On 18/09/2016 04:17, Bertrand Jacquin wrote: > Hi Christopher and Willy, > > Today I noticed data corruption when haproxy is used for compression > offloading. I bisected twice, and it lead to this specific commit but > I'm not 100% confident this commit is the actual root cause. > > HTTP body coming from the nginx backend is consistent, but HTTP headers > are different depending on the setup I'm enabling. Data corruption only > happens with transfer encoding chunked. HTTP body coming then from > haproxy to curl can be randomly corrupted, I attached a diff > (v1.7-dev1-50-gd7c9196ae56e.Transfer-Encoding-chunked.diff) revealing an > unrelated blob like TLS structure in the middle of the javascript. For > example, you will find my x509 client certificate in there > > I'm also attaching HTTP headers from haproxy to nginx may that help. > > Note that I tested with zlib 1.2.8 and libslz 1.0.0, result remains the > same in both case. > > Here is the setup I am using: > > HA-Proxy version 1.7-dev4-41d5e3a 2016/08/14 > Copyright 2000-2016 Willy Tarreau <wi...@haproxy.org> > > Build options : > TARGET = linux2628 > CPU = generic > CC = armv7a-hardfloat-linux-gnueabi-gcc > CFLAGS = -march=native -O2 -pipe -fomit-frame-pointer > -fno-strict-aliasing > OPTIONS = USE_LIBCRYPT=1 USE_GETADDRINFO=1 USE_SLZ=1 USE_OPENSSL=1 > USE_PCRE=1 USE_PCRE_JIT=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with libslz for stateless compression. > Compression algorithms supported : identity("identity"), > deflate("deflate"), raw-deflate("deflate"), gzip("gzip") > Built with OpenSSL version : OpenSSL 1.0.2h 3 May 2016 > Running on OpenSSL version : OpenSSL 1.0.2h 3 May 2016 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.38 2015-11-23 > PCRE library supports JIT : yes > Built without Lua support > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available filters : > [COMP] compression > [TRACE] trace >
Hi Bertrand, I will investigate. -- Christopher