Re: Issues with d13afbcce5e664f9cfe797eee8c527e5fa947f1b (haproxy-2.2) "mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests"

Wed, 10 Feb 2021 10:10:25 -0800 

On 2021-02-10 18:15, Christopher Faulet wrote:

Le 08/02/2021 à 14:31, Christian Ruppert a écrit :

Hi list, Christopher,

we're having issues with the mentioned commit / patch:
d13afbcce5e664f9cfe797eee8c527e5fa947f1b
https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=d13afbcce5e664f9cfe797eee8c527e5fa947f1b

I can also reproduce it with 2.2.9 as well as 2.3.5. I don't have any
useful details yet, just the our Jira fails to load.
A curl against the site seams to work fine while browser requests
(chrome / firefox) seem to timeout or at least some.
See the attached log. The first 3 requests seem to be fine so far. Then, 
much later, there's a 504 between more 200s.
I'm not sure yet why the other 200s there seem to wait / are logged
after the actual timeout happens. According to chrome's F12 there are
more requests still pending.
Ignore the 503 there. That seems to be an unrelated problem, since this 
also happends with a working HAProxy.

Much later, the site loaded, sometimes broken though.

I'll try to prepare a config snipped if required.

Is there anything know already?



Hi,

Thanks to information that Christian provided me offlist, I've finally
found and fixed the bug. The corresponding commit is :

commit a22782b597ee9a3bfecb18a66e29633c8e814216
Author: Christopher Faulet <cfau...@haproxy.com>
Date:   Mon Feb 8 17:18:01 2021 +0100
BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
During the message parsing, if in MSG_DONE state, the CS_FL_EOI flag must 
    always be set on the conn-stream if following conditions are met :

      * It is a response or
      * It is a request but not a protocol upgrade nor a CONNECT.
For now, there is no test on the message type (request or response). Thus the CS_FL_EOI flag is not set for a response with a "Connection: upgrade" 
    header but not a 101 response.
This bug was introduced by the commit 3e1748bbf ("BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests"). It was backported as far as 2.0. Thus, this patch must also be backported as far as 2.0. 

However, it is not backported yet. Thanks Christian !
Thanks for the very fast patching, Christopher! I've rolled out the new version on some more production machines and I haven't noticed or heard of any issues yet. Tomorrow I'll roll it out to the rest of our LBs. 

--
Regards,
Christian Ruppert

Reply via email to