stable-bot: Bugfixes waiting for a release 2.3 (11), 2.2 (10)

[stable-bot]

Hi,

This is a friendly bot that watches fixes pending for the next haproxy-stable 
release!  One such e-mail is sent periodically once patches are waiting in the 
last maintenance branch, and an ideal release date is computed based on the 
severity of these fixes and their merge date.  Responses to this mail must be 
sent to the mailing list.


Last release 2.3.4 was issued on 2021-01-13.  There are currently 11 
patches in the queue cut down this way:
- 4 MEDIUM, first one merged on 2021-01-26
- 7 MINOR, first one merged on 2021-01-26

Thus the computed ideal release date for 2.3.5 would be 2021-02-23, which is in 
four weeks or less.

Last release 2.2.8 was issued on 2021-01-13.  There are currently 10 
patches in the queue cut down this way:
- 3 MEDIUM, first one merged on 2021-01-26
- 7 MINOR, first one merged on 2021-01-26

Thus the computed ideal release date for 2.2.9 would be 2021-02-23, which is in 
four weeks or less.

The current list of patches in the queue is:
 - 2.3   - MEDIUM  : tcpcheck: Don't destroy connection in 
the wake callback context
 - 2.2, 2.3  - MEDIUM  : stats: add missing INF_BUILD_INFO 
definition
 - 2.2, 2.3  - MEDIUM  : mux-h2: fix read0 handling on partial 
frames
 - 2.2, 2.3  - MEDIUM  : filters/htx: Fix data forwarding when 
payload length is unknown
 - 2.2, 2.3  - MINOR   : peers: Wrong "new_conn" value for 
"show peers" CLI command.
 - 2.2, 2.3  - MINOR   : init: Use a dynamic buffer to set 
HAPROXY_CFGFILES env variable
 - 2.2, 2.3  - MINOR   : mworker: define _GNU_SOURCE for 
strsignal()
 - 2.2, 2.3  - MINOR   : peers: Possible appctx pointer 
dereference.
 - 2.2, 2.3  - MINOR   : threads: Fixes the number of possible 
cpus report for Mac.
 - 2.2, 2.3  - MINOR   : dns: SRV records ignores duplicated AR 
records (v2)
 - 2.2, 2.3  - MINOR   : mux_h2: missing space between "st" and 
".flg" in the "show fd" helper

-- 
The haproxy stable-bot is freely provided by HAProxy Technologies to help 
improve the quality of each HAProxy release.  If you have any issue with these 
emails or if you want to suggest some improvements, please post them on the 
list so that the solutions suiting the most users can be found.

Re: HAProxy ratelimit based on bandwidth

[Aleksandar Lazic]

Hi.

On 26.01.21 05:54, Sangameshwar Babu wrote:
> Hello Team,
>
> I would like to get some suggestions on setting up ratelimit on HAProxy 1.8 
version,
> my current setup is as below.
>
> 1000+ rsyslog clients(TCP) -> HAProxy (TCP mode) -> backend centralized 
rsyslog server.
>
> I have the below stick table and acl's through which I am able to mark a 
source as
> "abuse" if the client crosses the limit post which all new connections from 
the
> same client are rejected until stick table timer expires.
>
> haproxy.cfg
> -
>  stick-table type ip size 200k expire 2m store 
gpc0,conn_rate(2s),bytes_in_rate(1s),bytes_in_cnt
>
>  acl data_rate_abuse  sc1_bytes_in_rate ge 100
>  acl data_size_abuse  sc1_kbytes_in ge 1
>
> tcp-request connection silent-drop if data_rate_abuse
>  tcp-request connection reject if data_size_abuse
>
> However I would like to configure in such a way that once a client sends about
> "x bytes" of data the connection should be closed instantly instead of 
marking it
> abuse and simultaneous connections being rejected.

+1
I have a similar issue and hope that we get suggestions to get a answer here.

> Kindly let me know if the above can be configured with HAProxy version 1.8.

I will need it for 2.2+

> BR
> Sangam

Regards
Aleks

Re: [PATCH 2/2] CI: Fix DEBUG_STRICT definition for Coverity

[Илья Шипицин]

Thank you!

On Tue, Jan 26, 2021, 11:24 PM Tim Duesterhus  wrote:

> The DEBUG_STRICT define needs to be passed as part of `DEBUG`, not as a
> bare
> parameter.
> ---
>  .github/workflows/coverity.yml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/.github/workflows/coverity.yml
> b/.github/workflows/coverity.yml
> index 4eae2197e..78d98bc8e 100644
> --- a/.github/workflows/coverity.yml
> +++ b/.github/workflows/coverity.yml
> @@ -17,7 +17,7 @@ jobs:
>COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
>COVERITY_SCAN_BRANCH_PATTERN: '*'
>COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
> -  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang
> DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1
> USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1
> WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1
> DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1
> 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
> +  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEBUG='-DDEBUG_STRICT=1
> -DDEBUG_USE_ABORT=1' TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1
> USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1
> WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1
> DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1
> 51DEGREES_SRC=contrib/51d/src/pattern"
>  steps:
>  - uses: actions/checkout@v2
>  - name: Install apt dependencies
> --
> 2.29.0
>
>

[PATCH 1/2] BUILD: Include stdlib.h in compiler.h if DEBUG_USE_ABORT is set

[Tim Duesterhus]

Building with `"DEBUG=-DDEBUG_STRICT=1 -DDEBUG_USE_ABORT=1"` previously emitted 
the warning:

In file included from include/haproxy/api.h:35:0,
 from src/mux_pt.c:13:
include/haproxy/buf.h: In function ‘br_init’:
include/haproxy/bug.h:42:90: warning: implicit declaration of function 
‘abort’ [-Wimplicit-function-declaration]
 #define ABORT_NOW() do { extern void ha_backtrace_to_stderr(); 
ha_backtrace_to_stderr(); abort(); } while (0)

  ^
include/haproxy/bug.h:56:21: note: in expansion of macro ‘ABORT_NOW’
 #define CRASH_NOW() ABORT_NOW()
 ^
include/haproxy/bug.h:68:4: note: in expansion of macro ‘CRASH_NOW’
CRASH_NOW();   \
^
include/haproxy/bug.h:62:35: note: in expansion of macro ‘__BUG_ON’
 #define _BUG_ON(cond, file, line) __BUG_ON(cond, file, line)
   ^
include/haproxy/bug.h:61:22: note: in expansion of macro ‘_BUG_ON’
 #define BUG_ON(cond) _BUG_ON(cond, __FILE__, __LINE__)
  ^
include/haproxy/buf.h:875:2: note: in expansion of macro ‘BUG_ON’
  BUG_ON(size < 2);
  ^

This patch fixes that issue. The `DEBUG_USE_ABORT` option exists for use with
static analysis tools. No backport needed.
---
 include/haproxy/compiler.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/haproxy/compiler.h b/include/haproxy/compiler.h
index fba6dc358..87012d27c 100644
--- a/include/haproxy/compiler.h
+++ b/include/haproxy/compiler.h
@@ -22,6 +22,9 @@
 #ifndef _HAPROXY_COMPILER_H
 #define _HAPROXY_COMPILER_H
 
+#ifdef DEBUG_USE_ABORT
+#include 
+#endif
 
 /*
  * Gcc before 3.0 needs [0] to declare a variable-size array
-- 
2.29.0

[PATCH 2/2] CI: Fix DEBUG_STRICT definition for Coverity

[Tim Duesterhus]

The DEBUG_STRICT define needs to be passed as part of `DEBUG`, not as a bare
parameter.
---
 .github/workflows/coverity.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 4eae2197e..78d98bc8e 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -17,7 +17,7 @@ jobs:
   COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
   COVERITY_SCAN_BRANCH_PATTERN: '*'
   COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
-  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT 
TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 
USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl 
USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 
51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEBUG='-DDEBUG_STRICT=1 
-DDEBUG_USE_ABORT=1' TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 
USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl 
WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas 
USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern"
 steps:
 - uses: actions/checkout@v2
 - name: Install apt dependencies
-- 
2.29.0

Bid Writing, Major Donors and Volunteering Workshops

[NFP Workshops]

NFP WORKSHOPS
Affordable Charity Training Courses

18 Blake Street, York YO1 8QG   01133 280988




Bid Writing: The Basics

ONLINE VIA ZOOM   COST £95.00

TOPICS COVERED

Do you know the most common reasons for rejection? Are you gathering the right 
evidence? Are you making the right arguments? Are you using the right 
terminology? Are your numbers right? Are you learning from rejections? Are you 
assembling the right documents? Do you know how to create a clear and concise 
standard funding bid?

Are you communicating with people or just excluding them? Do you know your own 
organisation well enough? Are you thinking through your projects carefully 
enough? Do you know enough about your competitors? Are you answering the 
questions funders will ask themselves about your application? Are you 
submitting applications correctly?

PARTICIPANTS  

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to submit grant funding 
applications to charitable grant making trusts and foundations. People who 
provide advice to these organisations are also welcome.
Bid Writing: Advanced

ONLINE VIA ZOOM   COST £95.00

 TOPICS COVERED

Are you applying to the right trusts? Are you applying to enough trusts? Are 
you asking for the right amount of money? Are you applying in the right ways? 
Are your projects the most fundable projects? 

Are you carrying out trust fundraising in a professional way? Are you 
delegating enough work? Are you highly productive or just very busy? Are you 
looking for trusts in all the right places? 

How do you compare with your competitors for funding? Is the rest of your 
fundraising hampering your bids to trusts? Do you understand what trusts are 
ideally looking for?

PARTICIPANTS  

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to submit grant funding 
applications to charitable grant making trusts and foundations. People who 
provide advice to these organisations are also welcome.
Dates & Booking Links
BID WRITING: THE BASICS
Mon 08 Feb 2021
10.00 to 12.30Booking Link
Mon 22 Feb 2021
10.00 to 12.30Booking Link
Mon 08 Mar 2021
10.00 to 12.30Booking Link
Mon 22 Mar 2021
10.00 to 12.30Booking Link
BID WRITING: ADVANCED
Tue 09 Feb 2021
10.00 to 12.30Booking Link
Tue 23 Feb 2021
10.00 to 12.30Booking Link
Tue 09 Mar 2021
10.00 to 12.30Booking Link
Tue 23 Mar 2021
10.00 to 12.30Booking Link



Recruiting and Managing Volunteers

 ONLINE VIA ZOOM COST £95

TOPICS COVERED

Where do you find volunteers? How do you find the right volunteers? How do you 
attract volunteers? How do you run volunteer recruitment events? How do you 
interview volunteers? How do you train volunteers? How do you motivate 
volunteers? How do you involve volunteers?

How do you recognise volunteer? How do you recognise problems with volunteers? 
How do you learn from volunteer problems? How do you retain volunteers? How do 
you manage volunteers? What about volunteers and your own staff? What about 
younger, older and employee volunteers?

PARTICIPANTS

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to recruit volunteers 
into their organisation and then manage those volunteers. People who provide 
advice to these organisations are also welcome.
Dates & Booking Links
Wed 10 Mar 2021
10.00 to 12.30Booking Link
Thu 13 May 2021
10.00 to 12.30Booking Link



Major Donor Fundraising
 
ONLINE VIA ZOOM   COST £95
   
TOPICS COVERED
 
 Major Donor Characteristics, Motivations and Requirements. Researching and 
Screening Major Donors. Encouraging, Involving and Retaining Major Donors. 
Building Relationships with Major Donors. Major Donor Events and Activities. 

 

Setting Up Major Donor Clubs.Asking For Major Gifts. Looking After and 
Reporting Back to Major Donors. Delivering on Major Donor Expectations. Showing 
Your Appreciation to Major Donors. Fundraising Budgets and Committees.

PARTICIPANTS
Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to carry out Major Donor 
Fundraising. People who provide advice to these organisations are also welcome.
Dates & Booking Links
Wed 10 Feb 2021
10.00 to 12.30Booking Link
Wed 14 Apr 2021
10.00 to 12.30Booking Link
Thu 10 Jun 2021
10.00 to 12.30Booking Link



FEEDBACK FROM PAST ATTENDEES AT LIVE WORKSHOPS 
I must say I was really impressed with the course and the content. My knowledge 
and confidence has increased hugely. I got a lot from your course and a lot of 
pointers! 
I can say after years of fundraising I learnt so much from your bid writing 
course. It was a very informative day and for someone who has not written bids 
before I am definitely more confident to get involved with them. 
I found the workshops very helpful. It is a 

Re: Inquiry

[Alexander Rossow]

Im currently using HAProxy as a http proxy infront of another http
superproxy. HAProxy is used for authentication and then changes the Proxy
credentials to those of the superproxy. However, we need to keep track of
the data usage for each user. Since the superproxy is not made from our
end, we cannot influence it at all and it ignores any "Connection: Close"
headers. Therefore if a client uses our proxy (haproxy) and the client does
not close the socket, the socket can stay open for multiple minutes. During
this time we will not be able to account for the usage as the usage is only
logged once the socket is closed. This then leads to the user being able to
use our service for a greatly longer duration that he/she is supposed to.
This is why theres 2 solutions I can think of.

Solution A)
A way that haproxy logs frequently during the entire socket duration so we
can then reload haproxy to close all sockets once a user runs out of data
to use.

Solution B)
A way to use LUA during the actual tunneling (after the HTTP tunnel is
established) so that we can reauthenticate users and log the usage
ourselves.

Am Di., 26. Jan. 2021 um 15:12 Uhr schrieb Jarno Huuskonen <
jarno.huusko...@uef.fi>:

> Hi,
>
> On Tue, 2021-01-26 at 14:32 +0100, Alexander Rossow wrote:
> > Hi there,
> > I would like to know if it is possible to update the logs while the
> socket
> > is open. Currently the logs are updated only after closing the socket,
> > which causes issues. We have already tried the http close and the https
> > close server options. Unfortunately without success
> > Thanks in advance
> >
>
> option logasap ?
> (
> https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-option%20logasap
> )
>
> -Jarno
>
> --
> Jarno Huuskonen
>


-- 

*———*


Besten Gruß


*Alexander Rossow*

Geschaeftsfuehrer

[image: https://puu.sh/Feu3s/404df21040.png]



*Rossow Industries GmbH*

Industriestr. 24

55543 Bad Kreuznach


*E.  *alexan...@rossow-industries.de


*W. *rossow-industries.de


Registergericht: Amtsgericht Bad Kreuznach - HRB 22112
USt-IdNr.: DE302235073
Geschäftsführer: Alexander Rossow

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

Re: Inquiry

[Jarno Huuskonen]

Hi,

On Tue, 2021-01-26 at 14:32 +0100, Alexander Rossow wrote:
> Hi there,
> I would like to know if it is possible to update the logs while the socket
> is open. Currently the logs are updated only after closing the socket,
> which causes issues. We have already tried the http close and the https
> close server options. Unfortunately without success
> Thanks in advance
> 

option logasap ?
(https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-option%20logasap)

-Jarno

-- 
Jarno Huuskonen

Inquiry

[Alexander Rossow]

Hi there,

I would like to know if it is possible to update the logs while the socket
is open. Currently the logs are updated only after closing the socket,
which causes issues. We have already tried the http close and the https
close server options. Unfortunately without success

Thanks in advance

-- 

*———*


Besten Gruß


*Alexander Rossow*

Geschaeftsfuehrer

[image: https://puu.sh/Feu3s/404df21040.png]



*Rossow Industries GmbH*

Industriestr. 24

55543 Bad Kreuznach


*E.  *alexan...@rossow-industries.de


*W. *rossow-industries.de


Registergericht: Amtsgericht Bad Kreuznach - HRB 22112
USt-IdNr.: DE302235073
Geschäftsführer: Alexander Rossow

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

Re: [PATCH v2 1/4] MEDIUM: stats: allow to select one field in `stats_fill_be_stats`

[Christopher Faulet]

Le 25/01/2021 à 17:29, William Dauchy a écrit :

prometheus approach requires to output all values for a given metric
name; meaning we iterate through all metrics, and then iterate in the
inner loop on all objects for this metric.
In order to allow more code reuse, adapt the stats API to be able to
select one field or fill them all otherwise.
This patch follows what has already been done on frontend side.
 From this patch it should be possible to remove most of the duplicate
code on prometheuse side for the backend

A few things to note though:
- status and uweight field requires prior compute, so I moved that to a
   sort of helper `stats_fill_be_stats_computesrv`.
- all ST_F*TIME fields requires some minor compute, so I moved it at te
   beginning of the function under a condition.

Signed-off-by: William Dauchy 
---


The series is merged now. Thanks William !

--
Christopher Faulet

Re: [PATCH] MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set.

[Christopher Faulet]

Le 25/01/2021 à 17:51, Tim Duesterhus a écrit :

Hopefully this helps static analysis tools detecting that the code after that
call is unreachable.

See GitHub Issue #1075.
---
  include/haproxy/compiler.h | 4 
  1 file changed, 4 insertions(+)

diff --git a/include/haproxy/compiler.h b/include/haproxy/compiler.h
index e5fae3e27..fba6dc358 100644
--- a/include/haproxy/compiler.h
+++ b/include/haproxy/compiler.h
@@ -66,11 +66,15 @@
   * above which can more aggressively detect null dereferences. The builtin
   * below was introduced in gcc 4.5, and before it we didn't care.
   */
+#ifdef DEBUG_USE_ABORT
+#define my_unreachable() abort()
+#else
  #if __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
  #define my_unreachable() __builtin_unreachable()
  #else
  #define my_unreachable()
  #endif
+#endif
  
  /* This macro may be used to block constant propagation that lets the compiler

   * detect a possible NULL dereference on a variable resulting from an explicit



Merged now, thanks !

--
Christopher Faulet

Re: [PATCH] DOC: Improve documentation of the various hdr() fetches

[Christopher Faulet]

Le 23/01/2021 à 17:50, Tim Duesterhus a écrit :

GitHub issue #796 notes that many administrators miss the fact that the `hdr()`
fetch (without the `f`) splits the header value at commas. This is only
mentioned at the end of a long paragraph.

This patch attempts to improve the documentation by:
- Explaning the "comma issue" as early as possible.
- Adding newlines to split the explanation into distinct sections.
- Reducing duplication by making the `res` siblings refer to their `req`
   counterparts.

This patch may be backported as long as it applies cleanly. During the
refactoring I needed to adjust several explanations for consistency and not all
of them might be available in older branches.
---


Merged now, thanks !

--
Christopher Faulet

Re: [PATCH] spelling fix

[Christopher Faulet]

Le 22/01/2021 à 22:13, Илья Шипицин a écrit :

Hello,

just one fix.

Ilya


Merged now, thanks !

--
Christopher Faulet

Re: [PATCH] MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set.

[Christopher Faulet]

Le 25/01/2021 à 22:04, Илья Шипицин a écrit :

there's another one not reported coverity finding in src/hlua.c

I tried to suppress it by adding DEFINE=-DDEBUG_USE_ABORT to coverity build 
(please notice BUG_ON(...) which is not recognized by coverity).

but I did something wrong and it did not help :)



The BUG_ON() macro is only defined with DEBUG_STRICT or DEBUG_STRICT_NOCRASH.

--
Christopher Faulet