[PATCH 6/6] CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params`
Found manually, while creating the previous commits to turn `struct proxy` members into ists. There is an existing Coccinelle rule to replace this pattern by `istadv()` in `ist.cocci`: @@ struct ist i; expression e; @@ - i.ptr += e; - i.len -= e; + i = istadv(i, e); But apparently it is not smart enough to match ists that are stored in another struct. It would be useful to make the existing rule more generic, so that it might catch similar cases in the future. --- src/mux_fcgi.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 0a8679019..ef264edae 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -1980,8 +1980,7 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f p.v = htx_get_blk_value(htx, blk); if (istmatch(p.n, ist(":fcgi-"))) { - p.n.ptr += 6; - p.n.len -= 6; + p.n = istadv(p.n, 6); if (isteq(p.n, ist("gateway_interface"))) params.mask |= FCGI_SP_CGI_GATEWAY; else if (isteq(p.n, ist("document_root"))) { -- 2.35.1
[PATCH 5/6] CLEANUP: fcgi: Replace memcpy() on ist by istcat()
This is a little cleaner, because the length of the resulting string does not need to be calculated manually. --- src/mux_fcgi.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index a22bc9391..0a8679019 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -2030,6 +2030,8 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f else if (isteq(p.n, ist("content-type"))) p.n = ist("CONTENT_TYPE"); else { + struct ist n; + if (isteq(p.n, ist("host"))) params.srv_name = p.v; else if (isteq(p.n, ist("te"))) { @@ -2046,9 +2048,10 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f if (isttest(fconn->proxy->server_id_hdr_name) && isteq(p.n, fconn->proxy->server_id_hdr_name)) break; - memcpy(trash.area, "http_", 5); - memcpy(trash.area+5, p.n.ptr, p.n.len); - p.n = ist2(trash.area, p.n.len+5); + n = ist2(trash.area, 0); + istcat(, ist("http_"), trash.size); + istcat(, p.n, trash.size); + p.n = n; } if (!fcgi_encode_param(, )) { -- 2.35.1
[PATCH 0/6] 'ist'ify members of struct proxy
Willy, Christopher, find a series that converts a few members of `struct proxy` into ists. All of them have already been converted into ists when operating on them, so directly storing them as ists makes that code cleaner. One drawback is that `struct proxy` grows by 16 bytes. It might or might not be necessary to reorder the struct members to keep it efficient. The `server_id_hdr_name` one is tagged MEDIUM, because that required some non-trivial changes in the FCGI implementation. As I've needed to modify that code anyway, I've also added two additional CLEANUP commits. As for the second CLEANUP commit: If one of you knows how to fix the Coccinelle patch to detect that specific pattern, I'd appreciate if you could make the necessary changes to ist.cocci. Unfortunately my Coccinelle skills are not good enough. I've tested that HAProxy compiles and that the existing reg-tests pass, but I didn't specifically test FCGI (and there are no exiting reg-tests for that). So please carefully check the patches for dumb mistakes. Best regards Tim Duesterhus (6): MINOR: proxy: Store monitor_uri as a `struct ist` MINOR: proxy: Store fwdfor_hdr_name as a `struct ist` MINOR: proxy: Store orgto_hdr_name as a `struct ist` MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` CLEANUP: fcgi: Replace memcpy() on ist by istcat() CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params` include/haproxy/proxy-t.h | 12 -- src/cfgparse-listen.c | 46 --- src/http_ana.c| 11 -- src/mux_fcgi.c| 23 ++-- src/mux_h1.c | 8 +++ src/mux_h2.c | 8 +++ src/proxy.c | 37 +-- 7 files changed, 62 insertions(+), 83 deletions(-) -- 2.35.1
[PATCH 1/6] MINOR: proxy: Store monitor_uri as a `struct ist`
The monitor_uri is already processed as an ist in `http_wait_for_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit. --- include/haproxy/proxy-t.h | 3 +-- src/cfgparse-listen.c | 9 +++-- src/http_ana.c| 5 ++--- src/proxy.c | 11 +-- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 421f900e2..13e722fbf 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -322,8 +322,7 @@ struct proxy { int srvtcpka_cnt; /* The maximum number of keepalive probes TCP should send before dropping the connection. (server side) */ int srvtcpka_idle; /* The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes. (server side) */ int srvtcpka_intvl; /* The time (in seconds) between individual keepalive probes. (server side) */ - int monitor_uri_len;/* length of the string above. 0 if unused */ - char *monitor_uri; /* a special URI to which we respond with HTTP/200 OK */ + struct ist monitor_uri; /* a special URI to which we respond with HTTP/200 OK */ struct list mon_fail_cond; /* list of conditions to fail monitoring requests (chained) */ struct {/* WARNING! check proxy_reset_timeouts() in proxy.h !!! */ int client; /* client I/O timeout (in ticks) */ diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 5deec5e6b..eb58b2eb1 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -575,13 +575,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) goto out; } - free(curproxy->monitor_uri); - curproxy->monitor_uri_len = strlen(args[1]); - curproxy->monitor_uri = calloc(1, curproxy->monitor_uri_len + 1); - if (!curproxy->monitor_uri) + istfree(>monitor_uri); + curproxy->monitor_uri = istdup(ist(args[1])); + if (!isttest(curproxy->monitor_uri)) goto alloc_error; - memcpy(curproxy->monitor_uri, args[1], curproxy->monitor_uri_len); - curproxy->monitor_uri[curproxy->monitor_uri_len] = '\0'; goto out; } diff --git a/src/http_ana.c b/src/http_ana.c index f33eb7790..b60927e52 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -203,9 +203,8 @@ int http_wait_for_request(struct stream *s, struct channel *req, int an_bit) * used. It is a workaround to let HTTP/2 health-checks work as * expected. */ - if (unlikely(sess->fe->monitor_uri_len != 0)) { - const struct ist monitor_uri = ist2(sess->fe->monitor_uri, - sess->fe->monitor_uri_len); + if (unlikely(isttest(sess->fe->monitor_uri))) { + const struct ist monitor_uri = sess->fe->monitor_uri; struct http_uri_parser parser = http_uri_parser_init(htx_sl_req_uri(sl)); if ((istptr(monitor_uri)[0] == '/' && diff --git a/src/proxy.c b/src/proxy.c index 946fe13d5..e5cf81327 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -156,7 +156,7 @@ void free_proxy(struct proxy *p) free(p->lbprm.arg_str); free(p->server_state_file_name); free(p->capture_name); - free(p->monitor_uri); + istfree(>monitor_uri); free(p->rdp_cookie_name); free(p->invalid_rep); free(p->invalid_req); @@ -1270,7 +1270,7 @@ int proxy_cfg_ensure_no_http(struct proxy *curproxy) ha_warning("cookie will be ignored for %s '%s' (needs 'mode http').\n", proxy_type_str(curproxy), curproxy->id); } - if (curproxy->monitor_uri != NULL) { + if (isttest(curproxy->monitor_uri)) { ha_warning("monitor-uri will be ignored for %s '%s' (needs 'mode http').\n", proxy_type_str(curproxy), curproxy->id); } @@ -1432,7 +1432,7 @@ void proxy_free_defaults(struct proxy *defproxy) ha_free(>cookie_attrs); ha_free(>lbprm.arg_str); ha_free(>capture_name); - ha_free(>monitor_uri); + istfree(>monitor_uri); ha_free(>defbe.name); ha_free(>conn_src.iface_name); ha_free(>fwdfor_hdr_name); defproxy->fwdfor_hdr_len = 0; @@ -1707,9 +1707,8 @@ static int proxy_defproxy_cpy(struct proxy *curproxy, const struct proxy *defpro curproxy->timeout.tarpit = defproxy->timeout.tarpit; curproxy->timeout.httpreq = defproxy->timeout.httpreq;
[PATCH 4/6] MEDIUM: proxy: Store server_id_hdr_name as a `struct ist`
The server_id_hdr_name is already processed as an ist in various locations lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit. --- include/haproxy/proxy-t.h | 3 +-- src/cfgparse-listen.c | 9 - src/mux_fcgi.c| 11 +-- src/mux_h1.c | 8 src/mux_h2.c | 8 src/proxy.c | 8 +++- 6 files changed, 21 insertions(+), 26 deletions(-) diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 805e1b452..80431757e 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -354,8 +354,7 @@ struct proxy { struct net_addr except_xot_net; /* don't x-original-to for this address. */ struct ist fwdfor_hdr_name; /* header to use - default: "x-forwarded-for" */ struct ist orgto_hdr_name; /* header to use - default: "x-original-to" */ - char *server_id_hdr_name; /* the header to use to send the server id (name) */ - int server_id_hdr_len; /* the length of the id (name) header... name */ + struct ist server_id_hdr_name; /* the header to use to send the server id (name) */ int conn_retries; /* maximum number of connect retries */ unsigned int retry_type;/* Type of retry allowed */ int redispatch_after; /* number of retries before redispatch */ diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 121f1deac..216e6d8d5 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -1383,12 +1383,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) } /* set the desired header name, in lower case */ - free(curproxy->server_id_hdr_name); - curproxy->server_id_hdr_name = strdup(args[1]); - if (!curproxy->server_id_hdr_name) + istfree(>server_id_hdr_name); + curproxy->server_id_hdr_name = istdup(ist(args[1])); + if (!isttest(curproxy->server_id_hdr_name)) goto alloc_error; - curproxy->server_id_hdr_len = strlen(curproxy->server_id_hdr_name); - ist2bin_lc(curproxy->server_id_hdr_name, ist2(curproxy->server_id_hdr_name, curproxy->server_id_hdr_len)); + ist2bin_lc(istptr(curproxy->server_id_hdr_name), curproxy->server_id_hdr_name); } else if (strcmp(args[0], "block") == 0) { ha_alert("parsing [%s:%d] : The '%s' directive is not supported anymore since HAProxy 2.1. Use 'http-request deny' which uses the exact same syntax.\n", file, linenum, args[0]); diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index b5b280749..a22bc9391 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -2043,8 +2043,7 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f } /* Skip header if same name is used to add the server name */ - if (fconn->proxy->server_id_hdr_name && - isteq(p.n, ist2(fconn->proxy->server_id_hdr_name, fconn->proxy->server_id_hdr_len))) + if (isttest(fconn->proxy->server_id_hdr_name) && isteq(p.n, fconn->proxy->server_id_hdr_name)) break; memcpy(trash.area, "http_", 5); @@ -2062,15 +2061,15 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f break; case HTX_BLK_EOH: - if (fconn->proxy->server_id_hdr_name) { + if (isttest(fconn->proxy->server_id_hdr_name)) { struct server *srv = objt_server(fconn->conn->target); if (!srv) goto done; - memcpy(trash.area, "http_", 5); - memcpy(trash.area+5, fconn->proxy->server_id_hdr_name, fconn->proxy->server_id_hdr_len); - p.n = ist2(trash.area, fconn->proxy->server_id_hdr_len+5); + p.n = ist2(trash.area, 0); + istcat(, ist("http_"), trash.size); + istcat(, fconn->proxy->server_id_hdr_name, trash.size); p.v = ist(srv->id); if (!fcgi_encode_param(, )) { diff --git a/src/mux_h1.c b/src/mux_h1.c index
[PATCH 3/6] MINOR: proxy: Store orgto_hdr_name as a `struct ist`
The orgto_hdr_name is already processed as an ist in `http_process_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit. --- include/haproxy/proxy-t.h | 3 +-- src/cfgparse-listen.c | 14 ++ src/http_ana.c| 3 +-- src/proxy.c | 8 +++- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 8277c098e..805e1b452 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -353,8 +353,7 @@ struct proxy { struct net_addr except_xff_net; /* don't x-forward-for for this address. */ struct net_addr except_xot_net; /* don't x-original-to for this address. */ struct ist fwdfor_hdr_name; /* header to use - default: "x-forwarded-for" */ - char *orgto_hdr_name; /* header to use - default: "x-original-to" */ - int orgto_hdr_len; /* length of "x-original-to" header */ + struct ist orgto_hdr_name; /* header to use - default: "x-original-to" */ char *server_id_hdr_name; /* the header to use to send the server id (name) */ int server_id_hdr_len; /* the length of the id (name) header... name */ int conn_retries; /* maximum number of connect retries */ diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index d858c3446..121f1deac 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -2399,11 +2399,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) curproxy->options |= PR_O_ORGTO; - free(curproxy->orgto_hdr_name); - curproxy->orgto_hdr_name = strdup(DEF_XORIGINALTO_HDR); - if (!curproxy->orgto_hdr_name) + istfree(>orgto_hdr_name); + curproxy->orgto_hdr_name = istdup(ist(DEF_XORIGINALTO_HDR)); + if (!isttest(curproxy->orgto_hdr_name)) goto alloc_error; - curproxy->orgto_hdr_len = strlen(DEF_XORIGINALTO_HDR); curproxy->except_xot_net.family = AF_UNSPEC; /* loop to go through arguments - start at 2, since 0+1 = "option" "originalto" */ @@ -2441,11 +2440,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) err_code |= ERR_ALERT | ERR_FATAL; goto out; } - free(curproxy->orgto_hdr_name); - curproxy->orgto_hdr_name = strdup(args[cur_arg+1]); - if (!curproxy->orgto_hdr_name) + istfree(>orgto_hdr_name); + curproxy->orgto_hdr_name = istdup(ist(args[cur_arg+1])); + if (!isttest(curproxy->orgto_hdr_name)) goto alloc_error; - curproxy->orgto_hdr_len = strlen(curproxy->orgto_hdr_name); cur_arg += 2; } else { /* unknown suboption - catchall */ diff --git a/src/http_ana.c b/src/http_ana.c index f02b8446b..83711482f 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -711,8 +711,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) */ if ((sess->fe->options | s->be->options) & PR_O_ORGTO) { const struct sockaddr_storage *dst = si_dst(cs_si(s->csf)); - struct ist hdr = ist2(s->be->orgto_hdr_len ? s->be->orgto_hdr_name : sess->fe->orgto_hdr_name, - s->be->orgto_hdr_len ? s->be->orgto_hdr_len : sess->fe->orgto_hdr_len); + struct ist hdr = isttest(s->be->orgto_hdr_name) ? s->be->orgto_hdr_name : sess->fe->orgto_hdr_name; if (dst && dst->ss_family == AF_INET) { /* Add an X-Original-To header unless the destination IP is diff --git a/src/proxy.c b/src/proxy.c index 53ca5db29..f051768ac 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -1436,7 +1436,7 @@ void proxy_free_defaults(struct proxy *defproxy) ha_free(>defbe.name); ha_free(>conn_src.iface_name); istfree(>fwdfor_hdr_name); - ha_free(>orgto_hdr_name); defproxy->orgto_hdr_len = 0; + istfree(>orgto_hdr_name); ha_free(>server_id_hdr_name); defproxy->server_id_hdr_len = 0; list_for_each_entry_safe(acl, aclb, >acl, list) { @@ -1600,10
[PATCH 2/6] MINOR: proxy: Store fwdfor_hdr_name as a `struct ist`
The fwdfor_hdr_name is already processed as an ist in `http_process_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit. --- include/haproxy/proxy-t.h | 3 +-- src/cfgparse-listen.c | 14 ++ src/http_ana.c| 3 +-- src/proxy.c | 10 -- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 13e722fbf..8277c098e 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -352,9 +352,8 @@ struct proxy { unsigned int tot_fe_maxconn;/* #maxconn of frontends linked to that backend, it is used to compute fullconn */ struct net_addr except_xff_net; /* don't x-forward-for for this address. */ struct net_addr except_xot_net; /* don't x-original-to for this address. */ - char *fwdfor_hdr_name; /* header to use - default: "x-forwarded-for" */ + struct ist fwdfor_hdr_name; /* header to use - default: "x-forwarded-for" */ char *orgto_hdr_name; /* header to use - default: "x-original-to" */ - int fwdfor_hdr_len; /* length of "x-forwarded-for" header */ int orgto_hdr_len; /* length of "x-original-to" header */ char *server_id_hdr_name; /* the header to use to send the server id (name) */ int server_id_hdr_len; /* the length of the id (name) header... name */ diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index eb58b2eb1..d858c3446 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -2331,11 +2331,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) curproxy->options |= PR_O_FWDFOR | PR_O_FF_ALWAYS; - free(curproxy->fwdfor_hdr_name); - curproxy->fwdfor_hdr_name = strdup(DEF_XFORWARDFOR_HDR); - if (!curproxy->fwdfor_hdr_name) + istfree(>fwdfor_hdr_name); + curproxy->fwdfor_hdr_name = istdup(ist(DEF_XFORWARDFOR_HDR)); + if (!isttest(curproxy->fwdfor_hdr_name)) goto alloc_error; - curproxy->fwdfor_hdr_len = strlen(DEF_XFORWARDFOR_HDR); curproxy->except_xff_net.family = AF_UNSPEC; /* loop to go through arguments - start at 2, since 0+1 = "option" "forwardfor" */ @@ -2374,11 +2373,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) err_code |= ERR_ALERT | ERR_FATAL; goto out; } - free(curproxy->fwdfor_hdr_name); - curproxy->fwdfor_hdr_name = strdup(args[cur_arg+1]); - if (!curproxy->fwdfor_hdr_name) + istfree(>fwdfor_hdr_name); + curproxy->fwdfor_hdr_name = istdup(ist(args[cur_arg+1])); + if (!isttest(curproxy->fwdfor_hdr_name)) goto alloc_error; - curproxy->fwdfor_hdr_len = strlen(curproxy->fwdfor_hdr_name); cur_arg += 2; } else if (strcmp(args[cur_arg], "if-none") == 0) { curproxy->options &= ~PR_O_FF_ALWAYS; diff --git a/src/http_ana.c b/src/http_ana.c index b60927e52..f02b8446b 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -655,8 +655,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) if ((sess->fe->options | s->be->options) & PR_O_FWDFOR) { const struct sockaddr_storage *src = si_src(cs_si(s->csf)); struct http_hdr_ctx ctx = { .blk = NULL }; - struct ist hdr = ist2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : sess->fe->fwdfor_hdr_name, - s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : sess->fe->fwdfor_hdr_len); + struct ist hdr = isttest(s->be->fwdfor_hdr_name) ? s->be->fwdfor_hdr_name : sess->fe->fwdfor_hdr_name; if (!((sess->fe->options | s->be->options) & PR_O_FF_ALWAYS) && http_find_header(htx, hdr, , 0)) { diff --git a/src/proxy.c b/src/proxy.c index e5cf81327..53ca5db29 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -332,7 +332,7 @@ void free_proxy(struct proxy *p) pxdf->fct(p); free(p->desc); - free(p->fwdfor_hdr_name); +
Re: [PATCH] BUILD/MEDIUM kFreeBSD build fix
On Fri, Mar 04, 2022 at 03:59:27PM +, David CARLIER wrote: > Hi, > > here the patch related to the GH issue #1555. Thank you David, now merged! Willy
[PATCH] BUILD/MEDIUM kFreeBSD build fix
Hi, here the patch related to the GH issue #1555. Kind regards. From 02bd5ee5089c20a99ad3dfba433dd0e3eda2ceee Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 4 Mar 2022 15:50:48 + Subject: [PATCH] BUILD/MEDIUM: fix kFreeBSD build. kFreeBSD needs to be treated as a distinct target from FreeBSD since the underlying system libc is the GNU one. Thus, relying only __GLIBC__ no longer suffice. - freebsd-glibc new target, key difference is including crypt.h and linking to libdl like linux. - cpu affinity available but the api is still the FreeBSD's. - enabling auxiliary data access only for Linux. Patch based on preliminary work done by @bigon. closes #1555 --- Makefile | 11 +-- include/haproxy/cpuset-t.h | 2 +- src/tools.c| 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 964b7fbb5..46da6fbbb 100644 --- a/Makefile +++ b/Makefile @@ -177,8 +177,8 @@ DOCDIR = $(PREFIX)/doc/haproxy TARGET system # Use TARGET= to optimize for a specific target OS among the # following list (use the default "generic" if uncertain) : -#linux-glibc, linux-glibc-legacy, linux-musl, solaris, freebsd, dragonfly, -#openbsd, netbsd, cygwin, haiku, aix51, aix52, aix72-gcc, osx, generic, +#linux-glibc, linux-glibc-legacy, linux-musl, solaris, freebsd, freebsd-glibc, +#dragonfly, openbsd, netbsd, cygwin, haiku, aix51, aix52, aix72-gcc, osx, generic, #custom TARGET = @@ -412,6 +412,13 @@ ifeq ($(TARGET),freebsd) USE_ACCEPT4 USE_CLOSEFROM USE_GETADDRINFO USE_PROCCTL) endif +# kFreeBSD glibc +ifeq ($(TARGET),freebsd-glibc) + set_target_defaults = $(call default_opts, \ +USE_POLL USE_TPROXY USE_LIBCRYPT USE_THREAD USE_CPU_AFFINITY USE_KQUEUE \ +USE_ACCEPT4 USE_GETADDRINFO USE_CRYPT_H USE_DL) +endif + # DragonFlyBSD 4.3 and above ifeq ($(TARGET),dragonfly) set_target_defaults = $(call default_opts, \ diff --git a/include/haproxy/cpuset-t.h b/include/haproxy/cpuset-t.h index 5f812aa17..984df8d83 100644 --- a/include/haproxy/cpuset-t.h +++ b/include/haproxy/cpuset-t.h @@ -16,7 +16,7 @@ #include -#if defined(__linux__) || defined(__DragonFly__) +#if defined(__linux__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) # define CPUSET_REPR cpu_set_t # define CPUSET_USE_CPUSET diff --git a/src/tools.c b/src/tools.c index c48a9698c..f62032b9c 100644 --- a/src/tools.c +++ b/src/tools.c @@ -43,7 +43,7 @@ extern void *__elf_aux_vector; #include #include -#if defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) +#if defined(__linux__) && defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) #include #endif @@ -4791,7 +4791,7 @@ const char *get_exec_path() { const char *ret = NULL; -#if defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) +#if defined(__linux__) && defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) long execfn = getauxval(AT_EXECFN); if (execfn && execfn != ENOENT) -- 2.34.1
Peers using heavily single cpu core
Hi, I'm experiencing high CPU usage on a single core, idle drops below 40% while other cores are at 80% idle. Peers cluster is quite big (12 servers, each server running 12 threads) and is used for synchronization of 3 stick-tables of 1 million entries size. Is peers protocol single threaded and high usage on single core is expected or am I experiencing some kind of bug? I'll keep digging to be sure nothing else from my configuration is causing the issue. haproxy -v HAProxy version 2.4.14-eaa786f 2022/02/25 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2026. Known bugs: http://www.haproxy.org/bugs/bugs-2.4.14.html Running on: Linux 4.15.0-154-generic #161-Ubuntu SMP Fri Jul 30 13:04:17 UTC 2021 x86_64 Kind regards, Maciej Zdeb
Re: SV: Incompatible with 'frontend http-request header rule'
Le 3/4/22 à 00:42, Henning Svane a écrit : Hi Christopher I tried your rule and it did not compile, but I am trying to understand it. /haproxy02.cfg:20] : error detected while parsing an 'http-request tarpit' condition : no such ACL : 'http-response' I placed the rule in the frontend, but was thinking if it should be in the backend, as it is here server is called and hereby produce the return code. I understand the idea in your rule, but at the same time, I do not understand the order of execution. It looks like it has to be executed from the right with the " if { capture.req.uri -m beg /login } { status 401 }" first. But then what? If I understand correctly 1) You save the request url in a table with capture.req.uri. 2) Then server try to execute the url 3) Based on the server return the http-response (this part I have not fully understand yet) 4) If the response is 401 then " http-request tarpit deny_status 429" I will try to work a little more with you suggestion and see if I can get to work. Regards Henning haproxy02.cfg:20] : error detected while parsing an 'http-request tarpit' condition : no such ACL : 'http-response'. Your email client seems to have mangled my reply. Or there is a formatting issue on my side. Anyway, it is not one rule with everything on one line, but 2 rules. An http-request one to deny the request on its own line and an http-response one to track login failures, on another line. Both can be specified in the frontend, the backend or split. It depends on your other rules, if any. With your config snippet, it doesn't matter. -- Christopher Faulet