Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Mildis
Aw, man ! My C skills are so rusted :) I’ll look at your comments and correct all this. BTW, a bit off-topic : have you looked at a code-review server like gerrit ? Quite useful for multi-round patchset submission like this one. -- Mildis Le 2015-10-10 15:49, Willy Tarreau a écrit : Hi,

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Willy Tarreau
On Sat, Oct 10, 2015 at 05:02:08PM +0200, Mildis wrote: > Aw, man ! > My C skills are so rusted :) > > I???ll look at your comments and correct all this. Thanks. > BTW, a bit off-topic : have you looked at a code-review server like > gerrit ? No but quite frankly I don't believe a single

Re: Interactive stats socket broken on master

2015-10-10 Thread Andrew Hayworth
Bump - I don't mind maintaining my own HAProxy package, but it seems bad to release a major version with the interactive stats socket broken. Any thoughts on the patch? On Tue, Oct 6, 2015 at 9:29 AM, Jesse Hathaway wrote: > On Fri, Oct 2, 2015 at 10:24 AM, Andrew

Re: Try request again if response body is empty?

2015-10-10 Thread Shawn Heisey
On 10/10/2015 12:31 AM, Willy Tarreau wrote: > Is the response closed when this happens (eg: server crash) ? If so, > we could add some sample fetches to detect that the request or response > channels are closed in case that could help. This is trivial to do, but > it will only be reliable if the

Re: [PATCH] MINOR: lua: fix a spelling error in some error messages

2015-10-10 Thread Willy Tarreau
Hi Vincent, On Tue, Oct 06, 2015 at 04:05:59PM +0200, Vincent Bernat wrote: > From: Vincent Bernat > > "unknown" was spelled "unkown". Applied, thanks! Willy

Re: fixup use_after_free in the pat_ref_delete_by_id

2015-10-10 Thread Willy Tarreau
Hi Peter, On Wed, Oct 07, 2015 at 12:07:43AM -0700, peter cai wrote: > I found there is use_after_free bug in the pat_ref_delete_by_id. > > diff --git a/haproxy/src/pattern.c b/haproxy/src/pattern.c > index 4bd6924..0bd35a7 100644 > --- a/haproxy/src/pattern.c > +++ b/haproxy/src/pattern.c > @@

Re: HA-Proxy IP ranges for acl

2015-10-10 Thread Willy Tarreau
On Fri, Oct 09, 2015 at 01:36:57PM +0300, Jarno Huuskonen wrote: > Hi, > > On Fri, Oct 09, Sébastien LECOMTE wrote: > [...] > > acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24 > > 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26 > > 91.237.72.4 > > [...] > > >

Re: req_ssl_ver ACL not working

2015-10-10 Thread Willy Tarreau
On Fri, Oct 09, 2015 at 05:05:12AM -0400, Julien Vehent wrote: > On 2015-10-08 18:24, Lukas Tribus wrote: > >Are you sure your TLSv1.2 client is actually sending > >jve.linuxwall.info as SNI value? I suggest to remove the > >SNI if statement while testing the TLS ACL. > > Argh... I can't count

Re: FW: HAProxy

2015-10-10 Thread Willy Tarreau
Hello Cédric, On Tue, Oct 06, 2015 at 01:56:41PM +, Cédric Petter wrote: > Bonjour > > First of all, if I need to explain in English, please tell me. Yes the list is in english, but I understood your problem so I'll put out a quick summary and will respond :-) > Je suis bloqué avec HAProxy

Re: [ANNOUNCE] haproxy-1.6-dev7

2015-10-10 Thread Willy Tarreau
On Tue, Oct 06, 2015 at 02:30:30PM +0200, Pavlos Parissis wrote: > > > On 06/10/2015 12:25 , Willy Tarreau wrote: > > Hi ladies and gentlemen! > > > > Things are calming down when I'm away from the keyboard, I'll start to > > think I'm really the only one who introduces bugs! > > > > Some

Re: Try request again if response body is empty?

2015-10-10 Thread Willy Tarreau
On Thu, Oct 08, 2015 at 12:27:07AM -0700, Joseph Lynch wrote: > Hi Shawn, > > I am pretty sure that HAProxy cannot retry requests themselves because > it does not know what side effects the request had. It can retry > connections but once the session is assigned it returns results or > fails. >

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Mildis
Here is a working patch for IPv6 literal with square brackets. Tested with : "2001:db8::1234:5678", "2001:db8::1234:5678:", "2001:db8::1234:5678:80", "2001:db8::1234:5678:80:", "::", ":::", ":::80", "[2001:db8::1234:5678]", "[2001:db8::1234:5678]:", "[2001:db8::1234:5678]:80", "[::]", "[::]:",

RE: req_ssl_ver ACL not working

2015-10-10 Thread Lukas Tribus
>> jve.linuxwall.info as SNI value? I suggest to remove the >> SNI if statement while testing the TLS ACL. > > Argh... I can't count the number of times forgetting -servername in > openssl s_client got me looking for a bug. This one included. > > "acl tls12 req.payload(9,2) -m bin 0303" works as

Re: req_ssl_ver ACL not working

2015-10-10 Thread Julien Vehent
On 2015-10-10 02:02, Willy Tarreau wrote: On Fri, Oct 09, 2015 at 05:05:12AM -0400, Julien Vehent wrote: On 2015-10-08 18:24, Lukas Tribus wrote: >Are you sure your TLSv1.2 client is actually sending >jve.linuxwall.info as SNI value? I suggest to remove the >SNI if statement while testing the

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Willy Tarreau
Hi, On Sat, Oct 10, 2015 at 01:50:46PM +0200, Mildis wrote: > Here is a working patch for IPv6 literal with square brackets. > Tested with : > "2001:db8::1234:5678", > "2001:db8::1234:5678:", > "2001:db8::1234:5678:80", > "2001:db8::1234:5678:80:", > "::", > ":::", > ":::80", >