On 7/4/19 1:36 PM, Olivier Houchard wrote:
Hi William,
On Wed, Jul 03, 2019 at 04:52:14PM +, William Dauchy wrote:
Hello,
On haproxy v2.0.x, while using tfo option in default-server:
default-server inter 5s fastinter 1s fall 3 slowstart 20s observe layer7
error-limit 5 on-error fail-check pool-purge-delay 10s tfo
we are getting:
'default-server inter' : 'tfo' option is not accepted in default-server
sections.
from https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-tfo
Is tfo excluded from default-server options?
There's indeed no reason to disallow tfo on default-server, it was an
oversight, it is fixed in master with commit
8d82db70a5f32427fb592a947d2a612bcb01d95e, and should be backported in 2.0
before the next release.
Regards,
Olivier
This makes me think we should perhaps add "no-tfo" option as this is
already done for several other "server" options.
The attached patch should do the trick.
Fred.
>From 4cdb7e6359fa42c68c38161d424d9402028b8497 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?=
Date: Thu, 4 Jul 2019 14:19:06 +0200
Subject: [PATCH] MINOR: server: Add "no-tfo" option.
Simple patch to add "no-tfo" option to "default-server" and "server" lines
to disable any usage of TCP fast open.
Must be backported to 2.0.
---
doc/configuration.txt | 9 -
src/server.c | 9 +
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index de092dc28..2dbbb46c8 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12127,6 +12127,13 @@ no-verifyhost
It may also be used as "default-server" setting to reset any previous
"default-server" "verifyhost" setting.
+no-tfo
+ This option may be used as "server" setting to reset any "tfo"
+ setting which would have been inherited from "default-server" directive as
+ default value.
+ It may also be used as "default-server" setting to reset any previous
+ "default-server" "tfo" setting.
+
non-stick
Never add connections allocated to this sever to a stick-table.
This may be used in conjunction with backup to ensure that
@@ -12482,7 +12489,7 @@ tfo
See the "tfo" bind option for more information about TCP fast open.
Please note that when using tfo, you should also use the "conn-failure",
"empty-response" and "response-timeout" keywords for "retry-on", or haproxy
- won't be able to retry the connection on failure.
+ won't be able to retry the connection on failure. See also "no-tfo".
track [/]
This option enables ability to set the current state of the server by tracking
diff --git a/src/server.c b/src/server.c
index 15c8ffe6a..02fa2a46c 100644
--- a/src/server.c
+++ b/src/server.c
@@ -583,6 +583,14 @@ static int srv_parse_no_send_proxy_v2(char **args, int *cur_arg,
return srv_disable_pp_flags(newsrv, SRV_PP_V2);
}
+/* Parse the "no-tfo" server keyword */
+static int srv_parse_no_tfo(char **args, int *cur_arg,
+struct proxy *curproxy, struct server *newsrv, char **err)
+{
+ newsrv->flags &= ~SRV_F_FASTOPEN;
+ return 0;
+}
+
/* Parse the "non-stick" server keyword */
static int srv_parse_non_stick(char **args, int *cur_arg,
struct proxy *curproxy, struct server *newsrv, char **err)
@@ -1354,6 +1362,7 @@ static struct srv_kw_list srv_kws = { "ALL", { }, {
{ "no-check-send-proxy", srv_parse_no_check_send_proxy, 0, 1 }, /* disable PROXY protol for health checks */
{ "no-send-proxy", srv_parse_no_send_proxy, 0, 1 }, /* Disable use of PROXY V1 protocol */
{ "no-send-proxy-v2",srv_parse_no_send_proxy_v2,0, 1 }, /* Disable use of PROXY V2 protocol */
+ { "no-tfo", srv_parse_no_tfo, 0, 1 }, /* Disable use of TCP Fast Open */
{ "non-stick", srv_parse_non_stick, 0, 1 }, /* Disable stick-table persistence */
{ "observe", srv_parse_observe, 1, 1 }, /* Enables health adjusting based on observing communication with the server */
{ "pool-max-conn", srv_parse_pool_max_conn, 1, 1 }, /* Set the max number of orphan idle connections, 0 means unlimited */
--
2.11.0
