Re: [PATCH] wurfl device detection build fixes and dummy library

2019-04-19 Thread Willy Tarreau
Sorry, with the patches this time. Willy >From 806aebcba5b7c5e3b780c63ff37a54b38a510e19 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 19 Apr 2019 16:12:08 +0200 Subject: [PATCH 07/13] WIP: wurfl: pass -fPIC when compiling --- contrib/wurfl/makefile | 3 +++ 1 file changed

Re: [PATCH] wurfl device detection build fixes and dummy library

2019-04-19 Thread Willy Tarreau
Hi Paul, On Thu, Apr 18, 2019 at 02:46:17PM +0200, Paul Stephen Borile wrote: > please find attached to this email the 6 patches that cover various areas > of restyling of > the WURFL device detection feature for HAProxy. All patches can be back > ported to 1.9 if necessary. > Last patch is a

Re: [PATCH] Enable set-dst and set-dst-port at tcp-request content layer

2019-04-19 Thread Willy Tarreau
Hi Baptiste, On Fri, Apr 19, 2019 at 10:26:09AM +0200, Baptiste wrote: > For some reasons, 'tcp-request content' can't execute set-dst and > set-dst-port. > This patch fixes this issue. > Note that this patch will be useful for the do-resolve action. I was initially wondering when that could be

Re: [PATCH 1/1] REGTEST: Missing REQUIRE_VERSION declarations.

2019-04-19 Thread Willy Tarreau
On Fri, Apr 19, 2019 at 11:20:52AM +0200, flecai...@haproxy.com wrote: > From: Frédéric Lécaille > > checks/s1.vtc needs support for "srvrecord" which came with 1.8 version. > peers/s_basic_sync.vtc and s_tls_basic_sync.vtc need support for "server" > keyword usage in "peers" section which

Re: nmap showing internal IP disclosure of ELB and not the HAPROXY of port 80

2019-04-19 Thread Willy Tarreau
On Sat, Mar 09, 2019 at 11:20:41AM +0200, Ciprian Dorin Craciun wrote: > On Sat, Mar 9, 2019 at 10:45 AM DHAVAL JAISWAL wrote: > > frontend loadbalancer_mycom > > bind 10.100.22.30:80 > > mode http > > > > redirect scheme https if !{ ssl_fc } > > > If this line is the one that makes the

Re: v1.9.6 socket unresponsive with high cpu usage

2019-04-19 Thread Willy Tarreau
Hi William, On Fri, Apr 19, 2019 at 11:05:51AM +, William Dauchy wrote: > Hi Willy, > > On Sat, Apr 13, 2019 at 08:01:53AM +0200, Willy Tarreau wrote: > > Did you issue one of the commands that tries to be alone, thus "show sess" > > or "show fd" ? It

Re: v1.9.6+HEAD: segfault in h1_skip_chunk_crlf

2019-04-18 Thread Willy Tarreau
Hi Christopher, On Thu, Apr 18, 2019 at 09:36:30PM +0200, Christopher Faulet wrote: > > It seems related to the last commits from Christopher Faulet, maybe > > around this commit: > > http://git.haproxy.org/?p=haproxy-1.9.git;a=commit;h=0c2973662163ab2753a54e729ecdb09dd694c2dd > > BUG/MINOR:

Re: [PR] IPv6: properly format an address coming from IPv6 socket as hex in lf_ip

2019-04-18 Thread Willy Tarreau
Hi Lukas, On Thu, Apr 18, 2019 at 08:45:18PM +0200, Lukas Tribus wrote: > Hi Willy, > > > On Fri, 8 Mar 2019 at 14:23, PR Bot wrote: > > > > Dear list! > > > > Author: Radek Zajic > > Number of patches: 1 > > > > This is an automated relay of the Github pull request: > >IPv6: properly

Re: [PATCH] wurfl device detection build fixes and dummy library

2019-04-18 Thread Willy Tarreau
Hi Paul, On Thu, Apr 18, 2019 at 02:46:17PM +0200, Paul Stephen Borile wrote: > Hi All, Willy, > > please find attached to this email the 6 patches that cover various areas > of restyling of > the WURFL device detection feature for HAProxy. All patches can be back > ported to 1.9 if necessary. >

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-18 Thread Willy Tarreau
Hi Ilya, On Wed, Apr 17, 2019 at 01:06:11PM +0500, ??? wrote: > btw, we can run lua tests > > https://travis-ci.com/chipitsine/haproxy-1/builds/108641032 > > so... how do we want to run lua ? always enabled ? or two builds (with and > without lua) ? I'd say that we generally detect

Re: Randomly high CPU usage

2019-04-18 Thread Willy Tarreau
Hello Marco, On Thu, Apr 18, 2019 at 05:27:26PM +0200, Marco Corte wrote: > Hello! > > From time to time, about twice daily, and without any apparent reason, > haproxy jumps from using about 15% CPU usage to 100% (relative to the single > core it can use). > The situation becomes normal again

Re: exclude some reg-tests if no ssl or pcre is enabled

2019-04-17 Thread Willy Tarreau
On Wed, Apr 17, 2019 at 12:23:25PM +0500, ??? wrote: > hello, > > when playing with travis-ci, I've found that ssl, pcre tests > are executed even if haproxy is built without such features. Applied, thank you Ilya. Willy

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-17 Thread Willy Tarreau
On Wed, Apr 17, 2019 at 10:56:17AM +0200, Willy Tarreau wrote: > > > - make CC=$CC V=1 TARGET=$TARGET USE_THREAD=$USE_THREAD > > > USE_OPENSSL=$USE_OPENSSL USE_PCRE=$USE_PCRE USE_ZLIB=$USE_ZLIB > > > USE_GETADDRINFO=$USE_GETADDRINFO > > > > >

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-17 Thread Willy Tarreau
On Wed, Apr 17, 2019 at 09:18:34AM +0200, Frederic Lecaille wrote: > On 4/16/19 8:17 PM, ??? wrote: > > + - make CC=$CC V=1 TARGET=$TARGET > > + - export PATH=${PATH}:${PWD}/VTest > > + - export VTEST_PROGRAM="VTest/vtest -v" # "VTest/vtest -v" > > Just to let you note that if you

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-17 Thread Willy Tarreau
On Wed, Apr 17, 2019 at 11:28:56AM +0500, ??? wrote: > ??, 17 ???. 2019 ?. ? 07:29, Willy Tarreau : > > > Hi Ilya, > > > > On Tue, Apr 16, 2019 at 11:17:49PM +0500, ??? wrote: > > > +env: > > > + global: > > > +- USE_THREAD

Re: v1.9.x segfault on LIST_DEL(>wait_queue)

2019-04-17 Thread Willy Tarreau
Hi William, On Wed, Apr 17, 2019 at 07:29:49AM +, William Dauchy wrote: > Hello Willy, > > On Thu, Apr 11, 2019 at 11:34:52AM +0200, Willy Tarreau wrote: > > With this said, we've got no negative feedback on the patch above after > > one month and a half, which likely

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-17 Thread Willy Tarreau
On Wed, Apr 17, 2019 at 11:23:23AM +0500, ??? wrote: > > Agreed! Also a bit more information in the commit message and some doc > > about how this is supposed to be used would be quite welcome! > > > > some doc definitely should be added, I'll handle it later. At least sometihng very

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-16 Thread Willy Tarreau
Hi Ilya, On Tue, Apr 16, 2019 at 11:17:49PM +0500, ??? wrote: > +env: > + global: > +- USE_THREAD=1 > +- USE_OPENSSL=1 > +- USE_PCRE=1 > +- USE_ZLIB=1 > +- USE_GETADDRINFO=1 It's unclear to me how these ones are supposed to be used by the Makefile considering that

Re: [PATCH] FEATURE/MEDIUM: enable travis-ci builds

2019-04-16 Thread Willy Tarreau
On Tue, Apr 16, 2019 at 08:31:04PM +0200, Lukas Tribus wrote: > Hello Ilya , > > On Tue, 16 Apr 2019 at 20:18, ??? wrote: > > > > Hello, > > > > let us enable travis-ci on https://github.com/haproxy/haproxy > > (more builds will be added later) > > Who is going to maintain this - now

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-16 Thread Willy Tarreau
Hi Maksim, On Tue, Apr 16, 2019 at 07:28:28AM +0200, Willy Tarreau wrote: > > So I agree upon another thread activity. The unique thing about > > these servers - all of them use haproxy-agent to set up weights of their > > backends. Other instances with no haproxy-agent in t

Re: how does ./reg-tests/seamless-reload/b00000.vtc should work ?

2019-04-16 Thread Willy Tarreau
On Tue, Apr 16, 2019 at 05:42:41PM +0200, William Lallemand wrote: > Hi Ilya, > > This is a regression due to recent changes in the master-worker. > I also found a minor bug when debugging it. > > The following patches shoud fix the problem. Great, all tests now pass again, thanks for

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-15 Thread Willy Tarreau
Hi Maksim, On Tue, Apr 16, 2019 at 08:15:42AM +0300, ?? ? wrote: > Hi Willy! > > Actually I don't think this is a CPU fault. The reason is that I have same > cores with non-zero dividers on 4 more hardware servers with different CPU > models. OK that's very useful info, thank you.

Re: Infinite loop after 39cc020af BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both()

2019-04-15 Thread Willy Tarreau
On Mon, Apr 15, 2019 at 12:46:05PM -0400, Richard Russo wrote: > After the weekend, the test machine looks fine. Thanks! Thank you for this positive feedback, Richard, much appreciated! Willy

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-15 Thread Willy Tarreau
Hi Maksim, On Thu, Apr 11, 2019 at 02:03:43PM +0200, Willy Tarreau wrote: > I tried to follow all paths that lead to a zero cur_eweight that I could > find and none of them leave the server in the tree. Then I tried to find > all cases where this entry is updated or used and all

Re: [PATCH] BUG/MEDIUM: map: Fix memory leak in the map converter

2019-04-15 Thread Willy Tarreau
Hi Nenad, On Fri, Apr 12, 2019 at 10:54:28PM +0200, Nenad Merdanovic wrote: > The allocated trash chunk is not freed properly and causes a memory leak > exhibited as the growth in the trash pool allocations. Bug was introduced > in commit 271022 (BUG/MINOR: map: fix map_regm with backref). Good

Re: v1.9.6 socket unresponsive with high cpu usage

2019-04-13 Thread Willy Tarreau
Hi William, On Tue, Apr 09, 2019 at 01:54:03PM +, William Dauchy wrote: > Hello, > > Probably a useless report as I don't have a lot information to provide, > but we faced an issue where the unix socket was unresponsive, with the > processes using all cpu (1600% with 16 nbthreads) > > I

Re: Bind socket not exists from time to time?

2019-04-11 Thread Willy Tarreau
On Thu, Apr 11, 2019 at 02:32:28PM -0400, francis Lavalliere wrote: > So just to be clear, there is only 1 service, using a Master -> Worker > config. > > The service is working since many hours (no doing any restart, simply > modification of the config and executing the hot-reload command)...

Re: `stats bind-process` broken

2019-04-11 Thread Willy Tarreau
On Thu, Apr 11, 2019 at 03:12:13PM -0400, Patrick Hemmer wrote: > In regards to deprecating `stats bind-process`, I think this would be > acceptable. I can't think of any issues that might arise from that. Though > I'm not sure what else is part of this frontend, which I'm gathering is some > sort

Re: `stats bind-process` broken

2019-04-11 Thread Willy Tarreau
On Thu, Apr 11, 2019 at 06:51:59PM +0200, Willy Tarreau wrote: > I'm leaning towards what I'd consider a cleaner and more future-proof > option consisting in deprecating "stats bind-process" in favor of "process" > on the stats line (which binds the listener i

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-11 Thread Willy Tarreau
On Thu, Apr 11, 2019 at 09:37:41PM +0500, ?? ? wrote: > Hello Willy! > > I hope i could find some cores still available and will search for them > tomorrow. Cool! > But since they could contain some sensitive information, its not a good > idea to share it right here on the mail

Re: `stats bind-process` broken

2019-04-11 Thread Willy Tarreau
Hi again, On Thu, Apr 11, 2019 at 06:24:47PM +0200, Willy Tarreau wrote: > Hi Patrick, > > On Thu, Apr 11, 2019 at 12:18:14PM -0400, Patrick Hemmer wrote: > > With haproxy 1.9.6 the `stats bind-process` directive is not working. Every > > connection to the socket is goin

Re: `stats bind-process` broken

2019-04-11 Thread Willy Tarreau
Hi Patrick, On Thu, Apr 11, 2019 at 12:18:14PM -0400, Patrick Hemmer wrote: > With haproxy 1.9.6 the `stats bind-process` directive is not working. Every > connection to the socket is going to a random process: > > Here's a simple reproduction: > Config: >    global >        nbproc 3 >       

Re: Bind socket not exists from time to time?

2019-04-11 Thread Willy Tarreau
Hello Francis, On Thu, Apr 11, 2019 at 11:20:57AM -0400, francis Lavalliere wrote: > Hello, > > Anyone else would have seen this behavior before? > I am currently using HAProxy 1.9.3 > > I have an "haproxy / consul template" that generate an haproxy-x.sock > file, from time to time when my

Re: [PATCH] MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL

2019-04-11 Thread Willy Tarreau
Hi Manu, On Wed, Apr 10, 2019 at 12:33:47PM +0200, Emmanuel Hocdet wrote: > If you can consider this patch. > BoringSSL actually mimic OpenSSL 1.1.0 and have OPENSSL_VERSION_NUMBER set > accordly. Applied, thanks! Willy

Re: [PATCH] MINOR: skip get_gmtime where tm is unused

2019-04-11 Thread Willy Tarreau
Hello Robin, On Wed, Apr 10, 2019 at 09:08:15PM +, Robin H. Johnson wrote: > For LOG_FMT_TS (%Ts), the tm variable is not used, so save some cycles > on the call to get_gmtime. Very good catch, thank you! Willy

Re: two maps with the same id

2019-04-11 Thread Willy Tarreau
, all versions since 1.5 have the same bug! Thanks! Willy >From 0f93672dfea805268d674c97573711fbff7e0e70 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 11 Apr 2019 14:47:08 +0200 Subject: BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity Pavlos Parissis reported a

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-11 Thread Willy Tarreau
Hi again, On Thu, Apr 11, 2019 at 11:53:28AM +0200, Willy Tarreau wrote: > > Got multiple incidents of failure with 1.9.6: > > Core was generated by `/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p > > /var/run/haproxy'. > > Program terminated with signal SIGFPE, Arit

Re: 1.9.6: SIGFPE in fwrr_update_position

2019-04-11 Thread Willy Tarreau
Hi Maxim, On Thu, Apr 04, 2019 at 02:22:59PM +0300, ?? ? wrote: > Hi, everybody! > > Got multiple incidents of failure with 1.9.6: > Core was generated by `/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p > /var/run/haproxy'. > Program terminated with signal SIGFPE, Arithmetic

Re: v1.9.6 high CPU usage

2019-04-11 Thread Willy Tarreau
Hi, On Wed, Apr 10, 2019 at 01:20:34PM -0700, LCF wrote: > Every few days I see some servers with few hundreds connections in > CLOSE_WAIT state for hours. I tried suggested earlier here - "show fd" to > construct a bug report but whenever I run "show fd" (echo 'show fd' | socat > stdio

Re: v1.9.x segfault on LIST_DEL(>wait_queue)

2019-04-11 Thread Willy Tarreau
Hi William, On Wed, Apr 10, 2019 at 06:00:28PM +, William Dauchy wrote: > Hello, > > We are seeing a quite regular segfault when haproxy v1.9 joins our cluster > and almost immediately crash with: > > #0 0x55b66f75c825 in do_unbind_listener > (listener=listener@entry=0x55b67206dcb0,

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-04 Thread Willy Tarreau
On Thu, Apr 04, 2019 at 12:48:55PM +, Overbey, Patrick (Sioux Falls) wrote: > That worked great. Thanks Willy! Nice, thanks for your feedback! Willy

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-03 Thread Willy Tarreau
On Wed, Apr 03, 2019 at 09:49:34PM +, Overbey, Patrick (Sioux Falls) wrote: > Actually, here is the error. The warning was just the last thing that printed > to the screen. > > In file included from /usr/include/netinet/tcp.h:113, > from include/common/compat.h:32, >

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-03 Thread Willy Tarreau
On Wed, Apr 03, 2019 at 08:40:35PM +, Overbey, Patrick (Sioux Falls) wrote: > It looks the same to me. Thanks. > > In file included from src/connection.c:17: > src/connection.c: In function '__initcb_1302': > include/common/initcall.h:128:11: warning: cast between incompatible function > ty

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-03 Thread Willy Tarreau
On Wed, Apr 03, 2019 at 08:20:50PM +, Overbey, Patrick (Sioux Falls) wrote: > Sorry, Willy. I'm still having the same troubles after the changes. Then there's something I'm missing because it works for me here (with and without the option, I verified that I had different symbols in the

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-03 Thread Willy Tarreau
Hi Patrick, On Wed, Apr 03, 2019 at 03:32:23PM +, Overbey, Patrick (Sioux Falls) wrote: > Hi Willy, > I brought down haproxy-1.9-1483198 through git, but am getting expansion of > macro errors during the compile using the same compile script that works with > 2.0. Any ideas what's wrong?

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-03 Thread Willy Tarreau
Hi Patrick, On Mon, Apr 01, 2019 at 09:27:46PM +, Overbey, Patrick (Sioux Falls) wrote: > Thanks. Can you let me know when the change is ported back to 1.9? OK so this is now in the 1.9-maint branch (commit 3349375). You can retrieve it with git, or if you wait another day you'll get a

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-02 Thread Willy Tarreau
Hi Jeffrey, On Tue, Apr 02, 2019 at 02:52:01PM +0800, Jeffrey Chen wrote: > Hi Willy, > I have test in cygwin, there haven't problem now. Many thanks for your feedback, much appreciated. Then given that this patch series fix the issue for both of you guys I'll backport it. Thanks! Willy

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-01 Thread Willy Tarreau
On Mon, Apr 01, 2019 at 07:50:20PM +, Overbey, Patrick (Sioux Falls) wrote: > Not really necessary since "aix52" works. Production servers should really be > AIX 7.1+ anyway. OK, thanks for the info. Willy

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-01 Thread Willy Tarreau
On Mon, Apr 01, 2019 at 07:05:04PM +, Overbey, Patrick (Sioux Falls) wrote: > I was able to compile HA-Proxy version 2.0-dev2-ce4ec50 2019/04/01 with these > options using an AIX 6.1.9 system and openssl 1.0.2q. Thank you! > > gmake CFLAGS="-maix64" LDFLAGS="-maix64" TARGET=aix52

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-01 Thread Willy Tarreau
On Mon, Apr 01, 2019 at 03:04:24PM +0200, Aleksandar Lazic wrote: > > I managed to build this version with openssl 1.0.2 support on a very > > old Power3/333 MHz running AIX 5.1 and to run an H2 test. This sounds > > a bit like an anachronism though :-) > > 8-O > >

Re: [PATCH] MINOR: ssl: Add aes_gcm_dec converter

2019-04-01 Thread Willy Tarreau
Hi Nenad, On Sat, Mar 23, 2019 at 11:00:32AM +0100, Nenad Merdanovic wrote: > The converter can be used to decrypt the raw byte input using the > AES-GCM algorithm, using provided nonce, key and AEAD tag. This can > be useful to decrypt encrypted cookies for example and make decisions > based on

Re: Upcoming haproxy build fixes for Cygwin & AIX

2019-04-01 Thread Willy Tarreau
On Mon, Apr 01, 2019 at 09:04:06AM +0800, ??? wrote: > Many thanks Willy, I will wait and to try and study your patch. You're welcome. So I've just pushed the latest fixes to the master branch. What I've done is the following : - enabled the new USE_OBSOLETE_LINKER option on both flavors of

Upcoming haproxy build fixes for Cygwin & AIX

2019-03-29 Thread Willy Tarreau
Hi, I finally could figure how to work around the issues with very old linkers. I could work on this using a very old AIX machine we have here running AIX 5.1, so now that my test code works on it, I'm fairly confident more recent versions will as well, and given that Jeffrey's errors on Cygwin

Re: [ANNOUNCE] haproxy-1.9.6

2019-03-29 Thread Willy Tarreau
Hi Aleks, On Fri, Mar 29, 2019 at 02:09:28PM +0100, Aleksandar Lazic wrote: > With openssl are 2 tests failed but I'm not sure because of the setup or a > bug. > https://gitlab.com/aleks001/haproxy19-centos/-/jobs/186769272 Thank you for the quick feedback. I remember about the first one being

[ANNOUNCE] haproxy-1.9.6

2019-03-29 Thread Willy Tarreau
ver-ciphersuites Radek Zajic (1): BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used. Ricardo Nabinger Sanchez (1): BUG/MAJOR: checks: segfault during tcpcheck_main William Lallemand (1): BUG/MEDIUM: mworker: don't free the wrong child when not found Wi

Re: [PATCH] BUG/MAJOR: segfault during tcpcheck_main

2019-03-29 Thread Willy Tarreau
Hi Ricardo, On Thu, Mar 28, 2019 at 10:15:41PM -0300, Ricardo Nabinger Sanchez wrote: > Hello, > > We have been chasing a segfault for a few weeks and today we were able > to track it down. There is a null-pointer dereferencing when using > tcp-check connect; although we don't know yet as to

Re: 400 SC on h2 xhr post

2019-03-28 Thread Willy Tarreau
Hi Maximilian, On Tue, Mar 26, 2019 at 03:15:47PM +, Maximilian Böhm wrote: (...) > >> I do have another legacy app (Jetty 8.1.9.v20130131) > Sorry guys, I've forgotten to test HTX. It works ? i.e.: > H1->h1: OK > H2->h1: Read timeout > H2->htx->h1: OK Many thanks for your quite detailed

Re: 1.9.5, SIGABRT

2019-03-28 Thread Willy Tarreau
On Thu, Mar 28, 2019 at 11:06:08AM +0100, William Lallemand wrote: > On Wed, Mar 27, 2019 at 10:23:44PM +0300, ?? ? wrote: > > Hi! Thank you very much, I'll test your patch and will write back tomorrow. > > > > Willy made me realize that my patch was wrong, so here another one. > >

Re: Strange "content-length" with http-use-htx

2019-03-28 Thread Willy Tarreau
Hi Guys, On Wed, Mar 27, 2019 at 04:28:37PM +0100, Christopher Faulet wrote: > After checking the haproxy output that you sent me, the error happens > because the content-length header is skipped when the request is sent to the > server. It is skipped because the POST is empty, so it is set to 0.

Re: [ANNOUNCE] haproxy-2.0-dev2

2019-03-27 Thread Willy Tarreau
Hi Pavlos! On Wed, Mar 27, 2019 at 09:57:32PM +0100, Pavlos Parissis wrote: > Have you considered enabling SO_INCOMING_CPU socket option in > order to increase data locality and CPU cache hits? No, really for our use case I'm not convinced at all by it, I'm only seeing risks of making things

Re: [PR] DOC: The option httplog is no longer valid in a backend.

2019-03-26 Thread Willy Tarreau
Hi, On Mon, Mar 25, 2019 at 02:23:03PM +, PR Bot wrote: > > This is an automated relay of the Github pull request: >DOC: The option httplog is no longer valid in a backend. Good catch, now merged. Thank you, Willy

Re: High p99 latency with HAProxy 1.9 in http mode compared to 1.8

2019-03-25 Thread Willy Tarreau
Hi Ashwin, On Mon, Mar 25, 2019 at 02:51:17PM -0700, Ashwin Neerabail wrote: > Hi Willy, > > I tested against the latest version in the haproxy source repo. > Things got significantly worse. Even median latencies have shot up to 150ms > ( compared to 4ms for haproxy 1.8) > p99 shot up above

[ANNOUNCE] haproxy-2.0-dev2

2019-03-25 Thread Willy Tarreau
Pierre Cheynier (1): BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites Radek Zajic (1): BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used. Tim Duesterhus (2): CLEANUP: http: Remove unreachable code in parse_

Re: H2 Protocol Errors in HTX Mode (1.9.4 & 1.9.4-dev)

2019-03-23 Thread Willy Tarreau
Hi Luke, On Sat, Mar 23, 2019 at 02:52:26PM +0100, Luke Seelenbinder wrote: > Hi Willy, > > I just upgraded to 1.9.5, and this bug is still present (but seems to be > somewhat diminished). On 1.9.4, approximately 5 of these images failed to > load, on 1.9.5, it's usually 1 or 2. So overall it

Re: [PATCH] MINOR: ssl: Add aes_gcm_dec converter

2019-03-23 Thread Willy Tarreau
Hi Nenad, On Sat, Mar 23, 2019 at 10:48:35AM +0100, Nenad Merdanovic wrote: > >CC src/ssl_sock.o > > src/ssl_sock.c: In function 'sample_conv_aes_gcm_dec': > > src/ssl_sock.c:9166:27: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first > > use in this function) > >

Re: High p99 latency with HAProxy 1.9 in http mode compared to 1.8

2019-03-22 Thread Willy Tarreau
Hi Ashwin, We have found the root cause of this. The H2 streams were not getting the fairness they deserved due to their wake-up ordering : it happened very often that a stream interrupted on a ux buffer full condition could be placed at the end of the list and/or its place preempted by another

Re: [PATCH] MINOR: ssl: Add aes_gcm_dec converter

2019-03-22 Thread Willy Tarreau
Hmmm sorry, but I'm getting this here : CC src/ssl_sock.o src/ssl_sock.c: In function 'sample_conv_aes_gcm_dec': src/ssl_sock.c:9166:27: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first use in this function) src/ssl_sock.c:9166:27: note: each undeclared identifier is reported only once

Re: [PATCH] MINOR: ssl: Add aes_gcm_dec converter

2019-03-22 Thread Willy Tarreau
Hi Nenad, On Fri, Mar 22, 2019 at 12:02:24PM +0100, Nenad Merdanovic wrote: > The converter can be used to decrypt the raw byte input using the > AES-GCM algorithm, using provided nonce, key and AEAD tag. This can > be useful to decrypt encrypted cookies for example and make decisions > based on

Re: [PATCH] BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used.

2019-03-22 Thread Willy Tarreau
Hi Radek, On Fri, Mar 22, 2019 at 10:21:54AM +, Radek Zajic wrote: > In lf_ip(), when LOG_OPT_HEXA modifier is used, there is a code to format the > IP address as a hexadecimal string. This code does not properly handle cases > when the IP address is IPv6. In such case, the code only prints

Re: [PATCH] ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites

2019-03-22 Thread Willy Tarreau
On Fri, Mar 22, 2019 at 11:26:31AM +0100, Emeric Brun wrote: > Hi Pierre, > > On 3/21/19 5:15 PM, Pierre Cheynier wrote: > > Any attempt to put TLS 1.3 ciphers on servers failed with output 'unable > > to set TLS 1.3 cipher suites'. > > > > This was due to usage of SSL_CTX_set_cipher_list

Re: 400 SC on h2 xhr post

2019-03-19 Thread Willy Tarreau
Hi Maximilian, On Tue, Mar 19, 2019 at 01:17:52PM +, Maximilian Böhm wrote: > 172.17.0.1:46372 [19/Mar/2019:12:10:43.465] [fntnd] [bknd] 0/0/0/-1/8 400 187 > - - CH-- 1/1/0/0/0 0/0 "POST [URL] HTTP/1.1" This one could indicate a client close while uploading the contents, but it could also

[ANNOUNCE] haproxy-1.9.5

2019-03-19 Thread Willy Tarreau
PI. BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global rq. BUG/MEDIUM: tasks: Make sure we wake sleeping threads if needed. MINOR: cfgparse: Add a cast to make gcc happier. Richard Russo (1): BUG/MAJOR: fd/threads, task/threads: ensure all spin locks

Re: Status Codes in H2 Mode

2019-03-19 Thread Willy Tarreau
On Tue, Mar 19, 2019 at 08:59:38AM -0400, Luke Seelenbinder wrote: > Makes sense, Willy. Thanks for continuing to investigate this. > > > I'm assuming that this is always reproducible with H2 on the front and > > H1 on the back. > > I have not tried it with H1 -> H1, but I assume that case works

Re: Status Codes in H2 Mode

2019-03-18 Thread Willy Tarreau
Hi Luke, On Mon, Mar 18, 2019 at 11:14:12AM -0400, Luke Seelenbinder wrote: (...) > If I disable HTX, everything flows per normal and the status codes are even > correctly -1. > > I've replicated this on 1.9.4, 1.9.x master, and 2.0-dev master branches. The > global "this will work" and "this

Re: High p99 latency with HAProxy 1.9 in http mode compared to 1.8

2019-03-18 Thread Willy Tarreau
Hi Ashwin, On Mon, Mar 18, 2019 at 10:57:45AM -0700, Ashwin Neerabail wrote: > Hi Willy, > > Thanks for the reply. > > My Test setup: > Client Server1 using local HAProxy 1.9 > 2 Backend servers and > Client Server2 using local HAProxy 1.8 > same 2 backend servers. > > I am measuring latency

Re: 1.9.4 Make issue on Cygwin

2019-03-14 Thread Willy Tarreau
Hi Jeffrey, On Fri, Mar 15, 2019 at 10:22:14AM +0800, ??? wrote: > Hi, > I'm trying to compile haproxy under cygwin but get problem. > > I have try google search to resolve the probme but can't get any. > > Have anyone can let me know what's wrong ? > > Jeffrey_Chen@jeffrey_chen

Re: stable-bot: WARNING: 42 bug fixes in queue for next release

2019-03-14 Thread Willy Tarreau
On Thu, Mar 14, 2019 at 02:15:07PM +, stable-...@haproxy.com wrote: > Last release 1.9.4 was issued on 2019/02/06. There are currently 42 patches > in the queue cut down this way: > - 1 BUG, first one merged on 2019/02/10 > - 6 MAJOR, first one merged on 2019/02/10 > - 20 MEDIUM,

Re: 1.9.2: Crash with 300% CPU and stuck agent-checks

2019-03-14 Thread Willy Tarreau
On Thu, Mar 14, 2019 at 11:43:54AM +0100, Louis Chanouha wrote: > Hello, > Did I miss something ? Sorry I never used GDB. > > +--? (gdb) p task_per_thread[0].task_list_size > cannot subscript something of type `' Ah sorry, I thought from your kind offer that you did :-) You first need to attach

Re: 1.9.2: Crash with 300% CPU and stuck agent-checks

2019-03-14 Thread Willy Tarreau
Louis, I'd be interested in checking the values of task_per_thread[X].task_list_size for each value of X between 0 and your number of threads minus 1. Example for 4 threads : (gdb) p task_per_thread[0].task_list_size $2 = 0 (gdb) p task_per_thread[1].task_list_size $3 = 0 (gdb) p

Re: 1.9.2: Crash with 300% CPU and stuck agent-checks

2019-03-14 Thread Willy Tarreau
Hello Louis, On Thu, Mar 14, 2019 at 10:34:05AM +0100, Louis Chanouha wrote: > Hello, > I seems that i have the same problem than Mark Janssen. > I did not restart so i still can do gdb debug. Quite interesting as well, thank you. Indeed it looks identical, with not all threads looping. I'm

Re: High CPU with Haproxy 1.9.4 (and 1.9.2)

2019-03-14 Thread Willy Tarreau
On Thu, Mar 14, 2019 at 10:34:46AM +0100, Mark Janssen wrote: > This was the 'show activity' info > > Show activity: > thread_id: 7 > date_now: 1552497125.537000 > loops: 1876310231 2198499593 29388065 2234235968 2189969792 23322503 11681489 > 1867345227 > wake_cache: 4699089 4475087 5332367

Re: High CPU with Haproxy 1.9.4 (and 1.9.2)

2019-03-13 Thread Willy Tarreau
On Wed, Mar 13, 2019 at 05:45:31PM +0100, Bruno Henc wrote: > Hello Nick, The guy was called "Mark", but I agree that 25% of the letters are right. > Haproxy-1.9 is acting strange under certain conditions, Huh ? What's this story ? haproxy-1.9 was released 4 months ago and is in stable status,

Re: High CPU with Haproxy 1.9.4 (and 1.9.2)

2019-03-13 Thread Willy Tarreau
Hi Mark, On Wed, Mar 13, 2019 at 02:08:15PM +0100, Mark Janssen wrote: > Hi, > > I've recenly switched a system over from 1.6.9, which has been running fine > for years, to 1.9.4. > I've updated the configuration to use nbthread instead of nbproc, and > cleaned up the config a lot. > > A few

Re: Website access problem

2019-03-13 Thread Willy Tarreau
Hi, On Wed, Mar 13, 2019 at 11:43:55AM +0800, ?? wrote: > Hi,I'm a guy from China, "HTTP" access to the site cannot be 301 permanent > jump to HTTPS; I have no idea what you are talking about. There is no such redirect in place. And your screenshots show nothing useful. What is the problem you

Re: [PATCH] BUILD/MINOR : WURFL fix for build problems

2019-03-11 Thread Willy Tarreau
Hi Paul, On Mon, Mar 11, 2019 at 01:00:24PM +0100, Paul Stephen Borile wrote: > Hi, > > in attach patch for : > - build fix for 1.9/2.0 code base (0001) > - removed deprecated methods (0001) > - enabled multithreading mode (0001) > - added point of contact in MAINTAINERS file (0004) > > Module

Re: haproxy segfault

2019-03-07 Thread Willy Tarreau
Hi Tim, On Fri, Mar 08, 2019 at 01:43:58AM +0100, Tim Düsterhus wrote: > Willy, > > Am 16.02.19 um 06:23 schrieb Willy Tarreau: > > On Tue, Feb 12, 2019 at 10:28:01PM +0100, Lukas Tribus wrote: > >>> Did this bug has been introduced in 1.9.4 ? > >>>

Re: [PATCH] BUG/MINOR: ssl: fix warning about ssl-min/max-ver support

2019-03-05 Thread Willy Tarreau
On Tue, Mar 05, 2019 at 11:14:32PM +0100, Lukas Tribus wrote: > In 84e417d8 ("MINOR: ssl: support Openssl 1.1.1 early callback for > switchctx") the code was extended to also support OpenSSL 1.1.1 > (code already supported BoringSSL). A configuration check warning > was updated but with the wrong

Re: Does anyone *really* use 51d or WURFL ?

2019-03-05 Thread Willy Tarreau
Hi all, back to this old thread : On Mon, Jan 21, 2019 at 03:36:22PM +0100, Willy Tarreau wrote: > I don't know if wurfl builds at all by the way since the last update to > the module is its introduction more than 2 years ago. So now at least I've got the response. This code doesn't

Re: [RFC PATCH] MEDIUM: compression: Add support for brotli compression

2019-03-04 Thread Willy Tarreau
On Mon, Mar 04, 2019 at 02:44:38PM +0100, Tim Düsterhus wrote: > One could limit the overall brotli resource usage by returning NULLs in > the custom allocator when the *total* (versus the per-stream) brotli > memory consumption exceeds a certain level. The handling of OOMs in the > remaining code

Re: [RFC PATCH] MEDIUM: compression: Add support for brotli compression

2019-03-04 Thread Willy Tarreau
Hi Tim, On Wed, Feb 27, 2019 at 01:23:28PM +0100, Tim Düsterhus wrote: > As mentioned in my reply to Aleks I don't have any numbers, because I > don't know to get them. My knowledge of both HAProxy's internals and C > is not strong enough to get those. > > The manpage documents this: > > >

Re: ACL, map: restrict access for dynamic hostname to some specific IPs

2019-03-04 Thread Willy Tarreau
Hi Guillaume, On Fri, Mar 01, 2019 at 12:33:57PM +0100, gdelafond+hapr...@aquaray.com wrote: > > On 9 Jan 2019, at 11:06, gdelafond+hapr...@aquaray.com wrote: > > > > Hello, > > > > I try to understand how to use the -M ACL flag. > > > > From the documentation : > > > > The "-M" flag allows

Re: Status Codes in H2 Mode

2019-03-04 Thread Willy Tarreau
On Mon, Mar 04, 2019 at 11:45:53AM +, Luke Seelenbinder wrote: > Hi Willy, > > > Do you have "option abortonclose" in your config ? > > We do not have abortonclose. Do you recommend this if we have a lot of > client-side request aborts (but not connection level closes)? From reading > the

Re: http2-issue with http2 enabled on frontend and on backend

2019-02-28 Thread Willy Tarreau
Hi Tom, On Wed, Feb 27, 2019 at 07:45:04AM +0100, Tom wrote: > Hi Willy > > I've applied your patch and now the website responds with http2..., many > thanks for this. > > The current situation looks like this: > > - When I directly connect with http2 to the nginx, which has >

Re: http/2 server-push support

2019-02-28 Thread Willy Tarreau
Hi Patrick, On Tue, Feb 26, 2019 at 02:13:28PM -0500, Patrick Hemmer wrote: > Now that we have h2 support on frontends, backends, trailers, etc, I'm > hoping that server side server-push is somewhere on the roadmap. By > "server side" I mean not this middleware based server-push methodology >

Re: %[] in use-server directives

2019-02-28 Thread Willy Tarreau
On Wed, Feb 20, 2019 at 10:43:22AM -0300, Joao Morais wrote: > Hi Bruno, thanks! Updating servers via api I'm currently using. From Willy > "in the past it was not possible to dynamically create servers" - so now I'm > wondering if there is a way or future plan to create a new server on an >

Re: H2 Protocol Errors in HTX Mode (1.9.4 & 1.9.4-dev)

2019-02-28 Thread Willy Tarreau
On Fri, Feb 22, 2019 at 01:35:19PM +0100, Luke Seelenbinder wrote: > Hi List, > > We recently started using HAProxy to act as a first point of entry for most > of our traffic. We initially set it up with H2 + HTX frontend and H1.1 > backend; however, this led to some strange behavior consistently

Re: Status Codes in H2 Mode

2019-02-28 Thread Willy Tarreau
Hi Luke, On Fri, Feb 22, 2019 at 10:03:12AM +, Luke Seelenbinder wrote: > Hi List, Willy, > > After transitioning to 1.9.4, I can say things are much more stable when > using h2 on the frontend. Thanks for all the bug fixes and patches since > 1.9.0! I'll be upgrading to 1.9.5 when it comes

Re: High p99 latency with HAProxy 1.9 in http mode compared to 1.8

2019-02-28 Thread Willy Tarreau
Ashwin, I've taken some time to read your tests completely now, and something bothers me : On Mon, Feb 25, 2019 at 11:11:08AM -0800, Ashwin Neerabail wrote: > > - by disabling server-side idle connections (using "pool-max-conn 0" on > > the server) though "http-reuse never" should be

Re: [RFC PATCH] MEDIUM: compression: Add support for brotli compression

2019-02-26 Thread Willy Tarreau
Hi Tim, On Tue, Feb 26, 2019 at 06:16:12PM +0100, Tim Düsterhus wrote: > Willy, > > Am 13.02.19 um 17:57 schrieb Tim Duesterhus: > > *snip* > > Are you able to give some (first, basic) feedback on this patch already? Not yet. In fact I don't know much what to think about it. The patch itself

Re: [PATCH 1/2] CLEANUP: http: Remove unreachable code in parse_http_req_capture

2019-02-26 Thread Willy Tarreau
both applied, thanks Tim. Willy

  1   2   3   4   5   6   7   8   9   10   >