A question about delaying response to http request.

Wed, 19 Mar 2025 07:21:42 -0700 

Hi.
I need to debug a network issue, for that have I used HAProxy with lua, what else :-). 


The Scenario:


The Jakarta HTTPClient send a REST request to a REST Server and until the server 
isn't finished with there task is no traffic passed on the network, after ~4/5 
minutes the Client shows the SocketException below and set a error state.


```
An error occurred - while sending the request
java.net.SocketException: Connection reset
```

My assumption is that some network components on the way closes some sockets.


With the great HAProxy was it now easily possible to reproduce the "waiting" 
request without do debug the REST Server.


Now after the setup is running I get this Alert from HAProxy/Lua

```
Connect from 10.129.10.13:42258 to 10.129.42.86:4711 (http-in/HTTP)
>>> TCP ACTION
416
Lua function 'my_tcp-sleep': yield not allowed.
[ALERT]    (8) : Lua function 'my_tcp-sleep': yield not allowed.
```

What's wrong and how can I fix this?
Do I need the lua sleep or is the line

tcp-request inspect-delay 6m

enough for the simulation?

The HAProxy config.

```
# cat haproxy-minimal.txt
# /usr/local/etc/haproxy/haproxy.cfg

global

  log stdout format raw daemon

  # lua settings
  tune.lua.session-timeout 6m
  tune.lua.bool-sample-conversion normal
  lua-load /mnt/my_tcp_sleep.lua

defaults
  mode http
  log global
  timeout connect 5s
  timeout client 5h
  timeout server 5h

listen http-in
  bind *:4711
  tcp-request inspect-delay 6m
  tcp-request content lua.my_tcp-sleep
  http-request return status 200

```



The lua sleep function is mainly copied from 
https://discourse.haproxy.org/t/lua-tcp-request-content-action-timeout-on-core-sleep/5179


```
# cat my_tcp_sleep.lua
local function my_tcp_action(txn)
    txn.Info(txn, ">>> TCP ACTION")
    local request_buffer_content_len = txn.req:get_in_len()
    core.Debug(request_buffer_content_len)

    -- dup not allowed
    -- local request_buffer_content = txn.req:dup()
    -- core.Debug(tostring(request_buffer_content))

    -- 6 Min
    core.sleep(3600)
    txn.Info(txn, ">>> done sleeping")
end

core.register_action('my_tcp-sleep', {'tcp-req'}, my_tcp_action, 0)

```



I use the Container Image "haproxy:3.1-bookworm"

```

$ haproxy -vv

HAProxy version 3.1.5-076df02 2025/02/20 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-3.1.5.html

Running on: Linux 5.14.0-427.44.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 
14:40:56 EDT 2024 x86_64

Build options :
  TARGET  = linux-glibc
  CC      = cc
  CFLAGS  = -O2 -g -fwrapv

  OPTIONS = USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 USE_PROMEX=1 USE_PCRE2=1 
USE_PCRE2_JIT=1

  DEBUG   =


Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H 
-DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC 
+LIBCRYPT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING 
+NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_AWSLC -OPENSSL_WOLFSSL -OT 
-PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX 
-PTHREAD_EMULATION -QUIC -QUIC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL 
-STATIC_PCRE -STATIC_PCRE2 +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB


Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, 
default=32).
Built with OpenSSL version : OpenSSL 3.0.15 3 Sep 2024
Running on OpenSSL version : OpenSSL 3.0.15 3 Sep 2024
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
OpenSSL providers loaded : default
Built with Lua version : Lua 5.4.4
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.

Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND

Built with PCRE2 version : 10.42 2022-12-11
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with gcc compiler version 12.2.0

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=SPOP  side=BE     mux=SPOP  flags=HOL_RISK|NO_UPG
       spop : mode=SPOP  side=BE     mux=SPOP  flags=HOL_RISK|NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG


Available services : prometheus-exporter
Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace
```

Regards
Alex
















    











					Reply via email to