Re: error: 'all_threads_mask' undeclared (first use in this function)

Hi Igor, On Mon, Jun 04, 2018 at 03:18:02PM +0300, Igor Batkanov wrote: > Hello! > I've tried to create haproxy 1.8.9 RPM package using rpmbuild and got the > folowing error: error: 'all_threads_mask' undeclared (first use in this > function) > This is a problem when building haproxy without

Re: [PATCH]: silencing compilation warning

, but clang certainly does. Instead of using a static variable, I think merely adding a cast is better, as attached. What do you think ? Regards, Olivier >From 08bdd8e3b27afdd5101843f23edd337166c87159 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Fri, 1 Jun 2018 14:32:39 +0200 Subject:

Re: 100% cpu using resolvers with haproxy v1.8.9

. > Oops you're right indeed. There's a bug in the pollers revamp that has been done recently. The attached patch should fix it. Thanks for reporting ! Olivier >From 837f376310b3077740289bc2ced1a0a97a1f964f Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 29 May 2018 14:42:2

[PATCHES] Fix bugs in the new scheduler

>From f47ca20747c1cfc7b9e6413afe9c8819a84e485a Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 28 May 2018 13:51:06 +0200 Subject: [PATCH 1/3] BUG/MEDIUM: tasks: Don't forget to increase/decrease tasks_run_queue. Don't forget to increase tasks_run_queue w

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

Hi Pieter, On Tue, May 22, 2018 at 09:00:24PM +0200, PiBa-NL wrote: > Hi Olivier, > > Op 22-5-2018 om 18:46 schreef Olivier Houchard: > > Hi Pieter, > > > > Does the attached patch fix it for you ? It's been generated from master, > > but will probably apply aga

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

, you did most of the work :) I think I understand what is going on, and it's ugly as hell. Does the attached patch fix it for you ? It's been generated from master, but will probably apply against 1.8 as well. Thanks ! Olivier >From b938f86e1fe51e95adc73f9e583dd225f5ecf88d Mon Sep 17 00:0

Re: [PATCH] BUG/MEDIUM: pollers/kqueue: use incremented position in event list

On Fri, May 11, 2018 at 02:09:43PM +0200, Willy Tarreau wrote: > Hi guys, > > On Fri, May 11, 2018 at 01:57:10PM +0200, Olivier Houchard wrote: > > Hi Pieter, > > > > On Thu, May 10, 2018 at 01:12:40AM +0200, PiBa-NL wrote: > > > Hi Olivier, > > >

Re: [PATCH] BUG/MEDIUM: pollers/kqueue: use incremented position in event list

Hi Pieter, On Thu, May 10, 2018 at 01:12:40AM +0200, PiBa-NL wrote: > Hi Olivier, > > Please take a look at attached patch. When adding 2 fd's the second > overwrote the first one. > Tagged it medium as haproxy just didn't work at all. (with kqueue.). Though > it could perhaps also be minor, as

[PATCH] Make sure all the pollers get fd updates

be, backported, so a different patch, similar in spirit, will be developed. Regards, Olivier >From 7ae6ae7215984deb4487391201e3b0f99a072c4b Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 25 Apr 2018 15:10:30 +0200 Subject: [PATCH 1/4] MINOR: fd: Make the lo

Re: 1.9dev LUA shows partial results from print_r(core.get_info()) after adding headers ?

crash anymore with that change. But i'm not sure > if now its leaking memory instead for some cases.. Is there a easy way to > check? > > Regards, > PiBa-NL (Pieter) > Thanks a lot for the detailed analysis. That seems spot on. We decided to do something a bit different than your proposed f

Re: Considering adding support for TCP Zero Copy

Hi Pavlos, On Thu, May 03, 2018 at 12:45:42PM +0200, Pavlos Parissis wrote: > Hi, > > Linux kernel version 4.14 adds support for zero-copy from user memory to TCP > sockets by setting > MSG_ZEROCOPY flag. This is for the sending side of the socket, for the > receiving side of the socket > we

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi again, On Tue, Apr 17, 2018 at 01:07:49PM +0200, Olivier Houchard wrote: [...] > We only need one to prevent kevent() from trying to scanning the kqueue, so > only setting kev[0] should be enough. It's inside an #ifdef because > EV_RECEIPT was only implemented recently in OpenBSD, so

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi Pieter, On Mon, Apr 16, 2018 at 10:41:48PM +0200, PiBa-NL wrote: > Hi Olivier, > > Op 16-4-2018 om 17:09 schreef Olivier Houchard: > > After some discussion with Willy, we came with a solution that may fix your > > problem with kqueue. > > Can you test the att

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi, On Mon, Apr 16, 2018 at 03:37:34PM +0200, Olivier Houchard wrote: > Hi Pieter, > > On Fri, Apr 13, 2018 at 06:50:50AM +, Pi Ba wrote: > > Using poll (startup with -dk) the request works properly. > > After some discussion with Willy, we came with a solution that m

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

you ? Thanks ! Olivier >From 3c0a505e5f163989239ffb5267ddf7c1ed549fb9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 16 Apr 2018 13:24:48 +0200 Subject: [PATCH] BUG/MEDIUM: When adding new events, provide an output to get errors. When adding new events

Re: HAProxy 1.8.X crashing

Hi Praveen, On Fri, Apr 13, 2018 at 02:03:47PM +, UPPALAPATI, PRAVEEN wrote: > Hi Oliver, > > The crash got fixed with the patch you provided before. > > Do you thing the latest patch will be the right solution? > > Thanks, > Praveen. > It should be fine. Regards, Olivier

Re: HAProxy 1.8.X crashing

the point of currently preventing us from using H2 on the backend, and > that's exactly why we're currently working on it. Ok, here is a patch that does exactly what you suggest. I'm not entirely happy with it, but it'll do the job, as a stopgap. I want this crash fixed :) Olivier >From

Re: HAProxy 1.8.X crashing

Hi Willy, On Thu, Apr 12, 2018 at 08:53:51AM +0200, Willy Tarreau wrote: > Hi Olivier, > > On Wed, Apr 11, 2018 at 05:29:15PM +0200, Olivier Houchard wrote: > > From 7c9f06727cf60acf873353ac71283ff9c562aeee Mon Sep 17 00:00:00 2001 > > From: Olivier Houchard <ohouch...@ha

Re: HAProxy 1.8.X crashing

ne with 1.7.x > version. > It's related to changes we made in the architecture in 1.8. The attached patch should fix it. It was made for master, but should apply to 1.8 as well. Thanks for reporting ! Olivier >From 7c9f06727cf60acf873353ac71283ff9c562aeee Mon Sep 17 00:00:00 2001 From:

[MINOR][PATCH] Fix segfault when trying to use seemless reload with at least an interface bound

uld fix it. Regards, Olivier >From b249119e571a1b5c597819701e5ec6f7d4525cf8 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 15 Mar 2018 17:48:49 +0100 Subject: [PATCH] MINOR: seemless reload: Fix crash when an interface is specified. When doing a see

Re: cppcheck finding

elf. > > > > is it in purpose ? > > I suspect it's a mistake and that it was meant to be xfer_sock->prev instead. > CCing Olivier to double-check. > Oops, you're right, good catch ! The attached patch should fix it. Regards, Olivier >From 32b505d6093bad96eb4a65272bd

Re: haproxy 1.8 ssl backend server leads to server session aborts

all error handling. > I'm not sure I get that part. I don't mind one way or another, but I don't understand how it would remove gotos. > BTW this makes me realize that your inverted condition above seems wrong > (|| instead of &&). > Oops, that is true, those things are too compl

Re: haproxy 1.8 ssl backend server leads to server session aborts

Hi Emmanuel, On Tue, Feb 13, 2018 at 05:40:00PM +0100, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 13 févr. 2018 à 15:27, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > Thanks a lot for the detailed analyze, and sorry for the late ans

Re: haproxy 1.8 ssl backend server leads to server session aborts

for the detailed analyze, and sorry for the late answer. You're probably right, SSL_ERROR_SYSCALL shouldn't be treated as an unrecoverable error. So, what you basically did was something equivalent to the patch attached ? Thanks a lot ! Olivier >From b423f94273be2c7040ce0861bd4a21617b4c5c2b Mon

[PATCH] Fix build when compiling without threads traffic

Hi, Commit 1605c7ae6154d8c2cfcf3b325872b1a7266c5bc2 broke building haproxy without threads support. The attached patch should fix it. Regards, Olivier >From 17e4494874b4a75da039f06f00f668d413038283 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 24 Ja

Re: Warnings when using dynamic cookies and server-template

Hi William, On Mon, Jan 22, 2018 at 08:03:55PM +0100, William Dauchy wrote: > Hello Olivier, > > On Wed, Jan 17, 2018 at 05:43:02PM +0100, Olivier Houchard wrote: > > Ok you got me convinced, the attached patch don't check for duplicate > > cookies for disabled server,

Re: Warnings when using dynamic cookies and server-template

On Wed, Jan 17, 2018 at 04:42:01PM +0100, Pierre Cheynier wrote: > On 17/01/2018 15:56, Olivier Houchard wrote: > > > >> So, as a conclusion, I'm just not sure that producing this warning is > >> relevant in case the IP is duplicated for several servers *if they are >

Re: Warnings when using dynamic cookies and server-template

On Wed, Jan 17, 2018 at 02:25:59PM +0100, Pierre Cheynier wrote: > Hi, > > On 16/01/2018 18:48, Olivier Houchard wrote: > > > > Not really :) That's not a case I thought of. > > The attached patch disables the generation of the dynamic cookie if the IP > > is 0.

Re: Warnings when using dynamic cookies and server-template

Hi Pierre, On Tue, Jan 16, 2018 at 06:08:40PM +0100, Pierre Cheynier wrote: > Hi Olivier, > > > On 16/01/2018 15:43, Olivier Houchard wrote: > > I'm not so sure about this. > > It won't be checked again when server are enabled, so you won't get the > > warning i

Re: Warnings when using dynamic cookies and server-template

Hi Pierre, On Mon, Jan 15, 2018 at 06:45:52PM +0100, Pierre Cheynier wrote: > Hello, > > We started to use the server-template approach in which you basically > provision servers in backends using a "check disabled" state, then > re-enabling them using the Runtime API. > > I recently noticed

Re: [PATCH] dns: Handle SRV record weights correctly

Hi, On Tue, Jan 09, 2018 at 03:28:22PM +0100, Olivier Houchard wrote: > Hi Willy, > > On Tue, Jan 09, 2018 at 03:17:24PM +0100, Willy Tarreau wrote: > > Hi Olivier, > > > > On Mon, Jan 08, 2018 at 04:35:35PM +0100, Olivier Houchard wrote: > > > Hi, >

Re: [PATCH] dns: Handle SRV record weights correctly

Hi Willy, On Tue, Jan 09, 2018 at 03:17:24PM +0100, Willy Tarreau wrote: > Hi Olivier, > > On Mon, Jan 08, 2018 at 04:35:35PM +0100, Olivier Houchard wrote: > > Hi, > > > > The attached patch attempts to map SRV record weight to haproxy weight > > correctly, &g

[PATCH] dns: Handle SRV record weights correctly

>From 8e8ab23223274ac75fdf1cfe2847337133fd59d2 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 8 Jan 2018 16:28:57 +0100 Subject: [PATCH] MINOR: Handle SRV record weight correctly. A SRV record weight can range from 0 to 65535, while haproxy weight go

[PATCH] Remove rbtree.[ch]

Hi guys, The rbtree implementation as found in haproxy, is currently unused, and has been for quite some time. I don't think we will need it again, so the attached patch just removes it. Regards, Olivier >From 4ce3bce732fd816a835e4896646f260f0b7e6e7c Mon Sep 17 00:00:00 2001 From: Oliv

Re: Segfault with 1.8.0 build (RHEL5, old gcc).

Hi Christopher, On Wed, Dec 06, 2017 at 05:34:15PM -0800, Christopher Lane wrote: > On Mon, Dec 4, 2017 at 11:56 AM, Christopher Lane > wrote: > > > > > > > > On Mon, Dec 4, 2017 at 4:22 AM Lukas Tribus wrote: > > > >>Hello Christopher, > > > > >

Re: Segfault with 1.8.0 build (RHEL5, old gcc).

lot ! Olivier >From 5236a1a4ac19cc27c6f06d328b2df0c4cdfe220c Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 1 Dec 2017 22:04:05 +0100 Subject: [PATCH] MINOR: checks: Be sure we have a mux if we created a cs. In connect_conn_chk(), there were one case w

[PATCH] Make thread affinity work on FreeBSD

Hi, The attached patch makes the call to pthread_setaffinity_np() work on FreeBSD. Regards, Olivier >From fc204ac3d7f9323b6583465ff5b42a0cfa46b8b1 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 1 Dec 2017 18:19:43 +0100 Subject: [PATCH] MINOR: thr

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

On Thu, Nov 30, 2017 at 03:32:20PM +0100, Emmanuel Hocdet wrote: > > > Le 30 nov. 2017 à 13:34, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > Hi Emmanuel, > > > > On Thu, Nov 30, 2017 at 12:15:37PM +0100, Emmanuel Hocdet wrote: > >>

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

a need a sample fetch to know there were early data, even after the handshake, maybe we can introduce a new sample fetch, ssl_fc_has_insecure_early, or something ? Regards, Olivier >From bda3b7800677184ea19fb81f75f9a9b44c79efeb Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@ha

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

Hi Emmanuel, On Mon, Nov 27, 2017 at 05:17:54PM +0100, Emmanuel Hocdet wrote: > > Hi, > > This patch fix CO_FL_EARLY_DATA removal to have correct ssl_fc_has_early > reporting. It work for 'mode http'. > > It does not fix ssl_fc_has_early for 'mode tcp'. In this mode CO_FL_EARLY_DATA > should

Re: [PATCH] MINOR: ssl: Handle early data with BoringSSL

Hi Willy, On Thu, Nov 23, 2017 at 07:44:13PM +0100, Willy Tarreau wrote: > On Thu, Nov 23, 2017 at 04:16:39PM +0100, Emmanuel Hocdet wrote: > > > > simplify patch: > > no need to bypass post SSL_do_handshake process, only remove > > CO_FL_EARLY_SSL_HS > > when handshake can't support early

[PATCH] ssl/mux: Handle early data with multiple streams

rom cdb181d78466a1ce2be2b8b621231ba2086f4979 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 23 Nov 2017 18:21:29 +0100 Subject: [PATCH 1/2] MINOR: ssl: Handle reading early data after writing better. It can happen that we want to read early data, write some, and then continu

Re: [PATCH] do the handshake if we can't send early data

On Wed, Nov 22, 2017 at 05:42:42PM +0100, Olivier Houchard wrote: > Hi, > > We mistakely only try to go back to the SSL handshake when not able to send > early data if we're acting as a client, that is wrong, and leads to an > infinite loop if it happens on the server side. >

[PATCHES] Fix TLS 1.3 session resumption, and 0RTT with threads.

. Regards, Olivier >From e32a831c1cbff1fcfb66565273ec98052f3a7f79 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 16 Nov 2017 17:42:52 +0100 Subject: [PATCH 1/2] MINOR: SSL: Store the ASN1 representation of client sessions. Instead of storing the SS

Re: [PATCH] Fix SRV records again

On Mon, Nov 06, 2017 at 03:19:25PM +0100, Olivier Houchard wrote: > Hi, > > The attached patch fixes a locking issue that prevented SRV records from > working. > > Regards, > > Olivier > And another one, that fix a deadlock that occurs when checks trigger DNs res

[PATCHES] TLS 1.3 session resumption and early data to servers

rom 7db328b4e5028a80c9817049108f5625513a87e8 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Thu, 2 Nov 2017 19:04:38 +0100 Subject: [PATCH 1/4] BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. We only have a ssl_bind_conf if crt-list is used, however we can still match a ce

[PATCH] Fix SRV records again

001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 31 Oct 2017 15:21:19 +0100 Subject: [PATCH] BUG/MINOR: dns: Fix SRV records with the new thread code. srv_set_fqdn() may be called with the DNS lock already held, but tries to lock it anyway. So, add a new parameter to le

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

On Fri, Oct 27, 2017 at 03:54:27PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 à 15:02, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > > I also added a new field in g

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

Hi, On Fri, Oct 27, 2017 at 12:45:36PM +0200, Olivier Houchard wrote: > On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > > > Hi Olivier >

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > Hi Olivier > > > >> Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a >

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

On Fri, Oct 27, 2017 at 11:22:15AM +0200, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a ??crit > > : > > > > Hi, > > > > You'll find attached updated patches, rebased on the la

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

)) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return SSL_TLSEXT_ERR_OK; } #endif

Re: [PATCH] support Openssl 1.1.1 early callback API for HS

Hi Emmanuel, On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: > Hi, > > . patches serie rebase from master > . update openssl 1.1.1 api calls with new early callback name > (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html >

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

On Tue, Oct 24, 2017 at 07:12:15PM +0200, Olivier Houchard wrote: > On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > > Hi, > > > > While testing Christopher's DNS "thread-safe" code, I found a bug in > > srv_update_status following a

[PATCH] MINOR: Fix checks when connect_conn_chk() fails srv_update_status()

:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 24 Oct 2017 19:03:30 +0200 Subject: [PATCH 2/2] BUG/MINOR: checks: Don't forget to release the connection on error case. When switching the check code to a non-permanent connection, the new code forgot to free the c

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > Hi, > > While testing Christopher's DNS "thread-safe" code, I found a bug in > srv_update_status following a recent update (related to threads too). > > The patch is in attachment. Ah you beat me at it ! I ran in the exact same issue.

[PATCH] Reset a few more counters on "clear counters"

rom: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 19:23:25 +0200 Subject: [PATCH] MINOR: stats: Clear a bit more counters with in cli_parse_clear_counters(). Clear MaxSslRate, SslFrontendMaxKeyRate and SslBackendMaxKeyRate when clear counters is used, it was probably forgotten w

[PATCH] checks: Add a keyword to specify the SNI in health checks

Hi, The attached patch adds a new keyword to servers, "check-sni", that lets you specify which SNI to use when doing health checks over SSL. Regards, Olivier >From 24779f0985041f4e680855d453a4bc5d096756f9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com>

[PATCH] Properly handle weight increase with consistent weight

as needed. Regards, Olivier >From a8d290e08d4820fe5058ba00fd4ef762e562cb69 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 15:52:59 +0200 Subject: [PATCH] MINOR: server: Handle weight increase in consistent hash. When the server weight is ri

Re: Reload takes about 3 minutes

Hi Joel, On Fri, Oct 13, 2017 at 03:22:56PM +0200, Joel W Kall wrote: > Got some results from strace. Running the reload with sudo takes about 3 > minutes and shows that it spends most of the time on: > > 14:39:38.077925 poll([{fd=6, events=POLLIN}], 1, -1) = ? > ERESTART_RESTARTBLOCK

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

Hi Igor, On Tue, Oct 03, 2017 at 12:06:05AM +0800, Igor Pav wrote: > It's excited, does server line(client side) support 0-rtt? > Unfortunately, it does not yet. I'm investigating adding it. Regards, Olivier > On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard <ohouch...@haproxy.c

[PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

(ctx = ssl_sock_generate_certificate(servername, s, ssl))) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return S

[PATCH][MINOR] Inline functions in common/net_helper.h

rom: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 13 Sep 2017 11:49:22 +0200 Subject: [PATCH] MINOR: net_helper: Inline functions meant to be inlined. --- include/common/net_helper.h | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/common/net_h

Re: FreeBSD CPU Affinity

On Thu, Aug 17, 2017 at 04:27:55PM +0300, Dmitry Sivachenko wrote: > > > On 16 Aug 2017, at 18:32, Olivier Houchard <ohouch...@haproxy.com> wrote: > > > > > > > > I think I know what's going on. > > Can you try the attached patch ? > > &g

Re: FreeBSD CPU Affinity

On Wed, Aug 16, 2017 at 11:43:30AM -0400, Mark Staudinger wrote: > On Wed, 16 Aug 2017 11:32:01 -0400, Olivier Houchard <ohouch...@haproxy.com> > wrote: > > > On Wed, Aug 16, 2017 at 11:28:52AM -0400, Mark Staudinger wrote: > > > On Wed, 16 Aug 2017 10:47:32 -0400, D

Re: FreeBSD CPU Affinity

esting on FreeBSD-10-stable though. > > > > May be you add return code check for cpuset_setaffinity() and log > > possible error? > > Output of from truss on starup yields this: > > 3862: cpuset_setaffinity(0x3,0x2,0x,0x8,0x773dd0) ERR#34 > 'Resul

[PATCH][MINOR] rename the raw socket constructor

Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 14 Aug 2017 15:59:44 +0200 Subject: [PATCH] MINOR: Use a better name for the constructor than __ssl_sock_deinit() --- src/raw_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/raw_soc

Re: [PATCHES] SRV record support

Hi, After some review and tests by Baptiste, here comes an updated patchset, with a few bugfixes. This one is probably mergeable. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2

Re: [PATCHES] SRV record support

Hi, On Fri, Aug 04, 2017 at 09:18:30PM +0200, Willy Tarreau wrote: > Just a few questions and minor comments below : > > On Fri, Aug 04, 2017 at 06:49:43PM +0200, Olivier Houchard wrote: > > This also adds support for SRV records. To use them, simply use a SRV label > >

[PATCHES] SRV record support

nfig. Any testing would be greatly appreciated. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2017 18:46:47 +0200 Subject: [PATCH 1/4] MINOR: dns: Cache previous DNS answers. As DNS ser

Minor bugfix

Hi guys, The attached patch fixes a potential use after free, if for some reason we failed to get the address of a transfered socket. It should be fairly safe to apply. Regards, Olivier >From 6fa0e381b38d3a9a3d29e59cbcca34fb1d375e3e Mon Sep 17 00:00:00 2001 From: Olivier Houchard <

Re: [RFC][PATCHES] seamless reload

Hi Pavlos, On Sun, May 07, 2017 at 12:05:28AM +0200, Pavlos Parissis wrote: [...] > Ignore ignore what I wrote, I am an idiot I am an idiot as I forgot the most > important bit of the test, to enable the seamless reload by suppling the > HAPROXY_STATS_SOCKET environment variable:-( > > I added

Re: [RFC][PATCHES] seamless reload

On Thu, May 04, 2017 at 10:03:07AM +, Pierre Cheynier wrote: > Hi Olivier, > > Many thanks for that ! As you know, we are very interested on this topic. > We'll test your patches soon for sure. > > Pierre Hi Pierre :) Thanks ! I'm very interested in knowing how well it works for you. Maybe

[PATCH] minor harmless bugfix in server_parse_sni_expr

p 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 20 Apr 2017 18:21:17 +0200 Subject: [PATCH] MINOR: server: don't use "proxy" when px is really meant. In server_parse_sni_expr(), we use the "proxy" global variable, when we should probably be us

[PATCH] Fix haproxy hangs on FreeBSD >= 11

rom 163be439a8bc6e5aa1cf3fea0f086d518ddad0a9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 19 Apr 2017 11:34:10 +0200 Subject: [PATCH] BUG/MAJOR: Use -fwrapv. Haproxy relies on signed integer wraparound on overflow, however this is really an undefined behavior, so the C compiler i

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 19, 2017 at 09:58:27AM +0200, Pavlos Parissis wrote: > On 13/04/2017 06:18 μμ, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 05:10 PM, Olivier Houchard wrote: > >>> On Thu, Apr 13, 20

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 05:10 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: > >> Sure, here it is ;P > >> > >> I now get a segfault (on reload): >

Re: [RFC][PATCHES] seamless reload

s (verbose=0) at src/proxy.c:793 > #8 0x004091ec in main (argc=21, argv=0x7ffccc775168) at > src/haproxy.c:1942 Ok, yet another stupid mistake, hopefully the attached patch fixes this :) Thanks ! Olivier >From 7c7fe0c00129d60617cba786cbec7bbdd9ce08f8 Mon Sep 17 00:00:00 2001 Fro

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote: > > > On 04/13/2017 02:28 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 11:31 AM, Olivier Houchard wrote: > >>> On Thu, Apr

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 11:31 AM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > >> Hi Olivier, > >> > >> On 04/12/2017 06:09 PM, Olivier Houchard wrote:

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > Hi Olivier, > > On 04/12/2017 06:09 PM, Olivier Houchard wrote: > > On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > >> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffma

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 12, 2017 at 11:19:37AM -0700, Steven Davidovitz wrote: > I had a problem testing it on Mac OS X, because cmsghdr is aligned to 4 > bytes. I changed the CMSG_ALIGN(sizeof(struct cmsghdr)) call to CMSG_LEN(0) > to fix it. > Oh right, I'll change that. Thanks a lot ! Olivier

Re: [RFC][PATCHES] seamless reload

vier >From 7dc2432f3a7c4a9e9531adafa4524a199e394f90 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 12 Apr 2017 19:32:15 +0200 Subject: [PATCH 10/10] MINOR: tcp: Attempt to reset TCP_MAXSEG when reusing a socket. Guess the default value for TCP_MAXSEG by

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > > Hi again, > > > > so I tried to get this to work, but didn't manage yet. I also don't quite > > understand how this is supposed

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

+ 1 + (stats_socket != NULL ? 2 : 0), sizeof(char *)); Regards, Olivier >From 526dca943b9cc89732c54bc43a6ce36e17b67890 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR: systemd wrappe

Re: [RFC][PATCHES] seamless reload

On Tue, Apr 11, 2017 at 08:16:48PM +0200, Willy Tarreau wrote: > Hi guys, > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > > IMHO: a better name would be 'stats nounsedsockets', as it is referring to a > > generic functionality of UNIX stats socket, rather to a very specific

Re: [RFC][PATCHES] seamless reload

On Tue, Apr 11, 2017 at 01:23:42PM +0200, Pavlos Parissis wrote: > On 10/04/2017 11:52 μμ, Olivier Houchard wrote: > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > >> On 10/04/2017 08:09 , Olivier Houchard wrote: > >>> > >>> Hi,

Re: [RFC][PATCHES] seamless reload

On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > On 10/04/2017 08:09 ????, Olivier Houchard wrote: > > > > Hi, > > > > On top of those patches, here a 3 more patches. > > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET

Re: [RFC][PATCHES] seamless reload

On Mon, Apr 10, 2017 at 10:49:21PM +0200, Pavlos Parissis wrote: > On 07/04/2017 11:17 ????, Olivier Houchard wrote: > > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:57 , Olivier Houchard wrote: > >>> On Thu, Apr 06, 20

Re: [RFC][PATCHES] seamless reload

socket, and close any socket nout bound to our process, to save a few file descriptors. Regards, Olivier >From 8d6c38b6824346b096ba31757ab62bc986a433b3 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR

Re: [RFC][PATCHES] seamless reload

On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:57 ????, Olivier Houchard wrote: > > On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:25 , Olivier Houchard wrote: > >>> Hi, > >>>

Re: [RFC][PATCHES] seamless reload

On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:25 μμ, Olivier Houchard wrote: > > Hi, > > > > The attached patchset is the first cut at an attempt to work around the > > linux issues with SOREUSEPORT that makes haproxy refuse

[RFC][PATCHES] seamless reload

behavior instead of opening any missing socket ? I'm still undecided about that. Any testing, comments, etc would be greatly appreciated. Regards, Olivier >From f2a13d1ce2f182170f70fe3d5312a538788f5877 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 5 Apr 2017

[PATCH] minor cleanup to the dynamic cookie code

00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Tue, 4 Apr 2017 22:10:36 +0200 Subject: [PATCH] MINOR server: Restrict dynamic cookie check to the same proxy. Each time we generate a dynamic cookie, we try to make sure the same cookie hasn't been generated for another server,

Re: Dynamic cookies support

On Wed, Mar 15, 2017 at 03:52:04PM +0200, Jarno Huuskonen wrote: > Hi Olivier, > > On Tue, Mar 14, Olivier Houchard wrote: > > Hi guys, > > > > You'll find attached patches to add support for dynamically-generated > > session > > cookies for each

Dynamic cookies support

l the load-balancers. Any comment would be welcome. Thanks ! Olivier >From a29344438de3777ab692978b5195adfd100f219f Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 14 Mar 2017 20:01:29 +0100 Subject: [PATCH 1/2] MINOR: server: Add dynamic session co

<    1   2