Re: [ANNOUNCE] haproxy-1.7.1

[Willy Tarreau]

On Tue, Jan 03, 2017 at 06:21:18PM +0100, Lukas Tribus wrote:
> Hi Igor,
> 
> 
> Am 16.12.2016 um 12:52 schrieb Igor Pav:
> > Cool, even TLS 1.3 0 RTT feature requires no changes?
> 
> Nope, the early-data mode will require API changes:
> 
> https://github.com/openssl/openssl/issues/1541#issuecomment-269567480

Useful link, thanks Lukas. From what I'm seeing, it will cause the
same difficulties as dealing with TFO on the server side. We'll need
to think about some infrastructure changes in order to achieve this
because the difficulty is to be able to replay some data already sent.

Willy

Re: http reuse and proxy protocol

[Willy Tarreau]

On Tue, Jan 03, 2017 at 06:18:23PM +0100, Lukas Tribus wrote:
> Hi Arnall,
> 
> 
> Am 03.01.2017 um 16:15 schrieb Arnall:
> > 
> > Is it possible that with "http-reuse always" the yyy.yyy.yyy.yyy request
> > has used
> > the xxx.xxx.xxx.xxx connection between https and http frontend with proxy
> > protocol forwarding xxx.xxx.xxx.xxx instead of yyy.yyy.yyy.yyy ?
> > 
> 
> Yes, that's what http-reuse does.
> 
> Either use a HTTP header to transport the source IP to the backend or set
> http-reuse
> to never [1], because the proxy-protocol only sends information at the
> beginning (its
> like our old "tunnel" mode).

And by the way the purpose of the proxy protocol is mostly to pass IP
addresses for non-HTTP protocols (ie smtp or ssl). I think we should
emit a warning when a server has send-proxy in a backend configured
with http-reuse because I don't see any valid use case for this.

Willy

Re: [PR] Updating rpmbuild spec file Source0 directive

[Lukas Tribus]

Hello!


Am 03.01.2017 um 14:23 schrieb PR Bot:

Dear list!

Author: GitHub 
Number of patches: 1

This is an automated relay of the Github pull request:
Updating rpmbuild spec file Source0 directive

Patch title(s):
Updating rpmbuild spec file Source0 directive

Link:
https://github.com/haproxy/haproxy/pull/77

Edit locally:
wget https://github.com/haproxy/haproxy/pull/77.patch && vi 77.patch

Apply locally:
curl https://github.com/haproxy/haproxy/pull/77.patch | git am -

Description:


Instructions:
This github pull request will be closed automatically; patch should be
reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is
invited to comment, even the patch's author. Please keep the author and
list CCed in replies. Please note that in absence of any response this
pull request will be lost.



The bot detected the author as GitHub  because 
that's what the
committer was set to in the PR. Most likely the PR has been created 
directly on the

Githubs Webinterface.

I've applied a workaround for this issue and am CC'ing the author now
(Martin Lazarov ).


cheers,
lukas

Re: [ANNOUNCE] haproxy-1.7.1

[Lukas Tribus]

Hi Igor,


Am 16.12.2016 um 12:52 schrieb Igor Pav:

Cool, even TLS 1.3 0 RTT feature requires no changes?


Nope, the early-data mode will require API changes:

https://github.com/openssl/openssl/issues/1541#issuecomment-269567480


Lukas

Re: http reuse and proxy protocol

[Lukas Tribus]

Hi Arnall,


Am 03.01.2017 um 16:15 schrieb Arnall:


Is it possible that with "http-reuse always" the yyy.yyy.yyy.yyy 
request has used

the xxx.xxx.xxx.xxx connection between https and http frontend with proxy
protocol forwarding xxx.xxx.xxx.xxx instead of yyy.yyy.yyy.yyy ?



Yes, that's what http-reuse does.

Either use a HTTP header to transport the source IP to the backend or 
set http-reuse
to never [1], because the proxy-protocol only sends information at the 
beginning (its

like our old "tunnel" mode).


Lukas


[1] 
https://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-http-reuse

Re: [PATCH 2/4] BUILD: ssl: disable OCSP when using boringssl

[Igor Pav]

tried compile 1.7.1 with boringssl, but seems not work, error like below:

In file included from src/ssl_sock.c:87:0:
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_CERTID’
 static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const
OCSP_SINGLERESP *single)
 ^
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_SINGLERESP’
include/proto/openssl-compat.h: In function ‘OCSP_SINGLERESP_get0_id’:
include/proto/openssl-compat.h:109:15: error: request for member
‘certId’ in something not a structure or union
  return single->certId;
   ^
src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’:
src/ssl_sock.c:1070:4: warning: implicit declaration of function
‘ssl_sock_dump_errors’ [-Wimplicit-function-declaration]
ssl_sock_dump_errors(conn);
^
src/ssl_sock.c: In function ‘ssl_sock_do_create_cert’:
src/ssl_sock.c:1241:3: warning: implicit declaration of function
‘X509V3_EXT_conf’ [-Wimplicit-function-declaration]
   if (!(ext = X509V3_EXT_conf(NULL, , x509v3_ext_names[i],
x509v3_ext_values[i])))
   ^
src/ssl_sock.c:1241:13: warning: assignment makes pointer from integer
without a cast [enabled by default]
   if (!(ext = X509V3_EXT_conf(NULL, , x509v3_ext_names[i],
x509v3_ext_values[i])))
 ^
src/ssl_sock.c:1252:2: warning: implicit declaration of function
‘EVP_PKEY_base_id’ [-Wimplicit-function-declaration]
  key_type = EVP_PKEY_base_id(capkey);
  ^
src/ssl_sock.c:1264:3: warning: implicit declaration of function
‘EVP_PKEY_get_default_digest_nid’ [-Wimplicit-function-declaration]
   if (EVP_PKEY_get_default_digest_nid(capkey, ) <= 0)
   ^
src/ssl_sock.c: In function ‘ssl_sock_prepare_ctx’:
src/ssl_sock.c:2720:3: warning: implicit declaration of function
‘SSL_CTX_set_ssl_version’ [-Wimplicit-function-declaration]
   SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
   ^
src/ssl_sock.c:2786:46: error: ‘ssl_tlsext_ticket_key_cb’ undeclared
(first use in this function)
   if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
  ^
src/ssl_sock.c:2786:46: note: each undeclared identifier is reported
only once for each function it appears in
src/ssl_sock.c:2820:13: warning: assignment discards ‘const’ qualifier
from pointer target type [enabled by default]
  cipher = sk_SSL_CIPHER_value(ciphers, idx);
 ^
src/ssl_sock.c:2874:2: warning: passing argument 2 of
‘SSL_CTX_set_tlsext_servername_callback’ from incompatible pointer
type [enabled by default]
  SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
  ^
In file included from src/ssl_sock.c:43:0:
/build/boringssl/include/openssl/ssl.h:2357:20: note: expected ‘int
(*)(struct SSL *, int *, void *)’ but argument is of type ‘int
(*)(struct SSL *, int *, struct bind_conf *)’
 OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
^
src/ssl_sock.c: In function ‘ssl_sock_handshake’:
src/ssl_sock.c:3531:48: error: ‘SSL’ has no member named ‘packet_length’
  empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
^
src/ssl_sock.c:3609:46: error: ‘SSL’ has no member named ‘packet_length’
empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
  ^
make: *** [src/ssl_sock.o] Error 1

On Mon, Aug 18, 2014 at 6:56 AM, Lukas Tribus  wrote:
> Google's boringssl doesn't currently support OCSP, so
> disable it if detected.
>
> OCSP support may be reintroduced as per:
> https://code.google.com/p/chromium/issues/detail?id=398677
>
> In that case we can simply revert this commit.
>
> Signed-off-by: Lukas Tribus 
> ---
>  include/proto/ssl_sock.h | 2 +-
>  src/dumpstats.c  | 2 +-
>  src/ssl_sock.c   | 6 +++---
>  3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
> index 3e111cd..6362953 100644
> --- a/include/proto/ssl_sock.h
> +++ b/include/proto/ssl_sock.h
> @@ -54,7 +54,7 @@ char *ssl_sock_get_version(struct connection *conn);
>  int ssl_sock_get_cert_used(struct connection *conn);
>  int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk 
> *out);
>  unsigned int ssl_sock_get_verify_result(struct connection *conn);
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined 
> OPENSSL_IS_BORINGSSL)
>  int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
>  #endif
>
> diff --git a/src/dumpstats.c b/src/dumpstats.c
> index 5365042..3855e09 100644
> --- a/src/dumpstats.c
> +++ b/src/dumpstats.c
> @@ -1794,7 +1794,7 @@ static int stats_sock_parse_request(struct 
> stream_interface *si, char *line)
>  #ifdef USE_OPENSSL
> else if (strcmp(args[1], "ssl") == 0) {
> if (strcmp(args[2], "ocsp-response") == 0) {
> -#ifdef 

Shaoquan, your password was successfully reset

[LinkedIn Security]

Hi Shaoquan,

Youve successfully changed your LinkedIn password.

Thanks for using LinkedIn!
The LinkedIn Team



When and where this happened:
Date:January 3, 2017, 10:56 AM

Browser:Chrome

Operating System:Linux

Approximate Location:Bradenton, Florida, United States

Didn't do this? Be sure to change your password right away: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp7083-j8=uas-request-password-reset=AQHSHASBzF7Oqw=security_reset_password_notification



© 2017 LinkedIn Ireland Unlimited Company. LinkedIn, the LinkedIn logo, and 
InMail are registered trademarks of LinkedIn Corporation in the United States 
and/or other countries. All rights reserved.



This email was intended for Shaoquan Wang (Software expert at Alibaba.com). 
Learn why we included this: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp7083-j8=customerServiceUrl=AQHSHASBzF7Oqw=security_reset_password_notification=4788

If you need assistance or have questions, please contact LinkedIn Customer 
Service: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp7083-j8=customerServiceUrl=AQHSHASBzF7Oqw=security_reset_password_notification

LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company.
Registered in Ireland as a private unlimited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland

Shaoquan, here's the link to reset your password

[LinkedIn]

Hi Shaoquan,

Reset your password, and we'll get you on your way.

To change your LinkedIn password, copy and paste the following link into your 
browser:

https://www.linkedin.com/e/rpp/177509883/haproxy%40formilux%2Eorg/-6209380735880382374/?hs=true=1WpRYVun1rgTA1

This link will expire in 24 hours, so be sure to use it right away.

Thank you for using LinkedIn!

The LinkedIn Team





When and where this happened:
Date:  (GMT)

Browser: 

Operating System: 

Approximate Location: 

Didn't do this? Be sure to change your password right away: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp51vp-g4=uas-request-password-reset=AQHSHASBzF7Oqw=security_password_reset=5=security_footer=password_reset

.



This email was intended for Shaoquan Wang (Software expert at Alibaba.com).
Learn why we included this: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp51vp-g4=customerServiceUrl=AQHSHASBzF7Oqw=security_password_reset=4788

© LinkedIn. Mailing address: Room 817, 18F, Building 18, #1 DiSheng Bei Road, 
Bejing Yizhuang Development Area, China. LinkedIn and the LinkedIn logo are 
registered trademarks of LinkedIn.

Shaoquan, your password was successfully reset

[LinkedIn Security]

Hi Shaoquan,

Youve successfully changed your LinkedIn password.

Thanks for using LinkedIn!
The LinkedIn Team



When and where this happened:
Date:January 3, 2017, 3:54 PM (GMT)

Browser:Chrome

Operating System:Linux

Approximate Location:United States

Didn't do this? Be sure to change your password right away: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp3g71-l5=uas-request-password-reset=AQHSHASBzF7Oqw=security_reset_password_notification



© 2017 LinkedIn Ireland Unlimited Company. LinkedIn, the LinkedIn logo, and 
InMail are registered trademarks of LinkedIn Corporation in the United States 
and/or other countries. All rights reserved.



This email was intended for Shaoquan Wang (Software expert at Alibaba.com). 
Learn why we included this: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp3g71-l5=customerServiceUrl=AQHSHASBzF7Oqw=security_reset_password_notification=4788

If you need assistance or have questions, please contact LinkedIn Customer 
Service: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp3g71-l5=customerServiceUrl=AQHSHASBzF7Oqw=security_reset_password_notification

LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company.
Registered in Ireland as a private unlimited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland

Shaoquan, here's the link to reset your password

[LinkedIn]

Hi Shaoquan,

Reset your password, and we'll get you on your way.

To change your LinkedIn password, copy and paste the following link into your 
browser:

https://www.linkedin.com/e/rpp/177509883/haproxy%40formilux%2Eorg/-6209380735880382374/?hs=true=0qwQAU5SZqgTA1

This link will expire in 24 hours, so be sure to use it right away.

Thank you for using LinkedIn!

The LinkedIn Team





When and where this happened:
Date:  (GMT)

Browser: 

Operating System: 

Approximate Location: 

Didn't do this? Be sure to change your password right away: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp4683-un=uas-request-password-reset=AQHSHASBzF7Oqw=security_password_reset=5=security_footer=password_reset

.



This email was intended for Shaoquan Wang (Software expert at Alibaba.com).
Learn why we included this: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhp4683-un=customerServiceUrl=AQHSHASBzF7Oqw=security_password_reset=4788

© LinkedIn. Mailing address: Room 817, 18F, Building 18, #1 DiSheng Bei Road, 
Bejing Yizhuang Development Area, China. LinkedIn and the LinkedIn logo are 
registered trademarks of LinkedIn.

Shaoquan, here's the link to reset your password

[LinkedIn]

Hi Shaoquan,

Reset your password, and we'll get you on your way.

To change your LinkedIn password, copy and paste the following link into your 
browser:

https://www.linkedin.com/e/rpp/177509883/haproxy%40formilux%2Eorg/6168548574450292570/?hs=true=35YoFwjDNegTA1

This link will expire in 24 hours, so be sure to use it right away.

Thank you for using LinkedIn!

The LinkedIn Team





When and where this happened:
Date:  (GMT)

Browser: 

Operating System: 

Approximate Location: 

Didn't do this? Be sure to change your password right away: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhoo79s-mn=uas-request-password-reset=AQHSHASBzF7Oqw=security_password_reset=5=security_footer=password_reset

.



This email was intended for Shaoquan Wang (Software expert at Alibaba.com).
Learn why we included this: 
https://www.linkedin.com/e/v2?e=2xoni3-ixhoo79s-mn=customerServiceUrl=AQHSHASBzF7Oqw=security_password_reset=4788

© LinkedIn. Mailing address: Room 817, 18F, Building 18, #1 DiSheng Bei Road, 
Bejing Yizhuang Development Area, China. LinkedIn and the LinkedIn logo are 
registered trademarks of LinkedIn.

http reuse and proxy protocol

[Arnall]

Hi everyone,

recently we have separated https and http frontend in order to scale well.

we are using a nbproc > 1 configuration for ssl offloading :

listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3

../..
server web_plain u...@plain.sock send-proxy-v2-ssl

frontend web_plain
bind*:80 process 1
bind u...@plain.sock process 1 accept-proxy

I have forgotten that in default section i had this :

http-reuse always

Today a user tells us that he had access for one moment to debug tools 
of the site. Debug tools are IP protected (bad thing i know but that's 
another story ... )


I've searched the log and found this :

11:54:39 lb1 haproxy[123274]: xxx.xxx.xxx.xxx:51139 
[03/Jan/2017:11:54:39.080] web_plain forums_connected/proxy12 
180/0/0/180/360 200 34197 - \-  1965/1963/9/4/0 0/0 
{Mozilla/5.0_(X11;_Linux_x86_64;_rv:50.0)_Gecko/20100101_Firefox/50.0|FR} 
"GET /forums/xxx.htm HTTP/1.1"
11:54:39 lb1 haproxy[123278]: yyy.yyy.yyy.yyy:38878 
[03/Jan/2017:11:54:39.218] web_tls~ web_tls/web_plain 42/0/0/180/222 200 
34192 - \-  91/91/1/2/0 0/0 "GET /forums/xxx.htm HTTP/1.1"


At the same time i have :

11:54:39 lb1 haproxy[123274]: xxx.xxx.xxx.xxx:51139 
[03/Jan/2017:11:54:39.440] web_plain nocache_connected/jv-proxy12 
6/0/0/3/9 400 452 - \-  1965/1963/2/2/0 0/0 
{|like_Gecko)_Version/4.0_Chrome/55.0.2883.91_Mobile_Safari/537.36|FR} 
"GET /favicon.ico HTTP/1.1"
11:54:39 lb1 haproxy[123274]: xxx.xxx.xxx.xxx:51139 
[03/Jan/2017:11:54:39.450] web_plain cache1/jv-proxy10 26/0/0/13/39 200 
1482 - \-  1958/1958/4/4/0 0/0 {||FR} "GET /whatever_url HTTP/1.1"


It seems that the user has made a https request with the IP 
yyy.yyy.yyy.yyy, but when the request is forwarded to web_plain frontend 
the IP is now xxx.xxx.xxx.xxx ! and thus has access to debug tools 
because xxx.xxx.xxx.xxx has access. The user has provided us screenshot 
and the IP in the screenshot IS xxx.xxx.xxx.xxx


Is it possible that with "http-reuse always" the yyy.yyy.yyy.yyy request 
has used the xxx.xxx.xxx.xxx connection between https and http frontend 
with proxy protocol forwarding xxx.xxx.xxx.xxx instead of yyy.yyy.yyy.yyy ?


I hope this is it, i have to be sure :)
Thnks !

[PR] Updating rpmbuild spec file Source0 directive

[PR Bot]

Dear list!

Author: GitHub 
Number of patches: 1

This is an automated relay of the Github pull request:
   Updating rpmbuild spec file Source0 directive

Patch title(s): 
   Updating rpmbuild spec file Source0 directive

Link:
   https://github.com/haproxy/haproxy/pull/77

Edit locally:
   wget https://github.com/haproxy/haproxy/pull/77.patch && vi 77.patch

Apply locally:
   curl https://github.com/haproxy/haproxy/pull/77.patch | git am -

Description:


Instructions:
   This github pull request will be closed automatically; patch should be
   reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is
   invited to comment, even the patch's author. Please keep the author and
   list CCed in replies. Please note that in absence of any response this
   pull request will be lost.

Re: [PATCH] MEDIUM/RFC: Implement time-based server latency metrics

[Krishna Kumar (Engineering)]

Hi Willy,

Sorry for the late response as I was out during the year end, and thanks
once again for your review comments.

I explored your suggestion of "hard-coded periods", and have some
problems: code complexity seems to be very high at updates (as well
as retrievals possibly); and I may not be able to get accurate results.
E.g. I have data for 1, 4, 16 seconds; and at 18 seconds, a request is
made for retrieval of the last 16 seconds (or 1,4,16). At this time I have
values for last 18 seconds not 16 seconds. I explored using timers to
cascade (will not work as it may run into races with the setters, and
also adds too much overhead) vs doing this synchronously when the
event happens. Both are complicated and have the above issue of not
able to get accurate information depending on when the request is
made.

To implement your suggestion of say histograms, the retrieval code can
calculate the 4 values (1, 4, 16, and 64 seconds) by averaging across
the correct intervals. In this case, the new CLI command is not required,
and by default it prints all 4 values. Would this work in your opinion?

Ack all your other suggestions, will incorporate those changes and
re-send. Please let me know if this sounds reasonable.

Thanks,
- Krishna


On Thu, Dec 22, 2016 at 4:23 PM, Willy Tarreau  wrote:

> Hi Krishna,
>
> On Thu, Dec 22, 2016 at 09:41:49AM +0530, Krishna Kumar (Engineering)
> wrote:
> > We have found that the current mechanism of qtime, ctime, rtime, and
> ttime
> > based on last 1024 requests is not the most suitable to debug/visualize
> > latency issues with servers, especially if they happen to last a very
> short
> > time. For live dashboards showing server timings, we found an additional
> > last-'n' seconds metrics useful. The logs could also be parsed to derive
> > these
> > values, but suffers from delays at high volume, requiring higher
> processing
> > power and enabling logs.
> >
> > The 'last-n' seconds metrics per server/backend can be configured as
> follows
> > in the HAProxy configuration file:
> > backend backend-1
> > stats-period 32
> > ...
> >
> > To retrieve these stats at the CLI (in addition to existing metrics),
> run:
> > echo show stat-duration time 3 | socat /var/run/admin.sock stdio
> >
> > These are also available on the GUI.
> >
> > The justification for this patch are:
> > 1. Allows to capture spikes for a server during a short period. This
> helps
> >having dashboards that show server response times every few seconds
> (e.g.
> >every 1 second), so as to be able to chart it across timelines.
> > 2. Be able to get an average across different time intervals, e.g.  the
> >configuration file may specify to save the last 32 seconds, but the
> cli
> >interface can request for average across any interval upto 32 seconds.
> > E.g.
> >the following command prints the existing metrics appended by the time
> >based ones for the last 1 second:
> > echo show stat-duration time 1 | socat /var/run/admin.sock stdio
> >Running the following existing command appends the time-based metric
> > values
> >based on the time period configured in the configuration file per
> >backend/server:
> > echo show stat | socat /var/run/admin.sock stdio
> > 3. Option per backend for configuring the server stat's time interval,
> and.
> >no API breakage to stats (new metrics are added at end of line).
> >
> > Please review, any feedback on the code/usability/extensibility is very
> much
> > appreciated.
>
> First, thanks for this work. I'm having several concerns and comments
> however
> about it.
>
> The first one is that the amount of storage is overkill if the output can
> only emit an average over a few periods. I mean, the purpose of stats is
> to emit what we know internally. Some people might want to see historgrams,
> and while we have everything internally with your patch, it's not possible
> to produce them.
>
> For this reason I think we should proceed differently and always emit these
> stats over a few hard-coded periods. You proved that they don't take that
> much space, and I think it would make sense probably to emit them over a
> small series of power of 4 seconds : 1s, 4s, 16s, 64s. That's quite cheap
> to store and easy to compute because it's not needed anymore to store all
> individual values, you can cascade them while filling a bucket.
>
> And if you go down that route then there's no need anymore for adding yet
> another setting in the configuration, it will be done by default. Another
> point regarding this setting "stats-period" is that you currently do not
> support the "defaults" section while I guess almost all users will want to
> have it there. That's another reason for keeping it hard-coded.
>
> Now some general comments and guidance on the code itself :
>
> > diff --git a/include/proto/stats.h b/include/proto/stats.h
> > index ac893b8..f33ceb1 100644
> > --- a/include/proto/stats.h
> > +++ b/include/proto/stats.h
> > @@ -95,7 

Re: Select All for Backends on Stats Dashboard

[David Harrigan]

Hi,

Apologies, it was a bad patch. Here's the fixed up one.

-=david=-

On 3 January 2017 at 08:50, David Harrigan  wrote:

> Hi Willy,
>
> Please find the attached patch file for backporting to v1.7.0. I hope this
> is okay.
>
> Please do let me know if I can do anything else.
>
> -=david=-
>
> On 2 January 2017 at 15:57, Willy Tarreau  wrote:
>
>> On Mon, Jan 02, 2017 at 02:58:15PM +, David Harrigan wrote:
>> > Hi Willy,
>> >
>> > As requested, attached :-)
>>
>> Much better, applied now. Thanks!
>> Willy
>>
>
>
>
> --
> I prefer encrypted and signed messages.
> Fingerprint: 110A F423 3647 54E2 880F ADAD 1C52 85BF B20A 22F9
>
> No trees were harmed in the sending of this message, however, a number of
> electrons were inconvenienced.
>



-- 
I prefer encrypted and signed messages.
Fingerprint: 110A F423 3647 54E2 880F ADAD 1C52 85BF B20A 22F9

No trees were harmed in the sending of this message, however, a number of
electrons were inconvenienced.
From d96beae4cfedd99017458982a24caa02aa091f2d Mon Sep 17 00:00:00 2001
From: David Harrigan 
Date: Tue, 3 Jan 2017 08:59:50 +
Subject: [PATCH] MINOR: stats: Support "select all" for backend actions

Allow the user to quickly select all servers within a group before invoking an
action.
---
 src/stats.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/stats.c b/src/stats.c
index 497aa477..d5fcec82 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -636,7 +636,8 @@ static int stats_dump_fields_html(struct chunk *out, const struct field *stats,
 
 		if (flags & ST_SHOWADMIN)
 			chunk_appendf(out,
-			  "",
+			  "",
+			  field_str(stats, ST_F_PXNAME),
 			  field_str(stats, ST_F_SVNAME));
 
 		chunk_appendf(out,
@@ -1642,7 +1643,12 @@ static void stats_dump_html_px_hdr(struct stream_interface *si, struct proxy *px
 
 	if ((px->cap & PR_CAP_BE) && px->srv && (appctx->ctx.stats.flags & STAT_ADMIN)) {
 		/* Column heading for Enable or Disable server */
-		chunk_appendf(, "");
+chunk_appendf(,
+"",
+px->id,
+px->id);
 	}
 
 	chunk_appendf(,
-- 
2.11.0

Re: Select All for Backends on Stats Dashboard

[David Harrigan]

Hi Willy,

Please find the attached patch file for backporting to v1.7.0. I hope this
is okay.

Please do let me know if I can do anything else.

-=david=-

On 2 January 2017 at 15:57, Willy Tarreau  wrote:

> On Mon, Jan 02, 2017 at 02:58:15PM +, David Harrigan wrote:
> > Hi Willy,
> >
> > As requested, attached :-)
>
> Much better, applied now. Thanks!
> Willy
>



-- 
I prefer encrypted and signed messages.
Fingerprint: 110A F423 3647 54E2 880F ADAD 1C52 85BF B20A 22F9

No trees were harmed in the sending of this message, however, a number of
electrons were inconvenienced.
From 7c99a4b97d62e23f6a01a3dc5577028c2cd45f71 Mon Sep 17 00:00:00 2001
From: David Harrigan 
Date: Tue, 3 Jan 2017 08:47:20 +
Subject: [PATCH] MINOR: stats: Support "select all" for backend actions

Allow the user to quickly select all servers within a group before invoking an
action.
---
 src/stats.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/stats.c b/src/stats.c
index 497aa477..14427445 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -636,7 +636,8 @@ static int stats_dump_fields_html(struct chunk *out, const struct field *stats,
 
 		if (flags & ST_SHOWADMIN)
 			chunk_appendf(out,
-			  "",
+			  "",
+			  field_str(stats, ST_F_SVNAME),;
 			  field_str(stats, ST_F_SVNAME));
 
 		chunk_appendf(out,
@@ -1642,7 +1643,12 @@ static void stats_dump_html_px_hdr(struct stream_interface *si, struct proxy *px
 
 	if ((px->cap & PR_CAP_BE) && px->srv && (appctx->ctx.stats.flags & STAT_ADMIN)) {
 		/* Column heading for Enable or Disable server */
-		chunk_appendf(, "");
+chunk_appendf(,
+"",
+px->id,
+px->id);
 	}
 
 	chunk_appendf(,
-- 
2.11.0