Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 599b73add8098c1424c62e87633e579c3213d3fe^! / . / src / http_ana.c
commit599b73add8098c1424c62e87633e579c3213d3fe[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Wed May 26 12:15:37 2021 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Mon May 31 15:26:18 2021 +0200
tree43693162857a95b8c6c3ab64fe26bf93c53f3463
parenta3e78a80d600188d036bc082eef83bc0899d6035 [diff] [blame]
BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts

When a network error occurred on the server side, if it is not the first
request (in case of keep-alive), nothing is returned to the client and its
connexion is closed to be sure it may retry. However L7 retries on refused
early data (0rtt-rejected) must be performed first.

In addition, such L7 retries must also be performed before incrementing the
failed responses counter.

This patch must be backported as far as 2.0.

(cherry picked from commit d976923ab27e8aeb6cc6518232b5d2835401b1c8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit b187534982d285f569ec9731f4bce0287232fd25)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/http_ana.c b/src/http_ana.c
index 4b756ae..c1b2aaa 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c

@@ -1527,6 +1527,16 @@
 					return 0;
 			}
 
+			/* Perform a L7 retry because server refuses the early data. */
+			if ((si_b->flags & SI_FL_L7_RETRY) &&
+			    (s->be->retry_type & PR_RE_EARLY_ERROR) &&
+			    conn && conn->err_code == CO_ER_SSL_EARLY_FAILED &&
+			    do_l7_retry(s, si_b) == 0) {
+				DBG_TRACE_DEVEL("leaving on L7 retry",
+						STRM_EV_STRM_ANA|STRM_EV_HTTP_ANA, s, txn);
+				return 0;
+			}
+
 			if (txn->flags & TX_NOT_FIRST)
 				goto abort_keep_alive;
 
@@ -1536,23 +1546,13 @@
 				health_adjust(__objt_server(s->target), HANA_STATUS_HTTP_READ_ERROR);
 			}
 
-			rep->analysers &= AN_RES_FLT_END;
-			txn->status = 502;
-
-			/* Check to see if the server refused the early data.
-			 * If so, just send a 425
-			 */
-			if (conn && conn->err_code == CO_ER_SSL_EARLY_FAILED) {
-				if ((s->be->retry_type & PR_RE_EARLY_ERROR) &&
-				    (si_b->flags & SI_FL_L7_RETRY) &&
-				    do_l7_retry(s, si_b) == 0) {
-					DBG_TRACE_DEVEL("leaving on L7 retry",
-							STRM_EV_STRM_ANA|STRM_EV_HTTP_ANA, s, txn);
-					return 0;
-				}
+			/* if the server refused the early data, just send a 425 */
+			if (conn && conn->err_code == CO_ER_SSL_EARLY_FAILED)
 				txn->status = 425;
-			}
+			else
+				txn->status = 502;
 
+			rep->analysers &= AN_RES_FLT_END;
 			s->si[1].flags |= SI_FL_NOLINGER;
 			http_reply_and_close(s, txn->status, http_error_message(s));