coredump in h2_process_mux with 1.9.0-8223050

2019-01-08 Thread PiBa-NL
Hi List, Willy, Got a coredump of 1.9.0-8223050 today, see below. Would this be 'likely' the same one with the 'PRIORITY' that 1.9.1 fixes? I don't have any idea what the exact circumstance request/response was.. Anyhow i updated my system to 2.0-dev0-251a6b7 for the moment, lets see if

Re: [PATCH] REGTEST: filters: add compression test

2019-01-08 Thread PiBa-NL
Hi Frederic, Op 7-1-2019 om 10:13 schreef Frederic Lecaille: On 12/23/18 11:38 PM, PiBa-NL wrote: As requested hereby the regtest send for inclusion into the git repository. It is OK like that. Note that you patch do not add reg-test/filters/common.pem which could be a symlink to

Re: regtests - with option http-use-htx

2019-01-08 Thread PiBa-NL
Hi Frederic, Op 8-1-2019 om 16:27 schreef Frederic Lecaille: On 12/15/18 4:52 PM, PiBa-NL wrote: Hi List, Willy, Trying to run some existing regtests with added option: option http-use-htx Using: HA-Proxy version 1.9-dev10-c11ec4a 2018/12/15 I get the below issues sofar: based on

Re: haproxy issue tracker discussion

2019-01-08 Thread Tim Düsterhus
Willy, Am 08.01.19 um 18:30 schrieb Willy Tarreau: > I totally agree. This is the tool I'm missing the most currently. I'm > not aware of a *good* and manageable issue tracker. Having a status for > a bug per branch most likely eliminates most of them... I'm not sure this is required. The

Re: regtests - with option http-use-htx

2019-01-08 Thread Frederic Lecaille
On 1/8/19 9:05 PM, PiBa-NL wrote: Hi Frederic, Op 8-1-2019 om 16:27 schreef Frederic Lecaille: On 12/15/18 4:52 PM, PiBa-NL wrote: Hi List, Willy, Trying to run some existing regtests with added option: option http-use-htx Using: HA-Proxy version 1.9-dev10-c11ec4a 2018/12/15 I get the

Re: haproxy issue tracker discussion

2019-01-08 Thread Willy Tarreau
On Tue, Jan 08, 2019 at 07:18:07PM +0100, Tim Düsterhus wrote: > Willy, > > Am 08.01.19 um 18:30 schrieb Willy Tarreau: > > I totally agree. This is the tool I'm missing the most currently. I'm > > not aware of a *good* and manageable issue tracker. Having a status for > > a bug per branch most

[PATCH] BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template

2019-01-08 Thread cripy
Hi, I found a segfault when using server-template within 1.9.x and 2.0-dev. This seems to be related to "http-reuse" as when I set to "never" it does not crash anymore. It appears that idle_orphan_conns is not being properly initialized for the first server within the server-template. I was

Re: coredump in h2_process_mux with 1.9.0-8223050

2019-01-08 Thread Willy Tarreau
On Wed, Jan 09, 2019 at 02:09:47AM +0100, Tim Düsterhus wrote: > Pieter, > > Am 08.01.19 um 23:37 schrieb PiBa-NL: > > Got a coredump of 1.9.0-8223050 today, see below. Would this be 'likely' > > the same one with the 'PRIORITY' that 1.9.1 fixes? > > Without knowing much about the mux code: This

Re: coredump in h2_process_mux with 1.9.0-8223050

2019-01-08 Thread Tim Düsterhus
Pieter, Am 08.01.19 um 23:37 schrieb PiBa-NL: > Got a coredump of 1.9.0-8223050 today, see below. Would this be 'likely' > the same one with the 'PRIORITY' that 1.9.1 fixes? Without knowing much about the mux code: This is highly unlikely to be related. In my tests the bug lead to an immediate

Re: haproxy reload terminated with master/worker

2019-01-08 Thread Emmanuel Hocdet
> Le 8 janv. 2019 à 15:02, William Lallemand a écrit : > > On Tue, Jan 08, 2019 at 02:03:22PM +0100, Tim Düsterhus wrote: >> Emmanuel, >> >> Am 08.01.19 um 13:53 schrieb Emmanuel Hocdet: >>> Without master/worker, haproxy reload work with an active waiting (haproxy >>> exec). >>> With

Re: haproxy reload terminated with master/worker

2019-01-08 Thread William Lallemand
On Tue, Jan 08, 2019 at 02:03:22PM +0100, Tim Düsterhus wrote: > Emmanuel, > > Am 08.01.19 um 13:53 schrieb Emmanuel Hocdet: > > Without master/worker, haproxy reload work with an active waiting (haproxy > > exec). > > With master/worker, kill -USR2 return immediately: Is there a way to know >

[ANNOUNCE] haproxy-1.9.1

2019-01-08 Thread Willy Tarreau
Hi, HAProxy 1.9.1 was released on 2019/01/08. It added 90 new commits after version 1.9.0. One of them fixes a security issue discovered by Tim Düsterhus (CVE-2018-20615) : BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used An incorrect frame length check is performed on

Re: State of 0-RTT TLS resumption with OpenSSL

2019-01-08 Thread Willy Tarreau
On Tue, Jan 08, 2019 at 03:27:58PM +0100, Olivier Houchard wrote: > On Tue, Jan 08, 2019 at 03:00:32PM +0100, Janusz Dziemidowicz wrote: > > pt., 4 sty 2019 o 11:59 Olivier Houchard > > napisa??(a): > > However, I believe in general this is a bit more complicated. RFC 8446 > > described this in

Re: State of 0-RTT TLS resumption with OpenSSL

2019-01-08 Thread Janusz Dziemidowicz
pt., 4 sty 2019 o 11:59 Olivier Houchard napisał(a): > I understand the concern. > I checked and both nghttp2 and nginx disable the replay protection. The idea > is you're supposed to allow early data only on harmless requests anyway, ie > ones that could be replayed with no consequence. Sorry

[ANNOUNCE] haproxy-1.8.17

2019-01-08 Thread Willy Tarreau
Hi, HAProxy 1.8.17 was released on 2019/01/08. It added 12 new commits after version 1.8.16. One of them fixes a security issue discovered by Tim Düsterhus (CVE-2018-20615) : BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used An incorrect frame length check is performed

Re: State of 0-RTT TLS resumption with OpenSSL

2019-01-08 Thread Olivier Houchard
On Tue, Jan 08, 2019 at 03:00:32PM +0100, Janusz Dziemidowicz wrote: > pt., 4 sty 2019 o 11:59 Olivier Houchard napisa??(a): > > I understand the concern. > > I checked and both nghttp2 and nginx disable the replay protection. The idea > > is you're supposed to allow early data only on harmless

Re: [PATCH] ssl certificates load speedup and dedup (pem/ctx)

2019-01-08 Thread Emmanuel Hocdet
Hi Emeric, > Le 7 janv. 2019 à 18:11, Emeric Brun a écrit : > > Hi Manu, > > On 1/7/19 5:59 PM, Emmanuel Hocdet wrote: >> It's better with patches… >> >>> Le 7 janv. 2019 à 17:57, Emmanuel Hocdet >> > a écrit : >>> >>> Hi, >>> >>> Following the first patch series

Re: compression in defaults happens twice with 1.9.0

2019-01-08 Thread Christopher Faulet
Le 07/01/2019 à 22:08, PiBa-NL a écrit : Hi Christopher, Op 7-1-2019 om 16:32 schreef Christopher Faulet: Le 06/01/2019 à 16:22, PiBa-NL a écrit : Hi List, Using both 1.9.0 and 2.0-dev0-909b9d8 compression happens twice when configured in defaults. This was noticed by user walle303 on IRC.

Re: [PATCH 1/1] REGTEST: Add some informatoin to test results.

2019-01-08 Thread Christopher Faulet
Le 08/01/2019 à 11:30, flecai...@haproxy.com a écrit : From: Frédéric Lécaille When the reg tests fail, it may be useful to display additional information coming from varnishtest, especially when this latter aborts. In such case, the test output may be made of lines prefixed by "* diag"

[PATCH 0/1] Be more verbous when reg tests fail.

2019-01-08 Thread flecaille
From: Frédéric Lécaille With this patch when the test fails it may be useful to collect additional information coming from varnishtes especially when this latter aborts. For instance without this patch reg-tests/mailers/k_healthcheckmail.vtc does not produce relevant information. $

Re: [PATCH] REG-TEST: mailers: add new test for 'mailers' section

2019-01-08 Thread Frederic Lecaille
On 1/7/19 9:24 PM, PiBa-NL wrote: Hi Willy, Op 7-1-2019 om 15:25 schreef Willy Tarreau: Hi Pieter, On Sun, Jan 06, 2019 at 04:38:21PM +0100, PiBa-NL wrote: The 23654 mails received for a failed server is a bit much.. I agree. I really don't know much how the mails work to be honest, as I

Re: haproxy issue tracker discussion

2019-01-08 Thread Willy Tarreau
Hi guys, sorry for the long delay, it was not the best week for me to restart all of this discussion, but now it's OK, I'm catching up! On Sun, Jan 06, 2019 at 05:29:43PM +0100, Lukas Tribus wrote: > Hello everyone, > > > as per Tim's suggestion I'm restarting the discussion about the issue >

Re: haproxy issue tracker discussion

2019-01-08 Thread Willy Tarreau
On Sun, Jan 06, 2019 at 07:41:08PM +0300, Alexey Elymanov wrote: > Ansible, for example (https://github.com/ansible/ansible/issues), uses some > advanced automation and templates to manage their enormous issues stream. > Issue are checked against conforming rules/tests/codestyle checks or, for >

Re: regtests - with option http-use-htx

2019-01-08 Thread Frederic Lecaille
On 12/15/18 4:52 PM, PiBa-NL wrote: Hi List, Willy, Trying to run some existing regtests with added option: option http-use-htx Using: HA-Proxy version 1.9-dev10-c11ec4a 2018/12/15 I get the below issues sofar: based on /reg-tests/connection/b0.vtc Takes 8 seconds to pass, in a

Re: [PATCH] REG-TEST: mailers: add new test for 'mailers' section

2019-01-08 Thread Willy Tarreau
On Tue, Jan 08, 2019 at 09:31:22AM +0100, Frederic Lecaille wrote: > Indeed this script could worked with a short mailer timeout before af4021e6 > commit. Another git bisect shows that 53216e7d introduced the email bombing > issue. > > Note that 33a09a5f refers to 53216e7d commit. > > I am not

[PATCH 0/1] A basic reg test for HTTP header captures

2019-01-08 Thread flecaille
From: Frédéric Lécaille Hi ML, Here is a basic test to check that this is the last occurence of request/response headers which are sent to the logs. Fred. Frédéric Lécaille (1): REGTEST: "capture (request|response)" regtest. reg-tests/http-capture/h0.vtc | 92

[PATCH 1/1] REGTEST: "capture (request|response)" regtest.

2019-01-08 Thread flecaille
From: Frédéric Lécaille --- reg-tests/http-capture/h0.vtc | 92 +++ 1 file changed, 92 insertions(+) create mode 100644 reg-tests/http-capture/h0.vtc diff --git a/reg-tests/http-capture/h0.vtc b/reg-tests/http-capture/h0.vtc new file mode

[PATCH 1/1] REGTEST: Add some informatoin to test results.

2019-01-08 Thread flecaille
From: Frédéric Lécaille When the reg tests fail, it may be useful to display additional information coming from varnishtest, especially when this latter aborts. In such case, the test output may be made of lines prefixed by "* diag" string. --- scripts/run-regtests.sh | 2 +- 1 file

haproxy reload terminated with master/worker

2019-01-08 Thread Emmanuel Hocdet
Hi, Without master/worker, haproxy reload work with an active waiting (haproxy exec). With master/worker, kill -USR2 return immediately: Is there a way to know when the reload is finished? ++ Manu

Important update in about one hour

2019-01-08 Thread Willy Tarreau
Hi all, Tim found a possible remote crash in the H2 code which requires a quick release for 1.8 and 1.9. I've already backported the patch, I'm preparing the new releases (1.9.1 and 1.8.17) that will be issued in around one hour (leaving some time for US to wake up). Distros were already notified

Re: haproxy reload terminated with master/worker

2019-01-08 Thread Tim Düsterhus
Emmanuel, Am 08.01.19 um 13:53 schrieb Emmanuel Hocdet: > Without master/worker, haproxy reload work with an active waiting (haproxy > exec). > With master/worker, kill -USR2 return immediately: Is there a way to know > when the reload is finished? > Are you using systemd with -Ws? haproxy