mirror of https://github.com/haproxy/haproxy.git synced 2026-04-21 06:06:59 -04:00

HAProxy - Load balancer

Find a file

Willy Tarreau 4de03e42cd BUG/MAJOR: mux-h2: force a hard error upon short read with pending error A risk of truncated packet was addressed in 2.9 by commit `19fb19976f` ("BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty") by ignoring CO_FL_ERROR after a recv() call as long as some data remained present in the buffer. However it has a side effect due to the fact that some frame processors only deal with full frames, for example, HEADERS. The side effect is that an incomplete frame will not be processed and will remain in the buffer, preventing the error from being taken into account, so the I/O handler wakes up the H2 parser to handle the error, and that one just subscribes for more data, and this loops forever wasting CPU cycles. Note that this only happens with errors at the SSL layer exclusively, otherwise we'd have a read0 pending that would properly be detected: conn->flags = CO_FL_XPRT_TRACKED \| CO_FL_ERROR \| CO_FL_XPRT_READY \| CO_FL_CTRL_READY conn->err_code = CO_ERR_SSL_FATAL h2c->flags = H2_CF_ERR_PENDING \| H2_CF_WINDOW_OPENED \| H2_CF_MBUF_HAS_DATA \| H2_CF_DEM_IN_PROGRESS \| H2_CF_DEM_SHORT_READ The condition to report the error in h2_recv() needs to be refined, so that connection errors are taken into account either when the buffer is empty, or when there's an incomplete frame, since we're certain it will never be completed. We're certain to enter that function because H2_CF_DEM_SHORT_READ implies too short a frame, and earlier there's a protocol check to validate that no frame size is larger than bufsize, hence a H2_CF_DEM_SHORT_READ implies there's some room left in the buffer and we're allowed to try to receive. The condition to reproduce the bug seems super hard to meet but was observed once by Patrick Hemmer who had the reflex to capture lots of information that allowed to explain the problem. In order to reproduce it, the SSL code had to be significantly modified to alter received contents at very empiric places, but that was sufficient to reproduce it and confirm that the current patch works as expected. The bug was tagged MAJOR because when it triggers there's no other solution to get rid of it but to restart the process. However given how hard it is to trigger on a lab, it does not seem very likely to occur in field. This needs to be backported to 2.9.		2024-07-17 15:07:47 +02:00
.github	CI: weekly QUIC Interop: try to fix private image	2024-07-10 09:43:02 +02:00
addons	BUG/MINOR: promex: Remove Help prefix repeated twice for each metric	2024-07-01 10:50:27 +02:00
admin	ADMIN: acme.sh: remove the old acme.sh code	2024-05-31 13:37:47 +02:00
dev	MEDIUM: mux-spop: Introduce the SPOP multiplexer	2024-07-12 15:27:04 +02:00
doc	DOC: spoe: Update SPOE documentation to reflect recent refactoring	2024-07-12 16:38:49 +02:00
examples	CLEANUP: assorted typo fixes in the code and comments	2023-11-23 16:23:14 +01:00
include	MINOR: debug: use LIM2A to show limits	2024-07-16 14:04:41 +02:00
reg-tests	MEDIUM: check/spoe: Use SPOP multiplexer to perform SPOP health-checks	2024-07-12 15:27:04 +02:00
scripts	SCRIPTS: create-release: no more need to skip architecture.txt	2024-07-10 15:38:45 +02:00
src	BUG/MAJOR: mux-h2: force a hard error upon short read with pending error	2024-07-17 15:07:47 +02:00
tests	MAJOR: import: update mt_list to support exponential back-off (try #2 )	2024-07-09 16:46:38 +02:00
.cirrus.yml	CI: FreeBSD: upgrade image, packages	2024-06-04 11:19:00 +02:00
.gitattributes	MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes	2021-02-22 18:17:57 +01:00
.gitignore	CONTRIB: Add vi file extensions to .gitignore	2023-06-02 18:14:34 +02:00
.mailmap	DOC: update Tim's address in .mailmap	2021-09-16 09:14:14 +02:00
.travis.yml	CI: travis-ci: temporarily disable arm64 builds	2021-08-07 07:28:15 +02:00
BRANCHES	DOC: fix some spelling issues over multiple files	2021-01-08 14:53:47 +01:00
BSDmakefile	BUILD: makefile: commit the tiny FreeBSD makefile stub	2023-05-24 17:17:36 +02:00
CHANGELOG	[RELEASE] Released version 3.1-dev3	2024-07-10 15:39:36 +02:00
CONTRIBUTING	CLEANUP: assorted typo fixes in the code and comments	2021-08-16 12:37:59 +02:00
INSTALL	DOC: install: don't reference removed CPU arg	2024-07-16 20:06:06 +02:00
LICENSE	LICENSE: add licence exception for OpenSSL	2012-09-07 13:52:26 +02:00
MAINTAINERS	MAJOR: spoe: Let the SPOE back into the game	2024-05-22 09:04:38 +02:00
Makefile	MEDIUM: mux-spop: Introduce the SPOP multiplexer	2024-07-12 15:27:04 +02:00
README.md	DOC: change the link to the FreeBSD CI in README.md	2024-06-03 15:21:29 +02:00
SUBVERS	BUILD: use format tags in VERDATE and SUBVERS files	2013-12-10 11:22:49 +01:00
VERDATE	[RELEASE] Released version 3.1-dev3	2024-07-10 15:39:36 +02:00
VERSION	[RELEASE] Released version 3.1-dev3	2024-07-10 15:39:36 +02:00

README.md

HAProxy

HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Installation

The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.

Getting help

The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.

The issue tracker is only for bug reports or feature requests.

Documentation

The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.

Please refer to the following files depending on what you're looking for:

INSTALL for instructions on how to build and install HAProxy
BRANCHES to understand the project's life cycle and what version to use
LICENSE for the project's license
CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory:

doc/intro.txt for a quick introduction on HAProxy
doc/configuration.txt for the configuration's reference manual
doc/lua.txt for the Lua's reference manual
doc/SPOE.txt for how to use the SPOE engine
doc/network-namespaces.txt for how to use network namespaces under Linux
doc/management.txt for the management guide
doc/regression-testing.txt for how to use the regression testing suite
doc/peers.txt for the peers protocol reference
doc/coding-style.txt for how to adopt HAProxy's coding style
doc/internals for developer-specific documentation (not all up to date)

License

HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.