ontents were good. Please find a version with a cleaned up
commit message attached. I've used Anubhav's phrasing as-is to not
modify more than necessary.
Best regards
Tim Düsterhus
>From f4aad97d7967c5da7e20bb6586fc7af2d2147c15 Mon Sep 17 00:00:00 2001
From: Anubhav
Date: Thu, 14 Oct 202
any attention. I originally
sent it to Remi (and the list) only.
Best regards
Tim Düsterhus
Best regards
Tim Düsterhus
Willy,
On 10/18/21 10:51 AM, Willy Tarreau wrote:
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing changes in
https://git.haproxy.org/?p=haproxy.git, but not in GitHub.
So it was in relation with the Painful Access
Willy,
please find the patch attached.
Our use-case for this is a dynamic application that performs routing based on
the query string. Without this option all URLs will just point to the central
entrypoint of this location, making the output completely useless.
Best regards
Tim Düsterhus
Willy,
On 10/18/21 9:15 AM, Willy Tarreau wrote:
On Mon, Oct 18, 2021 at 09:09:01AM +0200, Tim Düsterhus wrote:
Feel free to replace 'unsigned int' with 'uint' and reformat the struct as
needed.
Done an pushed, thank you!
Willy
Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing
to replace 'unsigned int' with 'uint' and reformat the struct
as needed.
Best regards
Tim Düsterhus
itself:
https://github.com/haproxy/haproxy/pull/1415#issuecomment-943565693
Best regards
Tim Düsterhus
Willy,
On 9/24/21 3:36 PM, Willy Tarreau wrote:
On Fri, Sep 24, 2021 at 03:33:14PM +0200, Tim Düsterhus wrote:
Willy,
On 9/24/21 3:09 PM, Willy Tarreau wrote:
please also apply to https://github.com/wtarreau/libslz/.
[...]
Now applied, thanks!
Not seeing anything in the libslz repository
(host),lower,regsub(:\d+$,,)]
or
use_backend %[req.hdr(host),lower,word(1,:)]
That issue with the port being part of the host header for Firefox
Websockets should already be fixed in HAProxy 2.4.4.
Best regards
Tim Düsterhus
for affected requests. With the httplog
format they should then indicate both the host as seen by HAProxy as
well as the backed/server selected.
Best regards
Tim Düsterhus
Willy,
On 9/24/21 3:09 PM, Willy Tarreau wrote:
please also apply to https://github.com/wtarreau/libslz/.
[...]
Now applied, thanks!
Not seeing anything in the libslz repository yet. Did you forget to
push? :-)
Best regards
Tim Düsterhus
()
Tim Düsterhus (1):
CLEANUP: ebmbtree: Replace always-taken elseif by else
I'm annoyed that I appear twice. Consider applying the attached UTF-8
encoded (!) patch to fix that.
The .mailmap in base64 is:
VGltIETDvHN0ZXJodXMgPHRpbUBiYXN0ZWxzdHUuYmU+Cg==
with hash:
SHA256 (.mailmap
Willy,
please find 42 patches attached. Sending as attachments to not
completely bomb the list.
I'll leave it up to you whether you want to squash patches 0001 until 0041.
0042 is sufficiently different to warrant a dedicated commit.
Best regards
Tim Düsterhus
>F
Miroslav,
On 9/10/21 11:52 PM, Miroslav Zagorac wrote:
Hello Tim,
On 09/10/2021 10:55 PM, Tim Düsterhus wrote:
If it's not a NULL pointer then it must be a valid pointer. I don't
quite understand why you would need to replace this by an empty constant
string then? Is this about a missing NUL
ot;") over v.ptr = "" and leave the
heavy lifting up to the compiler for that reason.
Best regards
Tim Düsterhus
the length.
Best regards
Tim Düsterhus
very few people
capable of answering your question and that they might've missed your email.
I worked quite a bit on PPv2 within HAProxy and saw your email, but I
did not write the specification, thus I was unable to give an answer.
Adding Willy to Cc.
Best regards
Tim Düsterhus
he current patch series.
Best regards
Tim Düsterhus
bsd target?
Best regards
Tim Düsterhus
, but only for the start. For
the reload the first ExecReload line is used:
Ah, yes, indeed. I should have checked instead of just assuming stuff.
Sorry! I don't see an issue with your proposed change then.
Best regards
Tim Düsterhus
mode without a full restart, no?
Best regards
Tim Düsterhus
. That way you
don't have to think whether your setup requires a workaround or not.
Best regards
Tim Düsterhus
this week.
As a consumer of your packages: A big thank you for your work.
After I noticed Willy's announcement I checked whether any new 2.4.x
packages were available and indeed they were already there, saving me
the work from compiling a custom version / adjusting the config.
Best regards
Tim
use:
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
instead of
#REQUIRE_VERSION=2.5
Other than that the tests LGTM from a glance. I didn't look at your C
and I also didn't (yet) compare the tests against the documentation you
have written.
Best regards
Tim Düsterhus
Ilya,
On 7/14/21 5:20 PM, Илья Шипицин wrote:
Yes, go ahead
Would you please stop replying to spam, especially with both the sender
and the list in Cc? It just causes more spam down the road.
Best regards
Tim Düsterhus
hunk headers in some cases.
Best regards
Tim Düsterhus
s is a natural extension of the existing format.
Best regards
Tim Düsterhus
that will always be there and suit most users without
adding too much for others, and that will require limited adaptations
to parsers.
Agree.
Best regards
Tim Düsterhus
'dst_port'). You must
decide whether this is important for your environment or not.
Best regards
Tim Düsterhus
that works with HAProxy's format.
Regarding my suggestion of %ID: I also don't think it is useful to put
%ID into the SSL log when it is not in the HTTP log. Please don't do
this, unless you also introduce an updated 'option httplog2' or
something like this.
Best regards
Tim Düsterhus
existing sample fetches.
Not sure whether the HTTP format will also be updated then, but: Put %ID
somewhere by default, please.
Best regards
Tim Düsterhus
.
FYI: Another user in IRC (#haproxy on Libera.Chat) just stumbled upon
this issue as well. So it appears it's a reasonably common occurence
with Firefox and HAProxy 2.4.
Best regards
Tim Düsterhus
, because it's still your name in
there :-)
Best regards
Tim Düsterhus
>From 19383d2d386fd86e3477afc6f9d859f81f3c708c Mon Sep 17 00:00:00 2001
From: David Carlier
Date: Sat, 26 Jun 2021 12:04:36 +0100
Subject: [PATCH] BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD.
This platform
David,
On 6/26/21 4:57 PM, David CARLIER wrote:
Sure. hope the doc changes is alright.
Can you please rewrap the documentation to ensure an uniform look?
Best regards
Tim Düsterhus
set-var(txn.host)hdr(host)
http-request deny deny_status 400 unless { req.hdr_cnt(host) eq 1 }
# Verify that SNI and Host header match if a client certificate is sent
http-request deny deny_status 421 if { ssl_c_used } ! {
ssl_fc_sni,strcmp(txn.host) eq 0 }
Best regards
Tim Düsterhus
an existing TCP connection for an unrelated domain.
Best regards
Tim Düsterhus
SNI value for
routing is even more unsafe. But you also must validate that the SNI
matches up or that the client presented a valid certificate.
Best regards
Tim Düsterhus
no longer contains the HTML comments guiding the user
through the template.
Best regards
Tim Düsterhus
em to show in the email notifications, but not in
the web interface.
Best regards
Tim Düsterhus
:-)
Best regards
Tim Düsterhus
s this still on your radar? Should I file an issue for that?
Best regards
Tim Düsterhus
tend to
only serve compressed responses if the client explicitly indicates support.
After sending the patch to HAProxy I also patched the HTTP client
without compression support in our software to specify 'accept-encoding:
identity' to be on the safe side :-/
Best regards
Tim Düsterhus
Developer
Remi,
please find a small fix for the 'Vary' support of the cache to correctly
handle the difference between a missing 'accept-encoding' and an empty
'accept-encoding'.
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331
to 'uname'.
Best regards
Tim Düsterhus
of the slowest job.
I can confirm that OpenSSL 3 is much faster, though. But you only see
that when directly looking into a specific run.
Best regards
Tim Düsterhus
filtered overview:
https://github.com/haproxy/haproxy/actions/workflows/vtest.yml?query=branch%3Amaster
It's down from ~11 minutes until the last build finishes to ~9 minutes.
Best regards
Tim Düsterhus
it here:
https://github.com/TimWolla/haproxy/actions/runs/933195103
Best regards
Tim Düsterhus
est, lacking feature: $HAPROXY_PROGRAM -cc
'feature(OPENSSL)'
0 tests failed, 5 tests skipped, 2 tests passed
Best regards
Tim Düsterhus
regards
Tim Düsterhus
attempt, so that one it is. In fact the
limit I set is even lower than the default of macOS.
Best regards
Tim Düsterhus
(debugging)
issues in error situations.
I recommend using them for the most essential stuff only. In my case
that is the Strict-Transport-Security header and a request ID response
header.
Best regards
Tim Düsterhus
[1] e.g. if there's insufficient memory to add the header.
/configuration.html#http-after-response
Best regards
Tim Düsterhus
attempted to build something for Fedora Rawhide, but did not succeed
either. We already use Cirrus, so if Cirrus works, then Cirrus it is.
Best regards
Tim Düsterhus
the reg-test script.
LGTM
Best regards
Tim Düsterhus
/about-github-hosted-runners#supported-runners-and-hardware-resources
Best regards
Tim Düsterhus
Ilya,
On 6/8/21 3:49 PM, Илья Шипицин wrote:
Tim, maybe you have an idea how to make it work.
I gave up
Ack. I'll add it to my ToDo and I'll try to look into in in the next days.
Best regards
Tim Düsterhus
regards
Tim Düsterhus
#L116-L117
It would need an extra case for OpenSSL 3. You can test whether it works
locally using:
$ python3 .github/matrix.py push
Best regards
Tim Düsterhus
Willy,
On 6/6/21 12:50 AM, Maximilian Mader wrote:
From: Tim Duesterhus
Acking this one as mine. I sent it to Max to incorporate it into the series.
Best regards
Tim Düsterhus
Ilya,
On 6/5/21 5:10 AM, Илья Шипицин wrote:
here are two patches:
- deprecated warnings suppressed
- openssl-3.0.0 enabled
In the second patch you forgot the 'CI:' prefix in the commit message.
Other than that the patches LGTM with regard to the CI changes.
Best regards
Tim Düsterhus
s to be what I was looking for.
Based off the other responses we might not need it after all, but it's
good to know that it is possible. Thanks!
Best regards
Tim Düsterhus
as "experimental" / "allowed failure" with
GitHub Actions, but could not find anything.
Do you know whether this is possible?
The patch LGTM other than that concern.
Best regards
Tim Düsterhus
).
I would advise against caching POST requests and instead move the
parameters into the URL or a request header (make sure to set 'Vary' on
the response) and instead use a GET request.
Best regards
Tim Düsterhus
is extended to also include
this specific ID somewhere (just) for logging purposes.
Best regards
Tim Düsterhus
html#7.3.6-unique-id
The request_counter (%rt) you mentioned could be embedded into this
unique-id.
Best regards
Tim Düsterhus
mp_fetch_stream_uniq_id, 0, NULL, SMP_T_SINT, SMP_USE_INTRN },
+
I believe 'SMP_USE_INTRN' is not correct. I believe you need
'SMP_SRC_L4CLI', but don't quote me on that.
{ /* END */ },
}};
--
2.25.1
Best regards
Tim Düsterhus
]) or reloads
HAProxy depending on your exact requirements.
Just because you can do a lot of stuff within HAProxy using Lua doesn't
mean that you should or that it's the best solution :-)
Best regards
Tim Düsterhus
[1] https://cbonte.github.io/haproxy-dconv/2.4/management.html#9.3-set%20map
[2
that.
Shall I file a feature request on GitHub that the 'CC' case does not result
in a 5xx, but a 4xx or something clearly invalid?
Yes, why not. This will save us from forgetting about it.
Okay, here it is:
https://github.com/haproxy/haproxy/issues/1266
Best regards
Tim Düsterhus
Developer
flags to be certain.
ack, thank you.
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331 96784338
duester...@woltlab.com
www.woltlab.com
Managing director:
Marcel Werk
AG Potsdam HRB 26795 P
appears to be
entirely out of my control. I might be misunderstanding it, though.
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331 96784338
duester...@woltlab.com
www.woltlab.com
Managing director:
Marcel Werk
AG Potsdam HRB 26795 P
Willy,
On 5/18/21 12:42 PM, Илья Шипицин wrote:
this enables OpenTracing for CI builds.
This one looks good to me.
Best regards
Tim Düsterhus
is down to 6 seconds for GitHub Actions. That's
certainly good enough.
Best regards
Tim Düsterhus
t work back then.
it is almost all time ok to break on ASAN errors, the only degradation it
fails on the first error and execution stops (that is ok almost all time).
I'll try to figure out why ASAN_OPTIONS did not work.
Thanks!
Best regards
Tim Düsterhus
d and build.
- If we want to cache something else in the future, then we use a
separate cache head for that specifically.
- And then use `steps.XXX.outputs.cache-hit != 'true'` to check whether
you need to build anything or not.
See also: https://github.com/actions/cache#example-workflow
Best regards
Tim Düsterhus
Willy,
Ilya,
On 5/15/21 8:58 AM, Илья Шипицин wrote:
I attached a patch that uses "curl". on a distance it seems to be faster
for 50%
This one looks good to me.
Best regards
Tim Düsterhus
all the false positives
is going to be absolutely useless and distract from more important stuff.
Best regards
Tim Düsterhus
Ilya,
On 5/14/21 9:02 PM, Илья Шипицин wrote:
let us unify VTest installation magic.
I disagree with using 'git clone' here, cloning the repository with full
history is wasteful. Please use the tarball approach from vtest.yml
Best regards
Tim Düsterhus
/? My
haproxy-auth-request CI relies on the snapshots and I already added 2.5,
thus failing the build:
https://github.com/TimWolla/haproxy-auth-request/runs/2582881096
Best regards
Tim Düsterhus
me. If you'd see my full use case then I
recommend taking a look at haproxy-auth-request. It's super simple and
even comes with VTest tests:
https://github.com/TimWolla/haproxy-auth-request#usage
https://github.com/TimWolla/haproxy-auth-request/blob/main/auth-request.lua#L50
https://github.com/TimWolla/haproxy-auth-request/tree/main/test
Best regards
Tim Düsterhus
/issues/624
Best regards
Tim Düsterhus
available. I consider these lowish limits a good thing, because it
forces users to rethink what they are doing and possibly ask on the list
to find a better solution.
Best regards
Tim Düsterhus
_dot_example req.hdr(host) a03.test.example.com
use_backend example_192.168.1.30 if test_dot_example
Best regards
Tim Düsterhus
Willy,
On 5/10/21 11:02 PM, Willy Tarreau wrote:
Ah thank you Tim, I was also a bit annoyed by the recent failures.
I've just pushed it, let's see if it works!
Okay, at least VTest builds again. Perfect. Unfortunately some flaky
tests are back :-(
Best regards
Tim Düsterhus
I dropped the ball on the normalizers a bit due to other work, I'm sorry
about that. I plan to send two patches for 'fragment-strip' and
'fragment-encode' tonight (based off our private exchange). I expect
these to be safe, as the feature is marked experimental and clearly
separated.
Best r
u know how to add it using ${{ contains(matrix.FLAGS, 'USE_OT=1')
}} condition ?
You can simply add these to the 'flags' list within matrix.py, similarly
to WURFL_INC and WURFL_LIB also being part of that list.
Best regards
Tim Düsterhus
and a common
source of security issues.
Best regards
Tim Düsterhus
ent and causing a
".." to point to the wrong place.
I just had a look at the errata. There's indeed something about '../',
but that is regarding combining relative URLs with a specific base URL.
Additional leading '../' must be preserved. The normalizer already has
an appropriate option.
Best regards
Tim Düsterhus
mp;1 |grep GET
GET /bar HTTP/2
$ curl -v https://example.com/foo//../bar 2>&1 |grep GET
GET /foo/bar HTTP/2
I'm fine with prefixing 'path-' (i.e. 'path-filesystem'). Simply 'path'
might be misleading, because it includes non-standard normalization.
Best regards
Tim Düsterhus
eck.
Best regards
Tim Düsterhus
/2b71810cb3a45c8a52537a72ff0198fa6ae298b7/.github/workflows/vtest.yml#L68-L75
Best regards
Tim Düsterhus
looking over his code to get an understanding of how things work
I found a minor bug in his implementation of the query sort normalizer
and included a patch for that as well.
Best regards
Tim Düsterhus
for unreserved characters (%61dmin ->
admin) still is missing, due to its higher complexity compared to the
existing ones.
Best regards
Tim Düsterhus
was a bit quick at marking this read but forgot to
apply them. Now done, sorry for this!
No need to apologize. Things happen and usually you are super quick to
review and apply, so I can't complain :-) If I forget to remind then it
wasn't important enough.
Best regards
Tim Düsterhus
Willy,
On 4/16/21 8:30 PM, Tim Düsterhus wrote:
But who am I to complain? Updated patches attached. I left the 'trash'
one as-is, because that one really is a common pattern. I hope I did not
miss anything else :-)
I believe you might've missed my updated patches.
Best regards
Tim Düsterhus
and possibly backport them
if there is some demand.
Best regards
Tim Düsterhus
normalizers that I
planned to add and I'm looking forward to feedback from the users :-)
Best regards
Tim Düsterhus
to the query
string! The actions hide this type of detail from the user which I
consider to be a good thing.
Best regards
Tim Düsterhus
syntax to be
stable enough for a 2.4. I'll leave the final decision regarding that up
to you, though. Especially since 2.4 is going to be an LTS.
Best regards
Tim Düsterhus
>From 02a0a18f3739dc9b0ed6297c76d6742f8f59c1eb Mon Sep 17 00:00:00 2001
From: Tim Duesterhus
Date: Sat, 17 Apr 2021 11:21
ed to `for
(size_t i = 0; ...; ...)` is bothering me quite a bit.
But who am I to complain? Updated patches attached. I left the 'trash'
one as-is, because that one really is a common pattern. I hope I did not
miss anything else :-)
Best regards
Tim Düsterhus
>From d37a4788b6be31a7dd53a0724baaaeb4
1 - 100 of 721 matches
Mail list logo
