RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-30 10:06:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
haproxy public development tree
18,271 Commits 18 Branches 373 Tags 67 MiB
C 98.1%
Shell 0.8%
Makefile 0.6%
Python 0.2%
Lua 0.1%
0f45871344
Go to file
Willy Tarreau 0f45871344 BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle 
When switching to H2_CS_FRAME_H, we do not want to present the previous
frame's state, flags, length etc in traces, or we risk to confuse the
analysis, making the reader think that the header information presented
is related to the new frame header being analysed. A naive approach could
have consisted in simply relying on the current parser state (FRAME_H
being that state), but traces are emitted before switching the state,
so traces cannot rely on this.

This was initially addressed by commit 73db434f7 ("MINOR: h2/trace: report
the frame type when known") which used to set dsi to -1 when the connection
becomes idle again, but was accidentally broken by commit 5112a603d
("BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped
frames") which moved dsi after calling the trace function.

But in both cases there's problem with this approach. If an RST or WU frame
cannot be uploaded due to a busy mux, and at the same time we complete
processing on a perfect end of frame with no single new frame header, we
can leave the demux loop with dsi=-1 and with RST or WU to be sent, and
these ones will be sent for stream ID -1. This is what was reported in
github issue #1830. This can be reproduced with a config chaining an h1->h2
proxy to an empty h2 frontend, and uploading a large body such as below:

  $ (printf "POST / HTTP/1.1\r\nContent-length: 1000000000\r\n\r\n";
     cat /dev/zero) |  nc 0 4445 > /dev/null

This shows that we must never affect ->dsi which must always remain valid,
and instead we should set "something else". That something else could be
served by the demux frame type, but that one also needs to be preserved
for the RST_STREAM case. Instead, let's just add a connection flag to say
that the demuxing is in progress. This will be set once a new demux header
is set and reset after the end of a frame. This way the trace subsystem
can know that dft/dfl must not be displayed, without affecting the logic
relying on such values.

Given that the commits above are old and were backported to 1.8, this
new one also needs to be backported as far as 1.8.

Many thanks to David le Blanc (@systemmonkey42) for spotting, reporting,
capturing and analyzing this bug; his work permitted to quickly spot the
problem.
2022-08-19 08:03:53 +02:00
.github CI: enable weekly "m32" builds on x86_64 2022-08-06 17:10:16 +02:00
addons CLEANUP: assorted typo fixes in the code and comments 2022-08-06 17:12:51 +02:00
admin BUILD: halog: fix some incorrect signs in printf formats for integers 2022-04-12 08:40:38 +02:00
dev DEV: haring: support remapping LF in contents with CR VT 2022-08-12 12:11:30 +02:00
doc MINOR: stick-table: Add table_expire() and table_idle() new converters 2022-08-17 10:52:15 +02:00
examples EXAMPLES: remove completely outdated acl-content-sw.cfg 2022-05-30 18:14:24 +02:00
include MINOR: applet: add a function to reset the svcctx of an applet 2022-08-18 18:16:36 +02:00
reg-tests REGTESTS: add test for HTTP/2 cookies concatenation 2022-08-18 16:13:33 +02:00
scripts BUILD: SSL: allow to pass additional configure args to QUICTLS 2022-08-06 17:10:04 +02:00
src BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle 2022-08-19 08:03:53 +02:00
tests TESTS: add a unit test for one_among_mask() 2022-06-21 20:29:57 +02:00
.cirrus.yml
.gitattributes
.gitignore CLEANUP: exclude haring with .gitignore 2022-08-17 11:04:20 +02:00
.mailmap
.travis.yml
BRANCHES
CHANGELOG [RELEASE] Released version 2.7-dev3 2022-08-07 17:28:59 +02:00
CONTRIBUTING
INSTALL BUILD: Makefile: Add Lua 5.4 autodetect 2022-07-04 17:28:48 +02:00
LICENSE
MAINTAINERS DOC: add maintainers for QUIC and HTTP/3 2022-05-30 17:34:51 +02:00
Makefile DEV: haring: add a simple utility to read file-backed rings 2022-08-12 11:48:32 +02:00
README
SUBVERS
VERDATE [RELEASE] Released version 2.7-dev3 2022-08-07 17:28:59 +02:00
VERSION [RELEASE] Released version 2.7-dev3 2022-08-07 17:28:59 +02:00

README 

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)