1
0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-14 23:44:41 +00:00
Commit Graph

13472 Commits

Author SHA1 Message Date
Remi Tricot-Le Breton
14df1e1526 REGTESTS: cache: Add a specific test for the accept-encoding normalizer
Those tests check the explicit support of a subset of encodings added to
the accept-encoding normalizer.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
b054b6dec6 REGTESTS: cache: Simplify vary.vtc file
This test used chunked responses but it is not needed. All the chunked
responses are replaced by more simple 'bodylen' directives.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
ce9e7b2521 MEDIUM: cache: Manage a subset of encodings in accept-encoding normalizer
The accept-encoding normalizer now explicitely manages a subset of
encodings which will all have their own bit in the encoding bitmap
stored in the cache entry. This way two requests with the same primary
key will be served the same cache entry if they both explicitely accept
the stored response's encoding, even if their respective secondary keys
are not the same and do not match the stored response's one.
The actual hash of the accept-encoding will still be used if the
response's encoding is unmanaged.
The encoding matching and the encoding weight parsing are done for every
subpart of the accept-encoding values, and a bitmap of accepted
encodings is built for every request. It is then tested upon any stored
response that has the same primary key until one with an accepted
encoding is found.
The specific "identity" and "*" accept-encoding values are managed too.
When storing a response in the key, we also parse the content-encoding
header in order to only set the response's corresponding encoding's bit
in its cache_entry encoding bitmap.

This patch fixes GitHub issue .
It does not need to be backported.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
56e46cb393 MINOR: http: Add helper functions to trim spaces and tabs
Add two helper functions that trim leading or trailing spaces and
horizontal tabs from an ist string.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
6a34b2b65d MINOR: cache: Add specific secondary key comparison mechanism
Add the possibility to define custom comparison functions for every
sub-part of the secondary key hash instead of using a global memcmp.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
e4421dec7e BUG/MINOR: cache: Manage multiple headers in accept-encoding normalization
The accept-encoding part of the secondary key (vary) was only built out
of the first occurrence of the header. So if a client had two
accept-encoding headers, gzip and br for instance, the key would have
been built out of the gzip string. So another client that only managed
gzip would have been sent the cached resource, even if it was a br resource.
The http_find_header function is now called directly by the normalizers
so that they can manage multiple headers if needed.
A request that has more than 16 encodings will be considered as an
illegitimate request and its response will not be stored.

This fixes GitHub issue .

It does not need any backport.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
2b5c5cbef6 MINOR: cache: Avoid storing responses whose secondary key was not correctly calculated
If any of the secondary hash normalizing functions raises an error, the
secondary hash will be unusable. In this case, the response will not be
stored anymore.
2020-12-24 17:18:00 +01:00
Remi Tricot-Le Breton
bba2912758 MINOR: cache: Refactoring of secondary_key building functions
The two secondary_key building functions (prebuild_full_key
and build_key) have roughly the same content so their code can
be mutualized.
2020-12-24 17:18:00 +01:00
Fr�d�ric L�caille
f63921fc24 MINOR: quic: Add traces for quic_packet_encrypt().
Add traces to have an idea why this function may fail. In fact
in never fails when the passed parameters are correct, especially the
lengths. This is not the case when a packet is not correctly built
before being encrypted.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
133e8a7146 MINOR: quic: make a packet build fails when qc_build_frm() fails.
Even if the size of frames built by qc_build_frm() are computed so that
not to overflow a buffer, do not rely on this and always makes a packet
build fails if we could not build a frame.
Also add traces to have an idea where qc_build_frm() fails.
Fixes a memory leak in qc_build_phdshk_apkt().
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
f7e0b8d6ae MINOR: quic: Add traces for in flght ack-eliciting packet counter.
Add trace for this counter. Also shorten its variable name (->ifae_pkts).
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
b4e17386cb MINOR: quic: Update the initial salt to that of draft-29.
This salt is ued at leat up to draft-32. At this date ngtcp2 always
uses this salt even if it started the draft-33 development.

Note that when the salt is not correct, we cannot remove the header
protection. In this case the packet number length is wrong.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
47c433fdcb MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback.
At least displays the SSL alert error code passed to ->ssl_send_alert()
QUIC BIO method and the SSL encryption level. This function is newly called
when using picoquic client with a recent version of BoringSSL (Nov 19 2020).
This is not the case with OpenSSL with 32 as QUIC draft implementation.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
26c49d9eb0 MINOR: quic: Add traces to congestion avoidance NewReno callback.
These traces are missing and are useful do diagnose issue in the congestion
avoidance callback for NewReno algorithm.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
0c14020f11 MINOR: quic: Code reordering to help in reviewing/modifying.
Reorder by increasing type the switch/case in qc_parse_pkt_frms()
which is the high level frame parser.
Add new STREAM_X frame types to support some tests with ngtcp2 client.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
f7fe9659f0 MINOR: quic: Flag RX packet as ack-eliciting from the generic parser.
Add ->flags to the QUIC frame parser as this has been done for the builder so
that to flag RX packets as ack-eliciting at low level. This should also be
helpful to maintain the code if we have to add new flags to RX packets.
Remove the statements which does the same thing as higher level in
qc_parse_pkt_frms().
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
04ffb66bc9 MINOR: quic: Make usage of the congestion control window.
Remove ->ifcdata which was there to control the CRYPTO data sent to the
peer so that not to saturate its reception buffer. This was a sort
of flow control.
Add ->prep_in_flight counter to the QUIC path struct to control the
number of bytes prepared to be sent so that not to saturare the
congestion control window. This counter is increased each time a
packet was built. This has nothing to see with ->in_flight which
is the real in flight number of bytes which have really been sent.
We are olbiged to maintain two such counters to know how many bytes
of data we can prepared before sending them.
Modify traces consequently which were useful to diagnose issues about
the congestion control window usage.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
c5e72b9868 MINOR: quic: Attempt to make trace more readable
As there is a lot of information in this protocol, this is not
easy to make the traces readable. We remove here a few of them and
shorten some line shortening the variable names.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
8090b51e92 MAJOR: quic: Make usage of ebtrees to store QUIC ACK ranges.
Store QUIC ACK ranges in ebtrees in place of lists with a 0(n) time complexity
for insertion.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
b83b0105e8 MINOR: quic: Enable the compilation of QUIC modules.
Adds the QUIC C object files to the list to compile to support QUIC protocol.
USE_QUIC compilation option must be used for that.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
0a76901926 MINOR: cfgparse: QUIC default server transport parameters init.
This patch is there to initialize the default transport parameters for QUIC
as a preparation for one of the QUIC next steps to come: fully support QUIC
protocol for haproxy servers.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
026a7921a5 MINOR: quic: QUIC socket management finalization.
Implement ->accept_conn() callback for QUIC listener sockets.
Note that this patch also implements quic_session_accept() function
which is similar to session_accept_fd() without calling conn_complete_session()
at this time because we do not have any real QUIC mux.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
e9473c7833 MINOR: ssl: QUIC transport parameters parsing.
This patch modifies the TLS ClientHello message callback so that to parse the QUIC
client transport parameters.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
ec216523f7 MINOR: ssl: SSL CTX initialization modifications for QUIC.
Makes TLS/TCP and QUIC share the same CTX initializer so that not to modify the
caller which is an XPRT callback used both by the QUIC xprt and the SSL xprt over
TCP.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
f46c10cfb1 MINOR: server: Add QUIC definitions to servers.
This patch adds QUIC structs to server struct so that to make the QUIC code
compile. Also initializes the ebtree to store the connections by connection
IDs.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
884f2e9f43 MINOR: listener: Add QUIC info to listeners and receivers.
This patch adds a quic_transport_params struct to bind_conf struct
used for the listeners. This is to store the QUIC transport parameters
for the listeners. Also initializes them when calling str2listener().
Before str2sa_range() it's too early to figure we're going to speak QUIC,
and after it's too late as listeners are already created. So it seems that
doing it in str2listener() when the protocol is discovered is the best
place.

Also adds two ebtrees to the underlying receivers to store the connection
by connections IDs (one for the original connection IDs, and another
one for the definitive connection IDs which really identify the connections.

However it doesn't seem normal that it is stored in the receiver nor the
listener. There should be a private context in the listener so that
protocols can store internal information. This element should in
fact be the listener handle.

Something still feels wrong, and probably we'll have to make QUIC and
SSL co-exist: a proof of this is that there's some explicit code in
bind_parse_ssl() to prevent the "ssl" keyword from replacing the xprt.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
a7e7ce957d MINOR: quic: Import C source code files for QUIC protocol.
This patch imports all the C files for QUIC protocol implementation with few
modifications from 20200720-quic branch of quic-dev repository found at
https://github.com/haproxytech/quic-dev.

Traces were implemented to help with the development.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
0c4e3b09b0 MINOR: quic: Add definitions for QUIC protocol.
This patch imports all the definitions for QUIC protocol with few modifications
from 20200720-quic branch of quic-dev repository found at
https://github.com/haproxytech/quic-dev.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
10caf65634 MINOR: tools: Add support for QUIC addresses parsing.
Add "quic4" and "quic6" keywords to str2sa_range() to parse QUIC IPv4
and IPv6 addresses respectively.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
e50afbd4e4 MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl".
When parsing "ssl" keyword for TLS bindings, we must not use the same xprt as the one
for TLS/TCP connections. So, do not modify the QUIC xprt which will be initialized
when parsing QUIC addresses wich "ssl" bindings.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
901ee2f37b MINOR: ssl: Export definitions required by QUIC.
QUIC needs to initialize its BIO and SSL session the same way as for SSL over TCP
connections. It needs also to use the same ClientHello callback.
This patch only exports functions and variables shared between QUIC and SSL/TCP
connections.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
5e3d83a221 MINOR: connection: Add a new xprt to connection.
Simply adds XPRT_QUIC new enum to integrate QUIC transport protocol.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
5aa92411fb MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init()
This patch extraces the code which initializes the BIO and SSL session
objects so that to reuse it elsewhere later for QUIC conections which
only needs SSL and BIO objects at th TLS layer stack level to work.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
70da889d57 MINOR: quic: Redefine control layer callbacks which are QUIC specific.
We add src/quic_sock.c QUIC specific socket management functions as callbacks
for the control layer: ->accept_conn, ->default_iocb and ->rx_listening.
accept_conn() will have to be defined. The default I/O handler only recvfrom()
the datagrams received. Furthermore, ->rx_listening callback always returns 1 at
this time but should returns 0 when reloading the processus.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
72f7cb170a MINOR: connection: Attach a "quic_conn" struct to "connection" struct.
This is a simple patch to prepare the integration of QUIC support to come.
quic_conn struct is supposed to embed any QUIC specific information for a QUIC
connection.
2020-12-23 11:57:26 +01:00
Fr�d�ric L�caille
ca42b2c9d3 MINOR: protocol: Create proto_quic QUIC protocol layer.
As QUIC is a connection oriented protocol, this file is almost a copy of
proto_tcp without TCP specific features. To suspend/resume a QUIC receiver
we proceed the same way as for proto_udp receivers.

With the recent updates to the listeners, we don't need a specific set of
quic*_add_listener() functions, the default ones are sufficient. The fields
declaration were reordered to make the various layers more visible like in
other protocols.

udp_suspend_receiver/udp_resume_receiver are up-to-date (the check for INHERITED
is present) and the code being UDP-specific, it's normal to use UDP here.
Note that in the future we might more reasily reference stacked layers so that
there's no more need for specifying the pointer here.
2020-12-23 11:57:26 +01:00
Dragan Dosen
9eea56009d REGTESTS: add tests for the xxh3 converter 2020-12-23 06:39:21 +01:00
Dragan Dosen
04bf0cc086 MINOR: sample: add the xxh3 converter
This patch adds support for the XXH3 variant of hash function that
generates a 64-bit hash.
2020-12-23 06:39:21 +01:00
Dragan Dosen
6bfe425679 CLEANUP: xxhash: remove the unused src/xxhash.c
The source file src/xxhash.c is removed, as we use XXH_INLINE_ALL.
2020-12-23 06:39:21 +01:00
Dragan Dosen
6f7cc11e6d MEDIUM: xxhash: use the XXH_INLINE_ALL macro to inline all functions
This way we make all xxhash functions inline, with implementations being
directly included within xxhash.h.

Makefile is updated as well, since we don't need to compile and link
xxhash.o anymore.

Inlining should improve performance on small data inputs.
2020-12-23 06:39:21 +01:00
Dragan Dosen
967e7e79af MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes
Replace the XXH64() function calls with the XXH3 variant function
XXH3_64bits_withSeed() where possible.
2020-12-23 06:39:21 +01:00
Dragan Dosen
de37443e64 IMPORT: xxhash: update to v0.8.0 that introduces stable XXH3 variant
A new XXH3 variant of hash functions shows a noticeable improvement in
performance (especially on small data), and also brings 128-bit support,
better inlining and streaming capabilities.

Performance comparison is available here:

  https://github.com/Cyan4973/xxHash/wiki/Performance-comparison
2020-12-23 06:39:21 +01:00
Olivier Houchard
63ee281854 MINOR: atomic: don't use ; to separate instruction on aarch64.
The assembler on MacOS aarch64 interprets ; as the beginning of comments,
so it is not suitable for separating instructions in inline asm. Use \n
instead.

This should be backported to 2.3, 2.2, 2.1, 2.0 and 1.9.
2020-12-23 01:23:41 +01:00
Ilya Shipitsin
5dcec7e539 CI: travis-ci: drop coverity scan builds
we ran out of travis-ci minutes on December 2020. I would keep
exotic architectures like arm64, s390, ppc64le on travis and move
Coverity scan to Github Actions.

so, let us drop coverity scan from travis-ci.
2020-12-22 19:39:23 +01:00
Amaury Denoyelle
39ff8c519c REGTESTS: complete http-check test
Add a new check for a pseudo-websocket handshake, specifying the
Connection header to verify if it is properly handled by http-check send
directive. Also check that default http/1.1 checks have the header
Connection: close.
2020-12-22 14:22:44 +01:00
Amaury Denoyelle
6d975f0af6 MINOR: check: do not ignore a connection header for http-check send
Allow the user to specify a custom Connection header for http-check
send. This is useful for example to implement a websocket upgrade check.

If no connection header has been set, a 'Connection: close' header is
automatically appended to allow the server to close the connection
immediately after the request/response.

Update the documentation related to http-check send.

This fixes the github issue .
2020-12-22 14:22:44 +01:00
Willy Tarreau
4f59d38616 MINOR: time: increase the minimum wakeup interval to 60s
The MAX_DELAY_MS which is set an upper limit to the poll wait time and
force a wakeup this often used to be set to 1 second in order to easily
spot and correct time drifts. This was added 12 years ago at an era
where virtual machines were starting to become common in server
environments while not working particularly well. Nowadays, such issues
are not as common anymore, however forcing 64 threads to wake up every
single second starts to make the process visible on otherwise idle
systems. Let's increase this wakeup interval to one minute. In the worst
case it will make idle threads wake every second, which remains low.

If this is not sufficient anymore on some systems, another approach
would consist in implementing a deep-sleep mode which only triggers
after a while and which is always disabled if any time drift is
observed.
2020-12-22 10:35:43 +01:00
Christian Ruppert
b67e155895 BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
This fixes building hpack from contrib, which failed because of the
undeclared VAR_ARRAY:

make -C contrib/hpack
...
cc -O2 -Wall -g -I../../include -fwrapv -fno-strict-aliasing   -c -o gen-enc.o gen-enc.c
In file included from gen-enc.c:18:
../../include/haproxy/hpack-tbl-t.h:105:23: error: 'VAR_ARRAY' undeclared here (not in a function)
  105 |  struct hpack_dte dte[VAR_ARRAY]; /* dynamic table entries */
...

As discussed in the thread below, let's redefine VAR_ARRAY in this file
so that it remains self-sustaining:

   https://www.mail-archive.com/haproxy@formilux.org/msg39212.html
2020-12-22 10:18:07 +01:00
Tim Duesterhus
12a08d8849 BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
This is a regression in 7838a79ba ("MEDIUM: mux-h2/trace: add lots of traces
all over the code"). The issue was found using -Wmisleading-indentation.
This patch fixes GitHub issue .

The impact of this bug is that it could in theory cause occasional delays
on some long responses for connections having otherwise no traffic.

This patch should be backported to 2.1+, the commit was first tagged in
v2.1-dev2.
2020-12-22 09:02:11 +01:00
Willy Tarreau
4d711760de [RELEASE] Released version 2.4-dev4
Released version 2.4-dev4 with the following main changes :
    - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
    - BUG/MEDIUM: mux-h1: Fix a deadlock when a 408 error is pending for a client
    - BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert"
    - BUG/MAJOR: cache: Crash because of disabled entry not removed from the tree
    - BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
    - MEDIUM: cache: Add a secondary entry counter and insertion limitation
    - MEDIUM: cache: Avoid going over duplicates lists too often
    - MINOR: cache: Add a max-secondary-entries cache option
    - CI: cirrus: drop CentOS 6 builds
    - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
    - MINOR: vars: replace static functions with global ones
    - MINOR: opentracing: add ARGC_OT enum
    - CONTRIB: opentracing: add the OpenTracing filter
    - DOC: opentracing: add the OpenTracing filter section
    - REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
    - BUG/MINOR: http: Establish a tunnel for all 2xx responses to a CONNECT
    - BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
    - BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
    - CLEANUP: mux-h2: Rename h2s_frt_make_resp_data() to be generic
    - CLEANUP: mux-h2: Rename h2c_frt_handle_data() to be generic
    - BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request
    - CLEANUP: debug: mark the RNG's seed as unsigned
    - CONTRIB: halog: fix build issue caused by %L printf format
    - CONTRIB: halog: mark the has_zero* functions unused
    - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
    - CONTRIB: debug: address "poll" utility build on non-linux platforms
    - BUILD: plock: remove dead code that causes a warning in gcc 11
    - BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
    - BUG/MINOR: dns: SRV records ignores duplicated AR records
    - DOC: fix "smp_size" vs "sample_size" in "log" directive arguments
    - CLEANUP: assorted typo fixes in the code and comments
    - DOC: assorted typo fixes in the documentation
    - CI: codespell: whitelist "te" and "nd" words
2020-12-21 11:54:56 +01:00