Hi Willy,
I tried to enable tfo on the bind line today, however, it failed even on
recent kernels for me.
At first it was failing with:
[ALERT] 042/223418 (1141) : parsing [haproxy.cfg:14] : 'bind *:1234' unknown
keyword 'tfo'. Registered keywords :
Since this pointed to a trivial parser issue, I checked the code and believe
to have fixed that particular issue by adding a missing tfo related line in
src/proto_tcp.c (NULL parse function):
(yes, this patch is mangled too, but it didn't fix all the issues anyway)
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 60b111c..3d3c678 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1910,6 +1910,7 @@ static struct bind_kw_list bind_kws = { "TCP", { }, {
{ "defer-accept", NULL, 0 },
{ "interface", NULL, 1 },
{ "mss", NULL, 1 },
+ { "tfo", NULL, 0 },
{ "transparent", NULL, 0 },
{ "v4v6", NULL, 0 },
{ "v6only", NULL, 0 },
The patch did fix the error message above, but after that, tfo still doesn't
work and haproxy fails with "'tfo' option is not implemented in this version
(check build options)".
I don't see any obvious errors with my config (kernel is 3.8-rc7 and
/proc/sys/net/ipv4/tcp_fastopen is set to 2, haproxy is latest snapshot).
Exact error message, build options, and strace (after applying the patch
above):
lukas@ubuntuvm:~/haproxy-ss-20130125$ sudo ./haproxy -f haproxy.cfg -c
[ALERT] 043/000311 (2004) : parsing [haproxy.cfg:14] : 'bind :1234' : 'tfo'
option is not implemented in this version (check build options).
[ALERT] 043/000311 (2004) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 043/000311 (2004) : Fatal errors found in configuration.
lukas@ubuntuvm:~/haproxy-ss-20130125$ sudo ./haproxy -vv
HA-Proxy version 1.5-ss-20130125 2013/01/25
Copyright 2000-2012 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno-strict-aliasing
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1 14 Mar 2012
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
lukas@ubuntuvm:~/haproxy-ss-20130125$ cat /proc/sys/net/ipv4/tcp_fastopen
2
lukas@ubuntuvm:~/haproxy-ss-20130125$ cat /proc/version
Linux version 3.8.0-030800rc7-generic (root@gomeisa) (gcc version 4.6.3
(Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201302081635 SMP Fri Feb 8 21:36:17 UTC 2013
lukas@ubuntuvm:~/haproxy-ss-20130125$
root@ubuntuvm:/home/lukas/haproxy-ss-20130125# strace ./haproxy -f haproxy.cfg
-c
execve("./haproxy", ["./haproxy", "-f", "haproxy.cfg", "-c"], [/* 16 vars */])
= 0
brk(0) = 0x20ad000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde9000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=22502, ...}) = 0
mmap(NULL, 22502, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6edcde3000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\n\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=43288, ...}) = 0
mmap(NULL, 2327040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edc990000
mprotect(0x7f6edc999000, 2097152, PROT_NONE) = 0
mmap(0x7f6edcb99000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f6edcb99000
mmap(0x7f6edcb9b000, 184832, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6edcb9b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P \0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0644, st_size=92720, ...}) = 0
mmap(NULL, 2187824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edc779000
mprotect(0x7f6edc78f000, 2093056, PROT_NONE) = 0
mmap(0x7f6edc98e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f6edc98e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220)\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=374608, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde2000
mmap(NULL, 2469936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edc51d000
mprotect(0x7f6edc56f000, 2097152, PROT_NONE) = 0
mmap(0x7f6edc76f000, 36864, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x52000) = 0x7f6edc76f000
mmap(0x7f6edc778000, 48, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6edc778000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\367\5\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1852792, ...}) = 0
mmap(NULL, 3963320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edc155000
mprotect(0x7f6edc2f4000, 2093056, PROT_NONE) = 0
mmap(0x7f6edc4f3000, 155648, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19e000) = 0x7f6edc4f3000
mmap(0x7f6edc519000, 14776, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6edc519000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libpcreposix.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\t\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=10264, ...}) = 0
mmap(NULL, 2105440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edbf52000
mprotect(0x7f6edbf54000, 2093056, PROT_NONE) = 0
mmap(0x7f6edc153000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f6edc153000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\30\2\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1811128, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde1000
mmap(NULL, 3925208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edbb93000
mprotect(0x7f6edbd48000, 2093056, PROT_NONE) = 0
mmap(0x7f6edbf47000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b4000) = 0x7f6edbf47000
mmap(0x7f6edbf4d000, 17624, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6edbf4d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14768, ...}) = 0
mmap(NULL, 2109704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edb98f000
mprotect(0x7f6edb991000, 2097152, PROT_NONE) = 0
mmap(0x7f6edbb91000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f6edbb91000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\25\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=247896, ...}) = 0
mmap(NULL, 2343080, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6edb752000
mprotect(0x7f6edb78e000, 2093056, PROT_NONE) = 0
mmap(0x7f6edb98d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3b000) = 0x7f6edb98d000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde0000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcddf000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcdde000
arch_prctl(ARCH_SET_FS, 0x7f6edcddf700) = 0
mprotect(0x7f6edbf47000, 16384, PROT_READ) = 0
mprotect(0x7f6edb98d000, 4096, PROT_READ) = 0
mprotect(0x7f6edbb91000, 4096, PROT_READ) = 0
mprotect(0x7f6edc153000, 4096, PROT_READ) = 0
mprotect(0x7f6edc98e000, 4096, PROT_READ) = 0
mprotect(0x7f6edc4f3000, 110592, PROT_READ) = 0
mprotect(0x7f6edc76f000, 12288, PROT_READ) = 0
mprotect(0x7f6edcb99000, 4096, PROT_READ) = 0
mprotect(0x689000, 4096, PROT_READ) = 0
mprotect(0x7f6edcdeb000, 4096, PROT_READ) = 0
munmap(0x7f6edcde3000, 22502) = 0
brk(0) = 0x20ad000
brk(0x20ce000) = 0x20ce000
uname({sys="Linux", node="ubuntuvm", ...}) = 0
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2652, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2652, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde8000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096)
= 2652
lseek(3, -1701, SEEK_CUR) = 951
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10\0\0\0\0"...,
4096) = 1701
close(3) = 0
munmap(0x7f6edcde8000, 4096) = 0
getpid() = 2125
open("haproxy.cfg", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=621, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6edcde8000
read(3, "global\n maxconn 70000\n "..., 4096) = 621
write(2, "[ALERT] 043/001428 (2125) : ", 28[ALERT] 043/001428 (2125) : ) = 28
write(2, "parsing [haproxy.cfg:14] : 'bind"..., 113parsing [haproxy.cfg:14] :
'bind :1234' : 'tfo' option is not implemented in this version (check build
options).
) = 113
brk(0x20ef000) = 0x20ef000
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f6edcde8000, 4096) = 0
write(2, "[ALERT] 043/001428 (2125) : ", 28[ALERT] 043/001428 (2125) : ) = 28
write(2, "Error(s) found in configuration "..., 51Error(s) found in
configuration file : haproxy.cfg
) = 51
write(2, "[ALERT] 043/001428 (2125) : ", 28[ALERT] 043/001428 (2125) : ) = 28
write(2, "Fatal errors found in configurat"..., 37Fatal errors found in
configuration.
) = 37
exit_group(1) = ?
root@ubuntuvm:/home/lukas/haproxy-ss-20130125#
I'm not sure whats missing here ... any help would be appreciated.
btw: 2 minor cosmetic issues about the tfo commit :
- support for server side TFO was actually introduced in linux-3.7,
linux-3.6 just has TFO client support: doc/configuration.txt and
a code comment in include/types/listener.h will need to be updated
- a small copy&paste issue in src/proto_tcp.c: the code comment above
"static int bind_parse_tfo" actually indicates the defer-accept
keyword, not the tfo keyword.
If you want I can send patches, but I will have to fix the mailer first.
Lukas
