2007-10-16 10:25:14 +00:00
|
|
|
/*
|
2012-09-12 20:58:11 +00:00
|
|
|
* Listener management functions.
|
2007-10-16 10:25:14 +00:00
|
|
|
*
|
2013-01-07 21:54:17 +00:00
|
|
|
* Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
|
2007-10-16 10:25:14 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
* 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2014-05-07 17:01:58 +00:00
|
|
|
#include <ctype.h>
|
2012-05-07 19:22:09 +00:00
|
|
|
#include <errno.h>
|
2007-10-16 10:25:14 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
2014-02-01 08:28:36 +00:00
|
|
|
#include <unistd.h>
|
2007-10-16 10:25:14 +00:00
|
|
|
|
2020-06-04 17:11:43 +00:00
|
|
|
#include <haproxy/acl.h>
|
2020-05-27 10:58:42 +00:00
|
|
|
#include <haproxy/api.h>
|
2021-10-06 17:54:09 +00:00
|
|
|
#include <haproxy/activity.h>
|
2020-06-04 22:00:29 +00:00
|
|
|
#include <haproxy/cfgparse.h>
|
2021-10-06 07:05:08 +00:00
|
|
|
#include <haproxy/cli-t.h>
|
2020-06-04 16:02:10 +00:00
|
|
|
#include <haproxy/connection.h>
|
2020-05-27 14:10:29 +00:00
|
|
|
#include <haproxy/errors.h>
|
2020-06-09 07:07:15 +00:00
|
|
|
#include <haproxy/fd.h>
|
|
|
|
#include <haproxy/freq_ctr.h>
|
2020-06-04 15:05:57 +00:00
|
|
|
#include <haproxy/global.h>
|
2020-05-27 16:01:47 +00:00
|
|
|
#include <haproxy/list.h>
|
2020-06-04 12:58:24 +00:00
|
|
|
#include <haproxy/listener.h>
|
2020-06-04 20:01:04 +00:00
|
|
|
#include <haproxy/log.h>
|
2020-06-09 07:07:15 +00:00
|
|
|
#include <haproxy/protocol.h>
|
2021-05-08 18:30:37 +00:00
|
|
|
#include <haproxy/proxy.h>
|
2022-05-21 21:58:40 +00:00
|
|
|
#include <haproxy/quic_tp.h>
|
2020-06-09 07:07:15 +00:00
|
|
|
#include <haproxy/sample.h>
|
2020-06-04 21:46:14 +00:00
|
|
|
#include <haproxy/stream.h>
|
2020-06-04 15:25:40 +00:00
|
|
|
#include <haproxy/task.h>
|
2021-10-06 14:18:40 +00:00
|
|
|
#include <haproxy/ticks.h>
|
2020-06-09 07:07:15 +00:00
|
|
|
#include <haproxy/tools.h>
|
2012-05-07 19:22:09 +00:00
|
|
|
|
2007-10-28 21:13:50 +00:00
|
|
|
|
2012-09-12 21:17:10 +00:00
|
|
|
/* List head of all known bind keywords */
|
2022-03-29 13:02:44 +00:00
|
|
|
struct bind_kw_list bind_keywords = {
|
2012-09-12 21:17:10 +00:00
|
|
|
.list = LIST_HEAD_INIT(bind_keywords.list)
|
|
|
|
};
|
|
|
|
|
2019-12-10 10:18:41 +00:00
|
|
|
/* list of the temporarily limited listeners because of lack of resource */
|
|
|
|
static struct mt_list global_listener_queue = MT_LIST_HEAD_INIT(global_listener_queue);
|
|
|
|
static struct task *global_listener_queue_task;
|
|
|
|
|
2021-02-14 22:22:55 +00:00
|
|
|
/* listener status for stats */
|
|
|
|
const char* li_status_st[LI_STATE_COUNT] = {
|
|
|
|
[LI_STATUS_WAITING] = "WAITING",
|
|
|
|
[LI_STATUS_OPEN] = "OPEN",
|
|
|
|
[LI_STATUS_FULL] = "FULL",
|
|
|
|
};
|
2019-12-10 10:18:41 +00:00
|
|
|
|
2019-01-27 14:37:19 +00:00
|
|
|
#if defined(USE_THREAD)
|
|
|
|
|
|
|
|
struct accept_queue_ring accept_queue_rings[MAX_THREADS] __attribute__((aligned(64))) = { };
|
|
|
|
|
|
|
|
/* dequeue and process a pending connection from the local accept queue (single
|
2020-10-14 15:37:17 +00:00
|
|
|
* consumer). Returns the accepted connection or NULL if none was found.
|
2019-01-27 14:37:19 +00:00
|
|
|
*/
|
2020-10-14 15:37:17 +00:00
|
|
|
struct connection *accept_queue_pop_sc(struct accept_queue_ring *ring)
|
2019-01-27 14:37:19 +00:00
|
|
|
{
|
|
|
|
unsigned int pos, next;
|
2020-10-14 15:37:17 +00:00
|
|
|
struct connection *ptr;
|
|
|
|
struct connection **e;
|
2019-01-27 14:37:19 +00:00
|
|
|
|
|
|
|
pos = ring->head;
|
|
|
|
|
|
|
|
if (pos == ring->tail)
|
2020-10-14 15:37:17 +00:00
|
|
|
return NULL;
|
2019-01-27 14:37:19 +00:00
|
|
|
|
|
|
|
next = pos + 1;
|
|
|
|
if (next >= ACCEPT_QUEUE_SIZE)
|
|
|
|
next = 0;
|
|
|
|
|
|
|
|
e = &ring->entry[pos];
|
|
|
|
|
|
|
|
/* wait for the producer to update the listener's pointer */
|
|
|
|
while (1) {
|
2020-10-14 15:37:17 +00:00
|
|
|
ptr = *e;
|
2019-01-27 14:37:19 +00:00
|
|
|
__ha_barrier_load();
|
|
|
|
if (ptr)
|
|
|
|
break;
|
|
|
|
pl_cpu_relax();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* release the entry */
|
2020-10-14 15:37:17 +00:00
|
|
|
*e = NULL;
|
2019-01-27 14:37:19 +00:00
|
|
|
|
|
|
|
__ha_barrier_store();
|
|
|
|
ring->head = next;
|
2020-10-14 15:37:17 +00:00
|
|
|
return ptr;
|
2019-01-27 14:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-10-14 15:37:17 +00:00
|
|
|
/* tries to push a new accepted connection <conn> into ring <ring>. Returns
|
|
|
|
* non-zero if it succeeds, or zero if the ring is full. Supports multiple
|
|
|
|
* producers.
|
2019-01-27 14:37:19 +00:00
|
|
|
*/
|
2020-10-14 15:37:17 +00:00
|
|
|
int accept_queue_push_mp(struct accept_queue_ring *ring, struct connection *conn)
|
2019-01-27 14:37:19 +00:00
|
|
|
{
|
|
|
|
unsigned int pos, next;
|
|
|
|
|
|
|
|
pos = ring->tail;
|
|
|
|
do {
|
|
|
|
next = pos + 1;
|
|
|
|
if (next >= ACCEPT_QUEUE_SIZE)
|
|
|
|
next = 0;
|
|
|
|
if (next == ring->head)
|
|
|
|
return 0; // ring full
|
2019-03-08 17:52:57 +00:00
|
|
|
} while (unlikely(!_HA_ATOMIC_CAS(&ring->tail, &pos, next)));
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2020-10-14 15:37:17 +00:00
|
|
|
ring->entry[pos] = conn;
|
2019-01-27 14:37:19 +00:00
|
|
|
__ha_barrier_store();
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2021-01-29 11:25:23 +00:00
|
|
|
/* proceed with accepting new connections. Don't mark it static so that it appears
|
|
|
|
* in task dumps.
|
|
|
|
*/
|
2021-03-02 15:09:26 +00:00
|
|
|
struct task *accept_queue_process(struct task *t, void *context, unsigned int state)
|
2019-01-27 14:37:19 +00:00
|
|
|
{
|
|
|
|
struct accept_queue_ring *ring = context;
|
2020-10-14 15:37:17 +00:00
|
|
|
struct connection *conn;
|
2019-01-27 14:37:19 +00:00
|
|
|
struct listener *li;
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
unsigned int max_accept;
|
2019-01-27 14:37:19 +00:00
|
|
|
int ret;
|
|
|
|
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
/* if global.tune.maxaccept is -1, then max_accept is UINT_MAX. It
|
|
|
|
* is not really illimited, but it is probably enough.
|
|
|
|
*/
|
2021-02-19 14:50:27 +00:00
|
|
|
max_accept = global.tune.maxaccept ? global.tune.maxaccept : MAX_ACCEPT;
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
for (; max_accept; max_accept--) {
|
2020-10-14 15:37:17 +00:00
|
|
|
conn = accept_queue_pop_sc(ring);
|
|
|
|
if (!conn)
|
2019-01-27 14:37:19 +00:00
|
|
|
break;
|
|
|
|
|
2020-10-14 15:37:17 +00:00
|
|
|
li = __objt_listener(conn->target);
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&li->thr_conn[tid]);
|
2020-10-14 15:37:17 +00:00
|
|
|
ret = li->accept(conn);
|
2019-01-27 14:37:19 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
/* connection was terminated by the application */
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* increase the per-process number of cumulated sessions, this
|
|
|
|
* may only be done once l->accept() has accepted the connection.
|
|
|
|
*/
|
|
|
|
if (!(li->options & LI_O_UNLIMITED)) {
|
|
|
|
HA_ATOMIC_UPDATE_MAX(&global.sps_max,
|
|
|
|
update_freq_ctr(&global.sess_per_sec, 1));
|
2022-05-20 13:56:32 +00:00
|
|
|
if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
|
2019-01-27 14:37:19 +00:00
|
|
|
HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
|
|
|
|
update_freq_ctr(&global.ssl_per_sec, 1));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ran out of budget ? Let's come here ASAP */
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
if (!max_accept)
|
2019-09-24 04:55:18 +00:00
|
|
|
tasklet_wakeup(ring->tasklet);
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2019-09-24 04:55:18 +00:00
|
|
|
return NULL;
|
2019-01-27 14:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Initializes the accept-queues. Returns 0 on success, otherwise ERR_* flags */
|
|
|
|
static int accept_queue_init()
|
|
|
|
{
|
2019-09-24 04:55:18 +00:00
|
|
|
struct tasklet *t;
|
2019-01-27 14:37:19 +00:00
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < global.nbthread; i++) {
|
2019-09-24 04:55:18 +00:00
|
|
|
t = tasklet_new();
|
2019-01-27 14:37:19 +00:00
|
|
|
if (!t) {
|
|
|
|
ha_alert("Out of memory while initializing accept queue for thread %d\n", i);
|
|
|
|
return ERR_FATAL|ERR_ABORT;
|
|
|
|
}
|
2019-09-24 04:55:18 +00:00
|
|
|
t->tid = i;
|
2019-01-27 14:37:19 +00:00
|
|
|
t->process = accept_queue_process;
|
|
|
|
t->context = &accept_queue_rings[i];
|
2019-09-24 04:55:18 +00:00
|
|
|
accept_queue_rings[i].tasklet = t;
|
2019-01-27 14:37:19 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
REGISTER_CONFIG_POSTPARSER("multi-threaded accept queue", accept_queue_init);
|
|
|
|
|
2022-04-27 16:42:47 +00:00
|
|
|
static void accept_queue_deinit()
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < global.nbthread; i++) {
|
|
|
|
if (accept_queue_rings[i].tasklet)
|
|
|
|
tasklet_free(accept_queue_rings[i].tasklet);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
REGISTER_POST_DEINIT(accept_queue_deinit);
|
|
|
|
|
2019-01-27 14:37:19 +00:00
|
|
|
#endif // USE_THREAD
|
|
|
|
|
2022-01-25 15:21:47 +00:00
|
|
|
/* Memory allocation and initialization of the per_thr field.
|
|
|
|
* Returns 0 if the field has been successfully initialized, -1 on failure.
|
|
|
|
*/
|
|
|
|
int li_init_per_thr(struct listener *li)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* allocate per-thread elements for listener */
|
|
|
|
li->per_thr = calloc(global.nbthread, sizeof(*li->per_thr));
|
|
|
|
if (!li->per_thr)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
for (i = 0; i < global.nbthread; ++i) {
|
|
|
|
MT_LIST_INIT(&li->per_thr[i].quic_accept.list);
|
|
|
|
MT_LIST_INIT(&li->per_thr[i].quic_accept.conns);
|
|
|
|
|
|
|
|
li->per_thr[i].li = li;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-02-14 22:22:55 +00:00
|
|
|
/* helper to get listener status for stats */
|
|
|
|
enum li_status get_li_status(struct listener *l)
|
|
|
|
{
|
|
|
|
if (!l->maxconn || l->nbconn < l->maxconn) {
|
|
|
|
if (l->state == LI_LIMITED)
|
|
|
|
return LI_STATUS_WAITING;
|
|
|
|
else
|
|
|
|
return LI_STATUS_OPEN;
|
|
|
|
}
|
|
|
|
return LI_STATUS_FULL;
|
|
|
|
}
|
|
|
|
|
2020-09-24 05:27:06 +00:00
|
|
|
/* adjust the listener's state and its proxy's listener counters if needed.
|
|
|
|
* It must be called under the listener's lock, but uses atomic ops to change
|
|
|
|
* the proxy's counters so that the proxy lock is not needed.
|
|
|
|
*/
|
2020-09-24 05:23:45 +00:00
|
|
|
void listener_set_state(struct listener *l, enum li_state st)
|
|
|
|
{
|
2020-09-24 05:27:06 +00:00
|
|
|
struct proxy *px = l->bind_conf->frontend;
|
|
|
|
|
|
|
|
if (px) {
|
|
|
|
/* from state */
|
|
|
|
switch (l->state) {
|
|
|
|
case LI_NEW: /* first call */
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&px->li_all);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
case LI_INIT:
|
|
|
|
case LI_ASSIGNED:
|
|
|
|
break;
|
|
|
|
case LI_PAUSED:
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&px->li_paused);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
case LI_LISTEN:
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&px->li_bound);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
case LI_READY:
|
|
|
|
case LI_FULL:
|
|
|
|
case LI_LIMITED:
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&px->li_ready);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* to state */
|
|
|
|
switch (st) {
|
|
|
|
case LI_NEW:
|
|
|
|
case LI_INIT:
|
|
|
|
case LI_ASSIGNED:
|
|
|
|
break;
|
|
|
|
case LI_PAUSED:
|
2020-10-08 13:32:21 +00:00
|
|
|
BUG_ON(l->rx.fd == -1);
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&px->li_paused);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
case LI_LISTEN:
|
2020-10-08 13:32:21 +00:00
|
|
|
BUG_ON(l->rx.fd == -1);
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&px->li_bound);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
case LI_READY:
|
|
|
|
case LI_FULL:
|
|
|
|
case LI_LIMITED:
|
2020-10-08 13:32:21 +00:00
|
|
|
BUG_ON(l->rx.fd == -1);
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&px->li_ready);
|
2020-09-24 05:27:06 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2020-09-24 05:23:45 +00:00
|
|
|
l->state = st;
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:59:24 +00:00
|
|
|
/* This function adds the specified listener's file descriptor to the polling
|
|
|
|
* lists if it is in the LI_LISTEN state. The listener enters LI_READY or
|
2020-04-02 10:25:26 +00:00
|
|
|
* LI_FULL state depending on its number of connections. In daemon mode, we
|
2014-05-07 17:22:24 +00:00
|
|
|
* also support binding only the relevant processes to their respective
|
|
|
|
* listeners. We don't do that in debug mode however.
|
2007-10-28 20:59:24 +00:00
|
|
|
*/
|
2020-09-25 14:40:18 +00:00
|
|
|
void enable_listener(struct listener *listener)
|
2007-10-28 20:59:24 +00:00
|
|
|
{
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
|
2020-10-09 08:35:40 +00:00
|
|
|
|
|
|
|
/* If this listener is supposed to be only in the master, close it in
|
|
|
|
* the workers. Conversely, if it's supposed to be only in the workers
|
|
|
|
* close it in the master.
|
|
|
|
*/
|
2020-10-09 14:11:46 +00:00
|
|
|
if (!!master != !!(listener->rx.flags & RX_F_MWORKER))
|
2020-10-09 13:55:23 +00:00
|
|
|
do_unbind_listener(listener);
|
2020-10-09 08:35:40 +00:00
|
|
|
|
2007-10-28 20:59:24 +00:00
|
|
|
if (listener->state == LI_LISTEN) {
|
2020-10-08 13:32:21 +00:00
|
|
|
BUG_ON(listener->rx.fd == -1);
|
2017-06-01 15:38:50 +00:00
|
|
|
if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) &&
|
2021-06-15 06:36:30 +00:00
|
|
|
(!!master != !!(listener->rx.flags & RX_F_MWORKER))) {
|
2014-05-07 17:22:24 +00:00
|
|
|
/* we don't want to enable this listener and don't
|
|
|
|
* want any fd event to reach it.
|
|
|
|
*/
|
2020-10-09 13:55:23 +00:00
|
|
|
do_unbind_listener(listener);
|
2014-05-07 17:22:24 +00:00
|
|
|
}
|
2019-02-27 15:49:00 +00:00
|
|
|
else if (!listener->maxconn || listener->nbconn < listener->maxconn) {
|
2020-09-25 18:32:28 +00:00
|
|
|
listener->rx.proto->enable(listener);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(listener, LI_READY);
|
2014-05-07 17:22:24 +00:00
|
|
|
}
|
|
|
|
else {
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(listener, LI_FULL);
|
2007-10-28 20:59:24 +00:00
|
|
|
}
|
|
|
|
}
|
2020-10-09 08:35:40 +00:00
|
|
|
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
|
2007-10-28 20:59:24 +00:00
|
|
|
}
|
|
|
|
|
2020-10-07 13:58:50 +00:00
|
|
|
/*
|
2022-09-11 14:19:49 +00:00
|
|
|
* This function completely stops a listener.
|
|
|
|
* The proxy's listeners count is updated and the proxy is
|
|
|
|
* disabled and woken up after the last one is gone.
|
2022-09-09 13:32:57 +00:00
|
|
|
* It will need to operate under the proxy's lock and the protocol's lock.
|
|
|
|
* The caller is responsible for indicating in lpx, lpr whether the
|
|
|
|
* respective locks are already held (non-zero) or not (zero) so that the
|
|
|
|
* function picks the missing ones, in this order.
|
2020-10-07 13:58:50 +00:00
|
|
|
*/
|
2022-09-09 13:32:57 +00:00
|
|
|
void stop_listener(struct listener *l, int lpx, int lpr)
|
2020-10-07 13:58:50 +00:00
|
|
|
{
|
|
|
|
struct proxy *px = l->bind_conf->frontend;
|
|
|
|
|
|
|
|
if (l->options & LI_O_NOSTOP) {
|
|
|
|
/* master-worker sockpairs are never closed but don't count as a
|
|
|
|
* job.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!lpx)
|
2020-10-20 15:24:27 +00:00
|
|
|
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
|
2020-10-07 13:58:50 +00:00
|
|
|
|
|
|
|
if (!lpr)
|
|
|
|
HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
|
|
|
|
|
2022-09-09 13:32:57 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
|
2020-10-07 13:58:50 +00:00
|
|
|
|
|
|
|
if (l->state > LI_INIT) {
|
2020-10-09 13:55:23 +00:00
|
|
|
do_unbind_listener(l);
|
2020-10-07 13:58:50 +00:00
|
|
|
|
|
|
|
if (l->state >= LI_ASSIGNED)
|
|
|
|
__delete_listener(l);
|
|
|
|
|
2020-10-07 14:31:39 +00:00
|
|
|
proxy_cond_disable(px);
|
2020-10-07 13:58:50 +00:00
|
|
|
}
|
|
|
|
|
2022-09-09 13:32:57 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
|
2020-10-07 13:58:50 +00:00
|
|
|
|
|
|
|
if (!lpr)
|
|
|
|
HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
|
|
|
|
|
|
|
|
if (!lpx)
|
2020-10-20 15:24:27 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
|
2020-10-07 13:58:50 +00:00
|
|
|
}
|
|
|
|
|
2020-12-04 14:03:36 +00:00
|
|
|
/* This function adds the specified <listener> to the protocol <proto>. It
|
|
|
|
* does nothing if the protocol was already added. The listener's state is
|
|
|
|
* automatically updated from LI_INIT to LI_ASSIGNED. The number of listeners
|
|
|
|
* for the protocol is updated. This must be called with the proto lock held.
|
|
|
|
*/
|
|
|
|
void default_add_listener(struct protocol *proto, struct listener *listener)
|
|
|
|
{
|
|
|
|
if (listener->state != LI_INIT)
|
|
|
|
return;
|
|
|
|
listener_set_state(listener, LI_ASSIGNED);
|
|
|
|
listener->rx.proto = proto;
|
2021-04-21 05:32:39 +00:00
|
|
|
LIST_APPEND(&proto->receivers, &listener->rx.proto_list);
|
2020-12-04 14:03:36 +00:00
|
|
|
proto->nb_receivers++;
|
|
|
|
}
|
|
|
|
|
2020-10-09 15:02:21 +00:00
|
|
|
/* default function called to suspend a listener: it simply passes the call to
|
|
|
|
* the underlying receiver. This is find for most socket-based protocols. This
|
|
|
|
* must be called under the listener's lock. It will return non-zero on success,
|
|
|
|
* 0 on failure. If no receiver-level suspend is provided, the operation is
|
|
|
|
* assumed to succeed.
|
|
|
|
*/
|
|
|
|
int default_suspend_listener(struct listener *l)
|
|
|
|
{
|
|
|
|
int ret = 1;
|
|
|
|
|
|
|
|
if (!l->rx.proto->rx_suspend)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
ret = l->rx.proto->rx_suspend(&l->rx);
|
|
|
|
return ret > 0 ? ret : 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Tries to resume a suspended listener, and returns non-zero on success or
|
|
|
|
* zero on failure. On certain errors, an alert or a warning might be displayed.
|
|
|
|
* It must be called with the listener's lock held. Depending on the listener's
|
|
|
|
* state and protocol, a listen() call might be used to resume operations, or a
|
|
|
|
* call to the receiver's resume() function might be used as well. This is
|
|
|
|
* suitable as a default function for TCP and UDP. This must be called with the
|
|
|
|
* listener's lock held.
|
|
|
|
*/
|
|
|
|
int default_resume_listener(struct listener *l)
|
|
|
|
{
|
|
|
|
int ret = 1;
|
|
|
|
|
|
|
|
if (l->state == LI_ASSIGNED) {
|
|
|
|
char msg[100];
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = l->rx.proto->listen(l, msg, sizeof(msg));
|
|
|
|
if (err & ERR_ALERT)
|
|
|
|
ha_alert("Resuming listener: %s\n", msg);
|
|
|
|
else if (err & ERR_WARN)
|
|
|
|
ha_warning("Resuming listener: %s\n", msg);
|
|
|
|
|
|
|
|
if (err & (ERR_FATAL | ERR_ABORT)) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (l->state < LI_PAUSED) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (l->state == LI_PAUSED && l->rx.proto->rx_resume &&
|
|
|
|
l->rx.proto->rx_resume(&l->rx) <= 0)
|
|
|
|
ret = 0;
|
|
|
|
end:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-07-24 16:28:10 +00:00
|
|
|
/* This function tries to temporarily disable a listener, depending on the OS
|
|
|
|
* capabilities. Linux unbinds the listen socket after a SHUT_RD, and ignores
|
|
|
|
* SHUT_WR. Solaris refuses either shutdown(). OpenBSD ignores SHUT_RD but
|
|
|
|
* closes upon SHUT_WR and refuses to rebind. So a common validation path
|
|
|
|
* involves SHUT_WR && listen && SHUT_RD. In case of success, the FD's polling
|
|
|
|
* is disabled. It normally returns non-zero, unless an error is reported.
|
2022-09-09 13:32:57 +00:00
|
|
|
* It will need to operate under the proxy's lock. The caller is
|
|
|
|
* responsible for indicating in lpx whether the proxy locks is
|
|
|
|
* already held (non-zero) or not (zero) so that the function picks it.
|
2011-07-24 16:28:10 +00:00
|
|
|
*/
|
2022-09-09 13:32:57 +00:00
|
|
|
int pause_listener(struct listener *l, int lpx)
|
2011-07-24 16:28:10 +00:00
|
|
|
{
|
2020-09-24 14:03:29 +00:00
|
|
|
struct proxy *px = l->bind_conf->frontend;
|
2017-05-30 13:36:50 +00:00
|
|
|
int ret = 1;
|
|
|
|
|
2022-09-09 13:32:57 +00:00
|
|
|
if (!lpx)
|
|
|
|
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
|
|
|
|
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
|
2017-05-30 13:36:50 +00:00
|
|
|
|
2020-09-24 12:46:34 +00:00
|
|
|
if (l->state <= LI_PAUSED)
|
|
|
|
goto end;
|
|
|
|
|
2020-10-09 15:02:21 +00:00
|
|
|
if (l->rx.proto->suspend)
|
|
|
|
ret = l->rx.proto->suspend(l);
|
2011-07-24 16:28:10 +00:00
|
|
|
|
2021-04-21 05:32:39 +00:00
|
|
|
MT_LIST_DELETE(&l->wait_queue);
|
2011-07-24 20:03:52 +00:00
|
|
|
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_PAUSED);
|
2020-09-24 14:03:29 +00:00
|
|
|
|
|
|
|
if (px && !px->li_ready) {
|
2022-09-09 13:51:37 +00:00
|
|
|
/* PROXY_LOCK is required */
|
|
|
|
proxy_cond_pause(px);
|
2020-09-24 14:03:29 +00:00
|
|
|
ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
|
|
|
|
send_log(px, LOG_WARNING, "Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
|
|
|
|
}
|
2017-05-30 13:36:50 +00:00
|
|
|
end:
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
|
2022-09-09 13:32:57 +00:00
|
|
|
|
|
|
|
if (!lpx)
|
|
|
|
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
|
|
|
|
|
2017-05-30 13:36:50 +00:00
|
|
|
return ret;
|
2011-07-24 16:28:10 +00:00
|
|
|
}
|
|
|
|
|
2011-07-24 20:03:52 +00:00
|
|
|
/* This function tries to resume a temporarily disabled listener. Paused, full,
|
|
|
|
* limited and disabled listeners are handled, which means that this function
|
|
|
|
* may replace enable_listener(). The resulting state will either be LI_READY
|
|
|
|
* or LI_FULL. 0 is returned in case of failure to resume (eg: dead socket).
|
2014-05-07 17:22:24 +00:00
|
|
|
* Listeners bound to a different process are not woken up unless we're in
|
2015-04-14 10:07:16 +00:00
|
|
|
* foreground mode, and are ignored. If the listener was only in the assigned
|
|
|
|
* state, it's totally rebound. This can happen if a pause() has completely
|
|
|
|
* stopped it. If the resume fails, 0 is returned and an error might be
|
|
|
|
* displayed.
|
2022-09-09 13:32:57 +00:00
|
|
|
* It will need to operate under the proxy's lock. The caller is
|
|
|
|
* responsible for indicating in lpx whether the proxy locks is
|
|
|
|
* already held (non-zero) or not (zero) so that the function picks it.
|
2011-07-24 16:28:10 +00:00
|
|
|
*/
|
2022-09-09 13:32:57 +00:00
|
|
|
int resume_listener(struct listener *l, int lpx)
|
2011-07-24 16:28:10 +00:00
|
|
|
{
|
2020-09-24 14:03:29 +00:00
|
|
|
struct proxy *px = l->bind_conf->frontend;
|
|
|
|
int was_paused = px && px->li_paused;
|
2017-05-30 13:36:50 +00:00
|
|
|
int ret = 1;
|
|
|
|
|
2022-09-09 13:32:57 +00:00
|
|
|
if (!lpx)
|
|
|
|
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
|
|
|
|
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
|
2017-05-30 13:36:50 +00:00
|
|
|
|
BUG/MAJOR: listener: fix thread safety in resume_listener()
resume_listener() can be called from a thread not part of the listener's
mask after a curr_conn has gone lower than a proxy's or the process' limit.
This results in fd_may_recv() being called unlocked if the listener is
bound to only one thread, and quickly locks up.
This patch solves this by creating a per-thread work_list dedicated to
listeners, and modifying resume_listener() so that it bounces the listener
to one of its owning thread's work_list and waking it up. This thread will
then call resume_listener() again and will perform the operation on the
file descriptor itself. It is important to do it this way so that the
listener's state cannot be modified while the listener is being moved,
otherwise multiple threads can take conflicting decisions and the listener
could be put back into the global queue if the listener was used at the
same time.
It seems like a slightly simpler approach would be possible if the locked
list API would provide the ability to return a locked element. In this
case the listener would be immediately requeued in dequeue_all_listeners()
without having to go through resume_listener() with its associated lock.
This fix must be backported to all versions having the lock-less accept
loop, which is as far as 1.8 since deadlock fixes involving this feature
had to be backported there. It is expected that the code should not differ
too much there. However, previous commit "MINOR: task: introduce work lists"
will be needed as well and should not present difficulties either. For 1.8,
the commits introducing thread_mask() and LIST_ADDED() will be needed as
well, either backporting my_flsl() or switching to my_ffsl() will be OK,
and some changes will have to be performed so that the init function is
properly called (and maybe the deinit one can be dropped).
In order to test for the fix, simply set up a multi-threaded frontend with
multiple bind lines each attached to a single thread (reproduced with 16
threads here), set up a very low maxconn value on the frontend, and inject
heavy traffic on all listeners in parallel with slightly more connections
than the configured limit ( typically +20%) so that it flips very
frequently. If the bug is still there, at some point (5-20 seconds) the
traffic will go much lower or even stop, either with spinning threads or
not.
2019-07-11 08:08:31 +00:00
|
|
|
/* check that another thread didn't to the job in parallel (e.g. at the
|
|
|
|
* end of listen_accept() while we'd come from dequeue_all_listeners().
|
|
|
|
*/
|
2021-04-21 05:32:39 +00:00
|
|
|
if (MT_LIST_INLIST(&l->wait_queue))
|
BUG/MAJOR: listener: fix thread safety in resume_listener()
resume_listener() can be called from a thread not part of the listener's
mask after a curr_conn has gone lower than a proxy's or the process' limit.
This results in fd_may_recv() being called unlocked if the listener is
bound to only one thread, and quickly locks up.
This patch solves this by creating a per-thread work_list dedicated to
listeners, and modifying resume_listener() so that it bounces the listener
to one of its owning thread's work_list and waking it up. This thread will
then call resume_listener() again and will perform the operation on the
file descriptor itself. It is important to do it this way so that the
listener's state cannot be modified while the listener is being moved,
otherwise multiple threads can take conflicting decisions and the listener
could be put back into the global queue if the listener was used at the
same time.
It seems like a slightly simpler approach would be possible if the locked
list API would provide the ability to return a locked element. In this
case the listener would be immediately requeued in dequeue_all_listeners()
without having to go through resume_listener() with its associated lock.
This fix must be backported to all versions having the lock-less accept
loop, which is as far as 1.8 since deadlock fixes involving this feature
had to be backported there. It is expected that the code should not differ
too much there. However, previous commit "MINOR: task: introduce work lists"
will be needed as well and should not present difficulties either. For 1.8,
the commits introducing thread_mask() and LIST_ADDED() will be needed as
well, either backporting my_flsl() or switching to my_ffsl() will be OK,
and some changes will have to be performed so that the init function is
properly called (and maybe the deinit one can be dropped).
In order to test for the fix, simply set up a multi-threaded frontend with
multiple bind lines each attached to a single thread (reproduced with 16
threads here), set up a very low maxconn value on the frontend, and inject
heavy traffic on all listeners in parallel with slightly more connections
than the configured limit ( typically +20%) so that it flips very
frequently. If the bug is still there, at some point (5-20 seconds) the
traffic will go much lower or even stop, either with spinning threads or
not.
2019-07-11 08:08:31 +00:00
|
|
|
goto end;
|
|
|
|
|
2020-09-24 16:54:11 +00:00
|
|
|
if (l->state == LI_READY)
|
|
|
|
goto end;
|
|
|
|
|
2020-10-09 15:02:21 +00:00
|
|
|
if (l->rx.proto->resume)
|
|
|
|
ret = l->rx.proto->resume(l);
|
2011-07-24 16:28:10 +00:00
|
|
|
|
2019-02-27 15:49:00 +00:00
|
|
|
if (l->maxconn && l->nbconn >= l->maxconn) {
|
2020-09-25 18:32:28 +00:00
|
|
|
l->rx.proto->disable(l);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_FULL);
|
2020-09-24 14:03:29 +00:00
|
|
|
goto done;
|
2011-07-24 16:28:10 +00:00
|
|
|
}
|
|
|
|
|
2020-09-25 18:32:28 +00:00
|
|
|
l->rx.proto->enable(l);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_READY);
|
2020-09-24 14:03:29 +00:00
|
|
|
|
|
|
|
done:
|
|
|
|
if (was_paused && !px->li_paused) {
|
2022-09-09 13:51:37 +00:00
|
|
|
/* PROXY_LOCK is required */
|
|
|
|
proxy_cond_resume(px);
|
2020-09-24 14:03:29 +00:00
|
|
|
ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id);
|
|
|
|
send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id);
|
|
|
|
}
|
2017-05-30 13:36:50 +00:00
|
|
|
end:
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
|
2022-09-09 13:32:57 +00:00
|
|
|
|
|
|
|
if (!lpx)
|
|
|
|
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
|
|
|
|
|
2017-05-30 13:36:50 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
REORG/MAJOR: session: rename the "session" entity to "stream"
With HTTP/2, we'll have to support multiplexed streams. A stream is in
fact the largest part of what we currently call a session, it has buffers,
logs, etc.
In order to catch any error, this commit removes any reference to the
struct session and tries to rename most "session" occurrences in function
names to "stream" and "sess" to "strm" when that's related to a session.
The files stream.{c,h} were added and session.{c,h} removed.
The session will be reintroduced later and a few parts of the stream
will progressively be moved overthere. It will more or less contain
only what we need in an embryonic session.
Sample fetch functions and converters will have to change a bit so
that they'll use an L5 (session) instead of what's currently called
"L4" which is in fact L6 for now.
Once all changes are completed, we should see approximately this :
L7 - http_txn
L6 - stream
L5 - session
L4 - connection | applet
There will be at most one http_txn per stream, and a same session will
possibly be referenced by multiple streams. A connection will point to
a session and to a stream. The session will hold all the information
we need to keep even when we don't yet have a stream.
Some more cleanup is needed because some code was already far from
being clean. The server queue management still refers to sessions at
many places while comments talk about connections. This will have to
be cleaned up once we have a server-side connection pool manager.
Stream flags "SN_*" still need to be renamed, it doesn't seem like
any of them will need to move to the session.
2015-04-02 22:22:06 +00:00
|
|
|
/* Marks a ready listener as full so that the stream code tries to re-enable
|
2011-07-24 17:23:38 +00:00
|
|
|
* it upon next close() using resume_listener().
|
|
|
|
*/
|
2017-08-28 13:29:20 +00:00
|
|
|
static void listener_full(struct listener *l)
|
2011-07-24 17:23:38 +00:00
|
|
|
{
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
|
2011-07-24 17:23:38 +00:00
|
|
|
if (l->state >= LI_READY) {
|
2021-04-21 05:32:39 +00:00
|
|
|
MT_LIST_DELETE(&l->wait_queue);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
if (l->state != LI_FULL) {
|
2020-09-25 18:32:28 +00:00
|
|
|
l->rx.proto->disable(l);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_FULL);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
}
|
2011-07-24 17:23:38 +00:00
|
|
|
}
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
|
2011-07-24 17:23:38 +00:00
|
|
|
}
|
|
|
|
|
2011-07-24 20:03:52 +00:00
|
|
|
/* Marks a ready listener as limited so that we only try to re-enable it when
|
|
|
|
* resources are free again. It will be queued into the specified queue.
|
|
|
|
*/
|
2019-08-08 13:47:21 +00:00
|
|
|
static void limit_listener(struct listener *l, struct mt_list *list)
|
2011-07-24 20:03:52 +00:00
|
|
|
{
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
|
2011-07-24 20:03:52 +00:00
|
|
|
if (l->state == LI_READY) {
|
2021-04-21 05:32:39 +00:00
|
|
|
MT_LIST_TRY_APPEND(list, &l->wait_queue);
|
2020-09-25 18:32:28 +00:00
|
|
|
l->rx.proto->disable(l);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_LIMITED);
|
2011-07-24 20:03:52 +00:00
|
|
|
}
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
|
2011-07-24 20:03:52 +00:00
|
|
|
}
|
|
|
|
|
2019-12-10 13:10:52 +00:00
|
|
|
/* Dequeues all listeners waiting for a resource the global wait queue */
|
|
|
|
void dequeue_all_listeners()
|
2011-07-24 20:03:52 +00:00
|
|
|
{
|
BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
There is a very difficult to reproduce race in the listener's accept
code, which is much easier to reproduce once connection limits are
properly enforced. It's an ABBA lock issue :
- the following functions take l->lock then lq_lock :
disable_listener, pause_listener, listener_full, limit_listener,
do_unbind_listener
- the following ones take lq_lock then l->lock :
resume_listener, dequeue_all_listener
This is because __resume_listener() only takes the listener's lock
and expects to be called with lq_lock held. The problem can easily
happen when listener_full() and limit_listener() are called a lot
while in parallel another thread releases sessions for the same
listener using listener_release() which in turn calls resume_listener().
This scenario is more prevalent in 2.0-dev since the removal of the
accept lock in listener_accept(). However in 1.9 and before, a different
but extremely unlikely scenario can happen :
thread1 thread2
............................ enter listener_accept()
limit_listener()
............................ long pause before taking the lock
session_free()
dequeue_all_listeners()
lock(lq_lock) [1]
............................ try_lock(l->lock) [2]
__resume_listener()
spin_lock(l->lock) =>WAIT[2]
............................ accept()
l->accept()
nbconn==maxconn =>
listener_full()
state==LI_LIMITED =>
lock(lq_lock) =>DEADLOCK[1]!
In practice it is almost impossible to trigger it because it requires
to limit both on the listener's maxconn and the frontend's rate limit,
at the same time, and to release the listener when the connection rate
goes below the limit between poll() returns the FD and the lock is
taken (a few nanoseconds). But maybe with threads competing on the
same core it has more chances to appear.
This patch removes the lq_lock and replaces it with a lockless queue
for the listener's wait queue (well, technically speaking a self-locked
queue) brought by commit a8434ec14 ("MINOR: lists: Implement locked
variations.") and its few subsequent fixes. This relieves us from the
need of the lq_lock and removes the deadlock. It also gets rid of the
distinction between __resume_listener() and resume_listener() since the
only difference was the lq_lock. All listener removals from the list
are now unconditional to avoid races on the state. It's worth noting
that the list used to never be initialized and that it used to work
only thanks to the state tests, so the initialization has now been
added.
This patch must carefully be backported to 1.9 and very likely 1.8.
It is mandatory to be careful about replacing all manipulations of
l->wait_queue, global.listener_queue and p->listener_queue.
2019-02-28 09:27:18 +00:00
|
|
|
struct listener *listener;
|
2011-07-24 20:03:52 +00:00
|
|
|
|
2019-12-10 13:10:52 +00:00
|
|
|
while ((listener = MT_LIST_POP(&global_listener_queue, struct listener *, wait_queue))) {
|
|
|
|
/* This cannot fail because the listeners are by definition in
|
|
|
|
* the LI_LIMITED state.
|
|
|
|
*/
|
2022-09-09 13:32:57 +00:00
|
|
|
resume_listener(listener, 0);
|
2019-12-10 13:10:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Dequeues all listeners waiting for a resource in proxy <px>'s queue */
|
|
|
|
void dequeue_proxy_listeners(struct proxy *px)
|
|
|
|
{
|
|
|
|
struct listener *listener;
|
|
|
|
|
|
|
|
while ((listener = MT_LIST_POP(&px->listener_queue, struct listener *, wait_queue))) {
|
2011-07-24 20:03:52 +00:00
|
|
|
/* This cannot fail because the listeners are by definition in
|
BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
There is a very difficult to reproduce race in the listener's accept
code, which is much easier to reproduce once connection limits are
properly enforced. It's an ABBA lock issue :
- the following functions take l->lock then lq_lock :
disable_listener, pause_listener, listener_full, limit_listener,
do_unbind_listener
- the following ones take lq_lock then l->lock :
resume_listener, dequeue_all_listener
This is because __resume_listener() only takes the listener's lock
and expects to be called with lq_lock held. The problem can easily
happen when listener_full() and limit_listener() are called a lot
while in parallel another thread releases sessions for the same
listener using listener_release() which in turn calls resume_listener().
This scenario is more prevalent in 2.0-dev since the removal of the
accept lock in listener_accept(). However in 1.9 and before, a different
but extremely unlikely scenario can happen :
thread1 thread2
............................ enter listener_accept()
limit_listener()
............................ long pause before taking the lock
session_free()
dequeue_all_listeners()
lock(lq_lock) [1]
............................ try_lock(l->lock) [2]
__resume_listener()
spin_lock(l->lock) =>WAIT[2]
............................ accept()
l->accept()
nbconn==maxconn =>
listener_full()
state==LI_LIMITED =>
lock(lq_lock) =>DEADLOCK[1]!
In practice it is almost impossible to trigger it because it requires
to limit both on the listener's maxconn and the frontend's rate limit,
at the same time, and to release the listener when the connection rate
goes below the limit between poll() returns the FD and the lock is
taken (a few nanoseconds). But maybe with threads competing on the
same core it has more chances to appear.
This patch removes the lq_lock and replaces it with a lockless queue
for the listener's wait queue (well, technically speaking a self-locked
queue) brought by commit a8434ec14 ("MINOR: lists: Implement locked
variations.") and its few subsequent fixes. This relieves us from the
need of the lq_lock and removes the deadlock. It also gets rid of the
distinction between __resume_listener() and resume_listener() since the
only difference was the lq_lock. All listener removals from the list
are now unconditional to avoid races on the state. It's worth noting
that the list used to never be initialized and that it used to work
only thanks to the state tests, so the initialization has now been
added.
This patch must carefully be backported to 1.9 and very likely 1.8.
It is mandatory to be careful about replacing all manipulations of
l->wait_queue, global.listener_queue and p->listener_queue.
2019-02-28 09:27:18 +00:00
|
|
|
* the LI_LIMITED state.
|
2011-07-24 20:03:52 +00:00
|
|
|
*/
|
2022-09-09 13:32:57 +00:00
|
|
|
resume_listener(listener, 0);
|
2011-07-24 20:03:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-09 15:18:29 +00:00
|
|
|
|
|
|
|
/* default function used to unbind a listener. This is for use by standard
|
|
|
|
* protocols working on top of accepted sockets. The receiver's rx_unbind()
|
|
|
|
* will automatically be used after the listener is disabled if the socket is
|
|
|
|
* still bound. This must be used under the listener's lock.
|
2018-03-16 09:04:47 +00:00
|
|
|
*/
|
2020-10-09 15:18:29 +00:00
|
|
|
void default_unbind_listener(struct listener *listener)
|
2007-10-28 21:13:50 +00:00
|
|
|
{
|
2020-10-08 13:36:46 +00:00
|
|
|
if (listener->state <= LI_ASSIGNED)
|
|
|
|
goto out_close;
|
|
|
|
|
|
|
|
if (listener->rx.fd == -1) {
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(listener, LI_ASSIGNED);
|
2020-10-08 13:36:46 +00:00
|
|
|
goto out_close;
|
|
|
|
}
|
|
|
|
|
2020-10-09 14:32:08 +00:00
|
|
|
if (listener->state >= LI_READY) {
|
|
|
|
listener->rx.proto->disable(listener);
|
|
|
|
if (listener->rx.flags & RX_F_BOUND)
|
2020-10-08 13:36:46 +00:00
|
|
|
listener_set_state(listener, LI_LISTEN);
|
2020-09-23 14:24:23 +00:00
|
|
|
}
|
|
|
|
|
2020-10-08 13:36:46 +00:00
|
|
|
out_close:
|
2020-10-09 14:32:08 +00:00
|
|
|
if (listener->rx.flags & RX_F_BOUND)
|
|
|
|
listener->rx.proto->rx_unbind(&listener->rx);
|
2020-10-09 15:18:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* This function closes the listening socket for the specified listener,
|
|
|
|
* provided that it's already in a listening state. The protocol's unbind()
|
|
|
|
* is called to put the listener into LI_ASSIGNED or LI_LISTEN and handle
|
|
|
|
* the unbinding tasks. The listener enters then the LI_ASSIGNED state if
|
|
|
|
* the receiver is unbound. Must be called with the lock held.
|
|
|
|
*/
|
|
|
|
void do_unbind_listener(struct listener *listener)
|
|
|
|
{
|
2021-04-21 05:32:39 +00:00
|
|
|
MT_LIST_DELETE(&listener->wait_queue);
|
2020-10-09 15:18:29 +00:00
|
|
|
|
|
|
|
if (listener->rx.proto->unbind)
|
|
|
|
listener->rx.proto->unbind(listener);
|
2020-10-09 13:47:17 +00:00
|
|
|
|
2020-10-09 14:32:08 +00:00
|
|
|
/* we may have to downgrade the listener if the rx was closed */
|
|
|
|
if (!(listener->rx.flags & RX_F_BOUND) && listener->state > LI_ASSIGNED)
|
2020-10-09 13:47:17 +00:00
|
|
|
listener_set_state(listener, LI_ASSIGNED);
|
2017-11-05 10:38:44 +00:00
|
|
|
}
|
|
|
|
|
2017-04-05 23:05:05 +00:00
|
|
|
/* This function closes the listening socket for the specified listener,
|
|
|
|
* provided that it's already in a listening state. The listener enters the
|
2020-10-09 13:55:23 +00:00
|
|
|
* LI_ASSIGNED state, except if the FD is not closed, in which case it may
|
|
|
|
* remain in LI_LISTEN. This function is intended to be used as a generic
|
2017-11-05 10:38:44 +00:00
|
|
|
* function for standard protocols.
|
2017-04-05 23:05:05 +00:00
|
|
|
*/
|
2017-11-05 10:38:44 +00:00
|
|
|
void unbind_listener(struct listener *listener)
|
2017-04-05 23:05:05 +00:00
|
|
|
{
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
|
2020-10-09 13:55:23 +00:00
|
|
|
do_unbind_listener(listener);
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
|
2017-04-05 23:05:05 +00:00
|
|
|
}
|
|
|
|
|
2017-09-15 06:10:44 +00:00
|
|
|
/* creates one or multiple listeners for bind_conf <bc> on sockaddr <ss> on port
|
|
|
|
* range <portl> to <porth>, and possibly attached to fd <fd> (or -1 for auto
|
2020-09-16 15:58:55 +00:00
|
|
|
* allocation). The address family is taken from ss->ss_family, and the protocol
|
2020-10-15 19:22:29 +00:00
|
|
|
* passed in <proto> must be usable on this family. The protocol's default iocb
|
|
|
|
* is automatically preset as the receivers' iocb. The number of jobs and
|
2020-09-16 15:58:55 +00:00
|
|
|
* listeners is automatically increased by the number of listeners created. It
|
|
|
|
* returns non-zero on success, zero on error with the error message set in <err>.
|
2017-09-15 06:10:44 +00:00
|
|
|
*/
|
|
|
|
int create_listeners(struct bind_conf *bc, const struct sockaddr_storage *ss,
|
2020-09-16 15:58:55 +00:00
|
|
|
int portl, int porth, int fd, struct protocol *proto, char **err)
|
2017-09-15 06:10:44 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
int port;
|
|
|
|
|
|
|
|
for (port = portl; port <= porth; port++) {
|
|
|
|
l = calloc(1, sizeof(*l));
|
|
|
|
if (!l) {
|
|
|
|
memprintf(err, "out of memory");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
l->obj_type = OBJ_TYPE_LISTENER;
|
2021-04-21 05:32:39 +00:00
|
|
|
LIST_APPEND(&bc->frontend->conf.listeners, &l->by_fe);
|
|
|
|
LIST_APPEND(&bc->listeners, &l->by_bind);
|
2017-09-15 06:10:44 +00:00
|
|
|
l->bind_conf = bc;
|
2020-09-03 05:46:06 +00:00
|
|
|
l->rx.settings = &bc->settings;
|
2020-09-03 08:05:03 +00:00
|
|
|
l->rx.owner = l;
|
2020-10-15 19:22:29 +00:00
|
|
|
l->rx.iocb = proto->default_iocb;
|
2020-08-27 06:16:52 +00:00
|
|
|
l->rx.fd = fd;
|
2020-12-04 13:49:11 +00:00
|
|
|
|
2020-08-27 05:48:42 +00:00
|
|
|
memcpy(&l->rx.addr, ss, sizeof(*ss));
|
2020-12-04 14:03:36 +00:00
|
|
|
if (proto->fam->set_port)
|
|
|
|
proto->fam->set_port(&l->rx.addr, port);
|
2020-12-04 13:49:11 +00:00
|
|
|
|
2019-08-08 13:47:21 +00:00
|
|
|
MT_LIST_INIT(&l->wait_queue);
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(l, LI_INIT);
|
2017-09-15 06:10:44 +00:00
|
|
|
|
2020-12-04 14:03:36 +00:00
|
|
|
proto->add(proto, l);
|
2017-09-15 06:10:44 +00:00
|
|
|
|
2020-09-15 11:50:58 +00:00
|
|
|
if (fd != -1)
|
2020-09-01 13:41:59 +00:00
|
|
|
l->rx.flags |= RX_F_INHERITED;
|
2017-11-15 18:02:58 +00:00
|
|
|
|
2020-11-10 13:24:31 +00:00
|
|
|
l->extra_counters = NULL;
|
|
|
|
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_INIT(&l->lock);
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&jobs);
|
|
|
|
_HA_ATOMIC_INC(&listeners);
|
2017-09-15 06:10:44 +00:00
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2021-10-12 07:36:10 +00:00
|
|
|
/* clones listener <src> and returns the new one. All dynamically allocated
|
|
|
|
* fields are reallocated (name for now). The new listener is inserted before
|
|
|
|
* the original one in the bind_conf and frontend lists. This allows it to be
|
|
|
|
* duplicated while iterating over the current list. The original listener must
|
|
|
|
* only be in the INIT or ASSIGNED states, and the new listener will only be
|
|
|
|
* placed into the INIT state. The counters are always set to NULL. Maxsock is
|
|
|
|
* updated. Returns NULL on allocation error.
|
|
|
|
*/
|
|
|
|
struct listener *clone_listener(struct listener *src)
|
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
|
|
|
|
l = calloc(1, sizeof(*l));
|
|
|
|
if (!l)
|
|
|
|
goto oom1;
|
|
|
|
memcpy(l, src, sizeof(*l));
|
|
|
|
|
|
|
|
if (l->name) {
|
|
|
|
l->name = strdup(l->name);
|
|
|
|
if (!l->name)
|
|
|
|
goto oom2;
|
|
|
|
}
|
|
|
|
|
|
|
|
l->rx.owner = l;
|
|
|
|
l->state = LI_INIT;
|
|
|
|
l->counters = NULL;
|
|
|
|
l->extra_counters = NULL;
|
|
|
|
|
|
|
|
LIST_APPEND(&src->by_fe, &l->by_fe);
|
|
|
|
LIST_APPEND(&src->by_bind, &l->by_bind);
|
|
|
|
|
|
|
|
MT_LIST_INIT(&l->wait_queue);
|
|
|
|
|
|
|
|
l->rx.proto->add(l->rx.proto, l);
|
|
|
|
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_INIT(&l->lock);
|
2021-10-12 07:36:10 +00:00
|
|
|
_HA_ATOMIC_INC(&jobs);
|
|
|
|
_HA_ATOMIC_INC(&listeners);
|
|
|
|
global.maxsock++;
|
|
|
|
return l;
|
|
|
|
|
|
|
|
oom2:
|
|
|
|
free(l);
|
|
|
|
oom1:
|
2021-10-16 12:45:29 +00:00
|
|
|
return NULL;
|
2021-10-12 07:36:10 +00:00
|
|
|
}
|
|
|
|
|
2007-10-28 21:26:05 +00:00
|
|
|
/* Delete a listener from its protocol's list of listeners. The listener's
|
|
|
|
* state is automatically updated from LI_ASSIGNED to LI_INIT. The protocol's
|
2017-09-15 06:18:11 +00:00
|
|
|
* number of listeners is updated, as well as the global number of listeners
|
|
|
|
* and jobs. Note that the listener must have previously been unbound. This
|
2020-10-07 13:36:16 +00:00
|
|
|
* is a low-level function expected to be called with the proto_lock and the
|
|
|
|
* listener's lock held.
|
2007-10-28 21:26:05 +00:00
|
|
|
*/
|
2020-10-07 13:36:16 +00:00
|
|
|
void __delete_listener(struct listener *listener)
|
2007-10-28 21:26:05 +00:00
|
|
|
{
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
if (listener->state == LI_ASSIGNED) {
|
2020-09-24 05:23:45 +00:00
|
|
|
listener_set_state(listener, LI_INIT);
|
2021-04-21 05:32:39 +00:00
|
|
|
LIST_DELETE(&listener->rx.proto_list);
|
2020-09-25 15:01:43 +00:00
|
|
|
listener->rx.proto->nb_receivers--;
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&jobs);
|
|
|
|
_HA_ATOMIC_DEC(&listeners);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
}
|
2020-10-07 13:36:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Delete a listener from its protocol's list of listeners (please check
|
|
|
|
* __delete_listener() above). The proto_lock and the listener's lock will
|
|
|
|
* be grabbed in this order.
|
|
|
|
*/
|
|
|
|
void delete_listener(struct listener *listener)
|
|
|
|
{
|
|
|
|
HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
|
2020-10-07 13:36:16 +00:00
|
|
|
__delete_listener(listener);
|
2022-02-01 15:23:00 +00:00
|
|
|
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
|
2019-08-26 08:55:52 +00:00
|
|
|
HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
|
2007-10-28 21:26:05 +00:00
|
|
|
}
|
|
|
|
|
2019-02-27 14:39:41 +00:00
|
|
|
/* Returns a suitable value for a listener's backlog. It uses the listener's,
|
|
|
|
* otherwise the frontend's backlog, otherwise the listener's maxconn,
|
|
|
|
* otherwise the frontend's maxconn, otherwise 1024.
|
|
|
|
*/
|
|
|
|
int listener_backlog(const struct listener *l)
|
|
|
|
{
|
|
|
|
if (l->backlog)
|
|
|
|
return l->backlog;
|
|
|
|
|
|
|
|
if (l->bind_conf->frontend->backlog)
|
|
|
|
return l->bind_conf->frontend->backlog;
|
|
|
|
|
|
|
|
if (l->maxconn)
|
|
|
|
return l->maxconn;
|
|
|
|
|
|
|
|
if (l->bind_conf->frontend->maxconn)
|
|
|
|
return l->bind_conf->frontend->maxconn;
|
|
|
|
|
|
|
|
return 1024;
|
|
|
|
}
|
|
|
|
|
2012-05-07 19:22:09 +00:00
|
|
|
/* This function is called on a read event from a listening socket, corresponding
|
|
|
|
* to an accept. It tries to accept as many connections as possible, and for each
|
|
|
|
* calls the listener's accept handler (generally the frontend's accept handler).
|
|
|
|
*/
|
2020-10-15 19:29:49 +00:00
|
|
|
void listener_accept(struct listener *l)
|
2012-05-07 19:22:09 +00:00
|
|
|
{
|
2020-10-14 15:37:17 +00:00
|
|
|
struct connection *cli_conn;
|
2019-02-25 15:18:16 +00:00
|
|
|
struct proxy *p;
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
unsigned int max_accept;
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
int next_conn = 0;
|
2019-02-27 18:32:32 +00:00
|
|
|
int next_feconn = 0;
|
|
|
|
int next_actconn = 0;
|
2014-05-07 17:47:02 +00:00
|
|
|
int expire;
|
2012-05-07 19:22:09 +00:00
|
|
|
int ret;
|
|
|
|
|
2019-02-25 15:18:16 +00:00
|
|
|
p = l->bind_conf->frontend;
|
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty
visible with one process (nbproc sets to 1). The functions listener_accept() and
accept_queue_process() don't expect to handle negative maxaccept values. So
instead of accepting incoming connections without any limit, none are never
accepted and HAProxy loop infinitly in the scheduler.
When there are 2 or more processes, the bug is a bit more subtile. The limit for
a listener is set to 1. So only one connection is accepted at a time by a given
listener. This happens because the listener's maxaccept value is an unsigned
integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in
an unsigned integer), and then some calculations on it leads to an integer
overflow.
To fix the bug, the listener's maxaccept value is now a signed integer. So, if a
negative value is set for global.tune.maxaccept, we keep it untouched for the
listener and no calculation is made on it. Then, in the listener code, this
signed value is casted to a unsigned one. It simplifies all tests instead of
dealing with negative values. So, it limits the number of connections accepted
at a time to UINT_MAX at most. But, honestly, it not an issue.
This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
|
|
|
|
|
|
|
/* if l->maxaccept is -1, then max_accept is UINT_MAX. It is not really
|
|
|
|
* illimited, but it is probably enough.
|
|
|
|
*/
|
2019-02-25 15:18:16 +00:00
|
|
|
max_accept = l->maxaccept ? l->maxaccept : 1;
|
2017-05-30 13:36:50 +00:00
|
|
|
|
2013-10-07 16:51:07 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED) && global.sps_lim) {
|
|
|
|
int max = freq_ctr_remain(&global.sess_per_sec, global.sps_lim, 0);
|
|
|
|
|
|
|
|
if (unlikely(!max)) {
|
|
|
|
/* frontend accept rate limit was reached */
|
|
|
|
expire = tick_add(now_ms, next_event_delay(&global.sess_per_sec, global.sps_lim, 0));
|
2019-12-10 11:01:21 +00:00
|
|
|
goto limit_global;
|
2013-10-07 16:51:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (max_accept > max)
|
|
|
|
max_accept = max;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(l->options & LI_O_UNLIMITED) && global.cps_lim) {
|
2012-05-07 19:22:09 +00:00
|
|
|
int max = freq_ctr_remain(&global.conn_per_sec, global.cps_lim, 0);
|
|
|
|
|
|
|
|
if (unlikely(!max)) {
|
|
|
|
/* frontend accept rate limit was reached */
|
2013-10-07 16:51:07 +00:00
|
|
|
expire = tick_add(now_ms, next_event_delay(&global.conn_per_sec, global.cps_lim, 0));
|
2019-12-10 11:01:21 +00:00
|
|
|
goto limit_global;
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (max_accept > max)
|
|
|
|
max_accept = max;
|
|
|
|
}
|
2013-10-07 18:01:52 +00:00
|
|
|
#ifdef USE_OPENSSL
|
2022-05-20 13:56:32 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim &&
|
|
|
|
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
|
2013-10-07 18:01:52 +00:00
|
|
|
int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
|
|
|
|
|
|
|
|
if (unlikely(!max)) {
|
|
|
|
/* frontend accept rate limit was reached */
|
|
|
|
expire = tick_add(now_ms, next_event_delay(&global.ssl_per_sec, global.ssl_lim, 0));
|
2019-12-10 11:01:21 +00:00
|
|
|
goto limit_global;
|
2013-10-07 18:01:52 +00:00
|
|
|
}
|
2012-05-07 19:22:09 +00:00
|
|
|
|
2013-10-07 18:01:52 +00:00
|
|
|
if (max_accept > max)
|
|
|
|
max_accept = max;
|
|
|
|
}
|
|
|
|
#endif
|
2012-05-07 19:22:09 +00:00
|
|
|
if (p && p->fe_sps_lim) {
|
|
|
|
int max = freq_ctr_remain(&p->fe_sess_per_sec, p->fe_sps_lim, 0);
|
|
|
|
|
|
|
|
if (unlikely(!max)) {
|
|
|
|
/* frontend accept rate limit was reached */
|
2019-12-10 11:01:21 +00:00
|
|
|
expire = tick_add(now_ms, next_event_delay(&p->fe_sess_per_sec, p->fe_sps_lim, 0));
|
|
|
|
goto limit_proxy;
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (max_accept > max)
|
|
|
|
max_accept = max;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Note: if we fail to allocate a connection because of configured
|
|
|
|
* limits, we'll schedule a new attempt worst 1 second later in the
|
|
|
|
* worst case. If we fail due to system limits or temporary resource
|
|
|
|
* shortage, we try again 100ms later in the worst case.
|
|
|
|
*/
|
2021-01-28 17:07:24 +00:00
|
|
|
for (; max_accept; next_conn = next_feconn = next_actconn = 0, max_accept--) {
|
2017-05-30 13:36:50 +00:00
|
|
|
unsigned int count;
|
2020-10-15 08:09:31 +00:00
|
|
|
int status;
|
2020-10-16 15:43:04 +00:00
|
|
|
__decl_thread(unsigned long mask);
|
2012-05-07 19:22:09 +00:00
|
|
|
|
2019-02-27 18:32:32 +00:00
|
|
|
/* pre-increase the number of connections without going too far.
|
|
|
|
* We process the listener, then the proxy, then the process.
|
|
|
|
* We know which ones to unroll based on the next_xxx value.
|
|
|
|
*/
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
do {
|
|
|
|
count = l->nbconn;
|
2019-11-15 09:20:07 +00:00
|
|
|
if (unlikely(l->maxconn && count >= l->maxconn)) {
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
/* the listener was marked full or another
|
|
|
|
* thread is going to do it.
|
|
|
|
*/
|
|
|
|
next_conn = 0;
|
2019-11-15 09:20:07 +00:00
|
|
|
listener_full(l);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
next_conn = count + 1;
|
2019-03-27 16:08:42 +00:00
|
|
|
} while (!_HA_ATOMIC_CAS(&l->nbconn, (int *)(&count), next_conn));
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
|
2019-02-27 18:32:32 +00:00
|
|
|
if (p) {
|
|
|
|
do {
|
|
|
|
count = p->feconn;
|
2019-11-15 09:20:07 +00:00
|
|
|
if (unlikely(count >= p->maxconn)) {
|
2019-02-27 18:32:32 +00:00
|
|
|
/* the frontend was marked full or another
|
|
|
|
* thread is going to do it.
|
|
|
|
*/
|
|
|
|
next_feconn = 0;
|
2019-12-10 11:01:21 +00:00
|
|
|
expire = TICK_ETERNITY;
|
|
|
|
goto limit_proxy;
|
2019-02-27 18:32:32 +00:00
|
|
|
}
|
|
|
|
next_feconn = count + 1;
|
2019-03-08 17:52:57 +00:00
|
|
|
} while (!_HA_ATOMIC_CAS(&p->feconn, &count, next_feconn));
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
2019-02-27 18:32:32 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED)) {
|
|
|
|
do {
|
|
|
|
count = actconn;
|
2019-11-15 09:20:07 +00:00
|
|
|
if (unlikely(count >= global.maxconn)) {
|
2019-02-27 18:32:32 +00:00
|
|
|
/* the process was marked full or another
|
|
|
|
* thread is going to do it.
|
|
|
|
*/
|
|
|
|
next_actconn = 0;
|
2019-12-10 11:01:21 +00:00
|
|
|
expire = tick_add(now_ms, 1000); /* try again in 1 second */
|
|
|
|
goto limit_global;
|
2019-02-27 18:32:32 +00:00
|
|
|
}
|
|
|
|
next_actconn = count + 1;
|
2019-03-27 16:08:42 +00:00
|
|
|
} while (!_HA_ATOMIC_CAS(&actconn, (int *)(&count), next_actconn));
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
2022-02-01 15:37:00 +00:00
|
|
|
/* be careful below, the listener might be shutting down in
|
|
|
|
* another thread on error and we must not dereference its
|
|
|
|
* FD without a bit of protection.
|
|
|
|
*/
|
|
|
|
cli_conn = NULL;
|
|
|
|
status = CO_AC_PERMERR;
|
|
|
|
|
|
|
|
HA_RWLOCK_RDLOCK(LISTENER_LOCK, &l->lock);
|
|
|
|
if (l->rx.flags & RX_F_BOUND)
|
|
|
|
cli_conn = l->rx.proto->accept_conn(l, &status);
|
|
|
|
HA_RWLOCK_RDUNLOCK(LISTENER_LOCK, &l->lock);
|
|
|
|
|
2020-10-15 08:09:31 +00:00
|
|
|
if (!cli_conn) {
|
|
|
|
switch (status) {
|
|
|
|
case CO_AC_DONE:
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
case CO_AC_RETRY: /* likely a signal */
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&l->nbconn);
|
2019-02-27 18:32:32 +00:00
|
|
|
if (p)
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&p->feconn);
|
2019-02-27 18:32:32 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED))
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&actconn);
|
2014-01-20 20:21:30 +00:00
|
|
|
continue;
|
2020-10-15 08:09:31 +00:00
|
|
|
|
|
|
|
case CO_AC_YIELD:
|
2019-12-10 08:30:05 +00:00
|
|
|
max_accept = 0;
|
|
|
|
goto end;
|
2018-11-27 11:02:39 +00:00
|
|
|
|
2020-10-15 08:09:31 +00:00
|
|
|
default:
|
|
|
|
goto transient_error;
|
2020-10-14 15:37:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
/* The connection was accepted, it must be counted as such */
|
|
|
|
if (l->counters)
|
|
|
|
HA_ATOMIC_UPDATE_MAX(&l->counters->conn_max, next_conn);
|
|
|
|
|
2022-05-09 18:41:54 +00:00
|
|
|
if (p) {
|
2019-02-27 18:32:32 +00:00
|
|
|
HA_ATOMIC_UPDATE_MAX(&p->fe_counters.conn_max, next_feconn);
|
2022-05-09 18:41:54 +00:00
|
|
|
proxy_inc_fe_conn_ctr(l, p);
|
|
|
|
}
|
2019-02-27 18:32:32 +00:00
|
|
|
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED)) {
|
|
|
|
count = update_freq_ctr(&global.conn_per_sec, 1);
|
|
|
|
HA_ATOMIC_UPDATE_MAX(&global.cps_max, count);
|
|
|
|
}
|
|
|
|
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&activity[tid].accepted);
|
2019-04-12 13:27:17 +00:00
|
|
|
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
/* past this point, l->accept() will automatically decrement
|
2019-02-27 18:32:32 +00:00
|
|
|
* l->nbconn, feconn and actconn once done. Setting next_*conn=0
|
|
|
|
* allows the error path not to rollback on nbconn. It's more
|
|
|
|
* convenient than duplicating all exit labels.
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
*/
|
|
|
|
next_conn = 0;
|
2019-02-27 18:32:32 +00:00
|
|
|
next_feconn = 0;
|
|
|
|
next_actconn = 0;
|
2012-05-07 19:22:09 +00:00
|
|
|
|
2020-10-14 15:37:17 +00:00
|
|
|
|
2019-01-27 14:37:19 +00:00
|
|
|
#if defined(USE_THREAD)
|
2022-01-19 10:37:50 +00:00
|
|
|
if (l->rx.flags & RX_F_LOCAL_ACCEPT)
|
|
|
|
goto local_accept;
|
|
|
|
|
2022-06-28 06:30:43 +00:00
|
|
|
mask = l->rx.bind_thread & tg->threads_enabled;
|
2020-03-12 16:33:29 +00:00
|
|
|
if (atleast2(mask) && (global.tune.options & GTUNE_LISTENER_MQ) && !stopping) {
|
2019-01-27 14:37:19 +00:00
|
|
|
struct accept_queue_ring *ring;
|
2019-03-05 07:46:28 +00:00
|
|
|
unsigned int t, t0, t1, t2;
|
2022-06-28 06:30:43 +00:00
|
|
|
int base = tg->base;
|
2019-03-04 18:57:34 +00:00
|
|
|
|
2019-03-05 07:46:28 +00:00
|
|
|
/* The principle is that we have two running indexes,
|
|
|
|
* each visiting in turn all threads bound to this
|
|
|
|
* listener. The connection will be assigned to the one
|
|
|
|
* with the least connections, and the other one will
|
|
|
|
* be updated. This provides a good fairness on short
|
2019-03-04 18:57:34 +00:00
|
|
|
* connections (round robin) and on long ones (conn
|
2019-03-05 07:46:28 +00:00
|
|
|
* count), without ever missing any idle thread.
|
2019-03-04 18:57:34 +00:00
|
|
|
*/
|
2019-03-05 07:46:28 +00:00
|
|
|
|
|
|
|
/* keep a copy for the final update. thr_idx is composite
|
|
|
|
* and made of (t2<<16) + t1.
|
|
|
|
*/
|
2019-03-06 14:26:33 +00:00
|
|
|
t0 = l->thr_idx;
|
2019-03-04 18:57:34 +00:00
|
|
|
do {
|
2019-03-05 07:46:28 +00:00
|
|
|
unsigned long m1, m2;
|
|
|
|
int q1, q2;
|
|
|
|
|
|
|
|
t2 = t1 = t0;
|
|
|
|
t2 >>= 16;
|
|
|
|
t1 &= 0xFFFF;
|
|
|
|
|
|
|
|
/* t1 walks low to high bits ;
|
|
|
|
* t2 walks high to low.
|
|
|
|
*/
|
|
|
|
m1 = mask >> t1;
|
|
|
|
m2 = mask & (t2 ? nbits(t2 + 1) : ~0UL);
|
|
|
|
|
2019-04-16 16:09:13 +00:00
|
|
|
if (unlikely(!(m1 & 1))) {
|
2019-03-05 07:46:28 +00:00
|
|
|
m1 &= ~1UL;
|
|
|
|
if (!m1) {
|
|
|
|
m1 = mask;
|
|
|
|
t1 = 0;
|
|
|
|
}
|
|
|
|
t1 += my_ffsl(m1) - 1;
|
|
|
|
}
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2019-04-16 16:09:13 +00:00
|
|
|
if (unlikely(!(m2 & (1UL << t2)) || t1 == t2)) {
|
|
|
|
/* highest bit not set */
|
|
|
|
if (!m2)
|
|
|
|
m2 = mask;
|
|
|
|
|
|
|
|
t2 = my_flsl(m2) - 1;
|
|
|
|
}
|
|
|
|
|
2019-03-05 07:46:28 +00:00
|
|
|
/* now we have two distinct thread IDs belonging to the mask */
|
2022-06-28 06:30:43 +00:00
|
|
|
q1 = accept_queue_rings[base + t1].tail - accept_queue_rings[base + t1].head + ACCEPT_QUEUE_SIZE;
|
2019-03-05 07:46:28 +00:00
|
|
|
if (q1 >= ACCEPT_QUEUE_SIZE)
|
|
|
|
q1 -= ACCEPT_QUEUE_SIZE;
|
|
|
|
|
2022-06-28 06:30:43 +00:00
|
|
|
q2 = accept_queue_rings[base + t2].tail - accept_queue_rings[base + t2].head + ACCEPT_QUEUE_SIZE;
|
2019-03-05 07:46:28 +00:00
|
|
|
if (q2 >= ACCEPT_QUEUE_SIZE)
|
|
|
|
q2 -= ACCEPT_QUEUE_SIZE;
|
|
|
|
|
|
|
|
/* we have 3 possibilities now :
|
|
|
|
* q1 < q2 : t1 is less loaded than t2, so we pick it
|
|
|
|
* and update t2 (since t1 might still be
|
|
|
|
* lower than another thread)
|
|
|
|
* q1 > q2 : t2 is less loaded than t1, so we pick it
|
|
|
|
* and update t1 (since t2 might still be
|
|
|
|
* lower than another thread)
|
|
|
|
* q1 = q2 : both are equally loaded, thus we pick t1
|
|
|
|
* and update t1 as it will become more loaded
|
|
|
|
* than t2.
|
|
|
|
*/
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2022-06-28 06:30:43 +00:00
|
|
|
q1 += l->thr_conn[base + t1];
|
|
|
|
q2 += l->thr_conn[base + t2];
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2019-03-05 07:46:28 +00:00
|
|
|
if (q1 - q2 < 0) {
|
|
|
|
t = t1;
|
|
|
|
t2 = t2 ? t2 - 1 : LONGBITS - 1;
|
|
|
|
}
|
|
|
|
else if (q1 - q2 > 0) {
|
|
|
|
t = t2;
|
|
|
|
t1++;
|
|
|
|
if (t1 >= LONGBITS)
|
|
|
|
t1 = 0;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
t = t1;
|
|
|
|
t1++;
|
|
|
|
if (t1 >= LONGBITS)
|
|
|
|
t1 = 0;
|
|
|
|
}
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2019-03-05 07:46:28 +00:00
|
|
|
/* new value for thr_idx */
|
|
|
|
t1 += (t2 << 16);
|
2019-03-08 17:52:57 +00:00
|
|
|
} while (unlikely(!_HA_ATOMIC_CAS(&l->thr_idx, &t0, t1)));
|
2019-01-27 14:37:19 +00:00
|
|
|
|
2019-03-05 07:46:28 +00:00
|
|
|
/* We successfully selected the best thread "t" for this
|
|
|
|
* connection. We use deferred accepts even if it's the
|
|
|
|
* local thread because tests show that it's the best
|
|
|
|
* performing model, likely due to better cache locality
|
|
|
|
* when processing this loop.
|
2019-01-27 14:37:19 +00:00
|
|
|
*/
|
2022-06-28 06:30:43 +00:00
|
|
|
ring = &accept_queue_rings[base + t];
|
2020-10-14 15:37:17 +00:00
|
|
|
if (accept_queue_push_mp(ring, cli_conn)) {
|
2022-06-28 06:30:43 +00:00
|
|
|
_HA_ATOMIC_INC(&activity[base + t].accq_pushed);
|
2019-09-24 04:55:18 +00:00
|
|
|
tasklet_wakeup(ring->tasklet);
|
2019-01-27 14:37:19 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
/* If the ring is full we do a synchronous accept on
|
|
|
|
* the local thread here.
|
|
|
|
*/
|
2022-06-28 06:30:43 +00:00
|
|
|
_HA_ATOMIC_INC(&activity[base + t].accq_full);
|
2019-01-27 14:37:19 +00:00
|
|
|
}
|
|
|
|
#endif // USE_THREAD
|
|
|
|
|
2022-01-19 10:37:50 +00:00
|
|
|
local_accept:
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_INC(&l->thr_conn[tid]);
|
2020-10-14 15:37:17 +00:00
|
|
|
ret = l->accept(cli_conn);
|
2012-05-07 19:22:09 +00:00
|
|
|
if (unlikely(ret <= 0)) {
|
REORG/MAJOR: session: rename the "session" entity to "stream"
With HTTP/2, we'll have to support multiplexed streams. A stream is in
fact the largest part of what we currently call a session, it has buffers,
logs, etc.
In order to catch any error, this commit removes any reference to the
struct session and tries to rename most "session" occurrences in function
names to "stream" and "sess" to "strm" when that's related to a session.
The files stream.{c,h} were added and session.{c,h} removed.
The session will be reintroduced later and a few parts of the stream
will progressively be moved overthere. It will more or less contain
only what we need in an embryonic session.
Sample fetch functions and converters will have to change a bit so
that they'll use an L5 (session) instead of what's currently called
"L4" which is in fact L6 for now.
Once all changes are completed, we should see approximately this :
L7 - http_txn
L6 - stream
L5 - session
L4 - connection | applet
There will be at most one http_txn per stream, and a same session will
possibly be referenced by multiple streams. A connection will point to
a session and to a stream. The session will hold all the information
we need to keep even when we don't yet have a stream.
Some more cleanup is needed because some code was already far from
being clean. The server queue management still refers to sessions at
many places while comments talk about connections. This will have to
be cleaned up once we have a server-side connection pool manager.
Stream flags "SN_*" still need to be renamed, it doesn't seem like
any of them will need to move to the session.
2015-04-02 22:22:06 +00:00
|
|
|
/* The connection was closed by stream_accept(). Either
|
2012-05-07 19:22:09 +00:00
|
|
|
* we just have to ignore it (ret == 0) or it's a critical
|
|
|
|
* error due to a resource shortage, and we must stop the
|
|
|
|
* listener (ret < 0).
|
|
|
|
*/
|
|
|
|
if (ret == 0) /* successful termination */
|
|
|
|
continue;
|
|
|
|
|
2014-05-07 17:47:02 +00:00
|
|
|
goto transient_error;
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
/* increase the per-process number of cumulated sessions, this
|
|
|
|
* may only be done once l->accept() has accepted the connection.
|
|
|
|
*/
|
2013-10-07 16:51:07 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED)) {
|
2017-05-30 13:36:50 +00:00
|
|
|
count = update_freq_ctr(&global.sess_per_sec, 1);
|
|
|
|
HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
|
2013-10-07 16:51:07 +00:00
|
|
|
}
|
2013-10-07 18:01:52 +00:00
|
|
|
#ifdef USE_OPENSSL
|
2022-05-20 13:56:32 +00:00
|
|
|
if (!(l->options & LI_O_UNLIMITED) &&
|
|
|
|
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
|
2017-05-30 13:36:50 +00:00
|
|
|
count = update_freq_ctr(&global.ssl_per_sec, 1);
|
|
|
|
HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
|
2013-10-07 18:01:52 +00:00
|
|
|
}
|
|
|
|
#endif
|
2013-10-07 16:51:07 +00:00
|
|
|
|
2022-06-22 07:19:46 +00:00
|
|
|
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_STUCK); // this thread is still running
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
} /* end of for (max_accept--) */
|
2012-05-07 19:22:09 +00:00
|
|
|
|
2017-05-30 13:36:50 +00:00
|
|
|
end:
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
if (next_conn)
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&l->nbconn);
|
2019-02-25 14:02:04 +00:00
|
|
|
|
2019-02-27 18:32:32 +00:00
|
|
|
if (p && next_feconn)
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&p->feconn);
|
2019-02-27 18:32:32 +00:00
|
|
|
|
|
|
|
if (next_actconn)
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&actconn);
|
2019-02-27 18:32:32 +00:00
|
|
|
|
2019-02-27 15:49:00 +00:00
|
|
|
if ((l->state == LI_FULL && (!l->maxconn || l->nbconn < l->maxconn)) ||
|
2021-01-28 17:07:24 +00:00
|
|
|
(l->state == LI_LIMITED &&
|
2019-12-11 14:06:30 +00:00
|
|
|
((!p || p->feconn < p->maxconn) && (actconn < global.maxconn) &&
|
|
|
|
(!tick_isset(global_listener_queue_task->expire) ||
|
|
|
|
tick_is_expired(global_listener_queue_task->expire, now_ms))))) {
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
/* at least one thread has to this when quitting */
|
2022-09-09 13:32:57 +00:00
|
|
|
resume_listener(l, 0);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
|
2021-01-28 17:07:24 +00:00
|
|
|
/* Dequeues all of the listeners waiting for a resource */
|
2019-12-10 13:10:52 +00:00
|
|
|
dequeue_all_listeners();
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
|
2019-08-08 13:47:21 +00:00
|
|
|
if (p && !MT_LIST_ISEMPTY(&p->listener_queue) &&
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
(!p->fe_sps_lim || freq_ctr_remain(&p->fe_sess_per_sec, p->fe_sps_lim, 0) > 0))
|
2019-12-10 13:10:52 +00:00
|
|
|
dequeue_proxy_listeners(p);
|
MAJOR: listener: do not hold the listener lock in listener_accept()
This function used to hold the listener's lock as a way to stay safe
against concurrent manipulations, but it turns out this is wrong. First,
the lock is held during l->accept(), which itself might indirectly call
listener_release(), which, if the listener is marked full, could result
in __resume_listener() to be called and the lock being taken twice. In
practice it doesn't happen right now because the listener's FULL state
cannot change while we're doing this.
Second, all the code does is now protected against concurrent accesses.
It used not to be the case in the early days of threads : the frequency
counters are thread-safe. The rate limiting doesn't require extreme
precision. Only the nbconn check is not thread safe.
Third, the parts called here will have to be called from different
threads without holding this lock, and this becomes a bigger issue
if we need to keep this one.
This patch does 3 things which need to be addressed at once :
1) it moves the lock to the only 2 functions that were not protected
since called form listener_accept() :
- limit_listener()
- listener_full()
2) it makes sure delete_listener() properly checks its state within
the lock.
3) it updates the l->nbconn tracking to make sure that it is always
properly reported and accounted for. There is a point of particular
care around the situation where the listener's maxconn is reached
because the listener has to be marked full before accepting the
connection, then resumed if the connection finally gets dropped.
It is not possible to perform this change without removing the
lock due to the deadlock issue explained above.
This patch almost doubles the accept rate in multi-thread on a shared
port between 8 threads, and multiplies by 4 the connection rate on a
tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
|
|
|
}
|
2019-12-10 11:01:21 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
transient_error:
|
|
|
|
/* pause the listener for up to 100 ms */
|
|
|
|
expire = tick_add(now_ms, 100);
|
|
|
|
|
2020-10-13 15:46:05 +00:00
|
|
|
/* This may be a shared socket that was paused by another process.
|
|
|
|
* Let's put it to pause in this case.
|
|
|
|
*/
|
|
|
|
if (l->rx.proto && l->rx.proto->rx_listening(&l->rx) == 0) {
|
2022-09-09 13:32:57 +00:00
|
|
|
pause_listener(l, 0);
|
2020-10-13 15:46:05 +00:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2019-12-10 11:01:21 +00:00
|
|
|
limit_global:
|
|
|
|
/* (re-)queue the listener to the global queue and set it to expire no
|
|
|
|
* later than <expire> ahead. The listener turns to LI_LIMITED.
|
|
|
|
*/
|
|
|
|
limit_listener(l, &global_listener_queue);
|
|
|
|
task_schedule(global_listener_queue_task, expire);
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
limit_proxy:
|
|
|
|
/* (re-)queue the listener to the proxy's queue and set it to expire no
|
|
|
|
* later than <expire> ahead. The listener turns to LI_LIMITED.
|
|
|
|
*/
|
|
|
|
limit_listener(l, &p->listener_queue);
|
BUG/MAJOR: listener: do not schedule a task-less proxy
Apparently seamingless commit 0591bf7deb ("MINOR: listener: make the
wait paths cleaner and more reliable") caused a nasty regression and
revealed a rare race that hits regtest stickiness/lb-services.vtc
about 4% of the times for 8 threads.
The problem is that when a multi-threaded listener wakes up on an
incoming connection, several threads can receive the event, especially
when idle. And all of them will race to accept the connections in
parallel, adjusting the listener's nbconn and proxy's feconn until
one reaches the proxy's limit and declines. At this step the changes
are cancelled, the listener is marked "limited", and when the threads
exit the function, one of them will unlimit the listener/proxy again
so that it can accept incoming connections again.
The problem happens when many threads connect to a small peers section
because its maxconn is very limited (typically 6 for 2 peers), and it's
sometimes possible for enough competing threads to hit the limit and
one of them will limit the listener and queue the proxy's task... except
that peers do not initialize their proxy task since they do not use rate
limiting. Thus the process crashes when doing task_schedule(p->task).
Prior to the cleanup patch above, this didn't happen because the error
path that was dedicated to only limiting the listener did not call
task_schedule(p->task).
Given that the proxy's task is optional, and that the expire value
passed there is always TICK_ETERNITY, it's sufficient and reasonable to
avoid calling this task_schedule() when expire is not set. And for long
term safety we can also avoid to do it when the task is not set. A first
fix consisted in allocating a task for the peers proxies but it's never
used and would eat resources for reason.
No backport is needed as this commit was only merged into 2.2.
2020-01-08 18:15:07 +00:00
|
|
|
if (p->task && tick_isset(expire))
|
|
|
|
task_schedule(p->task, expire);
|
2019-12-10 11:01:21 +00:00
|
|
|
goto end;
|
2012-05-07 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
2017-09-15 07:19:58 +00:00
|
|
|
/* Notify the listener that a connection initiated from it was released. This
|
|
|
|
* is used to keep the connection count consistent and to possibly re-open
|
|
|
|
* listening when it was limited.
|
|
|
|
*/
|
|
|
|
void listener_release(struct listener *l)
|
|
|
|
{
|
|
|
|
struct proxy *fe = l->bind_conf->frontend;
|
|
|
|
|
|
|
|
if (!(l->options & LI_O_UNLIMITED))
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&actconn);
|
2019-02-27 18:32:32 +00:00
|
|
|
if (fe)
|
2021-04-06 11:53:36 +00:00
|
|
|
_HA_ATOMIC_DEC(&fe->feconn);
|
|
|
|
_HA_ATOMIC_DEC(&l->nbconn);
|
|
|
|
_HA_ATOMIC_DEC(&l->thr_conn[tid]);
|
2019-02-27 18:32:32 +00:00
|
|
|
|
|
|
|
if (l->state == LI_FULL || l->state == LI_LIMITED)
|
2022-09-09 13:32:57 +00:00
|
|
|
resume_listener(l, 0);
|
2017-09-15 07:19:58 +00:00
|
|
|
|
2021-01-28 17:07:24 +00:00
|
|
|
/* Dequeues all of the listeners waiting for a resource */
|
|
|
|
dequeue_all_listeners();
|
|
|
|
|
2019-08-08 13:47:21 +00:00
|
|
|
if (!MT_LIST_ISEMPTY(&fe->listener_queue) &&
|
2017-09-15 07:19:58 +00:00
|
|
|
(!fe->fe_sps_lim || freq_ctr_remain(&fe->fe_sess_per_sec, fe->fe_sps_lim, 0) > 0))
|
2019-12-10 13:10:52 +00:00
|
|
|
dequeue_proxy_listeners(fe);
|
2017-09-15 07:19:58 +00:00
|
|
|
}
|
|
|
|
|
BUG/MAJOR: listener: fix thread safety in resume_listener()
resume_listener() can be called from a thread not part of the listener's
mask after a curr_conn has gone lower than a proxy's or the process' limit.
This results in fd_may_recv() being called unlocked if the listener is
bound to only one thread, and quickly locks up.
This patch solves this by creating a per-thread work_list dedicated to
listeners, and modifying resume_listener() so that it bounces the listener
to one of its owning thread's work_list and waking it up. This thread will
then call resume_listener() again and will perform the operation on the
file descriptor itself. It is important to do it this way so that the
listener's state cannot be modified while the listener is being moved,
otherwise multiple threads can take conflicting decisions and the listener
could be put back into the global queue if the listener was used at the
same time.
It seems like a slightly simpler approach would be possible if the locked
list API would provide the ability to return a locked element. In this
case the listener would be immediately requeued in dequeue_all_listeners()
without having to go through resume_listener() with its associated lock.
This fix must be backported to all versions having the lock-less accept
loop, which is as far as 1.8 since deadlock fixes involving this feature
had to be backported there. It is expected that the code should not differ
too much there. However, previous commit "MINOR: task: introduce work lists"
will be needed as well and should not present difficulties either. For 1.8,
the commits introducing thread_mask() and LIST_ADDED() will be needed as
well, either backporting my_flsl() or switching to my_ffsl() will be OK,
and some changes will have to be performed so that the init function is
properly called (and maybe the deinit one can be dropped).
In order to test for the fix, simply set up a multi-threaded frontend with
multiple bind lines each attached to a single thread (reproduced with 16
threads here), set up a very low maxconn value on the frontend, and inject
heavy traffic on all listeners in parallel with slightly more connections
than the configured limit ( typically +20%) so that it flips very
frequently. If the bug is still there, at some point (5-20 seconds) the
traffic will go much lower or even stop, either with spinning threads or
not.
2019-07-11 08:08:31 +00:00
|
|
|
/* Initializes the listener queues. Returns 0 on success, otherwise ERR_* flags */
|
|
|
|
static int listener_queue_init()
|
|
|
|
{
|
2021-10-01 16:23:30 +00:00
|
|
|
global_listener_queue_task = task_new_anywhere();
|
2019-12-10 10:18:41 +00:00
|
|
|
if (!global_listener_queue_task) {
|
|
|
|
ha_alert("Out of memory when initializing global listener queue\n");
|
|
|
|
return ERR_FATAL|ERR_ABORT;
|
|
|
|
}
|
|
|
|
/* very simple initialization, users will queue the task if needed */
|
|
|
|
global_listener_queue_task->context = NULL; /* not even a context! */
|
|
|
|
global_listener_queue_task->process = manage_global_listener_queue;
|
|
|
|
|
BUG/MAJOR: listener: fix thread safety in resume_listener()
resume_listener() can be called from a thread not part of the listener's
mask after a curr_conn has gone lower than a proxy's or the process' limit.
This results in fd_may_recv() being called unlocked if the listener is
bound to only one thread, and quickly locks up.
This patch solves this by creating a per-thread work_list dedicated to
listeners, and modifying resume_listener() so that it bounces the listener
to one of its owning thread's work_list and waking it up. This thread will
then call resume_listener() again and will perform the operation on the
file descriptor itself. It is important to do it this way so that the
listener's state cannot be modified while the listener is being moved,
otherwise multiple threads can take conflicting decisions and the listener
could be put back into the global queue if the listener was used at the
same time.
It seems like a slightly simpler approach would be possible if the locked
list API would provide the ability to return a locked element. In this
case the listener would be immediately requeued in dequeue_all_listeners()
without having to go through resume_listener() with its associated lock.
This fix must be backported to all versions having the lock-less accept
loop, which is as far as 1.8 since deadlock fixes involving this feature
had to be backported there. It is expected that the code should not differ
too much there. However, previous commit "MINOR: task: introduce work lists"
will be needed as well and should not present difficulties either. For 1.8,
the commits introducing thread_mask() and LIST_ADDED() will be needed as
well, either backporting my_flsl() or switching to my_ffsl() will be OK,
and some changes will have to be performed so that the init function is
properly called (and maybe the deinit one can be dropped).
In order to test for the fix, simply set up a multi-threaded frontend with
multiple bind lines each attached to a single thread (reproduced with 16
threads here), set up a very low maxconn value on the frontend, and inject
heavy traffic on all listeners in parallel with slightly more connections
than the configured limit ( typically +20%) so that it flips very
frequently. If the bug is still there, at some point (5-20 seconds) the
traffic will go much lower or even stop, either with spinning threads or
not.
2019-07-11 08:08:31 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void listener_queue_deinit()
|
|
|
|
{
|
2019-12-10 10:18:41 +00:00
|
|
|
task_destroy(global_listener_queue_task);
|
|
|
|
global_listener_queue_task = NULL;
|
BUG/MAJOR: listener: fix thread safety in resume_listener()
resume_listener() can be called from a thread not part of the listener's
mask after a curr_conn has gone lower than a proxy's or the process' limit.
This results in fd_may_recv() being called unlocked if the listener is
bound to only one thread, and quickly locks up.
This patch solves this by creating a per-thread work_list dedicated to
listeners, and modifying resume_listener() so that it bounces the listener
to one of its owning thread's work_list and waking it up. This thread will
then call resume_listener() again and will perform the operation on the
file descriptor itself. It is important to do it this way so that the
listener's state cannot be modified while the listener is being moved,
otherwise multiple threads can take conflicting decisions and the listener
could be put back into the global queue if the listener was used at the
same time.
It seems like a slightly simpler approach would be possible if the locked
list API would provide the ability to return a locked element. In this
case the listener would be immediately requeued in dequeue_all_listeners()
without having to go through resume_listener() with its associated lock.
This fix must be backported to all versions having the lock-less accept
loop, which is as far as 1.8 since deadlock fixes involving this feature
had to be backported there. It is expected that the code should not differ
too much there. However, previous commit "MINOR: task: introduce work lists"
will be needed as well and should not present difficulties either. For 1.8,
the commits introducing thread_mask() and LIST_ADDED() will be needed as
well, either backporting my_flsl() or switching to my_ffsl() will be OK,
and some changes will have to be performed so that the init function is
properly called (and maybe the deinit one can be dropped).
In order to test for the fix, simply set up a multi-threaded frontend with
multiple bind lines each attached to a single thread (reproduced with 16
threads here), set up a very low maxconn value on the frontend, and inject
heavy traffic on all listeners in parallel with slightly more connections
than the configured limit ( typically +20%) so that it flips very
frequently. If the bug is still there, at some point (5-20 seconds) the
traffic will go much lower or even stop, either with spinning threads or
not.
2019-07-11 08:08:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
REGISTER_CONFIG_POSTPARSER("multi-threaded listener queue", listener_queue_init);
|
|
|
|
REGISTER_POST_DEINIT(listener_queue_deinit);
|
|
|
|
|
2019-12-10 10:18:41 +00:00
|
|
|
|
|
|
|
/* This is the global management task for listeners. It enables listeners waiting
|
|
|
|
* for global resources when there are enough free resource, or at least once in
|
2021-01-29 13:29:06 +00:00
|
|
|
* a while. It is designed to be called as a task. It's exported so that it's easy
|
|
|
|
* to spot in "show tasks" or "show profiling".
|
2019-12-10 10:18:41 +00:00
|
|
|
*/
|
2021-03-02 15:09:26 +00:00
|
|
|
struct task *manage_global_listener_queue(struct task *t, void *context, unsigned int state)
|
2019-12-10 10:18:41 +00:00
|
|
|
{
|
|
|
|
/* If there are still too many concurrent connections, let's wait for
|
|
|
|
* some of them to go away. We don't need to re-arm the timer because
|
|
|
|
* each of them will scan the queue anyway.
|
|
|
|
*/
|
|
|
|
if (unlikely(actconn >= global.maxconn))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* We should periodically try to enable listeners waiting for a global
|
|
|
|
* resource here, because it is possible, though very unlikely, that
|
|
|
|
* they have been blocked by a temporary lack of global resource such
|
|
|
|
* as a file descriptor or memory and that the temporary condition has
|
|
|
|
* disappeared.
|
|
|
|
*/
|
|
|
|
dequeue_all_listeners();
|
|
|
|
|
|
|
|
out:
|
|
|
|
t->expire = TICK_ETERNITY;
|
|
|
|
task_queue(t);
|
|
|
|
return t;
|
|
|
|
}
|
|
|
|
|
2012-09-12 21:17:10 +00:00
|
|
|
/*
|
|
|
|
* Registers the bind keyword list <kwl> as a list of valid keywords for next
|
|
|
|
* parsing sessions.
|
|
|
|
*/
|
|
|
|
void bind_register_keywords(struct bind_kw_list *kwl)
|
|
|
|
{
|
2021-04-21 05:32:39 +00:00
|
|
|
LIST_APPEND(&bind_keywords.list, &kwl->list);
|
2012-09-12 21:17:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Return a pointer to the bind keyword <kw>, or NULL if not found. If the
|
|
|
|
* keyword is found with a NULL ->parse() function, then an attempt is made to
|
|
|
|
* find one with a valid ->parse() function. This way it is possible to declare
|
|
|
|
* platform-dependant, known keywords as NULL, then only declare them as valid
|
|
|
|
* if some options are met. Note that if the requested keyword contains an
|
|
|
|
* opening parenthesis, everything from this point is ignored.
|
|
|
|
*/
|
|
|
|
struct bind_kw *bind_find_kw(const char *kw)
|
|
|
|
{
|
|
|
|
int index;
|
|
|
|
const char *kwend;
|
|
|
|
struct bind_kw_list *kwl;
|
|
|
|
struct bind_kw *ret = NULL;
|
|
|
|
|
|
|
|
kwend = strchr(kw, '(');
|
|
|
|
if (!kwend)
|
|
|
|
kwend = kw + strlen(kw);
|
|
|
|
|
|
|
|
list_for_each_entry(kwl, &bind_keywords.list, list) {
|
|
|
|
for (index = 0; kwl->kw[index].kw != NULL; index++) {
|
|
|
|
if ((strncmp(kwl->kw[index].kw, kw, kwend - kw) == 0) &&
|
|
|
|
kwl->kw[index].kw[kwend-kw] == 0) {
|
|
|
|
if (kwl->kw[index].parse)
|
|
|
|
return &kwl->kw[index]; /* found it !*/
|
|
|
|
else
|
|
|
|
ret = &kwl->kw[index]; /* may be OK */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-09-18 16:01:17 +00:00
|
|
|
/* Dumps all registered "bind" keywords to the <out> string pointer. The
|
|
|
|
* unsupported keywords are only dumped if their supported form was not
|
|
|
|
* found.
|
|
|
|
*/
|
|
|
|
void bind_dump_kws(char **out)
|
|
|
|
{
|
|
|
|
struct bind_kw_list *kwl;
|
|
|
|
int index;
|
|
|
|
|
2020-05-18 10:14:18 +00:00
|
|
|
if (!out)
|
|
|
|
return;
|
|
|
|
|
2012-09-18 16:01:17 +00:00
|
|
|
*out = NULL;
|
|
|
|
list_for_each_entry(kwl, &bind_keywords.list, list) {
|
|
|
|
for (index = 0; kwl->kw[index].kw != NULL; index++) {
|
|
|
|
if (kwl->kw[index].parse ||
|
|
|
|
bind_find_kw(kwl->kw[index].kw) == &kwl->kw[index]) {
|
2012-09-18 16:24:39 +00:00
|
|
|
memprintf(out, "%s[%4s] %s%s%s\n", *out ? *out : "",
|
|
|
|
kwl->scope,
|
2012-09-18 16:01:17 +00:00
|
|
|
kwl->kw[index].kw,
|
2012-09-18 16:24:39 +00:00
|
|
|
kwl->kw[index].skip ? " <arg>" : "",
|
|
|
|
kwl->kw[index].parse ? "" : " (not supported)");
|
2012-09-18 16:01:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-12 09:14:07 +00:00
|
|
|
/* Try to find in srv_keyword the word that looks closest to <word> by counting
|
|
|
|
* transitions between letters, digits and other characters. Will return the
|
|
|
|
* best matching word if found, otherwise NULL.
|
|
|
|
*/
|
|
|
|
const char *bind_find_best_kw(const char *word)
|
|
|
|
{
|
|
|
|
uint8_t word_sig[1024];
|
|
|
|
uint8_t list_sig[1024];
|
|
|
|
const struct bind_kw_list *kwl;
|
|
|
|
const char *best_ptr = NULL;
|
|
|
|
int dist, best_dist = INT_MAX;
|
|
|
|
int index;
|
|
|
|
|
|
|
|
make_word_fingerprint(word_sig, word);
|
|
|
|
list_for_each_entry(kwl, &bind_keywords.list, list) {
|
|
|
|
for (index = 0; kwl->kw[index].kw != NULL; index++) {
|
|
|
|
make_word_fingerprint(list_sig, kwl->kw[index].kw);
|
|
|
|
dist = word_fingerprint_distance(word_sig, list_sig);
|
|
|
|
if (dist < best_dist) {
|
|
|
|
best_dist = dist;
|
|
|
|
best_ptr = kwl->kw[index].kw;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (best_dist > 2 * strlen(word) || (best_ptr && best_dist > 2 * strlen(best_ptr)))
|
|
|
|
best_ptr = NULL;
|
|
|
|
|
|
|
|
return best_ptr;
|
|
|
|
}
|
|
|
|
|
2021-10-06 07:05:08 +00:00
|
|
|
/* allocate an bind_conf struct for a bind line, and chain it to the frontend <fe>.
|
|
|
|
* If <arg> is not NULL, it is duplicated into ->arg to store useful config
|
|
|
|
* information for error reporting. NULL is returned on error.
|
|
|
|
*/
|
|
|
|
struct bind_conf *bind_conf_alloc(struct proxy *fe, const char *file,
|
|
|
|
int line, const char *arg, struct xprt_ops *xprt)
|
|
|
|
{
|
|
|
|
struct bind_conf *bind_conf = calloc(1, sizeof(*bind_conf));
|
|
|
|
|
|
|
|
if (!bind_conf)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
bind_conf->file = strdup(file);
|
|
|
|
if (!bind_conf->file)
|
|
|
|
goto err;
|
|
|
|
bind_conf->line = line;
|
|
|
|
if (arg) {
|
|
|
|
bind_conf->arg = strdup(arg);
|
|
|
|
if (!bind_conf->arg)
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
LIST_APPEND(&fe->conf.bind, &bind_conf->by_fe);
|
|
|
|
bind_conf->settings.ux.uid = -1;
|
|
|
|
bind_conf->settings.ux.gid = -1;
|
|
|
|
bind_conf->settings.ux.mode = 0;
|
2021-10-12 13:23:03 +00:00
|
|
|
bind_conf->settings.shards = 1;
|
2021-10-06 07:05:08 +00:00
|
|
|
bind_conf->xprt = xprt;
|
|
|
|
bind_conf->frontend = fe;
|
|
|
|
bind_conf->severity_output = CLI_SEVERITY_NONE;
|
|
|
|
#ifdef USE_OPENSSL
|
|
|
|
HA_RWLOCK_INIT(&bind_conf->sni_lock);
|
|
|
|
bind_conf->sni_ctx = EB_ROOT;
|
|
|
|
bind_conf->sni_w_ctx = EB_ROOT;
|
|
|
|
#endif
|
|
|
|
LIST_INIT(&bind_conf->listeners);
|
|
|
|
return bind_conf;
|
|
|
|
|
|
|
|
err:
|
|
|
|
if (bind_conf) {
|
|
|
|
ha_free(&bind_conf->file);
|
|
|
|
ha_free(&bind_conf->arg);
|
|
|
|
}
|
|
|
|
ha_free(&bind_conf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *listener_state_str(const struct listener *l)
|
|
|
|
{
|
|
|
|
static const char *states[8] = {
|
|
|
|
"NEW", "INI", "ASS", "PAU", "LIS", "RDY", "FUL", "LIM",
|
|
|
|
};
|
|
|
|
unsigned int st = l->state;
|
|
|
|
|
|
|
|
if (st >= sizeof(states) / sizeof(*states))
|
|
|
|
return "INVALID";
|
|
|
|
return states[st];
|
|
|
|
}
|
|
|
|
|
2010-05-24 18:55:15 +00:00
|
|
|
/************************************************************************/
|
2013-01-07 21:54:17 +00:00
|
|
|
/* All supported sample and ACL keywords must be declared here. */
|
2010-05-24 18:55:15 +00:00
|
|
|
/************************************************************************/
|
|
|
|
|
2011-12-16 16:06:15 +00:00
|
|
|
/* set temp integer to the number of connexions to the same listening socket */
|
2010-05-24 18:55:15 +00:00
|
|
|
static int
|
2015-05-11 13:42:45 +00:00
|
|
|
smp_fetch_dconn(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
2010-05-24 18:55:15 +00:00
|
|
|
{
|
2015-08-19 07:00:18 +00:00
|
|
|
smp->data.type = SMP_T_SINT;
|
2015-08-19 07:07:19 +00:00
|
|
|
smp->data.u.sint = smp->sess->listener->nbconn;
|
2010-05-24 18:55:15 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2011-12-16 16:06:15 +00:00
|
|
|
/* set temp integer to the id of the socket (listener) */
|
2010-05-24 18:55:15 +00:00
|
|
|
static int
|
2015-05-11 13:42:45 +00:00
|
|
|
smp_fetch_so_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
2012-04-23 14:16:37 +00:00
|
|
|
{
|
2015-08-19 07:00:18 +00:00
|
|
|
smp->data.type = SMP_T_SINT;
|
2015-08-19 07:07:19 +00:00
|
|
|
smp->data.u.sint = smp->sess->listener->luid;
|
2010-05-24 18:55:15 +00:00
|
|
|
return 1;
|
|
|
|
}
|
2020-03-27 21:08:40 +00:00
|
|
|
static int
|
|
|
|
smp_fetch_so_name(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
|
|
|
{
|
|
|
|
smp->data.u.str.area = smp->sess->listener->name;
|
|
|
|
if (!smp->data.u.str.area)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
smp->data.type = SMP_T_STR;
|
|
|
|
smp->flags = SMP_F_CONST;
|
|
|
|
smp->data.u.str.data = strlen(smp->data.u.str.area);
|
|
|
|
return 1;
|
|
|
|
}
|
2010-05-24 18:55:15 +00:00
|
|
|
|
2012-09-18 15:17:28 +00:00
|
|
|
/* parse the "accept-proxy" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_accept_proxy(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind)
|
2012-09-18 15:17:28 +00:00
|
|
|
l->options |= LI_O_ACC_PROXY;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-06-04 14:11:10 +00:00
|
|
|
/* parse the "accept-netscaler-cip" bind keyword */
|
|
|
|
static int bind_parse_accept_netscaler_cip(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
uint32_t val;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
val = atol(args[cur_arg + 1]);
|
|
|
|
if (val <= 0) {
|
2019-02-27 14:39:41 +00:00
|
|
|
memprintf(err, "'%s' : invalid value %d, must be >= 0", args[cur_arg], val);
|
2016-06-04 14:11:10 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind) {
|
|
|
|
l->options |= LI_O_ACC_CIP;
|
|
|
|
conf->ns_cip_magic = val;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-09-18 15:17:28 +00:00
|
|
|
/* parse the "backlog" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_backlog(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
int val;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
val = atol(args[cur_arg + 1]);
|
2019-02-27 14:39:41 +00:00
|
|
|
if (val < 0) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : invalid value %d, must be > 0", args[cur_arg], val);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind)
|
2012-09-18 15:17:28 +00:00
|
|
|
l->backlog = val;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* parse the "id" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_id(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct eb32_node *node;
|
2012-09-20 14:48:07 +00:00
|
|
|
struct listener *l, *new;
|
2016-02-26 07:45:58 +00:00
|
|
|
char *error;
|
2012-09-18 15:17:28 +00:00
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
if (conf->listeners.n != conf->listeners.p) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' can only be used with a single socket", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : expects an integer argument", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
new = LIST_NEXT(&conf->listeners, struct listener *, by_bind);
|
2016-02-26 07:45:58 +00:00
|
|
|
new->luid = strtol(args[cur_arg + 1], &error, 10);
|
|
|
|
if (*error != '\0') {
|
|
|
|
memprintf(err, "'%s' : expects an integer argument, found '%s'", args[cur_arg], args[cur_arg + 1]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
2012-09-20 14:48:07 +00:00
|
|
|
new->conf.id.key = new->luid;
|
2012-09-18 15:17:28 +00:00
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
if (new->luid <= 0) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : custom id has to be > 0", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
node = eb32_lookup(&px->conf.used_listener_id, new->luid);
|
2012-09-18 15:17:28 +00:00
|
|
|
if (node) {
|
|
|
|
l = container_of(node, struct listener, conf.id);
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : custom id %d already used at %s:%d ('bind %s')",
|
|
|
|
args[cur_arg], l->luid, l->bind_conf->file, l->bind_conf->line,
|
|
|
|
l->bind_conf->arg);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
eb32_insert(&px->conf.used_listener_id, &new->conf.id);
|
2012-09-18 15:17:28 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2022-05-20 13:41:45 +00:00
|
|
|
/* Complete a bind_conf by parsing the args after the address. <args> is the
|
|
|
|
* arguments array, <cur_arg> is the first one to be considered. <section> is
|
|
|
|
* the section name to report in error messages, and <file> and <linenum> are
|
|
|
|
* the file name and line number respectively. Note that args[0..1] are used
|
|
|
|
* in error messages to provide some context. The return value is an error
|
|
|
|
* code, zero on success or an OR of ERR_{FATAL,ABORT,ALERT,WARN}.
|
|
|
|
*/
|
|
|
|
int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg, const char *section, const char *file, int linenum)
|
|
|
|
{
|
|
|
|
int err_code = 0;
|
|
|
|
|
|
|
|
while (*(args[cur_arg])) {
|
|
|
|
struct bind_kw *kw;
|
|
|
|
const char *best;
|
|
|
|
|
|
|
|
kw = bind_find_kw(args[cur_arg]);
|
|
|
|
if (kw) {
|
|
|
|
char *err = NULL;
|
|
|
|
int code;
|
|
|
|
|
|
|
|
if (!kw->parse) {
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : '%s' option is not implemented in this version (check build options).\n",
|
|
|
|
file, linenum, args[0], args[1], section, args[cur_arg]);
|
|
|
|
cur_arg += 1 + kw->skip ;
|
|
|
|
err_code |= ERR_ALERT | ERR_FATAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
code = kw->parse(args, cur_arg, bind_conf->frontend, bind_conf, &err);
|
|
|
|
err_code |= code;
|
|
|
|
|
|
|
|
if (code) {
|
|
|
|
if (err && *err) {
|
|
|
|
indent_msg(&err, 2);
|
|
|
|
if (((code & (ERR_WARN|ERR_ALERT)) == ERR_WARN))
|
|
|
|
ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : %s\n", file, linenum, args[0], args[1], section, err);
|
|
|
|
else
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : %s\n", file, linenum, args[0], args[1], section, err);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : error encountered while processing '%s'.\n",
|
|
|
|
file, linenum, args[0], args[1], section, args[cur_arg]);
|
|
|
|
if (code & ERR_FATAL) {
|
|
|
|
free(err);
|
|
|
|
cur_arg += 1 + kw->skip;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
free(err);
|
|
|
|
cur_arg += 1 + kw->skip;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
best = bind_find_best_kw(args[cur_arg]);
|
|
|
|
if (best)
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s': unknown keyword '%s'; did you mean '%s' maybe ?\n",
|
|
|
|
file, linenum, args[0], args[1], section, args[cur_arg], best);
|
|
|
|
else
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s': unknown keyword '%s'.\n",
|
|
|
|
file, linenum, args[0], args[1], section, args[cur_arg]);
|
|
|
|
|
|
|
|
err_code |= ERR_ALERT | ERR_FATAL;
|
|
|
|
goto out;
|
|
|
|
}
|
2022-05-20 14:20:52 +00:00
|
|
|
|
|
|
|
if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM) ||
|
|
|
|
(bind_conf->options & (BC_O_USE_XPRT_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_XPRT_DGRAM|BC_O_USE_XPRT_STREAM)) {
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : cannot mix datagram and stream protocols.\n",
|
|
|
|
file, linenum, args[0], args[1], section);
|
|
|
|
err_code |= ERR_ALERT | ERR_FATAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2022-05-20 15:10:00 +00:00
|
|
|
/* The transport layer automatically switches to QUIC when QUIC is
|
|
|
|
* selected, regardless of bind_conf settings. We then need to
|
|
|
|
* initialize QUIC params.
|
|
|
|
*/
|
|
|
|
if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) {
|
|
|
|
#ifdef USE_QUIC
|
|
|
|
bind_conf->xprt = xprt_get(XPRT_QUIC);
|
2022-05-20 16:16:52 +00:00
|
|
|
if (!(bind_conf->options & BC_O_USE_SSL)) {
|
|
|
|
bind_conf->options |= BC_O_USE_SSL;
|
|
|
|
ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n",
|
|
|
|
file, linenum, args[0], args[1], section);
|
|
|
|
}
|
2022-05-20 15:10:00 +00:00
|
|
|
quic_transport_params_init(&bind_conf->quic_params, 1);
|
|
|
|
#else
|
|
|
|
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n",
|
|
|
|
file, linenum, args[0], args[1], section);
|
|
|
|
err_code |= ERR_ALERT | ERR_FATAL;
|
|
|
|
goto out;
|
|
|
|
#endif
|
|
|
|
}
|
2022-05-20 15:14:31 +00:00
|
|
|
else if (bind_conf->options & BC_O_USE_SSL) {
|
|
|
|
bind_conf->xprt = xprt_get(XPRT_SSL);
|
|
|
|
}
|
2022-05-20 15:10:00 +00:00
|
|
|
|
2022-05-20 13:41:45 +00:00
|
|
|
out:
|
|
|
|
return err_code;
|
|
|
|
}
|
|
|
|
|
2012-09-18 15:17:28 +00:00
|
|
|
/* parse the "maxconn" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_maxconn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
int val;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
val = atol(args[cur_arg + 1]);
|
2019-02-27 15:49:00 +00:00
|
|
|
if (val < 0) {
|
|
|
|
memprintf(err, "'%s' : invalid value %d, must be >= 0", args[cur_arg], val);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind)
|
2012-09-18 15:17:28 +00:00
|
|
|
l->maxconn = val;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* parse the "name" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_name(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : missing name", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind)
|
2012-09-18 15:17:28 +00:00
|
|
|
l->name = strdup(args[cur_arg + 1]);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* parse the "nice" bind keyword */
|
2012-09-20 14:48:07 +00:00
|
|
|
static int bind_parse_nice(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
2012-09-18 15:17:28 +00:00
|
|
|
{
|
|
|
|
struct listener *l;
|
|
|
|
int val;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
val = atol(args[cur_arg + 1]);
|
|
|
|
if (val < -1024 || val > 1024) {
|
2012-09-20 17:43:14 +00:00
|
|
|
memprintf(err, "'%s' : invalid value %d, allowed range is -1024..1024", args[cur_arg], val);
|
2012-09-18 15:17:28 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2012-09-20 14:48:07 +00:00
|
|
|
list_for_each_entry(l, &conf->listeners, by_bind)
|
2012-09-18 15:17:28 +00:00
|
|
|
l->nice = val;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-05-07 17:01:58 +00:00
|
|
|
/* parse the "process" bind keyword */
|
|
|
|
static int bind_parse_process(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
|
|
|
{
|
2022-07-15 15:16:01 +00:00
|
|
|
memprintf(err, "'process %s' on 'bind' lines is not supported anymore, please use 'thread' instead.", args[cur_arg+1]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
2014-05-07 17:01:58 +00:00
|
|
|
}
|
2012-09-18 15:17:28 +00:00
|
|
|
|
2018-04-10 12:43:00 +00:00
|
|
|
/* parse the "proto" bind keyword */
|
|
|
|
static int bind_parse_proto(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
|
|
|
{
|
|
|
|
struct ist proto;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2021-03-04 16:31:47 +00:00
|
|
|
proto = ist(args[cur_arg + 1]);
|
2018-04-10 12:43:00 +00:00
|
|
|
conf->mux_proto = get_mux_proto(proto);
|
|
|
|
if (!conf->mux_proto) {
|
|
|
|
memprintf(err, "'%s' : unknown MUX protocol '%s'", args[cur_arg], args[cur_arg+1]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-10-12 13:23:03 +00:00
|
|
|
/* parse the "shards" bind keyword. Takes an integer or "by-thread" */
|
|
|
|
static int bind_parse_shards(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
|
|
|
{
|
|
|
|
int val;
|
|
|
|
|
|
|
|
if (!*args[cur_arg + 1]) {
|
|
|
|
memprintf(err, "'%s' : missing value", args[cur_arg]);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strcmp(args[cur_arg + 1], "by-thread") == 0) {
|
|
|
|
val = MAX_THREADS; /* will be trimmed later anyway */
|
|
|
|
} else {
|
|
|
|
val = atol(args[cur_arg + 1]);
|
|
|
|
if (val < 1 || val > MAX_THREADS) {
|
|
|
|
memprintf(err, "'%s' : invalid value %d, allowed range is %d..%d or 'by-thread'", args[cur_arg], val, 1, MAX_THREADS);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
conf->settings.shards = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-09-21 12:31:29 +00:00
|
|
|
/* parse the "thread" bind keyword */
|
|
|
|
static int bind_parse_thread(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
|
|
|
|
{
|
2021-09-29 16:50:31 +00:00
|
|
|
char *sep = NULL;
|
|
|
|
ulong thread = 0;
|
|
|
|
long tgroup = 0;
|
|
|
|
|
|
|
|
tgroup = strtol(args[cur_arg + 1], &sep, 10);
|
|
|
|
if (*sep == '/') {
|
|
|
|
/* a thread group was present */
|
|
|
|
if (tgroup < 1 || tgroup > MAX_TGROUPS) {
|
|
|
|
memprintf(err, "'%s' thread-group number must be between 1 and %d (was %ld)", args[cur_arg + 1], MAX_TGROUPS, tgroup);
|
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
sep++;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
/* no thread group */
|
|
|
|
tgroup = 0;
|
|
|
|
sep = args[cur_arg + 1];
|
|
|
|
}
|
2021-09-21 12:31:29 +00:00
|
|
|
|
2021-10-12 06:47:54 +00:00
|
|
|
if ((conf->bind_tgroup || conf->bind_thread) &&
|
|
|
|
conf->bind_tgroup != tgroup) {
|
2021-09-29 16:50:31 +00:00
|
|
|
memprintf(err, "'%s' multiple thread-groups are not supported", args[cur_arg + 1]);
|
2021-09-21 12:31:29 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
2022-07-15 15:18:23 +00:00
|
|
|
|
|
|
|
if (parse_process_number(sep, &thread, LONGBITS, NULL, err)) {
|
2021-09-29 16:50:31 +00:00
|
|
|
memprintf(err, "'%s' : %s", sep, *err);
|
2021-09-21 12:31:29 +00:00
|
|
|
return ERR_ALERT | ERR_FATAL;
|
|
|
|
}
|
|
|
|
|
2021-10-12 06:47:54 +00:00
|
|
|
conf->bind_thread |= thread;
|
|
|
|
conf->bind_tgroup = tgroup;
|
2021-09-21 12:31:29 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-02-27 11:02:18 +00:00
|
|
|
/* config parser for global "tune.listener.multi-queue", accepts "on" or "off" */
|
|
|
|
static int cfg_parse_tune_listener_mq(char **args, int section_type, struct proxy *curpx,
|
2021-03-09 08:53:46 +00:00
|
|
|
const struct proxy *defpx, const char *file, int line,
|
2019-02-27 11:02:18 +00:00
|
|
|
char **err)
|
|
|
|
{
|
|
|
|
if (too_many_args(1, args, err, NULL))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (strcmp(args[1], "on") == 0)
|
|
|
|
global.tune.options |= GTUNE_LISTENER_MQ;
|
|
|
|
else if (strcmp(args[1], "off") == 0)
|
|
|
|
global.tune.options &= ~GTUNE_LISTENER_MQ;
|
|
|
|
else {
|
|
|
|
memprintf(err, "'%s' expects either 'on' or 'off' but got '%s'.", args[0], args[1]);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-01-07 21:54:17 +00:00
|
|
|
/* Note: must not be declared <const> as its list will be overwritten.
|
|
|
|
* Please take care of keeping this list alphabetically sorted.
|
|
|
|
*/
|
2013-06-21 21:16:39 +00:00
|
|
|
static struct sample_fetch_kw_list smp_kws = {ILH, {
|
2015-07-06 21:43:03 +00:00
|
|
|
{ "dst_conn", smp_fetch_dconn, 0, NULL, SMP_T_SINT, SMP_USE_FTEND, },
|
|
|
|
{ "so_id", smp_fetch_so_id, 0, NULL, SMP_T_SINT, SMP_USE_FTEND, },
|
2020-03-27 21:08:40 +00:00
|
|
|
{ "so_name", smp_fetch_so_name, 0, NULL, SMP_T_STR, SMP_USE_FTEND, },
|
2013-01-07 21:54:17 +00:00
|
|
|
{ /* END */ },
|
|
|
|
}};
|
|
|
|
|
2018-11-25 18:14:37 +00:00
|
|
|
INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws);
|
|
|
|
|
2012-04-19 16:42:05 +00:00
|
|
|
/* Note: must not be declared <const> as its list will be overwritten.
|
|
|
|
* Please take care of keeping this list alphabetically sorted.
|
|
|
|
*/
|
2013-06-21 21:16:39 +00:00
|
|
|
static struct acl_kw_list acl_kws = {ILH, {
|
2013-01-07 21:54:17 +00:00
|
|
|
{ /* END */ },
|
2010-05-24 18:55:15 +00:00
|
|
|
}};
|
|
|
|
|
2018-11-25 18:14:37 +00:00
|
|
|
INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
|
|
|
|
|
2012-09-18 15:17:28 +00:00
|
|
|
/* Note: must not be declared <const> as its list will be overwritten.
|
|
|
|
* Please take care of keeping this list alphabetically sorted, doing so helps
|
|
|
|
* all code contributors.
|
|
|
|
* Optional keywords are also declared with a NULL ->parse() function so that
|
|
|
|
* the config parser can report an appropriate error when a known keyword was
|
|
|
|
* not enabled.
|
|
|
|
*/
|
2012-09-18 16:24:39 +00:00
|
|
|
static struct bind_kw_list bind_kws = { "ALL", { }, {
|
2016-06-04 14:11:10 +00:00
|
|
|
{ "accept-netscaler-cip", bind_parse_accept_netscaler_cip, 1 }, /* enable NetScaler Client IP insertion protocol */
|
2012-09-18 15:17:28 +00:00
|
|
|
{ "accept-proxy", bind_parse_accept_proxy, 0 }, /* enable PROXY protocol */
|
|
|
|
{ "backlog", bind_parse_backlog, 1 }, /* set backlog of listening socket */
|
|
|
|
{ "id", bind_parse_id, 1 }, /* set id of listening socket */
|
|
|
|
{ "maxconn", bind_parse_maxconn, 1 }, /* set maxconn of listening socket */
|
|
|
|
{ "name", bind_parse_name, 1 }, /* set name of listening socket */
|
|
|
|
{ "nice", bind_parse_nice, 1 }, /* set nice of listening socket */
|
2014-05-07 17:01:58 +00:00
|
|
|
{ "process", bind_parse_process, 1 }, /* set list of allowed process for this socket */
|
2018-04-10 12:43:00 +00:00
|
|
|
{ "proto", bind_parse_proto, 1 }, /* set the proto to use for all incoming connections */
|
2021-10-12 13:23:03 +00:00
|
|
|
{ "shards", bind_parse_shards, 1 }, /* set number of shards */
|
2021-09-21 12:31:29 +00:00
|
|
|
{ "thread", bind_parse_thread, 1 }, /* set list of allowed threads for this socket */
|
2013-01-07 21:54:17 +00:00
|
|
|
{ /* END */ },
|
2012-09-18 15:17:28 +00:00
|
|
|
}};
|
|
|
|
|
2018-11-25 18:14:37 +00:00
|
|
|
INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
|
|
|
|
|
2019-02-27 11:02:18 +00:00
|
|
|
/* config keyword parsers */
|
|
|
|
static struct cfg_kw_list cfg_kws = {ILH, {
|
|
|
|
{ CFG_GLOBAL, "tune.listener.multi-queue", cfg_parse_tune_listener_mq },
|
|
|
|
{ 0, NULL, NULL }
|
|
|
|
}};
|
|
|
|
|
|
|
|
INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
|
|
|
|
|
2010-05-24 18:55:15 +00:00
|
|
|
/*
|
|
|
|
* Local variables:
|
|
|
|
* c-indent-level: 8
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* End:
|
|
|
|
*/
|