[PATCH] 3rd round of documentation typo fixes

[Илья Шипицин]

Hello,

I attached a patch based on documentation spelcheck.

Cheers,
Ilya Shipitcin
From ad38d6c0819df867524338a55ac51b3ed8e510be Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Fri, 6 Mar 2020 23:22:22 +0500
Subject: [PATCH] DOC: assorted typo fixes in the documentation

This is the third round of cleanups in various docs
---
 BRANCHES|  2 +-
 doc/design-thoughts/entities-v2.txt |  2 +-
 doc/design-thoughts/http2.txt   |  4 +--
 doc/internals/buffer-api.txt|  2 +-
 doc/internals/entities-v2.txt   |  2 +-
 doc/internals/entities.txt  | 16 +--
 doc/internals/filters.txt   | 16 +--
 doc/internals/htx-api.txt   | 10 +++
 doc/internals/notes-layers.txt  |  6 ++--
 doc/lua-api/index.rst   | 44 ++---
 doc/lua.txt |  4 +--
 11 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/BRANCHES b/BRANCHES
index 521c0ee1f..6cb275c94 100644
--- a/BRANCHES
+++ b/BRANCHES
@@ -191,7 +191,7 @@ Thus the release cycle from 1.8 to 2.2 should look like this:
  `---+---+---+-+---+---+---+--> 1.8 LTS
 
 In short the non-LTS odd releases can be seen as technological previews of the
-next feature release, and will be terminated much ealier. The plan is to barely
+next feature release, and will be terminated much earlier. The plan is to barely
 let them overlap with the next non-LTS release, allowing advanced users to
 always have the choice between the last two major releases.
 
diff --git a/doc/design-thoughts/entities-v2.txt b/doc/design-thoughts/entities-v2.txt
index 905888e22..91c4fa97e 100644
--- a/doc/design-thoughts/entities-v2.txt
+++ b/doc/design-thoughts/entities-v2.txt
@@ -119,7 +119,7 @@ Identified handshake handlers for incoming connections :
   - HH_ACCEPT_PROXY (waits for PROXY line and parses it)
   - HH_TCP_RULES (processes TCP rules)
   - HH_SSL_HS (starts SSL handshake)
-  - HH_ACCEPT_SESSION (instanciates a session)
+  - HH_ACCEPT_SESSION (instantiates a session)
 
 Identified handshake handlers for outgoing connections :
   - HH_SEND_PROXY (tries to build and send the PROXY line)
diff --git a/doc/design-thoughts/http2.txt b/doc/design-thoughts/http2.txt
index 20a5c54c4..c21ac108a 100644
--- a/doc/design-thoughts/http2.txt
+++ b/doc/design-thoughts/http2.txt
@@ -97,7 +97,7 @@
   before the connection timeout so that an unused connection is verified before
   being killed. Abnormal requests must be dealt with using RST_STREAM.
 
-- ALPN : ALPN must be observed onthe client side, and transmitted to the server
+- ALPN : ALPN must be observed on the client side, and transmitted to the server
   side.
 
 - proxy protocol : proxy protocol makes little to no sense in a multiplexed
@@ -134,7 +134,7 @@
   to H2 behind. This can cause some trouble when passing H2 requests to H1
   proxies, because there's no way to know if the request should contain scheme
   and authority in H1 or not based on the H2 request. Thus a "proxy" option
-  will have to be explicitly mentionned on HTTP/1 server lines. One of the
+  will have to be explicitly mentioned on HTTP/1 server lines. One of the
   problem that it creates is that it's not longer possible to pass H/1 requests
   to H/1 proxies without an explicit configuration. Maybe a table of the
   various combinations is needed.
diff --git a/doc/internals/buffer-api.txt b/doc/internals/buffer-api.txt
index 6d192c19d..14a1ac77f 100644
--- a/doc/internals/buffer-api.txt
+++ b/doc/internals/buffer-api.txt
@@ -630,7 +630,7 @@ but fail.
<--> <-->
 oi
 
-There is this correspondance between old and new fields (some will involve a
+There is this correspondence between old and new fields (some will involve a
 knowledge of a channel when the output byte count is required) :
 
  Old| New
diff --git a/doc/internals/entities-v2.txt b/doc/internals/entities-v2.txt
index 38d633d20..86782c34d 100644
--- a/doc/internals/entities-v2.txt
+++ b/doc/internals/entities-v2.txt
@@ -116,7 +116,7 @@ Identified handshake handlers for incoming connections :
   - HH_ACCEPT_PROXY (waits for PROXY line and parses it)
   - HH_TCP_RULES (processes TCP rules)
   - HH_SSL_HS (starts SSL handshake)
-  - HH_ACCEPT_SESSION (instanciates a session)
+  - HH_ACCEPT_SESSION (instantiates a session)
 
 Identified handshake handlers for outgoing connections :
   - HH_SEND_PROXY (tries to build and send the PROXY line)
diff --git a/doc/internals/entities.txt b/doc/internals/entities.txt
index d384395f1..cdde82e34 100644
--- a/doc/internals/entities.txt
+++ b/doc/internals/entities.txt
@@ -9,7 +9,7 @@ Listener
 
 A listener is the entity which is part of a frontend and which accepts
 connections. There are as many listeners as there are ip:port couples.
-There is at least one listener instanciated for each "bind" entry, and
+There 

Re: Segfault on 2.1.3

[Sean Reifschneider]

Here's what the stack traces look like, they all seem to be showing
"pattern_exec_match" and "epool_wait":

   PID: 14348 (haproxy)
   UID: 0 (root)
   GID: 0 (root)
Signal: 11 (SEGV)
 Timestamp: Thu 2020-03-05 19:59:05 MST (14h ago)
  Command Line: /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -S /run/haproxy-master.sock
Executable: /usr/sbin/haproxy
 Control Group: /system.slice/haproxy.service
  Unit: haproxy.service
 Slice: system.slice
   Boot ID: 847e3549533c4b9b970c6ec86776621d
Machine ID: 90c4e8de95634bd898f918ea24b07374
  Hostname: fw1
   Storage:
/var/lib/systemd/coredump/core.haproxy.0.847e3549533c4b9b970c6ec86776621d.14348.158346354500.lz4
   Message: Process 14348 (haproxy) of user 0 dumped core.

Stack trace of thread 14349:
#0  0x564a9deaed08 pattern_exec_match (haproxy)
#1  0x564a9dee8eda acl_exec_cond (haproxy)
#2  0x564a9ded9848 tcp_exec_l4_rules (haproxy)
#3  0x564a9decfe24 session_accept_fd (haproxy)
#4  0x564a9debab44 n/a (haproxy)
#5  0x564a9dedc88e process_runnable_tasks (haproxy)
#6  0x564a9de87dd2 n/a (haproxy)
#7  0x7f0f0de6a6db start_thread (libpthread.so.0)
#8  0x7f0f0c8de88f __clone (libc.so.6)

Stack trace of thread 14348:
#0  0x7f0f0c8debb7 epoll_wait (libc.so.6)
#1  0x564a9dda7cef n/a (haproxy)
#2  0x564a9de87dbf n/a (haproxy)
#3  0x564a9dda5a4e main (haproxy)
#4  0x7f0f0c7deb97 __libc_start_main (libc.so.6)
#5  0x564a9dda672a _start (haproxy)

I have a bunch of ACLs to select the backend based on the host header, like:

acl sitedown_stg_acl hdr(host)  -m reg -i ^sitedown.example.com
use_backend sitedown_stg if sitedown_stg_acl

I'm not seeing anything particularly weird about those, the most
complicated is probably:

acl aerial_acl hdr(host)  -m reg -i ^aerial[1-4].(dev|stg).example.com
use_backend aerial if aerial_acl

Thoughts?

On Wed, Mar 4, 2020 at 1:56 PM Vincent Bernat  wrote:

>  ❦  4 mars 2020 13:19 -07, Sean Reifschneider :
>
> > I've upgraded back to 2.1, and installed the systemd-coredump, I'll
> update
> > when I have additional information.  I wasn't able to find a -dbgsym
> > package, I even looked in the debian pool directory for the PPA.  We're
> > talking like a haproxy-dbgsym package, right?  Or am I missing
> > something?
>
> Sorry, I forgot to enable this option for 2.1 PPA. You should still be
> able to get tracebacks without the dbgsym package (with "coredumpctl
> info XXX").
> --
> Indent to show the logical structure of a program.
> - The Elements of Programming Style (Kernighan & Plauger)
>

[PATCH] MINOR: ssl: skip self issued CA in cert chain for ssl_ctx

[Emmanuel Hocdet]

Hi,


Patch proposal.
I will update the documentation if this feature is approved.

++
Manu



0001-MINOR-ssl-skip-self-issued-CA-in-cert-chain-for-ssl_.patch
Description: Binary data

[PATCH 3/3] MEDIUM: proxy_protocol: Support sending unique IDs using PPv2

[Tim Duesterhus]

Willy,

this patch adds the sending of generated unique IDs using PROXYv2. I'm not
sure whether the way I made the stream available in the proxy line sending
is acceptable. There's also a `BUG_ON` left in the patch, because I wasn't
sure if I should grab the session from the stream or from the connection.

I added a reg-test that verifies the current behavior. It's based on HTTP
mode, even if that is not the primary purpose of the unique ID feature.
The documentation update acknowledges that sending unique IDs in PROXYv2
might lead to unexpected results, but it generally works and does not crash
anything.

Best regards
Tim Düsterhus

Apply with `git am --scissors` to automatically cut the commit message.

-- >8 --
This patch adds the `unique-id` option to `proxy-v2-options`. If this
option is set a unique ID will be generated based on the `unique-id-format`
while sending the proxy protocol v2 header and stored as the unique id for
the first stream of the connection.

This feature is meant to be used in `tcp` mode. It works on HTTP mode, but
might result in inconsistent unique IDs for the first request on a keep-alive
connection, because the unique ID for the first stream is generated earlier
than the others.

Now that we can send unique IDs in `tcp` mode the `%ID` log variable is made
available in TCP mode.
---
 doc/configuration.txt | 24 +++
 include/proto/connection.h|  4 +-
 include/types/server.h|  1 +
 .../proxy_protocol_send_unique_id.vtc | 42 +++
 src/connection.c  | 20 +++--
 src/log.c |  2 +-
 src/server.c  |  2 +
 src/stream_interface.c| 10 +++--
 8 files changed, 89 insertions(+), 16 deletions(-)
 create mode 100644 reg-tests/connection/proxy_protocol_send_unique_id.vtc

diff --git a/doc/configuration.txt b/doc/configuration.txt
index a078942bb..d781aba40 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12651,13 +12651,23 @@ send-proxy-v2
   this section and send-proxy" option of the "bind" keyword.
 
 proxy-v2-options [,]*
-  The "proxy-v2-options" parameter add option to send in PROXY protocol version
-  2 when "send-proxy-v2" is used. Options available are "ssl" (see also
-  send-proxy-v2-ssl), "cert-cn" (see also "send-proxy-v2-ssl-cn"), 
"ssl-cipher":
-  name of the used cipher, "cert-sig": signature algorithm of the used
-  certificate, "cert-key": key algorithm of the used certificate), "authority":
-  host name value passed by the client (only sni from a tls connection is
-  supported), "crc32c": checksum of the proxy protocol v2 header.
+  The "proxy-v2-options" parameter add options to send in PROXY protocol
+  version 2 when "send-proxy-v2" is used. Options available are:
+
+  - ssl   : See also "send-proxy-v2-ssl".
+  - cert-cn   : See also "send-proxy-v2-ssl-cn".
+  - ssl-cipher: Name of the used cipher.
+  - cert-sig  : Signature algorithm of the used certificate.
+  - cert-key  : Key algorithm of the used certificate
+  - authority : Host name value passed by the client (only SNI from a TLS
+connection is supported).
+  - crc32c: Checksum of the PROXYv2 header.
+  - unique-id : Send a unique ID generated using the frontend's
+"unique-id-format" within the PROXYv2 header.
+This unique-id is primarily meant for "mode tcp". It can
+lead to unexpected results in "mode http", because the
+generated unique ID is also used for the first HTTP request
+within a Keep-Alive connection.
 
 send-proxy-v2-ssl
   The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version
diff --git a/include/proto/connection.h b/include/proto/connection.h
index 9b8eb8ad3..ecc03de8a 100644
--- a/include/proto/connection.h
+++ b/include/proto/connection.h
@@ -47,9 +47,9 @@ int conn_fd_check(struct connection *conn);
 
 /* receive a PROXY protocol header over a connection */
 int conn_recv_proxy(struct connection *conn, int flag);
-int make_proxy_line(char *buf, int buf_len, struct server *srv, struct 
connection *remote);
+int make_proxy_line(char *buf, int buf_len, struct server *srv, struct 
connection *remote, struct stream *strm);
 int make_proxy_line_v1(char *buf, int buf_len, struct sockaddr_storage *src, 
struct sockaddr_storage *dst);
-int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct 
connection *remote);
+int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct 
connection *remote, struct stream *strm);
 
 int conn_subscribe(struct connection *conn, void *xprt_ctx, int event_type, 
struct wait_event *es);
 int conn_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, 
struct wait_event *es);
diff --git a/include/types/server.h b/include/types/server.h
index 598dfe6d8..0f3052ee5 100644
--- 

[PATCH 1/3] DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID

[Tim Duesterhus]

Willy,

this one should be fairly obvious: It reserves TLV type 0x05 to contain
a unique ID within the PROXYv2 definition and also defines the type within
HAProxy source code.

Best regards
Tim Düsterhus

Apply with `git am --scissors` to automatically cut the commit message.

-- >8 --
This reserves and defines TLV type 0x05.
---
 doc/proxy-protocol.txt | 20 
 include/types/connection.h |  1 +
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
index 26f86a345..fc1ca4a04 100644
--- a/doc/proxy-protocol.txt
+++ b/doc/proxy-protocol.txt
@@ -1,4 +1,4 @@
-2017/03/10Willy Tarreau
+2020/03/05Willy Tarreau
HAProxy Technologies
The PROXY protocol
  Versions 1 & 2
@@ -27,6 +27,7 @@ Revision history
 reserved TLV type ranges, added TLV documentation, clarified
 string encoding. With contributions from Andriy Palamarchuk
 (Amazon.com).
+   2020/03/05 - added the unique ID TLV type (Tim Düsterhus)
 
 
 1. Background
@@ -538,6 +539,7 @@ The following types have already been registered for the 
 field :
 #define PP2_TYPE_AUTHORITY  0x02
 #define PP2_TYPE_CRC32C 0x03
 #define PP2_TYPE_NOOP   0x04
+#define PP2_TYPE_UNIQUE_ID  0x05
 #define PP2_TYPE_SSL0x20
 #define PP2_SUBTYPE_SSL_VERSION 0x21
 #define PP2_SUBTYPE_SSL_CN  0x22
@@ -602,7 +604,17 @@ bytes. Can be used for data padding or alignment. Note 
that it can be used
 to align only by 3 or more bytes because a TLV can not be smaller than that.
 
 
-2.2.5. The PP2_TYPE_SSL type and subtypes
+2.2.5. PP2_TYPE_UNIQUE_ID
+
+The value of the type PP2_TYPE_UNIQUE_ID is an opaque byte sequence of up to
+128 bytes generated by the upstream proxy that uniquely identifies the
+connection.
+
+The unique ID can be used to easily correlate connections across multiple
+layers of proxies, without needing to look up IP addresses and port numbers.
+
+
+2.2.6. The PP2_TYPE_SSL type and subtypes
 
 For the type PP2_TYPE_SSL, the value is itself a defined like this :
 
@@ -654,13 +666,13 @@ In all cases, the string representation (in UTF8) of the 
Common Name field
 using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. "example.com".
 
 
-2.2.6. The PP2_TYPE_NETNS type
+2.2.7. The PP2_TYPE_NETNS type
 
 The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation
 of the namespace's name.
 
 
-2.2.7. Reserved type ranges
+2.2.8. Reserved type ranges
 
 The following range of 16 type values is reserved for application-specific
 data and will be never used by the PROXY Protocol. If you need more values
diff --git a/include/types/connection.h b/include/types/connection.h
index bfd6547ee..0c2d960b9 100644
--- a/include/types/connection.h
+++ b/include/types/connection.h
@@ -558,6 +558,7 @@ struct proxy_hdr_v2 {
 #define PP2_TYPE_AUTHORITY  0x02
 #define PP2_TYPE_CRC32C 0x03
 #define PP2_TYPE_NOOP   0x04
+#define PP2_TYPE_UNIQUE_ID  0x05
 #define PP2_TYPE_SSL0x20
 #define PP2_SUBTYPE_SSL_VERSION 0x21
 #define PP2_SUBTYPE_SSL_CN  0x22
-- 
2.25.1

[PATCH 2/3] MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections

[Tim Duesterhus]

Willy,

while my primary motivation of this series is to *send* the unique ID,
instead of *receiving* it the patch to receive it comes first, because
it's super straight forward. I could basically copy the implementation
for the authority TLV.

For the whole unique ID processing I've used the new `ist` helpers, it
might make sense to update the authority processing to make use of ist
in a future CLEANUP patch.

I've added the new `struct connection` member at the end. Please check
whether you think that is the appropriate place for it or if it should
be moved somewhere else because of holes or caches.

I've also added a reg-test that verifies that pulling unique IDs works
properly. My first attempt was to use a LOCAL connection, because then
I would not need to send IP addresses in HEX encoding, however HAProxy
does not appear to read TLVs in LOCAL mode. I've attempted to find out
whether TLVs are supported for LOCAL mode or not in the proxy-protocol
specification, but it was not terribly clear. Supporting unique IDs in
LOCAL mode would definitely make sense to me. And supporting the CRC32
checksum would also make sense I guess.

So maybe the proxy protocol ingesting should be updated to process TLV
values for both PROXY and LOCAL mode? Do you have an opinion regarding
that?

Best regards
Tim Düsterhus

Apply with `git am --scissors` to automatically cut the commit message.

-- >8 --
This patch reads a proxy protocol v2 provided unique ID and makes it
available using the `fc_pp_unique_id` fetch.
---
 doc/configuration.txt |  4 +++
 include/proto/connection.h|  5 +++
 include/types/connection.h|  1 +
 reg-tests/stream/unique-id-from-proxy.vtc | 38 +
 src/connection.c  | 41 +++
 5 files changed, 89 insertions(+)
 create mode 100644 reg-tests/stream/unique-id-from-proxy.vtc

diff --git a/doc/configuration.txt b/doc/configuration.txt
index b508db217..a078942bb 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -15122,6 +15122,10 @@ fc_pp_authority : string
   Returns the authority TLV sent by the client in the PROXY protocol header,
   if any.
 
+fc_pp_unique_id : string
+  Returns the unique ID TLV sent by the client in the PROXY protocol header,
+  if any.
+
 fc_rcvd_proxy : boolean
   Returns true if the client initiated the connection with a PROXY protocol
   header.
diff --git a/include/proto/connection.h b/include/proto/connection.h
index fb264d2b5..9b8eb8ad3 100644
--- a/include/proto/connection.h
+++ b/include/proto/connection.h
@@ -325,6 +325,7 @@ static inline void conn_init(struct connection *conn)
conn->src = NULL;
conn->dst = NULL;
conn->proxy_authority = NULL;
+   conn->proxy_unique_id = IST_NULL;
 }
 
 /* sets  as the connection's owner */
@@ -458,6 +459,10 @@ static inline void conn_free(struct connection *conn)
pool_free(pool_head_authority, conn->proxy_authority);
conn->proxy_authority = NULL;
}
+   if (isttest(conn->proxy_unique_id)) {
+   pool_free(pool_head_uniqueid, conn->proxy_unique_id.ptr);
+   conn->proxy_unique_id = IST_NULL;
+   }
 
/* By convention we always place a NULL where the ctx points to if the
 * mux is null. It may have been used to store the connection as a
diff --git a/include/types/connection.h b/include/types/connection.h
index 0c2d960b9..30cb895ff 100644
--- a/include/types/connection.h
+++ b/include/types/connection.h
@@ -469,6 +469,7 @@ struct connection {
char *proxy_authority;/* Value of authority TLV received via 
PROXYv2 */
unsigned int idle_time; /* Time the connection was 
added to the idle list, or 0 if not in the idle list */
uint8_t proxy_authority_len;  /* Length of authority TLV received via 
PROXYv2 */
+   struct ist proxy_unique_id;  /* Value of the unique ID TLV received via 
PROXYv2 */
 };
 
 /* PROTO token registration */
diff --git a/reg-tests/stream/unique-id-from-proxy.vtc 
b/reg-tests/stream/unique-id-from-proxy.vtc
new file mode 100644
index 0..81ee3dea9
--- /dev/null
+++ b/reg-tests/stream/unique-id-from-proxy.vtc
@@ -0,0 +1,38 @@
+varnishtest "Check that we are able to read a unique-id from PROXYv2"
+
+#REQUIRE_VERSION=2.2
+
+feature ignore_unknown_macro
+
+haproxy h1 -conf {
+defaults
+mode http
+timeout connect 1s
+timeout client  1s
+timeout server  1s
+
+frontend echo
+bind "fd@${fe1}" accept-proxy
+http-after-response set-header echo %[fc_pp_unique_id,hex]
+http-request return status 200
+} -start
+
+client c1 -connect ${h1_fe1_sock} {
+# PROXY v2 signature
+sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
+# version + PROXY
+sendhex "21"
+# TCP4
+sendhex "11"
+# length of the address (12) + length of the TLV (8)
+sendhex "00 14"
+# 

[PATCH 0/3] Unique ID for PROXYv2

[Tim Duesterhus]

Willy,

this series adds support for sending and receiving unique IDs using PROXYv2.

I've added specific comments about the patches within the other emails.

Best regards
Tim Düsterhus

Tim Duesterhus (3):
  DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
  MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming
connections
  MEDIUM: proxy_protocol: Support sending unique IDs using PPv2

 doc/configuration.txt | 28 ++---
 doc/proxy-protocol.txt| 20 --
 include/proto/connection.h|  9 ++-
 include/types/connection.h|  2 +
 include/types/server.h|  1 +
 .../proxy_protocol_send_unique_id.vtc | 42 +
 reg-tests/stream/unique-id-from-proxy.vtc | 38 
 src/connection.c  | 61 ++-
 src/log.c |  2 +-
 src/server.c  |  2 +
 src/stream_interface.c| 10 ++-
 11 files changed, 195 insertions(+), 20 deletions(-)
 create mode 100644 reg-tests/connection/proxy_protocol_send_unique_id.vtc
 create mode 100644 reg-tests/stream/unique-id-from-proxy.vtc

-- 
2.25.1

Re: [PATCH] documentation typo fixes

[Willy Tarreau]

On Fri, Mar 06, 2020 at 03:21:57PM +0500,  ??? wrote:
> as for stable branches, I can run spell check for every branch and send
> appropriate PR for every branch.
> 
> would it be better compared to backporting ?

No, it would be a pain as it will conflict with the backporting process.
If you find that *after backports* there are still lots of documentation
issues that do not exist in later versions, you can occasionally propose
a patch, but that should remain rare enough, and you'd need to get
prepared to hear that we'd sometimes rather not take it if it looks too
invasive. In anyway no spelling changes to code parts in maintenance
branches will be accepted (comments etc) as they're not user-visible.

Thanks!
Willy

Re: [PATCH] documentation typo fixes

[Willy Tarreau]

On Fri, Mar 06, 2020 at 03:19:07PM +0500,  ??? wrote:
> that's nice point to fix speling in earlier documentation as well.
> 
> 
> side question, when some version become "unsupported", has its
> documentation also retired in some sense ?
> for example "here should be documentation for 1.2, but it is archived at
> ..." ?

The doc is entirely part of the project so it must be updated with the
project (hence why fixes are backported) but at the same time it doesn't
get any more fixes once the branch it belongs to dies. We do drop support
for old branches when there's almost nobody using them anymore. As you
noticed, usually we poll the list 6 months to 1 year upfront to ask if
someone still wants a given version to stay supported. If nobody cares
about it, it means nobody will read the old doc either thus it makes
sense not to backport old doc fixes.

Willy

Re: [PATCH] documentation typo fixes

[Илья Шипицин]

as for stable branches, I can run spell check for every branch and send
appropriate PR for every branch.

would it be better compared to backporting ?

пт, 6 мар. 2020 г. в 14:50, Willy Tarreau :

> On Fri, Mar 06, 2020 at 01:09:54PM +0500,  ??? wrote:
> > Hello,
> >
> > ongoing typo fixes.
>
> Thanks Ilya. I re-tagged "DOC" so that we don't forget to consider
> it for backporting, eventhough the parts on the makefile can be
> dropped from backports if they cause trouble.
>
> Willy
>

Re: [PATCH] documentation typo fixes

[Илья Шипицин]

пт, 6 мар. 2020 г. в 14:50, Willy Tarreau :

> On Fri, Mar 06, 2020 at 01:09:54PM +0500,  ??? wrote:
> > Hello,
> >
> > ongoing typo fixes.
>
> Thanks Ilya. I re-tagged "DOC" so that we don't forget to consider
> it for backporting, eventhough the parts on the makefile can be
> dropped from backports if they cause trouble.
>

that's nice point to fix speling in earlier documentation as well.


side question, when some version become "unsupported", has its
documentation also retired in some sense ?
for example "here should be documentation for 1.2, but it is archived at
..." ?


>
> Willy
>

Re: [PR] Add missing string length for lua sticktable lookup

[Willy Tarreau]

Hello Nathan,

On Wed, Mar 04, 2020 at 04:23:09AM +0100, PR Bot wrote:
> Description:
>Consider moving this to smp_to_stkey - or at least adding a:
>```if ( smp->data.u.str.data == 0 ) { static_table_key.key_len =
>strlen(smp->data.u.str.key); }```
>
>equivalent to smp_to_stkey

Could you please explain the problem you're facing ? You're just
proposing how to address it but not what the problem is, which is
problematic if you want this to be considered as a bug fix and
backported. It's possible that your fix is valid but I really
cannot tell with that information.

Thanks!
Willy

Re: maxconn default from 1.7 to 2.0

[Willy Tarreau]

On Fri, Mar 06, 2020 at 08:38:19AM +0100, Willy Tarreau wrote:
> Could you try the current patch ? For me as an unprivileged user, it
> raises my default maxconn from 488 to 2024 since I'm running with
> 1024/4096:
> 
> diff --git a/src/haproxy.c b/src/haproxy.c
> index 759612dfd8..c7905a52e4 100644
> --- a/src/haproxy.c
> +++ b/src/haproxy.c
> @@ -1417,7 +1417,7 @@ static int compute_ideal_maxconn()
> int ssl_sides = !!global.ssl_used_frontend + 
> !!global.ssl_used_backend;
> int engine_fds = global.ssl_used_async_engines * ssl_sides;
> int pipes = compute_ideal_maxpipes();
> -   int remain = rlim_fd_cur_at_boot;
> +   int remain = MAX(rlim_fd_cur_at_boot, rlim_fd_max_at_boot);
> int maxconn;
>  
> /* we have to take into account these elements :
> 
> I think we should do that and backport it to make sure that *any*
> previously working default setup continues to work with the same
> level of guaranteed limits (i.e. before service was degraded).

So finally I merged it into 2.2-dev.

Thanks,
Willy

Re: [PATCH] documentation typo fixes

[Willy Tarreau]

On Fri, Mar 06, 2020 at 01:09:54PM +0500,  ??? wrote:
> Hello,
> 
> ongoing typo fixes.

Thanks Ilya. I re-tagged "DOC" so that we don't forget to consider
it for backporting, eventhough the parts on the makefile can be
dropped from backports if they cause trouble.

Willy

[PATCH] documentation typo fixes

[Илья Шипицин]

Hello,

ongoing typo fixes.

Cheers,
Ilya Shipitcin
From c3cd13340c961a62a78b2db924aabf594f2508a4 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Fri, 6 Mar 2020 13:07:38 +0500
Subject: [PATCH] CLEANUP: fix documentation typos

---
 CONTRIBUTING   | 4 ++--
 INSTALL| 6 +++---
 Makefile   | 8 
 doc/SPOE.txt   | 2 +-
 doc/architecture.txt   | 4 ++--
 doc/coding-style.txt   | 4 ++--
 doc/management.txt | 8 
 doc/regression-testing.txt | 2 +-
 8 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/CONTRIBUTING b/CONTRIBUTING
index 201e122d4..638a64603 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -234,7 +234,7 @@ do not think about them anymore after a few patches.
indented code, which only proves that the person has no consideration for
quality and/or has done it in a hurry (probably worse). Please note that most
bugs were found in low-quality code. Reviewers know this and tend to be much
-   more reluctant to accept poorly formated code because by experience they
+   more reluctant to accept poorly formatted code because by experience they
won't trust their author's ability to write correct code. It is also worth
noting that poor quality code is painful to read and may result in nobody
willing to waste their time even reviewing your work.
@@ -990,7 +990,7 @@ How to be sure to irritate everyone
 Among the best ways to quickly lose everyone's respect, there is this small
 selection, which should help you improve the way you work with others, if
 you notice you're already practising some of them:
-  - repeatedly send improperly formated commit messages, with no type or
+  - repeatedly send improperly formatted commit messages, with no type or
 severity, or with no commit message body. These ones require manual
 edition, maintainers will quickly learn to recognize your name.
 
diff --git a/INSTALL b/INSTALL
index fc0976af5..78424ee3c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -128,7 +128,7 @@ options involved.
 HAProxy in its basic form does not depend on anything beyond a working libc.
 However a number of options are enabled by default, or are highly recommended,
 and these options will typically involve some external components or libraries,
-depending on the targetted platform.
+depending on the targeted platform.
 
 Optional dependencies may be split into several categories :
 
@@ -286,7 +286,7 @@ can be downloaded http://libslz.org/ and is even easier to build.
 
 4.7) Lua
 
-Lua is an embedded programming langage supported by HAProxy to provide more
+Lua is an embedded programming language supported by HAProxy to provide more
 advanced scripting capabilities. Only versions 5.3 and above are supported.
 In order to enable Lua support, please specify "USE_LUA=1" on the command line.
 Some systems provide this library under various names to avoid conflicts with
@@ -523,7 +523,7 @@ Building on AIX 7.2 works fine using the "aix72-gcc" TARGET. It adds two
 special CFLAGS to prevent the loading of AIXs xmem.h and var.h. This is done
 by defining the corresponding include-guards _H_XMEM and _H_VAR. Without
 excluding those header-files the build fails because of redefinition errors.
-Futhermore, the atomic library is added to the LDFLAGS to allow for
+Furthermore, the atomic library is added to the LDFLAGS to allow for
 multithreading via USE_THREAD.
 
 You can easily define your own target with the GNU Makefile. Unknown targets
diff --git a/Makefile b/Makefile
index 6c1d3ece1..4c823fa30 100644
--- a/Makefile
+++ b/Makefile
@@ -40,7 +40,7 @@
 #   USE_LUA  : enable Lua support.
 #   USE_FUTEX: enable use of futex on kernel 2.6. Automatic.
 #   USE_ACCEPT4  : enable use of accept4() on linux. Automatic.
-#   USE_MY_ACCEPT4   : use own implemention of accept4() if glibc < 2.10.
+#   USE_MY_ACCEPT4   : use own implementation of accept4() if glibc < 2.10.
 #   USE_PRCTL: enable use of prctl(). Automatic.
 #   USE_ZLIB : enable zlib library support.
 #   USE_SLZ  : enable slz library instead of zlib (pick at most one).
@@ -141,7 +141,7 @@ MANDIR = $(PREFIX)/share/man
 DOCDIR = $(PREFIX)/doc/haproxy
 
  TARGET system
-# Use TARGET= to optimize for a specifc target OS among the
+# Use TARGET= to optimize for a specific target OS among the
 # following list (use the default "generic" if uncertain) :
 #linux-glibc, linux-glibc-legacy, solaris, freebsd, openbsd, netbsd,
 #cygwin, haiku, aix51, aix52, aix72-gcc, osx, generic, custom
@@ -246,7 +246,7 @@ SILENT_DEFINE =
 # It's automatically appended depending on the targets.
 EXTRA =
 
- CPU dependant optimizations
+ CPU dependent optimizations
 # Some CFLAGS are set by default depending on the target CPU. Those flags only
 # feed CPU_CFLAGS, which in turn feed CFLAGS, so it is not mandatory to use
 # them. You should not have to change