Commit Graph

287 Commits

Author SHA1 Message Date
Willy Tarreau
58f10d7478 [MAJOR] replaced the client-side HTTP parser with a new one
The new parser uses an FSM to strictly follow RFC2616.
Headers are indexed and parsed only once they're all available.
That way, complex regexes make more sense.

HTTP processing is now performed in several phases by calling
multiple functions, making the code cleaner and easier to read.

Note that req[i]pass does not work anymore because it would
require that we mark a header to be ignored. What is really
needed is to have the ability to add an exception to a matching
(match xx except yy).

Several bugs have been fixed in appsession during the conversion
to the new FSM (method length and recovery on malloc errors).

The code does build and work with the debug examples, but is
not usable yet to connect to anything as it does not forward
the requests yet.
2006-12-04 02:26:12 +01:00
Willy Tarreau
b7eba10304 [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
Willy Tarreau
e5f20dcea8 [MEDIUM] added the hdr_idx structure for future HTTP header indexing
This structure will consume 4 bytes per header to keep track of
headers within a request or a response without having to parse
the whole request for each regex. As it's not possible to allocate
only 4 bytes, we define a max number of HTTP headers. We set it
to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers
(like Apache), resulting in 400 bytes dedicated to indexation,
or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 15:21:35 +01:00
Willy Tarreau
73de9899a6 [MAJOR] separate sess->proxy into sess->{fe,fi,be}
The references to the proxy from the session have been turned into
Frontend (fe), Filters (fi) and Backend (be). This should ease the
migration to the L7 switching features. Next step will be to kill
the struct proxy and have 3 independant structs instead, each
referenced from entities called listener, frontend, filters and
backend.
2006-11-30 11:40:23 +01:00
Willy Tarreau
58b2f83685 [MEDIUM] add support for SO_REUSEPORT on Linux
SO_REUSEPORT does not exist on Linux but the checks are available in
the code. With a little patch, it's possible to implement the feature,
but the value of SO_REUSEPORT will still have to be known from userland.
This patch adds a workaround to this problem by figuring out the value
for the one used by SO_REUSEADDR.
2006-11-13 01:22:38 +01:00
Willy Tarreau
77074d548b [MAJOR] support for source binding via cttproxy
Using the cttproxy kernel patch, it's possible to bind to any source
address. It is highly recommended to use the 03-natdel patch with the
other ones.

A new keyword appears as a complement to the "source" keyword : "usesrc".
The source address is mandatory and must be valid on the interface which
will see the packets. The "usesrc" option supports "client" (for full
client_ip:client_port spoofing), "client_ip" (for client_ip spoofing)
and any 'IP[:port]' combination to pretend to be another machine.

Right now, the source binding is missing from server health-checks if
set to another address. It must be implemented (think restricted firewalls).
The doc is still missing too.
2006-11-12 23:57:19 +01:00
Willy Tarreau
2152cb5b59 [MEDIUM] import ip_tproxy.h from cttproxy
The file "ip_tproxy.h" will be needed to build with cttproxy support.
Let's include it to ease the build process.
2006-11-12 23:50:48 +01:00
Willy Tarreau
9c9fea4617 [RELEASE] released 1.3.3
Released 1.3.3 with the following changes :
    - fix broken redispatch option in case the connection has already
      been marked "in progress" (ie: nearly always).
    - support regparm on x86 to speed up some often called functions
    - removed a few useless calls to gettimeofday() in log functions.
    - lots of 'const char*' cleanups
    - turn every FD_* into functions which are faster on recent CPUs
    - builds again on OpenBSD and Solaris
2006-10-16 00:03:35 +02:00
Willy Tarreau
390223bc32 [BUILD] only enable regparm on x86 to avoid useless warnings
It complains at least on Solaris/sparc64 and OpenBSD/vax.
2006-10-15 23:43:42 +02:00
Willy Tarreau
aad2e49034 [BUILD] replaced u_int32_t with unsigned int.
Linux and BSD know about u_int32_t, while Solaris knows about uint32_t.
This is getting boring and unsigned int perfectly fits the goal for the
moment. Further investigation will be performed anyway.
2006-10-15 23:32:18 +02:00
Willy Tarreau
7d67768e27 [BUILD] types/proxy.h: reorder a few includes.
OpenBSD is very sensible on the order of includes :
sys/types.h, sys/socket.h, netinet/in.h and arpa/inet.h must be
included in this exact order.
2006-10-15 23:18:47 +02:00
Willy Tarreau
014b4fecb2 [BUILD] <stdint> is not present on OpenBSD. Prefer <sys/types.h> 2006-10-15 22:57:13 +02:00
Willy Tarreau
fddaec02ee [CLEANUP] fd.h : regparm was hardcoded. 2006-10-15 22:56:08 +02:00
Willy Tarreau
fb278677e2 [MEDIUM] use regparm on a few tv_* functions
Some of the tv_* functions are called very often. Passing their
arguments as registers is quite faster. This can be disabled
by setting CONFIG_HAP_DISABLE_REGPARM.
2006-10-15 15:38:50 +02:00
Willy Tarreau
b17916e89b [CLEANUP] add a few "const char *" where appropriate
As suggested by Markus Elfring, a few "const char *" have replaced
some "char *" declarations where a function is not expected to
modify a value. It does not change the code but it helps detecting
coding errors.
2006-10-15 15:17:57 +02:00
Willy Tarreau
2a429503e0 [MINOR] turn every FD_* into functions
On recent CPUs, functions are about twice as fast as inline FD_*, so
there is now a #define CONFIG_HAP_INLINE_FD_SET to choose between the
two modes.
2006-10-15 14:53:07 +02:00
Willy Tarreau
690f9aa028 [RELEASE] released 1.3.2
- started the changes towards I/O completion callbacks. stream_sock* have
      replaced event_*.
    - added the new "reqtarpit" and "reqitarpit" protection features
2006-09-03 11:23:06 +02:00
Willy Tarreau
b8750a82a2 [MEDIUM] added the "reqtarpit" and "reqitarpit" features
It is now possible to tarpit connections based on regex matches.
The tarpit timeout is equal to the contimeout. A 500 server error
response is faked, and the logs show the status flags as "PT" which
indicate the connection has been tarpitted.
2006-09-03 09:56:00 +02:00
Willy Tarreau
f8306d5391 [MEDIUM] got rid of event_{cli,srv}_write() in favor of stream_sock_write()
The timeouts, expiration timers and results are now stored in the buffers.
The timers will have to change a bit to become more flexible, and when the
I/O completion functions will be written, the connect_complete() will have
to be extracted from the write() function.
2006-07-29 19:01:31 +02:00
Willy Tarreau
d797128d6e [MEDIUM] got rid of event_{cli,srv}_read() in favor of stream_sock_read() 2006-07-29 18:36:34 +02:00
Willy Tarreau
0f9f5056f9 [MEDIUM] removed all res_* and RES_*
The read-, write-, end- and error- status are now stored in the buffer.
2006-07-29 17:39:25 +02:00
Willy Tarreau
5446940e37 [MEDIUM] started the changes towards I/O completion callbacks
Now the event_* functions find their buffer in the fdtab itself.
2006-07-29 16:59:06 +02:00
Willy Tarreau
8f2b855ab2 [RELEASE] released 1.3.1 after resyncing with 1.2.15
Released 1.3.1 with the following changes from 1.2.15 :
   - now, haproxy warns about missing timeout during startup to try to
     eliminate all those buggy configurations.
   - added "Content-Type: text/html" in responses wherever appropriate, as
     suggested by Cameron Simpson.
   - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to
     test server's health
   - implemented "monitor-uri" so that haproxy can reply to a specific URI with
     an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies
     at once.
2006-07-09 17:11:39 +02:00
Willy Tarreau
1c47f85292 [MEDIUM] implemented the 'monitor-uri' keyword.
It is used to test haproxy's status with an HTTP request to which
it will reply with HTTP/1.0 200 OK.
2006-07-09 17:01:40 +02:00
Willy Tarreau
f3c692090e [MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks.
This makes it possible to relay SSL connections in pure TCP instances while
ensuring the remote end really receives our data eventhough intermediate
agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 16:42:34 +02:00
Willy Tarreau
e3ba5f0aaa [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00
Willy Tarreau
2dd0d4799e [CLEANUP] renamed include/haproxy to include/common 2006-06-29 17:53:05 +02:00
Willy Tarreau
baaee00406 [BIGMOVE] exploded the monolithic haproxy.c file into multiple files.
The files are now stored under :
  - include/haproxy for the generic includes
  - include/types.h for the structures needed within prototypes
  - include/proto.h for function prototypes and inline functions
  - src/*.c for the C files

Most include files are now covered by LGPL. A last move still needs
to be done to put inline functions under GPL and not LGPL.

Version has been set to 1.3.0 in the code but some control still
needs to be done before releasing.
2006-06-26 02:48:02 +02:00
Willy TARREAU
0028339317 [BUILD] fixed build on alpha-linux + epoll 2006-06-17 00:04:47 +02:00
Willy TARREAU
3dc0644167 [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
willy tarreau
1f431b5851 [MEDIUM] the stats dump FSM was buggy and looped on dispatch instances.
It has been rewritten and now supports an initialization state. It now also
prevents from dumping stopped(disabled) listeners and it is possible to
specify a scope with a list of proxies that are allowed to be dumped from
the one being configured ('.' meaning "this one"). The 'stats' entry can
be configured from the 'defaults' instance and it is correctly flushed
from proxies which redefine it.
2006-05-21 14:46:15 +02:00
willy tarreau
9e1388671a [MEDIUM] added the new 'stats' keyword with user authentication subsystem.
Right now it only validates the user/passwd according to a specified list,
and lets the user pass through the proxy if the authentication is OK, and
it refuses any invalid access with a 401 Unauthorized response.
2006-05-14 23:06:28 +02:00
willy tarreau
80862a3b9e [MINOR] imported mini-clist.h (circular lists) from librt. It might be wise to merge this with list.h and use sort of common structures. 2006-04-15 22:59:13 +02:00
willy tarreau
3c407cd544 ENORMOUS long standing bug affecting the epoll polling system.
event_data is a union, not a structure !
2006-03-19 19:33:33 +01:00
willy tarreau
1c2ad21e0f * released 1.2.5-pre4
* made epoll() support a compile-time option : ENABLE_EPOLL
* provided a very little libc replacement for a possibly missing epoll()
  implementation which can be enabled by -DUSE_MY_EPOLL
* implemented the poll() poller, which can be enabled with -DENABLE_POLL.
  The equivalent runtime argument becomes '-P'. A few tests show that it
  performs like select() with many fds, but slightly slower (certainly
  because of the higher amount of memory involved).
* separated the 3 polling methods and the tasks scheduler into 4 distinct
  functions which makes the code a lot more modular.
* moved some event tables to private static declarations inside the poller
  functions.
* the poller functions can now initialize themselves, run, and cleanup.
* changed the runtime argument to enable epoll() to '-E'.
* removed buggy epoll_ctl() code in the client_retnclose() function. This
  function was never meant to remove anything.
* fixed a typo which caused glibc to yell about a double free on exit.
* removed error checking after epoll_ctl(DEL) because we can never know if
  the fd is still active or already closed.
* added a few entries in the makefile
2005-12-18 01:11:29 +01:00
willy tarreau
598da41537 * released 1.2.5-pre1
* build fixes for appsession
* documentation for appsession
2005-12-18 01:07:29 +01:00
willy tarreau
12350155a4 * released 1.2.4
* merged Alexander Lazic's and Klaus Wagner's work on application
  cookie-based persistence. Since this is the first merge, this version is
  not intended for general use and reports are more than welcome. Some
  documentation is really needed though.
2005-12-18 01:03:27 +01:00