RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-03 02:32:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
efc46dede9
haproxy/src/listener.c

2426 lines
74 KiB
C
Raw Normal View History

[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 10:25:14 +00:00
/*
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 20:58:11 +00:00
* Listener management functions.
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 10:25:14 +00:00
*
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
* Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 10:25:14 +00:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
MEDIUM: listener: parse the new "process" bind keyword This sets the bind_proc entry in the bind_conf config block. For now it's still unused, but the doc was updated.
2014-05-07 17:01:58 +00:00
#include <ctype.h>
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
#include <errno.h>
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 10:25:14 +00:00
#include <stdio.h>
#include <string.h>
BUILD: listener: add fcntl.h and unistd.h Otherwise it fails to build on some platforms.
2014-02-01 08:28:36 +00:00
#include <unistd.h>
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 10:25:14 +00:00
REORG: include: move acl.h to haproxy/acl.h{,-t}.h The files were moved almost as-is, just dropping arg-t and auth-t from acl-t but keeping arg-t in acl.h. It was useful to revisit the call places since a handful of files used to continue to include acl.h while they did not need it at all. Struct stream was only made a forward declaration since not otherwise needed.
2020-06-04 17:11:43 +00:00
#include <haproxy/acl.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 10:58:42 +00:00
#include <haproxy/api.h>
BUILD: tree-wide: add several missing activity.h A number of files currently access activity counters but rely on their definitions to be inherited from other files (task.c, backend.c hlua.c, sock.c, pool.c, stats.c, fd.c).
2021-10-06 17:54:09 +00:00
#include <haproxy/activity.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 22:00:29 +00:00
#include <haproxy/cfgparse.h>
REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c These functions have no reason for being inlined, and they require some includes with long dependencies. Let's move them to listener.c and trim unused includes in listener.h.
2021-10-06 07:05:08 +00:00
#include <haproxy/cli-t.h>
REORG: include: move connection.h to haproxy/connection{,-t}.h The type file is becoming a mess, half of it is for the proxy protocol, another good part describes conn_streams and mux ops, it would deserve being split again. At least it was reordered so that elements are easier to find, with the PP-stuff left at the end. The MAX_SEND_FD macro was moved to compat.h as it's said to be the value for Linux.
2020-06-04 16:02:10 +00:00
#include <haproxy/connection.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 14:10:29 +00:00
#include <haproxy/errors.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 07:07:15 +00:00
#include <haproxy/fd.h>
#include <haproxy/freq_ctr.h>
REORG: include: split global.h into haproxy/global{,-t}.h global.h was one of the messiest files, it has accumulated tons of implicit dependencies and declares many globals that make almost all other file include it. It managed to silence a dependency loop between server.h and proxy.h by being well placed to pre-define the required structs, forcing struct proxy and struct server to be forward-declared in a significant number of files. It was split in to, one which is the global struct definition and the few macros and flags, and the rest containing the functions prototypes. The UNIX_MAX_PATH definition was moved to compat.h.
2020-06-04 15:05:57 +00:00
#include <haproxy/global.h>
REORG: include: split mini-clist into haproxy/list and list-t.h Half of the users of this include only need the type definitions and not the manipulation macros nor the inline functions. Moves the various types into mini-clist-t.h makes the files cleaner. The other one had all its includes grouped at the top. A few files continued to reference it without using it and were cleaned. In addition it was about time that we'd rename that file, it's not "mini" anymore and contains a bit more than just circular lists.
2020-05-27 16:01:47 +00:00
#include <haproxy/list.h>
REORG: include: move listener.h to haproxy/listener{,-t}.h stdlib and list were missing from listener.h, otherwise it was OK.
2020-06-04 12:58:24 +00:00
#include <haproxy/listener.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 20:01:04 +00:00
#include <haproxy/log.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 07:07:15 +00:00
#include <haproxy/protocol.h>
BUILD: listener: include proxy.h from listener.c Many proxy functions are called there but the include was missing and inherited via cfgparse.h.
2021-05-08 18:30:37 +00:00
#include <haproxy/proxy.h>
MINOR: quic: QUIC transport parameters split. Make the transport parameters be standlone as much as possible as it consists only in encoding/decoding data into/from buffers. Reduce the size of xprt_quic.h. Unfortunalety, I think we will have to continue to include <xprt_quic-t.h> to use the trace API into this module.
2022-05-21 21:58:40 +00:00
#include <haproxy/quic_tp.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 07:07:15 +00:00
#include <haproxy/sample.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 21:46:14 +00:00
#include <haproxy/stream.h>
REORG: include: move task.h to haproxy/task{,-t}.h The TASK_IS_TASKLET() macro was moved to the proto file instead of the type one. The proto part was a bit reordered to remove a number of ugly forward declaration of static inline functions. About a tens of C and H files had their dependency dropped since they were not using anything from task.h.
2020-06-04 15:25:40 +00:00
#include <haproxy/task.h>
CLEANUP: tree-wide: remove unneeded include time.h in ~20 files 20 files used to have haproxy/time.h included only for now_ms, and two were missing it for other things but used to inherit from it via other files.
2021-10-06 14:18:40 +00:00
#include <haproxy/ticks.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 07:07:15 +00:00
#include <haproxy/tools.h>
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
[MINOR] add a generic unbind_listener() primitive Most protocols will be able to share a single unbind_listener() primitive. Provided it in protocols.c.
2007-10-28 21:13:50 +00:00
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 21:17:10 +00:00
/* List head of all known bind keywords */
MINOR: config: add a function to dump all known config keywords All registered config keywords that are valid in the config parser are dumped to stdout organized like the regular sections (global, listen, etc). Some keywords that are known to only be valid in frontends or backends will be suffixed with [FE] or [BE]. All regularly registered "bind" and "server" keywords are also dumped, one per "bind" or "server" line. Those depending on ssl are listed after the "ssl" keyword. Doing so required to export the listener and server keyword lists that were static. The function is called from dump_registered_keywords() for keyword class "cfg".
2022-03-29 13:02:44 +00:00
struct bind_kw_list bind_keywords = {
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 21:17:10 +00:00
.list = LIST_HEAD_INIT(bind_keywords.list)
};
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
/* list of the temporarily limited listeners because of lack of resource */
static struct mt_list global_listener_queue = MT_LIST_HEAD_INIT(global_listener_queue);
static struct task *global_listener_queue_task;
MINOR: stats: report the number of times the global maxconn was reached As discussed a few times over the years, it's quite difficult to know how often we stop accepting connections because the global maxconn was reached. This is not easy to know because when we reach the limit we stop accepting but we don't know if incoming connections are pending, so it's not possible to know how many were delayed just because of this. However, an interesting equivalent metric consist in counting the number of times an accepted incoming connection resulted in the limit being reached. I.e. "we've accepted the last one for now". That doesn't imply any other one got delayed but it's a factual indicator that something might have been delayed. And by counting the number of such events, it becomes easier to know whether some limits need to be adjusted because they're reached often, or if it's exceptionally rare. The metric is reported as a counter in show info and on the stats page in the info section right next to "maxconn".
2023-05-11 11:51:31 +00:00
/* number of times an accepted connection resulted in maxconn being reached */
ullong maxconn_reached = 0;
BUILD: listener: fix build warning on global_listener_rwlock without threads The global_listener_rwlock was introduced by recent commit 13e86d947 ("BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task"), but it's declared static and is not used when threads are disabled, thus causing a warning to be emitted in this case. Let's just condition it to thread usage to shut the warning. This will need to be backported where the patch above is backported.
2022-11-22 08:08:23 +00:00
__decl_thread(static HA_RWLOCK_T global_listener_rwlock);
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
MINOR: stats: add helper to get status string move listen status to a helper, defining both status enum and string definition. this will be helpful to be reused in prometheus code. It also removes this hard-to-read nested ternary. Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-14 22:22:55 +00:00
/* listener status for stats */
const char* li_status_st[LI_STATE_COUNT] = {
[LI_STATUS_WAITING] = "WAITING",
[LI_STATUS_OPEN] = "OPEN",
[LI_STATUS_FULL] = "FULL",
};
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
#if defined(USE_THREAD)
struct accept_queue_ring accept_queue_rings[MAX_THREADS] __attribute__((aligned(64))) = { };
/* dequeue and process a pending connection from the local accept queue (single
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
* consumer). Returns the accepted connection or NULL if none was found.
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
*/
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
struct connection *accept_queue_pop_sc(struct accept_queue_ring *ring)
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
{
unsigned int pos, next;
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
struct connection *ptr;
struct connection **e;
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
uint32_t idx = _HA_ATOMIC_LOAD(&ring->idx); /* (head << 16) + tail */
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
pos = idx >> 16;
if (pos == (uint16_t)idx)
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
return NULL;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
next = pos + 1;
if (next >= ACCEPT_QUEUE_SIZE)
next = 0;
e = &ring->entry[pos];
/* wait for the producer to update the listener's pointer */
while (1) {
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
ptr = *e;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
__ha_barrier_load();
if (ptr)
break;
pl_cpu_relax();
}
/* release the entry */
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
*e = NULL;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
__ha_barrier_store();
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
do {
pos = (next << 16) | (idx & 0xffff);
} while (unlikely(!HA_ATOMIC_CAS(&ring->idx, &idx, pos) && __ha_cpu_relax()));
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
return ptr;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
}
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
/* tries to push a new accepted connection <conn> into ring <ring>. Returns
* non-zero if it succeeds, or zero if the ring is full. Supports multiple
* producers.
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
*/
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
int accept_queue_push_mp(struct accept_queue_ring *ring, struct connection *conn)
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
{
unsigned int pos, next;
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
uint32_t idx = _HA_ATOMIC_LOAD(&ring->idx); /* (head << 16) + tail */
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
do {
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
pos = (uint16_t)idx;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
next = pos + 1;
if (next >= ACCEPT_QUEUE_SIZE)
next = 0;
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
if (next == (idx >> 16))
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
return 0; // ring full
MINOR: listener: make accept_queue index atomic There has always been a race when checking the length of an accept queue to determine which one is more loaded that another, because the head and tail are read at two different moments. This is not required, we can merge them as two 16 bit numbers inside a single 32-bit index that is always accessed atomically. This way we read both values at once and always have a consistent measurement.
2023-04-20 09:05:28 +00:00
next |= (idx & 0xffff0000U);
} while (unlikely(!_HA_ATOMIC_CAS(&ring->idx, &idx, next) && __ha_cpu_relax()));
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
ring->entry[pos] = conn;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
__ha_barrier_store();
return 1;
}
MINOR: listener: export accept_queue_process This is only to make it resolve in "show tasks".
2021-01-29 11:25:23 +00:00
/* proceed with accepting new connections. Don't mark it static so that it appears
* in task dumps.
*/
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 15:09:26 +00:00
struct task *accept_queue_process(struct task *t, void *context, unsigned int state)
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
{
struct accept_queue_ring *ring = context;
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
struct connection *conn;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
struct listener *li;
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
unsigned int max_accept;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
int ret;
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
/* if global.tune.maxaccept is -1, then max_accept is UINT_MAX. It
* is not really illimited, but it is probably enough.
*/
MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 The maximum number of connections accepted at once by a thread for a single listener used to default to 64 divided by the number of processes but the tasklet-based model is much more scalable and benefits from smaller values. Experimentation has shown that 4 gives the highest accept rate for all thread values, and that 3 and 5 come very close, as shown below (HTTP/1 connections forwarded per second at multi-accept 4 and 64): ac\thr| 1 2 4 8 16 ------+------------------------------ 4| 80k 106k 168k 270k 336k 64| 63k 89k 145k 230k 274k Some tests were also conducted on SSL and absolutely no change was observed. The value was placed into a define because it used to be spread all over the code. It might be useful at some point to backport this to 2.3 and 2.2 to help those who observed some performance regressions from 1.6.
2021-02-19 14:50:27 +00:00
max_accept = global.tune.maxaccept ? global.tune.maxaccept : MAX_ACCEPT;
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
for (; max_accept; max_accept--) {
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
conn = accept_queue_pop_sc(ring);
if (!conn)
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
break;
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
li = __objt_listener(conn->target);
CLEANUP: listener: only store conn counts for local threads The listeners have a thr_conn[] array indexed on the thread number that is used during connection redispatching to know what threads are the least loaded. Since we introduced thread groups, and based on the fact that a listener may only belong to one group, there's no point storing counters for all threads, we just need to store them for all threads in the group. Doing so reduces the struct listener from 1500 to 632 bytes. This may be backported to 2.7 to save a bit of resources.
2023-02-28 09:25:57 +00:00
_HA_ATOMIC_INC(&li->thr_conn[ti->ltid]);
MINOR: listener: move the ->accept callback to the bind_conf The accept callback directly derives from the upper layer, generally it's session_accept_fd(). As such it's also defined per bind line so it makes sense to move it there.
2023-01-12 18:10:17 +00:00
ret = li->bind_conf->accept(conn);
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
if (ret <= 0) {
/* connection was terminated by the application */
continue;
}
/* increase the per-process number of cumulated sessions, this
MINOR: listener: move the ->accept callback to the bind_conf The accept callback directly derives from the upper layer, generally it's session_accept_fd(). As such it's also defined per bind line so it makes sense to move it there.
2023-01-12 18:10:17 +00:00
* may only be done once l->bind_conf->accept() has accepted the
* connection.
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
*/
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(li->bind_conf->options & BC_O_UNLIMITED)) {
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
HA_ATOMIC_UPDATE_MAX(&global.sps_max,
update_freq_ctr(&global.sess_per_sec, 1));
CLEANUP: src/listener.c: remove redundant NULL check fixes #2031 quoting Willy Tarreau: "Originally the listeners were intended to work without a bind_conf (e.g. for FTP processing) hence these tests, but over time the bind_conf has become omnipresent"
2023-04-26 19:05:12 +00:00
if (li->bind_conf->options & BC_O_USE_SSL) {
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
update_freq_ctr(&global.ssl_per_sec, 1));
}
}
}
/* ran out of budget ? Let's come here ASAP */
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
if (!max_accept)
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
tasklet_wakeup(ring->tasklet);
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
return NULL;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
}
/* Initializes the accept-queues. Returns 0 on success, otherwise ERR_* flags */
static int accept_queue_init()
{
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
struct tasklet *t;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
int i;
for (i = 0; i < global.nbthread; i++) {
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
t = tasklet_new();
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
if (!t) {
ha_alert("Out of memory while initializing accept queue for thread %d\n", i);
return ERR_FATAL|ERR_ABORT;
}
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
t->tid = i;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
t->process = accept_queue_process;
t->context = &accept_queue_rings[i];
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
accept_queue_rings[i].tasklet = t;
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
}
return 0;
}
REGISTER_CONFIG_POSTPARSER("multi-threaded accept queue", accept_queue_init);
CLEANUP: listeners/deinit: release accept queue tasklets on deinit There was no function to release these ones, they were only created so the patch adds an accept_queue_deinit() call.
2022-04-27 16:42:47 +00:00
static void accept_queue_deinit()
{
int i;
for (i = 0; i < global.nbthread; i++) {
CLEANUP: Stop checking the pointer before calling `tasklet_free()` Changes performed with this Coccinelle patch: @@ expression e; @@ - if (e != NULL) { tasklet_free(e); - } @@ expression e; @@ - if (e) { tasklet_free(e); - } @@ expression e; @@ - if (e) tasklet_free(e); @@ expression e; @@ - if (e != NULL) tasklet_free(e); See GitHub Issue #2126
2023-04-22 15:47:32 +00:00
tasklet_free(accept_queue_rings[i].tasklet);
CLEANUP: listeners/deinit: release accept queue tasklets on deinit There was no function to release these ones, they were only created so the patch adds an accept_queue_deinit() call.
2022-04-27 16:42:47 +00:00
}
}
REGISTER_POST_DEINIT(accept_queue_deinit);
MINOR: listener: implement multi-queue accept for threads There is one point where we can migrate a connection to another thread without taking risk, it's when we accept it : the new FD is not yet in the fd cache and no task was created yet. It's still possible to assign it a different thread than the one which accepted the connection. The only requirement for this is to have one accept queue per thread and their respective processing tasks that have to be woken up each time an entry is added to the queue. This is a multiple-producer, single-consumer model. Entries are added at the queue's tail and the processing task is woken up. The consumer picks entries at the head and processes them in order. The accept queue contains the fd, the source address, and the listener. Each entry of the accept queue was rounded up to 64 bytes (one cache line) to avoid cache aliasing because tests have shown that otherwise performance suffers a lot (5%). A test has shown that it's important to have at least 256 entries for the rings, as at 128 it's still possible to fill them often at high loads on small thread counts. The processing task does almost nothing except calling the listener's accept() function and updating the global session and SSL rate counters just like listener_accept() does on synchronous calls. At this point the accept queue is implemented but not used.
2019-01-27 14:37:19 +00:00
#endif // USE_THREAD
MINOR: quic_sock: index li->per_thr[] on local thread id, not global one There's a li_per_thread array in each listener for use with QUIC listeners. Since thread groups were introduced, this array can be allocated too large because global.nbthread is allocated for each listener, while only no more than MIN(nbthread,MAX_THREADS_PER_GROUP) may be used by a single listener. This was because the global thread ID is used as the index instead of the local ID (since a listener may only be used by a single group). Let's just switch to local ID and reduce the allocated size.
2023-04-21 08:46:45 +00:00
/* Memory allocation and initialization of the per_thr field (one entry per
* bound thread).
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 15:21:47 +00:00
* Returns 0 if the field has been successfully initialized, -1 on failure.
*/
int li_init_per_thr(struct listener *li)
{
MINOR: quic_sock: index li->per_thr[] on local thread id, not global one There's a li_per_thread array in each listener for use with QUIC listeners. Since thread groups were introduced, this array can be allocated too large because global.nbthread is allocated for each listener, while only no more than MIN(nbthread,MAX_THREADS_PER_GROUP) may be used by a single listener. This was because the global thread ID is used as the index instead of the local ID (since a listener may only be used by a single group). Let's just switch to local ID and reduce the allocated size.
2023-04-21 08:46:45 +00:00
int nbthr = MIN(global.nbthread, MAX_THREADS_PER_GROUP);
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 15:21:47 +00:00
int i;
/* allocate per-thread elements for listener */
MINOR: quic_sock: index li->per_thr[] on local thread id, not global one There's a li_per_thread array in each listener for use with QUIC listeners. Since thread groups were introduced, this array can be allocated too large because global.nbthread is allocated for each listener, while only no more than MIN(nbthread,MAX_THREADS_PER_GROUP) may be used by a single listener. This was because the global thread ID is used as the index instead of the local ID (since a listener may only be used by a single group). Let's just switch to local ID and reduce the allocated size.
2023-04-21 08:46:45 +00:00
li->per_thr = calloc(nbthr, sizeof(*li->per_thr));
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 15:21:47 +00:00
if (!li->per_thr)
return -1;
MINOR: quic_sock: index li->per_thr[] on local thread id, not global one There's a li_per_thread array in each listener for use with QUIC listeners. Since thread groups were introduced, this array can be allocated too large because global.nbthread is allocated for each listener, while only no more than MIN(nbthread,MAX_THREADS_PER_GROUP) may be used by a single listener. This was because the global thread ID is used as the index instead of the local ID (since a listener may only be used by a single group). Let's just switch to local ID and reduce the allocated size.
2023-04-21 08:46:45 +00:00
for (i = 0; i < nbthr; ++i) {
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 15:21:47 +00:00
MT_LIST_INIT(&li->per_thr[i].quic_accept.list);
MT_LIST_INIT(&li->per_thr[i].quic_accept.conns);
li->per_thr[i].li = li;
}
return 0;
}
MINOR: stats: add helper to get status string move listen status to a helper, defining both status enum and string definition. this will be helpful to be reused in prometheus code. It also removes this hard-to-read nested ternary. Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-14 22:22:55 +00:00
/* helper to get listener status for stats */
enum li_status get_li_status(struct listener *l)
{
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
if (!l->bind_conf->maxconn || l->nbconn < l->bind_conf->maxconn) {
MINOR: stats: add helper to get status string move listen status to a helper, defining both status enum and string definition. this will be helpful to be reused in prometheus code. It also removes this hard-to-read nested ternary. Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-14 22:22:55 +00:00
if (l->state == LI_LIMITED)
return LI_STATUS_WAITING;
else
return LI_STATUS_OPEN;
}
return LI_STATUS_FULL;
}
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
/* adjust the listener's state and its proxy's listener counters if needed.
* It must be called under the listener's lock, but uses atomic ops to change
* the proxy's counters so that the proxy lock is not needed.
*/
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
void listener_set_state(struct listener *l, enum li_state st)
{
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
struct proxy *px = l->bind_conf->frontend;
if (px) {
/* from state */
switch (l->state) {
case LI_NEW: /* first call */
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&px->li_all);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
case LI_INIT:
case LI_ASSIGNED:
break;
case LI_PAUSED:
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&px->li_paused);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
case LI_LISTEN:
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&px->li_bound);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
case LI_READY:
case LI_FULL:
case LI_LIMITED:
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&px->li_ready);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
}
/* to state */
switch (st) {
case LI_NEW:
case LI_INIT:
case LI_ASSIGNED:
break;
case LI_PAUSED:
MINOR: listener: add a few BUG_ON() statements to detect inconsistencies We must not have an fd==-1 when switching to certain states. This will later disappear but for now it helps detecting inconsistencies.
2020-10-08 13:32:21 +00:00
BUG_ON(l->rx.fd == -1);
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&px->li_paused);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
case LI_LISTEN:
MEDIUM: proto_reverse_connect: bootstrap active reverse connection Implement active reverse connection initialization. This is done through a new task stored in the receiver structure. This task is instantiated via bind callback and first woken up via enable callback. Task handler is separated into two halves. On the first step, a new connection is allocated and stored in <pend_conn> member of the receiver. This new client connection will proceed to connect using the server instance referenced in the bind_conf. When connect has successfully been executed and HTTP/2 connection is ready for exchange after SETTINGS, reverse_connect task is woken up. As <pend_conn> is still set, the second halve is executed which only execute listener_accept(). This will in turn execute accept_conn callback which is defined to return the pending connection. The task is automatically requeued inside accept_conn callback if bind maxconn is not yet reached. This allows to specify how many connection should be opened. Each connection is instantiated and reversed serially one by one until maxconn is reached. conn_free() has been modified to handle failure if a reverse connection fails before being accepted. In this case, no session exists to notify about the failure. Instead, reverse_connect task is requeud with a 1 second delay, giving time to fix a possible network issue. This will allow to attempt a new connection reverse. Note that for the moment connection rebinding after accept is disabled for simplicity. Extra operations are required to migrate an existing connection and its stack to a new thread which will be implemented later.
2023-08-23 15:16:07 +00:00
BUG_ON(l->rx.fd == -1 && !l->rx.reverse_connect.task);
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&px->li_bound);
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
case LI_READY:
case LI_FULL:
case LI_LIMITED:
MEDIUM: proto_reverse_connect: bootstrap active reverse connection Implement active reverse connection initialization. This is done through a new task stored in the receiver structure. This task is instantiated via bind callback and first woken up via enable callback. Task handler is separated into two halves. On the first step, a new connection is allocated and stored in <pend_conn> member of the receiver. This new client connection will proceed to connect using the server instance referenced in the bind_conf. When connect has successfully been executed and HTTP/2 connection is ready for exchange after SETTINGS, reverse_connect task is woken up. As <pend_conn> is still set, the second halve is executed which only execute listener_accept(). This will in turn execute accept_conn callback which is defined to return the pending connection. The task is automatically requeued inside accept_conn callback if bind maxconn is not yet reached. This allows to specify how many connection should be opened. Each connection is instantiated and reversed serially one by one until maxconn is reached. conn_free() has been modified to handle failure if a reverse connection fails before being accepted. In this case, no session exists to notify about the failure. Instead, reverse_connect task is requeud with a 1 second delay, giving time to fix a possible network issue. This will allow to attempt a new connection reverse. Note that for the moment connection rebinding after accept is disabled for simplicity. Extra operations are required to migrate an existing connection and its stack to a new thread which will be implemented later.
2023-08-23 15:16:07 +00:00
BUG_ON(l->rx.fd == -1 && !l->rx.reverse_connect.task);
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&px->li_ready);
MINOR: listener: make sure we don't pause/resume bypassed listeners Some listeners are kept in LI_ASSIGNED state but are not supposed to be started since they were bypassed on initial startup (eg: in protocol_bind_all() or in enable_listener()...) Introduce the LI_F_FINALIZED flag: when the variable is non zero it means that the listener made it past the LI_LISTEN state (finalized) at least once so we can safely pause / resume. This way we won't risk starting a previously bypassed listener which never made it that far and thus was not expected to be lazy-started by accident. As listener_pause() and listener_resume() are currently partially broken, such unexpected lazy-start won't happen. But we're trying to restore pause() and resume() behavior so this patch will be required before going any further. We had to re-introduce listeners 'flags' struct member since it was recently moved into bind_conf struct. But here we do have a legitimate need for these listener-only flags. This should only be backported if explicitly required by another commit. -- Backport notes: -> 2.4 and 2.5: The 2-bytes hole we're using in the current patch does not apply, let's use the 4-byte hole located under the 'option' field. Replace this: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ By this: |@@ -209,6 +209,8 @@ struct listener { | short int nice; /* nice value to assign to the instantiated tasks */ | int luid; /* listener universally unique ID, used for SNMP */ | int options; /* socket options : LI_O_* */ |+ uint16_t flags; /* listener flags: LI_F_* */ |+ /* 2-bytes hole here */ | __decl_thread(HA_RWLOCK_T lock); | | struct fe_counters *counters; /* statistics counters */ -> 2.4 only: We need to adjust some contextual lines. Replace this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | if (!lli) | HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) By this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) And this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | if (MT_LIST_INLIST(&l->wait_queue)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) By this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) -> 2.6 and 2.7 only: struct listener 'flags' member still exists, let's use it. Remove this from the current patch: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ Then, replace this: |@@ -251,6 +250,9 @@ struct listener { | EXTRA_COUNTERS(extra_counters); | }; | |+/* listener flags (16 bits) */ |+#define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+ | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The | * function pointer can be NULL if not implemented. The function also has an By this: |@@ -221,6 +221,7 @@ struct li_per_thread { | }; | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ |+#define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-14 07:51:14 +00:00
l->flags |= LI_F_FINALIZED;
MINOR: proxy: maintain per-state counters of listeners The proxy state tries to be synthetic but that doesn't work well with many listeners, especially for transition phases or after a failed pause/resume. In order to address this, we'll instead rely on counters of listeners in a given state for the 3 major states (ready, paused, listen) and a total counter. We'll now be able to determine a proxy's state by comparing these counters only.
2020-09-24 05:27:06 +00:00
break;
}
}
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
l->state = st;
}
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
/* This function adds the specified listener's file descriptor to the polling
* lists if it is in the LI_LISTEN state. The listener enters LI_READY or
CLEANUP: assorted typo fixes in the code and comments This is sixth iteration of typo fixes
2020-04-02 10:25:26 +00:00
* LI_FULL state depending on its number of connections. In daemon mode, we
MAJOR: listener: only start listeners bound to the same processes Now that we know what processes a "bind" statement is attached to, we have the ability to avoid starting some of them when they're not on the proper process. This feature is disabled when running in foreground however, so that debug mode continues to work with everything bound to the first and only process. The main purpose of this change is to finally allow the global stats sockets to be each bound to a different process. It can also be used to force haproxy to use different sockets in different processes for the same IP:port. The purpose is that under Linux 3.9 and above (and possibly other OSes), when multiple processes are bound to the same IP:port via different sockets, the system is capable of performing a perfect round-robin between the socket queues instead of letting any process pick all the connections from a queue. This results in a smoother load balancing and may achieve a higher performance with a large enough maxaccept setting.
2014-05-07 17:22:24 +00:00
* also support binding only the relevant processes to their respective
* listeners. We don't do that in debug mode however.
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
*/
MINOR: listeners: export enable_listener() we'll soon call it from outside.
2020-09-25 14:40:18 +00:00
void enable_listener(struct listener *listener)
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
{
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
MEDIUM: listeners: always close master vs worker listeners Right now in enable_listener(), we used to start all enabled listeners then kill from the workers those that were for the master. But this is incomplete. We must also close from the master the listeners that are solely for workers, and do it before we even start them. Otherwise we end up with a master responding to the worker CLI connections if the listener remains in listen mode to translate the socket's real state. It doesn't seem like it could have caused bugs in the past because we used to aggressively mark disabled listeners as LI_ASSIGNED despite the fact that they were still bound and listening. If this patch were ever seen as a candidate solution for any obscure bug, be careful in that it subtly relies on the fact that fd_delete() doesn't close inherited FDs anymore, otherwise that could break the master's ability to pass inherited FDs on reloads.
2020-10-09 08:35:40 +00:00
/* If this listener is supposed to be only in the master, close it in
* the workers. Conversely, if it's supposed to be only in the workers
* close it in the master.
*/
MINOR: listeners: move the LI_O_MWORKER flag to the receiver This listener flag indicates whether the receiver part of the listener is specific to the master or to the workers. In practice it's only used by the master's CLI right now. It's used to know whether or not the FD must be closed before forking the workers. For this reason it's way more of a receiver's property than a listener's property, so let's move it there under the name RX_F_MWORKER. The rest of the code remains unchanged.
2020-10-09 14:11:46 +00:00
if (!!master != !!(listener->rx.flags & RX_F_MWORKER))
CLEANUP: listeners: remove the do_close argument to unbind_listener() And also remove it from its callers. This subtle distinction was added as sort of a hack for the seamless reload feature but is not needed anymore since the do_close turned unused since commit previous commit ("MEDIUM: listener: let do_unbind_listener() decide whether to close or not"). This also removes the unbind_listener_no_close() function.
2020-10-09 13:55:23 +00:00
do_unbind_listener(listener);
MEDIUM: listeners: always close master vs worker listeners Right now in enable_listener(), we used to start all enabled listeners then kill from the workers those that were for the master. But this is incomplete. We must also close from the master the listeners that are solely for workers, and do it before we even start them. Otherwise we end up with a master responding to the worker CLI connections if the listener remains in listen mode to translate the socket's real state. It doesn't seem like it could have caused bugs in the past because we used to aggressively mark disabled listeners as LI_ASSIGNED despite the fact that they were still bound and listening. If this patch were ever seen as a candidate solution for any obscure bug, be careful in that it subtly relies on the fact that fd_delete() doesn't close inherited FDs anymore, otherwise that could break the master's ability to pass inherited FDs on reloads.
2020-10-09 08:35:40 +00:00
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
if (listener->state == LI_LISTEN) {
MEDIUM: proto_reverse_connect: bootstrap active reverse connection Implement active reverse connection initialization. This is done through a new task stored in the receiver structure. This task is instantiated via bind callback and first woken up via enable callback. Task handler is separated into two halves. On the first step, a new connection is allocated and stored in <pend_conn> member of the receiver. This new client connection will proceed to connect using the server instance referenced in the bind_conf. When connect has successfully been executed and HTTP/2 connection is ready for exchange after SETTINGS, reverse_connect task is woken up. As <pend_conn> is still set, the second halve is executed which only execute listener_accept(). This will in turn execute accept_conn callback which is defined to return the pending connection. The task is automatically requeued inside accept_conn callback if bind maxconn is not yet reached. This allows to specify how many connection should be opened. Each connection is instantiated and reversed serially one by one until maxconn is reached. conn_free() has been modified to handle failure if a reverse connection fails before being accepted. In this case, no session exists to notify about the failure. Instead, reverse_connect task is requeud with a 1 second delay, giving time to fix a possible network issue. This will allow to attempt a new connection reverse. Note that for the moment connection rebinding after accept is disabled for simplicity. Extra operations are required to migrate an existing connection and its stack to a new thread which will be implemented later.
2023-08-23 15:16:07 +00:00
BUG_ON(listener->rx.fd == -1 && !listener->rx.reverse_connect.task);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 15:38:50 +00:00
if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) &&
MEDIUM: global: remove dead code from nbproc/bind_proc removal Lots of places iterating over nbproc or comparing with nbproc could be simplified. Further, "bind-process" and "process" parsing that was already limited to process 1 or "all" or "odd" resulted in a bind_proc field that was either 0 or 1 during the init phase and later always 1. All the checks for compatibilities were removed since it's not possible anymore to run a frontend and a backend on different processes or to have peers and stick-tables bound on different ones. This is the largest part of this patch. The bind_proc field was removed from both the proxy and the receiver structs. Since the "process" and "bind-process" directives are still parsed, configs making use of correct values allowing process 1 will continue to work.
2021-06-15 06:36:30 +00:00
(!!master != !!(listener->rx.flags & RX_F_MWORKER))) {
MAJOR: listener: only start listeners bound to the same processes Now that we know what processes a "bind" statement is attached to, we have the ability to avoid starting some of them when they're not on the proper process. This feature is disabled when running in foreground however, so that debug mode continues to work with everything bound to the first and only process. The main purpose of this change is to finally allow the global stats sockets to be each bound to a different process. It can also be used to force haproxy to use different sockets in different processes for the same IP:port. The purpose is that under Linux 3.9 and above (and possibly other OSes), when multiple processes are bound to the same IP:port via different sockets, the system is capable of performing a perfect round-robin between the socket queues instead of letting any process pick all the connections from a queue. This results in a smoother load balancing and may achieve a higher performance with a large enough maxaccept setting.
2014-05-07 17:22:24 +00:00
/* we don't want to enable this listener and don't
* want any fd event to reach it.
*/
CLEANUP: listeners: remove the do_close argument to unbind_listener() And also remove it from its callers. This subtle distinction was added as sort of a hack for the seamless reload feature but is not needed anymore since the do_close turned unused since commit previous commit ("MEDIUM: listener: let do_unbind_listener() decide whether to close or not"). This also removes the unbind_listener_no_close() function.
2020-10-09 13:55:23 +00:00
do_unbind_listener(listener);
MAJOR: listener: only start listeners bound to the same processes Now that we know what processes a "bind" statement is attached to, we have the ability to avoid starting some of them when they're not on the proper process. This feature is disabled when running in foreground however, so that debug mode continues to work with everything bound to the first and only process. The main purpose of this change is to finally allow the global stats sockets to be each bound to a different process. It can also be used to force haproxy to use different sockets in different processes for the same IP:port. The purpose is that under Linux 3.9 and above (and possibly other OSes), when multiple processes are bound to the same IP:port via different sockets, the system is capable of performing a perfect round-robin between the socket queues instead of letting any process pick all the connections from a queue. This results in a smoother load balancing and may achieve a higher performance with a large enough maxaccept setting.
2014-05-07 17:22:24 +00:00
}
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
else if (!listener->bind_conf->maxconn || listener->nbconn < listener->bind_conf->maxconn) {
MEDIUM: listeners: now use the listener's ->enable/disable At each place we used to manipulate the FDs directly we can now call the listener protocol's enable/disable/rx_enable/rx_disable depending on whether the state changes on the listener or the receiver. One exception currently remains in listener_accept() which is a bit special and which should be split into 2 or 3 parts in the various protocol layers. The test of fd_updt in do_unbind_listener() that was added by commit a51885621 ("BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.") could finally be removed since that part is correctly handled in the low-level disable() function. One disable() was added in resume_listener() before switching to LI_FULL because rx_resume() enables polling on the FD for the receiver while we want to disable it if the listener is full. There are different ways to clean this up in the future. One of them could be to consider that TCP receivers only act at the listener level. But in fact it does not translate reality. The reality is that only the receiver is paused and that the listener's state ought not be affected here. Ultimately the resume_listener() function should be split so that the part controlled by the protocols only acts on the receiver, and that the receiver itself notifies the upper listener about the change so that the listener protocol may decide to disable or enable polling. Conversely the listener should automatically update its receiver when they share the same state. Since there is no harm proceeding like this, let's keep this for now.
2020-09-25 18:32:28 +00:00
listener->rx.proto->enable(listener);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(listener, LI_READY);
MAJOR: listener: only start listeners bound to the same processes Now that we know what processes a "bind" statement is attached to, we have the ability to avoid starting some of them when they're not on the proper process. This feature is disabled when running in foreground however, so that debug mode continues to work with everything bound to the first and only process. The main purpose of this change is to finally allow the global stats sockets to be each bound to a different process. It can also be used to force haproxy to use different sockets in different processes for the same IP:port. The purpose is that under Linux 3.9 and above (and possibly other OSes), when multiple processes are bound to the same IP:port via different sockets, the system is capable of performing a perfect round-robin between the socket queues instead of letting any process pick all the connections from a queue. This results in a smoother load balancing and may achieve a higher performance with a large enough maxaccept setting.
2014-05-07 17:22:24 +00:00
}
else {
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(listener, LI_FULL);
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
}
}
MEDIUM: listeners: always close master vs worker listeners Right now in enable_listener(), we used to start all enabled listeners then kill from the workers those that were for the master. But this is incomplete. We must also close from the master the listeners that are solely for workers, and do it before we even start them. Otherwise we end up with a master responding to the worker CLI connections if the listener remains in listen mode to translate the socket's real state. It doesn't seem like it could have caused bugs in the past because we used to aggressively mark disabled listeners as LI_ASSIGNED despite the fact that they were still bound and listening. If this patch were ever seen as a candidate solution for any obscure bug, be careful in that it subtly relies on the fact that fd_delete() doesn't close inherited FDs anymore, otherwise that could break the master's ability to pass inherited FDs on reloads.
2020-10-09 08:35:40 +00:00
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
[MAJOR] added a new state to listeners There was a missing state for listeners, when they are not listening but still attached to the protocol. The LI_ASSIGNED state was added for this purpose. This permitted to clean up the assignment/release workflow quite a bit. Generic enable/enable_all/disable/disable_all primitives were added, and a disable_all entry was added to the struct protocol.
2007-10-28 20:59:24 +00:00
}
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
/*
CLEANUP: listener: function comment typo in stop_listener() A minor typo related to stop_listener() function comment was introduced in 0013288. This makes stop_listener() function comment easier to read.
2022-09-11 14:19:49 +00:00
* This function completely stops a listener.
* The proxy's listeners count is updated and the proxy is
* disabled and woken up after the last one is gone.
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
* It will need to operate under the proxy's lock, the protocol's lock and
* the listener's lock. The caller is responsible for indicating in lpx,
* lpr, lli whether the respective locks are already held (non-zero) or
* not (zero) so that the function picks the missing ones, in this order.
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
*/
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
void stop_listener(struct listener *l, int lpx, int lpr, int lli)
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
{
struct proxy *px = l->bind_conf->frontend;
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (l->bind_conf->options & BC_O_NOSTOP) {
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
/* master-worker sockpairs are never closed but don't count as a
* job.
*/
return;
}
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 15:24:27 +00:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
if (!lpr)
HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
if (l->state > LI_INIT) {
CLEANUP: listeners: remove the do_close argument to unbind_listener() And also remove it from its callers. This subtle distinction was added as sort of a hack for the seamless reload feature but is not needed anymore since the do_close turned unused since commit previous commit ("MEDIUM: listener: let do_unbind_listener() decide whether to close or not"). This also removes the unbind_listener_no_close() function.
2020-10-09 13:55:23 +00:00
do_unbind_listener(l);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
if (l->state >= LI_ASSIGNED)
__delete_listener(l);
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (px)
proxy_cond_disable(px);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
}
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
if (!lpr)
HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 15:24:27 +00:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: listeners: add a new stop_listener() function This function will be used to definitely stop a listener (e.g. during a soft_stop). This is actually tricky because it may be called for a proxy or for a protocol, both of which require locks and already hold some. The function takes booleans indicating which ones are already held, hoping this will be enough. It's not well defined wether proto->disable() and proto->rx_disable() are supposed to be called with any lock held, and they are used from do_unbind_listener() with all these locks. Some back annotations ought to be added on this point. The proxy's listeners count is updated, and the proxy is marked as disabled and woken up after the last one is gone. Note that a listener in listen state is already not attached anymore since it was disabled.
2020-10-07 13:58:50 +00:00
}
MINOR: listener: now use a generic add_listener() function With the removal of the family-specific port setting, all protocol had exactly the same implementation of ->add(). A generic one was created with the name "default_add_listener" so that all other ones can now be removed. The API was slightly adjusted so that the protocol and the listener are passed instead of the listener and the port. Note that all protocols continue to provide this ->add() method instead of routinely calling default_add_listener() from create_listeners(). This makes sure that any non-standard protocol will still be able to intercept the listener addition if needed. This could be backported to 2.3 along with the few previous patches on listners as a pure code cleanup.
2020-12-04 14:03:36 +00:00
/* This function adds the specified <listener> to the protocol <proto>. It
* does nothing if the protocol was already added. The listener's state is
* automatically updated from LI_INIT to LI_ASSIGNED. The number of listeners
* for the protocol is updated. This must be called with the proto lock held.
*/
void default_add_listener(struct protocol *proto, struct listener *listener)
{
if (listener->state != LI_INIT)
return;
listener_set_state(listener, LI_ASSIGNED);
listener->rx.proto = proto;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
LIST_APPEND(&proto->receivers, &listener->rx.proto_list);
MINOR: listener: now use a generic add_listener() function With the removal of the family-specific port setting, all protocol had exactly the same implementation of ->add(). A generic one was created with the name "default_add_listener" so that all other ones can now be removed. The API was slightly adjusted so that the protocol and the listener are passed instead of the listener and the port. Note that all protocols continue to provide this ->add() method instead of routinely calling default_add_listener() from create_listeners(). This makes sure that any non-standard protocol will still be able to intercept the listener addition if needed. This could be backported to 2.3 along with the few previous patches on listners as a pure code cleanup.
2020-12-04 14:03:36 +00:00
proto->nb_receivers++;
}
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
/* default function called to suspend a listener: it simply passes the call to
* the underlying receiver. This is find for most socket-based protocols. This
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
* must be called under the listener's lock. It will return < 0 in case of
* failure, 0 if the listener was totally stopped, or > 0 if correctly paused..
* If no receiver-level suspend is provided, the operation is assumed
* to succeed.
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
*/
int default_suspend_listener(struct listener *l)
{
if (!l->rx.proto->rx_suspend)
return 1;
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
return l->rx.proto->rx_suspend(&l->rx);
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
}
/* Tries to resume a suspended listener, and returns non-zero on success or
* zero on failure. On certain errors, an alert or a warning might be displayed.
* It must be called with the listener's lock held. Depending on the listener's
* state and protocol, a listen() call might be used to resume operations, or a
* call to the receiver's resume() function might be used as well. This is
* suitable as a default function for TCP and UDP. This must be called with the
* listener's lock held.
*/
int default_resume_listener(struct listener *l)
{
int ret = 1;
if (l->state == LI_ASSIGNED) {
char msg[100];
BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() Since fc974887c ("MEDIUM: protocol: explicitly start the receiver before the listener"), resume from LI_ASSIGNED state does not work anymore. This is because the binding part has been divided into 2 distinct steps since: first bind(), then listen(). This new logic was properly implemented in startup sequence through protocol_bind_all() but wasn't properly reported in default_resume_listener() function. Fixing default_resume_listener() to comply with the new logic. This should help ABNS sockets to properly rebind in resume_listener() after they have been stopped by pause_listener(): See Redmine:4475 for more context. This commit depends on: - "MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping" - "MINOR: listener: make sure we don't pause/resume bypassed listeners" This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects.
2023-02-07 11:17:20 +00:00
char *errmsg;
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
int err;
BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() Since fc974887c ("MEDIUM: protocol: explicitly start the receiver before the listener"), resume from LI_ASSIGNED state does not work anymore. This is because the binding part has been divided into 2 distinct steps since: first bind(), then listen(). This new logic was properly implemented in startup sequence through protocol_bind_all() but wasn't properly reported in default_resume_listener() function. Fixing default_resume_listener() to comply with the new logic. This should help ABNS sockets to properly rebind in resume_listener() after they have been stopped by pause_listener(): See Redmine:4475 for more context. This commit depends on: - "MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping" - "MINOR: listener: make sure we don't pause/resume bypassed listeners" This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects.
2023-02-07 11:17:20 +00:00
/* first, try to bind the receiver */
err = l->rx.proto->fam->bind(&l->rx, &errmsg);
if (err != ERR_NONE) {
if (err & ERR_WARN)
ha_warning("Resuming listener: %s\n", errmsg);
else if (err & ERR_ALERT)
ha_alert("Resuming listener: %s\n", errmsg);
ha_free(&errmsg);
if (err & (ERR_FATAL | ERR_ABORT)) {
ret = 0;
goto end;
}
}
/* then, try to listen:
* for now there's still always a listening function
* (same check performed in protocol_bind_all()
*/
BUG_ON(!l->rx.proto->listen);
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
err = l->rx.proto->listen(l, msg, sizeof(msg));
if (err & ERR_ALERT)
ha_alert("Resuming listener: %s\n", msg);
else if (err & ERR_WARN)
ha_warning("Resuming listener: %s\n", msg);
if (err & (ERR_FATAL | ERR_ABORT)) {
ret = 0;
goto end;
}
}
if (l->state < LI_PAUSED) {
ret = 0;
goto end;
}
if (l->state == LI_PAUSED && l->rx.proto->rx_resume &&
l->rx.proto->rx_resume(&l->rx) <= 0)
ret = 0;
end:
return ret;
}
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
/* This function tries to temporarily disable a listener, depending on the OS
* capabilities. Linux unbinds the listen socket after a SHUT_RD, and ignores
* SHUT_WR. Solaris refuses either shutdown(). OpenBSD ignores SHUT_RD but
* closes upon SHUT_WR and refuses to rebind. So a common validation path
* involves SHUT_WR && listen && SHUT_RD. In case of success, the FD's polling
* is disabled. It normally returns non-zero, unless an error is reported.
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
* suspend() may totally stop a listener if it doesn't support the PAUSED
* state, in which case state will be set to ASSIGNED.
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
* It will need to operate under the proxy's lock and the listener's lock.
* The caller is responsible for indicating in lpx, lli whether the respective
* locks are already held (non-zero) or not (zero) so that the function pick
* the missing ones, in this order.
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
*/
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
int suspend_listener(struct listener *l, int lpx, int lli)
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
{
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
struct proxy *px = l->bind_conf->frontend;
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
int ret = 1;
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
MINOR: listener: make sure we don't pause/resume bypassed listeners Some listeners are kept in LI_ASSIGNED state but are not supposed to be started since they were bypassed on initial startup (eg: in protocol_bind_all() or in enable_listener()...) Introduce the LI_F_FINALIZED flag: when the variable is non zero it means that the listener made it past the LI_LISTEN state (finalized) at least once so we can safely pause / resume. This way we won't risk starting a previously bypassed listener which never made it that far and thus was not expected to be lazy-started by accident. As listener_pause() and listener_resume() are currently partially broken, such unexpected lazy-start won't happen. But we're trying to restore pause() and resume() behavior so this patch will be required before going any further. We had to re-introduce listeners 'flags' struct member since it was recently moved into bind_conf struct. But here we do have a legitimate need for these listener-only flags. This should only be backported if explicitly required by another commit. -- Backport notes: -> 2.4 and 2.5: The 2-bytes hole we're using in the current patch does not apply, let's use the 4-byte hole located under the 'option' field. Replace this: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ By this: |@@ -209,6 +209,8 @@ struct listener { | short int nice; /* nice value to assign to the instantiated tasks */ | int luid; /* listener universally unique ID, used for SNMP */ | int options; /* socket options : LI_O_* */ |+ uint16_t flags; /* listener flags: LI_F_* */ |+ /* 2-bytes hole here */ | __decl_thread(HA_RWLOCK_T lock); | | struct fe_counters *counters; /* statistics counters */ -> 2.4 only: We need to adjust some contextual lines. Replace this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | if (!lli) | HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) By this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) And this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | if (MT_LIST_INLIST(&l->wait_queue)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) By this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) -> 2.6 and 2.7 only: struct listener 'flags' member still exists, let's use it. Remove this from the current patch: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ Then, replace this: |@@ -251,6 +250,9 @@ struct listener { | EXTRA_COUNTERS(extra_counters); | }; | |+/* listener flags (16 bits) */ |+#define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+ | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The | * function pointer can be NULL if not implemented. The function also has an By this: |@@ -221,6 +221,7 @@ struct li_per_thread { | }; | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ |+#define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-14 07:51:14 +00:00
if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED)
MINOR: listeners: check the current listener state in pause_listener() It's better not to try to perform pause() actions on wrong states, so let's check this and make sure that all callers are now safe. This means that we must not try to pause a listener which is already paused (e.g. it could possibly fail if the pause operation isn't idempotent at the socket level), nor should we try it on earlier states.
2020-09-24 12:46:34 +00:00
goto end;
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
if (l->rx.proto->suspend) {
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
ret = l->rx.proto->suspend(l);
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
/* if the suspend() fails, we don't want to change the
* current listener state
*/
if (ret < 0)
goto end;
}
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
MT_LIST_DELETE(&l->wait_queue);
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
/* ret == 0 means that the suspend() has been turned into
* an unbind(), meaning the listener is now stopped (ie: ABNS), we need
* to report this state change properly
*/
listener_set_state(l, ((ret) ? LI_PAUSED : LI_ASSIGNED));
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
if (px && !(l->flags & LI_F_SUSPENDED))
px->li_suspended++;
l->flags |= LI_F_SUSPENDED;
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling Legacy suspend() return value handling in pause_listener() has been altered over the time. First with fb76bd5ca ("BUG/MEDIUM: listeners: correctly report pause() errors") Then with e03204c8e ("MEDIUM: listeners: implement protocol level ->suspend/resume() calls") We aim to restore original function behavior and comply with resume_listener() function description. This is required for resume_listener() and pause_listener() to work as a whole Now, it is made explicit that pause_listener() may stop a listener if the listener doesn't support the LI_PAUSED state (depending on the protocol family, ie: ABNS sockets), in this case l->state will be set to LI_ASSIGNED and this won't be considered as an error. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4: manual change required because "MINOR: proxy/listener: support for additional PAUSED state" was not backported: the contextual patch lines don't match. Replace this: | if (px && !px->li_ready) { | /* PROXY_LOCK is required */ By this: | if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
2023-02-07 10:23:38 +00:00
/* at this point, everything is under control, no error should be
* returned to calling function
*/
ret = 1;
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume In 58651b42f ("MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume") we introduced the logic for pause/resume notify using li_ready for pause and li_paused for resume. Unfortunately, relying on li_paused for resume doesn't work reliably if we resume a listener which is only made of receivers that are completely stopped. For example, this could happen with receivers that don't support the LI_PAUSED state like ABNS sockets. This is especially true since pause_listener() was renamed to suspend_listener() to better reflect its actual behavior in ("MINOR: listener: pause_listener() becomes suspend_listener()) To fix this, we now rely on the li_suspended state in resume_listener() to make sure that suspend_listener() and resume_listener() notify messages are consistent to each other: "Proxy pause" is triggered when there are no more ready listeners. "Proxy resume" is triggered when there are no more suspended listeners. Also, we make use of the new PR_FL_PAUSED proxy flag to make sure we don't report the same event twice. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: pause_listener() becomes suspend_listener()" -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: |+ if (px && !(px->flags & PR_FL_PAUSED) && !px->li_ready) { | /* PROXY_LOCK is required */ | proxy_cond_pause(px); | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id); By this: |+ if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Paused %s %s.\n", proxy_cap_str(px->cap), px->id); | } And this: |+ if (px && (px->flags & PR_FL_PAUSED) && !px->li_suspended) { | /* PROXY_LOCK is required */ | proxy_cond_resume(px); | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); By this: |+ if (px && !px->li_suspended) { | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | }
2023-02-07 11:36:27 +00:00
if (px && !(px->flags & PR_FL_PAUSED) && !px->li_ready) {
MINOR: proxy/listener: support for additional PAUSED state This patch is a prerequisite for #1626. Adding PAUSED state to the list of available proxy states. The flag is set when the proxy is paused at runtime (pause_listener()). It is cleared when the proxy is resumed (resume_listener()). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:51:37 +00:00
/* PROXY_LOCK is required */
proxy_cond_pause(px);
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
send_log(px, LOG_WARNING, "Paused %s %s.\n", proxy_cap_str(px->cap), px->id);
}
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
end:
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
return ret;
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
}
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
/* This function tries to resume a temporarily disabled listener. Paused, full,
* limited and disabled listeners are handled, which means that this function
* may replace enable_listener(). The resulting state will either be LI_READY
* or LI_FULL. 0 is returned in case of failure to resume (eg: dead socket).
MAJOR: listener: only start listeners bound to the same processes Now that we know what processes a "bind" statement is attached to, we have the ability to avoid starting some of them when they're not on the proper process. This feature is disabled when running in foreground however, so that debug mode continues to work with everything bound to the first and only process. The main purpose of this change is to finally allow the global stats sockets to be each bound to a different process. It can also be used to force haproxy to use different sockets in different processes for the same IP:port. The purpose is that under Linux 3.9 and above (and possibly other OSes), when multiple processes are bound to the same IP:port via different sockets, the system is capable of performing a perfect round-robin between the socket queues instead of letting any process pick all the connections from a queue. This results in a smoother load balancing and may achieve a higher performance with a large enough maxaccept setting.
2014-05-07 17:22:24 +00:00
* Listeners bound to a different process are not woken up unless we're in
BUG/MEDIUM: listener: don't report an error when resuming unbound listeners Pavlos Parissis reported that a sequence of disable/enable on a frontend performed on the CLI can result in an error if the frontend has several "bind" lines each bound to different processes. This is because the resume_listener() function returns a failure for frontends not part of the current process instead of returning a success to pretend there was no failure. This fix should be backported to 1.5.
2015-04-14 10:07:16 +00:00
* foreground mode, and are ignored. If the listener was only in the assigned
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
* state, it's totally rebound. This can happen if a suspend() has completely
BUG/MEDIUM: listener: don't report an error when resuming unbound listeners Pavlos Parissis reported that a sequence of disable/enable on a frontend performed on the CLI can result in an error if the frontend has several "bind" lines each bound to different processes. This is because the resume_listener() function returns a failure for frontends not part of the current process instead of returning a success to pretend there was no failure. This fix should be backported to 1.5.
2015-04-14 10:07:16 +00:00
* stopped it. If the resume fails, 0 is returned and an error might be
* displayed.
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
* It will need to operate under the proxy's lock and the listener's lock.
* The caller is responsible for indicating in lpx, lli whether the respective
* locks are already held (non-zero) or not (zero) so that the function pick
* the missing ones, in this order.
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
*/
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
int resume_listener(struct listener *l, int lpx, int lli)
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
{
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
struct proxy *px = l->bind_conf->frontend;
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
int ret = 1;
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
BUG/MAJOR: listener: fix thread safety in resume_listener() resume_listener() can be called from a thread not part of the listener's mask after a curr_conn has gone lower than a proxy's or the process' limit. This results in fd_may_recv() being called unlocked if the listener is bound to only one thread, and quickly locks up. This patch solves this by creating a per-thread work_list dedicated to listeners, and modifying resume_listener() so that it bounces the listener to one of its owning thread's work_list and waking it up. This thread will then call resume_listener() again and will perform the operation on the file descriptor itself. It is important to do it this way so that the listener's state cannot be modified while the listener is being moved, otherwise multiple threads can take conflicting decisions and the listener could be put back into the global queue if the listener was used at the same time. It seems like a slightly simpler approach would be possible if the locked list API would provide the ability to return a locked element. In this case the listener would be immediately requeued in dequeue_all_listeners() without having to go through resume_listener() with its associated lock. This fix must be backported to all versions having the lock-less accept loop, which is as far as 1.8 since deadlock fixes involving this feature had to be backported there. It is expected that the code should not differ too much there. However, previous commit "MINOR: task: introduce work lists" will be needed as well and should not present difficulties either. For 1.8, the commits introducing thread_mask() and LIST_ADDED() will be needed as well, either backporting my_flsl() or switching to my_ffsl() will be OK, and some changes will have to be performed so that the init function is properly called (and maybe the deinit one can be dropped). In order to test for the fix, simply set up a multi-threaded frontend with multiple bind lines each attached to a single thread (reproduced with 16 threads here), set up a very low maxconn value on the frontend, and inject heavy traffic on all listeners in parallel with slightly more connections than the configured limit ( typically +20%) so that it flips very frequently. If the bug is still there, at some point (5-20 seconds) the traffic will go much lower or even stop, either with spinning threads or not.
2019-07-11 08:08:31 +00:00
/* check that another thread didn't to the job in parallel (e.g. at the
* end of listen_accept() while we'd come from dequeue_all_listeners().
*/
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
if (MT_LIST_INLIST(&l->wait_queue))
BUG/MAJOR: listener: fix thread safety in resume_listener() resume_listener() can be called from a thread not part of the listener's mask after a curr_conn has gone lower than a proxy's or the process' limit. This results in fd_may_recv() being called unlocked if the listener is bound to only one thread, and quickly locks up. This patch solves this by creating a per-thread work_list dedicated to listeners, and modifying resume_listener() so that it bounces the listener to one of its owning thread's work_list and waking it up. This thread will then call resume_listener() again and will perform the operation on the file descriptor itself. It is important to do it this way so that the listener's state cannot be modified while the listener is being moved, otherwise multiple threads can take conflicting decisions and the listener could be put back into the global queue if the listener was used at the same time. It seems like a slightly simpler approach would be possible if the locked list API would provide the ability to return a locked element. In this case the listener would be immediately requeued in dequeue_all_listeners() without having to go through resume_listener() with its associated lock. This fix must be backported to all versions having the lock-less accept loop, which is as far as 1.8 since deadlock fixes involving this feature had to be backported there. It is expected that the code should not differ too much there. However, previous commit "MINOR: task: introduce work lists" will be needed as well and should not present difficulties either. For 1.8, the commits introducing thread_mask() and LIST_ADDED() will be needed as well, either backporting my_flsl() or switching to my_ffsl() will be OK, and some changes will have to be performed so that the init function is properly called (and maybe the deinit one can be dropped). In order to test for the fix, simply set up a multi-threaded frontend with multiple bind lines each attached to a single thread (reproduced with 16 threads here), set up a very low maxconn value on the frontend, and inject heavy traffic on all listeners in parallel with slightly more connections than the configured limit ( typically +20%) so that it flips very frequently. If the bug is still there, at some point (5-20 seconds) the traffic will go much lower or even stop, either with spinning threads or not.
2019-07-11 08:08:31 +00:00
goto end;
MINOR: listener: make sure we don't pause/resume bypassed listeners Some listeners are kept in LI_ASSIGNED state but are not supposed to be started since they were bypassed on initial startup (eg: in protocol_bind_all() or in enable_listener()...) Introduce the LI_F_FINALIZED flag: when the variable is non zero it means that the listener made it past the LI_LISTEN state (finalized) at least once so we can safely pause / resume. This way we won't risk starting a previously bypassed listener which never made it that far and thus was not expected to be lazy-started by accident. As listener_pause() and listener_resume() are currently partially broken, such unexpected lazy-start won't happen. But we're trying to restore pause() and resume() behavior so this patch will be required before going any further. We had to re-introduce listeners 'flags' struct member since it was recently moved into bind_conf struct. But here we do have a legitimate need for these listener-only flags. This should only be backported if explicitly required by another commit. -- Backport notes: -> 2.4 and 2.5: The 2-bytes hole we're using in the current patch does not apply, let's use the 4-byte hole located under the 'option' field. Replace this: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ By this: |@@ -209,6 +209,8 @@ struct listener { | short int nice; /* nice value to assign to the instantiated tasks */ | int luid; /* listener universally unique ID, used for SNMP */ | int options; /* socket options : LI_O_* */ |+ uint16_t flags; /* listener flags: LI_F_* */ |+ /* 2-bytes hole here */ | __decl_thread(HA_RWLOCK_T lock); | | struct fe_counters *counters; /* statistics counters */ -> 2.4 only: We need to adjust some contextual lines. Replace this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | if (!lli) | HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) By this: |@@ -477,7 +478,7 @@ int pause_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state <= LI_PAUSED) |+ if (!(l->flags & LI_F_FINALIZED) || l->state <= LI_PAUSED) | goto end; | | if (l->rx.proto->suspend) And this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | if (MT_LIST_INLIST(&l->wait_queue)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) By this: |@@ -535,7 +536,7 @@ int resume_listener(struct listener *l, int lpx, int lli) | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) | goto end; | |- if (l->state == LI_READY) |+ if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY) | goto end; | | if (l->rx.proto->resume) -> 2.6 and 2.7 only: struct listener 'flags' member still exists, let's use it. Remove this from the current patch: |@@ -226,7 +226,8 @@ struct li_per_thread { | struct listener { | enum obj_type obj_type; /* object type = OBJ_TYPE_LISTENER */ | enum li_state state; /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */ |- /* 2-byte hole here */ |+ uint16_t flags; /* listener flags: LI_F_* */ | int luid; /* listener universally unique ID, used for SNMP */ | int nbconn; /* current number of connections on this listener */ | unsigned int thr_idx; /* thread indexes for queue distribution : (t2<<16)+t1 */ Then, replace this: |@@ -251,6 +250,9 @@ struct listener { | EXTRA_COUNTERS(extra_counters); | }; | |+/* listener flags (16 bits) */ |+#define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+ | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The | * function pointer can be NULL if not implemented. The function also has an By this: |@@ -221,6 +221,7 @@ struct li_per_thread { | }; | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ |+#define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-14 07:51:14 +00:00
if (!(l->flags & LI_F_FINALIZED) || l->state == LI_READY)
MINOR: listeners: check the current listener earlier state in resume_listener() It's quite confusing to have the test on LI_READY very low in the function as it should be made much earlier. Just like with previous commit, let's do it when entering. The additional states, however (limited, full) continue to go through the whole function.
2020-09-24 16:54:11 +00:00
goto end;
BUG/MINOR: listener: fix resume_listener() resume return value handling In resume_listener(), proto->resume() errors were not properly handled: the function kept flowing down as if no errors were detected. Instead, we're performing an early return when such errors are detected to prevent undefined behaviors. This could be backported up to 2.4. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4 ... 2.7: Replace this: | if (l->bind_conf->maxconn && l->nbconn >= l->bind_conf->maxconn) { | l->rx.proto->disable(l); By this: | if (l->maxconn && l->nbconn >= l->maxconn) { | l->rx.proto->disable(l);
2023-02-07 12:26:14 +00:00
if (l->rx.proto->resume) {
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 15:02:21 +00:00
ret = l->rx.proto->resume(l);
BUG/MINOR: listener: fix resume_listener() resume return value handling In resume_listener(), proto->resume() errors were not properly handled: the function kept flowing down as if no errors were detected. Instead, we're performing an early return when such errors are detected to prevent undefined behaviors. This could be backported up to 2.4. -- Backport notes: This commit depends on: - "MINOR: listener: make sure we don't pause/resume bypassed listeners" -> 2.4 ... 2.7: Replace this: | if (l->bind_conf->maxconn && l->nbconn >= l->bind_conf->maxconn) { | l->rx.proto->disable(l); By this: | if (l->maxconn && l->nbconn >= l->maxconn) { | l->rx.proto->disable(l);
2023-02-07 12:26:14 +00:00
if (!ret)
goto end; /* failure to resume */
}
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
if (l->bind_conf->maxconn && l->nbconn >= l->bind_conf->maxconn) {
MEDIUM: listeners: now use the listener's ->enable/disable At each place we used to manipulate the FDs directly we can now call the listener protocol's enable/disable/rx_enable/rx_disable depending on whether the state changes on the listener or the receiver. One exception currently remains in listener_accept() which is a bit special and which should be split into 2 or 3 parts in the various protocol layers. The test of fd_updt in do_unbind_listener() that was added by commit a51885621 ("BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.") could finally be removed since that part is correctly handled in the low-level disable() function. One disable() was added in resume_listener() before switching to LI_FULL because rx_resume() enables polling on the FD for the receiver while we want to disable it if the listener is full. There are different ways to clean this up in the future. One of them could be to consider that TCP receivers only act at the listener level. But in fact it does not translate reality. The reality is that only the receiver is paused and that the listener's state ought not be affected here. Ultimately the resume_listener() function should be split so that the part controlled by the protocols only acts on the receiver, and that the receiver itself notifies the upper listener about the change so that the listener protocol may decide to disable or enable polling. Conversely the listener should automatically update its receiver when they share the same state. Since there is no harm proceeding like this, let's keep this for now.
2020-09-25 18:32:28 +00:00
l->rx.proto->disable(l);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(l, LI_FULL);
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
goto done;
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 16:28:10 +00:00
}
MEDIUM: listeners: now use the listener's ->enable/disable At each place we used to manipulate the FDs directly we can now call the listener protocol's enable/disable/rx_enable/rx_disable depending on whether the state changes on the listener or the receiver. One exception currently remains in listener_accept() which is a bit special and which should be split into 2 or 3 parts in the various protocol layers. The test of fd_updt in do_unbind_listener() that was added by commit a51885621 ("BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.") could finally be removed since that part is correctly handled in the low-level disable() function. One disable() was added in resume_listener() before switching to LI_FULL because rx_resume() enables polling on the FD for the receiver while we want to disable it if the listener is full. There are different ways to clean this up in the future. One of them could be to consider that TCP receivers only act at the listener level. But in fact it does not translate reality. The reality is that only the receiver is paused and that the listener's state ought not be affected here. Ultimately the resume_listener() function should be split so that the part controlled by the protocols only acts on the receiver, and that the receiver itself notifies the upper listener about the change so that the listener protocol may decide to disable or enable polling. Conversely the listener should automatically update its receiver when they share the same state. Since there is no harm proceeding like this, let's keep this for now.
2020-09-25 18:32:28 +00:00
l->rx.proto->enable(l);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(l, LI_READY);
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
done:
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
if (px && (l->flags & LI_F_SUSPENDED))
px->li_suspended--;
l->flags &= ~LI_F_SUSPENDED;
BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume In 58651b42f ("MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume") we introduced the logic for pause/resume notify using li_ready for pause and li_paused for resume. Unfortunately, relying on li_paused for resume doesn't work reliably if we resume a listener which is only made of receivers that are completely stopped. For example, this could happen with receivers that don't support the LI_PAUSED state like ABNS sockets. This is especially true since pause_listener() was renamed to suspend_listener() to better reflect its actual behavior in ("MINOR: listener: pause_listener() becomes suspend_listener()) To fix this, we now rely on the li_suspended state in resume_listener() to make sure that suspend_listener() and resume_listener() notify messages are consistent to each other: "Proxy pause" is triggered when there are no more ready listeners. "Proxy resume" is triggered when there are no more suspended listeners. Also, we make use of the new PR_FL_PAUSED proxy flag to make sure we don't report the same event twice. This could be backported up to 2.4 after a reasonable observation period to make sure that this change doesn't cause unwanted side-effects. -- Backport notes: This commit depends on: - "MINOR: listener: pause_listener() becomes suspend_listener()" -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: |+ if (px && !(px->flags & PR_FL_PAUSED) && !px->li_ready) { | /* PROXY_LOCK is required */ | proxy_cond_pause(px); | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id); By this: |+ if (px && !px->li_ready) { | ha_warning("Paused %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Paused %s %s.\n", proxy_cap_str(px->cap), px->id); | } And this: |+ if (px && (px->flags & PR_FL_PAUSED) && !px->li_suspended) { | /* PROXY_LOCK is required */ | proxy_cond_resume(px); | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); By this: |+ if (px && !px->li_suspended) { | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | }
2023-02-07 11:36:27 +00:00
if (px && (px->flags & PR_FL_PAUSED) && !px->li_suspended) {
MINOR: proxy/listener: support for additional PAUSED state This patch is a prerequisite for #1626. Adding PAUSED state to the list of available proxy states. The flag is set when the proxy is paused at runtime (pause_listener()). It is cleared when the proxy is resumed (resume_listener()). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:51:37 +00:00
/* PROXY_LOCK is required */
proxy_cond_resume(px);
MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume Till now, we used to call pause_proxy()/resume_proxy() to enable/disable processing on a proxy, which is used during soft reloads. But since we want to drive this process from the listeners themselves, we have to instead proceed the other way around so that when we enable/disable a listener, it checks if it changed anything for the proxy and notifies about updates at this level. The detection is made using li_ready=0 for pause(), and li_paused=0 for resume(). Note that we must not include any test for li_bound because this state is seen by processes which share the listener with another one and which must not act on it since the other process will do it. As such the socket behind the FD will automatically be paused and resume without its local state changing, but this is the limit of a multi-process system with shared listeners.
2020-09-24 14:03:29 +00:00
ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id);
send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id);
}
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
end:
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 16:06:03 +00:00
if (!lli)
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (!lpx && px)
MINOR: listener: small API change A minor API change was performed in listener(.c/.h) to restore consistency between stop_listener() and (resume/pause)_listener() functions. LISTENER_LOCK was never locked prior to calling stop_listener(): lli variable hint is thus not useful anymore. Added PROXY_LOCK locking in (resume/pause)_listener() functions with related lpx variable hint (prerequisite for #1626). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 13:32:57 +00:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
return ret;
}
MINOR: listener: add relax_listener() function There is a need for a small difference between resuming and relaxing a listener. When resuming, we expect that the listener may completely resume, this includes unpausing or rebinding if required. Resuming a listener is a best-effort operation: no matter the current state, try our best to bring the listener up to the LI_READY state. There are some cases where we only want to "relax" listeners that were previously restricted using limit_listener() or listener_full() functions. Here we don't want to ressucitate listeners, we're simply interested in cancelling out the previous restriction. To this day, listener_resume() on a unbound listener is broken, that's why the need for this wasn't felt yet. But we're trying to restore historical listener_resume() behavior, so we better prepare for this by introducing an explicit relax_listener() function that only does what is expected in such cases. This commit depends on: - "MINOR: listener/api: add lli hint to listener functions"
2023-02-15 08:30:54 +00:00
/* Same as resume_listener(), but will only work to resume from
* LI_FULL or LI_LIMITED states because we try to relax listeners that
* were temporarily restricted and not to resume inactive listeners that
* may have been paused or completely stopped in the meantime.
* Returns positive value for success and 0 for failure.
* It will need to operate under the proxy's lock and the listener's lock.
* The caller is responsible for indicating in lpx, lli whether the respective
* locks are already held (non-zero) or not (zero) so that the function pick
* the missing ones, in this order.
*/
int relax_listener(struct listener *l, int lpx, int lli)
{
BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary Listener functions must follow a common locking pattern: 1. Get the proxy's lock if necessary 2. Get the protocol's lock if necessary 3. Get the listener's lock if necessary We must take care to respect this order to avoid any ABBA issue. However, an issue was introduced in the commit bcad7e631 ("MINOR: listener: add relax_listener() function"). relax_listener() gets the lisener's lock and if resume_listener() is called, the proxy's lock is then acquired. So to fix the issue, the proxy's lock is first acquired in relax_listener(), if necessary. This patch should fix the issue #2222. It must be backported as far as 2.4 because the above commit is marked to be backported there.
2023-07-20 12:53:50 +00:00
struct proxy *px = l->bind_conf->frontend;
MINOR: listener: add relax_listener() function There is a need for a small difference between resuming and relaxing a listener. When resuming, we expect that the listener may completely resume, this includes unpausing or rebinding if required. Resuming a listener is a best-effort operation: no matter the current state, try our best to bring the listener up to the LI_READY state. There are some cases where we only want to "relax" listeners that were previously restricted using limit_listener() or listener_full() functions. Here we don't want to ressucitate listeners, we're simply interested in cancelling out the previous restriction. To this day, listener_resume() on a unbound listener is broken, that's why the need for this wasn't felt yet. But we're trying to restore historical listener_resume() behavior, so we better prepare for this by introducing an explicit relax_listener() function that only does what is expected in such cases. This commit depends on: - "MINOR: listener/api: add lli hint to listener functions"
2023-02-15 08:30:54 +00:00
int ret = 1;
BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary Listener functions must follow a common locking pattern: 1. Get the proxy's lock if necessary 2. Get the protocol's lock if necessary 3. Get the listener's lock if necessary We must take care to respect this order to avoid any ABBA issue. However, an issue was introduced in the commit bcad7e631 ("MINOR: listener: add relax_listener() function"). relax_listener() gets the lisener's lock and if resume_listener() is called, the proxy's lock is then acquired. So to fix the issue, the proxy's lock is first acquired in relax_listener(), if necessary. This patch should fix the issue #2222. It must be backported as far as 2.4 because the above commit is marked to be backported there.
2023-07-20 12:53:50 +00:00
if (!lpx && px)
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: listener: add relax_listener() function There is a need for a small difference between resuming and relaxing a listener. When resuming, we expect that the listener may completely resume, this includes unpausing or rebinding if required. Resuming a listener is a best-effort operation: no matter the current state, try our best to bring the listener up to the LI_READY state. There are some cases where we only want to "relax" listeners that were previously restricted using limit_listener() or listener_full() functions. Here we don't want to ressucitate listeners, we're simply interested in cancelling out the previous restriction. To this day, listener_resume() on a unbound listener is broken, that's why the need for this wasn't felt yet. But we're trying to restore historical listener_resume() behavior, so we better prepare for this by introducing an explicit relax_listener() function that only does what is expected in such cases. This commit depends on: - "MINOR: listener/api: add lli hint to listener functions"
2023-02-15 08:30:54 +00:00
if (!lli)
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
if (l->state != LI_FULL && l->state != LI_LIMITED)
goto end; /* listener may be suspended or even stopped */
BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary Listener functions must follow a common locking pattern: 1. Get the proxy's lock if necessary 2. Get the protocol's lock if necessary 3. Get the listener's lock if necessary We must take care to respect this order to avoid any ABBA issue. However, an issue was introduced in the commit bcad7e631 ("MINOR: listener: add relax_listener() function"). relax_listener() gets the lisener's lock and if resume_listener() is called, the proxy's lock is then acquired. So to fix the issue, the proxy's lock is first acquired in relax_listener(), if necessary. This patch should fix the issue #2222. It must be backported as far as 2.4 because the above commit is marked to be backported there.
2023-07-20 12:53:50 +00:00
ret = resume_listener(l, 1, 1);
MINOR: listener: add relax_listener() function There is a need for a small difference between resuming and relaxing a listener. When resuming, we expect that the listener may completely resume, this includes unpausing or rebinding if required. Resuming a listener is a best-effort operation: no matter the current state, try our best to bring the listener up to the LI_READY state. There are some cases where we only want to "relax" listeners that were previously restricted using limit_listener() or listener_full() functions. Here we don't want to ressucitate listeners, we're simply interested in cancelling out the previous restriction. To this day, listener_resume() on a unbound listener is broken, that's why the need for this wasn't felt yet. But we're trying to restore historical listener_resume() behavior, so we better prepare for this by introducing an explicit relax_listener() function that only does what is expected in such cases. This commit depends on: - "MINOR: listener/api: add lli hint to listener functions"
2023-02-15 08:30:54 +00:00
end:
if (!lli)
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary Listener functions must follow a common locking pattern: 1. Get the proxy's lock if necessary 2. Get the protocol's lock if necessary 3. Get the listener's lock if necessary We must take care to respect this order to avoid any ABBA issue. However, an issue was introduced in the commit bcad7e631 ("MINOR: listener: add relax_listener() function"). relax_listener() gets the lisener's lock and if resume_listener() is called, the proxy's lock is then acquired. So to fix the issue, the proxy's lock is first acquired in relax_listener(), if necessary. This patch should fix the issue #2222. It must be backported as far as 2.4 because the above commit is marked to be backported there.
2023-07-20 12:53:50 +00:00
if (!lpx && px)
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: listener: add relax_listener() function There is a need for a small difference between resuming and relaxing a listener. When resuming, we expect that the listener may completely resume, this includes unpausing or rebinding if required. Resuming a listener is a best-effort operation: no matter the current state, try our best to bring the listener up to the LI_READY state. There are some cases where we only want to "relax" listeners that were previously restricted using limit_listener() or listener_full() functions. Here we don't want to ressucitate listeners, we're simply interested in cancelling out the previous restriction. To this day, listener_resume() on a unbound listener is broken, that's why the need for this wasn't felt yet. But we're trying to restore historical listener_resume() behavior, so we better prepare for this by introducing an explicit relax_listener() function that only does what is expected in such cases. This commit depends on: - "MINOR: listener/api: add lli hint to listener functions"
2023-02-15 08:30:54 +00:00
return ret;
}
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 22:22:06 +00:00
/* Marks a ready listener as full so that the stream code tries to re-enable
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 16:19:58 +00:00
* it upon next close() using relax_listener().
[MINOR] listeners: add listen_full() to mark a listener full This is just a cleanup which removes calls to EV_FD_CLR() and state setting everywhere in the code.
2011-07-24 17:23:38 +00:00
*/
MINOR: listeners: Change listener_full and limit_listener into private functions These functions are only used in listener_accept. So there is no need to export them.
2017-08-28 13:29:20 +00:00
static void listener_full(struct listener *l)
[MINOR] listeners: add listen_full() to mark a listener full This is just a cleanup which removes calls to EV_FD_CLR() and state setting everywhere in the code.
2011-07-24 17:23:38 +00:00
{
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
[MINOR] listeners: add listen_full() to mark a listener full This is just a cleanup which removes calls to EV_FD_CLR() and state setting everywhere in the code.
2011-07-24 17:23:38 +00:00
if (l->state >= LI_READY) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
MT_LIST_DELETE(&l->wait_queue);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
if (l->state != LI_FULL) {
MEDIUM: listeners: now use the listener's ->enable/disable At each place we used to manipulate the FDs directly we can now call the listener protocol's enable/disable/rx_enable/rx_disable depending on whether the state changes on the listener or the receiver. One exception currently remains in listener_accept() which is a bit special and which should be split into 2 or 3 parts in the various protocol layers. The test of fd_updt in do_unbind_listener() that was added by commit a51885621 ("BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.") could finally be removed since that part is correctly handled in the low-level disable() function. One disable() was added in resume_listener() before switching to LI_FULL because rx_resume() enables polling on the FD for the receiver while we want to disable it if the listener is full. There are different ways to clean this up in the future. One of them could be to consider that TCP receivers only act at the listener level. But in fact it does not translate reality. The reality is that only the receiver is paused and that the listener's state ought not be affected here. Ultimately the resume_listener() function should be split so that the part controlled by the protocols only acts on the receiver, and that the receiver itself notifies the upper listener about the change so that the listener protocol may decide to disable or enable polling. Conversely the listener should automatically update its receiver when they share the same state. Since there is no harm proceeding like this, let's keep this for now.
2020-09-25 18:32:28 +00:00
l->rx.proto->disable(l);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(l, LI_FULL);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
}
[MINOR] listeners: add listen_full() to mark a listener full This is just a cleanup which removes calls to EV_FD_CLR() and state setting everywhere in the code.
2011-07-24 17:23:38 +00:00
}
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
[MINOR] listeners: add listen_full() to mark a listener full This is just a cleanup which removes calls to EV_FD_CLR() and state setting everywhere in the code.
2011-07-24 17:23:38 +00:00
}
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
/* Marks a ready listener as limited so that we only try to re-enable it when
* resources are free again. It will be queued into the specified queue.
*/
MEDIUM: list: Separate "locked" list from regular list. Instead of using the same type for regular linked lists and "autolocked" linked lists, use a separate type, "struct mt_list", for the autolocked one, and introduce a set of macros, similar to the LIST_* macros, with the MT_ prefix. When we use the same entry for both regular list and autolocked list, as is done for the "list" field in struct connection, we know have to explicitely cast it to struct mt_list when using MT_ macros.
2019-08-08 13:47:21 +00:00
static void limit_listener(struct listener *l, struct mt_list *list)
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
{
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock);
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
if (l->state == LI_READY) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
MT_LIST_TRY_APPEND(list, &l->wait_queue);
MEDIUM: listeners: now use the listener's ->enable/disable At each place we used to manipulate the FDs directly we can now call the listener protocol's enable/disable/rx_enable/rx_disable depending on whether the state changes on the listener or the receiver. One exception currently remains in listener_accept() which is a bit special and which should be split into 2 or 3 parts in the various protocol layers. The test of fd_updt in do_unbind_listener() that was added by commit a51885621 ("BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.") could finally be removed since that part is correctly handled in the low-level disable() function. One disable() was added in resume_listener() before switching to LI_FULL because rx_resume() enables polling on the FD for the receiver while we want to disable it if the listener is full. There are different ways to clean this up in the future. One of them could be to consider that TCP receivers only act at the listener level. But in fact it does not translate reality. The reality is that only the receiver is paused and that the listener's state ought not be affected here. Ultimately the resume_listener() function should be split so that the part controlled by the protocols only acts on the receiver, and that the receiver itself notifies the upper listener about the change so that the listener protocol may decide to disable or enable polling. Conversely the listener should automatically update its receiver when they share the same state. Since there is no harm proceeding like this, let's keep this for now.
2020-09-25 18:32:28 +00:00
l->rx.proto->disable(l);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(l, LI_LIMITED);
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
}
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &l->lock);
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
}
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
/* Dequeues all listeners waiting for a resource the global wait queue */
void dequeue_all_listeners()
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
{
BUG/MEDIUM: listener: use a self-locked list for the dequeue lists There is a very difficult to reproduce race in the listener's accept code, which is much easier to reproduce once connection limits are properly enforced. It's an ABBA lock issue : - the following functions take l->lock then lq_lock : disable_listener, pause_listener, listener_full, limit_listener, do_unbind_listener - the following ones take lq_lock then l->lock : resume_listener, dequeue_all_listener This is because __resume_listener() only takes the listener's lock and expects to be called with lq_lock held. The problem can easily happen when listener_full() and limit_listener() are called a lot while in parallel another thread releases sessions for the same listener using listener_release() which in turn calls resume_listener(). This scenario is more prevalent in 2.0-dev since the removal of the accept lock in listener_accept(). However in 1.9 and before, a different but extremely unlikely scenario can happen : thread1 thread2 ............................ enter listener_accept() limit_listener() ............................ long pause before taking the lock session_free() dequeue_all_listeners() lock(lq_lock) [1] ............................ try_lock(l->lock) [2] __resume_listener() spin_lock(l->lock) =>WAIT[2] ............................ accept() l->accept() nbconn==maxconn => listener_full() state==LI_LIMITED => lock(lq_lock) =>DEADLOCK[1]! In practice it is almost impossible to trigger it because it requires to limit both on the listener's maxconn and the frontend's rate limit, at the same time, and to release the listener when the connection rate goes below the limit between poll() returns the FD and the lock is taken (a few nanoseconds). But maybe with threads competing on the same core it has more chances to appear. This patch removes the lq_lock and replaces it with a lockless queue for the listener's wait queue (well, technically speaking a self-locked queue) brought by commit a8434ec14 ("MINOR: lists: Implement locked variations.") and its few subsequent fixes. This relieves us from the need of the lq_lock and removes the deadlock. It also gets rid of the distinction between __resume_listener() and resume_listener() since the only difference was the lq_lock. All listener removals from the list are now unconditional to avoid races on the state. It's worth noting that the list used to never be initialized and that it used to work only thanks to the state tests, so the initialization has now been added. This patch must carefully be backported to 1.9 and very likely 1.8. It is mandatory to be careful about replacing all manipulations of l->wait_queue, global.listener_queue and p->listener_queue.
2019-02-28 09:27:18 +00:00
struct listener *listener;
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
while ((listener = MT_LIST_POP(&global_listener_queue, struct listener *, wait_queue))) {
/* This cannot fail because the listeners are by definition in
* the LI_LIMITED state.
*/
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 16:19:58 +00:00
relax_listener(listener, 0, 0);
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
}
}
/* Dequeues all listeners waiting for a resource in proxy <px>'s queue */
void dequeue_proxy_listeners(struct proxy *px)
{
struct listener *listener;
while ((listener = MT_LIST_POP(&px->listener_queue, struct listener *, wait_queue))) {
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
/* This cannot fail because the listeners are by definition in
BUG/MEDIUM: listener: use a self-locked list for the dequeue lists There is a very difficult to reproduce race in the listener's accept code, which is much easier to reproduce once connection limits are properly enforced. It's an ABBA lock issue : - the following functions take l->lock then lq_lock : disable_listener, pause_listener, listener_full, limit_listener, do_unbind_listener - the following ones take lq_lock then l->lock : resume_listener, dequeue_all_listener This is because __resume_listener() only takes the listener's lock and expects to be called with lq_lock held. The problem can easily happen when listener_full() and limit_listener() are called a lot while in parallel another thread releases sessions for the same listener using listener_release() which in turn calls resume_listener(). This scenario is more prevalent in 2.0-dev since the removal of the accept lock in listener_accept(). However in 1.9 and before, a different but extremely unlikely scenario can happen : thread1 thread2 ............................ enter listener_accept() limit_listener() ............................ long pause before taking the lock session_free() dequeue_all_listeners() lock(lq_lock) [1] ............................ try_lock(l->lock) [2] __resume_listener() spin_lock(l->lock) =>WAIT[2] ............................ accept() l->accept() nbconn==maxconn => listener_full() state==LI_LIMITED => lock(lq_lock) =>DEADLOCK[1]! In practice it is almost impossible to trigger it because it requires to limit both on the listener's maxconn and the frontend's rate limit, at the same time, and to release the listener when the connection rate goes below the limit between poll() returns the FD and the lock is taken (a few nanoseconds). But maybe with threads competing on the same core it has more chances to appear. This patch removes the lq_lock and replaces it with a lockless queue for the listener's wait queue (well, technically speaking a self-locked queue) brought by commit a8434ec14 ("MINOR: lists: Implement locked variations.") and its few subsequent fixes. This relieves us from the need of the lq_lock and removes the deadlock. It also gets rid of the distinction between __resume_listener() and resume_listener() since the only difference was the lq_lock. All listener removals from the list are now unconditional to avoid races on the state. It's worth noting that the list used to never be initialized and that it used to work only thanks to the state tests, so the initialization has now been added. This patch must carefully be backported to 1.9 and very likely 1.8. It is mandatory to be careful about replacing all manipulations of l->wait_queue, global.listener_queue and p->listener_queue.
2019-02-28 09:27:18 +00:00
* the LI_LIMITED state.
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
*/
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 16:19:58 +00:00
relax_listener(listener, 0, 0);
[MINOR] listeners: add support for queueing resource limited listeners When a listeners encounters a resource shortage, it currently stops until one re-enables it. This is far from being perfect as it does not yet handle the case where the single connection from the listener is rejected (eg: the stats page). Now we'll have a special status for resource limited listeners and we'll queue them into one or multiple lists. That way, each time we have to stop a listener because of a resource shortage, we can enqueue it and change its state, so that it is dequeued once more resources are available. This patch currently does not change any existing behaviour, it only adds the basic building blocks for doing that.
2011-07-24 20:03:52 +00:00
}
}
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 15:18:29 +00:00
/* default function used to unbind a listener. This is for use by standard
* protocols working on top of accepted sockets. The receiver's rx_unbind()
* will automatically be used after the listener is disabled if the socket is
* still bound. This must be used under the listener's lock.
BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled When a listener is temporarily disabled, we start by locking it and then we call .pause callback of the underlying protocol (tcp/unix). For TCP listeners, this is not a problem. But listeners bound on an unix socket are in fact closed instead. So .pause callback relies on unbind_listener function to do its job. Unfortunatly, unbind_listener hold the listener's lock and then call an internal function to unbind it. So, there is a deadlock here. This happens during a reload. To fix the problemn, the function do_unbind_listener, which is lockless, is now exported and is called when a listener bound on an unix socket is temporarily disabled. This patch must be backported in 1.8.
2018-03-16 09:04:47 +00:00
*/
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 15:18:29 +00:00
void default_unbind_listener(struct listener *listener)
[MINOR] add a generic unbind_listener() primitive Most protocols will be able to share a single unbind_listener() primitive. Provided it in protocols.c.
2007-10-28 21:13:50 +00:00
{
BROKEN/MEDIUM: listeners: rework the unbind logic to make it idempotent BROKEN: the failure rate on reg-tests/seamless-reload/abns_socket.vtc has significantly increased for no obvious reason. It fails 99% of the time vs 10% before. do_unbind_listener() is not logical and is not even idempotent. It must not touch the fd if already -1, which also means not touch the receiver. In addition, when performing a partial stop on a socket (not closing), we know the socket remains in the listening state yet it's marked as LI_ASSIGNED, which is confusing as it doesn't translate its real state. With this change, we make sure that FDs marked for close end up in ASSIGNED state and that those which are really bound and on which a listen() was made (i.e. not pause) remain in LISTEN state. This is what is closest to reality. Ideally this function should become a default proto->unbind() one but it may still keep a bit too much state logic to become generalized to other protocols (e.g. QUIC).
2020-10-08 13:36:46 +00:00
if (listener->state <= LI_ASSIGNED)
goto out_close;
if (listener->rx.fd == -1) {
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(listener, LI_ASSIGNED);
BROKEN/MEDIUM: listeners: rework the unbind logic to make it idempotent BROKEN: the failure rate on reg-tests/seamless-reload/abns_socket.vtc has significantly increased for no obvious reason. It fails 99% of the time vs 10% before. do_unbind_listener() is not logical and is not even idempotent. It must not touch the fd if already -1, which also means not touch the receiver. In addition, when performing a partial stop on a socket (not closing), we know the socket remains in the listening state yet it's marked as LI_ASSIGNED, which is confusing as it doesn't translate its real state. With this change, we make sure that FDs marked for close end up in ASSIGNED state and that those which are really bound and on which a listen() was made (i.e. not pause) remain in LISTEN state. This is what is closest to reality. Ideally this function should become a default proto->unbind() one but it may still keep a bit too much state logic to become generalized to other protocols (e.g. QUIC).
2020-10-08 13:36:46 +00:00
goto out_close;
}
MEDIUM: receivers: add an rx_unbind() method in the protocols This is used as a generic way to unbind a receiver at the end of do_unbind_listener(). This allows to considerably simplify that function since we can now let the protocol perform the cleanup. The generic code was moved to sock.c, along with the conditional rx_disable() call. Now the code also supports that the ->disable() function of the protocol which acts on the listener performs the close itself and adjusts the RX_F_BUOND flag accordingly.
2020-10-09 14:32:08 +00:00
if (listener->state >= LI_READY) {
listener->rx.proto->disable(listener);
if (listener->rx.flags & RX_F_BOUND)
BROKEN/MEDIUM: listeners: rework the unbind logic to make it idempotent BROKEN: the failure rate on reg-tests/seamless-reload/abns_socket.vtc has significantly increased for no obvious reason. It fails 99% of the time vs 10% before. do_unbind_listener() is not logical and is not even idempotent. It must not touch the fd if already -1, which also means not touch the receiver. In addition, when performing a partial stop on a socket (not closing), we know the socket remains in the listening state yet it's marked as LI_ASSIGNED, which is confusing as it doesn't translate its real state. With this change, we make sure that FDs marked for close end up in ASSIGNED state and that those which are really bound and on which a listen() was made (i.e. not pause) remain in LISTEN state. This is what is closest to reality. Ideally this function should become a default proto->unbind() one but it may still keep a bit too much state logic to become generalized to other protocols (e.g. QUIC).
2020-10-08 13:36:46 +00:00
listener_set_state(listener, LI_LISTEN);
MEDIUM: listeners: make unbind_listener() converge if needed The ZOMBIE state on listener is a real mess. Listeners passing through this state have lost their consistency with the proxy AND with the fdtab. Plus this state is not used for all foreign listeners, only for those belonging to a proxy that entirely runs on another process, otherwise it stays in INIT state, which makes the usefulness extremely questionable. But the real issue is that it's impossible to untangle the receivers from the proxy state as long as we have this because of deinit()... So what we do here is to start by making unbind_listener() support being called more than once. This will permit to call it again to really close the FD and finish the operations if it's called with an FD that's in a fake state (such as INIT but with a valid fd).
2020-09-23 14:24:23 +00:00
}
BROKEN/MEDIUM: listeners: rework the unbind logic to make it idempotent BROKEN: the failure rate on reg-tests/seamless-reload/abns_socket.vtc has significantly increased for no obvious reason. It fails 99% of the time vs 10% before. do_unbind_listener() is not logical and is not even idempotent. It must not touch the fd if already -1, which also means not touch the receiver. In addition, when performing a partial stop on a socket (not closing), we know the socket remains in the listening state yet it's marked as LI_ASSIGNED, which is confusing as it doesn't translate its real state. With this change, we make sure that FDs marked for close end up in ASSIGNED state and that those which are really bound and on which a listen() was made (i.e. not pause) remain in LISTEN state. This is what is closest to reality. Ideally this function should become a default proto->unbind() one but it may still keep a bit too much state logic to become generalized to other protocols (e.g. QUIC).
2020-10-08 13:36:46 +00:00
out_close:
MEDIUM: receivers: add an rx_unbind() method in the protocols This is used as a generic way to unbind a receiver at the end of do_unbind_listener(). This allows to considerably simplify that function since we can now let the protocol perform the cleanup. The generic code was moved to sock.c, along with the conditional rx_disable() call. Now the code also supports that the ->disable() function of the protocol which acts on the listener performs the close itself and adjusts the RX_F_BUOND flag accordingly.
2020-10-09 14:32:08 +00:00
if (listener->rx.flags & RX_F_BOUND)
listener->rx.proto->rx_unbind(&listener->rx);
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 15:18:29 +00:00
}
/* This function closes the listening socket for the specified listener,
* provided that it's already in a listening state. The protocol's unbind()
* is called to put the listener into LI_ASSIGNED or LI_LISTEN and handle
* the unbinding tasks. The listener enters then the LI_ASSIGNED state if
* the receiver is unbound. Must be called with the lock held.
*/
void do_unbind_listener(struct listener *listener)
{
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
MT_LIST_DELETE(&listener->wait_queue);
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 15:18:29 +00:00
if (listener->rx.proto->unbind)
listener->rx.proto->unbind(listener);
MEDIUM: listener: let do_unbind_listener() decide whether to close or not The listener contains all the information needed to decide to close on unbind or not. The rule is the following (when we're not stopping): - worker process unbinding from a worker's FD with socket transfer enabled => keep - master process unbinding from a master's inherited FD => keep - master process unbinding from a master's FD => close - master process unbinding from a worker's FD => close - worker process unbinding from a master's FD => close - worker process unbinding from a worker's FD => close Let's translate that into the function and stop using the do_close argument that is a bit obscure for callers. It was not yet removed to ease code testing.
2020-10-09 13:47:17 +00:00
MEDIUM: receivers: add an rx_unbind() method in the protocols This is used as a generic way to unbind a receiver at the end of do_unbind_listener(). This allows to considerably simplify that function since we can now let the protocol perform the cleanup. The generic code was moved to sock.c, along with the conditional rx_disable() call. Now the code also supports that the ->disable() function of the protocol which acts on the listener performs the close itself and adjusts the RX_F_BUOND flag accordingly.
2020-10-09 14:32:08 +00:00
/* we may have to downgrade the listener if the rx was closed */
if (!(listener->rx.flags & RX_F_BOUND) && listener->state > LI_ASSIGNED)
MEDIUM: listener: let do_unbind_listener() decide whether to close or not The listener contains all the information needed to decide to close on unbind or not. The rule is the following (when we're not stopping): - worker process unbinding from a worker's FD with socket transfer enabled => keep - master process unbinding from a master's inherited FD => keep - master process unbinding from a master's FD => close - master process unbinding from a worker's FD => close - worker process unbinding from a master's FD => close - worker process unbinding from a worker's FD => close Let's translate that into the function and stop using the do_close argument that is a bit obscure for callers. It was not yet removed to ease code testing.
2020-10-09 13:47:17 +00:00
listener_set_state(listener, LI_ASSIGNED);
BUG/MAJOR: thread/listeners: enable_listener must not call unbind_listener() unbind_listener() takes the listener lock, which is already held by enable_listener(). This situation happens when starting with nbproc > 1 with some bind lines limited to a certain process, because in this case enable_listener() tries to stop unneeded listeners. This commit introduces __do_unbind_listeners() which must be called with the lock held, and makes enable_listener() use this one. Given that the only return code has never been used and that it starts to make the code more complicated to propagate it before throwing it to the trash, the function's return type was changed to void.
2017-11-05 10:38:44 +00:00
}
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 23:05:05 +00:00
/* This function closes the listening socket for the specified listener,
* provided that it's already in a listening state. The listener enters the
CLEANUP: listeners: remove the do_close argument to unbind_listener() And also remove it from its callers. This subtle distinction was added as sort of a hack for the seamless reload feature but is not needed anymore since the do_close turned unused since commit previous commit ("MEDIUM: listener: let do_unbind_listener() decide whether to close or not"). This also removes the unbind_listener_no_close() function.
2020-10-09 13:55:23 +00:00
* LI_ASSIGNED state, except if the FD is not closed, in which case it may
* remain in LI_LISTEN. This function is intended to be used as a generic
BUG/MAJOR: thread/listeners: enable_listener must not call unbind_listener() unbind_listener() takes the listener lock, which is already held by enable_listener(). This situation happens when starting with nbproc > 1 with some bind lines limited to a certain process, because in this case enable_listener() tries to stop unneeded listeners. This commit introduces __do_unbind_listeners() which must be called with the lock held, and makes enable_listener() use this one. Given that the only return code has never been used and that it starts to make the code more complicated to propagate it before throwing it to the trash, the function's return type was changed to void.
2017-11-05 10:38:44 +00:00
* function for standard protocols.
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 23:05:05 +00:00
*/
BUG/MAJOR: thread/listeners: enable_listener must not call unbind_listener() unbind_listener() takes the listener lock, which is already held by enable_listener(). This situation happens when starting with nbproc > 1 with some bind lines limited to a certain process, because in this case enable_listener() tries to stop unneeded listeners. This commit introduces __do_unbind_listeners() which must be called with the lock held, and makes enable_listener() use this one. Given that the only return code has never been used and that it starts to make the code more complicated to propagate it before throwing it to the trash, the function's return type was changed to void.
2017-11-05 10:38:44 +00:00
void unbind_listener(struct listener *listener)
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 23:05:05 +00:00
{
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
CLEANUP: listeners: remove the do_close argument to unbind_listener() And also remove it from its callers. This subtle distinction was added as sort of a hack for the seamless reload feature but is not needed anymore since the do_close turned unused since commit previous commit ("MEDIUM: listener: let do_unbind_listener() decide whether to close or not"). This also removes the unbind_listener_no_close() function.
2020-10-09 13:55:23 +00:00
do_unbind_listener(listener);
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 23:05:05 +00:00
}
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
/* creates one or multiple listeners for bind_conf <bc> on sockaddr <ss> on port
* range <portl> to <porth>, and possibly attached to fd <fd> (or -1 for auto
MINOR: listener: pass the chosen protocol to create_listeners() The function will need to use more than just a family, let's pass it the selected protocol. The caller will then be able to do all the fancy stuff required to pick the best protocol.
2020-09-16 15:58:55 +00:00
* allocation). The address family is taken from ss->ss_family, and the protocol
MINOR: protocol: add a default I/O callback and put it into the receiver For now we're still using the protocol's default accept() function as the I/O callback registered by the receiver into the poller. While this is usable for most TCP connections where a listener is needed, this is not suitable for UDP where a different handler is needed. Let's make this configurable in the receiver just like the upper layer is configurable for listeners. In order to ease stream protocols handling, the protocols will now provide a default I/O callback which will be preset into the receivers upon allocation so that almost none of them has to deal with it.
2020-10-15 19:22:29 +00:00
* passed in <proto> must be usable on this family. The protocol's default iocb
* is automatically preset as the receivers' iocb. The number of jobs and
MINOR: listener: pass the chosen protocol to create_listeners() The function will need to use more than just a family, let's pass it the selected protocol. The caller will then be able to do all the fancy stuff required to pick the best protocol.
2020-09-16 15:58:55 +00:00
* listeners is automatically increased by the number of listeners created. It
* returns non-zero on success, zero on error with the error message set in <err>.
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
*/
int create_listeners(struct bind_conf *bc, const struct sockaddr_storage *ss,
MINOR: listener: pass the chosen protocol to create_listeners() The function will need to use more than just a family, let's pass it the selected protocol. The caller will then be able to do all the fancy stuff required to pick the best protocol.
2020-09-16 15:58:55 +00:00
int portl, int porth, int fd, struct protocol *proto, char **err)
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
{
struct listener *l;
int port;
for (port = portl; port <= porth; port++) {
l = calloc(1, sizeof(*l));
if (!l) {
memprintf(err, "out of memory");
return 0;
}
l->obj_type = OBJ_TYPE_LISTENER;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
LIST_APPEND(&bc->frontend->conf.listeners, &l->by_fe);
LIST_APPEND(&bc->listeners, &l->by_bind);
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
l->bind_conf = bc;
MINOR: receiver: link the receiver to its settings Just like listeners keep a pointer to their bind_conf, receivers now also have a pointer to their rx_settings. All those belonging to a listener are automatically initialized with a pointer to the bind_conf's settings.
2020-09-03 05:46:06 +00:00
l->rx.settings = &bc->settings;
MINOR: receiver: link the receiver to its owner A receiver will have to pass a context to be installed into the fdtab for use by the handler. We need to set this into the receiver struct as the bind will happen longer after the configuration.
2020-09-03 08:05:03 +00:00
l->rx.owner = l;
MINOR: protocol: add a default I/O callback and put it into the receiver For now we're still using the protocol's default accept() function as the I/O callback registered by the receiver into the poller. While this is usable for most TCP connections where a listener is needed, this is not suitable for UDP where a different handler is needed. Let's make this configurable in the receiver just like the upper layer is configurable for listeners. In order to ease stream protocols handling, the protocols will now provide a default I/O callback which will be preset into the receivers upon allocation so that almost none of them has to deal with it.
2020-10-15 19:22:29 +00:00
l->rx.iocb = proto->default_iocb;
REORG: listener: move the receiving FD to struct receiver The listening socket is represented by its file descriptor, which is generic to all receivers and not just listeners, so it must move to the rx struct. It's worth noting that in order to extend receivers and listeners to other protocols such as QUIC, we'll need other handles than file descriptors here, and that either a union or a cast to uintptr_t will have to be used. This was not done yet and the field was preserved under the name "fd" to avoid adding confusion.
2020-08-27 06:16:52 +00:00
l->rx.fd = fd;
MINOR: listener: automatically set the port when creating listeners In create_listeners() we iterate over a port range and call the protocol's ->add() function to add a new listener on the specified port. Only tcp4/tcp6/udp4/udp6 support a port, the other ones ignore it. Now that we can rely on the address family to properly set the port, better do it this way directly from create_listeners() and remove the family-specific case from the protocol layer.
2020-12-04 13:49:11 +00:00
MEDIUM: proto_reverse_connect: bootstrap active reverse connection Implement active reverse connection initialization. This is done through a new task stored in the receiver structure. This task is instantiated via bind callback and first woken up via enable callback. Task handler is separated into two halves. On the first step, a new connection is allocated and stored in <pend_conn> member of the receiver. This new client connection will proceed to connect using the server instance referenced in the bind_conf. When connect has successfully been executed and HTTP/2 connection is ready for exchange after SETTINGS, reverse_connect task is woken up. As <pend_conn> is still set, the second halve is executed which only execute listener_accept(). This will in turn execute accept_conn callback which is defined to return the pending connection. The task is automatically requeued inside accept_conn callback if bind maxconn is not yet reached. This allows to specify how many connection should be opened. Each connection is instantiated and reversed serially one by one until maxconn is reached. conn_free() has been modified to handle failure if a reverse connection fails before being accepted. In this case, no session exists to notify about the failure. Instead, reverse_connect task is requeud with a 1 second delay, giving time to fix a possible network issue. This will allow to attempt a new connection reverse. Note that for the moment connection rebinding after accept is disabled for simplicity. Extra operations are required to migrate an existing connection and its stack to a new thread which will be implemented later.
2023-08-23 15:16:07 +00:00
l->rx.reverse_connect.task = NULL;
MINOR: proto_reverse_connect: parse rev@ addresses for bind Implement parsing for "rev@" addresses on bind line. On config parsing, server name is stored on the bind_conf. Several new callbacks are defined on reverse_connect protocol to complete parsing. listen callback is used to retrieve the server instance from the bind_conf server name. If found, the server instance is stored on the receiver. Checks are implemented to ensure HTTP/2 protocol only is used by the server.
2023-08-07 15:56:36 +00:00
l->rx.reverse_connect.srv = NULL;
MEDIUM: proto_reverse_connect: bootstrap active reverse connection Implement active reverse connection initialization. This is done through a new task stored in the receiver structure. This task is instantiated via bind callback and first woken up via enable callback. Task handler is separated into two halves. On the first step, a new connection is allocated and stored in <pend_conn> member of the receiver. This new client connection will proceed to connect using the server instance referenced in the bind_conf. When connect has successfully been executed and HTTP/2 connection is ready for exchange after SETTINGS, reverse_connect task is woken up. As <pend_conn> is still set, the second halve is executed which only execute listener_accept(). This will in turn execute accept_conn callback which is defined to return the pending connection. The task is automatically requeued inside accept_conn callback if bind maxconn is not yet reached. This allows to specify how many connection should be opened. Each connection is instantiated and reversed serially one by one until maxconn is reached. conn_free() has been modified to handle failure if a reverse connection fails before being accepted. In this case, no session exists to notify about the failure. Instead, reverse_connect task is requeud with a 1 second delay, giving time to fix a possible network issue. This will allow to attempt a new connection reverse. Note that for the moment connection rebinding after accept is disabled for simplicity. Extra operations are required to migrate an existing connection and its stack to a new thread which will be implemented later.
2023-08-23 15:16:07 +00:00
l->rx.reverse_connect.pend_conn = NULL;
MINOR: proto_reverse_connect: parse rev@ addresses for bind Implement parsing for "rev@" addresses on bind line. On config parsing, server name is stored on the bind_conf. Several new callbacks are defined on reverse_connect protocol to complete parsing. listen callback is used to retrieve the server instance from the bind_conf server name. If found, the server instance is stored on the receiver. Checks are implemented to ensure HTTP/2 protocol only is used by the server.
2023-08-07 15:56:36 +00:00
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 05:48:42 +00:00
memcpy(&l->rx.addr, ss, sizeof(*ss));
MINOR: listener: now use a generic add_listener() function With the removal of the family-specific port setting, all protocol had exactly the same implementation of ->add(). A generic one was created with the name "default_add_listener" so that all other ones can now be removed. The API was slightly adjusted so that the protocol and the listener are passed instead of the listener and the port. Note that all protocols continue to provide this ->add() method instead of routinely calling default_add_listener() from create_listeners(). This makes sure that any non-standard protocol will still be able to intercept the listener addition if needed. This could be backported to 2.3 along with the few previous patches on listners as a pure code cleanup.
2020-12-04 14:03:36 +00:00
if (proto->fam->set_port)
proto->fam->set_port(&l->rx.addr, port);
MINOR: listener: automatically set the port when creating listeners In create_listeners() we iterate over a port range and call the protocol's ->add() function to add a new listener on the specified port. Only tcp4/tcp6/udp4/udp6 support a port, the other ones ignore it. Now that we can rely on the address family to properly set the port, better do it this way directly from create_listeners() and remove the family-specific case from the protocol layer.
2020-12-04 13:49:11 +00:00
MEDIUM: list: Separate "locked" list from regular list. Instead of using the same type for regular linked lists and "autolocked" linked lists, use a separate type, "struct mt_list", for the autolocked one, and introduce a set of macros, similar to the LIST_* macros, with the MT_ prefix. When we use the same entry for both regular list and autolocked list, as is done for the "list" field in struct connection, we know have to explicitely cast it to struct mt_list when using MT_ macros.
2019-08-08 13:47:21 +00:00
MT_LIST_INIT(&l->wait_queue);
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(l, LI_INIT);
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
MINOR: listener: now use a generic add_listener() function With the removal of the family-specific port setting, all protocol had exactly the same implementation of ->add(). A generic one was created with the name "default_add_listener" so that all other ones can now be removed. The API was slightly adjusted so that the protocol and the listener are passed instead of the listener and the port. Note that all protocols continue to provide this ->add() method instead of routinely calling default_add_listener() from create_listeners(). This makes sure that any non-standard protocol will still be able to intercept the listener addition if needed. This could be backported to 2.3 along with the few previous patches on listners as a pure code cleanup.
2020-12-04 14:03:36 +00:00
proto->add(proto, l);
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
MINOR: listener: remove the inherited arg to create_listener() This argument can now safely be determined from fd != -1, let's just drop it.
2020-09-15 11:50:58 +00:00
if (fd != -1)
MINOR: listener: move the INHERITED flag down to the receiver It's the receiver's FD that's inherited from the parent process, not the listener's so the flag must move to the receiver so that appropriate actions can be taken.
2020-09-01 13:41:59 +00:00
l->rx.flags |= RX_F_INHERITED;
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 18:02:58 +00:00
BUG/MEDIUM: stats: prevent crash if counters not alloc with dummy one Define a per-thread counters allocated with the greatest size of any stat module counters. This variable is named trash_counters. When using a proxy without allocated counters, return the trash counters from EXTRA_COUNTERS_GET instead of a dangling pointer to prevent segfault. This is useful for all the proxies used internally and not belonging to the global proxy list. As these objects does not appears on the stat report, it does not matter to use the dummy counters. For this fix to be functional, the extra counters are explicitly initialized to NULL on proxy/server/listener init functions. Most notably, the crash has already been detected with the following vtc: - reg-tests/lua/txn_get_priv.vtc - reg-tests/peers/tls_basic_sync.vtc - reg-tests/peers/tls_basic_sync_wo_stkt_backend.vtc There is probably other parts that may be impacted (SPOE for example). This bug was introduced in the current release and do not need to be backported. The faulty commits are "MINOR: ssl: count client hello for stats" and "MINOR: ssl: add counters for ssl sessions".
2020-11-10 13:24:31 +00:00
l->extra_counters = NULL;
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_INIT(&l->lock);
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&jobs);
_HA_ATOMIC_INC(&listeners);
MINOR: listeners: new function create_listeners This function is used to create a series of listeners for a specific address and a port range. It automatically calls the matching protocol handlers to add them to the relevant lists. This way cfgparse doesn't need to manipulate listeners anymore. As an added bonus, the memory allocation is checked.
2017-09-15 06:10:44 +00:00
}
return 1;
}
MINOR: receiver: add a struct shard_info to store info about each shard In order to create multiple receivers for one multi-group shard, we'll need some more info about the shard. Here we store: - the number of groups (= number of receivers) - the number of threads (will be used for accept LB) - pointer to the reference rx (to get the FD and to find all threads) - pointers to the other members (to iterate over all threads) For now since there's only one group per shard it remains simple. The listener deletion code already takes care of removing the current member from its shards list and moving others' reference to the last one if it was their reference (so as to avoid o(n^2) updates during ordered deletes). Since the vast majority of setups will not use multi-group shards, we try to save memory usage by only allocating the shard_info when it is needed, so the principle here is that a receiver shard_info==NULL is alone and doesn't share its socket with another group. Various approaches were considered and tests show that the management of the listeners during boot makes it easier to just attach to or detach from a shard_info and automatically allocate it if it does not exist, which is what is being done here. For now the attach code is not called, but detach is already called on delete.
2023-03-01 17:25:58 +00:00
/* Optionally allocates a new shard info (if si == NULL) for receiver rx and
* assigns it to it, or attaches to an existing one. If the rx already had a
* shard_info, it is simply returned. It is illegal to call this function with
* an rx that's part of a group that is already attached. Attaching means the
* shard_info's thread count and group count are updated so the rx's group is
* added to the shard_info's group mask. The rx are added to the members in the
* attachment order, though it must not matter. It is meant for boot time setup
* and is not thread safe. NULL is returned on allocation failure.
*/
struct shard_info *shard_info_attach(struct receiver *rx, struct shard_info *si)
{
if (rx->shard_info)
return rx->shard_info;
if (!si) {
si = calloc(1, sizeof(*si));
if (!si)
return NULL;
si->ref = rx;
}
rx->shard_info = si;
BUG_ON (si->tgroup_mask & 1UL << (rx->bind_tgroup - 1));
si->tgroup_mask |= 1UL << (rx->bind_tgroup - 1);
si->nbgroups = my_popcountl(si->tgroup_mask);
si->nbthreads += my_popcountl(rx->bind_thread);
si->members[si->nbgroups - 1] = rx;
return si;
}
/* Detaches the rx from an optional shard_info it may be attached to. If so,
* the thread counts, group masks and refcounts are updated. The members list
* remains contiguous by replacing the current entry with the last one. The
* reference continues to point to the first receiver. If the group count
* reaches zero, the shard_info is automatically released.
*/
void shard_info_detach(struct receiver *rx)
{
struct shard_info *si = rx->shard_info;
uint gr;
if (!si)
return;
rx->shard_info = NULL;
/* find the member slot this rx was attached to */
for (gr = 0; gr < MAX_TGROUPS && si->members[gr] != rx; gr++)
;
BUG_ON(gr == MAX_TGROUPS);
si->nbthreads -= my_popcountl(rx->bind_thread);
si->tgroup_mask &= ~(1UL << (rx->bind_tgroup - 1));
si->nbgroups = my_popcountl(si->tgroup_mask);
/* replace the member by the last one. If we removed the reference, we
* have to switch to another one. It's always the first entry so we can
* simply enforce it upon every removal.
*/
si->members[gr] = si->members[si->nbgroups];
si->members[si->nbgroups] = NULL;
si->ref = si->members[0];
if (!si->nbgroups)
free(si);
}
MINOR: listeners: add clone_listener() to duplicate listeners at boot time This function's purpose will be to duplicate a listener in INIT state. This will be used to ease declaration of listeners spanning multiple groups, which will thus require multiple FDs hence multiple receivers.
2021-10-12 07:36:10 +00:00
/* clones listener <src> and returns the new one. All dynamically allocated
* fields are reallocated (name for now). The new listener is inserted before
* the original one in the bind_conf and frontend lists. This allows it to be
* duplicated while iterating over the current list. The original listener must
* only be in the INIT or ASSIGNED states, and the new listener will only be
* placed into the INIT state. The counters are always set to NULL. Maxsock is
MINOR: receiver: add a struct shard_info to store info about each shard In order to create multiple receivers for one multi-group shard, we'll need some more info about the shard. Here we store: - the number of groups (= number of receivers) - the number of threads (will be used for accept LB) - pointer to the reference rx (to get the FD and to find all threads) - pointers to the other members (to iterate over all threads) For now since there's only one group per shard it remains simple. The listener deletion code already takes care of removing the current member from its shards list and moving others' reference to the last one if it was their reference (so as to avoid o(n^2) updates during ordered deletes). Since the vast majority of setups will not use multi-group shards, we try to save memory usage by only allocating the shard_info when it is needed, so the principle here is that a receiver shard_info==NULL is alone and doesn't share its socket with another group. Various approaches were considered and tests show that the management of the listeners during boot makes it easier to just attach to or detach from a shard_info and automatically allocate it if it does not exist, which is what is being done here. For now the attach code is not called, but detach is already called on delete.
2023-03-01 17:25:58 +00:00
* updated. Returns NULL on allocation error. The shard_info is never taken so
* that the caller can decide what to do with it depending on how it intends to
* clone the listener.
MINOR: listeners: add clone_listener() to duplicate listeners at boot time This function's purpose will be to duplicate a listener in INIT state. This will be used to ease declaration of listeners spanning multiple groups, which will thus require multiple FDs hence multiple receivers.
2021-10-12 07:36:10 +00:00
*/
struct listener *clone_listener(struct listener *src)
{
struct listener *l;
l = calloc(1, sizeof(*l));
if (!l)
goto oom1;
memcpy(l, src, sizeof(*l));
if (l->name) {
l->name = strdup(l->name);
if (!l->name)
goto oom2;
}
l->rx.owner = l;
MINOR: receiver: add a struct shard_info to store info about each shard In order to create multiple receivers for one multi-group shard, we'll need some more info about the shard. Here we store: - the number of groups (= number of receivers) - the number of threads (will be used for accept LB) - pointer to the reference rx (to get the FD and to find all threads) - pointers to the other members (to iterate over all threads) For now since there's only one group per shard it remains simple. The listener deletion code already takes care of removing the current member from its shards list and moving others' reference to the last one if it was their reference (so as to avoid o(n^2) updates during ordered deletes). Since the vast majority of setups will not use multi-group shards, we try to save memory usage by only allocating the shard_info when it is needed, so the principle here is that a receiver shard_info==NULL is alone and doesn't share its socket with another group. Various approaches were considered and tests show that the management of the listeners during boot makes it easier to just attach to or detach from a shard_info and automatically allocate it if it does not exist, which is what is being done here. For now the attach code is not called, but detach is already called on delete.
2023-03-01 17:25:58 +00:00
l->rx.shard_info = NULL;
MINOR: listeners: add clone_listener() to duplicate listeners at boot time This function's purpose will be to duplicate a listener in INIT state. This will be used to ease declaration of listeners spanning multiple groups, which will thus require multiple FDs hence multiple receivers.
2021-10-12 07:36:10 +00:00
l->state = LI_INIT;
l->counters = NULL;
l->extra_counters = NULL;
LIST_APPEND(&src->by_fe, &l->by_fe);
LIST_APPEND(&src->by_bind, &l->by_bind);
MT_LIST_INIT(&l->wait_queue);
l->rx.proto->add(l->rx.proto, l);
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_INIT(&l->lock);
MINOR: listeners: add clone_listener() to duplicate listeners at boot time This function's purpose will be to duplicate a listener in INIT state. This will be used to ease declaration of listeners spanning multiple groups, which will thus require multiple FDs hence multiple receivers.
2021-10-12 07:36:10 +00:00
_HA_ATOMIC_INC(&jobs);
_HA_ATOMIC_INC(&listeners);
global.maxsock++;
return l;
oom2:
free(l);
oom1:
BUG/MINOR: listener: fix incorrect return on out-of-memory When the clone_listener() function was added in commit 59a877dfd ("MINOR: listeners: add clone_listener() to duplicate listeners at boot time"), a stupid bug was introduced when splitting the error path because while the first case where calloc fails will leave NULL in the output value, the other cases will return the pointer to a freed area. This was reported by Coverity in issue #1416. In practice nobody will face it (out-of-memory while checking config), but let's fix it. No backport is needed.
2021-10-16 12:45:29 +00:00
return NULL;
MINOR: listeners: add clone_listener() to duplicate listeners at boot time This function's purpose will be to duplicate a listener in INIT state. This will be used to ease declaration of listeners spanning multiple groups, which will thus require multiple FDs hence multiple receivers.
2021-10-12 07:36:10 +00:00
}
[MINOR] add a generic delete_listener() primitive Most protocols will be able to share a single delete_listener() primitive. Provide it in protocols.c, and remove the specific version from proto_uxst.
2007-10-28 21:26:05 +00:00
/* Delete a listener from its protocol's list of listeners. The listener's
* state is automatically updated from LI_ASSIGNED to LI_INIT. The protocol's
MINOR: listeners: make listeners count consistent with reality Some places call delete_listener() then decrement the number of listeners and jobs. At least one other place calls delete_listener() without doing so, but since it's in deinit(), it's harmless and cannot risk to cause zombie processes to survive. Given that the number of listeners and jobs is incremented when creating the listeners, it's much more logical to symmetrically decrement them when deleting such listeners.
2017-09-15 06:18:11 +00:00
* number of listeners is updated, as well as the global number of listeners
* and jobs. Note that the listener must have previously been unbound. This
MINOR: listeners: split delete_listener() in two versions We'll need an already locked variant of this function so let's make __delete_listener() which will be called with the protocol lock held and the listener's lock held.
2020-10-07 13:36:16 +00:00
* is a low-level function expected to be called with the proto_lock and the
* listener's lock held.
[MINOR] add a generic delete_listener() primitive Most protocols will be able to share a single delete_listener() primitive. Provide it in protocols.c, and remove the specific version from proto_uxst.
2007-10-28 21:26:05 +00:00
*/
MINOR: listeners: split delete_listener() in two versions We'll need an already locked variant of this function so let's make __delete_listener() which will be called with the protocol lock held and the listener's lock held.
2020-10-07 13:36:16 +00:00
void __delete_listener(struct listener *listener)
[MINOR] add a generic delete_listener() primitive Most protocols will be able to share a single delete_listener() primitive. Provide it in protocols.c, and remove the specific version from proto_uxst.
2007-10-28 21:26:05 +00:00
{
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
if (listener->state == LI_ASSIGNED) {
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 05:23:45 +00:00
listener_set_state(listener, LI_INIT);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
LIST_DELETE(&listener->rx.proto_list);
MINOR: receiver: add a struct shard_info to store info about each shard In order to create multiple receivers for one multi-group shard, we'll need some more info about the shard. Here we store: - the number of groups (= number of receivers) - the number of threads (will be used for accept LB) - pointer to the reference rx (to get the FD and to find all threads) - pointers to the other members (to iterate over all threads) For now since there's only one group per shard it remains simple. The listener deletion code already takes care of removing the current member from its shards list and moving others' reference to the last one if it was their reference (so as to avoid o(n^2) updates during ordered deletes). Since the vast majority of setups will not use multi-group shards, we try to save memory usage by only allocating the shard_info when it is needed, so the principle here is that a receiver shard_info==NULL is alone and doesn't share its socket with another group. Various approaches were considered and tests show that the management of the listeners during boot makes it easier to just attach to or detach from a shard_info and automatically allocate it if it does not exist, which is what is being done here. For now the attach code is not called, but detach is already called on delete.
2023-03-01 17:25:58 +00:00
shard_info_detach(&listener->rx);
MINOR: protocol: rename the ->listeners field to ->receivers Since the listeners were split into receiver+listener, this field ought to have been renamed because it's confusing. It really links receivers and not listeners, as most of the time it's used via rx.proto_list! The nb_listeners field was updated accordingly.
2020-09-25 15:01:43 +00:00
listener->rx.proto->nb_receivers--;
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&jobs);
_HA_ATOMIC_DEC(&listeners);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
}
MINOR: listeners: split delete_listener() in two versions We'll need an already locked variant of this function so let's make __delete_listener() which will be called with the protocol lock held and the listener's lock held.
2020-10-07 13:36:16 +00:00
}
/* Delete a listener from its protocol's list of listeners (please check
* __delete_listener() above). The proto_lock and the listener's lock will
* be grabbed in this order.
*/
void delete_listener(struct listener *listener)
{
HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &listener->lock);
MINOR: listeners: split delete_listener() in two versions We'll need an already locked variant of this function so let's make __delete_listener() which will be called with the protocol lock held and the listener's lock held.
2020-10-07 13:36:16 +00:00
__delete_listener(listener);
MINOR: listener: replace the listener's spinlock with an rwlock We'll need to lock the listener a little bit more during accept() and tests show that a spinlock is a massive performance killer, so let's first switch to an rwlock for this lock. This patch might have to be backported for the next patch to work, and if so, the change is almost mechanical (look for LISTENER_LOCK), but do not forget about the few HA_SPIN_INIT() in the file. There's no reference to this lock outside of listener.c nor listener-t.h.
2022-02-01 15:23:00 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &listener->lock);
BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() The delete_listener() function takes the listener's lock before taking the proto_lock, which is contrary to what other functions do, possibly causing an AB/BA deadlock. In practice the two only places where both are taken are during protocol_enable_all() and delete_listener(), the former being used during startup and the latter during stop. In practice during reload floods, it is technically possible for a thread to be initializing the listeners while another one is stopping. While this is too hard to trigger on 2.0 and above due to the synchronization of all threads during startup, it's reasonably easy to do in 1.9 by having hundreds of listeners, starting 64 threads and flooding them with reloads like this : $ while usleep 50000; do killall -USR2 haproxy; done Usually in less than a minute, all threads will be deadlocked. The fix consists in always taking the proto_lock before the listener lock. It seems to be the only place where these two locks were reversed. This fix needs to be backported to 2.0, 1.9, and 1.8.
2019-08-26 08:55:52 +00:00
HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
[MINOR] add a generic delete_listener() primitive Most protocols will be able to share a single delete_listener() primitive. Provide it in protocols.c, and remove the specific version from proto_uxst.
2007-10-28 21:26:05 +00:00
}
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 14:39:41 +00:00
/* Returns a suitable value for a listener's backlog. It uses the listener's,
* otherwise the frontend's backlog, otherwise the listener's maxconn,
* otherwise the frontend's maxconn, otherwise 1024.
*/
int listener_backlog(const struct listener *l)
{
MINOR: listener: move the backlog setting from listener to bind_conf The backlog setting is also defined by the bind_conf, so let's move it there.
2023-01-12 17:55:13 +00:00
if (l->bind_conf->backlog)
return l->bind_conf->backlog;
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 14:39:41 +00:00
if (l->bind_conf->frontend->backlog)
return l->bind_conf->frontend->backlog;
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
if (l->bind_conf->maxconn)
return l->bind_conf->maxconn;
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 14:39:41 +00:00
if (l->bind_conf->frontend->maxconn)
return l->bind_conf->frontend->maxconn;
return 1024;
}
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
/* This function is called on a read event from a listening socket, corresponding
* to an accept. It tries to accept as many connections as possible, and for each
* calls the listener's accept handler (generally the frontend's accept handler).
*/
MINOR: protocol: register the receiver's I/O handler and not the protocol's Now we define a new sock_accept_iocb() for socket-based stream protocols and use it as a wrapper for listener_accept() which now takes a listener and not an FD anymore. This will allow the receiver's I/O cb to be redefined during registration, and more specifically to get rid of the hard-coded hacks in protocol_bind_all() made for syslog. The previous ->accept() callback in the protocol was removed since it doesn't have anything to do with accept() anymore but is more generic. A few places where listener_accept() was compared against the FD's IO callback for debugging purposes on the CLI were updated.
2020-10-15 19:29:49 +00:00
void listener_accept(struct listener *l)
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
{
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
struct connection *cli_conn;
BUG/MAJOR: listener: Make sure the listener exist before using it. In listener_accept(), make sure we have a listener before attempting to use it. An another thread may have closed the FD meanwhile, and set fdtab[fd].owner to NULL. As the listener is not free'd, it is ok to attempt to accept() a new connection even if the listener was closed. At worst the fd has been reassigned to another connection, and accept() will fail anyway. Many thanks to Richard Russo for reporting the problem, and suggesting the fix. This should be backported to 1.9 and 1.8.
2019-02-25 15:18:16 +00:00
struct proxy *p;
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
unsigned int max_accept;
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
int next_conn = 0;
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
int next_feconn = 0;
int next_actconn = 0;
MEDIUM: listener: make the accept function more robust against pauses During some tests in multi-process mode under Linux, it appeared that issuing "disable frontend foo" on the CLI to pause a listener would make the shutdown(read) of certain processes disturb another process listening on the same socket, resulting in a 100% CPU loop. What happens is that accept() returns EAGAIN without accepting anything. Fortunately, we see that epoll_wait() reports EPOLLIN+EPOLLRDHUP (likely because the FD points to the same file in the kernel), so we can use that to stop the other process from trying to accept connections for a short time and try again later, hoping for the situation to change. We must not disable the FD otherwise there's no way to re-enable it. Additionally, during these tests, a loop was encountered on EINVAL which was not caught. Now if we catch an EINVAL, we proceed the same way, in case the socket is re-enabled later.
2014-05-07 17:47:02 +00:00
int expire;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
int ret;
BUG/MAJOR: listener: Make sure the listener exist before using it. In listener_accept(), make sure we have a listener before attempting to use it. An another thread may have closed the FD meanwhile, and set fdtab[fd].owner to NULL. As the listener is not free'd, it is ok to attempt to accept() a new connection even if the listener was closed. At worst the fd has been reassigned to another connection, and accept() will fail anyway. Many thanks to Richard Russo for reporting the problem, and suggesting the fix. This should be backported to 1.9 and 1.8.
2019-02-25 15:18:16 +00:00
p = l->bind_conf->frontend;
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
MINOR: listener: move maxaccept from listener to bind_conf Like for previous values, maxaccept is really per-bind_conf, so let's move it there. Some frontends (peers, log) set it to 1 so the assignment was slightly moved.
2023-01-12 17:52:23 +00:00
/* if l->bind_conf->maxaccept is -1, then max_accept is UINT_MAX. It is
* not really illimited, but it is probably enough.
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled There is a bug when global.tune.maxaccept is set to -1 (no limit). It is pretty visible with one process (nbproc sets to 1). The functions listener_accept() and accept_queue_process() don't expect to handle negative maxaccept values. So instead of accepting incoming connections without any limit, none are never accepted and HAProxy loop infinitly in the scheduler. When there are 2 or more processes, the bug is a bit more subtile. The limit for a listener is set to 1. So only one connection is accepted at a time by a given listener. This happens because the listener's maxaccept value is an unsigned integer. In check_config_validity(), it is first set to UINT_MAX (-1 casted in an unsigned integer), and then some calculations on it leads to an integer overflow. To fix the bug, the listener's maxaccept value is now a signed integer. So, if a negative value is set for global.tune.maxaccept, we keep it untouched for the listener and no calculation is made on it. Then, in the listener code, this signed value is casted to a unsigned one. It simplifies all tests instead of dealing with negative values. So, it limits the number of connections accepted at a time to UINT_MAX at most. But, honestly, it not an issue. This patch must be backported to 1.9 and 1.8.
2019-04-30 10:17:13 +00:00
*/
MINOR: listener: move maxaccept from listener to bind_conf Like for previous values, maxaccept is really per-bind_conf, so let's move it there. Some frontends (peers, log) set it to 1 so the assignment was slightly moved.
2023-01-12 17:52:23 +00:00
max_accept = l->bind_conf->maxaccept ? l->bind_conf->maxaccept : 1;
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED) && global.sps_lim) {
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 16:51:07 +00:00
int max = freq_ctr_remain(&global.sess_per_sec, global.sps_lim, 0);
if (unlikely(!max)) {
/* frontend accept rate limit was reached */
expire = tick_add(now_ms, next_event_delay(&global.sess_per_sec, global.sps_lim, 0));
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
goto limit_global;
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 16:51:07 +00:00
}
if (max_accept > max)
max_accept = max;
}
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED) && global.cps_lim) {
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
int max = freq_ctr_remain(&global.conn_per_sec, global.cps_lim, 0);
if (unlikely(!max)) {
/* frontend accept rate limit was reached */
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 16:51:07 +00:00
expire = tick_add(now_ms, next_event_delay(&global.conn_per_sec, global.cps_lim, 0));
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
goto limit_global;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
if (max_accept > max)
max_accept = max;
}
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
#ifdef USE_OPENSSL
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED) && global.ssl_lim &&
CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL The new flag will now replace this boolean variable that was only set and tested.
2022-05-20 13:56:32 +00:00
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
if (unlikely(!max)) {
/* frontend accept rate limit was reached */
expire = tick_add(now_ms, next_event_delay(&global.ssl_per_sec, global.ssl_lim, 0));
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
goto limit_global;
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
}
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
if (max_accept > max)
max_accept = max;
}
#endif
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
if (p && p->fe_sps_lim) {
int max = freq_ctr_remain(&p->fe_sess_per_sec, p->fe_sps_lim, 0);
if (unlikely(!max)) {
/* frontend accept rate limit was reached */
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
expire = tick_add(now_ms, next_event_delay(&p->fe_sess_per_sec, p->fe_sps_lim, 0));
goto limit_proxy;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
if (max_accept > max)
max_accept = max;
}
/* Note: if we fail to allocate a connection because of configured
* limits, we'll schedule a new attempt worst 1 second later in the
* worst case. If we fail due to system limits or temporary resource
* shortage, we try again 100ms later in the worst case.
*/
Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" This reverts commit 62e8aaa1bd5ca96089eaa88487c700c4af4617f4. While is works extremely well to address SSL handshake floods, it prevents establishment of new connections during regular traffic above 50-60 Gbps, because for an unknown reason the queue seems to have ~1.7 active tasks per connection all the time, which makes no sense as these ought to be waiting on subscribed events. It might uncover a deeper issue but at least for now a different solution is needed. cf issue #822. The test is trivial to run, just start a config with tune.runqueue-depth 10 and inject on 1GB objects with more than 10 connections. Try to connect to the stats socket, it only works once, then the listeners are not dequeued.
2021-01-28 17:07:24 +00:00
for (; max_accept; next_conn = next_feconn = next_actconn = 0, max_accept--) {
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
unsigned int count;
MEDIUM: listener: use protocol->accept_conn() to accept a connection Now listener_accept() doesn't have to deal with the incoming FD anymore (except for a little bit of side band stuff). It directly retrieves a valid connection from the protocol layer, or receives a well-defined error code that helps it decide how to proceed. This removes a lot of hardly maintainable low-level code and opens the function to receive new protocol stacks.
2020-10-15 08:09:31 +00:00
int status;
BUILD: listener: avoir a build warning when threads are disabled It's just a __decl_thread() that appeared before the last variable.
2020-10-16 15:43:04 +00:00
__decl_thread(unsigned long mask);
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
/* pre-increase the number of connections without going too far.
* We process the listener, then the proxy, then the process.
* We know which ones to unroll based on the next_xxx value.
*/
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
do {
count = l->nbconn;
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
if (unlikely(l->bind_conf->maxconn && count >= l->bind_conf->maxconn)) {
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
/* the listener was marked full or another
* thread is going to do it.
*/
next_conn = 0;
BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition A corner case was opened in the listener_accept() code by commit 3f0d02bbc2 ("MAJOR: listener: do not hold the listener lock in listener_accept()"). The issue is when one listener (or a group of) managed to eat all the proxy's or all the process's maxconn, and another listener tries to accept a new socket. This results in the atomic increment to detect the excess connection count and immediately abort, without pausing the listener, thus the call is immediately performed again. This doesn't happen when the test is run on a single listener because this listener got limited when crossing the limit. But with 2 or more listeners, we don't have this luxury. The solution consists in limiting the listener as soon as we have to decline accepting an incoming connection. This means that the listener will not be marked full yet if it gets the exact connection count but this is not a problem in practice since all other listeners will only be marked full after their first attempt. Thus from now on, a listener is only full once it has already failed taking an incoming connection. This bug was definitely responsible for the unreproduceable occasional reports of high CPU usage showing epoll_wait() returning immediately without accepting an incoming connection, like in bug #129. This fix must be backported to 1.9 and 1.8.
2019-11-15 09:20:07 +00:00
listener_full(l);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
goto end;
}
next_conn = count + 1;
BUILD/MINOR: listener: Silent a few signedness warnings. Silenting couple of warnings related to signedness, due to a mismatch of signed and unsigned ints with l->nbconn, actconn and p->feconn.
2019-03-27 16:08:42 +00:00
} while (!_HA_ATOMIC_CAS(&l->nbconn, (int *)(&count), next_conn));
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (p) {
do {
count = p->feconn;
BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition A corner case was opened in the listener_accept() code by commit 3f0d02bbc2 ("MAJOR: listener: do not hold the listener lock in listener_accept()"). The issue is when one listener (or a group of) managed to eat all the proxy's or all the process's maxconn, and another listener tries to accept a new socket. This results in the atomic increment to detect the excess connection count and immediately abort, without pausing the listener, thus the call is immediately performed again. This doesn't happen when the test is run on a single listener because this listener got limited when crossing the limit. But with 2 or more listeners, we don't have this luxury. The solution consists in limiting the listener as soon as we have to decline accepting an incoming connection. This means that the listener will not be marked full yet if it gets the exact connection count but this is not a problem in practice since all other listeners will only be marked full after their first attempt. Thus from now on, a listener is only full once it has already failed taking an incoming connection. This bug was definitely responsible for the unreproduceable occasional reports of high CPU usage showing epoll_wait() returning immediately without accepting an incoming connection, like in bug #129. This fix must be backported to 1.9 and 1.8.
2019-11-15 09:20:07 +00:00
if (unlikely(count >= p->maxconn)) {
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
/* the frontend was marked full or another
* thread is going to do it.
*/
next_feconn = 0;
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
expire = TICK_ETERNITY;
goto limit_proxy;
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
}
next_feconn = count + 1;
MEDIUM: listeners: Use the new _HA_ATOMIC_* macros. Use the new _HA_ATOMIC_* macros and add barriers where needed.
2019-03-08 17:52:57 +00:00
} while (!_HA_ATOMIC_CAS(&p->feconn, &count, next_feconn));
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED)) {
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
do {
count = actconn;
BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition A corner case was opened in the listener_accept() code by commit 3f0d02bbc2 ("MAJOR: listener: do not hold the listener lock in listener_accept()"). The issue is when one listener (or a group of) managed to eat all the proxy's or all the process's maxconn, and another listener tries to accept a new socket. This results in the atomic increment to detect the excess connection count and immediately abort, without pausing the listener, thus the call is immediately performed again. This doesn't happen when the test is run on a single listener because this listener got limited when crossing the limit. But with 2 or more listeners, we don't have this luxury. The solution consists in limiting the listener as soon as we have to decline accepting an incoming connection. This means that the listener will not be marked full yet if it gets the exact connection count but this is not a problem in practice since all other listeners will only be marked full after their first attempt. Thus from now on, a listener is only full once it has already failed taking an incoming connection. This bug was definitely responsible for the unreproduceable occasional reports of high CPU usage showing epoll_wait() returning immediately without accepting an incoming connection, like in bug #129. This fix must be backported to 1.9 and 1.8.
2019-11-15 09:20:07 +00:00
if (unlikely(count >= global.maxconn)) {
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
/* the process was marked full or another
* thread is going to do it.
*/
next_actconn = 0;
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
expire = tick_add(now_ms, 1000); /* try again in 1 second */
goto limit_global;
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
}
next_actconn = count + 1;
BUILD/MINOR: listener: Silent a few signedness warnings. Silenting couple of warnings related to signedness, due to a mismatch of signed and unsigned ints with l->nbconn, actconn and p->feconn.
2019-03-27 16:08:42 +00:00
} while (!_HA_ATOMIC_CAS(&actconn, (int *)(&count), next_actconn));
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
BUG/MEDIUM: listener: read-lock the listener during accept() Listeners might be disabled by other threads while running in listener_accept() due to a stopping condition or possibly a rebinding error after a failed stop/start. When this happens, the listener's FD is -1 and accesses made by the lower layers to fdtab[-1] do not end up well. This can occasionally be noticed if running at high connection rates in master-worker mode when compiled with ASAN and hammered with 10 reloads per second. From time to time an out-of-bounds error will be reported. One approach could consist in keeping a copy of critical information such as the FD before proceeding but that's not correct since in case of close() the FD might be reassigned to another connection for example. In fact what is needed is to read-lock the listener during this operation so that it cannot change while we're touching it. Tests have shown that using a spinlock only does generally work well but it doesn't scale much with threads and we can see listener_accept() eat 10-15% CPU on a 24 thread machine at 300k conn/s. For this reason the lock was turned to an rwlock by previous commit and this patch only takes the read lock to make sure other operations do not change the listener's state while threads are accepting connections. With this approach, no performance loss was noticed at all and listener_accept() doesn't appear in perf top. This ought to be backported to about all branches that make use of the unlocked listeners, but in practice it seems to mostly concern 2.3 and above, since 2.2 and older will take the FD in the argument (and the race exists there, this FD could end up being reassigned in parallel but there's not much that can be done there to prevent that race; at least a permanent error will be reported). For backports, the current approach is preferred, with a preliminary backport of previous commit "MINOR: listener: replace the listener's spinlock with an rwlock". However if for any reason this commit cannot be backported, the current patch can be modified to simply take a spinlock (tested and works), it will just impact high performance workloads (like DDoS protection).
2022-02-01 15:37:00 +00:00
/* be careful below, the listener might be shutting down in
* another thread on error and we must not dereference its
* FD without a bit of protection.
*/
cli_conn = NULL;
status = CO_AC_PERMERR;
HA_RWLOCK_RDLOCK(LISTENER_LOCK, &l->lock);
if (l->rx.flags & RX_F_BOUND)
cli_conn = l->rx.proto->accept_conn(l, &status);
HA_RWLOCK_RDUNLOCK(LISTENER_LOCK, &l->lock);
MEDIUM: listener: use protocol->accept_conn() to accept a connection Now listener_accept() doesn't have to deal with the incoming FD anymore (except for a little bit of side band stuff). It directly retrieves a valid connection from the protocol layer, or receives a well-defined error code that helps it decide how to proceed. This removes a lot of hardly maintainable low-level code and opens the function to receive new protocol stacks.
2020-10-15 08:09:31 +00:00
if (!cli_conn) {
switch (status) {
case CO_AC_DONE:
goto end;
case CO_AC_RETRY: /* likely a signal */
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&l->nbconn);
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (p)
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&p->feconn);
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED))
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&actconn);
MEDIUM: listener: fix polling management in the accept loop The accept loop used to force fd_poll_recv() even in places where it was not completely appropriate (eg: unexpected errors). It does not yet cause trouble but will do with the upcoming polling changes. Let's use it only where relevant now. EINTR/ECONNABORTED do not result in poll() anymore but the failed connection is simply skipped (this code dates from 1.1.32 when error codes were first considered).
2014-01-20 20:21:30 +00:00
continue;
MEDIUM: listener: use protocol->accept_conn() to accept a connection Now listener_accept() doesn't have to deal with the incoming FD anymore (except for a little bit of side band stuff). It directly retrieves a valid connection from the protocol layer, or receives a well-defined error code that helps it decide how to proceed. This removes a lot of hardly maintainable low-level code and opens the function to receive new protocol stacks.
2020-10-15 08:09:31 +00:00
case CO_AC_YIELD:
BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() Recent fix 4c044e274c ("BUG/MEDIUM: listener/thread: fix a race when pausing a listener") is insufficient and moves the race slightly farther. What now happens is that if we're limiting a listener due to a transient error such as an accept() error for example, or because the proxy's maxconn was reached, another thread might in the mean time have switched again to LI_READY and at the end of the function we'll disable polling on this FD, resulting in a listener that never accepts anything anymore. It can more easily happen when sending SIGTTOU/SIGTTIN to temporarily pause the listeners to let another process bind next to them. What this patch does instead is to move all enable/disable operations at the end of the function and condition them to the state. The listener's state is checked under the lock and the FD's polling state adjusted accordingly so that the listener's state and the FD always remain 100% synchronized. It was verified with 16 threads that the cost of taking that lock is not measurable so that's fine. This should be backported to the same branches the patch above is backported to.
2019-12-10 08:30:05 +00:00
max_accept = 0;
goto end;
BUG/MEDIUM: listeners: CLOEXEC flag is not correctly set The CLOEXEC flag was set using a F_SETFL which can't work. To set the CLOEXEC flag F_SETFD should be used, the problem is that it needs a new call to fcntl() and it's on the path of every accept. This flag was only needed in the case of the master, so the patch was reverted and the flag set only in this case. The bug was introduced by 0b3e849 ("MEDIUM: listeners: set O_CLOEXEC on the accepted FDs"). No backport needed.
2018-11-27 11:02:39 +00:00
MEDIUM: listener: use protocol->accept_conn() to accept a connection Now listener_accept() doesn't have to deal with the incoming FD anymore (except for a little bit of side band stuff). It directly retrieves a valid connection from the protocol layer, or receives a well-defined error code that helps it decide how to proceed. This removes a lot of hardly maintainable low-level code and opens the function to receive new protocol stacks.
2020-10-15 08:09:31 +00:00
default:
goto transient_error;
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
}
}
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
/* The connection was accepted, it must be counted as such */
if (l->counters)
HA_ATOMIC_UPDATE_MAX(&l->counters->conn_max, next_conn);
BUILD: listener: shut report of possible null-deref in listener_accept() When building without threads, gcc 12 says that there's a null-deref in _HA_ATOMIC_INC() called from listener_accept(). It's just that the code was originally written in an attempt not to always have a proxy for a listener and that there are two places where the pointer is tested before being used, so the compiler concludes that the pointer might be null hence that other places are null-derefs. In practice the pointer cannot be null there (and never has been), but since that code was initially built that way and it's only a matter of adding a pair of braces to shut it up, let's respect that initial attempt in case one day we need it. This one was also reported by Ilya in issue #1513, though with threads enabled in his case. This may have to be backported if users complain about new breakage with gcc-12.
2022-05-09 18:41:54 +00:00
if (p) {
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
HA_ATOMIC_UPDATE_MAX(&p->fe_counters.conn_max, next_feconn);
BUILD: listener: shut report of possible null-deref in listener_accept() When building without threads, gcc 12 says that there's a null-deref in _HA_ATOMIC_INC() called from listener_accept(). It's just that the code was originally written in an attempt not to always have a proxy for a listener and that there are two places where the pointer is tested before being used, so the compiler concludes that the pointer might be null hence that other places are null-derefs. In practice the pointer cannot be null there (and never has been), but since that code was initially built that way and it's only a matter of adding a pair of braces to shut it up, let's respect that initial attempt in case one day we need it. This one was also reported by Ilya in issue #1513, though with threads enabled in his case. This may have to be backported if users complain about new breakage with gcc-12.
2022-05-09 18:41:54 +00:00
proxy_inc_fe_conn_ctr(l, p);
}
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED)) {
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
count = update_freq_ctr(&global.conn_per_sec, 1);
HA_ATOMIC_UPDATE_MAX(&global.cps_max, count);
}
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_INC(&activity[tid].accepted);
MINOR: cli/listener: report the number of accepts on "show activity" The "show activity" command reports the number of incoming connections dispatched per thread but doesn't report the number of connections received by each thread. It is important to be able to monitor this value as it can show that for whatever reason a smaller set of threads is receiving the connections and dispatching them to all other ones.
2019-04-12 13:27:17 +00:00
MINOR: stats: report the number of times the global maxconn was reached As discussed a few times over the years, it's quite difficult to know how often we stop accepting connections because the global maxconn was reached. This is not easy to know because when we reach the limit we stop accepting but we don't know if incoming connections are pending, so it's not possible to know how many were delayed just because of this. However, an interesting equivalent metric consist in counting the number of times an accepted incoming connection resulted in the limit being reached. I.e. "we've accepted the last one for now". That doesn't imply any other one got delayed but it's a factual indicator that something might have been delayed. And by counting the number of such events, it becomes easier to know whether some limits need to be adjusted because they're reached often, or if it's exceptionally rare. The metric is reported as a counter in show info and on the stats page in the info section right next to "maxconn".
2023-05-11 11:51:31 +00:00
/* count the number of times an accepted connection resulted in
* maxconn being reached.
*/
if (unlikely(_HA_ATOMIC_LOAD(&actconn) + 1 >= global.maxconn))
_HA_ATOMIC_INC(&maxconn_reached);
MINOR: listener: move the ->accept callback to the bind_conf The accept callback directly derives from the upper layer, generally it's session_accept_fd(). As such it's also defined per bind line so it makes sense to move it there.
2023-01-12 18:10:17 +00:00
/* past this point, l->bind_conf->accept() will automatically decrement
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
* l->nbconn, feconn and actconn once done. Setting next_*conn=0
* allows the error path not to rollback on nbconn. It's more
* convenient than duplicating all exit labels.
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
*/
next_conn = 0;
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
next_feconn = 0;
next_actconn = 0;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
#if defined(USE_THREAD)
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
if (!(global.tune.options & GTUNE_LISTENER_MQ_ANY) || stopping)
goto local_accept;
/* we want to perform thread rebalancing if the listener is
* bound to more than one thread or if it's part of a shard
* with more than one listener.
*/
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 18:14:18 +00:00
mask = l->rx.bind_thread & _HA_ATOMIC_LOAD(&tg->threads_enabled);
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
if (l->rx.shard_info || atleast2(mask)) {
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
struct accept_queue_ring *ring;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
struct listener *new_li;
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
uint r1, r2, t, t1, t2;
ulong n0, n1;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
const struct tgroup_info *g1, *g2;
ulong m1, m2;
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
ulong *thr_idx_ptr;
MINOR: listener: improve incoming traffic distribution By picking two randoms following the P2C algorithm, we seldom observe asymmetric loads on bursts of small session counts. This is typically what makes h2load take a bit of time to complete the last 100% because if a thread gets two connections while the other ones only have one, it takes twice the time to complete its work. This patch proposes a modification of the p2c algorithm which seems more suitable to this case : it mixes a rotating index with a random. This way, we're certain that all threads are consulted in turn and at the same time we're not forced to use the ones we're giving a chance. This significantly increases the traffic rate. Now h2load shows faster completion and the average request rates on H2 and the TLS resume rate increases by a bit more than 5% compared to pure p2c. The index was placed into the struct bind_conf because 1) it's faster there and it's the best place to optimally distribute traffic among a group of listeners. It's the only runtime-modified element there and it will be quite cache-hot.
2019-03-04 18:57:34 +00:00
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
/* The principle is that we have two running indexes,
* each visiting in turn all threads bound to this
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
* listener's shard. The connection will be assigned to
* the one with the least connections, and the other
* one will be updated. This provides a good fairness
* on short connections (round robin) and on long ones
* (conn count), without ever missing any idle thread.
* Each thread number is encoded as a combination of
* times the receiver number and its local thread
* number from 0 to MAX_THREADS_PER_GROUP - 1. The two
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
* indexes are stored as 10/12 bit numbers in the thr_idx
* array, since there are up to LONGBITS threads and
* groups that can be represented. They are represented
* like this:
* 31:20 19:15 14:10 9:5 4:0
* 32b: [ counter | r2num | t2num | r1num | t1num ]
*
* 63:24 23:18 17:12 11:6 5:0
* 64b: [ counter | r2num | t2num | r1num | t1num ]
*
* The change counter is only used to avoid swapping too
* old a value when the value loops back.
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
*
* In the loop below we have this for each index:
* - n is the thread index
* - r is the receiver number
* - g is the receiver's thread group
* - t is the thread number in this receiver
* - m is the receiver's thread mask shifted by the thread number
MINOR: listener: improve incoming traffic distribution By picking two randoms following the P2C algorithm, we seldom observe asymmetric loads on bursts of small session counts. This is typically what makes h2load take a bit of time to complete the last 100% because if a thread gets two connections while the other ones only have one, it takes twice the time to complete its work. This patch proposes a modification of the p2c algorithm which seems more suitable to this case : it mixes a rotating index with a random. This way, we're certain that all threads are consulted in turn and at the same time we're not forced to use the ones we're giving a chance. This significantly increases the traffic rate. Now h2load shows faster completion and the average request rates on H2 and the TLS resume rate increases by a bit more than 5% compared to pure p2c. The index was placed into the struct bind_conf because 1) it's faster there and it's the best place to optimally distribute traffic among a group of listeners. It's the only runtime-modified element there and it will be quite cache-hot.
2019-03-04 18:57:34 +00:00
*/
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
/* keep a copy for the final update. thr_idx is composite
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
* and made of (n2<<16) + n1.
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
*/
MINOR: listener: use a common thr_idx from the reference listener Instead of seeing each listener use its own thr_idx, let's use the same for all those from a shard. It should provide more accurate and smoother thread allocation.
2023-03-29 15:02:17 +00:00
thr_idx_ptr = l->rx.shard_info ? &((struct listener *)(l->rx.shard_info->ref->owner))->thr_idx : &l->thr_idx;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
while (1) {
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
int q0, q1, q2;
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
/* calculate r1/g1/t1 first (ascending idx) */
n0 = _HA_ATOMIC_LOAD(thr_idx_ptr);
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
new_li = NULL;
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
t1 = (uint)n0 & (LONGBITS - 1);
r1 = ((uint)n0 / LONGBITS) & (LONGBITS - 1);
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
while (1) {
if (l->rx.shard_info) {
/* multiple listeners, take the group into account */
if (r1 >= l->rx.shard_info->nbgroups)
r1 = 0;
g1 = &ha_tgroup_info[l->rx.shard_info->members[r1]->bind_tgroup - 1];
m1 = l->rx.shard_info->members[r1]->bind_thread;
} else {
/* single listener */
r1 = 0;
g1 = tg;
m1 = l->rx.bind_thread;
}
m1 &= _HA_ATOMIC_LOAD(&g1->threads_enabled);
m1 >>= t1;
/* find first existing thread */
if (unlikely(!(m1 & 1))) {
m1 &= ~1UL;
if (!m1) {
/* no more threads here, switch to
* first thread of next group.
*/
t1 = 0;
if (l->rx.shard_info)
r1++;
/* loop again */
continue;
}
t1 += my_ffsl(m1) - 1;
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
}
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
/* done: r1 and t1 are OK */
break;
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
}
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
/* now r2/g2/t2 (descending idx) */
t2 = ((uint)n0 / LONGBITS / LONGBITS) & (LONGBITS - 1);
r2 = ((uint)n0 / LONGBITS / LONGBITS / LONGBITS) & (LONGBITS - 1);
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
/* if running in round-robin mode ("fair"), we don't need
* to go further.
*/
if ((global.tune.options & GTUNE_LISTENER_MQ_ANY) == GTUNE_LISTENER_MQ_FAIR) {
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
t = g1->base + t1;
if (l->rx.shard_info && t != tid)
new_li = l->rx.shard_info->members[r1]->owner;
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
goto updt_t1;
}
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
while (1) {
if (l->rx.shard_info) {
/* multiple listeners, take the group into account */
if (r2 >= l->rx.shard_info->nbgroups)
r2 = l->rx.shard_info->nbgroups - 1;
g2 = &ha_tgroup_info[l->rx.shard_info->members[r2]->bind_tgroup - 1];
m2 = l->rx.shard_info->members[r2]->bind_thread;
} else {
/* single listener */
r2 = 0;
g2 = tg;
m2 = l->rx.bind_thread;
}
m2 &= _HA_ATOMIC_LOAD(&g2->threads_enabled);
m2 &= nbits(t2 + 1);
/* find previous existing thread */
if (unlikely(!(m2 & (1UL << t2)) || (g1 == g2 && t1 == t2))) {
/* highest bit not set or colliding threads, let's check
* if we still have other threads available after this
* one.
*/
m2 &= ~(1UL << t2);
if (!m2) {
/* no more threads here, switch to
* last thread of previous group.
*/
t2 = MAX_THREADS_PER_GROUP - 1;
if (l->rx.shard_info)
r2--;
/* loop again */
continue;
}
t2 = my_flsl(m2) - 1;
}
/* done: r2 and t2 are OK */
break;
BUG/MINOR: listener/mq: correctly scan all bound threads under low load When iterating on the CLI using "show activity" and no other load, it was visible that the last thread was always skipped. This was caused by the way the thread bits were walking : t1 was updated after t2 to make sure it never equals t2 (thus it skips t2), and in case of a tie we choose t1. This results in the chosen thread never to equal t2 unless the other ones already have one connection. In addition to this, t2 was recalulated upon each pass due to the fact that only the 31th bit was looked at instead of looking at the t2'th bit. This patch fixes this by updating t2 after t1 so that t1 is free to walk over all positions under equal load. No measurable performance gains are expected from this though, but it at least removes one strange indicator which could lead to some suspicion. No backport is needed.
2019-04-16 16:09:13 +00:00
}
MINOR: listener: resync with the thread index before heavy calculations During heavy accept competition, the CAS will occasionally fail and we'll have to go through all the calculation again. While the first two loops look heavy, they're almost never taken so they're quite cheap. However the rest of the operation is heavy because we have to consult connection counts and queue indexes for other threads, so better double-check if the index is still valid before continuing. Tests show that it's more efficient do retry half-way like this.
2023-04-19 15:19:28 +00:00
/* tests show that it's worth checking that other threads have not
* already changed the index to save the rest of the calculation,
* or we'd have to redo it anyway.
*/
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
if (n0 != _HA_ATOMIC_LOAD(thr_idx_ptr))
MINOR: listener: resync with the thread index before heavy calculations During heavy accept competition, the CAS will occasionally fail and we'll have to go through all the calculation again. While the first two loops look heavy, they're almost never taken so they're quite cheap. However the rest of the operation is heavy because we have to consult connection counts and queue indexes for other threads, so better double-check if the index is still valid before continuing. Tests show that it's more efficient do retry half-way like this.
2023-04-19 15:19:28 +00:00
continue;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
/* here we have (r1,g1,t1) that designate the first receiver, its
* thread group and local thread, and (r2,g2,t2) that designate
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
* the second receiver, its thread group and local thread. We'll
* also consider the local thread with q0.
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
*/
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
q0 = accept_queue_ring_len(&accept_queue_rings[tid]);
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
q1 = accept_queue_ring_len(&accept_queue_rings[g1->base + t1]);
q2 = accept_queue_ring_len(&accept_queue_rings[g2->base + t2]);
/* add to this the currently active connections */
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
q0 += _HA_ATOMIC_LOAD(&l->thr_conn[ti->ltid]);
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
if (l->rx.shard_info) {
q1 += _HA_ATOMIC_LOAD(&((struct listener *)l->rx.shard_info->members[r1]->owner)->thr_conn[t1]);
q2 += _HA_ATOMIC_LOAD(&((struct listener *)l->rx.shard_info->members[r2]->owner)->thr_conn[t2]);
} else {
q1 += _HA_ATOMIC_LOAD(&l->thr_conn[t1]);
q2 += _HA_ATOMIC_LOAD(&l->thr_conn[t2]);
}
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
/* we have 3 possibilities now :
* q1 < q2 : t1 is less loaded than t2, so we pick it
* and update t2 (since t1 might still be
* lower than another thread)
* q1 > q2 : t2 is less loaded than t1, so we pick it
* and update t1 (since t2 might still be
* lower than another thread)
* q1 = q2 : both are equally loaded, thus we pick t1
* and update t1 as it will become more loaded
* than t2.
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
* On top of that, if in the end the current thread appears
* to be as good of a deal, we'll prefer it over a foreign
* one as it will improve locality and avoid a migration.
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
*/
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
if (q1 - q2 < 0) {
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
t = g1->base + t1;
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (q0 <= q1)
t = tid;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (l->rx.shard_info && t != tid)
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
new_li = l->rx.shard_info->members[r1]->owner;
t2--;
if (t2 >= MAX_THREADS_PER_GROUP) {
if (l->rx.shard_info)
r2--;
t2 = MAX_THREADS_PER_GROUP - 1;
}
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
}
else if (q1 - q2 > 0) {
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
t = g2->base + t2;
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (q0 <= q2)
t = tid;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (l->rx.shard_info && t != tid)
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
new_li = l->rx.shard_info->members[r2]->owner;
goto updt_t1;
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
}
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
else { // q1 == q2
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
t = g1->base + t1;
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (q0 < q1) // local must be strictly better than both
t = tid;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
MINOR: listener: always compare the local thread as well By comparing the local thread's load with the least loaded thread's load, we can further improve the fairness and at the same time also improve locality since it allows a small ratio of connections not to be migrated. This is visible on CPU usage with long connections on very large thread counts (224) and high bandwidth (200G). The cost of checking the local thread's load remains fairly low so there's no reason not to do this. We continue to update the index if we select the local thread, because it means that the two other threads were both more loaded so we'd rather find better ones.
2023-04-19 16:06:16 +00:00
if (l->rx.shard_info && t != tid)
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
new_li = l->rx.shard_info->members[r1]->owner;
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
updt_t1:
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
t1++;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
if (t1 >= MAX_THREADS_PER_GROUP) {
if (l->rx.shard_info)
r1++;
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
t1 = 0;
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
}
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
}
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
/* The target thread number is in <t> now. Let's
* compute the new index and try to update it.
*/
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
/* take previous counter and increment it */
n1 = n0 & -(ulong)(LONGBITS * LONGBITS * LONGBITS * LONGBITS);
n1 += LONGBITS * LONGBITS * LONGBITS * LONGBITS;
n1 += (((r2 * LONGBITS) + t2) * LONGBITS * LONGBITS);
n1 += (r1 * LONGBITS) + t1;
MINOR: listener: use a common thr_idx from the reference listener Instead of seeing each listener use its own thr_idx, let's use the same for all those from a shard. It should provide more accurate and smoother thread allocation.
2023-03-29 15:02:17 +00:00
if (likely(_HA_ATOMIC_CAS(thr_idx_ptr, &n0, n1)))
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
break;
MINOR: listener: make sure to avoid ABA updates in per-thread index One limitation of the current thread index mechanism is that if the values are assigned multiple times to the same thread and the index loops, it can match again the old value, which will not prevent a competing thread from finishing its CAS and assigning traffic to a thread that's not the optimal one. The probability is low but the solution is simple enough and consists in implementing an update counter in the high bits of the index to force a mismatch in this case (assuming we don't try to cover for extremely unlikely cases where the update counter loops while the index remains equal). So let's do that. In order to improve the situation a little bit, we now set the index to a ulong so that in 32 bits we have 8 bits of counter and in 64 bits we have 40 bits.
2023-04-20 14:52:21 +00:00
/* bah we lost the race, try again */
__ha_cpu_relax();
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
} /* end of main while() loop */
/* we may need to update the listener in the connection
* if we switched to another group.
*/
if (new_li)
cli_conn->target = &new_li->obj_type;
/* here we have the target thread number in <t> and we hold a
* reservation in the target ring.
*/
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
MINOR: protocol: define new callback set_affinity Define a new protocol callback set_affinity. This function is used during listener_accept() to notify about a rebind on a new thread just before pushing the connection on the selected thread queue. If the callback fails, accept is done locally. This change will be useful for protocols with state allocated before accept is done. For the moment, only QUIC protocol is concerned. This will allow to rebind the quic_conn to a new thread depending on its load. This should be backported up to 2.7 after a period of observation.
2023-04-05 16:16:28 +00:00
if (l->rx.proto && l->rx.proto->set_affinity) {
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
if (l->rx.proto->set_affinity(cli_conn, t)) {
MINOR: protocol: define new callback set_affinity Define a new protocol callback set_affinity. This function is used during listener_accept() to notify about a rebind on a new thread just before pushing the connection on the selected thread queue. If the callback fails, accept is done locally. This change will be useful for protocols with state allocated before accept is done. For the moment, only QUIC protocol is concerned. This will allow to rebind the quic_conn to a new thread depending on its load. This should be backported up to 2.7 after a period of observation.
2023-04-05 16:16:28 +00:00
/* Failed migration, stay on the same thread. */
goto local_accept;
}
}
MEDIUM: listener: change the LB algorithm again to use two round robins instead At this point, the random used in the hybrid queue distribution algorithm provides little benefit over a periodic scan, can even have a slightly worse worst case, and it requires to establish a mapping between a discrete number and a thread ID among a mask. This patch introduces a different approach using two indexes. One scans the thread mask from the left, the other one from the right. The related threads' loads are compared, and the least loaded one receives the new connection. Then one index is adjusted depending on the load resulting from this election, so that we start the next election from two known lightly loaded threads. This approach provides an extra 1% peak performance boost over the previous one, which likely corresponds to the removal of the extra work on the random and the previously required two mappings of index to thread. A test was attempted with two indexes going in the same direction but it was much less interesting because the same thread pairs were compared most of the time with the load climbing in a ladder-like model. With the reverse directions this cannot happen.
2019-03-05 07:46:28 +00:00
/* We successfully selected the best thread "t" for this
* connection. We use deferred accepts even if it's the
* local thread because tests show that it's the best
* performing model, likely due to better cache locality
* when processing this loop.
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
*/
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
ring = &accept_queue_rings[t];
MEDIUM: listener: allocate the connection before queuing a new connection Till now we would keep a per-thread queue of pending incoming connections for which we would store: - the listener - the accepted FD - the source address - the source address' length And these elements were first used in session_accept_fd() running on the target thread to allocate a connection and duplicate them again. Doing this induces various problems. The first one is that session_accept_fd() may only run on file descriptors and cannot be reused for QUIC. The second issue is that it induces lots of memory copies and that the listerner queue thrashes a lot of cache, consuming 64 bytes per entry. This patch changes this by allocating the connection before queueing it, and by only placing the connection's pointer into the queue. Indeed, the first two calls used to initialize the connection already store all the information above, which can be retrieved from the connection pointer alone. So we just have to pop one pointer from the target thread, and pass it to session_accept_fd() which only needs the FD for the final settings. This starts to make the accept path a bit more transport-agnostic, and saves memory and CPU cycles at the same time (1% connection rate increase was noticed with 4 threads). Thanks to dividing the accept-queue entry size from 64 to 8 bytes, its size could be increased from 256 to 1024 connections while still dividing the overall size by two. No single queue full condition was met. One minor drawback is that connection may be allocated from one thread's pool to be used into another one. But this already happens a lot with connection reuse so there is really nothing new here.
2020-10-14 15:37:17 +00:00
if (accept_queue_push_mp(ring, cli_conn)) {
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
_HA_ATOMIC_INC(&activity[t].accq_pushed);
OPTIM: listeners: use tasklets for the multi-queue rings Now that we can wake up a remote thread's tasklet, it's way more interesting to use a tasklet than a task in the accept queue, as it will avoid passing through all the scheduler. Just doing this increases the accept rate by about 4%, overall recovering the slight loss introduced by the tasklet change. In addition it makes sure that even a heavily loaded scheduler (e.g. many very fast checks) will not delay a connection accept.
2019-09-24 04:55:18 +00:00
tasklet_wakeup(ring->tasklet);
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
continue;
}
/* If the ring is full we do a synchronous accept on
* the local thread here.
*/
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
_HA_ATOMIC_INC(&activity[t].accq_full);
MAJOR: listener: use the multi-queue for multi-thread listeners The idea is to redistribute an incoming connection to one of the threads a bind_conf is bound to when there is more than one. We do this using a random improved by the p2c algorithm : a random() call returns two different thread numbers. We then compare their respective connection count and the length of their accept queues, and pick the least loaded one. We even use this deferred accept mechanism if the target thread ends up being the local thread, because this maintains fairness between all connections and tests show that it's about 1% faster this way, likely due to cache locality. If the target thread's accept queue is full, the connection is accepted synchronously by the current thread.
2019-01-27 14:37:19 +00:00
}
#endif // USE_THREAD
MINOR: receiver: define a flag for local accept This flag is named RX_F_LOCAL_ACCEPT. It will be activated for special receivers where connection balancing to threads is already handle outside of listener_accept, such as with QUIC listeners.
2022-01-19 10:37:50 +00:00
local_accept:
MEDIUM: listener: rework thread assignment to consider all groups Till now threads were assigned in listener_accept() to other threads of the same group only, using a single group mask. Now that we have all the relevant info (array of listeners of the same shard), we can spread the thr_idx to cover all assigned groups. The thread indexes now contain the group number in their upper bits, and the indexes run over te whole list of threads, all groups included. One particular subtlety here is that switching to a thread from another group also means switching the group, hence the listener. As such, when changing the group we need to update the connection's owner to point to the listener of the same shard that is bound to the target group.
2023-03-27 08:38:51 +00:00
/* restore the connection's listener in case we failed to migrate above */
cli_conn->target = &l->obj_type;
CLEANUP: listener: only store conn counts for local threads The listeners have a thr_conn[] array indexed on the thread number that is used during connection redispatching to know what threads are the least loaded. Since we introduced thread groups, and based on the fact that a listener may only belong to one group, there's no point storing counters for all threads, we just need to store them for all threads in the group. Doing so reduces the struct listener from 1500 to 632 bytes. This may be backported to 2.7 to save a bit of resources.
2023-02-28 09:25:57 +00:00
_HA_ATOMIC_INC(&l->thr_conn[ti->ltid]);
MINOR: listener: move the ->accept callback to the bind_conf The accept callback directly derives from the upper layer, generally it's session_accept_fd(). As such it's also defined per bind line so it makes sense to move it there.
2023-01-12 18:10:17 +00:00
ret = l->bind_conf->accept(cli_conn);
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
if (unlikely(ret <= 0)) {
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 22:22:06 +00:00
/* The connection was closed by stream_accept(). Either
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
* we just have to ignore it (ret == 0) or it's a critical
* error due to a resource shortage, and we must stop the
* listener (ret < 0).
*/
if (ret == 0) /* successful termination */
continue;
MEDIUM: listener: make the accept function more robust against pauses During some tests in multi-process mode under Linux, it appeared that issuing "disable frontend foo" on the CLI to pause a listener would make the shutdown(read) of certain processes disturb another process listening on the same socket, resulting in a 100% CPU loop. What happens is that accept() returns EAGAIN without accepting anything. Fortunately, we see that epoll_wait() reports EPOLLIN+EPOLLRDHUP (likely because the FD points to the same file in the kernel), so we can use that to stop the other process from trying to accept connections for a short time and try again later, hoping for the situation to change. We must not disable the FD otherwise there's no way to re-enable it. Additionally, during these tests, a loop was encountered on EINVAL which was not caught. Now if we catch an EINVAL, we proceed the same way, in case the socket is re-enabled later.
2014-05-07 17:47:02 +00:00
goto transient_error;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
/* increase the per-process number of cumulated sessions, this
MINOR: listener: move the ->accept callback to the bind_conf The accept callback directly derives from the upper layer, generally it's session_accept_fd(). As such it's also defined per bind line so it makes sense to move it there.
2023-01-12 18:10:17 +00:00
* may only be done once l->bind_conf->accept() has accepted the
* connection.
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
*/
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED)) {
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
count = update_freq_ctr(&global.sess_per_sec, 1);
HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 16:51:07 +00:00
}
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
#ifdef USE_OPENSSL
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED) &&
CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL The new flag will now replace this boolean variable that was only set and tested.
2022-05-20 13:56:32 +00:00
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
count = update_freq_ctr(&global.ssl_per_sec, 1);
HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 18:01:52 +00:00
}
#endif
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 16:51:07 +00:00
MINOR: thread: only use atomic ops to touch the flags The thread flags are touched a little bit by other threads, e.g. the STUCK flag may be set by other ones, and they're watched a little bit. As such we need to use atomic ops only to manipulate them. Most places were already using them, but here we generalize the practice. Only ha_thread_dump() does not change because it's run under isolation.
2022-06-22 07:19:46 +00:00
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_STUCK); // this thread is still running
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
} /* end of for (max_accept--) */
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
MEDIUM: threads/listeners: Make listeners thread-safe First, we use atomic operations to update jobs/totalconn/actconn variables, listener's nbconn variable and listener's counters. Then we add a lock on listeners to protect access to their information. And finally, listener queues (global and per proxy) are also protected by a lock. Here, because access to these queues are unusal, we use the same lock for all queues instead of a global one for the global queue and a lock per proxy for others.
2017-05-30 13:36:50 +00:00
end:
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
if (next_conn)
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&l->nbconn);
BUG/MINOR: listener: keep accept rate counters accurate under saturation The test on l->nbconn forces to exit the loop before updating the freq counters, so the last session which reaches a listener's limit will not be accounted for in the session rate measurement. Let's move the test at the beginning of the loop and mark the listener as saturated on exit. This may be backported to 1.9 and 1.8.
2019-02-25 14:02:04 +00:00
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (p && next_feconn)
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&p->feconn);
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (next_actconn)
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&actconn);
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
if ((l->state == LI_FULL && (!l->bind_conf->maxconn || l->nbconn < l->bind_conf->maxconn)) ||
Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" This reverts commit 62e8aaa1bd5ca96089eaa88487c700c4af4617f4. While is works extremely well to address SSL handshake floods, it prevents establishment of new connections during regular traffic above 50-60 Gbps, because for an unknown reason the queue seems to have ~1.7 active tasks per connection all the time, which makes no sense as these ought to be waiting on subscribed events. It might uncover a deeper issue but at least for now a different solution is needed. cf issue #822. The test is trivial to run, just start a config with tune.runqueue-depth 10 and inject on 1GB objects with more than 10 connections. Try to connect to the stats socket, it only works once, then the listeners are not dequeued.
2021-01-28 17:07:24 +00:00
(l->state == LI_LIMITED &&
BUG/MINOR: listener: do not immediately resume on transient error The listener supports a "transient error" situation, which corresponds to those situations where accept fails badly but poll() reports an event. This happens for example when a listener is paused, or on out of FD. The same mechanism is used when facing a maxconn or maxsessrate limitation. When this happens, the listener is disabled for up to 100ms and put back into the global listener queue so that it automatically wakes up again as soon as the conditions change from an existing connection releasing one resource, or the system recovers from a transient issue. The listener_accept() function has a bug in its exit path causing a freshly limited listener to be immediately enabled again because all the conditions are met (connection count < max). It doesn't take into account the fact that the listener might have been queued and must first wait for the timeout to expire before doing so. The impact is that upon certain errors, the faulty process will busy loop on the accept code without sleeping. This is the scenario reported and diagnosed by @hedong0411 in issue #382. This commit fixes it by verifying that the global queue's delay is at least expired before deciding to resume the listener. Another approach could consist in having an extra state like LI_DELAY for situations where only a delay is acceptable, but this would probably not bring anything except more complex code. This issue was introduced with the lock-free listener accept code (commits 3f0d02b and 82c9789a) that were backported to 1.8.20+ and 1.9.7+, so this fix must be backported to the relevant branches.
2019-12-11 14:06:30 +00:00
((!p || p->feconn < p->maxconn) && (actconn < global.maxconn) &&
(!tick_isset(global_listener_queue_task->expire) ||
tick_is_expired(global_listener_queue_task->expire, now_ms))))) {
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
/* at least one thread has to this when quitting */
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 16:19:58 +00:00
relax_listener(l, 0, 0);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" This reverts commit 62e8aaa1bd5ca96089eaa88487c700c4af4617f4. While is works extremely well to address SSL handshake floods, it prevents establishment of new connections during regular traffic above 50-60 Gbps, because for an unknown reason the queue seems to have ~1.7 active tasks per connection all the time, which makes no sense as these ought to be waiting on subscribed events. It might uncover a deeper issue but at least for now a different solution is needed. cf issue #822. The test is trivial to run, just start a config with tune.runqueue-depth 10 and inject on 1GB objects with more than 10 connections. Try to connect to the stats socket, it only works once, then the listeners are not dequeued.
2021-01-28 17:07:24 +00:00
/* Dequeues all of the listeners waiting for a resource */
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
dequeue_all_listeners();
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
MEDIUM: list: Separate "locked" list from regular list. Instead of using the same type for regular linked lists and "autolocked" linked lists, use a separate type, "struct mt_list", for the autolocked one, and introduce a set of macros, similar to the LIST_* macros, with the MT_ prefix. When we use the same entry for both regular list and autolocked list, as is done for the "list" field in struct connection, we know have to explicitely cast it to struct mt_list when using MT_ macros.
2019-08-08 13:47:21 +00:00
if (p && !MT_LIST_ISEMPTY(&p->listener_queue) &&
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
(!p->fe_sps_lim || freq_ctr_remain(&p->fe_sess_per_sec, p->fe_sps_lim, 0) > 0))
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
dequeue_proxy_listeners(p);
MAJOR: listener: do not hold the listener lock in listener_accept() This function used to hold the listener's lock as a way to stay safe against concurrent manipulations, but it turns out this is wrong. First, the lock is held during l->accept(), which itself might indirectly call listener_release(), which, if the listener is marked full, could result in __resume_listener() to be called and the lock being taken twice. In practice it doesn't happen right now because the listener's FULL state cannot change while we're doing this. Second, all the code does is now protected against concurrent accesses. It used not to be the case in the early days of threads : the frequency counters are thread-safe. The rate limiting doesn't require extreme precision. Only the nbconn check is not thread safe. Third, the parts called here will have to be called from different threads without holding this lock, and this becomes a bigger issue if we need to keep this one. This patch does 3 things which need to be addressed at once : 1) it moves the lock to the only 2 functions that were not protected since called form listener_accept() : - limit_listener() - listener_full() 2) it makes sure delete_listener() properly checks its state within the lock. 3) it updates the l->nbconn tracking to make sure that it is always properly reported and accounted for. There is a point of particular care around the situation where the listener's maxconn is reached because the listener has to be marked full before accepting the connection, then resumed if the connection finally gets dropped. It is not possible to perform this change without removing the lock due to the deadlock issue explained above. This patch almost doubles the accept rate in multi-thread on a shared port between 8 threads, and multiplies by 4 the connection rate on a tcp-request connection reject rule.
2019-02-25 18:23:37 +00:00
}
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
return;
transient_error:
/* pause the listener for up to 100 ms */
expire = tick_add(now_ms, 100);
BUG/MINOR: listener: detect and handle shared sockets stopped in other processes It may happen that during a temporary listener pause resulting from a SIGTTOU, one process gets one of its sockets disabled by another process and will not be able to recover from this situation by itself. For the protocols supporting this (TCPv4 and TCPv6 at the moment) this situation is detectable, so when this happens, let's put the listener into the PAUSED state so that it remains consistent with the real socket state. One nice effect is that just sending the SIGTTIN signal to the process is enough to recover the socket in this case. There is no need to backport this, this behavior has been there forever and the fix requires to reimplement the getsockopt() call there.
2020-10-13 15:46:05 +00:00
/* This may be a shared socket that was paused by another process.
* Let's put it to pause in this case.
*/
if (l->rx.proto && l->rx.proto->rx_listening(&l->rx) == 0) {
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 16:45:08 +00:00
suspend_listener(l, 0, 0);
BUG/MINOR: listener: detect and handle shared sockets stopped in other processes It may happen that during a temporary listener pause resulting from a SIGTTOU, one process gets one of its sockets disabled by another process and will not be able to recover from this situation by itself. For the protocols supporting this (TCPv4 and TCPv6 at the moment) this situation is detectable, so when this happens, let's put the listener into the PAUSED state so that it remains consistent with the real socket state. One nice effect is that just sending the SIGTTIN signal to the process is enough to recover the socket in this case. There is no need to backport this, this behavior has been there forever and the fix requires to reimplement the getsockopt() call there.
2020-10-13 15:46:05 +00:00
goto end;
}
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
limit_global:
/* (re-)queue the listener to the global queue and set it to expire no
* later than <expire> ahead. The listener turns to LI_LIMITED.
*/
limit_listener(l, &global_listener_queue);
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task It is pretty similar to fbb934da90 ("BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task"). When the global management task is running, at the end of its process function, it resets the expire date by setting it to TICK_ETERNITY. In same time, a listener may reach a global limit and decides to schedule the task. Thus it is possible to queue the task and trigger the BUG_ON() on the expire date because its value was set to TICK_ETERNITY in the means time: FATAL: bug condition "task->expire == 0" matched at src/task.c:310 call trace(12): | 0x662de8 [b8 01 00 00 00 c6 00 00]: __task_queue+0xc7/0x11e | 0x63b03f [48 b8 04 00 00 00 05 00]: main+0x2535e | 0x63ed1a [e9 d2 fd ff ff 48 8b 45]: listener_accept+0xf72/0xfda | 0x6a36d3 [eb 01 90 c9 c3 55 48 89]: sock_accept_iocb+0x82/0x87 | 0x6af22f [48 8b 05 ca f9 13 00 8b]: fd_update_events+0x35a/0x497 | 0x42a7a8 [89 45 d8 83 7d d8 02 75]: main-0x1eb539 | 0x6158fb [48 8b 05 e6 06 1c 00 64]: run_poll_loop+0x2e7/0x319 | 0x615b6c [48 8b 05 ed 65 1d 00 48]: main-0x175 | 0x7ffff775bded [e9 69 fe ff ff 48 8b 4c]: libc:+0x8cded | 0x7ffff77e1370 [48 89 c7 b8 3c 00 00 00]: libc:+0x112370 To fix the bug, a RW lock is introduced. It is used to fix the race condition. A read lock is taken when the task is scheduled, in listener_accpet() and a write lock is used at the end of process function to set the expire date to TICK_ETERNITY. This lock should not be used very often and most of time by "readers". So, the impact should be really limited. This patch should fix the issue #1930. It must be backported as far as 1.8 with some cautions because the code has evolved a lot since then.
2022-11-17 13:40:20 +00:00
HA_RWLOCK_RDLOCK(LISTENER_LOCK, &global_listener_rwlock);
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
task_schedule(global_listener_queue_task, expire);
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task It is pretty similar to fbb934da90 ("BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task"). When the global management task is running, at the end of its process function, it resets the expire date by setting it to TICK_ETERNITY. In same time, a listener may reach a global limit and decides to schedule the task. Thus it is possible to queue the task and trigger the BUG_ON() on the expire date because its value was set to TICK_ETERNITY in the means time: FATAL: bug condition "task->expire == 0" matched at src/task.c:310 call trace(12): | 0x662de8 [b8 01 00 00 00 c6 00 00]: __task_queue+0xc7/0x11e | 0x63b03f [48 b8 04 00 00 00 05 00]: main+0x2535e | 0x63ed1a [e9 d2 fd ff ff 48 8b 45]: listener_accept+0xf72/0xfda | 0x6a36d3 [eb 01 90 c9 c3 55 48 89]: sock_accept_iocb+0x82/0x87 | 0x6af22f [48 8b 05 ca f9 13 00 8b]: fd_update_events+0x35a/0x497 | 0x42a7a8 [89 45 d8 83 7d d8 02 75]: main-0x1eb539 | 0x6158fb [48 8b 05 e6 06 1c 00 64]: run_poll_loop+0x2e7/0x319 | 0x615b6c [48 8b 05 ed 65 1d 00 48]: main-0x175 | 0x7ffff775bded [e9 69 fe ff ff 48 8b 4c]: libc:+0x8cded | 0x7ffff77e1370 [48 89 c7 b8 3c 00 00 00]: libc:+0x112370 To fix the bug, a RW lock is introduced. It is used to fix the race condition. A read lock is taken when the task is scheduled, in listener_accpet() and a write lock is used at the end of process function to set the expire date to TICK_ETERNITY. This lock should not be used very often and most of time by "readers". So, the impact should be really limited. This patch should fix the issue #1930. It must be backported as far as 1.8 with some cautions because the code has evolved a lot since then.
2022-11-17 13:40:20 +00:00
HA_RWLOCK_RDUNLOCK(LISTENER_LOCK, &global_listener_rwlock);
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
goto end;
limit_proxy:
/* (re-)queue the listener to the proxy's queue and set it to expire no
* later than <expire> ahead. The listener turns to LI_LIMITED.
*/
limit_listener(l, &p->listener_queue);
BUG/MAJOR: listener: do not schedule a task-less proxy Apparently seamingless commit 0591bf7deb ("MINOR: listener: make the wait paths cleaner and more reliable") caused a nasty regression and revealed a rare race that hits regtest stickiness/lb-services.vtc about 4% of the times for 8 threads. The problem is that when a multi-threaded listener wakes up on an incoming connection, several threads can receive the event, especially when idle. And all of them will race to accept the connections in parallel, adjusting the listener's nbconn and proxy's feconn until one reaches the proxy's limit and declines. At this step the changes are cancelled, the listener is marked "limited", and when the threads exit the function, one of them will unlimit the listener/proxy again so that it can accept incoming connections again. The problem happens when many threads connect to a small peers section because its maxconn is very limited (typically 6 for 2 peers), and it's sometimes possible for enough competing threads to hit the limit and one of them will limit the listener and queue the proxy's task... except that peers do not initialize their proxy task since they do not use rate limiting. Thus the process crashes when doing task_schedule(p->task). Prior to the cleanup patch above, this didn't happen because the error path that was dedicated to only limiting the listener did not call task_schedule(p->task). Given that the proxy's task is optional, and that the expire value passed there is always TICK_ETERNITY, it's sufficient and reasonable to avoid calling this task_schedule() when expire is not set. And for long term safety we can also avoid to do it when the task is not set. A first fix consisted in allocating a task for the peers proxies but it's never used and would eat resources for reason. No backport is needed as this commit was only merged into 2.2.
2020-01-08 18:15:07 +00:00
if (p->task && tick_isset(expire))
task_schedule(p->task, expire);
MINOR: listener: make the wait paths cleaner and more reliable In listener_accept() there are several situations where we have to wait for an event or a delay. These ones all implement their own call to limit_listener() and the associated task_schedule(). In addition to being ugly and confusing, one expire date computation is even wrong as it doesn't take in account the fact that we're using threads and that the value might change in the middle. Fortunately task_schedule() gets it right for us. This patch creates two jump locations, one for the global queue and one for the proxy queue, allowing the rest of the code to only compute the expire delay and jump to the right location.
2019-12-10 11:01:21 +00:00
goto end;
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 19:22:09 +00:00
}
MINOR: listener: new function listener_release Instead of duplicating some sensitive listener-specific code in the session and in the stream code, let's call listener_release() when releasing a connection attached to a listener.
2017-09-15 07:19:58 +00:00
/* Notify the listener that a connection initiated from it was released. This
* is used to keep the connection count consistent and to possibly re-open
* listening when it was limited.
*/
void listener_release(struct listener *l)
{
struct proxy *fe = l->bind_conf->frontend;
MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf These two flags are entirely for internal use and are even per proxy in practice since they're used for peers and CLI to indicate (for the first one) that the listener(s) are not subject to connection limits, and for the second that the listener(s) should not be stopped on soft-stop. No need to keep them in the listeners, let's move them to the bind_conf under names BC_O_UNLIMITED and BC_O_NOSTOP.
2023-01-12 18:58:42 +00:00
if (!(l->bind_conf->options & BC_O_UNLIMITED))
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&actconn);
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (fe)
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 11:53:36 +00:00
_HA_ATOMIC_DEC(&fe->feconn);
_HA_ATOMIC_DEC(&l->nbconn);
CLEANUP: listener: only store conn counts for local threads The listeners have a thr_conn[] array indexed on the thread number that is used during connection redispatching to know what threads are the least loaded. Since we introduced thread groups, and based on the fact that a listener may only belong to one group, there's no point storing counters for all threads, we just need to store them for all threads in the group. Doing so reduces the struct listener from 1500 to 632 bytes. This may be backported to 2.7 to save a bit of resources.
2023-02-28 09:25:57 +00:00
_HA_ATOMIC_DEC(&l->thr_conn[ti->ltid]);
BUG/MEDIUM: listener: make sure the listener never accepts too many conns We were not checking p->feconn nor the global actconn soon enough. In older versions this could result in a frontend accepting more connections than allowed by its maxconn or the global maxconn, exactly N-1 extra connections where N is the number of threads, provided each of these threads were running a different listener. But with the lock removal, it became worse, the excess could be the listener's maxconn multiplied by the number of threads. Among the nasty side effect was that LI_FULL could be removed while the limit was still over and in some cases the polling on the socket was no re-enabled. This commit takes care of updating and checking p->feconn and the global actconn *before* processing the connection, so that the listener can be turned off before accepting the socket if needed. This requires to move some of the bookkeeping operations form session to listen, which totally makes sense in this context. Now the limits are properly respected, even if a listener's maxconn is over a frontend's. This only applies on top of the listener lock removal series and doesn't have to be backported.
2019-02-27 18:32:32 +00:00
if (l->state == LI_FULL || l->state == LI_LIMITED)
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 16:19:58 +00:00
relax_listener(l, 0, 0);
MINOR: listener: new function listener_release Instead of duplicating some sensitive listener-specific code in the session and in the stream code, let's call listener_release() when releasing a connection attached to a listener.
2017-09-15 07:19:58 +00:00
Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" This reverts commit 62e8aaa1bd5ca96089eaa88487c700c4af4617f4. While is works extremely well to address SSL handshake floods, it prevents establishment of new connections during regular traffic above 50-60 Gbps, because for an unknown reason the queue seems to have ~1.7 active tasks per connection all the time, which makes no sense as these ought to be waiting on subscribed events. It might uncover a deeper issue but at least for now a different solution is needed. cf issue #822. The test is trivial to run, just start a config with tune.runqueue-depth 10 and inject on 1GB objects with more than 10 connections. Try to connect to the stats socket, it only works once, then the listeners are not dequeued.
2021-01-28 17:07:24 +00:00
/* Dequeues all of the listeners waiting for a resource */
dequeue_all_listeners();
BUG/MINOR: listener: null pointer dereference suspected by coverity Please refer to GH #1859 for more info. Coverity suspected improper proxy pointer handling. Without the fix it is considered safe for the moment, but it might not be the case in the future as we want to keep the ability to have isolated listeners. Making sure stop_listener(), pause_listener(), resume_listener() and listener_release() functions make proper use of px pointer in that context. No need for backport except if multi-connection protocols (ie:FTP) were to be backported as well.
2022-09-12 07:26:21 +00:00
if (fe && !MT_LIST_ISEMPTY(&fe->listener_queue) &&
MINOR: listener: new function listener_release Instead of duplicating some sensitive listener-specific code in the session and in the stream code, let's call listener_release() when releasing a connection attached to a listener.
2017-09-15 07:19:58 +00:00
(!fe->fe_sps_lim || freq_ctr_remain(&fe->fe_sess_per_sec, fe->fe_sps_lim, 0) > 0))
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 13:10:52 +00:00
dequeue_proxy_listeners(fe);
MINOR: listener: new function listener_release Instead of duplicating some sensitive listener-specific code in the session and in the stream code, let's call listener_release() when releasing a connection attached to a listener.
2017-09-15 07:19:58 +00:00
}
BUG/MAJOR: listener: fix thread safety in resume_listener() resume_listener() can be called from a thread not part of the listener's mask after a curr_conn has gone lower than a proxy's or the process' limit. This results in fd_may_recv() being called unlocked if the listener is bound to only one thread, and quickly locks up. This patch solves this by creating a per-thread work_list dedicated to listeners, and modifying resume_listener() so that it bounces the listener to one of its owning thread's work_list and waking it up. This thread will then call resume_listener() again and will perform the operation on the file descriptor itself. It is important to do it this way so that the listener's state cannot be modified while the listener is being moved, otherwise multiple threads can take conflicting decisions and the listener could be put back into the global queue if the listener was used at the same time. It seems like a slightly simpler approach would be possible if the locked list API would provide the ability to return a locked element. In this case the listener would be immediately requeued in dequeue_all_listeners() without having to go through resume_listener() with its associated lock. This fix must be backported to all versions having the lock-less accept loop, which is as far as 1.8 since deadlock fixes involving this feature had to be backported there. It is expected that the code should not differ too much there. However, previous commit "MINOR: task: introduce work lists" will be needed as well and should not present difficulties either. For 1.8, the commits introducing thread_mask() and LIST_ADDED() will be needed as well, either backporting my_flsl() or switching to my_ffsl() will be OK, and some changes will have to be performed so that the init function is properly called (and maybe the deinit one can be dropped). In order to test for the fix, simply set up a multi-threaded frontend with multiple bind lines each attached to a single thread (reproduced with 16 threads here), set up a very low maxconn value on the frontend, and inject heavy traffic on all listeners in parallel with slightly more connections than the configured limit ( typically +20%) so that it flips very frequently. If the bug is still there, at some point (5-20 seconds) the traffic will go much lower or even stop, either with spinning threads or not.
2019-07-11 08:08:31 +00:00
/* Initializes the listener queues. Returns 0 on success, otherwise ERR_* flags */
static int listener_queue_init()
{
MINOR: task: provide 3 task_new_* wrappers to simplify the API We'll need to improve the API to pass other arguments in the future, so let's start to adapt better to the current use cases. task_new() is used: - 18 times as task_new(tid_bit) - 18 times as task_new(MAX_THREADS_MASK) - 2 times with a single bit (in a loop) - 1 in the debug code that uses a mask This patch provides 3 new functions to achieve this: - task_new_here() to create a task on the calling thread - task_new_anywhere() to create a task to be run anywhere - task_new_on() to create a task to run on a specific thread The change is trivial and will allow us to later concentrate the required adaptations to these 3 functions only. It's still possible to call task_new() if needed but a comment was added to encourage the use of the new ones instead. The debug code was not changed and still uses it.
2021-10-01 16:23:30 +00:00
global_listener_queue_task = task_new_anywhere();
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
if (!global_listener_queue_task) {
ha_alert("Out of memory when initializing global listener queue\n");
return ERR_FATAL|ERR_ABORT;
}
/* very simple initialization, users will queue the task if needed */
global_listener_queue_task->context = NULL; /* not even a context! */
global_listener_queue_task->process = manage_global_listener_queue;
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task It is pretty similar to fbb934da90 ("BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task"). When the global management task is running, at the end of its process function, it resets the expire date by setting it to TICK_ETERNITY. In same time, a listener may reach a global limit and decides to schedule the task. Thus it is possible to queue the task and trigger the BUG_ON() on the expire date because its value was set to TICK_ETERNITY in the means time: FATAL: bug condition "task->expire == 0" matched at src/task.c:310 call trace(12): | 0x662de8 [b8 01 00 00 00 c6 00 00]: __task_queue+0xc7/0x11e | 0x63b03f [48 b8 04 00 00 00 05 00]: main+0x2535e | 0x63ed1a [e9 d2 fd ff ff 48 8b 45]: listener_accept+0xf72/0xfda | 0x6a36d3 [eb 01 90 c9 c3 55 48 89]: sock_accept_iocb+0x82/0x87 | 0x6af22f [48 8b 05 ca f9 13 00 8b]: fd_update_events+0x35a/0x497 | 0x42a7a8 [89 45 d8 83 7d d8 02 75]: main-0x1eb539 | 0x6158fb [48 8b 05 e6 06 1c 00 64]: run_poll_loop+0x2e7/0x319 | 0x615b6c [48 8b 05 ed 65 1d 00 48]: main-0x175 | 0x7ffff775bded [e9 69 fe ff ff 48 8b 4c]: libc:+0x8cded | 0x7ffff77e1370 [48 89 c7 b8 3c 00 00 00]: libc:+0x112370 To fix the bug, a RW lock is introduced. It is used to fix the race condition. A read lock is taken when the task is scheduled, in listener_accpet() and a write lock is used at the end of process function to set the expire date to TICK_ETERNITY. This lock should not be used very often and most of time by "readers". So, the impact should be really limited. This patch should fix the issue #1930. It must be backported as far as 1.8 with some cautions because the code has evolved a lot since then.
2022-11-17 13:40:20 +00:00
HA_RWLOCK_INIT(&global_listener_rwlock);
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
BUG/MAJOR: listener: fix thread safety in resume_listener() resume_listener() can be called from a thread not part of the listener's mask after a curr_conn has gone lower than a proxy's or the process' limit. This results in fd_may_recv() being called unlocked if the listener is bound to only one thread, and quickly locks up. This patch solves this by creating a per-thread work_list dedicated to listeners, and modifying resume_listener() so that it bounces the listener to one of its owning thread's work_list and waking it up. This thread will then call resume_listener() again and will perform the operation on the file descriptor itself. It is important to do it this way so that the listener's state cannot be modified while the listener is being moved, otherwise multiple threads can take conflicting decisions and the listener could be put back into the global queue if the listener was used at the same time. It seems like a slightly simpler approach would be possible if the locked list API would provide the ability to return a locked element. In this case the listener would be immediately requeued in dequeue_all_listeners() without having to go through resume_listener() with its associated lock. This fix must be backported to all versions having the lock-less accept loop, which is as far as 1.8 since deadlock fixes involving this feature had to be backported there. It is expected that the code should not differ too much there. However, previous commit "MINOR: task: introduce work lists" will be needed as well and should not present difficulties either. For 1.8, the commits introducing thread_mask() and LIST_ADDED() will be needed as well, either backporting my_flsl() or switching to my_ffsl() will be OK, and some changes will have to be performed so that the init function is properly called (and maybe the deinit one can be dropped). In order to test for the fix, simply set up a multi-threaded frontend with multiple bind lines each attached to a single thread (reproduced with 16 threads here), set up a very low maxconn value on the frontend, and inject heavy traffic on all listeners in parallel with slightly more connections than the configured limit ( typically +20%) so that it flips very frequently. If the bug is still there, at some point (5-20 seconds) the traffic will go much lower or even stop, either with spinning threads or not.
2019-07-11 08:08:31 +00:00
return 0;
}
static void listener_queue_deinit()
{
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
task_destroy(global_listener_queue_task);
global_listener_queue_task = NULL;
BUG/MAJOR: listener: fix thread safety in resume_listener() resume_listener() can be called from a thread not part of the listener's mask after a curr_conn has gone lower than a proxy's or the process' limit. This results in fd_may_recv() being called unlocked if the listener is bound to only one thread, and quickly locks up. This patch solves this by creating a per-thread work_list dedicated to listeners, and modifying resume_listener() so that it bounces the listener to one of its owning thread's work_list and waking it up. This thread will then call resume_listener() again and will perform the operation on the file descriptor itself. It is important to do it this way so that the listener's state cannot be modified while the listener is being moved, otherwise multiple threads can take conflicting decisions and the listener could be put back into the global queue if the listener was used at the same time. It seems like a slightly simpler approach would be possible if the locked list API would provide the ability to return a locked element. In this case the listener would be immediately requeued in dequeue_all_listeners() without having to go through resume_listener() with its associated lock. This fix must be backported to all versions having the lock-less accept loop, which is as far as 1.8 since deadlock fixes involving this feature had to be backported there. It is expected that the code should not differ too much there. However, previous commit "MINOR: task: introduce work lists" will be needed as well and should not present difficulties either. For 1.8, the commits introducing thread_mask() and LIST_ADDED() will be needed as well, either backporting my_flsl() or switching to my_ffsl() will be OK, and some changes will have to be performed so that the init function is properly called (and maybe the deinit one can be dropped). In order to test for the fix, simply set up a multi-threaded frontend with multiple bind lines each attached to a single thread (reproduced with 16 threads here), set up a very low maxconn value on the frontend, and inject heavy traffic on all listeners in parallel with slightly more connections than the configured limit ( typically +20%) so that it flips very frequently. If the bug is still there, at some point (5-20 seconds) the traffic will go much lower or even stop, either with spinning threads or not.
2019-07-11 08:08:31 +00:00
}
REGISTER_CONFIG_POSTPARSER("multi-threaded listener queue", listener_queue_init);
REGISTER_POST_DEINIT(listener_queue_deinit);
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
/* This is the global management task for listeners. It enables listeners waiting
* for global resources when there are enough free resource, or at least once in
MINOR: listener: export manage_global_listener_queue() This one pops up in tasks lists when running against a saturated listener.
2021-01-29 13:29:06 +00:00
* a while. It is designed to be called as a task. It's exported so that it's easy
* to spot in "show tasks" or "show profiling".
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
*/
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 15:09:26 +00:00
struct task *manage_global_listener_queue(struct task *t, void *context, unsigned int state)
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
{
/* If there are still too many concurrent connections, let's wait for
* some of them to go away. We don't need to re-arm the timer because
* each of them will scan the queue anyway.
*/
if (unlikely(actconn >= global.maxconn))
goto out;
/* We should periodically try to enable listeners waiting for a global
* resource here, because it is possible, though very unlikely, that
* they have been blocked by a temporary lack of global resource such
* as a file descriptor or memory and that the temporary condition has
* disappeared.
*/
dequeue_all_listeners();
out:
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task It is pretty similar to fbb934da90 ("BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task"). When the global management task is running, at the end of its process function, it resets the expire date by setting it to TICK_ETERNITY. In same time, a listener may reach a global limit and decides to schedule the task. Thus it is possible to queue the task and trigger the BUG_ON() on the expire date because its value was set to TICK_ETERNITY in the means time: FATAL: bug condition "task->expire == 0" matched at src/task.c:310 call trace(12): | 0x662de8 [b8 01 00 00 00 c6 00 00]: __task_queue+0xc7/0x11e | 0x63b03f [48 b8 04 00 00 00 05 00]: main+0x2535e | 0x63ed1a [e9 d2 fd ff ff 48 8b 45]: listener_accept+0xf72/0xfda | 0x6a36d3 [eb 01 90 c9 c3 55 48 89]: sock_accept_iocb+0x82/0x87 | 0x6af22f [48 8b 05 ca f9 13 00 8b]: fd_update_events+0x35a/0x497 | 0x42a7a8 [89 45 d8 83 7d d8 02 75]: main-0x1eb539 | 0x6158fb [48 8b 05 e6 06 1c 00 64]: run_poll_loop+0x2e7/0x319 | 0x615b6c [48 8b 05 ed 65 1d 00 48]: main-0x175 | 0x7ffff775bded [e9 69 fe ff ff 48 8b 4c]: libc:+0x8cded | 0x7ffff77e1370 [48 89 c7 b8 3c 00 00 00]: libc:+0x112370 To fix the bug, a RW lock is introduced. It is used to fix the race condition. A read lock is taken when the task is scheduled, in listener_accpet() and a write lock is used at the end of process function to set the expire date to TICK_ETERNITY. This lock should not be used very often and most of time by "readers". So, the impact should be really limited. This patch should fix the issue #1930. It must be backported as far as 1.8 with some cautions because the code has evolved a lot since then.
2022-11-17 13:40:20 +00:00
HA_RWLOCK_WRLOCK(LISTENER_LOCK, &global_listener_rwlock);
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
t->expire = TICK_ETERNITY;
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task It is pretty similar to fbb934da90 ("BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task"). When the global management task is running, at the end of its process function, it resets the expire date by setting it to TICK_ETERNITY. In same time, a listener may reach a global limit and decides to schedule the task. Thus it is possible to queue the task and trigger the BUG_ON() on the expire date because its value was set to TICK_ETERNITY in the means time: FATAL: bug condition "task->expire == 0" matched at src/task.c:310 call trace(12): | 0x662de8 [b8 01 00 00 00 c6 00 00]: __task_queue+0xc7/0x11e | 0x63b03f [48 b8 04 00 00 00 05 00]: main+0x2535e | 0x63ed1a [e9 d2 fd ff ff 48 8b 45]: listener_accept+0xf72/0xfda | 0x6a36d3 [eb 01 90 c9 c3 55 48 89]: sock_accept_iocb+0x82/0x87 | 0x6af22f [48 8b 05 ca f9 13 00 8b]: fd_update_events+0x35a/0x497 | 0x42a7a8 [89 45 d8 83 7d d8 02 75]: main-0x1eb539 | 0x6158fb [48 8b 05 e6 06 1c 00 64]: run_poll_loop+0x2e7/0x319 | 0x615b6c [48 8b 05 ed 65 1d 00 48]: main-0x175 | 0x7ffff775bded [e9 69 fe ff ff 48 8b 4c]: libc:+0x8cded | 0x7ffff77e1370 [48 89 c7 b8 3c 00 00 00]: libc:+0x112370 To fix the bug, a RW lock is introduced. It is used to fix the race condition. A read lock is taken when the task is scheduled, in listener_accpet() and a write lock is used at the end of process function to set the expire date to TICK_ETERNITY. This lock should not be used very often and most of time by "readers". So, the impact should be really limited. This patch should fix the issue #1930. It must be backported as far as 1.8 with some cautions because the code has evolved a lot since then.
2022-11-17 13:40:20 +00:00
HA_RWLOCK_WRUNLOCK(LISTENER_LOCK, &global_listener_rwlock);
REORG: listener: move the global listener queue code to listener.c The global listener queue code and declarations were still lying in haproxy.c while not needed there anymore at all. This complicates the code for no reason. As a result, the global_listener_queue_task and the global_listener_queue were made static.
2019-12-10 10:18:41 +00:00
return t;
}
REORG: listener: move the bind_conf's thread setup code to listener.c What used to be only two lines to apply a mask in a loop in check_config_validity() grew into a 130-line block that performs deeply listener-specific operations that do not have their place there anymore. In addition it's worth noting that the peers code still doesn't support shards nor being bound to more than one group, which is a second reason for moving that code to its own function. Nothing was changed except recreating the missing variables from the bind_conf itself (the fe only).
2023-04-22 21:25:38 +00:00
/* Applies the thread mask, shards etc to the bind_conf. It normally returns 0
* otherwie the number of errors. Upon error it may set error codes (ERR_*) in
* err_code. It is supposed to be called only once very late in the boot process
* after the bind_conf's thread_set is fixed. The function may emit warnings and
* alerts. Extra listeners may be created on the fly.
*/
int bind_complete_thread_setup(struct bind_conf *bind_conf, int *err_code)
{
struct proxy *fe = bind_conf->frontend;
struct listener *li, *new_li, *ref;
struct thread_set new_ts;
int shard, shards, todo, done, grp, dups;
ulong mask, gmask, bit;
int cfgerr = 0;
char *err;
err = NULL;
MINOR: listener: do not restrict CLI to first group anymore Now that we're able to run listeners on any set of groups, we don't need to maintain a special case about the stats socket anymore. It used to be forced to group 1 only so as to avoid startup failures in case several groups were configured, but if it's done now, it will automatically bind the needed FDs to have one per group so this is no more an issue.
2023-04-22 20:27:31 +00:00
if (thread_resolve_group_mask(&bind_conf->thread_set, 0, &err) < 0) {
MEDIUM: peers: call bind_complete_thread_setup() to finish the config The listeners in peers sections were still not handing the thread groups fine. Shards were silently ignored and if a listener was bound to more than one group, it would simply fail. Now we can call the dedicated function to resolve all this and possibly create the missing extra listeners. bind_complete_thread_setup() was adjusted to use the proxy_type_str() instead of writing "proxy" at the only place where this word was still hard-coded so that we continue to speak about peers sections when relevant.
2023-04-22 21:52:17 +00:00
ha_alert("%s '%s': %s in 'bind %s' at [%s:%d].\n",
proxy_type_str(fe),
REORG: listener: move the bind_conf's thread setup code to listener.c What used to be only two lines to apply a mask in a loop in check_config_validity() grew into a 130-line block that performs deeply listener-specific operations that do not have their place there anymore. In addition it's worth noting that the peers code still doesn't support shards nor being bound to more than one group, which is a second reason for moving that code to its own function. Nothing was changed except recreating the missing variables from the bind_conf itself (the fe only).
2023-04-22 21:25:38 +00:00
fe->id, err, bind_conf->arg, bind_conf->file, bind_conf->line);
free(err);
cfgerr++;
return cfgerr;
}
/* apply thread masks and groups to all receivers */
list_for_each_entry(li, &bind_conf->listeners, by_bind) {
shards = bind_conf->settings.shards;
todo = thread_set_count(&bind_conf->thread_set);
/* special values: -1 = "by-thread", -2 = "by-group" */
MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT Now if multiple shards are explicitly requested, and the listener's protocol doesn't support SO_REUSEPORT, sharding is disabled, which will result in the socket being automatically duped if needed. A warning is emitted when this happens. If "shards by-group" or "shards by-thread" are used, these will automatically be turned down to 1 since we want this to be possible easily using -dR on the command line without having to djust the config. For "by-thread", a diag warning will be emitted to help troubleshoot possible performance issues.
2023-04-22 09:38:55 +00:00
if (shards == -1) {
MINOR: protocol: add a function to check if some features are supported The new function protocol_supports_flag() checks the protocol flags to verify if some features are supported, but will support being extended to refine the tests. Let's use it to check for REUSEPORT.
2023-04-22 15:39:30 +00:00
if (protocol_supports_flag(li->rx.proto, PROTO_F_REUSEPORT_SUPPORTED))
MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT Now if multiple shards are explicitly requested, and the listener's protocol doesn't support SO_REUSEPORT, sharding is disabled, which will result in the socket being automatically duped if needed. A warning is emitted when this happens. If "shards by-group" or "shards by-thread" are used, these will automatically be turned down to 1 since we want this to be possible easily using -dR on the command line without having to djust the config. For "by-thread", a diag warning will be emitted to help troubleshoot possible performance issues.
2023-04-22 09:38:55 +00:00
shards = todo;
else {
if (fe != global.cli_fe)
ha_diag_warning("[%s:%d]: Disabling per-thread sharding for listener in"
" %s '%s' because SO_REUSEPORT is disabled\n",
bind_conf->file, bind_conf->line, proxy_type_str(fe), fe->id);
shards = 1;
}
}
REORG: listener: move the bind_conf's thread setup code to listener.c What used to be only two lines to apply a mask in a loop in check_config_validity() grew into a 130-line block that performs deeply listener-specific operations that do not have their place there anymore. In addition it's worth noting that the peers code still doesn't support shards nor being bound to more than one group, which is a second reason for moving that code to its own function. Nothing was changed except recreating the missing variables from the bind_conf itself (the fe only).
2023-04-22 21:25:38 +00:00
else if (shards == -2)
MINOR: protocol: add a function to check if some features are supported The new function protocol_supports_flag() checks the protocol flags to verify if some features are supported, but will support being extended to refine the tests. Let's use it to check for REUSEPORT.
2023-04-22 15:39:30 +00:00
shards = protocol_supports_flag(li->rx.proto, PROTO_F_REUSEPORT_SUPPORTED) ? my_popcountl(bind_conf->thread_set.grps) : 1;
REORG: listener: move the bind_conf's thread setup code to listener.c What used to be only two lines to apply a mask in a loop in check_config_validity() grew into a 130-line block that performs deeply listener-specific operations that do not have their place there anymore. In addition it's worth noting that the peers code still doesn't support shards nor being bound to more than one group, which is a second reason for moving that code to its own function. Nothing was changed except recreating the missing variables from the bind_conf itself (the fe only).
2023-04-22 21:25:38 +00:00
/* no more shards than total threads */
if (shards > todo)
shards = todo;
MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT Now if multiple shards are explicitly requested, and the listener's protocol doesn't support SO_REUSEPORT, sharding is disabled, which will result in the socket being automatically duped if needed. A warning is emitted when this happens. If "shards by-group" or "shards by-thread" are used, these will automatically be turned down to 1 since we want this to be possible easily using -dR on the command line without having to djust the config. For "by-thread", a diag warning will be emitted to help troubleshoot possible performance issues.
2023-04-22 09:38:55 +00:00
/* We also need to check if an explicit shards count was set and cannot be honored */
MINOR: protocol: add a function to check if some features are supported The new function protocol_supports_flag() checks the protocol flags to verify if some features are supported, but will support being extended to refine the tests. Let's use it to check for REUSEPORT.
2023-04-22 15:39:30 +00:00
if (shards > 1 && !protocol_supports_flag(li->rx.proto, PROTO_F_REUSEPORT_SUPPORTED)) {
MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT Now if multiple shards are explicitly requested, and the listener's protocol doesn't support SO_REUSEPORT, sharding is disabled, which will result in the socket being automatically duped if needed. A warning is emitted when this happens. If "shards by-group" or "shards by-thread" are used, these will automatically be turned down to 1 since we want this to be possible easily using -dR on the command line without having to djust the config. For "by-thread", a diag warning will be emitted to help troubleshoot possible performance issues.
2023-04-22 09:38:55 +00:00
ha_warning("[%s:%d]: Disabling sharding for listener in %s '%s' because SO_REUSEPORT is disabled\n",
bind_conf->file, bind_conf->line, proxy_type_str(fe), fe->id);
shards = 1;
}
REORG: listener: move the bind_conf's thread setup code to listener.c What used to be only two lines to apply a mask in a loop in check_config_validity() grew into a 130-line block that performs deeply listener-specific operations that do not have their place there anymore. In addition it's worth noting that the peers code still doesn't support shards nor being bound to more than one group, which is a second reason for moving that code to its own function. Nothing was changed except recreating the missing variables from the bind_conf itself (the fe only).
2023-04-22 21:25:38 +00:00
shard = done = grp = bit = mask = 0;
new_li = li;
while (shard < shards) {
memset(&new_ts, 0, sizeof(new_ts));
while (grp < global.nbtgroups && done < todo) {
/* enlarge mask to cover next bit of bind_thread till we
* have enough bits for one shard. We restart from the
* current grp+bit.
*/
/* first let's find the first non-empty group starting at <mask> */
if (!(bind_conf->thread_set.rel[grp] & ha_tgroup_info[grp].threads_enabled & ~mask)) {
grp++;
mask = 0;
continue;
}
/* take next unassigned bit */
bit = (bind_conf->thread_set.rel[grp] & ~mask) & -(bind_conf->thread_set.rel[grp] & ~mask);
new_ts.rel[grp] |= bit;
mask |= bit;
new_ts.grps |= 1UL << grp;
done += shards;
};
BUG_ON(!new_ts.grps); // no more bits left unassigned
/* Create all required listeners for all bound groups. If more than one group is
* needed, the first receiver serves as a reference, and subsequent ones point to
* it. We already have a listener available in new_li() so we only allocate a new
* one if we're not on the last one. We count the remaining groups by copying their
* mask into <gmask> and dropping the lowest bit at the end of the loop until there
* is no more. Ah yes, it's not pretty :-/
*/
ref = new_li;
gmask = new_ts.grps;
for (dups = 0; gmask; dups++) {
/* assign the first (and only) thread and group */
new_li->rx.bind_thread = thread_set_nth_tmask(&new_ts, dups);
new_li->rx.bind_tgroup = thread_set_nth_group(&new_ts, dups);
if (dups) {
/* it has been allocated already in the previous round */
shard_info_attach(&new_li->rx, ref->rx.shard_info);
new_li->rx.flags |= RX_F_MUST_DUP;
}
gmask &= gmask - 1; // drop lowest bit
if (gmask) {
/* yet another listener expected in this shard, let's
* chain it.
*/
struct listener *tmp_li = clone_listener(new_li);
if (!tmp_li) {
ha_alert("Out of memory while trying to allocate extra listener for group %u of shard %d in %s %s\n",
new_li->rx.bind_tgroup, shard, proxy_type_str(fe), fe->id);
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
return cfgerr;
}
/* if we're forced to create at least two listeners, we have to
* allocate a shared shard_info that's linked to from the reference
* and each other listener, so we'll create it here.
*/
if (!shard_info_attach(&ref->rx, NULL)) {
ha_alert("Out of memory while trying to allocate shard_info for listener for group %u of shard %d in %s %s\n",
new_li->rx.bind_tgroup, shard, proxy_type_str(fe), fe->id);
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
return cfgerr;
}
new_li = tmp_li;
}
}
done -= todo;
shard++;
if (shard >= shards)
break;
/* create another listener for new shards */
new_li = clone_listener(li);
if (!new_li) {
ha_alert("Out of memory while trying to allocate extra listener for shard %d in %s %s\n",
shard, proxy_type_str(fe), fe->id);
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
return cfgerr;
}
}
}
/* success */
return cfgerr;
}
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 21:17:10 +00:00
/*
* Registers the bind keyword list <kwl> as a list of valid keywords for next
* parsing sessions.
*/
void bind_register_keywords(struct bind_kw_list *kwl)
{
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 05:32:39 +00:00
LIST_APPEND(&bind_keywords.list, &kwl->list);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 21:17:10 +00:00
}
/* Return a pointer to the bind keyword <kw>, or NULL if not found. If the
* keyword is found with a NULL ->parse() function, then an attempt is made to
* find one with a valid ->parse() function. This way it is possible to declare
* platform-dependant, known keywords as NULL, then only declare them as valid
* if some options are met. Note that if the requested keyword contains an
* opening parenthesis, everything from this point is ignored.
*/
struct bind_kw *bind_find_kw(const char *kw)
{
int index;
const char *kwend;
struct bind_kw_list *kwl;
struct bind_kw *ret = NULL;
kwend = strchr(kw, '(');
if (!kwend)
kwend = kw + strlen(kw);
list_for_each_entry(kwl, &bind_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if ((strncmp(kwl->kw[index].kw, kw, kwend - kw) == 0) &&
kwl->kw[index].kw[kwend-kw] == 0) {
if (kwl->kw[index].parse)
return &kwl->kw[index]; /* found it !*/
else
ret = &kwl->kw[index]; /* may be OK */
}
}
}
return ret;
}
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 16:01:17 +00:00
/* Dumps all registered "bind" keywords to the <out> string pointer. The
* unsupported keywords are only dumped if their supported form was not
* found.
*/
void bind_dump_kws(char **out)
{
struct bind_kw_list *kwl;
int index;
MINOR: config: Don't dump keywords if argument is NULL Helper functions are used to dump bind, server or filter keywords. These functions are used to report errors during the configuration parsing. To have a coherent API, these functions are now prepared to handle a null pointer as argument. If so, no action is performed and functions immediately return. This patch should fix the issue #631. It is not a bug. There is no reason to backport it.
2020-05-18 10:14:18 +00:00
if (!out)
return;
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 16:01:17 +00:00
*out = NULL;
list_for_each_entry(kwl, &bind_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if (kwl->kw[index].parse ||
bind_find_kw(kwl->kw[index].kw) == &kwl->kw[index]) {
MINOR: listener: add a scope field in the bind keyword lists This scope is used to report what the keywords are used for (eg: TCP, UNIX, ...). It is now reported by bind_dump_kws().
2012-09-18 16:24:39 +00:00
memprintf(out, "%s[%4s] %s%s%s\n", *out ? *out : "",
kwl->scope,
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 16:01:17 +00:00
kwl->kw[index].kw,
MINOR: listener: add a scope field in the bind keyword lists This scope is used to report what the keywords are used for (eg: TCP, UNIX, ...). It is now reported by bind_dump_kws().
2012-09-18 16:24:39 +00:00
kwl->kw[index].skip ? " <arg>" : "",
kwl->kw[index].parse ? "" : " (not supported)");
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 16:01:17 +00:00
}
}
}
}
MINOR: cfgparse/bind: suggest correct spelling for unknown bind keywords Just like with the server keywords, now's the turn of "bind" keywords. The difference is that 100% of the bind keywords are registered, thus we do not need the list of extra keywords. There are multiple bind line parsers today, all were updated: - peers - log - dgram-bind - cli $ printf "listen f\nbind :8000 tcut\n" | ./haproxy -c -f /dev/stdin [NOTICE] 070/101358 (25146) : haproxy version is 2.4-dev11-7b8787-26 [NOTICE] 070/101358 (25146) : path to executable is ./haproxy [ALERT] 070/101358 (25146) : parsing [/dev/stdin:2] : 'bind :8000' unknown keyword 'tcut'; did you mean 'tcp-ut' maybe ? [ALERT] 070/101358 (25146) : Error(s) found in configuration file : /dev/stdin [ALERT] 070/101358 (25146) : Fatal errors found in configuration.
2021-03-12 09:14:07 +00:00
/* Try to find in srv_keyword the word that looks closest to <word> by counting
* transitions between letters, digits and other characters. Will return the
* best matching word if found, otherwise NULL.
*/
const char *bind_find_best_kw(const char *word)
{
uint8_t word_sig[1024];
uint8_t list_sig[1024];
const struct bind_kw_list *kwl;
const char *best_ptr = NULL;
int dist, best_dist = INT_MAX;
int index;
make_word_fingerprint(word_sig, word);
list_for_each_entry(kwl, &bind_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
make_word_fingerprint(list_sig, kwl->kw[index].kw);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = kwl->kw[index].kw;
}
}
}
if (best_dist > 2 * strlen(word) || (best_ptr && best_dist > 2 * strlen(best_ptr)))
best_ptr = NULL;
return best_ptr;
}
REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c These functions have no reason for being inlined, and they require some includes with long dependencies. Let's move them to listener.c and trim unused includes in listener.h.
2021-10-06 07:05:08 +00:00
/* allocate an bind_conf struct for a bind line, and chain it to the frontend <fe>.
* If <arg> is not NULL, it is duplicated into ->arg to store useful config
* information for error reporting. NULL is returned on error.
*/
struct bind_conf *bind_conf_alloc(struct proxy *fe, const char *file,
int line, const char *arg, struct xprt_ops *xprt)
{
struct bind_conf *bind_conf = calloc(1, sizeof(*bind_conf));
if (!bind_conf)
goto err;
bind_conf->file = strdup(file);
if (!bind_conf->file)
goto err;
bind_conf->line = line;
if (arg) {
bind_conf->arg = strdup(arg);
if (!bind_conf->arg)
goto err;
}
LIST_APPEND(&fe->conf.bind, &bind_conf->by_fe);
bind_conf->settings.ux.uid = -1;
bind_conf->settings.ux.gid = -1;
bind_conf->settings.ux.mode = 0;
MINOR: listener: add a new global tune.listener.default-shards setting This new setting accepts "by-process", "by-group" and "by-thread" and will dictate how listeners will be sharded by default when nothing is specified. While the default remains "by-process", "by-group" should be much more efficient with many threads, while not changing anything for single-group setups.
2023-04-22 20:06:23 +00:00
bind_conf->settings.shards = global.tune.default_shards;
REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c These functions have no reason for being inlined, and they require some includes with long dependencies. Let's move them to listener.c and trim unused includes in listener.h.
2021-10-06 07:05:08 +00:00
bind_conf->xprt = xprt;
bind_conf->frontend = fe;
MEDIUM: listener: move the analysers mask to the bind_conf When bind_conf were created, some elements such as the analysers mask ought to have moved there but that wasn't the case. Now that it's getting clearer that bind_conf provides all binding parameters and the listener is essentially a listener on an address, it's starting to get really confusing to keep such parameters in the listener, so let's move the mask to the bind_conf. We also take this opportunity for pre-setting the mask to the frontend's upon initalization. Now several loops have one less argument to take care of.
2023-01-12 17:39:42 +00:00
bind_conf->analysers = fe->fe_req_ana;
REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c These functions have no reason for being inlined, and they require some includes with long dependencies. Let's move them to listener.c and trim unused includes in listener.h.
2021-10-06 07:05:08 +00:00
bind_conf->severity_output = CLI_SEVERITY_NONE;
#ifdef USE_OPENSSL
HA_RWLOCK_INIT(&bind_conf->sni_lock);
bind_conf->sni_ctx = EB_ROOT;
bind_conf->sni_w_ctx = EB_ROOT;
#endif
LIST_INIT(&bind_conf->listeners);
MINOR: proto_reverse_connect: parse rev@ addresses for bind Implement parsing for "rev@" addresses on bind line. On config parsing, server name is stored on the bind_conf. Several new callbacks are defined on reverse_connect protocol to complete parsing. listen callback is used to retrieve the server instance from the bind_conf server name. If found, the server instance is stored on the receiver. Checks are implemented to ensure HTTP/2 protocol only is used by the server.
2023-08-07 15:56:36 +00:00
bind_conf->reverse_srvname = NULL;
REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c These functions have no reason for being inlined, and they require some includes with long dependencies. Let's move them to listener.c and trim unused includes in listener.h.
2021-10-06 07:05:08 +00:00
return bind_conf;
err:
if (bind_conf) {
ha_free(&bind_conf->file);
ha_free(&bind_conf->arg);
}
ha_free(&bind_conf);
return NULL;
}
const char *listener_state_str(const struct listener *l)
{
static const char *states[8] = {
"NEW", "INI", "ASS", "PAU", "LIS", "RDY", "FUL", "LIM",
};
unsigned int st = l->state;
if (st >= sizeof(states) / sizeof(*states))
return "INVALID";
return states[st];
}
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/************************************************************************/
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
/* All supported sample and ACL keywords must be declared here. */
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/************************************************************************/
MEDIUM: acl: use temp_pattern to store any integer-type information All ACL fetches which return integer value now store the result into the temporary pattern struct. All ACL matches which rely on integer also get their value there. Note: the pattern data types are not set right now.
2011-12-16 16:06:15 +00:00
/* set temp integer to the number of connexions to the same listening socket */
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
static int
MEDIUM: sample: change the prototype of sample-fetches functions This patch removes the "opt" entry from the prototype of the sample-fetches fucntions. This permits to remove some weight in the prototype call.
2015-05-11 13:42:45 +00:00
smp_fetch_dconn(const struct arg *args, struct sample *smp, const char *kw, void *private)
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
{
MEDIUM: samples: Use the "struct sample_data" in the "struct sample" This patch remove the struct information stored both in the struct sample_data and in the striuct sample. Now, only thestruct sample_data contains data, and the struct sample use the struct sample_data for storing his own data.
2015-08-19 07:00:18 +00:00
smp->data.type = SMP_T_SINT;
MINOR: samples: rename union from "data" to "u" The union name "data" is a little bit heavy while we read the source code because we can read "data.data.sint". The rename from "data" to "u" makes the read easiest like "data.u.sint".
2015-08-19 07:07:19 +00:00
smp->data.u.sint = smp->sess->listener->nbconn;
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
return 1;
}
MEDIUM: acl: use temp_pattern to store any integer-type information All ACL fetches which return integer value now store the result into the temporary pattern struct. All ACL matches which rely on integer also get their value there. Note: the pattern data types are not set right now.
2011-12-16 16:06:15 +00:00
/* set temp integer to the id of the socket (listener) */
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
static int
MEDIUM: sample: change the prototype of sample-fetches functions This patch removes the "opt" entry from the prototype of the sample-fetches fucntions. This permits to remove some weight in the prototype call.
2015-05-11 13:42:45 +00:00
smp_fetch_so_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
MAJOR: acl: make use of the new sample struct and get rid of acl_test This change is invasive in lines of code but not much in terms of functionalities as it's mainly a replacement of struct acl_test with struct sample.
2012-04-23 14:16:37 +00:00
{
MEDIUM: samples: Use the "struct sample_data" in the "struct sample" This patch remove the struct information stored both in the struct sample_data and in the striuct sample. Now, only thestruct sample_data contains data, and the struct sample use the struct sample_data for storing his own data.
2015-08-19 07:00:18 +00:00
smp->data.type = SMP_T_SINT;
MINOR: samples: rename union from "data" to "u" The union name "data" is a little bit heavy while we read the source code because we can read "data.data.sint". The rename from "data" to "u" makes the read easiest like "data.u.sint".
2015-08-19 07:07:19 +00:00
smp->data.u.sint = smp->sess->listener->luid;
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
return 1;
}
MINOR: listener: add so_name sample fetch Add a sample fetch for the name of a bind. This can be useful to take decisions when PROXY protocol is used and we can't rely on dst, such as the sample config below. defaults mode http listen bar bind 127.0.0.1:1111 server s1 127.0.1.1:1234 send-proxy listen foo bind 127.0.1.1:1234 name foo accept-proxy http-request return status 200 hdr dst %[dst] if { dst 127.0.1.1 }
2020-03-27 21:08:40 +00:00
static int
smp_fetch_so_name(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
smp->data.u.str.area = smp->sess->listener->name;
if (!smp->data.u.str.area)
return 0;
smp->data.type = SMP_T_STR;
smp->flags = SMP_F_CONST;
smp->data.u.str.data = strlen(smp->data.u.str.area);
return 1;
}
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
/* parse the "accept-proxy" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_accept_proxy(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
MINOR: listener: move the ACC_PROXY and ACC_CIP options to bind_conf These are only set per bind line and used when creating a sessions, we can move them to the bind_conf under the names BC_O_ACC_PROXY and BC_O_ACC_CIP respectively.
2023-01-12 18:48:50 +00:00
conf->options |= BC_O_ACC_PROXY;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return 0;
}
MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword When NetScaler application switch is used as L3+ switch, informations regarding the original IP and TCP headers are lost as a new TCP connection is created between the NetScaler and the backend server. NetScaler provides a feature to insert in the TCP data the original data that can then be consumed by the backend server. Specifications and documentations from NetScaler: https://support.citrix.com/article/CTX205670 https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ When CIP is enabled on the NetScaler, then a TCP packet is inserted just after the TCP handshake. This is composed as: - CIP magic number : 4 bytes Both sender and receiver have to agree on a magic number so that they both handle the incoming data as a NetScaler Client IP insertion packet. - Header length : 4 bytes Defines the length on the remaining data. - IP header : >= 20 bytes if IPv4, 40 bytes if IPv6 Contains the header of the last IP packet sent by the client during TCP handshake. - TCP header : >= 20 bytes Contains the header of the last TCP packet sent by the client during TCP handshake.
2016-06-04 14:11:10 +00:00
/* parse the "accept-netscaler-cip" bind keyword */
static int bind_parse_accept_netscaler_cip(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
uint32_t val;
if (!*args[cur_arg + 1]) {
memprintf(err, "'%s' : missing value", args[cur_arg]);
return ERR_ALERT | ERR_FATAL;
}
val = atol(args[cur_arg + 1]);
if (val <= 0) {
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 14:39:41 +00:00
memprintf(err, "'%s' : invalid value %d, must be >= 0", args[cur_arg], val);
MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword When NetScaler application switch is used as L3+ switch, informations regarding the original IP and TCP headers are lost as a new TCP connection is created between the NetScaler and the backend server. NetScaler provides a feature to insert in the TCP data the original data that can then be consumed by the backend server. Specifications and documentations from NetScaler: https://support.citrix.com/article/CTX205670 https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ When CIP is enabled on the NetScaler, then a TCP packet is inserted just after the TCP handshake. This is composed as: - CIP magic number : 4 bytes Both sender and receiver have to agree on a magic number so that they both handle the incoming data as a NetScaler Client IP insertion packet. - Header length : 4 bytes Defines the length on the remaining data. - IP header : >= 20 bytes if IPv4, 40 bytes if IPv6 Contains the header of the last IP packet sent by the client during TCP handshake. - TCP header : >= 20 bytes Contains the header of the last TCP packet sent by the client during TCP handshake.
2016-06-04 14:11:10 +00:00
return ERR_ALERT | ERR_FATAL;
}
MINOR: listener: move the ACC_PROXY and ACC_CIP options to bind_conf These are only set per bind line and used when creating a sessions, we can move them to the bind_conf under the names BC_O_ACC_PROXY and BC_O_ACC_CIP respectively.
2023-01-12 18:48:50 +00:00
conf->options |= BC_O_ACC_CIP;
conf->ns_cip_magic = val;
MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword When NetScaler application switch is used as L3+ switch, informations regarding the original IP and TCP headers are lost as a new TCP connection is created between the NetScaler and the backend server. NetScaler provides a feature to insert in the TCP data the original data that can then be consumed by the backend server. Specifications and documentations from NetScaler: https://support.citrix.com/article/CTX205670 https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ When CIP is enabled on the NetScaler, then a TCP packet is inserted just after the TCP handshake. This is composed as: - CIP magic number : 4 bytes Both sender and receiver have to agree on a magic number so that they both handle the incoming data as a NetScaler Client IP insertion packet. - Header length : 4 bytes Defines the length on the remaining data. - IP header : >= 20 bytes if IPv4, 40 bytes if IPv6 Contains the header of the last IP packet sent by the client during TCP handshake. - TCP header : >= 20 bytes Contains the header of the last TCP packet sent by the client during TCP handshake.
2016-06-04 14:11:10 +00:00
return 0;
}
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
/* parse the "backlog" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_backlog(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
int val;
if (!*args[cur_arg + 1]) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : missing value", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
val = atol(args[cur_arg + 1]);
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 14:39:41 +00:00
if (val < 0) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : invalid value %d, must be > 0", args[cur_arg], val);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MINOR: listener: move the backlog setting from listener to bind_conf The backlog setting is also defined by the bind_conf, so let's move it there.
2023-01-12 17:55:13 +00:00
conf->backlog = val;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return 0;
}
/* parse the "id" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_id(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
struct eb32_node *node;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
struct listener *l, *new;
BUG/MINOR: conf: "listener id" expects integer, but its not checked The listener id was converted with a simple atol, so conversion error are unchecked. This patch uses strtol and checks the conversion status.
2016-02-26 07:45:58 +00:00
char *error;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
if (conf->listeners.n != conf->listeners.p) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' can only be used with a single socket", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
if (!*args[cur_arg + 1]) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : expects an integer argument", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
new = LIST_NEXT(&conf->listeners, struct listener *, by_bind);
BUG/MINOR: conf: "listener id" expects integer, but its not checked The listener id was converted with a simple atol, so conversion error are unchecked. This patch uses strtol and checks the conversion status.
2016-02-26 07:45:58 +00:00
new->luid = strtol(args[cur_arg + 1], &error, 10);
if (*error != '\0') {
memprintf(err, "'%s' : expects an integer argument, found '%s'", args[cur_arg], args[cur_arg + 1]);
return ERR_ALERT | ERR_FATAL;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
new->conf.id.key = new->luid;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
if (new->luid <= 0) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : custom id has to be > 0", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
node = eb32_lookup(&px->conf.used_listener_id, new->luid);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
if (node) {
l = container_of(node, struct listener, conf.id);
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : custom id %d already used at %s:%d ('bind %s')",
args[cur_arg], l->luid, l->bind_conf->file, l->bind_conf->line,
l->bind_conf->arg);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
eb32_insert(&px->conf.used_listener_id, &new->conf.id);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return 0;
}
MINOR: listener: provide a function to process all of a bind_conf's arguments The "bind" parsing code was duplicated for the peers section and as a result it wasn't kept updated, resulting in slightly different error behavior (e.g. errors were not freed, warnings were emitted as alerts) Let's first unify it into a new dedicated function that properly reports and frees the error.
2022-05-20 13:41:45 +00:00
/* Complete a bind_conf by parsing the args after the address. <args> is the
* arguments array, <cur_arg> is the first one to be considered. <section> is
* the section name to report in error messages, and <file> and <linenum> are
* the file name and line number respectively. Note that args[0..1] are used
* in error messages to provide some context. The return value is an error
* code, zero on success or an OR of ERR_{FATAL,ABORT,ALERT,WARN}.
*/
int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg, const char *section, const char *file, int linenum)
{
int err_code = 0;
while (*(args[cur_arg])) {
struct bind_kw *kw;
const char *best;
kw = bind_find_kw(args[cur_arg]);
if (kw) {
char *err = NULL;
int code;
if (!kw->parse) {
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : '%s' option is not implemented in this version (check build options).\n",
file, linenum, args[0], args[1], section, args[cur_arg]);
cur_arg += 1 + kw->skip ;
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
code = kw->parse(args, cur_arg, bind_conf->frontend, bind_conf, &err);
err_code |= code;
if (code) {
if (err && *err) {
indent_msg(&err, 2);
if (((code & (ERR_WARN|ERR_ALERT)) == ERR_WARN))
ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : %s\n", file, linenum, args[0], args[1], section, err);
else
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : %s\n", file, linenum, args[0], args[1], section, err);
}
else
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : error encountered while processing '%s'.\n",
file, linenum, args[0], args[1], section, args[cur_arg]);
if (code & ERR_FATAL) {
free(err);
cur_arg += 1 + kw->skip;
goto out;
}
}
free(err);
cur_arg += 1 + kw->skip;
continue;
}
best = bind_find_best_kw(args[cur_arg]);
if (best)
ha_alert("parsing [%s:%d] : '%s %s' in section '%s': unknown keyword '%s'; did you mean '%s' maybe ?\n",
file, linenum, args[0], args[1], section, args[cur_arg], best);
else
ha_alert("parsing [%s:%d] : '%s %s' in section '%s': unknown keyword '%s'.\n",
file, linenum, args[0], args[1], section, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: listener: detect stream vs dgram conflict during parsing Now that we have a function to parse all bind keywords, and that we know what types of sock-level and xprt-level protocols a bind_conf is using, it's easier to centralize the check for stream vs dgram conflict by putting it directly at the end of the args parser. This way it also works for peers, provides better precision in the report, and will also allow to validate transport layers. The check was even extended to detect inconsistencies between xprt layer (which were not covered before). It can even detect that there are two incompatible "bind" lines in a single peers section.
2022-05-20 14:20:52 +00:00
if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM) ||
(bind_conf->options & (BC_O_USE_XPRT_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_XPRT_DGRAM|BC_O_USE_XPRT_STREAM)) {
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : cannot mix datagram and stream protocols.\n",
file, linenum, args[0], args[1], section);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: listener: set the QUIC xprt layer immediately after parsing the args It used to be set when parsing the listeners' addresses but this comes with some difficulties in that other places have to be careful not to replace it (e.g. the "ssl" keyword parser). Now we know what protocols a bind_conf line relies on, we can set it after having parsed the whole line.
2022-05-20 15:10:00 +00:00
/* The transport layer automatically switches to QUIC when QUIC is
* selected, regardless of bind_conf settings. We then need to
* initialize QUIC params.
*/
if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) {
#ifdef USE_QUIC
bind_conf->xprt = xprt_get(XPRT_QUIC);
MINOR: listener: automatically enable SSL if a QUIC transport is found When a bind line is configured without the "ssl" keyword, a warning is emitted and a crash happens at runtime: bind quic4@:4449 crt rsa+dh2048.pem alpn h3 allow-0rtt [WARNING] (17867) : config : Proxy 'decrypt': A certificate was specified but SSL was not enabled on bind 'quic4@:4449' at [quic-mini.cfg:24] (use 'ssl'). Let's automatically turn SSL on when QUIC is detected, as it doesn't exist without SSL anyway. It solves the runtime issue, and also makes sure it is not possible to accidentally configure a quic listener with no certificate since the error is detected via the SSL checks. A warning is emitted in this case, to encourage the user to fix the configuration so that it remains reviewable.
2022-05-20 16:16:52 +00:00
if (!(bind_conf->options & BC_O_USE_SSL)) {
bind_conf->options |= BC_O_USE_SSL;
ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n",
file, linenum, args[0], args[1], section);
}
MINOR: listener: set the QUIC xprt layer immediately after parsing the args It used to be set when parsing the listeners' addresses but this comes with some difficulties in that other places have to be careful not to replace it (e.g. the "ssl" keyword parser). Now we know what protocols a bind_conf line relies on, we can set it after having parsed the whole line.
2022-05-20 15:10:00 +00:00
quic_transport_params_init(&bind_conf->quic_params, 1);
#else
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n",
file, linenum, args[0], args[1], section);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known We used to preset XPRT_SSL on bind_conf->xprt when parsing the "ssl" keyword, which required to be careful about what QUIC could have set before, and which makes it impossible to consider the whole line to set all options. Now that we have the BC_O_USE_SSL option on the bind_conf, it becomes easier to set XPRT_SSL only once the bind_conf's args are parsed.
2022-05-20 15:14:31 +00:00
else if (bind_conf->options & BC_O_USE_SSL) {
bind_conf->xprt = xprt_get(XPRT_SSL);
}
MINOR: listener: set the QUIC xprt layer immediately after parsing the args It used to be set when parsing the listeners' addresses but this comes with some difficulties in that other places have to be careful not to replace it (e.g. the "ssl" keyword parser). Now we know what protocols a bind_conf line relies on, we can set it after having parsed the whole line.
2022-05-20 15:10:00 +00:00
MINOR: listener: provide a function to process all of a bind_conf's arguments The "bind" parsing code was duplicated for the peers section and as a result it wasn't kept updated, resulting in slightly different error behavior (e.g. errors were not freed, warnings were emitted as alerts) Let's first unify it into a new dedicated function that properly reports and frees the error.
2022-05-20 13:41:45 +00:00
out:
return err_code;
}
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
/* parse the "maxconn" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_maxconn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
int val;
if (!*args[cur_arg + 1]) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : missing value", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
val = atol(args[cur_arg + 1]);
MINOR: listener: do not needlessly set l->maxconn It's pointless to always set and maintain l->maxconn because the accept loop already enforces the frontend's limit anyway. Thus let's stop setting this value by default and keep it to zero meaning "no limit". This way the frontend's maxconn will be used by default. Of course if a value is set, it will be enforced.
2019-02-27 15:49:00 +00:00
if (val < 0) {
memprintf(err, "'%s' : invalid value %d, must be >= 0", args[cur_arg], val);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MINOR: listener: move the maxconn parameter to the bind_conf The maxconn is set per bind line so let's move it there. This might possibly even slightly reduce inter-thread contention since this one is read-mostly and it was stored next to nbconn which changes for each connection setup or teardown.
2023-01-12 17:59:37 +00:00
conf->maxconn = val;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return 0;
}
/* parse the "name" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_name(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
struct listener *l;
if (!*args[cur_arg + 1]) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : missing name", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
list_for_each_entry(l, &conf->listeners, by_bind)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
l->name = strdup(args[cur_arg + 1]);
return 0;
}
/* parse the "nice" bind keyword */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 14:48:07 +00:00
static int bind_parse_nice(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{
int val;
if (!*args[cur_arg + 1]) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : missing value", args[cur_arg]);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
val = atol(args[cur_arg + 1]);
if (val < -1024 || val > 1024) {
MINOR: standard: make memprintf() support a NULL destination Doing so removes many checks that were systematically made because the callees don't know if the caller passed a valid pointer.
2012-09-20 17:43:14 +00:00
memprintf(err, "'%s' : invalid value %d, allowed range is -1024..1024", args[cur_arg], val);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return ERR_ALERT | ERR_FATAL;
}
MINOR: listener: move the nice field to the bind_conf This is another bind line setting which can move to the bind_conf. Note that it leaves a 2-byte hole in the listener struct.
2023-01-12 18:32:45 +00:00
conf->nice = val;
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
return 0;
}
MEDIUM: listener: parse the new "process" bind keyword This sets the bind_proc entry in the bind_conf config block. For now it's still unused, but the doc was updated.
2014-05-07 17:01:58 +00:00
/* parse the "process" bind keyword */
static int bind_parse_process(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
MEDIUM: config: remove the "process" keyword on "bind" lines It was deprecated, marked for removal in 2.7 and was already emitting a warning, let's get rid of it. Note that we've kept the keyword detection to suggest to use "thread" instead.
2022-07-15 15:16:01 +00:00
memprintf(err, "'process %s' on 'bind' lines is not supported anymore, please use 'thread' instead.", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
MEDIUM: listener: parse the new "process" bind keyword This sets the bind_proc entry in the bind_conf config block. For now it's still unused, but the doc was updated.
2014-05-07 17:01:58 +00:00
}
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
MINOR: mux/frontend: Add 'proto' keyword to force the mux protocol For now, it is parsed but not used. Tests are done on it to check if the side and the mode are compatible with the proxy's definition.
2018-04-10 12:43:00 +00:00
/* parse the "proto" bind keyword */
static int bind_parse_proto(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
struct ist proto;
if (!*args[cur_arg + 1]) {
memprintf(err, "'%s' : missing value", args[cur_arg]);
return ERR_ALERT | ERR_FATAL;
}
CLEANUP: Use the ist() macro whenever possible Refactoring performed with the following Coccinelle patch: @@ char *s; @@ ( - ist2(s, strlen(s)) + ist(s) | - ist2(strdup(s), strlen(s)) + ist(strdup(s)) ) Note that this replacement is safe even in the strdup() case, because `ist()` will not call `strlen()` on a `NULL` pointer. Instead is inserts a length of `0`, effectively resulting in `IST_NULL`.
2021-03-04 16:31:47 +00:00
proto = ist(args[cur_arg + 1]);
MINOR: mux/frontend: Add 'proto' keyword to force the mux protocol For now, it is parsed but not used. Tests are done on it to check if the side and the mode are compatible with the proxy's definition.
2018-04-10 12:43:00 +00:00
conf->mux_proto = get_mux_proto(proto);
if (!conf->mux_proto) {
memprintf(err, "'%s' : unknown MUX protocol '%s'", args[cur_arg], args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
}
return 0;
}
MINOR: bind-conf: support a new shards value: "by-group" Setting "shards by-group" will create one shard per thread group. This can often be a reasonable tradeoff between a single one that can be suboptimal on CPUs with many cores, and too many that will eat a lot of file descriptors. It was shown to provide good results on a 224 thread machine, with a distribution that was even smoother than the system's since here it can take into account the number of connections per thread in the group. Depending on how popular it becomes, it could even become the default setting in a future version.
2023-04-13 15:25:43 +00:00
/* parse the "shards" bind keyword. Takes an integer, "by-thread", or "by-group" */
MEDIUM: listener: add the "shards" bind keyword In multi-threaded mode, on operating systems supporting multiple listeners on the same IP:port, this will automatically create this number of multiple identical listeners for the same line, all bound to a fair share of the number of the threads attached to this listener. This can sometimes be useful when using very large thread counts where the in-kernel locking on a single socket starts to cause a significant overhead. In this case the incoming traffic is distributed over multiple sockets and the contention is reduced. Note that doing this can easily increase the CPU usage by making more threads work a little bit. If the number of shards is higher than the number of available threads, it will automatically be trimmed to the number of threads. A special value "by-thread" will automatically assign one shard per thread.
2021-10-12 13:23:03 +00:00
static int bind_parse_shards(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
int val;
if (!*args[cur_arg + 1]) {
memprintf(err, "'%s' : missing value", args[cur_arg]);
return ERR_ALERT | ERR_FATAL;
}
if (strcmp(args[cur_arg + 1], "by-thread") == 0) {
MINOR: receiver: reserve special values for "shards" Instead of artificially setting the shards count to MAX_THREAD when "by-thread" is used, let's reserve special values for symbolic names so that we can add more in the future. For now we use value -1 for "by-thread", which requires to turn the type to signed int but it was already used as such everywhere anyway.
2023-04-13 15:11:23 +00:00
val = -1; /* -1 = "by-thread", will be fixed in check_config_validity() */
MINOR: bind-conf: support a new shards value: "by-group" Setting "shards by-group" will create one shard per thread group. This can often be a reasonable tradeoff between a single one that can be suboptimal on CPUs with many cores, and too many that will eat a lot of file descriptors. It was shown to provide good results on a 224 thread machine, with a distribution that was even smoother than the system's since here it can take into account the number of connections per thread in the group. Depending on how popular it becomes, it could even become the default setting in a future version.
2023-04-13 15:25:43 +00:00
} else if (strcmp(args[cur_arg + 1], "by-group") == 0) {
val = -2; /* -2 = "by-group", will be fixed in check_config_validity() */
MEDIUM: listener: add the "shards" bind keyword In multi-threaded mode, on operating systems supporting multiple listeners on the same IP:port, this will automatically create this number of multiple identical listeners for the same line, all bound to a fair share of the number of the threads attached to this listener. This can sometimes be useful when using very large thread counts where the in-kernel locking on a single socket starts to cause a significant overhead. In this case the incoming traffic is distributed over multiple sockets and the contention is reduced. Note that doing this can easily increase the CPU usage by making more threads work a little bit. If the number of shards is higher than the number of available threads, it will automatically be trimmed to the number of threads. A special value "by-thread" will automatically assign one shard per thread.
2021-10-12 13:23:03 +00:00
} else {
val = atol(args[cur_arg + 1]);
if (val < 1 || val > MAX_THREADS) {
memprintf(err, "'%s' : invalid value %d, allowed range is %d..%d or 'by-thread'", args[cur_arg], val, 1, MAX_THREADS);
return ERR_ALERT | ERR_FATAL;
}
}
conf->settings.shards = val;
return 0;
}
MEDIUM: listener/config: make the "thread" parser rely on thread_sets Instead of reading and storing a single group and a single mask for a "thread" directive on a bind line, we now store the complete range in a thread set that's stored in the bind_conf. The bind_parse_thread() function now just calls parse_thread_set() to complete the current set, which starts empty, and thread_resolve_group_mask() was updated to support retrieving thread group numbers or absolute thread numbers directly from the pre-filled thread_set, and continue to feed bind_tgroup and bind_thread. The CLI parsers which were pre-initialized to set the bind_tgroup to 1 cannot do it anymore as it would prevent one from restricting the thread set. Instead check_config_validity() now detects the CLI frontend and passes the info down to thread_resolve_group_mask() that will automatically use only the group 1's threads for these listeners. The same is done for the peers listeners for now. At this step it's already possible to start with all previous valid configs as well as extended ones supporting comma-delimited thread sets. In addition the parser already accepts large ranges spanning multiple groups, but since the underlying listeners infrastructure is not read, for now we're maintaining a specific check against this at the higher level of the config validity check. The patch is a bit large because thread resolution is performed in multiple steps, so we need to adjust all of them at once to preserve functional and technical consistency.
2023-01-31 18:31:27 +00:00
/* parse the "thread" bind keyword. This will replace any preset thread_set */
MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines The "process" directive on "bind" lines becomes quite confusing considering that the only allowed value is 1 for the process, and that threads are optional and come after the mandatory "1/". Let's introduce a new "thread" directive to directly configure thread numbers, and mark "process" as deprecated. Now "process" will emit a warning and will suggest how to be replaced with "thread" instead. The doc was updated accordingly (mostly a copy-paste of the previous description which was already up to date). This is marked as MEDIUM as it will impact users having "zero-warning" and "process" specified.
2021-09-21 12:31:29 +00:00
static int bind_parse_thread(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
MEDIUM: listener/config: make the "thread" parser rely on thread_sets Instead of reading and storing a single group and a single mask for a "thread" directive on a bind line, we now store the complete range in a thread set that's stored in the bind_conf. The bind_parse_thread() function now just calls parse_thread_set() to complete the current set, which starts empty, and thread_resolve_group_mask() was updated to support retrieving thread group numbers or absolute thread numbers directly from the pre-filled thread_set, and continue to feed bind_tgroup and bind_thread. The CLI parsers which were pre-initialized to set the bind_tgroup to 1 cannot do it anymore as it would prevent one from restricting the thread set. Instead check_config_validity() now detects the CLI frontend and passes the info down to thread_resolve_group_mask() that will automatically use only the group 1's threads for these listeners. The same is done for the peers listeners for now. At this step it's already possible to start with all previous valid configs as well as extended ones supporting comma-delimited thread sets. In addition the parser already accepts large ranges spanning multiple groups, but since the underlying listeners infrastructure is not read, for now we're maintaining a specific check against this at the higher level of the config validity check. The patch is a bit large because thread resolution is performed in multiple steps, so we need to adjust all of them at once to preserve functional and technical consistency.
2023-01-31 18:31:27 +00:00
/* note that the thread set is zeroed before first call, and we don't
* want to reset it so that it remains possible to chain multiple
* "thread" directives.
*/
if (parse_thread_set(args[cur_arg+1], &conf->thread_set, err) < 0)
MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines The "process" directive on "bind" lines becomes quite confusing considering that the only allowed value is 1 for the process, and that threads are optional and come after the mandatory "1/". Let's introduce a new "thread" directive to directly configure thread numbers, and mark "process" as deprecated. Now "process" will emit a warning and will suggest how to be replaced with "thread" instead. The doc was updated accordingly (mostly a copy-paste of the previous description which was already up to date). This is marked as MEDIUM as it will impact users having "zero-warning" and "process" specified.
2021-09-21 12:31:29 +00:00
return ERR_ALERT | ERR_FATAL;
return 0;
}
MINOR: listener: add a new global tune.listener.default-shards setting This new setting accepts "by-process", "by-group" and "by-thread" and will dictate how listeners will be sharded by default when nothing is specified. While the default remains "by-process", "by-group" should be much more efficient with many threads, while not changing anything for single-group setups.
2023-04-22 20:06:23 +00:00
/* config parser for global "tune.listener.default-shards" */
static int cfg_parse_tune_listener_shards(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
if (too_many_args(1, args, err, NULL))
return -1;
if (strcmp(args[1], "by-thread") == 0)
global.tune.default_shards = -1;
else if (strcmp(args[1], "by-group") == 0)
global.tune.default_shards = -2;
else if (strcmp(args[1], "by-process") == 0)
global.tune.default_shards = 1;
else {
memprintf(err, "'%s' expects either 'by-process', 'by-group', or 'by-thread' but got '%s'.", args[0], args[1]);
return -1;
}
return 0;
}
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
/* config parser for global "tune.listener.multi-queue", accepts "on", "fair" or "off" */
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
static int cfg_parse_tune_listener_mq(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 08:53:46 +00:00
const struct proxy *defpx, const char *file, int line,
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
char **err)
{
if (too_many_args(1, args, err, NULL))
return -1;
if (strcmp(args[1], "on") == 0)
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
global.tune.options = (global.tune.options & ~GTUNE_LISTENER_MQ_ANY) | GTUNE_LISTENER_MQ_OPT;
else if (strcmp(args[1], "fair") == 0)
global.tune.options = (global.tune.options & ~GTUNE_LISTENER_MQ_ANY) | GTUNE_LISTENER_MQ_FAIR;
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
else if (strcmp(args[1], "off") == 0)
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
global.tune.options &= ~GTUNE_LISTENER_MQ_ANY;
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
else {
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 13:40:38 +00:00
memprintf(err, "'%s' expects either 'on', 'fair', or 'off' but got '%s'.", args[0], args[1]);
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
return -1;
}
return 0;
}
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted.
*/
BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS Benoit Dolez reported a failure to start haproxy 1.5-dev19. The process would immediately report an internal error with missing fetches from some crap instead of ACL names. The cause is that some versions of gcc seem to trim static structs containing a variable array when moving them to BSS, and only keep the fixed size, which is just a list head for all ACL and sample fetch keywords. This was confirmed at least with gcc 3.4.6. And we can't move these structs to const because they contain a list element which is needed to link all of them together during the parsing. The bug indeed appeared with 1.5-dev19 because it's the first one to have some empty ACL keyword lists. One solution is to impose -fno-zero-initialized-in-bss to everyone but this is not really nice. Another solution consists in ensuring the struct is never empty so that it does not move there. The easy solution consists in having a non-null list head since it's not yet initialized. A new "ILH" list head type was thus created for this purpose : create an Initialized List Head so that gcc cannot move the struct to BSS. This fixes the issue for this version of gcc and does not create any burden for the declarations.
2013-06-21 21:16:39 +00:00
static struct sample_fetch_kw_list smp_kws = {ILH, {
MAJOR: sample: converts uint and sint in 64 bits signed integer This patch removes the 32 bits unsigned integer and the 32 bit signed integer. It replaces these types by a unique type 64 bit signed. This makes easy the usage of integer and clarify signed and unsigned use. With the previous version, signed and unsigned are used ones in place of others, and sometimes the converter loose the sign. For example, divisions are processed with "unsigned", if one entry is negative, the result is wrong. Note that the integer pattern matching and dotted version pattern matching are already working with signed 64 bits integer values. There is one user-visible change : the "uint()" and "sint()" sample fetch functions which used to return a constant integer have been replaced with a new more natural, unified "int()" function. These functions were only introduced in the latest 1.6-dev2 so there's no impact on regular deployments.
2015-07-06 21:43:03 +00:00
{ "dst_conn", smp_fetch_dconn, 0, NULL, SMP_T_SINT, SMP_USE_FTEND, },
{ "so_id", smp_fetch_so_id, 0, NULL, SMP_T_SINT, SMP_USE_FTEND, },
MINOR: listener: add so_name sample fetch Add a sample fetch for the name of a bind. This can be useful to take decisions when PROXY protocol is used and we can't rely on dst, such as the sample config below. defaults mode http listen bar bind 127.0.0.1:1111 server s1 127.0.1.1:1234 send-proxy listen foo bind 127.0.1.1:1234 name foo accept-proxy http-request return status 200 hdr dst %[dst] if { dst 127.0.1.1 }
2020-03-27 21:08:40 +00:00
{ "so_name", smp_fetch_so_name, 0, NULL, SMP_T_STR, SMP_USE_FTEND, },
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
{ /* END */ },
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 18:14:37 +00:00
INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws);
MAJOR: acl: store the ACL argument types in the ACL keyword declaration The types and minimal number of ACL keyword arguments are now stored in their declaration. This will allow many more fantasies if some ACL use several arguments or types. Doing so required to rework all ACL keyword declarations to add two parameters. So this was a good opportunity for a general cleanup and to sort all entries in alphabetical order. We still have two pending issues : - parse_acl_expr() checks for errors but has no way to report them to the user ; - the types of some arguments are still not resolved and kept as strings (eg: ARGT_FE/BE/TAB) for compatibility reasons, which must be resolved in acl_find_targets()
2012-04-19 16:42:05 +00:00
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted.
*/
BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS Benoit Dolez reported a failure to start haproxy 1.5-dev19. The process would immediately report an internal error with missing fetches from some crap instead of ACL names. The cause is that some versions of gcc seem to trim static structs containing a variable array when moving them to BSS, and only keep the fixed size, which is just a list head for all ACL and sample fetch keywords. This was confirmed at least with gcc 3.4.6. And we can't move these structs to const because they contain a list element which is needed to link all of them together during the parsing. The bug indeed appeared with 1.5-dev19 because it's the first one to have some empty ACL keyword lists. One solution is to impose -fno-zero-initialized-in-bss to everyone but this is not really nice. Another solution consists in ensuring the struct is never empty so that it does not move there. The easy solution consists in having a non-null list head since it's not yet initialized. A new "ILH" list head type was thus created for this purpose : create an Initialized List Head so that gcc cannot move the struct to BSS. This fixes the issue for this version of gcc and does not create any burden for the declarations.
2013-06-21 21:16:39 +00:00
static struct acl_kw_list acl_kws = {ILH, {
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
{ /* END */ },
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 18:14:37 +00:00
INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted, doing so helps
* all code contributors.
* Optional keywords are also declared with a NULL ->parse() function so that
* the config parser can report an appropriate error when a known keyword was
* not enabled.
*/
MINOR: listener: add a scope field in the bind keyword lists This scope is used to report what the keywords are used for (eg: TCP, UNIX, ...). It is now reported by bind_dump_kws().
2012-09-18 16:24:39 +00:00
static struct bind_kw_list bind_kws = { "ALL", { }, {
MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword When NetScaler application switch is used as L3+ switch, informations regarding the original IP and TCP headers are lost as a new TCP connection is created between the NetScaler and the backend server. NetScaler provides a feature to insert in the TCP data the original data that can then be consumed by the backend server. Specifications and documentations from NetScaler: https://support.citrix.com/article/CTX205670 https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ When CIP is enabled on the NetScaler, then a TCP packet is inserted just after the TCP handshake. This is composed as: - CIP magic number : 4 bytes Both sender and receiver have to agree on a magic number so that they both handle the incoming data as a NetScaler Client IP insertion packet. - Header length : 4 bytes Defines the length on the remaining data. - IP header : >= 20 bytes if IPv4, 40 bytes if IPv6 Contains the header of the last IP packet sent by the client during TCP handshake. - TCP header : >= 20 bytes Contains the header of the last TCP packet sent by the client during TCP handshake.
2016-06-04 14:11:10 +00:00
{ "accept-netscaler-cip", bind_parse_accept_netscaler_cip, 1 }, /* enable NetScaler Client IP insertion protocol */
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
{ "accept-proxy", bind_parse_accept_proxy, 0 }, /* enable PROXY protocol */
{ "backlog", bind_parse_backlog, 1 }, /* set backlog of listening socket */
{ "id", bind_parse_id, 1 }, /* set id of listening socket */
{ "maxconn", bind_parse_maxconn, 1 }, /* set maxconn of listening socket */
{ "name", bind_parse_name, 1 }, /* set name of listening socket */
{ "nice", bind_parse_nice, 1 }, /* set nice of listening socket */
MEDIUM: listener: parse the new "process" bind keyword This sets the bind_proc entry in the bind_conf config block. For now it's still unused, but the doc was updated.
2014-05-07 17:01:58 +00:00
{ "process", bind_parse_process, 1 }, /* set list of allowed process for this socket */
MINOR: mux/frontend: Add 'proto' keyword to force the mux protocol For now, it is parsed but not used. Tests are done on it to check if the side and the mode are compatible with the proxy's definition.
2018-04-10 12:43:00 +00:00
{ "proto", bind_parse_proto, 1 }, /* set the proto to use for all incoming connections */
MEDIUM: listener: add the "shards" bind keyword In multi-threaded mode, on operating systems supporting multiple listeners on the same IP:port, this will automatically create this number of multiple identical listeners for the same line, all bound to a fair share of the number of the threads attached to this listener. This can sometimes be useful when using very large thread counts where the in-kernel locking on a single socket starts to cause a significant overhead. In this case the incoming traffic is distributed over multiple sockets and the contention is reduced. Note that doing this can easily increase the CPU usage by making more threads work a little bit. If the number of shards is higher than the number of available threads, it will automatically be trimmed to the number of threads. A special value "by-thread" will automatically assign one shard per thread.
2021-10-12 13:23:03 +00:00
{ "shards", bind_parse_shards, 1 }, /* set number of shards */
MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines The "process" directive on "bind" lines becomes quite confusing considering that the only allowed value is 1 for the process, and that threads are optional and come after the mandatory "1/". Let's introduce a new "thread" directive to directly configure thread numbers, and mark "process" as deprecated. Now "process" will emit a warning and will suggest how to be replaced with "thread" instead. The doc was updated accordingly (mostly a copy-paste of the previous description which was already up to date). This is marked as MEDIUM as it will impact users having "zero-warning" and "process" specified.
2021-09-21 12:31:29 +00:00
{ "thread", bind_parse_thread, 1 }, /* set list of allowed threads for this socket */
MINOR: listener: rename sample fetch functions and declare the sample keywords The following sample fetch functions were only usable by ACLs but are now usable by sample fetches too : dst_conn, so_id, The fetch functions have been renamed "smp_fetch_*".
2013-01-07 21:54:17 +00:00
{ /* END */ },
MEDIUM: config: move the common "bind" settings to listener.c These ones are better placed in listener.c than in cfgparse.c, by relying on the bind keyword registration subsystem.
2012-09-18 15:17:28 +00:00
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 18:14:37 +00:00
INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
/* config keyword parsers */
static struct cfg_kw_list cfg_kws = {ILH, {
MINOR: listener: add a new global tune.listener.default-shards setting This new setting accepts "by-process", "by-group" and "by-thread" and will dictate how listeners will be sharded by default when nothing is specified. While the default remains "by-process", "by-group" should be much more efficient with many threads, while not changing anything for single-group setups.
2023-04-22 20:06:23 +00:00
{ CFG_GLOBAL, "tune.listener.default-shards", cfg_parse_tune_listener_shards },
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 11:02:18 +00:00
{ CFG_GLOBAL, "tune.listener.multi-queue", cfg_parse_tune_listener_mq },
{ 0, NULL, NULL }
}};
INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in New Issue Copy Permalink