From 3cf4e7afb9296742bcb709d023ff9db556577d97 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 8 Dec 2025 15:07:03 +0100 Subject: [PATCH] BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode It is a very old bug (2012), dating from the introduction of the keep-alive support to HAProxy. When a request is fully received, the SC on backend side is switched to NOHALF mode. It means that when the read0 is received from the server, the server connection is immediately closed. It is expected to do so at the end of a classical request. However, it must not be performed if the session is switched to the TUNNEL mode (after an HTTP/1 upgrade or a CONNECT). The client may still have data to send to the server. And closing brutally the server connection this way will be handled as an error on client side. This bug is especially visible when a H2 connection on client side because a RST_STREAM is emitted and a "SD--" is reported in logs. Thanks to @chrisstaite This patch should fix the issue #3205. It must be backported to all stable versions. --- src/http_ana.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/http_ana.c b/src/http_ana.c index 11a0d4ad8..6296c0ad3 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -4492,6 +4492,7 @@ static void http_end_request(struct stream *s) */ channel_auto_read(&s->req); txn->req.msg_state = HTTP_MSG_TUNNEL; + s->scb->flags &= ~SC_FL_NOHALF; if (txn->rsp.msg_state != HTTP_MSG_TUNNEL) s->res.flags |= CF_WAKE_ONCE; }