BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
In HTTP keep-alive, if we face a connection error to the server while
sending the request, the error should not be reported, and the client-side
connection should simply be closed, so that client knows it can retry.
If the error happens during the connection stage, there is two cases. We
have a connection timeout or an allocation error. In this case, the 503
response must be skipped if it is not the first request on the client-side
connection. Or we have a connection error. In this case, the 503 response
must be skipped if it is a reused server connection. Otherwise, during the
connection stage, the 503-Service-unavailable response is delivered to the
client. The part works properly.
If the error happens after this stage, the 502-Bad-gateway response
delivering should only be based on the server-side connection status. For a
reused server connection, the client-side connection must be closed with no
reponses. However, for a fresh server-side connection, a 502-Bad-gateway
response must be delivered to the client. Unfortunately, This part is
buggy. Only the client-side connection state is considered and the response
is skipped if it is not the first request for the same client connection.
The bug is not so visbile in HTTP/1.1 but in H2 and H3 it is pretty annoying
because for a connection, requests are multiplexed, in parallels. It means
there is no first request. So, because of this bug, for H2 and H3,
502-Bad-gateway responses because of a connection error before receiveing
the response are always skipped.
To fix the issue, in http_wait_for_response() analyser, we must only rely on
SF_SRV_REUSED stream flag to skip the 502 response or not. This flag is set
if the server connection was reused.
The bug is their since a while. SF_SRV_REUSED flag was added in the version
1.5 especially to fix this kind of bug. But only the 503 case was fixed.
This patch should fix the issue #2285. It must be backported to every stable
versions.
(cherry picked from commit 3fc38593d513e14674d15f72d5831c39da90e8ef)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 53d984d7d46981e36a22d9ea336a3d00a2382878)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit ca02388699e1d7134805b999a3dd341e11c6499a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 966aab4ed06adc25e223fbdbc692aecfe470622d)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
diff --git a/src/http_ana.c b/src/http_ana.c
index b557da8..9f3dab8 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -1407,7 +1407,7 @@
return 0;
}
- if (txn->flags & TX_NOT_FIRST)
+ if (s->flags & SF_SRV_REUSED)
goto abort_keep_alive;
_HA_ATOMIC_INC(&s->be->be_counters.failed_resp);
@@ -1500,7 +1500,7 @@
}
}
- if (txn->flags & TX_NOT_FIRST)
+ if (s->flags & SF_SRV_REUSED)
goto abort_keep_alive;
_HA_ATOMIC_INC(&s->be->be_counters.failed_resp);
@@ -1525,7 +1525,7 @@
/* 5: write error to client (we don't send any message then) */
else if (rep->flags & CF_WRITE_ERROR) {
- if (txn->flags & TX_NOT_FIRST)
+ if (s->flags & SF_SRV_REUSED)
goto abort_keep_alive;
_HA_ATOMIC_INC(&s->be->be_counters.failed_resp);