Hi Jens,
> after updating from HAProxy 2.4.26 to 2.4.27, I noticed some strange behavior
> change when issuing commands via the socket. I have a script that calls the
> "prepare map" command and looks at the output to determine the new map
> version number. This script failed after upgrading
Hi.
Updated patch.
Changes:
Set the right 'X' for upstream-proxy-header
removed the upstream-proxy.png from patch
git-format against latest master
Any feedback and help is really appreciated.
Best regards
Alex
On 2024-06-13 (Do.) 03:00, Aleksandar Lazic wrote:
Hi.
New Version.
Changes:
Hi
On 6/16/24 14:39, Vincent Bernat wrote:
Yes, that's possible. I didn't want to do that unless there is at least
one user. I'll do it later today.
Thank you, greatly appreciated.
Best regards
Tim Düsterhus
On 2024-06-16 14:37, Tim Düsterhus wrote:
Hi Vincent,
On 5/29/24 17:07, Willy Tarreau wrote:
HAProxy 3.0.0 was released on 2024/05/29. It added 21 new commits
after version 3.0-dev13. I do appreciate that everything was only
cosmetic.
I'm seeing that HAProxy 3.0 is already available on
Hi
On 5/29/24 21:37, Willy Tarreau wrote:
- The version table on haproxy.org still has the EOL column for 2.0 in bold.
Other EOL versions are not bold, so that's inconsistent.
Ah, that makes sense, you're right. Now fixed!
I'm just noticing a few more things:
- For 3.0 the "Release date"
Le 14/06/2024 à 16:22, Christopher Faulet a écrit :
Le 14/06/2024 à 16:20, Willy Tarreau a écrit :
On Fri, Jun 14, 2024 at 04:12:03PM +0200, Christopher Faulet wrote:
Hi,
HAProxy 3.1-dev1 was released on 2024/06/14. It added 95 new commits
after version 3.1-dev0.
Because Willy announced
Le 14/06/2024 à 16:20, Willy Tarreau a écrit :
On Fri, Jun 14, 2024 at 04:12:03PM +0200, Christopher Faulet wrote:
Hi,
HAProxy 3.1-dev1 was released on 2024/06/14. It added 95 new commits
after version 3.1-dev0.
Because Willy announced publicly I should managed a -dev1 before his return
from
On Fri, Jun 14, 2024 at 04:12:03PM +0200, Christopher Faulet wrote:
> Hi,
>
> HAProxy 3.1-dev1 was released on 2024/06/14. It added 95 new commits
> after version 3.1-dev0.
>
> Because Willy announced publicly I should managed a -dev1 before his return
> from vacations, I have no choice. So,
Hi.
Thanks for testing and feedback.
On 2024-06-12 (Mi.) 20:35, Dave Cottlehuber wrote:
On Wed, 12 Jun 2024, at 13:04, Aleksandar Lazic wrote:
Hi.
Attached a new version with updated upstream-proxy.cfg.
This Patch have also the feature `upstream-proxy-target` to get rid of the
dependency
On Wed, 12 Jun 2024, at 13:04, Aleksandar Lazic wrote:
> Hi.
>
> Attached a new version with updated upstream-proxy.cfg.
>
> This Patch have also the feature `upstream-proxy-target` to get rid of the
> dependency for the srv->hostname.
>
> ```
> tcp-request content upstream-proxy-target
ction handle is how we differentiate two connections on the lower
* layers. It usually is a file descriptor but can be a connection id. The
* CO_FL_FDLESS flag indicates which one is relevant.
@@ -526,7 +545,7 @@ struct connection {
/* first cache line */
enum obj_type obj_type; /
Hi Dave.
On 2024-06-12 (Mi.) 12:45, Aleksandar Lazic wrote:
On 2024-06-12 (Mi.) 12:26, Dave Cottlehuber wrote:
On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote:
Hi Dave.
Thank you for your test and feedback.
When you put this line into backend, will this be better?
```
tcp-request
On 2024-06-12 (Mi.) 12:26, Dave Cottlehuber wrote:
On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote:
Hi Dave.
Thank you for your test and feedback.
When you put this line into backend, will this be better?
```
tcp-request connection upstream-proxy-header HOST www.httpbun.com
```
On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote:
> Hi Dave.
>
> Thank you for your test and feedback.
>
> When you put this line into backend, will this be better?
>
> ```
> tcp-request connection upstream-proxy-header HOST www.httpbun.com
> ```
>
> Regards
> Alex
Hi Alex,
Sorry I forgot
Hi Dave.
Thank you for your test and feedback.
When you put this line into backend, will this be better?
```
tcp-request connection upstream-proxy-header HOST www.httpbun.com
```
Regards
Alex
On 2024-06-11 (Di.) 23:52, Dave Cottlehuber wrote:
On Mon, 10 Jun 2024, at 22:09, Aleksandar Lazic
On Mon, 10 Jun 2024, at 22:09, Aleksandar Lazic wrote:
> It is now possible to set via "tcp-request connection upstream-proxy-header"
> headers for the upstream proxy
>
> ```
> tcp-request connection upstream-proxy-header Host www.test1.com
> tcp-request connection upstream-proxy-header
On Mon, Jun 10, 2024, at 3:29 PM, Christopher Faulet wrote:
> Le 05/06/2024 à 22:55, William Manley a écrit :
> > This fixes an issue I've had where if a connection was idle for ~23s
> > it would get in a bad state. I don't understand this code, so I'm
> > not sure exactly why it was failing.
> >
Le 05/06/2024 à 22:55, William Manley a écrit :
This fixes an issue I've had where if a connection was idle for ~23s
it would get in a bad state. I don't understand this code, so I'm
not sure exactly why it was failing.
I discovered this by bisecting to identify the commit that caused the
f --git a/include/haproxy/connection-t.h b/include/haproxy/connection-t.h
index 6ee0940be4..660c7bc7ba 100644
--- a/include/haproxy/connection-t.h
+++ b/include/haproxy/connection-t.h
@@ -132,8 +132,12 @@ enum {
CO_FL_ACCEPT_PROXY = 0x0200, /* receive a valid PROXY protocol hea
Hallo Dave.
On 2024-06-07 (Fr.) 16:12, Dave Cottlehuber wrote:
On Thu, 6 Jun 2024, at 22:57, Aleksandar Lazic wrote:
Hi.
I was able to create a working setup with the attached patches, I'm
pretty sure
that the patch will need some adoptions until it' ready to commit to
the dev branch.
It
On Thu, 6 Jun 2024, at 22:57, Aleksandar Lazic wrote:
> Hi.
>
> I was able to create a working setup with the attached patches, I'm
> pretty sure
> that the patch will need some adoptions until it' ready to commit to
> the dev branch.
>
> It would be nice to get some feedback.
Hi Alex,
This
CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV,
+ CO_FL_HANDSHAKE = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV | CO_FL_UPSTREAM_PROXY_TUNNEL_SEND,
CO_FL_WAIT_XPRT = CO_FL_WAIT_L4_CONN | CO_FL_HA
I observed that RST may be sent not by user process, but by linux kernel
when the user process died.
Do you see some evidence of haproxy abnormal termination, core dump?
чт, 6 июн. 2024 г. в 15:20, Lowin, Patrick :
> Dear HAProxy friends,
>
>
>
> we were debugging an issue in one of our
On Mon, Jun 03, 2024 at 08:16:04PM +0200, Ilia Shipitsin wrote:
> FreeBSD-13.2 was removed from cirrus-ci, let's upgrade to 14.0,
> also, pcre is EOL, let's switch to pcre2. lua is updated to 5.4
Merged, thanks!
--
William Lallemand
Hi Willy,
On 30/05/2024 16:08, Willy Tarreau wrote:
> Hi Matthieu,
>
> finally a bit more available again...
>
> On Fri, Apr 26, 2024 at 06:34:02PM +0200, Matthieu Baerts wrote:
>>> I *am* interested in the feature, which has been
>>> floating around for a few years already. However I tend to
Hi Willy,
On 30/05/2024 15:48, Willy Tarreau wrote:
> Hi Dorian,
>
> I'm now done with the release and having more time to read your
> work. First, thanks for this update. I understand that you're almost
> running out of time on this topic which must be completed before
> June so I'm not going
On Fri, May 31, 2024 at 05:04:14PM +0200, Ilia Shipitsin wrote:
> we are fine to skip some repos like languages and translations.
> this drops number of repos twice
Merged, thanks.
--
William Lallemand
Hi.
Anyone who have some Ideas how to fix the return way?
Regards
Alex
On 2024-05-27 (Mo.) 09:12, Aleksandar Lazic wrote:
Hi.
I have done some progress with the feature :-)
The test setup runs in 4 shells.
# shell1: curl -vk --connect-to www.test1.com:4433:127.0.0.1:8080 -H "Host:
пт, 31 мая 2024 г. в 01:16, William Lallemand :
> On Thu, May 30, 2024 at 10:31:14PM +0200, Ilia Shipitsin wrote:
> > Subject: [PATCH 2/3] CI: build-ssl.sh: allow to choose certain QuicTLS
> commit hash
> > ---
> > scripts/build-ssl.sh | 6 ++
> > 1 file changed, 6 insertions(+)
> >
> > diff
On Thu, May 30, 2024 at 10:31:14PM +0200, Ilia Shipitsin wrote:
> Subject: [PATCH 2/3] CI: build-ssl.sh: allow to choose certain QuicTLS commit
> hash
> ---
> scripts/build-ssl.sh | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
> index
On Thu, May 30, 2024 at 04:13:23PM +0200, Илья Шипицин wrote:
> feel free to modify it when applying. or I can send v2
>
Thanks, merged!
--
William Lallemand
On Thu, May 30, 2024 at 04:37:20PM +0200, Илья Шипицин wrote:
> чт, 30 мая 2024 г. в 16:12, William Lallemand :
>
> > On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> > > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit
> > > let's check and install only package is
чт, 30 мая 2024 г. в 16:12, William Lallemand :
> On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit
> > let's check and install only package is required
> > ---
> > .github/workflows/vtest.yml | 8
> > 1
чт, 30 мая 2024 г. в 16:14, Willy Tarreau :
> Hi Ilya,
>
> On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> > + ${{ contains(matrix.FLAGS, 'USE_LUA=1') &&
> 'liblua5.4-dev' || '' }} \
> > + ${{ contains(matrix.FLAGS, 'USE_PCRE2=1') &&
> 'libpcre2-dev'
On Thu, May 30, 2024 at 04:12:02PM +0200, William Lallemand wrote:
> On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit
> > let's check and install only package is required
> > ---
> > .github/workflows/vtest.yml |
Hi Ilya,
On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> + ${{ contains(matrix.FLAGS, 'USE_LUA=1') && 'liblua5.4-dev' ||
> '' }} \
> + ${{ contains(matrix.FLAGS, 'USE_PCRE2=1') && 'libpcre2-dev' ||
> '' }} \
> + ${{ contains(matrix.FLAGS,
feel free to modify it when applying. or I can send v2
чт, 30 мая 2024 г. в 16:12, William Lallemand :
> On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit
> > let's check and install only package is required
> >
On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote:
> Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit
> let's check and install only package is required
> ---
> .github/workflows/vtest.yml | 8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git
Hi Matthieu,
finally a bit more available again...
On Fri, Apr 26, 2024 at 06:34:02PM +0200, Matthieu Baerts wrote:
> > I *am* interested in the feature, which has been
> > floating around for a few years already. However I tend to agree with
> > Nicolas that, at least for the principle of least
Hi Dorian,
I'm now done with the release and having more time to read your
work. First, thanks for this update. I understand that you're almost
running out of time on this topic which must be completed before
June so I'm not going to make you waste your time. Some comments
below.
On Thu, May 16,
On Wed, May 29, 2024 at 09:59:13PM +0200, Ilia Shipitsin wrote:
> GitHub has launched Ubuntu 24.04 runners in beta.
> While runners are not yet stable, switching to them
> has shown some inconsistance in pipeline which is better
> to be resolved before actual upgrade to Ubuntu 24.04
>
> Ilia
On Wed, May 29, 2024 at 07:55:32PM +0200, Tim Duesterhus wrote:
> HAProxy 2.2 is the lowest supported version, thus this always matches.
(...)
Both patches applied, thank you Tim!
Willy
Hi Tim,
On Wed, May 29, 2024 at 07:48:10PM +0200, Tim Düsterhus wrote:
> Hi
>
> On 5/29/24 17:07, Willy Tarreau wrote:
> > HAProxy 3.0.0 was released on 2024/05/29.
>
> Congratulations on the successful release!
Thanks!
> I've just opened a PR for the "Official Docker Images" to add HAProxy
Hi
On 5/29/24 17:07, Willy Tarreau wrote:
HAProxy 3.0.0 was released on 2024/05/29.
Congratulations on the successful release!
I've just opened a PR for the "Official Docker Images" to add HAProxy
3.1: https://github.com/docker-library/haproxy/pull/234
And of course it wouldn't be a real
_PROXY_TUNNEL_SEND | CO_FL_UPSTREAM_PROXY_TUNNEL_RECV,
+
};
/* This function is used to report flags in debugging tools. Please reflect
@@ -241,6 +249,8 @@ enum {
CO_ERR_SSL_FATAL,/* SSL fatal error during a SSL_read or SSL_write */
CO_ER_REVERSE, /* Error during reverse connect */
On Thu, May 23, 2024 at 03:58:45PM +0100, William Manley wrote:
> I can also report that I no longer need to avoid `nbthread 1` in the config
> on the node. Presumably thanks to ceebb09744df367ad84586a341d9336f84f72bce
> "rhttp: fix preconnect on single-thread".
BTW keep in mind that connections
{
/* first cache line */
enum obj_type obj_type; /* differentiates connection from applet context */
unsigned char err_code; /* CO_ER_* */
- signed short send_proxy_ofs; /* <0 = offset to (re)send from the end, >0 = send all (reused for SOCKS4) */
+ signed short send_proxy_o
quot;rhttp: fix preconnect on single-thread".
Indeed. I completely forgot this issue and re-stumbled onto it while
implementing the latest rhttp features.
--
Amaury Denoyelle
On Thu, May 23, 2024, at 3:52 PM, William Manley wrote:
> On Thu, May 23, 2024, at 3:45 PM, Amaury Denoyelle wrote:
> > On Thu, May 23, 2024 at 02:47:15PM +0100, William Manley wrote:
> > > On Thu, May 23, 2024, at 2:08 PM, Amaury Denoyelle wrote:
> > > > On Thu, May 23, 2024 at 11:55:13AM +0100,
On Thu, May 23, 2024, at 3:45 PM, Amaury Denoyelle wrote:
> On Thu, May 23, 2024 at 02:47:15PM +0100, William Manley wrote:
> > On Thu, May 23, 2024, at 2:08 PM, Amaury Denoyelle wrote:
> > > On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote:
> > > > On Thu, May 23, 2024, at 11:34 AM,
On Thu, May 23, 2024 at 02:47:15PM +0100, William Manley wrote:
> On Thu, May 23, 2024, at 2:08 PM, Amaury Denoyelle wrote:
> > On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote:
> > > On Thu, May 23, 2024, at 11:34 AM, William Manley wrote:
> > > > On Thu, May 23, 2024, at 10:08 AM,
On Thu, May 23, 2024, at 2:08 PM, Amaury Denoyelle wrote:
> On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote:
> > On Thu, May 23, 2024, at 11:34 AM, William Manley wrote:
> > > On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote:
> > > > On Wed, May 22, 2024 at 04:58:44PM
On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote:
> On Thu, May 23, 2024, at 11:34 AM, William Manley wrote:
> > On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote:
> > > On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote:
> > > > On Wed, May 22, 2024, at 1:06 PM,
On Thu, May 23, 2024, at 11:34 AM, William Manley wrote:
> On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote:
> > On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote:
> > > On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote:
> > > > FYI, I just merged a series of fix to
On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote:
> On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote:
> > On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote:
> > > FYI, I just merged a series of fix to improve reverse HTTP. It is now
> > > possible to use PROXY
On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote:
> On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote:
> > FYI, I just merged a series of fix to improve reverse HTTP. It is now
> > possible to use PROXY protocol on preconnect stage. Also, you have the
> > availability to use
On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote:
> FYI, I just merged a series of fix to improve reverse HTTP. It is now
> possible to use PROXY protocol on preconnect stage. Also, you have the
> availability to use PROXY v2 TLV to differentiate connections. Note
> however that PROXY
On Tue, May 14, 2024, at 3:48 PM, Amaury Denoyelle wrote:
> On Wed, May 08, 2024 at 11:43:11AM +0100, William Manley wrote:
> > An attach-srv config line usually looks like this:
> > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN)
> > while a rhttp server line usually looks like
On Wed, May 15, 2024 at 09:41:42PM +0200, Ilia Shipitsin wrote:
> Subject: [PATCH] CI: scripts/build-ssl.sh: loudly fail on unsupported
> platforms
> ---
> scripts/build-ssl.sh | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
> index
On Tue, May 14, 2024 at 04:48:16PM +0200, Amaury Denoyelle wrote:
> On Wed, May 08, 2024 at 11:43:11AM +0100, William Manley wrote:
> > An attach-srv config line usually looks like this:
> > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN)
> > while a rhttp server line usually looks
Hi.
I have added fcgi trace
```
global
log stdout format raw daemon debug
pidfile /data/haproxy/run/haproxy.pid
# maxconn auto config from hap
# nbthread auto config from hap
master-worker
#tune.comp.maxlevel 5
expose-experimental-directives
trace fcgi sink stdout
On Sun, May 12, 2024 at 05:08:34PM +0200, Tim Duesterhus wrote:
> When support for UUIDv7 was added in commit
> aab6477b67415c4cc260bba5df359fa2e6f49733
> the specification still was a draft.
>
> It has since been published as RFC 9562.
Excellent timing ;-)
Now merged, thank you Tim!
Willy
Hi Guys,
Was this something you needed?
I'd appreciate an answer. Happy to help.
Best wishes,
Sami
On Mon, May 6, 2024 at 1:10 PM M Sami Kerrouche <
s...@londonmedialounge.co.uk> wrote:
> Hi,
>
> I am waiting for you on our call that you booked.
>
> Let me know if you'd like to reschedule.
>
On Wed, May 08, 2024 at 11:43:11AM +0100, William Manley wrote:
> An attach-srv config line usually looks like this:
> tcp-request session attach-srv be/srv name ssl_c_s_dn(CN)
> while a rhttp server line usually looks like this:
> server srv rhttp@ sni req.hdr(host)
> The server sni
пн, 13 мая 2024 г. в 11:29, William Lallemand :
> On Thu, May 09, 2024 at 10:24:55PM +0200, Илья Шипицин wrote:
> > sorry for th delay.
> >
> > indeed, it's better to drop asan redirection. I sent a patch to the list.
> >
> > for my defence I can say that in my experiments asan.log worked as
>
On Thu, May 09, 2024 at 10:19:17PM +0200, Ilia Shipitsin wrote:
> for some reasons it appeared to be a good idea
> to collect ASAN log separately from VTest error logs,
> but also it appeared to work poorly in real life (compared to
> specially prepared synthetic environments).
>
> let drop
On Thu, May 09, 2024 at 10:24:55PM +0200, Илья Шипицин wrote:
> sorry for th delay.
>
> indeed, it's better to drop asan redirection. I sent a patch to the list.
>
> for my defence I can say that in my experiments asan.log worked as expected
> :)
>
No worries, we had a change of distribution
an HTTP-Enpoint, reporting the MySQL-state.
Then haproxy is making a HTTP-Request for monitoring and allows us to configure
expected response code & content.
Cheers
Marno
Von: Willy Tarreau
Datum: Freitag, 10. Mai 2024 um 14:28
An: Iglesias Paz, Jaime
Cc: haproxy@formilux.org
Betreff: [EXT
Hello,
On Fri, May 10, 2024 at 12:00:17PM +, Iglesias Paz, Jaime wrote:
> Hey guys, I have a problem with HAProxy and Galera Cluster v4 MySQL (3
> nodes). I boot the HAProxy server and it returns the following error:
>
> may 10 13:48:20 phaproxysql1 haproxy[661]: Proxy stats started.
> may
On Mon, May 06, 2024 at 08:16:34PM +0200, Björn Jacke wrote:
> On 06.05.24 15:34, Shawn Heisey wrote:
> > On 5/6/24 06:02, Björn Jacke wrote:
> > > frontend ft_443
> > > bind :::443 ssl crt /ssl/combined.pem
> > > bind quic6@:443 ssl crt /ssl/combined.pem alpn h3
> > > option
On Wed, May 08, 2024 at 01:19:22PM +, Dorian Craps wrote:
> first of all, thank you for your interest.
>
> I already made a version with an option to enable MPTCP
> -https://github.com/CrapsDorian/haproxy/pull/1
>
> I'm working on a new version with "mptcp@address" as Willy requested.
OK,
first of all, thank you for your interest.
I already made a version with an option to enable MPTCP
-https://github.com/CrapsDorian/haproxy/pull/1
I'm working on a new version with "mptcp@address" as Willy requested.
Dorian
On Thu, Apr 25, 2024, at 2:07 PM, Amaury Denoyelle wrote:
> Sorry for the delay. We have rediscussed this issue this morning and
> here is my answer on your patch.
Sorry for the even larger delay in responding :). Thanks for looking at this.
> It is definitely legitimate to want to be able to
Hi Dominik,
On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
wrote:
The closest I’ve gotten is the “curves” property:
https://docs.haproxy.org/2.8/configuration.html#5.1-curves
However, I think it only restricts the available elliptic curves in a ECDHE
handshake, but it does not prevent a
Hi!
On Tue, May 07, 2024 at 02:23:02AM +, PR Bot wrote:
> Author: zhibin.zhu
> Number of patches: 1
>
> This is an automated relay of the Github pull request:
>fix show-sess-to-flags.sh cob fd state
(...)
> From 95be08c6f4f382ec1b0e34765d4c1f09ddcdebb6 Mon Sep 17 00:00:00 2001
> From:
hi and sorry for the long reply.
I will let you know once it is officially release, it needs to pass our QA
test still.
Kind regards.
On Mon, 6 May 2024 at 22:52, Mahendra Patil
wrote:
> any update when we can get 3.2.3 release
>
> On Wed, Apr 3, 2024 at 10:51 AM David CARLIER wrote:
>
>>
any update when we can get 3.2.3 release
On Wed, Apr 3, 2024 at 10:51 AM David CARLIER wrote:
> Hi all,
>
> Thanks for your report. This is a known issue the 3.2.3 release is
> scheduled within this month.
>
> Regards.
>
> On Wed, 3 Apr 2024 at 04:38, Willy Tarreau wrote:
>
>> Hello,
>>
>> On
On 06.05.24 15:34, Shawn Heisey wrote:
On 5/6/24 06:02, Björn Jacke wrote:
frontend ft_443
bind :::443 ssl crt /ssl/combined.pem
bind quic6@:443 ssl crt /ssl/combined.pem alpn h3
option tcp-smart-accept
http-after-response add-header alt-svc 'h3=":443"; ma=600;
persistent=1'
On 5/6/24 06:02, Björn Jacke wrote:
frontend ft_443
bind :::443 ssl crt /ssl/combined.pem
bind quic6@:443 ssl crt /ssl/combined.pem alpn h3
option tcp-smart-accept
http-after-response add-header alt-svc 'h3=":443"; ma=600; persistent=1'
frontend ft_quic_test
mode tcp
, and we can
likely consider that new attacks targeting this protocol will pop up as
it becomes widespread.
In fact, that's already the case:
See: CVE-2024-26708: mptcp: really cope with fastopen race
or CVE-2024-26826: mptcp: fix data re-injection from stale subflow
or CVE-2024-26782 kernel
On Sun, May 05, 2024 at 01:43:33PM +0200, ??? wrote:
> updated patches.
Cool, thanks, now applied.
> I'll address reorg to "compat.h" a bit later, once it is settled in my head
No worries, I've seen your other comment about the need to include
pthread.h, and this alone would be a good
updated patches.
I'll address reorg to "compat.h" a bit later, once it is settled in my head
вс, 5 мая 2024 г. в 12:48, Илья Шипицин :
> I will test and send simplified patch, i.e. I'll patch directly clock.c
>
> if we want to move that macro to compat.h, I'd postpone that for some
>
I will test and send simplified patch, i.e. I'll patch directly clock.c
if we want to move that macro to compat.h, I'd postpone that for some
investigation
1) we will need to include "pthread.h" from compat.h (currently it's not
true)
2) we will need to make sure compat.h is included everywhere
On Sun, May 05, 2024 at 11:15:24AM +0200, ??? wrote:
> ??, 5 ??? 2024 ?. ? 10:42, Willy Tarreau :
>
> > On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote:
> > > On 05. 05. 2024. 08:32, Willy Tarreau wrote:
> > > > On Sun, May 05, 2024 at 07:49:55AM +0200, ???
вс, 5 мая 2024 г. в 10:42, Willy Tarreau :
> On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote:
> > On 05. 05. 2024. 08:32, Willy Tarreau wrote:
> > > On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote:
> > >> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac :
> > >>> I think
On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote:
> On 05. 05. 2024. 08:32, Willy Tarreau wrote:
> > On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote:
> >> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac :
> >>> I think that this patch is not satisfactory because, for
On Sun, May 05, 2024 at 08:52:08AM +0200, ??? wrote:
> > I'm wondering what the point of defining _POSIX_THREAD_CPUTIME can be
> > then :-/
> >
> > Just guessing, are you sure you're building with -pthread -lrt ? Just in
> > case, please double-check with V=1. Solaris sets USE_RT, but
On 05. 05. 2024. 08:32, Willy Tarreau wrote:
> On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote:
>> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac :
>>> I think that this patch is not satisfactory because, for example, Solaris
>>> 11.4.0.0.1.15.0 (from 2018) has _POSIX_TIMERS and
вс, 5 мая 2024 г. в 08:32, Willy Tarreau :
> On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote:
> > ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac :
> >
> > > On 04. 05. 2024. 17:36, Ilya Shipitsin wrote:
> > > > this function is considered optional for POSIX and not implemented
> > > >
On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote:
> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac :
>
> > On 04. 05. 2024. 17:36, Ilya Shipitsin wrote:
> > > this function is considered optional for POSIX and not implemented
> > > on Illumos
> > >
> > > Reference:
> >
вс, 5 мая 2024 г. в 02:05, Miroslav Zagorac :
> On 04. 05. 2024. 17:36, Ilya Shipitsin wrote:
> > this function is considered optional for POSIX and not implemented
> > on Illumos
> >
> > Reference:
> https://www.gnu.org/software/gnulib/manual/html_node/pthread_005fgetcpuclockid.html
> >
On 04. 05. 2024. 17:36, Ilya Shipitsin wrote:
> this function is considered optional for POSIX and not implemented
> on Illumos
>
> Reference:
> https://www.gnu.org/software/gnulib/manual/html_node/pthread_005fgetcpuclockid.html
> According to
>
On Thu, 2 May 2024 at 19:50, Lukas Tribus wrote:
>
> On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
> wrote:
> > The closest I’ve gotten is the “curves” property:
> > https://docs.haproxy.org/2.8/configuration.html#5.1-curves
> >
> > However, I think it only restricts the available elliptic
On Tue, Apr 30, 2024 at 04:11:25PM +0200, Ilia Shipitsin wrote:
> NetBSD image was updated to 10.0, pcre2 is available out
> of box now
(...)
Both merged now, thank you Ilya!
Willy
On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
wrote:
> The closest I’ve gotten is the “curves” property:
> https://docs.haproxy.org/2.8/configuration.html#5.1-curves
>
> However, I think it only restricts the available elliptic curves in a ECDHE
> handshake, but it does not prevent a TLS 1.3
On Thu, 2 May 2024 at 15:22, Roberto Carna wrote:
>
> Dear all, I have HAproxy in front of a web server node.
>
> I want the web server node to accept just 1000 concurrent connections.
>
> So I want to use the maxconn parameter in order to let new connections
> above 1000 to wait until the web
I'd try openssl.cnf
чт, 2 мая 2024 г. в 17:17, Froehlich, Dominik :
> Hello everyone,
>
>
>
> I’m hardening HAProxy for CVE-2002-20001 (DHEAT attack) at the moment.
>
>
>
> For TLS 1.2 I’m using the “tune.ssl.default-dh-param” option to limit the
> key size to 2048 bit so that an attacker can’t
Hi,
I can forward the pricing and other details for your consideration.
awaiting for positive response.
Bonny Rodger
From: Bonny Rodger
Sent: Monday, April 22, 2024 4:37 PM
To: haproxy@formilux.org
Subject: Updated list RSA Conference 2024
Hi,
Recently updated Attendees contacts of RSA
Hi there,
Hope all is well!
I'm following up on my previous email.
Just wondering if you received it.
Please let me know if you are interested in a new article for your website.
Cheers,
*Raddie Kalytenko*
On Thu, Apr 25, 2024 at 5:45 PM Raddie Kalytenko
wrote:
> Hi there,
> I hope you are
Hi,
On Sat, Apr 27, 2024 at 02:06:54AM +0200, Aleksandar Lazic wrote:
> Hi Lokesh.
>
> On 2024-04-27 (Sa.) 01:41, Lokesh Jindal wrote:
> > Hey folks
> >
> > I have found that there is no operator "del-cookie" in HAProxy to delete
> > cookies from the request. (HAProxy does support the operator
1 - 100 of 29004 matches
Mail list logo