[ANNOUNCE] haproxy-3.0-dev12

ndle crt-store keywords in crt-list over the CLI MINOR: ssl: ckch_conf_cmp() compare multiple ckch_conf structures MEDIUM: ssl: temporarily load files by detecting their presence in crt-store REGTESTS: ocsp-update: change the reg-test to support the new crt-store mode William Manle

Re: [PATCH] DOC: Update UUID references to RFC 9562

On Sun, May 12, 2024 at 05:08:34PM +0200, Tim Duesterhus wrote: > When support for UUIDv7 was added in commit > aab6477b67415c4cc260bba5df359fa2e6f49733 > the specification still was a draft. > > It has since been published as RFC 9562. Excellent timing ;-) Now merged, thank you Tim! Willy

[ANNOUNCE] haproxy-3.0-dev11

tid 0 must not sleep if got signal Willy Tarreau (24): MINOR: dynbuf: pass a criticality argument to b_alloc() MINOR: dynbuf: add functions to help queue/requeue buffer_wait fields MINOR: dynbuf: use the b_queue()/b_requeue() functions everywhere MEDIUM: dynbuf: make

Re: error HAproxy with Galera Cluster v4

Hello, On Fri, May 10, 2024 at 12:00:17PM +, Iglesias Paz, Jaime wrote: > Hey guys, I have a problem with HAProxy and Galera Cluster v4 MySQL (3 > nodes). I boot the HAProxy server and it returns the following error: > > may 10 13:48:20 phaproxysql1 haproxy[661]: Proxy stats started. > may

Re: [PATCH] FEATURE: Adding MPTCP with option to disable it and fall-back to TCP

On Wed, May 08, 2024 at 01:19:22PM +, Dorian Craps wrote: > first of all, thank you for your interest. > > I already made a version with an option to enable MPTCP > -https://github.com/CrapsDorian/haproxy/pull/1 > > I'm working on a new version with "mptcp@address" as Willy requested. OK,

Re: [PR] fix show-sess-to-flags.sh cob fd state

Hi! On Tue, May 07, 2024 at 02:23:02AM +, PR Bot wrote: > Author: zhibin.zhu > Number of patches: 1 > > This is an automated relay of the Github pull request: >fix show-sess-to-flags.sh cob fd state (...) > From 95be08c6f4f382ec1b0e34765d4c1f09ddcdebb6 Mon Sep 17 00:00:00 2001 > From:

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

On Sun, May 05, 2024 at 01:43:33PM +0200, ??? wrote: > updated patches. Cool, thanks, now applied. > I'll address reorg to "compat.h" a bit later, once it is settled in my head No worries, I've seen your other comment about the need to include pthread.h, and this alone would be a good

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

On Sun, May 05, 2024 at 11:15:24AM +0200, ??? wrote: > ??, 5 ??? 2024 ?. ? 10:42, Willy Tarreau : > > > On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote: > > > On 05. 05. 2024. 08:32, Willy Tarreau wrote: > > > > On Sun,

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote: > On 05. 05. 2024. 08:32, Willy Tarreau wrote: > > On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote: > >> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac : > >>> I think that this pat

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

On Sun, May 05, 2024 at 08:52:08AM +0200, ??? wrote: > > I'm wondering what the point of defining _POSIX_THREAD_CPUTIME can be > > then :-/ > > > > Just guessing, are you sure you're building with -pthread -lrt ? Just in > > case, please double-check with V=1. Solaris sets USE_RT, but

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote: > ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac : > > > On 04. 05. 2024. 17:36, Ilya Shipitsin wrote: > > > this function is considered optional for POSIX and not implemented > > > on Illumos > > > > > > Reference: > >

[ANNOUNCE] haproxy-3.0-dev10

) to ckch_store_new_load_files_path() MINOR: ssl: rename ocsp_update.http_proxy into ocsp-update.httpproxy Willy Tarreau (1): BUG/MINOR: stconn: don't wake up an applet waiting on buffer allocation ---

Re: [PATCH 0/2] CI fixes, spelling cleanup

On Tue, Apr 30, 2024 at 04:11:25PM +0200, Ilia Shipitsin wrote: > NetBSD image was updated to 10.0, pcre2 is available out > of box now (...) Both merged now, thank you Ilya! Willy

Re: Question on deleting cookies from an HTTP request

Hi, On Sat, Apr 27, 2024 at 02:06:54AM +0200, Aleksandar Lazic wrote: > Hi Lokesh. > > On 2024-04-27 (Sa.) 01:41, Lokesh Jindal wrote: > > Hey folks > > > > I have found that there is no operator "del-cookie" in HAProxy to delete > > cookies from the request. (HAProxy does support the operator

[ANNOUNCE] haproxy-3.0-dev9

William Lallemand (3): BUILD: ssl: use %zd for sizeof() in ssl_ckch.c REGTESTS: use -dI for insecure fork by default in the regtest scripts BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null Willy Tarreau (8): BUILD: stick-tables: silence

Re: [PATCH 2/3] MINOR: Add `ha_generate_uuid_v7`

On Thu, Apr 25, 2024 at 08:15:30PM +0200, Tim Düsterhus wrote: > Hi > > On 4/24/24 08:39, Willy Tarreau wrote: > > Just thinking about all the shifts above, I think you could have > > gone through less efforts by acting on 64-bit randoms (less shifts). > > But

Re: [PATCH] FEATURE: Adding MPTCP with option to disable it and fall-back to TCP

Hi! On Wed, Apr 24, 2024 at 05:45:03PM +0200, Nicolas CARPi wrote: > Hello, > > On 24 Apr, Dorian Craps wrote: > > This attached patch uses MPTCP by default instead of TCP on Linux. > The backward compatibility of MPTCP is indeed a good point toward > enabling it by default. Nonetheless, I

Re: Fwd: [PATCH] MEDIUM: shctx naming shared memory context

On Wed, Apr 24, 2024 at 09:53:04AM +0100, David CARLIER wrote: > -- Forwarded message - > From: David CARLIER > Date: Wed, 24 Apr 2024 at 07:56 > Subject: Re: [PATCH] MEDIUM: shctx naming shared memory context > To: Willy Tarreau > > > Here a

Re: [PATCH] MEDIUM: shctx naming shared memory context

Hi David, On Sat, Apr 20, 2024 at 07:33:16AM +0100, David CARLIER wrote: > From d49d9d5966caead320f33f789578cb69f2aa3787 Mon Sep 17 00:00:00 2001 > From: David Carlier > Date: Sat, 20 Apr 2024 07:18:48 +0100 > Subject: [PATCH] MEDIUM: shctx: Naming shared memory context > > From Linux 5.17,

Re: [PATCH 2/3] MINOR: Add `ha_generate_uuid_v7`

Hi Tim! On Fri, Apr 19, 2024 at 09:01:26PM +0200, Tim Duesterhus wrote: > +/* Generates a draft-ietf-uuidrev-rfc4122bis-14 version 7 UUID into chunk > + * which must be at least 37 bytes large. > + */ > +void ha_generate_uuid_v7(struct buffer *output) > +{ > + uint32_t rnd[3]; > +

Re: [PATCH 0/3] Add support for UUIDv7

Hi Tim, On Tue, Apr 23, 2024 at 09:03:32PM +0200, Tim Düsterhus wrote: > Hi > > On 4/19/24 21:07, Willy Tarreau wrote: > > it! I'll have a look on Monday, I'm really done for this week, need to > > Monday is gone. So here's a friendly reminder :-) Yeah and I'm sorry, my

Re: Changes in HAProxy 3.0's Makefile and build options

On Sat, Apr 20, 2024 at 03:11:19PM +0200, ??? wrote: > ??, 20 ???. 2024 ?. ? 15:07, Willy Tarreau : > > > On Sat, Apr 20, 2024 at 02:49:38PM +0200, ??? wrote: > > > ??, 11 ???. 2024 ?. ? 21:05, Willy Tarreau : > > > > > > > Hi Ilya, >

Re: Changes in HAProxy 3.0's Makefile and build options

On Sat, Apr 20, 2024 at 02:49:38PM +0200, ??? wrote: > ??, 11 ???. 2024 ?. ? 21:05, Willy Tarreau : > > > Hi Ilya, > > > > On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > > > do you know maybe how this was supposed to work ? > >

Re: [PATCH 0/3] Add support for UUIDv7

Hi Tim! On Fri, Apr 19, 2024 at 09:01:24PM +0200, Tim Duesterhus wrote: > Willy, > > as requested in the thread "[ANNOUNCE] haproxy-3.0-dev7": > > > Regarding UUIDs, though, I've recently come across UUIDv7 which I found > > particularly interesting, and that I think would be nice to implement

[ANNOUNCE] haproxy-3.0-dev8

n forbidden character on wrong value BUG/MINOR: ssl: fix crt-store load parsing MEDIUM: ssl: support a named crt-store section MEDIUM: ssl: crt-base and key-base local keywords for crt-store MAJOR: ssl: use the msg callback mecanism for backend connections MINOR: ssl: i

Re: [PATCH 0/1] CI: switch to more recent macos version(s)

On Fri, Apr 19, 2024 at 07:16:44AM +0200, Ilya Shipitsin wrote: > let's modernize macos CI build matrix since macos-14 is available Merged, thank you Ilya! willy

Re: [PATCH 0/2] CI cleanup, spell fixes

On Sun, Apr 14, 2024 at 09:23:50AM +0200, Ilya Shipitsin wrote: > the main part is reducing ASAN_OPTIONS scope, it was supposed > only to capture output of vtests, accidently it covered "config smoke tests" > as well (...) Both merged, thank you Ilya! willy

Re: [PATCH] MINOR: cli: add option to modify close-spread-time

Hi Abhijeet, On Mon, Apr 15, 2024 at 09:48:25PM -0700, Abhijeet Rastogi wrote: > Hi Willy, > > Thank you for your patience with my questions. You're welcome! > > It happens that the global struct is only changed during startup > > I used cli_parse_set_maxconn_global as a reference for my

Re: [PATCH] MINOR: cli: add option to modify close-spread-time

Hi Abhijeet, On Mon, Apr 08, 2024 at 08:11:28PM -0700, Abhijeet Rastogi wrote: > Hi HAproxy community, > > Let's assume that HAproxy starts with non-zero values for close-spread-time > and hard-stop-after, and soft-stop is used to initiate the shutdown during > deployments. > There are times

Re: Changes in HAProxy 3.0's Makefile and build options

Hi Tristan, On Fri, Apr 12, 2024 at 07:38:18AM +, Tristan wrote: > Hi Willy, > > > On 11 Apr 2024, at 18:18, Willy Tarreau wrote: > > > > Some distros simply found that stuffing their regular CFLAGS into > > DEBUG_CFLAGS or CPU_CFLAGS does the trick most of

Re: [PATCH 0/1] CI: revert entropy hack

On Sat, Apr 13, 2024 at 09:50:33AM +0200, ??? wrote: > It has been resolved on image generation side > https://github.com/actions/runner-images/issues/9491 > > It is no harm to keep it on our side as well, but we can drop it Perfect, now merged, thank you Ilya! Willy

Re: [PR] DOC: management: fix typos

On Fri, Apr 12, 2024 at 10:23:02AM +, PR Bot wrote: > Dear list! > > Author: Andrey Lebedev > Number of patches: 1 > > This is an automated relay of the Github pull request: >DOC: management: fix typos (...) Now merged, thank you Andrey! Willy

Re: [PATCH 0/1] CI: revert entropy hack

On Fri, Apr 12, 2024 at 12:42:51PM +0200, ??? wrote: > ping :) Ah thanks for the reminder. I noticed it a few days ago and I wanted to ask you to please include a commit message explaining why it's no longer necessary. We don't need much, just to understand the rationale for the removal.

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

On Fri, Apr 12, 2024 at 05:01:07PM +0200, Amaury Denoyelle wrote: > On Fri, Apr 12, 2024 at 03:37:56PM +0200, Willy Tarreau wrote: > > Hi! > > On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > > > An attach-srv config line usually looks like this: > &g

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

Hi! On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > An attach-srv config line usually looks like this: > > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) > > The name is a key that is used when looking up connections in the > connection pool. Without this patch

Re: Changes in HAProxy 3.0's Makefile and build options

Hi Ilya, On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > do you know maybe how this was supposed to work ? > haproxy/Makefile at master · haproxy/haproxy (github.com) > That's this: ifneq ($(shell $(CC) $(CFLAGS)

Re: [PATCH] BUG/MINOR: server: fix slowstart behavior

Hi Damien, On Tue, Apr 09, 2024 at 03:37:07PM +, Damien Claisse wrote: > We observed that a dynamic server which health check is down for longer > than slowstart delay at startup doesn't trigger the warmup phase, it > receives full traffic immediately. This has been confirmed by checking >

Changes in HAProxy 3.0's Makefile and build options

Hi all, after all the time where we've all been complaining about the difficulty to adjust CFLAGS during the build, I could tackle the problem for a first step in the right direction. First, let's start with a bit of history to explain the situation and why it was bad. Originally, a trivial

Re: [PR] Add destination ip as source ip

On Wed, Apr 10, 2024 at 03:28:06PM +0200, Christopher Faulet wrote: > Hi, > > Thanks. I have few comments. > > First, your commit message must follow rules of CONTRIBUTING file. The > commit subject must mention a level (here MINOR) and a scope (here > connection). Then a commit message must be

Re: [ANNOUNCE] haproxy-3.0-dev7

Hi Ilya, On Sun, Apr 07, 2024 at 08:34:18PM +0200, ??? wrote: > ??, 6 ???. 2024 ?. ? 17:53, Willy Tarreau : > > - a new "guid" keyword was added for servers, listeners and proxies. > > The purpose will be to make it possible for external APIs to assign

[ANNOUNCE] haproxy-3.0-dev7

stemd: enable USE_SYSTEMD by default with TARGET=linux-glibc Willy Tarreau (11): BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task BUG/MINOR: backend: properly handle redispatch 0 BUG/MEDIUM: stick-table: use the update lock when reading tables

Re: git clone git.haproxy.git with curl-8.7.1 failing writing received data

Hi Bertrand! On Fri, Apr 05, 2024 at 07:27:28PM +0100, Bertrand Jacquin wrote: > Hi, > > For the last few days, I've been unable to git clone > https://git.haproxy.org/git/haproxy.git with curl-8.7.1, where I'm getting > the following error: > > $ GIT_TRACE=1 git fetch

Re: [PATCH] DOC: configuration: grammar fixes for strict-sni

Hi Nicolas, On Wed, Apr 03, 2024 at 01:52:22PM +0200, Nicolas CARPi wrote: > Hello, > > Please find attached a little patch for the "strict-sni" configuration > documentation, which had incorrect grammar. Now merged, thank you! Willy

Re: [PATCH 0/1] CI: extend Fedora Rawhide to run x86 bit as well

On Wed, Apr 03, 2024 at 08:56:21PM +0200, Ilya Shipitsin wrote: > it seems to be the easiest to build "m32" on Fedora comparing to Ubuntu, let's > stick on that for a while OK, now merged, we'll see. Thank you! Willy

Re: Error While deviceatlas 3.2.2 and haproxy 2.9.6 make from source

On Wed, Apr 03, 2024 at 06:21:22AM +0100, David CARLIER wrote: > Hi all, > > Thanks for your report. This is a known issue the 3.2.3 release is > scheduled within this month. Even better :-) Thanks David! Willy

Re: Error While deviceatlas 3.2.2 and haproxy 2.9.6 make from source

Hello, On Wed, Apr 03, 2024 at 05:21:03AM +0530, Mahendra Patil wrote: > /opt/deviceatlas/Src//dac.c: In function âtoverdecâ: > /opt/deviceatlas/Src//dac.c:714:13: warning: implicit declaration of > function â__builtin_sadd_overflowâ [-Wimplicit-function-declaration] > if

Re: [PATCH 0/1] CI improvement, display coredumps if any

On Wed, Mar 27, 2024 at 04:49:53PM +0100, Ilya Shipitsin wrote: > it is pretty rare case, however displaying "bt" may provide some ideas what > went wrong Applied, thanks Ilya! I think this will sometimes be quite helpful because till now it was only "grrr... sig11 and we don't know why". Willy

Re: [PATCH 1/2] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4)

Hi Tim! On Fri, Mar 29, 2024 at 05:12:47PM +0100, Tim Duesterhus wrote: > Introduced in: > > dfb1cea69 REGTESTS: promex: Adapt script to be less verbose > 36d936dd1 REGTESTS: write a full reverse regtest > b57f15158 REGTESTS: provide a reverse-server test with name argument > f0bff2947 REGTESTS:

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Mon, Apr 01, 2024 at 11:47:54AM -0400, Anthony Deschamps wrote: > Hi Willy, > > Those changes are easy enough to make, so I've attached the patch again > with those changes. I had to make a few small adjustments to the commit > message anyway (some things that changed as a result

Re: Help tracking "connection refused" under pressure on v2.9

Hi Ricardo, On Thu, Mar 28, 2024 at 06:21:16PM -0300, Ricardo Nabinger Sanchez wrote: > Hi Willy, > > On Thu, 28 Mar 2024 04:37:11 +0100 > Willy Tarreau wrote: > > > Thanks guys! So there seems to be an annoying bug. However I'm not sure > > how this is related

Re: Help tracking "connection refused" under pressure on v2.9

On Wed, Mar 27, 2024 at 02:26:47PM -0300, Ricardo Nabinger Sanchez wrote: > On Wed, 27 Mar 2024 11:06:39 -0300 > Felipe Wilhelms Damasio wrote: > > > kernel: traps: haproxy[2057993] trap invalid opcode ip:5b3e26 > > sp:7fd7c002f100 error:0 in haproxy[42c000+1f7000] > > We managed to get a core

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi again Anthony, I'm still having a few comments, but I think nothing that I cannot address while merging it: On Wed, Mar 13, 2024 at 12:33:54PM -0400, Anthony Deschamps wrote: > +static inline u32 chash_compute_server_key(struct server *s) > +{ > + u32 key = 0; > + struct

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Sun, Mar 24, 2024 at 10:11:41PM -0400, Anthony Deschamps wrote: > Hi Willy, > > I'm just checking in to see if there's anything left I can help address here. Thanks for the ping and sorry for the delay. It just fell through the cracks in the middle of all other stuff I'm

[ANNOUNCE] haproxy-3.0-dev6

n: clarify ciphersuites usage (V2) MEDIUM: ssl: initialize the SSL stack explicitely MEDIUM: ssl: allow to change the OpenSSL security level from global section CLEANUP: ssl: remove useless #ifdef in openssl-compat.h CI: github: add -DDEBUG_LIST to the default builds

Re: About the SPOE

Hi Lokesh, On Tue, Mar 26, 2024 at 12:10:53AM +, Lokesh Jindal wrote: > Hey Willy > > Resending this email in case you missed the last one. Let me know if you had > any follow up questions/comments. > I saw https://github.com/haproxy/haproxy/issues/2502 created by Christopher - > looking

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Thu, Mar 21, 2024 at 10:58:17AM +0100, William Lallemand wrote: > On Thu, Mar 21, 2024 at 05:34:12PM +0800, Richard Chan wrote: > > Yes I would be happy to include HAProxy with pkcs11-provider examples. > > > > Great, thank you! > > I made a `PKCS11 provider` >

Re: [PATCH 0/2] CI entropy adjust (clang asan fix) and spell fixes

On Sun, Mar 17, 2024 at 05:01:37PM +0100, Ilia Shipitsin wrote: > couple of patches > 1) spell fixes > 2) CI sysctl to make new ubuntu kernels and asan friends again Now merged, thanks for dealing with this Ilya. I understood from the GH issue that we can hope to remove it by the end of this

Re: About the SPOE

Hi Lokesh, Abhijeet, Alex, First, thanks for jumping into this thread, the purpose of the deprecation is in a big part to try to collect the requirements of possibly existing users. Mind you that the rare times we hear about SPOE is only because of problems, so it's difficult to figure what to

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Wed, Mar 13, 2024 at 12:33:54PM -0400, Anthony Deschamps wrote: > Hi Willy, > > My original concern was that if two servers had values of lb_server_key > that are close to each other, then there could be some overlap in their > values of lb_server_key + node_index;, which is why I

Re: Fix haproxy build on recent FreeBSD

On Mon, Mar 11, 2024 at 07:00:26PM +0100, Willy Tarreau wrote: > On Mon, Mar 11, 2024 at 05:56:35PM +, Brooks Davis wrote: > > > OK that works for me. Do you want to send a new patch or should I adapt > > > yours ? If you have a 12 somewhere that would save me time to veri

Re: Revisiting CVE-2023-45539

them anyway. Hoping this helps, Willy >From 4e98c0c1d36104ed426d3b198a176e1a5df814fa Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 8 Aug 2023 16:17:22 +0200 Subject: BUG/MINOR: h1: do not accept '#' as part of the URI component Seth Manesse and Paul Plasil reported that the "

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Tue, Mar 12, 2024 at 07:10:42PM -0400, Anthony Deschamps wrote: > Hi Willy, > > Thanks for the feedback. I had been testing with smaller numbers of > servers (usually between 4 and 32) so I hadn't noticed the performance > impact. Not surprised. I'm used to testing with some

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi again Anthony, First comment, thanks for the patch, it's of very good quality! I'm having *one* problem with it, below: > /* Adjust the number of entries of a server in its tree. The server must > appear > * as many times as its weight indicates it. If it's there too often, we > remove >

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

On Mon, Mar 11, 2024 at 11:24:34PM -0400, Anthony Deschamps wrote: > Sorry for the trouble! I'll have to sort out what's happening. No problem, some mailers are well-known for mangling what looks like text. > Here it is as an attachment. Looks good as-is, thank you! I'll review it (hopefully

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Mon, Mar 11, 2024 at 08:58:17PM -0400, Anthony Deschamps wrote: > > I'm not sure the scripts will help me (at least :-)). I was thinking that > > a test could just be "set server XXX addr YYY" on the CLI to change the > > server's address and verify that the hashing follows the

Re: Fix haproxy build on recent FreeBSD

On Mon, Mar 11, 2024 at 05:56:35PM +, Brooks Davis wrote: > > OK that works for me. Do you want to send a new patch or should I adapt > > yours ? If you have a 12 somewhere that would save me time to verify I > > don't mess up with the ifdefs, otherwise I can probably handle it and > > we'll

Re: [RFC] Allow disabling abstract unix socket paths NUL-padding

Hi Tristan, On Sat, Mar 09, 2024 at 04:20:21PM +, Tristan wrote: > To be honest, I don't think this is unfixable. It's just a matter of how > much code change we think is acceptable for it. I don't mind about the amount of changes. "we've always done it like this" is never a valid excuse to

[ANNOUNCE] haproxy-3.0-dev5

exit or using ocsp CLI BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist DOC: configuration: clarify ciphersuites usage BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description Willy Tarreau (12): BUG/MINOR: tools: seed the statistical PRNG slightly bette

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Wed, Feb 21, 2024 at 11:49:45AM -0500, Anthony Deschamps wrote: > Hi Willy, thanks for the thoughtful feedback. > > Here's a new patch that makes this configurable via a "hash-key" server > argument, which defaults to "id" as you suggested. Thanks. > I'm struggling to test the

Re: [PATCH] MINOR: lb-chash: Respect maxconn when selecting a server

Hi Anthony, it seems I forgot about this thread, being sidetracked on other stuff... On Wed, Feb 21, 2024 at 04:41:04PM -0500, Anthony Deschamps wrote: > Hi Willy, > > I wonder if I could accomplish what I'm looking to do by changing the > behaviour of "maxqueue" (without making a breaking

Re: [PR] BUILD: solaris: fix compilation errors

On Tue, Feb 27, 2024 at 10:23:02AM +, PR Bot wrote: > Dear list! > > Author: matthias sweertvaegher <178714+mx...@users.noreply.github.com> > Number of patches: 1 > > This is an automated relay of the Github pull request: >BUILD: solaris: fix compilation errors Now merged, thank you

Re: Fix haproxy build on recent FreeBSD

Hi Brooks, On Fri, Mar 08, 2024 at 09:47:39PM +, Brooks Davis wrote: > On Fri, Mar 08, 2024 at 06:19:42PM +0100, Willy Tarreau wrote: > > Hi Dmitry, > > > > first, sorry for the long delay but these days I've been drained in a > > bunch of meetings and reviews

Re: [RFC] Allow disabling abstract unix socket paths NUL-padding

On Fri, Mar 08, 2024 at 05:38:32PM +, Tristan wrote: > Hi Willy, > > On 08/03/2024 17:05, Willy Tarreau wrote: > > We could just have "abns2" and declare that it's the second version of the > > abns format and know that this one is interoperable with a

Re: Fix haproxy build on recent FreeBSD

Hi Dmitry, first, sorry for the long delay but these days I've been drained in a bunch of meetings and reviews that took more time than I expected! On Wed, Feb 28, 2024 at 11:06:00PM +0300, Dmitry Sivachenko wrote: > Hello! > > Recently FreeBSD has moved some things out from libc to libsys (see

Re: [RFC] Allow disabling abstract unix socket paths NUL-padding

Hi Tristan, On Wed, Mar 06, 2024 at 07:32:55AM +, Tristan wrote: > Hello, > > Earlier, I ran into the issue outlined in > https://github.com/haproxy/haproxy/issues/977 > > Namely, that HAProxy will NUL-pad (as suffix) abstract unix socket paths, > causing interop issues with other programs.

Re: [PATCH 1/1] CI: skip scheduled builds on forks

On Wed, Feb 21, 2024 at 05:05:39PM +0100, Ilya Shipitsin wrote: > tracking bleeding edge changes with some rare platforms or modern > compilers on scheduled basis is not what usually forks do. let's > skip by default in forks, if some fork is interested, it might be > enabled locally Thank you!

Re: [PATCH 1/1] CI: enable monthly build only test on netbsd-9.3

On Mon, Feb 19, 2024 at 10:14:59PM +0100, Ilya Shipitsin wrote: > it is interesting to try https://github.com/vmactions/netbsd-vm actions Now merged, thanks! Willy

Re: [PATCH 1/1] CI: run more smoke tests on config syntax to check memory related issues

On Sat, Feb 17, 2024 at 08:42:28PM +0100, Ilya Shipitsin wrote: > config syntax check seems add a value on testing code path not > covered by VTest, also checks are very fast Applied, thanks! We'll see if it triggers anything, that could indeed be helpful. Willy

Re: [PATCH] CLEANUP: assorted typo fixes in the code and comments

On Thu, Feb 22, 2024 at 10:12:27AM +0100, Ilya Shipitsin wrote: > This is 39th iteration of typo fixes Now merged, thank you! I split it in two because the one on resolvers and stick-tables directly affects the code (it renames a function argument) and I want to make it easy to drop it in case

Re: [PATCH 0/1] CI: additional ASAN smoke tests

Hi Ilya, On Mon, Mar 04, 2024 at 10:41:12PM +0100, ??? wrote: > ping :) sorry, I wanted to double-check with others but forgot. Will do ASAP, thanks! Willy

[ANNOUNCE] haproxy-3.0-dev4

c (1): MINOR: ssl: Call callback function after loading SSL CRL data Nicolas CARPi (1): DOC/MINOR: userlists: mention solutions to high cpu with hashes Remi Tricot-Le Breton (1): BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ong

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

On Fri, Feb 16, 2024 at 05:03:56PM -0500, Anthony Deschamps wrote: > >From a031cf97da759eb2c2f9b6e191065ad503f821ed Mon Sep 17 00:00:00 2001 > From: Anthony Deschamps > Date: Fri, 16 Feb 2024 16:00:35 -0500 > Subject: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server > address

Re: [PATCH] MINOR: lb-chash: Respect maxconn when selecting a server

Hi Anthony, On Tue, Feb 13, 2024 at 07:49:06PM -0500, Anthony Deschamps wrote: > >From 3fc983b719bd4d8af80037c36e7032e0af383557 Mon Sep 17 00:00:00 2001 > From: Anthony Deschamps > Date: Tue, 13 Feb 2024 18:11:56 -0500 > Subject: [PATCH] MINOR: lb-chash: Respect maxconn when selecting a server >

[ANNOUNCE] haproxy-2.8.6

DOC: configuration: typo req.ssl_hello_type BUG/MINOR: mworker/cli: fix set severity-output support BUG/MINOR: resolvers: default resolvers fails when network not configured MINOR: errors: ha_alert() and ha_warning() uses warn_exec_path() Willy Tarreau (23): MINOR:

Re: [PATCH] DOC/MINOR: userlists: musl performance

On Mon, Feb 12, 2024 at 06:42:25PM +0100, Lukas Tribus wrote: > On Mon, 12 Feb 2024 at 18:10, Nicolas CARPi wrote: > > > > Dear Lukas, Willy, > > > > Please find another patch attached, addressing your comments. > > > > Willy: s/gcc/glibc/ > > > > Lukas: I shifted the focus on the rounds/cost

[ANNOUNCE] haproxy-2.9.5

he store during deinit BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" REGTESTS: ssl: Fix empty line in cli command input REGTESTS: ssl: Add OCSP related tests BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" w

Re: [PATCH] DOC/MINOR: userlists: musl performance

Hi Nicolas, On Mon, Feb 12, 2024 at 02:13:18PM +0100, Nicolas CARPi wrote: > Hello everyone, > > Please find attached my very first patch to the documentation. Hope I > did everything good! :) Thank you! I have one comment below: > + Furthermore, there is a significant performance penalty

[ANNOUNCE] haproxy-3.0-dev3

related tests REGTESTS: ssl: Fix empty line in cli command input Thayne McCombs (1): DOC: configuration: clarify http-request wait-for-body Tim Duesterhus (1): CI: Update to actions/cache@v4 William Lallemand (3): MINOR: ssl: add HAVE_SSL_0RTT constant MINOR: ssl:

Re: [PATCH] CI: Update to actions/cache@v4

Hi Tim! On Thu, Feb 08, 2024 at 07:55:23PM +0100, Tim Duesterhus wrote: > No functional change, but this upgrade is required, due to the v3 runtime > being > deprecated: > > > Node.js 16 actions are deprecated. Please update the following actions to > > use > > Node.js 20: actions/cache@v3.

Re: pcre vs pcre2, which one to use?

On Wed, Feb 07, 2024 at 07:07:13PM -0800, Abhijeet Rastogi wrote: > Hi Willy, > > Thanks for the quick clarification. I've sent a patch. > > I also changed the "Quick build & install" section in the INSTALL doc to > use USE_PCRE2, so folks don't accidently use the older version. I hope that >

Re: pcre vs pcre2, which one to use?

Hi Abhijeet, On Wed, Feb 07, 2024 at 01:19:27PM -0800, Abhijeet Rastogi wrote: > Hi HAproxy community, > > I see that Makefile > suggests that > pcre1 is a recommended version to use, is that still true or a comment that > got out of

Re: ACL and operator

On Sat, Feb 03, 2024 at 01:18:30PM +, Tristan wrote: > > > > On 3 Feb 2024, at 15:18, Willy Tarreau wrote: > > > > Quite honestly, we've though about it several times but you can't enforce > > such a change on 20 years of configs everywhere. > > That

Re: ACL and operator

On Sat, Feb 03, 2024 at 10:31:02AM +, Tristan wrote: > Hi Willy, > > > On 3 Feb 2024, at 12:48, Willy Tarreau wrote: > > > in fact we could check for > >> the presence of "and" or "or" on a line, or some other suspicious > >> cons

Re: ACL and operator

On Sat, Feb 03, 2024 at 09:10:42AM +0100, Willy Tarreau wrote: > On Fri, Feb 02, 2024 at 06:43:12PM +, Lukas Tribus wrote: > > On Fri, 2 Feb 2024 at 18:42, John Lauro wrote: > > > > > > Seems like a lint style checker that doesn't require AI. > >

Re: ACL and operator

On Fri, Feb 02, 2024 at 06:43:12PM +, Lukas Tribus wrote: > On Fri, 2 Feb 2024 at 18:42, John Lauro wrote: > > > > Seems like a lint style checker that doesn't require AI. > > For example, it could recognize that the / in /api isn't valid for > > req.hdr(host) > > [...] > > The _ in path_beg

Re: [PATCH] DOC: install: enable WOLFSSL_GETRANDOM

Hi Lukas! On Thu, Feb 01, 2024 at 02:52:10PM +, Lukas Tribus wrote: > On Thu, 1 Feb 2024 at 12:08, William Lallemand wrote: > > > > That's interesting, however I'm surprised the init does not work before the > > chroot, > > we are doing a RAND_bytes() with OpenSSL before the chroot to

Re: Optimizing HAProxy CPU usage for SSL

Hi Miles, On Thu, Feb 01, 2024 at 05:09:20PM +1100, Miles Hampson wrote: > Hi, > > We recently hit an issue where we observed the > haproxy_frontend_current_sessions reported by the prometheus endpoint > plateau at 4095 and some requests start dropping. Increasing the global and > listen maxconn

[ANNOUNCE] haproxy-2.9.4

ntry Thayne McCombs (1): DOC: configuration: clarify http-request wait-for-body Willy Tarreau (5): BUG/MEDIUM: mux-h2: refine connection vs stream error on headers MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc BUG/MINOR: jwt: fix jwt_verify c

Re: [PATCH] CLEANUP: log: deinitialization of the log buffer in one function

Hi Miroslav, On Tue, Jan 30, 2024 at 03:42:20AM +0100, Miroslav Zagorac wrote: > Hello all, > > In several places in the source, there was the same block of code that was > used to deinitialize the log buffer. There were even two functions that > did this, but they were called only from the

Re: [PATCH] DOC: configuration: clarify http-request wait-for-body

Hi Thayne, On Sun, Jan 28, 2024 at 10:07:32PM -0700, Thayne McCombs wrote: > Make it more explicit what happens in the various scenarios that cause > HAProxy to stop waiting when "http-request wait-for-body" is used. > > Also fix a couple of grammatical errors. > > Fixes: #2410 > Signed-Off-By:

  1   2   3   4   5   6   7   8   9   10   >