Willy Tarreau [Sun, 8 Mar 2009 22:43:53 +0000 (23:43 +0100)]
[RELEASE] Released version 1.3.14.12
Released version 1.3.14.12 with the following main changes :
- [BUG] Fix listen & more of 2 couples <ip>:<port>
- [DOC] remove buggy comment for use_backend
- [BUG] "option transparent" is for backend, not frontend !
- [BUG] we must not exit if protocol binding only returns a warning
- [BUG] inform the user when root is expected but not set
- [BUG] the "source" keyword must first clear optional settings
- [BUG] global.tune.maxaccept must be limited even in mono-process mode
- [BUG] typo in timeout error reporting : report *res and not *err
Willy Tarreau [Sun, 1 Mar 2009 07:35:41 +0000 (08:35 +0100)]
[BUG] global.tune.maxaccept must be limited even in mono-process mode
On overloaded systems, it sometimes happens that hundreds or thousands
of incoming connections are queued in the system's backlog, and all get
dequeued at once. The problem is that when haproxy processes them and
does not apply any limit, this can take some time and the internal date
does not progress, resulting in wrong timer measures for all sessions.
The most common effect of this is that all of these sessions report a
large request time (around several hundreds of ms) which is in fact
caused by the time spent accepting other connections. This might happen
on shared systems when the machine swaps.
For this reason, we finally apply a reasonable limit even in mono-process
mode. Accepting 100 connections at once is fast enough for extreme cases
and will not cause that much of a trouble when the system is saturated.
(cherry picked from commit f49d1df25cf794b8801d919fda20266d90981c78)
(cherry picked from commit d80d63b6df4fe2d8711a83f88c51a7e3a0e139ed)
Willy Tarreau [Sun, 1 Mar 2009 07:27:21 +0000 (08:27 +0100)]
[BUG] the "source" keyword must first clear optional settings
Problem reported by John Lauro. When "source ... usesrc ..." is
set in the defaults section, it is not possible anymore to remove
the "usesrc" part when declaring a more precise "source" in a
backend. The only workaround was to declare it by server.
Willy Tarreau [Tue, 23 Dec 2008 22:13:55 +0000 (23:13 +0100)]
[BUG] "option transparent" is for backend, not frontend !
"option transparent" was set and checked on frontends only while it
is purely a backend thing as it replaces the "balance" mode. For this
reason, it did only work in "listen" sections. This change will then
not affect the rare users of this option.
(cherry picked from commit 4b1f85912c5dfd7e53dfa31d3e9dd3113747c702)
(cherry picked from commit c34da593ed579f373d1176fb510a1e59c474ba6d)
Willy Tarreau [Thu, 4 Dec 2008 14:17:39 +0000 (15:17 +0100)]
[RELEASE] Released version 1.3.14.11
Released version 1.3.14.11 with the following main changes :
- [BUILD] fix MANDIR default location to match documentation
- [BUG] critical errors should be reported even in daemon mode
- [BUG] do not dequeue requests on a dead server
- [BUG] do not dequeue the backend's pending connections on a dead server
Willy Tarreau [Thu, 4 Dec 2008 08:33:58 +0000 (09:33 +0100)]
[BUG] do not dequeue the backend's pending connections on a dead server
Kai Krueger found that previous patch was incomplete, because there is
an unconditionnal call to process_srv_queue() in session_free() which
still causes a dead server to consume pending connections from the
backend.
This call was made unconditionnal so that we don't leave unserved
connections in the server queue, for instance connections coming
in with "option persist" which can bypass the server status check.
However, the server must not touch the backend's queue if it is down.
Another fear was that some connections might remain unserved when
the server is using a dynamic maxconn if the number of connections
to the backend is too low. Right now, srv_dynamic_maxconn() ensures
this cannot happen, so the call can remain conditionnal.
The fix consists in allowing a server to process it own queue whatever
its state, but not to touch the backend's queue if it is down. Its
queue should normally be empty when the server is down because it is
redistributed when the server goes down. The only remaining cases are
precisely the persistent connections with "option persist" set, coming
in after the queue has been redispatched. Those ones must still be
processed when a connection terminates.
(cherry picked from commit cd485c44807bfcdb4928dd83c1907636b4e1b6f3)
Willy Tarreau [Sun, 30 Nov 2008 20:51:58 +0000 (21:51 +0100)]
[BUG] do not dequeue requests on a dead server
Kai Krueger reported a problem when a server goes down with active
connections. A lot of connections were drained by that server. Kai
did an amazing job at tracking this bug down to the dequeuing
mechanism which forgets to check the server state before allowing
a request to be sent to a server.
The problem occurs more often with long requests, which have a chance
to complete after the server is completely marked down, and to find
requests in the global queue which have not yet been fetched by other
servers.
The fix consists in ensuring that a server is up before sending it
any new request from the queue.
(cherry picked from commit 80b286a064eaec828b7fd10e98e3f945e8b244f3)
Willy Tarreau [Sun, 16 Nov 2008 06:40:34 +0000 (07:40 +0100)]
[BUG] critical errors should be reported even in daemon mode
Josh Goebel reported that haproxy silently dies when it fails to
chroot. In fact, it does so when in daemon mode, because daemon
mode has been disabling output for ages.
Since the code has been reworked, this could have been changed
because there is no reason for this anymore, hence this patch.
(cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc)
Willy Tarreau [Tue, 4 Nov 2008 09:57:33 +0000 (10:57 +0100)]
[RELEASE] Released version 1.3.14.10
Released version 1.3.14.10 with the following main changes :
- [MINOR] cfgparse: fix off-by 2 in error message size
- [BUG] cookie capture is declared in the frontend but checked on the backend
Willy Tarreau [Fri, 17 Oct 2008 10:01:58 +0000 (12:01 +0200)]
[BUG] cookie capture is declared in the frontend but checked on the backend
Cookie capture would only work by pure luck on the request but did
never work on responses since only the backend was checked. The fix
consists in always checking frontend for cookie captures.
(cherry picked from commit bfca9e51b77b856593a3c4a3215a8e0397e7cdba)
Willy Tarreau [Sun, 12 Oct 2008 20:41:45 +0000 (22:41 +0200)]
[RELEASE] Released version 1.3.14.9
Released version 1.3.14.9 with the following main changes :
- [BUG] do not try to pause backends during reload
- [BUG] ensure that listeners from disabled proxies are correctly unbound.
- [BUG] acl-related keywords are not allowed in defaults sections
Willy Tarreau [Sun, 12 Oct 2008 15:26:37 +0000 (17:26 +0200)]
[BUG] acl-related keywords are not allowed in defaults sections
Using an ACL-related keyword in the defaults section causes a
segfault during parsing because the list headers are not initialized.
We must initialize list headers for default instance and reject
keywords relying on ACLs.
Willy Tarreau [Sun, 12 Oct 2008 10:07:48 +0000 (12:07 +0200)]
[BUG] ensure that listeners from disabled proxies are correctly unbound.
There is a problem when an instance is marked "disabled". Its ports are
still bound but will not be unbound upon termination. This causes processes
to accumulate during soft restarts, and might even cause failures to restart
new ones due to the inability to bind to the same port.
The ideal solution would be to bind all ports at the end of the configuration
parsing. An acceptable workaround is to unbind all listeners of disabled
proxies. This is what the current patch does.
Willy Tarreau [Fri, 10 Oct 2008 15:51:34 +0000 (17:51 +0200)]
[BUG] do not try to pause backends during reload
During a configuration reload, haproxy tried to pause all proxies.
Unfortunately, it also tried to pause backends, which would fail
and cause trouble to the new process since the port was still bound.
Released version 1.3.14.8 with the following main changes :
- [BUG] do not release the connection slot during a retry
- [BUG] dynamic connection throttling could return a max of zero conns
[BUG] dynamic connection throttling could return a max of zero conns
srv_dynamic_maxconn() is clearly documented as returning at least 1
possible connection under throttling. But the computation was wrong,
the minimum 1 was divided and got lost in case of very low maxconns.
Apply the MAX(1, max) before returning the result in order to ensure
that a newly appeared server will get some traffic.
(cherry picked from commit 819970098f134453c0934047b3bd3440b0996b55)
[BUG] do not release the connection slot during a retry
A bug was introduced during last queue management fix. If a server
connection fails, the allocated connection slot is released, but it
will be needed again after the turn-around. This also causes more
connections than expected to go to the server because it appears to
have less connections than real.
Many thanks to Rupert Fiasco, Mark Imbriaco, Cody Fauser, Brian
Gupta and Alexander Staubo for promptly providing configuration
and diagnosis elements to help reproduce this problem easily.
Released version 1.3.14.7 with the following main changes :
- [BUG] use_backend would not correctly consider "unless"
- [BUG] disable buffer read timeout when reading stats
- [BUILD] change declaration of base64tab to fix build with Intel C++
- [CLEANUP] remove dependency on obsolete INTBITS macro
- [BUG] server timeout was not considered in some circumstances
- [BUG] ev_sepoll: closed file descriptors could persist in the spec list
- [BUG] maintain_proxies must not disable backends
- [BUG] regparm is broken on gcc < 3
- [OPTIM] force inlining of large functions with gcc >= 3
Willy Tarreau [Sun, 17 Aug 2008 15:06:37 +0000 (17:06 +0200)]
[BUG] regparm is broken on gcc < 3
Gcc < 3 does not consider regparm declarations for function pointers.
This causes big trouble at least with pollers (and with any function
pointer after all). Disable CONFIG_HAP_USE_REGPARM for gcc < 3.
(cherry picked from commit 61eadc028fb8774ea05d893cd3eca6c671fb511e)
(cherry picked from commit ee113f5345c49a1e8ea9c8ea6b047f3c0f43db1f)
Willy Tarreau [Sat, 16 Aug 2008 14:06:02 +0000 (16:06 +0200)]
[BUG] ev_sepoll: closed file descriptors could persist in the spec list
If __fd_clo() was called on a file descriptor which was previously
disabled, it was not removed from the spec list. This apparently
could not happen on previous code because the TCP states prevented
this, but now it happens regularly. The effects are spec entries
stuck populated, leading to busy loops.
Willy Tarreau [Mon, 11 Aug 2008 08:35:07 +0000 (10:35 +0200)]
[BUG] server timeout was not considered in some circumstances
Due to a copy-paste typo, the client timeout was refreshed instead
of the server's when waiting for server response. This means that
the server's timeout remained eternity.
[CLEANUP] remove dependency on obsolete INTBITS macro
The INTBITS macro was found to be already defined on some platforms,
and to equal 32 (while INTBITS was 5 here). Due to pure luck, there
was no declaration conflict, but it's nonetheless a problem to fix.
Looking at the code showed that this macro was only used for left
shifts and nothing else anymore. So the replacement is obvious. The
new macro, BITS_PER_INT is more obviously correct.
(cherry picked from commit 177e2b012723ef65c6c7f850df3e6e0cd2cca2b4)
(cherry picked from commit 0e3e59b11f7926a570cfc98d8967b61098c91602)
Willy Tarreau [Sat, 21 Jun 2008 19:56:21 +0000 (21:56 +0200)]
[RELEASE] Released version 1.3.14.6
Released version 1.3.14.6 with the following main changes :
- [BUILD] make install should depend on haproxy not "all"
- [BUG] event pollers must not wait if a task exists in the run queue
- [BUG] queue management: wake oldest request in queues
- [BUG] log: reported queue position was offed-by-one
- [BUG] fix the dequeuing logic to ensure that all requests get served
- [DOC] documentation for the "retries" parameter was missing.
Willy Tarreau [Fri, 20 Jun 2008 13:04:11 +0000 (15:04 +0200)]
[BUG] fix the dequeuing logic to ensure that all requests get served
The dequeuing logic was completely wrong. First, a task was assigned
to all servers to process the queue, but this task was never scheduled
and was only woken up on session free. Second, there was no reservation
of server entries when a task was assigned a server. This means that
as long as the task was not connected to the server, its presence was
not accounted for. This was causing trouble when detecting whether or
not a server had reached maxconn. Third, during a redispatch, a session
could lose its place at the server's and get blocked because another
session at the same moment would have stolen the entry. Fourth, the
redispatch option did not work when maxqueue was reached for a server,
and it was not possible to do so without indefinitely hanging a session.
The root cause of all those problems was the lack of pre-reservation of
connections at the server's, and the lack of tracking of servers during
a redispatch. Everything relied on combinations of flags which could
appear similarly in quite distinct situations.
This patch is a major rework but there was no other solution, as the
internal logic was deeply flawed. The resulting code is cleaner, more
understandable, uses less magics and is overall more robust.
As an added bonus, "option redispatch" now works when maxqueue has
been reached on a server.
Willy Tarreau [Fri, 13 Jun 2008 19:48:18 +0000 (21:48 +0200)]
[BUG] log: reported queue position was offed-by-one
The reported queue position in the logs was 0 for the first pending request
in the queue, which is wrong because it means that one request will have to
be completed before the queued one may execute. It caused the undesired side
effect that 0/0 was reported when either 0 or 1 request was pending in the
queue. Thus, we have to increment the queue size before reporting the value.
Willy Tarreau [Fri, 13 Jun 2008 19:12:51 +0000 (21:12 +0200)]
[BUG] queue management: wake oldest request in queues
When a server terminates a connection, the next session in its
own queue was immediately processed. Because of this, if all
server queues are always filled, then no new anonymous request
will be processed. Consider oldest request between global and
server queues to choose from which to pick the request.
An improvement over this will consist in adding a configurable
offset when comparing expiration dates, so that cookie-less
requests can get either less or more priority.
Willy Tarreau [Fri, 13 Jun 2008 19:06:56 +0000 (21:06 +0200)]
[BUG] event pollers must not wait if a task exists in the run queue
Under some circumstances, a task may already lie in the run queue
(eg: inter-task wakeup). It is disastrous to wait for an event in
this case because some processing gets delayed.
Willy Tarreau [Wed, 11 Jun 2008 22:25:46 +0000 (00:25 +0200)]
[BUILD] make install should depend on haproxy not "all"
Reported by Cherife Li : just doing a "make install" fails because it
depends on "all" which is equivalent to "help" if no TARGET was specified.
Make it depend on "haproxy" instead.
Willy Tarreau [Sun, 25 May 2008 19:02:32 +0000 (21:02 +0200)]
[RELEASE] Released version 1.3.14.5
Released version 1.3.14.5 with the following main changes :
- [BUILD] fix build with gcc 4.3
- [TESTS] add a debug patch to help trigger the stats bug
- [BUG] Flush buffers also where there are exactly 0 bytes left
- [DOC] fix unescaped space in httpchk example.
- [DOC] update the README file with new build options
- [MEDIUM] reduce risk of event starvation in ev_sepoll
Willy Tarreau [Sun, 25 May 2008 08:39:02 +0000 (10:39 +0200)]
[MEDIUM] reduce risk of event starvation in ev_sepoll
If too many events are set for spec I/O, those ones can starve the
polled events. Experiments show that when polled events starve, they
quickly turn into spec I/O, making the situation even worse. While
we can reduce the number of polled events processed at once, we
cannot do this on speculative events because most of them are new
ones (avg 2/3 new - 1/3 old from experiments).
The solution against this problem relies on those two factors :
1) one FD registered as a spec event cannot be polled at the same time
2) even during very high loads, we will almost never be interested in
simultaneous read and write streaming on the same FD.
The first point implies that during starvation, we will not have more than
half of our FDs in the poll list, otherwise it means there is less than that
in the spec list, implying there is no starvation.
The second point implies that we're statically only interested in half of
the maximum number of file descriptors at once, because we will unlikely
have simultaneous read and writes for a same buffer during long periods.
So, if we make it possible to drain maxsock/2/2 during peak loads, then we
can ensure that there will be no starvation effect. This means that we must
always allocate maxsock/4 events for the poller.
Last, sepoll uses an optimization consisting in reducing the number of calls
to epoll_wait() to once every too polls. However, when dealing with many
spec events, we can wait very long and skipping epoll_wait() every second
time increases latency. For this reason, we try to detect if we are beyond
a reasonable limit and stop doing so at this stage.
For Fedora 9 gcc 4.3 will be shipping as a feature, and right now haproxy does
not compile with gcc 4.3.
It appears that there is a reordering of headers or something along those lines,
This is the patch that gets haproxy to compile with gcc 4.3. I'm not sure if
this is the correct approach you would want to use, so please correct me.
If this works for you, I'll go ahead and put this patch in the src rpm until a
release of haproxy which compiles with gcc 4.3 is released.
[BUG] Flush buffers also where there are exactly 0 bytes left
I noticed it was possible to get truncated http/csv stats. Sometimes.
Usually the problem disappeared as fast as it appeared, but once it
happend that my http-stats page was truncated for about one hour.
It was quite weird as it happened independently for csv and http
output and it took me some time to track & fix this bug.
Both buffer_write & buffer_write_chunk used to return 0 in two
situations: is case of success or where there was exactly 0 bytes
left. The first one is intentional but I believe the second one
is not as it was not possible to distinguish between successful
write and unsuccessful one, which means that if the buffer was 100%
filled, it was never flushed and it was not possible to write
more data.
Willy Tarreau [Thu, 20 Mar 2008 08:43:52 +0000 (09:43 +0100)]
[RELEASE] Released version 1.3.14.4
Released version 1.3.14.4 with the following main changes :
- [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)'
- [BUILD] Added support for 'make install'
- [BUILD] Added 'install-man' make target for installing the man page
- [BUILD] Added 'install-bin' make target
- [BUILD] Added 'install-doc' make target
- [BUILD] Removed "/" after '$(DESTDIR)' in install targets
- [BUILD] Changed 'install' target to install the binaries first
- [MEDIUM] fix stats socket limitation to 16 kB
Christian Wiese [Wed, 12 Mar 2008 13:25:35 +0000 (15:25 +0200)]
[BUILD] Added support for 'make install'
To be flexible while installing haproxy following variables have been
added to the Makefile:
- DESTDIR useful i.e. while installing in a sandbox (not set by default)
- PREFIX defines the default install prefix (default: /usr/local)
- SBINDIR defines the dir the haproxy binary gets installed
(default: $PREFIX/sbin)
Christian Wiese [Mon, 17 Mar 2008 17:23:12 +0000 (18:23 +0100)]
[BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)'
haproxy relies on linking the binary using gcc, so there is no real need to
hardcode both (CC and LD). Setting 'LD = $(CC)' will make the build system
a bit more cross-compile friendly because only the right cross-compiler has
to be passed via make.
Willy Tarreau [Mon, 17 Mar 2008 20:38:24 +0000 (21:38 +0100)]
[MEDIUM] fix stats socket limitation to 16 kB
Due to the way the stats socket work, it was not possible to
maintain the information related to the command entered, so
after filling a whole buffer, the request was lost and it was
considered that there was nothing to write anymore.
The major reason was that some flags were passed directly
during the first call to stats_dump_raw() instead of being
stored persistently in the session.
To definitely fix this problem, flags were added to the stats
member of the session structure.
A second problem appeared. When the stats were produced, a first
call to client_retnclose() was performed, then one or multiple
subsequent calls to buffer_write_chunks() were done. But once the
stats buffer was full and a reschedule operated, the buffer was
flushed, the write flag cleared from the buffer and nothing was
done to re-arm it.
For this reason, a check was added in the proto_uxst_stats()
function in order to re-call the client FSM when data were added
by stats_dump_raw(). Finally, the whole unix stats dump FSM was
rewritten to avoid all the magics it depended on. It is now
simpler and looks more like the HTTP one.
Willy Tarreau [Sat, 8 Mar 2008 21:07:42 +0000 (22:07 +0100)]
[RELEASE] Released version 1.3.14.3
Released version 1.3.14.3 with the following main changes :
- [BUG]: Restore clearing t->logs.bytes
- [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects
- [BUG] Don't increment server connections too much + fix retries
- [BUG] appsession lookup in URL does not work
- [MINOR] report correct section type for unknown keywords.
- [BUILD] update MacOS Makefile to build on newer versions
- [DOC] fix erroneous "useallbackups" option in the doc
- [DOC] applied small fixes from early readers
- [BUG] failed conns were sometimes incremented in the frontend!
- [TESTS] add test-pollers.cfg to easily report pollers in use
- [BUILD] ensure that makefile understands USE_DLMALLOC=1
- [CLEANUP] update .gitignore to ignore more temporary files
- [CLEANUP] report dlmalloc's source path only if explictly specified
- [BUG] str2sun could leak a small buffer in case of error during parsing
- [BUG] option allbackups was not working anymore in roundrobin mode
Willy Tarreau [Sat, 8 Mar 2008 20:42:54 +0000 (21:42 +0100)]
[BUG] option allbackups was not working anymore in roundrobin mode
Commit 3168223a7b33a1d5aad1e11b8f2ad917645d7f27 broke option
"allbackups" in roundrobin mode due to an erroneous structure
member replacement in backend.c. The PR_O_USE_ALL_BK flag was
not tested in the right member anymore.
This bug uncoverred another one, by which all backup servers would
be used whatever the option's value, if all of them had been seen
as simultaneously failed at one moment.
This patch fixes the two stupid errors. Correctness has been tested
using the test-fwrr.cfg config example.
(cherry picked from commit f4cca45b5e6c6ed88a0062cf92ae57e01405ab12)
Willy Tarreau [Fri, 7 Mar 2008 09:07:04 +0000 (10:07 +0100)]
[BUG] str2sun could leak a small buffer in case of error during parsing
Matt Farnsworth reported a memory leak in str2sun() in case a too large
socket path is passed. The bug is very minor because it only happens
once during config parsing, but has to be fixed nevertheless. The patch
Matt provided could even be improved by completely removing the useless
strdup() in this function.
(cherry picked from commit caf720d3ff7758273278aecab26bb7624ec2f555)
[BUG] Don't increment server connections too much + fix retries
Commit 98937b875798e10fac671d109355cde29d2a411a while fixing
one bug introduced another one. With "retries 4" and
"option redispatch" haproxy tries to connect 4 times to
one server server and 1 time to a second one. However
logs showed 5 connections to the first server (the
last one was counted twice) and 2 to the second.
This patch also fixes srv->retries and be->retries increments.
Now I get: 3 retries and 1 error in a first server (4 cum_sess)
and 1 error in a second server (1 cum_sess) with:
retries 4
option redispatch
Willy Tarreau [Tue, 19 Feb 2008 09:53:32 +0000 (10:53 +0100)]
[BUILD] ensure that makefile understands USE_DLMALLOC=1
USE_DLMALLOC=1 was ignored since last makefile update. It's better
to keep it running for existing setups.
(cherry picked from commit f14358bd1ad4f7c9fd32c3900ac3a2848bed1b9a)
Ryan Warnick [Sun, 17 Feb 2008 10:24:35 +0000 (11:24 +0100)]
[BUG] appsession lookup in URL does not work
We've been trying to use the latest release (1.3.14.2) of haproxy to do
sticky sessions. Cookie insertion is not an option for us, although we
would much rather use it, as we are trying to work around a problem where
cookies are unreliable. The appsession functionality only partially worked
(it wouldn't read the session id out of a query string) until we made the
following code change to the get_srv_from_appsession function in
proto_http.c.
(cherry picked from commit 6d0b1fac23517f16b3972b529ea41718b3643c9f)
[DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects
With each new patch I had to search for the e-mail from Willy
describing the schem used for formathing subjects. No more. ;)
(cherry picked from commit 4ad3b40a2d7c78bcdbf16a853647833cad78b050)
Willy Tarreau [Tue, 22 Jan 2008 15:44:08 +0000 (16:44 +0100)]
[MINOR] report correct section type for unknown keywords.
An unknown keyword was always reported in section "listen" for any
section type (defaults, listen, frontend, backend, ...).
(cherry picked from commit 6daf34352f325699efa8f731e5525275523786b9)
It should be incremented in session_process_counters while sending data to a
client:
bytes = s->rep->total - s->logs.bytes_out;
s->logs.bytes_out = s->rep->total;
However, if we increment (set) s->logs.bytes_out while processing
"logasap", statistics get wrong values added for headers: 0 or even
negative if haproxy adds some headers itself.
To test it, please enable logasap and download one empty file and look at
stats. Without my fix information available on that page are invalid, for
example:
Willy Tarreau [Sun, 20 Jan 2008 23:06:34 +0000 (00:06 +0100)]
[RELEASE] Released version 1.3.14.2
Released version 1.3.14.2 with the following main changes :
- bug: increment server connections for each connect()
- bug: fix typo in redispatched connection
- bug: connect_server: server might not exist when sending error report
- bug: use backend's source and not server's source with tproxy
- bug: fix overlapping server flags
- bug: log response byte count, not request
- bug: fix truncated responses with sepoll
- large update to the configuration manual
- major rework of the GNU Makefile
- provide inversion for some options
- add support for "show info" on the unix socket
- add support for the "backlog" parameter
- introduce global parameter "tune.maxaccept"
- introduce "timeout http-request" in frontends
- tarpit timeout is also allowed in backends
- code did not build in full debug mode
- fix configuration hint about timeouts
Willy Tarreau [Fri, 18 Jan 2008 16:20:13 +0000 (17:20 +0100)]
[BUG] fix truncated responses with sepoll
Due to the way Linux delivers EPOLLIN and EPOLLHUP, a closed connection
received after some server data sometimes results in truncated responses
if the client disconnects before server starts to respond. The reason
is that the EPOLLHUP flag is processed as an indication of end of
transfer while some data may remain in the system's socket buffers.
This problem could only be triggered with sepoll, although nothing should
prevent it from happening with normal epoll. In fact, the work factoring
performed by sepoll increases the risk that this bug appears.
The fix consists in making FD_POLL_HUP and FD_POLL_ERR sticky and that
they are only checked if FD_POLL_IN is not set, meaning that we have
read all pending data.
That way, the problem is definitely fixed and sepoll still remains about
17% faster than epoll since it can take into account all information
returned by the kernel.
Willy Tarreau [Wed, 16 Jan 2008 15:17:06 +0000 (16:17 +0100)]
[DOC] added "server", "source" and "stats" keywords
The documentation now lists all keywords except the req* and rsp*. The
"server" keyword has been documented for mandatory parameters. Specific
settings are still waiting to be written in a dedicated section.
Willy Tarreau [Fri, 11 Jan 2008 15:28:18 +0000 (16:28 +0100)]
[DOC] added documentation for "option tcplog" to "use_backend"
- options tcplog, tcpsplice and transparent have been documented.
- keywords "srvtimeout", "timeout queue", "timeout server" and
"timeout tarpit" have been documented
- keywords "transparent" and "use_backend" have been documented
Only "server", "source" and "stats *" remain undocumented
Willy Tarreau [Tue, 8 Jan 2008 18:50:52 +0000 (19:50 +0100)]
[DOC] document options nolinger to ssl-hello-chk
Options nolinger, persist, smtpchk and ssl-hello-chk have been
documented. All keywords and options up to and including option
tcpka are now documented.
Willy Tarreau [Sun, 6 Jan 2008 22:46:19 +0000 (23:46 +0100)]
[BUG] fix typo in redispatched connection
a copy-paste typo was present in the reconnection code responsible
for respatching. The client's FSM would not be re-evaluated if an
error occurred. It looks harmless but better fix it.
Willy Tarreau [Mon, 10 Dec 2007 14:05:42 +0000 (15:05 +0100)]
[BUG] increment server connections for each connect()
It was abnormal to see more connect errors than connect attempts.
This was caused by the fact that the server's connection count was
not incremented for failed connect() attempts.
Now the per-server connections are correctly incremented for each
connect() attempt. This includes the retries too. The number of
connections effectively served by a server will then be :
Willy Tarreau [Sun, 6 Jan 2008 12:24:40 +0000 (13:24 +0100)]
[MEDIUM] introduce "timeout http-request" in frontends
In order to offer DoS protection, it may be required to lower the maximum
accepted time to receive a complete HTTP request without affecting the client
timeout. This helps protecting against established connections on which
nothing is sent. The client timeout cannot offer a good protection against
this abuse because it is an inactivity timeout, which means that if the
attacker sends one character every now and then, the timeout will not
trigger. With the HTTP request timeout, no matter what speed the client
types, the request will be aborted if it does not complete in time.
Willy Tarreau [Sun, 6 Jan 2008 10:22:57 +0000 (11:22 +0100)]
[OPTIM] introduce global parameter "tune.maxaccept"
This new parameter makes it possible to override the default
number of consecutive incoming connections which can be
accepted on a socket. By default it is not limited on single
process mode, and limited to 8 in multi-process mode.
Willy Tarreau [Sun, 6 Jan 2008 09:55:10 +0000 (10:55 +0100)]
[MINOR] add support for the "backlog" parameter
Add the "backlog" parameter to frontends, to give hints to
the system about the approximate listen backlog desired size.
In order to protect against SYN flood attacks, one solution is
to increase the system's SYN backlog size. Depending on the
system, sometimes it is just tunable via a system parameter,
sometimes it is not adjustable at all, and sometimes the system
relies on hints given by the application at the time of the
listen() syscall. By default, HAProxy passes the frontend's
maxconn value to the listen() syscall. On systems which can
make use of this value, it can sometimes be useful to be able
to specify a different value, hence this backlog parameter.
Willy Tarreau [Thu, 3 Jan 2008 09:19:15 +0000 (10:19 +0100)]
[STATS] add support for "show info" on the unix socket
It is sometimes required to know some informations such as the
process uptime when consulting statistics. This patch adds the
"show info" command to query those informations on the UNIX
socket.
Willy Tarreau [Wed, 2 Jan 2008 19:48:34 +0000 (20:48 +0100)]
[BUILD] major rework of the GNU Makefile
The build process was getting annoying under some conditions,
especially on platforms which are used to set CFLAGS, as well
as those which set a lot of complex defines. The new Makefile
takes care of this situation by not mixing TARGET, CPU and user
values, and by making privileging the pre-setting of common
variables with the ability to override them.
Now CFLAGS and LDFLAGS are set by default and may be overridden
without the risk of breaking useful defines. Options are better
dealt with, and as a bonus, it was possible to merge the FreeBSD
and OpenBSD targets into the common GNU Makefile.
The report of build options by "haproxy -vv" has been slightly
adapted to the new mode. Options implied by architecture are not
reported, only user-specified options are. It is also possible to
add options which will not be reported in order not to mangle the
output when specifying dirty informations such as URLs...
The Makefile was copiously documented and it should be easier to
build for any target now. Backwards compatibility with older
build processes was kept, and warnings are emitted for deprecated
build options.
This patch adds a possibility to invert most of available options by
introducing the "no" keyword, available as an additional prefix.
If it is found arguments are shifted left and an additional flag (inv)
is set.
It allows to use all options from a current defaults section, except
the selected ones, for example:
listen stats 1.2.3.4:80
no option contstats
-- cut here --
Currenly inversion works only with the "option" keyword.
The patch also moves last_checks calculation at the end of the readcfgfile()
function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO"
in cfg_opts so it is possible to invert forceclose without breaking httpclose
(and vice versa) and to invert tcpsplice in one proxy but to keep a proper
last_checks value when tcpsplice is used in another proxy. Now, the code
checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE.
I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO
better to use "option redispatch" which can be inverted.
Some useful documentation were added and at the same time I sorted
(alfabetically) all valid options both in the code and the documentation.
Willy Tarreau [Mon, 24 Dec 2007 15:57:09 +0000 (16:57 +0100)]
[RELEASE] Released version 1.3.14.1
Released version 1.3.14.1 with the following main changes :
- transparent proxy address was ignored in backend
- hot reconfiguration failed because of a wrong error check
- big update to the configuration manual
projects / haproxy.git / log