MINOR: server: mark backend removal as forbidden if QUIC was used

Currenly, quic_conn on the backend side may access their parent proxy
instance during their lifetime. In particular, this is the case for
counters update, with <prx_counters> field directly referencing a proxy
memory zone.

As such, this prevents safe backend removal. One solution would be to
check if the upper connection instance is still alive, as a proxy cannot
be removed if connection are still active. However, this would
completely prevent proxy counters update via
quic_conn_prx_cntrs_update(), as this is performed on quic_conn release.

Another solution would be to use refcount, or a dedicated counter on the
which account for QUIC connections on a backend instance. However,
refcount is currently only used by short-term references, and it could
also have a negative impact on performance.

Thus, the simplest solution for now is to disable a backend removal if a
QUIC server is/was used in it. This is considered acceptable for now as
QUIC on the backend side is experimental.

diff --git a/doc/management.txt b/doc/management.txt
index 7a7c84869057b2fdbd67cfe592c1202cc60730a6..82f89305b20ce1786a04a62d7581b58a01df2a0a 100644 (file)
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -2136,7 +2136,8 @@ del backend <name>
   for example via a use_backend rule or in sample expressions. Some proxies
   options are also incompatible with runtime deletion. Currently, this is the
   case when deprecated dispatch or option transparent are used. Also, a backend
-  cannot be removed if there is a stick-table declared in it.
+  cannot be removed if there is a stick-table declared in it. Finally, it is
+  impossible for now to remove a backend if QUIC servers were present in it.
 
   This command is restricted and can only be issued on sockets configured for
   level "admin". Moreover, this feature is still considered in development so it

diff --git a/src/server.c b/src/server.c
index 211a6cf522c09795fabb86b7a238aec8a1134409..b7ea4a51550ad45308c14d29c35bf2f1c79bef88 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -3741,6 +3741,10 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
 #ifdef USE_QUIC
 #ifdef HAVE_OPENSSL_QUIC_CLIENT_SUPPORT
                if (srv_is_quic(newsrv)) {
+                       /* TODO QUIC is currently incompatible with dynamic
+                        * backends deletion. Please fix this before removing
+                        * QUIC BE experimental status.
+                        */
                        if (!experimental_directives_allowed) {
                                ha_alert("QUIC is experimental for server '%s',"
                                         " must be allowed via a global 'expose-experimental-directives'\n",
@@ -3991,6 +3995,16 @@ static int _srv_parse_finalize(char **args, int cur_arg,
                        }
                        srv->ssl_ctx.alpn_len = strlen(srv->ssl_ctx.alpn_str);
                }
+
+               /* Deletion of backend when QUIC servers were used is currently
+                * not implemented. This is because quic_conn instances
+                * directly references its parent proxy via <prx_counters>
+                * member.
+                *
+                * TODO lift this restriction by ensuring safe access on proxy
+                * counters or via refcount.
+                */
+               srv->proxy->flags |= PR_FL_NON_PURGEABLE;
 #else
                ha_alert("QUIC protocol selected but support not compiled in (check build options).\n");
                return ERR_ALERT | ERR_FATAL;