[prev in list] [next in list] [prev in thread] [next in thread] 

List:       haproxy
Subject:    Re: Haproxy request forward
From:       Willy Tarreau <w () 1wt ! eu>
Date:       2014-04-28 23:15:37
Message-ID: 20140428231536.GB21546 () 1wt ! eu
[Download RAW message or body]

Hi Pradeep,

On Mon, Apr 28, 2014 at 11:20:01PM +0200, Pradeep Kiruvale wrote:
> Hi Willy,
> 
>  Thanks a lot for the reply.It was really helpful.
> 
>   Are these sessions are a request from client?

Almost always, yes. The only exception at the moment are the peers,
which can initiate a session by pretending they received an accept
from their own applet when they want to connect to a remote peer.

>  When a new request comes in to proxy,will it create a session?

Yes but not immediately. It first creates a connection, which is
carried by a session that's not completely initialized, called a
"mini-session". The reason is that when you're fighting a DDoS and
you can drain 300k+ connections/s/core, you don't want to spend
your time memset()ing a large session struct for each of them.

So we create a "mini-session" which allocates a connection, then
we apply "tcp-request connection" rules if any, then we wait for
the possible handshakes to be complete (PROXY proto, SSL, ...)
and only then we complete the session and allocate all the things
you've seen on the diagram.

Look, this is split between listener.c, frontend.c and session.c.

Hoping this helps,
Willy


[prev in list] [next in list] [prev in thread] [next in thread]