Re: haproxy does not correctly handle MSS on Freebsd

2016-08-21 Thread k simon
Thank you, Lukas. I would investigate it a bit more. Simon 20160821

Re: haproxy does not correctly handle MSS on Freebsd

2016-08-19 Thread k simon
Hi Lukas, Hi Simon, Am 19.08.2016 um 12:41 schrieb k simon: Hi,List: Haproxy's throughput is much less than nginx or squid on FreeBSD and it's high cpu usage often. When I investigate it a bit more, I found haproxy does not correctly handle MSS on FreeBSD. Your kernel d

Re: haproxy does not correctly handle MSS on Freebsd

2016-08-19 Thread k simon
Hi,List: Haproxy's throughput is much less than nginx or squid on FreeBSD and it's high cpu usage often. When I investigate it a bit more, I found haproxy does not correctly handle MSS on FreeBSD. 1. When haproxy bind to a physical interface and change net.inet.tcp.mssdflt to a large value.

haproxy does not correctly handle MSS on Freebsd

2016-08-19 Thread k simon
Hi,List: Haproxy's throughput is much less than nginx or squid on FreeBSD and it's high cpu usage often. When I investigate it a bit more, I found haproxy does not correctly handle MSS on FreeBSD. 1. When haproxy bind to a physical interface and change net.inet.tcp.mssdflt to a large value. H

Does haproxy use regex for balance url_param lookup?

2016-06-26 Thread k simon
Hi, lists, I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10 with 800K-1M syscalls. I change the balance algo to "uri" and delete all the regular expressions can work around it. There maybe some bug with PCRE on FreeBSD or some bug in haproxy, but I can't confirm it. And d

subscribe

2016-06-26 Thread k simon

Re: can not set mss on FreeBSD 10

2014-05-13 Thread k simon
Thank you, Lukas. Maybe I can workaround it on the front router. Regards Simon 于 14-5-13 23:29, Lukas Tribus 写道: Hi Simon, Hi,Lists, I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below: # /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf [WARNING] 132/170407 (71806) : Starti

Re: Socket Read Errors and Timeouts on FreeBSD

2014-05-13 Thread k simon
Hi,Willy, Oh and BTW, are you running with PF ? I have some old memories of PF abusively randomizing sequence numbers and preventing new connections from being initiated using a same source port from the came client. It was so odd that I had to disable it on my home reverse-proxy running OpenBSD

can not set mss on FreeBSD 10

2014-05-13 Thread k simon
Hi,Lists, I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below: # /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf [WARNING] 132/170407 (71806) : Starting frontend http-in: cannot set MSS # haproxy -vv HA-Proxy version 1.4.25 2014/03/27 Copyright 2000-2014 Willy Tarreau Build

about pcre

2014-05-07 Thread k simon
Hi,Lists, I found I can not share the same regex txt for haproxy and squid. And I noticed that haproxy use OS libc's regex by default, and can change it with compile parameters "REGEX=pcre". Should I recompile haproxy and share the same regex txt? Regards Simon

Re: 1.5 dev22 issue on freebsd10-stable

2014-04-16 Thread k simon
于 14-4-16 21:35, Willy Tarreau 写道: On Wed, Apr 16, 2014 at 02:32:03PM +0100, Simon Dick wrote: On 16 April 2014 13:41, Ghislain wrote: Le 16/04/2014 08:39, Willy Tarreau a écrit : On a personal note, I'd say that I consider the support for strace and tcpdump as absolute prerequisite when i

Re: 1.5 dev22 issue on freebsd10-stable

2014-04-15 Thread k simon
:40, Willy Tarreau 写道: Hi Simon, On Wed, Apr 16, 2014 at 10:25:46AM +0800, k simon wrote: Hi,Willy, You must never have timewaits on a client, only on a server. So if on your haproxy box you're seeing timewaits for connections going to the backend servers, there's something wrong. H

Re: 1.5 dev22 issue on freebsd10-stable

2014-04-15 Thread k simon
Hi,Willy, > You must never have timewaits on a client, only on a server. So if > on your haproxy box you're seeing timewaits for connections going > to the backend servers, there's something wrong. Haproxy deploys > great efforts at avoiding them by doing a setsockopt(SO_LINGER) to > force the sy

Re: 1.5 dev22 issue on freebsd10-stable

2014-04-15 Thread k simon
900+, is TW state really a problem ? I have set the portrange from 12000 to 6. Simon 于 14-4-15 18:15, Willy Tarreau 写道: Hi Simon, On Tue, Apr 15, 2014 at 04:22:35PM +0800, k simon wrote: Hi,List, I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below, it's gene

1.5 dev22 issue on freebsd10-stable

2014-04-15 Thread k simon
Hi,List, I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below, it's generate about 2-3 errors per minute when using "http-keep-alive" ,it's about 5-8 errors per minute with "http-server-close". I tried use "source ip:port1-port2" in "server" section, but nothing helped. Then I st

recent test for dev22 on BSD

2014-03-20 Thread k simon
Hi,lists, I tested dev22 on FreeBSD 10-stable recently, and found: 1. "ipfw fwd" works well with dev22+tproxy. It's have a nice guide in the /usr/local/share/examples. But pf's divert-to and divert-reply can't work with haproxy. Maybe haproxy does not use "getsockname(2)" and "setsockopt(2)". 2.

Re: Does http-request worked with tunnel mode?

2014-03-14 Thread k simon
Is it possible add X-Foward-For for each request in http-tunnel mode ? Simon 于 14-3-11 11:53, k simon 写道: > Hi,List, > > I am puzzled with "set a header" for each request in "tunnel mode". > As I know, tunnel mode only analyze the first transaction

Does http-request worked with tunnel mode?

2014-03-10 Thread k simon
Hi,List, I am puzzled with "set a header" for each request in "tunnel mode". As I know, tunnel mode only analyze the first transaction. But the "tcp-request content" documented it can be evaluated again by the rules being evaluated again for the next request. As "tcp-request content" only ca

Re: HAProxy graceful restart old process not going away

2014-01-27 Thread k simon
We got the simlar problem, then capture the traffic and found it's result in websocket. So we had to kill the old process manually when finished graceful restart. 于 28/1/14 下午2:37, Willy Tarreau 写道: On Mon, Jan 27, 2014 at 11:24:46PM +, Wei Kong wrote: We use /usr/sbin/haproxy -f /e

Re: Feature request: TOS based ACL.

2014-01-02 Thread k simon
"man ip" on the freebsd box: If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the recvmsg(2) call will return the IP TTL (time to live) field for a UDP datagram. The msg_control field in the msghdr structure points to a buffer that contains a cmsghdr structure followed by the TTL. The

Re: HAProxy Next?

2013-12-17 Thread k simon
-haproxy is a good tcp proxy ,now it can classify http traffic, and it's cool to classify other type traffic such as telnet\ssh\ftp etc. ? 17/12/13 ??4:14, Annika Wickert ??: Hi all, we did some thinking about how to improve haproxy and which features we’d like to see in next versions.

Re: RES: RES: RES: RES: RES: RES: RES: RES: High CPU Usage (HaProxy)

2013-11-07 Thread k simon
I ran a haproxy(nbproc=6) on freebsd 10-beta2, each frontend bind to a socket and share the same backend. Context switch normally 60k+. But the load and throughput is confused me, in the past days I ran a haproxy instance (nbproc=1), it can handle up to 500Mbps traffic . The info below

Does haproxy in transparent mode support FreeBSD's divert mechanism ?

2013-11-06 Thread k simon
Hi, All: In the past day, I want use pf’s “reply-to” on freebsd to solve ip address overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply” cannot work with haproxy on the same machine. Does haproxy in transparent mode support FreeBSD’s divert mechanism ? Regards Si

Does haproxy in transparent mode support FreeBSD's divert mechanism ?

2013-11-06 Thread k simon
Hi, All: In the past day, I want use pf’s “reply-to” on freebsd to solve ip address overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply” cannot work with haproxy on the same machine. Does haproxy in transparent mode support FreeBSD’s divert mechanism ? Regards Sim

Re: ACL HTTP not capture all the HTTP traffic ?

2013-07-24 Thread k simon
option transparent option abortonclose Regards Simon 在 2013-7-21,下午6:32, k simon 写道: > Hi all, > > We changed the "http-server-close" to "http-close", and found we resolved > the problem. Now haproxy can accurate distinguished

Re: ACL HTTP not capture all the HTTP traffic ?

2013-07-21 Thread k simon
Hi all, We changed the "http-server-close" to "http-close", and found we resolved the problem. Now haproxy can accurate distinguished the "http" and "non http" traffic. Obviously content inspection works well with short connection, but not long connection. And now, 20k+ "fin_wait_2" and "clo