Commit Graph

301 Commits

Author SHA1 Message Date
Willy Tarreau
f73cd1198f [MINOR] session-counters: add the ability to clear the counters
Sometimes it can be useful to reset a counter : one condition increments
it and another one resets it. It can be used to better detect abuses.
2011-08-13 01:45:16 +02:00
Hervé COMMOWICK
a3eb39ca62 [DOC] small fixes to clearly distinguish between keyword
and variables

Variables needs to be presented inside <> to be distinguished from keywords
2011-08-06 15:52:52 +02:00
Hervé COMMOWICK
ec032d63a6 [MINOR] check: add redis check support
This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-06 15:52:47 +02:00
Hervé COMMOWICK
daa824e513 [MINOR] acl: add srv_conn acl to count connections on a
specific backend server

These ACLs are used to check the number of active connections on the specified server in the specified backend.
2011-08-06 15:52:27 +02:00
Willy Tarreau
2a0f4d27a4 [MEDIUM] stats: add support for changing frontend's maxconn at runtime
The new "set maxconn frontend XXX" statement on the stats socket allows
the admin to change a frontend's maxconn value. If some connections are
queued, they will immediately be accepted up to the new limit. If the
limit is lowered, new connections acceptation might be delayed. This can
be used to temporarily reduce or increase the impact of a specific frontend's
traffic on the whole process.
2011-08-02 11:49:05 +02:00
Willy Tarreau
f5f3192e1e [DOC] fix typos, "#" is a sharp, not a dash
That's what happens when the same text is copy-pasted over and over...
2011-08-02 11:32:07 +02:00
Willy Tarreau
a17c2d9361 [MINOR] stats: report a "WAITING" state for sockets waiting for resource
This is useful when enabling socket-stats to know that a socket is being
waiting for some resource (RAM, global connections, etc...).
2011-07-25 08:18:47 +02:00
Willy Tarreau
b3eb221e78 [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns
This is used to perform cookie-based stickiness with table replication
between multiple masters and across restarts. This partially overrides
some of the appsession capabilities.
2011-07-01 16:16:17 +02:00
Willy Tarreau
d8dc99f68d [DOC] add missing entry or stick store-response 2011-07-01 11:33:25 +02:00
Simon Horman
fa46168c8f [MINOR] Add non-stick server option
Never add connections allocated to this sever to a stick-table.
This may be used in conjunction with backup to ensure that
stick-table persistence is disabled for backup servers.
2011-06-25 21:14:17 +02:00
Simon Horman
ab814e0a6b [MINOR] Add rdp_cookie pattern fetch function
This pattern fetch function extracts the value of the rdp cookie <name> as
a string and uses this value to match. This enables implementation of
persistence based on the mstshash cookie. This is typically done if there
is no msts cookie present.

This differs from "balance rdp-cookie" in that any balancing algorithm may
be used and thus the distribution of clients to backend servers is not
linked to a hash of the RDP cookie. It is envisaged that using a balancing
algorithm such as "balance roundrobin" or "balance leastconnect" will lead
to a more even distribution of clients to backend servers than the hash
used by "balance rdp-cookie".

Example :
	listen tse-farm
	    bind 0.0.0.0:3389
	    # wait up to 5s for an RDP cookie in the request
	    tcp-request inspect-delay 5s
	    tcp-request content accept if RDP_COOKIE
	    # apply RDP cookie persistence
	    persist rdp-cookie
	    # Persist based on the mstshash cookie
	    # This is only useful makes sense if
	    # balance rdp-cookie is not used
	    stick-table type string size 204800
	    stick on rdp_cookie(mstshash)
	    server srv1 1.1.1.1:3389
	    server srv1 1.1.1.2:3389
2011-06-25 21:07:02 +02:00
Simon Horman
752dc4ab2d [MINOR] Add down termination condition
If a connection is closed by because the backend became unavailable
then log 'D' as the termination condition.

Signed-off-by: Simon Horman <horms@verge.net.au>
2011-06-21 22:10:56 +02:00
Simon Horman
e0d1bfb4c1 [MINOR] Allow shutdown of sessions when a server becomes unavailable
This adds the "on-marked-down shutdown-sessions" statement on "server" lines,
which causes all sessions established on a server to be killed at once when
the server goes down. The task's priority is reniced to the highest value
(1024) so that servers holding many tasks don't cause a massive slowdown due
to the wakeup storm.
2011-06-21 22:00:21 +02:00
Simon Horman
619e3cc245 [MINOR] Allow showing and clearing by key of string stick tables 2011-06-17 11:39:30 +02:00
Simon Horman
cec9a22780 [MINOR] Allow showing and clearing by key of integer stick tables 2011-06-17 11:39:30 +02:00
Simon Horman
c5b89f6495 [MINOR] Allow showing and clearing by key of ipv6 stick tables 2011-06-17 11:39:30 +02:00
Simon Horman
c88b887d8d [MINOR] More flexible clearing of stick table
* Allow clearing of all entries of a table
* Allow clearing of all entries of a table
  that match a data filter
2011-06-17 11:39:29 +02:00
Simon Horman
17bce34a20 [MINOR] Allow listing of stick table by key 2011-06-17 11:39:29 +02:00
Hervé COMMOWICK
212f778d6a [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
mysqld >= 5.5 want the client to announce 4.1+ authentication support, even if we have no password, so we do this.
I also check on a debian potato mysqld 3.22 and it works too so i assume we are good from 3.22 to 5.5.

[WT: this must be backported to 1.4]
2011-06-17 11:18:52 +02:00
Willy Tarreau
fbb78421d4 [MINOR] config: automatically compute a default fullconn value
The fullconn value is not easy to get right when doing dynamic regulation,
as it should depend on the maxconns of the frontends that can reach a
backend. Since the parameter is mandatory, many configs are found with
an inappropriate default value.

Instead of rejecting configs without a fullconn value, we now set it to
10% of the sum of the configured maxconns of all the frontends which are
susceptible to branch to the backend. That way if new frontends are added,
the backend's fullconn automatically adjusts itself.
2011-06-05 15:43:27 +02:00
Simon Horman
df791f59b7 [DOC] Minor spelling fixes and grammatical enhancements 2011-05-31 22:54:17 +02:00
Willy Tarreau
96e312139a [MEDIUM] http: add support for "http-no-delay"
There are some very rare server-to-server applications that abuse the HTTP
protocol and expect the payload phase to be highly interactive, with many
interleaved data chunks in both directions within a single request. This is
absolutely not supported by the HTTP specification and will not work across
most proxies or servers. When such applications attempt to do this through
haproxy, it works but they will experience high delays due to the network
optimizations which favor performance by instructing the system to wait for
enough data to be available in order to only send full packets. Typical
delays are around 200 ms per round trip. Note that this only happens with
abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not
affected.

When "option http-no-delay" is present in either the frontend or the backend
used by a connection, all such optimizations will be disabled in order to
make the exchanges as fast as possible. Of course this offers no guarantee on
the functionality, as it may break at any other place. But if it works via
HAProxy, it will work as fast as possible. This option should never be used
by default, and should never be used at all unless such a buggy application
is discovered. The impact of using this option is an increase of bandwidth
usage and CPU usage, which may significantly lower performance in high
latency environments.

This change should be backported to 1.4 since the first report of such a
misuse was in 1.4. Next patch will also be needed.
2011-05-30 18:42:41 +02:00
Willy Tarreau
ae94d4df8f [MINOR] http: make the "HTTP 200" status code configurable.
This status code is used in response to requests matching "monitor-uri".
Some users need to adjust it to fit their needs (eg: make some strings
appear there). As it's already defined as a chunked string and used
exactly like other status codes, it makes sense to make it configurable
with the usual "errorfile", "errorloc", ...
2011-05-11 16:31:43 +02:00
Willy Tarreau
787aed5078 [DOC] fix minor typo in the "dispatch" doc
Bradley Falzon reported a left-over of a copy-paste from the "disabled"
keyword in the "dispatch" section.
2011-04-15 06:45:37 +02:00
Willy Tarreau
04df1125cf [RELEASE] Released version 1.5-dev6
Released version 1.5-dev6 with the following main changes :
    - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage
    - [BUG] TCP source tracking was broken with IPv6 changes
    - [BUG] stick-tables did not work when converting IPv6 to IPv4
    - [CRITICAL] fix risk of crash when dealing with space in response cookies
2011-04-08 00:56:41 +02:00
Willy Tarreau
b06ed2c6af [RELEASE] Released version 1.5-dev5
Released version 1.5-dev5 with the following main changes :
    - [BUG] standard: is_addr return value for IPv4 was inverted
    - [MINOR] update comment about IPv6 support for server
    - [MEDIUM] use getaddrinfo to resolve names if gethostbyname fail
    - [DOC] update IPv6 support for bind
    - [DOC] document IPv6 support for server
    - [DOC] fix a minor typo
    - [MEDIUM] IPv6 support for syslog
    - [DOC] document IPv6 support for syslog
    - [MEDIUM] IPv6 support for stick-tables
    - [DOC] document IPv6 support for stick-tables
    - [DOC] update ROADMAP file
    - [BUG] session: src_conn_cur was returning src_conn_cnt instead
    - [MINOR] frontend: add a make_proxy_line function
    - [MEDIUM] stream_sock: add support for sending the proxy protocol header line
    - [MEDIUM] server: add support for the "send-proxy" option
    - [DOC] update the spec on the proxy protocol
    - [BUILD] proto_tcp: fix build issue with CTTPROXY
    - [DOC] update ROADMAP file
    - [MEDIUM] config: rework the IPv4/IPv6 address parser to support host-only addresses
    - [MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range
    - [BUILD] add the USE_GETADDRINFO build option
    - [TESTS] provide a test case for various address formats
    - [BUG] session: conn_retries was not always initialized
    - [BUG] log: retrieve the target from the session, not the SI
    - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2)
    - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
    - [BUG] http: fix content-length handling on 32-bit platforms
    - [OPTIM] buffers: uninline buffer_forward()
    - [BUG] stream_sock: fix handling for server side PROXY protocol
    - [MINOR] acl: add support for table_cnt and table_avl matches
    - [DOC] update ROADMAP file
2011-03-29 01:10:33 +02:00
David du Colombier
9a6d3c93de [DOC] document IPv6 support for stick-tables 2011-03-29 01:09:15 +02:00
Willy Tarreau
c735a0728e [MINOR] acl: add support for table_cnt and table_avl matches
Those trivial matches respectively return the number of entries used
in a stick-table and the number of entries still available in a table.
2011-03-29 00:57:02 +02:00
David du Colombier
24bb5f504b [DOC] document IPv6 support for syslog 2011-03-28 18:47:16 +02:00
David du Colombier
a13d1b97c1 [DOC] fix a minor typo 2011-03-23 22:49:56 +01:00
David du Colombier
486df477e6 [DOC] document IPv6 support for server 2011-03-23 22:49:56 +01:00
David du Colombier
9c938daf69 [DOC] update IPv6 support for bind 2011-03-23 22:49:56 +01:00
Willy Tarreau
5ab04ec47c [MEDIUM] server: add support for the "send-proxy" option
This option enables use of the PROXY protocol with the server, which
allows haproxy to transport original client's address across multiple
architecture layers.
2011-03-20 11:53:50 +01:00
Willy Tarreau
e0052ccd27 [RELEASE] Released version 1.5-dev4
Released version 1.5-dev4 with the following main changes :
    - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation.
    - [MINOR] unix sockets : inherits the backlog size from the listener
    - [CLEANUP] unix sockets : move create_uxst_socket() in uxst_bind_listener()
    - [DOC] fix a minor typo
    - [DOC] fix ignore-persist documentation
    - [MINOR] add warnings on features not compatible with multi-process mode
    - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode
    - [MINOR] stats: add support for several packets in stats admin
    - [BUG] stats: admin commands must check the proxy state
    - [BUG] stats: admin web interface must check the proxy state
    - [MINOR] http: add pattern extraction method to stick on query string parameter
    - [MEDIUM] add internal support for IPv6 server addresses
    - [MINOR] acl: add be_id/srv_id to match backend's and server's id
    - [MINOR] log: add support for passing the forwarded hostname
    - [MINOR] log: ability to override the syslog tag
    - [MINOR] checks: add PostgreSQL health check
    - [DOC] update ROADMAP file
    - [BUILD] pattern: use 'int' instead of 'int32_t'
    - [OPTIM] linux: add support for bypassing libc to force using vsyscalls
    - [BUG] debug: report the correct poller list in verbose mode
    - [BUG] capture: do not capture a cookie if there is no memory left
    - [BUG] appsession: fix possible double free in case of out of memory
    - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process
    - [BUG] http: correctly update the header list when removing two consecutive headers
    - [BUILD] add the CPU=native and ARCH=32/64 build options
    - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4
    - [CLEANUP] hash: move the avalanche hash code globally available
    - [MEDIUM] hash: add support for an 'avalanche' hash-type
    - [DOC] update roadmap file
    - [BUG] http: do not re-enable the PROXY analyser on keep-alive
    - [OPTIM] http: don't send each chunk in a separate packet
    - [DOC] fix minor typos reported recently in the peers section
    - [DOC] fix another typo in the doc
    - [MINOR] stats: report HTTP message state and buffer flags in error dumps
    - [BUG] http chunking: don't report a parsing error on connection errors
    - [BUG] stream_interface: truncate buffers when sending error messages
    - [MINOR] http: support wrapping messages in error captures
    - [MINOR] http: capture incorrectly chunked message bodies
    - [MINOR] stats: add global event ID and count
    - [BUG] http: analyser optimizations broke pipelining
    - [CLEANUP] frontend: only apply TCP-specific settings to TCP/TCP6 sockets
    - [BUG] http: fix incorrect error reporting during data transfers
    - [CRITICAL] session: correctly leave turn-around and queue states on abort
    - [BUG] session: release slot before processing pending connections
    - [MINOR] tcp: add support for dynamic MSS setting
    - [BUG] stick-table: correctly terminate string keys during lookups
    - [BUG] acl: fix handling of empty lines in pattern files
    - [BUG] stick-table: use the private buffer when padding strings
    - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys
    - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop
    - [OPTIM] ebtree: inline ebst_lookup_len and ebis_lookup_len
    - [REVERT] undo the stick-table string key lookup fixes
    - [MINOR] http: improve url_param pattern extraction to ignore empty values
    - [BUILD] frontend: shut a warning with TCP_MAXSEG
    - [BUG] http: update the header list's tail when removing the last header
    - [DOC] fix minor typo in the proxy protocol doc
    - [DOC] fix typos (http-request instead of http-check)
    - [BUG] http: use correct ACL pointer when evaluating authentication
    - [BUG] cfgparse: correctly count one socket per port in ranges
    - [BUG] startup: set the rlimits before binding ports, not after.
    - [BUG] acl: srv_id must return no match when the server is NULL
    - [MINOR] acl: add ability to check for internal response-only parameters
    - [MINOR] acl: srv_id is only valid in responses
    - [MINOR] config: warn if response-only conditions are used in "redirect" rules
    - [BUG] acl: fd leak when reading patterns from file
    - [DOC] fix minor typo in "usesrc"
    - [BUG] http: fix possible incorrect forwarded wrapping chunk size
    - [BUG] http: fix computation of message body length after forwarding has started
    - [BUG] http: balance url_param did not work with first parameters on POST
    - [TESTS] update the url_param regression test to test check_post too
    - [DOC] update ROADMAP
    - [DOC] internal: reflect the fact that SI_ST_ASS is transient
    - [BUG] config: don't crash on empty pattern files.
    - [MINOR] stream_interface: make use of an applet descriptor for IO handlers
    - [REORG] stream_interface: move the st0, st1 and private members to the applet
    - [REORG] stream_interface: split the struct members in 3 parts
    - [REORG] session: move client and server address to the stream interface
    - [REORG] tcp: make tcpv4_connect_server() take the target address from the SI
    - [MEDIUM] stream_interface: store the target pointer and type
    - [CLEANUP] stream_interface: remove the applet.handler pointer
    - [MEDIUM] log: take the logged server name from the stream interface
    - [CLEANUP] session: remove data_source from struct session
    - [CLEANUP] stats: make all dump functions only rely on the stream interface
    - [REORG] session: move the data_ctx struct to the stream interface's applet
    - [MINOR] proxy: add PR_O2_DISPATCH to detect dispatch mode
    - [MINOR] cfgparse: only keep one of dispatch, transparent, http_proxy
    - [MINOR] session: add a pointer to the new target into the session
    - [MEDIUM] session: remove s->prev_srv which is not needed anymore
    - [CLEANUP] stream_interface: use inline functions to manipulate targets
    - [MAJOR] session: remove the ->srv pointer from struct session
    - [MEDIUM] stats: split frontend and backend stats
    - [MEDIUM] http: always evaluate http-request rules before stats http-request
    - [REORG] http: move the http-request rules to proto_http
    - [BUG] http: stats were not incremented on http-request deny
    - [MINOR] checks: report it if checks fail due to socket creation error
2011-03-13 22:15:02 +01:00
Willy Tarreau
61a21a34da [BUG] http: balance url_param did not work with first parameters on POST
Bryan Talbot reported that POST requests with a query string were not
correctly processed if the hash parameter was the first one, because
the delimiter that was looked for to trigger the parsing was '&' instead
of '?'.

Also, while checking the code, it became apparent that it was enough for
a query string to be present in the request for POST parameters to be
ignored, even if the url_param was in the body and not in the URL.

The code has then been fixed like this :
   1) look for URL param. If found, return it.
   2) if no URL param was found and method is POST, then look it up into
      the body

The code now seems to pass all request combinations.

This patch must be backported to 1.4 since 1.4 is equally broken right now.
2011-03-01 20:42:20 +01:00
Willy Tarreau
a11460540f [DOC] fix minor typo in "usesrc"
Reported by Gus Zader.
2011-03-01 09:54:57 +01:00
Willy Tarreau
8f2a1e72be [DOC] fix typos (http-request instead of http-check) 2011-02-13 12:18:17 +01:00
Cyril Bonté
23b39d9859 [MINOR] stats: add support for several packets in stats admin
Some browsers send POST requests in several packets, which was not supported
by the "stats admin" function.

This patch allows to wait for more data when they are not fully received
(we are still limited to a certain size defined by the buffer size minus its
reserved space).
It also adds support for the "Expect: 100-Continue" header.
2011-02-12 13:10:18 +01:00
Rauf Kuliyev
38b4156a69 [MINOR] checks: add PostgreSQL health check
I have written a small patch to enable a correct PostgreSQL health check
It works similar to mysql-check with the very same parameters.

E.g.:
listen pgsql 127.0.0.1:5432
   mode tcp
   option pgsql-check user pgsql
   server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 15:14:13 +01:00
David Cournapeau
16023eef0b [MINOR] http: add pattern extraction method to stick on query string parameter
This is an updated version of my patch for url parameter extraction on
stick table. It adds "url_param(name)" as a possible stick method.
2011-01-03 13:26:02 +01:00
Kevinm
48936af9a2 [MINOR] log: ability to override the syslog tag
One of the requirements we have is to run multiple instances of haproxy on a
single host; this is so that we can split the responsibilities (and change
permissions) between product teams. An issue we ran up against is how we
would distinguish between the logs generated by each instance. The solution
we came up with (please let me know if there is a better way) is to override
the application tag written to syslog. We can then configure syslog to write
these to different files.

I have attached a patch adding a global option 'log-tag' to override the
default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-30 11:43:36 +01:00
Willy Tarreau
48a7e72c5d [MINOR] tcp: add support for dynamic MSS setting
By passing a negative value to the "mss" argument of "bind" lines, it
becomes possible to subtract this value to the MSS advertised by the
client, which results in segments smaller than advertised. The effect
is useful with some TCP stacks which ACK less often when segments are
not full, because they only ACK every other full segment as suggested
by RFC1122.

NOTE: currently this has no effect on Linux kernel 2.6, a kernel patch
is still required to change the MSS of established connections.
2010-12-30 09:50:23 +01:00
Joe Williams
df5b38fac1 [MINOR] log: add support for passing the forwarded hostname
Haproxy does not include the hostname rather the IP of the machine in
the syslog headers it sends. Unfortunately this means that for each log
line rsyslog does a reverse dns on the client IP and in the case of
non-routable IPs one gets the public hostname not the internal one.

While this is valid according to RFC3164 as one might imagine this is
troublsome if you have some machines with public IPs, internal IPs, no
reverse DNS entries, etc and you want a standardized hostname based log
directory structure. The rfc says the preferred value is the hostname.

This patch adds a global "log-send-hostname" statement which accepts an
optional string to force the host name. If unset, the local host name
is used.
2010-12-29 17:05:48 +01:00
Willy Tarreau
ed2fd2daea [BUG] http: fix incorrect error reporting during data transfers
We've had several issues related to data transfers. First, if a
client aborted an upload before the server started to respond, it
would get a 502 followed by a 400. The same was true (in the other
way around) if the server suddenly aborted while the client was
uploading the data.

The flags reported in the logs were misleading. Request errors could
be reported while the transfer was stopped during the data phase. The
status codes could also be overwritten by a 400 eventhough the start
of the response was transferred to the client.

The stats were also wrong in case of data aborts. The server or the
client could sometimes be miscredited for being the author of the
abort depending on where the abort was detected. Some client aborts
could also be accounted as request errors and some server aborts as
response errors.

Now it seems like all such issues are fixed. Since we don't have a
specific state for data flowing from the client to the server
before the server responds, we're still counting the client aborted
transfers as "CH", and they become "CD" when the server starts to
respond. Ideally a "P" state would be desired.

This patch should be backported to 1.4.
2010-12-29 13:55:32 +01:00
Hervé COMMOWICK
35ed8019e3 [MINOR] acl: add be_id/srv_id to match backend's and server's id
These ones can be useful in responses.
2010-12-15 23:36:59 +01:00
Cyril Bonté
02ff8ef677 [MINOR] add warnings on features not compatible with multi-process mode
Using haproxy in multi-process mode (nbproc > 1), some features can be
not fully compatible or not work at all. haproxy will now display a warning on
startup for :
- appsession
- sticking rules
- stats / stats admin
- stats socket
- peers (fatal error in that case)
2010-12-15 07:28:11 +01:00
Cyril Bonté
535aae4817 [DOC] fix ignore-persist documentation
During the documentation of the "ignore-persist" keyword, I documented an
invalid "option ignore-persist" and forgot to remove it. It's time to fix it.
2010-12-15 07:28:11 +01:00
Cyril Bonté
2409e68245 [DOC] fix a minor typo
should be httpclose instead of http_close
2010-12-15 07:28:11 +01:00
Willy Tarreau
ccb289d9b0 [DOC] fix another typo in the doc
Config check is -c, not -d. Reported by David Dunaway.
2010-12-11 20:19:38 +01:00
Willy Tarreau
f7b30a9e7a [DOC] fix minor typos reported recently in the peers section 2010-12-06 22:59:17 +01:00