tcp log srv_queue meaning

Hi, I tried to figure out the srv_queue meaning in tcp log, I searched google and mailing-list but without any result. The document says "srv_queue" is the total number of requests which were processed before this one in the server queue. It is zero when the request has not gone through

Re: Problems with SNI config

Thanks for the suggestion, Brian! First off, IUS *IS* actually on our allowed list, so I upgraded to the IUS haproxy RPM v1.7.3 (Our local repo copy does not have 1.7.4 sync'd into it yet - I didn't even realize haproxy was in the IUS repo). I also converted my configuration to be like you

RE: Problems with SNI config

I’ve not tried using ACLs in curly brackets like you are, but I can confirm that this configuration works for me acl name1 hdr(host) -i www.example.org acl name2 hdr(host) -i www.example-other.org use_backend backend1 if name1 use_backend

Problems with SNI config

Hello all! I'm trying to convert an Apache reverse proxy setup over to using HAProxy, but am running into issues with SNI. I followed http://stuff-things.net/2016/11/30/haproxy-sni/ to set this up, but it's not working, and I have not yet been able to figure out why. HAProxy version: 1.5.4-3

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 05:10 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: > >> Sure, here it is ;P > >> > >> I now get a segfault (on reload): > >> > >> *** Error in `/usr/sbin/haproxy':

Re: [RFC][PATCHES] seamless reload

On 04/13/2017 05:10 PM, Olivier Houchard wrote: > On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: >> Sure, here it is ;P >> >> I now get a segfault (on reload): >> >> *** Error in `/usr/sbin/haproxy': corrupted double-linked list: >> 0x05b511e0 *** >> >> Here is the

Re: Lua memory allocator

On Thu, Apr 13, 2017 at 05:02:54PM +0200, Willy Tarreau wrote: > On Thu, Apr 13, 2017 at 12:37:19PM +0200, Thierry Fournier wrote: > > Good catch. I read the code of the Lua function luaL_newstate, and I > > approve your change because this function dos exactly the same job, but > > with a libc

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: > Sure, here it is ;P > > I now get a segfault (on reload): > > *** Error in `/usr/sbin/haproxy': corrupted double-linked list: > 0x05b511e0 *** > > Here is the backtrace, retrieved from the core file: > > (gdb) bt > #0

Re: Lua memory allocator

On Thu, Apr 13, 2017 at 12:37:19PM +0200, Thierry Fournier wrote: > Good catch. I read the code of the Lua function luaL_newstate, and I > approve your change because this function dos exactly the same job, but > with a libc memory allocator. Note that a few lines after after your patch > (about

Re: [RFC][PATCHES] seamless reload

On 04/13/2017 03:50 PM, Olivier Houchard wrote: > On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote: >> >> >> On 04/13/2017 02:28 PM, Olivier Houchard wrote: >>> On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: On 04/13/2017 11:31 AM, Olivier Houchard wrote:

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote: > > > On 04/13/2017 02:28 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 11:31 AM, Olivier Houchard wrote: > >>> On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad

Re: Propagating agent-check weight change to tracking servers

Hi again Michal, So in the end I already had to revert your latest patch, I should have been more careful before merging it. > We need some CI (even if they will only build haproxy) and IMHO people with > @haproxy.com mails should test their code before posting and merging :( Thus please let me

Re: [RFC][PATCHES] seamless reload

On 04/13/2017 02:28 PM, Olivier Houchard wrote: > On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: >> On 04/13/2017 11:31 AM, Olivier Houchard wrote: >>> On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: Hi Olivier, On 04/12/2017 06:09 PM, Olivier

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 11:31 AM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > >> Hi Olivier, > >> > >> On 04/12/2017 06:09 PM, Olivier Houchard wrote: > >>> On Wed, Apr 12, 2017 at

Re: Propagating agent-check weight change to tracking servers

Hello Michal, On 04/11/2017 04:41 PM, Michał wrote: Hello Willy, So I'm fighting with dba97077 made by Frédéric Lécaille - it broke many things. This patch broke haproxy non-transparent builds. Thanks to Steven Davidovitz, Pavlos Parissis and David Carlier for having promptly helped in

Re: ModSecurity: First integration patches

Le 13/04/2017 à 12:53, Thierry Fournier a écrit : On 13 Apr 2017, at 12:28, Willy Tarreau wrote: On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: .) the patches apply only on haproxy 1.8 because some files does not exists on 1.7 ( e. g. include/proto/spoe.h )

Re: [RFC][PATCHES] seamless reload

On 04/13/2017 11:31 AM, Olivier Houchard wrote: > On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: >> Hi Olivier, >> >> On 04/12/2017 06:09 PM, Olivier Houchard wrote: >>> On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: On Wed, Apr 12, 2017 at 05:30:17PM

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 12:28, Willy Tarreau wrote: > > On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: >>> .) the patches apply only on haproxy 1.8 because some files does not exists >>> on 1.7 ( e. g. include/proto/spoe.h ) >> >> >> Ok. I think that SPOE was

Re: Lua memory allocator

> On 12 Apr 2017, at 23:30, Willy Tarreau wrote: > > Thierry, > > while instrumenting my malloc/free functions to debug a problem, I was > hit by a malloc/realloc inconsistency in the Lua allocator. The problem > is that luaL_newstate() uses malloc() to create its first objects

Re: ModSecurity: First integration patches

On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: > > .) the patches apply only on haproxy 1.8 because some files does not exists > > on 1.7 ( e. g. include/proto/spoe.h ) > > > Ok. I think that SPOE was introduced in 1.7, obviously I'm wrong. No, it was introduced in 1.7 but

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 02:06, Aleksandar Lazic wrote: > > > > Am 12-04-2017 23:33, schrieb Aleksandar Lazic: >> Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: >>> On Wed, 12 Apr 2017 21:21:58 +0200 >>> Aleksandar Lazic wrote: > > [snipp] >

Suggestion for ACL groups

Hi, lately I had to define multiple acls in our pfsense box runnign HaProxy 1.6.x. The challenge was to configure a frontend with multiple URLs as ACLs and also limit IPs to some URLs and some other avaiable to any or a different set of IPs. Example: a_url1 --> host match

Re: Propagating agent-check weight change to tracking servers

Hi Michal, so I've merged your patch now eventhough I'm still not totally convinced it's a good idea, I continue to think it will lead to some surprizes. Regarding your point below : > E.g. you can't use "source", because that patch broke it. I'm curious how > many other stuff got broken with

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > Hi Olivier, > > On 04/12/2017 06:09 PM, Olivier Houchard wrote: > > On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > >> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > >>> Hi again, > >>> >

Re: [RFC][PATCHES] seamless reload

Hi Olivier, On 04/12/2017 06:09 PM, Olivier Houchard wrote: > On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: >> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: >>> Hi again, >>> >>> so I tried to get this to work, but didn't manage yet. I also don't quite >>>

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 12, 2017 at 07:41:43PM +0200, Olivier Houchard wrote: > + if (default_tcp_maxseg == -1) { > + default_tcp_maxseg = -2; > + fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); > + if (fd < 0) > + Warning("Failed to create a