MINOR: server: mark backend removal as forbidden if QUIC was used

Currenly, quic_conn on the backend side may access their parent proxy instance during their lifetime. In particular, this is the case for counters update, with <prx_counters> field directly referencing a proxy memory zone. As such, this prevents safe backend removal. One solution would be to check if the upper connection instance is still alive, as a proxy cannot be removed if connection are still active. However, this would completely prevent proxy counters update via quic_conn_prx_cntrs_update(), as this is performed on quic_conn release. Another solution would be to use refcount, or a dedicated counter on the which account for QUIC connections on a backend instance. However, refcount is currently only used by short-term references, and it could also have a negative impact on performance. Thus, the simplest solution for now is to disable a backend removal if a QUIC server is/was used in it. This is considered acceptable for now as QUIC on the backend side is experimental.
2026-03-13 14:12:46 -04:00 · 2026-02-23 12:01:39 +01:00 · 2026-02-23 12:01:39 +01:00 · 5ddfbd4b03
commit 5ddfbd4b03
parent 053887cc98
2 changed files with 16 additions and 1 deletions
--- a/doc/management.txt
+++ b/doc/management.txt
@ -2136,7 +2136,8 @@ del backend <name>
  for example via a use_backend rule or in sample expressions. Some proxies
  options are also incompatible with runtime deletion. Currently, this is the
  case when deprecated dispatch or option transparent are used. Also, a backend
-  cannot be removed if there is a stick-table declared in it.
+  cannot be removed if there is a stick-table declared in it. Finally, it is
+  impossible for now to remove a backend if QUIC servers were present in it.

  This command is restricted and can only be issued on sockets configured for
  level "admin". Moreover, this feature is still considered in development so it
--- a/src/server.c
+++ b/src/server.c
@ -3741,6 +3741,10 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
 #ifdef USE_QUIC
 #ifdef HAVE_OPENSSL_QUIC_CLIENT_SUPPORT
 		if (srv_is_quic(newsrv)) {
+			/* TODO QUIC is currently incompatible with dynamic
+			 * backends deletion. Please fix this before removing
+			 * QUIC BE experimental status.
+			 */
 			if (!experimental_directives_allowed) {
 				ha_alert("QUIC is experimental for server '%s',"
 				         " must be allowed via a global 'expose-experimental-directives'\n",
@ -3991,6 +3995,16 @@ static int _srv_parse_finalize(char **args, int cur_arg,
 			}
 			srv->ssl_ctx.alpn_len = strlen(srv->ssl_ctx.alpn_str);
 		}
+
+		/* Deletion of backend when QUIC servers were used is currently
+		 * not implemented. This is because quic_conn instances
+		 * directly references its parent proxy via <prx_counters>
+		 * member.
+		 *
+		 * TODO lift this restriction by ensuring safe access on proxy
+		 * counters or via refcount.
+		 */
+		srv->proxy->flags |= PR_FL_NON_PURGEABLE;
 #else
 		ha_alert("QUIC protocol selected but support not compiled in (check build options).\n");
 		return ERR_ALERT | ERR_FATAL;