Re: [PATCH] memprof fix OpenBSD build.

2021-07-26 Thread Willy Tarreau
Hi David, On Sun, Jul 25, 2021 at 11:07:00AM +0100, David CARLIER wrote: > +/* OpenBSD does not have anything close to malloc_usable_size, thus > profiling will be wrong regardless */ > +#if defined(USE_MEMORY_PROFILING) && defined(__OpenBSD__) > +#undef USE_MEMORY_PROFILING > +#endif I

Re: Test, please ignore

2021-07-23 Thread Willy Tarreau
On Fri, Jul 23, 2021 at 02:22:34PM +0200, Vincent Bernat wrote: > ? 23 July 2021 12:55 +02, Willy Tarreau: > > > The list looks uncommonly quiet after having touched some > > anti-spam rules, just testing. > > It's the holidays Willy! :) Yep, that's what I

Test, please ignore

2021-07-23 Thread Willy Tarreau
The list looks uncommonly quiet after having touched some anti-spam rules, just testing. Willy

Re: [PATCH] BUILD/MINOR memprof macOs build fix

2021-07-21 Thread Willy Tarreau
On Tue, Jul 20, 2021 at 08:40:34PM +0100, David CARLIER wrote: > Hi, > > here a build fix proposal for macOS when USE_MEMORY_PROFILING option is set. Merged, thanks David! Willy

Re: no-stop keyword proposal

2021-07-20 Thread Willy Tarreau
Hi Joao, On Tue, Jul 20, 2021 at 12:18:18PM -0300, Joao Morais wrote: > > Hello list, the diff below is a proposal to add a bind keyword used to flag > LI_O_NOSTOP option in the bind's listener. > > Regarding the use case: I need the ability to reach a stopping, but still > running haproxy

Re: [PR] Release the lock init_mutex before the program ends for issue#1326.

2021-07-20 Thread Willy Tarreau
Hello, > Author: jenny-cheung > Number of patches: 2 > > This is an automated relay of the Github pull request: >Release the lock init_mutex before the program ends for issue#1326. So I've remerged these two patches into one, and detailed a bit more what they aimed to do, and merged them.

Re: HAProxy Network Namespace Support issues, and I also found a security flaw.

2021-07-20 Thread Willy Tarreau
On Tue, Jul 20, 2021 at 03:04:05AM -0500, Peter Jin wrote: > Sorry, after analyzing the code again, it's not a security issue since the > ancillary buffer can only hold one file descriptor. No problem, it's better that way, and thanks for your detailed explanation! Willy

Re: HAProxy Network Namespace Support issues, and I also found a security flaw.

2021-07-20 Thread Willy Tarreau
Hi Peter, first, thanks for bringing this here. On Tue, Jul 20, 2021 at 01:13:58AM -0500, Peter Jin wrote: > 1. The network namespace support seems to be a bit broken. In the function > "my_socketat" (lines 114-129 of src/namespace.c in the latest dev branch), > you attempt to first change

Re: HAProxy Network Namespace Support issues, and I also found a security flaw.

2021-07-20 Thread Willy Tarreau
Hi Lukas, On Tue, Jul 20, 2021 at 08:48:28AM +0200, Lukas Tribus wrote: > Hello, > > > On Tue, 20 Jul 2021 at 08:13, Peter Jin wrote: > > 2. There is a stack buffer overflow found in one of the files. Not > > disclosing it here because this email will end up on the public mailing > > list. If

Re: HashiCorp

2021-07-20 Thread Willy Tarreau
Hello Joe, On Tue, Jul 20, 2021 at 11:04:38AM +, Joe Siganto wrote: > Hi Illya, > > Please could you have our Emails removed from the subscription list? I will > have all emails with your domains from our campaigns, and as checked our > first email ever sent to you was on 14th of July sent

Re: set mss on backend site on version 1.7.9

2021-07-18 Thread Willy Tarreau
On Thu, Jul 15, 2021 at 07:04:27PM +0200, Stefan Fuhrmann wrote: > Hello Lukas, > > > okay, thanks!! By the way, I think we never implemented it because it didn't appear useful. Out of curiosity, what is your use case ? If really useful, I think it shouldn't be too hard to implement. Willy

[ANNOUNCE] haproxy-2.5-dev2

2021-07-17 Thread Willy Tarreau
te MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1'' Marno Krahmer (1): MEDIUM: stats: include disabled proxies that hold active sessions to stats Remi Tricot-Le Breton (1): BUG/MINOR: ssl: Default-server configuration ignored by server Willy Tarreau (22):

Re: [PATCH] JA3 TLS Fingerprinting

2021-07-12 Thread Willy Tarreau
Hi Marcin, On Mon, Jul 12, 2021 at 04:59:32PM +0200, Marcin Deranek wrote: > Hi, > > Over a past few weeks I have been working on implementing JA3 compatible > TLS Fingerprinting[1] in the HAProxy. You can find the outcome in > attachments. Feel free to review/comment them. Thanks for this.

Re: Set information in ClientHello TLS Extension as header

2021-07-10 Thread Willy Tarreau
Hi Michael, On Sat, Jul 10, 2021 at 09:03:40AM +0200, Michael Stiller wrote: > Hi List, > > we have the following issue to solve: > > A client puts some data value into a TLS Extension section (reserved or > arbitrary id) in the ClientHello packet. I want to read this value and set a > request

Re: [ANNOUNCE] haproxy-2.3.12

2021-07-08 Thread Willy Tarreau
On Thu, Jul 08, 2021 at 07:11:27PM +0200, Vincent Bernat wrote: > ? 8 July 2021 17:47 +02, Willy Tarreau: > > > I'm seeing that at least Vincent was fast enough to package 2.3.11 for > > debian 10, I hope nobody deployed it yet. I'm really sorry for the mess. > > For

Long broken option http_proxy: should we kill it ?

2021-07-08 Thread Willy Tarreau
Hi all, Amaury discovered that "option http_proxy" was broken. I quickly checked when it started, and it got broken with the introduction of HTX in 1.9 three years ago. It still used to work in legacy mode in 1.9 and 2.0 but 2.0 uses HTX by default and legacy disappeared from 2.1. Thus to

[ANNOUNCE] haproxy-2.3.12

2021-07-08 Thread Willy Tarreau
--- Complete changelog : Willy Tarreau (2): BUG/MAJOR: pools: fix incomplete backport of lockless pool fix BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix ---

Re: Proposal about new default SSL log format

2021-07-08 Thread Willy Tarreau
On Thu, Jul 08, 2021 at 02:18:32PM +0200, William Lallemand wrote: > I saw that you hesitated between "conn_status" and "conn_err_code", the > "conn_" prefix could be confusing at some point once you try to have > errors on the frontend and the backend side in the same log-format, I > think

Re: ratio spam/useful message

2021-07-07 Thread Willy Tarreau
Hi Julien, On Tue, Jul 06, 2021 at 11:06:05AM +0200, Julien Pivotto wrote: > Hello, > > Lately, the ratio spam/useful message on the ML has been quite high. Well, that's not what I'm seeing in the archives here: https://www.mail-archive.com/haproxy@formilux.org/ I had to manually delete 9

Re: Proposal about new default SSL log format

2021-07-06 Thread Willy Tarreau
On Tue, Jul 06, 2021 at 12:19:56PM +0200, Tim Düsterhus wrote: > Willy, > > On 7/6/21 12:12 PM, Willy Tarreau wrote: > > A few points first, that are needed to address various concerns. The > > goal here is to defined an HTTPS log format because that's what the >

Re: Proposal about new default SSL log format

2021-07-06 Thread Willy Tarreau
Hi Rémi, [ I warned you that this was going to open a pandora box :-) ] On Fri, Jul 02, 2021 at 04:26:48PM +0200, Remi Tricot-Le Breton wrote: > Some work in ongoing to ease connection error and SSL handshake error > logging. > This will rely on some new sample fetches that could be added to a

Re: [PATCH] MEDIUM: stats: include disabled proxies that hold active sessions to stats

2021-07-06 Thread Willy Tarreau
Hi Marno, On Mon, Jun 28, 2021 at 07:32:19AM +, Marno Krahmer wrote: > Hello, > > I would like to add a path to HAProxy. > This patch is supposed to change how stats are handled for disabled proxies. (...) It's been one week without comments, my concerns about the rare but possible special

Re: Bad backend selected

2021-07-02 Thread Willy Tarreau
Hi Tim, On Sat, Jun 26, 2021 at 08:20:20PM +0200, Tim Düsterhus wrote: > Willy, Amaury, > > On 6/18/21 5:55 PM, Willy Tarreau wrote: > > Amaury started something in this direction but it was only in H2 and > > I'd like that we explore the ability to do it the most generi

[ANNOUNCE] haproxy-2.5-dev1

2021-06-30 Thread Willy Tarreau
haproxy -cc' REGTESTS: Replace REQUIRE_OPTIONS with 'haproxy -cc' for 2.5+ tests REGTESTS: Replace REQUIRE_BINARIES with 'command -v' REGTESTS: Remove support for REQUIRE_BINARIES BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header CLEANUP: P

Re: [PATCH] MEDIUM: stats: include disabled proxies that hold active sessions to stats

2021-06-30 Thread Willy Tarreau
Hi, first, thanks Marno for sharing your work. On Mon, Jun 28, 2021 at 07:32:19AM +, Marno Krahmer wrote: > Hello, > > I would like to add a path to HAProxy. > This patch is supposed to change how stats are handled for disabled proxies. > > Prior to this patch, when outputting stats

Re: [PATCH] BUILD/MEDIUM: tcp-act: set-mark support fir FreeBSD

2021-06-27 Thread Willy Tarreau
On Sat, Jun 26, 2021 at 05:03:24PM +0100, David CARLIER wrote: > Looks correct thanks ! thank you both, now merged! Willy

Re: [PATCH] BUILD/MEDIUM: tcp-act: set-mark support fir FreeBSD

2021-06-26 Thread Willy Tarreau
Hi David, On Sat, Jun 26, 2021 at 12:09:30PM +0100, David CARLIER wrote: > Hi here a little patch to enable set-mark for the FreeBSD platform. That's interesting, great finding! Could you please add a small note about FreeBSD being supported in the doc for the related actions ? For now it only

Re: [PATCH spoa-server] BUG/MINOR: build: install binary inside bin/ directory

2021-06-25 Thread Willy Tarreau
On Sun, Jun 13, 2021 at 01:13:52AM +0100, Bertrand Jacquin wrote: > Prior to the change, spoa is installed under DESTDIR with name `bin` Thanks Bertrand. I've merged it now, after realizing that I still had access to this now external repo :-) Willy

Re: [EXTERNAL] Re: built in ACL, REQ_CONTENT

2021-06-25 Thread Willy Tarreau
On Tue, Jun 08, 2021 at 06:32:50PM +0200, Lukas Tribus wrote: > Please try to ask the actual question directly next time, so we can > help you right away (https://xyproblem.info/). I didn't know this extremely common problem had a name, thanks Lukas for the link, I'll share it more often! Willy

Re: MINOR: fixes haiku linkage

2021-06-25 Thread Willy Tarreau
On Sat, Jun 19, 2021 at 02:47:52PM +0100, David CARLIER wrote: > Hi here a little change proposal to fix haproxy at runtime in this platform. > Cheers. Thanks David, now merged. Willy

Re: Fix small bug in srv_parse_agent_check

2021-06-25 Thread Willy Tarreau
Hi Dirkjan, On Fri, Jun 18, 2021 at 10:03:17PM +0200, Dirkjan Bussink wrote: > Hi all, > > I was building HAProxy using scan-build to see if there were any issues and > it called out an unused variable write. I think this was due to a bug that > the err_code was not used in

Re: SSL Labs says my server isn't doing ssl session resumption

2021-06-25 Thread Willy Tarreau
On Sun, Jun 20, 2021 at 05:20:41PM -0600, Shawn Heisey wrote: > On 6/20/2021 3:16 PM, Lukas Tribus wrote: > > It's a haproxy bug, affecting 2.4 releases, I've filed an issue in our > > tracker: > > > > https://github.com/haproxy/haproxy/issues/1297 > > Almost always when I report a problem I'm

Re: Line 47 in src/queue.c "s * queue's lock."

2021-06-25 Thread Willy Tarreau
On Thu, Jun 24, 2021 at 11:35:51PM +0200, Aleksandar Lazic wrote: > Hi. > > when someone works again on src/queue.c could be this typo fixed. > > http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/queue.c;h=6d3aa9a12bcd6078d1b5a76969da4104a6adb1bd;hb=HEAD#l47 > > ``` > 44 * - a

Re: SNI spoofing in HAproxy?

2021-06-24 Thread Willy Tarreau
On Thu, Jun 24, 2021 at 04:07:33PM +0200, Tim Düsterhus wrote: > Julien, > > On 6/24/21 3:40 PM, Julien Pivotto wrote: > > >use_backend bob if { hdr(host) -m dom bob.com } > > >use_backend alice if { hdr(host) -m dom alice.com } > > > > Thanks for taking the time to write this report. >

Re: [PATCH 0/1] Replace issue templates by issue forms

2021-06-23 Thread Willy Tarreau
Hi Lukas, On Wed, Jun 23, 2021 at 11:27:55PM +0200, Lukas Tribus wrote: > Full Ack from me for this change, this will be very beneficial as we > get higher quality reports and people won't be required to navigate > through raw markdown, which is not user-friendly at all. Thanks for this fast

Re: [PATCH 0/1] Replace issue templates by issue forms

2021-06-23 Thread Willy Tarreau
Hi Tim, Max, On Wed, Jun 23, 2021 at 09:38:12PM +0200, Tim Duesterhus wrote: > Hi Willy, Lukas, List! > > GitHub finally launched their next evolution of issue templates, called issue > forms, as a public beta: >

Re: SSL Labs says my server isn't doing ssl session resumption

2021-06-20 Thread Willy Tarreau
On Sun, Jun 20, 2021 at 11:31:10PM +0200, Willy Tarreau wrote: > On Sun, Jun 20, 2021 at 11:16:15PM +0200, Lukas Tribus wrote: > > Hello Shawn, > > > > On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote: > > > > > > On 6/20/2021 1:52 AM, Lukas Tribus wrote:

Re: SSL Labs says my server isn't doing ssl session resumption

2021-06-20 Thread Willy Tarreau
On Sun, Jun 20, 2021 at 11:16:15PM +0200, Lukas Tribus wrote: > Hello Shawn, > > On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote: > > > > On 6/20/2021 1:52 AM, Lukas Tribus wrote: > > > Can you try disabling threading, by putting nbthread 1 in your config? > > > > That didn't help. From

Re: [PATCH] CLEANUP: Prevent channel-t.h from being detected as C++ by GitHub

2021-06-20 Thread Willy Tarreau
Hi Tim, On Sat, Jun 19, 2021 at 04:56:30PM +0200, Tim Duesterhus wrote: > GitHub uses github/linguist to determine the programming language used for > each > source file to show statistics and to power the search. In cases of unique > file > extensions this is easy, but for `.h` files the

Re: Bad backend selected

2021-06-18 Thread Willy Tarreau
On Fri, Jun 18, 2021 at 05:08:56PM +0200, Tim Düsterhus wrote: > > So I had some thoughts about that discussion that started off-list. And > > now I think that the right thing to do is to always drop the port part > > of the authority when we have a scheme for which it's the default. I.e. > > if

Re: [PATCH] BUG/MINOR: cache: Correctly handle existing-but-empty, 'accept-encoding' header

2021-06-18 Thread Willy TARREAU
On Fri, Jun 18, 2021 at 04:07:10PM +0200, Tim Düsterhus, WoltLab GmbH wrote: > Remi, > > On 6/18/21 3:46 PM, Remi Tricot-Le Breton wrote: > > > please find a small fix for the 'Vary' support of the cache to > > > correctly handle the difference between a missing 'accept-encoding' > > > and an

Re: [PATCH] BUG/MINOR: cache: Correctly handle existing-but-empty, 'accept-encoding' header

2021-06-18 Thread Willy TARREAU
On Fri, Jun 18, 2021 at 03:46:26PM +0200, Remi Tricot-Le Breton wrote: > Hello Tim, > > On 18/06/2021 15:26, Tim Düsterhus, WoltLab GmbH wrote: > > Remi, > > > > please find a small fix for the 'Vary' support of the cache to correctly > > handle the difference between a missing 'accept-encoding'

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 05:03:23PM +0200, Tim Düsterhus wrote: > On 6/17/21 3:27 PM, Willy Tarreau wrote: > > Whole series merged, thanks Tim. I feel like the selection is slightly > > faster than before, but that might just be a placebo effect. > > > > I would assum

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 04:48:45PM +0200, Tim Düsterhus wrote: > To clarify: This specific timing also includes the wait times until the > build VMs are available. It's basically the wall time elapsed between the > push happening and the *last* build reporting the status. So the time the >

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 04:31:57PM +0200, Tim Düsterhus wrote: > Willy, William, > > On 6/17/21 3:55 PM, William Lallemand wrote: > > > OK that's a net win, openssl-3.0.0-alpha17 dropped from 8'29 to 2'55. > > > I've just excluded versions 1.x from both the parallel build and the > > > build_sw

Re: [PATCH] CLEANUP: server: a separate function for initializing the per_thr field

2021-06-17 Thread Willy Tarreau
Hi Miroslav, On Tue, Jun 15, 2021 at 03:53:39PM +0200, Miroslav Zagorac wrote: > Hello all, > > To avoid repeating the same source code, allocating memory and > initializing the per_thr field from the server structure is > transferred to a separate function. Makes sense, indeed. Now merged,

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 03:29:58PM +0200, Willy Tarreau wrote: > On Thu, Jun 17, 2021 at 03:24:19PM +0200, Willy Tarreau wrote: > > On Thu, Jun 10, 2021 at 08:55:13PM +0500, ??? wrote: > > > I was mistaken. LibreSSL does not like parallel install > > > > &

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 03:24:19PM +0200, Willy Tarreau wrote: > On Thu, Jun 10, 2021 at 08:55:13PM +0500, ??? wrote: > > I was mistaken. LibreSSL does not like parallel install > > > > libressl fails on `make -j4 install` · Issue #461 · > > libressl-po

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-17 Thread Willy Tarreau
On Fri, Jun 11, 2021 at 07:56:14PM +0200, Tim Duesterhus wrote: > This series updates the regtests to make use of VTest's 'feature cmd' syntax > to skip tests that are not supported in the current environment. (...) Whole series merged, thanks Tim. I feel like the selection is slightly faster

Re: [PATCH] CI: Replace the requirement for 'sudo' with a call to 'ulimit -n'

2021-06-17 Thread Willy Tarreau
On Thu, Jun 17, 2021 at 12:31:45PM +0200, Tim Düsterhus wrote: > Willy, > > On 6/13/21 3:02 PM, Tim Duesterhus wrote: > > Using 'sudo' required quite a few workarounds in various places. Setting an > > explicit 'ulimit -n' removes the requirement for 'sudo', resulting in a > > cleaner > >

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 08:55:13PM +0500, ??? wrote: > I was mistaken. LibreSSL does not like parallel install > > libressl fails on `make -j4 install` · Issue #461 · > libressl-portable/portable (github.com) > > > > anyway, if

Re: [PATCH] CI: Replace the requirement for 'sudo' with a call to 'ulimit -n'

2021-06-17 Thread Willy Tarreau
Hi Tim, On Thu, Jun 17, 2021 at 12:31:45PM +0200, Tim Düsterhus wrote: > Willy, > > On 6/13/21 3:02 PM, Tim Duesterhus wrote: > > Using 'sudo' required quite a few workarounds in various places. Setting an > > explicit 'ulimit -n' removes the requirement for 'sudo', resulting in a > > cleaner >

[ANNOUNCE] haproxy-2.4.1

2021-06-17 Thread Willy Tarreau
acro William Lallemand (1): BUILD: make tune.ssl.keylog available again Willy Tarreau (21): BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location MINOR: pools: do not maintain

Re: [PATCH] typo fixes

2021-06-17 Thread Willy Tarreau
On Sat, Jun 12, 2021 at 03:57:40PM +0500, ??? wrote: > Hello, > > yet more typo and spelling fixes. Merged, thank you Ilya! Willy

Re: SSL Labs says my server isn't doing ssl session resumption

2021-06-17 Thread Willy Tarreau
On Fri, Jun 11, 2021 at 06:48:09PM -0600, Shawn Heisey wrote: > I'm fiddling with ssl labs to see how I can improve my TLS setup. > > Here's what they say about a site I have behind haproxy with TLS: > > https://www.elyograg.org/foo/haproxy-ssllabs-session-resumption-not-working.png > > They

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-14 Thread Willy Tarreau
On Mon, Jun 14, 2021 at 02:18:57PM +0200, William Lallemand wrote: > On Mon, Jun 14, 2021 at 02:03:55PM +0200, Willy Tarreau wrote: > > On Mon, Jun 14, 2021 at 03:49:05PM +0500, ??? wrote: > > > I believe William means conditions like "openssl is 1.1.0 or hi

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-14 Thread Willy Tarreau
On Mon, Jun 14, 2021 at 02:33:20PM +0200, William Lallemand wrote: > On Mon, Jun 14, 2021 at 12:01:11PM +0200, Tim Düsterhus wrote: > > We only run Travis once weekly, because of the limited credits we have. > > Thus only the newest commit at time of running will have a Travis CI > > Status

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-14 Thread Willy Tarreau
On Mon, Jun 14, 2021 at 03:49:05PM +0500, ??? wrote: > I believe William means conditions like "openssl is 1.1.0 or higher", but > that's possible using grep And anyway I do want to add config predicates that will provide this. As I said when I added a few of them for ".if", the main use

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-12 Thread Willy Tarreau
On Sat, Jun 12, 2021 at 03:47:46PM +0500, ??? wrote: > final apline/musl patch attached Applied, thank you Ilya! Willy

HAProxyConf 2021 - Call for papers

2021-06-11 Thread Willy Tarreau
Hi all, some of you have probably already noticed the announce in [1], the 2021 edition of the HAProxyConf will take place on November 16-17 as a "virtual event" (I personally prefer to say "online" as "virtual" always makes me feel that I'm losing something important). For sure we'll all miss

Re: [PATCH 1/2] REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests

2021-06-11 Thread Willy Tarreau
On Fri, Jun 11, 2021 at 06:16:24PM +0200, Tim Duesterhus wrote: > HAProxy 1.6 is EOL, thus this always matches. (...) Both applied, thanks Tim! willy

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-11 Thread Willy Tarreau
On Fri, Jun 11, 2021 at 08:14:49PM +0500, ??? wrote: > @Willy Tarreau , do you think it is good idea to display libc > variant in "haproxy -vv" ? If needed we can (for those that are detectable), but I'm not convinced of the benefits. If it's in order to exclude some t

Re: how to write to a file safely in haproxy

2021-06-11 Thread Willy Tarreau
Hello, On Fri, Jun 11, 2021 at 11:38:38AM +0530, reshma r wrote: > Hello all, > I Had a follow up query, sorry if it is an obvious question. once I > implement the socket call as a sidecar process, say as a lua script that > reads the new configuration from portal into a variable, how would I

Re: Speeding up opentracing build in CI ?

2021-06-10 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 09:00:32AM +0300, ??? wrote: > openssl does not support -j for make install > I filed a bug on them, they told me "OK, just don't use it" I don't care about install, which I didn't touch, but about "all". I never install anything with -j anyway. The savings are

Re: Speeding up opentracing build in CI ?

2021-06-09 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 07:19:37AM +0200, Willy Tarreau wrote: > On Thu, Jun 10, 2021 at 10:15:46AM +0500, ??? wrote: > > OT takes about 30 sec (it is built with almost everything disabled). the > > biggest time eater is openssl-3.0.0 > > Maybe that one could be s

Re: Speeding up opentracing build in CI ?

2021-06-09 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 10:15:46AM +0500, ??? wrote: > OT takes about 30 sec (it is built with almost everything disabled). the > biggest time eater is openssl-3.0.0 Maybe that one could be sped up too, I haven't checked if it uses parallel builds. > hopefully, OT will speed up to 10

Re: Speeding up opentracing build in CI ?

2021-06-09 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 07:55:17AM +0300, ??? wrote: > First one is supposed to be cached one day together with "opt" folder. > > However, we can indeed use parallel builds until cache is enabled for > github actions OK. The other use case I saw was that it's more convenient for

Speeding up opentracing build in CI ?

2021-06-09 Thread Willy Tarreau
Tim, Ilya, while testing Miroslav's fix, I found the opentracing build to be quite slow and figured it doesn't use parallel builds. Do you have any objection against patching the script like this ? diff --git a/scripts/build-ot.sh b/scripts/build-ot.sh index 59d6af587..1c296b64b 100755 ---

Re: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot mode

2021-06-09 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 04:40:47AM +0200, Miroslav Zagorac wrote: > On 06/10/2021 04:20 AM, Willy Tarreau wrote: > > Thank you Miroslav. Just to be sure, is this in anyway related to the > > fix or not ? We need to make sure that we maintain a smooth upgrade > > path for those

Re: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot mode

2021-06-09 Thread Willy Tarreau
On Thu, Jun 10, 2021 at 02:56:46AM +0200, Miroslav Zagorac wrote: > I forgot to mention that one should take the latest version of the > opentracing c wrapper (it is now 1.1.0). > > https://github.com/haproxytech/opentracing-c-wrapper Thank you Miroslav. Just to be sure, is this in anyway

Re: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot mode

2021-06-09 Thread Willy Tarreau
Hi Miroslav, On Mon, Jun 07, 2021 at 04:55:21PM +0200, Miroslav Zagorac wrote: > From 4bbbe5fd3e66a37ec9703723ba22b742e7926a07 Mon Sep 17 00:00:00 2001 > From: Miroslav Zagorac > Date: Mon, 7 Jun 2021 16:21:31 +0200 > Subject: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot

Re: [PATCH] CI: Make matrix.py executable and add shebang

2021-06-08 Thread Willy Tarreau
On Tue, Jun 08, 2021 at 06:25:40PM +0500, ??? wrote: > ack from me. Now merged, thanks! Willy

Re: [PATCH 3/3] MINOR: haproxy: Add `-cc` argument

2021-06-08 Thread Willy Tarreau
On Tue, Jun 08, 2021 at 11:41:29AM +0200, Tim Düsterhus wrote: > Willy, > > On 6/8/21 11:26 AM, Willy Tarreau wrote: > > I couldn't figure how the VTC was OK but not testing it by hand. I finally > > found it, the outlen variable was not initialized, it should

Re: [PATCH 3/3] MINOR: haproxy: Add `-cc` argument

2021-06-08 Thread Willy Tarreau
Tim, Max, On Sun, Jun 06, 2021 at 12:50:22AM +0200, Maximilian Mader wrote: > This is a cleaned-up version of Tim's PoC patch. > The documentation has been updated to reflect the changes. > A simple VTest test is included as well. Note the use of VTest's cmd > feature to skip the test if the

Re: [PATCH 2/3] CLEANUP: Make errptr const in `parse_line()`

2021-06-08 Thread Willy Tarreau
Hi Max, On Sun, Jun 06, 2021 at 12:50:21AM +0200, Maximilian Mader wrote: > Hi, > I'm not sure whether this change causes any non-obvious issues but the > compiler was happy. There's no issue for this. Adding a const somewhere will either cause build failures or have no visible consequences,

Re: [PATCH] DOC: use the req.ssl_sni in examples

2021-06-08 Thread Willy Tarreau
Hi Alex, On Sat, Jun 05, 2021 at 01:31:07PM +0200, Aleksandar Lazic wrote: > Hi. > > This patch fixes the usage of req_ssl_sni in the doc. Ah good catch, applied, thank you! > Any plan to remove the old keyword or add some warning that this > keyword is deprecated? Good question, could be,

Re: Official ubuntu 20 repository

2021-06-08 Thread Willy Tarreau
On Tue, Jun 08, 2021 at 10:50:11AM +0300, Valters Jansons wrote: > > > term "official" maybe treated as "ubuntu official" or "haproxy official". > > > while "ubuntu official" are indeed slow, vbernat PPA is considered as > > > "haproxy official". > > > > I agree, that's what I was about to add as

Re: Official ubuntu 20 repository

2021-06-08 Thread Willy Tarreau
On Mon, Jun 07, 2021 at 12:58:22PM +0500, ??? wrote: > ??, 7 ???. 2021 ?. ? 12:20, Valters Jansons : > > > On Mon, Jun 7, 2021 at 12:34 AM Ismail Azerty > > wrote: > > > For some security reasons, our security teams want us to use the > > official repository, or recompile the whole

Re: Bad backend selected

2021-06-08 Thread Willy Tarreau
On Mon, Jun 07, 2021 at 07:13:43PM +0200, t...@bastelstu.be wrote: > Artur, > > [cc'ing Amaury] > > Am 2021-06-07 16:46, schrieb Artur: > > However the only difference is the 443 port explicitly specified in the > > later request. > > I am not sure it's something specific to 2.4.0, but I've

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-05 Thread Willy Tarreau
On Sun, Jun 06, 2021 at 12:51:53AM +0200, Tim Düsterhus wrote: > Ilya, > > On 6/5/21 5:10 AM, ??? wrote: > > here are two patches: > > > > - deprecated warnings suppressed > > - openssl-3.0.0 enabled > > > > In the second patch you forgot the 'CI:' prefix in the commit message. > >

Re: [PATCH] CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests

2021-06-04 Thread Willy Tarreau
On Mon, May 31, 2021 at 11:07:29PM +0200, Tim Duesterhus wrote: > The legacy HTTP subsystem has been removed. HTX is always enabled. Now merged, thank you Tim! Willy

Re: [PR] DOC: Fix typo in starter guide

2021-05-27 Thread Willy Tarreau
On Sat, May 22, 2021 at 08:23:02PM +0200, PR Bot wrote: > Dear list! > > Author: Mark Mullan > Number of patches: 1 > > This is an automated relay of the Github pull request: >DOC: Fix typo in starter guide > > Patch title(s): >DOC: Fix typo in starter guide (...) Applied, thanks.

Re: Software Design for source code?

2021-05-27 Thread Willy Tarreau
Hi, On Fri, May 21, 2021 at 12:30:26PM +0200, Robert Ionescu wrote: > Hi, > > Are there any sources which are overviewing the HAProxy software design in > images or similar? > I would like to get a better understanding of the HAProxy components. There are *some* docs in doc/internals/, in

Re: [ANNOUNCE] haproxy-2.4.0

2021-05-27 Thread Willy Tarreau
On Wed, May 26, 2021 at 02:40:22PM +0200, William Dauchy wrote: > Regarding prometheus, it should probably noted some major changes > regarding some metrics, such as for health check, where the value is > now located in a label, instead of the value of the metric itself: > see also >

Re: how to write to a file safely in haproxy

2021-05-27 Thread Willy Tarreau
Hi, On Wed, May 26, 2021 at 10:43:17PM +0530, reshma r wrote: > Hi Tim thanks a lot for the reply. I am not familiar with what a sidecar > process is. I will look into it. If it is specific to haproxy, if you could > point to some relevant documentation that would be helpful. It's not specific

Re: [PATCH] MINOR: cfgparse: Fail when encountering extra arguments in macro

2021-05-26 Thread Willy Tarreau
On Wed, May 26, 2021 at 05:45:33PM +0200, Tim Duesterhus wrote: > This resolves GitHub issue #1124. > > This change should be backported as a *warning* to 2.4. Merged, thank you Tim! Willy

Re: [EXTERNAL] Re: Connections initiated from back end timeout if routed to same back end

2021-05-26 Thread Willy Tarreau
On Wed, May 26, 2021 at 03:46:36PM -0700, Peter Scott (US 172D) wrote: > > > frontend internal_http_80 > > >    bind xxx.xxx.xxx.xxx:80 transparent > > >    default_backend internal_http_80_backend > > > > > > backend internal_http_80_backend > > >    balance leastconn > > >    source 0.0.0.0

Re: Termination Code 'CC' + HTTP status?

2021-05-25 Thread Willy Tarreau
On Tue, May 25, 2021 at 11:09:22AM +0200, Tim Düsterhus, WoltLab GmbH wrote: > Okay, here it is: > > https://github.com/haproxy/haproxy/issues/1266 Thank you! Willy

Re: Termination Code 'CC' + HTTP status?

2021-05-25 Thread Willy Tarreau
On Tue, May 25, 2021 at 10:30:27AM +0200, Tim Düsterhus, WoltLab GmbH wrote: > > The 503 is just a byproduct of the aborted connection. That can sound > > strange but what happens here is that the status was set after it was > > noticed the processing ended without being able to connect to any

Re: Termination Code 'CC' + HTTP status?

2021-05-21 Thread Willy Tarreau
Hi Tim, On Fri, May 21, 2021 at 10:22:15AM +0200, Tim Düsterhus, WoltLab GmbH wrote: > Hi List > > [this email is not subscribed, please keep it in Cc] > > I'd like your advice on a few log entries that confuse me. I am seeing HTTP > 2.0 requests dying with a termination code of 'CC', i.e.: >

Re: haproxy 1.8.30 lots of CD-- errors

2021-05-20 Thread Willy Tarreau
Hi Jonathan, On Thu, May 20, 2021 at 08:22:59AM +1200, Jonathan Opperman wrote: > Hi All, > > I've had to remove h2 from all my front-ends, the issue seems to be gone > after doing this, any ideas? I saw a similar > post from a previous release of haproxy, but in all my >

Re: [PATCH] BUILD/MINOR: opentracing: fixed build when using clang

2021-05-19 Thread Willy Tarreau
On Tue, May 18, 2021 at 08:15:15PM +0200, Miroslav Zagorac wrote: > Hello, > > this patch should solve the github issue #1242. Applied, thank you Miroslav! Willy

Re: Connections initiated from back end timeout if routed to same back end

2021-05-19 Thread Willy Tarreau
Hello, On Wed, May 19, 2021 at 01:52:10PM -0700, Peter Scott (US 172D) wrote: > We have observed some behavior we do not understand with > haproxy-1.5.18-6.e17.x86_64 and need help determining what is going on and > how to get the desired behavior. > > The behavior: When an HTTP request is

Re: HAProxy-1.8 sometimes sends a shorter html when using multithread function

2021-05-18 Thread Willy Tarreau
Hi Ryan, On Tue, May 18, 2021 at 10:54:11AM -0500, Ryan O'Hara wrote: > > > I confirmed haoproxy's log message corresponded to the > > > shorter html, the following line is one of them. > > > > > > 2021-03-23T15:54:46.869626+09:00 lb01 [err] haproxy[703957]: > > > 192.168.1.73:60572

Re: [PATCH] CI: enable OpenTracing feature

2021-05-18 Thread Willy Tarreau
On Tue, May 18, 2021 at 01:32:56PM +0200, Tim Düsterhus wrote: > Willy, > > On 5/18/21 12:42 PM, ??? wrote: > > this enables OpenTracing for CI builds. > > This one looks good to me. Applied, thanks guys. Willy

Re: [PATCH] move VTest installation to scripts/build-vtest.sh

2021-05-18 Thread Willy Tarreau
On Tue, May 18, 2021 at 12:07:17PM +0200, Tim Düsterhus wrote: > Ilya, > > On 5/18/21 11:50 AM, ??? wrote: > > I wonder if we can benefit from dependent steps, i.e. build VTest just once > > and deliver binary to other containers (instead of building it every time). > > > > The

Re: HAProxy-1.8 sometimes sends a shorter html when using multithread function

2021-05-18 Thread Willy Tarreau
Hello, On Mon, May 17, 2021 at 09:47:10AM +0900, Kazuhiro Takenaka wrote: > Hello > > This is my first post to this mailing list. > I am not good at using English, so feel free to ask me > if my text is hard to understand. Rest assured that the majority of participants here (me included) do not

Re: unexpected asan behaviour

2021-05-18 Thread Willy Tarreau
On Tue, May 18, 2021 at 01:16:05PM +0500, ??? wrote: > Maybe sudo drops env variables Most sudo do that by default, indeed. Usually you have to use "sudo -E": $ sudo env|wc -l 19 $ sudo -E env|wc -l 70 Willy

Re: [PATCH] move VTest installation to scripts/build-vtest.sh

2021-05-18 Thread Willy Tarreau
On Sat, May 15, 2021 at 05:53:57PM +0200, Tim Düsterhus wrote: > Willy, > Ilya, > > On 5/15/21 8:58 AM, ??? wrote: > > I attached a patch that uses "curl". on a distance it seems to be faster > > for 50% > > > > This one looks good to me. Now merged, thanks guys. A quick comment

Re: [ANNOUNCE] haproxy-2.4.0

2021-05-14 Thread Willy Tarreau
On Fri, May 14, 2021 at 02:23:21PM +0200, Tim Düsterhus wrote: > Willy, > > On 5/14/21 11:56 AM, Willy Tarreau wrote: > > And of course there's all the invisible stuff being done on the internals > > to improve the code, make it more extensible, more reliable or faster. I &

  1   2   3   4   5   6   7   8   9   10   >