echo " -S, --master-socket <path> Use the master socket at <path> (default: ${MASTER_SOCKET})"
echo " -d, --debug Debug mode, set -x"
echo " -t, --timeout Timeout (socat -t) (default: ${TIMEOUT})"
- echo " -s, --silent Slient mode (no output)"
+ echo " -s, --silent Silent mode (no output)"
echo " -v, --verbose Verbose output (output from haproxy on failure)"
echo " -vv Even more verbose output (output from haproxy on success and failure)"
echo " -h, --help This help"
layer supports most of the necessary TLS operations, albeit without QUIC
0-RTT capability.
- This feature is primarily targetted for OpenSSL prior to version 3.5.2, where
+ This feature is primarily targeted for OpenSSL prior to version 3.5.2, where
QUIC API was not implemented or only partially. The compatibility layer can
still be activated for version 3.5.2 and above, but this is probably
unnecessary.
Set a persistent ID for the proxy. This ID must be unique and positive. An
unused ID will automatically be assigned if unset. Due to an historical
- behavior, value 1 is not used unless explicitely set. Thus, the lowest value
+ behavior, value 1 is not used unless explicitly set. Thus, the lowest value
automatically assigned will be 2. This ID is currently only returned in
statistics.
quic-cc-algo { cubic | newreno | bbr | nocc }[(<args,...>)]
This is a QUIC specific setting to select the congestion control algorithm
- for any connection targetting this server. They are similar to those used by
+ for any connection targeting this server. They are similar to those used by
TCP. See the bind option with a similar name for a complete description of
all customization options.
* This is useful when data have been read directly from the buffer. It is
* illegal to call this function with <len> causing a wrapping at the end of the
* buffer. It's the caller's responsibility to ensure that <len> is never larger
- * than available ouput data.
+ * than available output data.
*
* This function is not HTX aware.
*/
co_skip(sc_oc(appctx_sc(appctx)), co_data(sc_oc(appctx_sc(appctx))));
}
-/* Returns the amout of space available at the HTX output buffer (see applet_get_outbuf).
+/* Returns the amount of space available at the HTX output buffer (see applet_get_outbuf).
*/
static inline size_t applet_htx_output_room(const struct appctx *appctx)
{
return channel_recv_max(sc_ic(appctx_sc(appctx)));
}
-/* Returns the amout of space available at the output buffer (see applet_get_outbuf).
+/* Returns the amount of space available at the output buffer (see applet_get_outbuf).
*/
static inline size_t applet_output_room(const struct appctx *appctx)
{
/* add mandatory padding of the specified size between fields in a structure,
* This is used to avoid false sharing of cache lines for dynamically allocated
* structures which cannot guarantee alignment, or to ensure that the size of
- * the struct remains consistent on architectures with different aligment
+ * the struct remains consistent on architectures with different alignment
* constraints
*/
#ifndef ALWAYS_PAD
void (*dump_info)(struct buffer *, const struct connection *);
/*
* Returns the value for various capabilities.
- * Returns 0 if the capability is known, iwth the actual value in arg,
+ * Returns 0 if the capability is known, with the actual value in arg,
* or -1 otherwise
*/
int (*get_capability)(struct connection *connection, void *xprt_ctx, enum xprt_capabilities, void *arg);
#define QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS (1U << 2) /* HANDSHAKE_DONE must be sent */
#define QUIC_FL_CONN_IS_BACK (1U << 3) /* conn used on backend side */
#define QUIC_FL_CONN_ACCEPT_REGISTERED (1U << 4)
-#define QUIC_FL_CONN_UDP_GSO_EIO (1U << 5) /* GSO disabled due to a EIO occured on same listener */
+#define QUIC_FL_CONN_UDP_GSO_EIO (1U << 5) /* GSO disabled due to a EIO occurred on same listener */
#define QUIC_FL_CONN_IDLE_TIMER_RESTARTED_AFTER_READ (1U << 6)
#define QUIC_FL_CONN_RETRANS_NEEDED (1U << 7)
#define QUIC_FL_CONN_RETRANS_OLD_DATA (1U << 8) /* retransmission in progress for probing with already sent data */
#include <haproxy/api-t.h>
-/* Counter which can be used to measure data amount accross several buffers. */
+/* Counter which can be used to measure data amount across several buffers. */
struct bdata_ctr {
uint64_t tot; /* sum of data present in all underlying buffers */
uint8_t bcnt; /* current number of allocated underlying buffers */
#define SSL_SOCK_F_KTLS_SEND (1 << 2) /* kTLS send is configured on that socket */
#define SSL_SOCK_F_KTLS_RECV (1 << 3) /* kTLS receive is configure on that socket */
#define SSL_SOCK_F_CTRL_SEND (1 << 4) /* We want to send a kTLS control message for that socket */
-#define SSL_SOCK_F_HAS_ALPN (1 << 5) /* An ALPN has been negociated */
+#define SSL_SOCK_F_HAS_ALPN (1 << 5) /* An ALPN has been negotiated */
struct ssl_sock_ctx {
struct connection *conn;
*
* <kip> is the known input payload length. It is set by the stream endpoint
* that produce data and decremented once consumed by the app
- * loyer. Depending on the enpoint, this value may be unset. It may be set
- * only once if the payload lenght is fully known from the begining (a
+ * layer. Depending on the endpoint, this value may be unset. It may be set
+ * only once if the payload length is fully known from the beginning (a
* HTTP message with a content-length for instance), or incremented
* periodically when more data are expected (a chunk-encoded HTTP message
* for instance). On the app side, this value is decremented when data are
* the same split bit as its parent node, it is necessary its associated leaf
*
* When descending along the tree, it is possible to know that a search key is
- * not present, because its XOR with both of the branches is stricly higher
+ * not present, because its XOR with both of the branches is strictly higher
* than the inter-branch XOR. The reason is simple : the inter-branch XOR will
* have its highest bit set indicating the split bit. Since it's the bit that
* differs between the two branches, the key cannot have it both set and
feature ignore_unknown_macro
-# No ID explicitely set. First automatically assigned value must be set to '2'.
+# No ID explicitly set. First automatically assigned value must be set to '2'.
# Value '1' is skipped due to an historical bug.
haproxy h1 -conf {
defaults
expect ~ "fe2,"
}
-# Explicitely uses ID 1 and 2. First automatically assigned value must be
+# Explicitly uses ID 1 and 2. First automatically assigned value must be
# set to '3'.
haproxy h2 -conf {
defaults
expect resp.status == 503
} -run
-# successul connection to wrong-be1/s3
+# successful connection to wrong-be1/s3
client c3 -connect ${h1_clearlst_sock} {
txreq -url "/wrong-be1"
rxresp
expect resp.status == 503
} -run
-# successul connection to wrong-be1/s6
+# successful connection to wrong-be1/s6
client c3 -connect ${h1_clearlst_sock} {
txreq -url "/wrong-be1"
rxresp
expect resp.status == 503
} -run
-# successul connection to wrong-be1/s3
+# successful connection to wrong-be1/s3
client c3 -connect ${h1_clearlst_sock} {
txreq -url "/wrong-be1"
rxresp
expect resp.status == 503
} -run
-# successul connection to wrong-be1/s6
+# successful connection to wrong-be1/s6
client c3 -connect ${h1_clearlst_sock} {
txreq -url "/wrong-be1"
rxresp
/* Assign automatic UUID if unset except for internal proxies.
*
* WARNING proxy UUID initialization is buggy as value '1' is
- * skipped if not explicitely used. This is an historical bug
+ * skipped if not explicitly used. This is an historical bug
* and should not be corrected to prevent breakage on future
* versions.
*/
static struct cli_kw_list cli_kws = {{ },{
- { { "show", "ssl", "ech", NULL}, "show ssl ech [<name>] : display a named ECH configuation or all", cli_parse_show_ech, cli_io_handler_ech_details, cli_release_ech, NULL, ACCESS_EXPERIMENTAL },
+ { { "show", "ssl", "ech", NULL}, "show ssl ech [<name>] : display a named ECH configuration or all", cli_parse_show_ech, cli_io_handler_ech_details, cli_release_ech, NULL, ACCESS_EXPERIMENTAL },
{ { "add", "ssl", "ech", NULL }, "add ssl ech <name> <payload> : add a new PEM-formatted ECH config and key ", cli_parse_add_ech, NULL, NULL, NULL, ACCESS_EXPERIMENTAL },
{ { "set", "ssl", "ech", NULL }, "set ssl ech <name> <payload> : replace all ECH configs with that provided", cli_parse_set_ech, NULL, NULL, NULL, ACCESS_EXPERIMENTAL },
{ { "del", "ssl", "ech", NULL }, "del ssl ech <name> [<age-in-secs>] : delete ECH configs", cli_parse_del_ech, NULL, NULL, NULL, ACCESS_EXPERIMENTAL },
}
/* Format the htx message into its H1 representation. It returns 1 on success or
- * 0 if <outbuf> is full or not emtpy. No check are preformed on the message, it must be
+ * 0 if <outbuf> is full or not empty. No check is performed on the message, it must be
* valid. Trailers are silently ignored if the message is not chunked.
*/
int h1_format_htx_msg(const struct htx *htx, struct buffer *outbuf)
blk = DISGUISE(htx_get_head_blk(htx));
sl = htx_get_blk_ptr(htx, blk);
- /* Skipp any 1XX interim responses */
+ /* Skip any 1XX interim responses */
if (sl->info.res.status < 200) {
/* Upgrade are not supported. Report an error */
if (sl->info.res.status == 101)
ret -= h2s_htx->data;
end:
- /* If ther is no content-length, take care to update <kip> field */
+ /* If there is no content-length, take care to update <kip> field */
if (!(h2s->flags & H2_SF_DATA_CLEN))
h2s->sd->kip += prev_body_len - h2s->body_len;
*/
BUG_ON(!qcc_fctl_avail_streams(qcc, 1));
- /* Connnection should not be reused if already on error/closed. */
+ /* Connection should not be reused if already on error/closed. */
BUG_ON(qcc->flags & QC_CF_ERRL || qcc->app_st >= QCC_APP_ST_SHUT);
qcs = qcc_init_stream_local(qcc, 1);
#define PEERS_EV_PROTO_ERR (1ULL << 13)
{ .mask = PEERS_EV_PROTO_ERR, .name = "proto_error", .desc = "protocol error" },
#define PEERS_EV_PROTO_HELLO (1ULL << 14)
- { .mask = PEERS_EV_PROTO_HELLO, .name = "proto_hello", .desc = "protocol hello mesage" },
+ { .mask = PEERS_EV_PROTO_HELLO, .name = "proto_hello", .desc = "protocol hello message" },
#define PEERS_EV_PROTO_SUCCESS (1ULL << 15)
{ .mask = PEERS_EV_PROTO_SUCCESS, .name = "proto_success", .desc = "protocol success message" },
#define PEERS_EV_PROTO_UPDATE (1ULL << 16)
*/
static inline int peer_send_status_successmsg(struct appctx *appctx)
{
- TRACE_PROTO("send status sucess message", PEERS_EV_SESS_IO|PEERS_EV_TX_MSG|PEERS_EV_PROTO_SUCCESS, appctx);
+ TRACE_PROTO("send status success message", PEERS_EV_SESS_IO|PEERS_EV_TX_MSG|PEERS_EV_PROTO_SUCCESS, appctx);
return peer_send_msg(appctx, peer_prepare_status_successmsg, NULL);
}
* trees are used on frontend and backend sides.
*
* . CID global tree splitting
- * To reduce the thread contention, a global CID tree is in reality splitted
+ * To reduce the thread contention, a global CID tree is in reality split
* into 256 distinct instances. Each CID is assigned to a single tree instance
* based on its content. Use quic_cid_tree_idx() to retrieve the expected tree
* location for a CID.
if (!quic_tls_generate_retry_integrity_tag(qc->odcid.data, qc->odcid.len,
beg, end - beg - QUIC_TLS_TAG_LEN,
tag, pkt->version)) {
- TRACE_PROTO("retry integrity tag faild", QUIC_EV_CONN_SPKT, qc);
+ TRACE_PROTO("retry integrity tag failed", QUIC_EV_CONN_SPKT, qc);
goto err;
}
qc->conn->mux->wake(qc->conn);
}
else {
- /* Wake up upper layer if the MUX is alreay initialized.
+ /* Wake up upper layer if the MUX is already initialized.
* This is the case when the MUX was started for a 0-RTT session
* but without early-data secrets to send them (when the server
* does not support 0-RTT).
/* TODO currently it's not possible to emit an ACK and probing data simultaneously (see qc_do_build_pkt()).
* As a side-effect, this could cause coalescing of two packets of the same type which should be avoided.
- * To implement this, a new datagram is forced by invokation of qc_txb_store(). This must then be checked
+ * To implement this, a new datagram is forced by invocation of qc_txb_store(). This must then be checked
* if padding is required as in this case this will be the last packet of the current datagram.
*/
if (probe && (must_ack || (qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED)))
* must be at least QUIC_PACKET_PN_MAXLEN(4) bytes long, so that the sample
* will be extracted as the AEAD tag.
*
- * Note that from here, <len> includes <*pn_len>, the total frame lenghts,
+ * Note that from here, <len> includes <*pn_len>, the total frame lengths,
* and QUIC_TLS_TAG_LEN(16).
*/
if (len < QUIC_PACKET_PN_MAXLEN + QUIC_HP_SAMPLE_LEN) {
* target server will be incremented.
*
* Returns 0 if the connection is kept, else non-zero if the connection was
- * explicitely removed from session.
+ * explicitly removed from session.
*/
int session_check_idle_conn(struct session *sess, struct connection *conn)
{
* session_unown_conn(), this function is not protected by a lock, so the
* caller is responsible to properly use idle_conns_lock prior to calling it.
*
- * Another notable difference is that <owner> member of <conn> is not resetted.
+ * Another notable difference is that <owner> member of <conn> is not reset.
* This is a convenience as this function usage is generally coupled with a
* following session_reinsert_idle_conn().
*
objects = HA_ATOMIC_LOAD(&shm_stats_file_hdr->objects);
if (objects >= shm_stats_file_max_objects) {
- memprintf(errmsg, "Cannot add additionnal object to '%s' file, maximum number already reached (%d). "
+ memprintf(errmsg, "Cannot add additional object to '%s' file, maximum number already reached (%d). "
"Adjust \"shm-stats-file-max-objects\" directive if needed.",
global.shm_stats_file, shm_stats_file_max_objects / global.nbtgroups);
return NULL;
static inline int tcpcheck_use_nondefault_connect(const struct check *check,
const struct tcpcheck_connect *connect)
{
- /* special rule for check-proto: if explicitely set but identical to
+ /* special rule for check-proto: if explicitly set but identical to
* the server configuration, consider that the check does not relies on
* a specific option. This is necessary as check <mux_proto> may be
* automatically set via init_srv_check() despite no explicit user
* - if we're isolated or in a panic, we're safe and don't need to
* lock so we don't wait.
* - otherwise we use a trylock and we fail on conflict so that
- * noone waits when there is contention.
+ * no one waits when there is contention.
*/
isolated = thread_isolated() || (get_tainted() & TAINTED_PANIC);
projects / thirdparty / haproxy.git / commitdiff
