mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-25 06:02:08 +00:00
haproxy public development tree
9d9d645409
If an client error is reported on the request channel (CF_READ_ERROR) while a session is tarpitted, no error is returned to the client. Concretly, http_reply_and_close() function is not called. This function is reponsible to forward the error to the client. But not only. It is also responsible to abort the request. Because this function is not called when a read error is reported on the request channel, and because the tarpit analyzer is the last one, there is nothing preventing a connection attempt on a server while it is totally unexpected. So, a useless connexion on a backend server may be performed because of this bug. If an HTTP load-balancing algorithm is used on the backend side, it leads to a crash of HAProxy because the request was already erased. If you have tarpit rules and if you use an HTTP load-balancing algorithm on your backends, you must apply this patch. Otherwise a simple TCP reset on a tarpitted connexion will most likely crash your HAProxy. A safe workaround is to use a silent-drop rule or a deny rule instead of a tarpit. This bug also affect the legacy code. It is in fact an very old hidden bug. But the refactoring of process_stream() in the 1.9 makes it visible. And, unfortunately, with the HTX, it is easier to hit it because many processing has been moved in lower layers, in the muxes. It must be backported as far as 1.9. For the 2.0 and the 1.9, the legacy HTTP code must also be patched the same way. For older versions, it may be backported but the bug seems to not impact them. Thanks to Olivier D <webmaster@ajeux.com> to have reported the bug and provided all the infos to analyze it. |
||
---|---|---|
.github | ||
contrib | ||
doc | ||
ebtree | ||
examples | ||
include | ||
reg-tests | ||
scripts | ||
src | ||
tests | ||
.cirrus.yml | ||
.gitignore | ||
.travis.yml | ||
BRANCHES | ||
CHANGELOG | ||
CONTRIBUTING | ||
INSTALL | ||
LICENSE | ||
MAINTAINERS | ||
Makefile | ||
README | ||
ROADMAP | ||
SUBVERS | ||
VERDATE | ||
VERSION |
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)