RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-25 12:28:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
haproxy public development tree
16,437 Commits 23 Branches 381 Tags 110 MiB
C 98%
Shell 0.9%
Makefile 0.5%
Lua 0.2%
Python 0.2%
e08acaed19
Go to file
Willy Tarreau e08acaed19 BUG/MEDIUM: mworker: close unused transferred FDs on load failure 
When the master process is reloaded on a new config, it will try to
connect to the previous process' socket to retrieve all known
listening FDs to be reused by the new listeners. If listeners were
removed, their unused FDs are simply closed.

However there's a catch. In case a socket fails to bind, the master
will cancel its startup and swithc to wait mode for a new operation
to happen. In this case it didn't close the possibly remaining FDs
that were left unused.

It is very hard to hit this case, but it can happen during a
troubleshooting session with fat fingers. For example, let's say
a config runs like this:

   frontend ftp
        bind 1.2.3.4:20000-29999

The admin wants to extend the port range down to 10000-29999 and
by mistake ends up with:

   frontend ftp
        bind 1.2.3.41:20000-29999

Upon restart the bind will fail if the address is not present, and the
master will then switch to wait mode without releasing the previous FDs
for 1.2.3.4:20000-29999 since they're now apparently unused. Then once
the admin fixes the config and does:

   frontend ftp
        bind 1.2.3.4:10000-29999

The service will start, but will bind new sockets, half of them
overlapping with the previous ones that were not properly closed. This
may result in a startup error (if SO_REUSEPORT is not enabled or not
available), in a FD number exhaustion (if the error is repeated many
times), or in connections being randomly accepted by the process if
they sometimes land on the old FD that nobody listens on.

This patch will need to be backported as far as 1.8, and depends on
previous patch:

   MINOR: sock: move the unused socket cleaning code into its own function

Note that before 2.3 most of the code was located inside haproxy.c, so
the patch above should probably relocate the function there instead of
sock.c.
2022-01-28 19:04:02 +01:00
.github CI: github actions: use cache for SSL libs 2022-01-25 12:02:08 +01:00
addons MEDIUM: da: update module to handle schedule mode. 2022-01-28 07:29:01 +01:00
admin OPTIM: halog: skip fields 64 bits at a time when supported 2021-11-08 12:08:26 +01:00
dev DEV: flags: Add missing flags 2022-01-28 17:56:18 +01:00
doc MEDIUM: da: update doc and build for new scheduler mode service. 2022-01-28 07:28:53 +01:00
examples MEDIUM: proxy: remove long-broken 'option http_proxy' 2021-07-18 19:35:32 +02:00
include MINOR: sock: move the unused socket cleaning code into its own function 2022-01-28 19:04:02 +01:00
reg-tests REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 2022-01-11 20:02:37 +01:00
scripts CI: refactor OpenTracing build script 2022-01-19 07:37:40 +01:00
src BUG/MEDIUM: mworker: close unused transferred FDs on load failure 2022-01-28 19:04:02 +01:00
tests CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
.cirrus.yml CI: introduce scripts/build-vtest.sh for installing VTest 2021-05-18 10:48:30 +02:00
.gitattributes MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes 2021-02-22 18:17:57 +01:00
.gitignore DOC: lua-api: Add documentation about lua filters 2021-08-15 20:56:44 +02:00
.mailmap DOC: update Tim's address in .mailmap 2021-09-16 09:14:14 +02:00
.travis.yml CI: travis-ci: temporarily disable arm64 builds 2021-08-07 07:28:15 +02:00
BRANCHES DOC: fix some spelling issues over multiple files 2021-01-08 14:53:47 +01:00
CHANGELOG [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00
CONTRIBUTING CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
INSTALL MINOR: version: it's development again 2021-11-23 15:48:35 +01:00
LICENSE LICENSE: add licence exception for OpenSSL 2012-09-07 13:52:26 +02:00
MAINTAINERS CONTRIB: move spoa_example out of the tree 2021-04-21 09:39:06 +02:00
Makefile MEDIUM: da: update doc and build for new scheduler mode service. 2022-01-28 07:28:53 +01:00
README DOC: create a BRANCHES file to explain the life cycle 2019-06-15 22:00:14 +02:00
ROADMAP DOC: update the outdated ROADMAP file 2019-06-15 21:59:54 +02:00
SUBVERS BUILD: use format tags in VERDATE and SUBVERS files 2013-12-10 11:22:49 +01:00
VERDATE [RELEASE] Released version 2.5.0 2021-11-23 15:40:21 +01:00
VERSION [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00

README 

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)