Commit Graph

5969 Commits

Author SHA1 Message Date
Christopher Faulet
31bfe1f262 DOC: Add undocumented argument of the trace filter
[wt: to backport to 1.7]
2016-12-12 17:43:56 +01:00
Thierry FOURNIER / OZON.IO
43ad11dc75 MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
When the option "http-buffer-request" is set, HAProxy send itself the
"HTTP/1.1 100 Continue" response in order to retrieve the post content.
When HAProxy forward the request, it send the body directly after the
headers. The header "Expect: 100-continue" was sent with the headers.
This header is useless because the body will be sent in all cases, and
the server reponse is not removed by haproxy.

This patch removes the header "Expect: 100-continue" if HAProxy sent it
itself.
2016-12-12 17:33:42 +01:00
Thierry FOURNIER / OZON.IO
c1edafe4a9 DOC: lua: Add documentation about variable manipulation from applet
This patch adds documentation about set_var, unset_var and get_var
functions added in the Class AppletHTTP and AppletTCP.
2016-12-12 17:30:49 +01:00
Thierry FOURNIER / OZON.IO
b210bcc559 DOC: lua: Documentation about some entry missing
The parameter "value" of the function TXN.set_var() was not documented.

This is a regression from the commit 85d79c94a9.
This patch must be backported in 1.7
2016-12-12 17:29:40 +01:00
Marcin Deranek
d2471c2bdc MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
These 2 patches add ability to fetch frontend/backend name in your
logic, so they can be used later to make routing decisions (fe_name) or
taking some actions based on backend which responded to request (be_name).
In our case we needed a fetcher to be able to extract information we
needed from frontend name.
2016-12-12 15:10:43 +01:00
Willy Tarreau
8e0f17543e BUG/MINOR: stats: fix be/sessions/max output in html stats
"Tadas / XtGem" reported that the max value was wrong and would report
the current value instead. This needs to be backported to 1.7.
2016-12-12 15:07:29 +01:00
Thierry FOURNIER / OZON.IO
4394a2cc87 MINOR: lua: give HAProxy variable access to the applets
This patch give function for manipulating variables inside the
applet HTTP and applet TCP functions.
2016-12-12 14:34:56 +01:00
Thierry FOURNIER / OZON.IO
3e1d791a4a CLEANUP: hlua: just indent functions
Function indentation. The code is not modified. This is done in
the goal of better integration of the next patch
2016-12-12 14:34:56 +01:00
Willy Tarreau
a9cf315b00 BUILD: rearrange target files by build time
When doing a parallel build on multiple CPUs it's common that at the end
a few CPUs only are busy compiling very large files while the other ones
have finished. By placing the largest files first, we can ensure that in
the worst case they are present from the beginning to the end, and that
other processes are free to take smaller files. This ordering was made
based on a measurement consisting in counting the number of times a given
file appears in the build. The top ten looks like this :

    145 src/cfgparse.c
    131 src/proto_http.c
     83 src/ssl_sock.c
     74 src/stats.c
     73 src/stream.c
     55 src/flt_spoe.c
     48 src/server.c
     46 src/pattern.c
     43 src/checks.c
     42 src/flt_http_comp.c

Only a few files were moved, ssl_sock would need to be moved as well but
that would not be a convenient thing to do in the makefile. This new
order allows to save about 10-15% of build time on 4 CPUs, which is nice.
2016-12-12 14:34:56 +01:00
Thierry FOURNIER / OZON.IO
4b123bebe4 MINOR: lua: Allow argument for actions
(http|tcp)-(request|response) action cannot take arguments from the
configuration file. Arguments are useful for executing the action with
a special context.

This patch adds the possibility of passing arguments to an action. It
runs exactly like sample fetches and other Lua wrappers.

Note that this patch implements a 'TODO'.
2016-12-12 14:34:56 +01:00
Thierry FOURNIER / OZON.IO
d2f6f47597 BUG/MEDIUM: variables: some variable name can hide another ones
The variable are compared only using text, the final '\0' (or the
string length) are not checked. So, the variable name "txn.internal"
matchs other one call "txn.int".

This patch fix this behavior

It must be backported ni 1.6 and 1.7
2016-12-12 14:34:56 +01:00
Willy Tarreau
fb981bd7d1 DOC: mention that req_tot is for both frontends and backends
Thierry reported that only frontends were mentionned while the stats
are for both. To be backported to 1.7.
2016-12-12 14:33:00 +01:00
Matthieu Guegan
35088f960d BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
By investigating a keep-alive issue with CloudFlare, we[1] found that
when using the 'set-cookie' option in a redirect (302) HAproxy is adding
an extra `\r\n`.

Triggering rule :

`http-request redirect location / set-cookie Cookie=value if [...]`

Expected result :

```
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: /
Set-Cookie: Cookie=value; path=/;
Connection: close
```

Actual result :

```
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: /
Set-Cookie: Cookie=value; path=/;

Connection: close
```

This extra `\r\n` seems to be harmless with another HAproxy instance in
front of it (sanitizing) or when using a browser. But we confirm that
the CloudFlare NGINX implementation is not able to handle this. It
seems that both 'Content-length: 0' and extra carriage return broke RFC
(to be confirmed).

When looking into the code, this carriage-return was already present in
1.3.X versions but just before closing the connection which was ok I
think. Then, with 1.4.X the keep-alive feature was added and this piece
of code remains unchanged.

[1] all credit for the bug finding goes to CloudFlare Support Team

[wt: the bug was indeed present since the Set-Cookie was introduced
 in 1.3.16, by commit 0140f25 ("[MINOR] redirect: add support for
 "set-cookie" and "clear-cookie"") so backporting to all supported
 versions is desired]
2016-12-05 19:27:48 +01:00
Ben Shillito
f25e8e56b4 DOC: Added 51Degrees conv and fetch functions to documentation.
Definitions and examples for 51d.single and 51d.all have been added to
configuration.txt so it now appears in online documentation in addition
to the README, The 51degrees-property-name-list entry has also been
updated to make it clear that multiple properties can be added.
2016-12-05 19:18:14 +01:00
Ruoshan Huang
3c5e374142 DOC: Fix map table's format
so the HTML doc parser can parse the table correctly
2016-12-05 19:15:47 +01:00
Willy Tarreau
3067bfa815 BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
The recent CLI reorganization managed to break these two commands
by having their parser return 1 (indicating an end of processing)
instead of 0 to indicate new calls to the io handler were needed.

Namely the faulty commits are :
  69e9644 ("REORG: cli: move show stat resolvers to dns.c")
  32af203 ("REORG: cli: move ssl CLI functions to ssl_sock.c")

The fix is trivial and there is no other loss of functionality. Thanks
to Dragan Dosen for reporting the issue and the faulty commits. The
backport is needed in 1.7.
2016-12-05 14:53:37 +01:00
Dragan Dosen
a1c35ab68d BUG/MINOR: cli: allow the backslash to be escaped on the CLI
In 1.5-dev20, commit 48bcfda ("MEDIUM: dumpstat: make the CLI parser
understand the backslash as an escape char") introduced support for
backslash on the CLI, but it strips all backslashes in all arguments
instead of only unescaping them, making it impossible to pass a
backslash in an argument.

This will allow us to use a backslash in a command over the socket, eg.
"add acl #0 ABC\\XYZ".

[wt: this should be backported to 1.7 and 1.6]
2016-12-05 14:23:41 +01:00
Willy Tarreau
796c5b7997 OPTIM: stream-int: don't disable polling anymore on DONT_READ
Commit 5fddab0 ("OPTIM: stream_interface: disable reading when
CF_READ_DONTWAIT is set") improved the connection layer's efficiency
back in 1.5-dev13 by avoiding successive read attempts on an active
FD. But by disabling this on a polled FD, it causes an unpleasant
side effect which is that the FD that was subscribed to polling is
suddenly stopped and may need to be re-enabled once the kernel
starts to slow down on data eviction (eg: saturated server at the
other end, bursty traffic caused by too large maxpollevents).

This behaviour is observable with persistent connections when there
is a large enough connection count so that there's no data in the
early connection and polling is required, because there are then
up to 4 epoll_ctl() calls per request. It's important that the
server is slower than haproxy to cause some delays when reading
response.

The current connection layer as designed in 1.6 with the FD cache
doesn't require this trick anymore, though it still benefits from
it when it saves an FD from being uselessly polled. But compared
to the increased cost of enabling and disabling poll all the time,
it's still better to disable it. In some cases it's possible to
observe a performance increase as high as 30% by avoiding this
epoll_ctl() dance.

In the end we only want to disable it when the FD is speculatively
read and not when it's polled. For this we introduce a new function
__conn_data_done_recv() which is used to indicate that we're done
with recv() and not interested in new attempts. If/when we later
support event-triggered epoll, this function will have to change
a bit to do the same even in the polled case.

A quick test with keep-alive requests run on a dual-core / dual-
thread Atom shows a significant improvement :

single process, 0 bytes :
before: Requests per second:    12243.20 [#/sec] (mean)
after:  Requests per second:    13354.54 [#/sec] (mean)

single process, 4k :
before: Requests per second:    9639.81 [#/sec] (mean)
after:  Requests per second:    10991.89 [#/sec] (mean)

dual process, 0 bytes (unstable) :
before: Requests per second:    16900-19800 ~ 17600 [#/sec] (mean)
after:  Requests per second:    18600-21400 ~ 20500 [#/sec] (mean)
2016-12-05 13:49:57 +01:00
Willy Tarreau
92b10c954d BUG/MAJOR: stream: fix session abort on resource shortage
In 1.6-dev2, commit 32990b5 ("MEDIUM: session: remove the task pointer
from the session") introduced a bug which can sometimes crash the process
on resource shortage. When stream_complete() returns -1, it has already
reattached the connection to the stream, then kill_mini_session() is
called and still expects to find the task in conn->owner. Note that
since this commit, the code has moved a bit and is now in stream_new()
but the problem remains the same.

Given that we already know the task around these places, let's simply
pass the task to kill_mini_session().

The conditions currently at risk are :
  - failure to initialize filters for the new stream (lack of memory or
    any filter returning < 0 on attach())
  - failure to attach filters (any filter returning < 0 on stream_start())
  - frontend's accept() returning < 0 (allocation failure)

This fix is needed in 1.7 and 1.6.
2016-12-04 20:16:52 +01:00
Christopher Faulet
6962f4e0d6 BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
This allow a filter to start to analyze data in HTTP and to fallback in TCP when
data are tunneled.

[wt: backport desired in 1.7 - no impact right now but may impact the ability
 to backport future fixes]
2016-11-29 17:03:04 +01:00
Christopher Faulet
d47a1bd1d7 BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
These 2 analyzers are responsible of the data forwarding in, respectively, HTTP
mode and TCP mode. Now, the analyzer responsible of the HTTP data forwarding is
called before the one responsible of the TCP data forwarding. This will allow
the filtering of tunneled data in HTTP.

[wt: backport desired in 1.7 - no impact right now but may impact the ability
 to backport future fixes]
2016-11-29 17:03:04 +01:00
Christopher Faulet
4aad833924 BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
[wt: backport needed in 1.7]
2016-11-29 17:03:04 +01:00
Christopher Faulet
3235957685 BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
In HAProxy 1.6, When "http-tunnel" option is enabled, HTTP transactions are
tunneled as soon as possible after the headers parsing/forwarding. When the
transfer length of the response can be determined, this happens when all data
are forwarded. But for responses with an undetermined transfer length this
happens when headers are forwarded. This behavior is questionable, but this is
not the purpose of this fix...

In HAProxy 1.7, the first use-case works like in 1.6. But the second one not
because of the data filtering. HAProxy was always trying to forward data until
the server closes the connection. So the transaction was never switched in
tunnel mode. This is the expected behavior when there is a data filter. But in
the default case (no data filter), it should work like in 1.6.

This patch fixes the bug. We analyze response data until the server closes the
connection only when there is a data filter.

[wt: backport needed in 1.7]
2016-11-29 17:03:01 +01:00
Christopher Faulet
d1cd209b21 BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
When a 2xx response to a CONNECT request is returned, the connection must be
switched in tunnel mode immediatly after the headers, and Transfer-Encoding and
Content-Length headers must be ignored. So from the HTTP parser point of view,
there is no body.

The bug comes from the fact the flag HTTP_MSGF_XFER_LEN was not set on the
response (This flag means that the body size can be determined. In our case, it
can, it is 0). So, during data forwarding, the connection was never switched in
tunnel mode and we were blocked in a state where we were waiting that the
server closes the connection to ends the response.

Setting the flag HTTP_MSGF_XFER_LEN on the response fixed the bug.

The code of http_wait_for_response has been slightly updated to be more
readable.

[wt: 1.7-only, this is not needed in 1.6]
2016-11-29 17:00:14 +01:00
Tim Düsterhus
4896c440b3 DOC: Spelling fixes
[wt: this contains spelling fixes for both doc and code comments,
 should be backported, ignoring the parts which don't apply]
2016-11-29 07:29:57 +01:00
Willy Tarreau
ddc3e9e55d BUG/MINOR: stats: make field_str() return an empty string on NULL
It already returns an empty string when the field is empty, but as a
preventive measure we should do the same when the string itself is a
NULL. While it is not supposed to happen, it will make the code more
resistant against failed allocations and unexpected results.

This fix should be backported to 1.7.
2016-11-26 15:58:37 +01:00
Willy Tarreau
b3e111b4fd BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
When a backend doesn't use any known LB algorithm, backend_lb_algo_str()
returns NULL. It used to cause "nil" to be printed in the stats dump
since version 1.4 but causes 1.7 to try to parse this NULL to encode
it as a CSV string, causing a crash on "show stat" in this case.

The only situation where this can happen is when "transparent" or
"dispatch" are used in a proxy, in which case the LB algorithm is
BE_LB_ALGO_NONE. Thus now we explicitly report "none" when this
situation is detected, and we preventively report "unknown" if any
unknown algorithm is detected, which may happen if such an algo is
added in the future and the function is not updated.

This fix must be backported to 1.7 and may be backported as far as
1.4, though it has less impact there.
2016-11-26 15:58:27 +01:00
Willy Tarreau
0e658fb051 [RELEASE] Released version 1.8-dev0
Released version 1.8-dev0 with the following main changes :
    - exact copy of 1.7.0
2016-11-25 16:58:52 +01:00
Willy Tarreau
e59fcdd25e [RELEASE] Released version 1.7.0
Released version 1.7.0 with the following main changes :
    - SCRIPTS: make publish-release also copy the new SPOE doc
    - BUILD: http: include types/sample.h in proto_http.h
    - BUILD: debug/flags: remove test for SF_COMP_READY
    - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
    - MINOR: lua: add function which return true if the channel is full.
    - MINOR: lua: add ip addresses and network manipulation function
    - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
    - CONTRIB: tcploop: implement fork()
    - CONTRIB: tcploop: implement logging when called with -v
    - CONTRIB: tcploop: update the usage output
    - CONTRIB: tcploop: support sending plain strings
    - CONTRIB: tcploop: don't report failed send() or recv()
    - CONTRIB: tcploop: add basic loops via a jump instruction
    - BUG/MEDIUM: channel: bad unlikely macro
    - CLEANUP: lua: move comment
    - CLEANUP: lua: control executed twice
    - BUG/MEDIUM: ssl: Store certificate filename in a variable
    - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP
    - CLEANUP: ssl: Remove goto after return dead code
    - CLEANUP: ssl: Fix bind keywords name in comments
    - DOC: ssl: Use correct wording for ca-sign-pass
    - CLEANUP: lua: avoid directly calling getsockname/getpeername()
    - BUG/MINOR: stick-table: handle out-of-memory condition gracefully
    - MINOR: cli: add private pointer and release function
    - MEDIUM: lua: Add cli handler for Lua
    - BUG/MEDIUM: connection: check the control layer before stopping polling
    - DEBUG: connection: mark the closed FDs with a value that is easier to detect
    - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
    - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
    - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
    - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams
    - MINOR: spoe: Add 'timeout processing' option to limit time to process an event
    - MINOR: spoe: Remove useless 'timeout ack' option
    - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section
    - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
    - MINOR: spoe: Add "option set-on-error" statement
    - MINOR: stats: correct documentation of process ID for typed output
    - BUILD: contrib: fix ip6range build on Centos 7
    - BUILD: fix build on Solaris 10/11
    - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
    - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
    - BUG/MINOR: cli: wake up the CLI's task after a timeout update
    - MINOR: connection: add a few functions to report the data and xprt layers' names
    - MINOR: connection: add names for transport and data layers
    - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
    - REORG: cli: split dumpstats.h in stats.h and cli.h
    - REORG: cli: move ssl CLI functions to ssl_sock.c
    - REORG: cli: move map and acl code to map.c
    - REORG: cli: move show stat resolvers to dns.c
    - MINOR: cli: create new function cli_has_level() to validate permissions
    - MINOR: server: create new function cli_find_server() to find a server
    - MINOR: proxy: create new function cli_find_frontend() to find a frontend
    - REORG: cli: move 'set server' to server.c
    - REORG: cli: move 'show pools' to memory.c
    - REORG: cli: move 'show servers' to proxy.c
    - REORG: cli: move 'show sess' to stream.c
    - REORG: cli: move 'show backend' to proxy.c
    - REORG: cli: move get/set weight to server.c
    - REORG: cli: move "show stat" to stats.c
    - REORG: cli: move "show info" to stats.c
    - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c
    - REORG: cli: move table dump/clear/set to stick_table.c
    - REORG: cli: move "show errors" out of cli.c
    - REORG: cli: make "show env" also use the generic keyword registration
    - REORG: cli: move "set timeout" to its own handler
    - REORG: cli: move "clear counters" to stats.c
    - REORG: cli: move "set maxconn global" to its own handler
    - REORG: cli: move "set maxconn server" to server.c
    - REORG: cli: move "set maxconn frontend" to proxy.c
    - REORG: cli: move "shutdown sessions server" to stream.c
    - REORG: cli: move "shutdown session" to stream.c
    - REORG: cli: move "shutdown frontend" to proxy.c
    - REORG: cli: move "{enable|disable} frontend" to proxy.c
    - REORG: cli: move "{enable|disable} server" to server.c
    - REORG: cli: move "{enable|disable} health" to server.c
    - REORG: cli: move "{enable|disable} agent" to server.c
    - REORG: cli: move the "set rate-limit" functions to their own parser
    - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
    - CLEANUP: cli: simplify the request parser a little bit
    - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers
    - BUILD: server: remove a build warning introduced by latest series
    - BUG/MINOR: log-format: uncatched memory allocation functions
    - CLEANUP: log-format: useless file and line in json converter
    - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var()
    - CLEANUP: log-format: fix return code of the function parse_logformat_var()
    - CLEANUP: log-format: fix return code of function parse_logformat_var_args()
    - CLEANUP: log-format: remove unused arguments
    - MEDIUM: log-format: strict parsing and enable fail
    - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code
    - BUILD: ssl: make the SSL layer build again with openssl 0.9.8
    - BUILD: vars: remove a build warning on vars.c
    - MINOR: lua: add utility function for check boolean argument
    - MINOR: lua: Add tokenize function.
    - BUG/MINOR: conf: calloc untested
    - MINOR: http/conf: store the use_backend configuration file and line for logs
    - MEDIUM: log-format: Use standard HAProxy log system to report errors
    - CLEANUP: sample: report "converter" instead of "conv method" in error messages
    - BUG: spoe: Fix parsing of SPOE actions in ACK frames
    - MINOR: cli: make "show stat" support a proxy name
    - MINOR: cli: make "show errors" support a proxy name
    - MINOR: cli: make "show errors" capable of dumping only request or response
    - BUG/MINOR: freq-ctr: make swrate_add() support larger values
    - CLEANUP: counters: move from 3 types to 2 types
    - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
    - REORG: tcp-rules: move tcp rules processing to their own file
    - REORG: stkctr: move all the stick counters processing to stick-tables.c
    - DOC: update the roadmap file with the latest changes
2016-11-25 16:39:17 +01:00
Willy Tarreau
e2d4ff4579 DOC: update the roadmap file with the latest changes
A few points were already addressed. Mention that next changes are
for version 1.8 now.
2016-11-25 16:32:20 +01:00
Willy Tarreau
7d56221d57 REORG: stkctr: move all the stick counters processing to stick-tables.c
Historically we used to have the stick counters processing put into
session.c which became stream.c. But a big part of it is now in
stick-table.c (eg: converters) but despite this we still have all
the sample fetch functions in stream.c

These parts do not depend on the stream anymore, so let's move the
remaining chunks to stick-table.c and have cleaner files.

What remains in stream.c is everything needed to attach/detach
trackers to the stream and to update the counters while the stream
is being processed.
2016-11-25 16:10:05 +01:00
Willy Tarreau
397131093f REORG: tcp-rules: move tcp rules processing to their own file
There's no more reason to keep tcp rules processing inside proto_tcp.c
given that there is nothing in common there except these 3 letters : tcp.
The tcp rules are in fact connection, session and content processing rules.
Let's move them to "tcp-rules" and let them live their life there.
2016-11-25 15:57:38 +01:00
Willy Tarreau
d39ad449b9 CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
There are 8 functions each repeating what another does and adding one
extra test. We used to have some copy-paste issues in the past due to
this. Instead we now make them simply rely on the previous one and add
the final test. It's much better and much safer. The functions could
be moved to inlines but they're used at a few other locations only,
it didn't make much sense in the end.
2016-11-25 15:16:12 +01:00
Willy Tarreau
ae9bea0591 CLEANUP: counters: move from 3 types to 2 types
We used to have 3 types of counters with a huge overlap :
  - listener counters : stats collected for each bind line
  - proxy counters : union of the frontend and backend counters
  - server counters : stats collected per server

It happens that quite a good part was common between listeners and
proxies due to the frontend counters being updated at the two locations,
and that similarly the server and proxy counters were overlapping and
being updated together.

This patch cleans this up to propose only two types of counters :
  - fe_counters: used by frontends and listeners, related to
    incoming connections activity
  - be_counters: used by backends and servers, related to outgoing
    connections activity

This allowed to remove some non-sensical counters from both parts. For
frontends, the following entries were removed :

  cum_lbconn, last_sess, nbpend_max, failed_conns, failed_resp,
  retries, redispatches, q_time, c_time, d_time, t_time

For backends, this ones was removed : intercepted_req.

While doing this it was discovered that we used to incorrectly report
intercepted_req for backends in the HTML stats, which was always zero
since it's never updated.

Also it revealed a few inconsistencies (which were not fixed as they
are harmless). For example, backends count connections (cum_conn)
instead of sessions while servers count sessions and not connections.

Over the long term, some extra cleanups may be performed by having
some counters update functions touching both the server and backend
at the same time, as well as both the frontend and listener, to
ensure that all sides have all their stats properly filled. The stats
dump will also be able to factor the dump functions by counter types.
2016-11-25 15:03:12 +01:00
Willy Tarreau
3758581e19 BUG/MINOR: freq-ctr: make swrate_add() support larger values
Reinhard Vicinus reported that the reported average response times cannot
be larger than 16s due to the double multiply being performed by
swrate_add() which causes an overflow very quickly. Indeed, with N=512,
the highest average value is 16448.

One solution proposed by Reinhard is to turn to long long, but this
involves 64x64 multiplies and 64->32 divides, which are extremely
expensive on 32-bit platforms.

There is in fact another way to avoid the overflow without using larger
integers, it consists in avoiding the multiply using the fact that
x*(n-1)/N = x-(x/N).

Now it becomes possible to store average values as large as 8.4 millions,
which is around 2h18mn.

Interestingly, this improvement also makes the code cheaper to execute
both on 32 and on 64 bit platforms :

Before :

00000000 <swrate_add>:
   0:   8b 54 24 04             mov    0x4(%esp),%edx
   4:   8b 0a                   mov    (%edx),%ecx
   6:   89 c8                   mov    %ecx,%eax
   8:   c1 e0 09                shl    $0x9,%eax
   b:   29 c8                   sub    %ecx,%eax
   d:   8b 4c 24 0c             mov    0xc(%esp),%ecx
  11:   c1 e8 09                shr    $0x9,%eax
  14:   01 c8                   add    %ecx,%eax
  16:   89 02                   mov    %eax,(%edx)

After :

00000020 <swrate_add>:
  20:   8b 4c 24 04             mov    0x4(%esp),%ecx
  24:   8b 44 24 0c             mov    0xc(%esp),%eax
  28:   8b 11                   mov    (%ecx),%edx
  2a:   01 d0                   add    %edx,%eax
  2c:   81 c2 ff 01 00 00       add    $0x1ff,%edx
  32:   c1 ea 09                shr    $0x9,%edx
  35:   29 d0                   sub    %edx,%eax
  37:   89 01                   mov    %eax,(%ecx)

This fix may be backported to 1.6.
2016-11-25 11:55:10 +01:00
Willy Tarreau
35069f84af MINOR: cli: make "show errors" capable of dumping only request or response
When dealing with many proxies, it's hard to spot response errors because
all internet-facing frontends constantly receive attacks. This patch now
makes it possible to demand that only request or response errors are dumped
by appending "request" or "reponse" to the show errors command.
2016-11-25 09:16:37 +01:00
Willy Tarreau
234ba2d8eb MINOR: cli: make "show errors" support a proxy name
Till now it was needed to know the proxy's ID while we do have the
ability to look up a proxy by its name now.
2016-11-25 08:56:55 +01:00
Willy Tarreau
a1b1ed53e7 MINOR: cli: make "show stat" support a proxy name
Till now it was needed to know the proxy's ID while we do have the
ability to look up a proxy by its name now.
2016-11-25 08:55:25 +01:00
Christopher Faulet
b5cff60ef5 BUG: spoe: Fix parsing of SPOE actions in ACK frames
For "SET-VAR" actions, data was not correctly parsed. 'idx' variable was not
correctly updated when the 3rd argument was parsed.
2016-11-25 08:09:10 +01:00
Willy Tarreau
97108e08ce CLEANUP: sample: report "converter" instead of "conv method" in error messages
This was inherited from the very early stick-tables code but it's about
time to produce understandable error messages :-)
2016-11-25 07:36:22 +01:00
Thierry FOURNIER / OZON.IO
8a4e4420fb MEDIUM: log-format: Use standard HAProxy log system to report errors
The function log format emit its own error message using Alert(). This
patch replaces this behavior and uses the standard HAProxy error system
(with memprintf).

The benefits are:
 - cleaning the log system

 - the logformat can ignore the caller (actually the caller must set
   a flag designing the caller function).

 - Make the usage of the logformat function easy for future components.
2016-11-25 07:32:58 +01:00
Thierry FOURNIER / OZON.IO
4ed1c9585d MINOR: http/conf: store the use_backend configuration file and line for logs
The error log of the directive use_backend doesn't provide the
file and line containing the declaration. This patch stores
theses informations.
2016-11-25 07:15:09 +01:00
Thierry FOURNIER / OZON.IO
5948b01149 BUG/MINOR: conf: calloc untested
A calloc is executed without check of its returns code.
2016-11-25 07:15:06 +01:00
Thierry FOURNIER / OZON.IO
8a1027aa45 MINOR: lua: Add tokenize function.
For tokenizing a string, standard Lua recommends to use regexes.
The followinf example splits words:

   for i in string.gmatch(example, "%S+") do
      print(i)
   end

This is a little bit overkill for simply split words. This patch
adds a tokenize function which quick and do not use regexes.
2016-11-24 21:35:34 +01:00
Thierry FOURNIER / OZON.IO
7f3aa8b62f MINOR: lua: add utility function for check boolean argument
Strangely, the Lua API doesn't provides a function like
luaL_checkboolean(). This little function add this one.
2016-11-24 21:35:10 +01:00
Willy Tarreau
e365815007 BUILD: vars: remove a build warning on vars.c
gcc 3.4.6 noticed a possibly unitialized variable in vars.c, and while it
cannot happen the way the function is used, it's surprizing that newer
versions did not report it.

This fix may be backported to 1.6.
2016-11-24 21:25:43 +01:00
Willy Tarreau
80ebacfc82 BUILD: ssl: make the SSL layer build again with openssl 0.9.8
Commit 1866d6d ("MEDIUM: ssl: Add support for OpenSSL 1.1.0")
introduced support for openssl 1.1.0 and temporarily broke 0.9.8.
In the end the port was not very hard given that the only cause of
build failures were functions supposedly absent from 0.9.8 that in
fact did exist.

Thus, adding a new #if to move these functions for versions older
than 0.9.8 was enough to fix the trouble. It received very light
testing, basically only an SSL bridge decrypting and re-encrypting
traffic, and checking that everything looks right. That said, the
functions specific to 0.9.8 here compared to 1.0.x are only
SSL_SESSION_set1_id_context(), EVP_PKEY_base_id(), and
X509_PUBKEY_get0_param().
2016-11-24 20:18:21 +01:00
Thierry FOURNIER / OZON.IO
59fd511555 MEDIUM: log-format/conf: take into account the parse_logformat_string() return code
This patch takes into account the return code of the parse_logformat_string()
function. Now the configuration parser will fail if the log_format is not
strict.
2016-11-24 18:54:26 +01:00
Thierry FOURNIER / OZON.IO
a2c38d7904 MEDIUM: log-format: strict parsing and enable fail
Until now, the function parse_logformat_string() never fails. It
send warnings when it parses bad format, and returns expression in
best effort.

This patch replaces warnings by alert and returns a fail code.

Maybe the warning mode is designed for a compatibility with old
configuration versions. If it is the case, now this compatibility
is broken.

[wt: no, the reason is that an alert must cause a startup failure,
 but this will be OK with next patch]
2016-11-24 18:54:26 +01:00
Thierry FOURNIER / OZON.IO
6fe0e1b977 CLEANUP: log-format: remove unused arguments
The log-format function parse_logformat_string() takes file and line
for building parsing logs. These two parameters are embedded in the
struct proxy curproxy, which is the current parsing context.

This patch removes these two unused arguments.
2016-11-24 18:54:26 +01:00