look for an available connection matching the target <target> in the server
* list of the session <sess>. It returns a connection if found. Otherwise it
* returns NULL.
*/
MINOR: backend: compare conn hash for session conn reuse Compare the connection hash when reusing a connection from the session. This ensures that a private connection is reused only if it shares the same set of parameters.
2021-01-25 04:29:35 -05:00
static inline struct connection *session_get_conn(struct session *sess, void *target, int64_t hash)
MINOR: connection: Use a dedicated function to look for a session's connection The session_get_conn() must now be used to look for an available connection matching a specific target for a given session. This simplifies a bit the connect_server() function.
2020-07-01 10:36:51 -04:00
{
struct connection *srv_conn = NULL;
struct sess_srv_list *srv_list;
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == target) {
list_for_each_entry(srv_conn, &srv_list->conn_list, session_list) {
BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns Idle connections do not work on 32-bit machines due to an alignment issue causing the connection nodes to be indexed with their lower 32-bits set to zero and the higher 32 ones containing the 32 lower bitss of the hash. The cause is the use of ebmb_node with an aligned data, as on this platform ebmb_node is only 32-bit aligned, leaving a hole before the following hash which is a uint64_t: $ pahole -C conn_hash_node ./haproxy struct conn_hash_node { struct ebmb_node node; /* 0 20 */ /* XXX 4 bytes hole, try to pack */ int64_t hash; /* 24 8 */ struct connection * conn; /* 32 4 */ /* size: 40, cachelines: 1, members: 3 */ /* sum members: 32, holes: 1, sum holes: 4 */ /* padding: 4 */ /* last cacheline: 40 bytes */ }; Instead, eb64 nodes should be used when it comes to simply storing a 64-bit key, and that is what this patch does. For backports, a variant consisting in simply marking the "hash" member with a "packed" attribute on the struct also does the job (tested), and might be preferable if the fix is difficult to adapt. Only 2.6 and 2.5 are affected by this.
2022-09-29 14:32:43 -04:00
if ((srv_conn->hash_node && srv_conn->hash_node->node.key == hash) &&
MINOR: backend: compare conn hash for session conn reuse Compare the connection hash when reusing a connection from the session. This ensures that a private connection is reused only if it shares the same set of parameters.
2021-01-25 04:29:35 -05:00
srv_conn->mux &&
(srv_conn->mux->avail_streams(srv_conn) > 0) &&
BUG/MEDIUM: session: only retrieve ready idle conn from session A bug was introduced by the early insertion of idle connections at the end of connect_server. It is possible to reuse a connection not yet ready waiting for an handshake (for example with proxy protocol or ssl). A wrong duplicate xprt_handshake_io_cb tasklet is thus registered as a side-effect. This triggers the BUG_ON statement of xprt_handshake_subscribe : BUG_ON(ctx->subs && ctx->subs != es); To counter this, a check is now present in session_get_conn to only return a connection without the flag CO_FL_WAIT_XPRT. This might cause sometimes the creation of dedicated server connections when in theory reuse could have been used, but probably only occurs rarely in real condition. This behavior is present since commit : MEDIUM: connection: Add private connections synchronously in session server list It could also be further exagerated by : MEDIUM: backend: add reused conn to sess if mux marked as HOL blocking It can be backported up to 2.3. NOTE : This bug seems to be only reproducible with mode tcp, for an unknown reason. However, reuse should never happen when not in http mode. This improper behavior will be the subject of a dedicated patch. This bug can easily be reproducible with the following config (a webserver is required to accept proxy protocol on port 31080) : global defaults mode tcp timeout connect 1s timeout server 1s timeout client 1s listen li bind 0.0.0.0:4444 server bla1 127.0.0.1:31080 check send-proxy-v2 with the inject client : $ inject -u 10000 -d 10 -G 127.0.0.1:4444 This should fix the github issue #1058.
2021-01-26 08:14:37 -05:00
!(srv_conn->flags & CO_FL_WAIT_XPRT)) {
MINOR: connection: Use a dedicated function to look for a session's connection The session_get_conn() must now be used to look for an available connection matching a specific target for a given session. This simplifies a bit the connect_server() function.
2020-07-01 10:36:51 -04:00
if (srv_conn->flags & CO_FL_SESS_IDLE) {
srv_conn->flags &= ~CO_FL_SESS_IDLE;
sess->idle_conns--;
}
goto end;
}
}
srv_conn = NULL; /* No available connection found */
goto end;
}
}
end:
return srv_conn;
}
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
/* Returns the source address of the session and fallbacks on the client
CLEANUP: assorted typo fixes in the code and comments This is 28th iteration of typo fixes
2021-11-20 13:11:12 -05:00
* connection if not set. It returns a const address on success or NULL on
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
* failure.
*/
static inline const struct sockaddr_storage *sess_src(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags That's similar to what was done for conn_streams and connections. The flags were only set exactly when the relevant pointers were allocated, so better test the pointer than the flag and stop setting the flag.
2022-05-02 11:51:51 -04:00
if (sess->src)
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
return sess->src;
if (cli_conn && conn_get_src(cli_conn))
return conn_src(cli_conn);
return NULL;
}
/* Returns the destination address of the session and fallbacks on the client
CLEANUP: assorted typo fixes in the code and comments This is 28th iteration of typo fixes
2021-11-20 13:11:12 -05:00
* connection if not set. It returns a const address on success or NULL on
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
* failure.
*/
static inline const struct sockaddr_storage *sess_dst(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags That's similar to what was done for conn_streams and connections. The flags were only set exactly when the relevant pointers were allocated, so better test the pointer than the flag and stop setting the flag.
2022-05-02 11:51:51 -04:00
if (sess->dst)
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
return sess->dst;
if (cli_conn && conn_get_dst(cli_conn))
return conn_dst(cli_conn);
return NULL;
}
/* Retrieves the source address of the session <sess>. Returns non-zero on
* success or zero on failure. The operation is only performed once and the
* address is stored in the session for future use. On the first call, the
* session source address is copied from the client connection one.
*/
static inline int sess_get_src(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
const struct sockaddr_storage *src = NULL;
MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags That's similar to what was done for conn_streams and connections. The flags were only set exactly when the relevant pointers were allocated, so better test the pointer than the flag and stop setting the flag.
2022-05-02 11:51:51 -04:00
if (sess->src)
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
return 1;
if (cli_conn && conn_get_src(cli_conn))
src = conn_src(cli_conn);
if (!src)
return 0;
if (!sockaddr_alloc(&sess->src, src, sizeof(*src)))
return 0;
return 1;
}
/* Retrieves the destination address of the session <sess>. Returns non-zero on
* success or zero on failure. The operation is only performed once and the
* address is stored in the session for future use. On the first call, the
* session destination address is copied from the client connection one.
*/
static inline int sess_get_dst(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
const struct sockaddr_storage *dst = NULL;
MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags That's similar to what was done for conn_streams and connections. The flags were only set exactly when the relevant pointers were allocated, so better test the pointer than the flag and stop setting the flag.
2022-05-02 11:51:51 -04:00
if (sess->dst)
MINOR: session: Add src and dst addresses to the session For now, these addresses are never set. But the idea is to be able to set client source and destination addresses at the session level without updating the connection ones. Functions to fill these addresses have been added: sess_get_src() and sess_get_dst(). If not already set, these functions relies on conn_get_src() and conn_get_dst() to fill session addresses. And just like for conncetions, sess_src() and sess_dst() may be used to get source and destination addresses. However, if not set, the corresponding address from the underlying client connection is returned. When this happens, the addresses is filled in the connection object.
2021-10-22 09:41:57 -04:00
return 1;
if (cli_conn && conn_get_dst(cli_conn))
dst = conn_dst(cli_conn);
if (!dst)
return 0;
if (!sockaddr_alloc(&sess->dst, dst, sizeof(*dst)))
return 0;
return 1;
}
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#endif /* _HAPROXY_SESSION_H */
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink