Commit Graph

11837 Commits

Author SHA1 Message Date
William Lallemand
c7c7a6b39f MINOR: ssl/cli: support filters and options in add ssl crt-list
Add the support for filters and SSL options in the CLI command
"add ssl crt-list".

The feature was implemented by applying the same parser as the crt-list
file to the payload.

The new options are passed to the command as a payload with the same
format that is suppported by the crt-list file itself, so you can easily
copy a line from a file and push it via the CLI.

Example:
  printf "add ssl crt-list localhost.crt-list <<\necdsa.pem [verify none allow-0rtt] localhost !www.test1.com\n\n" | socat /tmp/sock1 -
2020-04-01 20:10:53 +02:00
William Lallemand
97b0810f4c MINOR: ssl: split the line parsing of the crt-list
In order to reuse the crt-list line parsing in "add ssl crt-list",
the line parsing was extracted from crtlist_parse_file() to a new
function crtlist_parse_line().

This function fills a crtlist_entry structure with a bind_ssl_conf and
the list of filters.
2020-04-01 20:10:53 +02:00
Olivier Houchard
b17b884870 BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive
We can't expect the DNS answer to always match the case we used for the
request, so we can't just use memcmp() to compare the DNS answer with what
we are expected.
Instead, introduce dns_hostname_cmp(), which compares each string in a
case-insensitive way.
This should fix github issue #566.

This should be backported to 2.1, 2.0, 1.9 and 1.8.
2020-04-01 18:35:05 +02:00
Willy Tarreau
5e8017d53c REGTEST: make the unique-id test depend on version 2.0
Regtest unique-id.vtc was added by commit 5fcec84c58 ("REGTEST: Add
unique-id reg-test") but it relies on the "uuid" sample fetch which
is only available in version 2.0 and above. Let's reflect that in
the REQUIRE_VERSION tag.
2020-04-01 16:08:43 +02:00
Olivier Houchard
4a0e7fe4f7 MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused.
Remove the comments saying 0x00000001 and 0x00000002 are unused, they are
now used by CO_FL_SAFE_LIST and CO_FL_IDLE_LIST.
2020-03-31 23:04:20 +02:00
Miroslav Zagorac
d80f5c0d0c DOC: internals: Fix spelling errors in filters.txt 2020-03-31 17:24:07 +02:00
Daniel Corbett
b428517fee BUG/MINOR: stats: Fix color of draining servers on stats page
This patch fixes #53 where it was noticed that when an active
server is set to DRAIN it no longer has the color blue reflected
within the stats page. This patch addresses that and adds the
color back to drain. It's to be noted that backup servers are
configured to have an orange color when they are draining.

Should be backported as far as 1.7.
2020-03-31 17:21:51 +02:00
Ilya Shipitsin
ce7b00f926 CLEANUP: assorted typo fixes in the code and comments
This is fifth iteration of typo fixes
2020-03-31 17:09:35 +02:00
Willy Tarreau
1d52c7b52b REGTEST: make the PROXY TLV validation depend on version 2.2
Regtest proxy_protocol_tlv_validation was added by commit 488ee7fb6e
("BUG/MAJOR: proxy_protocol: Properly validate TLV lengths") but it
relies on a trick involving http-after-response to append a header
after a 400-badreq response, which is not possible in earlier versions,
so make it depend on 2.2.
2020-03-31 16:37:58 +02:00
William Lallemand
4781fad407 REGTEST: ssl/cli: change test type to devel
Change the type of test from slow to devel for add_ssl-crt-list.vtc and
set_ssl_cert.vtc.
2020-03-31 14:52:22 +02:00
William Lallemand
c2e3b72adf BUG/MINOR: ssl: entry->ckch_inst not initialized
The head of the list entry->ckch_inst was not initialized when opening a
directory or reading a crt-list.
2020-03-31 14:40:51 +02:00
William Lallemand
2be4a2e02d REGTEST: ssl/cli: test the 'add ssl crt-list' command
Test the 'add ssl crt-list' feature by inserting the ecdsa.pem
certificate and verifying with curl and strict-sni that it works.
2020-03-31 12:32:18 +02:00
William Lallemand
e67c80be7f MEDIUM: ssl/cli: 'add ssl crt-list' command
The new 'add ssl crt-list' command allows to add a new crt-list entry in
a crt-list (or a directory since they are handled the same way).

The principle is basicaly the same as the "commit ssl cert" command with
the exception that it iterates on every bind_conf that uses the crt-list
and generates a ckch instance (ckch_inst) for each of them.

The IO handler yield every 10 bind_confs so HAProxy does not get stuck in
a too much time consuming generation if it needs to generate too much
SSL_CTX'.

This command does not handle the SNI filters and the SSL configuration
yet.

Example:

  $ echo "new ssl cert foo.net.pem" | socat /tmp/sock1 -
  New empty certificate store 'foo.net.pem'!

  $ echo -e -n "set ssl cert foo.net.pem <<\n$(cat foo.net.pem)\n\n" | socat /tmp/sock1 -
  Transaction created for certificate foo.net.pem!

  $ echo "commit ssl cert foo.net.pem" | socat /tmp/sock1 -
  Committing foo.net.pem
  Success!

  $ echo "add ssl crt-list one.crt-list foo.net.pem" | socat /tmp/sock1 -
  Inserting certificate 'foo.net.pem' in crt-list 'one.crt-list'......
  Success!

  $ echo "show ssl crt-list one.crt-list" | socat /tmp/sock1 -
  # one.crt-list
  0x55d17d7be360 kikyo.pem.rsa [ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3]
  0x55d17d82cb10 foo.net.pem
2020-03-31 12:32:18 +02:00
William Lallemand
90afe90681 MINOR: ssl/cli: update pointer to store in 'commit ssl cert'
The crtlist_entry structure use a pointer to the store as key.
That's a problem with the dynamic update of a certificate over the CLI,
because it allocates a new ckch_store. So updating the pointers is
needed. To achieve that, a linked list of the crtlist_entry was added in
the ckch_store, so it's easy to iterate on this list to update the
pointers. Another solution would have been to rework the system so we
don't allocate a new ckch_store, but it requires a rework of the ckch
code.
2020-03-31 12:32:17 +02:00
William Lallemand
fa8cf0c476 MINOR: ssl: store a ptr to crtlist in crtlist_entry
Store a pointer to crtlist in crtlist_entry so we can re-insert a
crtlist_entry in its crtlist ebpt after updating its key.
2020-03-31 12:32:17 +02:00
William Lallemand
23d61c00b9 MINOR: ssl: add a list of crtlist_entry in ckch_store
When updating a ckch_store we may want to update its pointer in the
crtlist_entry which use it. To do this, we need the list of the entries
using the store.
2020-03-31 12:32:17 +02:00
William Lallemand
09bd5a0787 MINOR: ssl: use crtlist_free() upon error in directory loading
Replace the manual cleaninp which is done in crtlist_load_cert_dir() by
a call to the crtlist_free() function.
2020-03-31 12:32:17 +02:00
William Lallemand
4c68bba5c1 REORG: ssl: move some functions above crtlist_load_cert_dir()
Move some function above crtlist_load_cert_dir() so
crtlist_load_cert_dir() is at the right place, and crtlist_free() can be
used inside.
2020-03-31 12:32:17 +02:00
William Lallemand
493983128b BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry
The instances were wrongly inserted in the crtlist entries, all
instances of a crt-list were inserted in the last crt-list entry.
Which was kind of handy to free all instances upon error.

Now that it's done correctly, the error path was changed, it must
iterate on the entries and find the ckch_insts which were generated for
this bind_conf. To avoid wasting time, it stops the iteration once it
found the first unsuccessful generation.
2020-03-31 12:32:17 +02:00
William Lallemand
ad3c37b760 REORG: ssl: move SETCERT enum to ssl_sock.h
Move the SETCERT enum at the right place to cleanup ssl_sock.c.
2020-03-31 12:32:17 +02:00
William Lallemand
79d31ec0d4 MINOR: ssl: add a list of bind_conf in struct crtlist
In order to be able to add new certificate in a crt-list, we need the
list of bind_conf that uses this crt-list so we can create a ckch_inst
for each of them.
2020-03-31 12:32:17 +02:00
William Lallemand
638f6ad033 MINOR: cli: add a general purpose pointer in the CLI struct
This patch adds a p2 generic pointer which is inialized to zero before
calling the parser.
2020-03-31 12:32:17 +02:00
Olivier Houchard
079cb9af22 MEDIUM: connections: Revamp the way idle connections are killed
The original algorithm always killed half the idle connections. This doesn't
take into account the way the load can change. Instead, we now kill half
of the exceeding connections (exceeding connection being the number of
used + idle connections past the last maximum used connections reached).
That way if we reach a peak, we will kill much less, and it'll slowly go back
down when there's less usage.
2020-03-30 00:30:07 +02:00
Olivier Houchard
cf612a0457 MINOR: servers: Add a counter for the number of currently used connections.
Add a counter to know the current number of used connections, as well as the
max, this will be used later to refine the algorithm used to kill idle
connections, based on current usage.
2020-03-30 00:30:01 +02:00
Jerome Magnin
824186bb08 MEDIUM: stream: support use-server rules with dynamic names
With server-template was introduced the possibility to scale the
number of servers in a backend without needing a configuration change
and associated reload. On the other hand it became impractical to
write use-server rules for these servers as they would only accept
existing server labels as argument. This patch allows the use of
log-format notation to describe targets of a use-server rules, such
as in the example below:

  listen test
    bind *:1234
    use-server %[hdr(srv)] if { hdr(srv) -m found }
    use-server s1 if { path / }
    server s1 127.0.0.1:18080
    server s2 127.0.0.1:18081

If a use-server rule is applied because it was conditionned by an
ACL returning true, but the target of the use-server rule cannot be
resolved, no other use-server rule is evaluated and we fall back to
load balancing.

This feature was requested on the ML, and bumped with issue #563.
2020-03-29 09:55:10 +02:00
Jerome Magnin
eb421b2fe0 MINOR: listener: add so_name sample fetch
Add a sample fetch for the name of a bind. This can be useful to
take decisions when PROXY protocol is used and we can't rely on dst,
such as the sample config below.

  defaults
    mode http
  listen bar
    bind 127.0.0.1:1111
    server s1 127.0.1.1:1234 send-proxy

  listen foo
    bind 127.0.1.1:1234 name foo accept-proxy
    http-request return status 200 hdr dst %[dst] if { dst 127.0.1.1 }
2020-03-29 05:47:29 +02:00
Emmanuel Hocdet
1673977892 MINOR: ssl: skip self issued CA in cert chain for ssl_ctx
First: self issued CA, aka root CA, is the enchor for chain validation,
no need to send it, client must have it. HAProxy can skip it in ssl_ctx.
Second: the main motivation to skip root CA in ssl_ctx is to be able to
provide it in the chain without drawback. Use case is to provide issuer
for ocsp without the need for .issuer and be able to share it in
issuers-chain-path. This concerns all certificates without intermediate
certificates. It's useless for BoringSSL, .issuer is ignored because ocsp
bits doesn't need it.
2020-03-26 12:53:53 +01:00
Baptiste Assmann
37950c8d27 BUG/MEDIUM: dns: improper parsing of aditional records
13a9232ebc introduced parsing of
Additionnal DNS response section to pick up IP address when available.
That said, this introduced a side effect for other query types (A and
AAAA) leading to consider those responses invalid when parsing the
Additional section.
This patch avoids this situation by ensuring the Additional section is
parsed only for SRV queries.
2020-03-26 12:43:36 +01:00
Baptiste Assmann
17ab79f07d CLEANUP: remove obsolete comments
This patch removes some old comments introduced by
13a9232ebc.
Those comments are related to issues already fixed.
2020-03-26 12:43:36 +01:00
Olivier Houchard
c3500c3ccd MINOR: build: Fix build in mux_h1
We want to check if the input buffer contains data, not the connection.
This should unbreak the build.
2020-03-25 17:06:16 +01:00
Olivier Houchard
69664419d2 BUG/MEDIUM: mux_h1: Process a new request if we already received it.
In h1_detach(), if our input buffer isn't empty, don't just subscribe(), we
may hold a new request, and there's nothing left to read. Instead, call
h1_process() directly, so that a new stream is created.
Failure to do so means if we received the new request to early, the
connecetion will just hang, as it happens when using svn.
2020-03-25 12:38:40 +01:00
Ilya Shipitsin
3e128fe973 CI: github actions: add weekly h2spec test
ML link: https://www.mail-archive.com/haproxy@formilux.org/msg36753.html

this commit adds scheduled run of h2spec tool to test http2 and HPACK
compliance.

h2spec might be found at: https://github.com/summerwind/h2spec
2020-03-24 21:04:25 +01:00
Frédéric Lécaille
87eacbb12f BUG/MINOR: peers: Use after free of "peers" section.
When a "peers" section has not any local peer, it is removed of the list
of "peers" sections by check_config_validity(). But a stick-table which
refers to a "peers" section stores a pointer to this peers section.
These pointer must be reset to NULL value for each stick-table refering to
such a "peers" section to prevent stktable_init() to start the peers frontend
attached to the peers section dereferencing the invalid pointer.

Furthemore this patch stops the peers frontend as this is done for other
configurations invalidated by check_config_validity().

Thank you to Olivier D for having reported this issue with such a
simple configuration file which made haproxy crash when started with
-c option for configuration file validation.

  defaults
    mode http

  peers mypeers
    peer toto 127.0.0.1:1024

  backend test
    stick-table type ip size 10k expire 1h store http_req_rate(1h) peers mypeers

Must be backported to 2.1 and 2.0.
2020-03-24 20:49:38 +01:00
William Lallemand
3ef2d56530 BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
Fix an infinite loop which was added in an attempt to fix #558.
If the peers_fe is NULL, it will loop forever.

Must be backported with a2cfd7e as far as 1.8.
2020-03-24 16:45:53 +01:00
William Lallemand
a2cfd7e356 BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
Tim reported that in master-worker mode, if a stick-table is declared
but not used in the configuration, its associated peers listener won't
bind.

This problem is due the fact that the master-worker and the daemon mode,
depend on the bind_proc field of the peers proxy to disable the listener.
Unfortunately the bind_proc is left to 0 if no stick-table were used in
the configuration, stopping the listener on all processes.

This fixes sets the bind_proc to the first process if it wasn't
initialized.

Should fix bug #558. Should be backported as far as 1.8.
2020-03-24 16:18:15 +01:00
Emmanuel Hocdet
4fed93eb72 MINOR: ssl: rework add cert chain to CTX to be libssl independent
SSL_CTX_set1_chain is used for openssl >= 1.0.2 and a loop with
SSL_CTX_add_extra_chain_cert for openssl < 1.0.2.
SSL_CTX_add_extra_chain_cert exist with openssl >= 1.0.2 and can be
used for all openssl version (is new name is SSL_CTX_add0_chain_cert).
This patch use SSL_CTX_add_extra_chain_cert to remove any #ifdef for
compatibilty. In addition sk_X509_num()/sk_X509_value() replace
sk_X509_shift() to extract CA from chain, as it is used in others part
of the code.
2020-03-24 14:46:01 +01:00
Emmanuel Hocdet
ef87e0a3da CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain
Rename ssl_get_issuer_chain to ssl_get0_issuer_chain to be consistent
with openssl >= 1.0.2 API.
2020-03-23 15:35:39 +01:00
Emmanuel Hocdet
f4f14eacd3 BUG/MINOR: ssl: memory leak when find_chain is NULL
This bug was introduced by 85888573 "BUG/MEDIUM: ssl: chain must be
initialized with sk_X509_new_null()". No need to set find_chain with
sk_X509_new_null(), use find_chain conditionally to fix issue #516.

This bug was referenced by issue #559.

[wla: fix some alignment/indentation issue]
2020-03-23 13:10:10 +01:00
Willy Tarreau
3328f18596 [RELEASE] Released version 2.2-dev5
Released version 2.2-dev5 with the following main changes :
    - CLEANUP: ssl: is_default is a bit in ckch_inst
    - BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters
    - DOC: ssl: clarify security implications of TLS tickets
    - CLEANUP: remove support for Linux i686 vsyscalls
    - CLEANUP: drop support for USE_MY_ACCEPT4
    - CLEANUP: remove support for USE_MY_EPOLL
    - CLEANUP: remove support for USE_MY_SPLICE
    - CLEANUP: remove the now unused common/syscall.h
    - BUILD: make dladdr1 depend on glibc version and not __USE_GNU
    - BUILD: wdt: only test for SI_TKILL when compiled with thread support
    - BUILD: Makefile: the compiler-specific flags should all be in SPEC_CFLAGS
    - CLEANUP: ssl: separate the directory loading in a new function
    - BUG/MINOR: buffers: MT_LIST_DEL_SAFE() expects the temporary pointer.
    - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
    - MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()
    - MEDIUM: init: always try to push the FD limit when maxconn is set from -m
    - BUG/MAJOR: list: fix invalid element address calculation
    - BUILD: stream-int: fix a few includes dependencies
    - MINOR: mt_lists: Appease gcc.
    - MINOR: lists: Implement function to convert list => mt_list and mt_list => list
    - MINOR: servers: Kill priv_conns.
    - MINOR: lists: fix indentation.
    - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
    - BUG/MEDIUM: connections: Don't assume the connection has a valid session.
    - BUG/MEDIUM: pools: Always update free_list in pool_gc().
    - BUG/MINOR: haproxy: always initialize sleeping_thread_mask
    - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
    - BUG/MINOR: haproxy/threads: try to make all threads leave together
    - Revert "BUILD: travis-ci: enable s390x builds"
    - BUILD: travis-ci: enable regular s390x builds
    - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
    - MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections
    - MEDIUM: proxy_protocol: Support sending unique IDs using PPv2
    - CLEANUP: connection: Add blank line after declarations in PP handling
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: add spellcheck github action
    - DOC: correct typo in alert message about rspirep
    - CI: travis: switch linux builds to clang-9
    - MINOR: debug: add a new DISGUISE() macro to pass a value as identity
    - MINOR: debug: consume the write() result in BUG_ON() to silence a warning
    - MINOR: use DISGUISE() everywhere we deliberately want to ignore a result
    - BUILD: pools: silence build warnings with DEBUG_MEMORY_POOLS and DEBUG_UAF
    - CLEANUP: connection: Stop directly setting an ist's .ptr
    - CI: travis: revert to clang-7 for BoringSSL tests
    - BUILD: on ARM, must be linked to libatomic.
    - BUILD: makefile: fix regex syntax in ARM platform detection
    - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
    - REORG: ssl: move ssl_sock_load_cert()
    - MINOR: ssl: pass ckch_inst to ssl_sock_load_ckchs()
    - MEDIUM: ssl: allow crt-list caching
    - MINOR: ssl: directories are loaded like crt-list
    - BUG/MINOR: ssl: can't open directories anymore
    - BUG/MEDIUM: spoe: dup agent's engine_id string from trash.area
    - MINOR: fd: Use a separate lock for logs instead of abusing the fd lock.
    - MINOR: mux_pt: Don't try to remove the connection from the idle list.
    - MINOR: ssl/cli: show/dump ssl crt-list
    - BUG/MINOR: ssl/cli: free the trash chunk in dump_crtlist
    - MEDIUM: fd: Introduce a running mask, and use it instead of the spinlock.
    - BUG/MINOR: ssl: memory leak in crtlist_parse_file()
    - MINOR: tasks: Provide the tasklet to the callback.
    - BUG/MINOR: ssl: memleak of struct crtlist_entry
    - BUG/MINOR: pattern: Do not pass len = 0 to calloc()
    - BUILD: makefile: fix expression again to detect ARM platform
    - CI: travis: re-enable ASAN on clang
    - CI: travis: proper group output redirection together with travis_wait
    - DOC: assorted typo fixes in the documentation
    - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
    - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
    - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
    - MINOR: ssl/cli: 'new ssl cert' command
    - MINOR: ssl/cli: show certificate status in 'show ssl cert'
    - MEDIUM: sessions: Don't be responsible for connections anymore.
    - MEDIUM: servers: Split the connections into idle, safe, and available.
    - MINOR: fd: Implement fd_takeover().
    - MINOR: connections: Add a new mux method, "takeover".
    - MINOR: connections: Make the "list" element a struct mt_list instead of list.
    - MINOR: connections: Add a flag to know if we're in the safe or idle list.
    - MEDIUM: connections: Attempt to get idle connections from other threads.
    - MEDIUM: mux_h1: Implement the takeover() method.
    - MEDIUM: mux_h2: Implement the takeover() method.
    - MEDIUM: mux_fcgi: Implement the takeover() method.
    - MEDIUM: connections: Kill connections even if we are reusing one.
    - BUG/MEDIUM: connections: Don't forget to decrement idle connection counters.
    - BUG/MINOR: ssl: Do not free garbage pointers on memory allocation failure
    - BUG/MINOR: ssl: Correctly add the 1 for the sentinel to the number of elements
    - BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0
    - BUG/MEDIUM: build: Fix compilation by spelling decl correctly.
    - BUILD/MEDIUM: fd: Declare fd_mig_lock as extern.
    - CI: run travis-ci builds on push only, skip pull requests
    - CI: temporarily disable unstable travis arm64 builds
    - BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'
    - BUG/MINOR: connections: Make sure we free the connection on failure.
    - BUG/MINOR: ssl/cli: fix a potential NULL dereference
    - BUG/MEDIUM: h1: Make sure we subscribe before going into idle list.
    - BUG/MINOR: connections: Set idle_time before adding to idle list.
    - MINOR: muxes: Note that we can't usee a connection when added to the srv idle.
    - REGTEST: increase timeouts on the seamless-reload test
    - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
    - CLEANUP: haproxy/threads: don't check global_tasks_mask twice
2020-03-23 09:43:45 +01:00
Willy Tarreau
95abd5be9f CLEANUP: haproxy/threads: don't check global_tasks_mask twice
In run_thread_poll_loop() we test both for (global_tasks_mask & tid_bit)
and thread_has_tasks(), but the former is useless since this test is
already part of the latter.
2020-03-23 09:33:32 +01:00
Willy Tarreau
4f46a354e6 BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads
leave together") improved the soft-stop synchronization but it left a
small race open because it looks at tasks_run_queue, which can drop
to zero then back to one while another thread picks the task from the
run queue to insert it into the tasklet_list. The risk is very low but
not null. In addition the condition didn't consider the possible presence
of signals in the queue.

This patch moves the stopping detection just after the "wake" calculation
which already takes care of the various queues' sizes and signals. It
avoids needlessly duplicating these tests.

The bug was discovered during a code review but will probably never be
observed. This fix may be backported to 2.1 and 2.0 along with the commit
above.
2020-03-23 09:27:28 +01:00
Willy Tarreau
ce6fc25b17 REGTEST: increase timeouts on the seamless-reload test
The abns_socket in seamless-reload regtest regularly fails in Travis-CI
on smaller machines only (typically the ppc64le and sometimes s390x).
The error always reports an incomplete HTTP header as seen from the
client. And this can occasionally be reproduced on the minicloud ppc64le
image when setting a huge file descriptors limit (1 million).

What happens in fact is the following: depending on the binding order,
some connections from the client might reach the TCP listener on the
old instance and be forwarded to the ABNS listener of the second
instance just being prepared to start up. But due to the huge number
of FDs, setting them up takes slightly more time and the 20ms server
timeout may expire before the new instance finishes its startup. This
can result in an occasional 504, except that since the client timeout
is the same as the server timeout, both sides are closed at the same
time and the client doesn't receive the 504.

In addition a second problem plugs onto this: by default http-reuse is
enabled. Some requests being forwarded to the older instance will be
sent over an already established connection. But the CPU used by the
starting process using many FDs will be taken away from the older
process, whose abns listener will not see a request for more than 20ms,
and will decide to kill the idle client connection. At the same moment
the TCP proxy forwards a request over this closing connection, it
detects the close and silently closes the other side to let the
client retry, which is detected by the vtest client as another case
of empty header. This is easier to reproduce in VMs with few CPUs
(2 or less) and some noisy neighbors such as a few spinning loops in
background.

Let's just increase this tests' timeout to avoid this. While a few
ms are close to the scheduler's granularity, this test is never
supposed to trigger the timeouts so it's safe to go higher without
impacts on the test execution time. At one second the problem seems
impossible to reproduce on the minicloud VMs.
2020-03-23 09:11:51 +01:00
Olivier Houchard
199d4fade4 MINOR: muxes: Note that we can't usee a connection when added to the srv idle.
In the various muxes, add a comment documenting that once
srv_add_to_idle_list() got called, any thread may pick that conenction up,
so it is unsafe to access the mux context/the connection, the only thing we
can do is returning.
2020-03-22 23:25:51 +01:00
Olivier Houchard
dbda31939d BUG/MINOR: connections: Set idle_time before adding to idle list.
In srv_add_to_idle_list(), make sure we set the idle_time before we add
the connection to an idle list, not after, otherwise another thread may
grab it, set the idle_time to 0, only to have the original thread set it
back to now_ms.
This may have an impact, as in conn_free() we check idle_time to decide
if we should decrement the idle connection counters for the server.
2020-03-22 20:05:59 +01:00
Olivier Houchard
3c49c1bd5c BUG/MEDIUM: h1: Make sure we subscribe before going into idle list.
In h1_detach(), make sure we subscribe before we call
srv_add_to_idle_list(), not after. As soon as srv_add_to_idle_list() is
called, and it is put in an idle list, another thread can take it, and
we're no longer allowed to subscribe.
This fixes a race condition when another thread grabs a connection as soon
as it is put, the original owner would subscribe, and thus the new thread
would fail to do so, and to activate polling.
2020-03-22 20:05:59 +01:00
William Lallemand
18eeb8e815 BUG/MINOR: ssl/cli: fix a potential NULL dereference
Fix a potential NULL dereference in "show ssl cert" when we can't
allocate the <out> trash buffer.

This patch creates a new label so we could jump without trying to do the
ci_putchk in this case.

This bug was introduced by ea987ed ("MINOR: ssl/cli: 'new ssl cert'
command"). 2.2 only.

This bug was referenced by issue #556.
2020-03-20 14:49:25 +01:00
Olivier Houchard
c0caac2cc8 BUG/MINOR: connections: Make sure we free the connection on failure.
In connect_server(), make sure we properly free a newly created connection
if we somehow fail, and it has not yet been attached to a conn_stream, or
it would lead to a memory leak.
This should appease coverity for backend.c, as reported in inssue #556.

This should be backported to 2.1, 2.0 and 1.9
2020-03-20 14:35:07 +01:00
William Lallemand
67b991d370 BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'
Fix a memory leak that could happen upon a "show ssl cert" if notBefore:
or notAfter: failed to extract its ASN1 string.

Introduced by d4f946c ("MINOR: ssl/cli: 'show ssl cert' give information
on the certificates"). 2.2 only.
2020-03-20 14:22:35 +01:00
Ilya Shipitsin
18b303e9f9 CI: temporarily disable unstable travis arm64 builds
[wt: arm64 shows timeouts during packages downloads and causes all
 builds to be reported as failures; building for arm64 on real hardware
 is still done on a regular basis and works fine however]
2020-03-20 11:56:38 +01:00
Ilya Shipitsin
ceb060ed40 CI: run travis-ci builds on push only, skip pull requests
[wt: we have few pull reqs and they're automatically closed, however
 seeing them pop up here and there needlessly was adding noise to the
 reports]
2020-03-20 11:55:07 +01:00