Re: Haproxy 1.6.9 failed to compile regex
Hello, Am 28.10.2016 um 01:03 schrieb Willy Tarreau: For the record: this has been fixed; and I also implemented the correct "Built with PCRE" information. Haproxy 1.6.10 will contain those fixes. ~/haproxy-1.6$ git log --oneline v1.6.9.. | grep PCRE dcdd2ae MINOR: show Built with PCRE version 3a011f1 BUG/MINOR: displayed PCRE version is running release ~/haproxy-1.6$ OK, this means I'll release 1.6.10 ASAP. I just want to take a look at a CLOSE_WAIT peer connection report I got which might explain certain cases of zombies after reload. Definitely, but there is certainly no urgency because of those PCRE issues here. Lukas
Re: Haproxy 1.6.9 failed to compile regex
On Thu, Oct 27, 2016 at 05:43:38PM +0200, Lukas Tribus wrote: > Hello, > > > Am 08.09.2016 um 17:48 schrieb Lukas Tribus: > > > > > Means that haproxy -vv reported "Built with PCRE version" version > > > wrong previously. That confused me. > > > > This returns the output of pcre_version() and yes, the text should be > > renamed to "Running with PCRE version", because the runtime library > > returns the version in this case. > > For the record: this has been fixed; and I also implemented the correct > "Built with PCRE" information. Haproxy 1.6.10 will contain those fixes. > > ~/haproxy-1.6$ git log --oneline v1.6.9.. | grep PCRE > dcdd2ae MINOR: show Built with PCRE version > 3a011f1 BUG/MINOR: displayed PCRE version is running release > ~/haproxy-1.6$ OK, this means I'll release 1.6.10 ASAP. I just want to take a look at a CLOSE_WAIT peer connection report I got which might explain certain cases of zombies after reload. Cheers, Willy
Re: Haproxy 1.6.9 failed to compile regex
Hello, Am 08.09.2016 um 17:48 schrieb Lukas Tribus: Means that haproxy -vv reported "Built with PCRE version" version wrong previously. That confused me. This returns the output of pcre_version() and yes, the text should be renamed to "Running with PCRE version", because the runtime library returns the version in this case. For the record: this has been fixed; and I also implemented the correct "Built with PCRE" information. Haproxy 1.6.10 will contain those fixes. ~/haproxy-1.6$ git log --oneline v1.6.9.. | grep PCRE dcdd2ae MINOR: show Built with PCRE version 3a011f1 BUG/MINOR: displayed PCRE version is running release ~/haproxy-1.6$ Cheers, Lukas
Re: Haproxy 1.6.9 failed to compile regex
Hello Veiko, Am 08.09.2016 um 13:11 schrieb Veiko Kukk: Yes, turned out, build box had newer pcre installed (7 vs 8 major version). Compiling pcre statically solved that error/problem. Good to hear. If you link against a shared library, you will have to make sure they match in major versions (same OS), otherwise you will have major problems with it (OpenSSL major release differences also lead to haproxy crashes). If you link statically to a library, you have to remember to upgrade the library and recompile haproxy, if the library has a vulnerability. Means that haproxy -vv reported "Built with PCRE version" version wrong previously. That confused me. This returns the output of pcre_version() and yes, the text should be renamed to "Running with PCRE version", because the runtime library returns the version in this case. BTW: openssl version is also reported wrong by haproxy -vv. OpenSSL informations on the other hand should be correct. "Built with" returns the build time OPENSSL_VERSION_TEXT and "Running on" makes the library return the version ("SSLeay_version(SSLEAY_VERSION)"). There is really no interpretation going on at haproxy level. Not sure why you would see different "Running on" informations on the same box, pointing to the same libssl and libcrypto library in the ldd output. That doesn't make sense to me. Lukas
Re: Haproxy 1.6.9 failed to compile regex
❦ 7 septembre 2016 16:42 CEST, Veiko Kukk: >> I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed >> by haproxy 1.6.9. Any ideas, why? > > Another strange issue is that 1.6.9 shows: > Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 > > System does have openssl 1.0.1e-48.el6_8.1 installed and nothing > else. So how is it possible that it's using different version than > system has? It could be statically compiled. Check with ldd. -- Too much is just enough. -- Mark Twain, on whiskey
Re: Haproxy 1.6.9 failed to compile regex
Am 07.09.2016 um 16:42 schrieb Veiko Kukk: On 07/09/16 14:37, Veiko Kukk wrote: I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed by haproxy 1.6.9. Any ideas, why? Another strange issue is that 1.6.9 shows: Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 System does have openssl 1.0.1e-48.el6_8.1 installed and nothing else. So how is it possible that it's using different version than system has? Do you compile on the same box were the executable runs? Looks like you have a mess with your system libraries. Compare "ldd haproxy" (working and non-working executable). You will probably see that it points to a different path (both pcre and openssl). Lukas
Re: Haproxy 1.6.9 failed to compile regex
On 07/09/16 14:37, Veiko Kukk wrote: I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed by haproxy 1.6.9. Any ideas, why? Another strange issue is that 1.6.9 shows: Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 System does have openssl 1.0.1e-48.el6_8.1 installed and nothing else. So how is it possible that it's using different version than system has? On the other hand - 1.6.8 reports proper openssl version: Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Veiko
Haproxy 1.6.9 failed to compile regex
Hi, I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed by haproxy 1.6.9. Any ideas, why? [ALERT] 250/112901 (12026) : parsing [/etc/haproxy/haproxy.cfg:57] : 'reqirep' : regular expression '^([^ :]*) /(.*)' : failed to compile regex '^([^ :]*) /(.*)' (error=unknown or incorrect option bit(s) set) [ALERT] 250/112901 (12026) : parsing [/etc/haproxy/haproxy.cfg:205] : 'reqidel' : regular expression '^If-Match:.*' : failed to compile regex '^If-Match:.*' (error=unknown or incorrect option bit(s) set) [ALERT] 250/112901 (12026) : parsing [/etc/haproxy/haproxy.cfg:279] : 'rspidel' : regular expression '^Content-Location' : failed to compile regex '^Content-Location' (error=unknown or incorrect option bit(s) set) Downgrading to 1.6.8 solves this error. # haproxy -vv HA-Proxy version 1.6.9 2016/08/30 Copyright 2000-2016 Willy TarreauBuild options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 7.8 2008-09-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built without Lua support Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. # haproxy -vv HA-Proxy version 1.6.8 2016/08/14 Copyright 2000-2016 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.3 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 7.8 2008-09-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built without Lua support Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Veiko