Re: [ANNOUNCE] haproxy-2.2.0

2020-07-09 Thread Tim Düsterhus
bal Lua library path. See this mailing list thread for details: https://www.mail-archive.com/haproxy@formilux.org/msg35839.html Specifically this email for the patch: https://www.mail-archive.com/haproxy@formilux.org/msg35896.html Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.2-dev12

2020-07-04 Thread Tim Düsterhus
ld > force me to stop even more frequently and chat with coworkers :-) > 15 emails per hour is one every 4 minutes. If I'd be sending emails at that rate I'd just use an actual chat :-) That is of course unless I send largish patch bombs in an automated fashion. Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.2-dev12

2020-07-04 Thread Tim Düsterhus
to sending 15 emails per hour for abuse prevention in case my password ever leaks. So 2 patches did not make it through the first time. I hope I did not completely mess up threading when sending the last 2. My email limit is now up to 20 :-) Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.2-dev12

2020-07-04 Thread Tim Düsterhus
as of now is 15 commits ahead of master. So I'll send an updated series once 2.2 is out. Or you tell me to send it now and apply it to 'next'. While I'm here: There's already one commit sitting in the next branch to be applied after the release. Best regards Tim Düsterhus

[PATCH] BUG/MINOR: http_act: don't check capture id in backend (2)

2020-07-03 Thread Tim Düsterhus , WoltLab GmbH
Willy, find the patch attached. Best regards Tim Düsterhus Developer WoltLab GmbH -- WoltLab GmbH Nedlitzer Str. 27B 14469 Potsdam Tel.: +49 331 96784338 duester...@woltlab.com www.woltlab.com Managing director: Marcel Werk AG Potsdam HRB 26795 P >F

Re: ssl_c_sha256 ?

2020-06-29 Thread Tim Düsterhus
to apply pretty seamlessly to HAProxy 2.0, it contains all you need. One small note: The correct terminology for "sha2 filter" is "sha2 converter". Best regards Tim Düsterhus

Re: ssl_c_sha256 ?

2020-06-29 Thread Tim Düsterhus
_c_der ? > (ssl_c_der,sha2(256)) > You are right, of course. While adjusting the example from the commit message I replaced the 'der' instead of the 'f'. Best regards Tim Düsterhus

Re: ssl_c_sha256 ?

2020-06-29 Thread Tim Düsterhus
proxy/commit/d4376302377e4f51f43a183c2c91d929b27e1ae3 The ssl_c_sha1 is simply a hash of the DER representation of the certificate. So you can just hash it with the sha2 converter: ssl_c_sha256,sha2(256) Best regards Tim Düsterhus

Re: HAProxy 2.2 release date

2020-06-26 Thread Tim Düsterhus
figuration (http-after-response), in case I have to revert back. My two previous attempts failed due to heap / allocator corruption (issues #681 and #700). Best regards Tim Düsterhus

Re: Doing directory based access control (Survey / Poll of admin expectations)

2020-06-26 Thread Tim Düsterhus
ddress right now! Agreed. This is something non-trivial and the solution should not be rushed. Personally I've already adjusted my rules. I just filed a tracking bug for it on GitHub, so that the discussion will not get lost in the depths of the email archive: https://github.com/haproxy/haproxy/issues/714 Best regards Tim Düsterhus

Re: Doing directory based access control (Survey / Poll of admin expectations)

2020-06-25 Thread Tim Düsterhus
Hi List, Am 22.06.20 um 21:13 schrieb Tim Düsterhus: > What kind of (configuration) advice would you give me? Do you have any > concerns? I consider *anything* a valid answer here and I'd like to hear > from both experienced admins and "newbies". > > I'll give the &

Re: [PATCH v2 0/2] Warnings for truncated lines

2020-06-22 Thread Tim Düsterhus
such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. Warnings were found. Configuration file is valid I guess a truncated last line cannot be differentiated from file that does not end with a new line

Doing directory based access control (Survey / Poll of admin expectations)

2020-06-22 Thread Tim Düsterhus
--- What kind of (configuration) advice would you give me? Do you have any concerns? I consider *anything* a valid answer here and I'd like to hear from both experienced admins and "newbies". I'll give the "solution" once I get some replies :-) Best regards Tim Düsterhus

Re: [PATCH] BUG/MINOR: cfgparse: Support configurations without newline at EOF

2020-06-22 Thread Tim Düsterhus
ARNING] 173/185130 (17415) : parsing [/tmp/example/cat:3]: line is not > terminated by a newline (LF / '\n'). > [ALERT] 173/185130 (17415) : Error(s) found in configuration file : > /tmp/example/cat > [ALERT] 173/185130 (17415) : Fatal errors found in configuration. Thus even if we might never not support leaving out the trailing newline I consider that something worthwhile to warn about. Best regards Tim Düsterhus

Re: how can I add an HTTP to prevent clickjacking to the stats page?

2020-06-18 Thread Tim Düsterhus
origin Example: $ http --headers localhost:8080 HTTP/1.1 200 OK cache-control: no-cache content-type: text/html transfer-encoding: chunked x-frame-options: sameorigin Best regards Tim Düsterhus

Re: Conditional request logging ?

2020-06-18 Thread Tim Düsterhus
silent. See: http://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-http-response%20set-log-level Best regards Tim Düsterhus

Re: VTest does not test deinit

2020-06-16 Thread Tim Düsterhus
efore the 2.2 release. > I'd definitely postpone changing anything about VTest past 2.2. Any bugs found using that will be backported anyway. So nothing really lost by waiting for the release. Best regards Tim Düsterhus

Re: Broken SNI with crt-list for HAProxy 2.1.x after upgrade from Stretch to Buster

2020-06-15 Thread Tim Düsterhus
trust you that the patch fixes *a* bug, even if it might not be *my* bug, thus feel free to apply. Best regards Tim Düsterhus

VTest does not test deinit

2020-06-14 Thread Tim Düsterhus
GTERM in HAProxy anyway, so there is no need for this distinction. I did not yet look into the details of the failing tests, though. Best regards Tim Düsterhus

Re: [PATCH 3/3] BUG/MINOR: haproxy: Free rule->arg.vars.expr during deinit_act_rules

2020-06-14 Thread Tim Düsterhus
William, Am 14.06.20 um 16:59 schrieb Tim Düsterhus: > I can reproduce this with the following config: > > frontend http > mode http > bind 127.0.0.1:80 > > http-request redirect scheme https if METH_GET > >> $ valgrind ./haproxy -c -f ./crasher.cf

Re: [PATCH 3/3] BUG/MINOR: haproxy: Free rule->arg.vars.expr during deinit_act_rules

2020-06-14 Thread Tim Düsterhus
6484==by 0x5271CA: deinit (haproxy.c:2706) > ==6484==by 0x528017: deinit_and_exit (haproxy.c:2871) > ==6484==by 0x528E90: init (haproxy.c:2205) > ==6484==by 0x41F382: main (haproxy.c:3127) > ==6484== Address 0x0 is not stack'd, malloc'd or (recently) free'd I would assume that this is related to METH_GET being a default acl. Best regards Tim Düsterhus

Re: Broken SNI with crt-list for HAProxy 2.1.x after upgrade from Stretch to Buster

2020-06-13 Thread Tim Düsterhus
William, Am 13.06.20 um 16:46 schrieb Tim Düsterhus: > tune.ssl.default-dh-param 2048 solved the issue for me. > > I'd argue that this is a bug in HAProxy nonetheless, because apparently > the crt-list file is not fully parsed in case of DH parameter warnings > (not errors)

Re: Broken SNI with crt-list for HAProxy 2.1.x after upgrade from Stretch to Buster

2020-06-13 Thread Tim Düsterhus
Dear List, Am 13.06.20 um 16:11 schrieb Tim Düsterhus: > Any ideas? > Looking at the startup warnings is always a good idea: > Jun 13 14:40:52 *snip* haproxy[15815]: [WARNING] 164/144052 (15815) : > Reexecuting Master process > Jun 13 14:40:52 *snip* haproxy[15815]: [WARN

Broken SNI with crt-list for HAProxy 2.1.x after upgrade from Stretch to Buster

2020-06-13 Thread Tim Düsterhus
solution :-) Any ideas? Best regards Tim Düsterhus

Re: [PATCH 0/2] Clean up disabled build warnings

2020-06-11 Thread Tim Düsterhus
. > > I'd say that the one in 'pattern' is a bug and that the other two just need a > /* fall through */ comment. > > See the build log below for what I'm seeing within a debian:sid Docker > container: > > [...] > > Tim Düsterhus (2): > BUILD: Remove nowarn for

Re: [ANNOUNCE] haproxy-2.2-dev9

2020-06-11 Thread Tim Düsterhus
end of next week, which is close to initial estimates. > I would assume that the release of 2.2 is also the date where 1.9 goes from EoL to unmaintained? You might or might not want to plan a final 1.9 release then as well. Best regards Tim Düsterhus

Re: No access to git.haproxy.org from Travis CI

2020-06-11 Thread Tim Düsterhus
IP blocking or something else in place? > See also: https://github.com/haproxy/haproxy/issues/49#issuecomment-633521350 Best regards Tim Düsterhus

Re: Proposal to resolve (again) the include dependency hell

2020-06-07 Thread Tim Düsterhus
terms of files anyway. Best regards Tim Düsterhus

Re: Peers Protocol "Table Type"

2020-06-02 Thread Tim Düsterhus
Emeric, Willy, Am 02.06.20 um 15:10 schrieb Emeric Brun: > Thank you Tim! > > Here the updated patch. This looks good to me now. I trust that you actually tested the changes. Reviewed-by: Tim Duesterhus Best regards Tim Düsterhus

Re: Peers Protocol "Table Type"

2020-06-02 Thread Tim Düsterhus
missing from the commit message. Other than that the patch looks good to me, but I didn't actually test a binary compiled from it. Best regards Tim Düsterhus

Re: [PATCH 0/2] Clean up disabled build warnings

2020-05-29 Thread Tim Düsterhus
ed. It only triggers at two places within Lua with something regarding 'setjmp'. It might be possible to re-enable that one as well, but I don't understand that code. Best regards Tim Düsterhus

Re: haproxy 2.2-dev8-7867525 - 100% cpu usage on 1 core after config 'reload'

2020-05-28 Thread Tim Düsterhus
rb = > node = 0x19e2e60 > #3 0x004d1da3 in deinit () at src/haproxy.c:2762 strace does not show any further activity. Best regards Tim Düsterhus

Debian packaging note (was: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45))

2020-05-28 Thread Tim Düsterhus
Vincent, Am 28.05.20 um 12:41 schrieb Tim Düsterhus: > Okay, I've done what I really wanted to avoid and built my own HAProxy. > I'm now running HAProxy 2.1.5-1~~~timwolla+1 and I hope that it will > smoothly upgrade to Vincent's build once it is released. > While researching

Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)

2020-05-28 Thread Tim Düsterhus
ux=H1 > : mode=TCPside=FE|BE mux=PASS > > Available services : > prometheus-exporter > > Available filters : > [SPOE] spoe > [CACHE] cache > [FCGI] fcgi-app > [TRACE] trace > [COMP] compression My Postfix + Dovecot still works as evidenced by the fact that I am able read your email and send a reply. My HTTP services also work. Best regards Tim Düsterhus

Re: [PATCH] skip reg-tests/connection/proxy_protocol_send_unique_id_alpn.vtc on CentOS 6

2020-05-27 Thread Tim Düsterhus
it will be end of life on November, 30th anyway. Best regards Tim Düsterhus

Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)

2020-05-27 Thread Tim Düsterhus
break Dovecot or I compile my own HAProxy. Best regards Tim Düsterhus [1] https://www.mail-archive.com/haproxy@formilux.org/msg37344.html

Re: [PATCH] REGTEST: Add connection/proxy_protocol_send_unique_id_alpn

2020-05-27 Thread Tim Düsterhus
fails without them and passes with them :-/ For posteriority the correct commits are: 68ad53cb3781010ccde7c781b6a3a1e926b5ed23 3ab504f5ff53968ae70d592cba4c1c7da6a0e7ff d82056c319814f9328db07dd50ab90785ec6c95c Best regards Tim Düsterhus

Re: RFC: set minimum default TLS version to 1.2 for HAProxy 2.2

2020-05-27 Thread Tim Düsterhus
However in the general case you won't get far as a client in today's Internet without supporting TLS 1.2. For my machines I dropped support for anything < 1.2 on port 443 more than 2 years ago. Best regards Tim Düsterhus

Re: RFC: set minimum default TLS version to 1.2 for HAProxy 2.2

2020-05-27 Thread Tim Düsterhus
l configurable with > min-ssl-ver if you want the support for prior TLS versions. > > Does anybody have any objections? > As a data point: The OpenSSL shipped with Debian Buster does not support anything below TLS 1.2 by default [1]. The same is true starting with Ubuntu 20.0

Re: [ANNOUNCE] haproxy-2.2-dev8

2020-05-22 Thread Tim Düsterhus
feature which will for example allow to define errorfile templates > which embed a unique ID or at least be a bit more user-friendly. Sweet. I always wanted to embed the unique ID in the error messages. Best regards Tim Düsterhus

Re: [PATCH 0/6] Lua variable handling

2020-05-19 Thread Tim Düsterhus
maps from Lua? They should be > backed by ebtree and be faster right? > To my understanding Maps are not scoped per request and thus would not be usable for haproxy-auth-request. Best regards Tim Düsterhus

Re: 2.0.14 + htx / retry-on all-retryable-errors -> sometimes wrong backend/server used

2020-05-19 Thread Tim Düsterhus
issue: https://github.com/haproxy/haproxy/issues/623 Best regards Tim Düsterhus

Re: decode key created with url32+src

2020-05-17 Thread Tim Düsterhus
t of memory. The output type > is an unsigned integer. Thus you only have a hash value of the URL in question. However the IP address is stored in clear at the end of the resulting key. You might need to hex decode it. Best regards Tim Düsterhus

Re: stable-bot: Bugfixes waiting for a release 2.1 (27), 2.0 (24)

2020-05-14 Thread Tim Düsterhus
INOR, first one merged on 2020-04-02 > > Thus the computed ideal release date for 2.0.15 would be 2020-04-30, which > was two weeks ago. Is there any date planned for 2.1.5? I'm still running 2.1.3 on one machine, because I use Dovecot. Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-05-07 Thread Tim Düsterhus
r you. If it is >> of any help to you: This is definitely not how it usually goes. > > Then here is my next try. ;-) > > I've rebased my changes to reflect the recent changes and added the > missing description to the first patch. I've now taken a look at both patches now and both are: Reviewed-by: Tim Duesterhus Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-05-07 Thread Tim Düsterhus
like haproxy and want to give something back, but I'm not sure > if I want to do that in the future with the experience I had so far. :-( > Liking HAProxy and wanting to give something back is my motivation as well. I am very sorry to see how this experience went for you. If it is of any help to you: This is definitely not how it usually goes. Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-05-07 Thread Tim Düsterhus
Patrick, Am 07.05.20 um 13:03 schrieb Patrick Gansterer: > Hi, > > On 22.04.20 18:30, Tim Düsterhus wrote: >> I don't find anything to complain about now. I'll now leave it up to the >> authority to either apply or complain. > > How long does it usually take

Re: Version 2.0.14 breaking change vs 2.0.13 with send-proxy-v2-ssl-cn + Apache 2.4

2020-05-06 Thread Tim Düsterhus
14 ... any hint ? This sounds like this issue we've seen with Dovecot: https://www.mail-archive.com/haproxy@formilux.org/msg36890.html Try applying this commit: https://github.com/haproxy/haproxy/commit/02c88036a61e09d0676a2b6b4086af677b023b94 Best regards Tim Düsterhus

Re: Question about connection settings proto fcgi check maxconn 9 minconn 5 maxqueue 0

2020-05-05 Thread Tim Düsterhus
(idle). If at least 6 requests come in at the same time then PHP will reach 10 worker processes, because PHP is configured to keep 4 idle processes at all times. A 7th request would violate the minimum number of idle processes. Now if the number of concurrent requests goes down to 4 you will still see the 10 processes, because PHP is allowed to keep 6 idle processes around. Best regards Tim Düsterhus

Re: [PATCH] remove unused assignments

2020-04-23 Thread Tim Düsterhus
ld say that the dead store should remain in there. In short: This patch should carefully be checked and probably not all changes should be applied. Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-04-22 Thread Tim Düsterhus
y: Tim Duesterhus Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-04-22 Thread Tim Düsterhus
then. > + Please note that this converter is only available when haproxy has been > + compiled with USE_OPENSSL. > + > http_date([]) >Converts an integer supposed to contain a date since epoch to a string >representing this date in a format suitable for use in HTTP header fields. > If Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-04-22 Thread Tim Düsterhus
h each. Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.1.4

2020-04-22 Thread Tim Düsterhus
t CVE. The difference to my understanding is that his version is more efficient, because it's not fork+exec()ing new processes all the time and instead just uses function calls. Best regards Tim Düsterhus

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2020-04-22 Thread Tim Düsterhus
smp->data.type = SMP_T_BIN; > + smp->flags &= ~SMP_F_CONST; > + return 1; > +} > + > +static struct sample_conv_kw_list sample_conv_kws = {ILH, { > + { "digest", sample_conv_crypto_digest, ARG1(1,STR), NULL, > SMP_T_BIN, SMP_T_BIN }, > + { "hmac", sample_conv_crypto_hmac, ARG2(2,STR,STR), NULL, > SMP_T_BIN, SMP_T_BIN }, Add a validation function that checks whether the given hash algorithm is valid at configuration checking time. Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.1.4

2020-04-21 Thread Tim Düsterhus
a C developer, but is not something that's specifically acknowledged within the H2 specification. Negative values however are clearly invalid when talking about a byte range. Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.1.4

2020-04-21 Thread Tim Düsterhus
network" input from stdin and patched HAProxy to exit after serving a single request. Then I used a simplistic configuration pointing to an nginx and seeded AFL using some HTTP/2 requests I generated using nghttp against `nc -l > request`. However that dirty hackery resulted in AFL not reliably detecting whether something changed because the input changed or whether it just randomly changed. Best regards Tim Düsterhus

Re: [PATCH] Minor improvements to doc "http-request set-src"

2020-04-21 Thread Tim Düsterhus
Olivier, Am 21.04.20 um 16:34 schrieb Olivier D: > ;) > Patch updated attached. > Now LGTM. Reviewed-by: Tim Duesterhus Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.1.4

2020-04-21 Thread Tim Düsterhus
oder. For CVE-2018-20615 I worked with preeny/desock and saw that issues with branches being non-deterministic (I assume slight timing issues or packets being cut differently or something like that). Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.1.4

2020-04-21 Thread Tim Düsterhus
won't be the last. Can we please allocate some resources on making HAProxy more fuzzer friendly after 2.2 is out? I would also be interested in how Felix Wilhelm performed the fuzzing, do you happen to have details about that? Best regards Tim Düsterhus

Re: [PATCH] Minor improvements to doc "http-request set-src"

2020-04-21 Thread Tim Düsterhus
t; instead of "[DOC]". 2. All subsequent calls to src field will return this value (see example). -> It's not "field", but "fetch". Not sure whether "src" should also be quoted in there. Other than that it looks good to me now. Best regards Tim D

Re: [PATCH] Minor improvements to doc "http-request set-src"

2020-04-20 Thread Tim Düsterhus
ons based on the IP address with the last octet zeroed out. > +# This will track connection based on header IP > +http-request set-src hdr(x-forwarded-for) > +http-request track-sc0 src > + >When possible, set-src preserves the original source port as long as the >address family allows it, otherwise the source port is set to 0. Best regards Tim Düsterhus

Re: [ANNOUNCE] haproxy-2.2-dev6

2020-04-17 Thread Tim Düsterhus
image of the Docker Official Images program now, so any obvious issues in the future should be detected. https://github.com/docker-library/haproxy/pull/111 Best regards Tim Düsterhus

Re: HAProxy concurrent HTTP query limit based on header

2020-04-17 Thread Tim Düsterhus
ctions. >http-request track-sc0 req.hdr( X-Forwarded-For ) >http-request deny deny_status 429 if { sc0_conn_cur ge 20 } > Best regards Tim Düsterhus

Re: HAProxy and musl (was: Re: HAproxy Error)

2020-04-16 Thread Tim Düsterhus
official-images/pulls?q=is%3Apr+label%3Alibrary%2Fhaproxy+is%3Aclosed. Within the PRs there's always a comment with the results of the tests for all the versions. Best regards Tim Düsterhus

HAProxy and musl (was: Re: HAproxy Error)

2020-04-16 Thread Tim Düsterhus
b.com/docker-library/haproxy/blob/3dd3917d3a70c230d8b192541ee08764e1da16af/2.2-rc/alpine/Dockerfile#L31-L45 Basic smoke test (Reverse Proxy to example.com) is here: https://github.com/docker-library/official-images/tree/master/test/tests/haproxy-basics Best regards Tim Düsterhus

Disclaimer in emails (was: Re: HAproxy Error)

2020-04-15 Thread Tim Düsterhus
articles. And in fact the second link uses a very non-committal language by saying that these disclaimers "[...] may not be legally enforceable". Any statement with a "may" in it is absolutely useless. Best regards Tim Düsterhus

Re: HAproxy Error

2020-04-15 Thread Tim Düsterhus
sending mail to this list from $COMPANY email you would need to live with a 14 line signature that is not a disclaimer, but similarly is snail mail information of $COMPANY that I'm required to add by law. Best regards Tim Düsterhus

Re: TLV problem after updating to 2.1.14

2020-04-04 Thread Tim Düsterhus
Willy, Am 04.04.20 um 13:29 schrieb Willy Tarreau: >> Am 04.04.20 um 12:41 schrieb Tim Düsterhus: >>> The Dovecot source code is here: >>> https://github.com/dovecot/core/blob/de9968d623e331a18b43dfe8a00421f72f7f7962/src/lib-master/master-service-haproxy.c#L35

Re: TLV problem after updating to 2.1.14

2020-04-04 Thread Tim Düsterhus
Hativ, Willy, Am 04.04.20 um 12:41 schrieb Tim Düsterhus: > The Dovecot source code is here: > https://github.com/dovecot/core/blob/de9968d623e331a18b43dfe8a00421f72f7f7962/src/lib-master/master-service-haproxy.c#L354 > > A quick glance at the Dovecot code looks like Dovecot pars

Re: TLV problem after updating to 2.1.14

2020-04-04 Thread Tim Düsterhus
ooks like Dovecot parses the proxy protocol correctly with regard to TLVs. Best regards Tim Düsterhus

Re: TLV problem after updating to 2.1.14

2020-04-03 Thread Tim Düsterhus
Hativ, Am 03.04.20 um 00:38 schrieb Hativ: > Any ideas what's wrong? > I would assume that this patch changed the behavior there: https://github.com/haproxy/haproxy/commit/7f26391bc51ad56c31480d03f56e1db604f1c617 Can you try reverting that to check whether it is the cause? Best regar

Re: haproxy 2.0.14 failing to bind peer sockets

2020-04-02 Thread Tim Düsterhus
rs! Exiting. I suppose this commit might be at fault here: https://github.com/haproxy/haproxy/commit/a2cfd7e356f4d744294b510b05d88bf58304db25 Try reverting it to see whether it fixes the issue. Best regards Tim Düsterhus

Re: [PATCH] MINOR: config: make strict limits enabled by default

2020-03-28 Thread Tim Düsterhus
ly because we already started to > deploy part of v2.2... > > Sorry for that, please ignore this patch :) > For 2.1 we used the 'next' branch to already take these type of patches. It was simply rebased after the release: http://git.haproxy.org/?p=haproxy.git;a=shortlog;h=refs/heads/next Best regards Tim Düsterhus

Re: [PATCH v2] MINOR: config: make strict limits enabled by default

2020-03-28 Thread Tim Düsterhus
ha_warning("[%s.main()] Cannot raise FD limit > to %d, limit is %d.\n", > argv[0], global.rlimit_nofile, > (int)limit.rlim_cur); I believe the `ha_warning` should be changed to `ha_alert` then. Or the function used should depend on whet

Re: stable-bot: Bugfixes waiting for a release 2.1 (21), 2.0 (16)

2020-03-24 Thread Tim Düsterhus
/ the RNG changes have been picked out-of-order. > Could you please cut a release ? there are many fixes that just cherry > picking it in my fork would make sense. I second that. I was already thinking about asking after yesterday's 2.2-dev5. Best regards Tim Düsterhus

Re: Peers Protocol "Table Type"

2020-03-20 Thread Tim Düsterhus
ed to look into the code anyway, because the docs are incomplete (as I outlined before in this thread). Changing the code will cause larger breakage during a HAProxy bugfix upgrade if not all machines in a cluster are upgraded simultaneously. Best regards Tim Düsterhus

Re: [PATCH] CLEANUP: h2: Help static analyzers understand the list's end marker

2020-03-19 Thread Tim Düsterhus
tic analyzers is acceptable to me. Best regards Tim Düsterhus

Re: [PATCH] fix errored ARM64 builds in travis-ci

2020-03-18 Thread Tim Düsterhus
$PRIVATE_TOKEN` to the configuration within their pull requests. Of course one could also simply add their own repository to Travis to test it out without the need for a pull request. In fact I believe Ilya does: https://travis-ci.com/github/chipitsine/haproxy Best regards Tim Düsterhus

Re: [PATCH] fix errored ARM64 builds in travis-ci

2020-03-18 Thread Tim Düsterhus
aproxy/pulls?q=is%3Apr+is%3Aclosed GitHub Actions would need to be explicitly enabled for pull requests. Best regards Tim Düsterhus

Re: [PATCH] fix errored ARM64 builds in travis-ci

2020-03-18 Thread Tim Düsterhus
meone would need to step up to provide the runners, though. I'm also using it for my haproxy-auth-request Lua script and VTest: https://github.com/TimWolla/haproxy-auth-request/blob/master/.github/workflows/vtest.yml Best regards Tim Düsterhus

Re: [PATCH] fix errored ARM64 builds in travis-ci

2020-03-18 Thread Tim Düsterhus
This looks like an issue on Travis' end to me. Maybe a bug report should be filed with their support. It seems to consistently hang somewhere around the installation of libpcre2. Best regards Tim Düsterhus

Re: [PATCH] switch to clang-9 in Linux/travis-ci builds

2020-03-16 Thread Tim Düsterhus
y/blob/67b095e797a156ae27b7b52f6ccf57171717dd16/.travis.yml#L108 It probably needs to read `if [ "$CC" = "clang*" ]` (unless I got my bash syntax wrong). Best regards Tim Düsterhus

Re: [PATCH] BUILD: Avoid warning about ignoring write()'s return value in BUG_ON()

2020-03-14 Thread Tim Düsterhus
tion] > ABORT_NOW(); > ^ Best regards Tim Düsterhus

Re: Peers Protocol "Table Type"

2020-03-14 Thread Tim Düsterhus
some internal enum. Best regards Tim Düsterhus

Re: Peers Protocol "Table Type"

2020-03-14 Thread Tim Düsterhus
'm seeing, we should document that on the wire we > have this: > >2 = signed int >4 = IPv4 >5 = IPv6 >6 = string >7 = binary > Perfect, I'll use those values within my implementation. > From now, the best solution likely is to check where the table type is > used and instead go back to a table-specific type with hard-coded values > matching what we have now. > Should I file an issue for tracking that? Best regards Tim Düsterhus

Re: [PATCH] BUILD: Avoid warning about ignoring write()'s return value in BUG_ON()

2020-03-14 Thread Tim Düsterhus
Willy, Am 14.03.20 um 11:14 schrieb Willy Tarreau: > Now done. I've also cleaned up the null-derefw warning in the debugging > code of the pools. > Can't the pools simply use `ABORT_NOW()` instead of `*DISGUISE((volatile int *)0) = 0;`? Best regards Tim Düsterhus

Re: [PATCH] BUILD: Avoid warning about ignoring write()'s return value in BUG_ON()

2020-03-13 Thread Tim Düsterhus
f a circular dependency. If it's a small obvious change feel free to adapt the patch. If it requires larger changes please fix it yourself and ignore my patch. Best regards Tim Düsterhus

Re: [PATCH 2/3] MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections

2020-03-13 Thread Tim Düsterhus
its you best :-) If you want me to take it now I can. In fact I added a blank line in that patch. The v2-series is good from my side. I don't plan any more changes. If you are happy as well then please take it. Best regards Tim Düsterhus

Re: [PATCH] BUILD: Avoid warning about ignoring write()'s return value in BUG_ON()

2020-03-13 Thread Tim Düsterhus
^ While checking my list of outgoing patches I noticed that this one wasn't acknowledged yet. It will become important with: https://github.com/haproxy/haproxy/issues/546 Best regards Tim Düsterhus

Re: [PATCH 3/3] MEDIUM: proxy_protocol: Support sending unique IDs using PPv2

2020-03-13 Thread Tim Düsterhus
xpert Ilya to look into that: https://github.com/haproxy/haproxy/issues/546 Best regards Tim Düsterhus

Re: [PATCH 2/3] MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections

2020-03-13 Thread Tim Düsterhus
struct connection` refactoring before actually taking it or would you like me to make any changes to it? Best regards Tim Düsterhus

Peers Protocol "Table Type"

2020-03-11 Thread Tim Düsterhus
pes are only added at the end)? Or rather: Is the peer protocol stable enough for third party implementations or can it change at will during HAProxy upgrades? Best regards Tim Düsterhus

Re: Haproxy ACL path_reg compare number?

2020-03-11 Thread Tim Düsterhus
b.io/haproxy-dconv/2.1/configuration.html#7.3.1-word Untested example: acl image1 path,word(1,/) -m int le 10005 Best regards Tim Düsterhus

Re: [PATCH] BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols

2020-03-09 Thread Tim Düsterhus
updated, because does not pass in any case. Best regards Tim Düsterhus

SUBVERS broken in 2.1 snapshot

2020-03-09 Thread Tim Düsterhus
_version/src/snapshot/haproxy-ss-LATEST.tar.gz > |tar xz --strip-components=1 --wildcards --to-stdout '*/SUBVERS' >end > 1.8 > -beacaef > > 1.9 > -bea2911 > > 2.0 > -4ab0efb > > 2.1 > -$Format:%h$ > > 2.2 > -ee3bcdd > Best regards Tim Düsterhus

Re: [PATCH] SCRIPTS: Create -LATEST symlink for each BRANCH

2020-03-09 Thread Tim Düsterhus
rg/download/2.2/src/snapshot/ for some reason I only saw the `-patches` tarball and missed / ignored the `-ss` one. I guess that'll work for me, thanks. Best regards Tim Düsterhus

Re: [PATCH 3/3] MEDIUM: proxy_protocol: Support sending unique IDs using PPv2

2020-03-09 Thread Tim Düsterhus
to CI?). The check in there does not even compile (facepalm). In any case: I just fixed that build failure locally and can confirm that the BUG_ON does not trigger. Consider that line a "Please carefully check my assumptions, Willy". Best regards Tim Düsterhus

Use of RAND_MAX still correct?

2020-03-08 Thread Tim Düsterhus
Willy, when looking at the newest PRNG commits I noticed that some places that now use ha_random() still refer to RAND_MAX. You should check whether that still is appropriate, because my understanding is that you are now guaranteed to receive a specific number of bits. Best regards Tim Düsterhus

Re: [PATCH v5] MEDIUM: stream: Make the `unique_id` member of `struct stream` a `struct ist`

2020-03-05 Thread Tim Düsterhus
> today :-) Perfect, thank you. Expect my patch series with unique IDs in proxy protocol sooner rather than later :-) I assume you'll have a bit more to complain about that, because it wasn't as straight forward as this clean up. Best regards Tim Düsterhus

  1   2   3   4   5   >