mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-03-21 18:37:49 +00:00
3c0cc49d30
Despite the previous commit working fine on all tests, it's still not
sufficient to completely address the problem. If the connection handler
is called with an event validating an L4 connection but some handshakes
remain (eg: accept-proxy), it will still wake the function up, which
will not report the activity, and will not detect a change once the
handshake it complete so it will not notify the ->wake() handler.
In fact the only reason why the ->wake() handler is still called here
is because after dropping the last handshake, we try to call ->recv()
and ->send() in turn and change the flags in order to detect a data
activity. But if for any reason the data layer is not interested in
reading nor writing, it will not get these events.
A cleaner way to address this is to call the ->wake() handler only
on definitive status changes (shut, error), on real data activity,
and on a complete connection setup, measured as CONNECTED with no
more handshake pending.
It could be argued that the handshake flags have to be made part of
the condition to set CO_FL_CONNECTED but that would currently break
a part of the health checks. Also a handshake could appear at any
moment even after a connection is established so we'd lose the
ability to detect a second end of handshake.
For now the situation around CO_FL_CONNECTED is not clean :
- session_accept() only sets CO_FL_CONNECTED if there's no pending
handshake ;
- conn_fd_handler() will set it once L4 and L6 are complete, which
will do what session_accept() above refrained from doing even if
an accept_proxy handshake is still pending ;
- ssl_sock_infocbk() and ssl_sock_handshake() consider that a
handshake performed with CO_FL_CONNECTED set is a renegociation ;
=> they should instead filter on CO_FL_WAIT_L6_CONN
- all ssl_fc_* sample fetch functions wait for CO_FL_CONNECTED before
accepting to fetch information
=> they should also get rid of any pending handshake
- smp_fetch_fc_rcvd_proxy() uses !CO_FL_CONNECTED instead of
CO_FL_ACCEPT_PROXY
- health checks (standard and tcp-checks) don't check for HANDSHAKE
and may report a successful check based on CO_FL_CONNECTED while
not yet done (eg: send buffer full on send_proxy).
This patch aims at solving some of these side effects in a backportable
way before this is reworked in depth :
- we need to call ->wake() to report connection success, measure
connection time, notify that the data layer is ready and update
the data layer after activity ; this has to be done either if
we switch from pending {L4,L6}_CONN to nothing with no handshakes
left, or if we notice some handshakes were pending and are now
done.
- we document that CO_FL_CONNECTED exactly means "L4 connection
setup confirmed at least once, L6 connection setup confirmed
at least once or not necessary, all this regardless of any
possibly remaining handshakes or future L6 negociations".
This patch also renames CO_FL_CONN_STATUS to the more explicit
CO_FL_NOTIFY_DATA, and works around the previous flags trick consiting
in setting an impossible combination of flags to notify the data layer,
by simply clearing the current flags.
This fix should be backported to 1.7, 1.6 and 1.5.
|
||
|---|---|---|
| .. | ||
| 51d.c | ||
| acl.c | ||
| applet.c | ||
| arg.c | ||
| auth.c | ||
| backend.c | ||
| base64.c | ||
| buffer.c | ||
| cfgparse.c | ||
| channel.c | ||
| checks.c | ||
| chunk.c | ||
| cli.c | ||
| compression.c | ||
| connection.c | ||
| da.c | ||
| dns.c | ||
| ev_epoll.c | ||
| ev_kqueue.c | ||
| ev_poll.c | ||
| ev_select.c | ||
| fd.c | ||
| filters.c | ||
| flt_http_comp.c | ||
| flt_spoe.c | ||
| flt_trace.c | ||
| freq_ctr.c | ||
| frontend.c | ||
| haproxy-systemd-wrapper.c | ||
| haproxy.c | ||
| hash.c | ||
| hdr_idx.c | ||
| hlua_fcn.c | ||
| hlua.c | ||
| i386-linux-vsys.c | ||
| lb_chash.c | ||
| lb_fas.c | ||
| lb_fwlc.c | ||
| lb_fwrr.c | ||
| lb_map.c | ||
| listener.c | ||
| log.c | ||
| lru.c | ||
| mailers.c | ||
| map.c | ||
| memory.c | ||
| namespace.c | ||
| pattern.c | ||
| payload.c | ||
| peers.c | ||
| pipe.c | ||
| proto_http.c | ||
| proto_tcp.c | ||
| proto_udp.c | ||
| proto_uxst.c | ||
| protocol.c | ||
| proxy.c | ||
| queue.c | ||
| raw_sock.c | ||
| rbtree.c | ||
| regex.c | ||
| sample.c | ||
| server.c | ||
| session.c | ||
| shctx.c | ||
| signal.c | ||
| ssl_sock.c | ||
| standard.c | ||
| stats.c | ||
| stick_table.c | ||
| stream_interface.c | ||
| stream.c | ||
| task.c | ||
| tcp_rules.c | ||
| time.c | ||
| trace.c | ||
| uri_auth.c | ||
| vars.c | ||
| wurfl.c | ||
| xxhash.c | ||