[ANNOUNCE] haproxy-1.6-dev3
Hi all, we've fixed quite some bugs since 1.6-dev2 and I'm absent next week (going to the HTTP workshop), so I thought it would be nice to issue a new version in better shape than the last one. I counted 55 patches among which 15 bugs. Regarding the important issues that were fixed : - LRU cache could possibly cause a crash when expiring old entries - http-request set-var was not practically usable to a freezing bug if the expression did not properly evaluate - HTTP pipelining bug causing information leak (CVE-2015-3281) - improper parsing of some TLV headers in proxy v2 protocol (namespaces part) - tcp-request {content,connection} accept was broken and considered as a reject after addition of an action registration mechanism - 51d sample fetch missing some proper const tags resulting in a risk that some further converters modify the input in the buffer or LRU cache - off-by-one in the dns parsing code causing memory corruption with hostnames ending on a malloc boundary The other ones are less important. Some improvements were brought as well : - netbsd 6.0 now builds - 51d sample fetch now makes use of the LRU cache to speed up operations - new set-src target for http-request rules. Does the same as accept-proxy but for use with HTTP headers for example (sets the client address to the contents of the expression). - it's now possible to send an SNI when connecting to a server. This is useful in virtual-hosted environments. - switch all integer operations to 64-bits in sample fetches and patterns - make arithmetic operators use saturated arithmetic instead of overflowing, that makes size checks safer especially when dealing with content lengths or advertised payload lengths - all arithmetic operators now also accept a variable as an alternative to a constant, which makes it possible to add/multiply/divide values. Baptiste has almost finished the cleanup of the state reload code that should be mergeable soon. I understood that the DNS code will experience a revamping at some point and will be improved to support init-addr. On my side I have started to make small steps towards the ability to reuse backend connections between multiple front connections. It's a bit tricky but not that much anymore. I don't know if it will be finished for 1.6-final, at least I want to ensure that the infrastructure is ready for it so that we don't have to start to break everything when opening 1.7 for HTTP/2. As usual, if you see that some patches you sent are missing, feel free to resend. And bug reports are always welcome! For those who would like to contribute something and have no idea where to start, I noticed that the sample-fetch section of the doc started to become a bit heavy with many redundant parts since the addition of variables. I think that adding a dedicated section about variables would make some sense and would add an opportunity to explain how to properly use them. Here's a copy-paste of the small changelog (the smallest of a dev branch for a long time) : 2015/07/22 : 1.6-dev3 - CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type() - MEDIUM: http: Add new 'set-src' option to http-request - DOC usesrc root privileges requirments - BUG/MINOR: dns: wrong time unit for some DNS default parameters - MINOR: proxy: bit field for proxy_find_best_match diff status - MINOR: server: new server flag: SRV_F_FORCED_ID - MINOR: server: server_find functions: id, name, best_match - DOC: dns: fix chapters syntax - BUILD/MINOR: tools: rename popcount to my_popcountl - BUILD: add netbsd TARGET - MEDIUM: 51Degrees code refactoring and cleanup - MEDIUM: 51d: add LRU-based cache on User-Agent string detection - DOC: add notes about the 51degrees-cache-size parameter - BUG/MEDIUM: 51d: possible incorrect operations on smp-data.str.str - BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing - MINOR: Add sample fetch to detect Supported Elliptic Curves Extension - BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext - BUG/MINOR: lua: type error in the arguments wrapper - CLEANUP: vars: remove unused struct - BUG/MINOR: http/sample: gmtime/localtime can fail - MINOR: standard: add 64 bits conversion functions - MAJOR: sample: converts uint and sint in 64 bits signed integer - MAJOR: arg: converts uint and sint in sint - MEDIUM: sample: switch to saturated arithmetic - MINOR: vars: returns variable content - MEDIUM: vars/sample: operators can use variables as parameter - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - BUILD/MINOR: lua: fix a harmless build warning - BUILD/MINOR: stats: fix build warning due to condition always true - BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon - BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags - BUILD/MINOR: lua: ensure that
How to run tests after building Haproxy 1.5?
Hello, I rebuilt haproxy1.5 from source and it compiled and runs fine. But how do i run unit/regression tests on it? I notice that there is a tests folder but unable to fin documentation on how to run them. Thanks for any tips.
[PATCH] BUG/MINOR: mailer: DATA part must be terminated with CRLF.CRLF
Hi Willy, Please check attached patch to solve not being able to send a mail to a exchange server as discussed in previous mail thread. http://marc.info/?l=haproxym=143708032708431w=2 Is it correct like this? Thanks for the great software :). Regards, Pieter From 50b34a494a9cd40536454591234f46d8d5e1abfb Mon Sep 17 00:00:00 2001 From: Pieter Baauw piba.nl@gmail.com Date: Wed, 22 Jul 2015 19:51:54 +0200 Subject: [PATCH] BUG/MEDIUM: mailer: DATA part must be terminated with CRLF.CRLF The dot is send in the wrong place. As defined in https://www.ietf.org/rfc/rfc2821.txt 'the character sequence CRLF.CRLF ends the mail text' --- src/checks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 2179d4f..e386bee 100644 --- a/src/checks.c +++ b/src/checks.c @@ -3243,8 +3243,8 @@ static int enqueue_one_email_alert(struct email_alertq *q, const char *msg) Subject: [HAproxy Alert] , msg, \n, \n, msg, \n, - .\r\n, \r\n, + .\r\n, NULL }; -- 1.9.5.msysgit.1
Re: ocsp
Hi, On Mon, 20 Jul 2015 11:50:50 +0200, Marc-Antoine marc-antoine.b...@ovh.net wrote : Hi Lukas, frontend cluster:443 bind 1.2.3.4:443 ssl strict-sni crt /home/provisionning/0.pem crt /home/provisionning/cluster.d default_backend cluster capture request header Host len 255 using this conf i made some tests. here is /home/provisionning content case and result : --- 1) ./0.pem.ocsp ./0.pem ./0.pem.issuer ./cluster.d/8640.pem.ocsp ./cluster.d/8640.pem.issuer ./cluster.d/8485.pem.ocsp ./cluster.d/8485.pem.issuer ./cluster.d/8485.pem ./cluster.d/8640.pem = ocsp stapling is working for all certs 2) ./0.pem.ocsp ./0.pem ./0.pem.issuer ./cluster.d/8485.pem.ocsp ./cluster.d/8485.pem.issuer ./cluster.d/8485.pem ./cluster.d/8640.pem = ocsp stapling is working for 0 and 8485 certs and broken for 8640 cert 3) ./0.pem.ocsp ./0.pem ./0.pem.issuer ./cluster.d/8640.pem.ocsp ./cluster.d/8640.pem.issuer ./cluster.d/8485.pem ./cluster.d/8640.pem = ocsp stapling is working 0 and 8640 certs and broken for 8485 cert 4) ./0.pem ./cluster.d/8640.pem.ocsp ./cluster.d/8640.pem.issuer ./cluster.d/8485.pem.ocsp ./cluster.d/8485.pem.issuer ./cluster.d/8485.pem ./cluster.d/8640.pem = ocsp stapling is broken for all certs --- is that a normal behavior ? i think ocsp stapling should work for 8485 and 8640 certs in case 4. Regards, --- HA-Proxy version 1.5.8 2014/10/31 Copyright 2000-2014 Willy Tarreau w...@1wt.eu Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.30 2012-02-04 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. --- If ocsp file is too old or empty for example, i got warning. Regards, On Fri, 17 Jul 2015 21:50:34 +0200, Lukas Tribus luky...@hotmail.com wrote : Hi Marc, Hi all, I have some problem making ocsp stapling working. here is what i did : I have 8150.pem with chain, cert and key in it. I have 8150.pem.ocsp that seems ok : # openssl ocsp -respin 8150.pem.ocsp -text -CAfile alphassl256.chain OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: 9F10D9EDA5260B71A677124526751E17DC85A62F Produced At: Jul 9 09:47:04 2015 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 84D56BF8098BD307B766D8E1EBAD6596AA6B6761 Issuer Key Hash: F5CDD53C0850F96A4F3AB797DA5683E669D268F7 Serial Number: 11216784E7CA1813F3AD922B60EAF6428EE0 Cert Status: good This Update: Jul 9 09:47:04 2015 GMT Next Update: Jul 9 21:47:04 2015 GMT No error/warn at haproxy launching but not sure haproxy is loading .ocsp file because no notice in log. But nothing in tlsextdebug : echo Q | openssl s_client -connect www.beluc.fr:443 -servername www.beluc.fr -tlsextdebug -status -CApath /etc/ssl/certs [...] OCSP response: no response sent [...] Do you see smth wrong ? What can i do in order to debug? Can you provide the output of haproxy -vv please and a config snippet (the frontend ssl configuration)? Do you see a warning if 8150.pem.ocsp contains garbage when you restart haproxy? Regards, Lukas -- Marc-Antoine
Re: Contribution: change response line
Right. This is helpful when the logical is complicated. ACL might not be enough in that case. Can I get some feedback from LUA experts? Thanks! Best, Bowen On Mon, Jul 13, 2015 at 12:17 AM, Baptiste bed...@gmail.com wrote: On Mon, Jul 13, 2015 at 7:22 AM, Bowen Ni bowen1...@gmail.com wrote: Hi, With Lua integration in HAProxy 1.6, one can change the request method, path, uri, header, response header etc except response line. Hi Bowen, You can already change the fields above using HAProxy 1.6 statements: http-request and http-response. http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#http-request http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#http-response You don't need lua for this, unless your changes are complicated and you can find a converter which does the transformation you need: http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#7.3.1 I'd like to contribute the following methods to allow modification of the response line. Actually, that's right, HAProxy, there are currently no http-response set-return-code in haproxy. I let the LUA experts answer you on the rest of the mail :) Baptiste
Re: [PATCH] BUG/MINOR: mailer: DATA part must be terminated with CRLF.CRLF
On Wed, Jul 22, 2015 at 08:06:49PM +0200, PiBa-NL wrote: Hi Willy, Please check attached patch to solve not being able to send a mail to a exchange server as discussed in previous mail thread. http://marc.info/?l=haproxym=143708032708431w=2 Is it correct like this? Perfect, I've merged it now. Thanks! Willy
Re: Service down with TCP
On Tue, Jul 21, 2015 at 6:25 PM, Thibault LABRUT t.lab...@pickup-services.com wrote: Hello, I implemented the tcp flow at my haproxy . The problem is that since haproxy service stops after 5 minutes. I have seen rine especially in logs except this: kernel: Traps : haproxy [ 11939 ] Common IP protection : 7fe1ddc19f1a sp : 7fff12c2d580 error: 0 in haproxy [ + 7fe1ddbd5000 b6000 ] haproxy - systemd -wrapper : haproxy - systemd -wrapper : exit , haproxy RC = 0 Here is a sample configuration: frontend tcp_33101 fashion tcp tcplog option option tcpka capture request header Host len 200 bind 192.168.100.98:33101 default_backend prod_tools_tcp_33101 backend prod_tools_tcp_33101 fashion tcp tcplog option option tcpka server srv- prod_tools_tcp_33101-01 XXX.XXX.XXX.XXX:33101 check weight 100 Best regards, Thibault Hi Thibault, What troubleshooting steps have you already performed? Have you dug into systemd? NOTE: Please don't use a translator with your HAProxy configuration. That's why now, haproxy is in fashion tcp instead of mode tcp. Baptiste
Re: tcp-request + gpc ACLs
On Mon, Jul 20, 2015 at 8:19 PM, bjun...@gmail.com bjun...@gmail.com wrote: 2015-07-13 18:07 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: Hi, i'm using stick-tables to track requests and block abusers if needed. Abusers should be blocked only for a short period of time and i want a stick-table entry to expire. Therefore, i have to check if the client is already marked as an abuser and do not track this client. example config: frontend fe_http_in bind 127.0.0.1:8001 stick-table type ip size 100k expire 600s store gpc0 # Not working # acl is_overlimit sc0_get_gpc0(fe_http_in) gt 0 # Working # acl is_overlimit src_get_gpc0(fe_http_in) gt 0 tcp-request connection track-sc0 src if !is_overlimit default_backend be backend be ... incrementing gpc0 ( with sc0_inc_gpc0) ... If i use sc0_get_gpc0, the stick-table entry will never expire because the timer will be resetted (tcp-request connection track-sc0 ... seems to ignore this acl). With src_get_gpc0 everything works as expected. Both ACL's are correct and triggered (verified with debug headers (http-response set-header ...)) What's the difference between these ACL's in conjunction with tcp-request connection track-sc0 ... ? Is this a bug or intended behaviour ? --- Bjoern Has anyone observed the same behaviour or knowing if this is the correct behaviour? --- Bjoern Hi, This is not doable in 1.5. In up coming 1.6, you can copy the data into a blacklist purpose stick table with an expire argument, then use the in_table converter to know if a request is blacklisted or not. When you use sc0_* function, you refresh the data in the table. Baptiste
Re: Service down with TCP
Hi, Few notes: - If I disable the tcp services haproxy remains stable - I see the same behavior on both haproxy servers Sorry for the conf . De : Baptiste bed...@gmail.commailto:bed...@gmail.com Date : mercredi 22 juillet 2015 09:38 À : Thibault Labrut t.lab...@pickup-services.commailto:t.lab...@pickup-services.com Cc : haproxy@formilux.orgmailto:haproxy@formilux.org haproxy@formilux.orgmailto:haproxy@formilux.org Objet : Re: Service down with TCP On Tue, Jul 21, 2015 at 6:25 PM, Thibault LABRUT t.lab...@pickup-services.commailto:t.lab...@pickup-services.com wrote: Hello, I implemented the tcp flow at my haproxy . The problem is that since haproxy service stops after 5 minutes. I have seen rine especially in logs except this: kernel: Traps : haproxy [ 11939 ] Common IP protection : 7fe1ddc19f1a sp : 7fff12c2d580 error: 0 in haproxy [ + 7fe1ddbd5000 b6000 ] haproxy - systemd -wrapper : haproxy - systemd -wrapper : exit , haproxy RC = 0 Here is a sample configuration: frontend tcp_33101 fashion tcp tcplog option option tcpka capture request header Host len 200 bind 192.168.100.98:33101 default_backend prod_tools_tcp_33101 backend prod_tools_tcp_33101 fashion tcp tcplog option option tcpka server srv- prod_tools_tcp_33101-01 XXX.XXX.XXX.XXX:33101 check weight 100 Best regards, Thibault Hi Thibault, What troubleshooting steps have you already performed? Have you dug into systemd? NOTE: Please don't use a translator with your HAProxy configuration. That's why now, haproxy is in fashion tcp instead of mode tcp. Baptiste
Haproxy and http chunked trailers
Hi, We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. We have haproxy forwarding the trailers to Apache tomcat and it is all working fine, I just wanted to confirm from the group that it is working by design and won¹t stop working in some future release :) Our request looks like this: telnet somehost 80 POST /some-path HTTP/1.1 Authorization: Basic = Host: somehost.domain.com Transfer-Encoding: chunked Trailer: My-Test-Trailer 50 111 1 0 My-Test-Trailer: some-value-new As I said, the trailer My-Test-Trailer is forwarded to the backends and all good as of now. Thanks Sachin
Re: Haproxy and http chunked trailers
❦ 22 juillet 2015 17:22 +0530, Sachin Shetty sshe...@egnyte.com : We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. Are they supported by browsers? Last time I checked, this was not the case (at least for the Cookies trailer for example). -- Lord, what fools these mortals be! -- William Shakespeare, A Midsummer-Night's Dream
Re: Haproxy and http chunked trailers
Well we are only going to use it for incoming uploads APIs, so as long as somebody can make a post request using some client library or handcoded http request, we are fine. We won’t be generating any trailers ourselves in the response. Thanks Sachin On 7/22/15, 5:38 PM, Vincent Bernat ber...@luffy.cx wrote: ❦ 22 juillet 2015 17:22 +0530, Sachin Shetty sshe...@egnyte.com : We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. Are they supported by browsers? Last time I checked, this was not the case (at least for the Cookies trailer for example). -- Lord, what fools these mortals be! -- William Shakespeare, A Midsummer-Night's Dream
Re: 1.6-dev2 crashes with certain server hostname
Hi Jan, On Thu, Jul 16, 2015 at 02:28:54AM +0200, Jan A. Bruder wrote: Hi all, this malloc crash occurs with and only with a certain hostname of one of my backends being added to the config. See redirector.domain.tld in the config below. Since this is a production server i had to mask the hostname. As a hint: The hostname does not contain any special characters, just alphabetic a-z characters. Interestingly if i change only a single letter anywhere in the hostname it doesn't crash anymore. Neither does it crash if i use it's IP instead of the hostname. How strange is that!? Also, i am using the same config with 1.5 stable without any problems. I have memories of an old resolver bug on some RHEL 5 or 6 that affected the libc, but you seem to be running debian so it shouldn't be the same bug. Are you sure your hostname properly resolves ? Your backtrace makes me think that something has corrupted memory, very likely overflown an area allocated using malloc/calloc. I don't know what could cause this and this sounds so new to me that if it's a bug it must be a very recent one. And since you're saying 1.5 is affected as well, I'm seriously wondering whether haproxy is the only culprit there or of the libc is complice as well. I don't know how to proceed from now on, the trace cannot be exploited since it basically shows that something went wrong before going down that route. Maybe running haproxy via valgrind could help figure what is happening. You're saying that this specific hostname only causes the problem. Out of curiosity, have you seen if it resolves in a specific way, maybe via a CNAME, in IPv6, or would have some extra fields associated with the record, etc ? I tried your configuration here and as you probably expect, I failed to reproduce the same problem. It would be nice also if you were able to reproduce the issues with the smallest possible config (eg: just a backend and a server line or something like this). But I suspect that at some point we'll have to try to reproduce with your exact hostname at least to see if it does something abnormal in the code :-/ Cheers, Willy
Re: Haproxy and http chunked trailers
Thanks Willy. Yeah trailers are rarely used and I am having a tough time making it work in Apache web server. Thanks for taking care of it in Haproxy from the start. :) On 7/22/15, 6:22 PM, Willy Tarreau w...@1wt.eu wrote: Hi Sachin, On Wed, Jul 22, 2015 at 05:22:00PM +0530, Sachin Shetty wrote: Hi, We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. We have haproxy forwarding the trailers to Apache tomcat and it is all working fine, I just wanted to confirm from the group that it is working by design and won¹t stop working in some future release :) Hehe that's a fun way to help spot future regressions :-) You should have specified the exact version you tested with. That said, chunked encoding was initially implemented with trailers support in both directions. That's typically the sort of thing you don't want to try to introduce later as it breaks the state machine and becomes much harder to do later than to do initially. So I was pretty sure it used to work, though I must confess I don't test them often :-) Cheers, Willy
Our company core competities produce non woven bag ,cooler bag ten years.
Dear sir,, Glad to hear that you are on the market for non woven and woven bag .We, Cangnan County Ding Shun Packaging Co., Ltd., is professional in non woven and woven bag for nearly 10 years, Hope to establish business relationship with you! Should you want know more about our company, pls visit Any comments, that'll be appreciated! Thanks. Best regards, Ken Company name: Cangnan County Dingshun Packing Co., Ltd. Tel: 86-15381468222 Fax: 86-0577-64316068 Email: i...@dingshunbag.com
Re: How to run tests after building Haproxy 1.5?
Maybe use software like Tsung, httpress etc. regards, ; Yuan On 07/23/2015 01:33 AM, Rishi Misra wrote: Hello, I rebuilt haproxy1.5 from source and it compiled and runs fine. But how do i run unit/regression tests on it? I notice that there is a tests folder but unable to fin documentation on how to run them. Thanks for any tips.
Re: 1.6-dev2 crashes with certain server hostname
On Wed, Jul 22, 2015 at 04:23:00PM +0200, Willy Tarreau wrote: The patch is not that small but is still readable so now I'm debugging. And here comes the fix, it was indeed a one byte overflow in the DNS code. Thanks for your report! Willy From d69d6f367879c52013946026239cb7d56c9f6f2b Mon Sep 17 00:00:00 2001 From: Willy Tarreau w...@1wt.eu Date: Wed, 22 Jul 2015 16:45:36 +0200 Subject: BUG/MAJOR: dns: fix the length of the string to be copied Jan A. Bruder reported that some very specific hostnames on server lines were causing haproxy to crash on startup. Given that hist backtrace showed some heap corruption, it was obvious there was an overflow somewhere. The bug in fact is a typo in dns_str_to_dn_label() which mistakenly copies one extra byte from the host name into the output value, thus effectively corrupting the structure. The bug triggers while parsing the next server of similar length after the corruption, which generally triggers at config time but could theorically crash at any moment during runtime depending on what malloc sizes are needed next. This is why it's tagged major. No backport is needed, this bug was introduced in 1.6-dev2. --- src/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dns.c b/src/dns.c index 37e041c..5bc57e5 100644 --- a/src/dns.c +++ b/src/dns.c @@ -947,7 +947,7 @@ char *dns_str_to_dn_label(const char *string, char *dn, int dn_len) if (dn_len i + offset) return NULL; - i = strlen(string) + offset; + i = strlen(string); memcpy(dn + offset, string, i); dn[i + offset] = '\0'; /* avoid a '\0' at the beginning of dn string which may prevent the for loop -- 1.7.12.2.21.g234cd45.dirty
garment supplier hope to cooperation with you
DearSir/miss, Ningbo kunchang garment co., ltd . We are privately owned knitwear manufacturer locates in Ningbo , China ,Near shanghai city , with 500 employees . We are a large-scale vertical garment company including printing factory , cutting and sewing factory all in house . We have monthly production capacity of 400,000pcs , and yearly turnover of us 9 million , The Garment produced by our cover women’s ,men’s and children’s knitwear ,including t-shirt , polo , rugby , sweatshirt , knitted pants and knitted dresses, The main export markets are Europe , united states , Canada , Australia ect , Among the valued customers are a numbers of leading international retailers and brands , such as golf , Pierre cardin , gintonic , kitaro , signum , lerros , befree , top secrect , roxy , foxect . International customers value the high quality of our production . We focus on using top quality yarn , excellent knitting and dying , finished fabric inspection ,and controlling , every step reflects the keen pursuit of quality standards by everyone at our , We have a strong sampling department , with computerized CAD systems, Three dedicated sampling lines , and an extensive fabric warehouse . This make it possible for our to deliver high quality salesman sample and develop sample in the shortest possible time . Best Regards Martin General manager ningbo kunchang fashion co., ltd tel:0086-574-88361859 add: Room605, no.68 gongmao road , gu'an cun, lianfeng road, yinzhou ,ningbo , china
Re: 1.6-dev2 crashes with certain server hostname
Jan, On Wed, Jul 22, 2015 at 02:50:12PM +0200, Willy Tarreau wrote: It would be nice also if you were able to reproduce the issues with the smallest possible config (eg: just a backend and a server line or something like this). But I suspect that at some point we'll have to try to reproduce with your exact hostname at least to see if it does something abnormal in the code :-/ Thanks to the config you sent me offline, I could reproduce it and narrow it down a such a simple config : backend b_media_http server r www.master.haproxy.org:80 check server w www.master.haproxy.org:80 check The name's length is critical, the change of port or check changes the error, but in all cases we are facing a memory corruption. I'm guessing it's related to a +/-1 in a name length (typically a trailing zero overwriting the malloc structure). As supposed it came with the DNS changes (the only ones affecting that area). I could bisect it to this commit : commit a68ca96375b76389322af877c32a9c47b5b6a3e0 Author: Baptiste Assmann bed...@gmail.com Date: Tue Apr 14 01:15:08 2015 +0200 MAJOR: server: add DNS-based server name resolution Relies on the DNS protocol freshly implemented in HAProxy. It performs a server IP addr resolution based on a server hostname. The patch is not that small but is still readable so now I'm debugging. Thanks for your detailed report! Willy
Re: Haproxy and http chunked trailers
Hi Sachin, On Wed, Jul 22, 2015 at 05:22:00PM +0530, Sachin Shetty wrote: Hi, We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. We have haproxy forwarding the trailers to Apache tomcat and it is all working fine, I just wanted to confirm from the group that it is working by design and won¹t stop working in some future release :) Hehe that's a fun way to help spot future regressions :-) You should have specified the exact version you tested with. That said, chunked encoding was initially implemented with trailers support in both directions. That's typically the sort of thing you don't want to try to introduce later as it breaks the state machine and becomes much harder to do later than to do initially. So I was pretty sure it used to work, though I must confess I don't test them often :-) Cheers, Willy