Re: Dynamic cookies support

2017-03-15 Thread Olivier Houchard
On Wed, Mar 15, 2017 at 03:52:04PM +0200, Jarno Huuskonen wrote: > Hi Olivier, > > On Tue, Mar 14, Olivier Houchard wrote: > > Hi guys, > > > > You'll find attached patches to add support for dynamically-generated > > session > > cookies for each

Dynamic cookies support

2017-03-14 Thread Olivier Houchard
l the load-balancers. Any comment would be welcome. Thanks ! Olivier >From a29344438de3777ab692978b5195adfd100f219f Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 14 Mar 2017 20:01:29 +0100 Subject: [PATCH 1/2] MINOR: server: Add dynamic session co

[PATCH] minor cleanup to the dynamic cookie code

2017-04-04 Thread Olivier Houchard
00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Tue, 4 Apr 2017 22:10:36 +0200 Subject: [PATCH] MINOR server: Restrict dynamic cookie check to the same proxy. Each time we generate a dynamic cookie, we try to make sure the same cookie hasn't been generated for another server,

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
socket, and close any socket nout bound to our process, to save a few file descriptors. Regards, Olivier >From 8d6c38b6824346b096ba31757ab62bc986a433b3 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 10:49:21PM +0200, Pavlos Parissis wrote: > On 07/04/2017 11:17 ????, Olivier Houchard wrote: > > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:57 , Olivier Houchard wrote: > >>> On Thu, Apr 06, 20

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > On 10/04/2017 08:09 ????, Olivier Houchard wrote: > > > > Hi, > > > > On top of those patches, here a 3 more patches. > > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
+ 1 + (stats_socket != NULL ? 2 : 0), sizeof(char *)); Regards, Olivier >From 526dca943b9cc89732c54bc43a6ce36e17b67890 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Sun, 9 Apr 2017 16:28:10 +0200 Subject: [PATCH 7/9] MINOR: systemd wrappe

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > Hi again, > > so I tried to get this to work, but didn't manage yet. I also don't quite > understand how this is supposed to work. The first haproxy process is > started _without_ the -x option, is that correct? Where does that

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote: > > Hi again, > > > > so I tried to get this to work, but didn't manage yet. I also don't quite > > understand how this is supposed

Re: [RFC][PATCHES] seamless reload

2017-04-11 Thread Olivier Houchard
On Tue, Apr 11, 2017 at 08:16:48PM +0200, Willy Tarreau wrote: > Hi guys, > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > > IMHO: a better name would be 'stats nounsedsockets', as it is referring to a > > generic functionality of UNIX stats socket, rather to a very specific

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
vier >From 7dc2432f3a7c4a9e9531adafa4524a199e394f90 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 12 Apr 2017 19:32:15 +0200 Subject: [PATCH 10/10] MINOR: tcp: Attempt to reset TCP_MAXSEG when reusing a socket. Guess the default value for TCP_MAXSEG by

Re: [RFC][PATCHES] seamless reload

2017-04-06 Thread Olivier Houchard
On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:25 μμ, Olivier Houchard wrote: > > Hi, > > > > The attached patchset is the first cut at an attempt to work around the > > linux issues with SOREUSEPORT that makes haproxy refuse

[RFC][PATCHES] seamless reload

2017-04-06 Thread Olivier Houchard
behavior instead of opening any missing socket ? I'm still undecided about that. Any testing, comments, etc would be greatly appreciated. Regards, Olivier >From f2a13d1ce2f182170f70fe3d5312a538788f5877 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 5 Apr 2017

Re: [RFC][PATCHES] seamless reload

2017-04-11 Thread Olivier Houchard
On Tue, Apr 11, 2017 at 01:23:42PM +0200, Pavlos Parissis wrote: > On 10/04/2017 11:52 μμ, Olivier Houchard wrote: > > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > >> On 10/04/2017 08:09 , Olivier Houchard wrote: > >>> > >>> Hi,

Re: [RFC][PATCHES] seamless reload

2017-04-12 Thread Olivier Houchard
On Wed, Apr 12, 2017 at 11:19:37AM -0700, Steven Davidovitz wrote: > I had a problem testing it on Mac OS X, because cmsghdr is aligned to 4 > bytes. I changed the CMSG_ALIGN(sizeof(struct cmsghdr)) call to CMSG_LEN(0) > to fix it. > Oh right, I'll change that. Thanks a lot ! Olivier

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > Hi Olivier, > > On 04/12/2017 06:09 PM, Olivier Houchard wrote: > > On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote: > >> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffma

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote: > > > On 04/13/2017 02:28 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 11:31 AM, Olivier Houchard wrote: > >>> On Thu, Apr

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 11:31 AM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote: > >> Hi Olivier, > >> > >> On 04/12/2017 06:09 PM, Olivier Houchard wrote:

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
s (verbose=0) at src/proxy.c:793 > #8 0x004091ec in main (argc=21, argv=0x7ffccc775168) at > src/haproxy.c:1942 Ok, yet another stupid mistake, hopefully the attached patch fixes this :) Thanks ! Olivier >From 7c7fe0c00129d60617cba786cbec7bbdd9ce08f8 Mon Sep 17 00:00:00 2001 Fro

[PATCH] minor harmless bugfix in server_parse_sni_expr

2017-04-20 Thread Olivier Houchard
p 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 20 Apr 2017 18:21:17 +0200 Subject: [PATCH] MINOR: server: don't use "proxy" when px is really meant. In server_parse_sni_expr(), we use the "proxy" global variable, when we should probably be us

Re: [RFC][PATCHES] seamless reload

2017-04-13 Thread Olivier Houchard
On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > On 04/13/2017 05:10 PM, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: > >> Sure, here it is ;P > >> > >> I now get a segfault (on reload): >

Re: [RFC][PATCHES] seamless reload

2017-04-07 Thread Olivier Houchard
On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > On 06/04/2017 04:57 ????, Olivier Houchard wrote: > > On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:25 , Olivier Houchard wrote: > >>> Hi, > >>>

[PATCH] Fix haproxy hangs on FreeBSD >= 11

2017-04-19 Thread Olivier Houchard
rom 163be439a8bc6e5aa1cf3fea0f086d518ddad0a9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 19 Apr 2017 11:34:10 +0200 Subject: [PATCH] BUG/MAJOR: Use -fwrapv. Haproxy relies on signed integer wraparound on overflow, however this is really an undefined behavior, so the C compiler i

Re: [RFC][PATCHES] seamless reload

2017-04-19 Thread Olivier Houchard
On Wed, Apr 19, 2017 at 09:58:27AM +0200, Pavlos Parissis wrote: > On 13/04/2017 06:18 μμ, Olivier Houchard wrote: > > On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: > >> On 04/13/2017 05:10 PM, Olivier Houchard wrote: > >>> On Thu, Apr 13, 20

Re: FreeBSD CPU Affinity

2017-08-16 Thread Olivier Houchard
esting on FreeBSD-10-stable though. > > > > May be you add return code check for cpuset_setaffinity() and log > > possible error? > > Output of from truss on starup yields this: > > 3862: cpuset_setaffinity(0x3,0x2,0x,0x8,0x773dd0) ERR#34 > 'Resul

Re: FreeBSD CPU Affinity

2017-08-16 Thread Olivier Houchard
On Wed, Aug 16, 2017 at 11:43:30AM -0400, Mark Staudinger wrote: > On Wed, 16 Aug 2017 11:32:01 -0400, Olivier Houchard <ohouch...@haproxy.com> > wrote: > > > On Wed, Aug 16, 2017 at 11:28:52AM -0400, Mark Staudinger wrote: > > > On Wed, 16 Aug 2017 10:47:32 -0400, D

[PATCH][MINOR] rename the raw socket constructor

2017-08-14 Thread Olivier Houchard
Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 14 Aug 2017 15:59:44 +0200 Subject: [PATCH] MINOR: Use a better name for the constructor than __ssl_sock_deinit() --- src/raw_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/raw_soc

Minor bugfix

2017-07-17 Thread Olivier Houchard
Hi guys, The attached patch fixes a potential use after free, if for some reason we failed to get the address of a transfered socket. It should be fairly safe to apply. Regards, Olivier >From 6fa0e381b38d3a9a3d29e59cbcca34fb1d375e3e Mon Sep 17 00:00:00 2001 From: Olivier Houchard <

Re: [PATCHES] SRV record support

2017-08-09 Thread Olivier Houchard
Hi, After some review and tests by Baptiste, here comes an updated patchset, with a few bugfixes. This one is probably mergeable. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2

[PATCHES] SRV record support

2017-08-04 Thread Olivier Houchard
nfig. Any testing would be greatly appreciated. Regards, Olivier >From 1b408464590fea38d8a45b2b7fed5c615465a858 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 6 Jul 2017 18:46:47 +0200 Subject: [PATCH 1/4] MINOR: dns: Cache previous DNS answers. As DNS ser

Re: [PATCHES] SRV record support

2017-08-07 Thread Olivier Houchard
Hi, On Fri, Aug 04, 2017 at 09:18:30PM +0200, Willy Tarreau wrote: > Just a few questions and minor comments below : > > On Fri, Aug 04, 2017 at 06:49:43PM +0200, Olivier Houchard wrote: > > This also adds support for SRV records. To use them, simply use a SRV label > >

Re: FreeBSD CPU Affinity

2017-08-17 Thread Olivier Houchard
On Thu, Aug 17, 2017 at 04:27:55PM +0300, Dmitry Sivachenko wrote: > > > On 16 Aug 2017, at 18:32, Olivier Houchard <ohouch...@haproxy.com> wrote: > > > > > > > > I think I know what's going on. > > Can you try the attached patch ? > > &g

Re: [RFC][PATCHES] seamless reload

2017-05-04 Thread Olivier Houchard
On Thu, May 04, 2017 at 10:03:07AM +, Pierre Cheynier wrote: > Hi Olivier, > > Many thanks for that ! As you know, we are very interested on this topic. > We'll test your patches soon for sure. > > Pierre Hi Pierre :) Thanks ! I'm very interested in knowing how well it works for you. Maybe

Re: [RFC][PATCHES] seamless reload

2017-05-08 Thread Olivier Houchard
Hi Pavlos, On Sun, May 07, 2017 at 12:05:28AM +0200, Pavlos Parissis wrote: [...] > Ignore ignore what I wrote, I am an idiot I am an idiot as I forgot the most > important bit of the test, to enable the seamless reload by suppling the > HAPROXY_STATS_SOCKET environment variable:-( > > I added

[PATCH] Properly handle weight increase with consistent weight

2017-10-17 Thread Olivier Houchard
as needed. Regards, Olivier >From a8d290e08d4820fe5058ba00fd4ef762e562cb69 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 15:52:59 +0200 Subject: [PATCH] MINOR: server: Handle weight increase in consistent hash. When the server weight is ri

[PATCH] checks: Add a keyword to specify the SNI in health checks

2017-10-17 Thread Olivier Houchard
Hi, The attached patch adds a new keyword to servers, "check-sni", that lets you specify which SNI to use when doing health checks over SSL. Regards, Olivier >From 24779f0985041f4e680855d453a4bc5d096756f9 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com>

Re: Reload takes about 3 minutes

2017-10-13 Thread Olivier Houchard
Hi Joel, On Fri, Oct 13, 2017 at 03:22:56PM +0200, Joel W Kall wrote: > Got some results from strace. Running the reload with sudo takes about 3 > minutes and shows that it spends most of the time on: > > 14:39:38.077925 poll([{fd=6, events=POLLIN}], 1, -1) = ? > ERESTART_RESTARTBLOCK

[PATCH][MINOR] Inline functions in common/net_helper.h

2017-09-13 Thread Olivier Houchard
rom: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 13 Sep 2017 11:49:22 +0200 Subject: [PATCH] MINOR: net_helper: Inline functions meant to be inlined. --- include/common/net_helper.h | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/common/net_h

[PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
(ctx = ssl_sock_generate_certificate(servername, s, ssl))) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return S

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
Hi Igor, On Tue, Oct 03, 2017 at 12:06:05AM +0800, Igor Pav wrote: > It's excited, does server line(client side) support 0-rtt? > Unfortunately, it does not yet. I'm investigating adding it. Regards, Olivier > On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard <ohouch...@haproxy.c

[PATCH] Reset a few more counters on "clear counters"

2017-10-18 Thread Olivier Houchard
rom: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 17 Oct 2017 19:23:25 +0200 Subject: [PATCH] MINOR: stats: Clear a bit more counters with in cli_parse_clear_counters(). Clear MaxSslRate, SslFrontendMaxKeyRate and SslBackendMaxKeyRate when clear counters is used, it was probably forgotten w

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-27 Thread Olivier Houchard
Hi Emmanuel, On Mon, Nov 27, 2017 at 05:17:54PM +0100, Emmanuel Hocdet wrote: > > Hi, > > This patch fix CO_FL_EARLY_DATA removal to have correct ssl_fc_has_early > reporting. It work for 'mode http'. > > It does not fix ssl_fc_has_early for 'mode tcp'. In this mode CO_FL_EARLY_DATA > should

Re: [PATCH] MINOR: ssl: Handle early data with BoringSSL

2017-11-24 Thread Olivier Houchard
Hi Willy, On Thu, Nov 23, 2017 at 07:44:13PM +0100, Willy Tarreau wrote: > On Thu, Nov 23, 2017 at 04:16:39PM +0100, Emmanuel Hocdet wrote: > > > > simplify patch: > > no need to bypass post SSL_do_handshake process, only remove > > CO_FL_EARLY_SSL_HS > > when handshake can't support early

[PATCH] Rename the global variable "proxy" to "proxies_list" replace-header

2017-11-24 Thread Olivier Houchard
ainly come back to bite us at some point. Regards, Olivier >From da26886c44f7bd9dff656c43498664fb3518775d Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 24 Nov 2017 16:54:05 +0100 Subject: [PATCH] MINOR/CLEANUP: proxy: rename "proxy" to "pr

[PATCH] do the handshake if we can't send early data

2017-11-22 Thread Olivier Houchard
rom 2c011f4bfa515495c47c2495510ee01b199d4a26 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 22 Nov 2017 17:38:37 +0100 Subject: [PATCH] BUG/MINOR: ssl: Always start the handshake if we can't send early data. The current code only tries to do the handshake in case we can't send early data

[PATCH] ssl/mux: Handle early data with multiple streams

2017-11-23 Thread Olivier Houchard
rom cdb181d78466a1ce2be2b8b621231ba2086f4979 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 23 Nov 2017 18:21:29 +0100 Subject: [PATCH 1/2] MINOR: ssl: Handle reading early data after writing better. It can happen that we want to read early data, write some, and then continu

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-29 Thread Olivier Houchard
a need a sample fetch to know there were early data, even after the handshake, maybe we can introduce a new sample fetch, ssl_fc_has_insecure_early, or something ? Regards, Olivier >From bda3b7800677184ea19fb81f75f9a9b44c79efeb Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@ha

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-30 Thread Olivier Houchard
On Thu, Nov 30, 2017 at 03:32:20PM +0100, Emmanuel Hocdet wrote: > > > Le 30 nov. 2017 à 13:34, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > Hi Emmanuel, > > > > On Thu, Nov 30, 2017 at 12:15:37PM +0100, Emmanuel Hocdet wrote: > >>

Re: [PATCH] do the handshake if we can't send early data

2017-11-22 Thread Olivier Houchard
On Wed, Nov 22, 2017 at 05:42:42PM +0100, Olivier Houchard wrote: > Hi, > > We mistakely only try to go back to the SSL handshake when not able to send > early data if we're acting as a client, that is wrong, and leads to an > infinite loop if it happens on the server side. >

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-30 Thread Olivier Houchard
Hi Emmanuel, On Thu, Nov 30, 2017 at 12:15:37PM +0100, Emmanuel Hocdet wrote: > Hi Olivier, > > > Le 29 nov. 2017 à 19:57, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > On Mon, Nov 27, 2017 at 06:19:41PM +0100, Emmanuel Hocdet wrote: > >>&g

[PATCHES] Fix TLS 1.3 session resumption, and 0RTT with threads.

2017-11-16 Thread Olivier Houchard
. Regards, Olivier >From e32a831c1cbff1fcfb66565273ec98052f3a7f79 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Thu, 16 Nov 2017 17:42:52 +0100 Subject: [PATCH 1/2] MINOR: SSL: Store the ASN1 representation of client sessions. Instead of storing the SS

[PATCHES] TLS 1.3 session resumption and early data to servers

2017-11-03 Thread Olivier Houchard
rom 7db328b4e5028a80c9817049108f5625513a87e8 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <cog...@ci0.org> Date: Thu, 2 Nov 2017 19:04:38 +0100 Subject: [PATCH 1/4] BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. We only have a ssl_bind_conf if crt-list is used, however we can still match a ce

Re: [PATCH] Fix SRV records again

2017-11-06 Thread Olivier Houchard
On Mon, Nov 06, 2017 at 03:19:25PM +0100, Olivier Houchard wrote: > Hi, > > The attached patch fixes a locking issue that prevented SRV records from > working. > > Regards, > > Olivier > And another one, that fix a deadlock that occurs when checks trigger DNs res

Re: Segfault with 1.8.0 build (RHEL5, old gcc).

2017-12-07 Thread Olivier Houchard
Hi Christopher, On Wed, Dec 06, 2017 at 05:34:15PM -0800, Christopher Lane wrote: > On Mon, Dec 4, 2017 at 11:56 AM, Christopher Lane > wrote: > > > > > > > > On Mon, Dec 4, 2017 at 4:22 AM Lukas Tribus wrote: > > > >>Hello Christopher, > > > > >

[PATCH] Make thread affinity work on FreeBSD

2017-12-01 Thread Olivier Houchard
Hi, The attached patch makes the call to pthread_setaffinity_np() work on FreeBSD. Regards, Olivier >From fc204ac3d7f9323b6583465ff5b42a0cfa46b8b1 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 1 Dec 2017 18:19:43 +0100 Subject: [PATCH] MINOR: thr

Re: Segfault with 1.8.0 build (RHEL5, old gcc).

2017-12-01 Thread Olivier Houchard
lot ! Olivier >From 5236a1a4ac19cc27c6f06d328b2df0c4cdfe220c Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Fri, 1 Dec 2017 22:04:05 +0100 Subject: [PATCH] MINOR: checks: Be sure we have a mux if we created a cs. In connect_conn_chk(), there were one case w

Re: [PATCH] support Openssl 1.1.1 early callback API for HS

2017-10-25 Thread Olivier Houchard
Hi Emmanuel, On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: > Hi, > > . patches serie rebase from master > . update openssl 1.1.1 api calls with new early callback name > (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html >

[PATCH] MINOR: Fix checks when connect_conn_chk() fails srv_update_status()

2017-10-24 Thread Olivier Houchard
:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 24 Oct 2017 19:03:30 +0200 Subject: [PATCH 2/2] BUG/MINOR: checks: Don't forget to release the connection on error case. When switching the check code to a non-permanent connection, the new code forgot to free the c

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

2017-10-24 Thread Olivier Houchard
On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > Hi, > > While testing Christopher's DNS "thread-safe" code, I found a bug in > srv_update_status following a recent update (related to threads too). > > The patch is in attachment. Ah you beat me at it ! I ran in the exact same issue.

Re: [PATCH] MINOR: server: missing chunck allocation in srv_update_status()

2017-10-24 Thread Olivier Houchard
On Tue, Oct 24, 2017 at 07:12:15PM +0200, Olivier Houchard wrote: > On Tue, Oct 24, 2017 at 05:37:42PM +0200, Baptiste wrote: > > Hi, > > > > While testing Christopher's DNS "thread-safe" code, I found a bug in > > srv_update_status following a

[PATCH] Fix SRV records again

2017-10-31 Thread Olivier Houchard
001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Tue, 31 Oct 2017 15:21:19 +0100 Subject: [PATCH] BUG/MINOR: dns: Fix SRV records with the new thread code. srv_set_fqdn() may be called with the DNS lock already held, but tries to lock it anyway. So, add a new parameter to le

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-31 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 03:54:27PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 à 15:02, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > > I also added a new field in g

[PATCH] Make sure all the pollers get fd updates

2018-05-04 Thread Olivier Houchard
be, backported, so a different patch, similar in spirit, will be developed. Regards, Olivier >From 7ae6ae7215984deb4487391201e3b0f99a072c4b Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 25 Apr 2018 15:10:30 +0200 Subject: [PATCH 1/4] MINOR: fd: Make the lo

Re: [PATCH] BUG/MEDIUM: pollers/kqueue: use incremented position in event list

2018-05-11 Thread Olivier Houchard
Hi Pieter, On Thu, May 10, 2018 at 01:12:40AM +0200, PiBa-NL wrote: > Hi Olivier, > > Please take a look at attached patch. When adding 2 fd's the second > overwrote the first one. > Tagged it medium as haproxy just didn't work at all. (with kqueue.). Though > it could perhaps also be minor, as

Re: [PATCH] BUG/MEDIUM: pollers/kqueue: use incremented position in event list

2018-05-11 Thread Olivier Houchard
On Fri, May 11, 2018 at 02:09:43PM +0200, Willy Tarreau wrote: > Hi guys, > > On Fri, May 11, 2018 at 01:57:10PM +0200, Olivier Houchard wrote: > > Hi Pieter, > > > > On Thu, May 10, 2018 at 01:12:40AM +0200, PiBa-NL wrote: > > > Hi Olivier, > > >

Re: 1.9dev LUA shows partial results from print_r(core.get_info()) after adding headers ?

2018-05-04 Thread Olivier Houchard
crash anymore with that change. But i'm not sure > if now its leaking memory instead for some cases.. Is there a easy way to > check? > > Regards, > PiBa-NL (Pieter) > Thanks a lot for the detailed analysis. That seems spot on. We decided to do something a bit different than your proposed f

Re: [PATCH] Make sure all the pollers get fd updates

2018-05-17 Thread Olivier Houchard
Hi, On Fri, May 04, 2018 at 05:32:24PM +0200, Olivier Houchard wrote: > Hi, > > When the code was changed to use one poller per thread, we overlooked the > fact that some fds can be shared between multiple threads, and when one > event occured, that required the fd to be added

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

2018-05-22 Thread Olivier Houchard
, you did most of the work :) I think I understand what is going on, and it's ugly as hell. Does the attached patch fix it for you ? It's been generated from master, but will probably apply against 1.8 as well. Thanks ! Olivier >From b938f86e1fe51e95adc73f9e583dd225f5ecf88d Mon Sep 17 00:0

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

2018-05-23 Thread Olivier Houchard
Hi Pieter, On Tue, May 22, 2018 at 09:00:24PM +0200, PiBa-NL wrote: > Hi Olivier, > > Op 22-5-2018 om 18:46 schreef Olivier Houchard: > > Hi Pieter, > > > > Does the attached patch fix it for you ? It's been generated from master, > > but will probably apply aga

Re: haproxy requests hanging since b0bdae7

2018-06-06 Thread Olivier Houchard
Hi Willy, On Wed, Jun 06, 2018 at 02:09:01PM +0200, Willy Tarreau wrote: > On Wed, Jun 06, 2018 at 02:04:35PM +0200, Olivier Houchard wrote: > > When building without threads enabled, instead of just using the global > > runqueue, just use the local runqueue associated with

Re: haproxy requests hanging since b0bdae7

2018-06-06 Thread Olivier Houchard
g with debug enabled I see just a single line: > :f1.accept(0004)=0005 from [127.0.0.1:63663] ALPN= > > commit b0bdae7b88d53cf8f18af0deab6d4c29ac25b7f9 (refs/bisect/bad) > Author: Olivier Houchard > Date: Fri May 18 18:45:28 2018 +0200 > > MAJOR: tasks: Introduc

[PATCHES] Fix a few shortcomings in the tasklet code

2018-06-14 Thread Olivier Houchard
Hi, Attached are 2 patches that fix a few bugs in the tasklet code. It should have little incidence right now because tasklets are unused, but will be useful for later work. Regards, Olivier >From fd2838a8b4eae2d9801592889285ae221fc3a7cb Mon Sep 17 00:00:00 2001 From: Olivier Houchard D

Re: 100% cpu using resolvers with haproxy v1.8.9

2018-05-29 Thread Olivier Houchard
. > Oops you're right indeed. There's a bug in the pollers revamp that has been done recently. The attached patch should fix it. Thanks for reporting ! Olivier >From 837f376310b3077740289bc2ced1a0a97a1f964f Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 29 May 2018 14:42:2

Re: error: 'all_threads_mask' undeclared (first use in this function)

2018-06-04 Thread Olivier Houchard
Hi Igor, On Mon, Jun 04, 2018 at 03:18:02PM +0300, Igor Batkanov wrote: > Hello! > I've tried to create haproxy 1.8.9 RPM package using rpmbuild and got the > folowing error: error: 'all_threads_mask' undeclared (first use in this > function) > This is a problem when building haproxy without

Re: [PATCH]: silencing compilation warning

2018-06-01 Thread Olivier Houchard
, but clang certainly does. Instead of using a static variable, I think merely adding a cast is better, as attached. What do you think ? Regards, Olivier >From 08bdd8e3b27afdd5101843f23edd337166c87159 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Fri, 1 Jun 2018 14:32:39 +0200 Subject:

Re: [PATCH]: MINOR :task another explicit cast

2018-06-05 Thread Olivier Houchard
Hi, On Tue, Jun 05, 2018 at 10:46:34AM +, David CARLIER wrote: > Hi, > > Did a full rebuild and caught it only. > > Regards. Oops, thanks a lot David, I hope it'll be the last one :) Willy, can you please push it ? Thanks ! Olivier

Re: haproxy requests hanging since b0bdae7

2018-06-06 Thread Olivier Houchard
On Wed, Jun 06, 2018 at 10:06:30AM -0400, Patrick Hemmer wrote: > > > On 2018/6/6 08:24, Olivier Houchard wrote: > > Hi Willy, > > > > On Wed, Jun 06, 2018 at 02:09:01PM +0200, Willy Tarreau wrote: > >> On Wed, Jun 06, 2018 at 02:04:35PM +0200, Olivier Houchar

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-06 Thread Olivier Houchard
and ignoring abns sockets where path starts with \0 ? > > Using unix socket instead of abns socket makes the reload work. > Sorry for the late answer. You're right indeed, that code was not written with abns sockets in mind. The attached patch should fix it. It was created from mas

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-07 Thread Olivier Houchard
Hi Willy, On Thu, Jun 07, 2018 at 11:45:39AM +0200, Willy Tarreau wrote: > Hi Olivier, > > On Wed, Jun 06, 2018 at 06:40:05PM +0200, Olivier Houchard wrote: > > You're right indeed, that code was not written with abns sockets in mind. > > The attached patch should fix it

[PATCHES] Fix bugs in the new scheduler

2018-05-28 Thread Olivier Houchard
>From f47ca20747c1cfc7b9e6413afe9c8819a84e485a Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 28 May 2018 13:51:06 +0200 Subject: [PATCH 1/3] BUG/MEDIUM: tasks: Don't forget to increase/decrease tasks_run_queue. Don't forget to increase tasks_run_queue w

Re: Considering adding support for TCP Zero Copy

2018-05-03 Thread Olivier Houchard
Hi Pavlos, On Thu, May 03, 2018 at 12:45:42PM +0200, Pavlos Parissis wrote: > Hi, > > Linux kernel version 4.14 adds support for zero-copy from user memory to TCP > sockets by setting > MSG_ZEROCOPY flag. This is for the sending side of the socket, for the > receiving side of the socket > we

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-26 Thread Olivier Houchard
)) { - /* switch ctx */ + if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) { + /* switch ctx done in ssl_sock_generate_certificate */ return SSL_TLSEXT_ERR_OK; } #endif

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > Hi Olivier > > > >> Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a >

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 11:22:15AM +0200, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 27 oct. 2017 ?? 01:08, Olivier Houchard <ohouch...@haproxy.com> a ??crit > > : > > > > Hi, > > > > You'll find attached updated patches, rebased on the la

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
Hi, On Fri, Oct 27, 2017 at 12:45:36PM +0200, Olivier Houchard wrote: > On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet <m...@gandi.net> a ??crit : > > > > > > Hi Olivier >

Re: [PATCH] dns: Handle SRV record weights correctly

2018-01-09 Thread Olivier Houchard
Hi Willy, On Tue, Jan 09, 2018 at 03:17:24PM +0100, Willy Tarreau wrote: > Hi Olivier, > > On Mon, Jan 08, 2018 at 04:35:35PM +0100, Olivier Houchard wrote: > > Hi, > > > > The attached patch attempts to map SRV record weight to haproxy weight > > correctly, &g

[PATCH] Remove rbtree.[ch]

2018-01-04 Thread Olivier Houchard
Hi guys, The rbtree implementation as found in haproxy, is currently unused, and has been for quite some time. I don't think we will need it again, so the attached patch just removes it. Regards, Olivier >From 4ce3bce732fd816a835e4896646f260f0b7e6e7c Mon Sep 17 00:00:00 2001 From: Oliv

Re: [PATCH] dns: Handle SRV record weights correctly

2018-01-09 Thread Olivier Houchard
Hi, On Tue, Jan 09, 2018 at 03:28:22PM +0100, Olivier Houchard wrote: > Hi Willy, > > On Tue, Jan 09, 2018 at 03:17:24PM +0100, Willy Tarreau wrote: > > Hi Olivier, > > > > On Mon, Jan 08, 2018 at 04:35:35PM +0100, Olivier Houchard wrote: > > > Hi, >

[PATCH] dns: Handle SRV record weights correctly

2018-01-08 Thread Olivier Houchard
>From 8e8ab23223274ac75fdf1cfe2847337133fd59d2 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Mon, 8 Jan 2018 16:28:57 +0100 Subject: [PATCH] MINOR: Handle SRV record weight correctly. A SRV record weight can range from 0 to 65535, while haproxy weight go

Re: Warnings when using dynamic cookies and server-template

2018-01-17 Thread Olivier Houchard
On Wed, Jan 17, 2018 at 02:25:59PM +0100, Pierre Cheynier wrote: > Hi, > > On 16/01/2018 18:48, Olivier Houchard wrote: > > > > Not really :) That's not a case I thought of. > > The attached patch disables the generation of the dynamic cookie if the IP > > is 0.

Re: Warnings when using dynamic cookies and server-template

2018-01-17 Thread Olivier Houchard
On Wed, Jan 17, 2018 at 04:42:01PM +0100, Pierre Cheynier wrote: > On 17/01/2018 15:56, Olivier Houchard wrote: > > > >> So, as a conclusion, I'm just not sure that producing this warning is > >> relevant in case the IP is duplicated for several servers *if they are >

Re: Warnings when using dynamic cookies and server-template

2018-01-16 Thread Olivier Houchard
Hi Pierre, On Mon, Jan 15, 2018 at 06:45:52PM +0100, Pierre Cheynier wrote: > Hello, > > We started to use the server-template approach in which you basically > provision servers in backends using a "check disabled" state, then > re-enabling them using the Runtime API. > > I recently noticed

Re: Warnings when using dynamic cookies and server-template

2018-01-16 Thread Olivier Houchard
Hi Pierre, On Tue, Jan 16, 2018 at 06:08:40PM +0100, Pierre Cheynier wrote: > Hi Olivier, > > > On 16/01/2018 15:43, Olivier Houchard wrote: > > I'm not so sure about this. > > It won't be checked again when server are enabled, so you won't get the > > warning i

Re: Warnings when using dynamic cookies and server-template

2018-01-23 Thread Olivier Houchard
Hi William, On Mon, Jan 22, 2018 at 08:03:55PM +0100, William Dauchy wrote: > Hello Olivier, > > On Wed, Jan 17, 2018 at 05:43:02PM +0100, Olivier Houchard wrote: > > Ok you got me convinced, the attached patch don't check for duplicate > > cookies for disabled server,

[PATCH] Fix build when compiling without threads traffic

2018-01-24 Thread Olivier Houchard
Hi, Commit 1605c7ae6154d8c2cfcf3b325872b1a7266c5bc2 broke building haproxy without threads support. The attached patch should fix it. Regards, Olivier >From 17e4494874b4a75da039f06f00f668d413038283 Mon Sep 17 00:00:00 2001 From: Olivier Houchard <ohouch...@haproxy.com> Date: Wed, 24 Ja

Re: haproxy 1.8 ssl backend server leads to server session aborts

2018-02-13 Thread Olivier Houchard
for the detailed analyze, and sorry for the late answer. You're probably right, SSL_ERROR_SYSCALL shouldn't be treated as an unrecoverable error. So, what you basically did was something equivalent to the patch attached ? Thanks a lot ! Olivier >From b423f94273be2c7040ce0861bd4a21617b4c5c2b Mon

Re: haproxy 1.8 ssl backend server leads to server session aborts

2018-02-13 Thread Olivier Houchard
Hi Emmanuel, On Tue, Feb 13, 2018 at 05:40:00PM +0100, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 13 févr. 2018 à 15:27, Olivier Houchard <ohouch...@haproxy.com> a écrit : > > > > Thanks a lot for the detailed analyze, and sorry for the late ans

Re: haproxy 1.8 ssl backend server leads to server session aborts

2018-02-14 Thread Olivier Houchard
all error handling. > I'm not sure I get that part. I don't mind one way or another, but I don't understand how it would remove gotos. > BTW this makes me realize that your inverted condition above seems wrong > (|| instead of &&). > Oops, that is true, those things are too compl

Re: Issue with TCP splicing

2018-07-25 Thread Olivier Houchard
Hi Julien, On Tue, Jul 24, 2018 at 01:29:49PM -0400, Julien Semaan wrote: > > Sorry, that was a "can" that really meant "can't" :) I can't reproduce it. >     Aw well, I was surprised it was so easy :) > yea, that would be too easy :) > > Can you try to upgrade to 1.8.12 ? A number of bugs

  1   2   >