upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
HAProxy - Load balancer
25775 commits 30 branches 413 tags 227 MiB
C 98.1%
Shell 0.9%
Makefile 0.5%
Lua 0.2%
Python 0.1%
Find a file
Amaury Denoyelle 9481cef948
Some checks failed
Contrib / build (push) Has been cancelled
Details
alpine/musl / gcc (push) Has been cancelled
Details
VTest / Generate Build Matrix (push) Has been cancelled
Details
Windows / Windows, gcc, all features (push) Has been cancelled
Details
VTest / (push) Has been cancelled
Details
BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list 
A recent patch was introduced to fix a rare race condition in idle
connection code which would result in a crash. The issue is when MUX IO
handler run on top of connection moved in the purgeable list. The
connection would be considered as present in the idle list instead, and
reinserted in it at the end of the handler while still in the purge
list.

  096999ee20
  BUG/MEDIUM: connections: permit to permanently remove an idle conn

This patch solves the described issue. However, it introduces another
bug as it may clear connection flag when removing a connection from its
parent list. However, these flags now serve primarily as a status which
indicate that the connection is accounted by the server. When a backend
connection is freed, server idle/used counters are decremented
accordingly to these flags. With the above patch, an incorrect counter
could be adjusted and thus wrapping would occured.

The first impact of this bug is that it may distort the estimated number
of connections needed by servers, which would result either in poor
reuse rate or too many idle connections kept. Another noticeable impact
is that it may prevent server deletion.

The main problem of the original and current issues is that connection
flags are misinterpreted as telling if a connection is present in the
idle list. As already described here, in fact these flags are solely a
status which indicate that the connection is accounted in server
counters. Thus, here are the definitive conclusion that can be learned
here :

* (conn->flags & CO_FL_LIST_MASK) == 1:
  the connection is accounted by the server
  it may or may not be present in the idle list

* (conn->flags & CO_FL_LIST_MASK) == 0
  the connection is not accounted and not present in idle list

The discussion above does not mention session list, but a similar
pattern can be observed when CO_FL_SESS_IDLE flag is set.

To keep the original issue solved and fix the current one, IO MUX
handlers prologue are rewritten. Now, flags are not checked anymore for
list appartenance and LIST_INLIST macro is used instead. This is
definitely clearer with conn_in_list purpose here.

On IO MUX handlers end, conn idle flags may be checked if conn_in_list
was true, to reinsert the connection either in idle or safe list. This
is considered safe as no function should modify idle flags when a
connection is not stored in a list, except during conn_free() operation.

This patch must be backported to every stable versions after revert of
the above commit. It should be appliable up to 3.0 without any issue. On
2.8 and below, <idle_list> connection member does not exist. It should
be safe to check <leaf_p> tree node as a replacement.
2025-11-14 16:06:34 +01:00
.github CI: github: update to macos-26 2025-11-03 16:17:36 +01:00
addons MINOR: applet: Add a flag to know an applet is using HTX buffers 2025-08-25 11:11:05 +02:00
admin ADMIN: reload: introduce -vv mode 2025-09-29 19:29:10 +02:00
dev DEV: patchbot: use git reset+checkout instead of pull 2025-10-08 04:38:35 +02:00
doc MINOR: check: ensure QUIC checks configuration coherency 2025-11-14 13:42:08 +01:00
examples MINOR: mailers: warn if mailers are configured but not actually used 2025-06-27 16:41:18 +02:00
include Revert "BUG/MEDIUM: connections: permit to permanently remove an idle conn" 2025-11-14 16:06:34 +01:00
reg-tests REGTESTS: ssl: activate ssl_curve_name.vtc for AWS-LC 2025-11-14 11:01:45 +01:00
scripts SCRIPTS: build-ssl: fix rpath in AWS-LC install for openssl and bssl bin 2025-11-03 15:04:57 +01:00
src BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list 2025-11-14 16:06:34 +01:00
tests TESTS: quic: add unit-tests for QUIC TX part 2025-09-08 14:49:03 +02:00
.cirrus.yml CI: cirrus-ci: bump FreeBSD image to 14-3 2025-10-09 14:06:48 +02:00
.gitattributes MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes 2021-02-22 18:17:57 +01:00
.gitignore MINOR: tevt/dev: Add term_events tool 2025-01-31 10:41:50 +01:00
.mailmap DOC: update Tim's address in .mailmap 2021-09-16 09:14:14 +02:00
.travis.yml MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws 2024-11-20 12:07:38 +01:00
BRANCHES DOC: clarify the experimental status for certain features 2025-10-17 18:41:13 +02:00
BSDmakefile BUILD: makefile: commit the tiny FreeBSD makefile stub 2023-05-24 17:17:36 +02:00
CHANGELOG [RELEASE] Released version 3.3-dev12 2025-11-08 12:12:00 +01:00
CONTRIBUTING CLEANUP: assorted typo fixes in the code and comments 2025-04-02 11:12:20 +02:00
INSTALL BUILD: makefile: bump the default minimum linux version to 4.17 2025-09-05 09:44:56 +02:00
LICENSE LICENSE: add licence exception for OpenSSL 2012-09-07 13:52:26 +02:00
MAINTAINERS MAJOR: spoe: Let the SPOE back into the game 2024-05-22 09:04:38 +02:00
Makefile MEDIUM: ssl/ech: config and load keys 2025-10-30 10:37:12 +01:00
README.md DOC: change the link to the FreeBSD CI in README.md 2024-06-03 15:21:29 +02:00
SUBVERS BUILD: use format tags in VERDATE and SUBVERS files 2013-12-10 11:22:49 +01:00
VERDATE [RELEASE] Released version 3.3-dev12 2025-11-08 12:12:00 +01:00
VERSION [RELEASE] Released version 3.3-dev12 2025-11-08 12:12:00 +01:00

README.md

HAProxy

alpine/musl AWS-LC openssl no-deprecated Illumos NetBSD FreeBSD VTest

HAProxy logo

HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Installation

The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.

Getting help

The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.

The issue tracker is only for bug reports or feature requests.

Documentation

The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.

Please refer to the following files depending on what you're looking for:

  • INSTALL for instructions on how to build and install HAProxy
  • BRANCHES to understand the project's life cycle and what version to use
  • LICENSE for the project's license
  • CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory:

License

HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.