From: Christopher Faulet Date: Tue, 4 Jan 2022 09:56:03 +0000 (+0100) Subject: BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry X-Git-Tag: v2.6-dev1~185 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bf46bb9a972c1e9de50b31ce20811f2f59a6849;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry When a filter is attached on a stream, the FLT_END analyser must not be removed from the response channel on L7 retry. It is especially important because CF_FLT_ANALYZE flag is still set. This means the synchronization between the two sides when the filter ends can be blocked. Depending on the timing, this can freeze the stream infinitely or lead to a spinning loop. Note that the synchronization between the two sides at the end of the analysis was introduced because the stream was reused in HTTP between two transactions. But, since the HTX was introduced, a new stream is created for each transaction. So it is probably possible to remove this step for 2.2 and higher. This patch must be backported as far as 2.0. --- diff --git a/src/http_ana.c b/src/http_ana.c index 9c3e68a1be..715dd3a5c5 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -1247,7 +1247,7 @@ static __inline int do_l7_retry(struct stream *s, struct stream_interface *si) /* Remove any write error from the request, and read error from the response */ req->flags &= ~(CF_WRITE_ERROR | CF_WRITE_TIMEOUT | CF_SHUTW | CF_SHUTW_NOW); res->flags &= ~(CF_READ_ERROR | CF_READ_TIMEOUT | CF_SHUTR | CF_EOI | CF_READ_NULL | CF_SHUTR_NOW); - res->analysers = 0; + res->analysers &= AN_RES_FLT_END; si->flags &= ~(SI_FL_ERR | SI_FL_EXP | SI_FL_RXBLK_SHUT); si->err_type = SI_ET_NONE; s->flags &= ~(SF_ERR_MASK | SF_FINST_MASK);