mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-03-31 23:58:16 +00:00
haproxy public development tree
When the master process is reloaded on a new config, it will try to connect to the previous process' socket to retrieve all known listening FDs to be reused by the new listeners. If listeners were removed, their unused FDs are simply closed. However there's a catch. In case a socket fails to bind, the master will cancel its startup and swithc to wait mode for a new operation to happen. In this case it didn't close the possibly remaining FDs that were left unused. It is very hard to hit this case, but it can happen during a troubleshooting session with fat fingers. For example, let's say a config runs like this: frontend ftp bind 1.2.3.4:20000-29999 The admin wants to extend the port range down to 10000-29999 and by mistake ends up with: frontend ftp bind 1.2.3.41:20000-29999 Upon restart the bind will fail if the address is not present, and the master will then switch to wait mode without releasing the previous FDs for 1.2.3.4:20000-29999 since they're now apparently unused. Then once the admin fixes the config and does: frontend ftp bind 1.2.3.4:10000-29999 The service will start, but will bind new sockets, half of them overlapping with the previous ones that were not properly closed. This may result in a startup error (if SO_REUSEPORT is not enabled or not available), in a FD number exhaustion (if the error is repeated many times), or in connections being randomly accepted by the process if they sometimes land on the old FD that nobody listens on. This patch will need to be backported as far as 1.8, and depends on previous patch: MINOR: sock: move the unused socket cleaning code into its own function Note that before 2.3 most of the code was located inside haproxy.c, so the patch above should probably relocate the function there instead of sock.c. |
||
---|---|---|
.github | ||
addons | ||
admin | ||
dev | ||
doc | ||
examples | ||
include | ||
reg-tests | ||
scripts | ||
src | ||
tests | ||
.cirrus.yml | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.travis.yml | ||
BRANCHES | ||
CHANGELOG | ||
CONTRIBUTING | ||
INSTALL | ||
LICENSE | ||
MAINTAINERS | ||
Makefile | ||
README | ||
ROADMAP | ||
SUBVERS | ||
VERDATE | ||
VERSION |
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)