Revert commits 035da6d1b0 and
f18b5f21ba.
These fixes were wrong. They worked but they were fixing the symptom
instead of the root cause of the problem. The real issue was in the
ebtree lookup code and it has been fixed now so these patches are not
needed anymore. It's better not to copy memory blocks when we don't
need to, so let's revert them.
(from ebtree 6.0.5)
Both of them are very short and rely on another non-inlined lookup function,
so it's pointless to have them as pure functions, it wastes space.
(cherry picked from commit 1e68d6fef815f759304d4cc0e65f957689e19a7a)
(from ebtree 6.0.5)
Last bugfix has introduced a de-optimization in the lookup function because
it artificially extended the scope of some local variables, which resulted in
higher stack usage and more numerous moves between stack and registers.
We can reduce that by moving the return code out of the loop, because gcc
notices that it never needs both "troot" and "node" at the same time and
can use the same register for both. Doing so has reduced the code size by
39 bytes for the lookup function alone, and has sensibly reduced the
instruction dependencies caused by data moves.
(cherry picked from commit 59be3cdb96296b65a57aff30cc203269f9a94ebe)
It should be backported to 1.4 if previous ebtree fix is backported.
(from ebtree 6.0.5)
ebmb_lookup() is used by ebst_lookup_len() to lookup a string starting
with a known substring. Since the substring does not necessarily end
with a zero, we must absolutely ensure that the comparison stops at
<len> bytes, otherwise we can end up comparing crap and most often
returning the wrong node in case of multiple matches.
ebim_lookup() was fixed too by resyncing it with ebmb_lookup().
(cherry picked from commit 98eba315aa2c3285181375d312bcb770f058fd2b)
This should be backported to 1.4 though it's not critical there.
Commit 035da6d1b0 was incorrect as it
could modify a live buffer. We must first ensure that we're on the
private buffer or perform a copy before modifying the data.
Gabriel Sosa reported that haproxy unexpectedly reports an error
when a pattern file loaded by an ACL contains an empty line. The
test was present but inefficient as it did not consider the '\n'
as the end of the line. This fix relies on the line length instead.
It should be backported to 1.4.
If a key to be looked up is extracted from data without being padded
and if it matches the beginning of another stored key, it is not
found in subsequent lookups because it does not end with a zero.
This bug was discovered and diagnosed by David Cournapeau.
One of the requirements we have is to run multiple instances of haproxy on a
single host; this is so that we can split the responsibilities (and change
permissions) between product teams. An issue we ran up against is how we
would distinguish between the logs generated by each instance. The solution
we came up with (please let me know if there is a better way) is to override
the application tag written to syslog. We can then configure syslog to write
these to different files.
I have attached a patch adding a global option 'log-tag' to override the
default syslog tag 'haproxy' (actually defaults to argv[0]).
By passing a negative value to the "mss" argument of "bind" lines, it
becomes possible to subtract this value to the MSS advertised by the
client, which results in segments smaller than advertised. The effect
is useful with some TCP stacks which ACK less often when segments are
not full, because they only ACK every other full segment as suggested
by RFC1122.
NOTE: currently this has no effect on Linux kernel 2.6, a kernel patch
is still required to change the MSS of established connections.
Haproxy does not include the hostname rather the IP of the machine in
the syslog headers it sends. Unfortunately this means that for each log
line rsyslog does a reverse dns on the client IP and in the case of
non-routable IPs one gets the public hostname not the internal one.
While this is valid according to RFC3164 as one might imagine this is
troublsome if you have some machines with public IPs, internal IPs, no
reverse DNS entries, etc and you want a standardized hostname based log
directory structure. The rfc says the preferred value is the hostname.
This patch adds a global "log-send-hostname" statement which accepts an
optional string to force the host name. If unset, the local host name
is used.
Since haproxy 1.4.9, combining option httpclose and option
http-pretend-keepalive can leave the connections opened until the backend
keep-alive timeout is reached, providing bad performances.
The same can occur when the proxy is in tunnel mode.
This patch ensures that the server side connection is closed after the
response and ignore http-pretend-keepalive in tunnel mode.
When a connection error is encountered on a server and the server's
connection pool is full, pending connections are not woken up because
the current connection is still accounted for on the server, so it
still appears full. This becomes visible on a server which has
"maxconn 1" because the pending connections will only be able to
expire in the queue.
Now we take care of releasing our current connection before trying to
offer it to another pending request, so that the server can accept a
next connection.
This patch should be backported to 1.4.
When a client connection aborts while the server-side connection is in
turn-around after a failed connection attempt, the turn-around timeout
is reset in shutw() but the state is not changed. The session then
remains stuck in this state forever. Change the QUE and TAR states to
DIS just as we do for CER to fix this.
This patch should be backported to 1.4.
We've had several issues related to data transfers. First, if a
client aborted an upload before the server started to respond, it
would get a 502 followed by a 400. The same was true (in the other
way around) if the server suddenly aborted while the client was
uploading the data.
The flags reported in the logs were misleading. Request errors could
be reported while the transfer was stopped during the data phase. The
status codes could also be overwritten by a 400 eventhough the start
of the response was transferred to the client.
The stats were also wrong in case of data aborts. The server or the
client could sometimes be miscredited for being the author of the
abort depending on where the abort was detected. Some client aborts
could also be accounted as request errors and some server aborts as
response errors.
Now it seems like all such issues are fixed. Since we don't have a
specific state for data flowing from the client to the server
before the server responds, we're still counting the client aborted
transfers as "CH", and they become "CD" when the server starts to
respond. Ideally a "P" state would be desired.
This patch should be backported to 1.4.
HTTP pipelining currently needs to monitor the response buffer to wait
for some free space to be able to send a response. It was not possible
for the HTTP analyser to be called based on response buffer activity.
Now we introduce a new buffer flag BF_WAKE_ONCE which is set when the
HTTP request analyser is set on the response buffer and some activity
is detected. This is not clean at all but once of the only ways to fix
the issue before we make it possible to register events for analysers.
Also it appeared that one realign condition did not cover all cases.
Using haproxy in multi-process mode (nbproc > 1), some features can be
not fully compatible or not work at all. haproxy will now display a warning on
startup for :
- appsession
- sticking rules
- stats / stats admin
- stats socket
- peers (fatal error in that case)
During the documentation of the "ignore-persist" keyword, I documented an
invalid "option ignore-persist" and forgot to remove it. It's time to fix it.
This counter will help quickly spot whether there are new errors or not.
It is also assigned to each capture so that a script can keep trace of
which capture was taken when.
It is possible to block on incorrectly chunked requests or responses,
but this becomes very hard to debug when it happens once in a while.
This patch adds the ability to also capture incorrectly chunked requests
and responses. The chunk will appear in the error buffer and will be
verifiable with the usual "show errors". The incorrect byte will match
the error location.
Error captures did only support contiguous messages. This is annoying
for capturing chunking errors, so let's ensure the function is able to
copy wrapped messages.
When an error message is returned to a client, all buffer contents
were left intact. Since the analysers were removed, the potentially
invalid data that were read had a chance to be sent too.
Now we ensure we only keep the already scheduled data in the buffer
and we truncate it after that. That means that responses with data
that must be blocked will really be blocked, and that incorrectly
chunked data will be stopped at the point where the chunking fails.
When haproxy parses chunk-encoded data that are scheduled to be sent, it is
possible that the other end is closed (mainly due to a client abort returning
as an error). The message state thus changes to HTTP_MSG_ERROR and the error
is reported as a chunk parsing error ("PD--") while it is not. Detect this
case before setting the flags and set the appropriate flag in this case.
Debugging parsing errors can be greatly improved if we know what the parser
state was and what the buffer flags were (especially for closed inputs/outputs
and full buffers). Let's add that to the error snapshots.
When forwarding chunk-encoded data, each chunk gets a TCP PUSH flag when
going onto the wire simply because the send() function does not know that
some data remain after it (next chunk). Now we set the BF_EXPECT_MORE flag
on the buffer if the chunk size is not null. That way we can reduce the
number of packets sent, which is particularly noticeable when forwarding
compressed data, especially as it requires less ACKs from the client.
When the number of servers is a multiple of the size of the input set,
map-based hash can be inefficient. This typically happens with 64
servers when doing URI hashing. The "avalanche" hash-type applies an
avalanche hash before performing a map lookup in order to smooth the
distribution. The result is slightly less smooth than the map for small
numbers of servers, but still better than the consistent hashing.
We'll use this hash at other places, let's make it globally available.
The function has also been renamed because its "chash_hash" name was
not appropriate.
Gcc 4.4 enables strict aliasing by default, resuling in complaints
when casting struct sockaddr_storage to sockaddr_in. Not only doing
this does not provide any noticeable performance improvement, it also
presents a risk of strange bugs even when the compiler does not emit
a warning, so let's disable this optimization !
Hank A. Paulson suggested to add CPU=native to optimize the code for
the build machine. This makes sense in a lot of situations. Since it
is often possible to have both 32 and 64 bits supported on recent
systems, the ARCH=32 and ARCH=64 build options were also added.
When a header is removed, the previous header's next pointer is updated
to reflect the next of the current header. However, when cycling through
the loop, we update the prev pointer to point to the deleted header, which
means that if we delete another header, it's the deleted header's next
pointer that will be updated, leaving the deleted header in the list with
a null length, which is forbidden.
We must just not update the prev pointer after a removal.
This bug was present when either "reqdel" and "rspdel" removed two consecutive
headers. It could also occur when removing cookies in either requests or
responses, but since headers were the last header processing, the issue
remained unnoticed.
Issue reported by Hank A. Paulson.
This fix must be ported to 1.4 and possibly 1.3.
Cookies in indirect mode are removed from the cookie header. Three pointers
ought to be updated when appsession cookies are processed next, but were not.
The result is that a memcpy() can be called with a negative value causing the
process to crash. It is not sure whether this can be remotely exploited or not.
(cherry picked from commit c5f3749aa3ccfdebc4992854ea79823d26f66213)
In out of memory conditions, the ->destroy function would free all
possibly allocated pools from the current appsession, including those
that were not yet allocated nor assigned, which used to point to a
previous allocation, obviously resulting in a segfault.
(cherry picked from commit 75eae485921d3a6ce197915c769673834ecbfa5c)
In case of out of memory, it was possible to write to a null pointer
when capturing response cookies due to a missing "else" block. The
request handling was fine though.
(cherry picked from commit 62e3604d7dd27741c0b4c9e27d9e7c73495dfc32)
When running with -vv or -V -d, the list of usable polling systems
is reported. The final selection did not take into account the
possible failures during the tests, which is misleading and could
make one think that a non-working poller will be used, while it is
not the case. Fix that to really report the correct ones.
(cherry picked from commit 6d0e354e0171f08b7b3868ad2882c3663bd068a7)
Since unix sockets are supported for bind, the default backlog size was not
enough to accept the traffic. The size is now inherited from the listener
to behave like the tcp listeners.
This also affects the "stats socket" backlog, which is now determined by
"stats maxconn".
Some distros' libc are built for CPUs earlier than i686 and as such do
not offer support for Linux kernel's faster vsyscalls. This code adds
a new build option USE_VSYSCALLS to bypass libc for most commonly used
system calls. A net gain of about 10% can be observed with this change
alone.
It only works when /proc/sys/abi/vsyscall32 equals exactly 2. When it's
set to 1, the VDSO is randomized and cannot be used.
Ross West reported that int32_t breaks compilation on FreeBSD. Since an
int is 32-bit on all supported platforms and we already rely on that,
change the type.
Released version 1.5-dev3 with the following main changes :
- [DOC] fix http-request documentation
- [MEDIUM] enable/disable servers from the stats web interface
- [MEDIUM] stats: add an admin level
- [DOC] stats: document the "stats admin" statement
- [MINOR] startup: print the proxy socket which caused an error
- [CLEANUP] Remove unneeded chars allocation
- [MINOR] config: detect options not supported due to compilation options
- [MINOR] Add pattern's fetchs payload and payload_lv
- [MINOR] frontend: improve accept-proxy header parsing
- [MINOR] frontend: add tcpv6 support on accept-proxy bind
- [MEDIUM] Enhance message errors management on binds
- [MINOR] Manage unix socket source field on logs
- [MINOR] Manage unix socket source field on session dump on sock stats
- [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c
- [MINOR] Add some tests on sockets family for port remapping and mode transparent.
- [MINOR] Manage socket type unix for some logs
- [MINOR] Enhance controls of socket's family on acls and pattern fetch
- [MINOR] Support listener's sockets unix on http logs.
- [MEDIUM] Add supports of bind on unix sockets.
- [BUG] stick table purge failure if size less than 255
- [BUG] stick table entries expire on counters updates/read or show table, even if there is no "expire" parameter
- [MEDIUM] Implement tcp inspect response rules
- [DOC] tcp-response content and inspect
- [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type
- [DOC] acls rep_ssl_hello and req_ssl_hello
- [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated.
- [DOC] new type binary in stick-table
- [DOC] stick store-response and new patterns payload and payload_lv
- [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command
- [MEDIUM] Create updates tree on stick table to manage sync.
- [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management
- [MEDIUM] Manage peers section parsing and stick table registration on peers.
- [MEDIUM] Manage soft stop on peers proxy
- [DOC] add documentation for peers section
- [MINOR] checks: add support for LDAPv3 health checks
- [MINOR] add better support to "mysql-check"
- [BUG] Restore info about available active/backup servers
- [CONTRIB] Update haproxy.pl
- [CONTRIB] Update Cacti Tempates
- [CONTRIB] add templates for Cacti.
- [BUG] http: don't consider commas as a header delimitor within quotes
- [MINOR] support a global jobs counter
- [DOC] add a summary about cookie incompatibilities between specs and browsers
- [DOC] fix description of cookie "insert" and "indirect" modes
- [MEDIUM] http: fix space handling in the request cookie parser
- [MEDIUM] http: fix space handling in the response cookie parser
- [DOC] fix typo in the queue() definition (backend, not frontend)
- [BUG] deinit: unbind listeners before freeing them
- [BUG] stream_interface: only call si->release when both dirs are closed
- [MEDIUM] buffers: rework the functions to exchange between SI and buffers
- [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend)
- [MINOR] halog: add '-tc' to sort by termination codes
- [MINOR] halog: skip non-traffic logs for -st and -tc
- [BUG] stream_sock: cleanly disable the listener in case of resource shortage
- [BUILD] stream_sock: previous fix lacked the #include, causing a warning.
- [DOC] bind option is "defer-accept", not "defer_accept"
- [DOC] missing index entry for http-check send-state
- [DOC] tcp-request inspect-delay is for backends too
- [BUG] ebtree: string_equal_bits() could return garbage on identical strings
- [BUG] stream_sock: try to flush any extra pending request data after a POST
- [BUILD] proto_http: eliminate some build warnings with gcc-2.95
- [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose
- [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full
- [MEDIUM] checks: add support for HTTP contents lookup
- [TESTS] add test-check-expect to test various http-check methods
- [MINOR] global: add "tune.chksize" to change the default check buffer size
- [MINOR] cookie: add options "maxidle" and "maxlife"
- [MEDIUM] cookie: support client cookies with some contents appended to their value
- [MINOR] http: make some room in the transaction flags to extend cookies
- [MINOR] cookie: add the expired (E) and old (O) flags for request cookies
- [MEDIUM] cookie: reassign set-cookie status flags to store more states
- [MINOR] add encode/decode function for 30-bit integers from/to base64
- [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies
- [MEDIUM] cookie: set the date in the cookie if needed
- [DOC] document the cookie maxidle and maxlife parameters
- [BUG] checks: don't log backend down for all zero-weight servers
- [MEDIUM] checks: set server state to one state from failure when leaving maintenance
- [BUG] config: report correct keywords for "observe"
- [MINOR] checks: ensure that we can inherit binary checks from the defaults section
- [MINOR] acl: add the http_req_first match
- [DOC] fix typos about bind-process syntax
- [BUG] cookie: correctly unset default cookie parameters
- [MINOR] cookie: add support for the "preserve" option
- [BUG] ebtree: fix duplicate strings insertion
- [CONTRIB] halog: report per-url counts, errors and times
- [CONTRIB] halog: minor speed improvement in timer parser
- [MINOR] buffers: add a new request analyser flag for PROXY mode
- [MINOR] listener: add the "accept-proxy" option to the "bind" keyword
- [MINOR] standard: add read_uint() to parse a delimited unsigned integer
- [MINOR] standard: change arg type from const char* to char*
- [MINOR] frontend: add a new analyser to parse a proxied connection
- [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections
- [DOC] add the proxy protocol's specifications
- [DOC] document the 'accept-proxy' bind option
- [MINOR] cfgparse: report support of <path> for the 'bind' statements
- [DOC] add references to unix socket handling
- [MINOR] move MAXPATHLEN definition to compat.h
- [MEDIUM] unix sockets: cleanup the error reporting path
- [BUG] session: don't stop forwarding of data upon last packet
- [CLEANUP] accept: replace some inappropriate Alert() calls with send_log()
- [BUILD] peers: shut a printf format warning (key_size is a size_t)
- [BUG] accept: don't close twice upon error
- [OPTIM] session: don't recheck analysers when buffer flags have not changed
- [OPTIM] stream_sock: don't clear FDs that are already cleared
- [BUG] proto_tcp: potential bug on pattern fetch dst and dport
Analysers were re-evaluated when some flags were still present in the
buffers, even if they had not changed since previous pass, resulting
in a waste of CPU cycles.
Ensuring that the flags have changed has saved some useless calls :
function min calls per session (before -> after)
http_request_forward_body 5 -> 4
http_response_forward_body 3 -> 2
http_sync_req_state 10 -> 8
http_sync_res_state 8 -> 6
http_resync_states 8 -> 6
The stream_sock's accept() used to close the FD upon error, but this
was also sometimes performed by the frontend's accept() called via the
session's accept(). Those interlaced calls were also responsible for the
spaghetti-looking error unrolling code in session.c and stream_sock.c.
Now the frontend must not close the FD anymore, the session is responsible
for that. It also takes care of just closing the FD or also removing from
the FD lists, depending on its state. The socket-level accept() does not
have to care about that anymore.
