Hi Willy,
Thanks for your comments.
1. About 'retries', I am not sure if it works for connect() failing
synchronously on the
local system (as opposed to getting a timeout/refused via callback). The
document
on retries says:
" is the number of times a connection attempt should be retried
on
Hi Krishna,
On Thu, Mar 09, 2017 at 12:03:19PM +0530, Krishna Kumar (Engineering) wrote:
> Hi Willy,
>
> We use HAProxy as a Forward Proxy (I know this is not the intended
> application for HAProxy) to access outside world from within the DC, and
> this requires setting a source port range for re
Hi Willy,
We use HAProxy as a Forward Proxy (I know this is not the intended
application for HAProxy) to access outside world from within the DC, and
this requires setting a source port range for return traffic to reach the
correct
box from which a connection was established. On our production box
Looks like just attempting to cleanly shutdown worked fine on an idle
system (~1000 servers, not all java),
I didn't notice an much of an increase in new sessions after the initial
connections. I also didn't notice any TIME_WAIT sockets lingering.
On Tue, Mar 7, 2017 at 10:24 PM, Willy Tarreau wr
Hi,
On Wed, Mar 08, 2017 at 10:09:25PM +0800, longhb wrote:
> [PATCH] BUG/MAJOR: stream: fix tcp half connection expire causes cpu 100%
>
> Repetition condition:
> haproxy config:
> global:
> tune.bufsize 10485760
> defaults
Hi Piotr,
On Wed, Mar 08, 2017 at 07:58:11PM +0100, Piotr Kubaj wrote:
> Could you give your opinion on my patches and commit them if they're fine?
Sorry for the delay but I'm really burried under e-mails and work-related
stuff at the moment. And since your patches will require some manual
handli
Could you give your opinion on my patches and commit them if they're fine?
On 17-02-15 15:46:23, Piotr Kubaj wrote:
> Thanks for the feedback. Could you keep me in CC? I'm not subscribed to the
> list.
>
> > I don't understand much, your e-mail talks about openssl and you're changing
> > a line
Hello Janusz,
2017-03-08 16:59 GMT+01:00 Janusz Dziemidowicz :
> Invalid OCSP file (for example empty one that can be used to enable
> OCSP response to be set dynamically later) causes errors that are
> placed on OpenSSL error stack. Those errors are not cleared so
> anything that checks this st
Invalid OCSP file (for example empty one that can be used to enable
OCSP response to be set dynamically later) causes errors that are
placed on OpenSSL error stack. Those errors are not cleared so
anything that checks this stack later will fail.
Following configuration:
bind :443 ssl crt crt1.pe
[PATCH] BUG/MAJOR: stream: fix tcp half connection expire causes cpu 100%
Repetition condition:
haproxy config:
global:
tune.bufsize 10485760
defaults
timeout server-fin 90s
timeout
On Wed, Mar 08, 2017 at 12:42:38PM +0100, Emmanuel Hocdet wrote:
> > However as I said to Thierry, please don't add "if (ptr)" before
> > a pool_free2(), we have the same semantics as free() which is a
> > NOP on NULL on all supported operating systems. If you want I can
> > change it myself and me
> Le 8 mars 2017 à 12:15, Willy Tarreau a écrit :
>
> On Wed, Mar 08, 2017 at 12:01:39PM +0100, Emmanuel Hocdet wrote:
>> No because the block can be truncated, sample must be stored in a variable
>> size buffer
>> to fix that. Do fingerprint earlier avoid such manipulation.
>> With this exampl
On Wed, Mar 08, 2017 at 12:01:39PM +0100, Emmanuel Hocdet wrote:
> No because the block can be truncated, sample must be stored in a variable
> size buffer
> to fix that. Do fingerprint earlier avoid such manipulation.
> With this example it's now easy to add another sample. I would do it as
> ne
> Le 7 mars 2017 à 19:49, Willy Tarreau a écrit :
>
> On Tue, Mar 07, 2017 at 07:09:30PM +0100, Emmanuel Hocdet wrote:
>> Use case is to send the fingerprint on backend and associate it with the user
>> agent or anything else to analyse the security level of the connection ,
>> detect man
>> in
14 matches
Mail list logo