Re: lua socket api settimeout in seconds vs. milliseconds

> On 8 Mar 2018, at 15:14, Tim Düsterhus <t...@bastelstu.be> wrote: > > Hi > > Am 08.03.2018 um 15:10 schrieb Thierry Fournier: >> Ok, Lua expect the number of elements ins the stack. The right way for >> returning 1 is: >> >> lua_pushinteger(

Re: lua socket api settimeout in seconds vs. milliseconds

> On 8 Mar 2018, at 15:03, Tim Düsterhus <t...@bastelstu.be> wrote: > > Thierry, > > Am 08.03.2018 um 10:24 schrieb Thierry Fournier: >> I forgot 3 things while my first read: >> >> - The Lua error are not trigerred with a return 1 (the return 1

Re: lua socket api settimeout in seconds vs. milliseconds

t to milliseconds much like cli_parse_set_timeout but > also sanity check the value. > > -mark > > > On Wed, Mar 7, 2018 at 9:55 AM, Thierry Fournier <tfourn...@arpalert.org> > wrote: > Hi Mark, > > Thanks for the patch. I don’t like usage of floating poi

Re: lua socket api settimeout in seconds vs. milliseconds

Hi Mark, Thanks for the patch. I don’t like usage of floating point, but the luasocket documentation says that the settimeout() function accept only second. In this case, the usage of floating point seems be to be a good way. Can you split in a second commit the fix of comments from the

Re: Dynamically adding/deleting SSL certificates

Hi aurelien, I already look for adding dynamic certificates, and it is a real pain for me. Note that I look for this one year ago, maybe something changed. I look this development regarding only the basic usage: dynamically update of RSA certificates, and I encountered some difficulties: -

[PATCH] new contrib proposal / exec Python & Lua scripts

# [debug converter] type: sint <1234> # [debug converter] type: ipv4 <127.0.0.1> # [debug converter] type: ipv6 <1::f> # [debug converter] type: str <1::f> # [debug converter] type: bin <1:.:.f> return >From 0794044c73b73

[Patch] minor bugfix

, Thierry >From b6a4d76cf77fc7463fe81c6f0b75c9d4dcc650dd Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Sun, 25 Feb 2018 21:33:38 +0100 Subject: [PATCH 1/3] BUG/MINOR: spoa-example: unexpected behavior for more than 127 args Buf is unsigned, so nbargs will be

[Patch] Error in Lua documentation

Hi, This is a small patch about the Lua documentation. it should be backported in 1.8 Note that the function prototype is compatible with old versions. Thierry >From 4feaa411b6cca0b3a57ebe16c13ce056d93eb74a Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io>

Re: [PATCH 1/2] BUG/MINOR: lua: Fix default value for pattern in Socket.receive

Hi Tim, Thanks for the patch. Good catch ! Willy, you can apply it. Thierry > On 4 Jan 2018, at 19:32, Tim Duesterhus wrote: > > The default value of the pattern in `Socket.receive` is `*l` according > to the documentation and in the `socket.tcp.receive` method of Lua. > >

Re: [PATCH] BUILD/SMALL Fixed build on macOS with lua

> On 4 Jan 2018, at 15:16, Kirill A. Korinsky wrote: > > Honestly, I didn't. > > If I right understand how export-dynamic works and how haproxy use integrated > LUA, it shouldn't have any impact. > > Honestly I see only one case when export-dynamic requests: when some >

Re: [PATCH] MINOR: lua: fix crash when using bogus mode in register_service()

> On 22 Dec 2017, at 12:50, Thierry Fournier <thierry.fourn...@arpalert.org> > wrote: > > Hi, thanks for the patch. > > Willy, can you apply it ? PS: This patch must be backported on 1.6, 1.7 and 1.8. Thierry. > > Thierry > >> On 21 Dec 2017, at

Re: Haproxy SSl Termination performance issue

document for this soulution? > > Thanks a lot > > Mike > > > > 原始邮件 > 主题：Re: Haproxy SSl Termination performance issue > 发件人：Thierry Fournier > 收件人：Mike G > 抄送：Haproxy > > > Ok, you’re using HAProxy as SSL offloading. HAProxy is

Re: [PATCH] MINOR: lua: fix crash when using bogus mode in register_service()

Hi, thanks for the patch. Willy, can you apply it ? Thierry > On 21 Dec 2017, at 14:40, Eric Salama wrote: > > HAProxy crashes when one use a bogus mode with core.register_service(). > The 2nd argument must be "http" or "tcp", but any other value crashes HAProxy > when it

Re: Haproxy SSl Termination performance issue

; > 原始邮件 > 主题：Re: Haproxy SSl Termination performance issue > 发件人：Thierry Fournier > 收件人：Mike G > 抄送：Haproxy > > > Hi, > > I gues that 130 is 130 SSL requests per seconds ? > > SSL is a very heavy processing. The 4096 bits certific

Re: Haproxy SSl Termination performance issue

Hi, I gues that 130 is 130 SSL requests per seconds ? SSL is a very heavy processing. The 4096 bits certificates consume more CPU that 2048 (thanks captain obvious). Your capacity processing is capped by your CPU. You must check the CPU of your server during your test. If the CPU consummation is

Re: lua memory usage on haproxy 1.8.1

Hi Laurent,I think that I catch the bug. Could you test the attached patch ?Just for information, this patch is not ready to be published, but it fix the bug.Thanks,thierry 0001-BUGFIX.patch Description: Binary data On 9 Dec 2017, at 00:37, Thierry Fournier <tfourn...@arpalert.org> wr

Re: lua memory usage on haproxy 1.8.1

Hi Laurent, I reproduce the bug with version 1.81 without thread support. I will check for this. Thierry > On 8 Dec 2017, at 13:05, Laurent Penot wrote: > > Hi list, > > Having added lua to haproxy is really very very helpful, thanks a lot for > this. I’m using it

Re: [PATCH] LDAP authentication

> On 2 Nov 2017, at 21:56, my.card@web.de wrote: > > Hi all, > > the attached patch implements authentication against an LDAP Directory > Server. It has been tested on Ubuntu 16.04 (x86_64) using libldap-2.4-2 on > the client side and 389-ds-base 1.3.4.9-1 on the server side. Add

Re: [PATCH] lua: add regexes

> On 27 Oct 2017, at 14:33, Willy Tarreau <w...@1wt.eu> wrote: > > On Fri, Oct 27, 2017 at 02:18:05PM +0200, Thierry Fournier wrote: >> It seems that you push my first version of the patchn so I put a fix in >> attachment. > > huh ? no I didn't, I just sent it in

Re: [PATCH] lua: add regexes

On Fri, 27 Oct 2017 11:28:47 +0200 Willy Tarreau <w...@1wt.eu> wrote: > On Fri, Oct 27, 2017 at 11:19:48AM +0200, Thierry Fournier wrote: > > It is really sad because the Lua ensure that the final '\0' is set :-( Maybe > > it will be clever to add a function like regex_prep

Re: [PATCH] lua: add regexes

> On 27 Oct 2017, at 10:45, Willy Tarreau <w...@1wt.eu> wrote: > > Hi Thierry, > > On Wed, Oct 25, 2017 at 01:02:18PM +0200, Thierry Fournier wrote: >> Hi, >> >> This is a patch for lua which adds HAProxy internal regexes support. > > Tha

Re: PATCH: Lua: add UUID to the Proxy Class

Thanks Baptiste, This patch will be useful. Thierry > On 26 Oct 2017, at 21:59, Baptiste wrote: > > Hi, > > I saw that the UUID was missing in the Proxy Class in Lua, so I added it. > > The patch is in attachment. > > Baptiste >

[PATCH] lua: add regexes

Hi, This is a patch for lua which adds HAProxy internal regexes support. Thierry >From 4796c98641f14f165db79227db85afc03d587337 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Wed, 25 Oct 2017 12:59:51 +0200 Subject: [PATCH] MINOR: hlua: Add rege

Re: In core.register_service use socket.http block?

Hi, Luasocket is not compliant with haproxy i/o and blocks the process waiting for the socket response. You should use core.tcp() which provide the same interface that luasocket and it is compliant wit haproxy i/o. Thierry Le 25 octobre 2017 5:37:17 AM aogooc xu a

Re: Lua core.(m)sleep + http-response

Thanks for the information. I will check this. > On 31 Jul 2017, at 21:31, bjun...@gmail.com wrote: > > Hi, > > i've an issue that was already posted some time ago (i'm using HAProxy 1.7.8): > > https://discourse.haproxy.org/t/core-msleep-not-working-in-http-resp-http-response > >

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Mon, 24 Jul 2017 14:03:30 +0200 Willy Tarreau <w...@1wt.eu> wrote: > Hi Thierry, > > On Mon, Jul 24, 2017 at 01:30:23PM +0200, Thierry FOURNIER wrote: > > Ok. After brainstorm, I think that the it will be netter to keep the > > current behaviour to avoid breaking e

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Thu, 20 Jul 2017 15:26:52 +0200 Adis Nezirovic wrote: > On 07/20/2017 02:55 PM, Willy Tarreau wrote: > > So you can have : > > 0 or 1 "listen" > > 0 or 1 "frontend" + 0 or 1 "backend" > > > > Just a few ideas come to my mind : > > - is it possible to store

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Thu, 20 Jul 2017 15:26:52 +0200 Adis Nezirovic wrote: > On 07/20/2017 02:55 PM, Willy Tarreau wrote: > > So you can have : > > 0 or 1 "listen" > > 0 or 1 "frontend" + 0 or 1 "backend" > > > > Just a few ideas come to my mind : > > - is it possible to store

Re: [PATCH] Support proxies with identical names in Lua core.proxies

Hi Adis, Sorry, I dont saw this patch proposal. I understand the problem, but I can't accept this patch because it makes the proxies list unusable. Your patch remove the proxies names, and the user cannot have solution for knowning the real name of the proxies now called 1, 2, 3, ... I propose

Build error with 51degrees library

Hi 51degrees guys & HAProxy list, The haproxy build with 51degrees doesn't work. Today, I tried to build new package of the latest stable version of HAProxy with my usual build command line, and an error raises. I try to compile the version 1.7.8 with this buils command line: make CC=gcc

Re: Time-based load balancing

Le 7 juillet 2017 2:50:25 AM rgamarra a écrit : Hi, In the context of multiple traffic patterns (say different regions), I'm using a dedicated pool of servers for each region, each one with its round robin load-balancing strategy. Now, is there any way to customize the

Re: Creating a health check in Lua?

On Wed, 5 Jul 2017 11:29:10 +0300 Gil Bahat wrote: > Hi, > > I have some lua code I would like to use as a health check. Documentation > seems to hint this is possible somehow, but I have not been able to either > direct an applet:send to the health check (nor is it clear

Re: [PATCH] bis contrib mod security

It seems good for me. Willy can you integrate this patch ? Thanks, Thierry — Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn...@ozon.io w: http://www.ozon.io/| b: http://blog.ozon.io/ > On 6 Jun 2017, at 11:22, David CARLIER

Re: [PATCH] bis contrib mod security

Thanks for the ping, I have a lot of work and I dont saw your message. Your patch seems good except this replacement: -LDFLAGS += -lpthread -levent -levent_pthreads -lcurl -lapr-1 -laprutil-1 -lxml2 -lpcre -lyajl +LDFLAGS += -lpthread -levent_core -levent_pthreads -lcurl -lapr-1

Re: Mod Defender (a NAXSI clone) integration patch

Le 29 mai 2017 11:40:47 AM Willy TARREAU <wtarr...@haproxy.com> a écrit : Hi Thierry, Dragan, On Mon, May 29, 2017 at 11:25:48AM +0200, Thierry Fournier wrote: Hi dragan, thats a great news. Yep great news and apparently great work (as usual). Just for information, the official p

Re: Mod Defender (a NAXSI clone) integration patch

Hi dragan, thats a great news. Just for information, the official project “mod_defender” is now here https://github.com/VultureProject/mod_defender Thierry > On 29 May 2017, at 10:29, Dragan Dosen wrote: > > Hi all, >

[PATCH] Lua medium bugfix

:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Fri, 12 May 2017 16:32:20 +0200 Subject: [PATCH] BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything In the case of a Lua sample-fetch or converter doesn't return any value, an acces outside the Lua

Re: Lua Applet Unable to Add Connection: close Header

Hi. When we use applet, haproxy negociate the conection. (Http version / keepalive). So if the keepalive is enabled and it is accepted by the client, haproxy use keepalive and remove the header close. If you don't want keepalive, remove it from the haproxy configuration. Thierry Le 27 avril

Re: ModSecurity: First integration patches

> On 27 Apr 2017, at 18:53, Aleksandar Lazic <al-hapr...@none.at> wrote: > > Hi Willy. > > Am 27-04-2017 12:05, schrieb Willy Tarreau: >> Hi Thierry, >> On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: >>> Hi, >>> After a

Re: [PATCHS] Re: Possible Lua Memory Leak

e which > > > sets the "priv" context do nil. > > > > > > So, when I comment this line: > > > > > >txn:set_priv(txnPrvState); > > > > > > The memleak disappear. Now if you want, you can apply this workaroud. > > > I try to

[PATCHS] Re: Possible Lua Memory Leak

move the line which > > sets the "priv" context do nil. > > > > So, when I comment this line: > > > >txn:set_priv(txnPrvState); > > > > The memleak disappear. Now if you want, you can apply this workaroud. > > I try to understand the memleak. &g

Re: Possible Lua Memory Leak

ed, 26 Apr 2017 12:11:16 +0200 Thierry Fournier <thierry.fourn...@arpalert.org> wrote: > Hi, > > Thanks for the bug report. I can reproduce the bug. > I will look for a fix. > > Thierry > > > > On 26 Apr 2017, at 05:14, Philip Seidel <philipsei...@gm

Re: Possible Lua Memory Leak

Hi, Thanks for the bug report. I can reproduce the bug. I will look for a fix. Thierry > On 26 Apr 2017, at 05:14, Philip Seidel wrote: > > Possible Lua Memory Leak? > > We are running HAProxy version 1.7.2 (also tested 1.7.5) and are loading a > Lua file which

Re: ModSecurity: First integration patches

> On 23 Apr 2017, at 15:19, Aleksandar Lazic <al-hapr...@none.at> wrote: > > Hi Thierry > > Am 20-04-2017 15:05, schrieb Thierry Fournier: >> Hi, >> After a quick private brainstorm, Willy propose to me a new binary encoding >> for the headers. It is

Re: ModSecurity: First integration patches

Hi, There is a new lot of patches for the spoa/modescurity contrib. Thierry On Wed, 19 Apr 2017 11:24:36 +0200 Thierry Fournier <thierry.fourn...@ozon.io> wrote: > > > On 19 Apr 2017, at 09:16, Aleksandar Lazic <al-hapr...@none.at> wrote: > > > > > >

Re: ModSecurity: First integration patches

> On 19 Apr 2017, at 09:16, Aleksandar Lazic wrote: > > > > Am 19-04-2017 05:51, schrieb Willy Tarreau: >> On Tue, Apr 18, 2017 at 11:55:46PM +0200, Aleksandar Lazic wrote: >>> Why not reuse the upcoming http/2 format. >>> HTTP/2 is *easy* to parse and the implementations

Re: Lua memory allocator

> On 13 Apr 2017, at 17:12, Willy Tarreau <w...@1wt.eu> wrote: > > On Thu, Apr 13, 2017 at 05:02:54PM +0200, Willy Tarreau wrote: >> On Thu, Apr 13, 2017 at 12:37:19PM +0200, Thierry Fournier wrote: >>> Good catch. I read the code of the Lua function luaL_newstate,

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 12:28, Willy Tarreau <w...@1wt.eu> wrote: > > On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: >>> .) the patches apply only on haproxy 1.8 because some files does not exists >>> on 1.7 ( e. g. include/proto/spoe.h )

Re: Lua memory allocator

> On 12 Apr 2017, at 23:30, Willy Tarreau wrote: > > Thierry, > > while instrumenting my malloc/free functions to debug a problem, I was > hit by a malloc/realloc inconsistency in the Lua allocator. The problem > is that luaL_newstate() uses malloc() to create its first objects

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 02:06, Aleksandar Lazic wrote: > > > > Am 12-04-2017 23:33, schrieb Aleksandar Lazic: >> Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: >>> On Wed, 12 Apr 2017 21:21:58 +0200 >>> Aleksandar Lazic wrote: > > [snipp] >

Re: ModSecurity: First integration patches

On Wed, 12 Apr 2017 21:21:58 +0200 Aleksandar Lazic <al-hapr...@none.at> wrote: > Hi. > > Am 12-04-2017 10:08, schrieb Thierry Fournier: > >> On 12 Apr 2017, at 09:57, Aleksandar Lazic <al-hapr...@none.at> wrote: > >> > >> > >> > >

Re: ModSecurity: First integration patches

> On 12 Apr 2017, at 09:57, Aleksandar Lazic <al-hapr...@none.at> wrote: > > > > Am 11-04-2017 10:49, schrieb Thierry Fournier: >> Hi list >> I join one usage of HAProxy / SPOE, it is WAF offloading. >> These patches are a first version, it have some lim

Re: ModSecurity: First integration patches

> On 11 Apr 2017, at 11:24, Olivier Doucet <webmas...@ajeux.com> wrote: > > Hi Thierry, > > > > 2017-04-11 10:49 GMT+02:00 Thierry Fournier <thierry.fourn...@ozon.io>: > Hi list > > I join one usage of HAProxy / SPOE, it is WAF offloading. > >

ModSecurity: First integration patches

he exemple of ModSecurity compilation can be improved. It is based on my local distro. The feedback are welcome. Thierry >From 55702d5b7b3aa72f1e2befaa3edb5b5ccbb302f5 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thierry.fourn...@ozon.io> Date: Sun, 9 Apr 2017 05:41:27 +0200 Subject: [P

Re: LUA: using converters in init phase

On Fri, 24 Mar 2017 17:32:53 +0100 Gabor Lekeny wrote: > Hi! > > We have been using haproxy for many years and recently I found that it > is possible to use Lua to dynamically configure it. That is great! > > I would like to create a service which balances the HTTP

Re: [PATCH] CLEANUP: pattern: Move pattern_finalize_config to post checks initialization

On Mon, 13 Mar 2017 18:54:52 +0100 Nenad Merdanovic wrote: > Hey Willy, > > On 3/13/2017 6:32 PM, Willy Tarreau wrote: > > Hi Nenad, > > > > [ccing Thierry] > > > > On Sun, Mar 12, 2017 at 10:00:51PM +0100, Nenad Merdanovic wrote: > >> Signed-off-by: Nenad Merdanovic

Re: Capturing browser TLS cipher suites

Le 8 mars 2017 3:10:14 PM Willy Tarreau a écrit : On Wed, Mar 08, 2017 at 12:42:38PM +0100, Emmanuel Hocdet wrote: > However as I said to Thierry, please don't add "if (ptr)" before > a pool_free2(), we have the same semantics as free() which is a > NOP on NULL on all supported

Re: Capturing browser TLS cipher suites

> end) > > + return; > > + rec_len = (msg[0] << 16) + msg[1]; > > This one is still wrong as well :-( > > Please double-check next time, it's time consuming to re-read the same > bugs between two versions, each time I have to reread the whole p

Re: Capturing browser TLS cipher suites

+ return; > > > > It seems like this one should be "if (msg > end)" given that it accounts for > > a length. However given that it's covered by the next one, maybe it can > > simply be dropped. > > > > > + /* Next two bytes are the ciphersuite

Re: Capturing browser TLS cipher suites

*/ > > + if (msg + 2 > end) > > + return; > > + rec_len = (msg[0] << 2) + msg[1]; > > Wrong shift again. Thanks, a new patch in attachment. > > > + msg += 2; > > + if (msg + rec_len > end || msg + rec_len < msg) > > +

Re: Capturing browser TLS cipher suites

On Mon, 6 Mar 2017 14:54:44 +0100 Emmanuel Hocdet wrote: > Hi Thierry > > > Le 25 févr. 2017 à 13:01, thierry.fourn...@arpalert.org a écrit : > > > > Hi all, > > > > On Thu, 9 Feb 2017 07:37:51 +0100 > > Willy Tarreau wrote: > > > >> Hi Olivier, > >> > >> On

Re: add header into http-request redirect

Hi, If I understand, the 301 is produced by haproxy. If it is the case, there are an ugly soluce. Haproxy can't add header to a redirect because redirect is a final directive. After executing the redirect no more action are executed. The trick is to create a listen proxy dedicated for redirect,

Re: Capturing browser TLS cipher suites

d the SSL client hello parser to emit the list of > such ciphers as a string. The patch implementing this idea is in attachment. It returns the client-hello cioher list as binary, hexadecimal string, xxh64 and with the decoded ciphers. BR, Thierry > Regards, > Willy > >From 044fb7e77

Re: TLS-PSK: making a http(s) lookup call from inside haproxy code

On Wed, 22 Feb 2017 15:43:36 +0100 Braňo Žarnovičan wrote: > Hi, > > a need to call an external http (preferably https) service from > HAproxy code. What's the easiest way to achieve that ? > > Context: > I would like HAproxy to do TLS termination for non-http traffic >

Re: Lua sample fetch logging ends up in response when doing http-request redirect

Hi, This bug should be backported from 1.5 to 1.7, and obviously in 1.8. unfortunately, the problem is nt cleanly fixed (it is just move), so we work on another - and definitive - fix. Thierry On Mon, 06 Feb 2017 17:41:15 + Jesse Schulman wrote: > Any idea on if

Re: HAProxy Lua Map.end & reserved keywords

On Mon, 30 Jan 2017 08:37:16 +0100 Willy Tarreau <w...@1wt.eu> wrote: > Hi Thierry, > > On Sat, Jan 28, 2017 at 09:38:13AM +0100, thierry.fourn...@arpalert.org wrote: > > >From dc3695a41af3d3a77681cec0ba23005d0370fc07 Mon Sep 17 00:00:00 2001 > > From: Thierry FOUR

Re: HAProxy Lua Map.end & reserved keywords

n Hugh Johnson > E-Mail : robb...@orbis-terrarum.net > Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 > ICQ# : 30269588 or 41961639 > GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 > >From dc3695a41af3d3a77681cec0ba23005d0370fc07 Mon Sep 17 00:

Re: Lua sample fetch logging ends up in response when doing http-request redirect

;timeout connect 10s >timeout client 60s >timeout server 60s >timeout tunnel 600s > > frontend http >bind "${BIND_IP}:80" >mode http >option httplog >option forwardfor >capture request header Host len 32 >log-format %hr\ %r\

Re: HAProxy Lua Map.end & reserved keywords

Hi. Just a quick message: I don't forget this bug, I'm just just very busy. Thierry Le 12 janvier 2017 10:54:42 AM "Robin H. Johnson" a écrit : On Wed, Jan 11, 2017 at 12:17:26PM +0100, Willy Tarreau wrote: On Mon, Jan 09, 2017 at 08:47:17PM +, Robin H.

Re: HAProxy Lua Map.end & reserved keywords

On Mon, 9 Jan 2017 18:22:56 + "Robin H. Johnson" wrote: > TL;DR: > 'end' is a reserved Lua keyword, and cannot be used as a structure > member as in Map.end. Need to change the naming of constants maybe? > >

Re: [PATCH] MINOR: http: custom status reason.

On Mon, 2 Jan 2017 11:47:36 +0100 Willy Tarreau wrote: > On Sun, Jan 01, 2017 at 01:10:52PM -0800, Robin H. Johnson wrote: > > The older 'rsprep' directive allows modification of the status reason. > > > > Extend 'http-response set-status' to take an optional string of the new > >

Re: lua support does not build on FreeBSD

On Fri, 23 Dec 2016 22:04:57 +0100 Willy Tarreau wrote: > On Fri, Dec 23, 2016 at 09:50:53PM +0100, thierry.fourn...@arpalert.org wrote: > > On Fri, 23 Dec 2016 18:07:07 +0100 > > Willy Tarreau wrote: > > > > > On Fri, Dec 23, 2016 at 05:54:47PM +0100,

Re: lua support does not build on FreeBSD

e compilers manage to assign register > >> pairs correctly). > >> > >> Willy > >> > > <0001-BUILD-lua-build-failed-on-FreeBSD.patch> > >From d5995d34504daf2a66a6b046ecd5da0477f6036e Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thier

Re: lua support does not build on FreeBSD

double 32-bit check is for 64-bit platforms (though that's still to be > verified in the assembly code, as some compilers manage to assign register > pairs correctly). > > Willy > >From d5995d34504daf2a66a6b046ecd5da0477f6036e Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <thi

Re: lua support does not build on FreeBSD

On Wed, 21 Dec 2016 15:44:49 +0100 Willy Tarreau wrote: > Hi guys, > > so I've looked a little bit at this and can propose something different. > > On Wed, Dec 14, 2016 at 02:59:50PM +, David CARLIER wrote: > > Hi, > > > > On 14 December 2016 at 14:48,

Re: lua support does not build on FreeBSD

Hi, thanks for the patch. Maybe it is more efficient to simply add a "#define _KERNEL", or the following code: #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #define _KERNEL #endif I'm not sure that src_hlua.c was the good file for adding these kinds of defines or

Re: capture header VS set-var

On Sun, 4 Dec 2016 09:17:00 -0500 Patrick Hemmer wrote: > I was mostly just wondering about differences between using things like > `capture request header`/`http-request capture` and `http-request set-var`. > > set-var seems to have all the capabilities of captures,

Re: [PATCH] DOC: Fix map table's format

Hi, Thanks for the doc bugfix. One of my favorites hobbies is to break the cyril's parser creating tricky tables in the documentation file ;) Willy, can you apply this patch, and backport it to the 1.7 and 1.6. Thanks, Thierry On Fri, 2 Dec 2016 16:42:32 +0800 Ruoshan Huang

Re: Missing LUA functionality

Hi, Thanks for contributing. I looked your code, I see a big problem. HAProxy is event driven, so we cannot execute blocking function. fopen is one of these fucntions. During the runtile, the filesystem access are not allowed. The right way for a transfer between haproxy and the filesystem is

Re: SSL patches

On Mon, 24 Oct 2016 19:16:03 +0200 Willy Tarreau <w...@1wt.eu> wrote: > Hi Thierry, > > On Mon, Oct 24, 2016 at 06:32:29PM +0200, Thierry Fournier wrote: > > Hi, thank you for the tests. It is exactly the last test. The patches > > seems to be good. > &g

Re: SSL patches

-servername rsa.toto.fr 2>/dev/null | openssl x509 -noout -text | grep > "Public Key Algorithm:" > Public Key Algorithm: rsaEncryption > > is that enough for you ? > > Regards, > > 2016-10-23 14:49 GMT+02:00 Thierry Fournier <thierry.fourn...@ozon.

SSL patches

on the current master branch, and there are easy to apply on the 1.6 branch. Anyone can test the mode DSA + RSA + ECDSA ? Thanks Thierry >From e789c15a217d4bfc8ed7fac080cd17236c06c654 Mon Sep 17 00:00:00 2001 From: "Thierry FOURNIER / OZON.IO" <thierry.fourn...@ozon.io> Date: Mon, 10 Oct

Re: Cetrtificates dynamic update

Thanks for the confirmation ;) Thierry On Fri, 14 Oct 2016 12:13:21 +0200 Beluc <belu...@gmail.com> wrote: > It would be great : tons of ssl that make haproxy very long to > start/restart/reload. > > 2016-10-11 10:04 GMT+02:00 Thierry Fournier <thierry.fourn...@ozon.io>

Re: ECDSA and HAProxy help

ct 2016 8:45 am, "Igor Cicimov" <ig...@encompasscorporation.com > > <mailto:ig...@encompasscorporation.com>> wrote: > > > > > > On 11 Oct 2016 7:05 pm, "Thierry Fournier" <thierry.fourn...@ozon.io > > > <mailto:t

Cetrtificates dynamic update

set ssl certificate commit This command validates, install new certificates and remove old certificates. And finaly this command destroy existing certificate: del ssl certificate proxy/listener id Any ideas or comments ? Thanks Thierry -- Thierry Fournier m: +33 6 68 69 21 85 | e: thi

ECDSA and HAProxy help

ecdsa.csr -CA inter2.pem -CAkey \ inter2.key -CAcreateserial -out $CN.ecdsa.cert -days 50 \ -sha256 Any ideas ? PS: I can't neither test the DSA, but in this case, the openssl s_client fail before trying to connect :) This is another story. Thierry -- Thierry Fournier m: +33 6

Re: Lua support

On Wed, 5 Oct 2016 15:46:02 + "Curry, Matthew" wrote: > I am trying to setup a lua script that can intercept redis commands. If the > user runs the AUTH command in redis, then I want to log a message on haproxy > and then make sure that command does not get passed

Re: LUA - missing functionality

On Mon, 3 Oct 2016 12:56:04 -0400 Alex Maksutov wrote: > Hi there. > > I'm moving some code to HAProxy (LUA) and struggling with missing (or > undocumented) functionality: > 1. I'm modifying request headers in action context before passing it to > web-servers, but

Re: format string fetch method?

ample fetch called "fmt" which is taking a format string as parameter and have the sample-fetch behaviour is a good idea. I think to some attention point like reentrant syntax: fmt(%[fmt("%C:%d:%[fmt(%[src])]),crc32()]) Thierry > Thanks, > Willy -- Thierry Fournier Web Performance & Security Expert m: +33 6 68 69 21 85 | e: thierry.fourn...@ozon.io w: http://www.ozon.io/| b: http://blog.ozon.io/

Re: Zombie "find" with systemd

On Tue, 23 Aug 2016 00:37:49 +0200 Cyril Bonté <cyril.bo...@free.fr> wrote: > Hi Thierry, > > Le 22/08/2016 à 13:28, Thierry Fournier a écrit : > > Hi list, > > > > When I start haproxy (renamed o3-haproxy for some reasons) with the > > systemd wrapper I wa

Zombie "find" with systemd

Hi list, When I start haproxy (renamed o3-haproxy for some reasons) with the systemd wrapper I watch a "find" zombi process. You can see a result of a ps auxf. I use a haproxy 1.6.7. root 777 0.0 0.0 49424 1812 ?Ss 11:19 0:00 /usr/sbin/o3-haproxy-systemd-wrapper -f

Re: Modify response via Lua

On Thu, 4 Aug 2016 18:44:03 + (UTC) G H wrote: > I'm having some confusion modifying the HTTP response in Lua service. I have > the below: > > core.register_action("headers", { "http-res" }, function(txn) > local data = txn.res:get() > while data ~= nil do >

Re: Dynamic backends decided by an external service

On Tue, 19 Jul 2016 15:28:25 +0530 Sachin Shetty wrote: > Hi, > > We always had a unique requirement of picking a backend based on response > from a external http service. In the past we have got this working by > routing requests via a modified apache and caching the

Re: segfault using wrong table

Hi, Thank you for the bug repport. The patch in attachment fix this behaviour. Can you try it ? I join a fix for current dev and 1.6 version and other one for the 1.5 version. Thierry Fournier On Mon, 6 Jun 2016 11:36:52 +0200 Kay <kabef...@gmail.com> wrote: > Hi, > > i'

Re: What can and cannot be done using Lua

> (www.packetfence.org) > > > On Jun 2, 2016, at 7:17 , Thierry FOURNIER <thierry.fourn...@arpalert.org> > > wrote: > > > > Hi, you can do that you describre. First, you can read the general > > introduction: > > > > http://www.arpalert.org/

Re: What can and cannot be done using Lua

On Mon, 30 May 2016 16:35:20 -0400 Louis Munro wrote: > Hello, > > I have been playing a little bit with Lua and HAProxy lately and I would like > to know what can be achieved, and what is never going to work before I go too > far down the rabbit hole. > > Specifically, I

Re: Lua converter not working in 1.6.5 with Lua 5.3.2

I forgot the patches in attachment ;) On Wed, 1 Jun 2016 14:03:51 +0200 Thierry FOURNIER <tfourn...@arpalert.org> wrote: > Hi Willy, > > I join a serie of 3 patches. With these patches, I can't reproduce the > bug. > > Michael, can you test the patches and con

Re: Lua converter not working in 1.6.5 with Lua 5.3.2

On Mon, 30 May 2016 16:29:37 +0200 Willy Tarreau <w...@1wt.eu> wrote: > On Mon, May 30, 2016 at 04:26:11PM +0200, Thierry FOURNIER wrote: > > Thank you for the bug report; > > > > I catch it. I join a temporary fix, I suspect that the problem to be more > > tricky.

Re: Lua converter not working in 1.6.5 with Lua 5.3.2

Thank you for the bug report; I catch it. I join a temporary fix, I suspect that the problem to be more tricky. Thierry On Fri, 27 May 2016 16:22:41 -0400 Michael Ezzell <mich...@ezzell.net> wrote: > ​​ > On Fri, May 27, 2016 at 10:41 AM, Thierry FOURNIER <tfourn...@arpale

Re: Lua converter not working in 1.6.5 with Lua 5.3.2

attempt to call a nil value. > > > > ...and, of course, the X-Test header is added but has no value. > > > > Am I doing it wrong, or is there something not right, here? Verified with > > a clean build in a new directory. > > I'm not good at Lua but I don't see

<    1   2   3   4   >