From 5ddfbd4b030f70aec3a0dae1ea4aba385775c6a1 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Mon, 23 Feb 2026 12:01:39 +0100 Subject: [PATCH] MINOR: server: mark backend removal as forbidden if QUIC was used Currenly, quic_conn on the backend side may access their parent proxy instance during their lifetime. In particular, this is the case for counters update, with field directly referencing a proxy memory zone. As such, this prevents safe backend removal. One solution would be to check if the upper connection instance is still alive, as a proxy cannot be removed if connection are still active. However, this would completely prevent proxy counters update via quic_conn_prx_cntrs_update(), as this is performed on quic_conn release. Another solution would be to use refcount, or a dedicated counter on the which account for QUIC connections on a backend instance. However, refcount is currently only used by short-term references, and it could also have a negative impact on performance. Thus, the simplest solution for now is to disable a backend removal if a QUIC server is/was used in it. This is considered acceptable for now as QUIC on the backend side is experimental. --- doc/management.txt | 3 ++- src/server.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/management.txt b/doc/management.txt index 7a7c84869..82f89305b 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -2136,7 +2136,8 @@ del backend for example via a use_backend rule or in sample expressions. Some proxies options are also incompatible with runtime deletion. Currently, this is the case when deprecated dispatch or option transparent are used. Also, a backend - cannot be removed if there is a stick-table declared in it. + cannot be removed if there is a stick-table declared in it. Finally, it is + impossible for now to remove a backend if QUIC servers were present in it. This command is restricted and can only be issued on sockets configured for level "admin". Moreover, this feature is still considered in development so it diff --git a/src/server.c b/src/server.c index 211a6cf52..b7ea4a515 100644 --- a/src/server.c +++ b/src/server.c @@ -3741,6 +3741,10 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg, #ifdef USE_QUIC #ifdef HAVE_OPENSSL_QUIC_CLIENT_SUPPORT if (srv_is_quic(newsrv)) { + /* TODO QUIC is currently incompatible with dynamic + * backends deletion. Please fix this before removing + * QUIC BE experimental status. + */ if (!experimental_directives_allowed) { ha_alert("QUIC is experimental for server '%s'," " must be allowed via a global 'expose-experimental-directives'\n", @@ -3991,6 +3995,16 @@ static int _srv_parse_finalize(char **args, int cur_arg, } srv->ssl_ctx.alpn_len = strlen(srv->ssl_ctx.alpn_str); } + + /* Deletion of backend when QUIC servers were used is currently + * not implemented. This is because quic_conn instances + * directly references its parent proxy via + * member. + * + * TODO lift this restriction by ensuring safe access on proxy + * counters or via refcount. + */ + srv->proxy->flags |= PR_FL_NON_PURGEABLE; #else ha_alert("QUIC protocol selected but support not compiled in (check build options).\n"); return ERR_ALERT | ERR_FATAL;