---------- Forwarded message --------- From: Bohdan Biehov <[email protected]> Date: Wed, 10 Oct 2018 at 18:38 Subject: Question about RST from client not propagated to the server To: <[email protected]>
Hello mister Willy, Sorry for disturbing you with yet another question but I realized that I am stuck and can't find proper information to resolve my issue. I am a guy who is configuring haproxy in our small team and currently I am debugging a case where I see ( in network dump ) that after client sent RST to haproxy that RST is not propagated to the server, instead haproxy starts to retrasmitting TLS1.2 Encrypted Alert and server keep re-sending DUP ACK, there always 9 cycles and it takes 52 seconds : I will show it from TLS perspective, network capture on haproxy VM. client -> haproxy "Client Hello" haproxy -> server "Client Hello" sever -> haproxy "server hello, certificate" haproxy -> client "server hello, certificate" client -> haproxy "key exchange" haproxy -> server "key exchange" after some time of exchanging data client -> TLS.1.2 Encrypted Alert client -> haproxy [RST] haproxy -> server [FIN, ACK ] server -> haproxy [ACK] After this line I don't understand the nature of following retransmissions : haproxy -> retransmit [FIN, ACK] server -> haproxy [DUP ACK] repeats 9 times for 52 seconds and finally stops. I wonder if you can help me to understand why those retransmissions take place, and where should I dig, should I look for sysctl netowrk configuration or am I missing any important parameter in haproxy config. Last time I was looking for this very important option: on-marked-down shutdown-sessions Maybe there similar option but that works in different direction: so if client disconnects from haproxy then kill haproxy->server session Thanks in advance -- from: [email protected] Best Regards, Bohdan Biehov -- from: [email protected] Best Regards, Bohdan Biehov
