Re: error in haproxy 1.9 using txn.req:send in lua

2019-02-21 Thread Thierry Fournier
Hi, You can use something like that: --> receive request from client --> frontend a --> use-service lua.xxx --> [forward data using core.tcp(127.0.0.1:) --> frontend (bind 127.0.0.1:) --> [send request to your server] --> [receive response] --> [read response in

Re: Seamless reloads: file descriptors utilization in LUA

2019-01-19 Thread Thierry Fournier
Hi, First, using: - fd for file system access - fd for tcp/udp connections throught Lua Socket are a bad ideas because these actions block HAProxy. While the fd/socket is waiting for data, HAProxy does nothing, and it not process any other connections. With other words: If you tcp

[THANKS] Re: Deadlock lua when calling register_task inside action function

2019-01-07 Thread Thierry Fournier
great ! Willy, could you apply the attached patch ? thanks Thierry 0001-BUG-MEDIUM-dead-lock-when-Lua-tasks-are-trigerred.patch Description: Binary data > On 6 Jan 2019, at 19:11, Thierry Fournier > wrote: > > Hi, > > Thanks for the bug report. > Your "u

[PATCH] Re: Question re lua and tcp content

2019-01-06 Thread Thierry Fournier
Hi, Thanks fir the bug report. It is fixed by attached patch. Willy, could you merge this patch ? Thanks, Thierry 0001-BUG-MINOR-bad-args-are-returned-for-Lua-actions.patch Description: Binary data > On 31 Dec 2018, at 18:53, FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS > TRUST)

Re: Deadlock lua when calling register_task inside action function

2019-01-06 Thread Thierry Fournier
Hi, Thanks for the bug report. Your "uneducated guess" was right. Could you test the patch in attachment ? Thanks Thierry 0001-BUG-MEDIUM-dead-lock-when-Lua-tasks-are-trigerred.patch Description: Binary data > On 2 Jan 2019, at 01:40, Flakebi wrote: > > Hi, > > I am currently trying to

Re: [PATCH] MEDIUM: lua: Add stick table support for Lua

2018-09-27 Thread Thierry Fournier
I Adis, Sorry for the delay, I processed a quick review, and all seems to be ok for me! BR, Thierry > On 27 Sep 2018, at 14:02, Adis Nezirovic wrote: > > On Mon, Sep 03, 2018 at 12:09:47PM +0200, Adis Nezirovic wrote: >> Hi Thierry, >> >> Have you had the time to review my patches? > >

Re: OpenSSL and per-context option problem

2018-09-17 Thread Thierry Fournier
— Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn...@ozon.io w: http://www.ozon.io/| b: http://blog.ozon.io/ > On 17 Sep 2018, at 12:45, Emmanuel Hocdet wrote: > > > Hi Thierry, > >> Le 15 sept. 2018

OpenSSL and per-context option problem

2018-09-15 Thread Thierry Fournier
Hi, I tried to use per-context options, in order to enable HTTP2 for a short list of SNI. I just add lines like this: /certif1.pem [alpn h2,http/1.1] my-h2-host.com /certif2.pem my-other-host.com This configuration works fine on debian 8 with OpenSSL 1.0.2g, and doesn’t work on Ubuntu

Re: [PATCH] BUG/MAJOR: thread: lua: Wrong SSL context initialization.

2018-08-30 Thread Thierry Fournier
Hi Pieter, Your patch makes sense ! Good catch. Willy, could you apply ? Thierry > On 29 Aug 2018, at 21:29, PiBa-NL wrote: > > Op 29-8-2018 om 14:29 schreef Olivier Houchard: >> On Wed, Aug 29, 2018 at 02:11:45PM +0200, Frederic Lecaille wrote: >>> This patch is in relation with one bug

Re: [PATCH] MEDIUM: reset lua transaction between http requests

2018-08-24 Thread Thierry Fournier
> On 24 Aug 2018, at 04:19, Willy Tarreau wrote: > > Hi Thierry, > > On Thu, Aug 23, 2018 at 09:37:43AM +0200, Thierry Fournier wrote: >> Hi, >> >> Your patch make sense, that's the right appoach, but I have a doubt about >> the place to use for do

Re: [PATCH] MEDIUM: lua: Add stick table support for Lua

2018-08-23 Thread Thierry Fournier
Hi [...] >> I miss also the relation between oprators and between the content >> of operators. I mean AND or OR. How I understand your example: >> >> +local filter = { >> + lt={{"gpc0", 1}, {"gpc1", 2}}, >> + gt={{"conn_rate", 3}}, >> + eq={{"conn_cur", 4}} >> +} >> >>

Re: BUG: Tw is negative with lua sleep

2018-08-23 Thread Thierry Fournier
> On 22 Aug 2018, at 06:00, Patrick Hemmer wrote: > > > > On 2018/7/18 09:03, Frederic Lecaille wrote: >> Hello Patrick, >> >> On 07/17/2018 03:59 PM, Patrick Hemmer wrote: >>> Ping? >>> >>> -Patrick >>> >>> On 2018/6/22 15:10, Patrick Hemmer wrote: When using core.msleep in

Re: [PATCH] MEDIUM: reset lua transaction between http requests

2018-08-23 Thread Thierry Fournier
Hi, Your patch make sense, that’s the right appoach, but I have a doubt about the place to use for doing the reinitialization. I add Willy in this thread in order to have http2 advisor. Before the 1.8 the Lua context was reinitialized with the stream because the stream was reinitialized

Re: BUG: LUA txn:get_priv() scoped to connection, not transaction

2018-08-22 Thread Thierry Fournier
Hi Patrick, Could you retry adding the keyword “local” before data. Unfortunately, by default, Lua variables are global. > core.register_action("test", { "http-req" }, function(txn) > local data = txn:get_priv() > if not data then > data = 0 > end >

Re: [PATCH] MEDIUM: lua: Add stick table support for Lua

2018-08-21 Thread Thierry Fournier
Hi Adis, Thanks for this patch, it is a very useful class. Some remark about the documentation and the formats: js:function:: StickTable.info() js:function:: StickTable.lookup(key) Maybe the specification and an example of the returnes

Re: [PATCH] MEDIUM: lua: Add stick table support for Lua

2018-08-21 Thread Thierry Fournier
> On 20 Aug 2018, at 15:15, Adis Nezirovic wrote: > > On Mon, Aug 20, 2018 at 02:11:13PM +0200, Adis Nezirovic wrote: >> Hi guys, >> >> I've attached a patch to add stick table support to Lua. Operations are >> mostly similar to "show table" functionality from admin socket, namely: >> >> -

Re: Performance of using lua calls for map manipulation on every request

2018-08-01 Thread Thierry Fournier
Hi, The Lua overhead is very low. On my laptop I reach easyly 18 000 HTTP requests by seconds with basic Lua processing. I guess that your code will not have significant impact on perfs. Note that the function: > txn.http:req_get_headers()["host"][0] Is consume more CPU than

Re: SSL: double free on reload

2018-07-17 Thread Thierry Fournier
gt; Could you guys please give it a try to confirm ? I'll then merge it. i, the patch works for me with backport to the 1.8 version. It is on productio stage. Thanks, Thierry > Thanks, > Willy -- Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn...@ozon.io w: http://www.ozon.io/| b: http://blog.ozon.io/

Re: Using LUA to redirect a connection based-upon initial content and to redirect upon target disconnection

2018-07-16 Thread thierry . fournier
Hi, On Sun, 15 Jul 2018 17:14:01 +0100 Alistair Lowe wrote: > Hi folks, > > I'm looking to use LUA in HAProxy to enable two use cases: > >1. Redirect a connection based upon inspecting initial traffic for a >server name. >2. Redirect a connection when the target server closes its

Re: SSL: double free on reload

2018-07-16 Thread Thierry Fournier
On Mon, 16 Jul 2018 08:00:48 +0200 Willy Tarreau wrote: > Hi Thierry, > > On Fri, Jul 06, 2018 at 04:28:22PM +0200, Thierry Fournier wrote: > > Hi list, > > > > I caught a double-free whien I reload haproxy-1.8: > > > > writev(2, [{"*** Erro

SSL: double free on reload

2018-07-06 Thread Thierry Fournier
nit () at src/haproxy.c:2240 #7 0x0041b83c in main (argc=, argv=0x7ffc22f6b4d8) at src/haproxy.c:3094 I use the last 1.8.12 version. Thierry -- Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn...@ozon.io w: http://www.ozon.io/| b: http://blog.ozon.io/

BUG / CLOSE-WAIT / INFINITE-LOOP with applets. How reproducing.

2018-06-30 Thread Thierry FOURNIER
Hi List, It have a bug with internal applets. Maybe this bug impacts other parts like these subject "Connections stuck in CLOSE_WAIT state with h2". when the applet requires more data and doesn't read the input buffer buffer, and when the client stops waiting and break the connection, a

[PATCH] Close-wait bug in Lua applets

2018-06-30 Thread Thierry FOURNIER
rom e0790d51546e7f032076852f2dd4ea7e5a301f10 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER Date: Sat, 30 Jun 2018 10:37:33 +0200 Subject: [PATCH] BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers The Lua parser doesn't takes in account end-of-headers containing only '\n'. It expects always '\r\n'. If a

Re: [Patch] Re: Segfault with haproxy 1.8.10

2018-06-26 Thread Thierry Fournier
> On 26 Jun 2018, at 13:56, Willy Tarreau wrote: > > Hi Thierry, > > On Tue, Jun 26, 2018 at 10:20:38AM +0200, thierry.fourn...@arpalert.org wrote: >> BR,Hi, >> >> I found the bug. The segfault is unavoidable, because is trigged if an >> entry doesn't exists in the stick-tables. At the

[Patch] Re: Segfault with haproxy 1.8.10

2018-06-26 Thread thierry . fournier
Tarreau wrote: > On Mon, Jun 25, 2018 at 10:45:51PM +0200, Thierry Fournier wrote: > > Just for information, If someone is working on this bug, I think > > that I found the origin of the crash. I check impact and the > > validity of the patch, and them I submit a patch > >

Re: Segfault with haproxy 1.8.10

2018-06-25 Thread Thierry Fournier
Just for information, If someone is working on this bug, I think that I found the origin of the crash. I check impact and the validity of the patch, and them I submit a patch Thierry > On 25 Jun 2018, at 11:07, Thierry Fournier > wrote: > > Hi, > > I freshly compile haproxy

Segfault with haproxy 1.8.10

2018-06-25 Thread Thierry Fournier
Hi, I freshly compile haproxy-1.9.10, and after the start, I display a lot of segfaults. #0 stktable_release (t=t@entry=0x274a5a8, ts=0x0) at src/stick_table.c:419 #1 0x0049a0d6 in sample_conv_in_table (arg_p=, smp=0x7fffc6ed0d70, private=) at src/stick_table.c:876 #2

Re: Variables

2018-06-24 Thread Thierry Fournier
Hi, There are no mean to display the memory used. It is a good idea to do somme accounting about variable usage. Default limit is “unlimited”. Thierry > On 23 Jun 2018, at 19:51, mlist wrote: > > Hi, > > how to debug/show variables memory consumption to correctly tune size with: > >

Re: [PATCH] Re: Random crash (segfault, double free, ...) with a mix of SSL + cipherlist hash

2018-06-18 Thread Thierry Fournier
> On 18 Jun 2018, at 15:38, Emmanuel Hocdet wrote: > > >> Le 18 juin 2018 à 15:30, Thierry Fournier a >> écrit : >> >> >> >>> On 18 Jun 2018, at 14:37, Emmanuel Hocdet wrote: >>> >>>> >>>> Le 18 juin

Re: [PATCH] Re: Random crash (segfault, double free, ...) with a mix of SSL + cipherlist hash

2018-06-18 Thread Thierry Fournier
> On 18 Jun 2018, at 14:37, Emmanuel Hocdet wrote: > >> >> Le 18 juin 2018 à 10:43, Thierry Fournier a >> écrit : >> >> >>> On 18 Jun 2018, at 10:33, Willy Tarreau wrote: >>> >>> On Sun, Jun 17, 2018 at 09:44:50PM +0200

Re: [PATCH] Re: Random crash (segfault, double free, ...) with a mix of SSL + cipherlist hash

2018-06-18 Thread Thierry Fournier
> On 18 Jun 2018, at 10:33, Willy Tarreau wrote: > > On Sun, Jun 17, 2018 at 09:44:50PM +0200, thierry.fourn...@arpalert.org wrote: >> Finally, I got it ! It works with luck because we have 1 bug in Haproxy >> and 1 error (I suppose) in a OpenSSL compatibility layer. > (...) >> I join two

Re: [PATCH] BUG/MINOR: lua: Segfaults with wrong usage of types.

2018-06-17 Thread Thierry Fournier
I read the ML too quicky, thiss is the right patch. Thanks. Thierry > On 15 Jun 2018, at 15:06, Frederic Lecaille wrote: > > On 06/15/2018 02:28 PM, Frederic Lecaille wrote: >> On 06/15/2018 02:15 PM, Frederic Lecaille wrote: >>> On 06/14/2018 11:05 PM, Patrick Hemmer wrote: Haproxy

Re: BUG: segfault with lua sample converters & wrong arg types

2018-06-17 Thread Thierry Fournier
Thanks. the patch make sense. Willy, could you apply ? > On 15 Jun 2018, at 14:15, Frederic Lecaille wrote: > > On 06/14/2018 11:05 PM, Patrick Hemmer wrote: >> Haproxy segfaults if you pass the wrong argument type to a converter. >> Example: >> haproxy.cfg: >> global >> lua-load

[PATCH] Re: Random crash (segfault, double free, ...) with a mix of SSL + cipherlist hash

2018-06-17 Thread thierry . fournier
x the app data compatibility, I dont known (at least 1.8). I join also the backports for 1.8 (there are trivial backport, with ery minor conflict) Thierry On Sun, 17 Jun 2018 03:01:54 +0200 Thierry FOURNIER wrote: > Hi, > > When I use SSL requests and the cipherlist hash enabled,

Random crash (segfault, double free, ...) with a mix of SSL + cipherlist hash

2018-06-16 Thread Thierry FOURNIER
Hi, When I use SSL requests and the cipherlist hash enabled, HAProxy randomly crash: - segfault - double free - munmap_chunk(): invalid pointer I think that is a memory crush. I read the "cipherlist hash" code, and I put some printf, I do not detect any memory override. When I comment the

Re: [Patch] Lua / Increase error verbosity

2018-06-11 Thread Thierry Fournier
thanks. > On 11 Jun 2018, at 11:12, William Lallemand wrote: > > On Fri, Jun 08, 2018 at 06:28:10PM +0200, Thierry Fournier wrote: >> >> >>> On 8 Jun 2018, at 18:21, Willy Tarreau wrote: >>> >>> On Fri, Jun 08, 2018 at 01:09:04PM +0200, Thi

Re: [Patch] Lua / Increase error verbosity

2018-06-08 Thread Thierry Fournier
> On 8 Jun 2018, at 18:21, Willy Tarreau wrote: > > On Fri, Jun 08, 2018 at 01:09:04PM +0200, Thierry Fournier wrote: >> Hi, >> >> runtime errors doesn't provides the error line, in particular the memory >> error (out of memory) >> >> Please f

[Patch] Lua / Increase error verbosity

2018-06-08 Thread Thierry Fournier
Hi, runtime errors doesn’t provides the error line, in particular the memory error (out of memory) Please find a Lua patch in attachment. It provides backtrace condensed in one line. Thierry 0001-MINOR-lua-Increase-debug-information.patch Description: Binary data

Re: [PATCH] Mod security

2018-05-31 Thread Thierry Fournier
Hi Willy, Could you apply ? Thierry On Thu, 31 May 2018 18:49:03 +0100 David CARLIER wrote: > Hi list, > > Here a small diff for fixing few typos. > > Cheers ! -- Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn

Re: [PATCH] Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-26 Thread Thierry FOURNIER
On Sat, 26 May 2018 19:47:54 +0200 PiBa-NL <piba.nl@gmail.com> wrote: > Hi Thierry, > > Op 25-5-2018 om 15:40 schreef Thierry FOURNIER: > > On Fri, 18 May 2018 22:17:00 +0200 > > PiBa-NL <piba.nl@gmail.com> wrote: > > > >> Hi Thierry,

Re: [PATCH] Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-26 Thread Thierry Fournier
> On 26 May 2018, at 19:47, PiBa-NL <piba.nl@gmail.com> wrote: > > Hi Thierry, > > Op 25-5-2018 om 15:40 schreef Thierry FOURNIER: >> On Fri, 18 May 2018 22:17:00 +0200 >> PiBa-NL <piba.nl@gmail.com> wrote: >> >>> Hi Thierry, &

[PATCH] lua socket / Read maount of data

2018-05-25 Thread Thierry Fournier
rom 933c5120a5f91c09ca426f210fb475e03f3598ca Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Fri, 25 May 2018 16:27:44 +0200 Subject: [PATCH] BUG/MEDIUM: lua/socket: Length required read doesn't work The limit of data read works only if all the data is in the inp

[PATCH] Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-25 Thread Thierry FOURNIER
On Fri, 18 May 2018 22:17:00 +0200 PiBa-NL <piba.nl@gmail.com> wrote: > Hi Thierry, > > Op 18-5-2018 om 20:00 schreef Thierry FOURNIER: > > Hi Pieter, > > > > Could you test the attached patch ? It seems to fix the problem, but I > > have some do

Re: [PATCH] lua & threads

2018-05-24 Thread Thierry Fournier
> On 22 May 2018, at 19:03, Willy Tarreau <w...@1wt.eu> wrote: > > Hi Thierry, > > On Mon, May 21, 2018 at 07:58:01PM +0200, Thierry Fournier wrote: >> Hi, >> >> You will two patches in attachment. >> >> - The first fix some Lua error

[PATCH] lua & threads

2018-05-21 Thread Thierry Fournier
Hi, You will two patches in attachment. - The first fix some Lua error messages - The second fix a build error. This second should be reviewed because, I’m not so proud of solution :-) Note that this build error happens for compilation without threads on macosx. BR, Thierry

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-18 Thread Thierry FOURNIER
o] 130/195936 (76770) : Wait for it.. > [info] 130/195937 (76770) : Wait response 2.. >   xref_get_peer_and_lock xref->peer == 1 > > Hope this helps to come up with a solution.. > > Thanks in advance, > PiBa-NL (Pieter) > > Op 9-5-2018 om 19:47 schreef PiBa-NL: > > Hi Thierry, >

Re: Show: h-app-proxy – Application server inside haproxy

2018-05-18 Thread Thierry FOURNIER
On Fri, 18 May 2018 16:30:46 +0200 Tim Düsterhus <t...@bastelstu.be> wrote: > Thierry, > > Am 18.05.2018 um 12:47 schrieb Thierry FOURNIER: > > Hi, > > > > This is a great usage of Lua. I add a link on my own blog: > > > >http://blog.arpaler

Re: Modifying TCP payload via LUA action & yield issues

2018-05-18 Thread thierry . fournier
Hi, I can reproduce the bug, forgot my previous workaround proposition and just add an inspect delay: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-tcp-request%20inspect-delay tcp-request inspect-delay 10s If some actions can't be executed because it have no data,

Re: Modifying TCP payload via LUA action & yield issues

2018-05-18 Thread thierry . fournier
Could you change your configuration to test a workaround ? After the line: tcp-request content lua.enrich_query if !has_client_version Add a fake action: tcp-request set-var(req.wa) int(0) Tell me if this work around fix the issue. Thierry On Tue, 15 May 2018 01:11:46 + Grant

Re: Modifying TCP payload via LUA action & yield issues

2018-05-18 Thread Thierry FOURNIER
Hi Grant, It seems to be a bug. The action should allow yield. Could you have a method for reproducing the bug ? Thierry On Tue, 15 May 2018 01:11:46 + Grant Byers wrote: > Hi all, > > Is it at all feasible to modify a TCP payload via a custom LUA action > in a stable

Re: Show: h-app-proxy – Application server inside haproxy

2018-05-18 Thread Thierry FOURNIER
Hi, This is a great usage of Lua. I add a link on my own blog: http://blog.arpalert.org/p/interesting-links.html Thierry On Sat, 12 May 2018 11:23:31 +0200 Aleksandar Lazic wrote: > Hi Tim. > > Am 11.05.2018 um 20:57 schrieb Tim Düsterhus: > > Hi list, > > > > I

Re: [PATCH] BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments.

2018-05-18 Thread thierry . fournier
Hi Sada, Thanks for the patch, Willy, can you apply ? BR, Thierry On Fri, 11 May 2018 11:48:18 -0700 sada wrote: > Function `hlua_socke_close` expected exactly one argument on the Lua stack. > But when `hlua_socket_close` was called from `hlua_socket_write_yield`, >

SPOE patchs

2018-05-18 Thread Thierry FOURNIER
Hi, In attachment two patches for SPOE. The first fix an error message, and the second fix a mistake in the protocol. BR, Thierry >From c0274215ed91e90e127bda790b785b698fb149e7 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Thu, 10 May 2018 16:41

[PATCH] Badd SPOE message

2018-05-10 Thread Thierry FOURNIER
rom b8051783f6133b31cb3d0474ad542ab859d27853 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Thu, 10 May 2018 16:41:26 +0200 Subject: [PATCH] BUG/MINOR: spoe: Mistake in error message about SPOE configuration The announced accepted chars are "[a-zA-Z_-.]", but the real accepted alpha

Re: Haproxy SSO

2018-05-09 Thread thierry . fournier
On Wed, 9 May 2018 22:02:49 +0100 Andrew Smalley wrote: > Hi Thierry > > I saw the packetengine here > https://www.haproxy.com/documentation/aloha/9-5/packetshield/sso/ Ok. There are "HAProxy Technologies" softwares. Do not hesitate to contact the company for more

Re: Haproxy SSO

2018-05-09 Thread thierry . fournier
On Wed, 9 May 2018 21:51:13 +0100 Andrew Smalley wrote: > Hi Thierry, > > I split the thread as I changed subject to SSO part way through, I > apologize for that. > > Your references to SPOA/SPOE Engines were liked very much. I see the > SPOA examples in the source

Re: WAF with HA Proxy.

2018-05-09 Thread thierry . fournier
On Thu, 10 May 2018 02:07:24 +0530 DHAVAL JAISWAL wrote: > I would prefer to keep this in front of HAProxy. So that any request comes > first it will pass through he WAF standard rules and then it will come > inside. HAProxy is a very robust component. It block protocol

Re: WAF with HA Proxy.

2018-05-09 Thread thierry . fournier
ted for using haproxy sockets (its the same API than luasocket). BR, Thierry > > > Andruw Smalley > > Loadbalancer.org Ltd. > > www.loadbalancer.org > +1 888 867 9504 / +44 (0)330 380 1064 > asmal...@loadbalancer.org > > Leave a Review | Deployment Guides |

Re: WAF with HA Proxy.

2018-05-09 Thread Thierry Fournier
Hi, I confirm: the modsecurity i done throught SPOE. The limitation are: The limit of the body size analysed is the size of HAProxy buffer (default 16kB, but for my own usage, I configure 1MB) The response is not analysed. BR, Thierry > On 9 May 2018, at 21:40, Andrew Smalley

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-09 Thread Thierry Fournier
> On 9 May 2018, at 18:30, Thierry Fournier <thierry.fourn...@arpalert.org> > wrote: > > > >> On 8 May 2018, at 00:33, PiBa-NL <piba.nl@gmail.com> wrote: >> >> Hi List, Thierry, >> >> Actually this is not limited to restart

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

2018-05-09 Thread Thierry Fournier
> On 8 May 2018, at 00:33, PiBa-NL wrote: > > Hi List, Thierry, > > Actually this is not limited to restarts, and also happens with 1.9dev. It > now happens while haproxy was running for a while and no restart was > attempted while running/debugging in my NetBeans

Re: [Lua] Using txn.c:

2018-05-09 Thread thierry . fournier
On Tue, 8 May 2018 21:26:49 +0200 Baptiste wrote: > On Tue, May 8, 2018 at 8:17 PM, Baptiste wrote: > > > Hi All, Thierry, > > > > I'm trying to use the converter 'table_http_req_cnt()' from a Lua script, > > but I'm not successful and so I wonder how I'm

Re: [PATCH] BUG/MINOR: lua: schedule socket task when lua connect() is called

2018-05-06 Thread Thierry Fournier
> On 6 May 2018, at 06:32, Willy Tarreau wrote: > > Hi Pieter, > > On Sun, May 06, 2018 at 12:00:14AM +0200, PiBa-NL wrote: >> The parameters like server-address, port and timeout should be set before >> process_stream task is called to avoid the stream being 'closed' before it

Re: [PATCH] MINOR: Add server name & puid to LUA Server class.

2018-05-06 Thread Thierry Fournier
> On 3 May 2018, at 18:49, Willy Tarreau <w...@1wt.eu> wrote: > > On Thu, May 03, 2018 at 03:35:41PM +0200, Thierry Fournier wrote: >> Ok, I understand ... I hesitate. I think that is better to keep >> the original type, but the consistency is a good reason to con

Re: [PATCH] BUG/MINOR: lua: Socket.send causing 'close' needs 1 arguments.

2018-05-03 Thread Thierry Fournier
t; > void check_args(lua_State *L, int nb, char *fcn) > { > if (lua_gettop(L) == nb) > return; > WILL_LJMP(luaL_error(L, "'%s' needs %d arguments", fcn, nb)); > } > ---- > > Please let me know if you need more information. &g

Re: [PATCH] MINOR: Add server name & puid to LUA Server class.

2018-05-03 Thread Thierry Fournier
> On 3 May 2018, at 14:27, Patrick Hemmer <phem...@stormcloud9.net> wrote: > > > > On 2018/5/3 02:52, Thierry Fournier wrote: >>> On 2 May 2018, at 16:49, Willy Tarreau <w...@1wt.eu> >>> wrote: >>> >>> Hi Thierry, >

Re: LUA Converters should be global

2018-05-03 Thread Thierry Fournier
Hi Patrick, You’re right. This question was already ask. I can’t move the converters in the global context because some converters linked with a session. for example: - capture-req - capture-res - set-var - unset-var Maybe we can add a flag to each converter to known if they use a session

Re: [PATCH] BUG/MINOR: lua: Socket.send causing 'close' needs 1 arguments.

2018-05-03 Thread Thierry Fournier
lose_helper`, which > doesn't check arguments count. > Please let me know if you need more information. > > Thanks, > Sada. > > > On Wed, Apr 25, 2018 at 10:51 AM, Thierry Fournier <tfourn...@arpalert.org> > wrote: > Hi, > > do you have a little bit o

Re: 1.9dev LUA shows partial results from print_r(core.get_info()) after adding headers ?

2018-05-03 Thread Thierry Fournier
Hi, I can’t reproduce the bug. I even installed a FreeBSD :-) I add Willy in copy, maybe he will reproduce it. Thierry > On 28 Apr 2018, at 01:36, PiBa-NL wrote: > > Hi Thierry, > > Op 27-4-2018 om 1:54 schreef PiBa-NL: >> Hi Thierry, >> >> Op 26-4-2018 om 12:25

Re: [PATCH] MINOR: Add server name & puid to LUA Server class.

2018-05-03 Thread Thierry Fournier
> On 2 May 2018, at 16:49, Willy Tarreau wrote: > > Hi Thierry, > > when you have a moment, could you please give a quick look at these > patches from Patrick so that I know if I can merge them or not ? There > are 2 other ones on the list. Hi Willy and Patrick, I check it. I

Re: [PATCH] BUG/MINOR: lua: Socket.send causing 'close' needs 1 arguments.

2018-05-03 Thread Thierry Fournier
rs a bug caused by anything else. Do you have a method for reproducing a bug ? BR, Thierry > On 3 May 2018, at 08:56, Thierry Fournier <tfourn...@arpalert.org> wrote: > > Hi, > > I’m not sure about your patch because the values in the stack are kept. > I need to be focus to r

Re: [PATCH 1/1] DOC/MINOR: clean up LUA documentation re: servers & array/table.

2018-05-03 Thread Thierry Fournier
Hi Patrick, Thanks for cleaning the Lua doc. Willy, could you apply these patches ? Theses patch could be backported from 1.8 to 1.6, but it is not so important. Thierry > On 2 May 2018, at 03:30, Patrick Hemmer wrote: > > > * A few typos > * Fix definitions of

Re: 1.9dev LUA shows partial results from print_r(core.get_info()) after adding headers ?

2018-04-26 Thread thierry . fournier
On Wed, 25 Apr 2018 22:13:46 +0200 PiBa-NL <piba.nl@gmail.com> wrote: > Hi Thierry, > > Op 25-4-2018 om 11:19 schreef Thierry Fournier: > > I extracted the part which dumps the ‘core.get_info()’, and I can’t > > reproduce > > the segfault. I attach the

Re: 1.9dev LUA core.tcp() cannot be used from different threads

2018-04-26 Thread Thierry Fournier
> On 26 Apr 2018, at 11:49, Christopher Faulet wrote: > > Le 25/04/2018 à 20:51, PiBa-NL a écrit : >> Hi Christopher, Thierry, >> Op 25-4-2018 om 11:30 schreef Christopher Faulet: >>> Oh, these tasks can be created before the threads creation... Ok, so >>> maybe the right

Re: [PATCH] BUG/MINOR: lua: Socket.send causing 'close' needs 1 arguments.

2018-04-25 Thread Thierry Fournier
Hi,do you have a little bit of context. It is not easy to read a patch withoutthe associated explanation.Thanks,ThierryOn 14 Apr 2018, at 01:56, sada wrote:---src/hlua.c | 14 ++1 file changed, 10 insertions(+), 4 deletions(-)diff --git a/src/hlua.c

Re: [PATCH] BUG/MINOR: lua: Socket.send causing 'close' needs 1 arguments.

2018-04-25 Thread Thierry Fournier
Hi. I miss this email, I will chek it ASAP. Thierry > On 19 Apr 2018, at 19:53, Sadasiva Gujarlapudi > wrote: > > Hi, > Did you get a chance to review the patch. > > Thanks, > Sada. > > On Fri, Apr 13, 2018 at 4:56 PM, sada wrote: > --- >

Re: 1.9dev LUA shows partial results from print_r(core.get_info()) after adding headers ?

2018-04-25 Thread Thierry Fournier
Hi, > On 24 Apr 2018, at 21:46, PiBa-NL wrote: > > Hi Tim, > > Op 24-4-2018 om 14:36 schreef Tim Düsterhus: >> Hi >> >> Am 23.04.2018 um 22:36 schrieb PiBa-NL: >>> Is there a bug in my script, or is it more likely that 'something' needs >>> fixing in the lua api /

Re: [PATCH] BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits

2018-04-25 Thread Thierry Fournier
Hi Tim, Thanks for the patch. You got it ! (and I discover the --scissors :-) ) Willy, You can apply the patch in attachment. This patch should be backported on 1.8. (1.6 and 1.7 are not impacted by the bug). The backport is simple. BR, Thierry

Re: 1.9dev LUA core.tcp() cannot be used from different threads

2018-04-25 Thread Thierry Fournier
Hi Pieter, Note: The word “task" have sense in HAProxy architecture, and in Lua terminology. Its not easy to write an explanation. So, the task used by Lua will be called "Lua task" This error is unexpected. It is produced when Lua socket is started on a thread an continue its execution on

Re: Grrrr.... warnings

2018-04-02 Thread Thierry Fournier
You can rewrite haproxy with Lua. It was announced one year and one day ago. It’s time ... :-) Thierry - > On 1 Apr 2018, at 23:24, Willy Tarreau wrote: > > Can someone tell me how I'm supposed to work around this one ? > > gcc -Iinclude -Iebtree -Wall -O2 -march=native -g

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-27 Thread Thierry Fournier
_settimeout() is called. Round up user specified value > and validate against maximum integer to prevent overflow. > > Mark Lakes > Signal Sciences | www.signalsciences.com | > > > On Thu, Mar 8, 2018 at 1:24 AM, Thierry Fournier <tfourn...@arpalert.org> > wrote:

Segfault / 1.8.5 / 9a083d1428b

2018-03-26 Thread Thierry Fournier
Hi, I just install the 1.8.5 and I encountered some of coredump. Below one of these (Unfortunately, I remove the others before checking their content) #0 0x004a715c in h2_process_mux (h2c=) at src/mux_h2.c:2125 2125 h2s->cs->data_cb->send(h2s->cs); (gdb) bt #0 0x004a715c in

[PATCH] server-template and allowed chars in the name

2018-03-26 Thread Thierry Fournier
Hi list, The name of the "server" directive allows [A-Za-Z0-9_.:-] (see function invalid_char()). The name allowed for the "server-template" directive only allows [A-Za-Z_.-], the chars [0-9:] disappear. This limitation forces the modifications of all the server names which contains numbers and

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-09 Thread Thierry Fournier
> On 8 Mar 2018, at 22:41, Tim Düsterhus <t...@bastelstu.be> wrote: > > Thierry, > > Am 08.03.2018 um 21:15 schrieb Thierry Fournier: >> Hey, the example of use of socket.http in attachment of your original >> commit is great ! > > If you are curious

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-08 Thread Thierry Fournier
> On 8 Mar 2018, at 15:14, Tim Düsterhus <t...@bastelstu.be> wrote: > > Hi > > Am 08.03.2018 um 15:10 schrieb Thierry Fournier: >> Ok, Lua expect the number of elements ins the stack. The right way for >> returning 1 is: >> >> lua_pushinteger(

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-08 Thread Thierry Fournier
> On 8 Mar 2018, at 15:03, Tim Düsterhus <t...@bastelstu.be> wrote: > > Thierry, > > Am 08.03.2018 um 10:24 schrieb Thierry Fournier: >> I forgot 3 things while my first read: >> >> - The Lua error are not trigerred with a return 1 (the return 1

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-08 Thread Thierry Fournier
t to milliseconds much like cli_parse_set_timeout but > also sanity check the value. > > -mark > > > On Wed, Mar 7, 2018 at 9:55 AM, Thierry Fournier <tfourn...@arpalert.org> > wrote: > Hi Mark, > > Thanks for the patch. I don’t like usage of floating poi

Re: lua socket api settimeout in seconds vs. milliseconds

2018-03-07 Thread Thierry Fournier
Hi Mark, Thanks for the patch. I don’t like usage of floating point, but the luasocket documentation says that the settimeout() function accept only second. In this case, the usage of floating point seems be to be a good way. Can you split in a second commit the fix of comments from the

Re: Dynamically adding/deleting SSL certificates

2018-03-07 Thread Thierry Fournier
Hi aurelien, I already look for adding dynamic certificates, and it is a real pain for me. Note that I look for this one year ago, maybe something changed. I look this development regarding only the basic usage: dynamically update of RSA certificates, and I encountered some difficulties: -

[PATCH] new contrib proposal / exec Python & Lua scripts

2018-02-25 Thread Thierry Fournier
# [debug converter] type: sint <1234> # [debug converter] type: ipv4 <127.0.0.1> # [debug converter] type: ipv6 <1::f> # [debug converter] type: str <1::f> # [debug converter] type: bin <1:.:.f> return >From 0794044c73b73

[Patch] minor bugfix

2018-02-25 Thread Thierry Fournier
, Thierry >From b6a4d76cf77fc7463fe81c6f0b75c9d4dcc650dd Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Sun, 25 Feb 2018 21:33:38 +0100 Subject: [PATCH 1/3] BUG/MINOR: spoa-example: unexpected behavior for more than 127 args Buf is unsigned, so nbargs will be

[Patch] Error in Lua documentation

2018-02-12 Thread Thierry FOURNIER
Hi, This is a small patch about the Lua documentation. it should be backported in 1.8 Note that the function prototype is compatible with old versions. Thierry >From 4feaa411b6cca0b3a57ebe16c13ce056d93eb74a Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io>

Re: [PATCH 1/2] BUG/MINOR: lua: Fix default value for pattern in Socket.receive

2018-01-08 Thread Thierry Fournier
Hi Tim, Thanks for the patch. Good catch ! Willy, you can apply it. Thierry > On 4 Jan 2018, at 19:32, Tim Duesterhus wrote: > > The default value of the pattern in `Socket.receive` is `*l` according > to the documentation and in the `socket.tcp.receive` method of Lua. > >

Re: [PATCH] BUILD/SMALL Fixed build on macOS with lua

2018-01-04 Thread Thierry Fournier
> On 4 Jan 2018, at 15:16, Kirill A. Korinsky wrote: > > Honestly, I didn't. > > If I right understand how export-dynamic works and how haproxy use integrated > LUA, it shouldn't have any impact. > > Honestly I see only one case when export-dynamic requests: when some >

Re: [PATCH] MINOR: lua: fix crash when using bogus mode in register_service()

2017-12-22 Thread Thierry Fournier
> On 22 Dec 2017, at 12:50, Thierry Fournier <thierry.fourn...@arpalert.org> > wrote: > > Hi, thanks for the patch. > > Willy, can you apply it ? PS: This patch must be backported on 1.6, 1.7 and 1.8. Thierry. > > Thierry > >> On 21 Dec 2017, at

Re: Haproxy SSl Termination performance issue

2017-12-22 Thread Thierry Fournier
document for this soulution? > > Thanks a lot > > Mike > > > > 原始邮件 > 主题:Re: Haproxy SSl Termination performance issue > 发件人:Thierry Fournier > 收件人:Mike G > 抄送:Haproxy > > > Ok, you’re using HAProxy as SSL offloading. HAProxy is

Re: [PATCH] MINOR: lua: fix crash when using bogus mode in register_service()

2017-12-22 Thread Thierry Fournier
Hi, thanks for the patch. Willy, can you apply it ? Thierry > On 21 Dec 2017, at 14:40, Eric Salama wrote: > > HAProxy crashes when one use a bogus mode with core.register_service(). > The 2nd argument must be "http" or "tcp", but any other value crashes HAProxy > when it

Re: Haproxy SSl Termination performance issue

2017-12-19 Thread Thierry Fournier
d encrypt it, and > return HTTPS to client. > > > thanks > > Mike > > > > > > At 2017-12-19 19:25:09, "Thierry Fournier" <thierry.fourn...@arpalert.org> > wrote: > >Hi, > > > >What kind of job ? > > >

Re: Haproxy SSl Termination performance issue

2017-12-19 Thread Thierry Fournier
; > 原始邮件 > 主题:Re: Haproxy SSl Termination performance issue > 发件人:Thierry Fournier > 收件人:Mike G > 抄送:Haproxy > > > Hi, > > I gues that 130 is 130 SSL requests per seconds ? > > SSL is a very heavy processing. The 4096 bits certific

Re: Haproxy SSl Termination performance issue

2017-12-19 Thread Thierry Fournier
Hi, I gues that 130 is 130 SSL requests per seconds ? SSL is a very heavy processing. The 4096 bits certificates consume more CPU that 2048 (thanks captain obvious). Your capacity processing is capped by your CPU. You must check the CPU of your server during your test. If the CPU consummation is

  1   2   3   4   >