Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2018-08-18 00:06:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Sat Aug 18 00:06:17 2018 rev:64 rq:629892 version:1.8.13~git4.c1bfcd00 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2018-07-06 10:48:20.434801390 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2018-08-18 00:06:26.891496554 +0200 @@ -1,0 +2,35 @@ +Thu Aug 16 07:08:12 UTC 2018 - [email protected] + +- Update to version 1.8.13~git4.c1bfcd00: + * MINOR: dns: new DNS options to allow/prevent IP address duplication + * MINOR: dns: fix wrong score computation in dns_get_ip_from_response + * BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections + * BUG/MEDIUM: servers: check the queues once enabling a server + * MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed + * BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number + * MINOR: threads: move "nbthread" parsing to hathreads.c + * BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS + * BUG/MINOR: threads: Handle nbthread == MAX_THREADS. + * BUG/MINOR: config: stick-table is not supported in defaults section + * BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever + * BUG/MEDIUM: threads/sync: use sched_yield when available + * BUG/MINOR: servers: Don't make "server" in a frontend fatal. + * BUG/MEDIUM: stats: don't ask for more data as long as we're responding + * BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full + * MINOR: h2: add the error code and the max/last stream IDs to "show fd" + * BUG/MEDIUM: threads: Fix the exit condition of the thread barrier + * MINOR: debug: Add checks for conn_stream flags + * MINOR: debug: Add check for CO_FL_WILL_UPDATE + * BUG/MINOR: http: Set brackets for the unlikely macro at the right place + * BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout + * BUG/MEDIUM: h2: never leave pending data in the output buffer on close + * BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess + * MINOR: h2: add the mux and demux buffer lengths on "show fd" + * MINOR: h2: keep a count of the number of conn_streams attached to the mux + * BUG/MINOR: h2: remove accidental debug code introduced with show_fd function + * MINOR: h2: implement a basic "show_fd" function + * MINOR: mux: add a "show_fd" function to dump debugging information for "show fd" + * BUG/MINOR: ssl: properly ref-count the tls_keys entries + * MINOR: systemd: consider exit status 143 as successful + +------------------------------------------------------------------- Old: ---- haproxy-1.8.12~git0.8a200c71.tar.gz New: ---- haproxy-1.8.13~git4.c1bfcd00.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.89jpTK/_old 2018-08-18 00:06:27.495498364 +0200 +++ /var/tmp/diff_new_pack.89jpTK/_new 2018-08-18 00:06:27.499498376 +0200 @@ -40,7 +40,7 @@ %bcond_without apparmor Name: haproxy -Version: 1.8.12~git0.8a200c71 +Version: 1.8.13~git4.c1bfcd00 Release: 0 # # ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.89jpTK/_old 2018-08-18 00:06:27.539498495 +0200 +++ /var/tmp/diff_new_pack.89jpTK/_new 2018-08-18 00:06:27.539498495 +0200 @@ -5,4 +5,4 @@ <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param> <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> - <param name="changesrevision">8a200c71bd0848752b71a1aed5727563962b3a1a</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">c1bfcd002f54d1d84a99282d13f875c2649f3d70</param></service></servicedata> \ No newline at end of file ++++++ haproxy-1.8.12~git0.8a200c71.tar.gz -> haproxy-1.8.13~git4.c1bfcd00.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/CHANGELOG new/haproxy-1.8.13~git4.c1bfcd00/CHANGELOG --- old/haproxy-1.8.12~git0.8a200c71/CHANGELOG 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/CHANGELOG 2018-08-09 05:59:42.000000000 +0200 @@ -1,6 +1,36 @@ ChangeLog : =========== +2018/07/30 : 1.8.13 + - MINOR: systemd: consider exit status 143 as successful + - BUG/MINOR: ssl: properly ref-count the tls_keys entries + - MINOR: mux: add a "show_fd" function to dump debugging information for "show fd" + - MINOR: h2: implement a basic "show_fd" function + - BUG/MINOR: h2: remove accidental debug code introduced with show_fd function + - MINOR: h2: keep a count of the number of conn_streams attached to the mux + - MINOR: h2: add the mux and demux buffer lengths on "show fd" + - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess + - BUG/MEDIUM: h2: never leave pending data in the output buffer on close + - BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout + - BUG/MINOR: http: Set brackets for the unlikely macro at the right place + - BUILD: Generate sha256 checksums in publish-release + - MINOR: debug: Add check for CO_FL_WILL_UPDATE + - MINOR: debug: Add checks for conn_stream flags + - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier + - MINOR: h2: add the error code and the max/last stream IDs to "show fd" + - BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full + - BUG/MEDIUM: stats: don't ask for more data as long as we're responding + - BUG/MINOR: servers: Don't make "server" in a frontend fatal. + - BUG/MEDIUM: threads/sync: use sched_yield when available + - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever + - BUG/MINOR: config: stick-table is not supported in defaults section + - BUG/MINOR: threads: Handle nbthread == MAX_THREADS. + - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS + - MINOR: threads: move "nbthread" parsing to hathreads.c + - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number + - MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed + - SCRIPTS: git-show-backports: add missing quotes to "echo" + 2018/06/27 : 1.8.12 - BUG/MAJOR: stick_table: Complete incomplete SEGV fix - MINOR: stick-tables: make stktable_release() do nothing on NULL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/README new/haproxy-1.8.13~git4.c1bfcd00/README --- old/haproxy-1.8.12~git0.8a200c71/README 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/README 2018-08-09 05:59:42.000000000 +0200 @@ -3,7 +3,7 @@ ---------------------- version 1.8 willy tarreau - 2018/06/27 + 2018/07/30 1) How to build it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/VERDATE new/haproxy-1.8.13~git4.c1bfcd00/VERDATE --- old/haproxy-1.8.12~git0.8a200c71/VERDATE 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/VERDATE 2018-08-09 05:59:42.000000000 +0200 @@ -1,2 +1,2 @@ $Format:%ci$ -2018/06/27 +2018/07/30 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/VERSION new/haproxy-1.8.13~git4.c1bfcd00/VERSION --- old/haproxy-1.8.12~git0.8a200c71/VERSION 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/VERSION 2018-08-09 05:59:42.000000000 +0200 @@ -1 +1 @@ -1.8.12 +1.8.13 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/contrib/debug/flags.c new/haproxy-1.8.13~git4.c1bfcd00/contrib/debug/flags.c --- old/haproxy-1.8.12~git0.8a200c71/contrib/debug/flags.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/contrib/debug/flags.c 2018-08-09 05:59:42.000000000 +0200 @@ -135,6 +135,7 @@ SHOW_FLAG(f, CO_FL_ADDR_TO_SET); SHOW_FLAG(f, CO_FL_ADDR_FROM_SET); SHOW_FLAG(f, CO_FL_WAIT_ROOM); + SHOW_FLAG(f, CO_FL_WILL_UPDATE); SHOW_FLAG(f, CO_FL_XPRT_READY); SHOW_FLAG(f, CO_FL_CTRL_READY); SHOW_FLAG(f, CO_FL_CURR_WR_ENA); @@ -149,6 +150,28 @@ } putchar('\n'); } +void show_cs_flags(unsigned int f) +{ + printf("cs->flags = "); + if (!f) { + printf("0\n"); + return; + } + SHOW_FLAG(f, CS_FL_EOS); + SHOW_FLAG(f, CS_FL_RCV_MORE); + SHOW_FLAG(f, CS_FL_ERROR); + SHOW_FLAG(f, CS_FL_SHWS); + SHOW_FLAG(f, CS_FL_SHWN); + SHOW_FLAG(f, CS_FL_SHRR); + SHOW_FLAG(f, CS_FL_SHRD); + SHOW_FLAG(f, CS_FL_DATA_WR_ENA); + SHOW_FLAG(f, CS_FL_DATA_RD_ENA); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} void show_si_et(unsigned int f) { @@ -369,6 +392,7 @@ show_strm_flags(flags); show_si_et(flags); show_si_flags(flags); + show_cs_flags(flags); show_conn_flags(flags); show_chn_flags(flags); show_chn_ana(flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/contrib/systemd/haproxy.service.in new/haproxy-1.8.13~git4.c1bfcd00/contrib/systemd/haproxy.service.in --- old/haproxy-1.8.12~git0.8a200c71/contrib/systemd/haproxy.service.in 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/contrib/systemd/haproxy.service.in 2018-08-09 05:59:42.000000000 +0200 @@ -10,6 +10,7 @@ ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always +SuccessExitStatus=143 Type=notify # The following lines leverage SystemD's sandboxing options to provide diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/doc/configuration.txt new/haproxy-1.8.13~git4.c1bfcd00/doc/configuration.txt --- old/haproxy-1.8.12~git0.8a200c71/doc/configuration.txt 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/doc/configuration.txt 2018-08-09 05:59:42.000000000 +0200 @@ -4,7 +4,7 @@ ---------------------- version 1.8 willy tarreau - 2018/06/27 + 2018/07/30 This document covers the configuration language as implemented in the version @@ -11623,6 +11623,40 @@ after <count> consecutive successful health checks. This value defaults to 2 if unspecified. See also the "check", "inter" and "fall" parameters. +resolve-opts <option>,<option>,... + Comma separated list of options to apply to DNS resolution linked to this + server. + + Available options: + + * allow-dup-ip + By default, HAProxy prevents IP address duplication in a backend when DNS + resolution at runtime is in operation. + That said, for some cases, it makes sense that two servers (in the same + backend, being resolved by the same FQDN) have the same IP address. + For such case, simply enable this option. + This is the opposite of prevent-dup-ip. + + * prevent-dup-ip + Ensure HAProxy's default behavior is enforced on a server: prevent re-using + an IP address already set to a server in the same backend and sharing the + same fqdn. + This is the opposite of allow-dup-ip. + + Example: + backend b_myapp + default-server init-addr none resolvers dns + server s1 myapp.example.com:80 check resolve-opts allow-dup-ip + server s2 myapp.example.com:81 check resolve-opts allow-dup-ip + + With the option allow-dup-ip set: + * if the nameserver returns a single IP address, then both servers will use + it + * If the nameserver returns 2 IP addresses, then each server will pick up a + different address + + Default value: not set + resolve-prefer <family> When DNS resolution is enabled for a server and multiple IP addresses from different families are returned, HAProxy will prefer using an IP address diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/examples/haproxy.spec new/haproxy-1.8.13~git4.c1bfcd00/examples/haproxy.spec --- old/haproxy-1.8.12~git0.8a200c71/examples/haproxy.spec 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/examples/haproxy.spec 2018-08-09 05:59:42.000000000 +0200 @@ -1,6 +1,6 @@ Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments Name: haproxy -Version: 1.8.12 +Version: 1.8.13 Release: 1 License: GPL Group: System Environment/Daemons @@ -74,6 +74,9 @@ %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name} %changelog +* Mon Jul 30 2018 Willy Tarreau <[email protected]> +- updated to 1.8.13 + * Wed Jun 27 2018 William Lallemand <[email protected]> - updated to 1.8.12 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/include/common/hathreads.h new/haproxy-1.8.13~git4.c1bfcd00/include/common/hathreads.h --- old/haproxy-1.8.12~git0.8a200c71/include/common/hathreads.h 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/include/common/hathreads.h 2018-08-09 05:59:42.000000000 +0200 @@ -28,6 +28,12 @@ extern THREAD_LOCAL unsigned int tid; /* The thread id */ extern THREAD_LOCAL unsigned long tid_bit; /* The bit corresponding to the thread id */ +/* Note about all_threads_mask : + * - with threads support disabled, this symbol is defined as zero (0UL). + * - with threads enabled, this variable is never zero, it contains the mask + * of enabled threads. Thus if only one thread is enabled, it equals 1. + */ + #ifndef USE_THREAD #define MAX_THREADS 1 @@ -67,7 +73,7 @@ #define HA_BARRIER() do { } while (0) -#define THREAD_SYNC_INIT(m) do { /* do nothing */ } while(0) +#define THREAD_SYNC_INIT() do { /* do nothing */ } while(0) #define THREAD_SYNC_ENABLE() do { /* do nothing */ } while(0) #define THREAD_WANT_SYNC() do { /* do nothing */ } while(0) #define THREAD_ENTER_SYNC() do { /* do nothing */ } while(0) @@ -188,7 +194,7 @@ #define HA_BARRIER() pl_barrier() -#define THREAD_SYNC_INIT(m) thread_sync_init(m) +#define THREAD_SYNC_INIT() thread_sync_init() #define THREAD_SYNC_ENABLE() thread_sync_enable() #define THREAD_WANT_SYNC() thread_want_sync() #define THREAD_ENTER_SYNC() thread_enter_sync() @@ -196,7 +202,7 @@ #define THREAD_NO_SYNC() thread_no_sync() #define THREAD_NEED_SYNC() thread_need_sync() -int thread_sync_init(unsigned long mask); +int thread_sync_init(); void thread_sync_enable(void); void thread_want_sync(void); void thread_enter_sync(void); @@ -204,7 +210,7 @@ int thread_no_sync(void); int thread_need_sync(void); -extern unsigned long all_threads_mask; +extern volatile unsigned long all_threads_mask; #define ha_sigmask(how, set, oldset) pthread_sigmask(how, set, oldset) @@ -692,5 +698,6 @@ /* Dummy I/O handler used by the sync pipe.*/ void thread_sync_io_handler(int fd); +int parse_nbthread(const char *arg, char **err); #endif /* _COMMON_HATHREADS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/include/types/connection.h new/haproxy-1.8.13~git4.c1bfcd00/include/types/connection.h --- old/haproxy-1.8.12~git0.8a200c71/include/types/connection.h 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/include/types/connection.h 2018-08-09 05:59:42.000000000 +0200 @@ -305,6 +305,7 @@ struct conn_stream *(*attach)(struct connection *); /* Create and attach a conn_stream to an outgoing connection */ void (*detach)(struct conn_stream *); /* Detach a conn_stream from an outgoing connection, when the request is done */ + void (*show_fd)(struct chunk *, struct connection *); /* append some data about connection into chunk for "show fd" */ unsigned int flags; /* some flags characterizing the mux's capabilities (MX_FL_*) */ char name[8]; /* mux layer name, zero-terminated */ }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/include/types/dns.h new/haproxy-1.8.13~git4.c1bfcd00/include/types/dns.h --- old/haproxy-1.8.12~git0.8a200c71/include/types/dns.h 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/include/types/dns.h 2018-08-09 05:59:42.000000000 +0200 @@ -245,6 +245,8 @@ } mask; } pref_net[SRV_MAX_PREF_NET]; int pref_net_nb; /* The number of registered prefered networks. */ + int accept_duplicate_ip; /* flag to indicate whether the associated object can use an IP address + already set to an other object of the same group */ }; /* Resolution structure associated to single server and used to manage name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/include/types/ssl_sock.h new/haproxy-1.8.13~git4.c1bfcd00/include/types/ssl_sock.h --- old/haproxy-1.8.12~git0.8a200c71/include/types/ssl_sock.h 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/include/types/ssl_sock.h 2018-08-09 05:59:42.000000000 +0200 @@ -54,6 +54,7 @@ struct list list; /* Used to chain refs. */ char *filename; int unique_id; /* Each pattern reference have unique id. */ + int refcount; /* number of users of this tls_keys_ref. */ struct tls_sess_key *tlskeys; int tls_ticket_enc_index; __decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/scripts/git-show-backports new/haproxy-1.8.13~git4.c1bfcd00/scripts/git-show-backports --- old/haproxy-1.8.12~git0.8a200c71/scripts/git-show-backports 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/scripts/git-show-backports 2018-08-09 05:59:42.000000000 +0200 @@ -132,7 +132,7 @@ done line="${line} |" if [ -z "$MISSING" -o $missing -gt 0 ]; then - [ $((count++)) -gt 0 ] || echo $title + [ $((count++)) -gt 0 ] || echo "$title" [ "$QUIET" != "" -o $count -lt 20 ] || count=0 if [ -z "$UPSTREAM" -o "$upstream" = "none" -o -z "$upstream" ]; then echo "$(short $ref) $line" @@ -235,7 +235,7 @@ echo "---- Subject ----" else # doing it this way prevents git from abusing the terminal - echo $(git log -1 --pretty="%s" "$1") + echo "$(git log -1 --pretty="%s" "$1")" left_commits[${#left_commits[@]}]="$1" comm="" while [ -n "$1" -a "$1" != "-" -a "$1" != "|" ]; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/scripts/publish-release new/haproxy-1.8.13~git4.c1bfcd00/scripts/publish-release --- old/haproxy-1.8.12~git0.8a200c71/scripts/publish-release 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/scripts/publish-release 2018-08-09 05:59:42.000000000 +0200 @@ -159,14 +159,15 @@ fi echo "Archiving sources for version $NEW ..." -rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5} +rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5,.sha256} if ! git archive --format=tar --prefix="haproxy-${NEW}/" "v$NEW" | \ gzip -9 > "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"; then die "Failed to produce the tar.gz archive" fi ( cd "$TARGET_DIR/src${DEVEL}" ; \ - md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 ) + md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 ; \ + sha256sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.sha256 ) echo "Extracting doc ..." git show "v$NEW:CHANGELOG" > "$TARGET_DIR/src/CHANGELOG" @@ -178,6 +179,6 @@ echo "Done : ls -l ${TARGET_DIR}" ( cd "$TARGET_DIR" ; - ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done) + ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5,.sha256} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done) ) echo diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/cfgparse.c new/haproxy-1.8.13~git4.c1bfcd00/src/cfgparse.c --- old/haproxy-1.8.12~git0.8a200c71/src/cfgparse.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/cfgparse.c 2018-08-09 05:59:42.000000000 +0200 @@ -1154,18 +1154,10 @@ err_code |= ERR_ALERT | ERR_FATAL; goto out; } - global.nbthread = atol(args[1]); -#ifndef USE_THREAD - if (global.nbthread > 1) { - ha_alert("HAProxy is not compiled with threads support, please check build options for USE_THREAD.\n"); - global.nbthread = 1; - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } -#endif - if (global.nbthread < 1 || global.nbthread > MAX_THREADS) { - ha_alert("parsing [%s:%d] : '%s' must be between 1 and %d (was %d).\n", - file, linenum, args[0], MAX_THREADS, global.nbthread); + global.nbthread = parse_nbthread(args[1], &errmsg); + if (!global.nbthread) { + ha_alert("parsing [%s:%d] : '%s' %s.\n", + file, linenum, args[0], errmsg); err_code |= ERR_ALERT | ERR_FATAL; goto out; } @@ -4085,6 +4077,13 @@ int myidx = 1; struct proxy *other; + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : 'stick-table' is not supported in 'defaults' section.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + other = proxy_tbl_by_name(curproxy->id); if (other) { ha_alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n", @@ -7647,6 +7646,29 @@ } /* HTTP && bufsize < 16384 */ #endif + /* detect and address thread affinity inconsistencies */ + nbproc = 0; + if (bind_conf->bind_proc) + nbproc = my_ffsl(bind_conf->bind_proc); + + mask = bind_conf->bind_thread[nbproc - 1]; + if (mask && !(mask & (all_threads_mask ? all_threads_mask : 1UL))) { + unsigned long new_mask = 0; + + while (mask) { + new_mask |= mask & (all_threads_mask ? all_threads_mask : 1UL); + mask >>= global.nbthread; + } + + for (nbproc = 0; nbproc < LONGBITS; nbproc++) { + if (!bind_conf->bind_proc || (bind_conf->bind_proc & (1UL << nbproc))) + bind_conf->bind_thread[nbproc] = new_mask; + } + ha_warning("Proxy '%s': the thread range specified on the 'process' directive of 'bind %s' at [%s:%d] only refers to thread numbers out of the range defined by the global 'nbthread' directive. The thread numbers were remapped to existing threads instead (mask 0x%lx).\n", + curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line, new_mask); + } + + /* detect process and nbproc affinity inconsistencies */ if (!bind_conf->bind_proc) continue; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/cli.c new/haproxy-1.8.13~git4.c1bfcd00/src/cli.c --- old/haproxy-1.8.12~git0.8a200c71/src/cli.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/cli.c 2018-08-09 05:59:42.000000000 +0200 @@ -841,8 +841,11 @@ else if (li) chunk_appendf(&trash, " fe=%s", li->bind_conf->frontend->id); - if (mux) + if (mux) { chunk_appendf(&trash, " mux=%s mux_ctx=%p", mux->name, ctx); + if (mux->show_fd) + mux->show_fd(&trash, fdt.owner); + } else chunk_appendf(&trash, " nomux"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/connection.c new/haproxy-1.8.13~git4.c1bfcd00/src/connection.c --- old/haproxy-1.8.12~git0.8a200c71/src/connection.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/connection.c 2018-08-09 05:59:42.000000000 +0200 @@ -901,73 +901,71 @@ int make_proxy_line_v1(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst) { int ret = 0; - - if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET) { - ret = snprintf(buf + ret, buf_len - ret, "PROXY TCP4 "); - if (ret >= buf_len) - return 0; - - /* IPv4 src */ - if (!inet_ntop(src->ss_family, &((struct sockaddr_in *)src)->sin_addr, buf + ret, buf_len - ret)) - return 0; - - ret += strlen(buf + ret); + char * protocol; + char src_str[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)]; + char dst_str[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)]; + in_port_t src_port; + in_port_t dst_port; + + if ( !src + || !dst + || (src->ss_family != AF_INET && src->ss_family != AF_INET6) + || (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) { + /* unknown family combination */ + ret = snprintf(buf, buf_len, "PROXY UNKNOWN\r\n"); if (ret >= buf_len) return 0; - buf[ret++] = ' '; - - /* IPv4 dst */ - if (!inet_ntop(dst->ss_family, &((struct sockaddr_in *)dst)->sin_addr, buf + ret, buf_len - ret)) - return 0; + return ret; + } - ret += strlen(buf + ret); - if (ret >= buf_len) + /* IPv4 for both src and dst */ + if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { + protocol = "TCP4"; + if (!inet_ntop(AF_INET, &((struct sockaddr_in *)src)->sin_addr, src_str, sizeof(src_str))) return 0; - - /* source and destination ports */ - ret += snprintf(buf + ret, buf_len - ret, " %u %u\r\n", - ntohs(((struct sockaddr_in *)src)->sin_port), - ntohs(((struct sockaddr_in *)dst)->sin_port)); - if (ret >= buf_len) + src_port = ((struct sockaddr_in *)src)->sin_port; + if (!inet_ntop(AF_INET, &((struct sockaddr_in *)dst)->sin_addr, dst_str, sizeof(dst_str))) return 0; + dst_port = ((struct sockaddr_in *)dst)->sin_port; } - else if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET6) { - ret = snprintf(buf + ret, buf_len - ret, "PROXY TCP6 "); - if (ret >= buf_len) - return 0; + /* IPv6 for at least one of src and dst */ + else { + struct in6_addr tmp; - /* IPv6 src */ - if (!inet_ntop(src->ss_family, &((struct sockaddr_in6 *)src)->sin6_addr, buf + ret, buf_len - ret)) - return 0; + protocol = "TCP6"; - ret += strlen(buf + ret); - if (ret >= buf_len) - return 0; + if (src->ss_family == AF_INET) { + /* Convert src to IPv6 */ + v4tov6(&tmp, &((struct sockaddr_in *)src)->sin_addr); + src_port = ((struct sockaddr_in *)src)->sin_port; + } + else { + tmp = ((struct sockaddr_in6 *)src)->sin6_addr; + src_port = ((struct sockaddr_in6 *)src)->sin6_port; + } - buf[ret++] = ' '; - - /* IPv6 dst */ - if (!inet_ntop(dst->ss_family, &((struct sockaddr_in6 *)dst)->sin6_addr, buf + ret, buf_len - ret)) + if (!inet_ntop(AF_INET6, &tmp, src_str, sizeof(src_str))) return 0; - ret += strlen(buf + ret); - if (ret >= buf_len) - return 0; + if (dst->ss_family == AF_INET) { + /* Convert dst to IPv6 */ + v4tov6(&tmp, &((struct sockaddr_in *)dst)->sin_addr); + dst_port = ((struct sockaddr_in *)dst)->sin_port; + } + else { + tmp = ((struct sockaddr_in6 *)dst)->sin6_addr; + dst_port = ((struct sockaddr_in6 *)dst)->sin6_port; + } - /* source and destination ports */ - ret += snprintf(buf + ret, buf_len - ret, " %u %u\r\n", - ntohs(((struct sockaddr_in6 *)src)->sin6_port), - ntohs(((struct sockaddr_in6 *)dst)->sin6_port)); - if (ret >= buf_len) - return 0; - } - else { - /* unknown family combination */ - ret = snprintf(buf, buf_len, "PROXY UNKNOWN\r\n"); - if (ret >= buf_len) + if (!inet_ntop(AF_INET6, &tmp, dst_str, sizeof(dst_str))) return 0; } + + ret = snprintf(buf, buf_len, "PROXY %s %s %s %u %u\r\n", protocol, src_str, dst_str, ntohs(src_port), ntohs(dst_port)); + if (ret >= buf_len) + return 0; + return ret; } @@ -1007,35 +1005,60 @@ dst = &remote->addr.to; } - if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET) { - if (buf_len < PP2_HDR_LEN_INET) - return 0; - hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; - hdr->fam = PP2_FAM_INET | PP2_TRANS_STREAM; - hdr->addr.ip4.src_addr = ((struct sockaddr_in *)src)->sin_addr.s_addr; - hdr->addr.ip4.dst_addr = ((struct sockaddr_in *)dst)->sin_addr.s_addr; - hdr->addr.ip4.src_port = ((struct sockaddr_in *)src)->sin_port; - hdr->addr.ip4.dst_port = ((struct sockaddr_in *)dst)->sin_port; - ret = PP2_HDR_LEN_INET; - } - else if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET6) { - if (buf_len < PP2_HDR_LEN_INET6) - return 0; - hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; - hdr->fam = PP2_FAM_INET6 | PP2_TRANS_STREAM; - memcpy(hdr->addr.ip6.src_addr, &((struct sockaddr_in6 *)src)->sin6_addr, 16); - memcpy(hdr->addr.ip6.dst_addr, &((struct sockaddr_in6 *)dst)->sin6_addr, 16); - hdr->addr.ip6.src_port = ((struct sockaddr_in6 *)src)->sin6_port; - hdr->addr.ip6.dst_port = ((struct sockaddr_in6 *)dst)->sin6_port; - ret = PP2_HDR_LEN_INET6; - } - else { + /* At least one of src or dst is not of AF_INET or AF_INET6 */ + if ( !src + || !dst + || (src->ss_family != AF_INET && src->ss_family != AF_INET6) + || (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) { if (buf_len < PP2_HDR_LEN_UNSPEC) return 0; hdr->ver_cmd = PP2_VERSION | PP2_CMD_LOCAL; hdr->fam = PP2_FAM_UNSPEC | PP2_TRANS_UNSPEC; ret = PP2_HDR_LEN_UNSPEC; } + else { + /* IPv4 for both src and dst */ + if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { + if (buf_len < PP2_HDR_LEN_INET) + return 0; + hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; + hdr->fam = PP2_FAM_INET | PP2_TRANS_STREAM; + hdr->addr.ip4.src_addr = ((struct sockaddr_in *)src)->sin_addr.s_addr; + hdr->addr.ip4.src_port = ((struct sockaddr_in *)src)->sin_port; + hdr->addr.ip4.dst_addr = ((struct sockaddr_in *)dst)->sin_addr.s_addr; + hdr->addr.ip4.dst_port = ((struct sockaddr_in *)dst)->sin_port; + ret = PP2_HDR_LEN_INET; + } + /* IPv6 for at least one of src and dst */ + else { + struct in6_addr tmp; + + if (buf_len < PP2_HDR_LEN_INET6) + return 0; + hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; + hdr->fam = PP2_FAM_INET6 | PP2_TRANS_STREAM; + if (src->ss_family == AF_INET) { + v4tov6(&tmp, &((struct sockaddr_in *)src)->sin_addr); + memcpy(hdr->addr.ip6.src_addr, &tmp, 16); + hdr->addr.ip6.src_port = ((struct sockaddr_in *)src)->sin_port; + } + else { + memcpy(hdr->addr.ip6.src_addr, &((struct sockaddr_in6 *)src)->sin6_addr, 16); + hdr->addr.ip6.src_port = ((struct sockaddr_in6 *)src)->sin6_port; + } + if (dst->ss_family == AF_INET) { + v4tov6(&tmp, &((struct sockaddr_in *)dst)->sin_addr); + memcpy(hdr->addr.ip6.dst_addr, &tmp, 16); + hdr->addr.ip6.src_port = ((struct sockaddr_in *)src)->sin_port; + } + else { + memcpy(hdr->addr.ip6.dst_addr, &((struct sockaddr_in6 *)dst)->sin6_addr, 16); + hdr->addr.ip6.dst_port = ((struct sockaddr_in6 *)dst)->sin6_port; + } + + ret = PP2_HDR_LEN_INET6; + } + } if (conn_get_alpn(remote, &value, &value_len)) { if ((buf_len - ret) < sizeof(struct tlv)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/dns.c new/haproxy-1.8.13~git4.c1bfcd00/src/dns.c --- old/haproxy-1.8.12~git0.8a200c71/src/dns.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/dns.c 2018-08-09 05:59:42.000000000 +0200 @@ -965,8 +965,10 @@ int currentip_sel; int j; int score, max_score; + int allowed_duplicated_ip; family_priority = dns_opts->family_prio; + allowed_duplicated_ip = dns_opts->accept_duplicate_ip; *newip = newip4 = newip6 = NULL; currentip_found = 0; *newip_sin_family = AF_UNSPEC; @@ -1027,10 +1029,15 @@ } /* Check if the IP found in the record is already affected to a - * member of a group. If yes, the score should be incremented + * member of a group. If not, the score should be incremented * by 2. */ - if (owner && snr_check_ip_callback(owner, ip, &ip_type)) - continue; + if (owner && snr_check_ip_callback(owner, ip, &ip_type)) { + if (!allowed_duplicated_ip) { + continue; + } + } else { + score += 2; + } /* Check for current ip matching. */ if (ip_type == currentip_sin_family && diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/haproxy.c new/haproxy-1.8.13~git4.c1bfcd00/src/haproxy.c --- old/haproxy-1.8.12~git0.8a200c71/src/haproxy.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/haproxy.c 2018-08-09 05:59:42.000000000 +0200 @@ -3018,7 +3018,7 @@ int i; sigset_t blocked_sig, old_sig; - THREAD_SYNC_INIT((1UL << global.nbthread) - 1); + THREAD_SYNC_INIT(); /* Init tids array */ for (i = 0; i < global.nbthread; i++) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/hathreads.c new/haproxy-1.8.13~git4.c1bfcd00/src/hathreads.c --- old/haproxy-1.8.12~git0.8a200c71/src/hathreads.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/hathreads.c 2018-08-09 05:59:42.000000000 +0200 @@ -11,6 +11,7 @@ */ #include <unistd.h> +#include <stdlib.h> #include <fcntl.h> #include <common/cfgparse.h> @@ -31,17 +32,17 @@ static HA_SPINLOCK_T sync_lock; static int threads_sync_pipe[2]; static unsigned long threads_want_sync = 0; -unsigned long all_threads_mask = 0; +volatile unsigned long all_threads_mask = 1; // nbthread 1 assumed by default #if defined(DEBUG_THREAD) || defined(DEBUG_FULL) struct lock_stat lock_stats[LOCK_LABELS]; #endif -/* Initializes the sync point. It creates a pipe used by threads to wakup all - * others when a sync is requested. It also initialize the mask of all create +/* Initializes the sync point. It creates a pipe used by threads to wake up all + * others when a sync is requested. It also initializes the mask of all created * threads. It returns 0 on success and -1 if an error occurred. */ -int thread_sync_init(unsigned long mask) +int thread_sync_init() { int rfd; @@ -54,8 +55,6 @@ fdtab[rfd].owner = thread_sync_io_handler; fdtab[rfd].iocb = thread_sync_io_handler; fd_insert(rfd, MAX_THREADS_MASK); - - all_threads_mask = mask; return 0; } @@ -109,8 +108,20 @@ HA_ATOMIC_CAS(barrier, &old, 0); HA_ATOMIC_OR(barrier, tid_bit); - while (*barrier != all_threads_mask) + + /* Note below: we need to wait for all threads to join here, but in + * case several threads are scheduled on the same CPU, busy polling + * will instead degrade the performance, forcing other threads to + * wait longer (typically in epoll_wait()). Let's use sched_yield() + * when available instead. + */ + while ((*barrier & all_threads_mask) != all_threads_mask) { +#if _POSIX_PRIORITY_SCHEDULING + sched_yield(); +#else pl_cpu_relax(); +#endif + } } /* Enter into the sync point and lock it if the current thread has requested a @@ -162,4 +173,38 @@ hap_register_build_opts("Built with multi-threading support.", 0); } +#endif // USE_THREAD + + +/* Parse the number of threads in argument <arg>, returns it and adjusts a few + * internal variables accordingly, or fails and returns zero with an error + * reason in <errmsg>. May be called multiple times while parsing. + */ +int parse_nbthread(const char *arg, char **err) +{ + long nbthread; + char *errptr; + + nbthread = strtol(arg, &errptr, 10); + if (!*arg || *errptr) { + memprintf(err, "passed a missing or unparsable integer value in '%s'", arg); + return 0; + } + +#ifndef USE_THREAD + if (nbthread != 1) { + memprintf(err, "specified with a value other than 1 while HAProxy is not compiled with threads support. Please check build options for USE_THREAD"); + return 0; + } +#else + if (nbthread < 1 || nbthread > MAX_THREADS) { + memprintf(err, "value must be between 1 and %d (was %ld)", MAX_THREADS, nbthread); + return 0; + } + + /* we proceed like this to be sure never to overflow the left shift */ + all_threads_mask = 1UL << (nbthread - 1); + all_threads_mask |= all_threads_mask - 1; #endif + return nbthread; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/mux_h2.c new/haproxy-1.8.13~git4.c1bfcd00/src/mux_h2.c --- old/haproxy-1.8.12~git0.8a200c71/src/mux_h2.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/mux_h2.c 2018-08-09 05:59:42.000000000 +0200 @@ -54,11 +54,12 @@ #define H2_CF_DEM_MROOM 0x00000020 // demux blocked on lack of room in mux buffer #define H2_CF_DEM_SALLOC 0x00000040 // demux blocked on lack of stream's request buffer #define H2_CF_DEM_SFULL 0x00000080 // demux blocked on stream request buffer full -#define H2_CF_DEM_BLOCK_ANY 0x000000F0 // aggregate of the demux flags above except DALLOC/DFULL +#define H2_CF_DEM_TOOMANY 0x00000100 // demux blocked waiting for some conn_streams to leave +#define H2_CF_DEM_BLOCK_ANY 0x000001F0 // aggregate of the demux flags above except DALLOC/DFULL /* other flags */ -#define H2_CF_GOAWAY_SENT 0x00000100 // a GOAWAY frame was successfully sent -#define H2_CF_GOAWAY_FAILED 0x00000200 // a GOAWAY frame failed to be sent +#define H2_CF_GOAWAY_SENT 0x00001000 // a GOAWAY frame was successfully sent +#define H2_CF_GOAWAY_FAILED 0x00002000 // a GOAWAY frame failed to be sent /* H2 connection state, in h2c->st0 */ @@ -113,7 +114,7 @@ int timeout; /* idle timeout duration in ticks */ int shut_timeout; /* idle timeout duration in ticks after GOAWAY was sent */ unsigned int nb_streams; /* number of streams in the tree */ - /* 32 bit hole here */ + unsigned int nb_cs; /* number of attached conn_streams */ struct task *task; /* timeout management task */ struct eb_root streams_by_id; /* all active streams by their ID */ struct list send_list; /* list of blocked streams requesting to send */ @@ -252,6 +253,12 @@ return 0; } +/* returns true if the connection has too many conn_streams attached */ +static inline int h2_has_too_many_cs(const struct h2c *h2c) +{ + return h2c->nb_cs >= h2_settings_max_concurrent_streams; +} + /* re-enables receiving on mux <target> after a buffer was allocated. It returns * 1 if the allocation succeeds, in which case the connection is woken up, or 0 * if it's impossible to wake up and we prefer to be woken up later. @@ -402,6 +409,7 @@ h2c->rcvd_c = 0; h2c->rcvd_s = 0; h2c->nb_streams = 0; + h2c->nb_cs = 0; h2c->dbuf = &buf_empty; h2c->dsi = -1; @@ -685,14 +693,18 @@ h2s->cs = cs; cs->ctx = h2s; + h2c->nb_cs++; if (stream_create_from_cs(cs) < 0) goto out_free_cs; /* OK done, the stream lives its own life now */ + if (h2_has_too_many_cs(h2c)) + h2c->flags |= H2_CF_DEM_TOOMANY; return h2s; out_free_cs: + h2c->nb_cs--; cs_free(cs); out_close: h2s_destroy(h2s); @@ -1595,6 +1607,9 @@ if (h2c->dbuf->i < h2c->dfl && h2c->dbuf->i < h2c->dbuf->size) return 0; // incomplete frame + if (h2c->flags & H2_CF_DEM_TOOMANY) + return 0; // too many cs still present + /* now either the frame is complete or the buffer is complete */ if (h2s->st != H2_SS_IDLE) { /* FIXME: stream already exists, this is only allowed for @@ -2313,14 +2328,6 @@ h2_release(conn); return -1; } - else { - /* some streams still there, we need to signal them all and - * wait for their departure. - */ - __conn_xprt_stop_recv(conn); - __conn_xprt_stop_send(conn); - return 0; - } } if (!h2c->dbuf->i) @@ -2336,6 +2343,7 @@ /* adjust output polling */ if (!(conn->flags & CO_FL_SOCK_WR_SH) && + h2c->st0 != H2_CS_ERROR2 && !(h2c->flags & H2_CF_GOAWAY_FAILED) && (h2c->st0 == H2_CS_ERROR || h2c->mbuf->o || (h2c->mws > 0 && !LIST_ISEMPTY(&h2c->fctl_list)) || @@ -2483,11 +2491,21 @@ h2c = h2s->h2c; h2s->cs = NULL; + h2c->nb_cs--; + if (h2c->flags & H2_CF_DEM_TOOMANY && + !h2_has_too_many_cs(h2c)) { + h2c->flags &= ~H2_CF_DEM_TOOMANY; + if (h2_recv_allowed(h2c)) { + __conn_xprt_want_recv(h2c->conn); + conn_xprt_want_send(h2c->conn); + } + } /* this stream may be blocked waiting for some data to leave (possibly * an ES or RST frame), so orphan it in this case. */ if (!(cs->conn->flags & CO_FL_ERROR) && + (h2c->st0 < H2_CS_ERROR) && (h2s->flags & (H2_SF_BLK_MBUSY | H2_SF_BLK_MROOM | H2_SF_BLK_MFCTL))) return; @@ -2511,6 +2529,7 @@ */ if (eb_is_empty(&h2c->streams_by_id) && /* don't close if streams exist */ ((h2c->conn->flags & CO_FL_ERROR) || /* errors close immediately */ + (h2c->st0 >= H2_CS_ERROR && !h2c->task) || /* a timeout stroke earlier */ (h2c->flags & H2_CF_GOAWAY_FAILED) || (!h2c->mbuf->o && /* mux buffer empty, also process clean events below */ (conn_xprt_read0_pending(h2c->conn) || @@ -3322,6 +3341,14 @@ /* we may need to add END_STREAM */ /* FIXME: we should also detect shutdown(w) below, but how ? Maybe we * could rely on the MSG_MORE flag as a hint for this ? + * + * FIXME: what we do here is not correct because we send end_stream + * before knowing if we'll have to send a HEADERS frame for the + * trailers. More importantly we're not consuming the trailing CRLF + * after the end of trailers, so it will be left to the caller to + * eat it. The right way to do it would be to measure trailers here + * and to send ES only if there are no trailers. + * */ if (((h1m->flags & H1_MF_CLEN) && !(h1m->curr_len - size)) || !h1m->curr_len || h1m->state >= HTTP_MSG_DONE) @@ -3424,6 +3451,13 @@ } } + if (h2s->st >= H2_SS_ERROR) { + /* trim any possibly pending data after we close (extra CR-LF, + * unprocessed trailers, abnormal extra data, ...) + */ + bo_del(buf, buf->o); + } + /* RST are sent similarly to frame acks */ if (h2s->st == H2_SS_ERROR || h2s->flags & H2_SF_RST_RCVD) { cs->flags |= CS_FL_ERROR; @@ -3446,6 +3480,41 @@ return total; } +/* for debugging with CLI's "show fd" command */ +static void h2_show_fd(struct chunk *msg, struct connection *conn) +{ + struct h2c *h2c = conn->mux_ctx; + struct h2s *h2s; + struct eb32_node *node; + int fctl_cnt = 0; + int send_cnt = 0; + int tree_cnt = 0; + int orph_cnt = 0; + + if (!h2c) + return; + + list_for_each_entry(h2s, &h2c->fctl_list, list) + fctl_cnt++; + + list_for_each_entry(h2s, &h2c->send_list, list) + send_cnt++; + + node = eb32_first(&h2c->streams_by_id); + while (node) { + h2s = container_of(node, struct h2s, by_id); + tree_cnt++; + if (!h2s->cs) + orph_cnt++; + node = eb32_next(node); + } + + chunk_appendf(msg, " st0=%d err=%d maxid=%d lastid=%d flg=0x%08x nbst=%u nbcs=%u" + " fctl_cnt=%d send_cnt=%d tree_cnt=%d orph_cnt=%d dbuf=%u/%u mbuf=%u/%u", + h2c->st0, h2c->errcode, h2c->max_id, h2c->last_sid, h2c->flags, + h2c->nb_streams, h2c->nb_cs, fctl_cnt, send_cnt, tree_cnt, orph_cnt, + h2c->dbuf->i, h2c->dbuf->size, h2c->mbuf->o, h2c->mbuf->size); +} /*******************************************************/ /* functions below are dedicated to the config parsers */ @@ -3517,6 +3586,7 @@ .detach = h2_detach, .shutr = h2_shutr, .shutw = h2_shutw, + .show_fd = h2_show_fd, .flags = MX_FL_CLEAN_ABRT, .name = "H2", }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/proto_http.c new/haproxy-1.8.13~git4.c1bfcd00/src/proto_http.c --- old/haproxy-1.8.12~git0.8a200c71/src/proto_http.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/proto_http.c 2018-08-09 05:59:42.000000000 +0200 @@ -3451,7 +3451,7 @@ s->req.buf->p, &txn->hdr_idx, &ctx)) { if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, "Early-Data: 1", - strlen("Early-Data: 1"))) < 0) { + strlen("Early-Data: 1")) < 0)) { goto return_bad_req; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/queue.c new/haproxy-1.8.13~git4.c1bfcd00/src/queue.c --- old/haproxy-1.8.12~git0.8a200c71/src/queue.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/queue.c 2018-08-09 05:59:42.000000000 +0200 @@ -117,7 +117,10 @@ } ps_found: - if (srv_currently_usable(rsrv) && px->nbpend) { + if (srv_currently_usable(rsrv) && px->nbpend && + (!(srv->flags & SRV_F_BACKUP) || + (!px->srv_act && + (srv == px->lbprm.fbck || (px->options & PR_O_USE_ALL_BK))))) { struct pendconn *pp; list_for_each_entry(pp, &px->pendconns, list) { @@ -287,6 +290,15 @@ if (!srv_currently_usable(s)) return 0; + /* if this is a backup server and there are active servers or at + * least another backup server was elected, then this one must + * not dequeue requests from the proxy. + */ + if ((s->flags & SRV_F_BACKUP) && + (s->proxy->srv_act || + ((s != s->proxy->lbprm.fbck) && !(s->proxy->options & PR_O_USE_ALL_BK)))) + return 0; + HA_SPIN_LOCK(PROXY_LOCK, &s->proxy->lock); maxconn = srv_dynamic_maxconn(s); list_for_each_entry_safe(p, pback, &s->proxy->pendconns, list) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/server.c new/haproxy-1.8.13~git4.c1bfcd00/src/server.c --- old/haproxy-1.8.12~git0.8a200c71/src/server.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/server.c 2018-08-09 05:59:42.000000000 +0200 @@ -1506,6 +1506,7 @@ if (src->resolvers_id != NULL) srv->resolvers_id = strdup(src->resolvers_id); srv->dns_opts.family_prio = src->dns_opts.family_prio; + srv->dns_opts.accept_duplicate_ip = src->dns_opts.accept_duplicate_ip; if (srv->dns_opts.family_prio == AF_UNSPEC) srv->dns_opts.family_prio = AF_INET6; memcpy(srv->dns_opts.pref_net, @@ -1897,7 +1898,7 @@ goto out; } else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_ALERT | ERR_FATAL; + err_code |= ERR_WARN; /* There is no mandatory first arguments for default server. */ if (srv) { @@ -2044,6 +2045,7 @@ newsrv = &curproxy->defsrv; cur_arg = 1; newsrv->dns_opts.family_prio = AF_INET6; + newsrv->dns_opts.accept_duplicate_ip = 0; } while (*args[cur_arg]) { @@ -2139,6 +2141,31 @@ newsrv->resolvers_id = strdup(args[cur_arg + 1]); cur_arg += 2; } + else if (!strcmp(args[cur_arg], "resolve-opts")) { + char *p, *end; + + for (p = args[cur_arg + 1]; *p; p = end) { + /* cut on next comma */ + for (end = p; *end && *end != ','; end++); + if (*end) + *(end++) = 0; + + if (!strcmp(p, "allow-dup-ip")) { + newsrv->dns_opts.accept_duplicate_ip = 1; + } + else if (!strcmp(p, "prevent-dup-ip")) { + newsrv->dns_opts.accept_duplicate_ip = 0; + } + else { + ha_alert("parsing [%s:%d]: '%s' : unknown resolve-opts option '%s', supported methods are 'allow-dup-ip' and 'prevent-dup-ip'.\n", + file, linenum, args[cur_arg], p); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + + cur_arg += 2; + } else if (!strcmp(args[cur_arg], "resolve-prefer")) { if (!strcmp(args[cur_arg + 1], "ipv4")) newsrv->dns_opts.family_prio = AF_INET; @@ -4774,6 +4801,19 @@ if (prev_srv_count && s->proxy->srv_bck == 0 && s->proxy->srv_act == 0) set_backend_down(s->proxy); + /* If the server is set with "on-marked-up shutdown-backup-sessions", + * and it's not a backup server and its effective weight is > 0, + * then it can accept new connections, so we shut down all streams + * on all backup servers. + */ + if ((s->onmarkedup & HANA_ONMARKEDUP_SHUTDOWNBACKUPSESSIONS) && + !(s->flags & SRV_F_BACKUP) && s->next_eweight) + srv_shutdown_backup_streams(s->proxy, SF_ERR_UP); + + /* check if we can handle some connections queued at the proxy. We + * will take as many as we can handle. + */ + xferred = pendconn_grab_from_px(s); } else if (s->next_admin & SRV_ADMF_MAINT) { /* remaining in maintenance mode, let's inform precisely about the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/ssl_sock.c new/haproxy-1.8.13~git4.c1bfcd00/src/ssl_sock.c --- old/haproxy-1.8.12~git0.8a200c71/src/ssl_sock.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/ssl_sock.c 2018-08-09 05:59:42.000000000 +0200 @@ -4814,7 +4814,7 @@ ssl_sock_free_ssl_conf(&bind_conf->ssl_conf); free(bind_conf->ca_sign_file); free(bind_conf->ca_sign_pass); - if (bind_conf->keys_ref) { + if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) { free(bind_conf->keys_ref->filename); free(bind_conf->keys_ref->tlskeys); LIST_DEL(&bind_conf->keys_ref->list); @@ -7548,7 +7548,8 @@ } keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]); - if(keys_ref) { + if (keys_ref) { + keys_ref->refcount++; conf->keys_ref = keys_ref; return 0; } @@ -7595,6 +7596,7 @@ i -= 2; keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO; keys_ref->unique_id = -1; + keys_ref->refcount = 1; HA_RWLOCK_INIT(&keys_ref->lock); conf->keys_ref = keys_ref; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/stats.c new/haproxy-1.8.13~git4.c1bfcd00/src/stats.c --- old/haproxy-1.8.12~git0.8a200c71/src/stats.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/stats.c 2018-08-09 05:59:42.000000000 +0200 @@ -3130,7 +3130,15 @@ } } out: - /* just to make gcc happy */ ; + /* we have left the request in the buffer for the case where we + * process a POST, and this automatically re-enables activity on + * read. It's better to indicate that we want to stop reading when + * we're sending, so that we know there's at most one direction + * deciding to wake the applet up. It saves it from looping when + * emitting large blocks into small TCP windows. + */ + if (!channel_is_empty(res)) + si_applet_stop_get(si); } /* Dump all fields from <info> into <out> using the "show info" format (name: value) */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.12~git0.8a200c71/src/stream_interface.c new/haproxy-1.8.13~git4.c1bfcd00/src/stream_interface.c --- old/haproxy-1.8.12~git0.8a200c71/src/stream_interface.c 2018-06-27 16:27:32.000000000 +0200 +++ new/haproxy-1.8.13~git4.c1bfcd00/src/stream_interface.c 2018-08-09 05:59:42.000000000 +0200 @@ -720,7 +720,7 @@ ic->rex = TICK_ETERNITY; } } - else { + else if (!(si->flags & SI_FL_WAIT_ROOM) || !ic->buf->o) { /* (re)start reading and update timeout. Note: we don't recompute the timeout * everytime we get here, otherwise it would risk never to expire. We only * update it if is was not yet set. The stream socket handler will already
