* released 1.1.3

* added a script to tune the network stack * fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] which could lead to loops.
2005-12-17 12:55:07 +01:00 · 2005-12-17 12:55:07 +01:00 · b719f009c6
parent ef900ab0f4
commit b719f009c6
3 changed files with 85 additions and 16 deletions
--- a/doc/haproxy.txt
+++ b/doc/haproxy.txt
@ -5,9 +5,9 @@
 			      willy tarreau
 			       2002/03/13

-==============
-|Introduction|
-==============
+================
+| Introduction |
+================

 HA-Proxy est un relais TCP/HTTP offrant des facilités d'intégration en
 environnement hautement disponible. En effet, il est capable de :
@ -490,25 +490,52 @@ Exemple :
 	server 192.168.1.1:80 cookie server01 check
 	server 192.168.1.2:80 cookie server02 check

-=====================
-|Paramétrage systčme|
-=====================
+=======================
+| Paramétrage systčme |
+=======================

 Sous Linux 2.4
 ==============

-echo 131072 > /proc/sys/fs/file-max
-echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max
+-- cut here --
+#!/bin/sh
+# set this to about 256/4M (16384 for 256M machine)
+MAXFILES=16384
+echo $MAXFILES > /proc/sys/fs/file-max
+ulimit -n $MAXFILES
+
+if [ -e /proc/sys/net/ipv4/ip_conntrack_max ]; then
+	echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max
+fi
+
+if [ -e /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_fin_wait ]; then
+	# 30 seconds for fin, 15 for time wait
+	echo 3000 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_fin_wait
+	echo 1500 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_time_wait
+	echo 0 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_log_invalid_scale
+	echo 0 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_log_out_of_window
+fi
+
 echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range
 echo 32768 > /proc/sys/net/ipv4/ip_queue_maxlen
-echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
-echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans
-echo 16384 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
 echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets
+echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans
+echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
 echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
 echo 0 > /proc/sys/net/ipv4/tcp_timestamps
-echo 0 > /proc/sys/net/ipv4/tcp_sack
 echo 0 > /proc/sys/net/ipv4/tcp_ecn
-ulimit -n 131072
+echo 0 > /proc/sys/net/ipv4/tcp_sack
+echo 0 > /proc/sys/net/ipv4/tcp_dsack
+
+# auto-tuned on 2.4
+#echo 262143 > /proc/sys/net/core/rmem_max
+#echo 262143 > /proc/sys/net/core/rmem_default
+
+echo 16384 65536 524288 > /proc/sys/net/ipv4/tcp_rmem
+echo 16384 349520 699040 > /proc/sys/net/ipv4/tcp_wmem
+
+-- cut here --

 -- fin --
--- a/examples/rc.highsock
+++ b/examples/rc.highsock
@ -0,0 +1,38 @@
+#!/bin/sh
+# set this to about 256/4M (16384 for 256M machine)
+MAXFILES=16384
+echo $MAXFILES > /proc/sys/fs/file-max
+ulimit -n $MAXFILES
+
+if [ -e /proc/sys/net/ipv4/ip_conntrack_max ]; then
+	echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max
+fi
+
+if [ -e /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_fin_wait ]; then
+	# 30 seconds for fin, 15 for time wait
+	echo 3000 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_fin_wait
+	echo 1500 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_time_wait
+	echo 0 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_log_invalid_scale
+	echo 0 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_log_out_of_window
+fi
+
+echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range
+echo 32768 > /proc/sys/net/ipv4/ip_queue_maxlen
+echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets
+echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans
+echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
+echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
+echo 0 > /proc/sys/net/ipv4/tcp_timestamps
+echo 0 > /proc/sys/net/ipv4/tcp_ecn
+echo 0 > /proc/sys/net/ipv4/tcp_sack
+echo 0 > /proc/sys/net/ipv4/tcp_dsack
+
+# auto-tuned on 2.4
+#echo 262143 > /proc/sys/net/core/rmem_max
+#echo 262143 > /proc/sys/net/core/rmem_default
+
+echo 16384 65536 524288 > /proc/sys/net/ipv4/tcp_rmem
+echo 16384 349520 699040 > /proc/sys/net/ipv4/tcp_wmem
+
--- a/haproxy.c
+++ b/haproxy.c
@ -13,6 +13,10 @@
 *
 * ChangeLog :
 *
+ * 2002/03/22
+ *   - released 1.1.3
+ *   - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR]
+ *     which could lead to loops.
 * 2002/03/21
 *   - released 1.1.2
 *   - fixed a bug in buffer management where we could have a loop
@ -95,7 +99,7 @@
 #include <linux/netfilter_ipv4.h>
 #endif

-#define HAPROXY_VERSION "1.1.2"
+#define HAPROXY_VERSION "1.1.3"
 #define HAPROXY_DATE	"2002/03/22"

 /* this is for libc5 for example */
@ -2078,7 +2082,7 @@ int process_cli(struct session *t) {
    else if (c == CL_STSHUTR) {
 	if ((t->res_cw == RES_ERROR) ||
 	    ((s == SV_STSHUTR || s == SV_STCLOSE) && (rep->l == 0))
-	    || (tv_cmp2_ms(&t->crexpire, &now) <= 0)) {
+	    || (tv_cmp2_ms(&t->cwexpire, &now) <= 0)) {
 	    tv_eternity(&t->cwexpire);
 	    fd_delete(t->cli_fd);
 	    t->cli_state = CL_STCLOSE;
@ -2104,7 +2108,7 @@ int process_cli(struct session *t) {
    }
    else if (c == CL_STSHUTW) {
 	if (t->res_cr == RES_ERROR || t->res_cr == RES_NULL || s == SV_STSHUTW ||
-	    s == SV_STCLOSE || tv_cmp2_ms(&t->cwexpire, &now) <= 0) {
+	    s == SV_STCLOSE || tv_cmp2_ms(&t->crexpire, &now) <= 0) {
 	    tv_eternity(&t->crexpire);
 	    fd_delete(t->cli_fd);
 	    t->cli_state = CL_STCLOSE;