Christopher Faulet [Fri, 12 Feb 2021 08:28:13 +0000 (09:28 +0100)]
CLEANUP: deinit: release global and per-proxy server-state variables on deinit
The global server-state base directory and file name are now released on
deinit, as well as per-proxy server-state file name.
(cherry picked from commit
f5ea269723a205c22d1ac9fd40b8d7fab5cb47ed)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3dab6c0c9f345ee8dc72ee8f7072521210434cf4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ba56cfd29574d6015ce8eb9278a971758c8c1788)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 12 Feb 2021 08:27:10 +0000 (09:27 +0100)]
BUG/MINOR: server: Fix server-state-file-name directive
Since the beginning, this directive is documented to accept an optional file
name. But it should also be possible to use it without any argument to use
the backend name as file name. However, when no argument is provided, an
error is reported during the configuration parsing requesting an argument, a
file name or "use-backend-name". And This last special argument is not
documented.
So, to respect the documentation and to avoid configuration breakages, all
modes are now supported. If this directive is called with no argument or
with "use-backend-name", the backend name is use as file name for the
server-state file. Otherwise, the provided string is used.
In addition, we take care to release any previously allocated file name in
case this directive is defines multiple times in the same backend. And an
error is reported if more than one argument are defined. Finally, the
documentation is updated accordingly. Sections supporting this directive are
also mentioned.
This patch should be backported as far as 1.6.
(cherry picked from commit
583b6de68aa1a1070ac3b9c5e21605916aed2de0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
05df94b374dbbaeff5a356525a4ad9b1be0ed217)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
efcbd8efd0ea65295a570642fee6d0376c32dcc8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Amaury Denoyelle [Thu, 28 Jan 2021 09:16:29 +0000 (10:16 +0100)]
BUG/MINOR: backend: hold correctly lock when killing idle conn
The wrong lock seems to be held when trying to remove another thread
connection if max fd limit has been reached (locking the current thread
instead of the target thread lock).
This could be backported up to 2.0.
(cherry picked from commit
a3bf62ec541479531ebe93bde46b436cb95c9a87)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ad1d5b58a7341fa7fe793dac4de461d4f5918582)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
cc20000a0674e32f14a1123f812aae3bfd42cf0a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Thu, 11 Feb 2021 09:42:41 +0000 (10:42 +0100)]
BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints()
When an invalid character is found during parsing in parse_dotted_uints()
function, the allocated array of uint must be released. This patch fixes a
memory leak on error path during the configuration parsing.
This patch should fix the issue #1106. It should be backported as far as
2.0. Note that, for 2.1 and 2.0, the function is in src/standard.c
(cherry picked from commit
4b524124db9dc6e64b4e0f0882b5fc71d24970e0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9027d3a6a34a9254bf4c3d642ac1fa886d5c4f23)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
94556d39f1b6d5e4f4ad8715a7b47104a0c636da)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
William Dauchy [Mon, 8 Feb 2021 22:53:29 +0000 (23:53 +0100)]
BUG/MINOR: server: re-align state file fields number
Since commit
3169471964fdc49963e63f68c1fd88686821a0c4 ("MINOR: Add
server port field to server state file.") max_fields was not increased
on version number 1. So this patch aims to fix it. This should be
backported as far as v1.8, but the numbering should be adpated depending
on the version: simply increase the field by 1.
Signed-off-by: William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
38cd986c54975add4e14ef0f693dff494e36336d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
b8b2e8fbe57188d175ab56e57a199364d2546410)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c87b69d2530f318f72e301c86f931c6e9c1ec587)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 8 Feb 2021 16:18:01 +0000 (17:18 +0100)]
BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
During the message parsing, if in MSG_DONE state, the CS_FL_EOI flag must
always be set on the conn-stream if following conditions are met :
* It is a response or
* It is a request but not a protocol upgrade nor a CONNECT.
For now, there is no test on the message type (request or response). Thus
the CS_FL_EOI flag is not set for a response with a "Connection: upgrade"
header but not a 101 response.
This bug was introduced by the commit
3e1748bbf ("BUG/MINOR: mux-h1: Don't
set CS_FL_EOI too early for protocol upgrade requests"). It was backported
as far as 2.0. Thus, this patch must also be backported as far as 2.0.
(cherry picked from commit
a22782b597ee9a3bfecb18a66e29633c8e814216)
[cf: context adjustments]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d50c18f9c78d0ba0ff357c9a8b51941a8cda3441)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9da31b5bfc5716f123567293fd579e54aff540e1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Wed, 10 Feb 2021 13:58:01 +0000 (14:58 +0100)]
BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors
If internal error is reported by the mux during HTTP request parsing, the
HTTP error counter should not be incremented. It should only be incremented
on parsing error to reflect errors caused by clients.
This patch must be backported as far as 2.0. During the backport, the same
must be performed for 408-request-time-out errors.
(cherry picked from commit
bf7175f9b6480fa25e859e226a1f460744e163cd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e01e583b1677d1f9d1859817e33b6c9c00fa4229)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fb7b410c1f0b46d875ba18cf7676460586b233d2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 5 Feb 2021 11:16:01 +0000 (12:16 +0100)]
BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
The demux loop could quit on missing data but the H2_CF_END_REACHED flag
would not be set in this case. This fixes a remaining situation where
previous commit
f09612289 ("BUG/MEDIUM: mux-h2: handle remaining read0
cases") could not be sufficient and still leave CLOSE_WAIT. It's harder
to reproduce but was still observed in prod.
Now we quit via the end of the loop which already takes care of shutr.
This should be backported along with the patch above as far as 2.0.
(cherry picked from commit
133aaa9f110f5b78e57a23f9db0553e2978eca0e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
02bd15b8db6990fd518544aa1a182afa5eaf7a2d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
a89aea1a1638591dab4aca8d1c2c71571957c74c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 5 Feb 2021 10:41:46 +0000 (11:41 +0100)]
BUG/MEDIUM: mux-h2: handle remaining read0 cases
Commit
3d4631fec ("BUG/MEDIUM: mux-h2: fix read0 handling on partial
frames") tried to address an issue introduced in commit
aade4edc1 where
read0 wasn't properly handled in the middle of a frame. But the fix was
incomplete for two reasons:
- first, it would set H2_CF_RCVD_SHUT in h2_recv() after detecting
a read0 but the condition was guarded by h2_recv_allowed() which
explicitly excludes read0 ;
- second, h2_process would only call h2_process_demux() when there
were still data in the buffer, but closing after a short pause to
leave a buffer empty wouldn't be caught in this case.
This patch fixes this by properly taking care of the received shutdown
and by also waking up h2_process_demux() on an empty buffer if the demux
is not blocked.
Given the patches above were tagged for backporting to 2.0, this one
should be as well.
(cherry picked from commit
f09612289f4a6e358524df385473323ea4254883)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
5554e636261a90f672e391e7e90c3089501a386d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
f58701b2f2a4db22f0eaea6fc3e53e22dcbe11b0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
William Lallemand [Fri, 5 Feb 2021 10:27:54 +0000 (11:27 +0100)]
BUILD: Makefile: move REGTESTST_TYPE default setting
In patch 3bad3d5 ("BUILD: Makefile: exclude broken tests by default"),
the default setting of the REGTESTST_TYPE variable was set in the
Makefile instead of the run-regtests.sh script.
Doing it in the Makefile was breaking the use of this environment
varible with make ( REGTESTS_TYPES=slow,default make reg-tests )
This patch move the default setting from the Makefile to
run-regtests.sh. It also change the documentation in `make
reg-tests-help` about the default value.
This patch should be backported where 3bad3d5 is backported.
(cherry picked from commit
c1ddcafdf9b425ff4ac2f1e3f1662a9133fc4cf6)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
99e4ce23d220f620b3bf2b8e2780a9b599ffba91)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
882debd98e6c385b31dad9bbbb0b597a8844f6b4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
William Lallemand [Mon, 1 Feb 2021 14:31:00 +0000 (15:31 +0100)]
BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
The "abort ssl cert" command is buggy and removes the current ckch store,
and instances, leading to SNI removal. It must only removes the new one.
This patch also adds a check in set_ssl_cert.vtc and
set_ssl_server_cert.vtc.
Must be backported as far as 2.2.
(cherry picked from commit
8695ce0bae21238eba660438c819797a245be71e)
[wt: dropped reg-tests/ssl/set_ssl_server_cert.vtc]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
3d6ebec8d3a957e191b70b67fe9682cb79c107c4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9b3473811b48e1e86f93004a48621c4637c0a809)
[cf: Backport to 2.1 also required; context adjustment]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
William Lallemand [Wed, 27 Jan 2021 13:58:51 +0000 (14:58 +0100)]
BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
Use chunk_inistr() for a chunk initialisation in
ssl_sock_load_sctl_from_file() instead of a manual initialisation which
was not initialising head.
Fix issue #1073.
Must be backported as far as 2.2
(cherry picked from commit
8d67394f6915c6d2db40bc1e9593fd392827da8d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
7cdbb5643de32c97f9d7693f140b89f4a4cb9493)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5df6c0815064a48111d6a35b9ce29677e087a0b0)
[cf: Backport to 2.1 also required; context adjustment]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Thu, 4 Feb 2021 16:02:39 +0000 (17:02 +0100)]
BUG/MINOR: xxhash: make sure armv6 uses memcpy()
There was a special case made to allow ARMv6 to use unaligned accesses
via a cast in xxHash when __ARM_FEATURE_UNALIGNED is defined. But while
ARMv6 (and v7) does support unaligned accesses, it's only for 32-bit
pointers, not 64-bit ones, leading to bus errors when the compiler emits
an ldrd instruction and the input (e.g. a pattern) is not aligned, as in
issue #1035.
Note that v7 was properly using the packed approach here and was safe,
however haproxy versions 2.3 and older use the old r39 xxhash code which
has the same issue for armv7. A slightly different fix is required there,
by using a different definition of packed for 32 and 64 bits.
The problem is really visible when running v7 code on a v8 kernel because
such kernels do not implement alignment trap emulation, and the process
dies when this happens. This is why in the issue above it was only detected
under lxc. The emulation could have been disabled on v7 as well by writing
zero to /proc/cpu/alignment though.
This commit is a backport of xxhash commit
a470f2ef ("update default memory
access for armv6").
Thanks to @srkunze for the report and tests, @stgraber for his help on
setting up an easy reproducer outside of lxc, and @Cyan4973 for the
discussion around the best way to fix this. Details and alternate patches
available on https://github.com/Cyan4973/xxHash/issues/490.
(cherry picked from commit
4acb99f8672232753adb36e57b45e80e5bd87783)
[wt: used the different version suitable for backpotring, using the
distinct packed settings]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
59ad20e080aa9dd9a197c074b18850b99c94b050)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5b1f60dd07e35539dacc048d9c4f37922c161ade)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Tue, 2 Feb 2021 14:42:25 +0000 (15:42 +0100)]
BUG/MEDIUM: ssl: check a connection's status before computing a handshake
As spotted in issue #822, we're having a problem with error detection in
the SSL layer. The problem is that on an overwhelmed machine, accepted
connections can start to pile up, each of them requiring a slow handshake,
and during all this time if the client aborts, the handshake will still be
calculated.
The error controls are properly placed, it's just that the SSL layer
reads records exactly of the advertised size, without having the ability
to encounter a pending connection error. As such if injecting many TLS
connections to a listener with a huge backlog, it's fairly possible to
meet this situation:
12:50:48.236056 accept4(8, {sa_family=AF_INET, sin_port=htons(62794), sin_addr=inet_addr("127.0.0.1")}, [128->16], SOCK_NONBLOCK) = 1109
12:50:48.236071 setsockopt(1109, SOL_TCP, TCP_NODELAY, [1], 4) = 0
(process other connections' handshakes)
12:50:48.257270 getsockopt(1109, SOL_SOCKET, SO_ERROR, [ECONNRESET], [4]) = 0
(proof that error was detectable there but this code was added for the PoC)
12:50:48.257297 recvfrom(1109, "\26\3\1\2\0", 5, 0, NULL, NULL) = 5
12:50:48.257310 recvfrom(1109, "\1\0\1\3"..., 512, 0, NULL, NULL) = 512
(handshake calculation taking 700us)
12:50:48.258004 sendto(1109, "\26\3\3\0z"..., 1421, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = -1 EPIPE (Broken pipe)
12:50:48.258036 close(1109) = 0
The situation was amplified by the multi-queue accept code, as it resulted
in many incoming connections to be accepted long before they could be
handled. Prior to this they would have been accepted and the handshake
immediately started, which would have resulted in most of the connections
waiting in the the system's accept queue, and dying there when the client
aborted, thus the error would have been detected before even trying to
pass them to the handshake code.
As a result, with a listener running on a very large backlog, it's possible
to quickly accept tens of thousands of connections and waste time slowly
running their handshakes while they get replaced by other ones.
This patch adds an SO_ERROR check on the connection's FD before starting
the handshake. This is not pretty as it requires to access the FD, but it
does the job.
Some improvements should be made over the long term so that the transport
layers can report extra information with their ->rcv_buf() call, or at the
very least, implement a ->get_conn_status() function to report various
flags such as shutr, shutw, error at various stages, allowing an upper
layer to inquire for the relevance of engaging into a long operation if
it's known the connection is not usable anymore. An even simpler step
could probably consist in implementing this in the control layer.
This patch is simple enough to be backported as far as 2.0.
Many thanks to @ngaugler for his numerous tests with detailed feedback.
(cherry picked from commit
0630038e771d4d08ae726080e2ef240d5ddaba68)
[wt: context adjustments]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
d287140ade12f0e5cc228929255b3d19c1f6f3cd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
900dd4cec76daacd7a83fc423d0b8f14ff86e3e9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 29 Jan 2021 09:27:47 +0000 (10:27 +0100)]
BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
The sample fetch functions must always be called with a valid argument
list. When called by hand, if there is no argument to pass, empty_arg_list must
be used.
In the stick-table code, there are some calls to smp_fetch_src() with NULL as
argument list. It is changed to use empty_arg_list instead. It is not really a
bug because smp_fetch_src() does not use the argument list. But it is an API
bug.
This patch may be backported to all stable branches as a cleanup.
(cherry picked from commit
bdbd5db2a50461fceb7fb89329e73d08f90e44fd)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
1945529933f00a37383990035d7257020efef520)
[cf: context adjustments]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
8e720d0fb09c93ca45076ccb23aa11e268ca0e16)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 29 Jan 2021 11:01:46 +0000 (12:01 +0100)]
DOC: management: fix "show resolvers" alphabetical ordering
Not sure why it was located between "show ssl" and "show table"...
This should be backported.
(cherry picked from commit
87ef32397101c7bc4783982af952da12c1750e88)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
84ee51a7c6266292bbcdc585eaa1fb4d43553e35)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f7c201d1cd49ff40552c83e1861ce05d3d15d51d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Frédéric Lécaille [Tue, 19 Jan 2021 13:33:24 +0000 (14:33 +0100)]
MINOR: contrib: Make the wireshark peers dissector compile for more distribs.
With a 2.6.8 wireshark, this module could not compile because of ws_version.h
missing header. This patch offers the possibility to compile this plugin without
having to include this header. Furthermore with my wireshark version a
"plugin_release" object is required to make it be loaded by wireshark. This is
a string which seems to have to match a dotted string made of you wireshark
major and minor versions.
(cherry picked from commit
aab6f7c3e642aa5e298a9d8765b5063abf518bfb)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
9885f4b329dcb8aaacd41ebcffef520cb3d11fb1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5172cb0ebbed1ff82acd00a71891c02956025b17)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Amaury Denoyelle [Tue, 26 Jan 2021 13:35:22 +0000 (14:35 +0100)]
BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
Leak for parsing of option usesrc of the source keyword.
This can be backported to 1.8.
(cherry picked from commit
69c5c3ab330584f9c53e2cf7c86af371a84f104d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
7edf20eb55282d86e78fa1c642975b4b8ffcbec4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
50c1fa2e4c59e097b10ee4d7fab699e8a8a5e73b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 25 Jan 2021 11:02:00 +0000 (12:02 +0100)]
BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
It is only a problem on the response path because the request payload length
it always known. But when a filter is registered to analyze the response
payload, the filtering may hang if the server closes just after the headers.
The root cause of the bug comes from an attempt to allow the filters to not
immediately forward the headers if necessary. A filter may choose to hold
the headers by not forwarding any bytes of the payload. For a message with
no payload but a known payload length, there is always a EOM block to
forward. Thus holding the EOM block for bodyless messages is a good way to
also hold the headers. However, messages with an unknown payload length,
there is no EOM block finishing the message, but only a SHUTR flag on the
channel to mark the end of the stream. If there is no payload when it
happens, there is no payload at all to forward. In the filters API, it is
wrongly detected as a condition to not forward the headers.
Because it is not the most used feature and not the obvious one, this patch
introduces another way to hold the message headers at the begining of the
forwarding. A filter flag is added to explicitly says the headers should be
hold. A filter may choose to set the STRM_FLT_FL_HOLD_HTTP_HDRS flag and not
forwad anything to hold the headers. This flag is removed at each call, thus
it must always be explicitly set by filters. This flag is only evaluated if
no byte has ever been forwarded because the headers are forwarded with the
first byte of the payload.
reg-tests/filters/random-forwarding.vtc reg-test is updated to also test
responses with unknown payload length (with and without payload).
This patch must be backported as far as 2.0.
(cherry picked from commit
6071c2d12dd2ff1f5876a2ace313a81259f211cd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
65e7b380ccc8a52829cbb216b27b8061c658ff88)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ccd69b38a23f6bfeb981ce6469f986707f6833c5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Adis Nezirovic [Fri, 15 Jan 2021 12:12:33 +0000 (13:12 +0100)]
BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
commit
5a982a71656ce885be4b1d4b90b8db31204788a1 ("MINOR:
contrib/prometheus-exporter: export build_info") is breaking lua
`core.get_info()`.
This patch makes sure build_info is correctly initialised in all cases.
Reviewed-by: William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
b62b78be131de1848d71350d369deac07daf448a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d918314545a1cd3e77447a2e57ede10d7e242a2e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3ddec3ee7d344112b4e4fbde317f8886a20d66a0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Bertrand Jacquin [Thu, 21 Jan 2021 21:14:07 +0000 (21:14 +0000)]
BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
Lua requires LLONG_MAX defined with __USE_ISOC99 which is set by
_GNU_SOURCE, not necessarely defined by default on old compiler/glibc.
$ make V=1 TARGET=linux-glibc-legacy USE_THREAD= USE_ACCEPT4= USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1
..
cc -Iinclude -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-strict-aliasing -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers -DUSE_EPOLL -DUSE_NETFILTER -DUSE_PCRE -DUSE_POLL -DUSE_TPROXY -DUSE_LINUX_TPROXY -DUSE_LINUX_SPLICE -DUSE_LIBCRYPT -DUSE_CRYPT_H -DUSE_GETADDRINFO -DUSE_OPENSSL -DUSE_LUA -DUSE_FUTEX -DUSE_ZLIB -DUSE_CPU_AFFINITY -DUSE_DL -DUSE_RT -DUSE_PRCTL -DUSE_THREAD_DUMP -I/usr/include/openssl101e/ -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"2.4-dev5-73246d-83\" -DCONFIG_HAPROXY_DATE=\"2021/01/21\" -c -o src/hlua.o src/hlua.c
In file included from /usr/local/include/lua.h:15,
from /usr/local/include/lauxlib.h:15,
from src/hlua.c:16:
/usr/local/include/luaconf.h:581:2: error: #error "Compiler does not support 'long long'. Use option '-DLUA_32BITS' or '-DLUA_C89_NUMBERS' (see file 'luaconf.h' for details)"
..
cc -Iinclude -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-strict-aliasing -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers -DUSE_EPOLL -DUSE_NETFILTER -DUSE_PCRE -DUSE_POLL -DUSE_TPROXY -DUSE_LINUX_TPROXY -DUSE_LINUX_SPLICE -DUSE_LIBCRYPT -DUSE_CRYPT_H -DUSE_GETADDRINFO -DUSE_OPENSSL -DUSE_LUA -DUSE_FUTEX -DUSE_ZLIB -DUSE_CPU_AFFINITY -DUSE_DL -DUSE_RT -DUSE_PRCTL -DUSE_THREAD_DUMP -I/usr/include/openssl101e/ -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"2.4-dev5-73246d-83\" -DCONFIG_HAPROXY_DATE=\"2021/01/21\" -c -o src/hlua_fcn.o src/hlua_fcn.c
In file included from /usr/local/include/lua.h:15,
from /usr/local/include/lauxlib.h:15,
from src/hlua_fcn.c:17:
/usr/local/include/luaconf.h:581:2: error: #error "Compiler does not support 'long long'. Use option '-DLUA_32BITS' or '-DLUA_C89_NUMBERS' (see file 'luaconf.h' for details)"
..
Cc: Thierry Fournier <tfournier@arpalert.org>
(cherry picked from commit
f4c12d4da25cd9da14215b0c4ee740d2b2ef762e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3dfbd27af6c8a71ee7b35839e2d3b81180107e38)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
81c18c34f4543309aa198116067d9b6d9f31100f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 20 Jan 2021 09:53:13 +0000 (10:53 +0100)]
BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
Since commit
aade4edc1 ("BUG/MEDIUM: mux-h2: Don't handle pending read0
too early on streams"), we've met a few cases where an early connection
close wouldn't be properly handled if some data were pending in a frame
header, because the test now considers the buffer's contents before
accepting to report the close, but given that frame headers or preface
are consumed at once, the buffer cannot make progress when it's stuck
at intermediary lengths.
In order to address this, this patch introduces two flags in the h2c
connection to store any reported shutdown and failed parsing. The idea
is that we cannot rely on conn_xprt_read0_pending() in the parser since
it wouldn't consider data pending in the buffer nor intermediary layers,
but we know for certain that after a read0 is reported by the transport
layer in presence of an RD_SH on the connection, no more progress will
be made there. This alone is not sufficient to decide to end processing,
we can only do this once these final data have been submitted to a parser.
Therefore, now when a parser fails on missing data, we check if a read0
has already been reported on this connection, and if so we set a new
END_REACHED flag on the connection to indicate a failure to process the
final data. The h2c_read0_pending() function now simply reports this
flag's status. This way we're certain that the input shutdown is only
considered after the demux attempted to parse the last frame.
Maybe over the long term the subscribe() API should be improved to
synchronously fail when trying to subscribe for an even that will not
happen. This may be an elegant solution that could possibly work across
multiple layers and even muxes, and be usable at a few specific places
where that's needed.
Given the patch above was backported as far as 2.0, this one should be
backported there as well. It is possible that the fcgi mux has the same
issue, but this was not analysed yet.
Thanks to Pierre Cheynier for providing detailed traces allowing to
quickly narrow the problem down, and to Olivier for his analysis.
(cherry picked from commit
3d4631fec626c5aa8f12582ee3713563b5e38519)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
1369ea2788b545906581cf19ce8745265e8ed578)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
bb095803c1082f0aea0fa73061a7ece8f9449c4b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Bertrand Jacquin [Thu, 21 Jan 2021 01:31:46 +0000 (01:31 +0000)]
BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
glibc < 2.10 requires _GNU_SOURCE in order to make use of strsignal(),
otherwise leading to SEGV at runtime.
$ make V=1 TARGET=linux-glibc-legacy USE_THREAD= USE_ACCEPT4=
..
src/mworker.c: In function 'mworker_catch_sigchld':
src/mworker.c:285: warning: implicit declaration of function 'strsignal'
src/mworker.c:285: warning: pointer/integer type mismatch in conditional expression
..
$ make V=1 reg-tests REGTESTS_TYPES=slow,default
..
###### Test case: reg-tests/mcli/mcli_start_progs.vtc ######
## test results in: "/tmp/haregtests-2021-01-19_15-18-07.n24989/vtc.29077.
28f6153d"
---- h1 Bad exit status: 0x008b exit 0x0 signal 11 core 128
---- h1 Assert error in haproxy_wait(), src/vtc_haproxy.c line 792: Condition(*(&h->fds[1]) >= 0) not true. Errno=0 Success
..
$ gdb ./haproxy /tmp/core.0.haproxy.30270
..
Core was generated by `/root/haproxy/haproxy -d -W -S fd@8 -dM -f /tmp/haregtests-2021-01-19_15-18-07.'.
Program terminated with signal 11, Segmentation fault.
#0 0x00002aaaab387a10 in strlen () from /lib64/libc.so.6
(gdb) bt
#0 0x00002aaaab387a10 in strlen () from /lib64/libc.so.6
#1 0x00002aaaab354b69 in vfprintf () from /lib64/libc.so.6
#2 0x00002aaaab37788a in vsnprintf () from /lib64/libc.so.6
#3 0x00000000004a76a3 in memvprintf (out=0x7fffedc680a0, format=0x5a5d58 "Current worker #%d (%d) exited with code %d (%s)\n", orig_args=0x7fffedc680d0)
at src/tools.c:3868
#4 0x00000000004bbd40 in print_message (label=0x58abed "ALERT", fmt=0x5a5d58 "Current worker #%d (%d) exited with code %d (%s)\n", argp=0x7fffedc680d0)
at src/log.c:1066
#5 0x00000000004bc07f in ha_alert (fmt=0x5a5d58 "Current worker #%d (%d) exited with code %d (%s)\n") at src/log.c:1109
#6 0x0000000000534b7b in mworker_catch_sigchld (sh=<value optimized out>) at src/mworker.c:293
#7 0x0000000000556af3 in __signal_process_queue () at src/signal.c:88
#8 0x00000000004f6216 in signal_process_queue () at include/haproxy/signal.h:39
#9 run_poll_loop () at src/haproxy.c:2859
#10 0x00000000004f63b7 in run_thread_poll_loop (data=<value optimized out>) at src/haproxy.c:3028
#11 0x00000000004faaac in main (argc=<value optimized out>, argv=0x7fffedc68498) at src/haproxy.c:904
See: https://man7.org/linux/man-pages/man3/strsignal.3.html
Must be backported as far as 2.0.
(cherry picked from commit
25439de1811aeda7bf472f70f40c3fac9725907e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c3f67cdac3c23db5d4487130121690ed2c332c68)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
23986696c9856a02b8ae87f52e4b45a441126779)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 20 Jan 2021 14:50:03 +0000 (15:50 +0100)]
BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper
That was causing confusing outputs like this one whenan H2S is known:
1030 : ... last_h2s=0x2ed8390 .id=775 .st=HCR.flg=0x4001 .rxbuf=...
^^^^
This was introduced by commit
ab2ec4540 in 2.1-dev2 so the fix can be
backported as far as 2.1.
(cherry picked from commit
ed4464e6c698bfb410610b7f3850cd0fa3331eb1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
1c694698bc378224165860000f5e41b3301a9be7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
663c62c31e45eac5b6b0c4b3d4b24d6a8151e5c8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Frédéric Lécaille [Mon, 18 Jan 2021 14:14:39 +0000 (15:14 +0100)]
BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
This counter could be hugely incremented by the peer task responsible of managing
peer synchronizations and reconnections, for instance when a peer is not reachable
there is a period where the appctx is not created. If we receive stick-table
updates before the peer session (appctx) is instantiated, we reach the code
responsible of incrementing the "new_conn" counter.
With this patch we increment this counter only when we really instantiate a new
peer session thanks to peer_session_create().
May be backported as far as 2.0.
(cherry picked from commit
2b0ba54ddb7d555bd0116eb8278b37ac409e7779)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
219587fa3d671e6644d137d31e5a1550fa34d231)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f12c3608352e9135144483a5e1f09b092bb717ac)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
David CARLIER [Fri, 15 Jan 2021 08:09:56 +0000 (08:09 +0000)]
BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
There is no low level api to achieve same as Linux/FreeBSD, we rely
on CPUs available. Without this, the number of threads is just 1 for
Mac while having 8 cores in my M1.
Backporting to 2.1 should be enough if that's possible.
Signed-off-by: David CARLIER <devnexen@gmail.com>
(cherry picked from commit
6a9060189d66ca931984706d5e2a970ed913f457)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
64e563351414f6bdcc9e9f8bc41a13c496ff8ecc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c84718cab39b69ba743d927bf3d641bd3ff53fa3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 12 Jan 2021 17:57:38 +0000 (18:57 +0100)]
BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
The HAPROXY_CFGFILES env variable is built using a static trash chunk, via a
call to get_trash_chunk() function. This chunk is reserved during the whole
configuration parsing. It is far too large to guarantee it will not be
reused during the configuration parsing. And in fact, it happens in the lua
code since the commit
f67442efd ("BUG/MINOR: lua: warn when registering
action, conv, sf, cli or applet multiple times"), when a lua script is
loaded.
To fix the bug, we now use a dynamic buffer instead. And we call memprintf()
function to handle both the allocation and the formatting. Allocation errors
at this stage are fatal.
This patch should fix the issue #1041. It must be backported as far as 2.0.
(cherry picked from commit
4e36682d51f4e206c63d792a8cde3e669fb8a0d4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
33edd5101136f9e0a7fecb07e1fb7a32d5c1e9e8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9f8149ff4ad693d6a4db2f1dbd9704e1ac1a97ba)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Jerome Magnin [Tue, 12 Jan 2021 19:19:38 +0000 (20:19 +0100)]
BUG/MINOR: init: enforce strict-limits when using master-worker
The strict-limits global option was introduced with commit
0fec3ab7b
("MINOR: init: always fail when setrlimit fails"). When used in
conjuction with master-worker, haproxy will not fail when a setrlimit
fails. This happens because we only exit() if master-worker isn't used.
This patch removes all tests for master-worker mode for all cases covered
by strict-limits scope.
This should be backported from 2.1 onward.
This should fix issue #1042.
Reviewed by William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
50f757c5fdd7e6eb404103d878f648453d00d73e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4b1148f4fe80ee79705b9b56addf15325469c6ca)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f1deb0aef0dda223951c02cece35f7b785f701cc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Remi Tricot-Le Breton [Tue, 12 Jan 2021 13:55:12 +0000 (14:55 +0100)]
BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
If an errors occurs during the sample expression parsing, the alloced
sample_expr is not freed despite having its main pointer reset.
This fixes GitHub issue #1046.
It could be backported as far as 1.8.
(cherry picked from commit
22e0d9b39cfb238e7bf866b3d78aa9b393004508)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
54c88770d37ce28077dd4a20b8ffbb54a56cca8b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
780316e86b7170fe2951235f9bf214f26502fc14)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
William Dauchy [Mon, 11 Jan 2021 10:05:58 +0000 (11:05 +0100)]
BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
like it is done in other places, check the return value of
`alloc_trash_chunk` before using it. This was detected by coverity.
this patch fixes commit
591fc3a330005c289b4705fe4cb37c4eec9f9eed
("BUG/MINOR: sample: fix concat() converter's corruption with non-string
variables"
As a consequence, this patch should be backported as far as 2.0
this should fix github issue #1039
Signed-off-by: William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
e997010accdb17e70b628bc1e7c2810487d279c0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c9656833cf765782c043f6d7b902350178a984a6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fb12e1b14323f1f68fca89b27d0cea76b1664e4b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 8 Jan 2021 20:24:59 +0000 (21:24 +0100)]
[RELEASE] Released version 2.1.11
Released version 2.1.11 with the following main changes :
- MINOR: http-htx: Add understandable errors for the errorfiles parsing
- BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L
- BUG/MINOR: pattern: a sample marked as const could be written
- BUG/MINOR: lua: set buffer size during map lookups
- BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
- BUG/MINOR: peers: Missing TX cache entries reset.
- BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
- BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
- BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
- BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
- MINOR: spoe: Don't close connection in sync mode on processing timeout
- MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
- BUILD: http-htx: fix build warning regarding long type in printf
- BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
- BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
- BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
- BUG/MAJOR: peers: fix partial message decoding
- DOC: Clarify %HP description in log-format
- DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
- MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
- BUG/MINOR: lua: missing "\n" in error message
- BUG/MINOR: lua: lua-load doesn't check its parameters
- BUG/MINOR: lua: Post init register function are not executed beyond the first one
- BUG/MINOR: lua: Some lua init operation are processed unsafe
- MINOR: actions: Export actions lookup functions
- MINOR: actions: add a function returning a service pointer from its name
- MINOR: cli: add a function to look up a CLI service description
- BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
- DOC/MINOR: Fix formatting in Management Guide
- BUG/MAJOR: spoa/python: Fixing return None
- DOC: spoa/python: Fixing typo in IP related error messages
- DOC: spoa/python: Rephrasing memory related error messages
- DOC: spoa/python: Fixing typos in comments
- BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
- BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
- BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
- BUG/MEDIUM: spoa/python: Fixing references to None
- DOC: email change of the DeviceAtlas maintainer
- BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
- BUG/MINOR: tools: Reject size format not starting by a digit
- BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
- CLEANUP: lua: Remove declaration of an inexistant function
- CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric
- REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
- BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
- BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
- BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
- CONTRIB: halog: fix build issue caused by %L printf format
- CONTRIB: halog: mark the has_zero* functions unused
- CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
- CONTRIB: debug: address "poll" utility build on non-linux platforms
- BUILD: plock: remove dead code that causes a warning in gcc 11
- BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
- BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
- MINOR: atomic: don't use ; to separate instruction on aarch64.
- BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails
- SCRIPTS: improve announce-release to support different tag and versions
- SCRIPTS: make announce release support preparing announces before tag exists
- BUG/MINOR: srv: do not init address if backend is disabled
- BUILD: Makefile: exclude broken tests by default
- MINOR: contrib/prometheus-exporter: export build_info
- DOC: fix some spelling issues over multiple files
- SCRIPTS: announce-release: fix typo in help message
- DOC: Add maintainers for the Prometheus exporter
- BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
Willy Tarreau [Fri, 8 Jan 2021 15:08:43 +0000 (16:08 +0100)]
BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
Patrick Hemmer reported that calling concat() with an integer variable
causes a %00 to appear at the beginning of the output. Looking at the
code, it's not surprising. The function uses get_trash_chunk() to get
one of the trashes, but can call casting functions which will also use
their trash in turn and will cycle back to ours, causing the trash to
be overwritten before being assigned to a sample.
By allocating the trash from a pool using alloc_trash_chunk(), we can
avoid this. However we must free it so the trash's contents must be
moved to a permanent trash buffer before returning. This is what's
achieved using smp_dup().
This should be backported as far as 2.0.
(cherry picked from commit
591fc3a330005c289b4705fe4cb37c4eec9f9eed)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
79f4360bcbf4d4c4a56b7688dbb2cea839a5b9ba)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
3d8ff18aaa8046d3e64a94d33c180db88c8033a0)
Signed-off-by: Willy Tarreau <w@1wt.eu>
Christopher Faulet [Fri, 8 Jan 2021 13:39:04 +0000 (14:39 +0100)]
DOC: Add maintainers for the Prometheus exporter
William Dauchy and Christopher Faulet are the official maintainers of the
Prometheus exporter. William better knows the Prometheus usages and is the
referent for the features while Christopher's role is more code-centric, he
takes care of bugs and the exporter integration into Haproxy.
(cherry picked from commit
84c88a58c5153b8fffa509934375c92435298a1b)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
650f1f491d0346640cfdbc810705767d24b11189)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
d76c981cd74b78d62131d25b23bce010287ce821)
Signed-off-by: Willy Tarreau <w@1wt.eu>
Thayne McCombs [Fri, 8 Jan 2021 04:36:27 +0000 (21:36 -0700)]
SCRIPTS: announce-release: fix typo in help message
s/relase/release in -p help message.
(cherry picked from commit
478e5ddc8d2ecab13391c96a4001081b1cf9b981)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
f3f767ca3b232d8a33eb876052dd27092afcac87)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
4e84d6a15d51a92f1b3602081f8b6f934852d42a)
Signed-off-by: Willy Tarreau <w@1wt.eu>
Thayne McCombs [Fri, 8 Jan 2021 04:24:41 +0000 (21:24 -0700)]
DOC: fix some spelling issues over multiple files
This is from the output of codespell and may be backported.
(cherry picked from commit
cdbcca9995a4974c6998720e158d6f1d4d9a25c0)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
dab4ba60421f3a9ea984df3ccd79604bc7224ead)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
12bbe3a4d8331579170f3f067373f88b6eeb869f)
[wt: dropped non-existing parts]
Signed-off-by: Willy Tarreau <w@1wt.eu>
William Dauchy [Fri, 8 Jan 2021 12:18:06 +0000 (13:18 +0100)]
MINOR: contrib/prometheus-exporter: export build_info
commit
c55a626217a7e676e1cc ("MINOR: contrib/prometheus-exporter: Add
missing global and per-server metrics") is renaming two metrics between
v2.2 and v2.3:
server_idle_connections_current
server_idle_connections_limit
It is breaking some tools which are making use of those metrics while
supporting several haproxy versions. This build_info will permit tools
which make use of metrics to be able to match the haproxy version and
change the list of expected metrics. This was possible using the haproxy
stats socket but not with prometheus export.
This patch follows prometheus best pratices to export specific software
informations. It is adding a new field `build_info` so we can extend it
to other parameters if needed in the future.
example output:
# HELP haproxy_process_build_info HAProxy build info.
# TYPE haproxy_process_build_info gauge
haproxy_process_build_info{version="2.4-dev5-2e1a3f-5"} 1
Even though it is not a bugfix, this patch will make more sense when
backported up to >= 2.0
Signed-off-by: William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
5a982a71656ce885be4b1d4b90b8db31204788a1)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
d97162cc94eafff8bd0e67f69ad5f75f59ceaf97)
[wt: context in stats-t.h]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
ce3e98eb1f9240b7633c5de6855dd115e61708ae)
[wt: adjusted include file names (version.h is in common)]
Signed-off-by: Willy Tarreau <w@1wt.eu>
William Dauchy [Thu, 7 Jan 2021 16:10:51 +0000 (17:10 +0100)]
BUILD: Makefile: exclude broken tests by default
it could be sometimes a bit confusing to have tests which are known to
be broken executed in the default `make reg-tests` command, especially
for not frequent contributors which are not necessarily aware of all our
quirks.
without this patch, this test is failing on my side:
# top TEST reg-tests/seamless-reload/abns_socket.vtc FAILED (2.228) exit=2
1 tests failed, 0 tests skipped, 107 tests passed
Signed-off-by: William Dauchy <wdauchy@gmail.com>
(cherry picked from commit
3bad3d5ee64caec53077018a848075bdc817580e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
cc0598a5ac0b57f10932afb613ddbf7b1bd2a7ae)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
6114586279a01076087bcd866c537581f117186e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
Amaury Denoyelle [Wed, 6 Jan 2021 13:28:50 +0000 (14:28 +0100)]
BUG/MINOR: srv: do not init address if backend is disabled
Do not proceed on init_addr if the backend of the server is marked as
disabled. When marked as disabled, the server is not fully initialized
and some operation must be avoided to prevent segfault. It is correct
because there is no way to activate a disabled backend.
This fixes the github issue #1031.
This should be backported to 2.2.
(cherry picked from commit
e3c419296211f08209300b9a06dc17467a6cb315)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
96a4ff137c88294b1d12bcb0d76f18bc1f2b41a6)
[cf: In fact this one should be backported in all stable versions]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
94c6b618d2aa64587c39cd201d6336516910ce8f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 6 Jan 2021 14:46:33 +0000 (15:46 +0100)]
SCRIPTS: make announce release support preparing announces before tag exists
It takes so much time to write an announce message that sometimes it's
annoying not being able to start the work while a fix is being finished.
With the new "-p" argument, announce-release will allow to prepare the
announce message for the current HEAD and with no tag yet. It will
restart from the last tag and automatically increment the version using
the same algorithm as create-release so that everything is accurate. It
should then be easier at the last moment to just include the final entry
by hand when the last fix finally arrives. For convenience, this argument
also allows to create an announce from another branch than master.
(cherry picked from commit
96d5368202705de79756ebe7da78beb1af11fb2d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fa5c2416c15a76400242626d3b5460c181e133fc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4aa54d401f6e0d5ccea9fc937ecb73fc9a518947)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 6 Jan 2021 14:16:46 +0000 (15:16 +0100)]
SCRIPTS: improve announce-release to support different tag and versions
By having three variables it will be easier to preset the version and
the tag separately. One contains the announced version, another one the
associated tag and the last one the final commit ID (used as the ending
point before the release). This initially allows to check for the HEAD
matching the tag only when the version was not forced, hence re-announce
already tagged versions after some extra commits were added for example.
(cherry picked from commit
0c612936b2f4319dcc55567af4aa425b1d6d52c7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d1754b6f0c0578569cf4673e01dfb547e2558bc3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
64028f4e8f55c3734c35a4355ac5138b87290cf6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Tim Duesterhus [Sun, 3 Jan 2021 21:54:43 +0000 (22:54 +0100)]
BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails
This patch fixes GitHub issue #1024.
I could track the `strdup` back to commit
3a1f5fda109fc56ae127d03eaf34ce027c9542e1 which is 1.9-dev8. It's probably not
worth the effort to backport it across this refactoring.
This patch should be backported to 1.9+.
(cherry picked from commit
5ce5a1586d8c67affa604dedf0faa2c5a02ecab5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f46d9cd735d1664c113c041d85179a81bded8fc6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fdca7df8181de29a661be4e8f91160b087843167)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Olivier Houchard [Wed, 23 Dec 2020 00:23:41 +0000 (01:23 +0100)]
MINOR: atomic: don't use ; to separate instruction on aarch64.
The assembler on MacOS aarch64 interprets ; as the beginning of comments,
so it is not suitable for separating instructions in inline asm. Use \n
instead.
This should be backported to 2.3, 2.2, 2.1, 2.0 and 1.9.
(cherry picked from commit
63ee28185430cbf5bdce21f82484f7de70fe4654)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ffc781b1eda8d4a66e899d3a40a37094ad4f674f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
7c6634adcfbfa3c92bd8a51a688762df0969d8ce)
[cf: patch applied on common/hathreads.h because haproxy/atomic.h does not
exist]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christian Ruppert [Mon, 9 Nov 2020 08:15:21 +0000 (09:15 +0100)]
BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
This fixes building hpack from contrib, which failed because of the
undeclared VAR_ARRAY:
make -C contrib/hpack
...
cc -O2 -Wall -g -I../../include -fwrapv -fno-strict-aliasing -c -o gen-enc.o gen-enc.c
In file included from gen-enc.c:18:
../../include/haproxy/hpack-tbl-t.h:105:23: error: 'VAR_ARRAY' undeclared here (not in a function)
105 | struct hpack_dte dte[VAR_ARRAY]; /* dynamic table entries */
...
As discussed in the thread below, let's redefine VAR_ARRAY in this file
so that it remains self-sustaining:
https://www.mail-archive.com/haproxy@formilux.org/msg39212.html
(cherry picked from commit
b67e1558955c1c88dc2a3530322802ce3710bc88)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e2802e78038a3e3154fcc3f87eab62b6c81d23db)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
987bd0afd206af9d6ae113b01e1bd472e95ea1af)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Tim Duesterhus [Mon, 21 Dec 2020 18:40:16 +0000 (19:40 +0100)]
BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
This is a regression in
7838a79ba ("MEDIUM: mux-h2/trace: add lots of traces
all over the code"). The issue was found using -Wmisleading-indentation.
This patch fixes GitHub issue #1015.
The impact of this bug is that it could in theory cause occasional delays
on some long responses for connections having otherwise no traffic.
This patch should be backported to 2.1+, the commit was first tagged in
v2.1-dev2.
(cherry picked from commit
12a08d8849166ec0a779bbdee2ce9d768d5aa824)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6dca14490dffcd7aff69b71d3fefbf3b3dcf7c12)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
769ba9391e77ebf3492a1910b6273090bbeb81c8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Mon, 21 Dec 2020 09:27:18 +0000 (10:27 +0100)]
BUILD: plock: remove dead code that causes a warning in gcc 11
As Ilya reported in issue #998, gcc 11 complains about misleading code
indentation which is in fact caused by dead assignments to zero after
a loop which stops on zero. Let's clean both of these.
(cherry picked from commit
b1f54925fc17b00ddbe25e30c2207a8d68d47f34)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
775c665f20c695ad92fdb4318d5c77097ba15d7a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
78c677589e423f703cd9f5caefb28ed23bfba2a1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Mon, 21 Dec 2020 07:43:50 +0000 (08:43 +0100)]
CONTRIB: debug: address "poll" utility build on non-linux platforms
MSG_NOSIGNAL and MSG_MORE are not defined everywhere, let's make them
zero when not defined. It will roughly result in the same behavior,
albeit a bit less optimal, which is no big deal when debugging. This
should fix issue #1014.
(cherry picked from commit
79d2e7bbbd56455f5f73c030df41e8e1ed621df4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
361e90eb459f9e9418c93c3cc2da5d6bc02c159d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
2e8e6b1a53124265fe186730ed5cd0109c7a04de)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Mon, 21 Dec 2020 07:40:04 +0000 (08:40 +0100)]
CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
Some variables were signed while they were compared to unsigned ones,
causing warnings to be issued when -Wextra is enabled.
(cherry picked from commit
03ca6054d02350e83cb5227608ccec13efdd3ade)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f87775390a22880b0f6b979d35343988fdd109a2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
52381396cfe73d65c7ee841e674a6897fe81db19)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Mon, 21 Dec 2020 07:35:24 +0000 (08:35 +0100)]
CONTRIB: halog: mark the has_zero* functions unused
These ones will depend on the use of memchr() or not, let's mark them unused
to avoid the warning reported in issue #1013.
(cherry picked from commit
f531dfff18becc87a3855ae6bc987afe9bffccc3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9080ac02583d90f99544a389353538c1e68ad8cf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0c2916b0c7462fab24a2ccea87dcc8b6f123c2ac)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Mon, 21 Dec 2020 07:29:09 +0000 (08:29 +0100)]
CONTRIB: halog: fix build issue caused by %L printf format
%Ld isn't standard, %lld is more portable. In addition, the format
should be %llu since the printed values are unsigned. This should
address issue #1013.
(cherry picked from commit
2df860cb13e503fc8d80889bb93c20d5e8b24cd5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6b20b8b4fa5f9e3cc465a78a42b12fb1456489b7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e7ec110111ed1b52b258421edc0d472171fbc52c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 15 Dec 2020 12:32:55 +0000 (13:32 +0100)]
BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
When a channel is set in TUNNEL mode, we now always set the CF_NEVER_WAIT flag,
to be sure to never wait for sending data. It is important because in TUNNEL
mode, we have no idea if more data are expected or not. Setting this flag
prevent the MSG_MORE flag to be set on the connection.
It is only a problem with the HTX, since the 2.2. On previous versions, the
MSG_MORE flag is only set on the mux initiative. In fact, the problem arises
because there is an ambiguity in tunnel mode about the HTX_FL_EOI flag. In this
mode, from the mux point of view, while the SHUTR is not received more data are
expected. But from the channel point of view, we want to send data asap.
At short term, this fix is good enough and is valid anyway. But for the long
term more reliable solution must be found. At least, the to_forward field must
regain its original meaning.
This patch must be backported as far as 2.2.
(cherry picked from commit
198ef8b1de3ddac116baeaf5b86f2f8335e69e62)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0d4da8c908526e919c103e9ff39786decc5ec787)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ee20c8c89296474109906a5260a1ca17de533a7f)
[cf: In fact, it should be backported as far as 2.0 to avoid future bugs]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 7 Dec 2020 17:21:27 +0000 (18:21 +0100)]
BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
When a protocol upgrade request is received, once parsed, it is waiting for
the response in the DONE state. But we must not set the flag CS_FL_EOI
because we don't know if a protocol upgrade will be performed or not.
Now, it is set on the response path, if both sides reached the DONE
state. If a protocol upgrade is finally performed, both side are switched in
TUNNEL state. Thus the CS_FL_EOI flag is not set.
If backported, this patch must be adapted because for now it relies on last
2.4-dev changes. It may be backported as far as 2.0.
(cherry picked from commit
3e1748bbf30bc06407bda36517c00c0b97bfeb50)
[cf: context adjustment]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fe2d5b11f4aec0c8effd4ec4a2c9c1f07a9dc919)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d13afbcce5e664f9cfe797eee8c527e5fa947f1b)
[cf: context adjustment]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 16 Dec 2020 13:14:38 +0000 (14:14 +0100)]
BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
Now that we sometimes link some contrib subparts directly into the
haproxy binary, it's becoming a real problem that they're not cleaned
on make clean. Some of the tools there are useful as .so or pure
binaries and we don't want to remove them, but anything intermediary
susceptible to be linked into haproxy should be clenaed. This is what
this patch does for 3 levels of subdirs into contrib/, without touching
the rest. It should be sufficient for the vast majority of use cases.
(cherry picked from commit
da867d8d68f19f9034a47d42d16db78a84a12299)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f25b487b1f4b9acb14010293f1e85cbb911caab7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
345df01dbc4da0f320a7c6844156e9f277294d19)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Wed, 16 Dec 2020 09:39:20 +0000 (10:39 +0100)]
REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
Enabling memory poisonning is often pretty effective for detecting
uninitialized structure fields. Let's enable it by default and let
the user change the arguments at will (e.g. forcing some memory limits
or disabling a poller). This will work with the latest vtest version
to date (02a9bc1).
(cherry picked from commit
a4009cd6103a92752db27c3a85051c6adcc832c1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f13c7dbe51f3eda453c6aa596b3b56e2274c106d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4652c51bf24d5c17c7a441c17994c46c72600bf5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Pierre Cheynier [Tue, 7 Jul 2020 17:14:08 +0000 (19:14 +0200)]
CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric
A typo I identified while having a look to our metric inventory.
(s/frontent/frontend)
(cherry picked from commit
1e3697635292b0f194171958a26766ae3e8d8453)
[wt: actually it fixes a real issue as the typo was user-visible]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
2e50e5d1ea9b3af6cb87c52f23c6fc7b0e140b37)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 14 Dec 2020 12:27:02 +0000 (13:27 +0100)]
CLEANUP: lua: Remove declaration of an inexistant function
action_http_after_res_custom() is declared but never defined. The declaration
was introduced by the commit
86f8f6f78 ("MINOR: actions: Export actions lookup
functions"). But the definition does not exist because the HTTP after-response
ruleset only exist since the 2.2.
This patch must be backported where the above patch is, as far as 1.8. There is
no upstream commit ID for this patch.
Christopher Faulet [Fri, 11 Dec 2020 14:36:01 +0000 (15:36 +0100)]
BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
Depending on the context, the current eweight or the next one must be used
to reposition a server in the tree. When the server state is updated, for
instance its weight, the next eweight must be used because it is not yet
committed. However, when the server is used, on normal conditions, the
current eweight must be used.
In fact, it is only a bug on the 1.8. On newer versions, the changes on a
server are performed synchronously. But it is safer to rely on the right
eweight value to avoid any futur bugs.
On the 1.8, it is important to do so, because the server state is updated
and committed inside the rendez-vous point. Thus, the next server state may
be unsync with the current state for a short time, waiting all threads join
the rendez-vous point. It is especially a problem if the next eweight is set
to 0. Because otherwise, it must not be used to reposition the server in the
tree, leading to a divide by 0.
This patch must be backported as far as 1.8.
(cherry picked from commit
cb33d3ac7f8dbc3f7323606a521d29dc100adbda)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0881842bf7a8de3e3cf93bece19f160945ba984a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
8498c5fe48b36371f2bf8e12217d57b76adde561)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 11 Dec 2020 08:30:45 +0000 (09:30 +0100)]
BUG/MINOR: tools: Reject size format not starting by a digit
parse_size_err() function is now more strict on the size format. The first
character must be a digit. Otherwise an error is returned. Thus "size k" is
now rejected.
This patch must be backported to all stable versions.
(cherry picked from commit
82635a0fc1d8196e5b199e2948d2bea4b1217ace)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
7f955e66b93625ad405405f10bd51b94ffff72fe)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9a1194430a7d3a967c75775a801e99303b85dbc3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 11 Dec 2020 08:23:07 +0000 (09:23 +0100)]
BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
First, an error is now reported if the first character is not a digit. Thus,
"timeout client s" triggers an error now. Then 'u' is also rejected
now. 'us' is valid and should be used set the timer in microseconds. However
'u' alone is not a valid unit. It was just ignored before (default to
milliseconds). Now, it is an error. Finally, a warning is reported if the
end of the text is not reached after the timer parsing. This warning will
probably be switched to an error in a futur version.
This patch must be backported to all stable versions.
(cherry picked from commit
c20ad0d8dbd1bb5707bbfe23632415c3062e046c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
761d1fb53d20b75f403c1b2032649fcab0e7f280)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6c689a0aa32745becc1fa327ba358be7dafa160f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
David Carlier [Thu, 10 Dec 2020 09:56:09 +0000 (09:56 +0000)]
DOC: email change of the DeviceAtlas maintainer
(cherry picked from commit
1470b9d0459306c4784285cc7f16b150a5b4b17a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4ce4adc4cd7438785ea59ce8f376f11e891d049c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e0661002b611c7ed92e1c03d70bc9a54e6de5de7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:14 +0000 (14:37 +0000)]
BUG/MEDIUM: spoa/python: Fixing references to None
As per https://docs.python.org/3/c-api/none.html, None has to be treated
exactly like other objects for reference counting.
So, when we use it, we need to INCREF and when we are done, DECREF
This patch must be backported as far as 2.0.
(cherry picked from commit
bdd034947c4a3a6f8c41af9bf6e62b7a74b4ebbc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
30189a6e056799f38d57478b04baded0868a431b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
752e24a9e42cd9fe76f6b0d070562dc180c92555)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:13 +0000 (14:37 +0000)]
BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
As per https://docs.python.org/3/c-api/object.html#c.PyObject_Call,
positional arguments should be an empty tuple when not used.
Previously the code had a dictionary instead of tuple. This commit is to
fix it and use tuple to avoid unexpected consequences
This patch must be backported as far as 2.0.
(cherry picked from commit
042f697a0fce0255b569786d29e929a4a41cbc46)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
789fb20542c76e14d68b916efe0dba6b012858b8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
712c28d00e23f21127eb0c4809e40fc5b19e223b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:12 +0000 (14:37 +0000)]
BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
This change is to ensure objects from the ipaddress module are cleaned
up when spoa module initialization fails.
In general the interpreter would just crash, but in a code where import
is conditional (try/except), then we would keep those objects around
This patch must be backported as far as 2.0.
(cherry picked from commit
d1c0cf80bceb352b6bf33064b352f6dbe2b0b39c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
7dde8ae61ee58ef8457f9c9ab6d908fa8c01ea2b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f090f0e357fd97fabd99465d2084a5d1e77e77f5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:11 +0000 (14:37 +0000)]
BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
As per https://docs.python.org/3/c-api/module.html#c.PyModule_AddObject,
references are stolen by the function only for success. We must do
cleanup manually if there is a failure
This patch must be backported as far as 2.0.
(cherry picked from commit
132d8f61e9440b9254069ca2c4bcff67df29bb6f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
2efe413b82d4fd35178ecb96e7b5f4336deb4cc5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e795c1f99bb9c99369aac2a97e2447a215176089)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:10 +0000 (14:37 +0000)]
DOC: spoa/python: Fixing typos in comments
Fixing a missing letter in a comment
This patch must be backported as far as 2.0.
(cherry picked from commit
c7485ac1013e32e79d692230a65be082c995f683)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d809b3c32c61b5804e47b38cb61a54da4beec73c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
a43aae171df9dcffdb2bd67a09d57babc76cc0f0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:09 +0000 (14:37 +0000)]
DOC: spoa/python: Rephrasing memory related error messages
The old message "No more space left available" was redundant with "left
available". This commit is to rephrase that sentence and make it more
explicit we are talking about memory
This patch must be backported as far as 2.0.
(cherry picked from commit
85b25829bce67a8d8338350a9bc8845f0ed9c2ad)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6426fb39e7adabb89e93263290ac9e62740c7bb2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
235b799c4ae7734c56cae9ea96beed8b770ee37d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:08 +0000 (14:37 +0000)]
DOC: spoa/python: Fixing typo in IP related error messages
This commit fixes typos in the ps_python_set_var_ip* byte manipulation error
messages
This patch must be backported as far as 2.0.
(cherry picked from commit
6884742c651e65d065be9fc10cfaf258dae353f0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fad025b4f6b416928f5487c88782bef19e797d01)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6ab490e0d62c95e0e345511db2e20c6c5700902b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gilchrist Dadaglo [Tue, 8 Dec 2020 14:37:07 +0000 (14:37 +0000)]
BUG/MAJOR: spoa/python: Fixing return None
As per https://docs.python.org/3/c-api/none.html, None requires to be
incremented before being returned to prevent deallocating none
This patch must be backported as far as 2.0.
(cherry picked from commit
d5c428e761796317fdfa9c7f9bf3f6280e218a98)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
bd9abd2ca8246ef37225485298af9f59831e3af3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
1c6e7507d646c165c31de4ca46034237b249ef83)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Phil Scherer [Wed, 2 Dec 2020 19:36:08 +0000 (19:36 +0000)]
DOC/MINOR: Fix formatting in Management Guide
section numbering used '9.2)' instead of '9.2.'.
(cherry picked from commit
b931f964e13700bbf43419c05a37a503bcfb555b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e85c4cbc82a758fe84c1f18797b89797bcf2c8fc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
84edc9f68789363b3e0101031fa5508b2d07050e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 19:41:07 +0000 (20:41 +0100)]
BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
Lua allows registering multiple sample-fetches, converters, action, cli,
applet/services with the same name. This is absolutely useless since only
the first registration will be used. This patch sends a warning if the case
is encountered.
This pach could be backported until 1.8, with the 3 associated patches:
- MINOR: actions: Export actions lookup functions
- MINOR: actions: add a function returning a service pointer from its name
- MINOR: cli: add a function to look up a CLI service description
(cherry picked from commit
f67442efdb509d5d15f530a536b13f29fa7f48b7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
04cbfd7cc0138575caf53e9710a49f1ed0a2ebbd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
a9bca65df7674d2091ad753bad4e689d76a4a9db)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 19:10:08 +0000 (20:10 +0100)]
MINOR: cli: add a function to look up a CLI service description
This function will be useful to check if the keyword is already registered.
Also add a define for the max number of args.
This will be needed by a next patch to fix a bug and will have to be
backported.
(cherry picked from commit
a51a1fd17420a96bb766afbae354e041fc9e1d9b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
b2239a79344a24e0e04aaa159020e4681aadf631)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
fce9e8164b7d305eea87cd4a95b133f8cf0369cf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 18:32:14 +0000 (19:32 +0100)]
MINOR: actions: add a function returning a service pointer from its name
This function simply calls action_lookup() on the private service_keywords,
to look up a service name. This will be used to detect double registration
of a same service from Lua.
This will be needed by a next patch to fix a bug and will have to be
backported.
(cherry picked from commit
87e539906b13ed1d86684d9d3eab82b550fae02d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4b5382db22b39c168131c0d6335b0711dbb0b16d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
df7ddc887d66c2849c1d27dcd26348e5eec1aed3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 16:40:24 +0000 (17:40 +0100)]
MINOR: actions: Export actions lookup functions
These functions will be useful to check if a keyword is already registered.
This will be needed by a next patch to fix a bug, and will need to be
backported.
(cherry picked from commit
7a71a6d9d262d7a0f7c3d208ab339d469958011d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ab93f7c5d88bd43aa857043129f7997f5ad4f6c8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3f3b931f0c4cc012c56530caef7b0182a793c26b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 15:08:02 +0000 (16:08 +0100)]
BUG/MINOR: lua: Some lua init operation are processed unsafe
Operation luaL_openlibs() and lua_prepend path are processed whithout
the safe context, so in case of failure Haproxy aborts or stops without
error message.
This patch could be backported until 1.8
(cherry picked from commit
2f05cc6f86ee6beda9c42a6bb99a9a96fad37b68)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
2b7983c78dc9bb0d143280a813ea75ad985b4167)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
e1968054851cc40be520493c51be7d2bf50297c5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 10:02:58 +0000 (11:02 +0100)]
BUG/MINOR: lua: Post init register function are not executed beyond the first one
Just because if the first init is a success we return success in place
of continuing the loop.
This patch could be backported until 1.8
(cherry picked from commit
13d08b73eb99741ca5903e8414b85a1d0b919594)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5a964670d5c1bf45b7660afbfdd078f745fa0bf9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
093c9ed1f3b9ba2efe5b1c9c90276357309dd2a6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sun, 29 Nov 2020 00:06:24 +0000 (01:06 +0100)]
BUG/MINOR: lua: lua-load doesn't check its parameters
"lua-load" doesn't check if the expected parameter is present. It tries to
open() directly the argument at second position. So if the filename is
omitted, it tries to load an empty filename.
This patch could be backported until 1.8
(cherry picked from commit
77a88943d6a0d7852c25a03541d60ccf44aa5c6d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
ad6e9c5e4f1d815dbac0861458c4f228ca2d4a01)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
2a1dcc1b1c93075d477d13ec2cc271fa826fbc9e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Sat, 28 Nov 2020 23:55:53 +0000 (00:55 +0100)]
BUG/MINOR: lua: missing "\n" in error message
Just replace ".n" by "\n"
This could be backported until 1.9, but it is not so important.
(cherry picked from commit
de6145f747e38a5da455ccb8a84ebfc1cd2f517f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
518017fb119b11fa3f0ceaba3258ea237513fadc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
2a7ab9b27392cea15f36db16cdf9f1f0343c25af)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Your Name [Sat, 28 Nov 2020 15:37:14 +0000 (15:37 +0000)]
MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
As suggested by @AGSaidi in issue #958, on ARMv8 its convenient to use
an "isb" instruction in pl_cpu_relax() to improve fairness. Without it
I've met a few watchdog conditions on valid locks with 16 threads,
indicating that some threads couldn't manage to get it in 2 seconds. I
never happened again with it. In addition, the performance increased
by slightly more than 5% thanks to the reduced contention.
This should be backported as far as 2.2, possibly even 2.0.
(cherry picked from commit
1e237d037b3a45ec92d1dfa80dfd2c6bd7fc3af9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
367c1dbed1e3c5493c22e974fa01cef0f5238ebc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
909dc3e911d1fba2317b2a1f77895932e3a7da60)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 24 Nov 2020 16:13:24 +0000 (17:13 +0100)]
DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
req.hdrs and req.hdrs_bin are L7 sample fetches, not L6. They were in the wrong
section.
This patch may be backported as far as 1.8.
(cherry picked from commit
687a68e2d04900e84317d066de80891a7f848747)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit
2616784a08c83f65b0e451bba8dcba5a844e8dac)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5e3d0a0c0a4b3ca32dd11c82276750e880c4ed34)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Maciej Zdeb [Thu, 26 Nov 2020 10:45:52 +0000 (10:45 +0000)]
DOC: Clarify %HP description in log-format
%HP is used to report HTTP request URI in logs, which might be relative
or absolute. Description in documentation should not suggest that it
behaves exactly the same as "path" sample fetch.
This is even more important after
30ee1efe676e8264af16bab833c621d60a72a4d7
because right now, when HTTP2 is a standard, %HP usually returns absolute
URI.
This might be backported as far as 2.1
(cherry picked from commit
21acc33266cc04eac5e70c22839d622284a6f46a)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit
f9f0f94f6a5c281d0f02056951fac098585537a5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0930d35b53706baff84361320b1571ec0473ba0f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Thu, 26 Nov 2020 16:06:04 +0000 (17:06 +0100)]
BUG/MAJOR: peers: fix partial message decoding
Another bug in the peers message parser was uncovered by last commit
1dfd4f106 ("BUG/MEDIUM: peers: fix decoding of multi-byte length in
stick-table messages"): the function return on incomplete message does
not check if the channel has a pending close before deciding to return
0. It did not hurt previously because the loop calling co_getblk() once
per character would have depleted the buffer and hit the end, causing
<0 to be returned and matching the condition. But now that we process
at once what is available this cannot be relied on anymore and it's
now clearly visible that the final check is missing.
What happens when this strikes is that if a peer connection breaks in
the middle of a message, the function will return 0 (missing data) but
the caller doesn't check for the closed buffer, subscribes to reads,
and the applet handler is immediately called again since some data are
still available. This is detected by the loop prevention and the process
dies complaining that an appctx is spinning.
This patch simply adds the check for closed channel. It must be
backported to the same versions as the fix above.
(cherry picked from commit
345ebcfc010e397cb718400a32b4db845dda7a2f)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit
46af74a61973413d417b2e7e6741dd0469317c58)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
cafa1e274b11c6994e480bec8235ed4d778c1e62)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 24 Nov 2020 08:49:01 +0000 (09:49 +0100)]
BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
When at least one data filter is registered on a channel, the offsets of all
filters must be kept up to date. For data filters but also for others. It is
safer to do it in that way. Indirectly, this patch fixes 2 hidden bugs
revealed by the commit
22fca1f2c ("BUG/MEDIUM: filters: Forward all filtered
data at the end of http filtering").
The first one, the worst of both, happens at the end of http filtering when
at least one data filtered is registered on the channel. We call the
http_end() callback function on the filters, when defined, to finish the
http filtering. But it is performed for all filters. Before the commit
22fca1f2c, the only risk was to call the http_end() callback function
unexpectedly on a filter. Now, we may have an overflow on the offset
variable, used at the end to forward all filtered data. Of course, from the
moment we forward an arbitrary huge amount of data, all kinds of bad things
may happen. So offset computation is performed for all filters and
http_end() callback function is called only for data filters.
The other one happens when a data filter alter the data of a channel, it
must update the offsets of all previous filters. But the offset of non-data
filters must be up to date, otherwise, here too we may have an integer
overflow.
Another way to fix these bugs is to always ignore non-data filters from the
offsets computation. But this patch is safer and probably easier to
maintain.
This patch must be backported in all versions where the above commit is. So
as far as 2.0.
(cherry picked from commit
401e6dbff3ee0b1932f6a16e3f280246752a7edf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
bd2dc87051aafe9c415c32673c37c3b02f5acf10)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
bb96e0b885e44b8f5e4084e657a8bc50a60de8bd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 16 Nov 2020 15:03:35 +0000 (16:03 +0100)]
BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
CONNECT requests are bodyless messages but with no EOM blocks. Thus, conditions
to stop waiting for the message payload are not suited to this kind of
messages. Indeed, the message finishes on an EOH block. But the tunnel mode at
the stream level is only set in HTTP_XFER_BODY analyser. So, the stream is
blocked, waiting for a body that does not exist till a timeout expires.
To fix this bug, we just stop waiting for a body for CONNECT requests. Another
solution is to rely on HTX_SL_F_BODYLESS/HTTP_MSGF_BODYLESS flags. But this one
is less intrusive.
This message must be backported as far as 2.0. For the 2.0, only the HTX part
must be fixed.
(cherry picked from commit
63c69a9b4ef1136c66967463b9e4b3538e35c016)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9ded6fab3298e5974a1fd7c0eb4491ff3fef3987)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
1e6896eb4c0a4d39a3ae6d746d6d1f671696041c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Mon, 16 Nov 2020 09:10:38 +0000 (10:10 +0100)]
BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
When http filtering ends, if there are some filtered data not forwarded yet, we
forward them, in flt_http_end(). Most of time, this doesn't happen, except when
a tunnel is established using a CONNECT. In this case, there is not EOM on the
request and there is no body. Thus the headers are never forwarded, blocking the
stream.
This patch must be backported as far as 2.0. Prior versions don't suffer of this
bug because there is no HTX support. On the 2.0, the change is only applicable
on HTX streams. A special test must be performed to make sure.
(cherry picked from commit
22fca1f2c84334096e38d78ffc674be19c3e0292)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
44ba5dbe6ee29b7c37630bca57a2f2c1fd1daa35)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4986f0fbc882c132a174464c7a12314ca9f48846)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 6 Nov 2020 13:24:02 +0000 (14:24 +0100)]
BUILD: http-htx: fix build warning regarding long type in printf
Commit
a66adf41e ("MINOR: http-htx: Add understandable errors for the
errorfiles parsing") added a warning when loading malformed error files,
but this warning may trigger another build warning due to the %lu format
used. Let's simply cast it for output since it's just used for end user
output.
This must be backported to 2.0 like the commit above.
(cherry picked from commit
431a12cafeeec7300b7cea7e19b892d4e8c4900d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
37b9630d0a93ff2ffc89a85a095e41db72de1c5b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
5d74de59f9428b2e1a3a8b58505bf9e7d187ea76)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Eric Salama [Fri, 13 Nov 2020 14:56:36 +0000 (15:56 +0100)]
MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
This should fix issue GH #931.
Also remove a misleading comment.
This commit can be backported as far as 1.9
(cherry picked from commit
9139ec34ed7aae4fe63926ca5c87a5b32b376488)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
6057016df764c7e7f218dcdd39d024ef65cd1d43)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3f2053a0a243690afa685011e3e04458869567e8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 10 Nov 2020 13:31:39 +0000 (14:31 +0100)]
MINOR: spoe: Don't close connection in sync mode on processing timeout
In sync mode, if an applet receives a ack while the processing delay has already
expired, there is not frame waiting for this ack. But there is no reason to
close the connection in this case. The ack may be ignored and the connection may
be reused to process another frame. The only reason to trigger an error and
close the connection is when the wrong ack is received while there is still a
frame waiting for its ack. In sync mode, this should never happen.
This patch may be backported in all versions supporting the SPOE.
(cherry picked from commit
c7ba91039a7b0703971efd791ca2ca609afedb96)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d9eb3c3de3211478b512ee7f8e548bb78211adf5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3217a352a6d99b3b23b2f552aa7505a64389ac1e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Tue, 10 Nov 2020 17:45:34 +0000 (18:45 +0100)]
BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
When a SPOE applet is used to send a frame, a reference on this applet is saved
in the spoe context of the offladed stream. But, if the applet is released
before receving the corresponding ack, we must be sure to remove this
reference. This was performed for fragmented frames only. But it must also be
performed for a spoe contexts in the applet waiting_queue and in the thread
waiting_queue (used in async mode).
This bug leads to a memory corruption when an offloaded stream try to update the
state of a released applet because it still have a reference on it. There are
many ways to trigger this bug. The easiest is probably during reloads. On the
old process, all applets are woken up to be released ASAP.
Many thanks to Maciej Zdeb to report the bug and to work on it for 2
months. Without his help, it would have been much more difficult to fix the
bug. It is always a huge pleasure to see how some users are enthousiast and
helpful. Thanks again Maciej !
This patch must be backported to all versions where the spoe is supported (>=
1.7).
(cherry picked from commit
cf181c76e341f2d49f6cae0ca8200158058073f1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
abe894d2c91da5f57ae7704eba59c41b409fc1a0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
a2cf638010c841aa28c9d5a3ef57155fdc74cff5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 13 Nov 2020 12:41:04 +0000 (13:41 +0100)]
BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
req.cook, req.cook_val, req.cook_cnt and and their response counterparts may be
called without cookie name. In this case, empty parentheses may be used, or no
parentheses at all. In both, the result must be the same. But only the first one
works. The second one always returns a failure. This patch fixes this bug.
Note that on old versions (< 2.2), both cases fail.
This patch must be backported in all stable versions.
(cherry picked from commit
97fc8da2643531ade4163d6662f13f76fa59d677)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
934630a682fc4b5fb4902c254de17fcbe2ac84ee)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d6e7b958dfde326932e63a5840e4f2623fb76505)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Maciej Zdeb [Fri, 13 Nov 2020 09:38:06 +0000 (09:38 +0000)]
BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
HTTP sample fetches dealing with the cookies (req/res.cook,
req/res.cook_val and req/res.cook_cnt) must be prepared to be called
without cookie name. For the first two, the first cookie value is
returned, regardless its name. For the last one, all cookies are counted.
To do so, http_extract_cookie_value() may now be called with no cookie
name (cookie_name_l set to 0). In this case, the matching on the cookie
name is ignored and the first value found is returned.
Note this patch also fixes matching on cookie values in ACLs.
This should be backported in all stable versions.
(cherry picked from commit
dea7c209f8a77b471323dd97bdc1ac4d7a17b812)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
8cac341124e2b79c2a924ad186a114b39546298e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
02b89eadd7a7ddbaad88c5725b0a215d2d8c1d81)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Willy Tarreau [Fri, 13 Nov 2020 13:10:20 +0000 (14:10 +0100)]
BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
There is a bug in peer_recv_msg() due to an incorrect cast when trying
to decode the varint length of a stick-table message, causing lengths
comprised between 128 and 255 to consume one extra byte, ending in
protocol errors. The root cause of this is that peer_recv_msg() tries
hard to reimplement all the parsing and control that is already done in
intdecode() just to measure the length before calling it. And it got it
wrong.
Let's just get rid of this unneeded code duplication and solely rely on
intdecode() instead. The bug was introduced in 2.0 as part of a cleanup
pass on this code with commit
95203f218 ("MINOR: peers: Move high level
receive code to reduce the size of I/O handler."), so this patch must
be backported to 2.0.
Thanks to Yves Lafon for reporting the problem.
(cherry picked from commit
1dfd4f106f15bc4e6e992f8babbc863c12975b5a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
d4913917c6e471b1d18c0574711768b3b47ea151)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
13bd9d4ef093df43e74d44f14a24f0ad25b170d8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Frédéric Lécaille [Thu, 12 Nov 2020 20:01:54 +0000 (21:01 +0100)]
BUG/MINOR: peers: Missing TX cache entries reset.
The TX part of a cache for a dictionary is made of an reserved array of ebtree nodes
which are pointers to dictionary entries. So when we flush the TX part of such a
cache, we must not only remove these nodes to dictionary entries from their ebtree.
We must also reset their values. Furthermore, the LRU key and the last lookup
result must also be reset.
(cherry picked from commit
ea875e62e6b2f69c50533c5cd52eb5284c69723f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9650ee94b3cc5bc2e6c2a7cf67ef66c0273c1404)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c65161466af0bbf1cce39727ffff1bbaefcfa9ec)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Frédéric Lécaille [Thu, 12 Nov 2020 18:53:11 +0000 (19:53 +0100)]
BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
If we could not decode the ID of a dictionary entry from a peer update message,
we must inform the remote peer about such an error as this is done for
any other decoding error.
(cherry picked from commit
f9e51beec118f1bbd558ed689fdad35046160529)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
cd24d5cfbe58bf2b25a76d077a0923053cbf7838)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
c4b0ea55b105ae65d9580e7b915460645f0be2fa)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Tue, 10 Nov 2020 19:38:20 +0000 (20:38 +0100)]
BUG/MINOR: lua: set buffer size during map lookups
This size is used by some pattern matching to determine if there
is sufficient room in the buffer to add final \0 if necessary.
If the size is not set, the conditions use uninitialized value.
Note: it seems this bug can't cause a crash.
Should be backported until 2.2 (at least)
(cherry picked from commit
91dc0c0d8fdc2fb091b49699ebb323d01aa1d9f6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
66e9ff531481d6a043ea402cb303f36b3d9ca9e1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
4fa0bdfbb3357af1d08b55ed5f7db912225c25f3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Thierry Fournier [Tue, 10 Nov 2020 19:51:36 +0000 (20:51 +0100)]
BUG/MINOR: pattern: a sample marked as const could be written
The functions add final 0 to string if the final 0 is not set,
but don't check the flag CONST. This patch duplicates the strings
if the final zero is not set and the string is CONST.
Should be backported until 2.2 (at least)
(cherry picked from commit
a68affeaa9377f88f773ef62a9bb2541dfb672d3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
9633f444ac3ae540f6ce5dd0b0880fb40fabe9d5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
b982485900e4f20f9c4a0ef2521da1c223acb30d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Fri, 6 Nov 2020 08:33:36 +0000 (09:33 +0100)]
BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L
During startup, when an errorfile is parsed, if its payload does not match the
announced content-length, an error is triggered. This change was introduced in
the 2.3, which is ok. But for a stable release it may be seen as a
regression. Thus, now a warning is emitted, instead of an error. And the
content-length header is updated with the real payload length.
This patch depends on
58f55acf4e ("MINOR: http-htx: Add understandable errors
for the errorfiles parsing"). Both must be backported as far as 2.0. This bug
only exists in the 2.2, 2.1 and 2.0. Thus, there is no upstream commit ID for
this patch.
(cherry picked from commit
7bf3d81d3cf4b9f4587cee061c2ef4a533125002)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Thu, 5 Nov 2020 21:43:41 +0000 (22:43 +0100)]
MINOR: http-htx: Add understandable errors for the errorfiles parsing
No details are provided when an error occurs during the parsing of an errorfile,
Thus it is a bit hard to diagnose where the problem is. Now, when it happens, an
understandable error message is reported.
This patch is not a bug fix in itself. But it will be required to change an
fatal error into a warning in last stable releases. Thus it must be backported
as far as 2.0.
(cherry picked from commit
a66adf41ea28a0fa29437d1675f225b5cc589b59)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
3a10710b777370ef36763b8b6658ae63ef5c4ec4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
58f55acf4eafd19ed35ad8506064198229ba69c3)
[cf: Adapted for the 2.1]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Christopher Faulet [Thu, 5 Nov 2020 14:40:11 +0000 (15:40 +0100)]
[RELEASE] Released version 2.1.10
Released version 2.1.10 with the following main changes :
- BUG/MEDIUM: ssl: crt-list negative filters don't work
- MINOR: ssl: reach a ckch_store from a sni_ctx
- BUILD: makefile: Fix building with closefrom() support enabled
- BUG/MINOR: Fix several leaks of 'log_tag' in init().
- DOC: tcp-rules: Refresh details about L7 matching for tcp-request content rules
- BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe
- MINOR: counters: fix a typo in comment
- BUG/MINOR: stats: fix validity of the json schema
- MINOR: hlua: Display debug messages on stderr only in debug mode
- BUG/MINOR: peers: Inconsistency when dumping peer status codes.
- BUG/MINOR: mux-h1: Always set the session on frontend h1 stream
- BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams
- BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams
- BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
- BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited
- BUG/MINOR: mux-h2: do not stop outgoing connections on stopping
- MINOR: fd: report an error message when failing initial allocations
- BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once
- BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
- BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages
- BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn
- BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions.
- BUILD: ssl: make BoringSSL use its own version numbers
- BUG/MINOR: disable dynamic OCSP load with BoringSSL
- BUG/MEDIUM: ssl: OCSP must work with BoringSSL
- BUG/MINOR: queue: properly report redistributed connections
- BUG/MEDIUM: server: support changing the slowstart value from state-file
- BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests
- BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible
- BUG/MINOR: extcheck: add missing checks on extchk_setenv()
- BUG/MINOR: log: fix memory leak on logsrv parse error
- BUG/MINOR: server: fix srv downtime calcul on starting
- BUG/MINOR: server: fix down_time report for stats
- BUG/MINOR: lua: initialize sample before using it
- MINOR: ist: Add a case insensitive istmatch function
- BUG/MINOR: cache: Manage multiple values in cache-control header value
- BUG/MINOR: cache: Inverted variables in http_calc_maxage function
- BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
- BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies
- BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup
- MINOR: server: Copy configuration file and line for server templates
- BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
- BUG/MINOR: filters: Skip disabled proxies during startup only
- BUG/MEDIUM: stick-table: limit the time spent purging old entries
- CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream
Christopher Faulet [Tue, 3 Nov 2020 17:25:52 +0000 (18:25 +0100)]
CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream
Since the h2 multiplexer no longer relies on the legacy HTTP representation, and
uses exclusively the HTX, the H1 parser state (h1m) is no longer used by the h2
streams. Thus it can be removed.
This patch may be backported as far as 2.1.
(cherry picked from commit
fafd1b0a5b3b6ee0c7d7dd288629c992fc63ef10)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
aa3c7001cb32cd9c5bb7b5258459bb971e956438)
[wt: include file is in common/h1.h in 2.1]
Signed-off-by: Willy Tarreau <w@1wt.eu>
Willy Tarreau [Tue, 3 Nov 2020 16:47:41 +0000 (17:47 +0100)]
BUG/MEDIUM: stick-table: limit the time spent purging old entries
An interesting case was reported with threads and moderately sized
stick-tables. Sometimes the watchdog would trigger during the purge.
It turns out that the stick tables were sized in the 10s of K entries
which is the order of magnitude of the possible number of connections,
and that threads were used over distinct NUMA nodes. While at first
glance nothing looks problematic there, actually there is a risk that
a thread trying to purge the table faces 100% of entries still in use
by a connection with (ts->ref_cnt > 0), and ends up scanning the whole
table, while other threads on the other NUMA node are causing the
cache lines to bounce back and forth and considerably slow down its
progress to the point of possibly spending hundreds of milliseconds
there, multiplied by the number of queued threads all failing on the
same point.
Interestingly, smaller tables would not trigger it because the scan
would be faster, and larger ones would not trigger it because plenty
of entries would be idle!
The most efficient solution is to increase the table size to be large
enough for this never to happen, but this is not reliable. We could
have a parallel list of idle entries but that would significantly
increase the storage and processing cost only to improve a few rare
corner cases.
This patch takes a more pragmatic approach, it considers that it will
not visit more than twice the number of nodes to be deleted, which
means that it accepts to fail up to 50% of the time. Given that very
small batches are programmed each time (1/256 of the table size), this
means the operation will finish quickly (128 times faster than now),
and will reduce the inter-thread contention. If this needs to be
reconsidered, it will probably mean that the batch size needs to be
fixed differently.
This needs to be backported to stable releases which extensively use
threads, typically 2.0.
Kudos to Nenad Merdanovic for figuring the root cause triggering this!
(cherry picked from commit
dfe79251dab0346fe4c71e7e3da7bb87d41c880c)
Signed-off-by: Willy Tarreau <w@1wt.eu>
Christopher Faulet [Tue, 3 Nov 2020 15:40:37 +0000 (16:40 +0100)]
BUG/MINOR: filters: Skip disabled proxies during startup only
This partially reverts the patch
400829cd2 ("BUG/MEDIUM: filters: Don't try to
init filters for disabled proxies"). Disabled proxies must not be skipped in
flt_deinit() and flt_deinit_all_per_thread() when HAProxy is stopped because,
obvioulsy, at this step, all proxies appear as disabled (or stopped, it is the
same state). It is safe to do so because, during startup, filters declared on
disabled proxies are removed. Thus they don't exist anymore during shutdown.
This patch must be backported in all versions where the patch above is.
(cherry picked from commit
743bd6adc8a7657b324ac59376311d23d65bb4ed)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
59e7ab350d06542493d4da0467da8738c406dde8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
projects / haproxy-2.1.git / log