2006-06-26 00:48:02 +00:00
|
|
|
/*
|
2010-01-03 20:03:22 +00:00
|
|
|
* include/common/defaults.h
|
|
|
|
* Miscellaneous default values.
|
|
|
|
*
|
|
|
|
* Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
|
|
* exclusively.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
2006-06-26 00:48:02 +00:00
|
|
|
|
2006-06-29 15:53:05 +00:00
|
|
|
#ifndef _COMMON_DEFAULTS_H
|
|
|
|
#define _COMMON_DEFAULTS_H
|
2006-06-26 00:48:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* BUFSIZE defines the size of a read and write buffer. It is the maximum
|
|
|
|
* amount of bytes which can be stored by the proxy for each session. However,
|
|
|
|
* when reading HTTP headers, the proxy needs some spare space to add or rewrite
|
|
|
|
* headers if needed. The size of this spare is defined with MAXREWRITE. So it
|
|
|
|
* is not possible to process headers longer than BUFSIZE-MAXREWRITE bytes. By
|
|
|
|
* default, BUFSIZE=16384 bytes and MAXREWRITE=BUFSIZE/2, so the maximum length
|
|
|
|
* of headers accepted is 8192 bytes, which is in line with Apache's limits.
|
|
|
|
*/
|
|
|
|
#ifndef BUFSIZE
|
|
|
|
#define BUFSIZE 16384
|
|
|
|
#endif
|
|
|
|
|
MAJOR: session: only wake up as many sessions as available buffers permit
We've already experimented with three wake up algorithms when releasing
buffers : the first naive one used to wake up far too many sessions,
causing many of them not to get any buffer. The second approach which
was still in use prior to this patch consisted in waking up either 1
or 2 sessions depending on the number of FDs we had released. And this
was still inaccurate. The third one tried to cover the accuracy issues
of the second and took into consideration the number of FDs the sessions
would be willing to use, but most of the time we ended up waking up too
many of them for nothing, or deadlocking by lack of buffers.
This patch completely removes the need to allocate two buffers at once.
Instead it splits allocations into critical and non-critical ones and
implements a reserve in the pool for this. The deadlock situation happens
when all buffers are be allocated for requests pending in a maxconn-limited
server queue, because then there's no more way to allocate buffers for
responses, and these responses are critical to release the servers's
connection in order to release the pending requests. In fact maxconn on
a server creates a dependence between sessions and particularly between
oldest session's responses and latest session's requests. Thus, it is
mandatory to get a free buffer for a response in order to release a
server connection which will permit to release a request buffer.
Since we definitely have non-symmetrical buffers, we need to implement
this logic in the buffer allocation mechanism. What this commit does is
implement a reserve of buffers which can only be allocated for responses
and that will never be allocated for requests. This is made possible by
the requester indicating how much margin it wants to leave after the
allocation succeeds. Thus it is a cooperative allocation mechanism : the
requester (process_session() in general) prefers not to get a buffer in
order to respect other's need for response buffers. The session management
code always knows if a buffer will be used for requests or responses, so
that is not difficult :
- either there's an applet on the initiator side and we really need
the request buffer (since currently the applet is called in the
context of the session)
- or we have a connection and we really need the response buffer (in
order to support building and sending an error message back)
This reserve ensures that we don't take all allocatable buffers for
requests waiting in a queue. The downside is that all the extra buffers
are really allocated to ensure they can be allocated. But with small
values it is not an issue.
With this change, we don't observe any more deadlocks even when running
with maxconn 1 on a server under severely constrained memory conditions.
The code becomes a bit tricky, it relies on the scheduler's run queue to
estimate how many sessions are already expected to run so that it doesn't
wake up everyone with too few resources. A better solution would probably
consist in having two queues, one for urgent requests and one for normal
requests. A failed allocation for a session dealing with an error, a
connection event, or the need for a response (or request when there's an
applet on the left) would go to the urgent request queue, while other
requests would go to the other queue. Urgent requests would be served
from 1 entry in the pool, while the regular ones would be served only
according to the reserve. Despite not yet having this, it works
remarkably well.
This mechanism is quite efficient, we don't perform too many wake up calls
anymore. For 1 million sessions elapsed during massive memory contention,
we observe about 4.5M calls to process_session() compared to 4.0M without
memory constraints. Previously we used to observe up to 16M calls, which
rougly means 12M failures.
During a test run under high memory constraints (limit enforced to 27 MB
instead of the 58 MB normally needed), performance used to drop by 53% prior
to this patch. Now with this patch instead it *increases* by about 1.5%.
The best effect of this change is that by limiting the memory usage to about
2/3 to 3/4 of what is needed by default, it's possible to increase performance
by up to about 18% mainly due to the fact that pools are reused more often
and remain hot in the CPU cache (observed on regular HTTP traffic with 20k
objects, buffers.limit = maxconn/10, buffers.reserve = limit/2).
Below is an example of scenario which used to cause a deadlock previously :
- connection is received
- two buffers are allocated in process_session() then released
- one is allocated when receiving an HTTP request
- the second buffer is allocated then released in process_session()
for request parsing then connection establishment.
- poll() says we can send, so the request buffer is sent and released
- process session gets notified that the connection is now established
and allocates two buffers then releases them
- all other sessions do the same till one cannot get the request buffer
without hitting the margin
- and now the server responds. stream_interface allocates the response
buffer and manages to get it since it's higher priority being for a
response.
- but process_session() cannot allocate the request buffer anymore
=> We could end up with all buffers used by responses so that none may
be allocated for a request in process_session().
When the applet processing leaves the session context, the test will have
to be changed so that we always allocate a response buffer regardless of
the left side (eg: H2->H1 gateway). A final improvement would consists in
being able to only retry the failed I/O operation without waking up a
task, but to date all experiments to achieve this have proven not to be
reliable enough.
2014-11-27 00:11:56 +00:00
|
|
|
/* certain buffers may only be allocated for responses in order to avoid
|
|
|
|
* deadlocks caused by request queuing. 2 buffers is the absolute minimum
|
|
|
|
* acceptable to ensure that a request gaining access to a server can get
|
|
|
|
* a response buffer even if it doesn't completely flush the request buffer.
|
|
|
|
* The worst case is an applet making use of a request buffer that cannot
|
|
|
|
* completely be sent while the server starts to respond, and all unreserved
|
|
|
|
* buffers are allocated by request buffers from pending connections in the
|
|
|
|
* queue waiting for this one to flush. Both buffers reserved buffers may
|
|
|
|
* thus be used at the same time.
|
|
|
|
*/
|
|
|
|
#ifndef RESERVED_BUFS
|
|
|
|
#define RESERVED_BUFS 2
|
|
|
|
#endif
|
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
// reserved buffer space for header rewriting
|
|
|
|
#ifndef MAXREWRITE
|
|
|
|
#define MAXREWRITE (BUFSIZE / 2)
|
|
|
|
#endif
|
|
|
|
|
2013-06-03 13:52:52 +00:00
|
|
|
#ifndef REQURI_LEN
|
2006-06-26 00:48:02 +00:00
|
|
|
#define REQURI_LEN 1024
|
2013-06-03 13:52:52 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef CAPTURE_LEN
|
2006-06-26 00:48:02 +00:00
|
|
|
#define CAPTURE_LEN 64
|
2013-06-03 13:52:52 +00:00
|
|
|
#endif
|
2006-06-26 00:48:02 +00:00
|
|
|
|
2014-06-27 16:08:49 +00:00
|
|
|
#ifndef MAX_SYSLOG_LEN
|
|
|
|
#define MAX_SYSLOG_LEN 1024
|
|
|
|
#endif
|
|
|
|
|
2007-10-31 23:33:12 +00:00
|
|
|
// maximum line size when parsing config
|
|
|
|
#ifndef LINESIZE
|
|
|
|
#define LINESIZE 2048
|
|
|
|
#endif
|
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
// max # args on a configuration line
|
2007-10-31 23:33:12 +00:00
|
|
|
#define MAX_LINE_ARGS 64
|
2006-06-26 00:48:02 +00:00
|
|
|
|
2009-08-16 17:06:42 +00:00
|
|
|
// max # args on a stats socket
|
2013-08-01 19:11:42 +00:00
|
|
|
// This should cover at least 5 + twice the # of data_types
|
|
|
|
#define MAX_STATS_ARGS 64
|
[MAJOR] proto_uxst rework -> SNMP support
Currently there is a ~16KB limit for a data size passed via unix socket.
It is caused by a trivial bug ttat is going to fixed soon, however
in most cases there is no need to dump a full stats.
This patch makes possible to select a scope of dumped data by extending
current "show stat" to "show stat [<iid> <type> <sid>]":
- iid is a proxy id, -1 to dump all proxies
- type selects type of dumpable objects: 1 for frontend, 2 for backend, 4 for
server, -1 for all types. Values can be ORed, for example:
1+2=3 -> frontend+backend.
1+2+4=7 -> frontend+backend+server.
- sid is a service id, -1 to dump everything from the selected proxy.
To do this I implemented a new session flag (SN_STAT_BOUND), added three
variables in data_ctx.stats (iid, type, sid), modified dumpstats.c and
completely revorked the process_uxst_stats: now it waits for a "\n"
terminated string, splits args and uses them. BTW: It should be quite easy
to add new commands, for example to enable/disable servers, the only problem
I can see is a not very lucky config name (*stats* socket). :|
During the work I also fixed two bug:
- s->flags were not initialized for proto_uxst
- missing comma if throttling not enabled (caused by a stupid change in
"Implement persistent id for proxies and servers")
Other changes:
- No more magic type valuse, use STATS_TYPE_FE/STATS_TYPE_BE/STATS_TYPE_SV
- Don't memset full s->data_ctx (it was clearing s->data_ctx.stats.{iid/type/sid},
instead initialize stats.sv & stats.sv_st (stats.px and stats.px_st were already
initialized)
With all that changes it was extremely easy to write a short perl plugin
for a perl-enabled net-snmp (also included in this patch).
29385 is my PEN (Private Enterprise Number) and I'm willing to donate
the SNMPv2-SMI::enterprises.29385.106.* OIDs for HAProxy if there
is nothing assigned already.
2008-03-02 01:42:14 +00:00
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
// max # of matches per regexp
|
|
|
|
#define MAX_MATCH 10
|
|
|
|
|
2006-12-03 14:21:35 +00:00
|
|
|
// max # of headers in one HTTP request or response
|
2011-10-24 17:14:41 +00:00
|
|
|
// By default, about 100 headers (+1 for the first line)
|
2006-12-03 14:21:35 +00:00
|
|
|
#ifndef MAX_HTTP_HDR
|
2011-10-24 17:14:41 +00:00
|
|
|
#define MAX_HTTP_HDR 101
|
2006-12-03 14:21:35 +00:00
|
|
|
#endif
|
|
|
|
|
2009-09-07 09:51:47 +00:00
|
|
|
// max # of headers in history when looking for header #-X
|
|
|
|
#ifndef MAX_HDR_HISTORY
|
|
|
|
#define MAX_HDR_HISTORY 10
|
|
|
|
#endif
|
|
|
|
|
2013-07-23 17:15:30 +00:00
|
|
|
// max # of stick counters per session (at least 3 for sc0..sc2)
|
|
|
|
#ifndef MAX_SESS_STKCTR
|
|
|
|
#define MAX_SESS_STKCTR 3
|
|
|
|
#endif
|
|
|
|
|
2014-07-15 14:44:27 +00:00
|
|
|
// max # of extra stick-table data types that can be registred at runtime
|
|
|
|
#ifndef STKTABLE_EXTRA_DATA_TYPES
|
|
|
|
#define STKTABLE_EXTRA_DATA_TYPES 0
|
|
|
|
#endif
|
|
|
|
|
2007-03-23 21:39:59 +00:00
|
|
|
// max # of loops we can perform around a read() which succeeds.
|
|
|
|
// It's very frequent that the system returns a few TCP segments at a time.
|
|
|
|
#ifndef MAX_READ_POLL_LOOPS
|
|
|
|
#define MAX_READ_POLL_LOOPS 4
|
|
|
|
#endif
|
|
|
|
|
2009-03-21 19:43:57 +00:00
|
|
|
// minimum number of bytes read at once above which we don't try to read
|
|
|
|
// more, in order not to risk facing an EAGAIN. Most often, if we read
|
|
|
|
// at least 10 kB, we can consider that the system has tried to read a
|
|
|
|
// full buffer and got multiple segments (>1 MSS for jumbo frames, >7 MSS
|
|
|
|
// for normal frames) did not bother truncating the last segment.
|
|
|
|
#ifndef MIN_RECV_AT_ONCE_ENOUGH
|
|
|
|
#define MIN_RECV_AT_ONCE_ENOUGH (7*1448)
|
|
|
|
#endif
|
|
|
|
|
2011-05-11 18:47:24 +00:00
|
|
|
// The minimum number of bytes to be forwarded that is worth trying to splice.
|
|
|
|
// Below 4kB, it's not worth allocating pipes nor pretending to zero-copy.
|
|
|
|
#ifndef MIN_SPLICE_FORWARD
|
|
|
|
#define MIN_SPLICE_FORWARD 4096
|
|
|
|
#endif
|
|
|
|
|
2007-06-03 15:16:49 +00:00
|
|
|
// the max number of events returned in one call to poll/epoll. Too small a
|
|
|
|
// value will cause lots of calls, and too high a value may cause high latency.
|
|
|
|
#ifndef MAX_POLL_EVENTS
|
|
|
|
#define MAX_POLL_EVENTS 200
|
|
|
|
#endif
|
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
// cookie delimitor in "prefix" mode. This character is inserted between the
|
|
|
|
// persistence cookie and the original value. The '~' is allowed by RFC2965,
|
|
|
|
// and should not be too common in server names.
|
|
|
|
#ifndef COOKIE_DELIM
|
|
|
|
#define COOKIE_DELIM '~'
|
|
|
|
#endif
|
|
|
|
|
2010-10-06 17:25:55 +00:00
|
|
|
// this delimitor is used between a server's name and a last visit date in
|
|
|
|
// cookies exchanged with the client.
|
|
|
|
#ifndef COOKIE_DELIM_DATE
|
|
|
|
#define COOKIE_DELIM_DATE '|'
|
|
|
|
#endif
|
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
#define CONN_RETRIES 3
|
|
|
|
|
|
|
|
#define CHK_CONNTIME 2000
|
|
|
|
#define DEF_CHKINTR 2000
|
|
|
|
#define DEF_FALLTIME 3
|
|
|
|
#define DEF_RISETIME 2
|
2013-11-25 01:46:38 +00:00
|
|
|
#define DEF_AGENT_FALLTIME 1
|
|
|
|
#define DEF_AGENT_RISETIME 1
|
2010-01-27 10:28:42 +00:00
|
|
|
#define DEF_CHECK_REQ "OPTIONS / HTTP/1.0\r\n"
|
2014-06-20 03:30:16 +00:00
|
|
|
#define DEF_CHECK_PATH ""
|
2007-05-08 21:50:35 +00:00
|
|
|
#define DEF_SMTP_CHECK_REQ "HELO localhost\r\n"
|
2010-09-29 16:17:05 +00:00
|
|
|
#define DEF_LDAP_CHECK_REQ "\x30\x0c\x02\x01\x01\x60\x07\x02\x01\x03\x04\x00\x80\x00"
|
2011-08-05 14:23:48 +00:00
|
|
|
#define DEF_REDIS_CHECK_REQ "*1\r\n$4\r\nPING\r\n"
|
2006-06-26 00:48:02 +00:00
|
|
|
|
2009-12-15 21:31:24 +00:00
|
|
|
#define DEF_HANA_ONERR HANA_ONERR_FAILCHK
|
|
|
|
#define DEF_HANA_ERRLIMIT 10
|
|
|
|
|
2008-08-03 08:51:45 +00:00
|
|
|
// X-Forwarded-For header default
|
|
|
|
#define DEF_XFORWARDFOR_HDR "X-Forwarded-For"
|
|
|
|
|
2009-04-17 16:53:21 +00:00
|
|
|
// X-Original-To header default
|
|
|
|
#define DEF_XORIGINALTO_HDR "X-Original-To"
|
|
|
|
|
2006-06-26 00:48:02 +00:00
|
|
|
/* Default connections limit.
|
|
|
|
*
|
|
|
|
* A system limit can be enforced at build time in order to avoid using haproxy
|
|
|
|
* beyond reasonable system limits. For this, just define SYSTEM_MAXCONN to the
|
|
|
|
* absolute limit accepted by the system. If the configuration specifies a
|
|
|
|
* higher value, it will be capped to SYSTEM_MAXCONN and a warning will be
|
|
|
|
* emitted. The only way to override this limit will be to set it via the
|
|
|
|
* command-line '-n' argument.
|
|
|
|
*/
|
|
|
|
#ifndef SYSTEM_MAXCONN
|
2009-06-15 14:33:36 +00:00
|
|
|
#ifndef DEFAULT_MAXCONN
|
2006-06-26 00:48:02 +00:00
|
|
|
#define DEFAULT_MAXCONN 2000
|
2009-06-15 14:33:36 +00:00
|
|
|
#endif
|
2006-06-26 00:48:02 +00:00
|
|
|
#else
|
2009-06-15 14:33:36 +00:00
|
|
|
#undef DEFAULT_MAXCONN
|
2006-06-26 00:48:02 +00:00
|
|
|
#define DEFAULT_MAXCONN SYSTEM_MAXCONN
|
|
|
|
#endif
|
|
|
|
|
2007-10-14 21:05:39 +00:00
|
|
|
/* Minimum check interval for spread health checks. Servers with intervals
|
|
|
|
* greater than or equal to this value will have their checks spread apart
|
|
|
|
* and will be considered when searching the minimal interval.
|
|
|
|
* Others will be ignored for the minimal interval and will have their checks
|
|
|
|
* scheduled on a different basis.
|
|
|
|
*/
|
|
|
|
#ifndef SRV_CHK_INTER_THRES
|
|
|
|
#define SRV_CHK_INTER_THRES 1000
|
|
|
|
#endif
|
|
|
|
|
2007-10-15 08:05:11 +00:00
|
|
|
/* Specifies the string used to report the version and release date on the
|
|
|
|
* statistics page. May be defined to the empty string ("") to permanently
|
|
|
|
* disable the feature.
|
|
|
|
*/
|
|
|
|
#ifndef STATS_VERSION_STRING
|
|
|
|
#define STATS_VERSION_STRING " version " HAPROXY_VERSION ", released " HAPROXY_DATE
|
|
|
|
#endif
|
|
|
|
|
2009-05-10 06:53:33 +00:00
|
|
|
/* Maximum signal queue size, and also number of different signals we can
|
|
|
|
* handle.
|
|
|
|
*/
|
|
|
|
#ifndef MAX_SIGNAL
|
|
|
|
#define MAX_SIGNAL 256
|
|
|
|
#endif
|
|
|
|
|
2009-08-16 08:08:02 +00:00
|
|
|
/* Maximum host name length */
|
|
|
|
#ifndef MAX_HOSTNAME_LEN
|
2015-01-14 10:48:58 +00:00
|
|
|
#if MAXHOSTNAMELEN
|
|
|
|
#define MAX_HOSTNAME_LEN MAXHOSTNAMELEN
|
|
|
|
#else
|
|
|
|
#define MAX_HOSTNAME_LEN 64
|
|
|
|
#endif // MAXHOSTNAMELEN
|
|
|
|
#endif // MAX_HOSTNAME_LEN
|
2009-08-16 08:08:02 +00:00
|
|
|
|
2009-10-10 19:06:49 +00:00
|
|
|
/* Maximum health check description length */
|
|
|
|
#ifndef HCHK_DESC_LEN
|
|
|
|
#define HCHK_DESC_LEN 128
|
|
|
|
#endif
|
|
|
|
|
2012-10-05 13:47:31 +00:00
|
|
|
/* ciphers used as defaults on connect */
|
|
|
|
#ifndef CONNECT_DEFAULT_CIPHERS
|
|
|
|
#define CONNECT_DEFAULT_CIPHERS NULL
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* ciphers used as defaults on listeners */
|
|
|
|
#ifndef LISTEN_DEFAULT_CIPHERS
|
|
|
|
#define LISTEN_DEFAULT_CIPHERS NULL
|
|
|
|
#endif
|
|
|
|
|
2013-03-06 13:08:53 +00:00
|
|
|
/* named curve used as defaults for ECDHE ciphers */
|
|
|
|
#ifndef ECDHE_DEFAULT_CURVE
|
|
|
|
#define ECDHE_DEFAULT_CURVE "prime256v1"
|
|
|
|
#endif
|
|
|
|
|
2012-11-14 10:32:56 +00:00
|
|
|
/* ssl cache size */
|
|
|
|
#ifndef SSLCACHESIZE
|
|
|
|
#define SSLCACHESIZE 20000
|
|
|
|
#endif
|
|
|
|
|
2014-06-12 12:58:40 +00:00
|
|
|
/* ssl max dh param size */
|
|
|
|
#ifndef SSL_DEFAULT_DH_PARAM
|
|
|
|
#define SSL_DEFAULT_DH_PARAM 0
|
|
|
|
#endif
|
|
|
|
|
2015-01-15 20:34:39 +00:00
|
|
|
/* max memory cost per SSL session */
|
|
|
|
#ifndef SSL_SESSION_MAX_COST
|
|
|
|
#define SSL_SESSION_MAX_COST (16*1024) // measured
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* max memory cost per SSL handshake (on top of session) */
|
|
|
|
#ifndef SSL_HANDSHAKE_MAX_COST
|
|
|
|
#define SSL_HANDSHAKE_MAX_COST (76*1024) // measured
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
2014-06-17 10:19:18 +00:00
|
|
|
/* Number of samples used to compute the times reported in stats. A power of
|
|
|
|
* two is highly recommended, and this value multiplied by the largest response
|
|
|
|
* time must not overflow and unsigned int. See freq_ctr.h for more information.
|
|
|
|
* We consider that values are accurate to 95% with two batches of samples below,
|
|
|
|
* so in order to advertise accurate times across 1k samples, we effectively
|
|
|
|
* measure over 512.
|
|
|
|
*/
|
|
|
|
#ifndef TIME_STATS_SAMPLES
|
|
|
|
#define TIME_STATS_SAMPLES 512
|
|
|
|
#endif
|
|
|
|
|
2014-06-16 16:36:30 +00:00
|
|
|
/* max ocsp cert id asn1 encoded length */
|
|
|
|
#ifndef OCSP_MAX_CERTID_ASN1_LENGTH
|
|
|
|
#define OCSP_MAX_CERTID_ASN1_LENGTH 128
|
|
|
|
#endif
|
|
|
|
|
2014-06-19 12:16:17 +00:00
|
|
|
#ifndef OCSP_MAX_RESPONSE_TIME_SKEW
|
|
|
|
#define OCSP_MAX_RESPONSE_TIME_SKEW 300
|
|
|
|
#endif
|
2006-06-29 15:53:05 +00:00
|
|
|
#endif /* _COMMON_DEFAULTS_H */
|