MINOR: proxy: prevent deletion of backend referenced by config elements

a-denoyelle · a-denoyelle · commit 7f725f0754ca · 2026-03-02T14:08:30.000+01:00
Define a new proxy flag PR_FL_NON_PURGEABLE. This is used to mark every
proxy instance explicitely referenced in the config. Such instances
cannot be deleted at runtime.

Static use_backend/default_backend rules are handled in
proxy_finalize(). Also, sample expression proxy references are protected
via smp_resolve_args().

Note that this last case also incidentally protects any proxies
referenced via a CLI "set var" expression. This should not be the case
as in this case variable value is instantly resolved so the proxy
reference is not needed anymore. This also affects dynamic servers.
diff --git a/doc/management.txt b/doc/management.txt
@@ -2130,10 +2130,12 @@ del backend <name>
   This operation is only possible for TCP or HTTP proxies. To succeed, the
   backend instance must have been first unpublished.
 
-  There is also additional restrictions which prevent backend removal.
-  Currently, this is the case when deprecated dispatch or option transparent
-  are used. Also, a backend cannot be removed if there is a stick-table
-  declared in it.
+  There is additional restrictions which prevent backend removal. First, a
+  backend cannot be removed if it is explicitely referenced by config elements,
+  for example via a use_backend rule or in sample expressions. Some proxies
+  options are also incompatible with runtime deletion. Currently, this is the
+  case when deprecated dispatch or option transparent are used. Also, a backend
+  cannot be removed if there is a stick-table declared in it.
 
   This command is restricted and can only be issued on sockets configured for
   level "admin". Moreover, this feature is still considered in development so it
diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h
@@ -248,6 +248,7 @@ enum PR_SRV_STATE_FILE {
 #define PR_FL_CHECKED            0x00000040  /* The proxy configuration was fully checked (including postparsing checks) */
 #define PR_FL_BE_UNPUBLISHED     0x00000080  /* The proxy cannot be targetted by content switching rules */
 #define PR_FL_DELETED            0x00000100  /* Proxy has been deleted and must be manipulated with care */
+#define PR_FL_NON_PURGEABLE      0x00000200  /* Proxy referenced by config elements which prevent its runtime removal. */
 
 struct stream;
 
diff --git a/src/proxy.c b/src/proxy.c
@@ -1982,6 +1982,8 @@ int proxy_finalize(struct proxy *px, int *err_code)
 				 */
 				px->options |= PR_O_HTTP_UPG;
 			}
+
+			target->flags |= PR_FL_NON_PURGEABLE;
 		}
 	}
 
@@ -2058,6 +2060,8 @@ int proxy_finalize(struct proxy *px, int *err_code)
 				 */
 				px->options |= PR_O_HTTP_UPG;
 			}
+
+			target->flags |= PR_FL_NON_PURGEABLE;
 		}
 		*err_code |= warnif_tcp_http_cond(px, rule->cond);
 	}
@@ -5014,6 +5018,11 @@ int be_check_for_deletion(const char *bename, struct proxy **pb, const char **pm
 		goto out;
 	}
 
+	if (be->cap & PR_CAP_FE) {
+		msg = "Cannot delete a listen section.";
+		goto out;
+	}
+
 	if (be->options & (PR_O_DISPATCH|PR_O_TRANSP)) {
 		msg = "Deletion of backend with deprecated dispatch/transparent options is not supported.";
 		goto out;
@@ -5024,8 +5033,8 @@ int be_check_for_deletion(const char *bename, struct proxy **pb, const char **pm
 		goto out;
 	}
 
-	if (be->cap & PR_CAP_FE) {
-		msg = "Cannot delete a listen section.";
+	if (be->flags & PR_FL_NON_PURGEABLE) {
+		msg = "This proxy cannot be removed at runtime due to other configuration elements pointing to it.";
 		goto out;
 	}
 
diff --git a/src/sample.c b/src/sample.c
@@ -1512,6 +1512,7 @@ int smp_resolve_args(struct proxy *p, char **err)
 				break;
 			}
 
+			/* TODO CLI set-var should not prevent server deletion as var value is instantly resolved. */
 			srv->flags |= SRV_F_NON_PURGEABLE;
 
 			chunk_destroy(&arg->data.str);
@@ -1541,6 +1542,9 @@ int smp_resolve_args(struct proxy *p, char **err)
 				break;
 			}
 
+			/* TODO CLI set-var should not prevent proxy deletion as var value is instantly resolved. */
+			px->flags |= PR_FL_NON_PURGEABLE;
+
 			chunk_destroy(&arg->data.str);
 			arg->unresolved = 0;
 			arg->data.prx = px;
@@ -1568,6 +1572,9 @@ int smp_resolve_args(struct proxy *p, char **err)
 				break;
 			}
 
+			/* TODO CLI set-var should not prevent proxy deletion as var value is instantly resolved. */
+			px->flags |= PR_FL_NON_PURGEABLE;
+
 			chunk_destroy(&arg->data.str);
 			arg->unresolved = 0;
 			arg->data.prx = px;

Original file line number	Diff line number	Diff line change
`@@ -1982,6 +1982,8 @@ int proxy_finalize(struct proxy px, int err_code)`
`1982`	`1982`	`*/`
`1983`	`1983`	`px->options \|= PR_O_HTTP_UPG;`
`1984`	`1984`	`}`
	`1985`	`+`
	`1986`	`+ target->flags \|= PR_FL_NON_PURGEABLE;`
`1985`	`1987`	`}`
`1986`	`1988`	`}`
`1987`	`1989`
`@@ -2058,6 +2060,8 @@ int proxy_finalize(struct proxy px, int err_code)`
`2058`	`2060`	`*/`
`2059`	`2061`	`px->options \|= PR_O_HTTP_UPG;`
`2060`	`2062`	`}`
	`2063`	`+`
	`2064`	`+ target->flags \|= PR_FL_NON_PURGEABLE;`
`2061`	`2065`	`}`
`2062`	`2066`	`*err_code \|= warnif_tcp_http_cond(px, rule->cond);`
`2063`	`2067`	`}`
`@@ -5014,6 +5018,11 @@ int be_check_for_deletion(const char bename, struct proxy pb, const char *pm`
`5014`	`5018`	`goto out;`
`5015`	`5019`	`}`
`5016`	`5020`
	`5021`	`+ if (be->cap & PR_CAP_FE) {`
	`5022`	`+ msg = "Cannot delete a listen section.";`
	`5023`	`+ goto out;`
	`5024`	`+ }`
	`5025`	`+`
`5017`	`5026`	`if (be->options & (PR_O_DISPATCH\|PR_O_TRANSP)) {`
`5018`	`5027`	`msg = "Deletion of backend with deprecated dispatch/transparent options is not supported.";`
`5019`	`5028`	`goto out;`
`@@ -5024,8 +5033,8 @@ int be_check_for_deletion(const char bename, struct proxy pb, const char *pm`
`5024`	`5033`	`goto out;`
`5025`	`5034`	`}`
`5026`	`5035`
`5027`		`- if (be->cap & PR_CAP_FE) {`
`5028`		`- msg = "Cannot delete a listen section.";`
	`5036`	`+ if (be->flags & PR_FL_NON_PURGEABLE) {`
	`5037`	`+ msg = "This proxy cannot be removed at runtime due to other configuration elements pointing to it.";`
`5029`	`5038`	`goto out;`
`5030`	`5039`	`}`
`5031`	`5040`