Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-29 Thread Olivier Houchard
a need a sample fetch to know there were early data, even after the handshake, maybe we can introduce a new sample fetch, ssl_fc_has_insecure_early, or something ? Regards, Olivier >From bda3b7800677184ea19fb81f75f9a9b44c79efeb Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@ha

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-27 Thread Olivier Houchard
Hi Emmanuel, On Mon, Nov 27, 2017 at 05:17:54PM +0100, Emmanuel Hocdet wrote: > > Hi, > > This patch fix CO_FL_EARLY_DATA removal to have correct ssl_fc_has_early > reporting. It work for 'mode http'. > > It does not fix ssl_fc_has_early for 'mode tcp'. In this mode CO_FL_EARLY_DATA > should

[PATCH] Rename the global variable "proxy" to "proxies_list" replace-header

2017-11-24 Thread Olivier Houchard
ainly come back to bite us at some point. Regards, Olivier >From da26886c44f7bd9dff656c43498664fb3518775d Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 24 Nov 2017 16:54:05 +0100 Subject: [PATCH] MINOR/CLEANUP: proxy: rename "proxy" to "pr

Re: [PATCH] MINOR: ssl: Handle early data with BoringSSL

2017-11-24 Thread Olivier Houchard
Hi Willy, On Thu, Nov 23, 2017 at 07:44:13PM +0100, Willy Tarreau wrote: > On Thu, Nov 23, 2017 at 04:16:39PM +0100, Emmanuel Hocdet wrote: > > > > simplify patch: > > no need to bypass post SSL_do_handshake process, only remove > > CO_FL_EARLY_SSL_HS > > when handshake can't support early

[PATCH] ssl/mux: Handle early data with multiple streams

2017-11-23 Thread Olivier Houchard
rom cdb181d78466a1ce2be2b8b621231ba2086f4979 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 23 Nov 2017 18:21:29 +0100 Subject: [PATCH 1/2] MINOR: ssl: Handle reading early data after writing better. It can happen that we want to read early data, write some, and then continu

Re: [PATCH] do the handshake if we can't send early data

2017-11-22 Thread Olivier Houchard
On Wed, Nov 22, 2017 at 05:42:42PM +0100, Olivier Houchard wrote: > Hi, > > We mistakely only try to go back to the SSL handshake when not able to send > early data if we're acting as a client, that is wrong, and leads to an > infinite loop if it happens on the server side. >

[PATCH] do the handshake if we can't send early data

2017-11-22 Thread Olivier Houchard
rom 2c011f4bfa515495c47c2495510ee01b199d4a26 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 22 Nov 2017 17:38:37 +0100 Subject: [PATCH] BUG/MINOR: ssl: Always start the handshake if we can't send early data. The current code only tries to do the handshake in case we can't send early data

[PATCHES] Fix TLS 1.3 session resumption, and 0RTT with threads.

2017-11-16 Thread Olivier Houchard
. Regards, Olivier >From e32a831c1cbff1fcfb66565273ec98052f3a7f79 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 16 Nov 2017 17:42:52 +0100 Subject: [PATCH 1/2] MINOR: SSL: Store the ASN1 representation of client sessions. Instead of storing the SS

Re: [PATCH] Fix SRV records again

2017-11-06 Thread Olivier Houchard
On Mon, Nov 06, 2017 at 03:19:25PM +0100, Olivier Houchard wrote: > Hi, > > The attached patch fixes a locking issue that prevented SRV records from > working. > > Regards, > > Olivier > And another one, that fix a deadlock that occurs when checks trigger DNs res

[PATCHES] TLS 1.3 session resumption and early data to servers

2017-11-03 Thread Olivier Houchard
rom 7db328b4e5028a80c9817049108f5625513a87e8 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Thu, 2 Nov 2017 19:04:38 +0100 Subject: [PATCH 1/4] BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. We only have a ssl_bind_conf if crt-list is used, however we can still match a ce

[PATCH] Fix SRV records again

2017-10-31 Thread Olivier Houchard
001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 31 Oct 2017 15:21:19 +0100 Subject: [PATCH] BUG/MINOR: dns: Fix SRV records with the new thread code. srv_set_fqdn() may be called with the DNS lock already held, but tries to lock it anyway. So, add a new parameter to le

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-31 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 03:54:27PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 à 15:02, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > > I also added a new field in g

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
Hi, On Fri, Oct 27, 2017 at 12:45:36PM +0200, Olivier Houchard wrote: > On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > > > Hi Olivier >

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > Hi Olivier > > > >> Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a >

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 11:22:15AM +0200, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a ??crit > > : > > > > Hi, > > > > You'll find attached updated patches, rebased on the la

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-26 Thread Olivier Houchard
)) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return SSL_TLSEXT_ERR_OK; } #endif

Re: [PATCH] support Openssl 1.1.1 early callback API for HS

2017-10-25 Thread Olivier Houchard
Hi Emmanuel, On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: > Hi, > > . patches serie rebase from master > . update openssl 1.1.1 api calls with new early callback name > (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html >

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

2017-10-24 Thread Olivier Houchard
On Tue, Oct 24, 2017 at 07:12:15PM +0200, Olivier Houchard wrote: > On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > > Hi, > > > > While testing Christopher's DNS "thread-safe" code, I found a bug in > > srv_update_status following a

[PATCH] MINOR: Fix checks when connect_conn_chk() fails srv_update_status()

2017-10-24 Thread Olivier Houchard
:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 24 Oct 2017 19:03:30 +0200 Subject: [PATCH 2/2] BUG/MINOR: checks: Don't forget to release the connection on error case. When switching the check code to a non-permanent connection, the new code forgot to free the c

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

2017-10-24 Thread Olivier Houchard
On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > Hi, > > While testing Christopher's DNS "thread-safe" code, I found a bug in > srv_update_status following a recent update (related to threads too). > > The patch is in attachment. Ah you beat me at it ! I ran in the exact same issue.

[PATCH] Reset a few more counters on "clear counters"

2017-10-18 Thread Olivier Houchard
rom: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 19:23:25 +0200 Subject: [PATCH] MINOR: stats: Clear a bit more counters with in cli_parse_clear_counters(). Clear MaxSslRate, SslFrontendMaxKeyRate and SslBackendMaxKeyRate when clear counters is used, it was probably forgotten w

[PATCH] checks: Add a keyword to specify the SNI in health checks

2017-10-17 Thread Olivier Houchard
Hi, The attached patch adds a new keyword to servers, "check-sni", that lets you specify which SNI to use when doing health checks over SSL. Regards, Olivier >From 24779f0985041f4e680855d453a4bc5d096756f9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com>

[PATCH] Properly handle weight increase with consistent weight

2017-10-17 Thread Olivier Houchard
as needed. Regards, Olivier >From a8d290e08d4820fe5058ba00fd4ef762e562cb69 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 15:52:59 +0200 Subject: [PATCH] MINOR: server: Handle weight increase in consistent hash. When the server weight is ri

Re: Reload takes about 3 minutes

2017-10-13 Thread Olivier Houchard
Hi Joel, On Fri, Oct 13, 2017 at 03:22:56PM +0200, Joel W Kall wrote: > Got some results from strace. Running the reload with sudo takes about 3 > minutes and shows that it spends most of the time on: > > 14:39:38.077925 poll([{fd=6, events=POLLIN}], 1, -1) = ? > ERESTART_RESTARTBLOCK

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
Hi Igor, On Tue, Oct 03, 2017 at 12:06:05AM +0800, Igor Pav wrote: > It's excited, does server line(client side) support 0-rtt? > Unfortunately, it does not yet. I'm investigating adding it. Regards, Olivier > On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard <ohouch...@haproxy.c

[PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
(ctx = ssl_sock_generate_certificate(servername, s, ssl))) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return S

[PATCH][MINOR] Inline functions in common/net_helper.h

2017-09-13 Thread Olivier Houchard
rom: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 13 Sep 2017 11:49:22 +0200 Subject: [PATCH] MINOR: net_helper: Inline functions meant to be inlined. --- include/common/net_helper.h | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/common/net_h

Re: FreeBSD CPU Affinity

2017-08-17 Thread Olivier Houchard
On Thu, Aug 17, 2017 at 04:27:55PM +0300, Dmitry Sivachenko wrote: > > > On 16 Aug 2017, at 18:32, Olivier Houchard <ohouch...@haproxy.com> wrote: > > > > > > > > I think I know what's going on. > > Can you try the attached patch ? > > &g

Re: FreeBSD CPU Affinity

2017-08-16 Thread Olivier Houchard
On Wed, Aug 16, 2017 at 11:43:30AM -0400, Mark Staudinger wrote: > On Wed, 16 Aug 2017 11:32:01 -0400, Olivier Houchard <ohouch...@haproxy.com> > wrote: > > > On Wed, Aug 16, 2017 at 11:28:52AM -0400, Mark Staudinger wrote: > > > On Wed, 16 Aug 2017 10:47:32 -0400, D

Re: FreeBSD CPU Affinity

2017-08-16 Thread Olivier Houchard
esting on FreeBSD-10-stable though. > > > > May be you add return code check for cpuset_setaffinity() and log > > possible error? > > Output of from truss on starup yields this: > > 3862: cpuset_setaffinity(0x3,0x2,0x,0x8,0x773dd0) ERR#34 > 'Resul

[PATCH][MINOR] rename the raw socket constructor

2017-08-14 Thread Olivier Houchard
Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 14 Aug 2017 15:59:44 +0200 Subject: [PATCH] MINOR: Use a better name for the constructor than __ssl_sock_deinit() --- src/raw_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/raw_soc

Re: [PATCHES] SRV record support

2017-08-09 Thread Olivier Houchard
Hi, After some review and tests by Baptiste, here comes an updated patchset, with a few bugfixes. This one is probably mergeable. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2

Re: [PATCHES] SRV record support

2017-08-07 Thread Olivier Houchard
Hi, On Fri, Aug 04, 2017 at 09:18:30PM +0200, Willy Tarreau wrote: > Just a few questions and minor comments below : > > On Fri, Aug 04, 2017 at 06:49:43PM +0200, Olivier Houchard wrote: > > This also adds support for SRV records. To use them, simply use a SRV label > >

[PATCHES] SRV record support

2017-08-04 Thread Olivier Houchard
nfig. Any testing would be greatly appreciated. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2017 18:46:47 +0200 Subject: [PATCH 1/4] MINOR: dns: Cache previous DNS answers. As DNS ser

Minor bugfix

2017-07-17 Thread Olivier Houchard
Hi guys, The attached patch fixes a potential use after free, if for some reason we failed to get the address of a transfered socket. It should be fairly safe to apply. Regards, Olivier >From 6fa0e381b38d3a9a3d29e59cbcca34fb1d375e3e Mon Sep 17 00:00:00 2001 From: Olivier Houchard <

Re: [RFC][PATCHES] seamless reload

2017-05-08 Thread Olivier Houchard
Hi Pavlos, On Sun, May 07, 2017 at 12:05:28AM +0200, Pavlos Parissis wrote: [...] > Ignore ignore what I wrote, I am an idiot I am an idiot as I forgot the most > important bit of the test, to enable the seamless reload by suppling the > HAPROXY_STATS_SOCKET environment variable:-( > > I added

Re: [RFC][PATCHES] seamless reload

2017-05-04 Thread Olivier Houchard
On Thu, May 04, 2017 at 10:03:07AM +, Pierre Cheynier wrote: > Hi Olivier, > > Many thanks for that ! As you know, we are very interested on this topic. > We'll test your patches soon for sure. > > Pierre Hi Pierre :) Thanks ! I'm very interested in knowing how well it works for you. Maybe

[PATCH] minor harmless bugfix in server_parse_sni_expr

2017-04-20 Thread Olivier Houchard
p 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 20 Apr 2017 18:21:17 +0200 Subject: [PATCH] MINOR: server: don't use "proxy" when px is really meant. In server_parse_sni_expr(), we use the "proxy" global variable, when we should probably be us

[PATCH] Fix haproxy hangs on FreeBSD >= 11

2017-04-19 Thread Olivier Houchard
rom 163be439a8bc6e5aa1cf3fea0f086d518ddad0a9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 19 Apr 2017 11:34:10 +0200 Subject: [PATCH] BUG/MAJOR: Use -fwrapv. Haproxy relies on signed integer wraparound on overflow, however this is really an undefined behavior, so the C compiler i

Re: [RFC][PATCHES] seamless reload

2017-04-19 Thread Olivier Houchard
On Wed, Apr 19, 2017 at 09:58:27AM +0200, Pavlos Parissis wrote: > On 13/04/2017 06:18 μμ, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 05:10 PM, Olivier Houchard wrote: > >>> On Thu, Apr 13, 20

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 05:10 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: > >> Sure, here it is ;P > >> > >> I now get a segfault (on reload): >

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
s (verbose=0) at src/proxy.c:793 > #8 0x004091ec in main (argc=21, argv=0x7ffccc775168) at > src/haproxy.c:1942 Ok, yet another stupid mistake, hopefully the attached patch fixes this :) Thanks ! Olivier >From 7c7fe0c00129d60617cba786cbec7bbdd9ce08f8 Mon Sep 17 00:00:00 2001 Fro

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote: > > > On 04/13/2017 02:28 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 11:31 AM, Olivier Houchard wrote: > >>> On Thu, Apr

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 11:31 AM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > >> Hi Olivier, > >> > >> On 04/12/2017 06:09 PM, Olivier Houchard wrote:

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > Hi Olivier, > > On 04/12/2017 06:09 PM, Olivier Houchard wrote: > > On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > >> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffma

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 11:19:37AM -0700, Steven Davidovitz wrote: > I had a problem testing it on Mac OS X, because cmsghdr is aligned to 4 > bytes. I changed the CMSG_ALIGN(sizeof(struct cmsghdr)) call to CMSG_LEN(0) > to fix it. > Oh right, I'll change that. Thanks a lot ! Olivier

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
vier >From 7dc2432f3a7c4a9e9531adafa4524a199e394f90 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 12 Apr 2017 19:32:15 +0200 Subject: [PATCH 10/10] MINOR: tcp: Attempt to reset TCP_MAXSEG when reusing a socket. Guess the default value for TCP_MAXSEG by

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > > Hi again, > > > > so I tried to get this to work, but didn't manage yet. I also don't quite > > understand how this is supposed

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
+ 1 + (stats_socket != NULL ? 2 : 0), sizeof(char *)); Regards, Olivier >From 526dca943b9cc89732c54bc43a6ce36e17b67890 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR: systemd wrappe

Re: [RFC][PATCHES] seamless reload

2017-04-11 Thread Olivier Houchard
On Tue, Apr 11, 2017 at 08:16:48PM +0200, Willy Tarreau wrote: > Hi guys, > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > > IMHO: a better name would be 'stats nounsedsockets', as it is referring to a > > generic functionality of UNIX stats socket, rather to a very specific

Re: [RFC][PATCHES] seamless reload

2017-04-11 Thread Olivier Houchard
On Tue, Apr 11, 2017 at 01:23:42PM +0200, Pavlos Parissis wrote: > On 10/04/2017 11:52 μμ, Olivier Houchard wrote: > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > >> On 10/04/2017 08:09 , Olivier Houchard wrote: > >>> > >>> Hi,

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > On 10/04/2017 08:09 ????, Olivier Houchard wrote: > > > > Hi, > > > > On top of those patches, here a 3 more patches. > > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 10:49:21PM +0200, Pavlos Parissis wrote: > On 07/04/2017 11:17 ????, Olivier Houchard wrote: > > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:57 , Olivier Houchard wrote: > >>> On Thu, Apr 06, 20

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
socket, and close any socket nout bound to our process, to save a few file descriptors. Regards, Olivier >From 8d6c38b6824346b096ba31757ab62bc986a433b3 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR

Re: [RFC][PATCHES] seamless reload

2017-04-07 Thread Olivier Houchard
On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:57 ????, Olivier Houchard wrote: > > On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:25 , Olivier Houchard wrote: > >>> Hi, > >>>

Re: [RFC][PATCHES] seamless reload

2017-04-06 Thread Olivier Houchard
On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:25 μμ, Olivier Houchard wrote: > > Hi, > > > > The attached patchset is the first cut at an attempt to work around the > > linux issues with SOREUSEPORT that makes haproxy refuse

[RFC][PATCHES] seamless reload

2017-04-06 Thread Olivier Houchard
behavior instead of opening any missing socket ? I'm still undecided about that. Any testing, comments, etc would be greatly appreciated. Regards, Olivier >From f2a13d1ce2f182170f70fe3d5312a538788f5877 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 5 Apr 2017

[PATCH] minor cleanup to the dynamic cookie code

2017-04-04 Thread Olivier Houchard
00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Tue, 4 Apr 2017 22:10:36 +0200 Subject: [PATCH] MINOR server: Restrict dynamic cookie check to the same proxy. Each time we generate a dynamic cookie, we try to make sure the same cookie hasn't been generated for another server,

Re: Dynamic cookies support

2017-03-15 Thread Olivier Houchard
On Wed, Mar 15, 2017 at 03:52:04PM +0200, Jarno Huuskonen wrote: > Hi Olivier, > > On Tue, Mar 14, Olivier Houchard wrote: > > Hi guys, > > > > You'll find attached patches to add support for dynamically-generated > > session > > cookies for each

Dynamic cookies support

2017-03-14 Thread Olivier Houchard
l the load-balancers. Any comment would be welcome. Thanks ! Olivier >From a29344438de3777ab692978b5195adfd100f219f Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 14 Mar 2017 20:01:29 +0100 Subject: [PATCH 1/2] MINOR: server: Add dynamic session co

<    1   2